[00:00:38] <vice-versa> !fish
[00:00:39] <knoba> vice-versa: "fish" : Give an admin a fish and you feed them for a day. Teach an admin to fish and you feed them for a life. -- All new anglers, please see the following channel factoids, !tutorial !basic !standard !faq !logs !debug !smtpd!=smtp
[00:00:46] <p_masho> like now.. Just want to know how many items in the q!
[00:02:07] <vice-versa> qshape or qshape.pl
[00:02:27] <vice-versa> http://www.postfix.org/QSHAPE_README.html
[00:08:09] *** Zblakany has quit IRC
[00:11:19] <vice-versa> !manuals
[00:11:19] <knoba> vice-versa: "manuals" : Postfix manual pages. See: http://www.postfix.org/postfix-manuals.html
[00:11:23] <vice-versa> !fish
[00:11:24] <knoba> vice-versa: "fish" : Give an admin a fish and you feed them for a day. Teach an admin to fish and you feed them for a life. -- All new anglers, please see the following channel factoids, !tutorial !basic !standard !faq !manuals !logs !debug !smtpd!=smtp
[00:13:03] <p_masho> vice-versa: cool.. everything seems fine.. thanks for all the help... root of my problem was the content_filter !!
[00:13:19] <vice-versa> np
[00:13:52] <vice-versa> !docs
[00:13:52] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[00:17:40] *** madrescher has joined #postfix
[00:20:02] *** lila_mbp has joined #postfix
[00:20:13] <lila_mbp> hey guys
[00:20:39] <lila_mbp> does anybody know, how I get a registeres trademark character into a subject line?
[00:21:49] <vice-versa> Subject: Know your PostFu (tm)
[00:23:10] <lila_mbp> ;-)
[00:24:20] <vice-versa> lemme guess, this is something management wants?
[00:24:47] <vice-versa> or marketing...
[00:25:32] <lila_mbp> true
[00:25:54] *** tombar has joined #postfix
[00:48:46] <lila_mbp> ok, got it. I sent myself a mail via thunderbird and it q-encoded it, so I could simply copy&paste it :-)
[00:52:34] *** lila_mbp has quit IRC
[00:57:30] *** suuuper has quit IRC
[00:59:23] *** seekwill has joined #postfix
[01:10:34] *** |seb| has joined #postfix
[01:12:02] *** madrescher has quit IRC
[01:12:05] <|seb|> How make POSTFIX make SENT emails all appear to come from a DIFFERENT domain?
[01:12:32] <seekwill> How so?
[01:12:48] <seekwill> What part are you trying to ... fake?
[01:14:12] <|seb|> My Xen VM host provider has wrong domainname
[01:14:19] <|seb|> I need to correct it
[01:14:21] <shasta> !myhostname
[01:14:22] <knoba> shasta: "myhostname" : a configuration parameter in the main.cf: The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
[01:14:31] <shasta> !myorigin
[01:14:32] <knoba> shasta: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.
[01:14:38] <shasta> seb, ^^^^
[01:14:52] <|seb|> thanks
[01:17:35] *** j_s has quit IRC
[01:17:55] *** hever has quit IRC
[01:20:51] *** allan has joined #postfix
[01:24:02] *** tombar has quit IRC
[01:29:29] <micols__> http://linux.rlogin.org/postfixtest
[01:29:40] <micols__> what am i doing wrong? i have both sasl_password and transport file in /etc/postfix
[01:29:55] <micols__> it should relay through smtp.gmail.com
[01:30:09] <micols__> all emails from "virtuelgalathea3.dk"
[01:30:46] <micols__> virtuelgalathea3.dk              smtp:smtp.gmail.com is content of my transport file
[01:31:26] <micols__> smtp.gmail.com  user:pass at smtp dot gmail.com is my sasl_password file
[01:32:00] <micols__> i have run postmap sasl_password; postmap transport; postfix reload .
[01:32:21] <micols__> no matter what i do it seems that it routes through my default smtp
[01:32:52] <shasta> i'd like to see your postconf -n
[01:32:55] <shasta> just to be sure
[01:33:13] <shasta> but usually transports are picked according to *destination*
[01:33:37] <micols__> http://pastebin.com/m75b63428
[01:33:55] <micols__> damn.. can't it pick up by "from header" ?
[01:34:56] <micols__> like if i telnet in to localhost 25, and say mail from: vg3 at virtuelgalathea3 dot dk , postfix should route virtuelgalathea3 mails (from this address) through another smtp than the default one
[01:35:48] <shasta> that's a nice way to be an open relay
[01:36:15] <shasta> "just use mail from: <whatever at virtuelgalathea3 dot dk> and you can send mails to all over the world"
[01:36:53] <micols__> i am not having an open relay :)
[01:37:08] <micols__> its only open for 127.0.0.1
[01:37:20] <shasta> !sender_dependent_relayhost_maps
[01:37:20] <knoba> shasta: "sender_dependent_relayhost_maps" : A configuration directive in main.cf for sender based message routing. See http://www.postfix.org/postconf.5.html# sender_dependent_relayhost_maps
[01:37:33] <micols__> oh, i did look into that directive
[01:37:44] <micols__> but then i got a weird error from postfix
[01:37:47] <micols__> just a moment
[01:37:48] <p_masho> anyone here know which debian package the "mailto" command is in ?
[01:38:09] *** sepski has quit IRC
[01:38:09] *** toko has joined #postfix
[01:38:20] * p_masho oops wrong channel >> #debian
[01:38:38] <toko> Hi
[01:39:23] <shasta> p_masho, what's so hard in googling "debian packages", then going to packages.debian.org, then looking it up yourself? instead of wasting others' time? :)
[01:39:37] <toko> can anybody help me with a postfix config issue (realted to my networks parameter) ?
[01:39:47] <shasta> toko, not until you state your issue
[01:39:52] <toko> :)
[01:40:21] <vice-versa> !ask
[01:40:22] <knoba> vice-versa: "ask" : If you have a question, just ask. Precise questions lead to precise answers. Vague descriptions of your problem will get you nowhere. See also: http://workaround.org/moin/GettingHelpOnIrc
[01:40:37] <p_masho> shasta: PLEASE note I said wrng channel earlier... I am a newbie and sorry !!!!!!!!!!!!!
[01:40:44] <micols__> shasta: http://linux.rlogin.org/postfixerror
[01:41:14] <micols__> that is syslog output, /etc/postfix/transport content, /etc/postfix/main.cf
[01:41:15] <shasta> p_masho, doesn't matter if you waste ours or #debian time; take an advice from a more experienced user: those things are so easily googlable...
[01:41:51] <toko> oki...I have a postfix installed on a host...let's say 90.25.32.4 and I want this host to ONLY allow connections from a remote host 192.168.2.3 to act as a relay
[01:41:52] *** war9407 has quit IRC
[01:42:24] <shasta> add 192.168.2.3 to mynetworks
[01:42:34] <toko> so I've put in main.cf...mynetworks = 192.168.2.3/32
[01:42:40] <micols__> i ofcourse remembered to do postfix reload, i wonder what that error is about
[01:42:46] <toko> sure i did it
[01:43:03] <micols__> it says relay=none
[01:43:06] <shasta> micols__, "postconf -n" please :)
[01:43:33] <micols__> shasta: http://linux.rlogin.org/postfixerror i appended that postconf -n now
[01:43:36] <toko> the thing is that I can still sens emails to the server from other IP adresses than 192.168.2.3
[01:44:03] <vice-versa> toko: postconf mynetworks
[01:44:56] * vice-versa seems to remember that /32 doen't work as expected in mynetworks
[01:44:59] <shasta> toko, to the 90.25.32.4 server? that's kinda obvious...
[01:45:25] *** mash_ has joined #postfix
[01:45:36] <shasta> adding 192.168.2.3 to mynetworks means that 192.168.2.3 can use 90.25.32.4 to send mail to the "outside" world
[01:45:59] <shasta> by default postfix will accept mail for domains it's local destination for from everyone
[01:47:46] <toko> I do not get that...I use 90.25.32.4 as a relay only (that's what I wanna do)...and would like to allow only 192.168.2.3 to connect
[01:48:43] <shasta> toko, and what happens if I want to send you an email? :)
[01:48:44] <toko> there is ibviously something I do not understand in the way mynetworks works
[01:49:11] <toko> I do not want you to be able to do that lol
[01:49:12] <shasta> (you == a mail to any domain with MX eventually pointing to 90.25.32.4)
[01:49:27] <shasta> then you'll be RFC ignorant
[01:50:12] <shasta> because if your 192.168.2.3 uses your 90.25.32.4 to send an email to me, and my server "for some reason" cannot deliver the message, then my server will send you a DSN
[01:50:30] <shasta> which your 90.25.32.4 will reject
[01:50:34] <shasta> that's _bad_
[01:50:35] <shasta> mmkay?
[01:51:07] <toko> actually...I am building competencies on Postfix...and I am doing that to see how the postfix behaves...and understand better the filtering mechanisms
[01:51:50] <micols__> shasta: http://linux.rlogin.org/postfixerror check the log now, it should contain _everything_
[01:52:42] <micols__> whops, forget about that 644, it is 640 :)
[01:53:02] <shasta> toko, actually, mynetworks is just a parameter; more important is "permit_mynetworks" restriction :)
[01:53:54] <shasta> /etc/postfix/transport file (640 chmod, root:postfix)
[01:53:56] <shasta> is it?
[01:54:03] <shasta> according to ls -l output it's root:root
[01:54:24] <toko> ok let me see that
[01:55:31] <micols__> oh yeah shasta
[01:55:38] <micols__> testing again, reloading and telnetting , 1min
[01:56:20] <micols__> now i get a different error!
[01:56:51] <micols__> http://linux.rlogin.org/newerror
[01:57:23] <micols__> seems it doesnt recognize smtp protocol even though i specified smtp:smtp...
[01:57:27] *** p_masho has quit IRC
[01:57:41] <micols__> virtuelgalathea3.dk              smtp:smtp.gmail.com
[01:57:44] <micols__> in my transport file
[01:57:58] <micols__> which has a db file generated and up to date
[01:58:06] <vice-versa> try, virtuelgalathea3.dk              smtp:[smtp.gmail.com]
[01:58:34] <toko> shasta : Hummm...I do not see the link between permit_mynetworks and what I wanna do
[01:58:35] <micols__> then i change in sasl_password too right?
[01:58:43] <micols__> [smtp.gmail.com] user:pass
[01:59:08] <vice-versa> no
[01:59:13] <shasta> toko, actually, I don't understand what you want to do. :-)
[01:59:32] *** Fallenou has quit IRC
[02:02:05] <toko> ok...I have a mail client on 192.168.2.3 and I want this email client to be the only one to be allowed to use my postfix on 90.25.32.4 to send emails to the internet
[02:02:44] <shasta> micols, that's easy :) try: dig smtp.gmail.com mx
[02:02:58] <toko> and I want to reject any connection but 192.168.2.3 at the postfix server level
[02:02:59] <shasta> micols, then read man 5 transport ;-)
[02:03:24] <shasta> toko, so you basically want to ignore RFC, right?
[02:04:05] *** dragonheart has joined #postfix
[02:04:32] <toko> I guess...if you say so, I msut admit I did not read it carefully...yet
[02:04:45] <shasta> I gave you an example
[02:04:57] <vice-versa> toko: clarify, is 90.25.32.4 a final destination for a domian or no?
[02:04:59] <shasta> simple question: is 90.25.32.4 an MX for _any_ domain? :)
[02:05:12] *** mash_ is now known as p_masho
[02:05:30] <toko> no to both question...90.25.32.4 is not know in DNSs..yet
[02:05:44] <shasta> the "yet" part scares me
[02:05:47] <micols__> shasta: i tried man transport, but i didnt understand much of it :)
[02:06:01] <shasta> micols, did you try the dig line? :)
[02:06:29] <micols__> where should it be placed, man 5 transport doesn't mention it
[02:06:39] <shasta> in your bash prompt ;-)
[02:06:50] <toko> I zm building a server...and I am going step by step...in the end it will be known and visible
[02:07:05] <micols__> nah, no such command :)
[02:07:14] <shasta> micols__, host -t mx smtp.google.com
[02:07:14] <micols__> i thought about main.cf?
[02:07:21] <toko> for now I just want to use it as a relay that only allow my vleint for connection
[02:07:27] <vice-versa> what does "known and visible" mean?
[02:07:45] <micols__> root@cpq:~# host -t mx smtp.google.com
[02:07:45] <micols__> bash: host: command not found
[02:07:55] <micols__> i could try nslookup but not sure its the same?
[02:08:01] <micols__> or whois
[02:08:04] <seekwill> dig?
[02:08:06] <shasta> toko, but then, your client will use *some* From: domain, right?
[02:08:20] <shasta> micols, dude, how can you live without dns tools? :)
[02:08:23] <toko> meaning that I wil use it as a real server...known by its peers and where emails to my domain will be routed to
[02:08:34] <toko> yes shasta
[02:08:40] <shasta> and this domain
[02:08:48] <shasta> what's its MX?
[02:09:13] <toko> but in the first place, the domain will be different from the server domain
[02:10:19] <shasta> micols, okay, I'm out of time... i want to realize, that "smtp.google.com" doesn't have any MX record. it _is_ a MX record. then consult your man 5 transport again and see what form of transport:nexthop you should be using
[02:10:33] <toko> shasta : gmail.com
[02:10:51] <shasta> gmail.com what?
[02:10:53] <micols__> http://linux.rlogin.org/digoutput
[02:10:58] <vice-versa> toko: you never did respond to my request for postconf mynetworks
[02:11:00] <toko> :)
[02:11:27] <micols__> yes i am unsure about what nexthop i should be using shasta
[02:11:28] <shasta> oh, so it has an mx record (-8
[02:11:36] <shasta> so my theory might be wrong ;)
[02:11:49] <micols__> transport clearly should be smtp.gmail.com
[02:11:56] *** seekwill has quit IRC
[02:13:02] <micols__> or.. i think it should be so :)
[02:13:03] <shasta> i mean, do you know the difference between smtp:[a.b.c] and smtp:a.b.c?
[02:13:13] <micols__> no
[02:13:26] <shasta> that's what I've been suggesting you to read up on
[02:14:04] <micols__> [] is mx lookups
[02:14:11] <micols__> but i dont know what an mx record is :)
[02:14:16] <micols__> and it could go on forever :)
[02:14:18] <shasta> WRONG. :)
[02:14:27] <shasta> !mx
[02:14:27] <knoba> shasta: Error: "mx" is not a valid command.
[02:14:27] <toko> vice versa..here it is mynetworks = 192.168.2.3/32
[02:14:33] <vice-versa> [] suppresses mx lookups
[02:14:34] <shasta> god, this bot is useless!
[02:15:04] <vice-versa> toko: lose the /32
[02:15:07] <mwalling> shasta: teach it
[02:15:14] <mwalling> shasta: !learn factoid as value
[02:15:25] <shasta> too lazy, you do it ;)
[02:15:27] <toko> vice versa : already tried it...no chnage
[02:15:35] <shasta> bah
[02:15:35] <mwalling> bah
[02:15:38] <mwalling> vice-versa: you do iy
[02:15:44] <shasta> anyway
[02:15:58] <vice-versa> sure, what do we want it to say?
[02:16:20] <vice-versa> toko: and postconf smtpd_recipient_restrictions
[02:16:42] <shasta> somebody explains toko that what he's doing is (possibly, because we don't know the facts) wrong, and why he should think twice before using check_client_access in smtpd_*_restrictions
[02:17:38] <toko> used the std one (I mean i did not add a line about it in the main.cf) but I can paste it if you want
[02:17:56] <mwalling> you dont use std's, you get them
[02:18:09] <shasta> lol ;)
[02:18:17] <toko> here you go : smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
[02:18:31] <shasta> anyway
[02:18:39] <micols__> example.com      smtp:bar.example:2025 that is what i did at first
[02:18:47] <micols__> i dont think i should use [] should I ?
[02:18:50] <shasta> that's why I'd never work in helpdesk
[02:18:55] <vice-versa> yeah, don't be pasting no std around here bub
[02:19:18] <mwalling> shasta: std's?
[02:19:26] <shasta> micols, you should read what MX records are first; then read transport(5) man page to know what syntax (and why) you need
[02:19:28] <micols__> you say smtp.gmail.com has a MX record, does that imply me using [] for my transport file ?
[02:19:34] <shasta> it DOESN'T.
[02:19:43] <shasta> it just has a cname
[02:20:01] <micols__> good, then my file has been correct from the start, somebody told me to use [], but it didnt work out either
[02:20:09] <toko> I do not have to add smtpd_recipient_restrictions to the main.cf if I do not want to change its "std" behaviour right ?
[02:20:09] <micols__> i didnt use [] at first.
[02:20:14] <shasta> mwalling, I can't explain one thing for >3 minutes
[02:20:23] <mwalling> shasta: :)(
[02:20:25] <mwalling> er
[02:20:29] <mwalling> s/\(//
[02:20:42] <vice-versa> toko: but you do
[02:20:45] <micols__> http://linux.rlogin.org/postfixerror is what i still get
[02:21:11] <micols__> and from what i can read from man 5 transport my transport file syntax is correct for smtp for gmail ?
[02:22:02] <toko> vice-versa : nono I don't...this line is not in my main.cf
[02:22:27] <toko> does this make sense ?
[02:22:27] <vice-versa> then what's your problem?
[02:23:36] <micols__> should it really be this hard to change relay host for specific "from addresses" with postfix ?
[02:23:58] <micols__> i tried several tutorials i found on google on it, all of them gave this error
[02:24:02] <micols__> perhaps my installation is buggy
[02:24:20] <micols__> i mean, i did play with sendmail and i got that working :)
[02:24:21] <toko> my understanding (that seems to be wrong) is that with my config, only 192.168.2.3 should be allowed to connect to 90.25.32.4
[02:24:32] <vice-versa> !tutorial
[02:24:32] <knoba> vice-versa: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their mail server without reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to look for hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.
[02:24:52] <vice-versa> toko: no, you're wrong
[02:24:59] <toko> pls explain
[02:25:04] <toko> that's the whole point
[02:25:10] <micols__> vice-versa: tell me what i am doing wrong instead of telling me to get a computer science degree :)
[02:25:18] <vice-versa> toko: smtpd_recipient_restrictions = permit_mynetworks, reject
[02:25:20] <toko> i just do not get what mynetworks does
[02:25:29] <micols__> no []'s in my transport file, that should be correct?
[02:26:11] <vice-versa> toko: but as shasta has stated repeatedly, this my ultimately not be what you want
[02:26:12] <micols__> i didnt just copy paste a config into my main.cf etc, i did think before using any thing in my configs
[02:26:52] <shasta> toko, http://www.postfix.org/basic.html#mynetworks
[02:26:57] <shasta> micols__, remove the []s
[02:26:59] <shasta> postmap
[02:27:01] <shasta> try again
[02:27:06] <shasta> paste any errors
[02:27:08] <toko> smtpd_recipient_restrictions = permit_mynetworks, reject...that's what I need to add so that only my @ is allowed and all the rest is rejected right ? And yes you're right thatis not what I'll do ultimately
[02:28:14] <shasta> "my @"
[02:28:16] <shasta> I love the slang
[02:28:19] <micols__> my password has # in it and my username has @ in it shasta , can it influence my sasl_password file and psotfixes passing of it?
[02:28:32] <micols__> i thought about that the whole time, perhaps it could be a cause
[02:29:15] <toko> shasta : pls...:)
[02:29:16] <shasta> micols__, then remove the smtp_sasl thing, and see if it tries to relay using smtp.google.com without authenticating
[02:29:25] <shasta> toko, O RLY?
[02:29:39] <micols__> looks like this
[02:29:46] <micols__> smtp.gmail.com  user at host dot com:some#passhere
[02:29:59] <micols__> right, ill try that
[02:30:10] <shasta> towo: !basic, !smtpd_recipient_restrictions, check_client_access, kthxplzbai!
[02:30:46] <vice-versa> toko: http://www.postfix.org/postconf.5.html#mynetworks
[02:30:50] <vice-versa> !docs
[02:31:00] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[02:31:36] <vice-versa> little laggy there tonight knoba
[02:32:24] <toko> greart guys !! it works thanks a lot
[02:32:33] <vice-versa> !stupidbot
[02:32:33] <knoba> vice-versa: "stupidbot" : heh, more like dumb ass human!
[02:33:33] <toko> back to the X.X.X.X/32....you advise to get rid on the /32 if we are talking only about 1 single IP address
[02:33:43] *** hparker has joined #postfix
[02:34:13] <vice-versa> yeah, i seem to remember it being an issue for something
[02:34:31] <micols__> http://linux.rlogin.org/postfixerror updated now, removed sasl auth
[02:34:47] <micols__> i still get the same error, i updated everything in it now
[02:34:51] <toko> vice-versa : that was for me ?
[02:35:01] <vice-versa> yes it was toko
[02:35:16] <micols__> postmap sasl_password;postmap transport;postfix reload
[02:35:17] <shasta> micols... postfix can't read /etc/postfix/transport*
[02:35:53] <micols__> because no execute?
[02:36:10] <toko> ok thx for the TIP...I'll be back with a real MX known mail server soon :)
[02:36:21] <micols__> it is 640 so should be ok
[02:36:45] <shasta> then I must've been reading old postfixerror file :)
[02:37:01] <micols__> yes i think you cached it, perhaps u using that urlview in irssi thing?:)
[02:37:18] <vice-versa> look at the examples in http://www.postfix.org/postconf.5.html#mynetworks
[02:37:27] *** |seb| has quit IRC
[02:38:35] *** dragonheart has quit IRC
[02:38:53] *** dragonheart has joined #postfix
[02:38:58] <toko> vice-versa : I ahd read that yet...but it was not detailed enough...at least I could not solve my problem with it :)
[02:39:37] *** mash_ has joined #postfix
[02:39:41] <shasta> micols, also use @virtuelgalathea3.dk instead of virtuelgalathea3.dk in /etc/postfix/transport
[02:39:55] <vice-versa> meh, it was more a want then a problem ;)
[02:39:59] <micols__> hehe i tried that earlier, but ill try it again :)
[02:40:18] <shasta> @virtuelgalathea3.dk smtp:[smtp.google.com]
[02:40:26] <micols__> are you sure?
[02:40:43] <micols__> smtp.gmail.com i guess then?
[02:40:59] <micols__> sure you checked mx on the right address, its smtp.gmail.com i have to use
[02:41:38] <shasta> smtp.whatever.xxx
[02:42:06] <micols__> @host is wrong syntax as it gives weird errors
[02:42:17] <micols__> the error i posted eariler i got again
[02:42:30] <micols__> fatal: unknown service: smtp.gmail.com/tc
[02:42:39] *** p_masho has quit IRC
[02:42:48] <micols__> seems it cannot parse the file correctly if one uses @ in it
[02:43:15] <shasta> EEEK
[02:43:15] <micols__> and from what i did read it should just be domainname
[02:43:25] <micols__> example.com      smtp:bar.example:2025
[02:43:26] <shasta> we've been doing this wrong all the time :)
[02:43:37] <shasta> @virtuelgalathea3.dk [smtp.gmail.com]
[02:43:41] <shasta> postmap transport
[02:43:42] <shasta> then try
[02:43:52] <toko> vice_versa : yes indeed...bye guys. see you!
[02:44:18] *** toko has quit IRC
[02:45:04] *** Inssomniak has quit IRC
[02:45:33] <micols__> something looks right now
[02:45:39] <micols__> it says must issue startls
[02:45:44] <micols__> becausei dont have tls enabled
[02:45:52] <micols__> gmail says that in syslog output
[02:46:15] <micols__> http://pastebin.com/m267db50f
[02:46:43] <micols__> so ill just edit the main.cf now and cross fingers :)
[02:47:25] <shasta> !smtp_use_tls
[02:47:26] <knoba> shasta: Error: "smtp_use_tls" is not a valid command.
[02:47:28] <shasta> ...
[02:47:44] <shasta> !smtp_tls_security_level
[02:47:45] <knoba> shasta: Error: "smtp_tls_security_level" is not a valid command.
[02:49:05] <shasta> !learn smtp_tls_security_level as The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. Specify one of the following security levels: none, may, encrypt, fingerprint, verify, secure. Available in Postfix 2.3 and later.
[02:49:39] <shasta> this bot is unwilling to cooperate
[02:49:44] <micols__> so is postfix :(
[02:50:02] <micols__> it keeps relaying on default relay
[02:50:20] <shasta> what?
[02:50:44] <shasta> it's relaying to gmail now
[02:50:51] <shasta> at least in http://pastebin.com/m267db50f
[02:51:10] <micols__> something is serious wrong since i changed the config now.. it puts from in to field
[02:51:19] <micols__> and i only changed what you told me
[02:51:31] <shasta> from in to field?
[02:51:34] <shasta> logs, show me logs
[02:51:44] <shasta> (and your smtp conversation)
[02:52:25] <micols__> http://linux.rlogin.org/conv
[02:53:03] <micols__> it shows up as to=<vg3 at virtuelgalathea3 dot dk>, :)
[02:53:17] <micols__> even though i specifically typed in mail from: vg3@...
[02:53:17] <shasta> you need to learn how to read logs
[02:53:20] <micols__> and rcpt to:
[02:53:30] <shasta> lesson 1: we start from top to bottom
[02:53:45] <shasta> so we see:
[02:53:57] <micols__> ah right :)
[02:54:01] <micols__> different processes
[02:54:06] <shasta> E7418600091: from=<vg3 at virtuelgalathea3 dot dk> .... to=<gnu at gmx dot net>
[02:54:13] <shasta> relay=smtp.gmail.com
[02:54:13] <micols__> im not familiar with postfix spawning 100 children:)
[02:54:21] <shasta> which BOUNCES
[02:54:22] <micols__> im used to plain old simple root sendmail :)
[02:54:32] <shasta> so postfix sends an DSN to the sender
[02:54:41] <shasta> to notify him that the mail couldn't be sent
[02:54:52] <shasta> you're also not familiar with DNS and SMTP :-)
[02:55:02] <shasta> !dsn
[02:55:03] <knoba> shasta: "dsn" : Delivery Status Notifications - See: http://linuxnet.ca/postfix/docs/DSN_README.html
[02:55:06] <micols__> i get it returned
[02:55:12] <micols__> as gmail cannot see my auth
[02:55:25] <micols__> seems my postfix isnt startls compatible?
[02:55:32] <shasta> gmail server tells you exactly what you need to do
[02:55:35] <micols__> perhaps i should compile it from scratch
[02:55:49] <shasta> sigh
[02:55:52] <micols__> well, it tells me what i have already done
[02:55:57] <shasta> no
[02:56:09] <shasta> what have you done then
[02:56:20] <shasta> and which main.cf commands have you used for that?
[02:56:40] <micols__> hm i guess i havnt then, i only got sasl
[02:56:46] <micols__> and some weird certs for tls
[02:56:55] <micols__> but they're the default ones
[02:57:38] <shasta> http://www.postfix.org/TLS_README.html
[02:57:43] <shasta> read it carefully
[02:58:07] <shasta> i'm off, good night
[02:58:13] <micols__> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
[02:58:14] <micols__> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
[02:58:14] <micols__> smtpd_use_tls=yes
[02:58:14] <micols__> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
[02:58:14] <micols__> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
[02:58:20] <micols__> i got everything i need in my main.cf
[02:58:25] <shasta> no you don't
[02:58:37] <shasta> you also don't understand the difference between smtpd and smtp
[02:58:55] <micols__> i need to enable for smtp
[02:58:56] <micols__> not smtpd
[02:59:01] <micols__> right?
[02:59:06] <micols__> i need to enable for the client
[02:59:18] <shasta> !smtpd!=smtp
[02:59:18] <knoba> shasta: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters are not the same thing. smtpd_ = server while smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)
[02:59:33] <micols__> yes i know. smtp=client
[03:00:09] <micols__> smtp_use_tls=yes then perhaps
[03:01:02] *** tuxick has quit IRC
[03:01:43] <micols__> heh.. then i have to create a lot of certs too
[03:01:58] <micols__> this is becoming increasingly timeconsuming
[03:02:08] <micols__> im pretty sure i cannot use smtpd certs
[03:02:40] <shasta> don't blame postfix for gmail requirements
[03:03:02] <micols__> im not good with openssl, wonder if there's an easy way to create all those certs fast
[03:03:50] <micols__> hmm.. i dont need tls
[03:03:58] <micols__> can't i just plaintext auth, just like outlook?
[03:04:05] <micols__> i dont care about security for this account.
[03:05:04] <micols__> i think it should be possible, perhaps making postfix smtp sending a startls cmd and then give handshake or something and sendplaintext pass from sasl_password
[03:05:39] <micols__> the only requirement seems to be a startls handshake/command
[03:06:01] <micols__> i think you can use various auth types with gmail, both plaintext and md5 hash
[03:07:44] <shasta> sending "starttls" involving creating a secure channel
[03:08:00] <micols__> which again involves certificates :(
[03:08:02] <shasta> yes
[03:08:17] *** BluesMurf has joined #postfix
[03:08:25] *** BluesMurf is now known as tuxick
[03:09:42] *** amrit|wrk is now known as amrit|afk
[03:11:07] *** Tachy has joined #postfix
[03:14:13] <micols__> seems i was missing libsasl2-modules after all.
[03:23:08] *** Tachy_ has quit IRC
[03:23:26] *** Mavvie has quit IRC
[03:26:04] <vice-versa> micols__: been a while since I've dicked around with gmail/tls, but I seem to remember something about needing a specific thawte cert needing to be appended to your cacert.pem to have tls work properly with gmail
[03:27:23] <vice-versa> I know I've got some notes around here somewhere on it, so if you hit that wall let me know and i'll see if I can find them
[03:29:38] *** idle-boy`` has quit IRC
[03:29:49] *** idle-boy`` has joined #postfix
[03:38:00] <vice-versa> lol, 220 mail218-wa4.bigfish.com ESMTP Postfix EGGS and Butter
[03:39:09] <vice-versa> and the irony here is, that's a Microsoft Hotmail owned server
[03:39:52] <vice-versa> viva la postfix!
[03:47:30] <micols__> vice-versa: yes that is the problem right now
[03:47:39] <micols__> it does not come with debian that cert
[03:48:06] <micols__> but i got it running just before without tls which was easy worked first time
[03:52:01] <vice-versa> micols__: so, you need my notes or no?
[03:52:31] <micols__> sure, gnu at gmx dot net
[03:52:56] <vice-versa> meh, we'll do it it here, it's quite tonight
[03:53:09] <vice-versa> gemme a few secs/mins
[03:55:49] <vice-versa> ok, we need the thawte premium server CA cert appended to your /etc/postfix/cacert.pem
[03:56:08] <vice-versa> first, lets see if you have it
[03:56:21] <vice-versa> find / -name 'Thawte*'
[03:57:14] <micols__> i did read it should be part of (lib)tls package
[03:57:19] <micols__> still searching
[03:57:39] <micols__> i dont have a cacert.pem to append to
[03:57:43] <vice-versa> on this server I'm on atm it's, /etc/ssl/certs/Thawte_Premium_Server_CA.pem
[03:58:40] <micols__> it doesnt exist here.
[03:59:09] <micols__> oh
[03:59:12] <micols__> i found it now :)
[03:59:33] <micols__> in some bad location :)
[03:59:36] <micols__> /root/etc/ssl/certs/Thawte_Premium_Server_CA.pem
[03:59:47] <vice-versa> cool
[03:59:50] <vice-versa> brb
[03:59:54] <micols__> perhaps an old backup i made
[03:59:56] <micols__> from my old system
[04:00:06] <micols__> i normally only place backups in /root
[04:00:24] <micols__> init script backups and folders
[04:01:52] *** amrit|afk is now known as amrit
[04:04:16] <vice-versa> micols__: use your package manager and install ca-certificates
[04:04:51] <micols__> root@cpq:/# dpkg -l|grep ca-certificates
[04:04:51] <micols__> ii  ca-certificates                   20070303                             Common CA Certificates PEM files
[04:05:05] <micols__> already installed
[04:05:27] <vice-versa> you just install it?
[04:06:29] <micols__> no, it has always been installed
[04:06:37] <micols__> its an old package, back from 2007
[04:06:57] <vice-versa> hmm, reinstall it
[04:07:08] <vice-versa> let's see where it puts the certs
[04:07:12] <micols__> dont think that is possible
[04:07:19] <vice-versa> /root/etc/ seems odd to me
[04:07:21] <micols__> i mean, surely it must have lots of dependencies
[04:07:28] <micols__> thats just a backup i made long time ago
[04:07:30] <micols__> of my etc folder
[04:07:47] <micols__> thats not the etc folder in use by my system
[04:07:51] <micols__> its merely a backup
[04:07:55] <vice-versa> oh, so you have /etc/ssl/certs/Thawte_Premium_Server_CA.pem
[04:08:04] <micols__> no.. only that backup
[04:08:18] <micols__> but that backup might not be of my current system, its very old
[04:08:22] <vice-versa> lol, ok this is why I would want it reinstalled
[04:09:48] <vice-versa> now I just kinda assumed this, but you do have openssl installed right?
[04:10:05] <micols__> yes
[04:12:16] *** kyky has joined #postfix
[04:12:25] <kyky> Hi all
[04:12:48] <vice-versa> micols__: so you have /etc/ssl/ correct?
[04:13:24] <kyky> i have problem with pop-before-smtp
[04:13:48] <kyky> when i logout dovecot logs not show remote ip
[04:14:25] <kyky> Info: IMAP(ky at thaikub dot com): Disconnected: Logged out bytes=179/232420
[04:15:16] <vice-versa> kyky: you do know that dovecot isn't part of postfix right?
[04:16:00] <mwalling> vice-versa: yeah, a slackbuilds.org maintainer sent him here
[04:16:10] * mwalling rolls his eyes
[04:16:23] <kyky> yes i know
[04:17:11] <kyky> ok i have to wait ans from #dovecot
[04:17:17] <kyky> ^_^v
[04:17:18] <vice-versa> kyky: why not us sasl and forgo the pop b4 smtp kludge
[04:17:27] <micols__> unable to get local issuer certificate i keep getting this
[04:17:34] <micols__> and not trusted certificated
[04:17:53] <kyky> sasl
[04:17:56] <kyky> ?
[04:17:58] <micols__> when postfix tries smtp to smtp.gmail.com
[04:18:39] <vice-versa> !sasl
[04:18:39] <knoba> vice-versa: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[04:18:40] <micols__> smtp_sasl_security_options = noanonymous kyky
[04:19:08] <micols__> smtp_sasl_auth_enable = yes
[04:19:08] <micols__> smtp_use_tls=yes
[04:19:21] <kyky> i use slackware i can use sasl ?
[04:19:35] <mwalling> ...
[04:19:37] <kyky> thank you
[04:19:48] <vice-versa> yes
[04:19:56] <mwalling> *headdesk*
[04:20:23] <micols__> oh, "simple" authentication :)
[04:20:44] <micols__> not as simple as a good old telnet
[04:20:47] <vice-versa> yeah, it's an oxymoron
[04:21:29] <micols__> and it never works out, i always have problems with programs using sasl,tls .. i tried setting up ldap a few years back.. (sleep less nights)
[04:21:48] <mwalling> ...
[04:21:52] <micols__> ending up tcpdumping etc
[04:21:53] * mwalling has never had problems
[04:22:25] <micols__> there were lots of problems back then iirc.
[04:23:30] <micols__> smtp_sasl_auth_enable = yes
[04:23:30] <micols__> smtp_use_tls=yes
[04:23:49] <micols__> whops sorry , going to bed.
[04:24:07] <vice-versa> micols__: so anyways, let's get back tou your gmail/tls woes
[04:25:23] <vice-versa> or not...
[04:26:03] *** straterra has left #postfix
[04:26:14] *** Me2resh- has joined #postfix
[04:27:18] * vice-versa hands mwalling and ice cold Corona
[04:27:29] <vice-versa> sorry, out of lime
[04:28:16] * mwalling hands back mexican flavored water for an ice cold guinness
[04:28:52] <mwalling> but the gesture is appreciated
[04:30:04] * vice-versa sniffles
[04:30:53] *** Me2resh- has quit IRC
[04:30:54] <mwalling> i married an irishwoman
[04:31:06] <vice-versa> redhead?
[04:31:18] <mwalling> anything else?
[04:31:25] <vice-versa> lol
[04:31:43] <vice-versa> I've always been partial to redheads
[04:31:45] <micols__> feel free to email me if you have the solution to the problem vice-versa or write it in here, i have highlight on my nick
[04:32:02] <micols__> so i can see it when i wake up
[04:32:02] <vice-versa> thought you were going to bed?
[04:32:07] <micols__> yes.. i am
[04:32:12] <vice-versa> gnight
[04:32:23] <mwalling> all we have is guinness and smithwicks{sp} in the fridge, and several bottles of jamison
[04:32:36] <mwalling> (and some cheap california wine)
[04:37:27] <vice-versa> bah, all I got is a fake redhead and a fridge full of Mexican piss
[04:37:29] * vice-versa pouts
[04:37:50] *** Brettjb has joined #postfix
[04:38:22] <Brettjb> need help with postfix anyone here
[04:38:30] <mwalling> :P
[04:38:39] <mwalling> i found mine at cracker barrel too :)
[04:40:12] <vice-versa> I found mine at a drop shipment of Novell NetWare software pickup
[04:40:45] <mwalling> bad signs from the begining :P
[04:40:47] <mwalling> (no offence intentded)
[04:42:10] <vice-versa> non taken, i've gotten over the fact i was tricked long ago
[04:42:25] <mwalling> heh
[04:43:05] <vice-versa> still envious though ;)
[04:43:38] * vice-versa daydreams of reds from years ago
[04:44:17] <vice-versa> !tell Brettjb ask
[04:45:13] * vice-versa tosses mwalling a !basic factoid to have at the ready
[04:45:42] <mwalling> ready!
[04:45:48] <mwalling> set!
[04:45:50] <mwalling> !basic
[04:45:51] <knoba> mwalling: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[04:46:11] <vice-versa> !premature
[04:46:12] <knoba> vice-versa: Error: "premature" is not a valid command.
[04:46:20] <mwalling> !drunk
[04:46:20] <knoba> mwalling: Error: "drunk" is not a valid command.
[04:46:30] *** kyky has quit IRC
[04:46:56] * vice-versa waits for mwalling to pass out
[04:47:05] <mwalling> soon
[04:52:26] <vice-versa> Brettjb: you gonna ask or just keep us in suspense?
[04:58:34] *** Zeit|awy_ has joined #postfix
[05:05:01] *** Zeit|awy has quit IRC
[05:11:42] *** pirho has quit IRC
[05:22:38] *** Motoko-chan has joined #postfix
[05:23:19] *** havvg_ has joined #postfix
[05:31:32] *** havvg_ has quit IRC
[05:38:46] *** havvg has quit IRC
[05:43:50] *** diqpib has quit IRC
[05:47:54] *** idle-boy` has joined #postfix
[05:48:08] *** idle-boy`` has quit IRC
[06:05:21] *** keffer has joined #postfix
[06:07:39] *** mash__ has joined #postfix
[06:13:47] *** idle-boy has joined #postfix
[06:20:12] *** mash_ has quit IRC
[06:22:09] *** Me2resh- has joined #postfix
[06:32:19] *** pitakill has quit IRC
[06:33:07] *** Me2resh- has quit IRC
[06:33:15] *** hparker has quit IRC
[06:39:36] *** Lap_64 has joined #postfix
[06:47:26] *** Mavvie has joined #postfix
[07:02:57] * vice-versa pokes at mwalling with a stick to see if he's completely passed out
[07:12:11] *** aniasis has joined #postfix
[07:12:15] <aniasis> hello
[07:13:12] <aniasis> yo
[07:13:34] <aniasis> I need to install a mail solution on ubuntu gutsy
[07:13:40] <aniasis> I am a novice
[07:16:22] <aniasis> does anyone know of a solution
[07:16:33] <aniasis> email server, administration
[07:16:40] <aniasis> et cetra
[07:18:17] *** mash__ has quit IRC
[07:18:26] * vice-versa ponders
[07:18:32] *** mash__ has joined #postfix
[07:18:36] <vice-versa> umm, postfix
[07:18:55] <vice-versa> and your favorite text editor
[07:37:52] *** chrisq has quit IRC
[07:38:14] *** higuita has quit IRC
[07:41:34] *** higuita has joined #postfix
[07:50:49] *** githogori has joined #postfix
[07:57:28] *** hing has joined #postfix
[07:58:56] *** higuita has quit IRC
[08:04:53] *** fabounio has joined #postfix
[08:04:55] *** fabx_ has joined #postfix
[08:26:14] *** stony_ has joined #postfix
[08:32:10] *** Trengo has quit IRC
[08:42:25] *** stony has quit IRC
[08:44:25] *** fabx_ has quit IRC
[08:44:25] *** fabounio has quit IRC
[08:46:18] *** fabounio has joined #postfix
[08:46:19] *** fabx_ has joined #postfix
[08:48:42] *** [diablo] has joined #postfix
[08:58:50] *** denis has joined #postfix
[09:00:27] *** af_ has joined #postfix
[09:02:11] *** j_s has joined #postfix
[09:03:52] *** mohshami has joined #postfix
[09:05:59] *** mash__ has quit IRC
[09:17:46] *** Fallenou has joined #postfix
[09:20:21] *** mohshami has quit IRC
[09:28:40] *** af_ has quit IRC
[09:28:48] *** Fallenou has quit IRC
[09:34:56] *** idle-boy` has quit IRC
[09:35:54] *** idle-boy` has joined #postfix
[09:36:09] *** mash__ has joined #postfix
[09:53:25] *** moldy has joined #postfix
[09:53:28] <moldy> hi
[09:53:50] <moldy> how can i 4xx-reject all mail to a certain virtual alias domain?
[09:58:20] <Motoko-chan> Look at the access map
[09:59:10] *** war9407 has joined #postfix
[10:02:17] *** githogori has quit IRC
[10:04:35] <moldy> Motoko-chan: thanks
[10:19:35] *** amrit is now known as amrit|zzz
[10:20:40] *** Zblakany has joined #postfix
[10:42:00] <cite> I'm experiencing a little trouble with postgrey here: http://rafb.net/p/SCju7a27.html
[10:42:19] <cite> Is it normal that this daemon doesn't respond during database maintenance?
[10:47:35] *** fabounio has quit IRC
[10:47:35] *** fabx_ has quit IRC
[10:48:28] *** fabounio has joined #postfix
[10:48:30] *** fabx_ has joined #postfix
[10:50:06] *** Motoko-chan has quit IRC
[11:02:03] *** sophokles has joined #postfix
[11:05:00] *** GoGi has joined #postfix
[11:26:46] *** pirho has joined #postfix
[11:31:19] *** bangky_ has joined #postfix
[11:32:37] *** denis has quit IRC
[11:39:54] *** fabx_ has quit IRC
[11:39:54] *** fabounio has quit IRC
[11:51:54] *** robboplus has quit IRC
[12:01:02] *** killerchicken has joined #postfix
[12:02:15] <killerchicken> Hi, I asked about this a while back, and poked around the web a bit more - I'm still stuck with headers being reordered which breaks openpgp/mime signatures. Maybe someone can offer a pointer about anything that might alter headers?
[12:02:57] <killerchicken> I can provide sample emails sent to the same mailinglist but received from two different accounts including the header information if that is useful to figure out something
[12:13:01] <Zelest> using any antispam/filtering stuff?
[12:13:57] *** AcTiVaTe has quit IRC
[12:21:38] <killerchicken> Zelest: yes
[12:22:05] <killerchicken> I mostly followed the guide on http://workaround.org/articles/ispmail-etch/
[12:22:21] <killerchicken> Only a few adaptions to make it work for my setup (having multiple IPs)
[12:30:02] *** Fallenou has joined #postfix
[12:30:46] <killerchicken> the problem seems to be (as far as I can tell) that the content-disposition and content-type headers' positions are changed, and the content-type header is split into two lines
[12:36:21] <killerchicken> Maybe it is not a postfix problem after all, but rather dovecot/some other utility. I don't know how to figure that out, though.
[12:43:31] <Zelest> Hmms
[12:44:19] <killerchicken> If you think it might be helpful, I'm happy to get a copy of both mails to you.
[12:45:01] <Zelest> I run postfix with dovecot, greylisting, spf-checking, dspam and clamav.. and use mutt+gnupg as a client myself.. zero problems with headers and such. :o
[12:45:04] <Zelest> Go ahead
[12:45:07] <Zelest> jesper at ifconfig dot se
[12:45:23] <Zelest> (as dspam's slogan says, "go ahead, send me viagra" :D
[12:45:57] *** Mez|DPC is now known as mez
[12:46:00] <Zelest> You'll most likely get greylisted though..
[12:46:06] <Zelest> So the mails will be somewhat delayed.
[12:46:51] <killerchicken> no problem
[12:47:50] <Zelest> brb, getting a cup of tea while waiting. :)
[12:48:23] <killerchicken> sure :)
[12:52:27] *** Tinozaure is now known as Tino
[12:53:35] *** bangky_ is now known as bangkydotnet
[12:54:34] *** denis has joined #postfix
[12:55:30] <Zelest> killerchicken, I can't really put my finger on why, but my guess is that amavis is doing something (if you're using that)
[12:58:34] <killerchicken> yes, I am
[12:59:51] *** mez is now known as Mez|DPC
[13:01:11] *** BluesMurf has joined #postfix
[13:01:50] *** tuxick has quit IRC
[13:01:57] *** BluesMurf is now known as tuxick
[13:03:18] <Zelest> Try bypassing it to see where it leaves us
[13:04:11] <killerchicken> ok
[13:04:16] <killerchicken> so far I'm not sure how to reproduce
[13:04:31] <killerchicken> I've only noticed this for mails from the one mailing list
[13:04:46] <Zelest> Oh
[13:04:57] <Zelest> Sure the error is on your end then?
[13:05:38] <killerchicken> well, pretty sure. I'm subscribed to the mailing list with two different addresses
[13:05:52] <killerchicken> one receives mails just fine
[13:06:01] <killerchicken> (they verify, I mean)
[13:06:07] <killerchicken> the other one doesn't
[13:06:15] <killerchicken> I'm guessing it's a header or something that triggers it
[13:06:36] <Zelest> Hmms
[13:06:54] <killerchicken> It's really weird
[13:07:12] <Zelest> Sure it's not such a simple thing as you don't have the public key on one of your mailboxes? :o
[13:08:07] <killerchicken> no, that's not it
[13:08:14] <Zelest> k
[13:08:17] <Zelest> (just checking :P)
[13:08:35] <killerchicken> you can see that the raw source of themails differs (has my mail made it through your greylisting yet?)
[13:09:04] <Zelest> which mail do you send from?
[13:09:06] <Zelest> or, which domain
[13:09:09] <Zelest> that's enough ;)
[13:09:11] <killerchicken> sebastianhahn.net
[13:09:45] <Zelest> nope
[13:09:55] <Zelest> check "mailq"
[13:10:33] *** suuuper has joined #postfix
[13:10:33] <killerchicken> it's still listed :)
[13:10:59] <Zelest> postqueue -f
[13:11:00] <Zelest> ;)
[13:11:10] <Zelest> there we go :)
[13:11:13] <killerchicken> hehe
[13:11:33] <killerchicken> personally I dislike greylisting... I like to get mail instantly
[13:11:44] <killerchicken> but that's not the point here :)
[13:12:32] <Zelest> I enabled it yesterday, so I'm not sure what I think about it tbh. ;)
[13:12:45] <Zelest> Though, it's only for the very first time you send.. if you would mail me again, it's instant.
[13:13:19] <killerchicken> ah, ok
[13:13:22] <killerchicken> that's more sensible
[13:13:34] <Zelest> Hmms.. not sure if it's your headers or my gnupg.. :O
[13:13:41] <Zelest> but I can't open/decrypt it.
[13:13:52] <Zelest> I can read the headers though
[13:14:08] <killerchicken> you cannot decrypt? hm.
[13:14:28] <Zelest> [-- PGP output follows (current time: Sat Jun 14 13:17:50 2008) --]
[13:14:28] <Zelest> can't connect to `/home/jesper/.gnupg/S.gpg-agent': No such file or directory
[13:14:28] <Zelest> gpg: decryption failed: No secret key
[13:14:28] <Zelest> [-- End of PGP output --]
[13:14:32] <killerchicken> maybe someone put a key up one a keyserver that's not yours?
[13:14:42] <killerchicken> on*
[13:14:53] <Zelest> but I can open any other mail that's signed/encrypted.
[13:15:10] <killerchicken> what key should I encrypt to?
[13:15:38] <Zelest> well, the password is correct, so it is the correct key :o
[13:15:47] <killerchicken> password is correct?
[13:15:55] <Zelest> when I try to decrypt
[13:16:38] <Zelest> http://nohack.se/gpg.key
[13:16:48] <Zelest> that's my public key
[13:17:01] <killerchicken> there are actually two on the web, I just noticed
[13:17:22] <Zelest> :o
[13:17:58] <killerchicken> neither of them is signed by someone else
[13:17:59] <killerchicken> http://minsky.surfnet.nl:11371/pks/lookup?op=vindex&search=jesper at ifconfig dot se&fingerprint=on
[13:18:46] <Zelest> :o
[13:18:57] <Zelest> I should cancel/expire them
[13:19:27] <killerchicken> yep :)
[13:22:47] <killerchicken> ok, you should have received something :)
[13:23:30] <Zelest> no, as it got greylisted :D
[13:23:52] <Zelest> I might disable greylisting while testing stuff.. lol
[13:23:54] *** Trengo has joined #postfix
[13:24:10] *** Tino is now known as Tinozaure
[13:24:19] <killerchicken> I thought you weren't going to greylist me twice? :)
[13:24:26] <killerchicken> also, my mailq is empty
[13:25:06] <killerchicken> (also, I sent mail to the address listed in your key)
[13:26:19] *** denis has quit IRC
[13:28:18] <Zelest> that's the thing, you mailed to another address ;)
[13:28:33] <Zelest> it creates a triplets of ip, sender, receiver ;)
[13:30:00] <killerchicken> ah
[13:30:06] <Zelest> sigh
[13:30:13] <Zelest> I've forgot the pass to my old keys o_O
[13:30:20] <killerchicken> that... sucks?
[13:30:21] <Zelest> first time I ever forget a password :(
[13:30:34] <killerchicken> don't you have a revocation cert?
[13:30:50] <Zelest> nope :(
[13:31:10] <Zelest> oh well, I know which password it is
[13:31:17] *** havvg has joined #postfix
[13:31:20] <Zelest> I just don't remember how I wrote it.. lol
[13:31:53] <killerchicken> well, you have all the time in the world to figure it out :)
[13:32:09] <Zelest> I know the first 3 letter.. and the 3 last :D
[13:32:14] <Zelest> now I need to figure out what's in between
[13:35:55] <killerchicken> So does it mean you don't have access to the mail I sent?
[13:36:39] <Zelest> Soon..
[13:36:55] <killerchicken> ok. (I meant the new one)
[13:37:14] <Zelest> that one I have the password for
[13:37:22] <Zelest> and soon the old one too.. almost cracked it :D
[13:37:28] <killerchicken> :P
[13:37:38] <Zelest> *closing his eyes and writing the damn password without thinking what he's writing*
[13:37:56] <Zelest> I hate it when you learn HOW to write it, rather than actually learning the password itself
[13:39:35] <Zelest> gah!
[13:39:38] <Zelest> I've figured it out...
[13:39:42] <Zelest> but it's the wrong one.. lol
[13:39:44] <killerchicken> I do that... I don't stand a chance on any other keyboard :)
[13:39:56] <Zelest> yeah, same
[13:40:12] <Zelest> though, I did figure my password out, but it's the wrong pass.. lol
[13:50:32] <Zelest> got your mail now
[13:50:36] <Zelest> and can read it and all
[13:50:46] <killerchicken> nice :)
[13:51:18] <Zelest> man, those old keys will nag in my head now :(
[13:51:24] <Zelest> I need to remember that damn pass :/
[13:57:02] <Zelest> but, what is it that's wrong?
[13:57:15] <Zelest> *confused*
[13:57:54] *** denis has joined #postfix
[14:00:09] <killerchicken> hm
[14:00:42] <killerchicken> the thing that's wrong is that one of the mails verifies and the other doesn't
[14:00:57] *** Mez|DPC is now known as mez
[14:01:52] *** Tinozaure is now known as Tino
[14:02:05] *** Tino is now known as Tinozaure
[14:02:05] *** mez is now known as Mez|DPC
[14:06:46] <killerchicken> Zelest: can you see where the text/plain is?
[14:06:51] <killerchicken> compare that part between both mails
[14:08:30] <Zelest> both of the mails looks the same
[14:08:47] <Zelest> as in, strucuture wise
[14:08:52] <killerchicken> hm
[14:09:10] <Zelest> Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="Apple-Mail-18-1059632426"
[14:09:13] <Zelest> Mime-Version: 1.0 (Apple Message framework v924)
[14:09:18] <killerchicken> no below
[14:09:20] <Zelest> appears right after the To though
[14:09:27] <killerchicken> Content-Disposition: inline
[14:09:27] <killerchicken> Content-Type: text/plain;
[14:09:27] <killerchicken> 	charset=us-ascii
[14:09:33] <killerchicken> Content-Type: text/plain; charset=us-ascii
[14:09:33] <killerchicken> Content-Disposition: inline
[14:09:43] <Zelest> oh
[14:09:43] <killerchicken> the first is from the message that doesn't verify
[14:09:48] <killerchicken> the second is the one that verifies
[14:09:53] <Zelest> I can only see that on one of the mails (the one I can decrypt :P)
[14:09:56] <killerchicken> and it's inside the signed part of the mail
[14:10:09] <killerchicken> Zelest: I sent you a zip file, right?
[14:10:17] <killerchicken> the individual mails are not encrypted
[14:10:19] <killerchicken> they are signed
[14:10:25] <killerchicken> but one signature is broken
[14:10:42] <killerchicken> so maybe that is why your systems complains?
[14:10:48] <killerchicken> I'm trying to figure out how this broke
[14:11:21] <Zelest> oh yeah, the zip.. didn't check for attachments ;)
[14:12:01] <killerchicken> 8[
[14:12:11] <killerchicken> :)
[14:12:57] *** tshine is now known as tshine|afk
[14:14:23] <Zelest> you ment that the Content-Type inside the body looks different on both mails?
[14:15:36] <killerchicken> yes
[14:15:44] <killerchicken> how is that possible
[14:16:19] <Zelest> doesn't the client/pgp sign the mail after those "headers" are added?
[14:18:02] <killerchicken> Yes
[14:18:10] <killerchicken> Nobody should ever mess with them
[14:18:29] <killerchicken> because this will make the signature fail, of course
[14:19:48] <killerchicken> and somehow my mail setup must change them, I think - because else the mails would be reported to have broken signatures for others, and I wouldn't be able to receive them just fine from a different account
[14:19:49] <Zelest> but that happens with all mails from that mailing list? or random mail that goes through your system?
[14:20:08] <Zelest> ah
[14:20:09] <killerchicken> I've only noticed that on the mails that go through that mailing list
[14:20:36] *** tmjb has joined #postfix
[14:20:38] <Zelest> well, try to remove amavis checking
[14:21:44] <killerchicken> maybe you can send me a signed but unencrypted mail and we can see whether that causes any unwanted effects?
[14:23:21] <Zelest> sure
[14:23:28] <Zelest> what mail should I send it to?
[14:24:21] <killerchicken> the one that my mails came from
[14:24:50] <Zelest> well, both came from different addresses ;)
[14:25:05] <killerchicken> oh
[14:25:10] <killerchicken> stupid me
[14:25:28] <killerchicken> mail at sebastianhahn dot net ;)
[14:26:51] <Zelest> sent
[14:27:25] <killerchicken> I know ;)
[14:27:49] <killerchicken> verifies
[14:27:49] <killerchicken> Content-Type: text/plain; charset=us-ascii
[14:27:49] <killerchicken> Content-Disposition: inline
[14:28:42] <killerchicken> that's sad, so I won't know whether taking out amavis is going to help.
[14:29:29] <killerchicken> what is the best way to temporarily bypass amavis?
[14:31:30] <Zelest> did you add it in main.cf?
[14:31:47] <Zelest> if so, just comment it out
[14:32:24] <killerchicken> the content-filter line?
[14:33:32] <Zelest> yeah
[14:33:39] <killerchicken> ok thanks
[14:33:50] <Zelest> note that it disables any form of antispam and antivirus as well
[14:33:53] <killerchicken> Now I have to wait for the next mail from the list that was signed :)
[14:33:53] <Zelest> so be careful ;)
[14:34:01] <Zelest> hehe
[14:34:25] <Zelest> brb
[14:34:30] <killerchicken> Currently I'm not trusting the antispam-cabalities of the system anyways
[14:34:40] <killerchicken> I'm still in the phase of setting it up and getting it to work
[14:34:53] <killerchicken> that's why I'm subscribed to the mailing list with two different addresses, etc
[14:45:41] *** diqpib has joined #postfix
[14:58:22] *** bugz__ has joined #postfix
[15:02:34] *** diqpib has quit IRC
[15:04:05] *** sophokles has quit IRC
[15:08:16] <jannu> does postfix have problems with CRLF line termination?
[15:09:32] <killerchicken> jannu: is that in regard to my problem above?
[15:09:55] *** _bugz_ has quit IRC
[15:10:02] <jannu> killerchicken: no
[15:10:05] <jannu> I'm asking because earlier I had an issue where all new lines generated by a PHP form mailing script resulted in two newlines. I changed the line termination to LF and now it works
[15:10:17] *** hever has joined #postfix
[15:10:49] <killerchicken> jannu: ok sorry then
[15:11:10] <jannu> I'm just not sure whether the problem was in my postfix setup or at the receiving end (Gmail at google)
[15:15:25] *** bugz__ has quit IRC
[15:18:22] *** bugz__ has joined #postfix
[15:20:00] *** Mez|DPC is now known as mez
[15:20:12] <micols__> 1213411103 < Brettjb> need help with postfix anyone here
[15:20:30] <micols__> yes, i cannot get my postfix to use another smtp when i send from a special from address to it
[15:20:47] <micols__> http://linux.rlogin.org/postfixerror
[15:21:50] *** moldy has left #postfix
[15:22:22] *** mez is now known as Mez|DPC
[15:29:47] *** havvg has quit IRC
[15:30:20] *** Nockian- has joined #postfix
[15:34:54] *** Nockian has quit IRC
[15:35:34] *** bugz__ has quit IRC
[15:36:40] *** ullio has joined #postfix
[15:36:43] *** _bugz_ has joined #postfix
[15:37:01] <ullio> has anyone here tried to integrate dspam into an existing postfix/virtual/mysql setting?
[15:37:22] <ullio> i have a problem understanding how dspam deals with the virtual users
[15:37:58] <ullio> i've been setting it up to use my virtual users table as a base for uid and username but it tries to insert something there - i have no idea why
[15:38:41] <cite> ullio: It is probably trying to insert addresses it doesn't find into it.
[15:39:02] <ullio> it seems, but i dont want it to
[15:39:05] 
[15:39:46] <ullio> any idea how to do that?
[15:39:53] <cite> Sure, I did that.
[15:39:56] <ullio> i mean the table is there
[15:40:08] <cite> But frankly, dspam isn't worth the trouble in my opinion.
[15:41:08] <cite> ullio: When dspam - run as LMTP content filter - receives mail from Postfix, it makes severl lookups: First, it tries to find the ID associated with the recipients mail address.
[15:41:19] <ullio> well, it  seems he only solution that allows virtual users to handle their spam
[15:41:38] <cite> ullio: If it doesn't find the user, it tries to insert it into the table - which will probably not work.
[15:42:07] <cite> ullio: If it finds the user, it performs a preferences query. If that one doesn't succeed, it tries to get default preferences. If this doesn't work either, it bails out.
[15:42:54] <cite> ullio: This leaves you with three tasks:
[15:44:00] <cite> ullio: 1. Create a VIEW from your tables which does provide at least a mapping ID <-> full email address. 2. Create a table to hold default and user preferences. 3. I actually forgot what third was.
[15:44:48] <ullio> third things first
[15:44:51] <ullio> ok
[15:45:05] <ullio> i know where to dig
[15:45:18] <cite> You get a codebase almost two years old, with hastily introduced patches from CVS, if you are breave enough to use CVS, which break existing functionality by just plain wrong and stupid C code.
[15:45:43] <ullio> well its a small site. i may take that risk
[15:46:07] <ullio> its my only option. i dont want to create per user based spam management myself - its purely virtual
[15:46:27] <cite> You don't need dspam to do this.
[15:47:03] <ullio> what other option do i have?
[15:47:16] <cite> My virtual users have a web frontend in which they can decide whether to enable or disable spam filtering. If they enable it, identified spam get's filed into a "spam" folder by the virtual delivery agent.
[15:47:43] <ullio> imap?
[15:47:48] <cite> Yes.
[15:47:56] <ullio> here u go. i use pop3
[15:48:04] <cite> I didn't say anything, then.
[15:48:30] <cite> OTOH, setting up amavisd-new, spamassassin and find a web frontend for sql quarantine only takes like, two hours.
[15:50:23] <ullio> find a web frontend... well, thats it... the rest is up and running anyways
[15:51:20] 
[15:51:28] <cite> Apart from that, setup took me like 20 minutes.
[15:52:31] <ullio> hmm.. but that would force me to get amavisd-new to drop spam according to ts virtual users
[15:52:47] <ullio> would amavisd play along?
[15:53:06] <cite> I don't understand that question.
[15:53:41] <ullio> i remember i had problems getting amavisd to quarantine the mails appropriatly
[15:53:57] <ullio> but it was due tto my deficits in understanding the infrastructure
[15:54:44] <cite> amavisd-new is amongst the worst documented open source programs on this planet. I can feel your pain ;)
[15:55:10] <ullio> oh, thats flattering
[15:55:36] <cite> vi -R /usr/sbin/amavisd-new was a command I typed quite often during installation and configuration.
[15:55:45] <cite> "Use the source" stuff.
[15:56:25] <cite> Anyways, if you want to give dspam a shot, I can restore an old backup and show you the table structure I used.
[15:56:45] <ullio> oh joy.
[15:56:59] <ullio> but ill be afk for two hrs from now... family duties
[15:57:19] <ullio> maybe i can chat u back later
[15:58:21] *** Nockian- is now known as Nockian
[15:59:34] <cite> ullio: http://rafb.net/p/pSG80l77.html
[16:00:32] *** pirho has quit IRC
[16:01:00] <cite> ullio: dspam_preferences_pristine was used to store default and other preferences, the two views, dspam_preferences and dspam_view_map were what I configured in dspam.conf
[16:01:22] *** gelados_ola has joined #postfix
[16:01:25] <gelados_ola> hi there
[16:01:40] <gelados_ola> im trying to auth agains a mysql db with sasl auth
[16:01:56] <gelados_ola> but the only debug info i get in postfix is auth failed
[16:02:01] <gelados_ola> how can i debug this more?
[16:02:04] *** pirho has joined #postfix
[16:12:56] *** xnixan_ has joined #postfix
[16:13:36] *** xnixan_ is now known as xinxian
[16:13:43] *** xnixan has quit IRC
[16:13:52] *** xinxian is now known as xinxan
[16:14:10] *** pirho has quit IRC
[16:15:21] *** pirho has joined #postfix
[16:16:59] *** bangkydotnet has left #postfix
[16:20:43] *** micols__ has left #postfix
[16:20:52] *** micols__ has joined #postfix
[16:28:30] *** gelados_ola has quit IRC
[16:30:37] *** ullio has quit IRC
[16:35:16] *** hing has quit IRC
[16:35:25] *** higuita has joined #postfix
[16:46:20] *** protonchris has joined #postfix
[16:59:26] *** Lap_64 has quit IRC
[17:01:00] *** GoGi has quit IRC
[17:01:29] *** hever has quit IRC
[17:17:08] *** aniasis has quit IRC
[17:22:14] *** protonchris has quit IRC
[17:22:17] *** protonchris has joined #postfix
[17:36:08] *** idle-boy` has quit IRC
[17:36:25] *** idle-boy` has joined #postfix
[17:36:34] *** c00l2sv has quit IRC
[17:38:12] <mwalling> vice-versa: i was
[17:38:27] <vice-versa> hehe
[17:40:38] * mwalling cant find any excedrin either
[17:41:10] <vice-versa> yeah...I was gonna tell you about that
[17:41:15] <vice-versa> ;)
[17:45:35] * vice-versa opens another ice cold Guinness
[17:46:37] <mwalling> ass
[17:52:42] *** c00l2sv has joined #postfix
[18:04:01] *** idle-boy has joined #postfix
[18:15:08] *** BlackBishop has joined #postfix
[18:15:31] <BlackBishop> can postfix store emails in mysql ? :|
[18:15:46] <BlackBishop> I've used this http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-fedora8 so far .. works ok .. but I'd like everything to be in mysql.
[18:16:59] <vice-versa> why?
[18:18:29] <BlackBishop> because I have about 3000 mails in my inbox and accessing them via squirrelmail is a pain.
[18:19:39] <vice-versa> anyway, it's not something postfix can do naively but I've seen dbMail or some such kicked around in the channel when this topic pops up
[18:19:40] <SniZ> i think no
[18:20:10] <SniZ> or you cana write patch
[18:20:11] <SniZ> =)
[18:20:39] *** mwalling has quit IRC
[18:20:45] <BlackBishop> if I'd know to code C or something .. I would
[18:21:22] <Trengo> BlackBishop mutt?
[18:21:34] * Trengo lubs mutt for that
[18:21:36] *** tshine|afk is now known as tshine
[18:22:24] * BlackBishop googles mutt
[18:22:39] <BlackBishop> ahm .. text-based
[18:22:47] <BlackBishop> I'd need a web-based app.
[18:23:14] <Trengo> squirrel is one of the best
[18:23:25] <Trengo> what do you really want?
[18:23:32] <BlackBishop> mails to be stored in sql I guess
[18:23:37] <BlackBishop> sql access would be faster.
[18:23:46] <BlackBishop> ( .. I think .. )
[18:23:50] <Trengo> why???
[18:24:23] <Trengo> you should move from mbox to maildir, that would speed things up
[18:24:56] <BlackBishop> ok .. any easy way to do that ?
[18:25:01] <SniZ> no
[18:25:27] <BlackBishop> :| great.
[18:25:59] <Trengo> if i were you, i'd hit it with mutt
[18:26:06] <Trengo> get rid of the junk
[18:26:12] <BlackBishop> I think I already use maildir.
[18:26:18] <BlackBishop> I have each mail in a separate file.
[18:26:25] <Trengo> then use squirrel for the remaining
[18:26:30] <Trengo> you do then
[18:26:34] <vice-versa> yup, that's maildir style
[18:26:38] <BlackBishop> I'm not on *nix boxes all the time.
[18:27:17] <vice-versa> What?
[18:27:24] <vice-versa> get em fellas
[18:27:27] <SniZ> why vda patch cannot be commited?
[18:27:46] <BlackBishop> I'm not on *nix boxes all the time .. so I can't use mutt .. still I'd like all my 3K mails to stay there ..
[18:28:03] <BlackBishop> and if there's a way to get incomming emails in mysql .. I'll find a way to import these too...
[18:28:11] <SniZ> BlackBishop, try use imap
[18:28:53] <BlackBishop> squirrelmail uses imap .. doesn't it ?
[18:28:57] <SniZ> i doonno
[18:29:03] <SniZ> i use roundcube
[18:29:06] <SniZ> it faster
[18:30:21] <BlackBishop> alpha state ?
[18:30:25] <SniZ> no
[18:30:40] <BlackBishop> how can you say it's faster if you don't know what/how squirrelmail uses ?
[18:30:56] <SniZ> i use it
[18:31:00] <SniZ> on my mail system
[18:31:12] <BlackBishop> ok .. but how do you know it's faster than squirrelmail ?
[18:31:17] <SniZ> imap usually faster than pop3
[18:31:35] <BlackBishop> so how do you know squirrelmail doesn't use imap ?
[18:31:43] <BlackBishop> ( found out .. squirrelmail uses imap too . )
[18:31:44] <SniZ> i donno
[18:31:51] <BlackBishop> then you can't say it's faster ! :)
[18:31:55] <SniZ> okey
[18:32:04] <BlackBishop> http://roundcube.net/downloads shows roundcubemail-0.2-alpha.tar.gz :|
[18:32:13] <SniZ> which pop3\imap server you use?
[18:32:20] <BlackBishop> 127.0.0.1
[18:32:25] <SniZ> which pop3\imap server you use?
[18:32:25] *** mohshami has joined #postfix
[18:32:48] <BlackBishop> courier
[18:32:52] <SniZ> heh
[18:32:58] <SniZ> replace it to dovecot
[18:33:06] <SniZ> it really faster
[18:33:18] <SniZ> or try kill yourself by wall ->|
[18:33:26] <mohshami> hey guys, I'm trying to build a high performance mail system, I noticed gmail has only 2 IPs for it's primary MX, so I guess it's a cluster, does anybody know of a good clustering solution not involving dns?
[18:33:46] <SniZ> no
[18:34:01] <BlackBishop> dang .. moving to dovecot all the setings I have in postfix will be a even bigger pain
[18:34:25] <SniZ> BlackBishop, no, dovecot+postfix really faster solution
[18:34:32] <SniZ> <SniZ> or try kill yourself by wall ->|
[18:34:41] <mohshami> BlackBishop: Just wondering, what is your current setup like?
[18:34:54] *** mwalling has joined #postfix
[18:35:22] *** Stas`ka has joined #postfix
[18:35:33] <Stas`ka> privet vsem!!
[18:35:53] <SniZ> Stas`ka, privet, try speak in english
[18:36:20] <Stas`ka> I am not speak english
[18:36:22] <Stas`ka> =((((((
[18:36:28] <SniZ> <SniZ> <SniZ> or try kill yourself by wall ->|
[18:37:07] <Stas`ka> what?
[18:37:16] <SniZ> ???? ???? ?? ?????
[18:37:26] <BlackBishop> ow .. mohshami http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-fedora8
[18:37:30] <Stas`ka> ??? ??
[18:37:40] <SniZ> Stas`ka, ? ?? ????????
[18:37:47] <BlackBishop> ( easily modified for fedora 9 and newer version of postfix and stuff )
[18:37:50] <SniZ> BlackBishop, do not user courier!
[18:37:50] <mwalling> knock it off. both of you.
[18:37:52] <Stas`ka> ? ??? ?????? ??? ?????? ? ??? ???????????...
[18:38:08] <Stas`ka> ?? ? ??????? ?? ???????? ?????????? ?????????
[18:38:10] <Stas`ka> ????
[18:38:12] <SniZ> Stas`ka, piss off
[18:38:28] <mohshami> BlackBishop: I set up a similar things about 2 years ago
[18:38:50] <Stas`ka> ??? ?? ????? ??? ?????
[18:38:50] <mohshami> Dovecot is much better for you
[18:39:01] <BlackBishop> can ya' help the migration ? :) pretty please.
[18:39:03] <SniZ> mohshami, +1
[18:39:04] <mohshami> are you using it for an ISP?
[18:39:31] <mohshami> SniZ: :)
[18:39:32] <BlackBishop> no
[18:39:41] <BlackBishop> it's my own mail server.
[18:39:41] <mohshami> then what?
[18:39:55] *** Stas`ka has left #postfix
[18:39:56] <mohshami> for a company or something like that?
[18:40:03] <SniZ> i write own registration system for postfix+mysql
[18:40:49] <BlackBishop> no .. for me !
[18:40:56] <mohshami> oh
[18:41:02] <mohshami> then how many users do you have?
[18:41:06] <BlackBishop> about 3
[18:41:06] <SniZ> BlackBishop, you wanna perfomance or shit?
[18:41:22] <BlackBishop> SniZ .. performance I think .. :)
[18:41:25] <SniZ> BlackBishop, dovecot+postfix+postfixz_vda_patch
[18:41:38] <BlackBishop> I already have postfix's vda patch installed :)
[18:41:39] <SniZ> =real perfomance
[18:41:52] <BlackBishop> ok .. well .. I'll try it out I guess ..
[18:41:57] <mohshami> postfix_vda_patch better than dovecot lda?
[18:42:30] <mohshami> the last time I check the patch didn't scale
[18:42:31] *** Zblakany has quit IRC
[18:43:32] <SniZ> mohshami, mmm, if you have vda patch, postfix can deffer mail and send notofication
[18:43:41] <SniZ> and dovecon cant this...
[18:44:17] <mohshami> how come, I remember I did something like that in the past
[18:47:10] <mohshami> dovecot lda can return an error code to postfix, so it can defer
[18:47:37] <SniZ> i donno how
[18:47:52] <SniZ> and my dovecot cannot ignore trash folder
[18:48:23] <mohshami> I was writing a howto recently for using postfix+dovecot with active directory
[18:48:38] <SniZ> where?
[18:49:08] <mohshami> http://blog.al-shami.net/index.php/freebsd-postfix-dovecot-and-active-directory/
[18:49:45] <mohshami> while I was testing I got deferred notification from postfix with an error
[18:49:52] <SniZ> how old re you?
[18:49:59] <mohshami> 27, why? :D
[18:52:18] <mohshami> BlackBishop, migrating 3 users shouldn't be a major issue
[18:52:27] <mohshami> try migrating 3000
[18:54:53] <BlackBishop> roundcube seems fast :)
[18:55:14] <SniZ> mohshami, i m 21
[18:55:32] <mohshami> well, I'm kind of a late comer
[18:55:37] <BlackBishop> so am I
[18:55:52] <SniZ> mohshami, you from india?
[18:56:00] <mohshami> Jordan, middle east
[18:56:16] <mohshami> indians have a much darker complexion :p
[18:56:23] <SniZ> mohshami, sorry, i have indian programmers. ther are very stupid
[18:56:28] <mohshami> :|
[18:56:44] <mohshami> so you
[18:56:51] <mohshami> you're calling me stupid? :D
[18:57:05] <SniZ> not you. but programmers
[18:57:16] <mohshami> sadly all programmers are
[18:57:22] <mohshami> well most of them
[18:57:50] <mohshami> at least the ones who work in closed source
[18:58:42] <SniZ> =)
[18:59:11] <mohshami> I know you heard this line "it worked on my machine" :D
[18:59:27] <SniZ> yes=)
[18:59:41] <SniZ> mohshami, in your country many terroriosts?
[18:59:46] <mohshami> nope
[18:59:50] <SniZ> why?
[19:00:02] <mohshami> we're a lot more peaceful than the media portrays us
[19:00:52] <SniZ> why all scream "allah akbar"?
[19:01:29] <mohshami> the same reason people in churches say "praise the lord"
[19:01:30] <mohshami> same thing
[19:01:45] <SniZ> i nont beliave god
[19:02:05] <SniZ> i have all fanatics
[19:02:13] <SniZ> *hate!
[19:02:19] <SniZ> kill em all~!
[19:02:45] <mohshami> well it's your decision. I can't tell you what to believe in, right?
[19:03:03] <SniZ> i know
[19:03:21] <SniZ> but you doesnt belive
[19:03:45] <mohshami> sorry but I don't understand
[19:03:58] <SniZ> forgot
[19:04:13] <SniZ> forgot it
[19:04:16] <SniZ> =)
[19:04:19] <mohshami> :)
[19:04:23] <mohshami> no worries
[19:04:26] <mohshami> already forgotten
[19:04:40] <SniZ> which god you pray?
[19:04:46] <vice-versa> can you two stay on topic please
[19:05:10] <SniZ> vice-versa, we try, but it one real topic in this channal
[19:05:11] <mohshami> I would rather so
[19:06:59] <SniZ> mohshami, in your country masturbating is shame>
[19:07:01] <SniZ> ?
[19:07:27] <mohshami> SniZ, can we please stay on topic here
[19:07:34] <SniZ> mohshami, okey
[19:07:36] <SniZ> :(
[19:09:24] <SniZ> mmm, rains here :(
[19:09:31] <SniZ> fucking summer
[19:19:11] *** keffer is now known as Armless_jonh
[19:21:20] *** mohshami has quit IRC
[19:35:02] <BlackBishop> roundcube seems to solve the problem .. :|
[19:35:17] <BlackBishop> I'd move to dovecot .. but it seems so complicated ...
[19:35:51] <sysmonk> roundcube and dovecot are very different things
[19:36:46] <SniZ> BlackBishop, you in right way =)
[19:38:33] <BlackBishop> yeah .. I know .. I wasn't comparing roundcube with dovecot
[19:38:41] <BlackBishop> I was just saying roundcube displays emails faster ..
[19:38:53] *** albergaria has joined #postfix
[19:39:03] <BlackBishop> and dovecot seems so complicated comparing to the simple how to I had for courier.
[19:39:13] <albergaria> hi prople
[19:39:32] <albergaria> im having a problem using smtp auth with sasl, using usernames in the format "user at domain dot com"
[19:39:47] <albergaria> how can i made this to work with users in this format?
[19:40:48] <albergaria> looking at the logs of postfix, it show's me "user domain.com"
[19:40:51] <albergaria> missing the "@"
[19:41:20] * BlackBishop is not a prople !
[19:41:29] <albergaria> ops
[19:41:32] <albergaria> hi people
[19:41:32] <albergaria> :P
[19:47:17] *** brad[] has quit IRC
[19:48:13] *** baisemain has joined #postfix
[19:51:51] <BlackBishop> SniZ, does roundcube have a way to mark messages as spam ?
[19:52:07] <BlackBishop> like a plugin or something to tell spamassassin a message is spam and move it to the spam dir ?
[19:52:08] <SniZ> BlackBishop, i donno
[19:52:36] <SniZ> try found something in www.roundcubeforum.net
[19:52:52] *** idle-boy`` has joined #postfix
[19:53:24] *** idle-boy` has quit IRC
[20:00:29] *** albergaria has quit IRC
[20:03:43] *** UQlev has joined #postfix
[20:04:56] <Zelest> I'm receiving quite a lot of "Helo command rejected: need fully-qualified hostname" messages from what so far appears to be spam-bots. However, I've realized that at least one of them are not a spam-bot and wonder, is it really safe to use reject_non_fqdn_hostname?
[20:07:37] *** mash__ has quit IRC
[20:11:59] *** ctineo has quit IRC
[20:18:15] <vice-versa> Zelest: imo it is, however it will cause rejects for poorly configured MTAs you may need to exchange mail with
[20:20:20] <Zelest> True
[20:21:14] <Zelest> Though, I do use greylisting and a lot of other checks, so if the spammers are poor enough to not configure a valid HELO while spamming, I doubt they will come back again after a greylist. ;)
[20:23:19] <vice-versa> you would be surprised
[20:23:32] <Zelest> Hehe, I guess. :P
[20:25:36] <Zelest> erm
[20:25:48] <BlackBishop> Zelest, you coul use sbl too ...
[20:25:49] <Zelest> reject_non_fqdn_sender doesn't make sense imho.
[20:26:09] <vice-versa> not to mention receiving spam delivery attempts from poorly configured compromised MTAs/web hosts that will attempt to redeliver
[20:27:06] <Zelest> But, a simple "whitelist" in check_helo_access would do the trick, right?
[20:27:34] *** denis has quit IRC
[20:27:46] *** denis has joined #postfix
[20:28:07] <vice-versa> why does reject_non_fqdn_sender not make sense to you?
[20:28:20] <Zelest> well
[20:28:22] <Zelest> "Reject the request when the MAIL FROM address is not in fully-qualified domain form, as required by the RFC.
[20:28:25] <Zelest> The non_fqdn_reject_code parameter specifies the response code to rejected requests (default: 504)."
[20:28:35] <Zelest> user at domain dot com, that's not a FQDN?
[20:29:02] <vice-versa> it is
[20:29:11] <Zelest> according to reject_non_fqdn_sender yes.
[20:29:20] <Zelest> but isn't a FQDN a hostname.domain.tld?
[20:29:34] <vice-versa> no
[20:29:47] <Zelest> :o
[20:30:14] <vice-versa> second level and top level qualifies as fully qualified
[20:30:33] <vice-versa> it's FQDN, not FQHN ;)
[20:30:34] <Zelest> Fair enough then. :P
[20:30:38] <Zelest> Haha, true.
[20:37:30] <vice-versa> but yes you can whitelist, however ... Do *NOT* whitelist prior to reject_unauth_destination
[20:37:53] <Zelest> I know ;)
[20:37:58] <vice-versa> ok
[20:38:11] <Zelest> Though, that server seems fairly screwed..
[20:38:25] <Zelest> Consider contacting the admin instead and give him some hints and leave it to him.
[20:38:29] <vice-versa> what server?
[20:38:41] <Zelest> The one I'm rejecting.
[20:39:22] <Zelest> Sadly, it might even be a sloppy written PHP script which tries to deliver mail upon registration without using the SMTP on the local machine.
[20:40:17] <vice-versa> yeah, but it's been my experience with poorly configured/maintained MTAs you can rarely if ever notify or speak with someone competent enough to know what you're talking about let alone have it rectified
[20:41:07] <vice-versa> unfortunately whitelists are a must, at least in business environments
[20:42:20] * vice-versa can't remember the last time he's actually seen a Windows MTA accept mail for postmaster
[20:43:23] *** Armless_jonh has quit IRC
[20:46:15] *** Armless_jonh has joined #postfix
[20:46:29] *** ulmen has joined #postfix
[20:47:06] *** Armless_jonh has quit IRC
[20:47:26] *** Armless_jonh has joined #postfix
[20:47:40] *** allan has quit IRC
[20:49:26] *** SniZ has quit IRC
[20:49:53] <ulmen> hi. i can't stop my postfix to produce backscatter when i recive spam from my backup mx (which is not under my control and just has to accept mail for the whole domain), because i don't find the way to just accept everything from it and dump it to postmaster if there is no such local user
[20:50:04] *** SniZ has joined #postfix
[20:50:19] <mwalling> how about a *cringe* catchall?
[20:51:08] <ulmen> how do i make this for the backup mx only?
[20:51:31] <mwalling> donno
[20:51:50] <ulmen> me neither ;)
[20:52:18] <Zelest> get a better backup mx? :D
[20:53:03] <BlackBishop> and buy me some m&m's
[20:55:38] <ulmen> getting a better backup mx might get an option if the poor postmaster (me, myself and i) can't cope with all the spam anymore
[20:56:00] <ulmen> but from the logs, this is only about 2 or 3 mails per day at the moment
[20:56:12] <BlackBishop> I get 20/30 :|
[20:56:26] <BlackBishop> sbl's and reject_non_fqdn_sender filter them out ..
[20:56:31] <BlackBishop> just 2 - 3 get in the inbox
[20:58:05] <mwalling> whos your backupmx?
[20:58:10] <mwalling> and do you really need them
[21:00:48] *** sepski has joined #postfix
[21:04:14] <ulmen> well, having none was a bad idea in the past
[21:04:26] <mwalling> ?
[21:04:34] *** tmjb has quit IRC
[21:04:42] <ulmen> i lost mail on downtimes
[21:04:54] <mwalling> you had downtime > 7 days?
[21:05:49] <ulmen> obviously not every server queues mail for that long
[21:06:02] <mwalling> isnt that what the rfc says though?
[21:06:07] <mwalling> its some big number like that
[21:07:10] <ulmen> i care about the real world, not about the rfc ;)
[21:07:32] *** Verilium has quit IRC
[21:14:34] *** baisemain has quit IRC
[21:18:45] <vice-versa> !backscatter
[21:18:46] <knoba> vice-versa: "backscatter" : http://www.postfix.org/BACKSCATTER_README.html
[21:20:48] <sepski> ulmen, you did not loose mail. the sender got a message it was not delivered and i think it's 4 days. and its a heck of a lot better then mail beeing stuck in a MX for ages with the sender knowing nothing about it. the only sane mx is if they can all deliver mail to the mailstore.
[21:21:03] <ulmen> i've read that, but it doesn't cope with my problem. i don't _get_ backscatter (well, I do, but thats not the topic here), but the backup mx _sends_ backscatter after I give him a 550 when he tries to relay the mail to me
[21:22:01] <sepski> ulmen, well he should ? since he can not deliver it. (and if it is undeliverable why the heck did your mx accept it in the first place ?)
[21:22:46] <vice-versa> well to be honest, a backup mx is not really a backup when it's not under your control imo
[21:22:54] <ulmen> sepski: because he doesn't know about my users. and yes, it's sane behaviour on the backup mx
[21:22:57] <sepski> sounds like your backup mx does not have a compleate userlist or something like that
[21:23:01] <sepski> well that's insane !
[21:23:20] <sepski> the backup mx should have equal or better antispam rules then primary
[21:23:36] <sepski> since most spammers choose the backup mx as the destination first
[21:23:41] <vice-versa> indeed
[21:23:44] <sepski> and it absolutly MUST have the userlist
[21:23:50] <sepski> or some method to verify users
[21:23:58] <sepski> anything else will make it backscatter
[21:24:20] *** Verilium has joined #postfix
[21:24:54] <ulmen> not if accept everything from it and only manually send something back if i'm very conviced this was not spam
[21:24:59] <sepski> hence it's much easier to have multiple servers that are equal and both save to the mailstore. then a backup and a primary.
[21:25:35] <sepski> ulmen, if you have so few mail you can bounce messages manually... you dont need a backup server
[21:26:35] <ulmen> the backup mx does filter uce, but he just can't reject mail to wrong users
[21:26:45] <ulmen> so i only get the ones he didn't detect
[21:26:46] <sepski> ulmen, the only thing you can do if you dont want to have the userlist on the backup.. is to have a catchall address
[21:27:01] *** tellus has joined #postfix
[21:27:08] <sepski> so that the backup can allways deliver to the primary.
[21:27:26] <ulmen> sepski: exactly what i thought off, but i can't figure out how to do this _just_ for the backup mx
[21:27:39] <sepski> ulmen, you can't
[21:27:40] <ulmen> so i can reject to wrong users when delivered locally
[21:27:43] <ulmen> okay
[21:27:47] <ulmen> a pity ;)
[21:28:08] <sepski> well perhaps you can with separate transports... or something but if you have a catchall you have a catchall
[21:28:08] <ulmen> i think i will spend some time thinking if i really need/want that backup mx then
[21:28:19] <sepski> ulmen, sounds like the sane thing to do
[21:28:44] <sepski> ulmen, i would rather spend the time getting primary up again within 4 days time
[21:29:05] <sepski> and if you drop mail earlier then after 4 days it's becouse you'r dns was unreachable and that's not a mail problem
[21:29:16] <sepski> you should absolutly have a offsite dns server to avoid that kind of problems
[21:29:26] <sepski> a offsite slave dns server
[21:39:11] <ulmen> what i maily see what missing mail in mailinglists, because theese servers obviously might have a hard time queuing for long
[21:39:45] <ulmen> and since some of them aren't archived, this was kind of a pita
[21:40:13] <ulmen> nothing grave, but at this time i just thought a backup mx would be a cool idea. maybe i rethink that
[21:43:53] *** Tinozaure is now known as Tino
[21:44:36] <sepski> still didnt think mailinglists servers would not queue as long as recomended or use a separate mailserver. are you sure it was not your dns was unavailable ?
[21:50:40] <ulmen> not 100% sure, but would have been an strange coincidence since i did only repair the mailserver ;)
[21:51:47] <ulmen> maybe i just went to far by having the backup mx offsite and thus not under my control
[21:54:43] <ulmen> having it offsite _and_ under might control is sure possible, but not at the current costs of zero
[21:57:13] *** Alocado has joined #postfix
[21:57:59] <Alocado> hello... i've set up postfix with virtual aliases with mysql... is there any possibility to redirect mails to one specific mail address to pipes?
[22:02:27] <Alocado> no idea?
[22:05:48] <vice-versa> not with the virtual transport
[22:07:05] <vice-versa> but, iirc, you could alias the virtual to a local alias which does support piping
[22:08:30] <vice-versa> s/could/can/
[22:09:51] <Alocado> mh... i created an alias with "mailaddy@domain,tld -> pipeaddy"
[22:10:18] <Alocado> in /etc/aliases i wrote "pipeaddy; | /path/to/program"
[22:10:51] <Alocado> but postfix says: unknown user: "pipeaddy at domain dot tld"
[22:11:17] <Alocado> it doesn't accept the alia
[22:11:17] <Alocado> s
[22:15:14] <vice-versa> did you test just the local alias
[22:16:04] <Alocado> ?
[22:16:14] <vice-versa> and you ran newaliases right?
[22:16:26] <Alocado> i ran "postalias"
[22:16:32] <Alocado> poastalias /etc/aliases
[22:16:45] <Alocado> postalias /etc/aliases
[22:16:53] <Alocado> there's no error
[22:18:07] <vice-versa> ok, query it
[22:18:42] <vice-versa> postalias -q  pipeaddy hash:/etc/aliases
[22:19:43] <Alocado> "|/path/to/program"
[22:19:48] <Alocado> (without quotes)
[22:19:55] *** nphase has joined #postfix
[22:20:33] *** nphase has quit IRC
[22:21:54] *** nphase has joined #postfix
[22:23:20] <Alocado> aaaaah, vice-versa, i have to redirect to "pipeaddy@localhost"
[22:24:15] <vice-versa> yeah, sorry was afk for a sec, that or anything valid in mydestination
[22:24:48] <vice-versa> postconf mydestination
[22:27:27] <Alocado> :)
[22:27:32] <Alocado> no problem ;)
[22:38:58] *** BlackBishop has quit IRC
[22:41:19] *** Mez|DPC is now known as mez
[22:42:29] *** mez is now known as Mez
[22:48:57] *** madrescher has joined #postfix
[22:51:28] *** UQlev has quit IRC
[22:53:34] *** jelly has quit IRC
[22:55:51] *** denis has quit IRC
[23:01:47] *** BluesMurf has joined #postfix
[23:02:25] <vice-versa> Alocado: so it's now working as expected i take it
[23:02:36] *** tuxick has quit IRC
[23:02:40] *** BluesMurf is now known as tuxick
[23:02:41] <Alocado> ;)
[23:02:51] <Alocado> vice-versa, it's perfect ;)
[23:02:59] <vice-versa> sweet
[23:03:32] <Alocado> i need this for a ticket system... but you can use it for auto-responding, mailing lists and much more ;)
[23:03:41] <vice-versa> indeed
[23:04:11] <Alocado> i hate cronjobs which polls every 5 minutes a pop3 mailbox
[23:04:35] * vice-versa contemplates making a factoid for that
[23:04:53] <Alocado> ?
[23:05:09] <vice-versa> like these...
[23:05:13] <vice-versa> !basic
[23:05:14] <knoba> vice-versa: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[23:05:19] <vice-versa> !fish
[23:05:19] <knoba> vice-versa: "fish" : Give an admin a fish and you feed them for a day. Teach an admin to fish and you feed them for a life. -- All new anglers, please see the following channel factoids, !tutorial !docs !basic !standard !faq !manuals !logs !debug !smtpd!=smtp
[23:05:25] <vice-versa> !smtpd!=smtp
[23:05:25] <knoba> vice-versa: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters are not the same thing. smtpd_ = server while smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)
[23:05:35] <vice-versa> etc., etc....
[23:05:39] <Alocado> ;)
[23:06:03] <vice-versa> Virt2Local
[23:06:13] <vice-versa> virt2local
[23:06:42] <Alocado> i have 2 servers, on both i receive emails
[23:07:06] <Alocado> the first runs with exim4, spamassassin and courier... 200 unfiltered spammails per day
[23:07:31] <Alocado> the new: postfix, policyd and postgrey ;) no more spam *g*
[23:07:55] <Alocado> i transferred the main domain's MX to the new
[23:08:46] <Alocado> and: postfix is easy to configure, it was a simple thing to get virtual mailboxes working based on mysql
[23:09:21] * vice-versa prefers pre-data SpamFu
[23:09:34] <Alocado> on the old server i have "confixx" - for each mailbox a cryptical username (like webXpY, X and Y are repaced by numbers)
[23:10:35] <Alocado> the only thing i've not found out yet: how to create virtual-mailbox-individual quota ;)
[23:10:46] <Alocado> with mysql, of course
[23:15:14] *** trappist has joined #postfix
[23:15:45] <trappist> I have almost everything working, except sasl auth. I get: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
[23:16:25] *** war9407 has quit IRC
[23:16:40] <trappist> that seems to be an issue with perms on /var/run/saslauthd, maybe, but they look ok to me: drwxrwx--- 2 root sasl 140 Jun 14 17:10 /var/run/saslauthd/
[23:16:48] <trappist> is that not right?  what could I be missing?
[23:20:39] <Alocado> postfix is running in a chrooted environment
[23:20:58] <Alocado> so you have to configure the sasl file in master.cf to /saslauthd/
[23:21:04] <Alocado> NOT /var/run/
[23:21:05] <Alocado> i think
[23:21:44] <vice-versa> that is of course assuming it's running chrooted
[23:22:01] <vice-versa> which is not the default for postfix
[23:22:08] <Alocado> yes ;)
[23:22:31] <Alocado> postfix is chrooted to /var/run/postfix (right?)
[23:23:19] <vice-versa> yes
[23:24:11] <vice-versa> so... trappist, chrooted or no?
[23:25:10] <Alocado> trappist, main.cf: smtpd_sasl_path = private/auth
[23:26:12] <Alocado> ls -la /var/spool/postfix/private/auth
[23:26:12] <Alocado> srw-rw---- 1 postfix postfix 0 2008-06-04 12:06 /var/spool/postfix/private/auth
[23:26:26] <Alocado> postfix is chrooted to /var/spool/postfix !
[23:26:47] <Alocado> and /var/spool/postfix/private/auth is a symlink to my sasl daemon
[23:27:16] <Alocado> (i'm using dovecot)
[23:27:54] <Alocado> so... it's time to go home, good night to everyone ;)
[23:28:06] *** Alocado has quit IRC
[23:28:29] <thumbs> dovecot is good.
[23:43:28] <trappist> vice-versa: no
[23:46:06] <trappist> vice-versa: I'm on ubuntu, the default is chrooted (for the distro) but I turned it off
[23:46:43] *** netcrash has quit IRC
[23:53:54] <vice-versa> !tell trappist saslfinger
[23:54:12] <vice-versa> let's see the output from that, saslfinger -s
[23:57:08] <trappist> http://linuxkungfu.org/tmp/saslfinger.txt
[23:57:55] <trappist> vice-versa: ^^
[23:58:17] <vice-versa> also, have you test with testsaslauthd at all?
[23:58:22] <vice-versa> testsaslauthd -u <username> -p <password>
[23:58:28] <trappist> nope, lemme try...
[23:58:56] <trappist> if I do it as me, permission denied.  with sudo, it works.





top