[00:00:17] <jra> first of all I'd refrain from using separate restrictions for the connection stages... just use smtpd_recipient_restrictions for everything
[00:00:25] <ecrist> ok
[00:02:12] *** SniZ has quit IRC
[00:02:26] *** SniZ has joined #postfix
[00:04:43] *** jra has quit IRC
[00:05:55] *** oxtail has joined #postfix
[00:12:36] <vice-versa> ecrist: I do believe opm.blitzed.org DNSBL has been shutdown for over a year now
[00:14:50] <ecrist> oops
[00:15:10] <vice-versa> make that two years, my how time flies ;)
[00:16:24] <vice-versa> and what makes you think that log excerpt pastbin has anything to do with reject_unknown_sender_domain?
[00:17:34] <ecrist> because when I commented out the reject_unknown_sender_domain, mail started working again.
[00:18:48] <ecrist> why do you think it doesn't?
[00:19:49] <vice-versa> doesn't say Sender address rejected: Domain not found;
[00:20:25] <ecrist> oh, sorry, I pasted the wrong line.
[00:20:32] <vice-versa> indeed
[00:21:23] <ecrist> http://pastebin.com/db04ff07
[00:23:43] <rob0> Looks spammy to me, but mx1.fastmarketingtwenty.com has MX (which resolves to A) and A records. Maybe you have DNS resolution problems.
[00:24:02] <ecrist> rob0: it resolves just fine on the mail server
[00:24:11] <rob0> chroot then
[00:24:20] <ecrist> chroot what?
[00:24:28] *** hever has quit IRC
[00:24:40] <rob0> You're running in chroot without having set it up.
[00:24:46] <ecrist> no I'm not.
[00:24:52] <ecrist> postfix is not chrooted.
[00:25:42] <rob0> http://pastebin.com/m596383e8 is you? Line 23.
[00:26:37] <ecrist> o.O
[00:26:47] <rob0> :)
[00:27:24] <vice-versa> aren't chroots grand
[00:28:07] <ecrist> well, I never really noticed that, I suppose.  sort of presumptuous to put it in chroot...
[00:30:49] * ecrist gives gold star to rob0
[00:31:06] <ecrist> that got my blacklist checks running, too. ;)
[00:31:14] <rob0> If you got away with it this long, chances are, you could just cp /etc/resolv.conf /var/spool/postfix/etc/
[00:31:19] <ecrist> has always been broken, but never spent the time working on it.
[00:31:34] <rob0> but yeah, I never bother with chroot
[00:31:54] <ecrist> the mail server runs within a jail, so chroot is sorta redundant.
[00:33:14] *** pygmee has quit IRC
[00:35:33] <vice-versa> ecrist: speaking of your rbl checks, dnsbl-2.uceprotect.net and dnsbl-3.uceprotect.net are quite aggressive
[00:36:22] *** geek_cl has quit IRC
[00:36:31] <vice-versa> iiwm I would replace those and sbl-xbl.spamhaus.org with just zen
[00:36:35] <vice-versa> !zen
[00:36:36] <knoba> vice-versa: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL
[00:45:52] *** action09 has quit IRC
[00:59:08] *** war9407 has quit IRC
[01:00:21] *** felix_da_catz has quit IRC
[01:08:16] *** idle-boy`` has quit IRC
[01:09:15] *** idle-boy`` has joined #postfix
[01:09:58] *** Inssomniak has joined #postfix
[01:10:06] <Inssomniak> Hi all
[01:10:15] <Inssomniak> I ran into a problem with my own mail server
[01:10:47] <Inssomniak> I have a DSL and a wireless side, DSL users use SMTP auth, and wireless users are in "trusted networks" so they dont need SMTP auth
[01:11:32] <Inssomniak> Today Im at a customers house, setting up DSL for them, and sent a test email to my @domain, and realized that it went thru without SMTP auth
[01:11:51] <Inssomniak> but the spamassasin trashed it to SPAM..
[01:12:05] <cafuego> Inssomniak: if the target address is hosted on that server, it would never require auth.
[01:12:05] *** AdamL_ has joined #postfix
[01:12:33] <Inssomniak> cafuego, ok thats all fine and dandy, But  I cant figure out why spamassassin just kills it
[01:13:08] <shasta> ask spamassassin :)
[01:13:08] <cafuego> Inssomniak: You could change the SA cfg to include a directive to explicitly list the filters that were tripped.
[01:13:14] <AdamL_> Hi all, I get this error in the log: Diagnostic-Code: X-Postfix; unknown user: "support" when trying to mail to support@mydomain. I guess Postfix thinks the support adress is local but it really isn't. How can I tell Postfix this? Thanks
[01:13:31] <Inssomniak> cafuego, I have the full list of tripped filters
[01:13:43] <cafuego> Inssomniak: ... so...
[01:13:51] <shasta> AdamL_, so what kind of user "support" is?
[01:14:40] <AdamL_> shasta: No user at all I want the support at mydomain dot com to be sent to mydomain.com server which is elsewhere
[01:14:57] <Inssomniak> cafuego, SPF_FAIL, RDNS_DYMANIC, and the big one is DOS_OE_TO_MX
[01:15:13] <Inssomniak> all these Ive never seen on any other email
[01:15:32] <cafuego> AdamL_: ok, so mydomain.com needs to be in the transport table I think *and* in relay_domains
[01:15:49] <Inssomniak> my RDNS isnt dynamic, and of course the sender sent the email right to the domain server
[01:15:54] <cafuego> Inssomniak: and the combined score on those is > 5 ?
[01:15:58] <AdamL_> cafuego: I'll read up on that thanks
[01:16:02] <Inssomniak> almost 7 cafuego
[01:16:02] <shasta> never ever touch relay_domains if you don't know what are you doing
[01:16:45] <cafuego> Inssomniak: RDNS_DYMANIC would be from the source address, at the customer.
[01:17:02] <shasta> SPF_FAIL as well
[01:17:38] <Inssomniak> oh OK, then that one is correct, I dont know how to stop DOS_OE_TO_MX tripping positive, it scores 2.75 alone
[01:17:39] <cafuego> SPF_FAIL means that the source domain doesn't list the source IP as permitted sender
[01:18:00] *** havvg has quit IRC
[01:18:19] <cafuego> Inssomniak: DOS_ OE_ TO_ MX  ->  Outlook Express Sent mail directly to Your MX
[01:18:21] <shasta> Inssomniak, it's "Outlook Express Sent mail directly to Your MX"
[01:18:32] <Inssomniak> yes it did
[01:18:39] <Inssomniak> but, of course it did!
[01:18:45] <Inssomniak> its a customer of mine!
[01:18:47] <cafuego> Inssomniak: If you client used auth it'd have been fine
[01:18:56] <shasta> make it use smtp auth :)
[01:18:59] <Inssomniak> I did
[01:19:07] <shasta> apparently not? :)
[01:19:10] <cafuego> Inssomniak: it just *happened* to work without because it sent the mail to *you*
[01:19:34] <Inssomniak> it fails when the DSL customer sends an email to my domain directly
[01:19:58] *** raz has quit IRC
[01:19:59] <Inssomniak> regardless of SMTP auth ( according to logs it doesnt even try to auth customer when the email is @mydomain)
[01:20:01] <cafuego> Inssomniak: Does the postfix mailllog show a successful auth when this happens?
[01:20:03] <shasta> Inssomniak, pastebin all the headers of such a mail
[01:20:32] <cafuego> Inssomniak: It does auth when the MUA says it wants to do auth, not only when the MTA thinks it needs to. You need to tell OE to auth.
[01:20:47] <shasta> Inssomniak, just configure that outlook in a way that it _always_ use SMTP AUTH
[01:20:52] *** aedaemoen has quit IRC
[01:20:53] <cafuego> Inssomniak: And then possibly restart OE
[01:21:23] <Inssomniak> http://pastebin.com/m7fcba9c2
[01:21:26] <cafuego> Inssomniak: "Outgoing server required login" is what you want.
[01:21:45] <shasta> no auth
[01:21:54] <shasta> really, really, really use smtp auth
[01:21:58] <Inssomniak> cafuego, ya I had it selected, but it still failed to send emails to @mydomain
[01:22:04] <cafuego> Inssomniak: Also, i find it safer to kill at 7 and tag above 3.
[01:22:40] <cafuego> Though I had a client that managed to score 12 on a legitimate email (ick)
[01:22:42] *** daniel2 has quit IRC
[01:22:56] <Inssomniak> is it possible to tell if the user used SMTP auth in the header?
[01:23:12] <cafuego> Inssomniak: It sometimes lists it, yes.
[01:23:15] <Inssomniak> that email I pastebin'd was definately sent with SMTP auth enabled
[01:23:51] <cafuego> I note it would've been fine if you'd given it a subject ;-)
[01:24:15] <Inssomniak> cafuego, that particular one ya, others scored 7+
[01:24:44] <cafuego> Inssomniak: Hold on a moment...
[01:24:48] <shasta> Inssomniak, it wasn't
[01:25:38] <cafuego> Inssomniak: Add smtpd_sasl_authenticated_header = yes to main.cf, restart postfix, resend
[01:25:59] <cafuego> Inssomniak: That will add the auth username in a header IF auth succeeded.
[01:26:28] <Inssomniak> I can do that setting cafuego but Im not able to send any test emails any longer unless I can find someone to help me
[01:26:32] <cafuego> Inssomniak: *and* tail the maillog whiclst it goes though, there will be a sasl_username=foo@bar entry if login succeeded
[01:26:51] <shasta> (not necessarily @bar...)
[01:27:02] <cafuego> well, depending on sasl setup
[01:27:11] <Inssomniak> I cant run anymore tests :(
[01:27:19] <Inssomniak> Im not at the customer house anymore
[01:28:43] <shasta> Inssomniak, pasterbin result of that: grep 8EA04718036 /path/to/your/maillogs/probably/var/log/mail.log
[01:29:11] <Inssomniak> ok running :)
[01:29:19] <Inssomniak> this could take a sec lol
[01:30:02] <Inssomniak> ok got the results, pastebin
[01:30:14] <Inssomniak> http://pastebin.com/m54cad19e
[01:30:18] <cafuego> Inssomniak: you *could* whitelist_from all your clients
[01:31:10] <cafuego> Inssomniak: I suggest you enable the smtpd_sasl_authenticated_header and make sure SA uses that to score-=20 or somwsuch.
[01:31:13] <Inssomniak> from what I gather there, it DID SMTP auth, but still failed
[01:31:18] <cafuego> Inssomniak: Coz that email did auth, indeed.
[01:31:38] *** tombar_ has quit IRC
[01:31:43] <cafuego> Inssomniak: So you are deb at embroidery dot com ?
[01:32:12] <Inssomniak> thats the customer(I have no idea where that came from though) her email was barlor at optionsdsl dot ca
[01:32:38] <cafuego> So that's an email from the customer to the customer?
[01:32:41] *** tombar_ has joined #postfix
[01:32:50] <cafuego> Oh, to her domain that you host
[01:32:59] <Inssomniak> hmm whats goin on here
[01:33:01] <cafuego> sorry, it's early here. i'm only on my 2nd coffee
[01:33:27] <Inssomniak> I dont host any domains for her
[01:33:38] <Inssomniak> I have no idea why that email address in in there
[01:34:07] <cafuego> Is there any chance it was sent via the wrong account in OE?
[01:34:23] <cafuego> or is the to-address wrong?
[01:34:25] <Inssomniak> there was only one, the one I added today
[01:35:31] <shasta> just add smtpd_sasl_authenticated_header = yes to your main.cf
[01:35:37] <shasta> (and postfix reload)
[01:35:51] <cafuego> that should allow SA to see the suer was auth'd and score accordingly
[01:36:00] <Inssomniak> I did that shasta and reloaded but I cant test it :(
[01:36:03] <shasta> then ALL_TRUSTED spamassassin rule will catch it
[01:36:21] <cafuego> Inssomniak: I could test if if you gave me a temp login
[01:36:27] <shasta> no need :)
[01:36:57] <Inssomniak> cafuego, would you really? Ill just give you the same customer account info
[01:37:15] <cafuego> Inssomniak: Just change the pw first, then change it back later
[01:37:19] <shasta> get that email, edit it your Favourite Editor (TM), add appropriate header, just like postfix would do that, and use commandline spamassassin to check this email ;)
[01:37:38] <shasta> (and remove headers that got there when sending mail to amavis)
[01:37:40] <Inssomniak> I never could do that right lol
[01:37:44] <cafuego> heh
[01:39:39] <Inssomniak> how early is it there? its 8pm here
[01:39:46] <cafuego> 9:30am
[01:39:53] <Inssomniak> well 7:40 anyways
[01:39:58] <cafuego> (it was a fairly late night)
[01:40:23] <Inssomniak> cafuego, you could send a test email to me dave at optionsdsl dot ca
[01:40:37] <Inssomniak> PM was blocked lol
[01:41:15] <cafuego> Inssomniak: Yes, you can't PM me because you're not identified with nickserv
[01:41:20] <Inssomniak> resent!
[01:41:21] <cafuego> test mail inbound
[01:41:27] <cafuego> oh well there we go
[01:42:03] <Inssomniak> ok cafuego now if you send an email using that account thats where all hell broke loose
[01:43:46] <cafuego> ok, acct set up, sending...
[01:44:00] <cafuego> sent
[01:44:26] <Inssomniak> looks like auth failed
[01:44:29] <cafuego> Oh, not sent, it's not liking the pw
[01:44:52] <Inssomniak> argh
[01:45:07] <Inssomniak> lol test123
[01:45:16] <cafuego> sent
[01:45:48] <Inssomniak> it passed as shasta said with "ALL_TRUSTED"
[01:45:54] <cafuego> Woohoo!
[01:46:01] <Inssomniak> You guys OWN!
[01:46:15] <cafuego> test acct deleted
[01:46:29] *** xpoint has quit IRC
[01:46:32] <Inssomniak> thanks a whole whopping bunch! cafuego  and shasta !
[01:46:37] <cafuego> Inssomniak: np
[01:46:47] <Inssomniak> I would have never have figured that out
[01:47:08] <cafuego> Inssomniak: You may still want to change your SA thresholds though
[01:47:16] <cafuego> 5 really is low for an outright kill
[01:48:18] <Inssomniak> Ive experimented with other levels, and routinely check for FP's and so far using 5 is the best number with only a few spams getting thru, 6 would be allowing a lot more and no FP's (besides this little now fixed problem)
[01:49:03] *** Fallenou has quit IRC
[01:49:08] <Inssomniak> my users were complaining of lots of spam getting to them at 6, and I used to kill at 7
[01:49:53] <cafuego> Inssomniak: What I do is let stuff through if it's <= 12, but IF the score is > 5 I filter it into the user's on-server spam folder via server side filtering. I then run a weekly script to let users know what was caught and a week later they get trashed.
[01:50:33] <cafuego> that way the users are able to rescue false positives *and* it looks like I'm helpful :-)
[01:51:30] *** AdamL_ has quit IRC
[01:51:41] <Inssomniak> I had one user complain (actually still complains) of a FP and Im working on it, big killer on that one is  FH_FROMEML_NOTLD=2.696, but I see a TLD
[01:51:55] <Inssomniak> I have the full header to this one too :)
[01:52:39] <cafuego> is it a .aero address or something?
[01:53:56] <Inssomniak>      Mon, 2 Jun 2008 10:26:49 -0400 (EDT)
[01:53:56] <Inssomniak> Received: from bay0-omc2-s36.bay0.hotmail.com (bay0-omc2-s36.bay0.hotmail.com [65.54.246.172])
[01:53:56] <Inssomniak>      by mail.optionsdsl.ca (Postfix) with ESMTP id F1101718036
[01:53:56] <Inssomniak>      for <mamolen at optionsdsl dot ca>; Mon, 2 Jun 2008 10:26:48 -0400 (EDT)
[01:53:56] <Inssomniak> Received: from BAYC1-PASMTP07 ([65.54.191.167]) by bay0-omc2-s36.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
[01:53:59] <Inssomniak>      Mon, 2 Jun 2008 07:26:50 -0700
[01:54:01] <Inssomniak> X-Originating-IP: [216.208.60.86]
[01:54:03] <Inssomniak> X-Originating-Email: [meijaard at sympatico dot ca]
[01:54:05] <Inssomniak> Message-ID: <BAYC1-PASMTP075A294E232CAEE92B0EA6ACBB0 at CEZ dot ICE>
[01:54:07] <Inssomniak> Received: from Meijaard1 ([216.208.60.86]) by BAYC1-PASMTP07.bayc1.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.2668);
[01:54:10] <Inssomniak>      Mon, 2 Jun 2008 07:26:44 -0700
[01:54:14] <Inssomniak> From: "meijaard" <meijaard at sympatico dot optionsdsl.ca>
[01:54:16] <Inssomniak> To: "Annie Vandermolen" <mamolen at optionsdsl dot ca>
[01:54:18] <Inssomniak> References: <001201c8c320$1a644d90$6402a8c0@vandermocd66f8>
[01:54:20] <Inssomniak> Subject: Re: Re email
[01:54:22] <Inssomniak> Date: Mon, 2 Jun 2008 10:26:40 -0400
[01:54:24] <shasta> jesus christ
[01:54:24] <Inssomniak> MIME-Version: 1.0
[01:54:26] <Inssomniak> Content-Type: multipart/alternative; boundary="----=_NextPart_000_000F_01C8C49B.2551C530"
[01:54:27] <shasta> not here
[01:54:28] <Inssomniak> X-Priority: 3
[01:54:30] <shasta> ffs
[01:54:30] <Inssomniak> X-MSMail-Priority: Normal
[01:54:31] <cafuego> For the record, pastebin is good.
[01:54:32] <Inssomniak> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
[01:54:34] <Inssomniak> X-MimeOLE: Produced B
[01:54:36] <Inssomniak> oh crap
[01:54:38] <Inssomniak> sorry guys
[01:54:44] <Inssomniak> I know It was a "mispaste" sorry guys
[01:54:59] <Inssomniak> http://pastebin.ca/1045547
[01:55:21] <Inssomniak> anyways this is probably off topic anyways
[01:55:37] <cafuego> the problem with that one is it involves too many dutch people
[01:55:42] <Inssomniak> fails with FORGED_MUA_OUTLOOK, and NOTLD badly
[01:55:47] <Inssomniak> yes it does cafuego  :):)
[01:56:21] <cafuego> Inssomniak: Feed it as ham to sa-learn
[01:56:47] <Inssomniak> I have no idea how to do that
[01:57:00] *** okta has quit IRC
[01:57:49] <cafuego> Inssomniak: put all the false positive mails in an MBOX type mail folder.
[01:58:00] <cafuego> then sa-learn --ham folderfilename
[01:58:25] <cafuego> At the same time you can use sa-learn --spam fodlerfilename for false negatives.
[01:58:43] <cafuego> SA won't be any good until you train it with a fair bunch of actual mail.
[01:59:46] *** Zblakany has joined #postfix
[02:05:39] *** stefan_ has joined #postfix
[02:08:58] <shasta> any bayesian filter won't, just for the record
[02:10:09] <Inssomniak> I have to figure out how to make an MBOX type mail folder, I could just forward spam messages I get to that box? and run the sa-learn?
[02:15:01] *** stefan__ has joined #postfix
[02:17:10] <higuita> Inssomniak: use procmail or maildrop or something like this... you can also use the aliases to deliver to a file (mbox)
[02:17:45] <Inssomniak> Ill have to look all that up some day :)
[02:18:04] *** snappy has joined #postfix
[02:18:15] <Inssomniak> running a mail server is already one of the hardest things as an ISP that I have to do :(
[02:19:26] <snappy> I'm trying to debug an issue, I have a transport map for a domain which usually does greylisting. i have a login/password to their smtp server which I can use to avoid the greylisting if I authenticate. The transport maps are configured, but I was wodnering is there a way to specify for that host to use starttls first? Because the SASL auth can only occur after starttls, and I don't think postfix is doing that since it says there are no worthy auth
[02:21:06] <snappy> I should note I have 'smtp_tls_security_level = may' but I don't think that helps.
[02:21:29] *** stefan-f has quit IRC
[02:21:31] <Trengo> Inssomniak wait until you have to manage RADIUS
[02:22:10] <Trengo> and offer managed webhosting
[02:22:29] <Inssomniak> I do use RADIUS, and find that easier than postfix!
[02:22:45] <Trengo> use or manage?
[02:23:01] <Inssomniak> built from scratch, use and manage :)
[02:23:05] <Trengo> it took me a while to get radiator to do what i wanted it to
[02:23:06] <Inssomniak> freeradius 1.7 :)
[02:23:24] <Trengo> and im not happy yet
[02:23:31] <Trengo> going to rebuild it all
[02:23:39] <Inssomniak> I have freeradius doing exactly what I want it to do lol
[02:23:43] <Inssomniak> it does it well too
[02:26:26] <shasta> !smtp_tls_policy_maps
[02:26:27] <knoba> shasta: Error: "smtp_tls_policy_maps" is not a valid command.
[02:26:38] <shasta> knoba needs some updates
[02:26:43] <shasta> snappy, see smtp_tls_policy_maps
[02:26:46] <snappy> shasta: thanks
[02:32:46] *** stefan_ has quit IRC
[02:32:54] *** stefan_ has joined #postfix
[02:33:27] <cafuego> =8/win 27
[02:33:51] <snappy> Hm, warning: SASL authentication failu
[02:33:56] <snappy> er sorry linebreaks
[02:34:37] <snappy> I get the message warning: SASL authentication failure: No worthy mechs found, I can see in the log though that the TLS session is setup upon connection to the relay. Tried using saslfinger but I don't thnk it starts a TLS session.
[02:37:16] <shasta> snappy, postconf smtp_sasl_tls_security_options?
[02:43:25] *** stefan__ has quit IRC
[02:43:44] *** stefan__ has joined #postfix
[02:45:19] <cafuego> snappy: Are you listing any allowed mechs in smtpd.conf?
[02:45:45] <rob0> This is an smtp(8) thing not smtpd(8).
[02:45:56] <rob0> !smtp!=smtpd
[02:45:57] <knoba> rob0: Error: "smtp!=smtpd" is not a valid command.
[02:46:02] <rob0> !smtpd!=smtp
[02:46:02] <knoba> rob0: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters are not the same thing. smtpd_ = server while smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)
[02:49:08] <cafuego> rob0: For the record, I did mean on the remote end
[02:53:17] *** [diablo] has quit IRC
[02:55:54] *** Zblakany has quit IRC
[02:56:29] *** jp- has left #postfix
[02:57:27] *** stefan_ has quit IRC
[02:58:58] *** stefan_ has joined #postfix
[03:00:19] *** githogori has quit IRC
[03:03:45] *** spiekey has joined #postfix
[03:05:16] *** lkthomas has joined #postfix
[03:05:18] <lkthomas> hey guys
[03:05:27] <lkthomas> our email often falls into junk mail folder in yahoo mail
[03:05:30] <lkthomas> anyone know how to fix it ?
[03:09:49] <snappy> shasta:  sorry, smtp_sasl_tls_security_options = $smtp_sasl_security_options  -- and smtp_sasl_security_options = noplaintext, noanonymous
[03:09:53] <snappy> ok i see the problem now
[03:09:55] <snappy> thanks,
[03:10:04] <snappy> it's login/plain auth
[03:10:33] *** Tachy has joined #postfix
[03:11:11] <lkthomas> does anyone got your email falls into hotmail and yahoo junk mail box ?
[03:13:49] *** tshine has joined #postfix
[03:16:34] *** stefan__ has quit IRC
[03:16:49] *** stefan__ has joined #postfix
[03:21:49] *** Tachy_ has quit IRC
[03:22:50] <Inssomniak> lkthomas, mine used to, I fixed the RDNS, set up SPF and it went away, also stopped getting blacklisted
[03:23:35] *** stefan_ has quit IRC
[03:24:17] *** spiekey has quit IRC
[03:25:48] *** aaronc has quit IRC
[03:25:51] *** felix_da_catz has joined #postfix
[03:30:44] <lkthomas> Inssomniak, RDNS ? what is that ?
[03:31:27] <Dominian> reverse DNS
[03:31:53] <Dominian> mapping an IP to a domain name
[03:31:57] <lkthomas> ok
[03:32:05] <lkthomas> I only got one email server
[03:32:19] <lkthomas> anyone could give me an example of simple spf record ?
[03:32:46] <Dominian> dig slackadelic.com txt will give you an idea
[03:32:57] <Dominian> or openspf.org gives great examples
[03:33:13] <lkthomas> I see, hmm
[03:33:26] <lkthomas> a mx means mx.slackadelic.com ?
[03:33:42] <Dominian> means mail record
[03:33:46] <Dominian> which mine is mail.slackadelic.com
[03:33:53] <lkthomas> oh, ok
[03:33:55] <Dominian> openspf.org explains it all
[03:34:00] <lkthomas> does your mail falls into junk now ?
[03:34:21] <Dominian> Well, it all depends on why your email is going into the Junk email folder.
[03:34:42] <lkthomas> we are not spamming man
[03:34:45] <lkthomas> just normal email
[03:35:54] <lunaphyte> that's between you and god.
[03:36:07] *** stefan_ has joined #postfix
[03:36:10] <lkthomas> oh fuck that
[03:36:16] <lkthomas> come on
[03:39:08] *** pirho has quit IRC
[03:39:57] *** pirho has joined #postfix
[03:41:56] *** lunaphyte has quit IRC
[03:52:12] *** stefan__ has quit IRC
[03:52:34] *** stefan__ has joined #postfix
[03:53:35] *** lunaphyte has joined #postfix
[03:54:37] <Dominian> lkthomas: Did you determine why the email were being flagged as spam?
[04:02:50] *** stefan_ has quit IRC
[04:03:08] *** stefan_ has joined #postfix
[04:08:17] *** JoseUK has quit IRC
[04:09:53] *** nitbix has quit IRC
[04:10:08] *** nitbix has joined #postfix
[04:10:33] *** tshine has quit IRC
[04:10:55] *** killerchicken__ has joined #postfix
[04:13:29] <lkthomas> Dominian, I don't think I am able to find that out ?
[04:14:15] <Dominian> If you have a yahoo account you should be able to
[04:14:21] <Dominian> should tell you what filters are triggering
[04:14:24] <lkthomas> how so ?
[04:14:32] <Dominian> dunno I don't have yahoo account.
[04:14:35] <Dominian> I despise yahoo
[04:15:17] *** stefan__ has quit IRC
[04:15:32] *** stefan__ has joined #postfix
[04:19:47] *** amrit|zzz is now known as amrit|bbl
[04:22:00] *** pirho has quit IRC
[04:22:55] *** stefan_ has quit IRC
[04:22:59] *** stefan_ has joined #postfix
[04:24:36] *** nitbix has quit IRC
[04:25:02] *** nitbix has joined #postfix
[04:27:24] *** killerchicken_ has quit IRC
[04:29:59] *** m0f0x has joined #postfix
[04:30:11] *** nitbix has quit IRC
[04:30:30] *** nitbix has joined #postfix
[04:31:25] *** pitakill has quit IRC
[04:33:54] *** stefan__ has quit IRC
[04:36:38] *** nitbix has quit IRC
[04:37:36] *** nitbix has joined #postfix
[04:42:18] *** stefan__ has joined #postfix
[04:43:44] *** pickcoder has joined #postfix
[04:44:28] *** nitbix has quit IRC
[04:44:44] *** nitbix has joined #postfix
[04:49:39] *** pitakill has joined #postfix
[04:58:04] *** Zeit|awy_ has joined #postfix
[04:58:12] *** stefan_ has quit IRC
[04:58:30] *** stefan_ has joined #postfix
[04:59:27] *** tombar_ has quit IRC
[05:04:06] *** Zeit|awy has quit IRC
[05:06:35] *** stefan__ has quit IRC
[05:06:38] *** stefan__ has joined #postfix
[05:13:55] *** Lap_64 has quit IRC
[05:18:46] *** stefan_ has quit IRC
[05:19:05] *** stefan_ has joined #postfix
[05:27:27] *** stefan__ has quit IRC
[05:27:43] *** stefan__ has joined #postfix
[05:45:03] *** stefan_ has quit IRC
[05:45:04] *** stefan_ has joined #postfix
[05:52:44] *** stefan__ has quit IRC
[05:53:00] *** stefan__ has joined #postfix
[06:09:08] *** stefan_ has quit IRC
[06:09:24] *** stefan_ has joined #postfix
[06:15:34] *** stefan__ has quit IRC
[06:15:36] *** pickcoder has quit IRC
[06:15:37] *** stefan__ has joined #postfix
[06:29:12] *** lkthomas has quit IRC
[06:31:14] *** stefan_ has quit IRC
[06:31:19] *** stefan_ has joined #postfix
[06:40:52] *** stefan__ has quit IRC
[06:40:55] *** stefan__ has joined #postfix
[06:47:22] * f3ew nails stefan__ to the wall
[06:48:35] *** Motoko-chan has joined #postfix
[06:50:05] *** fabounio has joined #postfix
[06:50:29] *** m1n3s6 has joined #postfix
[06:51:53] *** stefan_ has quit IRC
[06:52:05] *** stefan_ has joined #postfix
[07:00:02] *** stefan__ has quit IRC
[07:01:35] *** Lap_64 has joined #postfix
[07:04:29] *** stefan__ has joined #postfix
[07:15:40] *** bhagat has joined #postfix
[07:15:52] *** bhagat_ has joined #postfix
[07:16:48] *** kk_CHN has joined #postfix
[07:21:55] *** stefan_ has quit IRC
[07:22:14] *** stefan_ has joined #postfix
[07:25:43] *** stefan__ has quit IRC
[07:29:45] *** stefan__ has joined #postfix
[07:29:59] *** stefan__ has quit IRC
[07:34:06] *** githogori has joined #postfix
[07:36:51] *** pitakill has quit IRC
[07:38:10] *** saurabhb has joined #postfix
[07:43:17] *** m0f0x has quit IRC
[07:46:24] *** stefan_ has quit IRC
[07:51:30] *** fabounio has quit IRC
[08:02:16] *** Lap_64 has quit IRC
[08:06:15] *** fabounio has joined #postfix
[08:07:50] *** m_p has joined #postfix
[08:11:48] *** Knoedel_ has joined #postfix
[08:13:17] *** stefan-f has joined #postfix
[08:14:20] *** [diablo] has joined #postfix
[08:19:17] *** SniZ has quit IRC
[08:26:11] *** stony_ has joined #postfix
[08:27:33] *** Zblakany has joined #postfix
[08:38:23] <Loady> hi, does postfix support RET=HDRS? I've searched postfix.org but it does not have any infomration about it.
[08:39:36] *** syneus has joined #postfix
[08:39:57] *** spiekey has joined #postfix
[08:41:32] *** stony has quit IRC
[08:44:09] *** Peasant has joined #postfix
[08:45:23] *** rootsvr has joined #postfix
[08:45:44] *** phnord has joined #postfix
[08:45:59] *** Peasant has quit IRC
[08:46:32] *** Peasant has joined #postfix
[08:47:21] *** f3ew has quit IRC
[08:47:21] *** jonez has quit IRC
[08:47:21] *** SeJo_ has quit IRC
[08:47:21] *** maqr has quit IRC
[08:47:21] *** kjs has quit IRC
[08:47:21] *** david_ has quit IRC
[08:47:21] *** davidj has quit IRC
[08:47:22] *** gonzales112 has quit IRC
[08:47:22] *** _bugz_ has quit IRC
[08:47:22] *** noneo has quit IRC
[08:47:22] *** PRAEDO has quit IRC
[08:47:23] *** deemon has quit IRC
[08:47:23] *** bio___ has quit IRC
[08:47:23] *** harlan has quit IRC
[08:47:23] *** flart has quit IRC
[08:47:23] *** unixtippse has quit IRC
[08:47:23] *** vice-versa has quit IRC
[08:47:23] *** masterkiller has quit IRC
[08:47:31] *** saurabhb has quit IRC
[08:48:05] <Loady> hi, does postfix support RET=HDRS? I've searched postfix.org but it does not have any infomration about it.
[08:49:07] *** f3ew has joined #postfix
[08:49:07] *** jonez has joined #postfix
[08:49:07] *** SeJo_ has joined #postfix
[08:49:07] *** maqr has joined #postfix
[08:49:07] *** kjs has joined #postfix
[08:49:07] *** david_ has joined #postfix
[08:49:07] *** davidj has joined #postfix
[08:49:07] *** gonzales112 has joined #postfix
[08:49:07] *** harlan has joined #postfix
[08:49:07] *** _bugz_ has joined #postfix
[08:49:07] *** flart has joined #postfix
[08:49:07] *** unixtippse has joined #postfix
[08:49:07] *** masterkiller has joined #postfix
[08:49:07] *** noneo has joined #postfix
[08:49:07] *** deemon has joined #postfix
[08:49:07] *** bio___ has joined #postfix
[08:49:07] *** vice-versa has joined #postfix
[08:49:07] *** PRAEDO has joined #postfix
[08:51:13] *** [diablo] has quit IRC
[08:51:46] *** suuuper has joined #postfix
[08:58:17] *** madrescher has joined #postfix
[09:06:04] *** SeJo_ has quit IRC
[09:07:53] *** Spec has quit IRC
[09:09:31] *** fabounio has quit IRC
[09:10:19] *** idle-boy` has joined #postfix
[09:10:43] *** idle-boy`` has quit IRC
[09:15:48] *** lkthomas has joined #postfix
[09:15:50] <lkthomas> hey guys
[09:15:58] <lkthomas> I am trying to sign all email by using dkfilter
[09:16:05] <lkthomas> but none of the email which sent out have been signed
[09:16:08] <lkthomas> anyone have idea why ?
[09:16:23] <sysmonk> try looking in dkfilter logs
[09:18:06] *** f3ew has quit IRC
[09:18:06] *** m1n3s6 has quit IRC
[09:18:48] *** m1n3s6 has joined #postfix
[09:19:04] <lkthomas> sysmonk, hmm
[09:19:04] *** f3ew has joined #postfix
[09:19:29] *** Fallenou has joined #postfix
[09:20:23] *** af_ has joined #postfix
[09:22:40] <lkthomas> sysmonk, how could I add log to it ?
[09:23:01] <sysmonk> does it look like #dkfilter ? :P
[09:23:41] <sysmonk> don't really know, but i think it logs by default
[09:24:01] <lkthomas> hang on now, did you ever use dkfilter ?
[09:29:44] <sysmonk> yes
[09:30:30] *** denis has joined #postfix
[09:31:09] <lkthomas> ok, even I shutdown dkfilter
[09:31:12] <lkthomas> postfix did not complain
[09:31:15] *** Motoko-chan has quit IRC
[09:31:19] <lkthomas> seems mail did not pass dkfilter at all
[09:31:24] <lkthomas> any idea why ?
[09:31:50] <sysmonk> maybe cause you're not sending the mail to it?
[09:32:31] <lkthomas> it is a production server
[09:32:49] <sysmonk> so what?
[09:32:53] *** amrit|bbl is now known as amrit|zzz
[09:32:58] <lkthomas> it should have email sending in and out
[09:33:07] <lkthomas> I could see email have sent out as well
[09:33:14] *** `k has joined #postfix
[09:33:14] <lkthomas> but not passing dkfilter
[09:35:08] <sysmonk> you coudl always send only SOME email to the filter...
[09:35:18] <sysmonk> check_recipient_access + FILTER
[09:37:22] <lkthomas> I assume send out email is using submission port ?
[09:37:47] <sysmonk> you tell me, it's YOUR setup
[09:38:04] <lkthomas> http://jason.long.name/dkfilter/
[09:38:12] <lkthomas> I follow the send out section
[09:38:15] <lkthomas> nothing is working
[09:38:29] <sysmonk> really, it's your setup and only you know how it's configured in your case
[09:38:42] <sysmonk> maybe you're not even using submission
[09:38:49] <sysmonk> maybe your'e using plain smtp
[09:38:53] <sysmonk> or maybe you're using smtps
[09:39:02] <sysmonk> it's only you who knows this, not me
[09:39:13] <lkthomas> actually
[09:39:22] <lkthomas> should I put 10027 content filter under smtp ?
[09:39:53] <sysmonk> how can i know? do i know what's listening on your 10027 port?
[09:40:05] <lkthomas> dude, I gave you the site
[09:40:09] <lkthomas> I told you that I follow everything
[09:40:11] <sysmonk> so what?
[09:40:12] *** xnixan has quit IRC
[09:40:20] <lkthomas> read that fucking page
[09:40:21] <sysmonk> did you follow your whole postfix installation from that site?
[09:40:28] <lkthomas> YES DAMN
[09:40:48] <sysmonk> lkthomas: that site does NOT have a postfix installation instructions
[09:40:56] <sysmonk> so you're lieing
[09:40:58] <sysmonk> lying*
[09:41:03] <lkthomas> I did not add any special config there
[09:41:15] <sysmonk> oh my...
[09:41:21] <sysmonk> lkthomas: k, answer me, how do you send out your email?
[09:41:33] <sysmonk> what info do you specify in your email client, MUA, outlook or whatever
[09:41:49] <lkthomas> why MUA is related
[09:41:51] <lkthomas> it is smtp
[09:41:54] <lkthomas> running SASL
[09:42:10] <sysmonk> lkthomas: cause MUA is connecting to your smtp server
[09:42:20] <sysmonk> to some specific port
[09:42:26] <sysmonk> and each port has it's own configuration in master.cf
[09:42:37] <lkthomas> I am using port 25 to send email out
[09:42:52] <sysmonk> then submission is not used
[09:42:57] <sysmonk> see where i'm going?
[09:43:00] *** af_ has quit IRC
[09:43:02] <lkthomas> ok
[09:43:07] <lkthomas> so content_filter should be under smtp
[09:43:09] <lkthomas> not submission
[09:43:19] <lkthomas> submission is 587 ?
[09:43:20] <sysmonk> the best solution would be to use submission thought
[09:43:29] <sysmonk> but yes, under smtp
[09:43:36] <sysmonk> but you might have something under smtp already
[09:43:41] <sysmonk> (or if not, then in your main.cf )
[09:43:43] <lkthomas> yes, that's the problem
[09:44:04] <sysmonk> so you have to decide how would you want your mail to be filtered
[09:44:08] <sysmonk> what chain to use
[09:44:13] <sysmonk> do you want to scan outgoing emails at all
[09:44:23] <lkthomas> well, only incoming
[09:44:32] <sysmonk> if so, are you able to change your clients to use submission and not smtp
[09:44:54] <lkthomas> but isn't the standard port for MUA is port 25 ?
[09:45:32] <sysmonk> submission is 'standard' for submitting mail
[09:45:41] <sysmonk> 25 is standard for server to server connectivity
[09:45:46] <lkthomas> hmm
[09:45:50] <sysmonk> but people use it for submitting mail too
[09:45:55] <lkthomas> yeah
[09:53:05] <lkthomas> I see
[09:53:09] <lkthomas> once I use submission port
[09:53:10] <lkthomas> it works
[09:53:17] <lkthomas> damn, how could I get it working with smtp port
[09:53:24] <sysmonk> create a chain
[09:53:32] <lkthomas> wait
[09:53:34] <lkthomas> let me paste
[09:53:39] <sysmonk> don't
[09:53:41] * sysmonk goes afk
[09:53:46] <lkthomas> LOL
[09:53:50] <lkthomas> only paste that line
[09:53:52] <sysmonk> so i won't be able to help
[09:54:34] <lkthomas> under smtp
[09:54:39] <lkthomas> content_filter=smtp-amavis:[IP]:10024
[09:57:55] *** war9407 has joined #postfix
[09:58:12] *** hever has joined #postfix
[10:02:14] <lkthomas> If all clients are not using submission port
[10:02:21] <lkthomas> how could I use smtp to sign message ?
[10:09:32] *** felix_da_catz has quit IRC
[10:12:26] *** pulsars has quit IRC
[10:15:07] <Marticus> is it possible to obtain a list of accounts on a server over smtp?
[10:17:40] *** Peasant has left #postfix
[10:24:33] *** oxtail has quit IRC
[10:27:22] <lkthomas> grrr
[10:27:34] <lkthomas> I got my domainkeys status passed, but still fall into yahoo junk mail box
[10:33:36] <f3ew> Marticus yes
[10:33:58] *** SniZ has joined #postfix
[10:39:05] <lkthomas> f3ew, do you use dkim ?
[10:44:46] <f3ew> no
[10:45:00] <checkers> lkthomas: DKIM isn't for anti-spam
[10:45:15] <Marticus> f3ew: how can you disable it?
[10:45:25] <f3ew> you can't
[10:45:27] <checkers> it's for verifification of the source of mail
[10:45:34] <lkthomas> holy shit
[10:45:42] <lkthomas> dkfilter is the old project
[10:45:45] <lkthomas> new one is dkimproxy
[10:45:46] <lkthomas> crap
[10:45:49] <Marticus> so, spiders cna get lists of users this way and there is nothing to be done
[10:45:49] <lkthomas> I installed the old one
[10:45:50] <Marticus> ?
[10:45:58] <lkthomas> checkers, I want my mail being signed
[10:46:25] <checkers> lkthomas: that's great, I was just pointing out that DKIM is not designed to convince mail servers your mail is not spam
[10:47:10] <Marticus> seems sketchy to allow a mail server to give out its user list upon request
[10:47:37] <lkthomas> nope
[10:47:40] <lkthomas> at least we did something
[10:48:07] <checkers> Marticus: I don't think f3ew is correct
[10:48:22] <Marticus> I don't think so too :)
[10:48:38] <Marticus> I mean, it doesn't make sense
[10:48:45] *** pulsars has joined #postfix
[10:48:46] <checkers> it's not possible with postfix
[10:48:50] <Marticus> from a security professional point of view
[10:48:52] * f3ew sighs
[10:49:15] * f3ew shrugs
[10:49:29] <Marticus> so how can I duplicate this?
[10:49:35] <Marticus> if I telnet to smtp port
[10:49:41] * f3ew introduces Marticus to backscatter, qmail and recipient verification
[10:50:11] <f3ew> I know how to disable address enumeration
[10:50:19] *** sophokles has joined #postfix
[10:50:20] * f3ew also knows why that is a bad idea
[10:51:16] <lkthomas> checkers, ever try to use dkim on your server ?
[10:51:19] <Marticus> I'm familiar with backscatter
[10:51:29] <Marticus> as a concept
[10:52:08] *** havvg has joined #postfix
[10:52:23] *** madrescher has quit IRC
[10:52:42] <checkers> lkthomas: I use it now
[10:53:22] <lkthomas> checkers, after using it, does your mail fall into junk ?
[10:53:27] *** SniZ has quit IRC
[10:53:56] <lkthomas> especially yahoo and hotmail ?
[10:56:27] <checkers> lkthomas: I haven't tested it
[10:56:31] <lkthomas> hmm
[10:56:37] <lkthomas> you should
[10:57:35] <checkers> why? it's only my personal server this is running on
[10:58:38] <lkthomas> hmm
[10:59:05] * checkers sees no need to run DKIM professionally yet
[11:08:48] *** Zblakany has quit IRC
[11:10:01] *** Lap_64 has joined #postfix
[11:19:35] *** sepski has joined #postfix
[11:48:39] *** oriba has joined #postfix
[11:49:10] *** af_ has joined #postfix
[11:57:40] *** lkthomas has quit IRC
[12:00:08] *** denis has quit IRC
[12:01:23] *** oriba has left #postfix
[12:02:43] *** madrescher has joined #postfix
[12:11:32] <Marticus> so, how does the enumeration work exactly?
[12:12:08] <Marticus> is it a random guessing game on the part of the connected offender or is there a simple "list" performed?
[12:12:31] *** denis has joined #postfix
[12:17:28] *** Extend has joined #postfix
[12:17:48] <f3ew> Marticus guessing game
[12:18:59] <spiekey> hi
[12:19:14] *** rootsvr_ has joined #postfix
[12:19:27] <spiekey> how can i send a mail to an address by using a manual mx record?
[12:20:22] <Marticus> f3ew: thanks, then that isn't as bad as I thought
[12:20:39] <Trengo> what is a manual mx record?
[12:21:03] <Marticus> I'm wondering if that kind of behavior can be minimized with something similar to fail2ban
[12:21:27] <f3ew> Marticus it's built into MTAs
[12:21:35] <Marticus> what is?
[12:21:36] <checkers> Marticus: if you are really worried, just make your gateway MX server accept *all* mail, and then simply blackhole that which goes to non-existant hosts
[12:22:06] <checkers> but spammers don't use either of these methods to get addresses anyway, so you should stop even thinking about it imo
[12:22:19] <Marticus> heh, I have no control over a mail gateway, but I'm thinking this company sadly does not have one
[12:22:27] <checkers> spammers find addresses on compromised windows hosts and web pages
[12:22:32] <Marticus> yeah I know
[12:23:09] <Marticus> I'm just trying to consider all possibilities, I've already resigned to the idea that enumeration is an RFC compliancy thing and caring about it is a waste of time
[12:23:27] <Marticus> I also like to know what I'm talking about when I approach the big boss man
[12:23:38] <checkers> what enumeration exactly?
[12:23:50] <Marticus> the aforementioned guessing game
[12:24:00] <checkers> that's not enumeration, that's guessing :P
[12:24:06] <Marticus> using user verification and randomness to guess accounts
[12:24:14] <f3ew> Marticus, the problem today is that trying to avoid enumeration is likely to get you blocked
[12:24:17] <Marticus> okay, well, call it what you will
[12:24:18] <Marticus> hehe
[12:24:27] <Marticus> f3ew perhaps
[12:24:29] <f3ew> as a spammer
[12:24:42] <Marticus> but I'm not thinking about it any more :)
[12:24:46] <checkers> good :P
[12:25:08] <Marticus> the customer was asking about, *cough* spamhaus *cough*
[12:25:34] <Marticus> so I've explained to them that yes we can add support for that and even spamcop if they wish it but Iexplained why this can be good and bad at the same time
[12:25:40] <Marticus> I personally hate RBLs
[12:25:52] <checkers> they block too much spam?
[12:25:59] <Trengo> must be
[12:26:04] <f3ew> !cheatsheet
[12:26:05] <knoba> f3ew: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[12:26:08] <Marticus> lol
[12:26:19] * f3ew recommends zen.spamhaus.org
[12:26:36] <Marticus> some of those uce mechanisms cause broken ISPs to get blocked
[12:26:42] <Marticus> and many customers use broken ISPs
[12:26:46] *** sophokles has quit IRC
[12:26:50] <checkers> the one problem with spamhaus is that xen includes the PBL, so if you deal with clueless SMBs you find their mailservers are in the PBL
[12:26:53] <Marticus> as for zen.spamhaus, that's what we use when we need to
[12:27:15] <checkers> that's why I generally stick with just the sbl-xbl
[12:27:19] <Marticus> sadly, we have an agreement with them and host a server ot two for them
[12:27:37] <Trengo> i've never had any problems, cept with a couple clueless local ISPs
[12:27:40] <Marticus> that agreement is the sad part, what we get out of it
[12:28:05] <Marticus> one of our servers is blocked because someone has a rogue script on their site, we tell them to unblock it, and they do
[12:28:11] <Marticus> regardless if the script is fixed
[12:28:25] <Marticus> that's why I hate RBLs because they are just like any company, easily corruptable
[12:28:32] <Trengo> thats not corruption
[12:28:41] <Trengo> they have an agreement with you
[12:28:45] <Marticus> okay, it's idiocy
[12:28:48] <Trengo> YOU'RE failing it
[12:28:59] *** madrescher has quit IRC
[12:29:00] <Trengo> you asked to delist without fixing
[12:29:21] <Trengo> when i ask for a delist, i check with customer FIRST if its fixed
[12:29:21] <Marticus> be careful with the "you"s
[12:29:24] <Marticus> I have nothing to do with it
[12:29:30] <Marticus> if I did, people would be fired
[12:29:42] <Trengo> and i tell them, if its not fixed, next time you lose connectivity
[12:29:49] <checkers> It is not a bad thing that RBLs are willing to delist bad IPs so quickly
[12:29:53] <Trengo> YOU said it, not me
[12:30:01] <Trengo> [11:28] <Marticus> one of our servers is blocked because someone has a rogue script on their site, we tell them to unblock it, and they do
[12:30:15] <Marticus> we in the corporate sense
[12:30:24] <Marticus> so, I will assume you mean, you, in the same sense
[12:30:30] <Trengo> that was YOU in the corporate sense
[12:30:30] <Marticus> :P
[12:30:54] <checkers> I'd prefer my RBLs to play it safe rather than be aggressive
[12:31:21] <Marticus> anyway I shouldnt say more about it
[12:31:26] <checkers> if you use an agressive RBL, the chance of you rejecting ham is too high
[12:31:38] * checkers prefers to block only certain spam sources with an RBL and just tag all remaining spam
[12:31:39] <Marticus> I still ride the bandwagon who believes RBLs are evil
[12:31:41] <Marticus> :P
[12:31:58] <Trengo> you must be pretty lonely up there
[12:32:03] <Marticus> not really
[12:32:19] <checkers> there are plenty who do the opposite
[12:32:21] <Trengo> i cant imagine a largish mail installation without it
[12:32:22] <Marticus> sometimes it is a necessary evil, mind you
[12:32:34] <checkers> rfc-ignorant has subscribers you know :)
[12:33:17] <Marticus> check, yeah, I tag spam as well, I don't let the server act on the tags, I let the customers do that
[12:33:21] <Marticus> or rather, I recommend that they do
[12:33:22] <Trengo> im afraid RBLs arent aggressive enough
[12:33:24] <Marticus> and give them the option
[12:33:40] <Trengo> too much junk coming in from dialups/dsl/cable that arent listed
[12:33:51] <Trengo> and thats all it is, junk
[12:33:54] <checkers> yeah, if you kill spam, there's too much risk you kill important stuff too
[12:34:01] <Marticus> yes
[12:34:08] <Marticus> the same holds true for RBLs
[12:34:16] <checkers> Trengo: as I said above, the PBL blocks many SMB mailservers that are setup wrong
[12:34:21] <checkers> Marticus: *some* RBLs
[12:34:42] <Marticus> you block an ISP who have recently had a few clients send spam in large quantities, many legit customers get blocked as well
[12:34:45] <Trengo> checkers and right they are too, if i break my mail setup, or get listed, I have to fix it
[12:34:52] <Trengo> why shouldnt they? :)
[12:34:53] <Marticus> companies with NATed networks also get the boot
[12:35:05] <Marticus> it is the only way, efficiently, to deal with it
[12:35:07] <Marticus> which is fine
[12:35:32] <checkers> Trengo: because that would be following RFCs to the letter, which is a bad thing imo
[12:35:47] *** rootsvr has quit IRC
[12:35:49] <checkers> if you do that, you end up like the folks at rfc-ignorant, blocking entire ccTLDs
[12:36:12] <Trengo> checkers i cannot imagine a reason to do that :)
[12:36:12] <Marticus> what is rfc-ignorant?
[12:36:16] <checkers> I do not use the PBL because I find that using it costs more than it gains me
[12:36:18] <Trengo> as im usually on the blocked end
[12:36:29] <Marticus> RFCs are not meant to be law BTW
[12:36:31] <checkers> Marticus: a very pedantic RBL
[12:36:36] <Marticus> they are meant to provide guidance
[12:36:55] <checkers> Marticus: they block gmail.com because abuse@ doesn't reply, etc
[12:37:24] <Marticus> I've seen good results with spamhaus and spamcop, but still, I've had customers complain and I hate whiney customers
[12:37:25] <Trengo> i read abuse and i dont reply either
[12:37:37] <Marticus> so let them get their spam with their legit stuff, give them spamassassin and let them sort it out
[12:37:47] <Marticus> if the server comes under heavy load, then we put RBL on it
[12:37:52] <spiekey> i would like to send a mail to my mailserver directly, to see if it accept mails. The Mailservers MX points to its proxy. --> How can i directly send a mail to my mailserver to see if it accepts it?
[12:38:06] <Trengo> spiekey telnet
[12:38:11] <Marticus> checkers, yeah, they kinda suck lol
[12:38:18] <checkers> Marticus: I'd suggest using the RBLs in something like spamassassin then
[12:38:33] <Marticus> check, good point
[12:38:34] <Trengo> i'd use everything and something more
[12:38:47] <Trengo> and it still comes in
[12:38:48] <spiekey> Trengo: how? :)
[12:38:50] <Marticus> it flags based on RBL, nice
[12:38:52] <checkers> no, a lot of SA is not worth the CPU cycles, at least on a busy server
[12:38:58] <Marticus> I forgot that possibility
[12:39:05] <checkers> you can simply configure it to score say 3 points per RBL
[12:39:10] <checkers> and siable the other checks
[12:39:14] <Trengo> why???
[12:39:17] <Marticus> and again, if the server becomes heavily laden with spam, well, RBL restrictions apply
[12:39:17] <spiekey> Trengo: port 25 is open for everyone, but my mailserver should ONLY acceppt mails from its proxy.
[12:39:37] <Trengo> why bringing the load to SA when you can let the MTA do it for much less?
[12:39:37] <checkers> combined with a forwarding nameserver, you have almost no load, and effective RBL filtering without too much CPU
[12:39:53] <checkers> Trengo: because the MTA can't do "if the total score is >5, reject"
[12:39:55] <Marticus> trengo, like I said, if it becomes a problem...
[12:40:37] <checkers> we use MailScanner here, because it provides very granual control over anti-spam and anti-virus
[12:40:38] <Trengo> checkers not worth it
[12:41:26] <checkers> Trengo: I decided otherwise
[12:41:36] <Trengo> checkers sure
[12:41:39] <Marticus> trengo is very strongly spoken :)
[12:41:54] <Marticus> it's good to have such advocates in the world
[12:41:56] <checkers> just very sure of being correct
[12:42:27] <Trengo> checkers not at all, if you prove me wrong, i will very humbly accept your evidence
[12:42:35] <Marticus> we wouldn't have things like gravity without advocates such as this
[12:42:50] <Trengo> when it is only a matter of opinions, i have mine, like anybody else
[12:42:57] <Marticus> the problem with proof is that it is buried in the pudding :P
[12:43:09] <Trengo> oh it is not :)
[12:43:15] <Marticus> if something works for one person, it may not work for another
[12:43:17] <Trengo> it is very much in the RT
[12:43:25] <Marticus> RT?
[12:43:27] <checkers> Trengo: your words say otherwise to me
[12:43:37] <Marticus> checkers lol
[12:43:38] <Trengo> Request Tracker
[12:43:43] <Marticus> lets leave that can of pudding closed
[12:43:44] <Marticus> I mean worms
[12:43:56] <checkers> yes, I have better things to do I suppose :-P
[12:43:58] <Trengo> oh by all means
[12:44:00] * checkers goes to do them
[12:44:15] <Marticus> well, this has been a very enlightening conversation
[12:44:21] <Marticus> but I also need to finish closing this ticket
[12:44:46] <Trengo> its chatting that we (sometimes) have new ideas :P
[12:45:07] <Trengo> at least i have learned from listening to others
[12:47:56] <Marticus> damnit
[12:48:06] <Marticus> dovecot has plaintext disabled by default when you turn on tls
[12:48:10] <Marticus> p.o.s
[12:48:25] <Marticus> oh well, at least the customer caught it
[12:48:49] <sysmonk> tickets tickets tickets
[12:49:02] <Marticus> yes, tickets...
[12:49:05] <Marticus> annoying little buggers
[12:49:12] <sysmonk> ye, i know :)
[12:51:19] <checkers> < Marticus> dovecot has plaintext disabled by default when you turn on tls <-- a good idea imo. it only takes you to setup IMAP insecurely connecting t your LDAP backend and suddenly someone has a login to your entire network
[12:54:49] *** xnixan has joined #postfix
[12:55:10] <Marticus> hrm, I suppose, but it helps to know it is a default :)
[12:55:28] <Marticus> so a customer migrating to tls has time to migrate
[12:58:15] *** tsauter has joined #postfix
[12:58:28] <tsauter> hi all
[13:00:36] <tsauter> I have a question about reject messages a server can send (5xx codes). If my postfix server rejects a message with 554: ...: Test error, then the sending postfix only see "554 Transaction failed". I am not sure which server I can blame for this
[13:03:08] *** fabounio has joined #postfix
[13:09:28] <Extend> guys i need a good howto about builfing rbldnds server
[13:11:01] *** cpm has joined #postfix
[13:12:42] *** af_ has quit IRC
[13:12:46] <Extend> hello
[13:14:02] *** majikman has quit IRC
[13:17:15] *** Fallenou has quit IRC
[13:17:16] *** Fallen[oqp] has joined #postfix
[13:17:37] <f3ew> Extend make?
[13:18:10] *** SeJo has joined #postfix
[13:18:54] <Extend> yes
[13:18:58] <Extend> i wanna make one
[13:19:10] <Extend> and let my postfix mta use it
[13:19:12] <Extend> to reject
[13:19:17] <Extend> i got the database files
[13:19:34] <Extend> just i want to know how to let the rbldnsd work with this zone files
[13:19:38] <f3ew> I meant, download the source and make(1)
[13:19:54] <Extend> now
[13:19:54] <Extend> no
[13:20:02] <Extend> i installed the rbldnsd daemon now
[13:20:08] <Extend> im running ubuntu 6.06
[13:20:23] <Extend> i installed it i need to configure it now
[13:20:25] <Extend> that's all
[13:24:44] <Extend> anybody here
[13:28:17] <Trengo> sorry, no experience there
[13:32:15] *** bhagat has quit IRC
[13:32:15] *** bhagat_ has quit IRC
[13:34:56] *** Zeit|awy_ has quit IRC
[13:35:42] *** root_ has joined #postfix
[13:35:47] *** fabounio has quit IRC
[13:36:23] *** root_ has left #postfix
[13:37:09] *** sepski has quit IRC
[13:42:18] *** spiekey has quit IRC
[13:44:37] *** fabounio has joined #postfix
[13:51:33] <tsauter> in the access maps I have an entry like test@ REJECT. Is it now possible to grant access to some senders anyway?
[13:52:12] <tsauter> somethink like test@ check_client_access hash:/tmp/test, REJECT doesn't work
[13:56:01] *** rurouni has joined #postfix
[13:56:45] *** rootsvr_ has quit IRC
[14:02:11] *** sophokles has joined #postfix
[14:02:54] *** saurabhb has joined #postfix
[14:04:39] *** sypher has joined #postfix
[14:05:54] *** m1n3s6 has quit IRC
[14:08:04] *** fabounio has quit IRC
[14:18:48] *** jellis-real has joined #postfix
[14:19:03] *** tsauter has quit IRC
[14:22:43] *** saurabhb has quit IRC
[14:34:00] *** sypher has quit IRC
[14:34:13] *** sepski has joined #postfix
[14:49:22] *** saurabhb has joined #postfix
[14:59:54] *** Spec has joined #postfix
[15:03:55] *** killerchicken__ has quit IRC
[15:08:36] *** syneus has quit IRC
[15:18:33] *** allan has quit IRC
[15:22:08] *** pulsars has quit IRC
[15:23:53] *** sophokles has quit IRC
[15:24:19] *** Lap_64 has quit IRC
[15:24:26] *** rurouni has quit IRC
[15:27:07] *** syneus has joined #postfix
[15:27:15] *** dafrog`_ has quit IRC
[15:29:02] *** ramoni has joined #postfix
[15:30:32] *** pa has joined #postfix
[15:31:39] *** netcrash has joined #postfix
[15:32:34] *** jingo811 has joined #postfix
[15:34:35] <jingo811> hello?
[15:34:56] <dragonheart> gm
[15:37:01] <jingo811> I'm having trouble with this howto http://workaround.org/articles/ispmail-etch/ is this the right place to ask questions about it?
[15:37:18] *** Mez is now known as Mez|DPC
[15:37:38] <dragonheart> if its the postfix part
[15:37:40] <roe> I think that depends on where you are having trouble
[15:38:00] <jingo811> hmm Chapter 6 - configuring Dovecot.
[15:38:58] <dragonheart> the dovecot/postfix interface or something else?
[15:39:46] <jingo811> I need help with this error.
[15:39:48] <jingo811> cobrakah:/etc/dovecot# /etc/init.d/dovecot restart
[15:39:48] <jingo811> Restarting mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 1026: With connect auth socket no other sockets can be used in same auth section
[15:39:48] <jingo811> cobrakah:/etc/dovecot#
[15:40:30] <ecrist> jingo811: I would ask in #dovecot
[15:41:10] <jingo811> You don't happen to know if workaround.org has a forum I can visit?  I don't like mailing lists too much.
[15:41:31] <dragonheart> have dovecot -n output handy
[15:42:10] <dragonheart> try irc #dovecot
[15:42:25] <jingo811> dragonheart, K tnx.
[15:57:39] *** kk_CHN has quit IRC
[15:58:11] *** af_ has joined #postfix
[15:59:23] *** Spec has quit IRC
[15:59:36] *** x-spec-t has joined #postfix
[16:00:38] *** pitakill has joined #postfix
[16:02:35] *** denis has quit IRC
[16:03:11] *** xpoint has joined #postfix
[16:03:42] <checkers> dovecot is basically dead
[16:03:42] *** x-spec-t is now known as Spec
[16:04:05] *** pulsars has joined #postfix
[16:04:07] <checkers> jingo811: it probably means you forgot to uncomment a curly brace. otherwise, it's just a general syntax problem you have to figure out
[16:05:31] *** tshine has joined #postfix
[16:06:25] *** mirovengi has joined #postfix
[16:06:30] <jingo811> a missing curly brace sounds very likely, because there's a } brace deep in the middle that I can't connect.  Too much comments in that file maybe I should erase everything unecessary.
[16:07:08] <checkers> sockets are inside auth {} which is inside some other section.. iirc
[16:07:32] *** xptr has joined #postfix
[16:08:14] <jingo811> you might be very right.  Unfortunately I'm not sitting on the test server so I can't say for sure at this moment.
[16:10:30] *** `k has quit IRC
[16:11:40] <jingo811> checkers, what do you mean by dovecot is basically dead?
[16:11:56] * cpm eyes jingo811
[16:12:03] <Dominian> er..
[16:12:07] <Dominian> how is dovecot dead?
[16:12:09] <cpm> dovecot is dead? I wonder if they know that.
[16:12:16] <ecrist> jingo811: i've found it good practice to save an 'example'/commented version of config files, and then build my own, sans comments.
[16:12:19] <Dominian> its on eof the most widely used pop3/imap servers in the world
[16:12:27] <ecrist> Dominian: I think he referred to #dovecot
[16:12:32] <Dominian> ah
[16:12:34] <Dominian> I hope so
[16:12:42] <cpm> ah,  yeah, that's probably so.
[16:12:50] *** Knoedel_ has quit IRC
[16:13:06] <Dominian> I was going to say.. dovecot is quite a powerful beast.
[16:13:33] <jingo811> ecrist, good call I'll do that this weekend :-)
[16:14:24] <ecrist> many configs loose about 95% of their bulk simply by removing all the comments.
[16:14:49] <jingo811> Dominian, checkers told me 20 lines up "dovecot is basically dead" - He didn't explain to me why so I wondered.
[16:22:20] *** c00l2sv has quit IRC
[16:23:19] *** jonkristian has joined #postfix
[16:24:14] *** c00l2sv has joined #postfix
[16:25:07] *** davidj has quit IRC
[16:25:07] *** david_ has quit IRC
[16:25:36] <checkers> sorry, I meant #dovecot
[16:25:45] <checkers> I think dovecot is very much alive and kicking :D
[16:26:08] <jingo811> ic
[16:26:57] *** joeTSUNAM1 has joined #postfix
[16:27:27] <jingo811> Courier is a Dovecot competitor right?  What's good or bad about Courier.  I have 2 tutorials one use Courier the other Dovecot.
[16:27:43] <cpm> competitor?
[16:27:53] <cpm> they are both imap servers, if that is what you mean.
[16:27:58] <jingo811> yeah
[16:28:23] <cpm> courier-imap is very well documented and understood, and getting a bit long in the tooth. dovecot is fresh and new, and spottily understood
[16:29:12] <jingo811> Courier howto: http://www.howtoforge.com/perfect_setup_debian_etch
[16:29:17] <jingo811> Dovecot howto: http://workaround.org/articles/ispmail-etch/
[16:29:30] <jingo811> I'm not sure which I should spend the most time on?
[16:29:59] <Trengo> and dovecot runs fine on shared storage, along with postfix; courier had troubles
[16:31:02] <cpm> you can read happy happy clicky click howtos, or you can go download the software, read the docs and learn, and make an informed choice. Personally, building new, I'd go dovecot. for many reasons, not the least of which is to be completely rid of cyrus-sasl
[16:31:46] <Trengo> cyrus didnt like shared storage either
[16:32:14] <cpm> most of the cyrus installations I've seen were born on 'shared storage'.
[16:32:29] <cpm> so, I'm not too sure i  follow you
[16:32:53] <checkers> the second link there I would say is a far better tutorial
[16:33:21] <checkers> the only problem I have with it is that it uses a mysql backend, which I think is overkill. But then, it does say it is 'isp style' :)
[16:33:37] <cpm> overkill for what?
[16:34:11] <jingo811> checkers, ok workaround.org - Dovecot it is then :-)
[16:34:31] <checkers> cpm: anything below an isp level setup
[16:34:53] <cpm> so, you will only have local users?
[16:35:02] <checkers> well, better to say as inappropriate
[16:35:13] <cpm> inappropriate? howso?
[16:35:14] <checkers> no, it is possible to use any of the table types with virtual users too in postfix
[16:35:19] <Trengo> well, nothing i did would make it work
[16:35:34] <Trengo> and i thought they made up murder because it doesnt run on shared storage
[16:35:41] <ecrist> checkers: I disagree.  I'm not an 'ISP', but I use a MySQL backend.
[16:35:44] <cpm> Trengo, I think that says more about the nature of cyrus in general :_
[16:35:46] <cpm> :)
[16:35:51] <checkers> cpm: I think most organisations should go from text -> LDAP
[16:36:08] <cpm> checkers, okay, then have at it.
[16:36:13] <ecrist> now, i think LDAP is overkill for many things.  including hobbyists.
[16:36:25] <Trengo> and postfix and dovecot installed and ran like a breeze
[16:36:33] <checkers> I don't feel that mysql offers many advantages over text until you have records numbering into the thousands, for this task
[16:36:49] <cpm> Trengo, yeah, what a difference time makes eh?
[16:37:02] <ecrist> checkers: the fact that you can build a secure webinterface for mail-only users is a huge plus
[16:37:05] <cpm> checkers, then don't use it.
[16:37:28] <checkers> cpm: I do not. I'm giving reasons for why I don't, because I think you asked me above :)
[16:37:32] <ecrist> whereas if you've got a web interface available on the outside that can read/write shell accounts - bad joojoo.
[16:37:32] <f3ew> Courier has a problem with shared storage?
[16:37:49] <cpm> f3ew, not to my knowledge.
[16:39:14] <f3ew> notto mine either
[16:40:56] <joeTSUNAM1> i upgraded my postfix from 2.4.3 to 2.5.2 and now i get errors about "maildir delivery failed:  Permission denied"
[16:41:19] <joeTSUNAM1> the configs still seem in tact, but i can't figure out whats wrong or changed..
[16:42:41] <joeTSUNAM1> any ideas?
[16:43:00] <checkers> are you running it as the same user?
[16:43:13] <xptr> hi all, i hope you will forgive me asking an incredibly newbish question. i have installed postfix and use it to send email through php from my domain. however, it ends up in the spam folder when sending to hotmail, yahoo, etc. the first "received" header contains "from [my ip] (EHLO [hostname]) ([myip]) by ...". the other only contains "by [hostname] (Postfix, from userid 33) id ...". so my general, rather confused, question is: what do i nee
[16:43:34] <joeTSUNAM1> yes, 1 thing i did notice is that it changed the postfix uid from 89 to 102
[16:43:36] <checkers> my psychic debugging attempt: you used to run postfix as root, now it runs as user postfix, and that doesn't have write permissions to all the right places
[16:43:43] <checkers> well, check groups :P
[16:43:49] <xptr> i suppose they should both say something like mail.mydomain.com for it to be accepted. i have set up a reverse dns for my ip that points to that, but that's about it
[16:43:59] <joeTSUNAM1> so i searched the drive and made sure all files were updated to the correct id
[16:44:18] <checkers> xptr: can you please post a full 'recieved' header listing?
[16:46:03] <xptr> checkers: http://pastebin.com/d407b5c6
[16:46:52] <checkers> xptr: well, it doesn't guarantee your mail won't appear in the junk mail folder, but you can reduce the chances by:
[16:47:18] <checkers> setting your EHLO to the FQDN of the machine, setting reverse DNS for that IP (or waiting for it to propogate)
[16:47:58] <checkers> otherwise there are generally more useful steps to take which are unrelated to your question
[16:49:14] *** rurouni has joined #postfix
[16:49:16] <xptr> checkers: how do i set the EHLO, and what would the other steps be? (i have set the reverse dns, and i have spf records)
[16:50:11] <checkers> it picks the HELO up from $myhostname
[16:50:21] <checkers> so you should really set the hostname of the machine correctly
[16:50:31] <checkers> you can simply set that variable though, which should work
[16:50:40] <vice-versa> set the reverse dns to what?
[16:50:44] <vice-versa> something made up by the looks of things
[16:51:14] <rurouni> how do i exclude a specific user address from the local virtual domain? i want all local mails to sending to an address to use the remote smtp relay and not distributed locally
[16:52:04] <checkers> SPF doesn't help with anti-spam btw, it is designed for verification of the source of mail
[16:52:47] <xptr> checkers: but isn't verifying the source a large part of preventing spam?
[16:52:52] <checkers> the big other steps are: don't send from an IP that is on any RBL, don't send from an IP that is near RBL'ed IPs, don't send spam ;)
[16:53:04] *** jingo811 has quit IRC
[16:53:28] <checkers> xptr: I register a new domain: freemeds.com. I then set an SPF record on this domain to 'allow mail from anywhere'. My botnet sends you an email. what does SPF say?
[16:55:16] <xptr> checkers: ok, i won't get into this discussion. :) but thanks a lot for your help, i really appreciate it
[16:55:48] *** hf|work has joined #postfix
[16:55:50] <hf|work> hi
[16:56:11] *** Zblakany has joined #postfix
[16:56:44] <hf|work> I have a specific transport for a subdomain my.domain.com  - how can I reject all mails to it, not coming from sasl authenticated users from this machine?
[16:57:19] <checkers> xptr: welcome :) I think SPF is good btw, but for its intended purposes only
[17:02:34] *** SniZ has joined #postfix
[17:10:35] *** idle-boy`` has joined #postfix
[17:10:36] *** idle-boy` has quit IRC
[17:17:03] * jonkristian scraches head
[17:17:27] * vice-versa moves away
[17:18:10] <jonkristian> Hey! I don't have dandruff
[17:18:31] * vice-versa runs away
[17:22:39] *** ecrist has left #postfix
[17:24:06] <jelly> checkers: however. I'm a spammer and use your (verified to be good) email adress in my envelope-from.  You don't have SPF set up, and receive backscatter.
[17:25:18] <jelly> ... however, people that configure their servers to use SPF correctly, probably configure them not to generate backscatter as well
[17:25:27] <checkers> jelly: yes, it can reduce backscatter. other methods can too though
[17:25:37] <checkers> not "can", "already do"
[17:33:16] *** fabounio has joined #postfix
[17:36:37] *** rurouni has left #postfix
[17:49:46] *** githogori has quit IRC
[18:01:15] *** havvg has quit IRC
[18:05:26] *** fabounio has quit IRC
[18:07:54] *** fabounio has joined #postfix
[18:11:55] *** linkslice has quit IRC
[18:16:01] *** Sysctl___ has joined #postfix
[18:16:33] *** linkslice has joined #postfix
[18:17:39] *** suuuper has quit IRC
[18:20:30] *** Hal0 has joined #postfix
[18:20:37] <Hal0> Hi
[18:20:58] <Hal0> i have a problem mit postfix. He say on a local mail transfer: mydomain.com loops back to myself
[18:21:20] <Hal0> but the domain: mydomain.de is entry in mydestionation
[18:21:49] <Trengo> .com or .de?
[18:21:54] <Hal0> both
[18:25:20] <rob0> pastebin the whole unmunged line
[18:26:23] *** mehulved_ has joined #postfix
[18:27:15] *** pulsars has quit IRC
[18:28:01] <rob0> do it soon, or I might not see it
[18:28:43] *** phnord has quit IRC
[18:29:51] * sysmonk sees something familiar between rob0 and Hal0
[18:30:10] *** majikman has joined #postfix
[18:30:13] * cpm wonders if sysmonk is familiar
[18:30:33] *** mehulved_ is now known as pulsars
[18:30:42] * sysmonk throws some potatoes at cpm
[18:30:57] *** Legality has joined #postfix
[18:30:58] <Legality> hi
[18:31:25] <Legality> any ideas on this one... I deleted a users virtual host(mail zone, dns zone etc) from my box so that the emails would not be delievered locally
[18:31:36] <Legality> now when I send an email to him, i get this error
[18:31:47] * cpm whacks'
[18:31:51] <Legality> mail for xxxx loops back to myself
[18:31:53] <cpm> em back with a tennis racket
[18:31:57] <cpm> mmm, tasty
[18:32:10] <Legality> cpm?
[18:32:11] <sysmonk> !loopback
[18:32:13] <knoba> sysmonk: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
[18:32:17] <sysmonk> Legality: ^^
[18:32:36] <cpm> http://xkcd.com/421/
[18:32:40] <Legality> oh, I gotta check that
[18:32:58] <sysmonk> cpm: heh, nice :)
[18:34:16] *** j_s has joined #postfix
[18:34:29] <Legality> sysmonk: any idea how my box thinks that the mail should be delivered locally?
[18:34:40] *** havvg has joined #postfix
[18:36:01] <sysmonk> it doesn't, that's the problem
[18:36:16] <sysmonk> it doesn't think the mail should be delivered localy, so it looks up where to send it
[18:36:22] <sysmonk> and finds itself, and tries to send to itself
[18:36:24] <sysmonk> making a loop
[18:36:45] <Legality> it shouldn't find itself because the domain is now on another server
[18:36:49] <Legality> it was moved from my box
[18:36:54] <Legality> wha.. cached dns info?
[18:36:54] <sysmonk> is it?
[18:36:57] <Legality> yeah
[18:36:59] <sysmonk> dig mx domain.com
[18:37:23] <Legality> bitch
[18:37:32] <sysmonk> nice to meet you
[18:37:33] <sysmonk> i'm alex
[18:37:34] <sysmonk> ;)
[18:37:34] <Legality> for some reason my box says that the nameservers havent been changed
[18:37:37] <Legality> haha
[18:37:51] <Legality> I have still dns data on my box regarding the domain?
[18:38:24] <sysmonk> how can i know ?
[18:38:29] <sysmonk> i'm not on your box :)
[18:38:56] <Legality> you dissapointed my sysmonk, you really dissapointed me
[18:39:00] <Legality> :)
[18:39:36] <rob0> Hard to help troubleshoot DNS issues without knowing the domain name[s].
[18:40:26] <Fallen[oqp]> :)
[18:40:30] <cpm> but once his box becomes self-aware, , , ,
[18:40:44] <rob0> oh wow, it's self-aware?
[18:40:46] <sysmonk> ofcorse, you can give me root and forget about your server
[18:40:52] <rob0> !evil
[18:40:52] <knoba> rob0: Error: "evil" is not a valid command.
[18:40:53] <sysmonk> i'll sell it to cpm
[18:40:58] <sysmonk> woot ?
[18:41:01] <sysmonk> nothin evil ?
[18:41:03] <sysmonk> !evil
[18:41:04] <knoba> sysmonk: Error: "evil" is not a valid command.
[18:41:07] <sysmonk> knoba has amnesia?
[18:41:09] <rob0> !sysmonk
[18:41:10] <Fallen[oqp]> sysmonk is evil beware =)
[18:41:10] <sysmonk> !sysmonk
[18:41:10] <knoba> rob0: "sysmonk" : evil
[18:41:12] <knoba> sysmonk: "sysmonk" : evil
[18:41:13] <cpm> rob0, it will be once it becomes aware of itself
[18:41:20] *** Fallen[oqp] is now known as Fallenou
[18:41:24] <sysmonk> still, !evil should have worked too :(
[18:41:27] <Legality> hmmh.. there's no hits regarding that domain in /etc/bind
[18:41:38] <Dominian> eh..
[18:41:51] <sysmonk> uh, what a **** distro has /etc/bind and not /etc/named?
[18:42:01] <rob0> what is /etc/bind ?
[18:42:12] <Legality> debian?
[18:42:15] <Legality> sec
[18:42:30] <sysmonk> ah, debian, nothing special then
[18:42:37] <sysmonk> lots of stupid things out there ;P
[18:42:51] <Legality> we've got apache2, not httpd
[18:43:28] <Legality> but anyways.. When I run the dig mx I see that my box thinks that the dns hasn't been changed, even though it has been
[18:43:33] <Dominian> er..
[18:43:37] <Legality> which means that I need to flush my boxes dns info
[18:43:42] <Dominian> apache2 is pretty much synonymous to httpd
[18:43:48] <Legality> I know
[18:43:57] <rob0> that would be my guess (flush the DNS cache)
[18:44:06] <Legality> now I need to learn how :>
[18:44:20] <sysmonk> rndc flush
[18:44:20] <rob0> rndc flush #maybe
[18:44:25] <Dominian> rn.. what they said
[18:45:57] <Legality> hmmh...
[18:46:03] <Legality> not really comfortable with that
[18:46:09] <Legality> isn't there any cache folder etc?
[18:46:10] <sysmonk> ?
[18:46:14] <sysmonk> o_O
[18:46:22] <sysmonk> no, bind caches into memory
[18:46:25] <Legality> shit
[18:46:30] <Legality> here it goes
[18:46:46] <rob0> it's harmless, what are you worried about?
[18:46:49] <sysmonk> you can use flushname thought
[18:46:57] <sysmonk> rob0: 16tb of cache entries! :P
[18:47:04] <Legality> well.. didn't do anything
[18:47:13] <sysmonk> Legality: what domain is it?
[18:47:18] <Legality> the dig still shows that the domain is pointed to my box
[18:47:27] <cpm> you'll never know! ah, , hahahaha
[18:47:37] <sysmonk> maybe root still publish the old dns servers
[18:47:41] <rob0> are you using an upstream resolver, like forwarders for the "." zone?
[18:47:42] *** m_p has quit IRC
[18:47:50] <sysmonk> or maybe you use a recursive dns server with other recursive dns srevers
[18:47:53] <rob0> 16:39 < rob0> Hard to help troubleshoot DNS issues without knowing the domain name[s].
[18:48:07] <Legality> laitila.org
[18:48:31] <Legality> no idea why the box thinks it's still in the old server
[18:48:31] <sysmonk> what's the ip of your server?
[18:48:40] <Legality> they're both my servers
[18:48:43] <rob0> 213.239.214.157 is what I get
[18:48:47] <sysmonk> same here
[18:48:48] <Legality> that's the new one
[18:48:52] <Legality> that's what it should be
[18:49:01] *** syneus has quit IRC
[18:49:13] <Legality> the old box still thinks the domain points to the old box
[18:49:18] <rob0> sounds like a cache upstream
[18:49:26] <rob0> or the flush didn't work
[18:50:03] <Legality> hrrrrhhh
[18:50:08] <rob0> what is the ttl? Check TTL, flush again, check TTL again.
[18:50:24] <Legality> 86400
[18:50:31] <Legality> but hell, TTL shouldn't matter if I flush it?
[18:50:42] *** sepski has quit IRC
[18:50:46] *** af_ has quit IRC
[18:50:49] <rob0> you'd query again and the TTL would start counting down again
[18:51:18] <rob0> but if there's an upstream resolver, the previous TTL would keep counting down
[18:52:05] <Legality> so... any proper fix?
[18:52:16] <sysmonk> so... any proper asnwer?
[18:52:18] <Legality> gotta patiently wait until TTL ols
[18:52:29] <sysmonk> Legality: rob0 asked about ttl
[18:52:32] <sysmonk> you didn't answer
[18:52:46] <Legality> 86400?
[18:52:58] <sysmonk> urgh
[18:53:05] *** tshine is now known as tshine|afk
[18:53:23] <sysmonk> Legality: do: dig mx laitila.org; rndc flush; dig mx laitila.org
[18:53:26] <sysmonk> and pastebin the results
[18:53:46] <cpm> rob0 flush;
[18:54:12] <sysmonk> alias rob0 rndc
[18:54:14] <sysmonk> rob0 flush
[18:54:36] <Legality> sysmonk: it doesn't do any difference
[18:54:48] <Legality> the flushing i mean
[18:54:54] * rob0 sighs
[18:55:43] <sysmonk> ..
[18:55:54] <sysmonk> thanks for the pastebin
[18:55:57] <Legality> oh
[18:55:58] <Legality> wait a min
[18:57:13] *** saurabhb has quit IRC
[18:57:26] <Legality> oh... hmm..
[18:57:52] * cpm chuckles, , , man sysmonk is a smart*ss
[18:57:54] <cpm> :)
[18:58:06] * rob0 trained sysmonk
[18:58:33] *** joeTSUNAM1 has left #postfix
[18:58:44] * sysmonk is now an evil trained smart*ss
[18:58:56] <Legality> oki
[18:58:56] <Legality> http://pastebin.org/43466
[18:59:13] <Legality> don't bother about the dns-settings :> it's an old test box
[18:59:38] <sysmonk> Legality: o_o
[18:59:39] <rob0> That's authoritative.
[18:59:44] <sysmonk> yup
[18:59:49] <Legality> rob0 huh?
[18:59:50] <sysmonk> authority: 2
[19:00:05] <sysmonk> Legality: your dns server, which is specified in /etc/resolv.conf, is responsible for the domain
[19:00:06] <rob0> IOW, your named thinks it is authoritative.
[19:00:11] <sysmonk> and has old records
[19:00:24] <sysmonk> yeah, it THINKS it is :)
[19:00:28] <sysmonk> AI, you know
[19:00:33] <Legality> hmmh...
[19:01:00] <Legality> so how can I correct it?
[19:01:07] <sysmonk> remove the zone from that DNS server?
[19:01:15] <sysmonk> it's not responsible for the domain anymore
[19:01:15] <rob0> Remove it from your named.conf perhaps?
[19:01:43] <sysmonk> and, if you can, always try to have different DNS servers for authoratitive zones and for recursion
[19:01:50] <sysmonk> in that way you'd avoid troubles like this
[19:03:01] <Legality> rob0: there is no entry for that domain in named.conf
[19:03:08] *** Tjikkun has quit IRC
[19:03:27] <sysmonk> Legality: then restart named
[19:03:34] <sysmonk> maybe you've removed the zone, but didn't reload named
[19:03:52] <sysmonk> if you're 101% sure it's not there :)
[19:04:57] <Legality> yup
[19:04:58] <sysmonk> hmmm
[19:05:00] <Legality> reloading helped
[19:05:04] <Legality> the dig changed
[19:05:10] <Legality> lets see what happens now
[19:05:20] <sysmonk> where did i see that hostname..
[19:05:29] <sysmonk> Legality: did i help you before?
[19:06:04] <Legality> sysmonk: I think you did
[19:06:24] <sysmonk> atleast that edullinenhoteli or something like that seems familiar to me
[19:06:30] <sysmonk> yup
[19:06:52] <sysmonk> ./FreeNode/2007/04/08/legality.log:2007-04-08 12:58:48 <sysmonk>  you're sending mail from: vu2071 at localhost dot edullinenwebhotelli.info
[19:07:45] <Legality> haha
[19:07:50] <Legality> more than a yea ago
[19:08:13] <sysmonk> yup
[19:09:50] <Legality> is that on april?
[19:09:58] <Legality> which comes first, day or month?
[19:10:03] <Legality> *In this case
[19:12:53] *** Legality has left #postfix
[19:12:58] <sysmonk> month
[19:21:04] *** nfsnobody has quit IRC
[19:24:31] *** amrit|zzz is now known as amrit|wrk
[19:30:10] <_apk> hi! I have a question...I asked here before but I don't remeber the answer
[19:30:30] <Dominian> 42
[19:31:00] <_apk> I have a mail server with 2 ip and I have to send mail for 2 domains...have I to use virtual domains, or can I do in a different way?
[19:31:22] <Dominian> You can use virtual
[19:31:28] <Dominian> you can point as many domains as you want at one IP
[19:31:30] <_apk> oh yes 42 Dominian :P
[19:32:05] <_apk> yes I know. But I have 2 different ip, and I want to use them, one for one domain (my personal domain) and the other for work
[19:32:31] <_apk> so is there a different way to do this without using virtual domains? :)
[19:32:58] <vice-versa> you have to run two distinct instances of postfix
[19:33:20] * Dominian nods
[19:33:39] <vice-versa> which is doable, but not trivial
[19:34:33] <_apk> oh thank you vice-versa!
[19:34:51] <_apk> I have to study how can I this :)
[19:35:02] <vice-versa> 42
[19:35:05] <_apk> how I can do this :)
[19:36:33] <vice-versa> iirc, there is something on http://www.postfix.org/docs.html related to doing this
[19:38:04] <_apk> yes: http://advosys.ca/papers/postfix-instance.html , thank you :)
[19:38:43] *** netcrash has quit IRC
[19:40:46] *** nfsnobody has joined #postfix
[19:45:34] *** Draecos has joined #postfix
[19:54:58] *** bpgoldsb has joined #postfix
[20:00:05] *** allan has joined #postfix
[20:12:59] *** raz has joined #postfix
[20:13:15] <raz> how can i tell postfix to not do reverse dns lookups on smtp connections?
[20:14:04] <sysmonk> disable_dns_lookups = off
[20:14:27] <sysmonk> woops
[20:14:27] <sysmonk> sorry
[20:14:46] <raz> hm ok
[20:14:56] <raz> and that doesn't affect outgoing mails?
[20:15:03] <raz> the man-page is a bit unclear about that
[20:15:19] <sysmonk> raz: forget that, that's a lie
[20:15:31] <raz> ah ok
[20:15:37] <raz> well, at least you're honest ;)
[20:16:53] * sysmonk tries to remember what was the param
[20:17:29] <raz> there's quite a few dns related options in man 5 postconf
[20:17:52] <raz> ah no, actually it's only 3
[20:17:57] <raz> disable_dns_lookups
[20:18:02] <raz> lmtp_host_lookup
[20:18:08] <raz> smtp_host_lookup
[20:18:18] <raz> the latter seem to affect outgoing mail
[20:18:59] <sysmonk> smtpd_peername_lookup
[20:19:06] <sysmonk> try that
[20:19:41] <raz> aaaaaaah!
[20:19:44] <raz> nice, thx! :D
[20:24:01] <raz> yup, works like a charme
[20:27:01] <xptr> i've set my hostname to my FQD but i'm still seeing the old hostname in the "received" header of the mail. i've set the hostname with "hostname", changed /etc/hosts/, run /etc/init.d/hostname.sh start, and reloaded postfix configs. nothing helps. what giveth?
[20:27:18] *** denis_ has joined #postfix
[20:27:36] <sysmonk> xptr: postconf mydomain
[20:27:44] <sysmonk> and postconf myhostname
[20:28:14] *** githogori has joined #postfix
[20:28:33] <xptr> sysmonk: myhostname = ignatius (that's the old one, the one i'm trying to change)
[20:28:42] <xptr> and mydomain = localdomain
[20:28:49] *** robboplus has joined #postfix
[20:30:30] <sysmonk> xptr: so change it in main.cf
[20:31:25] <xptr> sysmonk: why doesn't postfix pick it up from the system wide hostname when i reload configs?
[20:34:46] <vice-versa> is it what you think it is?, hostname -f
[20:35:29] <xptr> vice-versa: yeah, it is. and setting myhostname in main.cf worked fine (sysmonk: thanks!). i was just confused about having to do that..
[20:35:41] <sysmonk> xptr: cause it's a changeable param. read about $mydomain and $myhostname
[20:35:43] <sysmonk> !mydomain
[20:35:43] <knoba> sysmonk: "mydomain" : a configuration parameter in the main.cf: The internet domain name of this mail system. The default is to use $myhostname minus the first component. $mydomain is used as a default value for many other configuration parameters.
[20:35:44] <sysmonk> !myhostname
[20:35:45] <knoba> sysmonk: "myhostname" : a configuration parameter in the main.cf: The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
[20:36:09] <sysmonk> if you dont have $myhostname set - it will use system hostname
[20:36:26] <vice-versa> which is desirable in some instances
[20:38:45] <xptr> ok
[20:53:44] *** tombar has joined #postfix
[21:02:23] *** [raz] has joined #postfix
[21:02:34] *** brancaleone has joined #postfix
[21:03:58] *** jay74_ has joined #postfix
[21:04:48] *** fabounio has quit IRC
[21:04:52] *** rydah has joined #postfix
[21:07:55] *** PhilKC has quit IRC
[21:14:44] *** raz has quit IRC
[21:14:44] *** [raz] is now known as raz
[21:22:19] *** fabounio has joined #postfix
[21:25:18] *** UQlev has joined #postfix
[21:36:02] <xptr> i'm going insane. i can't get hotmail or yahoo to accept my emails. i've spent a day configuring this, and i'm pretty sure i'm not on any blacklist. can someone help me by having a look at the headers?
[21:39:04] *** PhilKC has joined #Postfix
[21:43:29] <vice-versa> !SenderID
[21:43:30] <knoba> vice-versa: "SenderID" : Having hotmail delivery issues? - Consider having your server added to the Microsoft Sender ID program. Get your house in order first! Add a reverse dns ptr record for the ip of the server, forward should match reverse and helo. Create a valid spf record for the domain(s) then wander on over to https://support.msn.com/eform.aspx?productKey=senderid&ct=eformts and submit your request to be added
[21:44:39] <xptr> thanks, but it's not just hotmail, it's yahoo also, and possibly more (haven't tried any others)
[21:44:54] <xptr> except for bugmenot.com
[21:45:49] <vice-versa> meh, I'm sure they all don't use the same delivery policies
[21:46:15] <xptr> that's my point -- something has to be wrong with my setup, but i can't figure out what
[21:46:35] <xptr> it works when i send to gmail. i'm not sure if that might have something to do with using google apps for my domain, so my mx records point to google
[21:48:10] <vice-versa> are they being rejected, delivered to spam/junk or silently discarded?
[21:48:58] <xptr> in the case of yahoo, delivered to spam. in the case of hotmail, silently discarded
[21:49:27] <mwalling> whats a 554 status code?
[21:49:59] <xptr> transaction failed, i think
[21:51:16] *** jay74_ has left #postfix
[21:51:18] <vice-versa> is the 554 response on connection?
[21:51:27] *** [diablo] has joined #postfix
[21:52:42] <vice-versa> anyway, iirc, a 554 in any other context is "no valid recipients"
[21:53:35] <mwalling> yeah
[21:53:46] <mwalling> i'm trying to find the internal SMTP server here
[21:54:11] <mwalling> right on connect, i get that
[21:54:52] <vice-versa> yeah, "No SMTP service available" or something to that affect
[21:55:45] *** cpm has quit IRC
[21:56:59] *** stefan-f has quit IRC
[22:01:40] *** GoGi2 has joined #postfix
[22:02:41] *** GoGi2 is now known as GoGi
[22:02:55] *** pirho has joined #postfix
[22:04:15] <xptr> vice-versa: would you mind having a look?
[22:04:33] <vice-versa> at?
[22:05:07] <xptr> having a look at the headers from a rejected mail
[22:05:19] <vice-versa> sure, pastebin them
[22:05:26] <xptr> i've now also tried inbox.com, btw. those headers included a "x-spam-ratio: 9"..
[22:05:27] <xptr> ok, hang on
[22:06:32] <xptr> http://pastebin.com/d134c51e9
[22:06:51] <xptr> i've changed the ip and domainname to MYIP and MYDOMAINNAME, respectively. i don't want them indexed by search engines
[22:07:00] <xptr> otherwise the headers are unchanged
[22:08:20] <vice-versa> well those are important details in this context
[22:09:05] <xptr> why?
[22:09:30] <xptr> are there additional things that need to be looked up?
[22:09:52] <vice-versa> so we can see what they are
[22:11:33] *** woody4u has joined #postfix
[22:12:06] <woody4u> hi @all
[22:13:15] *** havvg has quit IRC
[22:23:17] *** githogori has quit IRC
[22:25:56] *** diqpib has joined #postfix
[22:26:33] *** githogori has joined #postfix
[22:34:57] *** fabounio has quit IRC
[22:36:34] *** jellis-real has quit IRC
[22:42:40] *** UQlev has quit IRC
[22:46:59] *** tshine|afk is now known as tshine
[22:50:59] *** pulsars has quit IRC
[22:55:36] *** Fallenou has quit IRC
[22:58:04] *** pa has quit IRC
[23:00:30] *** Baub has joined #postfix
[23:00:47] *** penrod has joined #postfix
[23:02:12] *** ramoni has quit IRC
[23:02:59] *** xptr has left #postfix
[23:03:14] <penrod> greetings: my mail server went sideways earlier, something to do with amavis, nonetheless I have brought it back up and disabled tha amavis (temporarily) . the issue- several hundred emails in the que and when I have postfix flush the que, I get "status=deferred (mail transport unavailable)" any easy resolution ?
[23:08:46] <tuxick> get amavis out of the way
[23:09:08] <tuxick> that's a bit in master.cf and corresponding port in main.cf no?
[23:09:23] * tuxick got some amavis traumas, so it's blocked from mem
[23:09:26] <penrod> amavis is out of the way, I have the server running without it
[23:09:48] <vice-versa> postsuper -r ALL
[23:09:58] <penrod> the mail server is running now, except I can't seem to flush the mailq
[23:10:24] <vice-versa> that will requeue the mail
[23:10:58] <penrod> thankyou, I thought /etc/init.d/postfix flush would do the same thing
[23:11:12] <vice-versa> followed by a postqueue -f if you're impatient
[23:12:33] <penrod> vice-versa: that did it 10 items left in que, I usually forget about the postsuper command, argh, thanks again
[23:13:56] *** diqpib has quit IRC
[23:13:59] <vice-versa> np
[23:23:02] *** Draecos has quit IRC
[23:24:40] *** j_s has quit IRC
[23:42:57] *** dragonheart has quit IRC
[23:44:39] *** mirovengi has left #postfix
[23:48:40] *** denis_ has quit IRC
[23:50:22] *** penrod has quit IRC
[23:54:42] *** AllenJB_ is now known as AllenJB
[23:56:24] *** madrescher has joined #postfix





top