May 13, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 13, 2008 [00:00:15] <ribasushi> so, one more time - any principal difference between content_filter and transport_maps?[00:00:38] <unsolo_> http://rafb.net/p/3NUwwI21.html[00:01:22] <rob0> Yes, content_filter is content_filter and transport_maps is transport_maps.[00:01:37] <lied> unsolo_, btw: don't post logs with real mailadresses in such a channel. if i was a spammer i would grep through this logs and ...[00:01:47] <unsolo_> hehe yea[00:01:52] <rob0> You mean, can you use content_filter to transport to a final destination? Sure.[00:01:55] <unsolo_> not a problem tho.[00:02:02] <unsolo_> fake users[00:02:11] <lied> unsolo_, have you activated the clamav filter in /etc/amavis/conf.d/15-content_filter_mode ?[00:02:26] *** Knoedel2 has quit IRC[00:02:27] <ribasushi> rob0: the other way around - use transport_maps to have selective scanning with a filter[00:02:32] *** Mathman has quit IRC[00:02:57] <rob0> well that too, sure.[00:03:24] <Lars_G> lied: Spammers have easier ways to get email addresses[00:03:42] <ribasushi> rob0: so from a techical point o view they are the same dispatch mechanism, that hooks at the same place (after the qmgr)[00:03:51] <ribasushi> rob0: just different names[00:04:02] <lied> Lars_G, if someone greps through homepages for contact adresses... i think its easier to grep through this log here *g[00:04:14] <unsolo_> lied: hmm where was that in the guide ?[00:04:33] <unsolo_> should i also enable the virus scan then i guess[00:04:36] <rob0> well, I would use a check_recipient_access with FILTER action, not transport_maps[00:05:05] <ribasushi> rob0: but this is before queue[00:05:24] *** wasabi has joined #postfix[00:05:25] <rob0> and you might get unexpected results with multi-recipient mail[00:05:34] <wasabi> Howdy. Having some trouble getting relay access to work for authenticated users through my postfix.[00:05:36] <unsolo_> lied: thanks a full tho now it got blocked..[00:05:37] <rob0> and no, transport_maps is not consulted before queue[00:05:44] <wasabi> It was working last week, it is no longer working today. I'm not sure why.[00:05:45] <lied> unsolo_, http://rafb.net/p/oZQTK074.html[00:05:50] <ribasushi> rob0: I need after queue stuff (want to do selective mail signing), yet all howtos out there use content_filter[00:05:54] <wasabi> It's basically saying relay is not permitted for unknown domain[00:05:59] <lied> unsolo_, augen auf :)[00:06:02] <ribasushi> although signing has nothing to do with filters imo :)[00:06:03] <rob0> !filter[00:06:04] <knoba> rob0: Error: "filter" is not a valid command.[00:06:07] <rob0> !filter_readme[00:06:08] <knoba> rob0: "filter_readme" : http://www.postfix.org/FILTER_README.html :: After-queue content filtering[00:06:27] <ribasushi> rob0: read this many times, and currently using it for virus scanning[00:06:48] *** Spec has quit IRC[00:06:52] <ribasushi> rob0: the use case in question is mail signing though (not verification)[00:07:16] <unsolo_> lied: what about the .spam folders ? did you create them ?[00:07:32] <ribasushi> to rephrase - is using transport_maps correct in this case, or there are some advantages of content_filter that I am unaware of[00:07:55] <lied> unsolo_, query?[00:08:15] *** githogori has quit IRC[00:08:42] *** x-spec-t has quit IRC[00:08:42] *** githogori has joined #postfix[00:09:53] <Haris> How do I make postfix do the following. For every received mail, relay a copy to another mail server and also deliver its copy locally[00:10:05] <davidj> Haris: bcc?[00:10:31] <ribasushi> Haris: sender_bcc_maps and recipient_bcc_maps[00:10:48] <Lars_G> Sigh I'm tired of this[00:10:59] <Lars_G> I have had too many botnet attacks.[00:11:03] <ribasushi> Haris: or always_bcc for everything[00:11:22] <Lars_G> And I can't get smtpguard to work[00:13:18] <Haris> Is that hte only option?[00:13:23] <Haris> option=way[00:14:18] <Lars_G> Is there no other way to fight spontaneous appearing botnets inside your networks? sigh[00:14:47] <Haris> botnet attacks? on mail servers?[00:14:55] <davidj> Lars_G: Are they inside your network??[00:14:59] <Lars_G> Yes, using them for spam.[00:15:02] <Lars_G> davidj: yup.[00:15:23] <Lars_G> davidj: keep in mind "inside our network" is large very large, and so far it's been a moving target.[00:15:26] <Haris> how can they come into your network and use your mail serves as spam[00:15:28] <Lars_G> So a simple iptables fails.[00:15:35] <Haris> serves=servers[00:15:40] <davidj> I'd put "iptables -I FORWARD -s $IP -j DROP" on my firewall[00:15:49] <Lars_G> Haris: they infect a desktop machine with a bot, and then the bot is commanded remotely to send stuff.[00:16:04] <jpalmer> Lars_G: I assume by asking here, that these botnets are being used to send spam through your mailserver. you can disable IP based relaying, and switch to smtp-auth only.[00:16:18] <Lars_G> ....[00:16:31] <Lars_G> jpalmer: that would be a big change, but actually a good idea... a very nice idea...[00:16:44] <davidj> Lars_G: Run a script to detect infected machines (could be as simple as a firewall rule detecting traffic on smtp port), then use ARP to force the infected machines into a different network.[00:16:55] <jpalmer> if the bots are smart enough, they can still authenticate, but now you instantly know the user account to disable until they fix their machine.[00:17:00] <rob0> Viruses can AUTH if they have to.[00:17:06] <Haris> :o that[00:17:10] <Lars_G> jpalmer: Yes diagnosing would be much easier[00:17:10] <Haris> I'v had to deal with that[00:17:16] <jpalmer> yes indeedy.[00:17:20] <Haris> I'v filtered outgoing SMTP for 2-3 boxes in my network[00:17:34] <Haris> completely denying them means to send out mail, untill their boxes were cleaned[00:17:35] *** madrescher has quit IRC[00:17:38] <jpalmer> I just wanted to clarify that smtp auth may not *stop* the problem. but it does make dealing with it much much easier.[00:18:06] *** cite has quit IRC[00:18:34] <rob0> aphrodite.incertum.net[00:19:01] <Haris> I hate those infections for desktop PC[00:19:03] <jpalmer> Lars_G: I firewall outgoing connections to port 25 for my entire network, except my mailservers. that stops the botnet from using any smtp machine other than mine. then smtp_auth on my mailservers (I hate IP based relaying) I can shut down individual zombies at a moments notice with that setup.[00:19:19] <Haris> the layman users usually have no idea what's going on, on their boxes. And we have to clean it up[00:20:28] <jpalmer> Haris: if you are just an ISP, work out a deal with a local repair shop. they signup new users for you, you send viral machines to them for cleaning. if you have an inhouse repair center, it's a good way to generate revenue AND eliminate the zombies on your network.[00:20:36] <Lars_G> jpalmer: How do you catch it quickly? I am thinking on getting a list of queue size via snmp to the mrtg server...[00:21:22] *** cite has joined #postfix[00:21:49] <jpalmer> Lars_G: a few scripts to generate rrdtool (or mrtg) scripts based on mail logs. I have it track the most outgoing mail users. then parse the logs manually if anything looks amiss.[00:21:59] *** felix_da_catz has quit IRC[00:22:12] <Lars_G> hmmm based on mail logs. interesting[00:22:21] <jpalmer> nagios also. if the numbers get abnormally high for any particular user, it pages me.[00:22:24] *** seekwill has quit IRC[00:22:54] * Lars_G bows to jpalmer[00:23:09] <jpalmer> the nice thing about smtp auth, is now every outgoing email log will have a line specifying which user account is sending it ;) easily parsible[00:23:52] <Lars_G> so sweet[00:24:50] <jpalmer> if you do IP based relaying, obviously your customers will need to be warned well in advance. and when you switch to ONLY using smtp auth, your helpdesk will be swamped with "mail is b0rken! reboot the server!" calls. be ready to staff heavily ;)[00:25:46] <Lars_G> Oh i know that and it's the scary part[00:26:16] <Haris> !sender_bcc_maps[00:26:16] <knoba> Haris: "sender_bcc_maps" : a configuration parameter in the main.cf: Optional BCC (blind carbon-copy) address lookup tables, indexed by sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.[00:26:21] *** loddafnir has quit IRC[00:26:31] <jpalmer> I personally would do it in stages. leave your IP relaying in place for the time being (you've dealt with it this long, right?) enable smtp_auth in addition. send out one mass mail a week telling them how to enable smtp auth.. for a month. then disable the IP relaying.[00:26:49] <Haris> !recipient_bcc_maps[00:26:50] <knoba> Haris: "recipient_bcc_maps" : a configuration parameter in the main.cf: Optional BCC (blind carbon-copy) address lookup tables, indexed by recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.[00:26:52] <Lars_G> jpalmer: Aye it's the only logical plan.[00:27:09] <Haris> well, I neither have sender, nor receiver list[00:27:17] <Lars_G> jpalmer: Altough I know for such a "complex" change only around 40% or less of our users will understand the mass mail instructions.[00:27:18] <Haris> I just want the mail to be thrown to the other mail server[00:27:26] <Lars_G> Worse is I know a lot simply don't read email from us.[00:28:35] <jpalmer> Lars_G: make a few webpages, with instructions for the popular mail clients (outlook, OE, vista's Mail, thunderbird, Mac's Maill.app) with step by step directions for setting each one up specifically for your service.[00:29:14] <jpalmer> those who don't read emails from their administrator are going to be bit by this. that is 100% their problem. especially if you can show them you sent a months worth of warnings.[00:29:47] <Haris> when I set value of mydestination= to relay_domain and empty mydestination, does it forward all mail to the other mail server and not store a copy locally?[00:31:54] *** mehulved has joined #postfix[00:32:33] <Lars_G> jpalmer: that doesn't stop them from calling in screaming. It's never helped before.[00:34:13] <jpalmer> sadly, anytime you drastically change how mail works, you are going to hear complaints, threats of cancellations, and possibly even cancellations. every ISP does. it's easy for me to say "screw them, they aren;t the clients you wanted anyway" but I've been in your shoes. too many times to count. it's a part of the ISP business. but ultimately, you have to do whats best for the health of the company.[00:34:29] <jpalmer> and IMO, being able to track down mail abuse IS critical to the health of your company.[00:34:43] <jpalmer> s/IS/quickly, IS/[00:35:12] <Lars_G> jpalmer: Sigh I know, it's unavoidable. I'm just pre-steeling myself.[00:35:37] <Lars_G> I still need to run the idea thorough the CIO first anyhow... but seeying with how bad the situation has gotten I think I can pass it.[00:35:53] <Lars_G> And, it has the second help that uses can still use our smtp while traveling.[00:36:33] <Lars_G> jpalmer: I bet you use your own analyzers for long term trend log analysis?[00:36:45] <jpalmer> I'm sure you also know that the key to these 'pre-change' emails is: don't get too technical. don't explain why you are doing it. leave that part very light and fresh.. just leave it as something like "Due to upcoming security policy changes, we'll be changing how you send mail..."[00:37:56] <Lars_G> Ah yes.[00:38:16] <Lars_G> "In order to improve our email service, our techs are making some simple changes..:" blah blah[00:38:43] <jpalmer> I don't really concern myself with longterm trends, to be blunt. the spam scene changes and evolves too much for me to track it myself. I peruse the mail abuse newsgroups. I worry about short term trends (good indicators of machines being infected on my network)[00:40:21] <Lars_G> Have greylists helped in your case with internal abuse?[00:40:50] <jpalmer> really, on your side it's a simple change. remove all your IP's from mynetworks, enable smtp_auth, use the same password database your pop3/imap servers use. cake[00:41:09] <Lars_G> it's not exactly as simple, but it's doable.[00:41:32] <jpalmer> I don't greylist outbound. only incoming. and as I said earlier, greylisting is still the most effective antispam mechanism I use, but it's losing that effectiveness at an increasing rate.[00:41:41] <Lars_G> Since this is a relay only server. The password database is copied over daily for other reasons, but 24h is too slow a refresh rate[00:42:44] <Lars_G> Well I wont go off into tangents. It's been a real pleasure talking with you jpalmer and I might poke you for opinions and ideas on a latter date.[00:42:56] <jpalmer> yeah, you'll want it much more granular than that. if you disable an account due to mail abuse (intentional, or bot) you don't want to wait 12+ hours for that to come into effect. and more.. when they fix it, they don't want to wait 12+ hours to be reactivated.[00:43:35] *** Draecos_ has quit IRC[00:43:54] <jpalmer> anytime. good luck with it.[00:44:22] <jpalmer> btw: I recommend everyone in the channel to move away from IP based relaying as soon as possible ;) it never was wise, and much less so now ;)[00:45:10] <jpalmer> well, I guess I can't say it "never was wise" because back in the day, the net was nowhere near as hostile as it is now. but it hasn't been a good idea for many years now :)[00:46:04] *** action09 has joined #postfix[00:46:24] *** war9407 has quit IRC[00:46:31] * rob0 doesn't run an ISP, but I'd probably permit_mynetworks if I did[00:47:10] <rob0> I'd block outbound 25 for sure, let them ask to open it[00:47:43] <Lars_G> I'll drop greylist in the incomming server[00:47:49] <Lars_G> I think that should help[00:47:49] <rob0> I'd use throttling like policyd and quarantine any suspicious activity[00:48:20] <rob0> and it would be in the ToS that users might expect such things without notice[00:48:42] <jpalmer> policyd can be quite useful, yes. but I got away from using permit_mynetworks a long time ago. and have been extremely happy with the results. as an ISP, you need smtp_auth anyway for mobile or seasonal clients..[00:49:08] <rob0> and if they're spewing, severe penalties, let them prove it wasn't them (they can't, it was!)[00:49:18] <rob0> no PHB would ever go for that tho[00:49:27] <Lars_G> jpalmer: altough botnets must be beyound greylisting, saddly[00:49:57] <jpalmer> why burden yourself with looking up the offending IP in mail logs, seeing who was logged in with that IP at this time, possibly having to do calculations if you didn't have the foresight to have all your servers use a standard ntpd.. etc etc ;)[00:50:57] <jpalmer> Lars_G: for inbound, greylisting is still fairly effective. the effectiveness is just diminishing. currently, I'd still recommend it.[00:51:21] <kreg> so let's say i built a box to handle outbound spam. can i leave my users alone and just configure my current mail server to send everything it's relaying to the new box?[00:51:29] <jpalmer> next month, or next year, I may be anti-greylising because it may be ineffective, and a waste of resources ;) we'll see[00:52:44] <Lars_G> btw what are your experiences and thoughts about spf jpalmer ?[00:53:39] *** seoronin has left #postfix[00:53:43] <jpalmer> for an ISP, SPF is a horrible idea. for small pivate domains/networks, it's great.[00:54:27] <jpalmer> the ISP should publish SPF records IMO. but implementing SPF on the MTA level should be approached lightly.[00:55:07] <jpalmer> I don't use SPF at all on inbound. but I do publish records. if I were to use it at all on inbound, it'd be on a wieghted scale only. not an absolute decision maker.[00:55:48] *** havvg has joined #postfix[01:01:09] *** seekwill has joined #postfix[01:05:42] *** githogori has quit IRC[01:13:00] *** githogori has joined #postfix[01:15:28] *** RobHu has joined #postfix[01:16:02] <RobHu> Where can I RTFM how to get postfix to forward all incoming mail to another mail server? (this mailserver is replaced by another on another IP and I want any mail that goes to the old one to be forwarded)[01:20:18] <rob0> I don't understand, why not just change the MX, turn off the old one, and let DNS do its job?[01:21:28] <rob0> and if there's any queue, set "relayhost = [new.server]" and "postfix flush".[01:21:50] <rob0> (just prior to stopping postfix on the old one)[01:26:01] <RobHu> I agree, but my colleague tells me in the past he has had problems with people caching dns for too long[01:29:56] <jpalmer> lower your DNS ttl prior to the change.[01:30:05] <RobHu> thanks[01:30:07] *** RobHu has left #postfix[01:30:24] <hparker> Except for hotmail :P[01:30:33] *** pitakill has quit IRC[01:30:43] <jpalmer> hotmail doesn't count ;)[01:33:43] <rob0> How much can we do to work around broken systems?[01:42:29] *** AirBender has joined #postfix[01:43:03] <AirBender> Hello guys I have a little problem with smtp[01:43:31] *** qiyong has quit IRC[01:43:37] <AirBender> I have a server running postfix 2.5.1 MTA inside a class B network(a University)[01:44:27] <AirBender> when I send mail to the University's server there's no problem, the same with another mail service inside the same network, but when i try to send to other services like gmail, I got a time out request[01:45:00] <AirBender> I think this is a common error, but can't figure out how to solve it[01:45:13] <unsolo_> asuming im using mysql + dovecot + postfix. when i create a new user in mysql only .. anyone happen to know where dovecot takes the default from when i log in ?[01:46:00] *** qiyong has joined #postfix[01:47:10] <rob0> Sounds like maybe the Univ. router is blocking outbound SMTP. Can you telnet/nc to my port 25?[01:47:17] <unsolo_> is it the linux default maildir or is it something more "detailed"[01:48:29] <rob0> "Linux default maildir?" I have no idea what that would be. But I know the Dovecot wiki explains how that is done in Dovecot.[01:50:28] <unsolo_> hmm ive looked around for it[01:51:20] <rob0> "mail_location" IIRC[01:51:48] <AirBender> rob0: I think the port 25 is ok, but I'll try to do a telnet test to the smtp service from here(my home) I've don it only locally from within an ssh session in the server[01:53:21] <rob0> well the whole point is to test FROM the server, is it not?[01:54:04] <unsolo_> rob0: where does it take sendt and Trash from ?[01:54:24] <AirBender> rob0: you're right lol[01:55:45] <lied> unsolo_, perhaps from your webmailer. create an user and have a look at you maildir which direcorties are created by dovecot[01:56:08] <lied> unsolo_, then log in by webmail and look again at you maildir[01:56:17] <rob0> You asked me about that a few hours ago, why are you asking again?[01:56:19] <unsolo_> lied: i have tried.[01:56:41] <rob0> I told you the MUA created those maildirs[01:56:48] <lied> unsolo_, and which directories are created by default?[01:57:01] <unsolo_> Trash and Sendt[01:57:08] <unsolo_> in addition to INBOC[01:57:16] <unsolo_> INBOX[01:58:30] <unsolo_> grep Trash * in dovecot showed up empty ;([02:00:12] <AirBender> holy sh*t so stupid, the ports 25, 143 and 993 are not forwarded... outside the university, I'm pretty sure I've asked for the necessary ports...[02:00:49] <Lars_G> phew queue down to 45000 mails[02:00:52] <Lars_G> now another round of cleaning[02:01:51] <unsolo_> oO[02:01:55] *** dserban has quit IRC[02:02:18] <Lars_G> unsolo_: they where up at 95000[02:02:44] <Lars_G> My usual load on that server is 2000 to 4000 queued mails. talking legal mails.[02:03:12] <unsolo_> oh[02:03:14] <Lars_G> jpalmer: the thing is I begin by anviling postfix down, and only allowing two of our other relays to overcome the limit since they never where attacked before.[02:03:29] <Lars_G> jpalmer: Murphy hit, and one of the others was attacked. So they overcame the anvil rates[02:03:30] <unsolo_> Lars_G: is it a mail cluster ?[02:03:42] <lied> unsolo_, i've tested it and theres only "cur" "new" and "tmp" dirs[02:03:50] <Lars_G> unsolo_: it's not a cluster in the orthodox sense but yes in a form it is.[02:03:57] <unsolo_> ok[02:04:53] <unsolo_> lied: well the folder is created upon recieving a spam mail[02:05:00] <Lars_G> unsolo_: We have several "plans" and domains. and each group of plans and domains is clustered on a server, and all servers relay out thorough this central one[02:05:43] <lied> unsolo_, one moment i'll test[02:07:03] <unsolo_> Lars_G: and is that node redundant..[02:07:14] <lied> unsolo_, hm not at all here. the global sieverc creates a .spam folder...[02:07:25] <AirBender> rob0: well, I haven't forwarded the port 25, and I can't do a telnet to smtp.gmail.com, fro the server. That's the problem, just need to talk to the network admin, thanks for the help![02:07:31] *** havvg has quit IRC[02:07:33] <unsolo_> yea it did at my end as well lied[02:07:43] <Lars_G> unsolo_: nope. saddly it's not.[02:08:06] <Lars_G> This is the result of uncharted, unguided organic growth[02:08:12] <unsolo_> ahh[02:09:09] <rob0> AirBender, yw.[02:09:23] <rob0> It's not uncommon to block 25 outbound.[02:09:39] <rob0> In fact it's pretty much considered a best practice.[02:09:47] <unsolo_> Lars_G: Im porting a mailserver to a redundant mysql / network raid / ocfs2 thing hopefully the redundancy will "work"[02:10:24] <Lars_G> unsolo_: good luck. If I someday convince my boss to buy a new server instead of reassigning old 486 machines from his son as servers, I might try that too[02:10:39] <Lars_G> Of course my example is a caricaturesque exageration, but it has basis on reality[02:10:42] *** hoodow has joined #postfix[02:11:38] <unsolo_> oO[02:16:35] <AirBender> rob0: Yeap, but I think we asked for it to the admins.[02:18:12] *** jlund has joined #postfix[02:22:12] *** action09 has quit IRC[02:24:27] <jlund> I have a server setup that has two IP addresses. I would like to have Postfix send site notifications (password reminders etc.) from one IP address while sending newsletter content through the second IP. Is there a way to do this without running two difference instances?[02:25:27] <Lars_G> you can define diferent smtp transports in master.cf with each bound to a different IP, and use some ruleset voodoo to decide what emails to send out on each transport.[02:25:35] <Lars_G> the filter part I'll leave to others, I've not done much of those.[02:25:43] <rob0> transport_maps[02:26:23] <Lars_G> rob0: Yes but given he wants to send a newsletter on a particular one, he will need some kind of matching to filter[02:26:41] <rob0> hmmm yes[02:26:57] <rob0> sender_based_relayhost_maps maybe[02:27:03] <rob0> !sender_based_relayhost_maps[02:27:03] <knoba> rob0: Error: "sender_based_relayhost_maps" is not a valid command.[02:27:07] <Lars_G> good idea[02:27:13] <rob0> postconf.5.html#sender_based_relayhost_maps[02:31:37] <jlund> I can't find that on this page: http://www.postfix.org/postconf.5.html[02:31:43] <jlund> Should I be looking somewhere else>[02:32:47] *** cilly has quit IRC[02:33:49] <rob0> sender_dependent_relayhost_maps[02:33:52] <rob0> !sender_dependent_relayhost_maps[02:33:53] <knoba> rob0: "sender_dependent_relayhost_maps" : A configuration directive in main.cf for sender based message routing. See http://www.postfix.org/postconf.5.html# sender_dependent_relayhost_maps[02:34:15] <jlund> Thank you guys[02:36:16] *** seekwill has quit IRC[02:36:56] *** seekwill has joined #postfix[02:39:58] *** quieteyes has left #postfix[02:40:51] *** jlund has quit IRC[02:44:11] *** felix_da_catz has joined #postfix[02:52:07] *** jlund has joined #postfix[02:53:30] *** ming_zym has joined #postfix[02:53:59] *** jlund has quit IRC[02:57:43] *** ming_zym has quit IRC[03:05:30] <Lars_G> Ok more cleaning, down to 8k messages[03:05:38] <Lars_G> Time to do individual cleaning[03:05:49] <Lars_G> I wish there'd be a gui queue manager[03:06:54] <mwalling> there is one[03:06:58] <mwalling> its called Konsole[03:07:08] <mwalling> or Terminal[03:07:11] <mwalling> or PuTTY[03:07:36] <Lars_G> :P[03:07:48] <mwalling> i'm strange[03:10:57] *** Tachy has joined #postfix[03:10:58] <Lars_G> I consider you to be something else but I will not say it to keep the tone civil :)[03:11:57] <mwalling> rob0: i think they[03:12:02] <mwalling> re al ganging up on me[03:14:15] <Lars_G> jpalmer: Correct me, but isn't spf a little useless if ISPs don't enforce it?[03:14:16] *** knoba has quit IRC[03:14:17] <rob0> it serves you right, but not for this[03:14:25] *** knoba has joined #postfix[03:19:45] *** rcsu_ has joined #postfix[03:21:58] *** Tachy_ has quit IRC[03:27:30] *** c0m has joined #postfix[03:31:01] <jpalmer> Lars_G: the problem with SPF in large userbase domains is forwarding. when I send an email from abc.com.. it arrives to you at xyz.com, but yo have that account configured to forward to jkh.com. guess what? jkh.com checks SPF, and sees that xyz.com isn't listed as a mail source. denied.[03:32:18] <jpalmer> SPF is great on small domains, where you know (or can enforce) a no-forwarding policy (or use any of the viable alternates to forwarding) it's perfect for small domains, or domains that never actually send mail.. but outside of that.. it's impact has to be judged on a per-case basis[03:32:45] <Lars_G> Hmmm fowarding.. you're absolutely right there...[03:33:11] *** ming_zym has joined #postfix[03:33:21] <Lars_G> I wonder if a version of SPF checking could be made to check the whole chain in the headers and be ok if it originated in the specified green servers.[03:34:00] <jpalmer> not currently. however there alternates to traditional forwarding. they've been met with varying results[03:34:01] *** rokjan has quit IRC[03:35:23] <Lars_G> Another problem I've seen is that for a while SPF caused troubles with hotmail for their stupid attempt at an alternative "standard"[03:35:52] *** rcsu has quit IRC[03:39:20] <jpalmer> I'm sure some here will argue with me. I had high hopes for SPF, but I think it's a flawed design. I publish the records, but don't check them. Maybe it helps me not have so much backscatter from smaller domains. maybe it doesn't. I have no viable way to tell.[03:40:24] <jpalmer> (backscatter from spammers using addresses in my domain, if that wasn't clear)[03:40:29] <rob0> yup[03:40:40] <rob0> and on some domains I don't even publish it now[03:41:02] <rob0> seems like spammer domains have perfect spf[03:41:16] <jpalmer> domains that have no legit mail, I publish a "v=spf1 a: -all" record.[03:41:50] <rob0> @ MX 0 no.mail.invalid.[03:41:53] <rob0> works too[03:42:06] <rob0> bbl, afk[03:42:28] * jpalmer ponders setting all my MX's for those to the CIA or NSA MX's[03:42:31] <jpalmer> haha[03:42:50] *** pirho has quit IRC[03:46:18] *** adaptr has joined #postfix[03:47:55] <Lars_G> jpalmer: I'm suffering big backscatter right now, and I know the netadmin publishes the spf records[03:50:33] * jpalmer ponders registering a domain to collect data. have others point their non-existant MX's to that domain.. setup a spamtrap.. maybe setup some kind of rbl from the data.[03:52:07] <Lars_G> afaik it's done already[03:53:15] <seekwill> I must not be doing something right... all this talk about backscatter... I haven't seen any on my domains...[03:53:28] <mwalling> seekwill: ditti=o[03:53:34] * jpalmer doesn't deal with much backscatter either.[03:53:43] <adaptr> that's because youse one of them nerdz that canhasproperconfig[03:53:48] <seekwill> Like, in the last few days, I've seen it a lot[03:54:16] <mwalling> just look at postfix-users.... you'd think it was the plauge or something[03:54:20] <Lars_G> Normally backscatter is low for us but it rocketed 3 days ago.[03:54:35] <Lars_G> And the trouble is in the early days we were trolled quite a bit.[03:55:08] <Lars_G> So many of our still active email addies are floating around the dark networks.[03:55:09] <Lars_G> :([03:55:14] <seekwill> heh[03:55:46] <jpalmer> ok, Dr. House is about to go on-call. be back in a bit over an hour![03:55:57] <Lars_G> lol[03:56:00] <seekwill> oooh[04:02:36] *** adaptr has quit IRC[04:02:47] *** adaptr has joined #postfix[04:08:48] *** KragenSitaker has quit IRC[04:10:34] <Lars_G> Btw good to know I'm not the only one to see the backscatter increase[04:28:46] *** Motoko-chan has joined #postfix[04:29:25] *** c0m has quit IRC[04:50:22] *** Zeit|awy_ has joined #postfix[04:56:29] *** Zeit|awy has quit IRC[05:06:23] *** kennyt has left #postfix[05:11:32] *** troythetechguy has quit IRC[05:13:35] *** gpled has joined #postfix[05:13:42] <gpled> hello[05:15:12] <growltiger_> hi![05:15:13] <growltiger_> wb[05:15:54] <gpled> :)[05:20:09] <gpled> have you guys been seeing a lot of spam from gmail, hotmail, aol, ... servers?[05:21:42] <hparker> first tow, yes.. latter, not so much here[05:22:19] <hparker> There was a smtp relay exploit posted to bugtraq in the last week or so[05:22:27] <hparker> To gmail that is[05:23:02] * hparker has been working on a centos server most of the day, can't grasp complete thoughts anymore[05:23:17] <gpled> i had a cool honey pot going. then bad mail started coming from them. and they where getting blocked[05:23:41] <gpled> hparker: what version?[05:25:16] <hparker> 5.1[05:25:42] <gpled> i never made the jump to 5. im at what ever the highest 4 is[05:26:10] <hparker> Fresh install.. Trying to slam a server to replace one that had hardware failure... i really think it would of been quicker to just install gentoo[05:30:07] *** snappy has joined #postfix[05:30:16] <gpled> little off topic, but anyone good with iptables? have a seven liner: http://pastebin.com/dda1b6df[05:30:32] <gpled> just want to know if that new chain is correct[05:32:16] <snappy> I'm trying to verify TLS connections made by my MTA, I got 3 certs in /etc/ssl/certs, one is a symlink to firefox's ca-bundle, and i've set the smtpd_tls_CApath & smtp_tls_CApath to /etc/ssl/certs. I've also done a c_rehash /etc/ssl/certs and cleared the tls connection databases. No matter what though, postfix reports tls connections as untrusted. The one MTA i'm relaying to particularly has a proper certificate that is in the ca-bundle. Any ideas[05:32:31] <snappy> I think it's got something to do with openssl and that c_rehash, but I'm not terribly sure.[05:34:38] *** githogori has quit IRC[05:36:15] <gpled> snappy: i have no idea. only thing i know to check, is make sure both clocks on both machines are correct[05:39:35] *** Armored_Azrael has quit IRC[05:44:34] *** hparker has quit IRC[05:56:16] *** hparker has joined #postfix[06:05:13] *** rcsu_ has quit IRC[06:08:40] *** saurabhb has joined #postfix[06:08:45] <snappy> yeah, seems like openssl verification in general is just fidgety[06:11:13] <gpled> i tried it once with exchange. i gave up[06:11:26] <gpled> postfix box to exchange[06:12:06] <gpled> it was hard enough doing it, let alone having m$ making up their own rules[06:14:51] *** bhagat has joined #postfix[06:15:11] *** saurabhb has quit IRC[06:15:21] *** Armored_Azrael has joined #postfix[06:15:43] <Armored_Azrael> Is there a way to whitelist an IP for smtpd_client_restrictions without adding it to mynetworks?[06:20:26] <hparker> Add a check before whatever is rejecting it to allow it[06:24:51] <Armored_Azrael> Well, yes, but I'm wondering how to do that[06:25:05] <Armored_Azrael> i.e. the only thing I saw to allow an ip address was the "permit_mynetworks" directive[06:29:17] <gpled> what does the smtpd_client_restrictions look like?[06:30:11] *** muecke77 has joined #Postfix[06:32:06] <gpled> smtpd_client_restrictions = hash:/etc/postfix/access access 1.2.3.4 OK[06:32:15] <gpled> think that would do it[06:32:48] *** gpled has left #postfix[06:38:47] <Armored_Azrael> ok[06:41:19] *** felix_da_catz has quit IRC[06:47:03] *** githogori has joined #postfix[06:51:02] *** muecke77 has quit IRC[07:04:11] *** mirrorcolor has joined #postfix[07:10:32] *** cilly has joined #postfix[07:13:42] <hparker> going from 2.2.x to 2.3.x, remember any gotchas?[07:35:45] *** bhagat has quit IRC[07:39:54] *** bhagat has joined #postfix[07:42:00] *** amrit|wrk is now known as amrit[07:42:13] *** AirBende1 has joined #postfix[07:54:22] *** ming_zym has quit IRC[07:56:32] *** AirBender has quit IRC[07:58:09] *** ming_zym has joined #postfix[08:07:31] *** phnord has joined #postfix[08:14:05] *** cilly has quit IRC[08:22:10] *** AirBende1 has quit IRC[08:24:52] *** Lap_64 has joined #postfix[08:25:15] *** Halloween-- has quit IRC[08:26:14] *** stony_ has joined #postfix[08:26:23] *** kk_CHN has joined #postfix[08:41:02] *** syneus has joined #postfix[08:41:16] *** stony__ has quit IRC[08:53:31] <hooch> how do i tell my local postfix server to connect to a different port on the remote server, when it's forwarding mail as a smart host[08:54:01] <hooch> as a 'relayhost' i mean[08:58:18] *** smultron has left #postfix[08:58:18] <hooch> hm ok wrap it in [ ][09:00:31] <f3ew> relayhost = [ip]:port[09:00:54] <hooch> bizarre, my isp is blocking 25, 925, 10025, 587....[09:01:05] <hooch> i can telnet to pop3, to http[09:05:08] *** bhagat has quit IRC[09:06:02] *** kk_CHN has quit IRC[09:06:44] *** kk_CHN has joined #postfix[09:07:10] *** bhagat has joined #postfix[09:11:19] *** amrit is now known as amrit|zzz[09:13:37] *** stony_ is now known as stony[09:14:37] *** michauk0 has left #postfix[09:15:54] *** mirrorcolor has quit IRC[09:20:52] *** ming_zym has quit IRC[09:22:08] *** ecomp has joined #postfix[09:24:48] *** ming_zym has joined #postfix[09:29:57] *** githogori has quit IRC[09:30:14] *** havvg has joined #postfix[09:32:29] *** githogori has joined #postfix[09:34:43] *** overrider has joined #postfix[09:36:56] <overrider> hello; i configured postfix with tls; everything seems to work fine. i can send mail using secure authenticated smtp using mail (osx) and thunderbird. however, windows clients using outlook (havent tried outlook express) cannot send when i checked the ssl checkmark in their account preferences. it just hangs. is there a common solution to this? thanks[09:37:37] *** Motoko-chan has quit IRC[09:40:31] *** Filbert has quit IRC[09:41:42] <dragonheart> overrider: after puttiing tls debug options on postfix what does it show? what does a packet capture show? or a netstat[09:42:04] <dragonheart> have you setup smtps or submission - which one is outlook trying to use?[09:42:33] *** mvt has joined #postfix[09:44:18] *** madrescher has joined #postfix[09:44:33] <overrider> dragonheart, after starting to increase the debug options, my log shows SSL_accept error from t97.tcaportal.com[10.0.1.97]: -1 and lost connection after STARTTLS from t97.tcaportal.com[10.0.1.97] when the windows box i am connecting from tries to connect.[09:44:57] <overrider> i just use the normal port 25, no smtps[09:46:12] *** Filbert has joined #postfix[09:48:15] *** rootsvr has joined #postfix[09:48:53] *** wdp has quit IRC[09:50:52] *** CosMiC_Touch has joined #postfix[09:50:57] <CosMiC_Touch> hi @ all[09:51:45] <CosMiC_Touch> Is anyone working with postfix + majordomo ?[09:51:59] <CosMiC_Touch> http://wiki.bsdforen.de/howto/majordomo_postfix , used this HOWTO but i dont get it work[09:58:45] *** war9407 has joined #postfix[10:05:20] *** Tex-Twil has joined #postfix[10:06:25] *** madrescher has quit IRC[10:08:12] *** muecke77 has joined #Postfix[10:08:53] *** muecke77 has left #Postfix[10:09:27] *** madrescher has joined #postfix[10:10:24] *** stefan-f has joined #postfix[10:12:35] *** harobed has joined #postfix[10:20:16] *** chrisq has joined #postfix[10:28:08] <c00l2sv> hi everyone, I got a problem, I setup postfix to use dkim-filter, everything works and I got my emails signed, but those are only seen as signed when received in gmail, in yahooo it says those don't have a signature...[10:28:15] <c00l2sv> can someone help me?[10:33:15] *** suuuper has joined #postfix[10:35:00] *** Sypher has joined #postfix[10:35:17] <Sypher> hello guys[10:35:33] <Sypher> i have a little question ... is there a way to extract user and passwords from the sasl2db file ?[10:36:28] <overrider> dragonheart, if i really crank up the debug, this is the point in the log where windows hangs read from 28503F00 [28626000] (11 bytes => -1 (0xFFFFFFFF))[10:37:22] <overrider> its just wont seem to initiate the connection[10:38:13] *** [diablo] has joined #postfix[10:40:45] *** cedric3 has joined #postfix[10:48:10] *** susinths has joined #postfix[10:50:15] <padde> umm... next problem[10:52:07] <padde> why isn't my /etc/aliases table consulted? i have 'mailbox_transport = dovecot' set. none of the aliases work - the mail is just being forwarded to the relayhost[10:53:11] <checkers> I wouldn't think /etc/aliases would be checked if the box is just setup to relay mail for the given domain..[10:53:16] <overrider> dragonheart, after disabling all av products on the windows client, magically it started to work[10:53:42] <sysmonk> padde: cause you're not using local delivery[10:53:52] <sysmonk> and /etc/aliases (as in alias_maps ) is used in local delivery[10:53:57] <padde> sysmonk: i thought it would be something elementary like that ;)[10:54:07] <sysmonk> use virtual_alias_maps[10:54:58] <padde> sysmonk: so just move the aliases into the virtual_alias_maps and everything will work?[10:55:13] <sysmonk> virtual_alias_maps has a bit different syntax[10:55:28] <padde> sysmonk: ok, i'll look it up[10:55:31] <sysmonk> i.e. user at domain dot com user2 at domain dot com[10:55:44] <sysmonk> not user: user2, or user: user2 at domain dot com[10:55:52] *** wdp has joined #postfix[10:56:04] <sysmonk> (no : and full email addresses)[10:56:18] <padde> sysmonk: got it. thanks for the hint[10:57:32] *** Tex-Twil has quit IRC[11:00:44] <padde> sysmonk: i can omit the @domain when it's $myorigin, $mydestination or $*interfaces[11:01:13] <sysmonk> on the left part? or on the right part?[11:01:26] <padde> sysmonk: left[11:02:02] <sysmonk> both :)[11:02:49] <sysmonk> but i prefer to use full names, just to be sure[11:02:56] *** ming_zym has quit IRC[11:04:32] <padde> sysmonk: yes, and on the right side i must set it, otherwise it will be relayed again...[11:06:05] *** cilly has joined #postfix[11:06:15] <sysmonk> not really, if you don't set it on the right side it will mail to user@$mydestination[11:06:22] <sysmonk> err, $myhostname[11:06:34] <sysmonk> so it depends on your configuration, if you want to do that[11:09:38] <padde> sysmonk: hm... it did relay it... *head explodes*[11:12:53] <Trengo> is it usual spamhaus blocking off dns queries of zen zone?[11:13:41] <sysmonk> Trengo: if you went over quota - sure[11:14:06] <Trengo> sysmonk how much quota is over quota? :s[11:14:12] <Trengo> i wasnt aware of quotas[11:14:12] <sysmonk> heh[11:14:26] <sysmonk> Trengo: they have a limit of some count of dns queries / day[11:14:31] <sysmonk> like 50k queries or whatever[11:14:43] <sysmonk> don't know the limits, but i think you can find em on the webpage[11:15:07] *** GiabboO has joined #postfix[11:15:08] <sysmonk> if you're going over those limits they block you[11:15:11] <GiabboO> hi all![11:15:18] <Trengo> do they count unanswered queries?[11:15:20] <sysmonk> and you can buy their services for some $$$[11:15:29] <Trengo> for a lot of money :)[11:15:31] <sysmonk> Trengo: do i look like a guy working for them ? :P don't know[11:15:38] <sysmonk> Trengo: yup, that's why i don't use spamhaus[11:15:45] <Trengo> sysmonk no of course not :) thanks for your help![11:15:47] <GiabboO> Since yesterday I didnt solved my problem I am trying to ask again :p[11:15:56] <sysmonk> i have 2+ millions mails / day, and i'd be sure over quota :)[11:16:35] <GiabboO> I have a working postfix installation (postfix virtual + mysql + amavisd)[11:16:52] <GiabboO> yesterday I wanted to move from amavisd quarantine system[11:17:18] <GiabboO> trying to move spam email directly to the .Junk folder in my users maildir[11:17:31] <GiabboO> so I was trying to use maildrop for that[11:17:39] <GiabboO> i changed the virtual_transport from virtual to maildrop[11:17:42] <GiabboO> and i tried...[11:18:20] <GiabboO> unfortunately it doesnt produce a good effect[11:18:32] <GiabboO> specifically I get this error:[11:19:10] <GiabboO> May 12 22:47:03 myhotname postfix/pipe[20303]: 27D431A67A885: to=<user at virtualdomain dot com>, relay=maildrop, delay=1604, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Invalid user specified. )[11:19:43] <GiabboO> any idea where the problem could be ?[11:20:02] <checkers> sounds like the configuration is incorrect for maildrop, which means the issue would be one more suited to #courier[11:20:21] <GiabboO> i am using old version of maildrop atm[11:20:38] <GiabboO> maildrop 1.5.3[11:21:02] <GiabboO> if I try maildrop from the command line it work perfectly[11:25:22] <GiabboO> the issue is the same i found here[11:25:22] <GiabboO> http://www.irbs.net/internet/postfix/0503/1244.html[11:28:11] <Trengo> sysmonk i think it must be a problem in my network[11:28:33] <Trengo> we do half the query limit[11:28:53] *** ming_zym has joined #postfix[11:29:01] <Trengo> which dnsbl do you prefer?[11:30:52] *** pirho has joined #postfix[11:31:39] <GiabboO> seems like it doesnt find the user i setted up to run maildrop in master.cf[11:32:31] *** overrider has quit IRC[11:35:55] <sysmonk> Trengo: do you use your _own_ dns server? or your isps?[11:46:21] <Trengo> sysmonk i run my own dns server[11:46:48] <Trengo> it serves the .private zone and fetches everything else from the outside world[11:46:57] *** af_ has joined #postfix[11:47:18] <sysmonk> hm, how did you count that you're not going over limit?[11:47:45] *** madrescher has quit IRC[11:47:46] <Trengo> counted the number of connections in april :)[11:48:06] <Trengo> at most 4 million[11:48:13] <Trengo> 130k a day[11:48:34] <Trengo> spamhaus limits them to 320k a day[11:48:42] <sysmonk> and are you using amavisd?[11:48:50] *** Haris__ has joined #postfix[11:48:55] <Trengo> no, just sendmail[11:49:02] <sysmonk> uh, what?[11:49:11] * sysmonk looks at the channel name[11:49:18] <sysmonk> ya sure you're in the right place? :P[11:49:25] *** Haris has quit IRC[11:49:26] <Trengo> sendmail on the outside, postfix in the hub :)[11:49:30] <Trengo> i am :D[11:49:37] <sysmonk> yeah, but are you using any antispam filtering?[11:49:44] <Trengo> im not very experienced in postfix[11:49:51] <Trengo> dnsbl yes[11:50:11] <sysmonk> maybe you have multiple spamhaus blacklists specified?[11:50:30] <Trengo> only zen[11:50:31] <sysmonk> i.e. xbl.spamhaus.org sbl.spamhaus.org ?[11:50:35] <sysmonk> dunno then[11:50:44] <Trengo> yeah i think its a routing problem[11:51:03] <Trengo> because i had problems at first when they gave me these IPs[11:51:17] <Trengo> couldnt even send mail outside[11:51:20] <Trengo> that was fixed[11:57:36] *** Tex-Twil has joined #postfix[11:57:53] *** madrescher has joined #postfix[11:58:05] *** madrescher has quit IRC[11:58:46] *** keffer has quit IRC[12:01:36] *** madrescher has joined #postfix[12:05:44] * hparker kix centos in the junk, postfix should Just Work(tm)[12:06:23] *** cilly has quit IRC[12:11:03] <mvt> is there a python module which can 'inject' mails directly on the postfix queue?[12:16:29] *** AcTiVaTe has joined #postfix[12:17:26] <f3ew> mvt just call sendmail[12:17:35] <GiabboO> (temporary failure. Command output: /usr/bin/maildrop: Invalid user specified. )[12:17:46] <GiabboO> this error is refered to maildrop command ?^[12:17:54] <GiabboO> flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}[12:18:01] <GiabboO> so to -d ${arg}?[12:18:06] *** af_ has quit IRC[12:18:19] <f3ew> yes[12:18:26] <GiabboO> ok...[12:18:44] <GiabboO> I have all my mailbox users on mysql db[12:18:53] <GiabboO> Is there a way to tell maildrop to read user from there ?[12:19:19] *** UQlev has joined #postfix[12:22:58] <hparker> f3ew: Grabbing Mudd's rpm :P[12:23:03] *** lied has left #postfix[12:23:09] *** lied has joined #postfix[12:23:33] <mvt> f3ew: I need to send a large batch of emails from a python script (60.000 twice a week opt-in) and i think that putting the mail directly from python on the queue is faster then outputting it to sendmail which in turn puts it on the queue again[12:28:43] <ribasushi> mvt: the postfix queue is off limits for mere mortals[12:29:09] <ribasushi> mvt: this is the official position of pretty much all main devs, and this is why they consider mailscanner to be TEH EVIL[12:30:37] <mvt> ok[12:30:44] <mvt> thanks :-)[12:32:20] *** Assid has joined #postfix[12:34:42] <GiabboO> how can I check if maildrop is settedup to work with mysql ?[12:35:30] *** madresche1 has joined #postfix[12:36:51] *** madrescher has quit IRC[12:39:04] <hparker> f3ew: Ok... I've got 2.5 installed fresh.. 2.2 on backup on another drive.. Is there a painless way to make this work?[12:39:17] <Assid> f3ew: your here as well?[12:40:00] <hparker> he's everywhere![12:40:25] *** ribasushi has quit IRC[12:44:34] *** ribasushi has joined #postfix[12:44:48] <ribasushi> what is the difference between content_filter and smtpd_proxy_filter?[12:45:26] <Assid> okay im trying to set this up for the first time.. i've actually been using qmail all this time[12:46:46] <f3ew> hparker postfix start[12:46:57] *** ananke has joined #postfix[12:47:02] <sysmonk> ribasushi: one is before queue, second if after queue[12:47:02] <f3ew> ribasushi c_f works after the queue, s_p_f works before queuing[12:47:17] <sysmonk> yu[12:47:18] <f3ew> c_f is more performant and reliable, s_p_f allows inline rejection[12:47:19] <sysmonk> yup*[12:47:44] <f3ew> !basic[12:47:44] <knoba> f3ew: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[12:47:47] <f3ew> !standard[12:47:47] <knoba> f3ew: "standard" : Your question is probably answered in http://www.postfix.org/STANDARD_CONFIGURATION_README.html[12:47:51] <f3ew> @ Assid[12:47:58] <hparker> f3ew: lol... I forgot where I was in the world... But... no errors :-o[12:48:04] <ribasushi> so s_p_f will actually hold the incoming connection open and will not reply with 2x/4x before the filter does not reply with whatever?[12:48:05] <f3ew> hehe[12:48:10] <f3ew> ribasushi right[12:48:41] <ribasushi> gotcha... so worst case scenario the original sender might leave with a timeout and retry down the roead[12:48:47] <f3ew> Yes[12:49:07] <hparker> f3ew: nfi what button I clicked wrong, but this is the second thing that didn't work properly :P[12:49:43] <f3ew> damn![12:49:51] <f3ew> It works out of the box for me[12:50:38] <hparker> No clue, fresh centos 5 install[12:51:33] <ribasushi> well since I started asking: is there some alternative to dkimproxy which would be able to create both dkim and domainkeys sigs, but which would work as an inline milter, without the need for two smtp hops?[12:51:47] <f3ew> very strange[12:51:49] *** rootsvr_ has joined #postfix[12:51:56] <hparker> f3ew: Any easier way to migrate settings other then 2 terminals and migrate settings? 2.2 on another drive then the 2.5 install I now have[12:51:58] <f3ew> ribasushi there's a milter[12:52:26] <ribasushi> I have 3 separate circuits on my server (separate master/queue dirs) and would like to use one signer for all just like I use only one postgrey daemon[12:52:29] <f3ew> hparker, leave the main.cf in place?[12:52:40] <hparker> Strange doesn't encompass what I've been through.. Figured on being done ~6 hours ago[12:52:48] * f3ew just lets Postfix handle things[12:52:59] <hparker> f3ew: So migrate settings?[12:53:02] <ribasushi> f3ew: which one? (name)[12:53:14] <f3ew> dkimmilter IIRC[12:53:24] <hparker> Damn.. Eyes going goofy[12:53:36] <Assid> hrm,.. postfix seems more complicated than qmail[12:53:37] <f3ew> hparker postconf -n, then postconf -e?[12:53:42] <f3ew> Assid not really[12:53:50] <Assid> err what mailing listr should i be using with postfix?[12:53:56] *** muecke77 has joined #Postfix[12:54:01] * f3ew likes mailman[12:54:18] *** ming_zym has quit IRC[12:54:25] <ribasushi> Assid: depends on how large you want to go[12:54:38] <ribasushi> Assid: mailman does not scale well beyond 20k[12:54:47] <Assid> hrmm list is around 100-300 odd[12:54:52] <Assid> max 1-2K[12:54:56] <ribasushi> Assid: not an issue at all[12:55:03] <ribasushi> use mailman[12:55:07] <hparker> f3ew: I have a backup on another drive.. But, no worries.. Eyes telling me they need a break..[12:55:12] <f3ew> ah[12:55:19] <f3ew> grab some sleep then[12:57:25] <ribasushi> actually should one try to get both sigs (dkim and dk) or one is superseeded by the other today or...?[12:57:30] <Assid> is there like a ezmlm channel?[12:57:37] <ribasushi> I am interested in signing for others, not verifying myself[12:57:38] <Assid> i cant get any hjelp on that[12:57:39] *** loddafnir has joined #postfix[12:58:09] <Assid> ribasushi: yahoo prefers dk.. google uses SPF+dk+dkim[12:58:39] *** m1n3s6 has joined #postfix[12:58:47] <ribasushi> Assid: I know this and this is what confuses me :)[12:58:57] <ribasushi> do I just use dk then or...?[12:59:06] <Assid> ribasushi: spf+dk should be more than sufficient[12:59:17] <Assid> and oh yeha senderid[13:00:01] *** UQlev has quit IRC[13:00:42] *** rootsvr_ has quit IRC[13:00:59] <c00l2sv> ribasushi: Hi, remember me?[13:01:03] *** madresche1 has quit IRC[13:01:17] <ribasushi> c00l2sv: no... but go ahead :)[13:01:27] <c00l2sv> about domainkeys[13:01:53] <c00l2sv> ribasushi: did you succeeded configuring dk on a subdomain?[13:02:05] <c00l2sv> or do you know is it possible?[13:02:36] <ribasushi> you mean sign only mail with a specific from domain?[13:02:49] <c00l2sv> well yes[13:03:04] <c00l2sv> i've got a mailserver on a subdomain[13:03:18] <c00l2sv> and i managed to sign but[13:03:29] <c00l2sv> the signatures are only validated by gmail[13:03:46] <c00l2sv> yahoo is not seeing my signatures[13:04:04] <c00l2sv> I meen, the header contains all the stuff[13:04:17] <c00l2sv> but it says (neutral, no sigs)[13:04:21] <ribasushi> c00l2sv: what kind of sig? dk or dkim?[13:04:26] <c00l2sv> dkim[13:04:37] *** madrescher has joined #postfix[13:04:38] <ribasushi> it is ignored by yahoo from what I just gathered[13:05:11] <c00l2sv> so if I need to sign my email with dk[13:05:25] <c00l2sv> i have to do something special?[13:05:39] <ribasushi> what do you use as a signer?[13:05:48] <c00l2sv> dkim-filter/dkim-milter[13:06:03] <ribasushi> they don't do dk at all afaik[13:06:04] <c00l2sv> on ubuntu the package is dkim-filter but it signs and validates[13:06:19] <ribasushi> you want dk-filter[13:06:36] <c00l2sv> dk-filter is the only tool for this job?[13:06:36] <ribasushi> should be a drop in replacement[13:07:07] *** rootsvr has quit IRC[13:07:13] <ribasushi> dunno[13:07:53] <c00l2sv> ribasushi: thx... now its clear[13:11:15] <ribasushi> Assid: are dkim and dk compatible? can I create both sigs by chaining milters? or will it break stuff?[13:11:47] <Assid> ribasushi: not sure about postfix and how it works with it.. my last dk signature was with qmail[13:11:58] <Assid> ribasushi: i havent played with dkim yet[13:12:45] <ribasushi> I was more asking if adding one sig and then another was ok, but since you haven't done dkim...[13:14:11] <Assid> ribasushi: afaik you can have 1 signature after the other[13:19:27] *** Siegfried has quit IRC[13:25:43] *** Tex-Twil has quit IRC[13:28:04] *** kk_CHN has quit IRC[13:29:59] *** m1n3s6 has quit IRC[13:32:18] *** bhagat has quit IRC[13:35:10] *** cpm has joined #postfix[13:36:39] <GiabboO> I have a running postfix installation with virtual users on mysql db[13:37:08] <GiabboO> I would like to move spam emails tagged by amavisd-new/spamassassin to the user .Junk folder[13:37:22] <GiabboO> how can I do that ?[13:37:36] <cedric3> hi all i have a probleme i have more timeout on my postfix but i don't kno why i have timeout after EHLO i can't download on pop mail[13:37:42] <cedric3> if you have any idea thanks[13:38:43] <lied> GiabboO, you can do that with a sieve or procmail script[13:39:13] <GiabboO> lied, do you have any reference ?[13:39:32] *** muecke77 has left #Postfix[13:39:37] <GiabboO> lied, actually I am using virtual transport... maildirs are owned by postfix:postfix[13:39:38] *** keffer has joined #postfix[13:40:09] <lied> GiabboO, do you use dovecot imap server?[13:40:20] <cedric3> nobody have any idea?[13:40:33] <GiabboO> lied, I use courier-imap[13:40:49] <lied> GiabboO, think there is also sieve available[13:41:11] <GiabboO> lied, I would like to get the message moved before the user check email on the client[13:41:47] <lied> GiabboO, search vor globalsieverc or similiar and insert: something like this http://rafb.net/p/cVUyCM98.html[13:41:48] <bpgoldsb> Still at it, GiabboO?[13:41:53] <GiabboO> yes bpgoldsb :([13:41:54] <cpm> GiabboO, I use maildrop to accomplish this.[13:42:07] <GiabboO> cpm, I have a problem with maildrop[13:42:12] <lied> many solutions are possible :)[13:42:25] <GiabboO> cpm, i cannot get it working with mysql, or i mistake something[13:42:50] <bpgoldsb> GiabboO: Have you considered making SpamAssassin/Amavis deliver to another address for spam?[13:43:00] <GiabboO> bpgoldsb, yes[13:43:29] <GiabboO> bpgoldsb, I was considering that it could be nicer to have spam in my users junk folder[13:43:39] <bpgoldsb> What error are you getting now?[13:43:49] <GiabboO> bpgoldsb, you mean with maildrop ?[13:44:10] <bpgoldsb> In general[13:44:14] <bpgoldsb> Whats your current issue[13:44:20] <bpgoldsb> I have some time, I might be able to help you more now[13:44:33] <GiabboO> Thanks you....[13:44:34] <cedric3> i have courierpop3login: TIMEOUT, ....top=0, retr=0, time=302[13:44:37] <GiabboO> ok[13:44:48] <GiabboO> i discovered that in debian sarge maildrop 1.5.3 comes without mysql support[13:45:03] <GiabboO> so i recompiled it and now i see that it support mysql[13:45:24] <GiabboO> now i still get the same error as yesterday[13:45:45] <GiabboO> ~# maildrop -d info at supermercatigieffe dot it < pippo[13:45:45] <GiabboO> maildrop: Invalid user specified.[13:45:48] <ribasushi> I can't find any info on domainkeys' simple and nofws modes[13:45:53] <ribasushi> any links would be appreciated[13:46:05] <GiabboO> seems like it doesnt find the users[13:46:22] <GiabboO> i've setted up maildrop with /etc/maildropmysql.cf[13:47:13] <GiabboO> bpgoldsb, do you use maildrop with mysql support ?[13:48:00] *** ming_zym has joined #postfix[13:48:45] <bpgoldsb> Not currently, but I have[13:48:50] <bpgoldsb> I use dovecot/sieve in debian[13:48:54] <GiabboO> ok[13:48:59] <bpgoldsb> I used courier/maildrop when I used gentoo[13:49:12] <GiabboO> ok[13:49:25] <bpgoldsb> Why are you using sarge instead of etch?[13:49:36] <GiabboO> because is old installation[13:49:39] <GiabboO> few years[13:49:45] <bpgoldsb> K[13:50:45] <bpgoldsb> I don't know if the maildrop in etch supports mysql?[13:50:45] <GiabboO> so whatelse we can check[13:50:53] <GiabboO> in sarge no[13:50:59] <GiabboO> but i compiled it from sources[13:51:17] <GiabboO> maildrop 1.5.3 Copyright 1998-2003 Double Precision, Inc.[13:51:17] <GiabboO> Virtual user database via MySQL extension enabled.[13:51:26] <ribasushi> found some info in rfc4870[13:51:43] <ribasushi> do I gather correctly that nofws is more robust and is the preferred signing method?[13:52:01] <GiabboO> is the fields uid / gid necessary to make it working properly ?[13:53:53] *** GingerDog has joined #postfix[13:53:58] <GingerDog> what's the easiest way to block mail to and from a particular user ?[13:54:11] <GingerDog> (or at least, to and from a particular email address)[13:54:18] <GingerDog> (which isn't local to the system itself)[13:55:00] <dragonheart> sender_map/recipient_map - REJECT i'd guess[13:55:05] <bpgoldsb> GiabboO: are you getting an error righ tnow?[13:55:42] <bpgoldsb> GingerDog: check_sender_access hash:/etc/postfix/blacklist_senders[13:55:53] <GiabboO> yes bpgoldsb[13:56:03] <bpgoldsb> under /etc/postfix/blacklist_senders have <emailaddress> REJECT[13:56:08] <GiabboO> you want see the error on postfix log or on the command line ?[13:56:11] <GiabboO> is the same i think[13:56:16] <bpgoldsb> Whichever[13:56:22] <bpgoldsb> I want to see the exact address[13:56:37] <GiabboO> ~# maildrop -d info at supermercatigieffe dot it < pippo[13:56:37] <GiabboO> maildrop: Invalid user specified.[13:56:46] <GiabboO> still invalid user specified[13:56:55] <bpgoldsb> GingerDog: put that check_sender_access under smtpd_sender_restrictions and smtpd_sender_restrictions[13:57:01] <GiabboO> like it doesnt find the user on the db[13:57:26] <bpgoldsb> Have you checked, rechecked, and then checked your maildrop config against your database structure?[13:57:58] <bpgoldsb> And do you have something like VERBOSE="5" in your maildroprc[13:58:06] <bpgoldsb> So you get detailed log messages for the errors[13:58:13] <GingerDog> bpgoldsb: thanks (presumably you mean smtpd_recipient_restrictions and smtpd_sender_restrictions)[13:58:38] <bpgoldsb> GingerDog: Yes.[13:58:38] <GiabboO> yes[13:58:45] <GiabboO> look[13:58:47] <GiabboO> can I pm ?[13:58:49] <bpgoldsb> Sure[13:59:45] *** UQlev has joined #postfix[14:00:10] <GiabboO> thats my maildroprc[14:00:15] <bpgoldsb> I'm setting up a new mail gateway (spamass, clamav, greylisting, etc) that will be forwarding valid mail to our main mail server. When it delivers to my real mail server, I'd like to split it to also deliver to a backup mail server (for permanent storage, auditing, etc). Anyone have any suggestions or ideas?[14:00:42] <sep> there is a allways bcc argument afaik[14:05:02] <GiabboO> how can I check if maildrop is really queryin mysql to get the user ?[14:06:47] <bpgoldsb> sep: There is, but I want to be able to deliver to the actual users on the second server[14:06:59] <bpgoldsb> Kind of a redundant setup[14:07:26] <sep> bpgoldsb, then you are looking at it from the wrong point of view. make the mailstorage redundnant. and mount it on both (all) mailservers[14:07:40] <sep> what you want is redundant storage not duplicate delivery[14:08:09] <bpgoldsb> sep: Actually, I want to keep it as a prestine archive. So when Joe Users deletes his messages one morning on accident/purpuse, I have a backup I can restore easily.[14:08:20] <bpgoldsb> It's more for auditing than redundancy/backup[14:08:40] <sep> bpgoldsb, that's more a allways bcc thing :)[14:08:51] * cpm just runs tapes.[14:08:56] <bpgoldsb> Also, redundant delivery would let me use a second server as testing for ldap/maildrop/etc changes[14:08:59] <jduggan> eew, tapes?[14:09:00] <jduggan> ;][14:09:05] <sep> keep in mind that even if you bcc it somewhere the mail will still have the same to: from: headers[14:09:06] * jduggan tapes up cpm[14:09:18] <cpm> mmmmffff, , , mrrrfffbbb[14:09:22] <bpgoldsb> Problem with tapes (or other media) is that if you do it daily, you can still lose 23:59:59 worth of emails[14:09:41] <cpm> bpgoldsb, so what? that's on them.[14:09:52] <bpgoldsb> Well lets say I send you and email now.[14:09:53] <cpm> don't thow it away then, *sshole.[14:10:01] <bpgoldsb> And you just ran backups[14:10:05] <bpgoldsb> And then you delete the email[14:10:12] <bpgoldsb> Then there no record tonight, when backups run[14:10:49] <sep> bpgoldsb, sounds like allways_bcc to audit at company dot com to me...[14:11:05] <bpgoldsb> sep: That would probably work sufficiently for that.[14:11:21] <bpgoldsb> The main reason I want split delivery is because I can send 1 copy to 'production' and 1 to 'testing'[14:11:34] <bpgoldsb> (and because it solves the backup problem)[14:11:35] <cpm> bpgoldsb, it's a really harsh world. I suggest you purchase a bottomless san, with multiple site replication, on mirrored EMC boxes, on different continents, run all workstations as vmware images, snap-shotted every few minutes, forever.[14:12:02] <bpgoldsb> cpm: You have have to get smart with me. I hate doing this more than you hate reading it ;)[14:12:19] <cpm> otoh, the always bcc thing really can save someone's butt from time to time, just means you have to dig for it.[14:12:39] <cpm> that's the better approach.[14:13:04] <jduggan> lol cpm[14:13:23] <jduggan> one good use for dbmail[14:13:28] <GiabboO> i go to eat something, will you be here later bpgoldsb? actually im thinking that i need help to make maildrop working with mysql query[14:13:41] <jduggan> we can recover email provided it was lost that day[14:13:49] <bpgoldsb> My other idea was to write a content_filter for postfix that would requeue to postfix (on port 10025 or such, with the content_filter set to empty) and send a message to an additional server[14:13:53] <jduggan> as cleanups dont run until 4am[14:14:05] <bpgoldsb> GiabboO: For another couple hours[14:14:13] <GiabboO> ok[14:14:18] <GiabboO> i will back soon[14:14:19] <GiabboO> thanks brb[14:14:28] <ananke> hello, i'm trying to debug a new setup of transport maps, and i'm not quite sure how to get more information out of postfix. the map seems to be loaded by postfix, but it does not seem to be taken into effect. is there something i could set in postfix to help me figure out which map it takes?[14:14:38] * GingerDog ended up using check_sender_access and check_recipient_access to block mail to/from $email_address[14:14:41] *** GingerDog has left #postfix[14:14:42] <jduggan> always_bcc is simple method for backup on a seperate server[14:15:03] <cpm> yup[14:15:07] <bpgoldsb> I agree.[14:15:25] <bpgoldsb> It all likelyhood, I'm just going to end up doing both[14:15:37] <bpgoldsb> Always bcc, and the content filter when needed.[14:15:38] <rob0> !postmapq[14:15:39] <knoba> rob0: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.[14:15:48] <cpm> !rob[14:15:48] <knoba> cpm: Error: "rob" is not a valid command.[14:15:51] <cpm> !rob0[14:15:51] <knoba> cpm: "rob0" : a pathetic bot that reacts to newly joined users with reciting the !basic factoid :)[14:15:51] <ananke> thank you[14:16:16] <bpgoldsb> Either way, I appreciate your guys input[14:16:57] <sipa> !basic[14:16:57] <knoba> sipa: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[14:20:21] <rob0> ananke, one little "gotcha" with transport(5): the "nexthop" is first looked up as MX query, so you might not get what you want. To turn that off, "[nexthop]" in [] brackets.[14:21:01] <rob0> it's a feature, really; you can set up MX records for failover[14:22:39] <ananke> i see, thank you. we're trying to solve an odd problem posed by introduction of a zimbra system to our network[14:23:40] <cpm> heh[14:24:32] <cpm> ananke, what's the nature of your odd problem[14:25:21] <ananke> k, long story short, we're introducing zimbra as our new mail server. unfortunately, it doesn't have all the required functionality, so we'll still use our previous mail server for processing mailing lists [and acting as our primary mx][14:26:02] <ananke> however, we need to be able to send e-mails out of zimbra to that mail server to process those mailing lists. so here's a sample scenario:[14:26:06] <rob0> Someday, I am going to go off on all the stupid disclaimer appenders. I need a content filter which will identify and reject them, to keep me from sending back manual replies.[14:26:54] <ananke> e-mails sent to user at vbi dot vt.edu can stay on the zimbra mail system, but mailinglist at vbi dot vt.edu has to be sent out from the zimbra off to the other mail server[14:27:03] <rob0> !parent_domain_matches_subdomains[14:27:03] <knoba> rob0: "parent_domain_matches_subdomains" : a configuration parameter in the main.cf: What Postfix features use "domain.tld matches sub.domain.tld" style pattern matching instead of ".domain.tld matches any subdomain". This is planned backwards compatibility: eventually, all Postfix features are expected to require explicit ".domain.tld" style patterns when you really want to match subdomains.[14:27:41] *** jellis-real has joined #postfix[14:27:46] <rob0> it's a WAG, but in any case I recommend "parent_domain_matches_subdomains ="[14:27:56] <ananke> zimbra support suggested using transport maps, and that's what i tried to implement. postmap -q shows the correct transport, but it's not sued[14:28:01] <ananke> s/sued/used[14:28:36] <ananke> rob0 : unfortunately, there is no subdomain. it's all part of the same domain[14:28:41] <f3ew> ananke, per user transport_maps[14:28:50] <rob0> I think that's what he did.[14:29:18] <ananke> yes, that's exactly what i did[14:32:01] <rob0> prepare a pastebin with logs and postmap -q of the transport_maps?[14:32:09] <ananke> that's what i'm doing right now :)[14:35:19] <ananke> great, i've tripped pastebin.com's spam filter :)[14:37:13] <ananke> http://rafb.net/p/R9rUEJ94.html[14:38:31] <ananke> unfortunately for us, zimbra is like a black box, we've been slowly decyphering it one piece at a time[14:39:21] <rob0> line 86, rewritten[14:39:41] <rob0> virtual_alias_maps probably[14:39:52] <rob0> so postmap -q that in virtual_alias_maps[14:40:43] <ananke> hmm, is the syntax different for that?[14:41:06] <rob0> also, what's the transport_maps for connect.vbi.vt.edu?[14:41:16] <rob0> and for sysadmins@[14:41:32] <rob0> you got the "error" transport[14:41:51] <ananke> i see. let me get that info[14:41:52] <ribasushi> when using dk-filter/dkim-filter with postfix, should one leave the milter version at the default 2 or?[14:41:59] <Dominian> eh[14:42:05] <Dominian> what is virtual_transport set to error?[14:42:16] *** DeeJayTwo has quit IRC[14:42:21] <Dominian> s/what/why[14:42:21] <rob0> Dominian: good catch[14:42:24] <ananke> this is my first day with postfix, sorry if i'm a bit slow[14:42:32] <rob0> that's it[14:42:37] <Dominian> ananke: dude.. don't worry about it hehe[14:42:44] <Dominian> set the virtual_transport to "virtual"[14:42:51] <rob0> or just unset it[14:42:55] <Dominian> or that[14:42:56] <rob0> well, that might break zimbra[14:43:02] <Dominian> aye[14:43:16] <Dominian> ananke: I don't mind helping *you* out .. you've helped me enough with Slackware[14:43:20] <ananke> Dominian :)[14:43:21] <rob0> Zimbra should hire me.[14:43:27] <Dominian> rob0: yes they should[14:43:29] <ananke> rob0 : they should[14:43:45] <ananke> k, so what would you suggest, unsetting that, or setting to virtual?[14:43:54] <Dominian> I would try setting to virtual first...[14:44:07] <rob0> I'd ask zimbra support first[14:44:10] <Dominian> If you set it to none or empty.. it could break zimbra as rob0 sugested[14:44:11] <Dominian> yeah[14:44:15] <Dominian> that works too hehe[14:46:05] <ananke> i got thrown into zimbra at the last moment. silly decision on the management's part, considering i was manning our current mail solution, and nobody bothered to check if things would work right :)[14:47:28] <Dominian> lol[14:48:06] *** saurabhb has joined #postfix[14:49:39] <rob0> I bet what they (zimbra) have done is set up LDAP virtual aliases for every virtual_mailbox_maps address.[14:50:19] <ananke> very likely. how can i check that?[14:50:54] <ananke> hmm, and it looks like setting it to virtual broke it[14:51:00] <ananke> in a funny way[14:51:07] <rob0> same, postmap -q <address> <maptype>:<mapname>[14:52:21] <ananke> http://rafb.net/p/TWuB2o36.html <- look at line #42[14:52:25] <rob0> You can probably do an end run around all of this.[14:53:06] <rob0> ah, yeah, virtual(8) demands a nonzero virtual_mailbox_base[14:53:48] <rob0> Looks like everything is being aliased to @connect.vbi.vt.edu[14:55:16] <cedric3> nobody can help me please ?[14:56:39] *** rootsvr has joined #postfix[14:57:30] <ananke> i wonder if providing transport maps for sysadmins at connect dot vbi.vt.edu would solve this, rather than thinking it's going to work with @vbi.vt.edu[14:57:55] <ananke> from what i understand, the devel team sysadmin had to use zimbra's 'domain masquerading'[14:58:03] <rob0> indeed, that's the end run I was thinking[14:58:23] <rob0> or, a virtual aliasing in front of / overriding theirs[14:59:04] <ananke> talk about a cluster fsck, let's see if it will work[14:59:26] <rob0> will the end machine accept that rewritten address? That's another issue to consider.[14:59:50] <ananke> rob0 : good catch, no, it won't[15:01:57] <rob0> maybe time for a new subdomain, "sysadmins.vbi.vt.edu." Or, fix the virtual_alias_maps query for the original address, in LDAP.[15:02:53] <Dominian> cedric3: I dont recall you asking for help until just then..[15:03:15] *** madrescher has quit IRC[15:04:33] *** madrescher has joined #postfix[15:06:32] *** roe has joined #postfix[15:07:01] * f3ew offers to hire rob0[15:07:27] <f3ew> Actually, hold that for a few weeks[15:07:49] <rob0> ok :)[15:09:03] * f3ew is waiting to see if these folks have the willingness to buy good equipment[15:09:18] * cpm is willing, but unable.[15:10:03] * cpm wonders what work f3ew has available[15:12:01] <f3ew> architect type stuff[15:12:51] <cpm> system architecture?[15:13:02] <f3ew> yes[15:13:15] <cpm> sysmonk seems like he might be good at that, could probably use the work too.[15:13:16] <f3ew> sysadmin + programmer (or at least, able to script stuff)[15:13:32] <f3ew> He doesn't want to relocate, and wants it part time[15:13:39] * f3ew asked him a long time ago[15:13:40] <cpm> yeah[15:13:51] <cpm> not doable remotely?[15:14:21] <f3ew> CEO doesn't like remote[15:14:30] <cpm> yeah, CEO's are often like that.[15:14:38] <cpm> I don't blame them.[15:14:55] <cpm> it's nice to know who you are paying.[15:14:56] <rob0> India? Well, I might like that if it weren't so darn crowded.[15:15:09] <ananke> rob0 : i have 50+ mailing lists, multiple software executed from aliases on that other server, etc. unfortunately, i can't migrate it to a different domain right away[15:15:12] <cpm> dunno, i think India would be a lot of fun.[15:15:15] <jduggan> rob0: think of the food[15:15:21] <rob0> indeed[15:15:31] <f3ew> jduggan, the variety?[15:15:40] <cpm> ananke, no way you can put zimbra behind all that? I did that as a prototype for a while.[15:15:56] * cpm loves curry[15:16:32] <f3ew> ananke, FWIW, all the Zimbra routing is done from within the LDAP directory[15:16:42] <ananke> cpm : we'd have to migrate too much at this point. eventually, we do want to have the zimbra host run our ecartis/etc software, but that's much further down the road[15:16:43] <rob0> ananke, if you can't easily fix their LDAP records, just put your own little hash: table query in front of their virtual_alias_maps.[15:17:00] <f3ew> rob0, fixing the LDAP stuff is easy[15:17:01] <rob0> I think that's your quickest fix.[15:17:26] <ananke> i also want the fix to be easily reproducable, so we can re-apply it anytime we have to upgrade zimbra[15:17:40] <f3ew> http://www-unix.mcs.anl.gov/~gawor/ldap/[15:17:43] <rob0> Oh I know it can be, but we don't want to break what Zimbra has done.[15:17:54] <f3ew> ananke, just dump and restore the LDAP directory[15:18:09] <cpm> ananke, have you done a logic flow diagram of all this yet? I really think you do zimbra on the back end, keeping your existing system in place, but presenting zimbra to your users.[15:18:26] <rob0> The bottom line is to change what virtual_alias_maps returns for the subject address[es].[15:18:32] <ananke> cpm : me and the other sysadmins just drew this stuff on the white board, as much as we understand it[15:18:42] <cpm> heh[15:19:02] *** Spec[x] is now known as Spec[15:19:51] <ananke> cpm : ohh, you mean the actual architecture. unfortunately, that's not my decision and i was never asked for input on it. management thought it knew better[15:19:54] <sysmonk> cpm: ah? what? :)[15:20:20] <cpm> management always does.[15:20:33] <cpm> sysmonk, relocate to India and work for f3ew[15:20:59] <ananke> rob0 : trying to read about the virtual_alias_maps right now, and see how that can be utilized[15:22:05] <f3ew> ananke, I reverse engineered most of Zimbra[15:22:07] <rob0> An address can return itself in virtual_alias_maps.[15:22:26] * f3ew made it do bad things[15:22:35] <rob0> that way the LDAP blanket rewriting can be avoided[15:23:17] * cpm thinks f3ew should not make it do bad things.[15:23:18] <rob0> or, just make it so that the addresses you want to transport return nothing in virtual_alias_maps (this would happen in the LDAP backend.)[15:23:33] <CosMiC_Touch> would anyone please tell me my postfix brings following error : fatal: open database /etc/postfix/majordomo_virtual_aliases.db: No such file or directory .... but this file exists ! how is this posible ?[15:23:36] <rob0> f3ew can't help it![15:23:48] <f3ew> CosMiC_Touch, permissions?[15:23:58] <f3ew> have you run postmap on it?[15:24:01] <ananke> f3ew : and your suggestion is to adjust this in ldap directly?[15:24:03] <CosMiC_Touch> are the same like the other files in postfix dir[15:24:08] <f3ew> ananke yes[15:24:15] *** UQlev has quit IRC[15:24:17] <CosMiC_Touch> yes i have @ f3ew[15:24:21] <f3ew> you can script the whole thing with ldapmodify[15:24:34] *** shinao1 has joined #postfix[15:24:41] <rob0> Is it /etc/postfix/majordomo_virtual_aliases.db or just /etc/postfix/majordomo_virtual_aliases ?[15:24:42] <f3ew> CosMiC_Touch, what are the permissions?[15:24:57] <f3ew> Postfix will return the .db[15:25:03] <rob0> sounds like a case for "postmap /etc/postfix/majordomo_virtual_aliases"[15:25:18] <CosMiC_Touch> rw-r--r--[15:25:21] *** felix_da_catz has joined #postfix[15:25:44] <f3ew> yup[15:25:45] <CosMiC_Touch> i did postmap hash:/etc/postfix/majordomo_virtual_aliases[15:26:11] *** shinao1 has quit IRC[15:27:24] <ananke> f3ew : quick question: do you adjust it globally, or do you create individual maps?[15:27:51] <f3ew> ananke, globally is easiest[15:28:34] <CosMiC_Touch> I did a : postmap /etc/postfix/majordomo_virtual_aliases, but the same error ![15:29:14] *** mariodeb has joined #postfix[15:29:40] <ananke> f3ew : i guess i'll contact their support, because frankly, i can't figure out what's responsible for that routing. i'm looking at the ldif dump, but i can't pinpoint it[15:30:02] *** mariodeb is now known as mario_[15:31:29] <f3ew> ananke, see the virtual_alias_maps query[15:31:38] *** shinao1 has joined #postfix[15:31:41] *** mario_ has left #postfix[15:31:42] <f3ew> The field which they lookup is responsible[15:32:08] *** mariodeb has joined #postfix[15:33:34] <ananke> i presume this means run postmap -q sysadmins at vbi dot vt.edu [value of virtual_alias_maps] ?[15:33:37] <ananke> ewps[15:34:20] *** quieteyes has joined #postfix[15:34:43] <GiabboO> im back[15:35:03] <GiabboO> bpgoldsb still there ?[15:35:21] <bpgoldsb> Yep[15:35:52] <f3ew> no[15:36:04] <f3ew> vi the lookup table itself[15:36:12] <GiabboO> bpgoldsb, do you have any idea how can I test if maildrop is querying mysql in a proper way ?[15:36:36] <bpgoldsb> GiabboO: you said it's working for some users but not others, correct?[15:37:00] <GiabboO> bpgoldsb is not working for virtual users[15:37:21] <bpgoldsb> GiabboO: But it is working for local users?[15:37:21] <GiabboO> (those user that I have in the mysql db)[15:37:26] <GiabboO> yes[15:37:57] <GiabboO> i see the mail in the local user maildir file when I try from the command line[15:38:30] <bpgoldsb> Under the .Junk folder?[15:38:33] <bpgoldsb> Or in the Inbox?[15:38:40] <rob0> ananke: right[15:38:59] <rob0> that address might be spam harvested now :)[15:39:04] <hparker> arrgghhh!!!![15:39:09] * hparker blames rob0[15:39:24] * bpgoldsb queues up 25000 viagra adds[15:39:25] <GiabboO> bpgoldsb, I dont have any local user setted up to receive mails[15:39:31] <GiabboO> lol[15:39:38] * hparker needs a break[15:39:43] <ananke> rob0 : that[15:39:47] *** rootsvr has quit IRC[15:39:55] <GiabboO> bpgoldsb, by the way i see the message in the home of the user that I used for test[15:40:07] <GiabboO> bpgoldsb, anyway i wanna make it working with virtual users...[15:40:11] <ananke> rob0 : that's one of the reasons management wants to keep our current primary mx in place: the anti-spam solution i've crafted over the years[15:40:26] <bpgoldsb> GiabboO: what I mean is, did it deliver to maildrop successfully for a local user. Or did it deliver directly without maildrop.[15:40:31] <bpgoldsb> I'm guessing the later[15:40:50] <checkers> home brewed anti-spam, delicious![15:40:51] <GiabboO> no no, I am trying maildrop in command line![15:41:00] <bpgoldsb> Alright[15:41:05] *** havvg has quit IRC[15:41:21] <bpgoldsb> Without having access to your DB I can't really tell you whats wrong. It could be a lot of things[15:41:23] <GiabboO> i have the postfix running i cant make test on it now[15:41:34] <GiabboO> i bet[15:41:39] <bpgoldsb> It's probably just in your maildrop/mysql configuration[15:41:41] <GiabboO> if you want i show you few important files...[15:41:56] <GiabboO> such as /etc/maildropmysql.config[15:41:57] <bpgoldsb> The configuration doesn't help unless you can see what it's trying to talk to[15:42:09] <bpgoldsb> you can say 'get username from column X'[15:42:17] <bpgoldsb> But your system could be column Y[15:42:31] <bpgoldsb> And without looking at both, I couldn't see where the problem is.[15:42:46] <rob0> "Home brewed anti-spam" can easily be better than most of the commercial "solutions".[15:42:47] <bpgoldsb> Show me the maildropmysql.config without sensitive data, I guess[15:42:50] <bpgoldsb> Maybe it will be helpful[15:42:58] <rob0> depends on the Clue level of the home brewer[15:43:01] <bpgoldsb> rob0: What do you do about false-positives?[15:43:07] <GiabboO> yes[15:43:12] <GiabboO> wait i use nopaste[15:44:04] <bpgoldsb> Sorry[15:44:11] *** Armored_Azrael has quit IRC[15:44:16] <bpgoldsb> ananke: How do you handle false positives, if you don't mind me asking[15:45:42] <Dominian> argh.[15:45:47] <Dominian> my pastebin is getting hammered by spam bots[15:45:54] <GiabboO> bpgoldsb, http://rafb.net/p/BbTRZv88.html[15:47:02] <bpgoldsb> GiabboO: can you do mysql -upostfix -p -h localhost postfix ?[15:47:13] <GiabboO> yes[15:47:19] <bpgoldsb> GiabboO: And then if so, try select count(*) from mailbox;[15:47:20] <GiabboO> its working :P[15:47:23] <bpgoldsb> Okay[15:48:24] <bpgoldsb> GiabboO: I'm guessing maildrop isn't pulling in /etc/maildropmysql.config[15:48:25] <GiabboO> the query work fine[15:48:34] <GiabboO> hmmm[15:48:38] <GiabboO> i show you...[15:49:03] *** netcrash has joined #postfix[15:49:25] <netcrash> Hello , how can I redirect bounce messages from local server to being parsed by a script ?[15:49:43] *** danbeck has joined #postfix[15:50:20] <GiabboO> checking for maildrop config file... "/etc/maildropmysql.conf"[15:50:32] <GiabboO> this is from ./configure maildrop[15:51:01] <GiabboO> i compiled maildrop to look at that location[15:51:17] <bpgoldsb> Okay[15:51:24] <GiabboO> something else ? ^^[15:51:31] <bpgoldsb> I have a few more ideas :P[15:51:56] <bpgoldsb> You're delivering through postfix, correct? Or are you still trying on the command line?[15:52:14] <sysmonk> so, who was talking about a job offer, ah ?[15:52:32] <cpm> sysmonk, f3ew[15:52:39] <bpgoldsb> oooh, $$$?[15:52:47] <f3ew> yes[15:52:48] <sysmonk> f3ew: you again ? :)[15:52:50] <cpm> he said you wouldn't relocate, and wanted to be a part-time slacker type.[15:52:53] <sysmonk> f3ew: no remote offer? :)[15:52:56] <GiabboO> im trying on the command line[15:52:57] <f3ew> no[15:53:01] <sysmonk> cpm: yeah, i can't relocate[15:53:11] <cpm> can't? what kinda attitude is that?[15:53:12] <mariodeb> Hi. Postfix sends me a mail due to (notify_classes = policy,protocol,resource,software,2bounce) but I don't know the reason. The mail is http://pastebin.ca/1016872[15:53:14] <bpgoldsb> GiabboO: can you paste the command you're running?[15:53:25] <sysmonk> cpm: 1. studies 2. just bought a flat[15:53:45] <mariodeb> there is nohing in the mail.log, access.log or error.log (I have a script in php in a contact form).[15:54:29] <mariodeb> It has happened more than once. Any ideas?[15:54:30] <cpm> sysmonk, I'm sure f3ew would let you live in his car, and you can send your flat payments home.[15:54:39] <sysmonk> heh[15:54:44] <f3ew> heh[15:54:47] <bpgoldsb> Depending on the car...[15:54:50] <sysmonk> cpm: the problem is, he won't offer much more than i get here now[15:54:55] * f3ew has no car[15:55:01] <bpgoldsb> Ouch.[15:55:09] <sysmonk> and moving cause of a few hundred $ isn't right, imho[15:55:16] <sysmonk> f3ew: and a bicycle ? :P[15:55:17] <f3ew> Well, the problem is that he hasn't finished his studies yet[15:55:28] <f3ew> Once he finishes, I can up the salary offer[15:55:56] <f3ew> bpgoldsb, I live in a city with working mass transit[15:56:02] *** seekwill has left #postfix[15:56:08] <bpgoldsb> f3ew: Must be nice.[15:56:41] <GiabboO> bpgoldsb, wait[15:56:46] <bpgoldsb> f3ew: I'd still rather drive if traffic isn't a nightmare.[15:56:54] <GiabboO> bpgoldsb, i run now the just compiled maildrop[15:57:08] <GiabboO> now its finishing with a error[15:57:24] <GiabboO> maildrop: signal 0x0B[15:58:42] *** ming_zym has quit IRC[15:59:07] <bpgoldsb> No more info than that?[15:59:21] <GiabboO> yep[15:59:30] <GiabboO> wait i want disable quota support[15:59:34] <GiabboO> i compile it again[16:00:02] *** KaZeR has joined #postfix[16:00:03] *** ming_zym has joined #postfix[16:00:07] <KaZeR> hi there[16:00:10] <bpgoldsb> Hola[16:00:26] <KaZeR> i have some little problems with a postfix setup[16:00:29] <GiabboO> hi[16:01:41] <KaZeR> i have a virtual domain setup, but when i try to send mail using trac, i get error 554..[16:01:50] <KaZeR> what can i do?[16:02:10] <KaZeR> please forgive me if i'm not clear.. i lack sleep :)[16:04:54] <f3ew> bpgoldsb, tink NYC[16:05:05] <f3ew> think*[16:05:12] <rob0> bpgoldsb: "false positive" is often a FUD term IMO[16:07:19] <Dominian> ananke: I could really confuse you and show you the multiple transport layout I have in postfix..[16:07:42] * Dominian utlilizes three different transports at this point.. may add more later[16:08:06] <rob0> bpgoldsb: most rejections take place in the initial SMTP contact, so a real sender would get a bounce from their SMTP relay.[16:08:30] *** lunaphyte_ has quit IRC[16:08:34] <bpgoldsb> rob0: So you do most of your stuff before-queue?[16:08:56] <Dominian> RBL checks of course.[16:09:07] <rob0> well, for myself, ALL of it is before queue[16:09:13] <Dominian> same here[16:09:25] <rob0> for customers I have set up after-queue content filtering[16:09:34] <bpgoldsb> rob0: I guess I'm confused. I use RBL's and some header checks before-queue, and spamassasin after queue. But we don't want to lose any customer emails (that may get falsely flagged as spam)[16:09:45] <bpgoldsb> And thats why I ask about false-positives[16:09:48] <rob0> !cheatsheet[16:09:48] <knoba> rob0: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[16:09:48] <sysmonk> fyi, if anyone uses debian - http://lists.debian.org/debian-security-announce/2008/msg00152.html[16:09:52] <rob0> !zen[16:09:53] <knoba> rob0: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL[16:09:53] <bpgoldsb> We get 2-3 a day[16:10:09] <Dominian> bpgoldsb: So.. create a catchall quarantine folder than you can release from?[16:10:12] <rob0> SpamAssassin by itself is not safe.[16:10:22] <bpgoldsb> Dominian: Have that, but reviewing it is a pain.[16:10:32] <rob0> and header_checks rarely do any good[16:10:34] <bpgoldsb> Dominian: Just seeing what other people do for ideas.[16:10:43] <Dominian> bpgoldsb: Well, then use amavisd-new with Mail Zu or soemthing[16:10:47] <rob0> HELO checks are very effective[16:10:47] <Dominian> or MailScanner + MailWatch[16:10:59] <Dominian> I think I have helo checks..[16:11:04] *** seekwill has joined #postfix[16:11:08] <bpgoldsb> rob0: I mean we drop 90% of the messages before queue as is[16:11:18] <rob0> oh good[16:11:22] *** Haris__ is now known as Haris[16:11:23] <rob0> you're doing well[16:11:27] <bpgoldsb> but 10% (which is still 10000-50000/day) still get quarantined[16:11:39] <bpgoldsb> Okay, well, 9%[16:11:42] <bpgoldsb> 1% are real emails ;)[16:12:06] <bpgoldsb> So I'm curious how people handle that 9%[16:12:15] <bpgoldsb> We deliver to a quarantine then have someone review it daily[16:12:22] <GiabboO> bpgoldsb, maildrop -d user at virtual dot com < filetest[16:12:37] <GiabboO> maildrop: signal 0x0B[16:12:40] <bpgoldsb> GiabboO: are you still getting that 00xb error?[16:12:45] <bpgoldsb> Ya, hmm[16:12:56] <GiabboO> :|[16:12:59] *** KaZeR has quit IRC[16:13:00] <bpgoldsb> GiabboO: I'd google that, that doesn't sound like a config/usage error[16:13:15] *** rob0_ has joined #postfix[16:13:46] <GiabboO> yes[16:13:51] <GiabboO> im googling already[16:13:59] <Dominian> argh[16:14:18] <Dominian> rob0_: Did you just lose routing?[16:14:40] <rob0> are you doing HELO checks, like HELO your.ip.add.ress and reject_invalid_helo_hostname and reject_non_fqdn_helo_hostname ?[16:14:49] <rob0> yes I did but it's back[16:15:10] <Dominian> weird[16:15:13] <Dominian> I lost routing as well[16:15:54] <bpgoldsb> rob0 Yes, we're doing several[16:15:59] <rob0> personally I reject all non-alpha HELOs, including [ip.add.re.ss] which is technically valid. You only "validly" see those from a MUA, and a MUA should AUTH.[16:16:20] <bpgoldsb> reject_non_fqdn_hostname reject_unknown_hostname hash:/etc/postfix/helo_access[16:16:34] <GiabboO> maybe strace will help[16:16:51] *** saurabhb has quit IRC[16:16:52] <Dominian> rob0: I should beef up my helo checks..[16:16:59] <rob0> reject_unknown_hostname is reject_unknown_client_hostname, not entirely safe, but probably not a bad idea.[16:17:21] <rob0> oops no[16:17:33] <rob0> reject_unknown_hostname is now reject_unknown_helo_hostname[16:18:02] <rob0> and yes, not entirely safe, you see a lot of MSexChange servers with non-resolvable HELO.[16:18:20] *** af_ has joined #postfix[16:18:26] <Dominian> Or you see mail servers with bad or no rDNS records[16:18:32] <Dominian> bastards[16:18:36] <Dominian> BIG companies too[16:18:49] <Dominian> like this lizella place.. I had to whitelist them on my server ..[16:18:51] <Dominian> what a pita[16:20:47] <rob0> yes they suck[16:21:02] <rob0> Yahoo says so too. Their users complain.[16:21:30] <GiabboO> bpgoldsb, a guy on the way say "Maildrop segfaults on bad configs."[16:22:28] <bpgoldsb> Unfortunately customers = money = paycheck[16:22:41] <Dominian> rob0: hehe[16:22:44] <Dominian> rob0: yahoo gets pissy with me[16:22:48] <bpgoldsb> My personal email server is definately configured more agressively than my home[16:22:57] <Dominian> rob0: and I send them.. MAYBE 10 emails a week[16:22:57] <bpgoldsb> Er, then my work[16:23:11] <bpgoldsb> GiabboO: Hunt for syntax errors ;)[16:24:28] <rob0> Yahoo just does some braindead throttling. They don't seem to correlate with past results, they just keep on throttling, and the Web page they send you to says that their users were complaining about you.[16:24:44] <GiabboO> it seems all ok ...[16:25:14] <Dominian> rob0: yeah[16:25:22] <rob0> But overall, it seems like Yahoo mail eventually gets through. I only have 8 subscribers there so it's hard to say what would happen with a lot.[16:25:42] <Dominian> rob0: irritating.. so what you do is block yahoo for the same amount of time and get an email from their systems admins wondering why my users are complaining and I say "because they are. so i throttle you"[16:26:35] *** Draecos has joined #postfix[16:26:54] <Trengo> except they dont care[16:27:11] <Dominian> nope[16:28:37] *** rootsvr has joined #postfix[16:34:13] *** Armored_Azrael has joined #postfix[16:36:15] <ribasushi> anyone here has experience with the dk-filter milter?[16:36:26] <ribasushi> I can't grok what the -I option does[16:36:35] <ribasushi> and the man page is skimpy[16:40:54] *** nphase_ has joined #postfix[16:42:48] *** pirho has quit IRC[16:43:44] *** madrescher has quit IRC[16:44:02] *** pirho has joined #postfix[16:44:56] *** nphase_ has left #postfix[16:48:34] *** madrescher has joined #postfix[16:51:12] <checkers> rob0: everything gets through, you just get to add an exciting delay of n*15 minutes where n is somehow related to the number of mails you send to them[16:54:02] *** rootsvr has quit IRC[16:55:42] *** madrescher has quit IRC[16:58:04] *** Sypher_ has joined #postfix[17:06:14] <AndyGraybeal_> Dominian: why are people generally against mailscanner ?[17:07:21] *** shinao1 has quit IRC[17:09:14] <bpgoldsb> !address_verify_map[17:09:15] <knoba> bpgoldsb: "address_verify_map" : a configuration parameter in the main.cf: Optional lookup table for persistent address verification status storage. The table is maintained by the verify(8) service, and is opened before the process releases privileges.[17:10:10] <Dominian> AndyGraybeal_: They say because it messes with postfix queues.. which it no longer does[17:10:29] <Dominian> AndyGraybeal_: I've used Mailscanner for a while.. works fine[17:11:13] <AndyGraybeal_> Dominian: okay thank you[17:11:29] <Dominian> np[17:14:40] *** SteveC has joined #postfix[17:15:02] <rob0> There are documented past issues of mail loss and mangling with Mailscanner and Postfix. The Mailscanner folks say the problem is fixed. But one ongoing issue ...[17:15:02] *** Sypher has quit IRC[17:15:30] * Dominian shrugs[17:15:41] <rob0> ... Mailscanner uses an undocumented interface, directly using the Postfix HOLD queue.[17:15:43] <Dominian> that was when mailscanner accessed the queues directly[17:15:48] <Dominian> rob0: right[17:15:52] <rob0> doesn't it still?[17:15:57] <Dominian> It does use the HOLD queue[17:16:02] <Dominian> and I don't see how that is a problem.[17:16:03] <SteveC> I have a standard Debian Etch APT install of postfix - hence I don't really know how all if it is configured. Suffice to say it's a non-open relay and delivers mail that I want it to. Now, my question is, how can I figure out if it's configured to generate backscatter, or is simply the victim of backscatter? I'd prefer it to silently dump mail if it's not going to deliver it, or to tell the other MTA during the SMTP session.[17:16:21] *** pitakill has joined #postfix[17:16:27] *** pitakill_ has joined #postfix[17:16:28] <rob0> I don't know, either, but I know Wietse doesn't approve.[17:16:34] * Dominian shrugs[17:16:42] <Dominian> Just because he doesn't approve.. doesn't make him right.[17:16:51] <Dominian> the HOLD queue is there for that type of use[17:16:54] <Dominian> so I don't see why its an issue.[17:16:56] <rob0> He wanted the queue_directory to be totally under the control of the postfix user.[17:17:03] * cpm doesn't agree, at all.[17:17:15] <rob0> and the postfix user to be ONLY for Postfix.[17:17:20] *** c00l2sv has quit IRC[17:17:24] <Dominian> eh[17:17:34] <rob0> I'm not arguing, just trying to 'splain it. :)[17:17:43] <Dominian> wel I refuse to add 3 or 4 more daemons to do what MailScanner does.[17:18:06] <cpm> Also, as I recall, Wietse wasn't/isn't totally set on his queue architecture, and openly reserves the right to change it at any time, so things that munge about in the queue could break, at any time.[17:18:36] <Dominian> cpm: agreed, but the HOLD queue is there for the very reason that MailScanner uses it[17:18:40] * Dominian shrugs[17:19:23] <Dominian> I just don't like opening more and more daemons and ports on my box.. to do what MailScanner already does internally[17:19:56] <Dominian> with amavis y ou have to what.. open two daemons.. one to accept email.. pass to postfix.. accept from postfix and another to send or something..[17:20:26] <bpgoldsb> It's been a while since I looked at my options for content filters. Whats good for doing a clamav/spamassassin content filter anymore? Anything besides Amavis?[17:20:38] <Dominian> Mailscanner[17:20:47] <Dominian> but you see the rise in opinion of it[17:21:22] *** Lap_64 has quit IRC[17:21:46] *** af_ has quit IRC[17:21:53] <bpgoldsb> i.e. mailscanner.info?[17:22:44] <bpgoldsb> What do you like about it that makes it better than amavis?[17:23:06] <Dominian> I wouldn't say better..[17:23:18] <Dominian> I'd say.. imho, they are both about the same.. just do the same thing in different ways[17:23:18] <SteveC> I typically have 500-1000 mail in my (smalltime) queue - many from MAILER DAEMON. Everything is being held up badly (30mins to 1hr for delivery)[17:23:28] <Dominian> MailScanner.. for me... is easier to configure/maintain than amavis[17:23:40] <bpgoldsb> I was never a fan of amavis[17:23:45] <bpgoldsb> So I'll give it a shot[17:24:00] <Dominian> bpgoldsb: there's also MailWatch that ties into MailScanner..so you can have a "web gui" over the operation.[17:24:04] <Dominian> for quarantine email release etc[17:26:03] <bpgoldsb> Is it pretty well documented?[17:26:33] *** ming_zym has quit IRC[17:27:21] <Dominian> bpgoldsb: yes it is[17:27:27] <Dominian> bpgoldsb: and the irc channel is fairly active[17:27:31] <rob0> The nice thing about amavisd-new IMO is the integration with SpamAssassin. A single daemon process does both.[17:27:32] <bpgoldsb> Dominian: Thanks :)[17:27:33] <Dominian> so are the mailing lists[17:27:44] <Dominian> rob0: well.. same withmailscanner[17:27:50] <Dominian> it does the spam/virus scanning.. all in one[17:27:51] <rob0> The second daemon is just the Postfix reinjection port.[17:28:13] <rob0> (just another instance of smtpd(8) on a dedicated localhost port)[17:28:20] * Dominian nods[17:28:30] <Dominian> but.. if that process fails.. do you lose email?[17:28:35] <rob0> no[17:28:42] <Dominian> cool[17:28:51] <rob0> amavisd-new rejects it and it stays in the prefilter queue[17:29:16] * SteveC tries a different question - my mailqueue is taking up to 60 mins to deliver mail (based on an average queue size of about 600), what can I do to fix this?[17:29:25] <rob0> "prefilter queue" is a bit of a misnomer[17:29:41] <rob0> but perhaps you know what I mean[17:30:09] <rob0> Steve, sounds like you're a backscatterer.[17:30:28] <rob0> Don't accept mail for users who don't exist.[17:30:53] <SteveC> rob0: Yes, I suspect so, but I'm at aloss to see how to stop it. I've got a postfix, amavis, spamassassin setup - The only setting I could find that's relevant I was told not to change :)[17:31:43] *** Draecos has quit IRC[17:33:37] *** Knoedel2 has joined #postfix[17:34:06] *** pitakill has quit IRC[17:34:35] *** pitakill_ has quit IRC[17:36:14] <GiabboO> im back[17:36:15] <GiabboO> bpgoldsb[17:36:18] <GiabboO> still here ?[17:37:02] <SteveC> man postfix[17:37:04] <SteveC> ook.[17:37:14] <SteveC> Since I've started using screen, I do that A LOT more :([17:37:52] *** mvt has quit IRC[17:38:10] <bpgoldsb> GiabboO: yes, but going to lunch[17:39:02] <rob0> The frontend, prefilter, smtpd on port 25 has to do recipient validation. It works when set up according to amavisd-new documentation and ...[17:39:07] <rob0> !filter_readme[17:39:07] <knoba> rob0: "filter_readme" : http://www.postfix.org/FILTER_README.html :: After-queue content filtering[17:40:03] <rob0> Also, it's insane to do dangerous and expensive content filtering if you're not already blocking most of the spam in smtpd ...[17:40:10] <rob0> !cheatsheet[17:40:10] <knoba> rob0: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[17:40:13] <rob0> !zen[17:40:14] <knoba> rob0: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL[17:41:12] *** stefan-f has quit IRC[17:41:36] <GiabboO> ok bpgoldsb buon appetito[17:41:37] <GiabboO> :)[17:44:17] *** Assid has quit IRC[17:45:40] *** macsim`work has quit IRC[17:48:52] *** CrazyFoam has quit IRC[17:49:20] <SteveC> Ugh - whenever I try to configure postfix from a guide, the issue I encounter is that my config doesn't have any of the options they talk about AT ALL.[17:49:58] <rob0> postconf $FOO[17:50:36] <Dominian> SteveC: a lot of tutorials were based off of older versions.. some of the options may not apply to newer versions or vice versa[17:51:28] <cedric3> hi i have a postfix problem when i see the process smtp i have 117 process is it normal for you thanks[17:52:13] <SteveC> is there a config check I can do to see if my server is causing backscatter?[17:52:45] <mofino> config check?[17:52:46] *** CrazyFoam has joined #postfix[17:53:05] <SteveC> something in my rather vast and unapprochable config that I can check.[17:53:37] <cedric3> nobody can tell me please?[17:55:23] <mofino> cedric3, tel lyou what?[17:56:27] <cedric3> mofino ! i have a serveur postfix when i try yo send or receiv a mail i have a problem after a time it work and after it not work i see on the log Error accepting AF_UNIX connection, opened connections: 100, max: 100[17:56:38] <cedric3> i have 104 smtp process[17:56:48] <mofino> so increase it?[17:57:04] *** mariodeb has left #postfix[17:57:44] <wdp> cedric3, /etc/postfix/master.cf[17:57:58] <cedric3> and 17 process courierpop3d the smtp line is cleanup -z -n pre-cleanup -t unix -u -o virtual_alias_maps -o canonical_maps -o sende[17:58:01] <wdp> cedric3, read the top of that file. There you'll see how to higher the limit[17:58:05] *** mvt has joined #postfix[17:58:17] <cedric3> wdp : what is the variable on this file ?[17:59:07] * GiabboO loves m&m's[17:59:14] <cedric3> wdp : smtp inet n - n - - smtpd -o cleanup_service_name=pre-cleanup[17:59:27] <cedric3> i think it's default value[18:00:03] <mofino> the default is -[18:00:15] <mofino> which is 100[18:00:32] <cedric3> can i modify this to what is the best number ?[18:00:35] <mofino> it's the last column before the command[18:00:46] <mofino> cedric3, best number is higher then what you have now[18:01:00] <mofino> so maybe, 125?[18:01:03] <mofino> 150?[18:01:12] <wdp> 1024!!!ONEONEELEVEN[18:01:16] <wdp> *hidez*[18:01:19] <cedric3> if i want 150 i write this : smtp inet n - n - 150 smtpd[18:01:41] <mofino> i'm not counting the columns, but i see 150 before smtpd, so that should be ok[18:02:08] <mofino> always backup your config file before you change it[18:02:28] * wdp would just be interested in why he/she has so much open connections[18:02:28] <SteveC> OK, I guess there's no simple answer to how to stop my server from generating backscatter?[18:02:30] <mofino> cp master.cf .~master.cf[18:02:43] <mofino> SteveC, not likely[18:02:48] <mofino> very dependant[18:02:58] <SteveC> I have a pretty standard install in that it's the Debian RPM[18:03:03] <cedric3> thanks i modify now[18:03:14] <mofino> SteveC, doesn't change much[18:03:31] *** githogori has quit IRC[18:04:20] <SteveC> It's a real pain as I'm not sure why it's happening and frankly have no idea how to fix it.[18:04:22] <mofino> SteveC, helps to know what the backscatter looks like[18:04:55] <mofino> is it a result of being over quota? post-smtp filtering? bounces?[18:05:10] <SteveC> bounces - non existent local users.[18:05:34] <SteveC> random name guessing spam.[18:05:50] <mofino> so you are getting these coming to you, or leaving you?[18:06:20] <cedric3> mofino : if i have 104 process smtp and on the master.cf i write 100 what is the problem i can have ?[18:06:35] <SteveC> my server is being asked to deliver mail, it accepts it and THEN checks to see if it's valid.[18:06:43] <SteveC> as far as I can tell.[18:06:44] <mofino> cedric3, what do you mean? you already know what happens[18:06:51] <mofino> SteveC, ahhhh[18:06:52] <SteveC> qmail like behaviour.[18:06:55] <mofino> SteveC, yeah that sucks[18:06:56] *** CyberCr33p has joined #postfix[18:07:05] <mofino> SteveC, that's ... oddd[18:07:27] <mofino> who, or what is generating the no such user?[18:07:35] <SteveC> I do have it configured to check spamassassin via amavis[18:07:38] <mofino> usually postfix will handle the recipient matching[18:07:55] <SteveC> yeah, postfix should be checking the recipient matching - it's got a myslq DB of users it checks.[18:08:11] <mofino> so how is it accepting mail for people that aren't on the list?[18:08:37] <SteveC> no idea.. It just does, they go into the queue (marked active), and sit there for an hour while it tries to process everything.[18:09:04] <mofino> is your system live?[18:09:07] <SteveC> yes[18:09:11] <mofino> can i touch it via SMTP?[18:09:20] <mofino> just to see...[18:09:46] *** suuuper has quit IRC[18:10:29] <SteveC> sure, mail.connected.ltd.uk[18:11:25] <mofino> rcpt to: blahblahblah at connected dot ltd.uk[18:11:28] <mofino> 250 2.1.5 Ok[18:11:29] <mofino> not good[18:11:46] *** Zblakany has joined #postfix[18:11:56] <mofino> rcpt to: asdhfkjasdhkasdhkdahkdhask at connected dot ltd.uk[18:11:56] <mofino> 250 2.1.5 Ok[18:11:57] <mofino> heh[18:11:59] <SteveC> handles about 12-15,000 mail per day, 95% of which is spam[18:12:05] <SteveC> exactly.[18:12:06] <mofino> yeah that's evil....[18:12:33] <SteveC> so, what part of my config should it be looking at to reject that as spam earlier?[18:12:41] <mofino> uhhhm[18:13:06] <SteveC> because obviously as it's accepting it in the SMTP, it'll be generating bounces later, doubling the amount of mail to handle by sending it all out again after (so it's really handling 25k mail a day)[18:13:11] <mofino> yeah[18:13:16] <mofino> it's a huge pain for sure[18:13:50] <SteveC> not to mention that it's probably spam checking mail that it's never going to deliver[18:14:03] <cpm> indeed, big waste[18:14:09] *** j_s has joined #postfix[18:14:13] <mofino> looking...[18:14:44] <mofino> do you have permit_auth_destination in smtpd_recipient_restrictions[18:14:45] *** Sypher_ has quit IRC[18:15:17] <mofino> actually, one sec[18:15:20] <SteveC> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination[18:15:28] <mofino> ok[18:15:52] <mofino> smtpd_reject_unlisted_recipient is not present?[18:16:07] <SteveC> smtpd_reject_unlisted_recipient = yes[18:16:28] <mofino> ok[18:17:22] <mofino> local_recipient_maps ?[18:17:53] <SteveC> local_recipient_maps = proxy:unix:passwd.byname $alias_maps[18:17:57] <mofino> well what the hell[18:18:08] *** CrazyFoam has quit IRC[18:18:09] *** pirho has quit IRC[18:19:02] <SteveC> I've got lots of mail virtualisation.[18:19:08] *** CrazyFoam has joined #postfix[18:19:17] <cedric3> mofino : i have 222 process cleanup i think it's a lot of[18:19:26] <mofino> cedric3. spam?[18:19:26] *** pirho has joined #postfix[18:19:27] <mofino> cedric3, yeah[18:19:36] <SteveC> in addition to the local_recipient_maps it it's got a heap of virtual lookups for everything.[18:19:41] <mofino> SteveC, sure[18:19:50] <mofino> defined in virtual_mailbox_maps?[18:19:58] <mofino> and virtual_alias_maps[18:20:29] <SteveC> yes, in fact that's a proxy to mysql lookup[18:20:36] <mofino> hmm[18:20:41] <mofino> maybe that is failing you?[18:20:58] <cedric3> mofino : smtpd -n smtp -t inet -u -s 2 -o cleanup_service_name pre-cleanup[18:20:59] <mofino> how does that config look?[18:21:18] <mofino> cedric3, not sure ...[18:21:35] <SteveC> it's fine - it's looking up records with no problems. The actual delivery works fine once the mail is in the system.[18:21:44] <SteveC> rejections go out, mail goes out.[18:21:49] <mofino> but i mean[18:21:49] *** rcsu has joined #postfix[18:21:56] <mofino> it's not stopping at postfix when it should[18:22:00] <mofino> what is handling deliveries?[18:22:04] <mofino> that would be seperate[18:22:29] <mofino> mail should stop at the MTA, not the MDA[18:22:55] <SteveC> indeed. I have postfix as the SMTP server, that hands off to clamav, which does amavis and spamassassin, I presume postfix then delivers it if that all passes.[18:23:07] <mofino> clamav does amavis?[18:23:11] <mofino> or is that the other way around? :)[18:23:13] <SteveC> is that the right way around :)[18:23:16] <SteveC> sorry - :)[18:23:23] *** stefan-f has joined #postfix[18:23:27] <mofino> so amavis delivers[18:23:34] <mofino> postfix never delivers[18:23:40] <mofino> (i think)[18:23:41] <SteveC> I can never remember which bit of software with virus in the title is actually a virus checker :)[18:24:04] *** harobed has quit IRC[18:24:17] <mofino> so right now amavis/whoever is taking care of the user matching[18:24:21] <mofino> for whatever reason postfix is not[18:24:36] <mofino> can you paste your main.cf somewhere?[18:24:37] <SteveC> I'm pretty sure postfix is - none of the other software has access to that mysql db[18:24:44] <mofino> but it's not[18:24:58] <mofino> it's accepting everything[18:26:11] *** jeroen- has joined #postfix[18:26:16] *** danbeck_ has joined #postfix[18:26:25] <SteveC> http://www.pastebin.ca/1017014[18:27:10] *** danbeck has quit IRC[18:28:19] <cedric3> mofino : i don't know if i restart postfix it work but after i have courierpop3login: TIMEOUT, top=0, retr=0, time=300[18:28:54] *** hal1on has quit IRC[18:28:56] <rob0> Well darn it SteveC, what do you suppose that line 64 does?[18:28:57] <jeroen-> using Postfix 2.5.1 (@Ubuntu Dapper): Someone tries to send a mail from a domain (adsl-planet.nl) to a mailinglist I am running. in mail.log it is rejected: "... at adsl-planet dot nl>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)" - can someone please help me to fix this issue?[18:28:58] <cedric3> i think i have one of processus postfix problem[18:29:17] <SteveC> rob0: oh dear.. that doesn't look very good does it?[18:29:59] * SteveC wonders why it's in there.. hurm.[18:30:00] <rob0> postconf.5.html#receive_override_options and it is covered in both the Amavisd-new howto and Filter Readme,.[18:30:24] <rob0> oh wait, maybe that's not as bad as I thought[18:30:34] <SteveC> No, makes no difference if it's out.[18:30:37] *** LMJ has joined #postfix[18:30:40] <LMJ> hi[18:30:56] <rob0> but then, you need to look at what's in master.cf for your smtpd on 25 and for the reinjection.[18:31:01] *** hemry has joined #postfix[18:31:51] <LMJ> In what direction I have to look if I want user1@mailhost, when the mail is send out of my network, be mapped to user1 at foobar dot com ?[18:31:56] <mofino> transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf maybe?[18:32:03] <mofino> maybe not ...[18:32:13] <LMJ> foobar.com is variable, could be foobar2.net[18:33:22] <SteveC> mofino: nah, that's just handing off a bunch of domains to an Exchange server elsewehre.[18:33:50] *** pirho has quit IRC[18:34:43] <SteveC> Great, screaming kid being sent by wife - I guess that's a hint that it's past 17:30[18:35:02] <mofino> heh[18:35:04] <SteveC> I'd really appreciate a /msg if nayone has any inspiration on the crapness of my server.[18:35:13] <mofino> SteveC, hard to say ...[18:35:36] *** syneus has quit IRC[18:36:06] *** pirho has joined #postfix[18:37:02] *** stefan_ has joined #postfix[18:39:26] *** keffer has quit IRC[18:39:46] *** ribasushi has quit IRC[18:40:20] *** ribasushi has joined #postfix[18:43:39] *** stefan-f has quit IRC[18:45:35] *** CyberCr33p has quit IRC[18:48:29] *** cite has left #postfix[18:50:12] *** wdp has quit IRC[18:52:55] *** keffer has joined #postfix[18:53:09] <GiabboO> i still need help with maildrop :P[18:56:19] <LMJ> In what direction I have to look if I want user1@mailhost, when the mail is send out of my network, be mapped to user1 at foobar dot com ? foobar.com is variable, could be foobar2.net in function of the local mail adress[18:58:34] *** jeroen- has left #postfix[18:59:09] <GiabboO> bpgoldsb, still there ?[19:01:33] *** Siegfried has joined #postfix[19:01:44] *** phnord has left #postfix[19:06:47] *** spiderr has joined #postfix[19:13:14] *** tshine has joined #postfix[19:21:40] *** danbeck_ has quit IRC[19:23:15] <GiabboO> I recompiled maildrop with the source files coming from debian sarge repository, 1.5.3-1.1[19:23:22] <GiabboO> I STILL GET THE STUPID ERROR[19:23:25] <GiabboO> maildrop: Invalid user specified.[19:23:32] <ribasushi> sorry to jump in late - but does amavis now support attachment removal like mailscanner does?[19:23:35] <ribasushi> I checked a year and a half ago - it was not the case and the authors were strongly opposed(?!) to implementing this[19:23:45] <GiabboO> /etc/maildropmysql.config /etc/maildroprc are properly configured[19:27:54] *** [diablo] has quit IRC[19:29:28] <bpgoldsb> GiabboO: just got back[19:30:15] <rob0> Did you configure maildrop to be more verbose in error reporting?[19:31:30] <rob0> A comment I can toss out: in the amount of time you have spent here on a maildrop error, you might have gotten an answer in #courier. You *do* understand that maildrop is not a part of Postfix, right?[19:33:38] <GiabboO> wb[19:33:42] <GiabboO> yes rob0[19:34:03] <GiabboO> I am talking no courier[19:34:05] <GiabboO> on[19:35:06] *** Motoko-chan has joined #postfix[19:36:53] <rob0> 17:30 < rob0> Did you configure maildrop to be more verbose in error reporting?[19:36:54] *** wdp has joined #postfix[19:39:55] <GiabboO> yes[19:40:15] <GiabboO> but it is verbose just after the user is found[19:40:40] <GiabboO> when user is not found it just exit with that message[19:40:48] <rob0> Postfix and maildrop are using the same user list?[19:41:15] <GiabboO> I am trying to make maildrop working with /etc/maildropmysql.config[19:43:31] <GiabboO> i dont find the way to check many things[19:43:40] <GiabboO> 1) is maildrop really loading my /etc files ?[19:43:52] <GiabboO> 2) is maildrop trying to connect mysql / querying mysql ?[19:43:56] <rob0> And what was the reason for maildrop in the first place? Filtering?[19:44:02] <GiabboO> yes[19:44:06] <GiabboO> i want to use maildrop[19:44:17] <rob0> filtering what, amavisd-new-tagged spam?[19:44:20] <GiabboO> to move mail with spamassassin flag, spam[19:44:25] <GiabboO> yes[19:44:31] <GiabboO> exactly[19:44:41] <GiabboO> I want to move those mail directly to the user .Junk mail[19:44:43] <rob0> and yesterday I told you how to do that with virtual(8)[19:44:44] <GiabboO> folder[19:44:52] <GiabboO> hmm[19:44:58] <GiabboO> i didnt get it[19:45:11] <GiabboO> can you explain again ?[19:45:12] <rob0> poor attention span[19:45:16] <GiabboO> ahah[19:45:45] <rob0> If you're going to ask questions, it is very poor form to ignore your answers![19:45:50] <rob0> anyway[19:46:00] <GiabboO> :$[19:46:02] <rob0> I said tag them with a recipient_delimiter[19:46:21] <rob0> I can't remember and WILL NOT LOOK UP the way amavisd-new does it[19:46:33] <rob0> but it will[19:46:52] <rob0> on the Postfix side, "recipient_delimiter = -"[19:47:27] <rob0> and in your virtual_mailbox_maps add a user-spam@domain entry for every user@domain[19:48:11] <GiabboO> (lol @ will not look up)[19:48:16] <rob0> that entry would be the same as the user@domain one except add .spam/ onto it[19:49:03] <rob0> Yeah, a lot of people come for help and think that other people should look stuff up in documentation for them.[19:49:19] <GiabboO> ok[19:49:28] <rob0> the very antithesis of what built the free software world[19:49:30] <GiabboO> you mean to use - as delimited ?[19:49:38] <GiabboO> "-"[19:49:57] <cpm> can haz postfix?[19:50:24] <rob0> You can use "+" if you prefer, but I wouldn't recommend it.[19:50:26] *** quieteyes has quit IRC[19:50:37] <GiabboO> $recipient_delimiter = '+'; # (default is '+')[19:50:39] <GiabboO> i found this one[19:50:42] <cpm> +rob0[19:50:44] <cpm> hmmm[19:50:45] <GiabboO> lol[19:50:46] <cpm> didn't work[19:51:08] <GiabboO> the delimiter will be added at the end of my receipient name ?[19:51:44] <GiabboO> and, another thing, will amavis add it only in case it detect a spam message ?[19:52:17] <GiabboO> ahh[19:52:34] <GiabboO> ok i can try ;)[19:53:41] <GiabboO> $addr_extension_spam = 'spam';[19:53:42] <GiabboO> and[19:53:48] <GiabboO> $recipient_delimiter = '-';[19:53:51] *** amrit|zzz is now known as amrit|wrk[19:54:46] *** muecke77 has joined #Postfix[19:59:20] <GiabboO> thanks rob0[19:59:28] <GiabboO> ill try to make it work as you say[20:02:53] <hparker> May 13 13:16:20 mail postfix/smtpd[15246]: fatal: unsupported dictionary type: pcre[20:02:54] *** madrescher has joined #postfix[20:02:59] <hparker> arrgghhh!!![20:03:47] * cpm laughs into his sleeve[20:04:01] <cpm> just use the regex[20:04:07] * hparker pours his shot of bourbon on cpm[20:04:11] <cpm> or a postfix from this millennium[20:04:11] <rob0> oh damn[20:04:24] <hparker> cpm: 2.5.2 :P[20:04:26] <rob0> He's trying to build it on Centos[20:04:27] <cpm> hey! that's alcohol abuse![20:04:34] <rob0> sysadmin abuse[20:04:35] <hparker> that it is![20:04:50] <hparker> damnit, why can't this be easy?!?!?![20:04:55] <cpm> it is easy[20:05:05] <hparker> ok... how do I fix that?[20:05:06] * cpm pours hparker another bourbon[20:05:11] <rob0> what did you use for the make makefiles line?[20:05:14] <hparker> cpm: Thanks![20:05:19] <hparker> make[20:05:19] <cpm> what's your makefile line?[20:05:21] <hparker> heh[20:05:24] <cpm> hehehehe[20:05:46] <hparker> Guess it couldn't find something :P[20:05:51] * rob0 buys hparker a copy of the PCRE_README[20:05:52] <hparker> Any clue what?[20:06:12] <rob0> on a civilized OS you never need that one[20:06:21] <hparker> Well, yeah[20:06:45] <hparker> I also wouldn't of been up all night and not have this thing done yet[20:07:15] * hparker sends yum searching[20:07:17] <rob0> "CCARGS=-DHAS_PCRE"[20:07:35] <hparker> ....[20:07:38] <rob0> "AUXLIBS=-lpcre"[20:07:53] <rob0> assuming it can FIND pcre[20:08:02] <rob0> um[20:08:22] <hparker> yum install pcre pcre-devel :P[20:08:25] <rob0> ls -l /usr/include/pcre.h[20:08:29] <rob0> there you go[20:08:37] <cpm> By default, PCRE support is compiled in when the \fBpcre-config\fR utility is installed[20:08:47] *** kreg-lt has joined #postfix[20:09:09] <cpm> can dhas pcre?[20:09:23] * hparker can has pcre now?[20:09:50] * rob0 crosses finger[20:09:52] <rob0> s[20:09:59] <hparker> Do i need to futz with the make line, or will it automjically do it for me?[20:10:11] <rob0> try it automagicafully[20:10:25] * cpm always futzes with the argument for paths[20:10:25] <hparker> \o/[20:10:33] <cpm> but try it[20:10:57] * hparker makes again[20:10:58] * cpm is we Todd it.[20:11:06] <hparker> and people say gentoo is hard....[20:11:12] <cpm> it is.[20:11:19] <hparker> Uhm... no[20:11:26] * cpm is not smart enough for gentoo[20:12:03] <hparker> It's easy compared to fighting this shit.. Which is why I left rpm distros[20:12:36] *** ribasushi has quit IRC[20:12:57] *** tshine has quit IRC[20:12:58] * cpm doesn't use rpm[20:14:41] <rob0> still no pcre?[20:14:46] <rob0> oh[20:14:46] <hparker> May 13 13:28:40 mail postfix/smtpd[19307]: fatal: unsupported dictionary type: pcre[20:14:53] <hparker> Arrgghh!!!![20:14:54] <rob0> maybe ldconfig[20:15:09] <hparker> rpm shoulda done that...[20:15:29] <rob0> yes, well, do your CCARGS and AUXLIBS[20:15:37] <hparker> lol.. sudo: ldconfig: command not found[20:15:39] <cpm> umm, what postfix are you using? (not building)[20:15:49] <rob0> 2.5.2[20:15:55] <hparker> none, POS didn't have pcre :P[20:15:56] *** CrazyFoam has quit IRC[20:16:01] <cpm> sudo? wtf is that? some kinda winlinux thing?[20:16:15] <GiabboO> rob0, im back[20:16:17] * hparker always uses sudo[20:16:24] *** tshine has joined #postfix[20:16:34] *** tshine has quit IRC[20:16:48] <cpm> sounds like you got some ubuntu on your shoe, and tracked it in all over the carpet.[20:16:54] <GiabboO> rob0, seems like amavisd is not adding "-spam" to the receipient adress[20:16:57] *** JW has joined #postfix[20:17:11] * hparker shakes his shoe at cpm[20:17:20] *** CrazyFoam has joined #postfix[20:17:30] <cpm> hparker, I'm just leery of your pid there, 19307, doesn't look like a nice fresh pid[20:17:43] <JW> Hey, I recently added TLS suport to my postfix with these instructions: http://www.tummy.com/Products/vpostmaster/recipes/selfsignedtls.html[20:17:52] <JW> Now, when I try to send mail, I get an error:[20:17:58] <cpm> you are quite sure you are running the smtpd you just built, promise?[20:18:05] <JW> 5.7.0 Error: authentication failed: authentication failure[20:18:07] <hparker> cpm: I've been at this since ... Well... almost 24 hours now :P[20:18:28] <rob0> can't count your nap time[20:18:35] <JW> It seems like adding TLS has diabled the ability to postfix to handle PLAIN auth - does anyone know what to do about this?[20:18:39] <cpm> nope, nor the time at the bar[20:19:33] *** jlund has joined #postfix[20:21:30] <hparker> Ok, been at this To Damn Long... almost outta bourbon :/[20:21:41] <kreg-lt> anyone care to point me in the right direction? i wanna send all my mail to another relay host. am i looking to setup a transport map?[20:22:08] <cpm> hparker,[20:22:15] *** JW has quit IRC[20:22:16] <cpm> okay, 'which postfix' ?[20:23:02] <hparker> yay![20:23:13] <cpm> ?[20:23:23] <hparker> Other errors, but I can deal with those ;)[20:23:32] <cpm> what was it?[20:23:38] <hparker> Missing files from the *gasp* backup[20:23:39] <rob0> something simple[20:23:59] <hparker> I had to add the shit rob0 said to[20:24:20] <cpm> err, yeah[20:24:23] <rob0> ouch, it sucks when I'm right[20:24:33] <rob0> I only get more obnoxious.[20:24:34] <cpm> did we assume you had already done that?[20:24:39] <cpm> dhas_rob0[20:24:55] * cpm pouts[20:25:02] <hparker> Well, i'm used to a sane distro that does The Right Thing[20:25:25] <sysmonk> ye, like windows[20:25:31] <sysmonk> or debian with his openssl buggy :P[20:25:46] <hparker> ......[20:25:57] <hparker> centos is a PITA[20:26:04] <cpm> it is[20:26:09] <cpm> it's also /old/[20:26:15] * cpm can't take the dust[20:27:09] <hparker> Well, it's 5.1[20:27:39] <sysmonk> really? i've heard mandrake is >10[20:27:42] <sysmonk> so mandrake is newer![20:27:46] <sysmonk> err, mandriva or whatever[20:27:47] <hparker> and i'm installing it for a reason... this ISP has a fire-n-forget mentality as far as servers go[20:27:53] <seekwill> CentOS rocks!!!![20:27:59] <sysmonk> and and freebsd is newer than centos cos it's 7.0 already[20:28:02] <sysmonk> and 8.0 (-CURRENT)[20:28:12] <hparker> s/rocks/is full of rocks[20:28:17] <sysmonk> heh[20:28:17] <kreg-lt> ?[20:28:20] <seekwill> :([20:28:23] * hparker thwaps sysmonk[20:28:24] <sysmonk> hparker: what's your distro?[20:28:33] <hparker> sysmonk: /whois me[20:28:38] <kreg-lt> is relayhost used for relaying "all" mail?[20:28:44] <kreg-lt> er, all non local mail i mean[20:28:53] <seekwill> Gentoo! ugh[20:29:03] <seekwill> :P[20:29:15] <kreg-lt> i want to send all my relay'd mail to a different host first before it goes out to the internet[20:29:46] <sysmonk> hparker: ah, gentoo[20:29:56] <sysmonk> hparker: atleast one step closer to bsd than any other linux distro[20:29:57] <sysmonk> ;)[20:30:17] <sysmonk> if i'd be using lunix i'd be using gentoo imho, but i don't use it at all[20:30:44] <hparker> sysmonk: Had it not worked for me I'd be running fbsd on my servers... Was tired of fighting this shit... But.. This customer at least kinda pays[20:31:08] <sysmonk> yeah i understand ya[20:31:14] <sysmonk> we have lots of stupid things on servers[20:31:19] <sysmonk> starting from Ubuntu servers[20:31:24] <hparker> w00t! It's accepting spam![20:31:26] <jduggan> fedora[20:31:27] <jduggan> ![20:31:32] <cpm> centos is fine, as long as you like building your own kernels, your own libraries, and all that.[20:31:43] * hparker shoves jduggan back in his cave ;)[20:31:44] <seekwill> cpm: You do that on CentOS? Why?[20:32:11] <cpm> seekwill, so I can run stuff from this millennium[20:32:15] <seekwill> cpm: That's sort of the opposite of the "rhel/centos way"[20:32:26] <seekwill> cpm: What can't you run on 5.1?[20:32:33] <hparker> May 13 13:45:20 mail postfix/smtpd[23898]: warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in[20:32:56] <hparker> rob0: Any clue wtf I have to do with dovecot on centos to make that happy?[20:33:06] *** cilly has joined #postfix[20:33:27] <GiabboO> you seems not having sasl support built in[20:33:34] <kreg-lt> hparker: postfix in cent doesn't have sasl support?[20:33:36] <GiabboO> rob0 dude... any suggestion why amavis is not replacing the receipient ?[20:33:37] <hparker> Well, yeah....[20:33:43] <rob0> Fortunately you don't have to compile in anything for dovecot SASL.[20:33:49] <kreg-lt> i use sasl/postfix/dovecot on a cent5[20:33:58] <kreg-lt> i don't recall adding any 3rd party repos[20:34:11] <rob0> just set the smtpd_sasl_type I guess[20:34:17] <hparker> kreg-lt: Let's not talk about postfix that comes with centos.. If it was ok I woulda been asleep hours ago :P[20:34:24] <kreg-lt> lol[20:34:25] <kreg-lt> true[20:34:26] <kreg-lt> true[20:34:29] <sysmonk> kreg-lt: what does 'lt' mean in your nick?[20:34:32] <kreg-lt> the most featureless postfix out there[20:34:37] <kreg-lt> laptop[20:34:39] <hparker> kreg-lt: Compiling 2.5.2[20:34:41] <sysmonk> ah[20:34:45] <rob0> Lieutenant[20:34:50] <sysmonk> i must have asked you that question already a few times :P[20:34:53] <kreg-lt> i mean, the new light version of kreg. less calories[20:34:57] * hparker reads more[20:34:58] <rob0> ahh[20:35:06] <rob0> !sasl[20:35:07] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[20:35:24] <rob0> everything you need (including dovecot.conf) is in there[20:35:25] *** KaZeR has joined #postfix[20:35:55] <kreg-lt> only prob i had with dovecot was it didn't know what a CA cert was. the newer verison in cent 5 included support for it[20:35:56] <jduggan> sysmonk: not lithuania ;)[20:35:58] <hparker> It's in this text file too I'm guessing :P[20:36:12] <sysmonk> jduggan: :P[20:37:54] <GiabboO> rob0, you dont have anyelse to tell me ? :|[20:38:11] *** donspaulding has joined #postfix[20:38:51] <hparker> lol... I musta turned my cell phone off :P[20:39:01] <hparker> Oh, outta battery[20:39:18] <hparker> wore it out talking to rob0[20:39:33] <hparker> talking heads....[20:40:17] <sysmonk> hparker: hah, you were on the phone with rob0 ? :)[20:40:30] <seekwill> What's rob0's number?[20:40:39] <sysmonk> seekwill: 1-800-postfix[20:40:47] <seekwill> cool[20:41:06] <donspaulding> 1-FIX-postfix[20:41:24] <hparker> lol... 5 messages from the ISP... guess I ought to call them :P[20:41:48] <cpm> yipes[20:42:08] <jduggan> your ISP sms's you?[20:42:39] <hparker> voicemail[20:42:52] <jduggan> ah[20:43:20] <hparker> smtpd.c:4788: error: ‘dovecot’ undeclared (first use in this function)[20:43:25] <hparker> ARRGGHHH!!![20:43:29] *** githogori has joined #postfix[20:44:14] *** _Siegfried has joined #postfix[20:44:18] <cpm> hparker, 'which postfix'?[20:44:22] <GiabboO> im not lucky with mail filtering :D[20:44:49] <hparker> lol... /usr/bin/which: no postfix in (/usr/local/bin:/bin:/usr/bin:/home/hparker/bin)[20:44:59] <Knoedel2> !virtual_mailbox_domains[20:45:00] <knoba> Knoedel2: "virtual_mailbox_domains" : a configuration parameter in the main.cf: The list of domains that are by default delivered via the $virtual_transport mail delivery transport. This list uses the same syntax as the mydestination configuration parameter.[20:45:19] *** danbeck_ has joined #postfix[20:45:21] <cpm> hparker, do you have any idea at all which postfix you are using?[20:45:29] <cpm> how many do you have?[20:45:36] <hparker> /usr/sbin/postfix[20:45:38] <cpm> k[20:45:44] <cpm> ldd /usr/sbin/postfix[20:45:51] <sysmonk> what's the base problem?[20:45:52] <cpm> anything from dovecot ?[20:46:15] <hparker> sysmonk: centos :P[20:46:27] <sysmonk> hparker: uh, then a bit further :P[20:46:36] <sysmonk> 2-nd level problem :P[20:46:52] <cpm> :)[20:47:04] <Knoedel2> !cheatsheet[20:47:04] <knoba> Knoedel2: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[20:47:26] <hparker> Argghhh!!![20:47:42] <Knoedel2> do not list domain xyz.de in BOTH mydestination and virtual_mailbox_domains -> what means this error ?[20:48:04] <hparker> there's dovecot... no dovecot-devel or anything.... ARRGGHHHH[20:48:22] <hparker> Knoedel2: Just what it says, don't do that[20:48:24] <rob0> GiabboO: The 2 times I set up amavisd-new, it did append the -spam to usernames.[20:48:37] *** Jax has joined #postfix[20:50:41] <GiabboO> mine doesnt[20:50:48] <GiabboO> it's adding ***SPAM*** to subject[20:50:56] <GiabboO> but not to the recipient :S[20:53:06] <cpm> look to your amavis.conf[20:53:17] <sysmonk> *cough* amavisd.conf[20:53:18] * cpm thinks someone is very very far behind in his reading[20:53:53] <Knoedel2> !append_dot_mydomain[20:53:53] <knoba> Knoedel2: "append_dot_mydomain" : a configuration parameter in the main.cf: Append the string ".$mydomain" to addresses that have no ".domain" information.[20:54:02] <sysmonk> *cough* @addr_extension_spam_maps *cough* $recipient_delimiter *cough*[20:54:13] <GiabboO> lol[20:54:19] *** Mousey has joined #postfix[20:54:23] <Mousey> hi[20:54:38] <GiabboO> maybe my amavis is old[20:54:42] <GiabboO> but i am using it like this[20:54:57] <sysmonk> did you try turning it on ?[20:55:00] <sysmonk> i mean, amavisd[20:55:00] <sysmonk> ;)[20:55:08] <jduggan> rather than meaning, to rub it[20:55:10] <GiabboO> $recipient_delimiter = '-';[20:55:20] <GiabboO> $addr_extension_spam = 'spam';[20:55:22] <Mousey> I'm trying to get mail into postfix->lmtp->cyrus, and in my logs i'm getting "com[/var/run/cyrus/socket/lmtp]: No such file or directory)" anybody know what i'm doing wrong?[20:55:23] <GiabboO> i have this[20:55:27] <GiabboO> is it wrong ?[20:55:33] <Mousey> the socket does indeed exist, and permissions don't seem to be wrong[20:56:17] <GiabboO> amavisd-new-20030616-p10[20:56:21] <GiabboO> im using this one[20:56:21] <GiabboO> :D[20:56:36] *** Siegfried has quit IRC[20:56:36] <sysmonk> GiabboO: you know that default postfix's delimiter is + right?[20:56:43] <GiabboO> yes[20:56:46] *** _Siegfried is now known as Siegfried[20:56:46] <sysmonk> good[20:56:53] <sysmonk> GiabboO: no change that $ to a @[20:56:56] <sysmonk> now*[20:57:02] <sysmonk> (in addr_extension_spam_maps )[20:57:12] <sysmonk> ah, it's not even addr_extension_spam_maps, it addr_extension_spam ...[20:57:24] <GiabboO> i can try to change that[20:57:25] <sysmonk> _spam_maps here[20:57:32] <GiabboO> maybe my version is older[20:57:48] <sysmonk> Mousey: is that file there? if it is, are you runing chroot?[20:58:38] <Mousey> yes the lmtp (socket) file exists, and i can't figure out where to determine if postfix is running as root[20:59:11] <GiabboO> anyway i had recipient_delimiter = - in my main.cf[20:59:19] <Mousey> it'd debian, and i vaguely remember reading somewhere that it might be running chrooted by default?[20:59:24] <sysmonk> Mousey: socket exists != the path out there exists[20:59:38] <GiabboO> should I try updating my amavisd-new ?[20:59:38] <sysmonk> Mousey: and, postconf -n + main.cf & pastebin it[20:59:44] <bpgoldsb> GiabboO: any luck?[20:59:49] <GiabboO> bpgoldsb![20:59:50] <Mousey> sysmonk: ok. if it's chrooted then it would explain why it can't find the socket[20:59:57] <Mousey> oh[20:59:58] <bpgoldsb> I've been busy with this Mailscanner crap these 'postfix' people got me using[21:00:06] <hparker> fuck!![21:00:12] <Dominian> follow the docs[21:00:15] <Dominian> easy enough[21:00:17] <sysmonk> GiabboO: you're just 5-years-outdated...[21:00:23] <bpgoldsb> Dominian: Talking to me?[21:00:24] <rob0> hparker potty mouth potty mouth!![21:00:25] <GiabboO> bpgoldsb, the gentle guys over here are trying to help me with virtual(8) to move my mails[21:00:30] <GiabboO> ok i try sysmonk[21:00:33] <hparker> There's no dovecot sasl!?!?!?[21:00:34] <Dominian> bpgoldsb: sure ;)[21:00:39] <Dominian> !sasl[21:00:40] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[21:00:47] <rob0> hparker: Dovecot version?[21:00:52] *** Draecos has joined #postfix[21:00:55] <bpgoldsb> Dovecot does SASL[21:01:07] <bpgoldsb> I mean it can be a SASL server, iirc[21:01:14] <cpm> yup, sure can.[21:01:19] <bpgoldsb> I would highly suspect it can be a SASL client too[21:01:26] <hparker> Not in centos![21:01:32] <Dominian> heh[21:01:39] <hparker> fuck![21:01:39] <rob0> socket permission problems[21:01:42] <bpgoldsb> Moving from Courier -> Dovecot was the best thing I've done in the last year[21:01:51] <GiabboO> im updating :P[21:02:05] <bpgoldsb> hparker: Would you like a link to a Debian Install CD? :)[21:02:16] * hparker calls the boss[21:02:20] * cpm has great fondness for Courier, but I expect even the courier folks are using dovecot these days[21:02:36] <bpgoldsb> Courier was great until Dovecot showed up.[21:02:55] <bpgoldsb> Speaking of Dovecot, anyone ever find good docs for Sieve/[21:02:56] <bpgoldsb> ?[21:03:03] <bpgoldsb> (RFC does not count)[21:03:06] <cpm> well, , , when dovecot 1.1 showed up, yeah, I'd agree[21:03:44] <sysmonk> bpgoldsb: i.e. ?[21:03:55] <sysmonk> well, i'm using cyrus and i love it[21:04:11] <bpgoldsb> sysmonk: I like it, but I miss some of the functionality of maildrop[21:04:17] <cpm> all cyrus folks love cyrus[21:04:22] <bpgoldsb> Like being able to do things based on date/time[21:04:25] * cpm isn't smart enough for cyrus either[21:04:36] *** EasilyOdd has joined #postfix[21:04:56] <bpgoldsb> Like with maildrop, I can easily deliver to a folder with todays date[21:04:58] *** cilly has quit IRC[21:05:05] <bpgoldsb> I don't think I can do that with sieve[21:05:40] <bpgoldsb> !header_checks[21:05:40] <knoba> bpgoldsb: "header_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.[21:06:04] <bpgoldsb> Which comes first, header_checks or body_checks? Or is it based on order in the conf file?[21:07:08] <Knoedel2> bpgoldsb: !cheatsheet[21:07:16] <bpgoldsb> !cheatsheet[21:07:17] <knoba> bpgoldsb: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[21:07:27] <bpgoldsb> knoba: <3[21:07:56] *** stefan_ has quit IRC[21:20:16] <Mousey> thanks y'all[21:20:18] *** Mousey has left #postfix[21:24:12] *** muecke77 has left #Postfix[21:24:15] *** EasilyOdd has quit IRC[21:28:44] <GiabboO> yes![21:28:54] <GiabboO> sysmonk, with the new amavis it works!![21:29:06] <GiabboO> im sure updating courier-suite it would work even maildrop[21:29:16] <GiabboO> now I have a question[21:29:27] *** ecomp has left #postfix[21:29:32] <GiabboO> finally i get the recepient name changed by amavisd[21:29:55] <GiabboO> should I duplicate all mailboxes entries in the virtual maps (mysql table)[21:30:24] <GiabboO> or i can use something else to query the db in way to get back the -spam mail user and the /.Junk/ folder ?[21:31:10] <Lars_G> Hi all.[21:31:16] <GiabboO> hi Lars_G[21:31:40] <Lars_G> Question, when a smtp server receives an email satisfactorily it usually responds an ok and indicates what ID the mail was dropped under in it's side.[21:31:57] <Lars_G> is there no way to make postfix log the id the receiving server mentioned when relying out?[21:32:17] <GiabboO> bpgoldsb, do you know a trick about it ?[21:32:35] <GiabboO> sysmonk ?[21:41:23] *** vertigo- has joined #postfix[21:41:35] *** vertigo- is now known as vertigo[21:41:50] <GiabboO> bpgoldsb you there ?[21:42:06] <bpgoldsb> Somewhat. Busy with some real work :|[21:42:15] <GiabboO> sorry[21:42:22] *** vertigo is now known as vertigo_[21:42:27] <GiabboO> did you get what am asking for ?[21:42:46] *** vertigo_ is now known as vertigo-[21:44:48] *** cpm has quit IRC[21:47:36] *** stalker314314 has joined #postfix[21:48:30] *** carl- has joined #postfix[21:49:43] <stalker314314> i have very simple question, probably you hear every day - relay access denied[21:50:02] <stalker314314> i tried everythong found on google, have anyone have any other ideas[21:50:34] <stalker314314> i have no-ip adress and my provider allow me to send mail throw his smtp, so it's ok there[21:50:55] <stalker314314> i enabled 'enable user auth' in thunderbird[21:51:16] <stalker314314> mynetworks is 127.0.0.0/8 and 192.168.0.0/24[21:51:44] <stalker314314> mydestination is empty (is it ok?)[21:52:31] <stalker314314> as soon as I enter rcpt to: ... in telnet, it drops that error[21:53:20] * hparker wonders why he's hacking on this shit and doesn't know were his family is ...[21:53:24] *** danbeck_ has quit IRC[21:55:39] * hparker screams[21:57:22] <stalker314314> it's probably something very, very simple, is my question so retarded noone wants to answer:)[22:01:55] *** carl- has quit IRC[22:02:04] <rob0> From what IP address are you doing this telnet to server:25?[22:03:04] <stalker314314> postfix and me is on same machine (telnet localhost 25)[22:03:31] <rob0> postconf mynetworks[22:03:38] <stalker314314> public ip is some dhcp, if that matters[22:03:51] <GiabboO> rob0, do you know a way to customize the mysql query to get virtual mailboxes ?[22:04:05] <stalker314314> mynetworks = 127.0.0.0/8, 192.168.0.0/24, 77.xxx.xxx.0/23[22:04:19] <GiabboO> rob0, I would like to move spam mails to .Junk without duplicating entries for mailboxes and usernames[22:04:27] <rob0> postconf smtpd_recipient_restrictions[22:04:44] <GiabboO> rob0, I think it could be possible with a virtual_mailbox_maps array[22:04:50] <stalker314314> smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit[22:05:25] <rob0> !relay_denied[22:05:26] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[22:05:38] <rob0> Stalk, no idea at this point.[22:06:10] <stalker314314> i'm not fqdn since i'm on dhcp, and i'm sending to gmail, if that matters[22:06:46] <rob0> If you're in mynetworks, and permit_mynetworks is in smtpd_recipient_restrictions, no, it does not matter.[22:07:19] <rob0> Relay access denied means you were rejected by reject_unauth_destination[22:10:31] <stalker314314> if I type from telnet 'auth', it pops me this: 503 5.5.1 Error: authentication not enabled[22:10:35] <stalker314314> not enabled?[22:11:03] <stalker314314> i somehow think it's not normal?[22:12:36] *** carl- has joined #postfix[22:13:36] *** rcsu has quit IRC[22:21:42] *** hever has joined #postfix[22:22:06] *** stalker314314 has quit IRC[22:22:14] *** Fallenou has joined #postfix[22:23:12] *** hever has quit IRC[22:28:58] <GiabboO> rob0, do you know a way to modify the mysql query for virtual_mailbox_maps ?[22:29:23] <cedric3> hi who can help me please i have a postfix problem when i try to use pop to receiv my mails i have on the logourierpop3login: TIMEOUT ..... i don't know why[22:29:26] <cedric3> thanks[22:35:04] *** GiabboO is now known as GiabboO`away[22:35:17] *** carl- has quit IRC[22:38:02] *** carl- has joined #postfix[22:39:46] *** Jax has quit IRC[22:41:18] <cedric3> nobodyt ?.[22:43:56] <roe> cedric3, that is not a postfix problem[22:45:25] *** UQlev has joined #postfix[22:45:40] <cedric3> roe : what is the probleme please?[22:46:01] <roe> it is a problem with your pop3 server[22:46:40] <cedric3> why when i try to send or receiv the mail it not work it begin after it break[22:47:59] <cedric3> roe : i see on the log the EHLO after the authentication ok after the client receiv a timeout[22:50:51] <cedric3> roe : i have the same error with smtp[22:57:34] *** pitakill has joined #postfix[22:58:29] *** pUmkInhEd has joined #postfix[22:58:33] <pUmkInhEd> hello #postfix[22:59:02] <pUmkInhEd> quick q, i use postfix to relay_domains, is there a way to change the To: address on the envelope as it passes through postfix?[22:59:16] <pUmkInhEd> i tried alias but that only works on local recipients[23:01:36] *** V1LLA1N has joined #postfix[23:01:37] *** jellis-real has quit IRC[23:01:41] <V1LLA1N> hello[23:01:59] <V1LLA1N> i'm using postgrey and i'm expecting a very important e-mail that still hasn't arrived yet[23:02:12] <V1LLA1N> actually it didn't arrive the first time so i had to have it sent again and i'm still waiting for it[23:02:22] <V1LLA1N> is there anyway to see if it's being held back, denied or something?[23:02:23] *** UQlev has quit IRC[23:02:39] <V1LLA1N> s/arrived yet/arrived[23:02:42] <pUmkInhEd> V1LLA1N: if you have access to the maillog then just check that, it should indicate the greylisting[23:02:52] <V1LLA1N> thanks pUmkInhEd[23:02:59] <cedric3> nobody have any idea?[23:03:05] <pUmkInhEd> cat /var/log/maillog | grep myveryimptdomain[23:04:29] *** carl- has quit IRC[23:08:18] *** jtsigma has joined #postfix[23:08:40] <pUmkInhEd> cedric3: repost question?[23:09:10] <jtsigma> i have a situation where i have only 1 MX , and it runs postfix/ldap/courierimapd/maildrop/spamassassin . I have two objectives: 1) split spamassasin off to an edge mta 2) have that mta also act as a store and forward mailserver. what are you recommendations?[23:09:55] <V1LLA1N> pUmkInhEd: is jusr grep myveryimptdomain /var/log/maillog =)[23:10:19] <jtsigma> thus completely bypassing the spamassasin on the primary MX[23:10:34] <V1LLA1N> yeah damn![23:10:38] <V1LLA1N> it got rejected![23:11:18] *** Haris has quit IRC[23:11:23] <V1LLA1N> May 13 22:51:55 nigga postfix/smtpd[37863]: NOQUEUE: reject: RCPT from unknown[65.167.65.50]: 450 4.2.0 <v1lla1n@mydomain>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/mydomain.html; from=<noreply at performics dot com> to=<v1lla1n@mydomain> proto=ESMTP helo=<bh1.performics.com>[23:11:28] <V1LLA1N> how do i unreject it?[23:12:12] <V1LLA1N> oh[23:13:27] <cedric3> pUmkInhEd, : i see on the log the EHLO after the authentication ok after the client receiv a timeout i don(t know why when i try to receiv the mail (pop3) i have the error message : the command data was aborded the connection is reinitialised[23:14:38] <cedric3> courierpop3login: TIMEOUT, user=.......top=0, retr=0, time=300[23:15:14] *** j_s has quit IRC[23:17:53] <pUmkInhEd> hrm, that doesnt sound like a postfix problem[23:18:23] <cedric3> pUmkInhEd : have you any idea? because now i haven't[23:18:27] *** GiabboO`away is now known as GiabboO[23:18:32] *** goldfischli is now known as goldfisch[23:18:33] <cedric3> i try to search a solution but nothink[23:19:22] *** goldfisch is now known as goldfischli[23:20:25] <pUmkInhEd> maybe someone in #courier can help[23:20:52] <GiabboO> hey im back[23:21:07] <GiabboO> is there a way to alter the mysql query for virtual_mailbox_maps look up ?[23:22:17] *** tessier_ has left #postfix[23:23:50] *** tshine has joined #postfix[23:25:23] *** cilly has joined #postfix[23:27:11] <cedric3> pUmkInhEd : thanks but on the courrier channel there a 6 users not a lot of[23:28:16] <jtsigma> i have a situation where i have only 1 MX , and it runs postfix/ldap/courierimapd/maildrop/spamassassin . I have two objectives: 1) split spamassasin off to an edge mta 2) have that mta also act as a store and forward mailserver. what are you recommendations?[23:28:35] *** Fallenou[oqp] has joined #postfix[23:28:56] *** Fallenou has quit IRC[23:28:57] *** Fallenou[oqp] is now known as Fallenou[23:29:53] *** hemry has quit IRC[23:34:12] *** picachu has joined #postfix[23:34:24] <picachu> haha . 193 users vs 31 on qmail[23:34:34] <picachu> that's the popularity[23:34:49] <picachu> vs 29 on sendmail[23:34:57] <picachu> yeah , SIMPLICITY is the key[23:35:10] <picachu> even if you're nuclear physician, you want simplicity[23:35:31] <roe> I wish you could convince the debian maintainers of that, they package exim by default.[23:35:32] <picachu> thanks IBM[23:35:45] <picachu> guess why i'm here on freenode[23:35:48] <picachu> fuckin qmail[23:36:00] <jtsigma> if i setup postfix as an smtp gateway, will it also mailbag mail when the internal mail server is down?[23:36:18] <roe> mailbag?[23:37:01] *** Jax has joined #postfix[23:37:05] <picachu> jtsigma, even if all servers are down, the sender will try sending mail after some time[23:37:14] <picachu> assuming it's the MTA, not MUA[23:37:26] <picachu> or mail client[23:38:16] <picachu> i think, mail is the most reliable communication mechanism ever created[23:38:20] <jtsigma> ok but let's say the gateway is up but the internal mail host is down... the gateway will still queue up mail until internal mail host is iup right?[23:38:24] <jtsigma> most reliable?[23:38:25] <jtsigma> hehehe[23:38:28] <jtsigma> i dunno abut THAT[23:38:42] <picachu> yeah, it's very reliable if you configure all properly[23:38:56] <jtsigma> ok but let's say the gateway is up but the internal mail host is down... the gateway will still queue up mail until internal mail host is iup right?[23:39:04] <picachu> yeah, right[23:39:07] <jtsigma> ok coo[23:39:13] <picachu> install and try it yourself[23:39:19] <jtsigma> k[23:40:40] *** Draecos has quit IRC[23:40:55] *** Draecos has joined #postfix[23:44:27] *** cilly has quit IRC[23:46:37] *** jtsigma has quit IRC[23:48:04] *** Zblakany has quit IRC[23:51:52] *** picachu has quit IRC[23:52:27] *** xpoint has joined #postfix[23:54:20] *** tshine has quit IRC[23:56:11] *** hparker has quit IRC