November 14, 2007 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
November 14, 2007 [00:00:04] *** captiancrash has quit IRC[00:00:13] <gpled> mailq to show[00:01:01] <gpled> postcat -q #from mailq[00:01:50] <gpled> i can see postfix/cleanup is getting the time wrong in other spots too[00:03:00] <zamba> thanks both of you :)[00:03:08] <zamba> is there some graphical front-end to all this?[00:04:14] *** dererk has joined #postfix[00:04:39] * dererk says hi to everyone on channel[00:04:44] <zamba> lo![00:05:52] *** duki has quit IRC[00:06:29] <gpled> 250 Hello dererk[00:06:48] <dererk> lol[00:07:24] *** dan__t has quit IRC[00:07:27] <dererk> gpled, 500. Undocumented feature[00:07:29] <dererk> =)[00:07:49] <dererk> uhm, that looks more like a BOFH excuse :)[00:08:00] *** dan__t has joined #postfix[00:10:44] <dererk> I've a problem I can't find. I'm trying to forward _all_ the mail that arrives at "A" postfix box to "B" (postfix also)[00:11:03] <adaptr> forward only ?[00:11:04] <dererk> I carefully checked doc twice to verify I was not insane in the mambrane[00:11:09] <adaptr> as in, "relay" ?[00:11:13] <dererk> yes[00:11:21] <adaptr> as in , switch mydestinations for relay_domains ?[00:11:30] <adaptr> and set a transport map for them to your second box ?[00:11:37] <dererk> at the other way round[00:11:40] <adaptr> no[00:11:51] <dererk> I read relay_domains read $mydestinations[00:12:00] <dererk> oh[00:12:05] <adaptr> no, you need to switch what is in mydestionations to relay_domains[00:12:11] <dererk> transport map is ALWAYS required?[00:12:12] <adaptr> proper English, my boy[00:12:27] <adaptr> no, but the second box has to be an MX for the domains otherwise[00:12:40] <adaptr> if it's not, you need to point the domains at that IP[00:12:48] <dererk> :/[00:12:50] <dererk> slowly please[00:13:19] <dererk> I've all the same domains on the A box in the B box[00:13:31] <adaptr> the. next. hop. for. a. mess-age. is. determined. by. either. a transport, a transport-map, or the MX record for the message's domain[00:13:36] <dererk> defined in $mydestinations[00:13:57] <dererk> uhmmmmmmm[00:14:02] <dererk> I think I got the point[00:14:03] <adaptr> since box A is presumably THE MX for the domains, then box B will not be automatically chosen as the new destination if you relay those domains from box A[00:14:29] <dererk> adaptr, the problem is that B box has 25 port firewalled by my ISP[00:14:29] <adaptr> your choices then are A set box B as the MX for the domains - which you may or may not wish to do depending on WHY you want this done[00:14:43] <dererk> so I defined other port, which part works perfect[00:14:49] <adaptr> or B set up a transport map specifically to box B's IP for those domains[00:15:01] <adaptr> yes - run smtpd on port X on box B[00:15:13] <adaptr> then add[00:15:40] <adaptr> !transport_maps[00:15:40] <knoba> adaptr: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[00:15:43] <dererk> (the relayhost: Bserver:port?)[00:15:49] <dererk> uhm[00:16:04] <adaptr> with * at domain1 dot com smtp:[box.b.ip:port][00:16:11] <adaptr> for each domain[00:16:20] <gpled> hmm, i see often postfix/cleanup is 8 hours ahead. any idea what is doing this?[00:16:37] <adaptr> unless it's everything, in which case you can simplify it with setting a[00:16:41] <adaptr> !relay_host[00:16:42] <knoba> adaptr: Error: "relay_host" is not a valid command.[00:16:44] <adaptr> pfft[00:16:49] <adaptr> !relayhost[00:16:50] <knoba> adaptr: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination.[00:16:56] <adaptr> and specify the port with that[00:17:03] <dererk> adaptr, that's what I did[00:17:06] <gpled> !postfix/cleanup[00:17:06] <adaptr> and ?[00:17:07] <knoba> gpled: Error: "postfix/cleanup" is not a valid command.[00:17:08] <dererk> adaptr, and that part works[00:17:12] <adaptr> which part[00:17:28] <dererk> but I don't get mail to the domains defined in $mydestinations[00:17:37] <dererk> not from A nor B[00:17:43] <adaptr> what was the first thing I told you to do ?[00:18:04] <dererk> Good english? :|[00:18:10] <adaptr> no, before that, even :)[00:18:27] <dererk> to use transport map ?[00:18:28] <adaptr> move the domains from $mydestinations to relay_domains[00:18:32] <dererk> ok[00:18:35] <adaptr> MOVE, not COPY[00:18:38] <adaptr> REMOVE them[00:18:39] <dererk> ok[00:18:51] <dererk> adaptr, let me check that, and meanwhile, thanks for your help[00:18:59] <adaptr> no problem guv[00:19:09] *** GNU\colo has joined #postfix[00:19:42] *** hing has quit IRC[00:21:29] <dererk> OMG[00:21:35] <dererk> wtf was I doing wrong :|[00:21:41] <dererk> adaptr, thanks a *lot*[00:22:19] <adaptr> you were not reading the manual, simply put[00:22:38] <adaptr> everythig in mydestinations is presumed to *be delivered on this box*. period.[00:22:47] <adaptr> it will NEVER be forwarded or relayed[00:22:51] <adaptr> very simple rule[00:22:56] <dererk> ahhhhhhhhhh[00:23:06] <adaptr> that's why they're called "destinations", perhaps[00:23:23] <dererk> yes, I see that I made another mistake[00:23:31] <dererk> I left a few domains on mydestinations[00:23:43] <dererk> and, stupidily, that were the ones I was sendind mail for[00:23:53] * dererk slaps dererk[00:24:11] *** felix_da_catz has quit IRC[00:24:14] <dererk> adaptr, thanks a lot, again[00:24:38] <adaptr> it's confusing to be able to put domain sin both, but then this is not Windows, which would presumably "protect" you from all sorts of functionality :)[00:24:59] <dererk> lmao[00:25:54] *** hing has joined #postfix[00:26:19] <adaptr> there's an added catch, too: you can put $mydestinations in relay_domains and they'll be delivered locally, but the reverse is untrue: if you accidentally put domains in both relay_domains ADN mydestinations then the relay part is silently ignored[00:26:36] <adaptr> you could see it as mydestinations always takes precedence[00:26:43] <adaptr> but it remains potentially confusing[00:27:11] *** gpled has left #postfix[00:27:14] *** prebur has joined #postfix[00:28:49] <dererk> yes, you're right[00:29:02] <dererk> I made a confusion while reading docs[00:29:21] *** pirho has quit IRC[00:30:02] *** flami has joined #postfix[00:35:00] *** pirho has joined #postfix[00:38:44] <shwouchk> I'm having a problem - if I set up an alias chain in postfix, mail gets rejected - but if I set up a single alias for an address, mail gets through... what could cause that?[00:38:54] *** aatmaa has quit IRC[00:40:55] *** lennard has joined #postfix[00:42:55] *** GNU\colossus has quit IRC[00:52:09] *** GNU\colo has quit IRC[00:52:29] *** GNU\colo has joined #postfix[00:59:16] *** flami has quit IRC[01:06:59] *** Bejgli has quit IRC[01:06:59] *** hal1on has quit IRC[01:08:07] *** Internat has quit IRC[01:08:21] *** Internat has joined #postfix[01:08:33] *** donspaulding has joined #postfix[01:09:04] *** lennard has quit IRC[01:09:40] *** Bejgli has joined #postfix[01:10:07] *** sh0t has joined #postfix[01:10:22] <sh0t> hi guys, is there a way i can check to see all addresses in a postfix setup[01:11:52] *** hal1on has joined #postfix[01:11:58] <growltiger> cat /etc/aliases[01:13:12] <sh0t> that wont have virtuals though right?[01:20:00] *** wilymage_ has left #postfix[01:23:25] <rob0> Good case of GIGO. Ask an inspecific question, get a useless answer.[01:24:18] <sh0t> it's pretty specific, ALL addresses in a postfix setup[01:24:36] <sh0t> aliases doesn't countain the non-unix account ones[01:25:32] <rob0> Ah, well, I certainly stand corrected.[01:26:05] *** pitakill has joined #postfix[01:27:44] <shasta> ;)[01:28:14] <shasta> sh0t, "depends on the postfix setup".[01:30:50] *** sh0t has quit IRC[01:32:16] <rob0> :)[01:42:13] *** theblackbox has quit IRC[01:45:58] *** Trengo has quit IRC[01:45:59] <keanne> an ldap addressbook maybe is the easiest way to do it[01:48:21] *** hing has quit IRC[01:50:19] *** theblackbox has joined #postfix[01:56:07] *** Thurisaz has joined #postfix[01:56:16] *** ming_zym has joined #postfix[01:56:19] <Thurisaz> Hi All[01:56:41] <growltiger> hi![01:56:42] <growltiger> wb[01:57:37] <Thurisaz> I need to test my Spam Security. How can I send test spam message to me?[02:06:32] *** lennard has joined #postfix[02:06:47] <rob0> Look in a few spams. Go to the unsubscribe link, enter your email address. Spam will find you.[02:07:13] <hparker> Spammers-R-Us will track you down[02:07:47] *** theblackbox has quit IRC[02:08:25] *** Motoko-chan has joined #postfix[02:08:42] <keanne> or your spam security should have a way to test it. there are tons of sample spam mail in the web.[02:13:00] *** hing has joined #postfix[02:18:43] *** war has quit IRC[02:19:57] *** lennard has quit IRC[02:30:41] *** Bagualas has joined #postfix[02:31:27] <Bagualas> hello, i'm using clamav-filter + postfix + clamav, and this error: fatal: /etc/postfix/master.cf: line 84: bad transport type: content_filter=clamav:clamav any help?[02:32:43] <Thurisaz> hm[02:33:02] *** githogori has quit IRC[02:35:48] <Thurisaz> Bagualas, where did you get info about configuration of clamav in master.cf?[02:37:12] <Thurisaz> I'm using smtp-amavis as content_filter[02:37:53] <Bagualas> i got from http://unitednerds.org/thefallen/docs/index.php?area=Postfix&tuto=Clamav-gsoares[02:37:56] <Thurisaz> do you have installed clamsmtp?[02:38:15] <Bagualas> no I don't[02:38:20] <Bagualas> i'm using the clamav-filter[02:39:02] *** js_ has joined #postfix[02:39:14] <js_> is there a command that shows the current queue size or so?[02:39:30] <js_> im tryingto figure out why it takes so long to receive/deliver mail[02:41:08] <js_> found postqueue -p[02:41:57] <js_> i see that there are mails left in the queue that are 6 hours old[02:42:49] <js_> takes a long time to show the queue.. perhaps i need a better performing machine?[02:43:31] <Thurisaz> Bagualas, do you have user clamav and group clamav on your Unix platform?[02:44:11] <Bagualas> Thurisaz, yeah[02:48:06] <Thurisaz> I actually recommend you to find another HowTo about clamav-filter!! Maybe in this howto sth goes wrong. I can't help you with this, I cant speak Spanish.[02:48:46] <Thurisaz> I don't understand it[02:48:48] <Thurisaz> :([03:05:06] *** Tachy has joined #postfix[03:19:59] *** Tachy_ has quit IRC[03:26:03] <Bagualas> Thurisaz, that is portuguese man :|[03:26:44] <Thurisaz> ok, sorry for the mistake[03:28:24] <Bagualas> i'll try mailscanner[03:30:37] <Thurisaz> Bagualas, try Amavisd-New + ClamAV&Clamsmtp + SpamAssassin[03:31:05] <Bagualas> i'm having this error: Nov 13 22:35:38 indepe postfix/smtp[23333]: 3123F235CA4: to=<tiobagua at hotmail dot com>, relay=mx4.hotmail.com[65.54.245.104], delay=0, status=sent (250 <20071114063538.3123F235CA4 at indepe dot com> Queued mail for delivery)[03:31:09] <Bagualas> ONLY with hotmail[03:31:25] <Bagualas> thumbs, i'm thinking in something light, doesnt take too much cpu[03:32:21] * hparker sees no error[03:33:51] <Bagualas> Queued mail for delivery[03:33:54] <Bagualas> never got there =\[03:34:39] <hparker> Nothing new, hotmail does that all the time... they suck[03:35:50] *** hing has quit IRC[03:36:43] <Bagualas> never got there, two weeks i configured this mailserver[03:36:45] <Bagualas> and nothing :\[03:36:49] <Bagualas> is there a way to fix?[03:38:29] <hparker> Ask postmaster at hotmail dot com .. Don't expect an answer, probably lose your email to them... postmaster.msn.com has some tips that are supposed to help... good luck.. I just tell people hotmail is good for forwarding jokes, if that[03:39:14] *** Thurisaz has quit IRC[03:51:27] <rob0> postmaster at hotmail dot com is unmonitored : hotmail.com.postmaster.rfc-ignorant.org. 2100 IN A 127.0.0.3[03:51:41] *** MrProper_ has joined #postfix[03:51:52] <hparker> ahh, that's right[03:52:03] <rob0> I tried it once. :)[03:52:06] <hparker> heh[03:52:39] <MrProper_> hey all, im having issues with postfix + pgsql maps, it seems ever time postfix tries to do a map/user lookup in pgsql i get: warning: premature end-of-input on private/rewrite socket while reading input attribute name ; warning: problem talking to service rewrite: Connection reset by peer[03:52:59] <rob0> They send you an autoresponse with the web URLs where you can try to submit your issue. It's all revolving around hotmail users, not really friendly to outside postmasters.[03:59:31] <rob0> Speaking of postmaster, in walks a pgsql user.[03:59:46] <rob0> The bastard who ate my kernel .config file, none other.[04:00:05] <MrProper_> lol[04:00:21] <rob0> I dunno Proper, maybe chroot? What are the pgsql logs saying?[04:00:29] <MrProper_> nada[04:00:36] <MrProper_> i tried chroot[04:00:41] <MrProper_> still the same[04:00:46] <rob0> UNchroot?[04:01:05] <MrProper_> problem is im not even getting anything relevant in either postgres or postfix logs[04:01:35] <rob0> rewrite socket, hmm.[04:01:38] <MrProper_> sorry thats what i meant by i tried chroot heh[04:03:26] <rob0> A guy walks into a bar. "Ouch!" he says, "I should have ducked!"[04:04:04] <rob0> Does it work with anything NOT requiring pgsql lookups?[04:04:06] <MrProper_> anytime theres a map lookup it hangs for a bit and the logs in debug give me : warning: premature end-of-input on private/rewrite socket while reading input attribute name[04:04:15] <rob0> Can you test them with postmap -q?[04:04:32] *** hing has joined #postfix[04:05:24] <MrProper_> rob0, not sure what im supposed to be feeding that[04:05:40] <rob0> !postmapq[04:05:41] <knoba> rob0: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.[04:05:51] <rob0> (and "man postmap")[04:06:17] <MrProper_> sorry with you[04:06:28] <MrProper_> ok well i can pull a domain[04:06:51] <MrProper_> ie: postmap -q domain.com pgsql:/etc/postfix/pgsql/virtual-domains.cf; returns domain.com[04:08:57] *** Edward123 has quit IRC[04:10:40] *** nfi|ermes has quit IRC[04:11:31] *** lwilke has joined #postfix[04:14:34] <lwilke> hi, i am running postfix 2.3.3 inside a xen domU under centos 5. I experience a strange behaviour when sending a mail from the local machine to root@localhost host postfix resolves localhost to the ip of the dom0, though localhost maps to 127.0.0.1[04:19:58] <growltiger> !swap_bangpath[04:19:59] <knoba> growltiger: "swap_bangpath" : a configuration parameter in the main.cf: Enable the rewriting of "site!user" into "user@site". This is necessary if your machine is connected to UUCP networks. It is enabled by default.[04:20:14] <growltiger> !masquerade_domains[04:20:15] <knoba> growltiger: "masquerade_domains" : a configuration parameter in the main.cf: Optional list of domains whose subdomain structure will be stripped off in email addresses.[04:26:07] <lwilke> growltiger: i do not understand what has address rewritting to do with wrong ip address resolution?[04:26:37] <growltiger> i dont either[04:33:52] <MrProper_> has anyone had any luck with debugging smtpd_sasl_type = dovecot[04:33:53] <MrProper_> smtpd_sasl_path = private/auth[04:39:08] *** nihi|ist has quit IRC[04:39:14] *** nihilis7 has joined #postfix[04:40:28] *** githogori has joined #postfix[04:42:49] *** hing has quit IRC[04:45:39] *** amrit|wrk is now known as amrit|bbl[04:46:20] *** hing has joined #postfix[04:53:35] *** pirho has quit IRC[05:09:49] *** kk_CHN has joined #postfix[05:12:41] *** hparker has quit IRC[05:13:25] *** lwilke has quit IRC[05:19:01] <jssa> I'm looking for an easy way to bypass a content_filter for the sasl_authenticated users (so, my users' messages don't get filtered through SpamAssassin)[05:22:20] *** _bugz_ has quit IRC[05:47:07] *** lennard has joined #postfix[05:54:46] *** _bugz_ has joined #postfix[06:03:06] *** Tinozaure is now known as _Tino[06:03:13] *** _Tino is now known as Tinozaure[06:27:11] *** diveli has quit IRC[06:29:27] *** jetole has joined #postfix[06:29:49] <jetole> hey guys, I don't know if this would be a postfix thing, a dovecot thing or a third party thing but I want to setup a system to have the mail server move certain mail types to a certain dir in the users mail folder[06:29:59] <jetole> does anyone know how that would happen?[06:30:22] <hacim> that would be accomplished by something like procmail[06:30:27] <hacim> or mailfilter[06:49:16] *** hing has quit IRC[06:52:14] *** hing has joined #postfix[06:56:37] *** oates|zzzZ has quit IRC[06:56:40] *** oates|zzzZ has joined #postfix[06:56:41] *** oates|zzzZ is now known as oates[06:58:16] *** oates is now known as oates|AFK[07:01:02] *** MrProper_ has quit IRC[07:09:08] *** k-man has joined #postfix[07:12:02] <k-man> do i have to do something special to make postfix reject non encrypted and authenticated connections?[07:13:01] <k-man> does this mean -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject allow sasl_authenticated and reject anything else?[07:17:43] *** pitakill has quit IRC[07:33:39] *** blahsadas has joined #postfix[07:34:18] *** SilenceGold has quit IRC[07:34:39] *** blahsadas is now known as SilenceGold[07:35:07] *** ming_zym has quit IRC[07:45:41] *** deskdevil has joined #postfix[07:46:38] <deskdevil> good morning from Hamburg germany[07:48:47] *** ziyax has quit IRC[07:48:56] *** _ziyax has joined #postfix[07:49:24] *** _ziyax is now known as ziyax[07:52:17] *** higuita7 has joined #postfix[07:52:23] *** hing has quit IRC[07:52:50] <k-man> hi deskdevil[07:54:01] <k-man> so I added -o smtpd_tls_security_level=encrypt to my smtp server, but when I did that, emails failed to send with the error "must issue a starttls"[07:54:12] <k-man> but i have enabled tls and authentication in thunderbird[07:54:18] <k-man> am I missing something?[08:02:33] <deskdevil> k-man: sorry I don't have any idea about tls[08:02:41] <k-man> deskdevil, ok, never mind[08:02:42] <k-man> thanks[08:02:44] <k-man> gtg[08:02:58] <deskdevil> i am just using postfix as an email-gateway for a exchange server[08:03:26] <deskdevil> my problem is that postfix do not notify an internal sender when he gets an erros 550 user unknown...[08:04:23] <Motoko-chan> Postfix should bounce on errors like that.[08:05:42] <deskdevil> yes I know but when a user send an email via the postfix and the recipientaddress dows not exsits I see an error 550 but the sender don't be notified[08:06:03] *** growltiger has quit IRC[08:07:05] *** Zeit|awy_ has joined #postfix[08:07:54] <Motoko-chan> Then check the bounce message is being sent back, because it should be[08:09:07] <deskdevil> how should I check this?[08:09:13] *** Lap_64 has joined #postfix[08:09:20] <Motoko-chan> Logs, for one.[08:09:47] <deskdevil> ah ok but I searched for a bounce-msg in the logs but dind't find any[08:09:48] *** ming_zym has joined #postfix[08:09:56] <deskdevil> is it possible to disable bounces from postfix?[08:10:08] <deskdevil> mayby this function is disabled[08:12:34] <f3ew> deskdevil, uh?[08:12:44] <f3ew> why do you want to do that?[08:12:47] *** Zeit|awy has quit IRC[08:15:34] <deskdevil> f3ew: well I CONT want to do this but this is my first productiv postfix server and I don't find the problem why users don't get any error-msg[08:17:57] *** Motoko-chan has quit IRC[08:22:07] <milligan> Why are you suspecting they should get any error messages ?[08:22:16] <milligan> And do they recieve any other email ?[08:23:30] <deskdevil> milligan: because I see a 550 user unknown in the logfile[08:23:42] <deskdevil> yes every other email service is running well[08:23:57] <milligan> You're sure the 550 isn't a reply to another email server ?[08:24:25] *** aozturk has joined #postfix[08:24:41] <deskdevil> yes I am sure, because I have send testemails with wrong recipients to an other domain and the other mailserver answered with 550[08:25:05] <deskdevil> so it is FROM the other mailserver[08:34:21] <zamba> is zen.spamhaus.org actually working?[08:35:10] <zamba> zen.spamhaus.org A record currently not presen[08:36:02] *** tsrepadmin has joined #postfix[08:36:39] <tsrepadmin> good morning. how can I limit the open files of saslauthd?[08:39:30] <dragonheart> tsrepadmin: if it runs as a separate process user perhaps /etc/security/limits.conf[08:40:31] <tsrepadmin> dragonheart: isn't it possible to limit it in the postfix main.cf ?[08:42:14] <tsrepadmin> the problem: i use a vserver and have a limit of 1024 open files in system[08:42:38] <tsrepadmin> and there are currently 168 open files for saslauthd[08:43:20] <dragonheart> can you raise the limit?[08:43:43] <tsrepadmin> no, only the provider can raise the limit[08:57:56] *** growltiger has joined #postfix[09:02:34] *** githogori has quit IRC[09:04:04] *** phnord has joined #postfix[09:06:44] *** x-spec-texas has quit IRC[09:13:19] *** sn00p- has joined #postfix[09:15:59] *** cutmasta has joined #postfix[09:17:23] <sn00p-> I am having a problem with postfix, when I use Evolution Email client for freebsd I try to send an email on my smtp server and when I send it I get relay access denied anybody know whats wrong?[09:17:39] <growltiger> !mynetworks[09:17:40] <knoba> growltiger: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[09:20:07] <sn00p-> # Specify "mynetworks_style = host" when Postfix should "trust"[09:20:07] <sn00p-> # only the local machine.[09:20:07] <sn00p-> #[09:20:07] <sn00p-> #mynetworks_style = class[09:20:07] <sn00p-> #mynetworks_style = subnet[09:20:08] <sn00p-> #mynetworks_style = host[09:20:09] <sn00p-> SO[09:20:14] <sn00p-> which one should I chose?[09:20:32] *** higuita7 has quit IRC[09:20:59] <growltiger> pick one[09:21:05] <sn00p-> what should I set it to?[09:21:21] <growltiger> you use freebsd and you are asking this?[09:21:38] <growltiger> what is the ip of the client machine?[09:21:39] <sn00p-> yes i'm no good with mail iservers[09:21:42] <sn00p-> ehh no[09:21:48] <growltiger> does it start with 192.168 ?[09:21:51] <sn00p-> no[09:21:58] <growltiger> what about 10.0.0[09:22:02] <sn00p-> nope[09:22:09] <sn00p-> 72[09:22:14] <growltiger> 172.16 ?[09:22:19] <sn00p-> just 72[09:22:46] <growltiger> how many ips do you have on your network?[09:22:51] <sn00p-> just 3[09:23:41] <growltiger> then use host[09:23:58] <sn00p-> yes but I want to send email to another domain[09:24:13] <growltiger> nothing to do with smtp clients[09:24:24] <sn00p-> It says relay access denied[09:24:58] <growltiger> mynetworks = 72.62.24.223, 72.62.24.222[09:25:27] <growltiger> oh, your server gets that what it sends mail?[09:25:37] <sn00p-> yea[09:25:37] <growltiger> not the client machine getting that?[09:25:41] <sn00p-> no[09:25:51] <growltiger> never mind everything[09:25:54] <sn00p-> Here is[09:25:57] <sn00p-> I'll explain[09:25:59] <sn00p-> carefully[09:26:02] <sn00p-> I have Evolution[09:26:05] <sn00p-> as my email client right[09:26:14] <sn00p-> I am trying to send an email using my mail server[09:26:19] <sn00p-> and when I hit send[09:26:20] <growltiger> !relay_access_denied[09:26:21] <knoba> growltiger: Error: "relay_access_denied" is not a valid command.[09:26:29] <growltiger> !relay access denied[09:26:30] <knoba> growltiger: Error: "relay" is not a valid command.[09:26:31] <sn00p-> I get relay access sdenied[09:26:37] <growltiger> bastard[09:27:13] <growltiger> the remote mail server says this, or your mail server?[09:27:30] <sn00p-> My email client I use says it[09:27:34] <sn00p-> But I use my mail server[09:27:39] <sn00p-> to send the mail[09:29:12] <growltiger> what does /var/log/maillog say about this[09:29:15] <growltiger> on the mail server[09:29:25] <growltiger> it's freebsd too, right?[09:29:38] <sn00p-> Nov 13 17:15:55 fuse postfix/smtpd[62540]: NOQUEUE: reject: RCPT from c-24-118-18-62.hsd1.mn.comcast.net[24.118.18.62]: 554 5.7.1 <someemail.com>: Relay access denied; f$[09:30:11] <growltiger> you need to use your isp's smtp server it looks like[09:30:16] <growltiger> !relay_host[09:30:17] <knoba> growltiger: Error: "relay_host" is not a valid command.[09:30:27] <growltiger> bastard[09:30:42] <sn00p-> I have it mail.mydomain.com[09:31:28] <growltiger> !relayhost[09:31:29] <knoba> growltiger: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination.[09:33:22] *** higuita7 has joined #postfix[09:39:51] *** duki has joined #postfix[09:39:52] *** magyar has quit IRC[09:40:14] *** magyar has joined #postfix[09:40:38] <sn00p-> growltiger, I added a host in relayhost still get the error[09:41:34] <growltiger> your ip does not start with 72[09:41:48] <sn00p-> yes it does[09:42:07] <growltiger> who has 24.118.18.62 ?[09:42:14] <sn00p-> Thats my cable host[09:42:26] <sn00p-> Thats where i'm sending it from[09:43:03] <growltiger> oic[09:43:55] <growltiger> !best_mx_transport[09:43:56] <knoba> growltiger: "best_mx_transport" : a configuration parameter in the main.cf: Where to deliver mail when the local MTA is listed as the best mail exchanger for a destination that is not listed in $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains. By default, the Postfix SMTP client reports a "mail loops back to myself" error and returns the message as undeliverable.[09:44:19] <growltiger> you probably dont have your domain listed in mydestination[09:45:49] <growltiger> if you are on comcast and your ip starts with 24, your mail server should only accecpt mail from you that is for a domain it handles[09:46:09] <growltiger> otherwise to use it as a general smtp server you should setup smtp-auth[09:46:25] <sn00p-> isn't postfix a smtp?[09:46:45] <growltiger> yes, but it just dont do smtp for anybody[09:46:50] <growltiger> ppl spam you know[09:46:55] <sn00p-> Yea[09:47:26] <sn00p-> #mydestination = $myhostname, localhost.$mydomain, localhost[09:47:26] <sn00p-> #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain[09:47:26] <sn00p-> #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,[09:47:26] <sn00p-> # mail.$mydomain, www.$mydomain, ftp.$mydomain[09:47:29] <sn00p-> So which one do I use[09:47:32] *** Internat has quit IRC[09:47:37] <growltiger> the mynetworks is for defining what clients can relay[09:47:55] <growltiger> you can use any of those[09:48:04] <growltiger> as long as mydomain is set[09:49:02] <sn00p-> heh I still get relay access denied[09:49:33] <growltiger> pastebin your main.cf[09:49:44] <sn00p-> Wait do I have to stop it[09:49:49] <sn00p-> and not just postfix reload?[09:49:53] <growltiger> postfix reload[09:50:16] <sn00p-> I cant i'm in ssh[09:51:34] <sep> sn00p-,get real run postconf in your ssh, and paste from your ssh client output to a paster[09:51:49] <sep> or cat main.cf if you must have the file[09:52:17] <sn00p-> I cant remember the ports program that let you pastebin a file[09:53:44] *** Jax has joined #postfix[10:01:30] *** war has joined #postfix[10:02:19] *** Internat has joined #postfix[10:05:12] *** harobed has joined #postfix[10:32:37] <magnet_> sn00p-: pastebin.ca offer some file upload web interface.[10:33:05] <jssa> I'm looking for an easy way to bypass a content_filter for the sasl_authenticated users (so, my users' messages don't get filtered through SpamAssassin.) Any hint?[10:38:52] <f3ew> jssa use a different port?[10:39:59] <jssa> I can't, f3ew, neither using a different IP address...[10:40:36] <jssa> The only way to differentiate from my users messages and others sources is sasl authentication[11:00:51] *** jssa has quit IRC[11:02:31] <dragonheart> write a policy script that returns FILTER or not[11:02:55] <dragonheart> quitter![11:03:21] *** javiers has joined #postfix[11:03:29] *** javiers is now known as jssa[11:07:04] *** Tapout has quit IRC[11:07:59] *** nfi|ermes has joined #postfix[11:10:42] <dragonheart> jssa: my suggestion is to write a policy script that returns FILTER (content fiter) if not authenticated and dunno otherwise[11:11:59] <jssa> some place to start reading, dragonheart ?[11:12:00] *** cilly has joined #postfix[11:12:25] <dragonheart> http://www.postfix.org/SMTPD_POLICY_README.html , http://www.postfix.org/access.5.html[11:13:14] <dragonheart> and hook this into check_policy_service in your *recipient_restrictions[11:15:27] <jssa> ok, dragonheart, thanks for your help. I'll let you know if I succeed ;)[11:15:53] <jssa> thanks to f3ew too[11:15:54] <dragonheart> sure - i hope there isnt' too many bad gottchas[11:18:47] *** baggito has joined #postfix[11:22:26] <dragonheart> how hard is it to separate postfix into a number of queues? i'm vaguely considering applying different header_checks to incoming vs outgoing[11:22:46] *** amrit|bbl is now known as amrit|zzz[11:23:15] <dragonheart> or is this something crazy that i shouldn't consider doing on the one server[11:25:53] *** baggito has left #postfix[11:29:01] *** Renacor has joined #postfix[11:29:18] *** ming_zym has quit IRC[11:30:25] <Renacor> relay=cyrus, delay=0.14, delays=0.11/0/0/0.03, dsn=4.3.0, status=deferred (temporary failure)[11:30:30] <Renacor> what does that mean ?:)[11:31:10] <dragonheart> guessing realy cyrus isn'treceiving email though i've never used it[11:31:27] *** rootsvr has joined #postfix[11:34:40] <Renacor> yeah I know that part hehe[11:34:46] <Renacor> how do I fix it?:)[11:35:04] <jssa> I've succeeded, dragonheart. Wanna hear?[11:35:15] <dragonheart> sure[11:36:11] <f3ew> dragonheart, impossible :)[11:36:45] <dragonheart> f3ew: thanks for telling me now before i broke my head[11:36:50] <dragonheart> :-)[11:40:37] <jssa> http://pastebin.com/m545d6451[11:40:48] <jssa> This is my solution, dragonheart , f3ew :)[11:43:02] <jssa> So, all the messages are filtered through clamav, but only non-authenticated users messages pass through spamassassin. :)[11:43:46] <jssa> (also "mynetworks" messages don't hit the sa filter)[11:46:23] <dragonheart> nice[11:46:33] <jssa> some suggestion?[11:48:00] <dragonheart> along a similar line you could do check_recipient_access with a map - that has ${mydomain,relay} dunno and a . FILTER[11:48:46] <jssa> I don't understand, dragonheart. Could you post a pastebin, please?[11:50:40] <dragonheart> nm -thinking its so close to your solution and doesn't add much[11:51:18] <dragonheart> (much = nothgin really)[11:51:27] <jssa> :)[11:52:08] <jssa> I'm far from being a postfix expert, so... i'm really happy :)[11:54:11] <dragonheart> good one. you've done well. its heaps better than my solution (i'm not an expert either)[11:59:11] *** rootsvr_ has joined #postfix[12:04:37] *** GNU\colo is now known as GNU\colossus[12:09:44] *** meandtheshell has joined #postfix[12:11:24] *** rootsvr has quit IRC[12:15:48] *** Trengo has joined #postfix[12:20:35] *** sn00p- has quit IRC[12:23:25] *** cilly has quit IRC[12:26:10] *** mark-use has joined #postfix[12:51:26] *** kk_CHN has left #postfix[12:53:33] *** Kirann has joined #postfix[12:54:15] *** Kirann has left #postfix[13:02:31] *** ramoni has joined #postfix[13:02:52] *** mark-use has quit IRC[13:04:06] *** mark-use has joined #postfix[13:07:01] *** cpm has joined #postfix[13:10:37] *** aatmaa has joined #postfix[13:13:09] *** cilly has joined #postfix[13:22:31] *** githogori has joined #postfix[13:22:59] *** cilly has quit IRC[13:30:36] *** rootsvr_ has quit IRC[13:35:23] *** Ottsen2802 has joined #postfix[13:35:30] <Ottsen2802> hello all[13:35:47] <Ottsen2802> ive got a question about postfix and amavis[13:38:35] <jssa> Has someone used clamav-milter on postfix? I need to be sure if it works fine.[13:39:10] <Ottsen2802> id like that amavis should just mark infected mails and should deliver the scanned mail to the user[13:39:31] *** Roobarb-Work has quit IRC[13:39:36] <Ottsen2802> on virus mails[13:40:20] *** christopher has joined #postfix[13:40:46] *** Roobarb-Work has joined #postfix[13:41:09] *** sadmin has joined #postfix[13:41:29] <LaZZaR> thats a amavis thing.. i dont know if possible to rewrite subject on infected[13:41:45] <zamba> i'm having problems getting zen working.. i have added reject_rbl_client zen.spamhaus.org to smtpd_recipient_restrictions.. now the syslog gives me "warning: 199.104.246.77.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=199.104.246.77.zen.spamhaus.org type=A: Host not found, try again" for every connection[13:42:24] <sadmin> all am looking into logs of postfix[13:42:25] <sadmin> to=<syedikram@>, orig_to=<syedikram@k>, relay=cyrus.[20.128.0.149]:25, delay=0.17, delays=0.15/0/0.01/0.01, dsn=5.7.1, status=bounced (host cyrus.[20.128.0.149] said: 550 5.7.1 <saima_sober2002 at yahoo dot com>... Access denied (in reply to MAIL FROM command))[13:42:28] <memic> was spamhaus.org that site that put the .at domains on their filter?[13:42:29] <sadmin> what this mean[13:42:43] <memic> äh list[13:43:00] <sadmin> does this mean samia email syedikran[13:43:12] <sadmin> mean from = saima and to = syedikram[13:43:16] <sadmin> or vise versa[13:43:32] <memic> i would NEVER use spamhaus[13:43:44] <memic> btw[13:43:57] <rob0> memic: You don't know what you're talking about.[13:44:33] <rob0> Perhaps you were thinking spamcop?[13:45:11] <memic> no tha was spamhaus[13:45:29] <memic> they blocked the nic.at mailservers[13:45:43] <rob0> Precisely what was your experience with spamhaus? Ah.[13:46:06] <rob0> I vaguely remember that, but I also recall that they had good reason.[13:46:25] <memic> http://en.wikipedia.org/wiki/The_Spamhaus_Project#Spamhaus_versus_nic.at[13:46:29] <memic> pah good reason[13:46:52] <memic> bad bad practice for my opinion[13:47:30] <GNU\colossus> rob0: well, whatever the reason, they're utter dorks[13:47:48] <GNU\colossus> the registry is bound by local law[13:48:03] <GNU\colossus> neither will nor can violate it because of someone at spamhaus wishes so[13:48:16] <memic> word[13:48:18] <GNU\colossus> I wouldn't use their services either after that incident[13:48:39] * cpm has seen spamhaus take heat for spamcop before[13:49:25] <rob0> You think known phishing domains are a good thing?[13:49:29] <sadmin> guys[13:49:32] <sadmin> any luck[13:50:00] *** Ottsen2802 has left #postfix[13:50:10] <rob0> The hell with local law. Phishing is fraud and theft. Illegal everywhere.[13:50:48] *** duki has quit IRC[13:51:13] <rob0> CRIMES, in the traditional sense. of a bad guy stealing from an innocent victim (albeit often a bit foolish.)[13:51:16] <memic> and? who is spamhaus to make nic.at to delete domains?[13:51:48] <memic> sorry thats not my conception if a black list[13:51:50] *** duki has joined #postfix[13:52:13] <rob0> When a registry is irresponsible, eventually the world will shun them.[13:52:14] <memic> thats abuse[13:52:22] <memic> nothing else[13:52:26] <rob0> You get what you deserve.[13:52:44] <memic> thats crap, but use it if u like[13:54:57] <memic> and probably exactly the way my little doughter would react[13:58:06] <rob0> Here's the deal. Millions of sites around the world, covering billions of mailboxes, use Spamhaus. They do a good job and try to be responsible. The Austrians won't delete domains which have been shown to be used in phishing. That is irresponsible, and harmful to the rest of the world.[13:58:09] *** aozturk has quit IRC[13:58:42] <rob0> Spamhaus is the single best antispam tool available.[13:58:54] <memic> lol if u think[13:59:00] <memic> ok[13:59:05] <memic> i say thats abuse[13:59:10] <GNU\colossus> spamhaus are blackmailing bastards[13:59:41] <Trengo> no complaints here[13:59:54] <rob0> Eventually pressure on nic.at will and should mount. More private sites will consider a TLD blocking policy.[14:00:17] <memic> sorry there are other ways[14:00:22] <rob0> Anyway, back to zamba.[14:00:34] <memic> first way is to talk to the registrars[14:00:47] <rob0> zamba: I think you are using a bad nameserver.[14:00:48] *** duki has quit IRC[14:01:00] <cpm> no complaints here either.[14:01:07] <memic> zamba: better remove spamhaus ;)[14:01:16] <rob0> http://en.wikipedia.org/wiki/The_Spamhaus_Project#Spamhaus_versus_nic.at <== they DID talk to nic.at[14:01:29] <memic> as if this would be about complains[14:01:37] <cpm> rob0, stop making sense![14:01:46] <rob0> Oops, sorry.[14:01:56] <Trengo> i'd rather remove .at[14:01:58] <cpm> I went though this with spews 6 years ago[14:02:14] <cpm> I got all upset and whined at spews exactly once.[14:02:38] <rob0> The thing is, the request to remove a phishing domain is quite reasonable. The refusal to do so is not.[14:02:48] *** MicW has joined #postfix[14:02:49] <MicW> hi[14:03:02] <cpm> sucked it up, changed providers, and took the lesson to heart. least expensive isn't always the cheapest[14:03:20] <memic> rob0, the first person to talk is still the registrar of the domain[14:03:23] <memic> not nic.at[14:03:30] <GNU\colossus> law is law.[14:03:34] <rob0> SPEWS made an effort to inflict collateral damage.[14:03:47] <GNU\colossus> next we should overthrow the austrian government because someone is sending spam mail[14:04:02] <rob0> SPEWS was never aimed at the responsible mail admin, it was by and for radicals.[14:04:12] <rob0> The EW was "Early Warning".[14:04:21] <cpm> rob0, it was in much broader use back then[14:04:32] <cpm> less so now.[14:04:49] <rob0> Defunct now, isn't it?[14:04:56] <cpm> don't know. I don't follow it anymore.[14:05:05] *** duki has joined #postfix[14:05:18] <memic> if you host bussines customers you stop to use spamhaus or you stop to host bussines[14:05:29] <cpm> the basic premise, 'your provider is a known spammer, we block them, you do business with them, we block you' had a certain logic[14:05:43] <rob0> yes[14:05:58] <memic> well its abuse[14:06:00] *** Jax- has joined #postfix[14:06:28] <memic> hehe[14:06:38] <cpm> overly harsh, agreed. However, getting around it was trivial. In my case, my provider became a very notorious spammer within a year of me buying bandwidth from them. When I read the evidence files, I realised I didn't want to do business with them any more anyway[14:06:45] <cpm> renumbering sucks,[14:06:47] <cpm> :)[14:06:55] <MicW> should it be possible to create a special email address domain which delivers mail to a special script which delivers the mails then to a certain imap maildir?[14:07:21] <rob0> MicW: "man 5 aliases"[14:07:22] <memic> should be possible ;)[14:07:27] <Jax-> MicW of course[14:07:52] *** Jax has quit IRC[14:08:13] <Jax-> you can make an entry in your transport.db.. like special.yourdomain.com yourTransport[14:08:30] <Jax-> then define yourTransport in master.cf as a script (a specific maildrop command for instance)[14:08:48] <MicW> ah ok[14:09:12] <Jax-> you can then setup your email address to forward to blah at special dot yourDomain.com[14:09:16] <Jax-> in your email forwarders or so[14:09:39] <MicW> ok[14:09:53] <MicW> so the hardest think is to find a imap delivery script[14:09:55] <MicW> thing[14:11:41] <MicW> ah, i can use dovecot's "deliver"[14:11:56] <rob0> Well, when you were asking that question, I figured you were prepared to write the script. :)[14:12:16] <MicW> no because i was unsure if this would be possible[14:15:29] <jssa> Has someone used clamav-milter on postfix? I need to be sure that it works fine.[14:16:00] <jssa> (I'm communicating postfix and clamav-milter with an inet socket)[14:17:28] *** rootsvr has joined #postfix[14:17:49] *** dererk has left #postfix[14:19:55] <MicW> currently i use "mailbox_command" and have only one (non virtual) domain. so could i simply use "virtual_mailbox_domains" and "virtual_transport" to implement the extra domain without breaking my non-virtual domain?[14:21:14] *** rootsvr has quit IRC[14:22:49] <MicW> oh, i missunderstood this.[14:30:37] <rob0> mailbox_command only applies to local(8) domains.[14:31:00] <MicW> can i set the mailbox command to all virtual domains (without using a command map)?[14:31:04] <cpm> and rob0_command applies to rob0 domains only[14:31:21] <rob0> And to Austrian ones. ;)[14:31:49] <cpm> what about Australian ones?[14:33:12] <MicW> could i replace the "virtual" transport with my script?[14:33:50] <sadmin> hey[14:33:54] <sadmin> guys any idea[14:34:19] <sadmin> i need to find out from mail.logs to=address of some persons[14:34:27] <sadmin> am not getting good logs[14:34:30] <sadmin> any idea[14:35:36] *** brancaleone has joined #postfix[14:35:52] <memic> sadmin, yea remove spamhaus ;)[14:36:29] <sadmin> what[14:37:39] *** githogori has quit IRC[14:37:44] <rob0> MicW: It's much simpler than you're making it. Use virtual_alias_domains (and _maps) to direct your extra domain to a local aliases, which in turn runs your script.[14:38:07] <jelly> <sadmin> am not getting good logs ... is really vague. pastebin the logs, where you're looking at, and your postconf -n for good measure[14:38:21] <jelly> sadmin: it's all in the topic, btw[14:38:24] <sadmin> hum[14:38:31] <sadmin> hey[14:39:22] *** Lap_64 has quit IRC[14:39:24] <MicW> rob0: can i use this to send *@testdomain to my script and pass the part before the @ to this script?[14:39:33] <sadmin> jelly[14:39:36] <sadmin> see this[14:39:36] <sadmin> Nov 14 15:11:22 relay postfix/qmgr[31518]: B78172B6D6B: from=<nsazhar at yahoo dot com>, size=16267, nrcpt=1 (queue active)[14:39:37] <sadmin> Nov 14 15:11:22 relay amavis[14055]: (14055-02-2) Passed CLEAN, [ip] <nsazhar at yahoo dot com> -> <malikhan@domain>, Message-ID: <13537.39691.qm@[14:39:37] <sadmin> web36402.mail.mud.yahoo.com>, mail_id: OS2r36mUDFa5, Hits: 1.06, queued_as: B78172B6D6B, 252 ms[14:39:39] <sadmin> Nov 14 15:11:29 relay postfix/smtp[14344]: 742B72B6D82: to=<nsazhar at yahoo dot com>, relay=f.mx.mail.yahoo.com[68.142.202.247]:25, delay=6.7, delays=0.09/0.05/1.2[14:40:10] <sadmin> now i need to find nsazhar send email to which address[14:40:44] <sadmin> i have to=nsazar but from = is not clear[14:41:49] <sadmin> jelly any idea[14:43:04] *** GNU\colossus has quit IRC[14:44:39] <jelly> sadmin: pick one queue id (the 742B72B6D82 bit) and grep it in the log.[14:44:57] <sadmin> ok wait[14:45:21] <jelly> don't paste here if it's more than 2-3 lines, use a pastebin.[14:45:27] <sadmin> ok ok[14:47:10] <jelly> the first qmgr line here shows a from= for that message, and the smtp line should show the relevant to= bits[14:47:39] <jelly> ... for a mail originating on my server.[14:48:46] <sadmin> hey jelly see this http://pastebin.com/m7cd8f5b8[14:49:14] <sadmin> see from=empty[14:49:23] <jelly> sadmin: it's not empty, it's <>[14:49:34] <sysmonk> <> ftw![14:49:35] <sysmonk> ;)[14:49:37] <sadmin> ya[14:49:42] <sadmin> i need that email id[14:49:56] <sadmin> is this possible to get an email[14:50:28] <jelly> sadmin: that's a DSN notice ("bounce message"), just like "sender non-delivery notification: 742B72B6D82" bit in the log says[14:51:08] <jelly> sadmin: that's your server mailing some <nsazhar at yahoo dot com> fellow that his mail could not be delivered on your machine.[14:51:17] <rob0> Backscatter.[14:51:24] <rob0> most likely[14:51:32] <jelly> indeed[14:51:47] <rob0> Didn't we have this conversation a couple days ago? Or last week?[14:51:48] *** duki has quit IRC[14:52:37] *** duki has joined #postfix[14:52:40] <jelly> You might have, but it wasn't with me. :-)[14:53:15] <jelly> sadmin: what are you really trying to figure out?[14:53:54] <sadmin> well some one is sending emails on nazhar at yahoo dot com[14:54:04] <sadmin> who that i want to figure out[14:54:07] <jelly> on?[14:54:18] <sadmin> yahoo email from my domain[14:55:02] <jelly> sadmin: the message you posted isn't relevant in this case, then[14:55:13] <sadmin> hum'[14:55:38] *** rootsvr has joined #postfix[14:55:41] <sadmin> ok ill send comlete log then[14:55:57] <jelly> sadmin: pastebin at least 100-200 lines around those[14:56:52] <rob0> I think it was with sadmin, though.[14:57:33] <jelly> sadmin: [headers of] one of those messages from <nsazhar at yahoo dot com> could probably be helpful too[14:57:50] <rob0> Sometimes I think IRC is like an anchor, weighing down the people who come for help. They don't benefit from it.[14:58:45] <jelly> Perhaps less spoonfeeding would be in place.[14:58:51] <rob0> A great place to get a quick answer to a simple question, but no substitute for knowing the basics of how things work. Yes.[14:59:20] <jelly> Well, sending a question to a mailing list at least forces to construct the question properly.[14:59:40] <rob0> Or gets them the wrath of Wietse. ;) :)[14:59:45] <rob0> or both[14:59:49] *** Renacor has left #postfix[15:01:30] *** sadmin1 has joined #postfix[15:03:14] *** poisdeux has joined #postfix[15:05:59] <jelly> sadmin: what rob0 says is in place. You should know some things about how SMTP works before asking a question about a SMTP server app. Like if people here ramble about "backscatter" when looking at your logs, google and find out wtf it means. Likewise for <>, DSN, and basically anything you're not sure what it means.[15:07:47] <jelly> Woah, rfc821 is 25 years old.[15:08:26] *** rootsvr has quit IRC[15:09:57] <cpm> jelly, yup. and *still* folks haven't figured it out.[15:12:35] <Jax-> hey guys, i got some clients who aren't using SMTP to send mails via php.. i.e they are using php's mail function... do you think it would make sense to add the webserver ip to my_networks to allow all mail from there that isn't authed?[15:15:52] <jelly> Jax-: it would. In a short while, though, you'll have to deal with your mail server being blacklisted when your customer's PHP gets pwned.[15:16:07] <rob0> :) I was thinking the same thing[15:17:03] <rob0> But a couple of points. 1. my_networks is not correct. 2. If they're not using SMTP and are using sendmail(1), mynetworks does not apply.[15:17:25] <jelly> we mitigate the issue that by having a) per-client limits on /usr/sbin/sendmail usage, b) mails from web hosting machines get routed to a separate outgoing machine (or ip ;-)[15:18:21] <rob0> Is it true that PHP stands for "Phishers Having Phun"?[15:18:27] <jelly> i thinks we could make some spare change by selling the sendmail wrapper. :-)[15:18:36] <jelly> pho sure[15:19:10] *** korozion has joined #postfix[15:19:23] *** sadmin has quit IRC[15:20:06] <jelly> they even have heuristic exploit probing. Oh look, the script has a ?page= argument... let's try abusing it[15:23:49] *** solar_ant has joined #postfix[15:24:46] *** Oddmonger has joined #postfix[15:24:51] <Oddmonger> hello[15:25:15] <Oddmonger> i hosted several domains (let's say aaa.com and bbb.com)[15:25:18] *** ming_zym has joined #postfix[15:25:47] <Oddmonger> for the moment, i use in "main.cf" this parameter: "myhostname = aaa.com "[15:26:05] *** ishi_ has joined #postfix[15:26:07] <Jax-> rob0 yeah true. i can't find out how mail() is sending the mail.. apparently through sendmail on unix machines.. how does sendmail send mails? can i tell it to by default send it to my SMTP server?[15:26:30] <Oddmonger> so in the mail header, i see "received by aaa.com"[15:26:57] <Oddmonger> how can i change the "hostname", according to the destination ?[15:27:02] *** nfi|ermes has quit IRC[15:27:48] <ramoni> Jax-: you could use phpmailer instead[15:28:20] <Jax-> ramoni yeah but i mean for clients that don't use PHPMailer[15:28:31] <Jax-> i.e use php's default mail() function[15:28:46] <ramoni> in this case, i don't know[15:32:30] <Jax-> hm[15:33:13] <Jax-> weird.. how does sendmail send mail on a server without an smtp server anyway?[15:33:20] <Jax-> i mean where is the default smtp server defined?[15:33:57] <Roobarb-Work> Oddmonger: you can't[15:34:01] <rob0> Oddmonger: That's a FAQ here, and I can't figure why, because in the real world, users do not read Received: headers.[15:34:37] <rob0> Roobarb-Work: Actually, he could, by running a separate Postfix instance on a different IP address per domain. :)[15:34:45] <Roobarb-Work> rob0: hush ;)[15:36:03] *** jssa has quit IRC[15:37:45] <Oddmonger> so i just could write something like "mailserver" in hostname :)[15:38:53] <rob0> Absolutely not. $myhostname must be a FQDN, resolvable in DNS to your IP address, and preferably that IP address also resolves to $myhostname.[15:39:32] <rob0> I would reject anyone who helo's as "mailserver".[15:39:51] <rob0> ( reject_non_fqdn_helo_hostname )[15:42:11] *** korozion has left #postfix[15:43:25] <Oddmonger> so there's no way for using differents FQDN[15:45:02] <Jax-> ah i figured out.. the webserver was using sSMTP as MTA. the configuration options were in /etc/ssmtp/ssmtp.conf. seems like a rather simple MTA. you guys know a better MTA? (more confige options, like which IP to send from if multiple IPs are on an iface, etc)[15:45:21] <rob0> Run a separate Postfix instance on a different IP address per domain. :) Tell the boss, this is not cheap and not easy.[15:45:28] <Gibbonz> it possible to or how would one have postfix send mail from @domain1 as mail.domain1, @domain2 as mail.domain2 etc given valid dns config[15:45:30] <Gibbonz> ?[15:45:50] <rob0> See, it's a FAQ here. ^^[15:46:25] <Gibbonz> its more for wanting to keep headers looking nice as the hosts own name doesnt relate at all to the domains it will be hosting[15:47:44] <jelly> Gibbonz: do you just want to set From: header, or what?[15:48:07] *** sepski has joined #postfix[15:50:18] <Gibbonz> that and anything else, its a small number of domains so using diff ips isn't a prob either[15:51:14] <Jax-> can somebody recommend a good MTA for a server not running an smtpd ?[15:52:02] <tsrepadmin> Hi. Can anybody tell what I configured wrong here:[15:52:03] <tsrepadmin> Nov 14 14:46:52 vs148123 postfix/master[27879]: warning: process /usr/lib/postfix/cleanup pid 11944 exit status 127[15:52:03] <tsrepadmin> Nov 14 14:46:52 vs148123 postfix/master[27879]: warning: /usr/lib/postfix/cleanup: bad command startup -- throttling[15:52:07] *** Edward123 has joined #postfix[15:52:58] <Jax-> tsrepadmin maybe some wrong format in master.cf[15:53:04] <Jax-> spaces instead of tabs or somethign[15:53:05] <Jax-> no idea[15:53:40] <Gibbonz> check sender, if its one of the hosted domains and its for an external domain, identify to whatever remote mta that its from host.senderdomain[15:55:11] <Gibbonz> thus receiving user sees a mail that looks like it actually came from the sender's domain rather than a long and not so professional default hostname :)[15:57:39] <Gibbonz> the dns/ip part of that is simple enough but i'm not sure what is needed if postfix can do that[16:02:26] <mark-use> how can I move mails from ond virtual-maildir to an other? I deleted the account, made an alias and now the mails aren't accessible[16:02:49] *** UQlev has joined #postfix[16:03:04] *** rootsvr has joined #postfix[16:03:23] *** dr_nick has joined #postfix[16:03:27] <dr_nick> hi[16:05:24] <dr_nick> i'm looking for a solution for this: i'm processing mail for one domain (in virtual_alias_domains) by rewriting several adresses to different destinations.[16:06:18] <dr_nick> now if no rewrite rule in the virtual file can be found i want postfix to try to deliver the mail to some special smtp host (and send a fail note if that host doesn't accept the mail)[16:06:54] <tsrepadmin> this is also a little bit strange:[16:06:54] <tsrepadmin> Nov 14 15:00:02 vs148123 postfix/sendmail[25646]: warning: command "/usr/sbin/postdrop -r" exited with status 1[16:06:54] <tsrepadmin> Nov 14 15:00:02 vs148123 postfix/sendmail[25646]: fatal: www-data(33): unable to execute /usr/sbin/postdrop -r: Success[16:06:59] <dr_nick> now where do i start?[16:08:35] *** Oddmonger has left #postfix[16:08:42] <rob0> dr_nick: Start by reconsidering the plan. You'll become a backscatter source. Reject spam for unknown users, in the initial SMTP time.[16:09:08] *** Jax- has quit IRC[16:10:09] <dr_nick> rob0: yeah i *could* make all users known to my postfix by putting them all in a map, but i'd rather not want to edit the map when a user gets added to the other host.[16:12:02] <dr_nick> rob0: i'm already using policyd-weight to keep spam off my relay which is a huge success. is it possible to check if the 2nd host will accept that that mail before even starting to relay it?[16:14:42] *** Alxx has joined #postfix[16:16:05] <Alxx> hey all, I wonder if anyone knows of any docs that describe the improvments in TLS support between 2.2 and 2.3?[16:16:40] <rob0> dr_nick: possibly, yes, see verify(8) and the address verification README.[16:17:28] <dr_nick> rob0: ok, thanks![16:17:32] <rob0> You could do a check_recipient_access which passes your known/mapped addresses, then does reject_unverified_recipient on the others.[16:18:22] <rob0> Alxx: Just the HISTORY file, and perhaps the TLS README itself.[16:18:29] <Alxx> cool, ta[16:19:12] <MicW> what must be the content of a hash-file for virtual_mailbox_domains and virtual_mailbox_maps? i can find only examples for mysql-based setups[16:20:19] <rob0> virtual_mailbox_domains : example.com whatever (lookup result is ignored)[16:20:42] <rob0> virtual_mailbox_maps : user at example dot com relative/path/to/mailbox[16:21:14] <MicW> and whan i want a script instead of the mailbox?[16:22:05] <rob0> virtual(8) cannot deliver to a command.[16:24:13] <MicW> can i replace "virtual" with my script?[16:24:58] <MicW> or did i understand something wrong what you described above (use virtual_mailbox_domains and virtual_mailbox_maps to deliver to an alias which executes a script)[16:25:18] <rob0> MicW: That is not at all what I said.[16:25:51] <MicW> deliver to an alias which runs a script[16:26:13] *** ming_zym has quit IRC[16:26:15] <MicW> so i need virtual aliases, not virtual mailboxes?[16:27:46] <rob0> That is what I suggested.[16:28:17] <rob0> You can set up special transports, do it in lots of different ways. That gets harder.[16:28:44] <rob0> I don't have interest in such ideas, nor the time to help with them.[16:28:52] <MicW> but when i make a catchall with " at test dot mydomain.com test at mydomain dot com", how can the script access the original value which was before the @?[16:29:18] <rob0> There, I am not sure. Maybe you do need a transport.[16:30:10] * cpm transports rob0[16:30:26] <rob0> One other idea: mailbox_command_maps, for a specific local(8) account to run your script.[16:30:46] *** ming_zym has joined #postfix[16:30:49] <rob0> and that command can have parameters passed to it[16:33:17] <mark-use> how can I move mails from ond virtual-maildir to an other? I deleted the account, made an alias and now the mails aren't accessible[16:33:45] <MicW> move it in the filesystem?[16:34:12] <mark-use> I don't think thats a good idee, but I don't really know[16:34:25] <rob0> What's your idea then?[16:34:26] <mark-use> issnt there a command to move mails from->to?[16:34:41] <rob0> After delivered?[16:35:16] <MicW> no, because the "from" is not handled anymore by the mailserver if you have deleted the account[16:35:17] <mark-use> they are in cur[16:35:25] <mark-use> [root@natrium /usr/local/virtual/info at wet4fun dot com/cur]# mv * ../../office\ at wet4fun dot com/new/[16:35:32] <mark-use> ^^ good or bad?[16:35:39] <mark-use> or to cur?[16:35:41] <MicW> but that's not a problem. us used to copy mails when i had to switch from one server to a differnt[16:36:03] <MicW> wet4fun.com? ^^[16:36:16] <mark-use> watersport-school ;)[16:36:17] <rob0> Is the ownership the same? If so, that's fine, but I'd probably take them to cur.[16:36:26] <mark-use> yes, both same domain[16:39:37] *** higuita7 has quit IRC[16:39:44] *** higuita has joined #postfix[16:41:04] *** idle-boy has joined #Postfix[16:55:36] *** duki has quit IRC[16:56:06] *** duki has joined #postfix[16:57:50] *** pitakill has joined #postfix[17:00:50] *** duki has quit IRC[17:00:59] *** duki has joined #postfix[17:01:22] *** Alxx has quit IRC[17:02:18] *** pitakill has quit IRC[17:04:08] *** dragonheart has quit IRC[17:04:57] *** dragonheart has joined #postfix[17:08:58] *** duki has quit IRC[17:09:33] *** duki has joined #postfix[17:10:04] *** cutmasta has quit IRC[17:11:14] *** duki has quit IRC[17:12:37] *** duki has joined #postfix[17:14:33] *** j_s has joined #postfix[17:22:32] *** gpled has joined #postfix[17:23:15] <gpled> hoping someone might know why postfix/cleanup is off by 8 hours in my maillog[17:36:54] *** mark-use has quit IRC[17:43:55] *** Sixer_ has joined #postfix[17:44:06] <Sixer_> Hi, I forget, what do I have to do after editing /etc/postfix/virtual ?[17:44:08] *** poisdeux has quit IRC[17:44:09] *** MicW has quit IRC[17:44:19] <Sixer_> Which is defined in main.cf as the file that holds virtual aliases[17:45:36] <gpled> just guessing: /usr/sbin/postfix reload[17:45:38] <rob0> gpled, I thought I told you yesterday, chroot and /etc/localtime (or whatever your OS uses to determine $TZ)[17:45:55] <rob0> Sixer_, postmap[17:45:58] <Sixer_> Isn't there something that needs to update virtual.db or something?[17:45:59] <Sixer_> yah[17:46:00] <Sixer_> thanks[17:46:03] *** Roobarb-Work has quit IRC[17:46:32] <Sixer_> Should I input virtual or virtual.db ?[17:47:02] <gpled> rob0: thanks, most likely was when i was rushing out the door.[17:49:11] <Sixer_> works, thanks again[17:49:13] *** Sixer_ has left #postfix[17:51:14] *** Jyzygzy- has joined #postfix[17:51:27] <Jyzygzy-> postdrop: warning: unable to look up public/pickup: No such file or directory[17:51:45] <Jyzygzy-> im trying to do a: echo lol | sendmail foobar[17:54:43] *** harobed has quit IRC[17:56:12] *** ming_zym has quit IRC[17:57:54] *** phnord has quit IRC[18:00:16] <gpled> cleanup unix n - y - 0 cleanup[18:00:27] <gpled> ok, looks like cleanup is chroot[18:01:24] <gpled> how do i find the files for cleanup chroot?[18:02:43] <rob0> gpled, if you don't know how to maintain a chroot environment, I suggest turning off chroot.[18:03:14] <gpled> rob0: was just thinking that[18:03:29] <gpled> i never like the whole chroot idea anyway[18:03:36] <gpled> app should hold it own[18:03:39] <gpled> its[18:05:43] <rob0> I never bother with chroot. The Postfix default is non-chrooted.[18:06:43] *** csm-laptop has joined #postfix[18:07:23] *** duki has quit IRC[18:08:19] *** duki has joined #postfix[18:12:45] *** Jax has joined #postfix[18:13:14] <Jyzygzy-> postdrop: warning: unable to look up public/pickup: No such file or directory[18:13:34] <gpled> rob0: i did not know that. who ever does the package must be chroot'ing it[18:14:10] <gpled> Jyzygzy-: do you have any more to the log error then that?[18:14:26] <Jyzygzy-> umm[18:14:34] <Jyzygzy-> where is it supposed to be located?[18:14:35] <Jyzygzy-> the error log[18:15:02] <Jyzygzy-> there is no /var/log/postfix[18:15:18] *** hparker has joined #postfix[18:17:07] *** flami has joined #postfix[18:17:58] <gpled> Jyzygzy-: as root# find / -name maillog[18:18:16] <Jyzygzy-> no match[18:18:33] <gpled> Jyzygzy-: how did you install postfix?[18:18:39] <Jyzygzy-> apt-get install postfix[18:18:44] <Jyzygzy-> and then i configured it wrong[18:18:45] <gpled> debian?[18:18:46] <Jyzygzy-> probably[18:18:48] <Jyzygzy-> yes[18:19:02] <gpled> not sure what debian calls things[18:21:43] <Jyzygzy-> apt-get install exim4[18:21:44] *** Jyzygzy- has left #postfix[18:23:20] *** brancaleone has quit IRC[18:25:26] <hparker> ....[18:26:28] <donspaulding> How can I block the Received headers from being forwarded by my postfix box?[18:27:08] <hparker> Look into header checks and IGNORE[18:27:09] <ramoni> donspaulding: why you want that ??[18:27:52] <donspaulding> I think a downstream server is trying to reassemble the To: address based on the Received headers, which is causing problems[18:28:17] <hparker> ewww[18:28:23] *** flami has joined #postfix[18:28:43] <donspaulding> hparker: I don't think header_checks will work because I think Received headers are added by cleanup[18:29:20] <hparker> Oh, headers your server itself is adding? probably not[18:29:22] <donspaulding> hparker: rather, I've tried that :-)[18:29:51] <gpled> are you talking about the part that shows the client who made the email?[18:30:41] <donspaulding> no, every mta in the chain adds its own Received header I think, just to track where it came from[18:31:35] <ramoni> donspaulding: the received headers are required by rfc[18:32:06] <donspaulding> yeah, I don't want to block them, but I need to[18:32:47] <donspaulding> or rather, I need to find out why this downstream box is reassembling the To: address, and I want to test if it's from the Received headers[18:32:50] <gpled> because someone is replying to the wrong prart of the email?[18:33:21] <donspaulding> lemme give you a better idea what's happening....[18:33:23] <gpled> prart/part[18:34:00] <gpled> rob0: think that fixed it. thanks. will not know for sure, till i get a spam[18:34:39] *** Twinkletoes has joined #postfix[18:35:22] <donspaulding> this is how the email shows up at the receiving end:[18:35:24] <donspaulding> From: Andrew Hughes [mailto:andrew at mycompany dot com][18:35:24] <donspaulding> Sent: Monday, November 12, 2007 4:08 PM[18:35:24] <donspaulding> To: wendy at proxy1 dot mycompany.com[18:35:24] <donspaulding> Subject: Another test note[18:35:57] <donspaulding> but the email was actually sent to wendy at wendyscompany dot com[18:36:43] <donspaulding> somehow on the receiving end, it did a hostname lookup on wendyscompany.com which has a CNAME record for proxy1.mycompany.com[18:36:49] <gpled> you are hosting wendyscompany.com ?[18:36:51] <donspaulding> yes[18:36:52] *** oates|AFK is now known as oates[18:37:53] <donspaulding> and...proxy1.mycompany.com is NOT the postfix box that hosts wendyscompany.com[18:38:09] <donspaulding> tell me that ain't screwed up[18:38:55] <gpled> whats harder, is i think i know what is wrong, but can not explain it[18:39:00] *** flami has quit IRC[18:39:23] <gpled> i dont do vertual domains, but iv seen this before[18:40:12] <gpled> so if i send to wendy at wendyscompany dot com windy sees it as wendy at proxy1 dot mycompany.com ?[18:40:29] <gpled> or if wendy replays, the other party sees wendy at proxy1 dot mycompany.com[18:40:38] <donspaulding> both[18:40:41] <gpled> ok[18:40:54] <donspaulding> no, wait, I'm not sure what the other party sees when she replies[18:41:05] <donspaulding> but she sees proxy1.mycompany.com[18:41:51] <gpled> k[18:42:03] <donspaulding> gpled: any ideas for what's wrong would help[18:42:10] <gpled> and is the name of your mail server proxy1.mycompany.com ?[18:42:17] <donspaulding> nope[18:42:21] <gpled> http://www.postfix.org/BASIC_CONFIGURATION_README.html[18:42:28] <gpled> who is the proxy1?[18:42:51] <gpled> im thinking something like myorigin =[18:43:06] <gpled> which has been made virtual[18:43:09] <donspaulding> wendyscompany.com is a CNAME (alias record) for proxy1.mycompany.com, which handles the virtual hosting of her website[18:43:28] <gpled> cname hmm[18:43:41] *** cheffe has joined #postfix[18:44:08] <gpled> is that the real domain name, i will look at the dns record for you[18:44:45] <donspaulding> no, it's wendycollins.com[18:44:58] <donspaulding> which should let you fill in the blanks :-)[18:45:19] *** cheffe has quit IRC[18:46:13] <gpled> what is the bad domain name you are seeing? the proxy1 part[18:46:35] <gpled> man, where is the spam when you want it?[18:47:23] <donspaulding> err, scratch that, her domain name is wendycollinsinsurance.com.[18:47:55] <donspaulding> gpled: at hotmail ;-)[18:49:09] <donspaulding> gpled: forget wendy's domain, we've used a workaround to fix her situation.[18:49:35] <donspaulding> an example domain is abirp.net[18:49:37] <gpled> this seems like it is a dns issue[18:51:20] <gpled> check your myhostname =[18:51:38] *** alamar has quit IRC[18:51:44] <gpled> and mydomain =[18:51:55] <gpled> and myorigin =[18:52:13] <gpled> they are probalby dynamic[18:52:49] <gpled> pulling from dns names, that might be wrong because the dns server is setup that way[18:53:30] <donspaulding> no, there's no reference to proxy1 from anything in the main.cf[18:53:52] <donspaulding> myorigin is from /etc/mailname, and is mta1.mycompany.com[18:54:23] <donspaulding> mycompany.com doesn't resolve to proxy1[18:54:44] <donspaulding> I don't have a line for mydomain, so I doubt it's that[18:55:02] <gpled> also, read through this doc: http://www.postfix.org/VIRTUAL_README.html[18:55:57] *** githogori has joined #postfix[18:56:43] <rob0> what exactly is the problem? Something hparker did?[18:57:53] <donspaulding> yes[18:58:02] <donspaulding> oh wait, I mean, no :-)[18:58:24] <rob0> Let's blame him anyway, I always do.[18:58:58] *** dr_nick has quit IRC[18:59:06] <donspaulding> I host a lot of virtual domains, both for email and web, but on separate boxes. mta1 is an email forwarder, proxy1 is a web forwarder[18:59:46] <donspaulding> a typical virtual domain has MX records that point to mta1, and is a CNAME for proxy1[19:00:21] <rob0> MX should not resolve to a CNAME, ideally. It sort of works, but adds an extra step which is not recommended.[19:00:46] <donspaulding> no, the MX points straight to mta1, which isn't a CNAME[19:01:17] <donspaulding> the hosted domain has a wildcard record that resolves to the CNAME of proxy1[19:01:26] <rob0> If the second-level domain itself is a CNAME, you're in for loads of trouble.[19:01:35] <donspaulding> really?[19:01:52] <rob0> Who's hosting the DNS for this? Netsol?[19:02:00] <donspaulding> no, register[19:02:21] <rob0> Only netsol is that stupid. Isn't register.com owned by netsol?[19:02:30] <donspaulding> I don't think so[19:03:14] <donspaulding> at least if they are, they have totally different appearances, register's site and API are from the early 90's :-P[19:03:18] <rob0> The only way to make a second-level domain a CNAME is to use extra glue in the parent TLD zone.[19:03:20] <donspaulding> at least netsol looks good[19:04:05] * hparker wonders what he did this time[19:04:57] <donspaulding> well, it's an option in their admin interface, I wonder if they provide the glue?[19:05:20] <rob0> hparker.com is owned by some wealthy fellow in Leawood[19:05:38] <hparker> hehe[19:05:52] <rob0> what is one of these domains?[19:05:56] * hparker wonders if he's related, needs to find a rich relative[19:06:10] * cpm grants hparker a rich relative[19:06:19] <hparker> ty![19:07:02] <rob0> That hparker is about a mile or so from the MO state line. Very big-$$$ area.[19:07:14] <hparker> nice[19:07:30] <rob0> doctors, lawyers, KC Royals/Chiefs live there[19:08:10] <hparker> But it looks like it's hosted by a spam friendly host[19:08:15] <rob0> 1and1[19:08:20] <hparker> Maybe that's how he affords to live out there[19:08:23] <hparker> yeah[19:08:24] <rob0> :)[19:09:43] <rob0> donspaulding, a CNAME is not supposed to receive mail at all.[19:10:28] <gpled> are CNAMEs just bad these days?[19:10:46] <rob0> The proper thing for a MTA to do is to not handle it at all. The next best option is to change user@CNAME to user at name dot cname.points.to[19:11:45] <gpled> did i mention my log times look good ? :)[19:11:46] <donspaulding> why is a mail server looking up the CNAME at all though? The RCPT TO should be coming across as real.email at real dot domain.com[19:12:28] <gpled> thinking it just takes one program in the chain to ask the internet[19:12:50] <gpled> then all bets are off[19:12:51] <donspaulding> The only reference the real.domain.com MTA gets to virtual.domain.com is in the Received header[19:13:11] <donspaulding> AFAICT[19:13:20] <rob0> donspaulding: I asked for a sample domain name. Also pastebin entire headers of such a message.[19:13:30] <donspaulding> abirp.net[19:14:13] <gpled> abirp.net. 3600 IN CNAME proxy1.mirusresearch.com.[19:14:59] <rob0> damn[19:15:10] <rob0> they also have MX at the same name[19:15:18] <rob0> major breakage of standards[19:15:21] <gpled> abirp.net is an alias for proxy1.mirusresearch.com[19:15:29] <gpled> proxy1.mirusresearch.com has address 208.69.230.21[19:15:38] <gpled> Host 21.230.69.208.in-addr.arpa not found: 2(SERVFAIL)[19:15:44] *** growltiger has quit IRC[19:15:47] <rob0> BIND won't allow you to do that. They must be using some crapware for DNS.[19:16:17] <donspaulding> hmmm, I'm not seeing the MX records on that domain[19:16:34] <gpled> abirp.net. 2161 IN MX 10 mta1.mirusresearch.com.[19:16:37] <rob0> abirp.net. 3600 IN MX 10 mta1.mirusresearch.com.[19:16:40] <gpled> :)[19:16:47] <rob0> and 20 points to mta2[19:16:48] <Jax> i wrote a cool script[19:16:58] <Jax> well it's not great... but it's kinda cool[19:17:06] <gpled> Jax: in what?[19:17:09] <gpled> tcl?[19:17:10] <Jax> just checks your named.conf and checks if all zones are still delegated to you or not[19:17:14] <Jax> in.. *cough* BASH[19:17:15] <Jax> :D[19:17:26] <gpled> lol, anything but perl[19:17:35] <gpled> i like bash too[19:18:00] <Jax> http://85.195.125.161/delegate.png[19:18:01] <Jax> screenshot[19:18:02] <Jax> :D[19:18:21] <rob0> screenshot, of a script?[19:18:26] <Jax> yeahhhhh[19:18:27] <Jax> lol[19:18:34] <rob0> why not the text?[19:18:49] *** etaylor has joined #postfix[19:18:53] <Jax> well the green and red would have gotten lost[19:18:54] <gpled> Jax: pastbin your script[19:19:07] <Jax> ok[19:19:25] <gpled> hope no one gets mad at me.[19:19:36] <donspaulding> rob0: so here's my basic question, if I have two accounts on the MTA, and one points to a gmail account, and the other to real.domain.com, why does Gmail see the correct To address, and real.domain doesn't?[19:19:37] <rob0> ah[19:19:46] <gpled> wait, it is for postfix trouble shooting :)[19:20:13] <Jax> ah i thought i was in #bind[19:20:15] <Jax> damn it[19:20:16] <Jax> :D[19:20:22] <Jax> sorry for that[19:20:28] <rob0> donspaulding, beats the heck out of me. Ask hparker.[19:20:37] *** duki has quit IRC[19:20:48] *** felix_da_catz has joined #postfix[19:20:59] <donspaulding> hparker: same question :-)[19:21:10] <hparker> I have no clue[19:21:51] *** Jax has quit IRC[19:22:08] <donspaulding> I'm pretty sure the downstream server is Exchange, does this sound like something specific to it?[19:22:31] <gpled> Jax: thats cool with me. i like bash scripts :)[19:22:51] <gpled> brb[19:23:19] <rob0> Seriously, I would dump register.com and go with a normal registrar and DNS provider. That's absolute crap, what they did at abirp.net.[19:24:54] <rob0> Results 1 - 10 of about 2,590 for "cname and other data". (0.25 seconds)[19:25:09] <donspaulding> I appreciate the suggestion but this is a big system that ties in pretty tightly to register's API. It is good to know who not to go with in the future though[19:25:27] <donspaulding> thanks for your help on this rob0, hparker, gpled[19:27:43] *** lunaphyte has quit IRC[19:29:02] <rob0> RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data should be present; ..." http://www.isc.org/index.pl?/sw/bind/FAQ.php[19:29:09] *** alamar has joined #postfix[19:29:35] <donspaulding> I take it the "other data" in this case is the MX records for the same zone?[19:30:45] <rob0> *Any* other RR type. They have NS and MX both, explicit violation of standards.[19:30:54] <rob0> maybe there's SOA too[19:31:22] <rob0> I guess they do this to lock in their victims.[19:34:18] *** obscurant has joined #postfix[19:34:53] <rob0> As for the "basic question", if we're dealing with domains with broken DNS, all bets are off. And otherwise, I am not willing to guess without information (logs/headers.)[19:35:15] <rob0> and my time for today is almost over.[19:36:19] * cpm prepares for the rob0 exit[19:36:46] <rob0> trumpets? A red carpet?[19:37:10] <cpm> more like finding the cleaning folks[19:37:22] <rob0> I suppose I should prepare a speech, to thank all the Little People who made it all possible.[19:37:30] <rob0> Thank you, Little People.[19:37:37] * cpm bows[19:42:43] *** confound has joined #postfix[19:52:21] <donspaulding> thanks again rob0[19:53:38] *** flami has joined #postfix[19:59:46] *** mcas has joined #postfix[20:02:39] <mcas> hi, i have a question about blocking mails for unkown recipients[20:03:04] <mcas> if there is an bcc recipient for that mail, can postfix check this entry?[20:08:21] *** flami has quit IRC[20:08:45] *** k31th has joined #postfix[20:09:52] <k31th> If i want to redirect mail from one server to another? (im chaning MX records) whats the best way to do this? I want mail sent to the OLD mx to go to the NEW mx IP[20:11:58] *** idle-boy has quit IRC[20:12:43] *** idle-boy has joined #Postfix[20:12:48] <cpm> change the MX records. Turn off the smtpd process on the old server. Done.[20:12:49] *** pitakill has joined #postfix[20:13:42] *** hemry has joined #postfix[20:14:27] *** sadmin1 has quit IRC[20:16:24] <jelly> step 0: lower the TTL on DNS records. Wait 7 days.[20:17:30] <cpm> you could do that.[20:18:08] *** amrit|zzz is now known as amrit|bbl[20:18:10] <jelly> else mail from people with funky dnscaches will wait on their MXes[20:18:13] *** amrit|bbl is now known as amrit|wrk[20:18:17] <cpm> despite my expire times, I see MX hits to my dns server all the time, from the same origin, within minutes.[20:18:55] <cpm> seems that the internet of these modern times, isn't the old packet radio tolerant network of our forefathers days[20:19:03] <k31th> jelly: if i lower the TTL to a really low number or say 0 will that stop other dns servers caching it? and cause them to always perform a look up on my server?[20:19:12] <jelly> software working around domain owner who don't know zip about DNS ;-)[20:19:27] <cpm> :)[20:19:45] <k31th> or will it still cache it, iv never put this to the test.[20:20:21] <k31th> jelly: what would be a sensible level to lower it to.[20:20:23] <jelly> k31th: it's supposed to do that, but most caches have an internal mininum TTL for positive lookups[20:20:32] <jelly> k31th: dunno, 3600?[20:21:05] <cpm> every MX cutover I've ever done, (and I've done a few) have sorted themselves out overnight, more or less. But I do them on weekends[20:21:21] <jelly> cpm: I'm not the dns admin here so I don't really know the numbers. ;-)[20:21:55] *** aljaber has quit IRC[20:22:56] <jelly> cpm: no extemely lagging mail noticed? Maybe they were eaten by the antispam system. ;-)[20:23:55] *** nickjqw has joined #postfix[20:24:57] <jelly> I was thinking I'd leaving the old MX running with an unconditional route to the new one, but if it really straightens out within a day or two, no need to.[20:24:59] <nickjqw> Forgive me for being offtopic, but I have an urgent pam/sasl question for smtp (postfix). Anyone know a lot about that or know a channel I can go to for help?[20:27:17] <cpm> jelly, just set the old one as a secondary, then all the mail will queue and deliver to the new one, if you are really concerned.[20:27:28] <cpm> if the 'old' one knows it's the secondary[20:27:37] <cpm> which it will[20:29:05] <cpm> and, no. I've not lost mail that way.[20:29:18] <cpm> again, most the over the weekend mail is usually spam anyway :)[20:29:52] <jelly> eh, how do you know about the mail you've lost if there weren't enough customers to complain ;-)[20:30:38] <jelly> nickjqw: I guess you could just ask the question here and see if there's anyone knowledgeable enough.[20:31:35] <nickjqw> Thanks, jelly - We had a server that crashed hard, and unfortunately there were not backups other than /etc and a data volume (we didn't support the server)[20:31:44] <gpled> cpm: i have been thinking of marking points agains emails from 1am to 4am[20:32:11] <nickjqw> anyway, we've restored imap/smtp service and it's working fine, but users outside the local network can't authenticate as saslauthd seems not to work correctly against ldap[20:32:14] <gpled> seems like nothing but spams during those times[20:32:54] *** row has quit IRC[20:32:58] <nickjqw> it's an ubuntu system and pam is setup like this in /etc/pam.d/smtp:[20:32:59] <nickjqw> auth required pam_nologin.so[20:32:59] <nickjqw> @include common-auth[20:32:59] <nickjqw> @include common-account[20:32:59] <nickjqw> @include common-session[20:33:14] <nickjqw> common-auth:[20:33:17] <nickjqw> #%PAM-1.0[20:33:17] <nickjqw> #[20:33:17] <nickjqw> ##@include common-auth[20:33:17] <nickjqw> ##@include common-account[20:33:17] <nickjqw> ##[20:33:18] <nickjqw> #auth sufficient pam_ldap.so[20:33:19] <nickjqw> #[20:33:22] <nickjqw> #account sufficient pam_ldap.so[20:33:24] <nickjqw> #[20:33:24] <jelly> nickjqw: uh, use a pastebin?[20:33:26] <nickjqw> #password required pam_ldap.so[20:33:28] <nickjqw> #[20:33:31] <nickjqw> #session sufficient pam_ldap.so[20:33:32] <nickjqw> #[20:33:34] <nickjqw> auth required pam_nologin.so[20:33:36] <nickjqw> @include common-auth[20:33:38] <nickjqw> @include common-account[20:33:40] <nickjqw> @include common-session[20:33:44] <nickjqw> jelly- yeah, sorry[20:36:06] *** linkslice has quit IRC[20:36:20] <nickjqw> http://pastebin.com/m268a54c7[20:37:05] *** flami has joined #postfix[20:38:03] <nickjqw> all users are in ldap...[20:40:01] *** unixcoder has joined #postfix[20:41:20] *** duki has joined #postfix[20:44:11] <jelly> nickjqw: can they use other services with auth data from ldap, like shell accounts (ssh)?[20:44:44] <nickjqw> I'm starting to think not, and that the pam_ldap portion is broken.[20:44:56] <nickjqw> ldap users are able to use imap/pop[20:45:01] <nickjqw> but that must not be using pam...[20:48:06] *** psyllo has quit IRC[20:52:49] <jelly> verify that. If your postfix/smtp is running in chroot, verify that saslauthd is set up correctly in the chroot.[20:53:33] *** eject_ck has joined #postfix[20:54:46] *** ramoni has quit IRC[20:58:45] *** flami has quit IRC[20:59:18] *** jellis has joined #postfix[21:02:02] *** Internat3 has joined #postfix[21:02:12] *** mcas has left #postfix[21:02:13] *** Internat has quit IRC[21:04:57] *** nitbix has joined #postfix[21:06:56] <gpled> today is chroot day[21:08:15] *** duki has quit IRC[21:10:58] *** duki has joined #postfix[21:11:48] <cpm> everyday is chroot day[21:12:54] <cpm> http://kerneltrap.org/Linux/Abusing_chroot[21:21:09] *** eject_ck has left #postfix[21:31:10] <gpled> is their a quick way to tell postfix to stop taking mail? want to put postfix on hold, so i can look at the maillog, with out it changing.[21:31:23] <jellis> service postfix stop ? :P[21:31:24] *** pitakill has quit IRC[21:31:38] *** flami has joined #postfix[21:31:57] <cpm> postfix stop[21:32:08] <cpm> man postfix[21:36:58] <hparker> Turning off the server usually stops it[21:37:12] *** flami has quit IRC[21:37:57] *** darkphader has joined #postfix[21:38:00] *** flami has joined #postfix[21:39:06] <cpm> usually[21:39:09] *** psyllo has joined #postfix[21:40:03] *** tsrepadmin has quit IRC[21:42:23] *** flami has quit IRC[21:42:53] *** madclicker has joined #postfix[21:44:56] *** UQlev has quit IRC[21:48:01] *** flami has joined #postfix[21:48:32] *** csm-laptop has quit IRC[21:50:24] *** gpled has left #postfix[21:51:24] *** andinator has joined #postfix[21:51:43] <andinator> http://www.ex-periment.wmn.eu/?id=7982[21:51:46] *** andinator has quit IRC[21:52:03] *** cpm has quit IRC[21:52:44] <hparker> drive by spammer...[21:54:17] *** deskdevil has left #postfix[22:01:30] *** flami has quit IRC[22:01:42] *** meandtheshell has quit IRC[22:01:54] *** flami has joined #postfix[22:02:00] *** flami has quit IRC[22:03:48] *** flami has joined #postfix[22:03:58] *** Gibbonz has quit IRC[22:10:46] *** githogori has quit IRC[22:13:13] *** githogori has joined #postfix[22:13:49] *** jelly has quit IRC[22:14:01] *** jelly has joined #postfix[22:16:12] *** UQlev has joined #postfix[22:16:18] *** jellis-real has joined #postfix[22:16:25] <jellis-real> good day all.[22:16:56] *** flami has quit IRC[22:23:28] *** sepski has quit IRC[22:29:29] *** diveli has joined #postfix[22:35:00] *** higuita has quit IRC[22:37:53] *** higuita has joined #postfix[22:38:27] *** fholmes has joined #postfix[22:43:31] *** pirho has joined #postfix[22:43:51] *** pirho has quit IRC[22:44:51] *** pirho has joined #postfix[22:44:59] *** flami has joined #postfix[22:47:08] *** flami has quit IRC[22:47:35] *** felix_da_catz has quit IRC[22:56:06] <jellis-real> i'm having issues with mail being held up in my hold queue[22:56:45] *** hemry has quit IRC[22:58:10] <hparker> Why are you putting it in the hold queue?[22:59:29] *** pirho has quit IRC[23:00:03] <jellis-real> MailScanner[23:00:13] *** pirho has joined #postfix[23:01:34] <hparker> then I would guess you'd need to figure out why mailscanner isn't doing it's thing.. I have no clue as I've never used mailscanner except with sendmail[23:02:29] <jellis-real> sorry, looking at a couple of things...i may be on to something[23:05:47] <kreg> i use an ssl cert in my main.cf for smtp authentication[23:06:08] <kreg> how do you do a 2nd or 3rd cert for other domains in the case of a virtual mail server?[23:07:58] *** etaylor has quit IRC[23:10:02] *** fholmes has quit IRC[23:13:36] *** valmis has joined #postfix[23:14:15] <valmis> hello everybody[23:14:39] *** unixcoder has quit IRC[23:17:01] <Trengo> hi[23:17:36] <valmis> i need help with postfix[23:18:14] *** UQlev has quit IRC[23:20:04] <adaptr> phew, thanks for that - we never would have guessed other wise![23:20:23] *** Gibbonz has joined #postfix[23:32:01] *** oates is now known as oates|zzzZ[23:39:29] *** githogori has quit IRC[23:42:40] *** alamar has quit IRC[23:42:40] *** Bejgli has quit IRC[23:42:41] *** black_johhny has quit IRC[23:43:03] *** alamar has joined #postfix[23:43:03] *** Bejgli has joined #postfix[23:43:03] *** black_johhny has joined #postfix[23:45:04] *** donkdonk has joined #postfix[23:46:21] <donkdonk> most likely a simple thing but when i send email from my server is goes out as donkdonk at localhost dot domain.com.how do i get rid of or change the localhost part?[23:47:42] *** valmis has quit IRC[23:51:06] *** jellis-real has quit IRC[23:52:30] *** lunaphyte has joined #postfix[23:52:55] <aatmaa> go to main.cp ... and have edite mydomain directive[23:53:03] <aatmaa> main.cf *[23:53:15] *** spiekey has quit IRC[23:59:59] *** Motoko-chan has joined #postfix