May 15, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 15, 2008 [00:00:36] *** Zblakany has quit IRC[00:01:12] *** donspaulding has joined #postfix[00:01:18] <donspaulding> anyone using python-milter[00:01:19] <donspaulding> ?[00:02:39] *** nohelphere has left #postfix[00:04:17] <xpoint> donspaulding, link ?[00:04:36] <donspaulding> http://www.bmsi.com/python/milter.html[00:04:47] * xpoint dont know what it does currently[00:07:30] *** Siegfried has quit IRC[00:07:59] <xpoint> tmda should not send to the sender but ask recipient if wants to reciieve the spam or not[00:09:25] <xpoint> donspaulding, policyd v2 is more like what i like, but content can be fun too[00:10:03] <donspaulding> xpoint: not sure what that has to do with python-milter, but OK.[00:10:59] <donspaulding> xpoint: FWIW, I'm looking for something that will let PF pass my python program a message, then continue sending it to the queue ASAP. My python program just needs to log the received message to a db.[00:11:15] <xpoint> its silly to deploy tmda in milter when spf/dkim is not checked[00:12:10] <donspaulding> not sure what you mean by "tmda"[00:12:29] <xpoint> why not recipient_bcc_maps ?[00:13:03] *** UQlev has quit IRC[00:13:12] <xpoint> the milter page shows something in tmda[00:14:15] <donspaulding> the _bcc options all require me to setup a different mail server, which automatically doubles my bandwidth requirements.[00:14:50] <donspaulding> unless there's some way to tell the _bcc directives to send email to 'myloggingacct@localhost:8025'[00:15:10] <donspaulding> and I'm pretty sure there isn't[00:16:28] <donspaulding> is tmda "The Message Delivery Architecture"?[00:17:31] <xpoint> man transport_maps[00:18:00] <donspaulding> ok[00:18:24] <xpoint> in the map file have the full email as key and have server as [127.0.0.1]:80.25[00:18:36] <xpoint> in the map file have the full email as key and have server as [127.0.0.1]:8025[00:19:13] <xpoint> make this in mysql and make 2 mysql maps for this qury[00:19:55] <xpoint> recipient_bcc_maps and transport_maps must be total in sync ![00:20:29] <xpoint> got it ?[00:20:35] <donspaulding> not really :-/[00:20:41] <xpoint> :-)[00:20:56] <donspaulding> in main.cf I should have always_bcc=myloggingacct@localhost[00:20:59] <xpoint> how can i help more ?[00:21:38] <donspaulding> then in transport_maps (file?) have myloggingacct@localhost: [127.0.0.1]:8025[00:21:43] <xpoint> ah yes this is simplier way, but then add that email in a transport_map olso[00:22:09] <xpoint> yes this will do olso[00:22:10] <donspaulding> and that won't screw up any of my current setup with virtual_alias_maps and virtual_alias_domains?[00:22:40] <donspaulding> as in, mail destined to a virtual_alias_map won't try to use the localhost transport, right?[00:22:58] <xpoint> atleaset not if that email is not used for anything else, make sure it can be sent to from outside btw[00:23:24] <donspaulding> the transport_maps is a fallback in case it can't find real at destination dot addr in virtual_alias_maps, am I understanding correctly?[00:23:38] <xpoint> no[00:23:52] <donspaulding> didn't think so :-)[00:23:55] <xpoint> transport maps does only hold next hop[00:24:27] <xpoint> where there is a lda to handle next step[00:24:40] <donspaulding> so I would need to specify the next hop for every single virtual_alias_map that I have?[00:24:45] <xpoint> the lda can be a pipe or a python :)[00:25:16] <xpoint> no, the virtual alias can send to the transport email[00:25:35] <xpoint> as a copy[00:25:49] <donspaulding> really, how?[00:26:24] <xpoint> foo@virtual: user1 at domain dot tld, python@localhost[00:26:48] <xpoint> or in mysql[00:26:59] <xpoint> foo@virtual user ...[00:27:41] <xpoint> when mails comming to foo it will be delivered to all after :[00:28:14] <donspaulding> so I would have two different rows for foo@virtual in my pgsql db?[00:28:24] <xpoint> no[00:28:35] <xpoint> just make a good map[00:28:56] <xpoint> in terms of querty to build the needed results[00:29:30] <donspaulding> ?[00:29:51] <donspaulding> in my SELECT you mean? do what, string manipulation?[00:30:06] <xpoint> postfix cant have 2 results from mysql[00:30:24] <xpoint> yes[00:30:42] <xpoint> SELECT CONCAT something[00:31:31] <xpoint> first select should give results to the transport[00:31:46] <xpoint> next should give the result for bcc[00:32:06] <xpoint> if the key is in virtual_alias[00:33:11] <donspaulding> wow, I think the longer we talk, the less I understand.[00:33:32] <donspaulding> OK, so am I using always_bcc or putting two addresses in the virtual_alias table?[00:33:34] <donspaulding> or both?[00:34:29] <xpoint> yes that will make it, since postfix will try deliver to 2 email then[00:34:58] <xpoint> but it still need the transport map to define the next hop :-)[00:36:44] <donspaulding> to recap, in main.cf: virtual_alias_maps=my_pgsql_query.cf , always_bcc=python@localhost, transport_maps=/etc/postfix/transports[00:37:17] <donspaulding> my_pgsql_query.cf takes virtual at virtdomain dot com and returns real at realdomain dot com[00:37:33] <donspaulding> postfix then attempts to bcc python@localhost[00:38:01] <xpoint> yes that is my idear[00:38:21] <xpoint> but without always_bcc[00:38:25] <donspaulding> it looks up /etc/postfix/transports and sees that python@localhost is served by the next hop of 127.0.0.1:8025[00:38:33] <xpoint> since its done in virtual alias[00:38:53] <donspaulding> either way I still need the transport_maps though, right?[00:39:08] <xpoint> remember [] around next hop[00:39:25] <xpoint> yes[00:39:42] <xpoint> else postfix will try port 25 :-)[00:39:54] <donspaulding> so my SELECT needs to return real at realdomain dot com, python@localhost?[00:40:13] <xpoint> no just one, but you need 2 maps[00:40:27] <xpoint> one pr recipient[00:41:10] <xpoint> that select can be the virtual alias resilts[00:41:18] <donspaulding> that's the part I don't understand, how do I return two maps from pgsql?[00:42:00] <xpoint> we are good, show me the problem :-)[00:42:29] *** jra has left #postfix[00:42:37] <donspaulding> I don't want there to be a problem, there's no way for me to test these changes, it has to be on a live server[00:43:02] <donspaulding> that's why I've got 150 questions about the same thing :-)[00:43:23] <xpoint> postmap -q foo at virtual dot tld pgsql:/etc/postfix/transport_maps.cf[00:43:52] <donspaulding> the transport maps aren't in pgsql[00:43:59] <xpoint> result should be [127.0.0.1]:8025[00:44:03] <donspaulding> just virtual_alias_domains and virtual_alias_maps[00:44:16] <Trengo> you can select address,'python' from alias where...[00:44:21] <xpoint> postmap -q foo at virtual dot tld pgsql:/etc/postfix/virtual_alias_maps.cf[00:44:44] <Trengo> or you can select address from alias where... union select 'python'[00:44:45] <xpoint> result should be real at realdomain dot com, python@localhost?[00:45:53] <xpoint> donspaulding, dont add maps before you have tested results is what you need[00:46:19] <donspaulding> right, I know what you mean[00:46:32] <donspaulding> as far as using postmap goes, that is.[00:47:01] <donspaulding> how do I use just a regular file for the transport maps?[00:47:03] *** seekwill has quit IRC[00:47:20] <xpoint> postmap -q pythoin@localhost pgsql:/etc/postfix/transport_maps.cf[00:47:44] <xpoint> not the first i posted[00:47:45] *** oxtail has quit IRC[00:48:02] *** pirho has quit IRC[00:48:05] <donspaulding> transport maps can just be a local file, since it's only storing info for one key, python@localhost[00:48:25] <xpoint> yes ok[00:50:24] <donspaulding> how do I tell it that it's just a flat text file, no db type? or do I make it into some db?[00:50:34] <donspaulding> how do I tell postmap that is[00:50:36] <donspaulding> ?[00:51:21] <xpoint> you need to postmap theflatfile[00:51:54] <xpoint> and ise it with hash:/path/to/theflatfile[00:52:33] <xpoint> again test the results with[00:52:54] <xpoint> postmap -q foo hash:/path(to/theflatfile[00:53:55] <donspaulding> # postmap -q python@localhost hash:/etc/postfix/transport_maps[00:53:55] <donspaulding> [127.0.0.1]:8025[00:54:30] <donspaulding> like that?[01:01:20] <donspaulding> does real at realdomain dot com see that python@localhost gets the file as well?[01:05:40] *** lunaphyte_ has quit IRC[01:14:42] <donspaulding> if postmap -q virtual@virtdomain pgsql:/my/pgsql/file.cf returns real at real dot com, python@localhost what happens if there's no server listening on localhost:8025? does real at real dot com still get the email?[01:19:58] <Mick27> hey[01:20:02] <Mick27> amavis[3017]: (03017-03) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Permission denied) at (eval 48) line 268.[01:20:09] <Mick27> does that error speak to someone ?[01:22:55] <Supaplex> looks like it spoke to syslog.[01:23:23] <Supaplex> 'permission denied' stands out[01:25:35] *** maek has left #postfix[01:25:47] <Mick27> Weird[01:25:55] <Mick27> I'm following Signum how to[01:26:01] <Mick27> line by line[01:26:14] *** felix_da_catz has joined #postfix[01:26:29] <shasta> that's the most common problem[01:26:36] <shasta> "following howto line by line"[01:26:58] <shasta> is disabling own brain during that procedure really necessary?[01:27:13] <Mick27> na na[01:27:22] <Mick27> I'm trying to understand what I do[01:28:30] <Mick27> but I'm kind of stuck here =)[01:28:40] <shasta> basically, your whatever_user_you_run_amavis_as cannot talk to clamav via /var/run/clamav/clamd.ctl socket, because of insufficent permissions[01:30:05] <shasta> it is also unrelated to this channel[01:30:30] <Mick27> yeah wasn't sure about the channel[01:34:25] <Mick27> I think it's ok[01:34:55] <Mick27> chmod g+w clamd.ctl[01:34:57] <xpoint> donspaulding, no each recpient does not know who else see it[01:35:28] *** mirrorcolor has quit IRC[01:35:32] <xpoint> donspaulding, and the transport map is ok[01:35:50] <donspaulding> xpoint: perfect, are they two separate mails in the queue? I mean, if one fails, will the other know about it?[01:36:42] <xpoint> that part i dont know realy, but it will queue 2 mails yes, and if one fails it will bounce to sender[01:37:11] <donspaulding> xpoint: how did you know bounce to sender was going to be my next question? :-p[01:37:23] <xpoint> use redirect to control that one bounce solves it[01:37:38] <donspaulding> xpoint: I've got to go home, thanks for your help and ideas today[01:37:46] <donspaulding> very much appreciate it.[01:37:49] <xpoint> super :)[01:38:00] *** donspaulding has quit IRC[01:40:07] *** war9407 has quit IRC[01:51:30] *** netcrash_ has joined #postfix[01:52:48] <netcrash_> Hello , how can I redirect specific user email to the hold queue , trying to defer the messages is not working :s[01:55:04] *** jgiboney has joined #postfix[01:56:27] *** Siegfried has joined #postfix[01:56:59] <jgiboney> i set up a email server using http://workaround.org/articles/ispemail-etch and it seems to work great, I can get emails to go to some email accounts, but i can't send email to gmail. How can I fix that?[02:06:21] *** jgiboney has quit IRC[02:17:53] *** netcrash_ has quit IRC[02:18:17] <Mick27> jgiboney did you have any problem with clamav ?[02:21:34] *** lunaphyte_ has joined #postfix[02:21:49] *** ming_zym has joined #postfix[02:24:34] *** rhineheart_m has joined #postfix[02:24:52] <rhineheart_m> hello! can anybody here tell me what is this all about? 451 4.3.5 Server configuration problem[02:26:27] <mwalling> !debug[02:26:28] <knoba> mwalling: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .[02:26:32] <mwalling> !logs[02:26:33] <knoba> mwalling: "logs" : by default, postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf or grep -rl `postconf -h syslog_name` /var/log/* should tell you where logs are going.[02:29:33] *** loddafnir has quit IRC[02:30:15] *** quieteyes has left #postfix[02:35:36] *** xpoint has quit IRC[02:38:48] *** xpoint has joined #postfix[02:41:48] <rhineheart_m> this is the latest error I got in the log: relay=none, delay=0.28, delays=0.18/0/0/0.1, dsn=5.0.0, status=bounced (User unknown in virtual alias table)[03:01:07] *** muecke77 has joined #Postfix[03:01:26] <snappy> well the log pretty much says it all[03:01:31] <snappy> the user is not in the virtual alias table.[03:04:02] *** Fallenou has quit IRC[03:04:46] <rhineheart_m> snappy, yeah.. but in /etc/postfix/virtual file.. the user existed[03:06:14] *** sipa has left #postfix[03:08:46] *** afixaziz has joined #postfix[03:10:30] *** Tachy has joined #postfix[03:11:22] *** yetz1 has joined #postfix[03:11:32] *** yetz1 has left #postfix[03:11:34] *** yetz1 has joined #postfix[03:11:45] *** yetz1 has left #postfix[03:19:18] *** _ruben has quit IRC[03:20:57] *** muecke77 has quit IRC[03:23:17] *** Tachy_ has quit IRC[03:24:36] *** keff has quit IRC[03:24:44] *** keffer has joined #postfix[03:25:20] *** afixaziz has left #postfix[03:27:13] *** nohelpipod has joined #postfix[03:28:30] <nohelpipod> Postfix is unable to send meddages idk why tjo[03:29:53] <nohelpipod> messages*[03:31:00] <mwalling> !debug[03:31:01] <knoba> mwalling: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .[03:33:04] <rhineheart_m> !logs[03:33:05] <knoba> rhineheart_m: "logs" : by default, postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf or grep -rl `postconf -h syslog_name` /var/log/* should tell you where logs are going.[03:34:04] *** nohelpipod has quit IRC[03:34:15] *** _Siegfried has joined #postfix[03:43:24] *** xpoint has quit IRC[03:43:26] <Mick27> what can be the cause of the smtpd part of postfix that makes it listen only on localhost ?[03:43:52] <Mick27> y can log with my virtual user via telnet & localhost[03:43:55] <Mick27> or with mutt[03:44:08] <Mick27> but remotely, no way, although imap works[03:45:03] *** amrit|wrk is now known as amrit|afk[03:45:34] <rhineheart_m> Mick27, how about your firewall... it might blocking the port..:)[03:47:15] *** githogori has quit IRC[03:47:15] *** Siegfried has quit IRC[03:47:24] <Mick27> no firewall on =)[03:50:36] <Mick27> have to go[03:50:38] <Mick27> see ya[03:50:39] <Mick27> thx[03:50:40] *** Mick27 has quit IRC[04:21:17] *** sten_ has joined #postfix[04:22:04] *** pickcoder has joined #postfix[04:22:41] <sten_> Hi. I'm using postfix and Dovecot (for imap), and would like to add server-side filtering. I've read about the "sieve" protocol. What is the best way to implement sieve on Postfix+Dovecot?[04:37:49] *** keffer has quit IRC[04:48:25] *** m0f0x has joined #postfix[04:50:59] *** Zeit|awy_ has joined #postfix[04:56:22] *** keffer has joined #postfix[04:57:03] *** Zeit|awy has quit IRC[04:57:38] *** seekwill has joined #postfix[05:04:49] *** amrit|afk is now known as amrit[05:08:40] *** rhineheart_m has quit IRC[05:11:08] *** sten_ has quit IRC[05:21:43] *** keff has joined #postfix[05:24:08] *** keffer has quit IRC[05:43:33] *** keffff has joined #postfix[05:43:57] *** keffff has joined #postfix[05:44:01] *** keffff has quit IRC[05:44:16] *** keffff has joined #postfix[05:44:42] *** keffff has joined #postfix[05:45:31] *** keff has quit IRC[05:45:40] *** keffff has quit IRC[05:45:55] *** keffff has joined #postfix[05:46:47] *** keffff is now known as keffer[05:48:23] *** F|oFF has quit IRC[05:49:05] *** pickcoder has quit IRC[05:49:46] *** F|oFF has joined #postfix[05:55:48] *** githogori has joined #postfix[06:15:40] *** mirrorcolor has joined #postfix[06:31:49] *** jeffspeff has quit IRC[06:32:04] *** jeffspeff has joined #postfix[06:45:10] *** lunaphyte_ has quit IRC[06:45:13] *** lunaphyte_ has joined #postfix[06:46:06] *** _Siegfried has quit IRC[06:48:20] *** Motoko-chan has joined #postfix[06:49:01] *** lunaphyte_ has quit IRC[06:50:02] *** jonez has quit IRC[06:50:39] *** lunaphyte_ has joined #postfix[07:09:45] *** [1]felix_da_catz has joined #postfix[07:12:53] *** kk_CHN has joined #postfix[07:14:05] *** felix_da_catz has quit IRC[07:14:06] *** [1]felix_da_catz is now known as felix_da_catz[07:25:08] *** Lap_64 has joined #postfix[07:30:55] *** m0f0x has quit IRC[07:41:02] *** adaptr has quit IRC[07:51:15] *** Lap_64 has quit IRC[08:02:10] *** bhagat has joined #postfix[08:03:20] *** madrescher has joined #postfix[08:12:23] *** seekwill has quit IRC[08:19:48] *** robtone_ has joined #postfix[08:22:03] *** stefan-f has joined #postfix[08:25:16] *** csm-laptop has quit IRC[08:28:47] *** csm-laptop has joined #postfix[08:30:56] *** stony__ has joined #postfix[08:36:29] *** syneus has joined #postfix[08:42:13] *** stony_ has quit IRC[08:51:33] *** phnord has joined #postfix[08:52:22] *** [1]felix_da_catz has joined #postfix[08:55:33] *** cilly has joined #postfix[08:59:58] *** felix_da_catz has quit IRC[08:59:58] *** [1]felix_da_catz is now known as felix_da_catz[09:00:47] *** csm-laptop has quit IRC[09:01:40] *** muecke77 has joined #Postfix[09:02:08] *** muecke77 has left #Postfix[09:03:23] *** mvt has joined #postfix[09:04:31] *** csm-laptop has joined #postfix[09:04:54] *** _ruben has joined #postfix[09:05:55] *** Spec has quit IRC[09:14:39] *** cilly has quit IRC[09:16:23] *** mirrorcolor has quit IRC[09:18:07] *** af_ has joined #postfix[09:20:08] *** loddafni1 has joined #postfix[09:21:19] *** _bugz_ has quit IRC[09:21:30] *** Motoko-chan has quit IRC[09:22:45] *** amrit is now known as amrit|zzz[09:22:57] *** Fallenou has joined #postfix[09:29:28] *** felix_da_catz has quit IRC[09:31:21] *** _bugz_ has joined #postfix[09:31:28] *** suuuper has joined #postfix[09:41:07] *** ming_zym has quit IRC[09:42:04] *** ming_zym has joined #postfix[09:42:17] *** mirrorcolor has joined #postfix[09:44:44] *** kk_CHN has quit IRC[09:51:35] *** harobed has joined #postfix[09:53:37] <cedric3> hi all i have panic: myfree: corrupt or unallocated memory block i don't know why can you help me please[09:55:52] *** madrescher has quit IRC[09:58:40] *** war9407 has joined #postfix[10:01:31] *** a_ok has joined #postfix[10:05:52] <a_ok> does anyone know how I can use a a dnsbl zone as a whilelist in postgrey?[10:06:02] *** af_ has quit IRC[10:07:19] *** jonez has joined #postfix[10:10:17] *** Tjikkun_ has quit IRC[10:18:45] *** saurabhb has joined #postfix[10:27:58] *** dragonheart has joined #postfix[10:32:25] <SteveC> mmm, I think moving the backscatter to single stage rather than double (getting my exchange box to generate in-SMTP-refusals) has massively improved my postfix performance.. Now if only I could get it to stop backscatter entirely :)[10:33:24] *** madrescher has joined #postfix[10:34:52] *** ming_zym has quit IRC[10:35:22] *** ming_zym has joined #postfix[10:46:34] *** eth01 has quit IRC[10:48:59] <a_ok> does anyone know how I can use a a dnsbl zone as a whilelist in postgrey?[10:54:40] *** madrescher has quit IRC[10:57:30] *** robboplus has quit IRC[11:21:25] *** halloman has joined #postfix[11:22:27] <halloman> http://www.dasdeutschlandspiel.de/index.php?page=beg.php&id=4410[11:24:17] *** halloman has left #postfix[11:24:48] *** pa has joined #postfix[11:25:10] *** michauk0 has left #postfix[11:26:03] <cedric3> hi all i have panic: myfree: corrupt or unallocated memory block i don't know why can you help me please[11:26:23] <stefan-f> a_ok: you mean something like "check_client_access hash:/etc/postfix/rbl_whitelist" ?[11:36:40] *** rootsvr has joined #postfix[11:42:56] <a_ok> stefan-f: sorry was a away for a sec[11:43:42] *** robboplus has joined #postfix[11:45:44] <a_ok> no i mean something like maps_rbl_domains = relays.ordb.org ... however this is blacklisting, i want whitelisting with this zone nlwhitelist.dnsbl.bit.nl[11:45:51] *** eth01 has joined #postfix[11:51:30] <cedric3> nobody have any idea of this probleme ?[11:54:01] *** Pazzo has joined #postfix[11:54:46] *** Sypher has joined #postfix[11:54:58] <Sypher> hello[11:55:07] <Sypher> have a little stuff here that i dont seem to know how to solve;[11:55:32] <Sypher> when sending mail trough the "mail" command ... is there a way to specify the "from" field? Because as of now it seems like it gets send with user@publicIP[11:55:44] <Sypher> so it gets rejected from the destination mail server.[11:56:23] *** pirho has joined #postfix[11:56:28] <Zborg> did you check man mail ? I think there is one[11:56:59] <Sypher> yes i checked and there isnt[11:57:16] *** pirho has quit IRC[11:57:16] <Sypher> at least, i couldnt find it. im not running it in interactive mode so i can not use the (tilde)from command[11:58:22] *** pirho has joined #postfix[12:05:49] <Zborg> Sypher: did you try -- -f ? (sendmail option)[12:06:15] <Sypher> Zborg, one sec[12:06:53] <Sypher> so i should append that[12:06:56] <Sypher> to the mail command?[12:06:57] *** rootsvr has quit IRC[12:07:34] <Zborg> yes, followed by your sender address[12:07:41] <Sypher> its a printf "message" | mail -s "subject" destination-mail ; so it shoud be[12:07:44] <Zborg> I'm only guessing there[12:07:58] <Sypher> printf "message" mail -s "subject" destination-mail -- -f from-mail[12:08:00] <Sypher> correct?[12:08:06] <Zborg> let me check[12:08:19] <Zborg> yes[12:08:45] <Sypher> ok thanks; setted it up now trying[12:08:54] <Zborg> ok[12:08:57] <Zborg> hope it works[12:09:15] <Sypher> yep. its for nagios notifications[12:09:20] <Sypher> so yeah, i hope it too haha[12:09:25] <Zborg> :)[12:10:04] <Zborg> but you probably have a way to modify your default sender address I think, maybe in .mailrc or something[12:10:20] <Zborg> if you want, of course[12:13:40] *** Zerberus has quit IRC[12:14:18] *** hever has joined #postfix[12:17:00] <Sypher> Zborg, works thanks a lot[12:17:05] <Zborg> great :)[12:25:26] *** cpm has joined #postfix[12:27:01] *** kk_CHN has joined #postfix[12:42:30] *** cilly has joined #postfix[12:46:22] *** PhilKC has quit IRC[12:48:09] *** memic has quit IRC[12:48:20] *** Filbert has quit IRC[13:03:53] *** PhilKC has joined #Postfix[13:06:50] *** cpm has quit IRC[13:07:07] *** cpm has joined #postfix[13:08:20] *** hever has quit IRC[13:13:33] *** mirrorcolor has quit IRC[13:19:47] *** nilesh121 has joined #postfix[13:23:32] *** rootsvr has joined #postfix[13:30:36] *** Lap_64 has joined #postfix[13:32:52] *** cilly has quit IRC[13:33:00] *** nox has quit IRC[13:33:10] *** bhagat has quit IRC[13:33:35] *** tuxianer has joined #postfix[13:33:45] *** kk_CHN has quit IRC[13:34:13] *** tuxianer has quit IRC[13:34:16] *** tuxianer has joined #postfix[13:34:24] *** tuxianer has quit IRC[13:34:35] *** tuxianer has joined #postfix[13:38:02] *** ming_zym has quit IRC[13:50:31] *** zamba has joined #postfix[13:54:52] *** havvg has joined #postfix[14:12:56] <zamba> how can i set up amavis so that only incoming mails are checked for spam?[14:13:24] <zamba> where "incoming" means mail that ends their travel at the server[14:18:12] *** keffer has quit IRC[14:21:39] <Sypher> zamba, i had a similar problem, and resolved whitelisting all that came from @mydomain.com[14:22:05] *** nox has joined #postfix[14:28:31] *** jellis-real has joined #postfix[14:31:42] <zamba> Sypher: aki[14:31:49] <zamba> i guess it's no big deal, really[14:32:35] <Sypher> aki ?[14:33:16] * cpm doesn't trust his users that much[14:33:42] *** Jax has joined #postfix[14:36:23] *** nilesh121 has quit IRC[14:36:53] *** madrescher has joined #postfix[14:37:15] <zamba> "aki" = "ok" :)[14:46:12] <zamba> anyone know why clamd is pulling 100% cpu?[14:46:19] <zamba> what is it doing?[14:46:47] <shasta> man strace[14:52:33] *** Jax has quit IRC[15:00:07] *** keffer has joined #postfix[15:07:22] <Sypher> shasta, man strace[15:07:22] <Sypher> No manual entry for strace[15:07:36] <Sypher> :D[15:12:39] *** lunaphyte_ has quit IRC[15:17:00] *** geek_cl has joined #postfix[15:32:02] *** saurabhb has quit IRC[15:39:49] *** af_ has joined #postfix[15:41:06] *** m1n3s6 has joined #postfix[15:42:07] *** af_ has quit IRC[15:43:08] *** nox has quit IRC[15:43:18] *** nox has joined #postfix[15:43:57] *** m1n3s6 has quit IRC[15:48:39] <SteveC> If I have a perl script that returns 1 or 0 depending on whether a mail will be accepted by a second server (based on recipient), how could I integrate that into the $smtpd_recipient_restrictions ?[15:51:29] *** mathez has quit IRC[15:52:14] *** Tex-Twil has joined #postfix[15:54:22] *** af_ has joined #postfix[16:00:11] *** madrescher has quit IRC[16:01:01] *** madrescher has joined #postfix[16:08:29] <rob0> Steve, SMTPD_POLICY_README, a simple protocol[16:11:08] <checkers> I'm having issues with the dovecot LDA bouncing mails to an account I have setup[16:11:29] <checkers> D57EB185002C: to=<root at bluebottle dot net.au>, relay=dovecot, delay=1.4, delays=1.4/0/0/0.07, dsn=5.1.1, status=bounced (user unknown)[16:11:54] <checkers> it is just this one account (which is setup slightly differently), other accounts work fine: 4EDD81850059: to=<alex at bluebottle dot net.au>, relay=dovecot, delay=0.05, delays=0.04/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)[16:12:09] <cpm> do you have an alias set for root?[16:12:26] <checkers> # postmap -q root at bluebottle dot net.au /etc/postfix/virtmap[16:12:27] <checkers> root at bluebottle dot net.au[16:12:32] <checkers> # postmap -q root at bluebottle dot net.au /etc/postfix/virtdeliver[16:12:32] <checkers> rootemails/[16:13:00] <checkers> those files are my virtual_alias_maps and virtual_mailbox_maps respectively[16:13:01] <davidj> checkers: What about postalias?[16:13:16] <checkers> is the usage the same?[16:13:33] <davidj> Not sure, but I think that was what cpm's question meant.[16:14:00] <davidj> I hadn't thought about it, but it's possible that there's an additional layer of redirection for the root account.[16:14:34] * davidj is curious to see what checkers' problem is.[16:14:43] <checkers> let's see: alias_database = hash:/etc/aliases[16:14:59] <checkers> and inside: root: root at bluebottle dot net.au[16:17:09] <checkers> the problems began after I upgraded from the centos package to a self compile from stable source of dovecot: "1.0-1.2.rc15.el5" to "dovecot-1.0.13"[16:17:45] <checkers> my other maildirs are kept in bluebottle.net.au/<user>, and those are working fine[16:19:05] <davidj> Why not put root's mail in bluebottle.net.au/root?[16:19:19] <davidj> checkers: It could be a permissions problem.[16:19:38] *** Ryushin has joined #postfix[16:19:41] <davidj> I ran into that not too long ago.[16:20:21] <davidj> checkers: Is selinux set to enforce access controls?[16:20:34] <checkers> for the first question, because this receives mail for multiple domains, so it's just a little saner (in some ways...)[16:20:48] <checkers> selinux is not installed, and I'll poke perms now[16:21:15] <davidj> Why not put root's mail in "roots/" ?[16:21:50] <checkers> roots/root ?[16:22:24] <checkers> I call it rootemails rather than just root because all the random administrative mails go there (*master, etc) (more relative sanity)[16:22:54] <zamba> anyone got experience with clamav and can tell me why a 0.07 MB file takes nearly 20 seconds to scan?[16:22:59] <davidj> checkers: rootemails is fine, as long as it's in the same directory with bluebottle.net.au/[16:23:17] <davidj> at least, it should be. ;-)[16:23:20] *** tuxianer has quit IRC[16:23:43] <davidj> checkers: I've thought of a way that this could be a dovecot problem, and still have the error come from postfix.[16:24:20] <davidj> Connect to the imap server as rootemails with an imap client (sylpheed, for example) and try to create a folder.[16:25:07] *** UQlev has joined #postfix[16:25:43] <checkers> i'm connecting always with IMAP & thunderbird[16:25:51] <checkers> creation went fine, and I can put stuff in it[16:26:22] <roe> !tell roe hotmail[16:26:35] <checkers> permissions on the parent directory were borked, but I've changed them back and they don't seem to have changed anything[16:26:44] <checkers> parent directory being rootemails/..[16:26:54] <roe> !tell roe senderid[16:27:04] *** Tex-Twil has quit IRC[16:27:27] *** madrescher has quit IRC[16:27:47] <checkers> mm, does dovecot complain if permissions are too permissive on a maildir?[16:28:20] *** madrescher has joined #postfix[16:31:10] <davidj> checkers: ask in #dovecot ;-)[16:31:41] <davidj> I'm sorry, I may have misled you when I said I thought it was a postfix problem.[16:32:08] <davidj> checkers: Do you see the new folder when you do ls?[16:33:08] <checkers> yes[16:34:43] *** anonymouz666 has joined #postfix[16:34:55] *** muecke77 has joined #Postfix[16:34:59] <anonymouz666> anyone in here already configured postfix to relay to GMAIL?[16:35:27] * cpm chuckles[16:36:35] <anonymouz666> cpm[16:36:45] <checkers> anonymouz666: do you want to forward local or virtual users? or are you not sure?[16:37:21] <checkers> basically, just tell postfix to deliver the mail for that account to the given gmail address instead[16:38:08] <anonymouz666> my domain is using google's MX servers[16:38:32] <anonymouz666> so when my server want's to send e-mail using google SMTP it got rejected due AUTH[16:42:08] <Dominian> ok so set up postfix to do smtp-auth to the relayhost[16:46:36] *** geek_cl has quit IRC[16:48:28] *** seekwill has joined #postfix[16:56:31] *** rootsvr_ has joined #postfix[16:56:39] *** shinao1 has joined #postfix[17:00:11] *** dazjorz has quit IRC[17:02:31] *** rudolfg has joined #postfix[17:03:34] <rudolfg> Hey guys, take a look at: http://rafb.net/p/n40X8k52.html I basically telnetted to my local smtpd (postfix) and sent a bogus mail from fbi.gov to my work address and it got through. How can I not allow this behaviour ? potentially spammers can have lots of fun with this.. i thought it could only relay mail for domains hosted on it[17:03:42] <rudolfg> but thats potentially an open relay?[17:05:22] *** j_s has joined #postfix[17:05:40] <cpm> if the spammers are on localhost, yeah, yer in trouble.[17:05:52] *** dazjorz has joined #postfix[17:06:21] <Zborg> rudolfg: did you try from an external host ?[17:07:14] *** muecke77 has quit IRC[17:08:14] <seekwill> rudolfg: SASL?[17:08:36] *** Lap_64 has quit IRC[17:11:22] <UQlev> neither fbi.gov, nor cia.gov, nor fsb.ru use SPF to prevent spamming in their names. May be by purpose ;)[17:11:50] * seekwill uses SPF but it doesn't seem to stop spammers :([17:12:23] <UQlev> seekwill: it doesn't stop spammers but reduce spamming using your return domain[17:12:32] <Zborg> it shouldn't relay anyway[17:12:37] <Zborg> in my opinion[17:13:00] <cpm> by an immeasureably tiny amount, maybe, when the wind is in the southeast, on tuesdays, even numbered years[17:13:28] <jelly> UQlev: admins who configure their servers to use spf reasonably usually highly correlate to the set of admins whose servers already don't generate backscatter[17:13:30] <anonymouz666> the google anti-spam is amazing[17:13:54] <Trengo> they have mod_voodoo[17:14:01] <rudolfg> Zborg, well i dont host fbi.gov do i? :) lol[17:14:06] <Trengo> and CrystalBalls2[17:14:34] <cpm> google spam is even more amazing[17:14:45] <rudolfg> seekwill, so postfix smtpd is an open relay out the box then and there is no way to configure postfix to not be unless you use a third party app like sasl (is this statement correct) ?[17:15:02] *** rootsvr has quit IRC[17:15:05] <seekwill> umm[17:15:21] <Zborg> rudolfg: I probably didn't understand the question right[17:15:22] <Zborg> sorry[17:16:03] *** UQlev has quit IRC[17:16:12] <Zborg> (and you might host fbi.gov, how would I know ? :))[17:18:37] * cpm doesn't wanna know[17:18:47] <Zborg> me neither[17:19:20] *** lunaphyte_ has joined #postfix[17:21:22] *** Tex-Twil has joined #postfix[17:21:59] *** Pazzo has quit IRC[17:24:50] <roe> rudolfg, you are mis-understanding a fundamental aspect of how postfix is configured[17:25:01] <roe> and of the SMTP protocol[17:26:15] *** af_ has quit IRC[17:27:54] *** Knoedel2 has joined #postfix[17:31:27] *** syneus has quit IRC[17:32:54] *** wasabi has left #postfix[17:33:10] *** eth01 has quit IRC[17:33:11] *** pa has quit IRC[17:33:20] *** hemry has joined #postfix[17:33:23] *** syneus has joined #postfix[17:35:25] <rudolfg> roe, ?[17:35:43] <rudolfg> roe, can you explain ?[17:36:11] <roe> I will try[17:36:20] <rudolfg> thanks[17:36:23] <roe> postfix has two parameters[17:36:28] <roe> !mynetwork[17:36:28] <knoba> roe: Error: "mynetwork" is not a valid command.[17:36:29] <roe> !mynetworks[17:36:30] <knoba> roe: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[17:36:35] <roe> and[17:36:41] <roe> mydestinations[17:36:45] <roe> !mydestinations[17:36:45] <knoba> roe: Error: "mydestinations" is not a valid command.[17:36:48] <roe> !mydestination[17:36:48] <knoba> roe: "mydestination" : a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents.[17:37:18] <rudolfg> i know that[17:37:50] <roe> if you are using a computer within mynetworks, you can have already passed the security measures set in place by default[17:38:41] <roe> if there is an IP that you don't trust to sent responsible mail, it shouldn't be in mynetworks[17:39:09] <roe> for many hosting type mailservers, maintaining a mynetworks file is impossible[17:39:26] *** Tex-Twil has quit IRC[17:39:31] <roe> so instead of authenticating based on IP address they authenticate based on username and password pair[17:39:43] <rudolfg> ohhhh yeah[17:39:46] <rudolfg> i didnt test it remotley[17:39:48] <rudolfg> duh[17:39:51] <rudolfg> :([17:40:00] *** GoGi has joined #postfix[17:40:09] * cpm gives rudolfg a cigar! he got it![17:40:21] *** mvt has quit IRC[17:40:34] *** CosMiC_Touch has quit IRC[17:40:48] *** rootsvr has joined #postfix[17:41:03] <davidj> ! home_mailbox[17:41:03] <knoba> davidj: "home_mailbox" : a configuration parameter in the main.cf: Optional pathname of a mailbox file relative to a local(8) user's home directory.[17:41:35] <davidj> Hi. Is there a way to have postfix deliver mail to a maildir that is not relative to the user's home dir?[17:41:47] <roe> something I just realized, why are the main.cf parameters, "mynetworks" notices the 's' and "mydestination", why no 's'?[17:41:57] <davidj> eg, /var/spool/imap/$username[17:42:44] <rob0> roe, "just because"?[17:42:57] <rob0> !mail_spool_directory[17:42:57] <knoba> rob0: "mail_spool_directory" : a configuration parameter in the main.cf: The directory where local(8) UNIX-style mailboxes are kept. The default setting depends on the system type. Specify a name ending in / for maildir-style delivery.[17:43:00] <roe> good enough for me[17:43:03] *** Jax has joined #postfix[17:43:19] <Jax> grr[17:43:21] <Jax> these viagra mails just don't stop.[17:43:27] <Jax> lately i've been getting the same one over and over[17:43:41] <roe> Jax, if it lasts for more than four hours you should probably contact a system administrator[17:44:00] <Jax> well i mean i get it like once every 3 days or so[17:44:01] <davidj> rob0: Thanks[17:44:03] <Jax> i AM the admin ;)[17:44:06] <rob0> davidj, either pre-create the maildirs or use mode 1777 for the mail_spool_directory.[17:44:08] <rudolfg> roe, i just tested it from an external location and it still lets me relay mail through it thats is not in those parameters[17:44:35] <rudolfg> roe, what im saying is, you could telnet to it specify a bogus from and rcpt and it will pass through fine, how come ?[17:44:40] <roe> are you delivering mail to a domain listed in mydestination?[17:46:07] <davidj> rob0: Ah, thanks for the 1777 tip.[17:46:36] <rudolfg> roe, no root"fbi.gov and root at fbi dot gov - two bogus domains[17:47:08] <seekwill> rudolfg: Postfix doesn't allow that "out of the box"[17:47:17] <rudolfg> roe, what im saying is u can telenet to my server port 25 mail from:<root at fbi dot gov> and rcpt to: <root at fbi dot gov> and it relays fine[17:47:21] <rudolfg> how can i fix that ?[17:47:22] <roe> rudolfg, you are going to have to pastebin your main.cf[17:47:26] <rob0> !basic[17:47:27] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[17:47:44] <Jax> i wonder why SA isn't picking out this viagra mail[17:47:57] <seekwill> SA sucks :)[17:48:00] <Jax> subject: buy now Viagra 100mg x 90 pills $159.95[17:48:08] <roe> Jax, SARE at www.rulesemporium.com has some nice additional rules[17:48:11] <Jax> and mail content: $159.95 Viagra 100mg x 90 pills buy now http://duplanae.com[17:48:19] <roe> !sare[17:48:19] <knoba> roe: Error: "sare" is not a valid command.[17:48:24] <roe> oh well[17:49:14] <roe> rulesemporium is the staging ground for more specific rules sets, some make it into spamassassin eventually[17:49:22] *** lunaphyte_ has quit IRC[17:51:13] <rudolfg> roe, http://rafb.net/p/nB5GZc91.html[17:52:15] <Jax> hm[17:52:19] <rudolfg> i dont know why that is happening[17:52:20] <Jax> odd that mail doesn't even have a SA header![17:52:37] <davidj> Why would I see "local delivery is disabled" in my logs?[17:53:06] *** githogori has quit IRC[17:53:28] *** roe is now known as roe_[17:54:06] <rudolfg> roe_, any ideas?[17:54:10] <rudolfg> roe?[17:54:12] <rob0> Probably because you disabled it.[17:54:20] <roe_> rudolfg, in PM[17:54:49] <roe_> if you aren't registered with freenode you can't reply, but you can reply here if you like[17:57:19] *** rootsvr_ has quit IRC[18:00:16] *** a_ok has quit IRC[18:01:17] <davidj> When I telnet to my smtp port, postfix rejects RCPT TO:<david@localhost> but accepts RCPT TO:<david>. Is this correct?[18:01:42] <davidj> RCPT TO:<david@localhost> causes "local delivery is disabled" errors.[18:04:19] *** Sypher has quit IRC[18:05:33] <davidj> ! local delivery[18:05:33] <knoba> davidj: Error: "local" is not a valid command.[18:05:37] <davidj> ! local_delivery[18:05:38] <knoba> davidj: Error: "local_delivery" is not a valid command.[18:05:58] <davidj> !wiki[18:05:58] <knoba> davidj: Error: "wiki" is not a valid command.[18:06:06] <davidj> ! postfix[18:06:06] <knoba> davidj: "postfix" : The Postfix MTA from http://www.postfix.org/. If you have no idea what Postfix is then you have probably chosen the wrong channel. :)[18:08:15] <roe_> is some one having fun with the channel bot?[18:08:44] <davidj> roe_: No, I'm not having any fun at all.[18:08:54] <rob0> I think you partially followed a HOWTO which told you to disable local delivery, and now you're confused because local delivery is disabled.[18:09:01] <davidj> I can't get local deliver to work.[18:09:07] <rob0> throw it all out, start with !basic[18:09:13] <davidj> !basic[18:09:14] <knoba> davidj: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[18:09:42] <davidj> rob0: Thanks. I don't beleive I disabled local delivery, but I'll try again from the begining.[18:09:58] <roe_> if you do a !<nick> <subject> it will open a private message from knoba to you[18:10:08] <roe_> just an fyi[18:10:41] <rob0> "localhost" is in mydestination, and local_transport is probably set to something wacky.[18:11:06] <rob0> myorigin is NOT in mydestination, and thus unqualified addresses are okay.[18:11:26] <rob0> but again, just throw it all out and start fresh[18:11:46] <rob0> Local delivery works right out of the box with very little setup required.[18:14:51] <davidj> rob0: How do I "throw it all out", rm /etc/postfix/main.cf ?[18:15:13] *** af_ has joined #postfix[18:15:18] <Jax> roe doesn't rulesDuJour get the SARE rules?[18:15:38] *** suuuper has quit IRC[18:22:13] <davidj> rob0: Thanks for the tip on getting knoba to stop shouting.[18:23:27] *** phnord has quit IRC[18:23:42] <Dominian> Jax: rulesdujour is dead anymore[18:23:49] <Dominian> Id on't suggest using it[18:23:58] <Dominian> they haven't been the same since their DDoS a few years ago[18:24:08] <Dominian> and they are rejecting requests for updates using their script the last I heard.[18:24:32] <Jax> yeah i juist saw that[18:24:36] <Jax> seems to be using sa-update now[18:24:44] <Dominian> aye[18:24:47] <Jax> so what's the solution now?[18:24:54] <Dominian> sa-update ;)[18:24:54] <Jax> stupid viagra everywhere[18:25:16] <Dominian> sa-update using channels[18:25:26] <Dominian> and I'm not quite keen on it as I "stole" someone elses solution hehe[18:29:05] *** jeffspeff2 has joined #postfix[18:29:11] *** harobed has quit IRC[18:30:01] <roe_> !tell rudolfg spf[18:33:16] <Jax> what do you mean Dominian[18:33:30] <Dominian> If you want to pull sa rules.. you'll have to use sa-update[18:33:46] <rudolfg> what is spf?[18:33:54] <davidj> rob0: I somehow commented out "local" in master.cf. Thanks for the help[18:33:57] <Dominian> !spf[18:33:58] <knoba> Dominian: "spf" : sender policy framework - an extension to SMTP that allows to identify and reject emails from spoofed/forged email senders. SPF is just a TXT record in your DNS zone in a special format. See: http://www.openspf.org/[18:34:13] *** Nockian has quit IRC[18:34:14] <rudolfg> sweet i run my own dns server so i can implement spf record[18:34:20] <rudolfg> roe_, what does it do ?[18:34:28] <Dominian> Read the site[18:34:33] <Dominian> openspf.org has all the information you need[18:34:51] <roe_> it defines through a DNS record which mailservers are authorized to send mail for the specified domain[18:36:12] *** devdas has joined #postfix[18:36:33] <rudolfg> ah[18:36:35] <rudolfg> also[18:36:45] <rudolfg> what was that thing you mentioned sasl what does that do to smtp[18:36:55] <roe_> !sasl[18:36:55] <knoba> roe_: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[18:36:56] <Dominian> !sasl[18:36:57] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[18:37:01] <roe_> hehe[18:37:01] <seekwill> !sasl[18:37:02] <knoba> seekwill: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[18:37:02] <Dominian> damn you roe_[18:37:05] <Dominian> lol[18:37:07] <seekwill> :)[18:37:08] <Dominian> *HEADDESK*[18:37:13] <Jax> ah seekwill ;)[18:37:14] <Jax> hello[18:37:16] <seekwill> I want to play too![18:37:22] *** Zblakany has joined #postfix[18:37:23] <seekwill> Jax: *gasp* nooooo![18:37:28] <rudolfg> what about smtp sasl[18:37:34] <rudolfg> i run dovecot[18:37:37] <roe_> rudolfg, it shifts the trust paradigm from host to user[18:37:48] <rudolfg> sasl does ?[18:37:54] <rudolfg> how would i implement it ?[18:38:00] <Jax> Dominian problem is i think the rules aren't working :D[18:38:07] <Dominian> Jax: ah[18:38:19] <Dominian> rudolfg: dovecot has built in sasl capability...[18:38:28] <roe_> well, to be fair SASL is just a transport, it allows you to use a directory service, a database, or a system to check user credentials[18:39:06] <rudolfg> right so dovecot provides sasl auth for postfixs smtpd ?[18:39:12] <roe_> no[18:39:23] <cpm> dovecot sasl /may/ do this[18:40:19] <roe_> you should really read the page linked in the knoba text, postfix docs are very helpful[18:41:19] *** stefan-f has quit IRC[18:45:17] <rudolfg> well thank you all for your advice greatly appriciated im goingto read[18:45:19] <rudolfg> thanks again guys[18:46:12] *** jeffspeff has quit IRC[18:47:06] *** Severed_Head_Of_ has joined #postfix[18:52:01] *** Jax has quit IRC[18:55:15] *** Filbert has joined #postfix[18:59:10] *** kreg-lt has quit IRC[18:59:29] *** af_ has quit IRC[19:00:02] *** nfi|ermes has quit IRC[19:03:42] *** madrescher has quit IRC[19:03:47] *** shinao1 has quit IRC[19:04:29] *** growltiger has quit IRC[19:04:43] *** j_s has quit IRC[19:08:19] *** j_s has joined #postfix[19:10:19] *** j_s has quit IRC[19:16:45] *** UQlev has joined #postfix[19:17:20] *** j_s has joined #postfix[19:19:23] *** xpoint has joined #postfix[19:24:58] <xpoint> i have a question i hope one can help me with, i have trusted servers that i have my webhotels on, and i know that server can make tls ssl smtp outgoing mail transfer, so is it possible to add there fingerprint from tls to my own mta to allow relaying from my webhotels that way ?[19:29:27] <roe_> may I ask what a "webhotel" is?[19:30:17] *** syneus has quit IRC[19:33:52] *** stinkybum has joined #postfix[19:37:19] <rob0> !tls_readme[19:37:19] <knoba> rob0: "tls_readme" : http://www.postfix.org/TLS_README.html : Transport Layer Security (TLS/SSL) features in Postfix[19:37:55] <rob0> ^^ that has all the TLS features, including client cert authentication.[19:39:00] <rob0> I think for client cert auth you would have to do that on some port other than 25, because you don't want to be checking every outMX's client cert.[19:39:37] *** anonymouz666 has quit IRC[19:39:42] <xpoint> roe_, servage.net and bluehost.com, i just wanted to do not use ip but only trusted tls keys[19:40:03] <xpoint> rob0, thanks i try from there[19:41:04] <rob0> The question was generic, "what is a 'webhotel'?"[19:42:23] <devdas> I suspect "webhost"[19:42:38] *** snappy has quit IRC[19:43:39] *** lunaphyte_ has joined #postfix[19:46:18] *** amrit|zzz is now known as amrit|wrk[19:47:10] *** rudolfg has quit IRC[19:48:17] *** Fallenou has quit IRC[19:50:50] *** mirrorcolor has joined #postfix[19:55:23] *** PhilKC has quit IRC[20:08:40] *** ramoni has joined #postfix[20:10:38] *** loddafni1 has quit IRC[20:13:35] *** Bert_2 has joined #postfix[20:14:48] *** jstad has joined #postfix[20:15:04] <Bert_2> Hi, I'm trying out postfix on debian 4.0r3 with a webmin front-end, and everything is working fine except that when I try to send a mail via SMTP with thunderbird it says it can't connect, anyone got an idea how I can fix that ?[20:15:25] <devdas> Bert_2: see the value for inet_interfaces[20:15:39] <jstad> Can someone help me track down the cause of my relay access denied error. I am pretty sure its the mydestination problem, but not 100% sure[20:16:25] <Bert_2> devdas: webmin does most of the config for me, is it in /etc/postfix/main.cf ?[20:16:42] *** rootsvr has quit IRC[20:16:45] <devdas> Bert_2: yes[20:16:53] <devdas> postconf inet_interfaces should tell you[20:17:03] <devdas> It's probably set to loopback-only[20:17:16] <devdas> jstad: postconf -n and log entry[20:18:12] <Bert_2> devdas: there's no inet_interfaces in /etc/postfix/main.cf[20:18:47] <devdas> Bert_2: run postconf inet_interfaces[20:18:49] <jstad> devdas: http://pastie.caboo.se/197696[20:19:32] <Bert_2> devdas: the output is: inet_nterfaces = all[20:20:08] <devdas> Bert_2: and netstat -lnt | grep 25 shows it listening on port 25?[20:20:18] <devdas> on 0.0.0.0:25?[20:20:28] *** the_empty has joined #postfix[20:21:02] <Bert_2> devdas: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN[20:21:38] <devdas> Bert_2: so Postfix itself is fine[20:21:45] <devdas> Is there a firewall in the way?[20:21:51] <devdas> ISP blocking port 25?[20:22:01] <devdas> jstad: log?[20:22:21] <jstad> devadas, i pasted the output in the pastie up there[20:22:29] <Bert_2> devdas: I don't think iptables is blokking something, and I don't think any ISPs here can do that[20:23:13] <devdas> jstad: I see postconf -n, no log for the rejection[20:23:16] <the_empty> Hey all- I am looking for a way to limit what domains can be sent to on a per-remote-ip basis- eg 192.168.1.2 can only send to dom1.com but 1 and dom2.com. Both domains are local on the server.92.168.1.5 can send to dom1.com[20:23:22] <jstad> oh sorry :)[20:23:23] <the_empty> Does such a thing exist?[20:23:27] <devdas> Bert_2: It isn't Postfix which is having a problem[20:23:30] <jstad> thought you meant put it in a log file (the output)[20:23:40] <devdas> no :)[20:23:49] <devdas> the_empty: restriction_classes[20:23:55] *** githogori has joined #postfix[20:23:56] <Bert_2> devdas: okey I'll check then and I'll just have to hope I find it[20:24:04] <devdas> http://www.postfix.org/RESTRICTION_CLASS_README.html[20:24:12] <devdas> Bert_2: "hope"?[20:24:30] <Bert_2> devdas: yeah hope in this case: webmin has evil settings sometimes[20:24:36] <jstad> devdas: http://pastie.caboo.se/197696 there you go, updated it[20:24:38] <devdas> It's a fairly fixed error, the MTA itself is listening to the port[20:24:51] <devdas> so now run iptables -L -n | grep 25[20:25:09] <davidj> What's the correct way to clean out the queue?[20:25:16] <devdas> define clean out[20:25:23] <Bert_2> devdas: that doesn't seem to do anything[20:25:23] <devdas> do you want to get rid of everything?[20:25:36] <devdas> Bert_2: hmmm[20:25:51] <devdas> does iptables -L -n say anything?[20:26:27] <devdas> jstad: you have two errors:[20:26:41] <devdas> (a) you have a domain listed in two different classes, pick one[20:26:48] <Bert_2> devdas: http://pastebin.ca/1019272[20:26:55] <rob0> !relay_denied[20:26:55] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[20:26:57] <devdas> (b) you confused relaying _from_ an IP to relaying _to_ a domain[20:27:00] <jstad> devdas: ya i am looking at that now[20:27:12] <jstad> how do i fix b?[20:27:19] <devdas> you probably need SMTP AUTH or add your static IP to mynetworks[20:27:39] <devdas> See what rob0 just got the bot to say[20:27:54] <Dominian> !rob0[20:27:55] <knoba> Dominian: "rob0" : a pathetic bot that reacts to newly joined users with reciting the !basic factoid :)[20:28:04] <Dominian> !dominian[20:28:05] <knoba> Dominian: "dominian" : A sentence-completion bot.[20:28:14] <devdas> Bert_2: so not a local firewall[20:28:26] <devdas> Ok, edit /etc/postfix/master.cf[20:28:35] <devdas> there'll be a line starting with submission[20:28:43] <jstad> !relay_denied[20:28:44] <knoba> jstad: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[20:28:45] <devdas> uncomment that line and restart Postfix[20:28:55] <Bert_2> devdas: I'll talk to the person who owns the server (I'm on a VPS) and the provider then thank you for your help ;)[20:29:08] <devdas> Bert_2: ah, that too :)[20:29:12] <the_empty> devdas: thanks![20:29:24] <devdas> Bert_2: but test with the "submission" entry[20:29:34] <devdas> and see if you can connect to port 587 instead of 25[20:29:51] <devdas> then you will have actual proof that port 25/tcp is blocked[20:29:55] <jstad> devdas: i thought i had SMTP AUTH working?[20:29:58] <Bert_2> devdas: submissions entry ?[20:30:47] <Bert_2> devdas: I can't send mail to 587 either[20:31:02] <devdas> jstad: you did not authenticate then :)[20:31:10] <devdas> Bert_2: did you change master.cf?[20:31:16] <devdas> Is Postfix listening to 587?[20:32:57] <Bert_2> devdas: master.cf looks very strange, have a look: http://pastebin.ca/1019278[20:33:44] <rob0> quick off-topic Debian question: what's y'all's UID for sshd? Is it 33?[20:35:06] <Bert_2> rob0: it's 103 here, 33 is www-data[20:35:15] <rob0> oh thanks[20:35:18] <davidj> ! davidj discard[20:35:18] <knoba> davidj: Error: "davidj" is not a valid command.[20:35:23] <davidj> ! tell davidj discard[20:35:23] <knoba> davidj: Error: No factoid matches that key.[20:36:20] <Bert_2> devdas: are you okey ?[20:38:24] <devdas> hmmmm[20:38:45] <devdas> davidj: postsuper -d ALL[20:39:15] <devdas> Bert_2: uncomment line 11[20:39:20] <devdas> remove the leading #[20:39:26] <jstad> devdas: got that working, i wasnt sending via SSL. How can I make sure my host isnt an open relay?[20:39:48] <Bert_2> devdas: just uncomment it and restart postfix ?[20:39:52] <devdas> jstad: doesn't appear to be one[20:39:57] <devdas> Bert_2: yes[20:40:07] <jstad> ok thanks :)[20:40:27] <jstad> appreciate it. Postfix & Dovecot usually drive me nuts[20:40:53] <devdas> though afaik, opm.blitzed.org is dead[20:41:13] <devdas> and you probably want to remove sbl-xbl and put zen.spamhaus.org first in the list[20:41:35] <sysmonk> uh, that's a question[20:41:44] <sysmonk> maybe he doesn't want to use pbl[20:42:11] <rob0> Everyone wants PBL, come on! ;)[20:42:25] * sysmonk pbl's rob0[20:42:41] <sysmonk> ah, talking about bl's, i've got a request today from my client[20:42:45] <devdas> note the "probab;y"[20:42:48] <devdas> probably[20:43:04] <sysmonk> he was blocked by rfc-ignorant for having a bogusmx, the block was 6 months old[20:43:11] <devdas> yeow[20:43:24] <Bert_2> devdas: wow, I can connect through 587 now but I got this error: "5.7.1 <bertvandepoel at gmail dot com>: Relay access denied."[20:43:25] <sysmonk> and now he asks us to fix it, whereas the reason of blocking was fixed ... 6 months ago![20:43:47] <devdas> Bert_2: that's ok[20:43:57] <sysmonk> 6 months is quite a big timeframe for being in a blacklist and not noticing it[20:44:05] <Bert_2> devdas: so what should I do know ?[20:44:06] <devdas> you have something blocking port 25[20:44:17] <sysmonk> or someISP[20:44:17] <sysmonk> ;)[20:44:18] <devdas> which you can definitely tell your hoster/ISP[20:44:39] <devdas> sysmonk: depends on whether you ever send mail to a user of that ISP[20:44:47] <Bert_2> devdas: so I have to contact them and comment the submission thing on line 11 again to test port 25 again, right ?[20:45:14] <sysmonk> no need to comment out the submission, unless you don't want submission available[20:45:30] <Bert_2> sysmonk: what is submission exaclty ?[20:45:32] <devdas> Bert_2: my suggestion would be to (a) get yourself a static IP and add yourself to mynetworks, or (b) setup SMTP AUTH (for which, see the relevant bits of the workaround.org HOWTO in the topic)[20:45:45] <devdas> Bert_2: you don't have to comment it[20:45:53] <devdas> Postfix is listening on both 25 and 587[20:46:01] <sysmonk> Bert_2: it's the same smtpd, just on a differnt port, main purpose - to client->server communication ( submitting mails )[20:46:08] <devdas> Bert_2: It's supposed to be the port where end users connect to[20:46:12] *** Fallenou has joined #postfix[20:46:14] <devdas> 25 is for MTAs[20:46:15] <sysmonk> with smtp auth, by default[20:46:37] <Bert_2> devdas: okey perfect, but you're sure that port 25 is blocked and that it isn't a client or server problem ?[20:46:48] <devdas> Bert_2: yes[20:46:52] <devdas> which ISP is it?[20:46:57] <Bert_2> devdas: great, thank you very much[20:46:58] <sysmonk> devdas: did you check his firewall?[20:46:59] * devdas likes ISPs which block port 25 to the world[20:47:03] <devdas> sysmonk: yes[20:47:07] <sysmonk> devdas: k[20:47:13] * devdas troubleshoots properly[20:47:14] * sysmonk didn't read anything up there[20:47:28] <devdas> Checked Postfix, then the firewall, then submission[20:47:52] <devdas> now we know it's a network issue somewhere else, Bert_2 can figure out his mail sending[20:48:03] <devdas> and possibly get the port 25 fixed if needed[20:48:31] <Bert_2> devdas: and if we can't locate the problem, is there a way to change it to another port ?[20:49:02] <devdas> Bert_2: you just did[20:49:06] <devdas> "587"[20:49:15] <Bert_2> devdas: yeah but I can't send mail through it :s[20:49:26] <devdas> Bert_2: you still have to set up SMTP AUTH[20:49:36] <devdas> See the workaround.org HOWTO[20:49:42] <devdas> It's for Debian[20:49:49] <Bert_2> k[20:50:06] <Bert_2> devdas: it's odd that webmin doesn't do that, but whatever[20:51:16] <devdas> Bert_2: webmin doesn't know what options to turn on[20:51:37] <devdas> It does let you do what you need, just doesn't try to guess what you need[20:51:45] <Bert_2> devdas: do you mean this part of the how-to: http://workaround.org/articles/ispmail-etch/#step-9-authenticated-smtp?[20:51:56] <devdas> yes[21:01:15] <Bert_2> devdas: I'm following the guide, I have done the postconf things but I can't get telnet localhost smtp to work, it always return "connection closed by foreign host" am I not part of mynetwork or what's going wrong ?[21:01:33] *** m0f0x has joined #postfix[21:02:40] *** UQlev has quit IRC[21:04:16] <devdas> Bert_2: see your logs[21:04:38] <Bert_2> devdas: where are the logs ?[21:05:31] <devdas> /var/log/maillog ?[21:06:37] *** xpoint has quit IRC[21:07:01] *** anonymouz666 has joined #postfix[21:07:22] <anonymouz666> postfix/smtp[31027]: warning: SASL authentication failure: No worthy mechs found[21:07:40] <Bert_2> devdas: http://pastebin.ca/1019305[21:07:54] *** Fallenou has quit IRC[21:08:17] <anonymouz666> nice[21:08:23] <anonymouz666> using gmail as relay[21:08:32] <anonymouz666> the TLS is ok, no certs error[21:08:35] *** Fallenou has joined #postfix[21:08:38] <anonymouz666> any idea?[21:08:46] <Bert_2> anonymouz666: I'm not using gmail as a relay ?[21:09:04] <rob0> lol[21:09:13] <anonymouz666> good for you.[21:09:15] *** xpoint has joined #postfix[21:09:40] <anonymouz666> it must be something stupid[21:09:43] <Bert_2> anonymouz666: sorry, misunderstood you[21:10:10] <anonymouz666> some config parameter missing etc[21:10:40] *** Fallenou has quit IRC[21:10:55] *** Fallenou has joined #postfix[21:11:42] *** Fallenou has quit IRC[21:12:04] *** Fallenou has joined #postfix[21:13:17] *** Bert_2 has quit IRC[21:21:07] *** quieteyes has joined #postfix[21:28:31] *** UQlev has joined #postfix[21:31:06] *** UQlev has quit IRC[21:39:19] *** anonymouz666 has quit IRC[21:40:06] *** Fallenou has quit IRC[21:40:22] *** Fallenou has joined #postfix[21:41:57] <seekwill> ! cbv[21:41:58] <knoba> seekwill: Error: "cbv" is not a valid command.[21:44:07] *** devdas has quit IRC[21:47:10] <thumbs> !seekwill[21:47:11] <knoba> thumbs: Error: "seekwill" is not a valid command.[21:49:13] <seekwill> !thumbs[21:49:13] <knoba> seekwill: Error: "thumbs" is not a valid command.[21:49:25] * seekwill fingers thumbs[21:50:12] <thumbs> be nice now[21:50:55] <cpm> really[21:51:29] <seekwill> Should we save that talk for our special private time?[21:51:37] <rob0> At least he's not a sucker of thumbs![21:51:40] *** Nockian has joined #postfix[21:56:11] <linkslice> I want to have mail bound for ticket-[0-9]*@mydomain forwarded to a script, what's the best way to go about that?[21:56:57] *** memic has joined #postfix[21:57:52] *** keffer has quit IRC[21:58:46] <rob0> link, "recipient_delimiter = -" and ticket in aliases(5) pointing to your script.[21:59:56] *** cpm has quit IRC[22:00:00] *** kickingvegas_ has joined #postfix[22:00:09] <kickingvegas_> hi folks[22:00:45] <kickingvegas_> noob question: trying to read a Maildir folder, what mail client can I use to read it?[22:01:19] <kickingvegas_> trying nmh and mh-e but do I point directly to the Maildir folder?[22:02:19] *** pirho has quit IRC[22:02:23] <rob0> Most recent Unix-based MUAs can understand maildir. I'm not aware of one that doesn't. But if there is, you can always use imap.[22:04:52] *** BuenGenio has joined #postfix[22:07:26] *** UQlev has joined #postfix[22:09:57] *** the_empty has quit IRC[22:10:38] *** bpgoldsb has joined #postfix[22:10:53] *** felix_da_catz has joined #postfix[22:13:26] *** keffer has joined #postfix[22:15:22] <SteveC> Anyone know where the list of possible SMTPD policy return values are? eg, "defer_if_permit", "dunno" etc..?[22:15:44] <sysmonk> access(5)[22:16:24] <SteveC> cheers :)[22:17:23] <SteveC> oh good, I can just send 550 :)[22:18:44] <linkslice> rob0, really it's that easy?[22:26:17] <war9407> SteveC: its in the documentation[22:26:20] <war9407> sup all[22:26:21] <war9407> hi sysmonk[22:26:29] <war9407> any news/new anti-spam tools you have come across?[22:26:32] <war9407> since we last spoke[22:26:46] <SteveC> Yey, have a working script that goes off and checks the SMTP server I'm relaying to to see if the recipient is valid (and caches it for 24hrs if it is)[22:28:02] *** kickingvegas_ has quit IRC[22:31:20] <AllenJB> Does the setting "dovecot_destination_recipient_limit" exist in postfix? I'm setting up Postfix with Dovecot following http://wiki.dovecot.org/LDA/Postfix but I can't find any reference to that setting in the postfix documentation.[22:31:49] <SteveC> Is there a way to tap into postfix's ability to look up records such as "virtual_mailbox_domains=proxy:mysql:... ?[22:32:14] <SteveC> most specifically in my case, transport_maps[22:32:23] <SteveC> or relay_domains[22:40:56] *** muecke77 has joined #Postfix[22:42:00] *** githogori has quit IRC[22:42:02] <SteveC> (from within a perl script that's not unlike greylist.pl)[22:45:57] *** [diablo] has joined #postfix[22:50:54] *** BuenGenio has quit IRC[22:53:00] *** jellis-real has quit IRC[22:57:09] *** blizzow has joined #postfix[22:59:08] *** [diablo] has quit IRC[22:59:58] <blizzow> I added smtpd_milters = inet:localhost:2002 to my main.cf and restarted postfix. Is there a reason the port would still not be open? I nmapped to verify and telnet localhost 2002 just gets refused.[23:01:19] *** githogori has joined #postfix[23:02:43] <blizzow> I have no iptables set up on the box either. Do I need to add the port to /etc/services?[23:04:05] *** felix_da_catz has quit IRC[23:04:23] *** ramoni has quit IRC[23:05:30] * SteveC wonders if the knowledgeable folks are around? Just wondering if postfix is using any sort of standard tools to link up things like transport_maps or relay_domains ?[23:09:33] *** j_s has quit IRC[23:13:59] *** oxtail has joined #postfix[23:22:27] *** Led-Hed has joined #postfix[23:23:21] <Led-Hed> anyone here use rbl.cluecentral.net?[23:23:43] <Dominian> nope[23:23:56] <Led-Hed> I'm considering using it to block mail from China and Korea[23:24:06] <Dominian> er.. ok[23:24:16] *** Fallenou has quit IRC[23:24:49] <Led-Hed> My company is small and only does business with US and Canada, so we have no need to receive mail from other countries[23:25:19] <Led-Hed> I'm just wondering if anyone else has had good or bad experiences using it?[23:25:52] <Dominian> I've never used it so not sure what to tell you.. you can always try it and see what happens[23:26:26] <Led-Hed> Dominian, I was hoping others might provide their input also. Thanks[23:32:03] *** muecke77 has quit IRC[23:33:13] <bpgoldsb> Is it possible to set different virtual_transports for different smtpd processes?[23:37:17] *** UQlev has quit IRC[23:38:10] *** growltiger has joined #postfix[23:38:23] <Led-Hed> bpgoldsb, I dont think so. I've tried but with no success[23:41:39] <Led-Hed> bpgoldsb, I tried to have one Virtual_Transport send mail to a spam filter, then have it reinjected and have the reinject virtual_transport point to "virtual" but it just looped and kept sending the mail back to the spam filter, the reinject virtual_transport override didnt work.[23:42:25] <bpgoldsb> Led-Hed: It looks like qmgr looks at virtual_tranposrt, not smtpd[23:42:49] <Led-Hed> that could be.[23:42:53] <bpgoldsb> I'm just going to make a python script that pipes one messages into 'virtual' and one into 'dovecot-deliver'.[23:43:01] *** hever has joined #postfix[23:43:13] <bpgoldsb> And somewhere during that, break down into tears.[23:43:36] <Led-Hed> lol, why do you need the message to be sent to virtual and dovecot-deliver?[23:43:46] <bpgoldsb> I need to make a backup copy of the message when I deliver it[23:43:56] <bpgoldsb> For record keeping / auditing / whatever[23:44:08] <bpgoldsb> Unless you have a better suggestion ;)[23:44:11] <Led-Hed> send it to 2 different mail servers[23:44:21] <bpgoldsb> How?[23:44:24] <Led-Hed> or have 2 domains[23:44:34] <bpgoldsb> That gets tricky, though[23:44:47] <bpgoldsb> especially if you want to preserve the message[23:45:28] <Led-Hed> what about yourdomain.tld and backup.yourdomain.tld[23:45:40] <bpgoldsb> Maybe I can hack something into address rewriting that will do user at domain dot tld -> user at server1 dot domain.tld & user at server2 dot domain.tld[23:45:51] <bpgoldsb> Sure, but the question is how to do that[23:45:54] <bpgoldsb> Reliably[23:45:56] *** oxtail has quit IRC[23:46:14] <Led-Hed> I've never done it, but know of people that do. I believe they use rewrite[23:46:26] *** quieteyes has left #postfix[23:46:33] <bpgoldsb> Can you give me their home phone #'s? :P[23:46:49] <Led-Hed> lol.[23:46:56] * Led-Hed is looking for more info[23:49:43] *** felix_da_catz has joined #postfix[23:55:20] *** Severed_Head_Of_ has quit IRC[23:55:21] *** madrescher has joined #postfix[23:55:40] *** GoGi has quit IRC