[00:00:37] <RedShift> *yawn*
[00:00:38] <tuxcrafter> May 27 23:57:57 ashley amavis[18063]: ANTI-VIRUS code      loaded
[00:00:39] <tuxcrafter> May 27 23:57:57 ashley amavis[18063]: ANTI-SPAM code       loaded
[00:00:39] <tuxcrafter> May 27 23:57:57 ashley amavis[18063]: ANTI-SPAM-SA code    loaded
[00:00:58] <tuxcrafter> jawol
[00:02:02] <RedShift> amavis
[00:02:03] <RedShift> blah
[00:02:05] <tuxcrafter> May 28 00:00:10 ashley amavis[18065]: (18065-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070528T000009-18065/parts: lstat() failed. ERROR\n
[00:02:05] <tuxcrafter> May 28 00:00:10 ashley amavis[18065]: (18065-01) (!!) WARN: all primary virus scanners failed, considering backups
[00:02:12] <RedShift> I wrote the same thing in 100 lines...
[00:02:21] <Signum> RedShift: hopefully not in Perl :)
[00:02:28] <RedShift> Signum: nope! php 8-)
[00:02:52] <Signum> RedShift: a mail filter in PHP? what's next? an operating system written in Java?
[00:02:55] * Signum is scared
[00:03:02] <RedShift> Signum: what's wrong with php?
[00:03:32] <Signum> RedShift: It's a cheap confusing quick-and-dirty web language for the less fortunate. :)
[00:03:46] <RedShift> Signum: oh really? Have you actually written php code?
[00:04:01] <Signum> RedShift: Yep. No large projects though.
[00:04:12] <RedShift> then you should know better
[00:04:53] <RedShift> (no offence though)
[00:05:00] <Signum> RedShift: Personal preference. I just wonder how an embedded language for hypertext is suited for writing a mail daemon.
[00:05:23] <RedShift> aha! did you know you can even write GTK applications with php? :-)
[00:05:30] <Signum> RedShift: I was a Perl evangelist for 10 years until I finally had to admit that it just stinks for more than trivial tasks. I'm willing to learn. PHP never felt right to me though.
[00:05:34] <smesjz> tuxcrafter: dont you ever get tired of these problems?
[00:05:46] <eat_life> tuxcrafter: take a look at the workaround.org article for sarge
[00:06:01] <RedShift> php is alot more powerfull then you think. It is certainly as powerfull as perl
[00:06:04] <eat_life> you're running into the clamav / amavisd permissions problem
[00:06:05] <Signum> smesjz: tuxcrafter is a though masochist :)
[00:06:48] * Signum wonders if "adduser clamav amavis" is still needed on Etch
[00:07:01] <smesjz> RedShift: php is a mess, language wiss. It's still mixing parameters order like $needle & $haystack and function naming
[00:07:24] <RedShift> smesjz: that isn't true, but please, correct me
[00:07:40] <RedShift> the function naming could be better
[00:07:48] <RedShift> but it's not as bas as people say
[00:07:50] <Signum> Since I learned Python all other P-languages aren't interesting any more anyway. :)
[00:07:57] <smesjz> RedShift: sometimes a function expects 'needle,haystack' but some expect 'haystack,needle'
[00:08:16] <RedShift> but the one thing I really enjoy about php is the wonderfull documentation
[00:08:21] <Signum> One thing that can truly be said about PHP is that its documentation is good.
[00:08:21] <smesjz> Signum: i even managed to get Trac running here with Python2.5 on win32 ;)
[00:08:26] <RedShift> it has everything and is well structured
[00:08:36] <Signum> smesjz: you got me hooked until you mentioned win32 :)
[00:08:59] <smesjz> Signum: well, doing it on Linux is not much of a challenge ;)
[00:09:02] <RedShift> i can't find any similar documentations for say, C
[00:09:14] <smesjz> oh, ever used msdn?
[00:09:21] <smesjz> RedShift: 'man' will help ;)
[00:09:22] <Signum> smesjz: fortunately I still have some challenges left so I don't need to drop down to that level :)
[00:09:43] <RedShift> smesjz: yes I have, and it's quite extensive. But it still lacks coherency
[00:09:49] *** mh_le has left #postfix
[00:09:58] <RedShift> I have only used it for a short while though
[00:10:13] <Signum> Named keyword arguments, everything is an object, derived classes, polymorphism, generators... I fear I can never again live without it.
[00:10:14] <RedShift> for visual basic on .net (now that's a crappy language)
[00:10:25] <smesjz> yea, C# isnt so bad
[00:11:12] <RedShift> but still
[00:11:17] <RedShift> I use php wherever I can
[00:11:30] <RedShift> I still get amazed sometimes with the things I can do with it
[00:11:32] <Signum> Rats... http://www.webmail.us/testvirus has gone away. :(
[00:12:05] <smesjz> ah, but they're the guys who support Dovecot development..so i'd forgive them
[00:12:47] <RedShift> dovecot is one fine pop3/imap server
[00:13:03] <RedShift> compared to the mess they call "courier-imap"
[00:13:12] <RedShift> I once tried to install courier... it still gives me nightmares
[00:13:15] <RedShift> same with qmail
[00:13:21] <RedShift> what a bunch of cruft
[00:13:25] <Signum> testvirus.org is down, too
[00:13:27] <smesjz> well, i dont have any issues with Courier. It supports nice stuff like the ACLs and virtual mailboxes
[00:13:34] <smesjz> qmail stinks
[00:13:50] <RedShift> Signum: you can always try sending the eicar test virus?
[00:14:00] <tuxcrafter> Signum: did you change anything in this file /etc/amavis/conf.d/15-content_filter_mode
[00:14:07] <RedShift> qmail needs some weird stuff to have virtual domains/mailboxes
[00:14:10] <Signum> RedShift: I know. But I'm looking for a service that readers of the tutorial can use.
[00:14:15] <Signum> tuxcrafter: not yet
[00:14:23] <smesjz> g'nite all
[00:14:24] <RedShift> ah
[00:14:26] *** smesjz has quit IRC
[00:14:41] <tuxcrafter> Signum: so your amavis is not scannig yet
[00:15:41] <Signum> tuxcrafter: I need to document while I go. that's not as fast as you are :)
[00:16:10] *** quik_ has quit IRC
[00:16:24] <tuxcrafter> i am documenting to i will send it before i go to sleep
[00:16:54] <tuxcrafter> it is not in tutorial from written yet
[00:17:07] <tuxcrafter> but it has all the important info
[00:18:35] <Signum> amavis should be documented well enough now.
[00:20:59] <Signum> enough for today. see you on the other side
[00:21:05] *** rmayorga has quit IRC
[00:22:21] <tuxcrafter> Signum: amavis is not working though
[00:24:55] <tuxcrafter> remember to add the clamav user to the amavis group, and
[00:24:55] <tuxcrafter>  # to properly set clamd to init supplementary groups
[00:25:43] *** killown has joined #postfix
[00:25:59] *** ploploop is now known as brancaleone
[00:27:49] <tuxcrafter> adduser clamav amavis
[00:38:49] <tuxcrafter> amavisd-new is giving me the big vinger
[00:43:49] *** MrRagga has quit IRC
[00:48:57] *** frennkie has joined #postfix
[00:49:11] *** pirho has quit IRC
[00:49:31] *** frennkie has quit IRC
[00:50:34] *** majikman-home has joined #postfix
[00:53:15] <majikman-home> isn't postfix supposed to be able to read files marked 600 for root in /etc/postfix? its giving me a permission denied error for my /etc/postfix/mysql_*.cnf files
[01:07:41] <tuxcrafter> bye guys see you over 8 hours
[01:08:53] *** tuxcrafter has left #postfix
[01:10:54] *** Jax has joined #postfix
[01:12:49] *** RedShift has quit IRC
[01:15:47] *** brancaleone has quit IRC
[01:35:29] *** caravena has quit IRC
[01:36:05] *** raqamy has joined #postfix
[01:36:52] *** caravena has joined #postfix
[01:58:22] *** Mazon is now known as mazon
[01:59:37] *** GMFlash has quit IRC
[01:59:44] *** GMFlash has joined #postfix
[02:03:18] *** ceL_ has quit IRC
[02:13:08] *** caravena has quit IRC
[02:14:39] *** caravena has joined #postfix
[02:25:12] *** Slyh has quit IRC
[02:27:47] *** Bronsky is now known as Bronsky_absent
[02:31:38] *** magyar has quit IRC
[02:33:09] *** xpoint has quit IRC
[02:36:49] *** fujin has joined #postfix
[03:04:35] *** ceL_ has joined #postfix
[03:31:26] *** rmayorga has joined #postfix
[03:35:14] *** Bronsky_absent has quit IRC
[03:38:51] *** eltech has quit IRC
[03:39:22] *** eltech has joined #postfix
[04:10:17] *** Adam_ has joined #postfix
[04:12:51] *** Adam_ has quit IRC
[04:23:13] *** doomas_ has joined #postfix
[04:25:45] *** killown_ has joined #postfix
[04:26:17] *** killown_ has quit IRC
[04:26:20] *** doomas has quit IRC
[04:27:27] *** killown has quit IRC
[04:29:22] *** majikman-home has quit IRC
[04:31:04] *** killown has joined #postfix
[04:35:53] *** killown has quit IRC
[04:51:17] *** ircminer03 has quit IRC
[05:01:13] *** Mavvie has quit IRC
[05:01:13] *** caravena_ has joined #postfix
[05:02:00] *** lkthomas has quit IRC
[05:11:50] *** caravena has quit IRC
[05:19:52] *** Mavvie has joined #postfix
[05:20:21] *** Mavvie has joined #postfix
[05:22:59] *** rmayorga has quit IRC
[05:23:35] <fujin> anyone have much experience with amavisd-new?
[05:23:46] <fujin> I'm trying to replace a legacy mail system with something that works a little better
[05:37:40] *** olinux has joined #postfix
[05:39:46] *** ircminer03 has joined #postfix
[05:40:40] *** eckhard has quit IRC
[05:49:36] *** ceL_ has quit IRC
[05:51:05] *** TheOutlander has quit IRC
[06:07:31] *** FlashNet3 has quit IRC
[06:10:46] *** cilly has quit IRC
[06:16:09] *** cilly has joined #postfix
[06:19:53] *** roe_ has joined #postfix
[06:39:56] *** Motoko-chan has joined #postfix
[06:43:08] *** Logikos has joined #postfix
[06:44:03] <Logikos> i configured postfix for smarthost ... but it didnt ask me for a username and password ... the smarthost i gave was my isp's smtp server, how do i have it use a username and password when sending mail to my isp's smtp server ?
[06:44:45] <f3ew> http://www.postix.org/SASL_README.html#client_sasl
[06:47:12] <Logikos> what is 'sasl' please ... i read a reference to that in ubuntu's docs .. but it didnt say what it was... just how to set it up
[06:47:38] <Motoko-chan> http://www.google.com/search?q=define%3ASASL
[06:48:27] <Logikos> hmm, thanks
[07:00:57] *** rmayorga has joined #postfix
[07:04:37] *** fujin has quit IRC
[07:27:21] *** TheOutlander has joined #postfix
[07:37:44] *** drraid has quit IRC
[07:43:08] *** Lap_64 has joined #postfix
[07:44:15] *** jjshoe has joined #postfix
[07:44:57] <jjshoe> I'm trying to send mail through my postfix server but I'm getting relay access denied. I have a dynamic ip address, what's the best way for me to setup postfix to allow me to send mail without issue?
[07:46:21] <f3ew> !sasl
[07:46:21] <knoba> f3ew: 'sasl' : short for "Simple Authentication and Security Layer". It is provided by the cyrus mail server to enable the "SMTP AUTH" feature. Learn more at: http://asg.web.cmu.edu/sasl/
[07:46:24] <f3ew> !auth
[07:46:24] <knoba> f3ew: Error: "auth" is not a valid command.
[07:46:29] <f3ew> !sasl_readme
[07:46:30] <knoba> f3ew: 'sasl_readme' : www.postfix.org/SASL_README.html
[07:46:35] <f3ew> See that link
[07:49:55] *** drraid has joined #postfix
[07:51:09] <jjshoe> thanks
[07:56:20] *** etaylor has quit IRC
[07:57:01] *** etaylor has joined #postfix
[07:59:55] *** roe_ has quit IRC
[08:12:43] *** Mavvie has quit IRC
[08:21:27] *** Mavvie has joined #postfix
[08:26:49] *** mazon is now known as Mazon
[08:33:07] *** rcsu has joined #postfix
[08:39:58] *** Tino is now known as Tinozaure
[09:03:53] *** Motoko-chan has quit IRC
[09:35:03] *** [miles] has joined #postfix
[10:00:14] *** rmayorga has quit IRC
[10:01:58] *** war has joined #postfix
[10:03:44] *** qiyong has joined #postfix
[10:14:15] *** quik_ has joined #postfix
[10:17:16] *** meandtheshell has quit IRC
[10:25:23] *** frennkie has joined #postfix
[10:25:27] <qiyong> is postfix-cdb interacts well with other web interface software as postfix-mysql?
[10:26:26] *** tuxcrafter has joined #postfix
[10:26:34] <tuxcrafter> morning
[10:30:43] *** sepski has joined #postfix
[10:35:20] *** JosefAssad has joined #postfix
[10:36:37] <tuxcrafter> sepski: morning
[10:37:18] <f3ew> qiyong, not really
[10:37:42] <JosefAssad> the debian link on this page is apparently b0rked: http://nixcartel.org/~devdas/postfix.html
[10:37:59] <JosefAssad> ah, yes; it links to workaround.org...
[10:39:15] <sepski> morning
[10:39:16] <f3ew> works for me (tm)
[10:39:23] <qiyong> f3ew, i want secure connection, imap, virtual user, which one suits me?
[10:39:46] <JosefAssad> f3ew: sorry, I should have said the third link down, not the first one
[10:40:27] <f3ew> qiyong I suggest Postfix + PgSQL|MySQL|LDAP + Courier/Dovecot
[10:40:38] <f3ew> JosefAssad the same one
[10:40:55] <JosefAssad> f3ew: could be on my end, I suppose
[10:41:00] <JosefAssad> anywho
[10:41:25] *** dsdg has joined #postfix
[10:41:59] <dsdg> good morning everyone, i have a question about sasl and an error that it cannot connect to authdaemond, can i ask that question here?
[10:42:23] <qiyong> f3ew, are you in debian ?
[10:42:38] <qiyong> f3ew, what debian pkg to choose
[10:45:12] *** drraid has quit IRC
[10:45:52] *** lost_and_unfound has joined #postfix
[10:47:24] <dsdg> lost_and_unfound, you listen to psytrance dont you?
[10:48:06] <lost_and_unfound> huh ?
[10:48:45] <lost_and_unfound> psytrance = music i take it...
[10:53:15] <f3ew> qiyong see http://workaround.org/
[10:53:29] <f3ew> dsdg turn off the chroot
[10:53:35] <f3ew> lost_and_unfound yes
[10:54:36] *** drraid has joined #postfix
[10:55:20] *** Jax has joined #postfix
[10:56:08] *** [dmp] has joined #postfix
[10:58:38] <qiyong> seems courier-mta is less successful than courier-imap
[11:01:01] *** quik_ has quit IRC
[11:08:31] *** Andy80 has joined #postfix
[11:08:38] <Andy80> hi
[11:10:50] <Andy80> I'm configuring a server with postfix, I finished configuring and I'm trying to test it. I've updated the MX record on the provider that host our DNS and now it points to ourdomain.com I'm trying to send a mail to andy80 at mydomain dot com I don't get any reply, any errors ecc... and looking in the /var/log/mail nothing is written. How can I check why it doesn't work?
[11:13:14] <f3ew> telnet to port 25 of the host
[11:13:47] <dsdg> f3ew, chroot is off,
[11:14:17] *** caravena_ has quit IRC
[11:16:06] <Andy80> f3ew: telnet: Unable to connect to remote host: Connection refused
[11:16:09] <Andy80> it's strange...
[11:16:46] <Andy80> postfix is running... and iptables -L shows nothing...
[11:19:27] *** f3ew has quit IRC
[11:19:50] *** f3ew has joined #postfix
[11:21:57] <eat_life> remote host...
[11:22:02] <eat_life> telnet localhost 25
[11:22:39] <eat_life> if that works, port 25 is inaccessible from the outside
[11:22:59] <eat_life> either by firewall or some ISP's will block that if you are a residential user
[11:28:21] *** Tinozaure is now known as Tino
[11:30:03] <JosefAssad> alright, that was pretty straightforward... authenticating to a smarthost
[11:31:03] *** baggito has joined #postfix
[11:32:20] <Andy80> eat_life: thanks :) I'm checking configuration... from localhost it replyes now: 220 acasa.toscana.it ESMPT Postfix, from local network it doesn't... it's like it doesn't listen on the correct interface....
[11:32:36] <JosefAssad> now I just have to figure out how to get postfix to save sent email in my Maildir (yes yes, I know I'm probably doing something very bad)
[11:34:51] <baggito> hi. i'm trying to get postfix-pgsql working, i am getting. Recipient address rejected: User unknown in local recipient table, when i'm pretty sure it's there. this is my main.cf, is there anything obviously wrong with this? http://rafb.net/p/57JBlO14.html
[11:36:19] <f3ew> Andy80 inet_interfaces
[11:36:37] <f3ew> baggito postmap -q says what?
[11:36:53] *** quik_ has joined #postfix
[11:37:36] <baggito> what's the key for -q?
[11:37:54] <f3ew> the local part of the email address
[11:38:01] <Andy80> f3ew: it's set to "all"
[11:38:19] <baggito> hrm. i tried it with the full email, just domain and just user-part
[11:38:26] <baggito> no output, but a usage message
[11:38:40] <baggito> tadas@tadas-desktop:~ > postmap -q info
[11:38:41] <baggito> postmap: fatal: usage: postmap [-Nfinoprsvw] [-c config_dir] [-d key] [-q key] [map_type:]file...
[11:38:53] <baggito> oh sorry
[11:39:02] * baggito rtfm
[11:39:04] <Andy80> f3ew: the firewall on that machine is down..... my working machine is 10.63.11.100 and I cannot connect to 10.63.11.1:25 ....
[11:39:15] <f3ew> master.cf?
[11:41:03] <baggito> hrm. i tried it with all: postmap -q info pgsql:/etc/postfix/pgsql_virt.cf pgsql:/etc/postfix/pgsql_virt.cf pgsql:/etc/postfix/uids.cf pgsql:/etc/postfix/gids.cf pgsql:/etc/postfix/virtual.cf
[11:41:07] <baggito> but no output
[11:41:11] *** quik_ has quit IRC
[11:42:07] <baggito> there doesn't seem to be any link between aliases and the transport things.
[11:43:20] *** [dmp] has quit IRC
[11:43:33] <Andy80> f3ew: which parameter do I have to check in master.cf?
[11:43:47] <baggito> ok thanks f3ew i think i'm a little closer to tracking the problem now :)
[11:43:50] <f3ew> the first column for smtpd
[11:45:04] <Andy80> f3ew: smtp      inet  n       -       n       -       -       smtpd
[11:45:52] <f3ew> Andy80 inet_interfaces <== did you check using postconf
[11:46:04] *** qiyong has quit IRC
[11:47:15] *** TTIelu has joined #postfix
[11:48:14] <baggito>  NOQUEUE: reject: RCPT from nz-out-0506.google.com[64.233.162.227]: 550 5.1.1 <info at granitequote dot eu>: Recipient address rejected: User unknown in local recipient table; from=<airbaggins at gmail dot com> to=<info at granitequote dot eu> proto=ESMTP helo=<nz-out-0506.google.com>
[11:48:25] <baggito> could this happen if there's no maildir where there should be?
[11:48:30] <f3ew> no
[11:48:42] <TTIelu> hello, due to a mistake in my virtual user table (a user was missing which he kept trying to mail over and over again), my /var/log/mail (and older backups) gotten really big. so i deleted em after solving my problem. however, since he hasnt made a new /var/log/mail file and i dont really want my mailserver to run without logging
[11:48:56] <baggito> ok. when i do  postmap -q info at granitequote dot eu pgsql:/etc/postfix/pgsql_virt.cf
[11:48:57] <Andy80> f3ew: at the end of main.cf it seems that "someone" (I know who) set AGAIN inet_interfaces, to "127.0.0.1".. I commented it and now it seems to work (at least from the local lan... now I try from outside)
[11:48:58] <f3ew> restart syslogd
[11:48:59] <baggito> /granitequote.eu/info at granitequote dot eu
[11:49:01] <baggito> that's what it gives me
[11:49:28] <f3ew> baggito are you looking for virtual users?
[11:49:42] <TTIelu> f3ew, was that for me?
[11:50:19] <baggito> i think so. i was following this guide. http://wiki.arslinux.com/Mail_Server:Postgres_Authentication#Create_Domains_to_Receive_Mail_From
[11:50:31] <baggito> and this is my main.cf http://rafb.net/p/57JBlO14.html
[11:50:39] <f3ew> restart syslogd @ TTIelu
[11:50:50] <TTIelu> thanks, that worked
[11:50:56] <baggito> i'm pretty sure all the tables are set up correctly
[11:50:59] <f3ew> baggito then you need to remove that domain from mydestination
[11:51:15] <baggito> ok.
[11:51:31] <baggito> so remove $transport_maps from it?!
[11:51:48] <f3ew> yes
[11:51:50] <baggito> ok
[11:52:46] <Andy80> f3ew: perfect :) I got my mails sent from my google account ;)
[11:54:44] *** Jax has quit IRC
[11:55:10] *** dsdg has quit IRC
[11:59:28] <Andy80> f3ew: enabling amavis-new I got this: connect to transport smtp-amavis: Operation not permitted, is this the right place to ask or do I have to ask on another irc-channel?
[12:00:15] <f3ew> operation not permitted?
[12:00:19] <f3ew> SE Linux?
[12:00:22] <f3ew> Apparmor?
[12:01:52] *** ratschnowski has joined #postfix
[12:02:06] <baggito> ok. new error! Relay access denied;
[12:02:40] <ratschnowski> hello, got some problems with postfix, smtp, sasl
[12:02:46] *** JosefAssad has quit IRC
[12:02:56] <ratschnowski> got postfix,cyrus imap running under debian edge
[12:03:13] <ratschnowski> mail is received and delivered to users mailboxes, can also see them using a mailer
[12:03:25] <Andy80> f3ew: yes I'm using Suse 10.1... anyway I didn't enabled those services... how can I check if they're enabled?
[12:03:53] *** Gringo_ has joined #postfix
[12:04:18] <ratschnowski> when trying to send a mail, i got the error: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
[12:04:20] <Andy80> f3ew: the error message comes from postfix queue manager: postfix/qmgr[4394]: warning: connect to transport smtp-amavis: Operation not permitted
[12:05:36] <ratschnowski> using testsaslauthd -s smtp  -u user -p pw -f /var/spool/postfix/var/run/saslauthd/mux makes no problems
[12:05:47] <ratschnowski> i get an Success messages, so i wonder what is wrong
[12:05:55] <ratschnowski> any ideas?
[12:06:03] <Gringo_> when using virtual mailboxes (MySQL), is there any way to dump all messages marked as SPAM by spamassassin directly into the maildir subdir 'spam'?
[12:06:16] <Gringo_> for every virtual mailbox?
[12:06:31] <lennard> I do that with maildrop
[12:06:48] <Gringo_> lennard: with virtual mailboxes defined in MySQL??
[12:06:53] <lennard> yes
[12:07:01] <Gringo_> nice :) how ? :)?
[12:07:07] <lennard> although my maildrop talks to authlib, which in turn talks to mysql
[12:07:15] <lennard> but I think maildrop can do the mysql itself too
[12:07:56] <baggito> f3ew: i had to move the transport_maps from mydestination to relayhosts ... now one step closer
[12:08:17] <baggito> the virtual users uids should not collide with system ids?
[12:08:28] <f3ew> doesn't matter
[12:08:45] <f3ew> as long as they are > the minimum uid
[12:08:49] <baggito> well i am getting this
[12:08:54] <baggito>  warning: recipient info at granitequote dot eu: bad uid 1 in virtual_uid_maps
[12:10:52] <baggito> ok. 1001 is better than 1
[12:12:25] *** ratschnowski has left #postfix
[12:12:44] <baggito> (delivery failed to mailbox /var/spool/postfix/virtual///granitequote.eu/info at granitequote dot eu: cannot create file exclusively: Permission denied)
[12:12:55] *** Gringo_ has quit IRC
[12:12:55] <baggito> however, sudo -u postfix touch /var/spool/postfix/virtual///granitequote.eu/info at granitequote dot eu does work
[12:13:15] <baggito> should i explicitely create the mailbox? the guide doesn't mention this.
[12:17:11] *** meandtheshell has joined #postfix
[12:19:33] <Andy80> f3ew: you were right. the "killer" was apparmor ;) now I get this error: postfix/smtp[5003]: fatal: parameter smtp_data_done_timeout: bad time unit.     Postconf says that: smtp_data_done_timeout = 600s, but this value is not set in main.cf.... is it a default value?
[12:20:23] *** pirho has joined #postfix
[12:21:38] *** pirho has quit IRC
[12:22:05] *** pirho_ has joined #postfix
[12:22:06] *** pirho has joined #postfix
[12:25:26] *** [miles] has quit IRC
[12:26:46] *** pirho_ has quit IRC
[12:26:46] *** pirho has quit IRC
[12:28:37] <Andy80> I've set the paramater in main.cf but I still get the error: postfix/smtp[5047]: fatal: parameter smtp_data_done_timeout: bad time unit:
[12:28:50] <Andy80> the parameter I set is: smtp_data_done_timeout = 600
[12:28:57] <Andy80> is it a wrong syntax?
[12:29:48] *** [miles] has joined #postfix
[12:30:14] <f3ew> See master.cf
[12:30:33] <Andy80> this is what I see in the log files: http://pastebin.ca/515706
[12:31:09] <baggito> ok i fixed it all basically! but it's using mbox instead of maildir as i might have liked. is this possible for virtual domains?
[12:32:51] *** pirho has joined #postfix
[12:36:57] <Andy80> f3ew: master.cf is configured to use amavis/spamassasin ecc... I've taken all the parameters from an howto... something could be wrong.... is it ok if I paste the master.cf to pastebin.ca so you can give it a look?
[12:38:04] <Andy80> f3ew: this is the master.cf: http://pastebin.ca/515733
[12:39:33] *** JosefAssad has joined #postfix
[12:40:37] <lost_and_unfound> any good book to sugest for postfix ?
[12:42:17] <Lap_64> book of postfix
[12:51:57] *** the_sniff has joined #postfix
[12:52:06] <the_sniff> how can i define default headers for postfix?
[12:53:47] <the_sniff> HELP "~:
[12:53:50] *** JensB has joined #postfix
[12:53:57] <f3ew> the_sniff, uh?
[12:54:00] <JensB> Hi everybody
[12:54:18] <the_sniff> f3ew: how can i set a default header for emails?
[12:54:51] *** Mavvie has quit IRC
[12:57:15] *** Andy80 is now known as Andy80^away
[12:57:18] <JensB> I am running postfix 2.1 on a frontend mail server that accepts mail for a certain domain (reptilienserver.de) which then is being forwarded internally to a different server running a legacy qmail setup. Since this domain gets a huge amount of backscatter spam, I would like to reject unknown recipients first-hand (ie. by Postfix). What would be the best way of letting Postfix know what recipients the backend QMail server accepts? I can think of
[12:57:18] <JensB>  somehow using VRFY, or a script which generates a list of valid users read by check_recipients_access in Postfix's main.cf. Any other ideas?
[12:58:11] <JensB> the_sniff, man 5 access, see PREPEND
[13:05:36] *** Mavvie has joined #postfix
[13:06:05] <the_sniff> thanks
[13:10:43] <the_sniff> JensB is it access or checks?
[13:11:13] <JensB> for my problem or yours?
[13:11:30] <the_sniff> mine :p
[13:13:01] <baggito> how can i make virtual accounts on postfix store mail as a maildir formatted directory instead of mbox. as an absolute maildir.
[13:16:35] <JensB> the_sniff, dunno, just look
[13:16:51] <the_sniff> i can't find an example to test with lol
[13:22:20] <baggito> nrr. unknown mail transport error
[13:28:29] <baggito> (delivery failed to mailbox /var/spool/postfix/virtual///granitequote.eu/info at granitequote dot eu: cannot create file exclusively: Permission denied)
[13:28:53] <baggito> what is the effective uid/gid when creating mailbox/dirs for virtual accounts?
[13:43:09] *** birmaan has joined #postfix
[13:45:25] *** skar has joined #postfix
[13:45:44] <skar> hi, how do i make 1 postfix smtp-auth to another postfix using a certificate?
[13:46:13] *** xpoint has joined #postfix
[13:47:05] <Signum> baggito: see virtual_uid_maps and virtual_gid_maps
[13:47:16] <Signum> !tell skar sasl-readme
[13:47:17] <knoba> Signum: Error: No factoid matches that key.
[13:47:19] <Signum> !tell skar saslreadme
[13:47:20] <knoba> Signum: Error: No factoid matches that key.
[13:47:40] <skar> Signum: thanks will read that up
[13:47:41] <skar> :)
[13:47:54] <Signum> !tell skar sasl_readme
[13:47:56] <Signum> that one :)
[13:48:15] <skar> Signum: thanx again :)
[13:48:58] *** birmaan has quit IRC
[13:52:39] <baggito> ok
[13:52:47] <baggito> i seem to have another problem now
[13:53:07] <baggito> can anyone help me find out what these log messages mean
[13:53:08] <baggito> http://rafb.net/p/pRbFBP76.html
[13:53:11] *** mrfree has joined #postfix
[13:53:23] <baggito> this "fatal: gethostbyname: Success"
[13:53:24] <mrfree> hi all
[13:53:29] <baggito> wierd.
[13:54:48] <mrfree> With my current conf postfix require tls auth but permits smtp connection from 127.0.0.1 without auth. how can I make auth from 127.0.0.1 "optional"??
[13:56:00] *** awk has joined #postfix
[13:56:13] <awk> hi, where abouts do I set disable_vrfy_command ?
[13:56:37] <awk> I added it to main.cnf and it didn't see to disable it
[13:56:57] <awk> I have disable_crfy_command = yes
[13:59:39] *** GMFlash has quit IRC
[13:59:42] *** GMFlash has joined #postfix
[14:03:12] <mrfree> In practice I want smtpd_tls_auth_only=yes only the the connections that aren't from 127.0.0.1
[14:03:15] <mrfree> is it possible?
[14:03:39] <mrfree> The prob is I don't know if roundcube (a webmail client) support ts
[14:03:40] <mrfree> tls
[14:03:50] <mrfree> with smtpd_tls_auth_only=no all works well
[14:04:04] *** snappy has quit IRC
[14:11:18] *** stony has joined #postfix
[14:11:50] <stony> hi
[14:17:22] *** olinux has quit IRC
[14:17:26] *** smesjz has joined #postfix
[14:18:49] <smesjz> moin
[14:20:14] *** JosefAssad has quit IRC
[14:20:56] *** JosefAssad has joined #postfix
[14:21:30] *** gypsymauro has joined #postfix
[14:21:32] <gypsymauro> hi
[14:21:43] <gypsymauro> how can I make postfix to bind a specific address?
[14:23:10] <smesjz> set inet_interfaces
[14:23:24] <smesjz> that's for smtpd, smtp uses smtp_bind_address
[14:24:12] *** f3ew has quit IRC
[14:24:42] *** f3ew has joined #postfix
[14:25:18] *** Andy80^away is now known as Andy80
[14:26:04] *** JosefAssad has quit IRC
[14:26:25] *** JosefAssad has joined #postfix
[14:27:02] *** GoGi has joined #postfix
[14:27:32] <GoGi> What method would you recommend to use DKIM with postfix? There seem to be multiple options.
[14:29:20] <xpoint> dkim-milter, its just not as stable as dk-milter, but dk-milter will get dropped in future when dkim is stable
[14:30:29] *** Zeit|awy has quit IRC
[14:31:29] <baggito> ok i have a very wierd problem with maildir (as opposed to mbox)
[14:32:14] <Andy80> what's wrong in my configuration if I get this error: postfix/qmgr[6266]: warning: connect to transport smtp-amavis: Connection refused ?
[14:34:29] <Zerberus> amavis does not listen on the port specified in the postfix setup
[14:36:37] <gypsymauro> smesjz: uhm I got it but it seems I've to put it in main.cf and in master.cf too?
[14:36:46] *** frp has joined #postfix
[14:37:11] <smesjz> no, only main.cf
[14:37:22] <frp> hello
[14:38:34] <Zerberus> frp: don't chat as root!
[14:39:54] <gypsymauro> smesjz: I'm using vserver do u know? I've a root server that has in its main.cf smtp_bind_address = x.y.z.1 and a guest server that has in main.cf  smtp_bind_address = x.y.z.2, but when I try to restart postfix in the log I get May 28 12:42:45 mail postfix/master[15042]: fatal: bind 0.0.0.0 port 25: Address already in use
[14:41:12] <gypsymauro> :/
[14:41:30] *** frp has quit IRC
[14:41:42] <smesjz> gypsymauro: like I said. smtp_bind_address is used by Postfix for making outbound connections, to for example the gmail.com mailservers. To make Postfix LISTEN on a given IP, use inet_interfaces
[14:42:16] *** frp has joined #postfix
[14:42:57] *** war has quit IRC
[14:43:14] <Zerberus> frp: much better :)
[14:43:25] *** war has joined #postfix
[14:43:45] <awk> hi, where abouts do I set disable_vrfy_command ?
[14:44:04] <Zerberus> awk: in main.cf
[14:45:32] <frp> Thnaks Zerberus
[14:46:40] <gypsymauro> smesjz: I got it tanks :)
[14:49:34] <frp> I am newbie with postfix and I would like to setup rewrite to hide private IPs and private hostnames (company.priv =>company.com). Can somebody give me a clue please ?
[14:50:51] <f3ew> See header_checks and IGNORE
[14:52:03] <frp> thanks f3ew
[14:53:33] <awk> Zerberus: in main.cf I allready have disable_vrfy_command = yes
[14:53:42] <awk> I want to disable vrfy
[14:53:49] <awk> yet if I do a scan it still sayts its enabled
[14:55:51] <Zerberus> awk: did you restart the daemon?
[14:56:04] <awk> yup
[14:56:17] <Zerberus> awk: run: postconf -n | grep vrfy
[14:56:21] <Zerberus> is it listed?
[14:56:44] <tuxcrafter> hello guys I got a problem the internal SquirrelMail needs TSL to send mail. I don't want this
[14:56:57] <awk> blackhole:/etc/postfix# postconf -n | grep vrfy
[14:56:58] <awk> disable_vrfy_command = yes
[14:57:11] <tuxcrafter> so what program does SquirrelMail use from postfix for sending
[14:57:21] <tuxcrafter> i believe this was smtpd
[14:57:24] <tuxcrafter> is this correct
[14:57:29] <tuxcrafter> of smtp
[14:57:30] <Zerberus> tuxcrafter: smtp or the sendmail binary
[14:58:50] <Zerberus> awk: how do you check that VRFY is still active?
[14:59:22] <tuxcrafter> /etc/postfix/master.cf
[14:59:22] <tuxcrafter> smtp      inet  n       -       -       -       -       smtpd
[14:59:22] <tuxcrafter>     -o smtp_tls_security_level=none
[14:59:22] <tuxcrafter>     -o smtpd_tls_security_level=none
[15:00:02] <tuxcrafter> will this not interfere with the external use ?
[15:02:52] <mrfree> tuxcrafter, I think I have the same problem with roundcube... I want that TLS must be used for "external" connection (!=127.0.0.1) but I want "local" (=127.0.0.1) auth to be optional, so I can conf roundcube to auth using user creds
[15:03:06] <awk> I tested by sending a mail, when our mail server establishes a connection with another mail server to deliver an e-mail message, I check the validity of the destination user on the remote host by using the VRFY command. i'm just worried people can brute force common login names with the 'VRFY' command
[15:03:17] <awk> i think i found the problem though.
[15:03:34] <Zerberus> awk: hm?
[15:04:00] <mrfree> I think Roundclue doesn't support tls, otherwise I could use tls with the "local" connection too
[15:04:28] <awk> lame, embarrassed to say :) just a typo I had
[15:04:29] <Zerberus> tuxcrafter: use smtp:127.0.t0.1 with -o smtpd_tls_security_levelnone and smtp:<public_IP> without that option
[15:04:30] *** Laibsch has joined #postfix
[15:05:32] <Laibsch> Can I tag instead of reject based on RBLs with postfix?  A quick google search did not turn up an answer.
[15:05:40] <mrfree> actually anyone (tipically script) can send email using postfix from localhost withput auth, but in this way a webmail-user can change its identity and send email from any address
[15:06:09] <mrfree> "/anyone (tipically/everyone (tipically"
[15:07:49] <Zerberus> Laibsch: http://opensource.confusticate.com/rbl-milter/
[15:09:07] <Zerberus> mrfree: scripts typically use sendmail, not smtp - if you fear system users may misuse their shell then don't give them one
[15:10:25] <mrfree> Zerberus, mmhhh I think you're right... so I need to use TLS only from "external" ips and disable it for the local connections, right?
[15:11:42] <mrfree> Zerberus, the commands you suggested to tuxcrafter should work for me too?
[15:12:07] <Zerberus> mrfree: yes
[15:12:35] <tuxcrafter> Zerberus: May 28 15:11:22 ashley postfix/qmgr[20799]: warning: connect to transport amavisfeed: Connection refused
[15:12:49] <tuxcrafter> yesterday i got a amavisfeed element in the master.cf
[15:12:53] <tuxcrafter> i removed it
[15:13:01] <tuxcrafter> and all its links to it (filter)
[15:13:04] <mrfree> Zerberus, thz I'll try
[15:13:15] <tuxcrafter> but it is shouting in my mail.log
[15:13:23] <tuxcrafter> i dont know how to get rid of it
[15:13:47] <tuxcrafter> is er a query somewhere that needs to be cleaned
[15:14:51] <Andy80> I need to implement a pop3 server too.... what kind of server do you suggest me?
[15:16:26] <Zerberus> tuxcrafter: do you have mail in the mailqueue, left over from time when the amavis was in your config?
[15:16:40] <tuxcrafter> maybe
[15:16:45] <tuxcrafter> but how can it be cleared
[15:16:54] <tuxcrafter> i dont care about loss
[15:16:57] <Zerberus> man postsuper
[15:17:17] <Zerberus> Andy80: dovecot
[15:18:08] <Andy80> thanks Zerberus
[15:19:10] <tuxcrafter> Zerberus: i did a postsuper -p (purge) but the error is still there
[15:19:25] <tuxcrafter> and it apairs evey few secons in the log
[15:19:36] <GoGi> is it normal that local users on a mail server can send mails with any "MAIL FROM:" address? Is there nothing such as reject_sender_login_mismatch for local mails?
[15:19:37] <tuxcrafter> every 1 min exact
[15:21:07] <Zerberus> tuxcrafter: postconf -n | grep amavisfeed
[15:21:46] <Zerberus> GoGi: if they use the sendmail binary: no
[15:22:15] <GoGi> Zerberus: you mean the only way is to disable the sendmail binary?
[15:23:11] <tuxcrafter> Zerberus: postconf -n | grep amavisfeed nothing there
[15:23:17] <Zerberus> GoGi: you have faking shell users?
[15:23:26] <tuxcrafter> postconf | grep amavisfeed < nothing there to
[15:23:36] <Zerberus> tuxcrafter: grep amavisfeed /etc/postfix/master.cf
[15:23:42] <GoGi> Zerberus: no, it's just theoretical
[15:24:26] <GoGi> Zerberus: but now that I think about it, a shell user could just write his own smtp-client, could he not?
[15:25:24] <tuxcrafter> Zerberus: postsuper has no option to show this, at leased i dont see it
[15:25:46] <Zerberus> GoGi: yes, or just copy over the sendmail binary from somewhere else
[15:26:08] <tuxcrafter>  grep amavisfeed /etc/postfix/master.cf < nothing there to like I sad
[15:26:57] <Zerberus> tuxcrafter: postsuper -r all
[15:27:01] <GoGi> Zerberus: the postfix "sendmail" binary does not use postfix? (postdrop)
[15:27:02] <tuxcrafter> May 28 15:26:22 ashley postfix/qmgr[20799]: warning: connect to transport amavisfeed: Connection refused
[15:27:03] <tuxcrafter> kill 20799
[15:27:18] <Zerberus> s/all/ALL
[15:27:30] <tuxcrafter> postsuper -r ALL
[15:27:31] <tuxcrafter> postsuper: Requeued: 1 message
[15:27:34] <tuxcrafter> yes there it is
[15:28:01] <tuxcrafter> postsuper -d 1
[15:28:29] <tuxcrafter> Zerberus: thanks
[15:28:59] <tuxcrafter> Specify -r ALL to requeue all messages.
[15:29:02] <tuxcrafter> over read
[15:29:04] <tuxcrafter> sorry
[15:30:18] <tuxcrafter> Zerberus: localhost:smtp
[15:30:18] <tuxcrafter> smtp:localhost
[15:30:18] <tuxcrafter> 127.0.0.1:smtp
[15:30:32] <tuxcrafter> what is the difference between them? in the master.cf file
[15:31:12] <smesjz> oh no..it's tuxcrafter again :( safe women and sheeps first!
[15:33:00] <tuxcrafter> smesjz: localhost:smtp, smtp:localhost, 127.0.0.1:smtp, smtp:127.0.0.1 do you know the difference between them in the master.cf file
[15:33:07] * Signum breaks the glass and hits the "Evacuate!" button
[15:33:18] <Dominian> tuxcrafter: they all mean the same thing
[15:33:24] <smesjz> or the eject one :)
[15:34:00] <tuxcrafter> do they really all have the same meaning?
[15:35:40] <Zerberus> tuxcrafter: the proper syntax is explained in "man 5 master"
[15:39:54] <mrfree> Zerberus, can I set multiple ips??
[15:40:10] <mrfree> man doesn't report anything about this
[15:40:22] <Zerberus> mrfree: you can have multiple definitions, line per line
[15:40:28] <tuxcrafter> Server replied: 111 Can't open SMTP stream
[15:40:58] <mrfree> Zerberus, ok but this doesn't mean multiple processes?
[15:42:00] <Zerberus> mrfree: they are launched by the master at need
[15:42:20] <smesjz> tuxcrafter: what does your master.cf look like? arent there plenty of amavis examples out there?
[15:42:35] <tuxcrafter> smesjz: not workng on amavis
[15:42:38] <smesjz> it's amazing how you manage to have all kinds of problems with Postfix
[15:42:47] <Dominian> heh
[15:42:48] <mrfree> Zerberus, ok thz
[15:42:51] <smesjz> "connect to transport amavisfeed: Connection refused"
[15:43:25] <tuxcrafter> smesjz: yes there was still a message in the query that wanted the removed amavisfeed
[15:43:57] <smesjz> it's called a queue :)
[15:44:37] <tuxcrafter> correct s/query/queue/
[15:45:25] <smesjz> :)
[15:49:19] <tuxcrafter> Signum: i just read the last part of the new tutorial. I got one question when you do a /etc/init.d/amavis restart does your /var/log/mail.log say that SPAM AND VIRUS CODE is LOADED!
[15:50:19] <smesjz> it should, but it depends where amavis is logging
[15:50:39] <Signum> tuxcrafter: it does
[15:50:46] <tuxcrafter> wierd
[15:50:53] <Signum> smesjz: to the chain printer connected to my X.21 interface
[15:50:58] <tuxcrafter> must be debain/ubuntu
[15:51:21] *** the_sniff has quit IRC
[15:51:49] <Signum> probably not debian because it works here. either I have missed to document something or you skipped something from the alpha tutorial. chances are 101.5% for the latter. ;)
[15:52:58] <tuxcrafter> Signum: it is my understanding that in the spama.. config file the enable must be 1 and that the amavis config file must be changed to enable spam and virus scanning
[15:54:35] <Signum> tuxcrafter: there is nothing to do in the spamassassin config. just uncomment the bypass options at amavis and that's it
[15:55:11] <smesjz> oh, you can edit /etc/spamassassin/local.cf though
[15:55:23] <smesjz> or just rtfm :)
[15:55:53] <Signum>  /trigger add -nick tuxcrafter -regexp '\?$' -autoreply "rtfm"
[15:56:17] <tuxcrafter> the fucking manual is outdated or incomplete
[15:56:18] <Laibsch> Zerberus: Thank you for the link.  Are you using the software?  It did not instill too much confidence due to various reasons.
[15:56:26] <smesjz> tuxcrafter: no it's not!
[15:56:38] <Signum> tuxcrafter: usually you find all you need in /usr/share/doc/$PACKAGE/README*
[15:56:46] <Zerberus> Laibsch: no, i am running amavisd-new/maia
[15:56:47] <smesjz> or http://www.ijs.si/software/amavisd/#doc
[15:57:04] <mrfree> Zerberus, the binding works... but there is another problem, roundcube uses the user credential to auth and now (without tls from 127.0.0.1) it works but I can still send email using an address that isn't the one I used for the auth!!!
[15:57:04] <Zerberus> Laibsch: and so far have no experience with milters on postfix
[15:57:21] <smesjz> tuxcrafter: now read this -> http://www.ijs.si/software/amavisd/amavisd-new-docs.html and dont complain it's outdated
[15:57:42] <Zerberus> mrfree: man 5 postconf, there is a switch to check the sender address when using smtp auth
[15:57:48] <tuxcrafter> i read that website until 03:00 this day
[15:57:51] <tuxcrafter> it is outdated
[15:58:02] <smesjz> tuxcrafter: ijs.si is outdated?
[15:58:27] <Signum> smesjz: 5 days old already... go away with that outdated junk
[15:58:48] <smesjz> Signum: if he dares to say ijs.si is outdated, i'll ignore him :)
[15:59:13] <tuxcrafter> it is missing thinks not outdated sorry
[15:59:38] <smesjz> like what?
[15:59:50] * Signum is happy with the docs
[16:00:26] <rob0> The docs smile upon those who read.
[16:00:43] * smesjz sells some outdated docs to rob0
[16:00:56] <Laibsch> Zerberus: For amavisd to d its deed you have to accept the mail, don't you?  I'd like to reject based on sending IP and headers only before delivery (avoid bounce)
[16:00:59] * rob0 stacks them up for a bonfire
[16:01:14] * smesjz gets some marsmellows
[16:01:38] * rob0 prepares to Roast The Fine Manual
[16:02:01] <smesjz> hehe
[16:02:02] <rob0> !cheatsheet
[16:02:03] <knoba> rob0: 'cheatsheet' : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[16:02:08] <rob0> ^^ Laibsch
[16:03:00] <rob0> Laibsch, using the principles therein, I get very little spam, with no content filtering needed.
[16:03:25] <mrfree> Zerberus, I haven't found it :( can you be more specific?
[16:08:17] <tuxcrafter> Signum: http://pastebin.ca/516026 what do you think of that one
[16:09:55] <mrfree> Zerberus, do you mean smtp_sender_dependent_authentication ?
[16:10:37] *** lost_and_unfound has quit IRC
[16:11:32] <mrfree> mmhhh maybe reject_sender_login_mismatch
[16:11:35] <smesjz> tuxcrafter: check permissions on /var/log/clamav dir
[16:12:13] *** rmayorga has joined #postfix
[16:13:50] <tuxcrafter> smesjz: chmod 777 /var/log/clamav/
[16:13:51] <tuxcrafter> know its working, should have come up with that myself
[16:14:14] <smesjz> dont chmod 777 that dir, just chown it
[16:14:53] <mrfree> Great! reject_sender_login_mismatch works ;)
[16:14:55] <smesjz> and remove the 'rw' for others
[16:15:16] <rob0> Ouch, 777 is almost always wrong (except 1777 for /tmp)
[16:15:25] * smesjz points tuxcrafter to the topic "Please know your Unix basics first" :)
[16:15:55] <Signum> smesjz: tuxcrafter is a dark-side-ubuntu-user - www.ubuntuisnotunix.org :)
[16:16:32] <smesjz> he should pass his Linux exam first
[16:18:14] <tuxcrafter> smesjz: /var/log/clamav/ is a directory so it needs 111 than it needs to have read premisions 444 and write premissons 666 it has to be accacaple bij al users owner group and others so it 1+4+2 = 777
[16:18:15] * Signum never wasted any money on LPI
[16:18:36] <Signum> tuxcrafter: you want *all* users to write that directory? you are drunk, right?
[16:18:38] <smesjz> tuxcrafter: ok, that's it. I am gonna ignore you
[16:19:04] <smesjz> tuxcrafter: please don't give me the attitude if you dont know what you're talking about
[16:19:32] <smesjz> i'd forgive you for being ignorant about Postfix, but don't try to correct me on filesystem permissions
[16:20:02] <tuxcrafter> smesjz: i was asking if had it correct because you pointed out 777 was no good
[16:20:17] <tuxcrafter> so i explained why i did it
[16:20:26] <Signum> tuxcrafter: solving permissions problems by setting directories 777 is dangerous!
[16:20:37] <mrfree> Oops... I need to set "smtpd_sender_login_maps" I'm using ldap, so can I list the same ldap:accounts used for mailbox_maps?
[16:20:44] <Signum> tuxcrafter: if everybody were allowed to write everywhere then why do you need user accounts any more?
[16:20:53] <smesjz> tuxcrafter: what makes you think EVERYONE has to WRITE to /var/log/clamav/clamav.log ?
[16:21:12] <Signum> tuxcrafter: what was your root password again?
[16:21:18] * JosefAssad writes "Nothing to see here, move along" to /var/log/clamav/clamav.log
[16:21:25] <smesjz> hehe
[16:21:46] <tuxcrafter> Signum: root = signum
[16:22:33] <tuxcrafter> smesjz: chmod 777 was a stupid thing to do my appology better use 771
[16:22:44] <Signum> tuxcrafter: wrong password. hmm. but at least you left plaintext password authentication in SSH open. :)
[16:23:24] <smesjz> tuxcrafter: or just 770
[16:24:11] <smesjz> only rw for owner, and r for group.
[16:24:14] <tuxcrafter> smesjz: I have the experience that is not very smart on directorys it you want that user can acces directorys in a under laying depth
[16:24:35] <smesjz> and now in English...
[16:24:36] <tuxcrafter> unless you want to block them out
[16:24:59] <tuxcrafter> example /media/sda3/smesjz/share
[16:25:33] <tuxcrafter> if you do chmod 760 /media/sda3/
[16:25:51] <tuxcrafter> than you can never acces smesjz or share if you are not the owner
[16:26:22] <tuxcrafter> so if you have share open for other users with chmod 777 /share
[16:26:23] <smesjz> s/than/then/g
[16:26:30] <smesjz> no
[16:26:34] <tuxcrafter> it will not be accessible
[16:26:35] <smesjz> just use groups
[16:26:41] <smesjz> that's what they are for
[16:26:43] <tuxcrafter> yes sorry
[16:26:45] <tuxcrafter> 771
[16:26:52] <Signum> lol
[16:26:55] <tuxcrafter> group share
[16:26:59] <smesjz> go away with that 771. I dont wanna see it anymore!
[16:27:10] <tuxcrafter> ok
[16:27:31] <tuxcrafter> back to postfi
[16:27:32] <tuxcrafter> x
[16:28:10] <tuxcrafter> is there a text format for the external ip of the server like you have localhost for 127.0.0.1
[16:28:35] <rob0> That's not Postfix. That's DNS. :)
[16:28:45] <rob0> or resolver(5)
[16:28:49] <sepski> tuxcrafter, depends on what you configured in your revers and forward dns
[16:28:49] <tuxcrafter> that way i dont have to work with ip in the master.cf file to make a local smtp and a external smtp
[16:28:52] <smesjz> look at /etc/hosts or so
[16:29:02] <rob0> More Unix basics.
[16:29:09] <Signum> Any Unix basics.
[16:29:19] <smesjz> but uhm you normally dont need to touch master.cf once everything is working
[16:30:26] *** sepski has quit IRC
[16:30:58] <mrfree> Zerberus, It seems that the same ldap entry used for mailbox_maps cannot be used for smtpd_sender_login_maps... postfix still reports that xyz at mydomain dot org isn't the owner of xyz at mydomain dot org email addr
[16:31:27] <smesjz> tuxcrafter: just get the damn set up running before you start to tweak all those trivial stuff
[16:31:54] *** Zeit|idle has joined #postfix
[16:31:59] <tuxcrafter> smesjz: i already had eveyting working so i am tweaking now
[16:32:27] <smesjz> tuxcrafter: so how come you broke clamav? :)
[16:32:44] <smesjz> anyway, the tweaking should be done in main.cf, not master.cf
[16:32:44] <tuxcrafter> i changed it
[16:32:57] <smesjz> right
[16:33:45] <tuxcrafter> smesjz: there is some-strange thing with postfix that if you enable TLS encryption its enforces this also on local processes like amavis and webmail
[16:33:56] <tuxcrafter> so everyting gets brokken
[16:34:12] <smesjz> what has webmail to do with TLS?
[16:34:28] <Signum> he means when sending from the webmail interface via smtp.
[16:34:47] <smesjz> it uses sendmail to submit mail, so it's not using TLS anyway
[16:34:48] <tuxcrafter> smesjz: it makes use of smtp from postfix
[16:34:56] <Signum> he set the tls security to forbid any non-TLS connections
[16:35:08] <tuxcrafter> if you use sendmail it will not check for smap or viruses
[16:35:23] <smesjz> sure it does
[16:35:39] <smesjz> my setup checks it
[16:35:46] *** ratschnowski has joined #postfix
[16:36:34] <ratschnowski> hello, just installed postfix,cyrus,spamassassin,clamav and amavis on debian sarge which really works fine now
[16:36:56] <ratschnowski> but i am looking for a virusscanner, which allows to check uploaded files wheather they are infected
[16:37:13] <ratschnowski> all incoming mails are being checked, but when a user does an attachement, it is not
[16:37:27] <ratschnowski> are there any tools available?
[16:37:41] <Signum> ratschnowski: when you install clamav-daemon and enable it in amavis (see @bypass...) then you have a free virus scanner
[16:37:54] <ratschnowski> i know, thats what i did
[16:38:06] <ratschnowski> but only attachemts that the user receives are checked
[16:38:21] <ratschnowski> i want the attachements the user wants to send being checked, so the opposite way
[16:38:31] <Signum> ratschnowski: then see @local_domains_acl
[16:38:42] <ratschnowski> in amavis?
[16:39:01] <Signum> ratschnowski: yes
[16:39:10] <ratschnowski> ok, will check that out
[16:39:19] <Signum> ratschnowski: amavis cannot know whether an email is incoming or outgoing. it looks at the sender address to determine where the mail comes from
[16:39:59] <ratschnowski> so principally its possible with amavis, also to check and refuse virus infected attachements sent by the user?
[16:40:12] <Signum> ratschnowski: correct.
[16:41:00] <tuxcrafter> Zerberus: 84.245.7.46:smtp inet  n  -       -       -       -     smtpd
[16:41:01] <tuxcrafter> 127.0.0.1:smtp inet  n    -       -       -       -     smtpd
[16:41:01] <tuxcrafter>     -o smtp_tls_security_level=none
[16:41:01] <tuxcrafter>     -o smtpd_tls_security_level=none
[16:41:11] <tuxcrafter> this is not working like you said
[16:41:34] <ratschnowski> m
[16:42:22] <ratschnowski> Signum: in my local_domains_acl I defined .$mydomain and the url of the server, so how to change that? take out the server-url?
[16:43:49] <Signum> ratschnowski: set it to @local_domains_acl = ();
[16:44:00] <ratschnowski> ok, will try that
[16:44:01] <Signum> ratschnowski: that way amavis will trust no domain and scan all emails
[16:44:09] <ratschnowski> ok, cool
[16:44:23] <Signum> ratschnowski: if you avoid looking at its source code amavis is really great ;)
[16:44:26] *** Andy80 has quit IRC
[16:44:54] <ratschnowski> i am not so advanced, but glad with the results it has
[16:44:57] *** nescius has joined #postfix
[16:45:28] <Signum> ratschnowski: there isn't much other software. amavis is pretty widespread.
[16:48:37] <ratschnowski> works perfecrtly! Thx! I am ready with my tasks, time for a beer now!
[16:49:22] <Signum> ratschnowski: thanks... guiness for me
[16:49:33] <tuxcrafter> Signum: can you post me your master.cf i removed one line to much :-P
[16:50:23] * smesjz gives tuxcrafter a copy of MS Exchange...play with that ;)
[16:50:48] <tuxcrafter> smesjz: geep it nice don't use nasty words
[16:51:26] <tuxcrafter> i am just learning something new there is nothing wrong with that
[16:51:39] <smesjz> actually Exchange a nice product. Just because it's from MS, it does not mean it's bad
[16:52:22] <tuxcrafter> I am against the way ms does business most of there products are fine
[16:53:07] <Signum> tuxcrafter: /usr/share/postfix/master.cf.dist
[16:53:21] <smesjz> s/there/their/. Did you learn English at an MBO college or so?
[16:53:22] <tuxcrafter> perfect
[16:57:15] <tuxcrafter> when is the smtps used
[16:57:16] *** mrfree has quit IRC
[16:57:36] <tuxcrafter> is it also used for local delivery
[17:00:48] *** nachox has joined #postfix
[17:03:31] <smesjz> it makes no sense for local delivery to have the connection TLS encrypted
[17:04:06] <smesjz> local delivery agents use pipe commands to deliver mail and not TCP based connections
[17:04:33] <nachox> guys, i created a custom filter and attached it to smtp in master.cf, it applies to both incomming and outgoing mails, is there any way to apply that only to outgoing mails?
[17:07:04] <nachox> i can paste the relevan part of master.cf if you need to
[17:09:48] *** caravena has joined #postfix
[17:14:14] *** ratschnowski has left #postfix
[17:18:53] <Laibsch> rob0: Thank you for the link upon which I had stumbled in the past.  I think I have applied most of the principles therein (the ones I understood) and have reduced the spam by 80-90%.  The stuff that does get through is from DynIP now.  I don't want to reject them outright but add a Header for filtering.
[17:21:46] <rob0> Oh, that's too bad. Zen.spamhaus.org (thru PBL) blocks dynamic IP space. But they do allow people to remove themselves from PBL (once!)
[17:25:21] *** caravena has quit IRC
[17:25:32] *** Dalios`` has quit IRC
[17:36:07] *** nescius has quit IRC
[17:38:58] <Laibsch> rob0: Thank you for the hint
[17:39:25] <Laibsch> Looks very interesting indeed.  I think I will test it and check the logs frequently for a few days.
[17:41:58] *** Lap_64 has quit IRC
[17:46:26] *** [miles] has quit IRC
[17:50:15] *** frp has quit IRC
[17:58:00] *** [aa] has joined #postfix
[17:59:15] <[aa]> Hi! - I have a transport_map for some email adresses in me postfix, now, when that transport host is down postfix goes and uses the fallback_relay host instead - anyone know how to get it to now do that ? - Ie prefrably queue it untill the host in the transport_map comes alive again?
[18:08:58] <rob0> Laibsch: Use warn_if_reject or soft_bounce.
[18:13:03] <Laibsch> rob0: Isn't that global, then?  I want to really reject based on other RBL.  But I have to say the zen RBL seems to be quite reasonable.  It might become my only RBL.
[18:16:32] <gypsymauro> which imap daemon will suggest postfix?:)
[18:19:01] *** [aa] has quit IRC
[18:19:52] <tuxcrafter> smesjz: i had it i am going to kill the security! this is what i have know postconf -e 'smtp_tls_security_level = encrypt'. BUT postfix cant handle this very well for internal email it wants to use TLS to and that is ridiculous and it doesn't work. Therefore webmail and local mail isn't working with encrypt level. I believe this is bad design of postfix. I will set it back to may level after many hours of frustration. If you guys know ho
[18:20:54] 
[18:24:15] *** olinux has joined #postfix
[18:24:32] *** hoodow has joined #postfix
[18:24:48] <rob0> tuxcrafter, you were setting permissions of 777 and 666 ... and now you're worried about security?? I doubt you even know what you're talking about.
[18:25:21] <rob0> The "bad design" is that people who don't know enough about it think they can run a mail server.
[18:25:59] *** tuxcrafter has quit IRC
[18:26:17] <rob0> Laibsch: soft_bounce is global, warn_if_reject applies only to the next restriction.
[18:27:14] <rob0> I guess I offended tuxcrafter ... oh well. You guys tried; I succeeded. ;)
[18:29:22] *** hemry has joined #postfix
[18:29:56] *** tuxcrafter has joined #postfix
[18:30:05] *** HiroViro has joined #postfix
[18:30:14] <tuxcrafter> back
[18:30:47] <HiroViro> Hey guys Im a begiiner wth postfix, i used sendmail in past, whats the first step in setting it up?
[18:30:55] <rob0> !basic
[18:30:56] <knoba> rob0: 'basic' : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[18:31:05] *** gahan has joined #postfix
[18:31:40] *** Techdeck has left #postfix
[18:32:07] <nachox> ok, it seems i need an extra smtpd listening in a different port to apply a piped filter only to outgoing mails right?
[18:32:35] <nachox> the mail server is not multihomed...
[18:32:42] <gahan> i'm using local_transport = virtual and i have my virtual file contains of email@address user; user exists in /etc/passwd and his mailbox is in place, when i try to send an email to email@address it would fwd it to "user@localhost" and then it says: user unknown. what am i missing form configuration?
[18:33:19] <gahan> i forgot to mention local_recipient_maps = $virtual_maps
[18:33:49] *** killown has joined #postfix
[18:37:33] <HiroViro> Hey guys Im a begiiner wth postfix, i used sendmail in past, whats the first step in setting it up?
[18:38:47] <smesjz> tuxcrafter: we told you already that security is more than just TLS.
[18:39:56] <tuxcrafter> smesjz: yes but postfix is the weakest link here, maybe with some nasty loop hols it can be configured. but it is not documented very well
[18:40:00] <smesjz> tuxcrafter: so i really doubt if local mail is trying to use TLS. As I already explained, it's highly unlikely that Postfix tries to set up TLS when local mail is delivered using 'deliver' (Dovecot) or maildrop or virtual
[18:40:19] <tuxcrafter> smesjz: test it you self
[18:40:40] <smesjz> tuxcrafter: stop complaining about the docs ffs, they're fine. Otherwise consult the mailinglist
[18:40:51] <rob0> "smtp_tls_security_level = encrypt" means that all OUTGOING connections are encrypted.
[18:40:52] <smesjz> tuxcrafter: show me your evidence that TLS is used for local mail delivery
[18:40:55] <tuxcrafter> try encrypted mode and webmail trough smtp
[18:41:16] <tuxcrafter> yesterday i posted a lot of data with pastebin
[18:41:51] <smesjz> fine, grep your logs for the evidence then. I refuse to believe it
[18:41:54] <tuxcrafter> i will set the settings again and show it
[18:42:09] <smesjz> please do so.
[18:44:47] <smesjz> if you set virtual_transport = maildrop/virtual/dovecot then it will NOT use TLS but obey the settings from master.cf
[18:44:50] *** jduggan_ has joined #postfix
[18:44:53] *** cilly has quit IRC
[18:45:09] <smesjz> otherwise i'll cook rob0's sock and eat it
[18:45:31] <jduggan_> anyone got some good scripts to analyze postfix usage?
[18:45:48] <smesjz> pflogsumm
[18:45:48] <rob0> gahan: Thou shalt not mix thine Address Classes. "local_transport = virtual" is an abomination.
[18:46:08] <jduggan_> smesjz: ive used pflogsumm, theres nothing better?
[18:46:17] <smesjz> jduggan: mailgraph?
[18:46:32] <smesjz> i think pflogsumm is very detailed in its analysis
[18:46:44] <HiroViro> i need help, can anyone please answer some questions?
[18:46:53] <smesjz> what other info do you want pflogsumm to give?
[18:46:58] * rob0 wants some Sock Soup
[18:47:01] <smesjz> HiroViro: dont ask to ask
[18:47:36] * smesjz puts some karma in the soup
[18:48:33] <jjshoe> I'm trying to configure up postfix + sasl and I'm getting the following error: May 29 01:04:27 fish postfix/smtpd[30730]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
[18:48:33] <jjshoe> May 29 01:04:27 fish postfix/smtpd[30730]: fatal: no SASL authentication mechanisms
[18:48:43] <jjshoe> any ideas why it would fail to find sasl auth?
[18:48:55] <jjshoe> I'm following http://www.postfix.org/SASL_README.html as best I can
[18:49:11] <HiroViro> smesjz: i just opened a dialog box with u
[18:49:20] <jjshoe> it never talks about running saslauthd, do I need to have this daemon running full time?
[18:50:11] *** gypsymauro has left #postfix
[18:50:28] <smesjz> HiroViro: no private msg please. Only on channel
[18:50:36] <tuxcrafter> smesjz: http://pastebin.ca/516276
[18:51:18] <smesjz> tuxcrafter: what does virtual_transport says?
[18:51:33] <smesjz> ah, you're using a TLS connection to Amavis
[18:51:43] <tuxcrafter> smesjz: were can i get the info
[18:51:52] <smesjz> s/were/where/g
[18:51:56] <smesjz> it's in the logs
[18:52:14] <tuxcrafter> /var/log/mail.log?
[18:52:16] <smesjz> postconf virtual_transport
[18:52:27] <smesjz> but that's not the problem here
[18:52:44] *** HiroViro has quit IRC
[18:52:46] <smesjz> the fact is that you did not enable SSL connections in Amavis. And I am not sure if even supports SSL
[18:53:04] *** gahan has left #postfix
[18:53:07] <smesjz> and it doesnt make sense to have TLS to amavis if it's on localhost
[18:53:18] <skar> hi, i've got a central postfix server which acts as smtp-auth for several regional postfix servers, and some OL clients, now which smtp-auth is better, sasl in port 465 or tls in port 465, which supports both postfix clients as well as MUAs?
[18:54:09] <rob0> tuxcrafter: I already answered that, and am losing patience with you.
[18:54:12] <tuxcrafter> smesjz: exactly but i was able to fix this by explicitly changing the master.cf to to have amavis and the return path not to use encryption!
[18:54:25] <rob0> 16:40 < rob0> "smtp_tls_security_level = encrypt" means that all OUTGOING connections are encrypted.
[18:54:52] <tuxcrafter> rob0: i know but smesjz wanted to see the logs
[18:55:18] <rob0> Postfix -> content_filter is an outgoing connection.
[18:55:23] <smesjz> http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps <-- disable TLS for localhost
[18:55:34] <jjshoe> k, any ideas why I would get htis?
[18:55:34] <jjshoe> testsaslauthd -u jjshoe -p changed -r joel.io
[18:55:34] <jjshoe> connect() : No such file or directory
[18:55:34] <jjshoe> 0: root@fish:/usr/local/lib/sasl2#
[18:56:12] <rob0> "smtp_tls_security_level = encrypt" also means that you can only deliver to remote sites which offer TLS!
[18:56:49] <smesjz> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy and make a line like: 'localhost none'
[18:58:02] <smesjz> tuxcrafter: Postfix is just doing what you tell it to do. Hence you need to make an exception for localhost
[18:58:31] <tuxcrafter> i have a permit_mynetworks every were
[18:58:37] <jjshoe> this is driving me nutts ;(
[18:58:44] <rob0> Most sites cannot function with "smtp_tls_security_level = encrypt" set.
[18:58:45] <tuxcrafter> in the restriction lines
[18:59:09] <tuxcrafter> rob0: yes i also decied to put it back to may
[18:59:39] <smesjz> tuxcrafter: permit_mynetworks has nothing to do with outgoing connections. For postfix, 127.0.0.1:10024 is outbound
[18:59:54] <tuxcrafter> ow oke
[19:00:01] <smesjz> well, nothing to do with outgoing connections when it comes to TLS
[19:02:02] <smesjz> tuxcrafter: you'd really should spend more time reading http://www.postfix.org/postconf.5.html . It's all documented ;)
[19:02:14] <tuxcrafter> testing the polocy
[19:02:40] <smesjz> good
[19:02:57] <tuxcrafter> smesjz: please point me the exact line i read a awful lot of the text
[19:03:21] <smesjz> please RTFM for god sake and use 'Ctrl-F' to find stuff
[19:04:01] <smesjz> this is even better I think -> http://www.postfix.org/TLS_README.html
[19:04:47] *** FlashNet3 has joined #postfix
[19:05:25] <FlashNet3> hi, i just installed postfix, and bought a static ip, and domain, what do i need to do next to setup my mta?
[19:05:32] <smesjz> tuxcrafter: and as we say in Dutch 'toon wat meer inzet' :)
[19:05:50] <smesjz> FlashNet3: http://www.postfix.org/BASIC_CONFIGURATION_README.html
[19:05:58] <rob0> !tell FlashNet3 basic
[19:06:05] <smesjz> gmta rob0 ;)
[19:06:51] <tuxcrafter> postconf -e 'smtp_tls_policy_maps = hash:/etc/ssl/tls_policy'
[19:06:51] <tuxcrafter> echo 'localhost none' > /etc/ssl/tls_policy
[19:06:53] <tuxcrafter> not working
[19:07:00] <tuxcrafter> checkig the docs again
[19:10:18] *** frennkie has quit IRC
[19:11:08] <tuxcrafter> stanby forgot something
[19:11:33] <smesjz> if you want some debugging, set debug_peer_list = your.remote.ip
[19:12:19] <FlashNet3> #myorigin = /etc/mailname  -should i change this line to myorgin=test.com ?
[19:12:34] *** the_sniff has joined #postfix
[19:12:38] *** madclicker has joined #postfix
[19:12:41] <the_sniff> my mailqueue seems stuck
[19:12:49] <the_sniff> and i can't seem to find anything wrong with the logs
[19:12:55] <smesjz> FlashNet3: not required if /etc/mailname contains test.com
[19:13:43] <tuxcrafter> echo 'localhost none' > /etc/ssl/tls_policy
[19:13:44] <tuxcrafter> postmap /etc/ssl/tls_policy
[19:13:44] <tuxcrafter> postconf -e 'smtp_tls_policy_maps = hash:/etc/ssl/tls_policy'
[19:13:48] <tuxcrafter> and I restarted postfix
[19:13:53] <tuxcrafter> but it still gets blocked
[19:14:02] <tuxcrafter> (TLS is required, but was not offered by host 127.0.0.1[127.0.0.1])
[19:14:17] <rob0> /etc/mailname is OS-specific.
[19:14:35] <FlashNet3> smesjz: i dont understand what do u mean? I just bought a domain at dyndns, and i am trying to setup postfix, and im so confused
[19:14:36] <rob0> FlashNet3: did you read the !basic document?
[19:14:41] <FlashNet3> yes
[19:14:54] <Logikos> i just installed dovecot and postfix and i'm geting this message when i try to download my emails: Plaintext authentication disabled .. how do i enable plantext auth?
[19:14:55] <FlashNet3> whats the url for basic doc?
[19:14:57] <rob0> And you said you had sendmail experience?
[19:15:08] <rob0> !tell FlashNet3 basic
[19:15:13] <smesjz> *sigh*
[19:15:13] <FlashNet3> basic
[19:15:30] <smesjz> Logikos: edit dovecot.conf
[19:15:43] <smesjz> and set disable_plaintext_auth: no
[19:15:49] <Logikos> smesjz: alright, thanks
[19:16:00] <smesjz>  disable_plaintext_auth = no even
[19:17:36] <Logikos> #disable_plaintext_auth = yes is commented out right now, but i removed the '#' and changed yes to no ....
[19:17:58] *** Azhi_Dahaka has joined #postfix
[19:18:01] <Azhi_Dahaka> hi
[19:18:01] <Logikos> how do i restart dovecot
[19:18:20] <smesjz> Logikos: rtfm ?
[19:18:28] <Azhi_Dahaka> how can i get the version of postfix? i tried postconf mail_version and got the date
[19:18:31] <smesjz> what about killall dovecot && dovecot
[19:18:57] <smesjz> Azhi_Dahaka: it says 2.4.0 here
[19:19:04] <Logikos> sorry, i'm atempting to work with linux again after being away from it for over 10 years lol ... and i wasnt real great at it back then...
[19:19:06] <smesjz> but the behaviour has changed I think
[19:19:29] <smesjz> Logikos: that's a lame excuse :P
[19:19:36] <Azhi_Dahaka> i got postfix-20010202 or something like that
[19:19:42] <smesjz> iew
[19:19:50] <smesjz> sure about the 2001?
[19:19:59] <smesjz> or it's just example? :)
[19:20:03] <smesjz> + an
[19:20:18] <Azhi_Dahaka> it's 2001
[19:20:21] <Azhi_Dahaka> ancient
[19:20:30] <Azhi_Dahaka> i suppose that's not even 2.0
[19:20:33] <rob0> It's a poor crowd today. :(
[19:20:34] <smesjz> indeed
[19:21:00] <smesjz> it's like 1.1 or even older
[19:21:09] <Azhi_Dahaka> crap!
[19:21:19] <smesjz> Azhi_Dahaka: but install 2.2/2.3 or 2.4
[19:21:24] <smesjz> get rid of that old junk
[19:21:28] <Azhi_Dahaka> i suppose that the differences between that and 2.4 are huge
[19:21:33] <rob0> Logikos: How do you suppose we would be able to answer that question? 1. This is #postfix not #dovecot ; 2. It's an issue with your distro's init script anyway.
[19:21:34] <smesjz> or put it in a museum
[19:21:39] <Azhi_Dahaka> it's possible to update?
[19:22:03] <smesjz> sure, it will likely break your config. But I really doubt that you have that box in production anyway
[19:22:20] <smesjz> rob0: I do both :)
[19:22:21] <Azhi_Dahaka> it is...
[19:22:30] * smesjz forsakes Azhi_Dahaka
[19:22:42] <Azhi_Dahaka> i didn't configure it... i arrived and i found that
[19:22:59] <rob0> I use dovecot too, but /dev/crystal_ball didn't tell me what OS he was using.
[19:23:12] <Logikos> rob0: its simple, i have no idea what i'm doing and i have 5 different manuals open that i'm trying to search though, plus i was in this chan already from asking a previous question, combined with the fact that i didnt know it was a problem with dovecot to begin with .. but anyways, thanks lol
[19:23:18] <FlashNet3> so how do i sendmail with postfix?
[19:23:21] <smesjz> rob0: if he compiled it from source, you have to use 'killall'
[19:23:56] *** devdas has joined #postfix
[19:24:02] <smesjz> Azhi_Dahaka: just announce a maintainance window of let's say 2 hour where you can upgrade Postfix to 2.{2,3,4}
[19:24:05] <Logikos> i'm learning as fast as i can ... but there is still so much to cover ... i'll get there, in time
[19:24:06] *** rlm has joined #postfix
[19:24:10] <the_sniff> lol :P
[19:24:15] <devdas> Two hours to upgrade Postfix?
[19:24:25] <devdas> I have never had to announce downtime for that
[19:24:30] <smesjz> devdas: to be safe. He's coming from 0.99 or so
[19:24:35] <devdas> stop, rpm -Fvh, start
[19:24:39] <devdas> oh god
[19:24:40] <rob0> Logikos: see /topic, "Please know your Unix basics first." You should concentrate on learning your OS first.
[19:24:43] <devdas> empty the queue
[19:24:44] <smesjz> devdas: you're a Postfix jedi, he's not
[19:24:47] <devdas> and do a make install
[19:24:54] <devdas> not a make upgrade
[19:25:08] <devdas> unless you plan to upgrade through a few intermediate versions
[19:25:09] <smesjz> devdas: he prolly need to review his config too
[19:25:11] <rob0> Mail is a very difficult area of Unix administration.
[19:25:34] <devdas> rob0: one of the most difficult
[19:25:37] <smesjz> yea, they like girls..takes a while before you know what you're doing ;)
[19:25:42] <devdas> lol
[19:25:43] <smesjz> + are like girls even
[19:26:10] <Logikos> rob0, i'm tryin :P ... the thing is that i've done all this before, over 10 years ago, i built the first server, however i forgot so much i dont want to touch the first one to update it cause if i break something i wont be able to fix it, so instead i'm building anouther one to replace it ... anyways, i'll keep reading, thanks
[19:26:30] <devdas> Logikos: what is your current configuration?
[19:26:47] * devdas wonders if it would be feasible to move most of it over unchanged
[19:27:13] <Logikos> devdas: old server is on slack 8.1 (i think) ... new one is running ubuntu server 6.06
[19:27:18] <smesjz> Logikos: ok, if you build Dovecot from source you need to 'killall' to stop Dovecot.
[19:27:26] *** hparker has joined #postfix
[19:27:32] <smesjz> devdas: see, the two hour window isn't so strange
[19:27:36] <rlm> any body have prepflog.pl script? please mail it me to lm-net at inbox dot ru
[19:27:52] *** cilly has joined #postfix
[19:27:56] <smesjz> hparker! you spam-magnet you!
[19:28:01] <devdas> prepflog.pl?
[19:28:08] <devdas> smesjz: nah
[19:28:16] <devdas> I would build the box, test it
[19:28:25] <devdas> and then just cut over the IP addresses
[19:28:26] <rlm> devdas, http://jimsun.linxnet.com/downloads/pflogsumm-faq.txt Q14  14. Pflogsumm Reports Double Traffic When Anti-Virus Scanner Used.
[19:28:29] <devdas> <=== cheap
[19:28:32] <hparker> Afternoon all
[19:28:37] <smesjz> hehe
[19:28:37] <devdas> rlm: ah
[19:28:40] <rlm> ... You may find  prefiltering your log with his "prepflog" does it for you.  You can find it at <http://web.tiscali.it/postfix/>...
[19:29:22] *** Seeraa has joined #postfix
[19:29:36] <Azhi_Dahaka> sorry, but i have never used postfix or any MTA
[19:30:11] <Azhi_Dahaka> is version 2.1.5 secure?
[19:30:17] <devdas> Azhi_Dahaka: yes
[19:30:21] <devdas> but fairly old
[19:30:51] <smesjz> get yourself an extra free copy of 2.3 or 2.4
[19:32:56] *** nachox has left #postfix
[19:37:19] *** mofino has joined #postfix
[19:38:03] *** Tino is now known as Tinozaure
[19:38:54] <mofino> How do I see where I've made errors in the master.cf
[19:39:11] <devdas> Syslog?
[19:39:14] <mofino> but i mean
[19:39:20] <jjshoe> I'm really lost on what I need to do permissions/groups wise to be able to get saslauthd and postfix to play nice together, can anyone provide some assistance or a document that covers this?
[19:39:26] <mofino> does master report it, or would the called program?
[19:39:32] <devdas> jjshoe: Postfix runs as user Postfix
[19:39:33] <mofino> ie, smtpd
[19:39:50] <jjshoe> devdas that I understand
[19:39:53] <devdas> mofino: it will generally be a fatal: error from smtpd, with a warning as well
[19:40:03] <mofino> ok
[19:40:12] <devdas> jjshoe: so all that you need is that your postfix user can see the saslauthd socket
[19:40:33] <mofino> ahhh, hahah, mail.err
[19:40:34] <devdas> In any case, you will have a warning associated with a fatal error
[19:40:34] <mofino> duh
[19:40:43] <devdas> log mail.* to a single file
[19:40:46] <jjshoe> devdas does saslauthd need to be running or will postfix start it on incoming mail and let it die afterwords?
[19:40:50] <mofino> devdas, no kidding...
[19:40:51] <devdas> It makes debugging much easier
[19:40:53] <mofino> yeah
[19:41:03] <devdas> jjshoe: saslauthd needs to be running
[19:41:17] <devdas> Debian ships with seriously broken defaults
[19:41:21] <Azhi_Dahaka> has anyone used the postfix included on OSX Tiger?
[19:42:23] *** lunaphyte has quit IRC
[19:43:13] <jjshoe> devdas no matter what I do I keep getting "fatal: no SASL authentication mechanisms"
[19:43:28] <mofino> jjshoe, you can't do cram-md5 with rimap
[19:43:51] <mofino> or certain other saslauthd libs
[19:44:21] <jjshoe> mofino ? I'm not doing md5
[19:44:40] <jjshoe> mech_list: PLAIN LOGIN
[19:44:51] <mofino> ok
[19:45:02] <mofino> then you have other problems
[19:45:02] <devdas> do you have the plaintext mechs allowed?
[19:45:26] *** UQlev has joined #postfix
[19:45:28] <jjshoe> devdas ?
[19:45:35] <jjshoe> I don't understand what you're asking
[19:46:03] <devdas> there's a configuration option to allow plain text mechanisms
[19:46:08] <devdas> without TLS
[19:46:13] <jjshoe> a configuration option for what where?
[19:46:31] <jjshoe> I've not heard of anything like that referenced in the meek documentation
[19:47:54] <jjshoe> I've done everything http://www.postfix.org/SASL_README.html says, but I still get the no sasl auth mech error
[19:48:14] <the_sniff> anyone has a good place to learn how to do header checks for postfix?
[19:49:09] <devdas> !header_checks
[19:49:10] <knoba> devdas: 'header_checks' : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.
[19:49:22] <devdas> jjshoe: Patrick Koetter has a good howto
[19:50:48] <theblackbox> ...postfix-2.3.8/pflogsumm-conn-delays-dsn-patch \ No <db.h> include file found. \ Install the appropriate db*-devel package first \ ...... anyone know why I'm getting this error on a postfix compile? it's a slackware system, so I'm reluctant to use the db3-devel rpm, which is the only mention I can find in the release notes of a devel pkg
[19:51:41] <Azhi_Dahaka> ok... i'm trying to understand the OSX mail config tool but i don't get what a SMTP relay is...
[19:52:08] <devdas> theblackbox: you have to install that
[19:52:15] <devdas> or the Slackware equivalent
[19:52:23] <Azhi_Dahaka> can i have two mail servers on the same network with the same name?
[19:52:46] *** brancaleone has joined #postfix
[19:54:08] *** AJ__Z0 has joined #postfix
[19:54:23] <jjshoe> I've tried this one even and no luck
[19:54:24] <jjshoe> http://www.linux-noob.com/forums/index.php?s=5db2c0c8e9bd7333bf42fe5971814fbd&showtopic=2850&pid=10312&st=0&#entry10312
[19:55:16] <jjshoe> devdas you're not reffering to this 'tutorial' with zero details are you? http://postfix.state-of-mind.de/patrick.koetter/smtpauth/sasl_configuration.html
[19:55:36] *** smesjz has quit IRC
[19:56:01] *** AJ_Z0 has quit IRC
[19:56:02] <devdas> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html
[19:56:05] <devdas> yes
[19:56:07] *** AJ__Z0 is now known as AJ_Z0
[19:56:44] *** Seeraa has quit IRC
[19:56:53] <devdas>  smtpd_sasl_security_options = noanonymous << instead of the default noanonymous, noplaintext
[19:57:16] <jjshoe> so far that's the howto with the least amount of details that I've found :\
[19:57:33] <devdas> I use it when I need to configure authentication
[19:58:43] <jjshoe> well I'm glad installing an rpm configures authentication for you.
[19:58:53] <theblackbox> thanks devdas, I'll take it up with ##slackware then
[20:02:51] <Azhi_Dahaka> how can i set the users allowed to connect to the smtp server?
[20:03:31] <devdas> Azhi_Dahaka: they should be able to do that by default
[20:03:58] <Azhi_Dahaka> but, what if i don't want everyone to connect to the server?
[20:04:22] <Azhi_Dahaka> is it possible to disallow the smetp to recieve connections from ips different from the local ones?
[20:04:27] <Azhi_Dahaka> outside of the lan?
[20:04:40] *** cilly has quit IRC
[20:04:47] <devdas> use a firewall
[20:05:03] <devdas> or set inet_interfaces only to listen to the internal interface and loopback
[20:05:09] <Azhi_Dahaka> so, smtp can't do that, right?
[20:05:10] *** the_sniff has quit IRC
[20:06:21] <jjshoe> testsaslpasswd works
[20:06:33] <jjshoe> so something's wrong with postfix and saslauthd connecting
[20:07:12] <devdas> what are the permissions on the socket?
[20:07:28] <devdas> actually, no, your error does not imply that you have a socket connection error
[20:07:57] <rob0> theblackbox: What Slackware version?
[20:08:06] <theblackbox> 10.2
[20:08:11] <jjshoe> devdas
[20:08:12] <jjshoe> root@fish:/var/run/saslauthd# ls -ald *
[20:08:12] <jjshoe> srwxrwxrwx  1 root root  0 2007-05-29 01:59 mux
[20:08:12] <Azhi_Dahaka> devdas, so if smtp isn't allowing external connections then the issue is outside of the realm of postfix, right?
[20:08:15] <hparker> The rob0 special version
[20:08:23] <jjshoe> devdas is it mux, or mux.accept ?
[20:08:26] <theblackbox> rob0, I'm using the updated SB script now, see if it works
[20:08:27] <rob0> yeah, I guess 10.2 didn't have db44
[20:09:11] <rob0> Your fix is to set the symlink of /usr/include/db.h to point to a compatible BDB library.
[20:09:52] *** cilly has joined #postfix
[20:10:35] *** killown has quit IRC
[20:10:35] <rob0> There is no need to use a BDB RPM in Slackware. There are various db* packages.
[20:10:40] <theblackbox> BDB lib?
[20:11:31] <rob0> ls /var/log/packages/db*
[20:12:10] <theblackbox> deff not got any, only got 2/3 dozen pkgs installed
[20:12:16] <theblackbox> been working from the top down
[20:12:57] * xpoint builds houses from the ground, not from an airplane :-)
[20:14:34] <theblackbox> but planning is done from a birds eye view ;)
[20:15:00] <hparker> just don't look up at said bird, liable to get a mess in your eye
[20:16:30] <jjshoe> devdas what should authdaemond_path point to in smtpd.conf?
[20:16:44] * theblackbox has had that happened before.... not nice
[20:16:59] <theblackbox> yep a db3 package sorted it, thanks all
[20:17:00] *** etaylor has quit IRC
[20:17:03] <devdas> jjshoe: mux
[20:17:13] <devdas> Azhi_Dahaka: yes
[20:17:31] <jjshoe> devdas for that path you mean? or my previous question?
[20:17:36] <Azhi_Dahaka> iptables dpt:smtp means that the rule is applie to port 25, right?
[20:17:39] <devdas> the previous question
[20:17:43] <devdas> yes
[20:17:44] *** etaylor has joined #postfix
[20:19:22] <mofino> Azhi_Dahaka, cat /etc/services
[20:19:43] *** mrivera has joined #postfix
[20:19:45] <mofino>  > brane
[20:19:46] <devdas> cat?
[20:19:50] <devdas> hehe
[20:19:50] <mofino> yes
[20:20:02] <devdas> grep -i smtp /etc/services, surely?
[20:20:07] <mofino> maybe
[20:20:13] <mofino> so my PF setup works
[20:20:26] <mofino> works very well
[20:20:55] <devdas> I told you so
[20:20:59] *** JeffH has joined #postfix
[20:21:16] <mofino> I had to hack around a few things
[20:21:25] <mofino> but it's pretty badass
[20:21:44] <JeffH> I just installed postfix, followed by courier-imap.  However, when I try to open my mail application I'm told the password authentication fails.. is there something I need to configure?
[20:21:47] <mofino> mynetworks=0.0.0.0/0 had to be used
[20:21:48] <mofino> ;)
[20:22:02] <Azhi_Dahaka> ok... i found A LOT of drop rules for dpt:smtp
[20:22:09] *** mrivera has quit IRC
[20:22:12] <mofino> JeffH, so is that pop3 or smtp?
[20:22:15] <mofino> or imap even
[20:22:20] <JeffH> imap
[20:22:31] <mofino> and you installed courier-imap for that?
[20:22:41] <Azhi_Dahaka> the thing is that i need to configure postfix on other computer but that change is supposed to be transparent to the users
[20:22:50] <JeffH> did you read what I wrote?
[20:22:58] <mofino> JeffH, did you check what channel you came in?
[20:23:13] <mofino> I believe you want #courier
[20:24:07] <devdas> mofino: whoa
[20:24:20] <devdas> how did you get Postfix to work with 0/0?
[20:24:41] * rob0 is betting it was a joke :)
[20:24:49] <mofino> devdas, I told it too
[20:24:56] <devdas> It probably was
[20:25:06] <devdas> but knowing mofino, there are no guarantees
[20:25:09] <mofino> devdas, it's for the localhost content->postfix server
[20:25:17] *** JeffH has left #postfix
[20:25:24] <devdas> so you allow 127.0.0.0/8
[20:25:27] <mofino> no
[20:25:34] <mofino> i'm assuming the client
[20:25:43] <mofino> XCLIENT
[20:25:52] <mofino> so i have to allow more
[20:25:52] <devdas> al
[20:25:53] <devdas> ah
[20:26:04] <mofino> but it screws me for sasl users
[20:26:10] <mofino> so i allowed 0.0.0.0/0
[20:26:29] <mofino> i mean, it's sitting on localhost:10026
[20:26:32] <mofino> i'm sure it's safe :)
[20:27:24] <rob0> #  postconf mynetworks
[20:27:24] <rob0> mynetworks = 0.0.0.0/0
[20:27:26] <jjshoe> devdas I think I have it
[20:27:30] <jjshoe> saslauthd -d -a shadow
[20:27:31] <jjshoe> shows
[20:27:37] <jjshoe> saslauthd[32171] :ipc_init        : listening on socket: /var/state/saslauthd/mux
[20:27:40] <jjshoe> which is not what I want
[20:27:45] <mofino> jjshoe, debian?
[20:27:53] <jjshoe> mofino slackware
[20:27:58] <mofino> chroot?
[20:28:00] <jjshoe> no
[20:28:03] <mofino> damn
[20:28:13] <jjshoe> smtp      unix  -       -       n       -       -       smtp
[20:28:15] <jjshoe> mofino why? :)
[20:28:31] <mofino> jjshoe, wrong socket spot for a chroot in debian
[20:28:33] <mofino> that's all
[20:28:51] <jjshoe> I have no idea how to get it to listen in a different spot though
[20:28:52] <jjshoe> hrm
[20:28:54] <mofino> but maybe i'm thinking of something else.
[20:29:00] <mofino> startup
[20:29:06] <mofino> heh
[20:29:13] <mofino> man saslauthd
[20:29:17] <mofino> you'll be amazed
[20:29:35] <jjshoe> root@fish:/usr/local/lib/sasl2# man sslauthd
[20:29:36] <jjshoe> No manual entry for sslauthd
[20:29:36] <jjshoe> root@fish:/usr/local/lib/sasl2#
[20:29:37] <jjshoe> insanely :)
[20:29:41] <mofino> sslauthd
[20:29:46] <mofino> lern 2 spel
[20:30:05] <jjshoe> um, I spelled it write
[20:30:09] <jjshoe> right*
[20:30:22] <mofino> ...
[20:30:33] <mofino> maybe your a was too much for the computer to handle
[20:30:34] <jjshoe> but thanks for being a jerk anyways :)
[20:30:49] <jjshoe> devdas yeah, need to add that to the defaults deal
[20:32:00] <rob0> Slackware 11 (and maybe 10.2 too) has a SASL package included.
[20:33:09] *** awk has quit IRC
[20:33:25] <jjshoe> yeah I'm running 10 however
[20:33:35] *** jonez has quit IRC
[20:34:40] *** killown has joined #postfix
[20:35:46] *** lunaphyte has joined #postfix
[20:36:01] *** cilly has quit IRC
[20:36:14] *** thrawn has joined #postfix
[20:36:34] <jjshoe> hrm
[20:36:36] <jjshoe> I'm running
[20:36:39] <jjshoe> /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
[20:38:27] <jjshoe> yeah, it was just the test command I was using setting a bad path
[20:38:30] <jjshoe> this still isn't helping
[20:38:31] <jjshoe> grrrrrrrrrrrrrrrrrr
[20:39:56] <jjshoe> anyone have any other ideas? :(
[20:40:42] *** cilly has joined #postfix
[20:43:39] <jjshoe> it's like it cant find the libs
[20:44:09] *** majikman-home has joined #postfix
[20:44:27] *** rsd has joined #postfix
[20:45:20] *** killown has quit IRC
[20:45:43] <rob0> I recall something from Cyrus SASL docs long ago, that /usr/lib/sasl2 had to be a symlink to the real location (/usr/local/lib/sasl2).
[20:47:06] *** alexIdoia has joined #postfix
[20:47:07] <alexIdoia> hi there, I have ask this already but nobody could not reply to me, I am sending email from a php application I have written, I use the fonction mail(), I think I am using good headers but my recipient recieve from www-data@vladimir (vladimir behing the name of my machine) most of them refuse the vladimir part because it is not a Full qualified domain name. HOw can set this properly ?
[20:47:16] <alexIdoia> is it a php problem ?
[20:50:24] <jjshoe> rob0 yeah, just tried doing that
[20:51:00] <devdas> alexIdoia: you need to fix your sendmail_path in php.ini
[20:51:22] <theblackbox> I'm getting a fatal: /etc/postfix/main.cf, line 662: missing '=' after attribute name: "permit_mynetworks, "
[20:51:41] <jjshoe> rob0 bingo!
[20:52:02] <devdas> theblackbox: add whitespace before the permit_mynetworks
[20:52:07] <theblackbox> now I know where it's complaining of, but I've tried this main.cf before (with 2.3.8)
[20:52:11] <theblackbox> ahhh ;)
[20:52:18] <jjshoe> ok now it's down to a permission error
[20:52:45] <jjshoe> warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
[20:54:21] <alexIdoia> devdas: ok
[20:56:10] <alexIdoia> devdas: what exactly should I put there ?
[20:57:56] *** thrawn has quit IRC
[20:57:57] *** devdas has left #postfix
[20:59:30] <alexIdoia> :does anyone have any idea of what I could put in php.ini to the line sendmail_path= so that it actually send correct FROM header ?
[21:00:29] <jjshoe> well what the f
[21:01:58] <jjshoe> this is obviously a permission error but I don't see any problems with perms
[21:02:06] <jjshoe> root@fish:/var/run/saslauthd# ls -ald *
[21:02:07] <jjshoe> srwxrwxrwx  1 root root  0 2007-05-29 03:08 mux
[21:02:07] <jjshoe> lrwxrwxrwx  1 root root 36 2007-05-29 03:08 saslauthd -> /var/spool/postfix/var/run/saslauthd
[21:02:07] <jjshoe> root@fish:/var/run/saslauthd#
[21:02:36] <alexIdoia> where do I set the FQDN for postfix ?
[21:03:57] <Laibsch> !basic
[21:03:58] <knoba> Laibsch: 'basic' : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[21:04:11] <Laibsch> alexIdoia: that was for you
[21:04:24] <Laibsch> Your question should be answered there.
[21:04:26] <Laibsch> Bye
[21:04:29] *** Laibsch has left #postfix
[21:13:46] <jjshoe> ARGHHHHHHHHHHHHHH
[21:14:24] *** JeffH has joined #postfix
[21:15:06] <JeffH> if I change mynetworks to '192.168.0.0/24' that should allow any machine with an ip of 192.168.0.x to send mail, right?
[21:15:26] <Signum> JeffH: yup
[21:16:22] <JeffH> alright, last question I think.. what's the configuration option to tell the server to send all outgoing mail through my ISP's mail server?
[21:17:15] <Signum> !relayhost
[21:17:15] <knoba> Signum: 'relayhost' : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination.
[21:17:28] <JeffH> thanks
[21:17:46] <jjshoe> root@fish:/var/run# ls -ald saslauthd/
[21:17:46] <jjshoe> drwxr-xr-x  2 root sasl 136 2007-05-29 03:34 saslauthd/
[21:17:46] <jjshoe> root@fish:/var/run#
[21:18:20] <jjshoe> what else do I need to do?
[21:24:01] *** viashino has joined #postfix
[21:28:41] *** rlm has quit IRC
[21:34:48] *** viashino has left #postfix
[21:35:03] *** viashino has joined #postfix
[21:35:05] *** viashino has left #postfix
[21:35:17] *** xDie has joined #postfix
[21:35:43] <xDie> hi all
[21:37:45] *** pyr0t0n has joined #postfix
[21:37:48] <pyr0t0n> AHOI
[21:38:00] <pyr0t0n> deutsche da / german here ?
[21:38:14] <hparker> English please
[21:38:23] <pyr0t0n> k i try ^^
[21:38:43] <pyr0t0n> i have a debian server and made this tut http://workaround.org/articles/ispmail-sarge/index.shtml.de
[21:39:09] <pyr0t0n> i have create the testuser and send an email to user at virtual dot test with telnet
[21:40:03] <pyr0t0n> then i have create the domain pyr0soft.de (because this is my domain) and i have created the user admin at pyr0soft dot de but if i try to send an email from my GMX mail account to this email a get an email back with
[21:40:14] <pyr0t0n> Diagnostic-Code: X-Postfix; unknown user: "admin"
[21:40:27] <xDie> you use multidomian?
[21:41:27] <pyr0t0n> what you mean ? i need morge email adresses with @pyr0soft.de
[21:42:13] <xDie> you use ldap?
[21:42:35] <pyr0t0n> no i have all make like the tut
[21:42:39] <xDie> in imapd.conf
[21:42:48] <xDie> in var virualuserid
[21:42:49] <pyr0t0n> postfix with courier-pop and courier-imap
[21:42:58] <xDie> is enables?
[21:43:09] <xDie> aa
[21:43:17] <xDie> no idea
[21:43:37] <pyr0t0n> ^^
[21:43:48] <xDie> :)
[21:43:54] <xDie> i have problems with hylafax
[21:44:02] <xDie> any can helpme?
[21:44:06] <pyr0t0n> xD
[21:44:12] <Signum> pyr0t0n: what does the mail.log say about that?
[21:44:13] <alexIdoia> what is the flag to use with sendmail to set the return path ?
[21:44:22] <pyr0t0n> wait i will post it
[21:44:29] <Signum> pyr0t0n: pastebin please
[21:44:43] <pyr0t0n> pastebin ?
[21:44:44] <xDie> i have server with postfix imap ldap , etc
[21:44:44] 
[21:44:53] <Signum> !tell pyr0t0n pastebin
[21:45:56] *** dmesg has joined #postfix
[21:46:01] *** dmesg has left #postfix
[21:46:23] <pyr0t0n> Signum here http://paste.debian.net/29115
[21:46:45] *** rsd has quit IRC
[21:46:53] <Signum> pyr0t0n: you read the warning? postfix *means* that. (not to mention that I warned about that in the tutorial, too)
[21:48:19] <pyr0t0n> ah sry ok where i have to delete it ?
[21:48:28] <alexIdoia> can someone please tell me how sendmail set the return path of my email ? where is it set ? or how can I change it via the command line ?
[21:48:34] <Signum> pyr0t0n: either as a local domain (mydestination) or the virtual mailbox domain
[21:48:52] <pyr0t0n> ok one moment pls
[21:50:29] <pyr0t0n> ah nice one Signum my problem is solved now i can receive my email... BIG THX
[21:50:40] <Signum> pyr0t0n: You're welcome. :)
[21:50:47] <xDie> hey any can helpme with hylafax?
[21:50:48] <pyr0t0n> xD thx
[21:50:53] <xDie> i cant create transport
[21:50:56] <xDie> no foud user
[21:50:57] <alexIdoia> Signum: what that for me ?
[21:51:07] <xDie> :(
[21:51:29] <Signum> alexIdoia: no
[21:51:53] <Signum> alexIdoia: don't you have a manpage for "sendmail"?
[21:52:14] <Azhi_Dahaka> anyone with experience with ReMOSitory?
[21:52:33] <JeffH> what's a good spf server to use with postfix?
[21:52:36] <alexIdoia> well I have read it and I could not find what I need, the -F option set the ReturnPath only for mail which have not been set
[21:53:11] <Signum> alexIdoia: I'd say "-f" according to the manpage
[21:53:59] <alexIdoia> Signum: well I understood that this was when error happened
[21:54:14] <Azhi_Dahaka> WRONG channel
[21:54:33] <Signum> alexIdoia: it's the envelope sender address. it's mailed in case of errors but also as the "real sender" (as opposed to the "From: " header)
[21:55:36] <JeffH> does anyone here have postfix configured to use SPF? Is it worth setting up?
[21:55:54] *** mh_le has joined #postfix
[21:56:46] <mh_le> I'm having problems getting smtpd to auth users for outgoing SMTP. I get this error..
[21:56:47] <alexIdoia> Signum: so the From and this are different ?
[21:56:49] <mh_le>  SASL PLAIN authentication failed: authentication failure
[21:56:50] <jjshoe> I will give the person head who helps me clear up this error "SASL authentication failure: cannot connect to saslauthd server: No such file or directory"
[21:57:01] <Signum> JeffH: we have set it up at work (unfortunately not Postfix there). I'd say that it's worth it for large organisations/corporations who get a bad reputation if other people send spam on their behalf. But most spammers rather like to fake addresses from public mail services instead. So... not the best solution to stop spam.
[21:57:23] <jjshoe> mh_le is that your top most sasl error or are their more?
[21:57:30] <Signum> alexIdoia: Yes. The envelope sender is what is printed on the paper envelope. While the letter inside the envelope can have printed anything on it. Your postman won't care about it.
[21:57:45] <JeffH> Signum: okay.. sounds like it might not be worth doing for my small home e-mail server.
[21:57:55] <Signum> alexIdoia: If the recipient is not available it will sent back to who is printed on the envelope. This information is needed for the delivery. The other "From: " header is just for show and tell.
[21:58:06] <mh_le> jjshoe:  warning: unknown[xxx.xxx.xxx.xxx]: SASL PLAIN authentication failed: authentication failure
[21:58:21] <Signum> JeffH: proper RBLs and a bayes-based spam filter might help you better
[21:58:46] <mh_le> jjshoe: I'm using mysql as a backend
[21:58:59] <JeffH> I've been experiencing a big increase in spam lately and just trying to find ways to handle it other than spamassassin and the UCE howto I read at postfix.org
[21:59:12] <jjshoe> mh_le good luck :) I'm fighting with sasl and shadow
[21:59:21] <alexIdoia> ok thanks a lot Signum
[21:59:30] <mh_le> jjshoe: oh
[22:00:16] <Signum> JeffH: depends on how many false positives you can tolerate. if you are really angry you can use dangerous RBLs like SORBS and use address verification. but that will definitely lead to false positives.
[22:00:19] <Signum> alexIdoia: yw
[22:00:48] <JeffH> Signum: I can ignore spam real easy.. it's just annoying.
[22:01:10] <Signum> JeffH: if you can sort it away automatically... good... use it to train your filter. :)
[22:01:23] *** skar has left #postfix
[22:01:24] <Signum> JeffH: stopping spam altogether is hardly possible unless you stop buying rolex replicas
[22:01:37] *** pyr0t0n has quit IRC
[22:05:45] <jjshoe> I will give the person head who helps me clear up this error "SASL authentication failure: cannot connect to saslauthd server: No such file or directory"
[22:06:01] <jjshoe> I think it has to do with permissions of the mux directory or something, but I can't figure it out :(
[22:06:41] *** jhp has joined #postfix
[22:07:59] <jhp> Hi everyone. I'm currently running a 2.2 version of postfix. I saw that there is a lot of extra stuf in 2.3 and 2.4, can I just replace this and keep the config and start from there, or are there a lot of changes in configfiles between those versions?
[22:09:39] 
[22:11:03] *** prebur has quit IRC
[22:12:14] <mh_le> mysql even
[22:12:41] <mh_le> I'm trying to auth for the smtp server but it's not working
[22:12:59] <jjshoe> which process do I need to strace if I want to see why something is failign when I send an email?
[22:13:47] <JeffH> is there a spam equivalent of the EICAR virus?
[22:14:17] <jhp> No, spam is something completly different then a virus.
[22:14:43] <jhp> Spam is not the same for everybody.
[22:14:56] <jhp> What is spam for me could be ham for you.
[22:15:01] <JeffH> I understand that..  but what I'm looking for is something that will trigger my spam filter so that I can test the spamassassin installation.
[22:15:16] <jhp> Just post your email adres somewhere and wait.
[22:15:34] <jhp> You will see it fast enought if it works.
[22:15:40] <Signum> JeffH: yes, there is. look at the spam sample that comes with your spamassassin
[22:16:01] <tuxcrafter> Signum: do you have a X-SPAM header add in your mail
[22:16:02] <JeffH> Signum: thanks.
[22:16:21] *** prebur has joined #postfix
[22:16:39] <Signum> !learn gtube as "Generic Test for Unsolicited Bulk Email" - an eicar.com like spam signature that always should trigger spam filters
[22:16:43] <jjshoe> GOD IT
[22:16:46] <jjshoe> FINALLY
[22:16:47] <Signum> tuxcrafter: X-Spam-Status
[22:16:48] <jjshoe> f's sake :P
[22:16:55] <Signum> tuxcrafter: yes
[22:16:59] <tuxcrafter> Signum: wierd
[22:17:14] *** jjshoe has left #postfix
[22:19:33] <tuxcrafter> Signum: X-Priority: and X-Virus-Scanned: but nothing about spam i did: $sa_tag_level_deflt = -9999; and i know amavis is running on local mail and SPAM CODE is loaded
[22:20:07] <tuxcrafter> how can I see if it is really run trough spamassassin
[22:24:05] <tuxcrafter> Signum: does spamassassin have a log file somewhere
[22:24:34] *** cilly has quit IRC
[22:26:30] <Signum> tuxcrafter: the bypass lines are uncommented?
[22:27:49] <tuxcrafter> yes
[22:28:54] <tuxcrafter> @bypass_spam_checks_maps = (
[22:28:55] <tuxcrafter>    \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
[22:30:18] <Signum> tuxcrafter: did you send mail from your own system?
[22:30:37] <Signum> tuxcrafter: if so... see: 05-domain_id:@local_domains_acl = ( ".$mydomain" );
[22:30:40] <tuxcrafter> Signum: yes
[22:30:50] <tuxcrafter> i removed the text between the ()
[22:31:06] <Signum> tuxcrafter: bad
[22:31:11] <tuxcrafter> and log shows amavis is PASSED
[22:31:18] <tuxcrafter> Signum: bad?
[22:31:20] <Signum> tuxcrafter: again... see: 05-domain_id:@local_domains_acl = ( ".$mydomain" );
[22:31:26] <tuxcrafter> ok
[22:31:44] <Signum> by "read" I mean the text above that line, too :)
[22:31:54] <tuxcrafter> @local_domains_acl = ();
[22:32:37] <tuxcrafter> whp
[22:33:46] <JeffH> Is there something that needs to be done to hook spamassassin into postfix?  I installed sa and when an e-mail is received I see no indication that spamassassin was used.
[22:34:24] <Signum> JeffH: You either call it from your .procmailrc or use it site-wide through AMaViS and filter all emails.
[22:35:06] <tuxcrafter> Signum: I set it back to @local_domains_acl = ( ".$mydomain" ); and reloaded amavis
[22:35:11] *** doomas_ is now known as doomas
[22:35:16] <JeffH> that's right, I forgot AMaVis.. I was thinking that was just for virus stuff.
[22:36:10] *** doomas has left #postfix
[22:36:18] <Signum> JeffH: amavis plays both country *and* western
[22:36:27] <tuxcrafter> Signum: i send mail from a diffrent sefer but still no X-SPAM
[22:36:37] <tuxcrafter> s/sefer/server/
[22:37:07] <tuxcrafter> amavis[4442]: (04442-02) Passed CLEAN
[22:37:13] <tuxcrafter> but no headers
[22:37:27] <Signum> tuxcrafter: what did you set in your @local_domains_acl now?
[22:37:37] <tuxcrafter> May 28 22:33:48 ashley amavis[4441]: ANTI-VIRUS code      loaded
[22:37:37] <tuxcrafter> May 28 22:33:48 ashley amavis[4441]: ANTI-SPAM code       loaded
[22:37:37] <tuxcrafter> May 28 22:33:48 ashley amavis[4441]: ANTI-SPAM-SA code    loaded
[22:37:37] <tuxcrafter> May 28 22:33:48 ashley amavis[4441]: Unpackers code       loaded
[22:37:42] <tuxcrafter> the same as you posted
[22:37:49] <tuxcrafter> @local_domains_acl = ( ".$mydomain" );
[22:37:57] <Signum> and is $mydomain the domain you have sent to?
[22:38:30] *** doomas has joined #postfix
[22:40:31] *** rootsvr has joined #postfix
[22:42:06] <tuxcrafter> head -n 1 /etc/mailname
[22:42:07] <tuxcrafter> ashley.lavendel.tk
[22:42:18] <tuxcrafter> that indeed not correct
[22:42:30] <tuxcrafter> may it have the ashley part
[22:42:57] <Signum> ?
[22:43:36] <tuxcrafter> chomp($mydomain = `head -n 1 /etc/mailname`)
[22:46:27] <Signum> correct. so your email was sent to someone at ashley dot laventel.tk?
[22:50:07] <tuxcrafter> no to user at lavendel dot tk
[22:50:14] <tuxcrafter> but ashley is the server name
[22:50:56] <Signum> but it's obvious that amavis did not add spam headers then.
[22:52:41] *** stony has quit IRC
[22:52:41] <tuxcrafter> but i have a lot of vhost with different domains
[22:53:19] <Signum> tuxcrafter: Correct. You need to run SQL queries to list the "local" domains properly. Something that it still to be documented.
[22:53:34] <Signum> tuxcrafter: there should be a README.SQL in your /u/s/d/amavis directory
[22:55:03] <tuxcrafter> X-Virus-Scanned: Debian amavisd-new at tuxblogger.nl
[22:55:04] <tuxcrafter> X-Spam-Score: -0.833
[22:55:04] <tuxcrafter> X-Spam-Level:
[22:55:04] <tuxcrafter> X-Spam-Status: No, score=-0.833 tagged_above=-9999 required=6.31
[22:55:09] <tuxcrafter> Signum: thank you
[22:55:56] <Signum> tuxcrafter: there you go :)
[22:56:41] <Signum> tuxcrafter: now you see why a tutorial makes sense. because it tries to navigate around all these problems you currently have.
[22:57:05] *** rcsu has quit IRC
[22:57:06] <tuxcrafter> Signum: i have been using a lot of tutorials
[22:57:20] <tuxcrafter> but they stop were I want to go furter
[22:59:28] <Signum> We are dealing with a lot of components here. And all have their own religion.
[23:00:34] <mh_le> anyone know why postfix dosen't ike this line..
[23:00:41] <mh_le> query = SELECT goto FROM alias WHERE active=1 AND address='%s'
[23:00:44] <mh_le> ?
[23:01:16] *** rootsvr has quit IRC
[23:03:40] <Signum> mh_le: why do you think it doesn't like it?
[23:04:26] <mh_le> Signum: produces an error in the logs
[23:05:07] <Signum> mh_le: which error?
[23:05:28] *** brancaleone has quit IRC
[23:05:53] <tuxcrafter> Signum: i got my apache with SquirrelMail and TSL ok
[23:06:00] <tuxcrafter> i will send you the mail
[23:06:37] <tuxcrafter> only i believe there sould be a TSL cert for every part of the procces like dovecot, postfix, apache
[23:06:51] <tuxcrafter> now i use one cert and key for all of theme
[23:06:57] <tuxcrafter> but that is not the way to go
[23:07:18] <tuxcrafter> i am getting warnings in apache about not matching CN and ServerNames
[23:07:37] <tuxcrafter> I think the cert is subdomain connected
[23:07:45] <mh_le> Signum: odd now it dosen't complain..
[23:07:59] <tuxcrafter> so mail.example.com should have a CN of mail.example.com
[23:08:15] <Signum> tuxcrafter: of course it must
[23:08:40] <Signum> tuxcrafter: wildcard certificates are used by some webservers but AFAIK never officially accepted
[23:09:03] <tuxcrafter> example.com indeed this will not work
[23:09:07] <hparker> And usually pretty expensive
[23:09:20] *** alexIdoia has quit IRC
[23:10:37] <tuxcrafter> Signum: but with vhosts this will nog give a nice setup
[23:10:59] <Signum> uh, huh...
[23:10:59] *** x_ray has joined #postfix
[23:11:02] <hparker> Associate the cert with the vhost
[23:11:08] *** x_ray has left #postfix
[23:11:13] <hparker> it's a pita, but works
[23:11:46] <Signum> But it's the way the cookie crumbles. Use a general domain like "webmail.tuxcrafters-internet-service.nl" and serve all webmail accounts there.
[23:11:50] <hparker> (or should, thought I read an article on doing it once)
[23:12:06] <hparker> Signum: And that's what i do ;)
[23:12:22] <Signum> Otherwise you need to buy four million certificates or spit on SSL certificates to be valid.
[23:12:28] <JeffH> Anyone here mind an amavis question?
[23:12:35] <Signum> JeffH: go ahead
[23:12:40] <JeffH> I'm trying to install amavis for use with postfix.  The instructions I found said to add -o smtp_data_done_timeout=1200 to the master.cf.. but I'm getting an error when I do that.. is that the right option to add for the smtp-amavis line?
[23:12:43] <Signum> hparker: the users will probably not even notice :)
[23:13:02] <Signum> JeffH: did you indent that line?
[23:13:19] <JeffH> Signum: nope. haha realized that as soon as I posted.
[23:13:23] <Signum> JeffH: :)
[23:14:37] <hparker> Signum: No one's complained... Even better now that I'm using a cacert that's easy to import to keep the errors down ;)
[23:17:19] *** hemry has quit IRC
[23:18:24] *** mh_le has quit IRC
[23:20:44] *** UQlev has quit IRC
[23:23:03] <tuxcrafter> Signum: can you make a example for generating vhost enabled SSL certs and keys for smtp.example.com (postfix), mail.example.com (dovecot), and webmail.example.com (apache) and login.example.com (apache usersection)
[23:23:13] <tuxcrafter> or is this not possible
[23:23:44] <Signum> what are "vhost enabled ssl certs"?
[23:23:59] <Signum> a cert is made out to a certain common name. no more magic.
[23:24:50] <tuxcrafter> Signum that dovecot and postfix will have a lookup somehow for every domain in the sql database
[23:25:12] <Signum> I don't think that's possible.
[23:25:23] <tuxcrafter> so that vhostone.com and vhosttwo.com an vhost three .com
[23:25:38] <tuxcrafter> can have a matching certificat
[23:26:26] <tuxcrafter> so just let them all use the same certificat
[23:27:06] <tuxcrafter> so in the dns tables just point them all to the same server instead of a IP will that work?
[23:27:15] *** jhp has left #postfix
[23:27:38] <Signum> DNS = name->IP. SSL = name<->common-name-on-the-certificate
[23:27:42] <Signum> these are not connected
[23:29:39] *** hemry has joined #postfix
[23:32:26] <tuxcrafter> A      smtp.tuxblogger.nl       smtp.certified.com
[23:32:27] <tuxcrafter> Signum: maybe this is possible i dont know
[23:32:41] <tuxcrafter> and do this by all vhost dns records
[23:32:50] *** JosefAss1d has joined #postfix
[23:33:23] <tuxcrafter> so that they will all point out the the certified server
[23:33:33] <tuxcrafter> just a ques here
[23:33:42] <JeffH> dang it..  Spamassassin still doesn't seem to be setup right..  My e-mail is being sent to amavisd.. and returned for delivery.. but there's no spam indication
[23:35:15] *** Mazon is now known as mazon
[23:36:16] <tuxcrafter> JeffH: i can help you with that
[23:36:20] <tuxcrafter> i had the same problem
[23:36:33] <tuxcrafter> how ever i can only fix it for ONE vhost domain
[23:36:50] <JeffH> I'm not using vhosts.
[23:36:55] <tuxcrafter> there need to be a sql lookup but i am not that far yet
[23:37:26] <tuxcrafter> JeffH: echo "tuxblogger.nl" > /etc/mailname
[23:37:27] <tuxcrafter> step 1
[23:37:32] *** roe_ has joined #postfix
[23:37:44] <tuxcrafter> replace it with your domain of corse
[23:37:58] <tuxcrafter> vim /etc/amavis/conf.d/20-debian_defaults
[23:37:58] <tuxcrafter> edit line to:
[23:37:58] <tuxcrafter> #$sa_spam_subject_tag = '***SPAM*** ';
[23:37:58] <tuxcrafter> $final_spam_destiny = D_PASS;
[23:37:58] <tuxcrafter> $sa_tag_level_deflt = -9999;
[23:37:59] *** JosefAss1d has quit IRC
[23:38:06] <tuxcrafter> vim /etc/spamassassin/local.cf
[23:38:06] <tuxcrafter> add line:
[23:38:06] <tuxcrafter> bayes_auto_expire 0
[23:38:19] *** JosefAss1d has joined #postfix
[23:38:25] <tuxcrafter> vim /etc/amavis/conf.d/50-user
[23:38:25] <tuxcrafter> add line:
[23:38:25] <tuxcrafter> $myhostname = "ashley.tuxblogger.nl";
[23:38:25] <tuxcrafter> vim /etc/amavis/conf.d/15-content_filter_mode
[23:38:25] <tuxcrafter> uncomment lines:
[23:38:26] <tuxcrafter> @bypass_virus_checks_maps = (
[23:38:27] <tuxcrafter>    \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
[23:38:30] <tuxcrafter> @bypass_spam_checks_maps = (
[23:38:31] <tuxcrafter>    \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
[23:38:33] <tuxcrafter> and your done
[23:38:41] <tuxcrafter> sorry for the flood i am in a hurry :-P
[23:38:57] <JeffH> tux: what distro do you use?
[23:39:46] <tuxcrafter> debian/ubuntu
[23:40:05] <tuxcrafter> JeffH: also check these outcoming files
[23:40:06] <tuxcrafter>  find /etc/amavis/conf.d/ -type f -exec grep -H -n "mydomain" '{}' \;
[23:40:28] <Signum> tuxcrafter: or... fgrep mydomain /etc/amavis/conf.d
[23:40:35] <Signum> tuxcrafter: rather... fgrep -r mydomain /etc/amavis/conf.d
[23:40:38] <tuxcrafter> /usr/share/doc/amavisd-new/RELEASE_NOTES.gz
[23:41:16] <tuxcrafter> Signum: fgrep cool thanks
[23:42:01] <tuxcrafter> Signum: is it part of the GNU/linux tools
[23:43:11] <Signum> tuxcrafter: from the "grep" package
[23:43:32] <tuxcrafter> ah
[23:44:37] *** JosefAssad has quit IRC
[23:49:57] <JeffH> looks like its working now.. except it seems to be refusing spam e-mail.
[23:50:09] <Signum> JeffH: set your D_* actions right.
[23:50:14] <JeffH> I'd rather it tag it and deliver it.
[23:50:18] <Signum> JeffH: I suggest you set the spam action to J_PASS
[23:50:19] <JeffH> Thanks Signum
[23:50:26] <Signum> erm... D_PASS
[23:50:41] <Signum> tuxcrafter: the SQL lookup for amavis is now contained in the tutorial
[23:51:01] <JeffH> Signum: what file are those in?
[23:51:37] <Signum> JeffH: depends on your distribution. grep for D_ there
[23:51:38] <tuxcrafter> Signum: you can get in the blacklist yourself with a bounce is really stupid, because the return address is set by the spammer and can be causing you to spam to
[23:51:54] <Signum> tuxcrafter: yep
[23:51:57] <tuxcrafter> alwass pass spam
[23:52:21] <tuxcrafter> at leased that is what i read somewhere
[23:52:56] <hparker> quarantine it for the end user to sift through.. If they want to
[23:53:37] <tuxcrafter> Signum: Debian amavisd-new at tuxblogger.nl
[23:53:47] <tuxcrafter> cant we set a nice ClamAV line there
[23:54:01] <tuxcrafter> in the tutorial
[23:54:09] <tuxcrafter> i already saw the setting somewer
[23:54:44] *** pirho has quit IRC
[23:55:30] <tuxcrafter> Signum: do you know what a * in the X-SPam-Level header means
[23:55:38] *** JensB has quit IRC
[23:55:58] <Signum> tuxcrafter: one "*" equals one score point
[23:56:07] <tuxcrafter> ah
[23:56:16] <Signum> tuxcrafter: see the tutorial. it's for regexp matching of certain scores
[23:59:27] *** majikman-home has quit IRC





top