August 2, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 2, 2008 [00:01:26] *** seekwill has quit IRC[00:02:07] *** va has quit IRC[00:16:01] *** dinar has quit IRC[00:29:04] *** gradin has joined #postfix[00:29:14] <gradin> hewwo[00:29:29] <gradin> i'm confused and need help[00:29:32] <gradin> anybody active?[00:29:45] <gradin> ...[00:30:59] <adaptr> no, we're all lazy as fuck today[00:31:11] <adaptr> can we skip your emotional state and get right to the actual question ?[00:31:31] <gradin> adaptr: lol,[00:31:33] <adaptr> you just wasted 4 lines and we keep score[00:31:46] *** alienbrain has quit IRC[00:32:09] <gradin> i'm seeing fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit in my logfiles and my testmails are being queued and never sent...[00:33:12] <adaptr> it's not kidding[00:33:15] <gradin> i looked in the main.cf but i'm not seeing a message size limit directive...[00:33:16] <adaptr> fix the error[00:33:28] <adaptr> it has a ...default ?[00:33:33] *** js__ has joined #postfix[00:33:35] *** jelly has quit IRC[00:33:38] <adaptr> postconf message_size_limit[00:33:45] *** jelly has joined #postfix[00:33:58] *** pickcoder has quit IRC[00:34:09] <adaptr> default is 10MB[00:34:15] <adaptr> or summin[00:34:58] <gradin> whertnx[00:34:59] *** m1n3s6 has quit IRC[00:35:04] <gradin> *tnx[00:35:21] <gradin> and now my mails fired :)[00:35:24] <gradin> woo hoo...[00:35:39] *** m1n3s6 has joined #postfix[00:36:11] <adaptr> let's see.. that's 10 points deducted for the "woohoo", and 5 for the wastage.. yup, you owe us 15 points[00:36:41] <gradin> does postfix support an https webmail service?[00:37:41] <gradin> ah squirrel mail[00:38:02] <gradin> adaptr: so... do points add up to sexual favors or something?[00:38:07] <adaptr> gradin: does any sensible webmali service support a standards-complaint SMTP server ?[00:38:41] <adaptr> hell no, that stupid a question ain't getting you any sexual favours tonight buddy![00:39:13] <gradin> adaptr: are we talking sensable as in microsoft's version of compliance or actual compliance?[00:39:49] <adaptr> RFC compliant[00:39:53] <adaptr> which Exchange is not[00:39:57] *** keffer has joined #postfix[00:45:02] *** js_ has quit IRC[00:45:02] *** js__ is now known as js_[00:47:41] *** m1n3s6 has quit IRC[00:47:57] *** m1n3s6 has joined #postfix[00:48:04] <gradin> mmm intresting...[00:48:14] *** ullio has joined #postfix[00:48:24] <gradin> i can telnet into port 110 but i can't login...[00:49:46] <ullio> good evening. is there any alternative to dspam? in terms of web frontend plus with extra filter options?[00:51:08] <gradin> i get a login failure[00:51:13] <gradin> at password entry[00:51:31] *** alienbrain has joined #postfix[00:52:36] <adaptr> which password are you entering ?[00:52:42] <gradin> adaptr: cute[00:52:49] <adaptr> suit yourself[00:52:57] <gradin> i'm entering the localusers password[00:53:03] <gradin> which is correct[00:55:01] <adaptr> and which POP daemon would you be running ?[00:55:20] <gradin> i'm using courier-pop3[00:55:36] <adaptr> and you have configured it for system PAM users ?[00:55:40] <gradin> the courier-imapi is failing to log me in[00:55:50] <adaptr> what does that have to do with anything ?[00:56:29] <gradin> aswell...[00:56:43] <gradin> uh looks like the guide i'm using is missing a few steps...[00:56:52] <gradin> what do i need to do to configure it for system pam users?[00:57:49] <gradin> i've been using https://help.ubuntu.com/community/PostfixBasicSetupHowto[00:58:22] <adaptr> none of this has AANYTHING to do with postfix - not even remotely[00:58:33] *** Fallenou has quit IRC[01:00:43] *** rootsvr has quit IRC[01:02:04] <ullio> what is the most simple lda available? i need deliver quarantined mails filtering out the most obvious culprits..[01:03:00] <ullio> this is only for use with to-be-quarantined mail.[01:09:41] *** GreenCult has quit IRC[01:21:33] <adaptr> cat >> /dev/null[01:22:19] <gradin> so yeah i'm just trying to get the damned mail server setup and i'm not getting it...[01:23:33] *** linkslice has quit IRC[01:25:52] *** c00l2sv has quit IRC[01:28:11] *** Jense has quit IRC[01:31:30] <adaptr> are you experiencing postfix problems ?[01:35:36] <gradin> ... well since ubunt seems to be running fine and the postfix courier-imap isn't working i'd say yes[01:38:18] <adaptr> "postfix courier-imap" is a null term[01:38:26] <adaptr> (it means nothing)[01:42:32] *** tshine has joined #postfix[01:44:36] <Qube> question on inbound smtp checking.... I have a relay_recipient_maps = hash:/etc/postfix/relay_recipients setting to only accept email for valid users and I also have a rbl check in smtpd_recipient_restrictions reject_rbl_client zen.spamhaus.org - however the order of these is the rbl check then the relay check - is it possible to reverse these? 99% of my inbound is to bogus recipients - seems more prudent to check the local db before going off to the RBL[01:46:16] <adaptr> an RBL does not check recipients, obviously[01:46:26] <adaptr> it checks for the client IP[01:47:00] <adaptr> so they are wholly unrelated, but I would always check the RBL first, since it will catch any and all known bad IPs, and not bother about the data being sent[01:47:44] <adaptr> the whole point of these checks is to bow out ASAP, so as not to waste more time than absolutely necessary, without leading to false positives (or negatives, as the case may be)[01:48:17] <adaptr> are these users system users ? or virtual mail users ?[01:52:14] *** pirho has quit IRC[01:53:12] <Qube> adaptr, except that the RBL rejection doesn't happen until after the MAIL FROM And RCPT TO anyway[01:53:32] <adaptr> Qube: IF you have set delay_reject, yes[01:53:47] <Qube> its a mailscaller relay box[01:53:49] <adaptr> you can put the RBL in your client_restrictions[01:53:50] <Qube> mailscanner[01:53:57] <adaptr> and disable delay_reject[01:54:11] <adaptr> the disadvantage of that is that it will not log sender or recipient in that case[01:54:22] <adaptr> but depending on load, you may not be interested anyway[01:54:51] <Qube> I don't have delay_reject in my config[01:55:01] <adaptr> so the real question is: what does your use of the word "prudent" actually mean ?[01:55:15] <adaptr> speed ? virtuous living ?[01:55:25] <Qube> virtuous[01:55:48] <Qube> ask the local database (relay_recipients) before putting more load on spamhaus[01:57:14] <adaptr> you can cache the RBL locally :)[01:57:22] <adaptr> that would probably make a bigger difference[01:58:17] <Qube> mmm, i guess... just rsync it down... might be a better plan :)[01:59:26] <adaptr> if they let you[01:59:53] <adaptr> it's many, many gigabytes of DNS data - a cache makes a bit more sense[01:59:56] <Qube> guess not... commercial[02:00:25] <adaptr> you should run a local dns cache on a postfix machine anyway, it's the very first performance tip in the manual[02:03:46] *** war9407 has quit IRC[02:05:47] *** jelly has quit IRC[02:05:58] <Qube> ok thanks... I'm already pointing it to "dnscache" (djbware) on a different server (same network)... so I guess its as good as it is going to be... thanks[02:06:05] *** fdask has joined #postfix[02:06:07] <fdask> hey[02:06:48] <fdask> i set up dkimproxy with postfix, running on port 587.. i.e. all messages through there get signed. i want to change it so it signs only outbound mail coming through port 25[02:06:51] <fdask> is that possible?[02:07:10] <fdask> not sure what the syntax would be in the master.cf to say like 'do this for outbound messages'[02:11:13] <adaptr> so you run an open relay ?[02:12:51] <fdask> no[02:13:08] <fdask> i cant use port 587 due to some weird sending software i have[02:13:15] <fdask> so i need to use port 25 like normal[02:13:41] <fdask> so basically, smtp listening on localhost needs to do some extra stuff, all the rest run like normal[02:13:56] <fdask> i saw that i can put an ip: prefix on the master.cf entries[02:14:04] <fdask> can that be a list of ips?[02:14:44] <adaptr> no[02:15:19] *** _apk has quit IRC[02:15:55] <adaptr> add -o <whateveroptionyouwanttoset> to your master.cf entry[02:17:48] <fdask> yeah.. i've got those bits. but im just trying to figure out a way to only add those -o's to outbound mail[02:19:17] <fdask> any idea how i'd do that?[02:20:15] <adaptr> split up the smtp service into two transports[02:20:21] <adaptr> and use a transport_map[02:20:26] <adaptr> !transport_maps[02:20:26] <knoba> adaptr: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[02:20:54] <adaptr> set the option on the port 25 one, and omit it on the submission[02:21:05] <adaptr> or vice-versa, obviously[02:21:12] <adaptr> I forgot what it was exactly you wanted :D[02:22:03] <adaptr> oh, no, you want to split them based on client IP, I see[02:22:17] <adaptr> hmmm, that's probably more of a client_access thingy then[02:22:44] <adaptr> you still need the two transports, obviously[02:22:57] <fdask> hrmm[02:23:16] <fdask> i was trying to just setup the smtp listening on localhost to do the filter, and not on the public ips[02:23:23] <fdask> didnt seem to work as expected tho :P[02:23:39] <adaptr> why not ?[02:24:47] <adaptr> dinno it was a contentfilter[02:24:49] <adaptr> that's easy[02:24:58] <fdask> yeah i've already got the filter up and listening...[02:25:08] <adaptr> nonono, an OPTION[02:25:14] <adaptr> in th etransport[02:25:40] <fdask> im not sure what you mean[02:25:44] <adaptr> what does dkim do, add headers ?[02:26:12] <fdask> yeah[02:26:26] <fdask> its just a proxy that adds a few headers[02:26:47] <fdask> normally i just set it up, so ppl sending through 587, the submission port, always go through the dkim proxy[02:26:52] <adaptr> then they're not influenced by MTA processing[02:26:56] <fdask> but in this situation, i need it going on 25[02:27:16] <adaptr> and you don't add the option to outbound mail[02:27:24] <adaptr> you add it to the inbound connection[02:27:33] <fdask> its the outbound i want it on, but yeah[02:27:39] <fdask> how would i add it onto the outbound connection[02:28:00] <adaptr> no, you don't want it on the outbound connection[02:28:18] <adaptr> you want to sign mail that *you* send[02:28:24] <adaptr> use a transport map ![02:28:30] <fdask> ya i'm reading the man page now[02:28:53] <adaptr> *@yourdomains -> normal_transport, since that's incoming mail[02:29:11] <adaptr> *@* (everything else) -> dkim_transport, with -o added in master.cf[02:29:30] <fdask> yeah, that'd work[02:29:44] <adaptr> it won;'t sign mail between local users, but that's an obvious side effect, and not relevant since you're both sender and recipient[02:29:50] <fdask> yeah[02:29:57] <adaptr> so get to it :)[02:30:25] <adaptr> just copy the smtp: line in master.cf, and call it dkim: or something[02:30:42] <adaptr> that's the transport name, by the way[02:31:00] <fdask> well i already have a transport defined[02:31:04] <fdask> so i can use it directly[02:31:13] <fdask> and then i just build a transport db?[02:32:34] <adaptr> of course you have an smtp transport, or no mail would leave your machine[02:32:39] <adaptr> you need a second one[02:35:35] <fdask> hrm[02:35:49] <fdask> do i have to put something in main.cf to tell it to use the transport db?[02:37:52] <adaptr> of course[02:37:58] <adaptr> I already linked you[02:42:17] <fdask> Aug 1 20:42:06 mxexpress postfix/master[10192]: fatal: unknown service: dksmtp/tcp[02:42:20] <fdask> hrmm[02:42:27] <fdask> its not liking my new transport in the master.cf[02:42:39] <fdask> dksmtp inet n - n - - smtpd -o content_filter=dksign:[127.0.0.1]:10027[02:42:47] <fdask> newline after smtpd[02:42:54] <fdask> i guess i need to name it eh[02:42:57] <fdask> dksmtp:smtp[02:43:42] <fdask> nope[02:45:25] <adaptr> smtpD is a transport ?[02:45:28] <adaptr> since when ?[02:45:37] <adaptr> !transport_maps[02:45:38] <knoba> adaptr: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[02:45:54] <fdask> ok i think i'm misunderstanding what i need in master.cf[02:45:59] <adaptr> format: localpart@domain <TAB> PROTOCOL:transport[02:46:09] <fdask> oh[02:46:39] <adaptr> transport being dkim inet n - n - - smtP[02:46:57] <adaptr> you are SENDING mail, duh?[02:48:23] <fdask> so i use smtp for PROTOCOL in the transport map[02:48:58] <fdask> but that brings me back to the error i was getting before[02:49:18] <fdask> postfix/master[10421]: fatal: unknown service: dkim/tcp[02:49:24] <fdask> because of the entry i made in the master.cf[02:49:39] <adaptr> yes[02:49:46] <adaptr> I said before what you should do[02:49:54] <adaptr> COPY the normal smtp service[02:49:59] <adaptr> then EDIT it[02:50:35] *** seekwill has joined #postfix[02:51:07] <fdask> i did[02:51:09] <fdask> smtp inet n - n - - smtpd[02:51:09] <fdask> dkim inet n - n - - smtp[02:51:11] <fdask> is what i have[02:51:40] <adaptr> you did not copy the smtp transport[02:51:49] <adaptr> you need glasses[02:52:11] *** ullio has quit IRC[02:52:28] <fdask> hehe[02:52:30] <fdask> shoot[02:53:03] <fdask> smtp or smtpd[02:53:15] <fdask> both ways gives me an error about unknown transport dkim/tcp[02:53:50] <fdask> sorry if im being dense here[02:53:56] <fdask> i think i'm close, but just missing a tiny thing[02:55:32] <fdask> still there?[02:55:44] <adaptr> COPY the ORIGINAL smtp TRANSPORT[02:55:52] <adaptr> CHANGE the NAME[02:56:01] <adaptr> ADD the -o[02:56:04] <adaptr> end[02:56:21] <adaptr> smtpd is not a TRANSPORT, it is a LISTENER[02:56:33] <fdask> right[02:56:45] <fdask> the two lines i pasted above, the smtp one is original[02:56:57] <adaptr> sigh[02:57:00] <fdask> i did copy it, but changed the 'smtp' at the start to some name, dkim that i made up[02:57:06] <adaptr> I give up[02:57:19] <fdask> oh come on! so close[02:57:28] <adaptr> YOU DID NOT COPY THE SMTP TRANSPORT[02:57:31] <fdask> smtp inet n - n - - smtpd[02:57:33] <adaptr> how often do I need to say it ?[02:57:35] <fdask> that is the smtp transport[02:57:39] <adaptr> FUCK OFF[02:57:44] <adaptr> SMTP DDDDDDDDDDDDDDDDD[02:57:49] <adaptr> IS NOT A TRANS-PORT[02:57:58] <adaptr> now I will go an weep :([02:58:03] <adaptr> for a day or two[02:58:16] <fdask> huh[02:58:26] <fdask> this is the smtp line in my master.cf. what do you mean by transport?[02:58:33] <adaptr> !transport[02:58:34] <knoba> adaptr: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[02:58:35] <fdask> i know what a transport is, and i thought this line defines it[02:58:47] <adaptr> then no, you do NOT know what a transport is[02:59:07] <fdask> Message delivery transports such as local or smtp are defined in the master.cf file[02:59:13] <adaptr> transports SEND mail[02:59:19] <adaptr> smtpd RECEIVES mail[02:59:29] <fdask> well that is the only smtp line in my master.cf[02:59:34] <adaptr> no, it is not[02:59:51] <fdask> oh[02:59:52] <fdask> OH[02:59:53] <fdask> OH[03:00:34] <fdask> wow[03:02:13] <fdask> got that part fixed[03:02:18] <fdask> now i just have a mistake in my transport file[03:04:41] <gonewestcoast> I'm attempting to build a new PostGres backend for a Postfix server-- the users will need to be entirely virtual. There a "how to integrated Postfix with a database" tutorial somewhere?[03:04:49] <gonewestcoast> I've done it before, but it's REALLY poorly documented, as I recall. :-([03:05:12] *** Motoko-chan has joined #postfix[03:05:28] *** daemoen__ has joined #postfix[03:05:49] <adaptr> !virtual[03:05:50] <knoba> adaptr: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[03:05:57] <adaptr> go from there[03:09:46] *** daemoen__ is now known as Daemoen[03:10:59] *** Tachy has joined #postfix[03:12:31] *** ChrisC35 has quit IRC[03:13:31] *** m0f0x has joined #postfix[03:16:42] *** githogori has quit IRC[03:19:11] *** rcsu_ has joined #postfix[03:24:05] *** Tachy_ has quit IRC[03:26:46] *** [Gandhi] has quit IRC[03:27:27] *** toytoy has quit IRC[03:32:01] *** rcsu has quit IRC[03:38:18] <gonewestcoast> There a good way to check whether pgsql support has been compiled in to my postfix binary?[03:38:57] <gonewestcoast> ldd /usr/sbin/postfix <-- Apparently it wasn't. Unfortunate.[03:43:45] <fdask> man[03:43:49] <fdask> still cant get this going[03:43:57] <fdask> its like its not using the transport map[03:44:05] <fdask> is there a way to test that? to see what transport map is being used?[03:44:09] *** makerc has quit IRC[03:44:16] *** makerc has joined #postfix[03:44:37] *** makerc has quit IRC[03:46:34] *** m1n3s6 has quit IRC[03:50:54] *** hparker has quit IRC[03:53:49] <Rockj> Hi. Anyone know if it is troublesome to use a ssl-certificate that has multiple common names as an email sertificate?[03:54:05] <Rockj> I know it works for the web, but could we use same for email server?[03:54:54] *** Landon has joined #postfix[03:56:14] <Landon> is it postfix's job to set the return-path header or the mail clients?[03:56:33] <Landon> I've been getting conflicting replies when I search for this[03:57:01] <Landon> what I want to do is to be able to have my differnet users send mail from their different domains instead of just mine[03:57:23] <Landon> sure the From header is set right, but return path is always user at mydomain dot com[04:01:17] *** littlebird has joined #postfix[04:05:36] <seekwill> Landon: The return-path is the envelope from[04:06:16] <Landon> "the envelope from" ?[04:06:29] <seekwill> heh... ok, let's start from the beginning.[04:09:03] *** Nappy has joined #postfix[04:09:16] <Landon> heh, sounds good[04:11:50] <seekwill> 1 sec... need to send out an email[04:12:59] <littlebird> in the beginning there was nothing[04:14:56] <Landon> heh[04:15:13] * Landon hits the fast forward button[04:17:30] *** Azrael_- has quit IRC[04:17:34] <littlebird> hurry up will. We're waiting[04:17:44] *** Azrael_- has joined #postfix[04:21:58] <Landon> still interested in this story, but I managed to fix it[04:22:04] <Landon> by setting envelope_from in mutt[04:22:14] <Landon> is that the preferred way to do it?[04:24:27] *** m0f0x has quit IRC[04:28:35] <seekwill> ok[04:29:09] <seekwill> Yeah[04:29:26] <seekwill> No need for story now[04:30:03] <Landon> do other clients do this automagically?[04:30:13] <Landon> becaus I've never seen this option when I was using thunderbird[04:30:26] <seekwill> Yeah, they do it automatically[04:30:34] <seekwill> tias[04:30:34] <Landon> ok[04:30:57] <gonewestcoast> There's a "postgres plugin" for SuSE in their repositories. Do I need to do anything special to feed a Postgres query through it?[04:31:26] <Landon> heh, I would, but I dont have this server set up to accept remote clients (as far as I know)[04:34:34] <seekwill> What's the domain? I can check[04:36:44] <Landon> lfowles.org[04:41:01] <seekwill> Looks good[04:41:29] <Landon> great[04:41:39] <seekwill> Well, don't just take my word for it of course...[04:41:56] <seekwill> A false sense of security is a bad thing[04:41:59] <seekwill> Ask littlebird[04:42:28] <Landon> littlebird: are you the security guru here then?[04:43:29] <littlebird> i see 22, 80, and 443 open[04:43:39] <littlebird> no email[04:44:02] <sahil> heya seekwill. :)[04:45:52] <seekwill> littlebird: ummm[04:45:56] <seekwill> sahil: HI![04:46:12] <seekwill> littlebird: lol, you portscanned him... he[04:46:23] <littlebird> why not =)[04:46:27] <seekwill> tru dat![04:48:09] <seekwill> But your portscanner doesnt work[04:48:28] <Landon> I did see his attempt in the logs[04:48:35] <Landon> (and the server does recieve mail)[04:49:14] <littlebird> then its on a diff IP[04:50:00] <Landon> only one IP, nothing elaborate, just a VPS[04:50:52] <littlebird> oh yea, my bad. I scanned from a box that had outbound smtp blocked[04:52:56] <seekwill> heh[04:53:41] * littlebird is a failure[04:53:47] <seekwill> <seekwill> Apache can run on Linux!!![04:53:49] <seekwill> bah[04:59:25] <sahil> lol[04:59:55] <sahil> seekwill: after the conversation about webmail clients i was inspired to try roundcube. *fingers crossed*[05:00:25] <littlebird> seekwill: are you recommending roundcube to others now?[05:01:48] <seekwill> sahil: Oh yeah?[05:01:56] <seekwill> littlebird: Umm...no.. ZIMBRA4LIFE[05:02:38] <littlebird> I dont like zimbra[05:02:45] <seekwill> s2bu[05:03:02] <seekwill> sahil: I honestly don't remember a conversation about webmail clients :)[05:03:05] <seekwill> Was I drunk?[05:04:10] *** Haris1 has quit IRC[05:04:20] *** Haris1 has joined #postfix[05:06:44] *** alienbrain has quit IRC[05:07:04] *** githogori has joined #postfix[05:25:19] *** [1]MrVampy has joined #postfix[05:26:03] *** [1]MrVampy is now known as MrVampsCentOS[05:26:06] <sahil> seekwill: drunk and on irc? that'd be odd, but perhaps not unheard of. :)[05:26:35] <MrVampsCentOS> lookin to get some help with editing the postfix manicf file based on a mail server setup guide i'm using[05:26:42] <sahil> littlebird: roundcube comes highly recommended from several members of the freebsd community that made fun of me for deploying squirrelmail.[05:26:51] <sahil> MrVampsCentOS: ask specific questions, please.[05:27:18] <littlebird> sahil: yeah, i used roundcube for a long time back in the day[05:27:29] <sahil> it has progressed considerably from its debut in '05.[05:27:31] <seekwill> sahil: yeah but i got uninvited to a party :([05:27:39] <seekwill> sahil: ZIMBRA[05:27:47] <sahil> zimbra is uber-overkill.[05:27:53] <MrVampsCentOS> in the guide it tells me to eit home_mailbox = maildir/ but when i look thru the main.cf file i see #home_mailbox - maildir/[05:27:59] <MrVampsCentOS> do i need to add this line[05:28:03] <seekwill> sahil: But zimbra rocks[05:28:07] <seekwill> i dont trust rc[05:28:24] <sahil> seekwill: if source committers trust roundcube, i will trust it. :)[05:28:36] <seekwill> sure[05:28:45] <sahil> besides, i don't need a zimbra solution -- we've got everything working fine; just a webmail client for that small subset of users that doesn't use a "real" mail client.[05:29:04] <sahil> though i do know a few small businesses rolling out zimbra instead of going the exchange route.[05:30:11] <seekwill> sahil: micrsofott outlook engineers trust outlook and too[05:30:33] <littlebird> seekwill: you know you love exchange[05:30:44] <seekwill> i luv exchange[05:30:52] <seekwill> it works well with roundcube[05:31:08] <seekwill> my ebay auction ends in hour . i hope i win![05:31:15] <littlebird> seekwill: what item[05:31:37] * littlebird is going to bid on it[05:32:00] <seekwill> ebay item 190239841150[05:32:53] <littlebird> a flash?[05:33:10] <Landon> oh, I can give you a flash :o[05:33:23] <Landon> I think many members of this channel would disagree with such a thing though[05:33:28] <Landon> ;)[05:34:40] <Landon> hm, s there a howto that would show what all I need to do to allow users to use my SMTP server with their clients?[05:35:38] *** toytoy has joined #postfix[05:35:39] <seekwill> littlebird: is that what you see?[05:36:07] *** tombar has joined #postfix[05:36:18] <littlebird> i see a Nikon Flash[05:36:25] <seekwill> littlebird: i dont care of you bit on it. just dont go over 100 :P[05:38:18] <littlebird> ehh. I dont have a camera to put it on[05:38:26] <seekwill> oh[05:38:51] <seekwill> Landon: smtp-suth[05:40:00] <littlebird> s/suth/auth[05:40:00] <Landon> was that a typo?[05:40:03] <Landon> ok[05:40:52] <mjoseph> hrm[05:41:06] <mjoseph> what would be cool[05:41:12] <mjoseph> is a howto for the users :)[05:41:44] <seekwill> the book of postfix[05:41:45] <seekwill> buy it[05:41:45] <seekwill> now[05:41:48] <seekwill> right now[05:42:05] <mjoseph> er[05:42:14] <mjoseph> not for the admin[05:42:17] <seekwill> by two[05:42:18] <mjoseph> for their users[05:42:26] <seekwill> oh he was refering to bacon[05:42:39] <mjoseph> huh?[05:43:24] <littlebird> I dont think bacon will kill you that fast[05:47:35] *** gradin_ has joined #postfix[05:59:09] <gonewestcoast> On a SuSE box. I have postfix and postfix-postgresql installed from YaST.[05:59:28] <gonewestcoast> Yet when I attempt a map: postmap: fatal: dict_open: unsupported dictionary type: psql: Is the postfix-psql package installed?[05:59:53] <gonewestcoast> Does anyone have some advice on this situation? Some preliminary googling doesn't shed any light.[06:04:21] *** gradin has quit IRC[06:08:37] *** gradin_ is now known as gradin[06:09:23] *** gradin has left #postfix[06:23:47] <sahil> seekwill: faulty logic, but commendable attempt.[06:24:06] <sahil> seekwill: microsoft outlook engineers create outlook; freebsd community did not create roundcube. pwned.[06:24:12] <sahil> *anyway*, TIMTOWDI.[06:25:59] <seekwill> did you just call me a timtowdi?[06:26:06] <sahil> lol[06:26:11] <sahil> wow, roundcube is sexy.[06:26:15] <sahil> !$@[06:26:16] <knoba> sahil: Error: "$@" is not a valid command.[06:26:25] <seekwill> roundcube eats mail[06:26:26] <sahil> haha, sorry knoba.[06:26:31] <sahil> seekwill: false.[06:26:45] *** dinar has joined #postfix[06:29:03] *** arkibott has joined #postfix[06:30:01] <seekwill> sahil: how long have you used rc[06:30:24] <seekwill> sahil: and i know one of the rc's devs, he uses gmail[06:30:34] <sahil> wow, that's insightful and useful information.[06:30:37] <seekwill> yeah[06:30:39] <seekwill> so[06:30:40] <sahil> let's make something clear, i am testing rc on my OWN desktop.[06:30:54] <seekwill> im sensing tension[06:31:09] <seekwill> i think we need to break out the green[06:31:12] <sahil> and we currently use squirrelmail in production. i'm simply *testing* roundcube.[06:31:49] *** ziro__ has quit IRC[06:32:24] <littlebird> use OWA[06:32:29] <sahil> no.[06:32:35] <littlebird> fine[06:33:43] *** gonewestcoast has quit IRC[06:34:07] *** arkibott is now known as arkibott_[06:41:03] *** seekwill has quit IRC[06:41:20] *** arkibott_ is now known as arkibott[06:44:37] *** tombar_ has joined #postfix[06:48:59] <Landon> hm, this may sound stupid[06:49:08] <Landon> but I should be able to use telnet to connect to port 25 on my mail server[06:49:27] <sahil> if port 25 is open and something (presumable postfix) is listening on that port, yes.[06:49:33] <Landon> hm[06:49:37] <Landon> it works from within the server[06:49:45] <Landon> but not from a remote box[06:49:46] <sahil> so, you can telnet localhost 25[06:49:53] <sahil> where is remote box? is there a firewall on the server?[06:50:02] <Landon> when I telnet lfowles.org 25 it takes forever[06:50:11] <sahil> could you be trying to telnet from a residential network on an ISP that blocks port 25 outgoing connections?[06:50:18] <Landon> ah[06:50:21] <Landon> that could be it[06:50:34] <sahil> can you telnet to *any* MX on port 25?[06:50:37] <sahil> telnet smtp2.google.com 25[06:50:39] <sahil> try that.[06:51:05] <Landon> taking a while to get through, so thats probably it[06:51:43] <sahil> yep. you can use the submission port (587) activated in master.cf to submit mail from networks that block 25.[06:52:04] <sahil> this way you can circumvent 25 blockage and also use authentication. :)[06:52:09] <Landon> its no big deal now that I know what the problem is[06:52:22] <Landon> I was just telnetting in to test out authentication, can do that from one of the computers in my office[06:52:35] <sahil> ok, good luck.[07:01:41] *** tombar has quit IRC[07:02:44] <Landon> 25 and 587 can be active at the same time?[07:07:00] <Landon> ok, I see it now[07:07:02] <Landon> thanks for the tip[07:09:03] *** gonewestcoast has joined #postfix[07:09:43] *** arkibott has quit IRC[07:36:58] *** chadmaynard has quit IRC[07:37:01] *** littlebird is now known as chadmaynard[07:37:11] *** littlebird has joined #postfix[07:54:08] *** tombar_ has quit IRC[07:55:28] *** subq has joined #postfix[07:56:16] *** Zeit|awy_ has joined #postfix[07:56:25] *** subq has left #postfix[08:02:21] *** Haris1 has quit IRC[08:02:22] *** Zeit|awy has quit IRC[08:04:13] *** tshine has quit IRC[08:09:01] *** [1]MrVampy has joined #postfix[08:15:10] *** MrVampsCentOS has quit IRC[08:18:22] *** Swat2 has quit IRC[08:31:53] *** [1]MrVampy has quit IRC[08:33:31] <Landon> any courier/dovecot preferences in here? or perhaps anothe[08:33:32] <Landon> r[08:41:15] <sahil> dovecot.[08:45:49] <sysmonk> cyrus[08:45:53] *** nikebsd1 has quit IRC[08:45:58] *** n215 has joined #postfix[08:46:00] <sahil> oh the choices![08:47:15] <robtone_> oh the voices[08:49:13] <sahil> lol[08:49:46] *** kRocKodile has joined #postfix[08:50:26] *** F6F has joined #postfix[08:57:18] *** dinar has quit IRC[08:57:27] *** Motoko-chan has quit IRC[09:07:27] <gonewestcoast> Courier.[09:08:06] <Landon> head asplosion[09:20:14] *** Sebboh has joined #postfix[09:25:45] *** nikebsd1 has joined #postfix[09:25:45] *** n215 has quit IRC[09:48:22] *** dinar has joined #postfix[09:58:17] *** war9407 has joined #postfix[09:58:41] *** j_s has joined #postfix[10:04:42] <Sebboh> Uh, did google switch it's SMTP servers to use Equifax certs instead of Thawte?[10:05:00] *** gonewestcoast has quit IRC[10:05:16] <Sebboh> Or, how can I identify which cert a given SMTP server is using, and add it to the set that postfix will accept?[10:18:40] *** Haris__ has joined #postfix[10:20:42] *** Haris_______ has joined #postfix[10:21:13] *** Haris has quit IRC[10:21:16] *** Haris_______ is now known as Haris[10:21:18] *** Haris__ has quit IRC[10:26:35] *** Haris__ has joined #postfix[10:26:47] *** Haris has quit IRC[10:33:36] *** AcTiVaTe has joined #postfix[10:57:42] *** hever has joined #postfix[11:09:19] *** Danskmand has joined #postfix[11:10:38] *** noetik has joined #postfix[11:14:29] <Danskmand> Hi :-) - I have a installation here with a firewall and a DMZ, where my mailserver resides...This mailserver I dont want to contact directly to the internet. So I want to install a mail-relay postfix server on the external firewall...Where can I find a good howto for the installation ?[11:19:17] *** Jense has joined #postfix[11:20:26] *** sophokles has joined #postfix[11:20:37] <Sebboh> re: my certificate issue.. well, I'd forgotten that I had put a config line for a specific CA cert in the config file.. Sure enough my system has a pre-installed cert for the new one, so I just changed that line to match the new one, and bam.[11:21:00] <Sebboh> peace all.[11:21:01] *** Sebboh has left #postfix[11:27:54] <Danskmand> ...Noone can help ?[11:28:49] <Danskmand> Or at least tell me 1 word what to search for (what is the name for that configuration ?[11:39:09] *** hparker has joined #postfix[11:40:17] <Danskmand> Ok....Guess that was a stupid question......Sorry....Bye....[11:40:20] *** Danskmand has left #postfix[11:52:43] *** noetik has quit IRC[11:55:10] *** vertigo-_ has quit IRC[12:02:25] *** hparker has quit IRC[12:02:59] *** vertigo- has joined #postfix[12:03:05] *** hparker has joined #postfix[12:03:11] *** vertigo- is now known as vertigo[12:03:15] *** F6F has quit IRC[12:03:59] *** vertigo is now known as vertigo-[12:06:24] *** pirho has joined #postfix[12:07:02] *** Internat has joined #postfix[12:10:27] *** noetik has joined #postfix[12:10:52] *** noetik has quit IRC[12:16:49] *** remo has joined #postfix[12:17:41] <remo> Hi There[12:18:12] *** rcsu_ is now known as rcsu[12:19:25] <remo> We got a strange problem: We have the etch setup and everything works fine. But if we restart dovecot (using init.d), imap and pop stop working. In mail.log dovecot says, that it has no permission to chdir to /home/vmail/*.* with UID 5000. But when we restart the whole system, everything works fine. Any clue? Would be great?[12:23:32] *** Jense has quit IRC[12:24:01] <jduggan> remo: /join #dovecot[12:24:05] <jduggan> this is #postfix[12:24:06] <jduggan> ;][12:24:15] <remo> oh sorry[12:25:19] <remo> thx[13:00:43] *** Jense has joined #postfix[13:06:38] *** Fallenou has joined #postfix[13:08:22] *** c00l2sv has joined #postfix[13:09:35] *** war9407 has quit IRC[13:10:04] *** war9407 has joined #postfix[13:12:11] *** war9407 has quit IRC[13:13:12] *** war9407 has joined #postfix[13:29:38] *** Dewio is now known as Dewi[13:35:45] *** rootsvr has joined #postfix[13:44:34] *** jerlique has joined #postfix[13:45:05] *** c00l2sv has quit IRC[13:45:51] *** c00l2sv has joined #postfix[13:47:42] *** sophokles has quit IRC[13:50:37] *** c00l2sv has quit IRC[13:50:41] *** sophokles has joined #postfix[13:55:09] *** jerlique has quit IRC[14:18:46] *** ribasushi has joined #postfix[14:19:35] *** ribasushi_ has quit IRC[14:25:06] *** ThEcHaCaL has joined #postfix[14:26:27] *** rootsvr has quit IRC[14:30:17] *** CodemasterMM has joined #postfix[14:31:07] *** jastg has joined #postfix[14:33:44] *** pirho has quit IRC[14:34:29] *** c00l2sv has joined #postfix[14:35:26] *** F6F has joined #postfix[14:40:08] *** toytoy has quit IRC[14:41:30] *** Codemaster has quit IRC[14:42:48] *** jastg has quit IRC[14:51:38] *** rootsvr has joined #postfix[14:55:27] *** lunaphyte_ has quit IRC[14:58:33] *** lunaphyte_ has joined #postfix[15:04:01] *** PcPixel has joined #postfix[15:04:23] <PcPixel> I can't get my system to create a verified senders database. File permissions look correct. Help? :)[15:06:08] <PcPixel> http://pastebin.com/d4ab51e2[15:07:14] *** stas__ has joined #postfix[15:07:52] <PcPixel> even when i deleted it from its original location & had it try to recreate it it wouldn't do it.[15:08:04] <PcPixel> do i jus tneed an empty file there first?[15:08:42] *** Tykling has joined #postfix[15:10:17] *** ziro has joined #postfix[15:10:28] *** c00l2sv has quit IRC[15:11:57] <PcPixel> just did a "touch ./verified_senders.db" (i dropped the .btree) in my var/lib/postfix folder. changed permissions to rw for postfix & root, and chowned it to postfix:root[15:12:32] <PcPixel> so far nothing[15:15:09] <PcPixel> nope. just sits there as a zero byte file[15:17:47] *** justdave has quit IRC[15:19:59] <PcPixel> posted to the news group. hopefully i can get help :) this is just odd.[15:22:55] <fdask> good morning[15:26:45] <PcPixel> hello[15:27:33] *** PcPixel has quit IRC[15:32:27] *** rootsvr has quit IRC[15:36:52] *** devdas has joined #postfix[15:39:43] *** hparker has quit IRC[15:46:10] <fdask> im trying to figure out how to set up a content_filter on messages originating on my server[15:46:20] <fdask> but not for messages destined for my server[15:46:24] <fdask> cant seem to get it[15:46:45] *** mark-use has joined #postfix[15:46:49] <fdask> i was looking at using a transport map, specifying a default transport for mydomain.com, and trying to send it to a custom transport for everything else[15:46:59] <fdask> but that doesn't seem to be working, and i'm not sure how to debug it[15:47:05] <fdask> can anyone offer some tips?[15:49:13] *** master_o1_master has joined #postfix[15:49:40] <sahil> fdask: maybe you can show what you tried and the output of postconf -n?[15:53:04] *** pirho has joined #postfix[15:59:48] *** master_of_master has quit IRC[16:01:17] <fdask> well[16:01:30] <fdask> i added a transport_maps=hash:/etc/postfix/transport[16:01:36] <fdask> and in my transport file i have this[16:02:00] <fdask> * at mydomain dot net :[16:02:00] <fdask> * dkim:[16:02:17] <fdask> so im trying to say, everything not destined to mydomain.net, run it through the dkim transport[16:02:30] <fdask> and in my master.cf, i have dkim seutp as:[16:02:43] <fdask> dkim unix - - n - - smtp -o content_filter=dksign:[127.0.0.1]:10027[16:03:23] <fdask> nothing seems to be going through the dkim transport tho[16:09:30] <fdask> another thing i've tried, is using dksign:[127.0.0.1]:10027 in the transport map[16:09:42] <fdask> that actually gets the message to the proxy i have for signing, but creates an endless loop[16:11:36] <devdas> Hmmmm[16:11:44] * devdas would just setup a relayhost =[16:11:50] <devdas> Instead of content_filter =[16:12:10] <devdas> so relayhost = dksign:[127.0.0.1]:10027[16:12:25] <devdas> and the reinjection from dksign has no content_filter[16:12:49] <devdas> Alternatively, let all mail flow to dksign, and have it ignore mail going to your domain(s)[16:13:33] <fdask> hrm[16:13:36] <fdask> i'll try that relay host[16:13:43] <fdask> so it'd flow like this if i understand right[16:14:19] <fdask> message > into smtpd > transport map lookup tells it to use the dkim transport > dkim transport specifies dkim:[127.0.0.1]:10027 as the relayhost > that reinjects back into the queue > out[16:14:28] *** Gibbonz has joined #postfix[16:14:35] <devdas> yes[16:15:54] <fdask> hrm[16:15:58] <fdask> got a few errors from that[16:16:13] <fdask> Aug 2 10:15:25 mxexpress postfix/qmgr[13956]: B3779880023: from=<root at mxexpress dot net>, size=391, nrcpt=1 (queue active)[16:16:16] <fdask> Aug 2 10:15:25 mxexpress postfix/smtp[13964]: fatal: unexpected command-line argument: =[16:16:19] <fdask> Aug 2 10:15:26 mxexpress postfix/qmgr[13956]: warning: premature end-of-input on private/dkim socket while reading input attribute name[16:16:23] <fdask> maybe i goffed the config[16:16:35] <devdas> Probably[16:16:38] <devdas> !relayhost[16:16:38] <knoba> devdas: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination.[16:16:44] <sahil> *@mydomain is bad.[16:16:53] <sahil> you just want mydomain :[16:17:49] <fdask> ok[16:18:19] <fdask> so i've got the following in my master.cf:[16:18:20] <fdask> dkim unix - - n - - smtp -o relayhost=dksign:[127.0.0.1]:10027[16:18:31] <fdask> and my new transport file is:[16:18:40] <fdask> mydomain.net :[16:18:41] <fdask> * dkim:[16:19:00] *** Gibbonz has quit IRC[16:19:46] <sahil> right, so mail destined to mydomain just goes through the default transport and you're sending everything else to this dkim service.[16:19:57] <fdask> yeah[16:20:10] <fdask> but, when i try this now, it doesn't appear to be using the dkim transport[16:20:34] <fdask> basically this dksign service i have takes a message in on 10027, adds some headers, and feeds it back to postfix on 10028, which is set up fine[16:20:42] *** toytoy has joined #postfix[16:21:00] <fdask> my test just now, the message came out with no headers added, nor did the dksign process show anything..[16:21:07] <fdask> so i dont think the message got routed to it properly[16:21:35] <sahil> is this a production box? if not, just comment out mydomain.net : and route *everything* to dkim. see if that works.[16:21:40] * sahil is taking shots in the dark here without all the info :)[16:22:46] <fdask> what info would you need?[16:22:59] <fdask> not a production box, no, so let me try routing everything[16:25:05] <sahil> for kicks, what if you apend [127.0.0.1] after dkim:?[16:25:21] <sahil> and i hope you're postmap'ing this transport file after each edit. :)[16:26:10] <fdask> yeah[16:26:13] <fdask> i am :)[16:28:42] *** sophokles has quit IRC[16:29:55] <shasta> "fatal: unexpected command-line argument: =" usually means that you've got a space between some_option and "=" in master.cf[16:30:07] <fdask> yeah, i did[16:30:16] <fdask> but when i fixed it, it didnt seem to work[16:30:24] <fdask> i'm sticking postconf -h and my configs into pastebin[16:30:33] <fdask> http://pastebin.ca/1090889[16:31:29] <fdask> so what i have there now, results in nothing getting passed through the dksign transport[16:31:33] <fdask> :\[16:34:15] <fdask> hrm[16:37:24] <fdask> testing this, i'm just telnetting localhost on 25[16:37:31] <fdask> and sending a mail to a gmail account external[16:37:41] <fdask> would that be causing any interference? afaik it should be fine... but...[16:38:35] <fdask> !transport maps[16:38:35] <knoba> fdask: Error: "transport" is not a valid command.[16:38:40] <fdask> !transport_maps[16:38:41] <knoba> fdask: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[16:41:31] <fdask> hrmm[16:41:48] <fdask> the closest i can get it, is signing, but then when it reinjects into the queue after signing, the transport map routes it thru signing again[16:42:09] <fdask> can i disable transport_maps by doing like[16:42:18] <fdask> after one of the transports in master.cf?[16:42:30] <sahil> when you do re-injection.[16:42:34] *** Qube has quit IRC[16:43:56] <fdask> ya?[16:46:22] <sahil> fdask: why don't you follow this guide: http://dkimproxy.sourceforge.net/postfix-outbound-howto.html[16:47:05] <fdask> ag[16:47:08] <fdask> well thats where i started[16:47:15] <fdask> the thing is, i dont want to use port 587[16:47:22] <sahil> *why*[16:47:25] <fdask> s/dont want to/cant[16:47:55] <fdask> well, main reason is because some ancient mail software a client uses wont let you change ports[16:48:17] <fdask> the other thing i was thinking, is redirect connections to port 25 from 127.0.0.1, to 587[16:48:21] <fdask> that could be a quick fix[16:48:28] <fdask> but im not sure the iptables syntax to do that[16:48:47] <sahil> why don't you use content_filter?[16:48:56] <sahil> it's cleaner in this context.[16:49:16] <fdask> im not sure what you mean[16:49:32] <sahil> notice how the example howto uses a content_filter to send message to the signing proxy?[16:49:38] <fdask> yeah[16:49:52] <fdask> well, i am trying to do that[16:50:04] <fdask> so i made a new transport, 'dkim' which specifies a content_filter the exact same way[16:50:15] <sahil> no but why even use transport maps for this?[16:50:32] <fdask> because i only want outbound messages signed[16:50:38] <fdask> not every message that comes through the server[16:50:39] <sahil> no you are using a relayhost![16:50:48] <fdask> i've tried content filter too[16:50:50] <fdask> :P[16:51:43] <sahil> why don't you just recipient maps[16:51:49] <sahil> and just have a FILTER action on the right-hand side.[16:52:02] <sahil> for anything that *doesn't* match mydomain.[16:52:04] <fdask> i saw something like that in my google searching, but wasn't sure how i set it up[16:52:52] *** devdas has left #postfix[16:53:10] <fdask> !check_recipient_access[16:53:11] <knoba> fdask: "check_recipient_access" : Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.[16:54:23] <fdask> how would i set up that map file, to say, my domains, do nothing, everything else run this filter?[16:54:34] <fdask> mydomains:[16:54:38] <fdask> :everything else[16:56:33] <sahil> fdask: start with man 5 access. :)[16:59:38] <fdask> ok[16:59:43] <fdask> think i got the syntax for the file down[16:59:53] <fdask> would i specify the file in main.cf somewhere?[17:00:04] *** Internat has quit IRC[17:02:31] <fdask> !check_recipient_access[17:02:31] <knoba> fdask: "check_recipient_access" : Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.[17:03:03] <sahil> actually you know that might not work, because this would bypass content filter for any mail with at least one recipient in mydomain.net. but there might be multi-recipient mail.[17:03:34] <sahil> try to look around a bit more, this might help http://www.postfix.org/FILTER_README.html#remote_only[17:03:39] * sahil -> afk[17:22:14] *** dinar has quit IRC[17:34:48] *** Juspion has joined #postfix[17:55:23] *** Juspion has quit IRC[18:01:23] *** kRocKodile has quit IRC[18:13:41] *** stas__ is now known as c00l2sv[18:13:53] *** c00l2sv has quit IRC[18:14:01] *** c00l2sv has joined #postfix[18:15:44] *** dinar has joined #postfix[18:27:44] *** m0f0x has joined #postfix[18:36:38] <dinar> hello[18:36:59] <dinar> i want to install[18:37:04] <dinar> mta postfix[18:37:37] <dinar> i just successfully sent a message to gmail with telnet with my mta[18:37:56] <dinar> but from gmail to here it have not arrived[18:38:24] <dinar> "The error that the other server returned was: 554 554 5.7.1"[18:42:11] *** hever has quit IRC[18:43:53] <sahil> dinar: what about error in your maillog?[18:49:51] *** dinar has quit IRC[18:50:22] *** dinar has joined #postfix[19:05:07] *** Draecos has joined #postfix[19:09:21] *** pickcoder has joined #postfix[19:12:03] <dinar> ... NOQUEUE: reject: RCPT from ... : 554 5.7.1 ... : Relay access denied; from= ...[19:14:47] *** toytoy has quit IRC[19:15:34] *** toytoy has joined #postfix[19:21:26] *** mark-use has quit IRC[19:22:01] *** pickcoder has quit IRC[19:22:20] *** pickcoder has joined #postfix[19:26:53] *** tshine has joined #postfix[19:29:30] <dinar> from gmail to here a mail have not arrived[19:29:41] <dinar> "The error that the other server returned was: 554 554 5.7.1"[19:30:17] <dinar> Relay access denied (state 14).[19:42:36] *** K0MPR3SS0R has quit IRC[19:45:37] *** Daemoen has quit IRC[20:20:31] *** alienbrain has joined #postfix[20:27:15] *** madduck has joined #postfix[20:27:23] <madduck> hm, I am seeing "postfix/smtpd[11275]: warning: restriction[20:27:23] <madduck> check_client_access: bad argument "reject": need maptype:mapname[20:27:26] <madduck> "[20:27:46] *** master_o1_master is now known as master_of_master[20:27:53] <madduck> smtpd_etrn_restrictions = permit_mynetworks, check_client_access $relay_domains, check_client_access $permit_mx_backup_networks, reject[20:28:16] <madduck> hm, check_client_access takes maps, doesn't it?[20:28:57] <shasta> exactly what the log warning says[20:31:02] <dinar> hello[20:31:13] <dinar> i've installed postfix[20:31:13] <madduck> sort of, shasta[20:31:27] <dinar> incoming mails are rejected[20:31:31] *** pickcoder has quit IRC[20:31:59] <dinar> 554 554 5.7.1 .... Relay access denied (state 14)[20:32:46] <shasta> dinar, that's not from your postfix's logs.[20:32:53] <shasta> anyway[20:32:59] <shasta> !relay_denied[20:33:00] <knoba> shasta: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[20:33:02] *** Tachy has quit IRC[20:33:08] <shasta> dinar, ^^^^[20:35:13] <dinar> thanks[20:37:27] <dinar> can IPs be in mydestination? there are only domains in it in main.cf here.[20:38:06] <shasta> why would you want it?[20:39:11] <dinar> you said that it is not listed in mydestination, relay_domains or virtual_*_domains[20:39:23] <shasta> "it"?[20:39:33] <dinar> ok[20:39:45] <dinar> not it[20:39:47] <dinar> RCPT_DOMAIN[20:40:32] <shasta> you know what? better pastebin errors from your postfix's log[20:40:42] <shasta> so we know the background[20:41:02] <shasta> because I think you don't know what you want[20:41:24] <dinar> from mail.err and mail.warn?[20:42:52] <dinar> i think yes[20:43:07] *** tombar has joined #postfix[20:43:14] <dinar> what is CLIENT_IP?[20:43:36] <dinar> is it my server's ip?[20:44:17] <dinar> nothing more i saw in error and warn logs[20:44:39] <shasta> may I be rude?[20:44:45] <shasta> pretty pretty please?[20:45:37] <dinar> ?[20:45:52] <dinar> ... NOQUEUE: reject: RCPT from ...(in main.log)[20:46:19] <dinar> Relay access denied;[20:46:32] <dinar> disconnect from ...[20:47:27] <dinar> before these[20:47:41] <dinar> warning: request to update table btree:/var/spool/postfix/smtp_scache in non-postfix directory /var/spool/postfix[20:48:24] <shasta> why the hell you're so afraid to post the entire reject: (...) line?[20:58:55] <dinar> Aug 2 20:36:12 dinar-desktop postfix/smtpd[1234]: NOQUEUE: reject: RCPT from a1234.awebmail.com[12.34.56.78]: 554 5.7.1 <dinar at kukmara dot ru>: Relay access denied; from=<qdinar at awebmail dot com> to=<dinar at domain dot dom> proto=ESMTP helo=<a1234.awebmail.com>[20:59:18] <dinar> what i made![20:59:46] <dinar> i forgot to replace to domain.dom my domain.[21:00:29] <shasta> obfuscating logs is so 1990's[21:00:38] <dinar> ?[21:01:15] *** Juspion has joined #postfix[21:01:15] <dinar> ok[21:03:15] *** FluxboXtremist has quit IRC[21:04:07] <shasta> whatever[21:04:26] <shasta> your postfix doesn't know that you want it to be a final destination for kukmara.ru[21:07:07] *** Joe_Wulf has joined #postfix[21:07:54] <dinar> i used to hide it[21:08:01] <dinar> domain[21:08:22] <dinar> because it's not ready[21:09:18] <dinar> Aug 2 20:36:12 dinar-desktop postfix/smtpd[1234]: NOQUEUE: reject: RCPT from a1234.awebmail.com[12.34.56.78]: 554 5.7.1 <dinar at domain dot dom>: Relay access denied; from=<dinar at awebmail dot com> to=<dinar at domain dot dom> proto=ESMTP helo=<a1234.awebmail.com>[21:09:50] <dinar> why postfix does not know that?[21:10:26] <dinar> that i "want it to be a final destination for" domain.dom?[21:11:05] <dinar> hello?[21:12:10] <dinar> may be here i wrote incorrectly?:[21:12:12] <dinar> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.232.85.48/32[21:14:00] <dinar> please help[21:15:02] <dinar> nobody knows whether that correct?[21:15:48] <shasta> !basic[21:15:49] <knoba> shasta: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[21:15:54] <shasta> ^^^^^^^[21:16:22] *** JoeWulf has quit IRC[21:24:06] <dinar> and i have been disanonymised now.[21:25:24] <dinar> not. that is not so.[21:25:56] <dinar> my ip was already open.[21:27:41] *** Draecos has quit IRC[21:41:07] *** chadmaynard has quit IRC[21:41:19] *** mdiep has joined #postfix[21:45:08] *** Juspion has quit IRC[21:45:25] *** Juspion has joined #postfix[21:47:59] <mdiep> I'm having trouble getting outgoing smtp to work using tls/ssl. Thunderbird tells me the server is unavailable. If I connect using "openssl s_client -starttls smtp -connect example.com:465", I can send mail manually. But if I drop the "-starttls smtp", I get an error. When I test against other smtp servers, I need to not use the "-starttls smtp" option.[21:49:22] <mdiep> here's the relevant portion of my main.cf: http://rafb.net/p/RWawDY69.html What am I doing wrong?[21:49:48] <Landon> are you able to conect using ssl with thunderbird?[21:50:25] *** knoba has quit IRC[21:50:38] *** knoba has joined #postfix[21:51:58] <mdiep> no. actually, I was trying to use ssl, but I just selected tls in thunderbird and that lets me send.[21:53:36] <mdiep> so I guess I'm a bit confused about the difference between tls and ssl.[21:54:40] <mdiep> because ultimately I'd like to send from Mail.app, which doesn't have a tls option.[21:55:19] <Landon> hm[21:55:32] <Landon> I set up keys and etc in my server yesterday[21:55:36] <Landon> and the only way to connect was with ssl[21:55:41] <Landon> tsl wasnt working[21:56:11] <mdiep> is tsl only secure auth? or is the whole communication secure?[21:56:39] <Landon> hm[21:56:43] *** c00l2sv has quit IRC[21:57:52] <mdiep> how does your main.cf compare to mine?[21:58:15] <shasta> you're confused, mdiep[21:58:45] <Landon> I'd get my main.cf up, but I'm a bit busy right now[21:59:06] <mdiep> shasta: yes, I believe I am. can you un-confuse me?[21:59:06] <shasta> tcp/465 is used for smtps - all traffic there is ssl-encrypted[21:59:11] <shasta> where as TLS is:[21:59:30] <shasta> you connect on port 25, use EHLO foo.bar (still plaintext)[21:59:53] <shasta> then server responds with its capabilities, with possibly 250-STARTTLS[22:00:03] <shasta> then you issue STARTTLS (still plaintext here)[22:00:13] <shasta> and you get 220 2.0.0 Ready to start TLS[22:00:32] <shasta> at this point you negotiate TLS (secure = encrypted) connection[22:02:15] *** AcTiVaTe has quit IRC[22:02:19] <shasta> see man s_client, you'll know what "-starttls" does:[22:02:28] <mdiep> okay. so with my current setup, what's happening? I don't have SSL enabled, but TLS is?[22:02:42] <shasta> send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp" and "pop3".[22:06:36] <mdiep> if I want to actually use SSL and not TLS, what changes do I need to make?[22:08:21] <shasta> http://www.postfix.org/TLS_README.html[22:10:36] *** c00l2sv has joined #postfix[22:10:55] <mdiep> I've already read that through. I'm still missing something, unfortunately.[22:11:50] *** Juspion has quit IRC[22:13:27] <shasta> apparently[22:13:34] <shasta> maybe you didn't go far enough[22:13:40] <shasta> like, to this part: http://www.postfix.org/TLS_README.html#server_enable[22:13:45] <shasta> or didn't read it carefully enough[22:17:32] *** rootsvr has joined #postfix[22:26:18] *** CodemasterMM is now known as Codemaster[22:27:37] <roe_> mdiep, that is an interesting request, you know that TLS is basically SSL version 3 right?[22:27:47] <roe_> or is it version 4, I can't keep them straight[22:33:01] <mdiep> roe_: I guess I don't really care which I use, so long as I'm using one of them and I can get it working[22:35:19] *** slackjr has joined #postfix[22:40:18] *** jonez has quit IRC[22:40:45] <roe_> encryption can be difficult to configure, if you are really unfamiliar with the different technologies, it might behoove you to talk a walk over to howtoforge, there are some pretty good "point and click" walk throughs on how to set things like that up[22:41:14] <mdiep> I've looked through several of those, trying the different steps they list[22:41:25] <roe_> what distro are you using?[22:41:40] <mdiep> ubuntu[22:42:34] *** pirho has quit IRC[22:42:40] <roe_> mdiep, reading up, the Mail.app "ssl" will send using tls[22:43:06] *** hever has joined #postfix[22:45:24] <mdiep> roe_: that's odd. because I can send using TLS over 465 in Thunderbird, but Mail.app still doesn't want to send. I can also telnet in to my server on port 465 and EHLO and get the proper response.[22:45:47] *** tombar has quit IRC[22:46:46] *** hever has quit IRC[22:49:49] <roe_> 465?...ok well first thing first, when configuring a mail server there are some "best practices" that I suggest you follow until you get your feet on the ground... first the standard smtp port is 25, the alternate submission port for your clients to use when sendng mail is 587, imap is 143 secure imap is 993 pop is 110 secure pop is 995... now 465 was used at one point for secure smtp, the generally accepted s[22:49:49] <roe_> etup is using 587, while conforming to these standards aren't necessary, it will ease your life and your clients' lives[22:50:01] <roe_> if you like I can pastebin my master.cf so you can see what a working one looks like[22:53:55] <mdiep> roe_: that'd be great[22:55:23] <roe_> http://www.pastebin.ca/1091220[22:59:21] <mdiep> roe_: beautiful! I added your 587 line and it works. thank you so much.[23:00:08] *** bxz has joined #postfix[23:00:22] <bxz> higuita, i'm getting the following error when trying to send email - fatal: Recipient addresses must be specified on the command line or via the -t option[23:00:27] <bxz> ideas how to resolve it?[23:01:56] <roe_> mdiep, you are welcome[23:05:33] <roe_> mdiep, you should take a little bit of time and understand what you did, so you will be better armed next time you need to do something similar[23:09:41] *** dinar has quit IRC[23:12:23] *** remo has quit IRC[23:15:08] *** rootsvr has quit IRC[23:16:46] *** pulsar has quit IRC[23:26:44] *** Draecos has joined #postfix[23:27:47] <roe_> !sendmail[23:27:48] <knoba> roe_: "sendmail" : a pretty cryptic MTA that was famous in the ancient days of UNIX and still runs on a lot of mail servers. Don't confuse it with the "sendmail" command that is offered by Postfix to send emails (for compatibility reasons).[23:27:54] <roe_> nope not that one[23:28:06] <roe_> man sendmail[23:32:51] *** slackjr has quit IRC[23:35:09] *** adaptr has quit IRC[23:35:22] *** adaptr has joined #postfix[23:36:02] *** adaptr has quit IRC[23:40:22] *** adaptr has joined #postfix