August 22, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 22, 2008 [00:00:07] *** serialthrilla has joined #postfix[00:00:31] <serialthrilla> any possibility of a shared postfix queue on GFS?[00:01:10] <e_> good question[00:01:26] <e_> you probably mean active/active, right?[00:01:33] <serialthrilla> yea[00:04:22] * e_ scratches head[00:04:42] <e_> i don't see what you would gain from that[00:05:09] *** netcrash has quit IRC[00:07:17] <e_> it might work though[00:08:13] <Trengo> my mail storage is shared the queue isnt[00:08:43] <e_> yeah maildir on gfs is quite common[00:10:54] <e_> ah[00:10:59] <e_> there is something on the cluster mailing list[00:13:48] *** pickcoder has quit IRC[00:14:05] <e_> Message-ID: <686872.9620.qm at web45101 dot mail.sp1.yahoo.com> in the linux-cluster mailing list[00:15:01] *** derrick_ has joined #postfix[00:17:24] *** derrick_ has quit IRC[00:20:26] *** darkphader has joined #postfix[00:21:46] <Alumin> e_: hey, thanks for the tip...I should have seen that[00:22:20] <e_> alumin: i remembered that from ye old'ee sendmail time[00:22:25] <e_> :)[00:22:29] *** amrit|zzz is now known as amrit|bbl[00:22:43] <Alumin> :)[00:23:13] *** derrick has quit IRC[00:23:17] <e_> hehe.. when you had to write line noise to rewrite emails..[00:23:52] *** michaelbradley has joined #postfix[00:26:03] <michaelbradley> how can i make appear the config screen that comes at the end of the an install with a package manager?[00:26:26] <michaelbradley> for some reason it didn't come up when I did an install, and I would like to take a look at it[00:26:35] *** derrick has joined #postfix[00:30:39] *** xous has joined #postfix[00:40:33] *** jlund has quit IRC[00:43:09] <gonewestcoast> michaelbradley: That depends entirely upon your package manager.[00:43:19] <gonewestcoast> There's no GUI built into Postfix.[00:45:35] *** Zblakany has joined #postfix[00:49:24] *** bimbomio has joined #postfix[00:53:06] <serialthrilla> how do i find that email e_ is referring to?[00:53:33] <e_> serialtrhilla: you could probably search in the mailing list archive for that :)[00:53:45] <serialthrilla> http://www.redhat.com/mailman/listinfo/linux-cluster[00:53:52] <serialthrilla> i'm there but i dont' see a search archive field[00:54:18] <e_> ohh i see[00:54:35] <e_> hm let me get you the month[00:54:47] <serialthrilla> ty[00:54:53] <e_> 22.03.2008 21:29[00:55:02] <e_> subject: [Linux-cluster] Postfix active/active mail cluster[00:57:03] <michaelbradley> gonewestcoast: thanks for the tip; i got it set up[01:02:25] *** Zblakany has quit IRC[01:02:31] <serialthrilla> ty[01:03:03] <serialthrilla> for the setup i was just looking to see if the other nodes could pick up the emails in the queue should a node go down[01:03:25] *** archangel7863 has quit IRC[01:03:28] <serialthrilla> without having to spawn another postfix process for the node's queue on another node[01:03:36] *** archangel7863 has joined #postfix[01:03:44] <serialthrilla> i'm basically expecting a simple "no" on a shared queue because there's no locking[01:03:56] *** war9407 has quit IRC[01:06:53] *** skyweb has joined #postfix[01:07:30] <e_> hmm[01:07:44] <e_> well you can make that failover easily[01:08:18] <e_> make the qmgr active/passive and everything else active/active might work[01:09:50] *** bizhat has quit IRC[01:10:22] <e_> serialthrilla: actually from what i read in that postings is that someone is already running everything but the incoming queue shared, no?[01:16:50] <serialthrilla> yea, you can run everything shared but i couldn't find anything about the queue on GFS, just on NFS[01:17:02] <serialthrilla> everything shared except the queue*[01:18:19] <e_> no actually gordan bobic that everything except the incoming queue and some other stuff is shared[01:20:38] <serialthrilla> http://www.mail-archive.com/linux-cluster at redhat dot com/msg02768.html[01:20:52] *** quick_nick has joined #postfix[01:21:58] <serialthrilla> i may be mistaken, but in that email he states that the queue is local storage only[01:22:04] *** jelly has quit IRC[01:22:04] *** jwit has quit IRC[01:22:04] *** sysmonk has quit IRC[01:22:05] *** Broken|work has quit IRC[01:22:05] *** master_o1_master has quit IRC[01:22:05] *** xp_prg has quit IRC[01:22:05] *** loompek has quit IRC[01:22:05] *** tshine has quit IRC[01:22:05] *** tm-30740-exa has quit IRC[01:22:05] *** Tanguy has quit IRC[01:22:05] *** _bt has quit IRC[01:22:05] *** Lukemob has quit IRC[01:22:06] *** chrisq has quit IRC[01:22:06] *** VaNNi has quit IRC[01:22:06] *** dragonheart has quit IRC[01:22:06] *** glitch- has quit IRC[01:22:07] *** lambda has quit IRC[01:22:07] *** Zeit|awy has quit IRC[01:22:07] *** goldfisc1li has quit IRC[01:22:07] *** CosMiC_Touch has quit IRC[01:22:08] *** Bejgli has quit IRC[01:22:08] *** mathez has quit IRC[01:22:08] *** lysander has quit IRC[01:22:08] *** linkslice has quit IRC[01:22:08] *** _nalle has quit IRC[01:22:09] *** Zborg has quit IRC[01:22:09] *** biz has quit IRC[01:22:09] *** sv-- has quit IRC[01:22:09] *** Zerberus has quit IRC[01:22:09] *** soren has quit IRC[01:22:09] *** jduggan_ has quit IRC[01:22:09] *** memic has quit IRC[01:22:10] *** riz_ has quit IRC[01:22:10] *** rmayorga has quit IRC[01:22:10] *** dhg has quit IRC[01:22:10] *** cilly has quit IRC[01:22:10] *** hal1on has quit IRC[01:22:39] *** Broken|work has joined #postfix[01:22:39] *** lambda has joined #postfix[01:22:39] *** master_o1_master has joined #postfix[01:22:39] *** xp_prg has joined #postfix[01:22:39] *** cilly has joined #postfix[01:22:39] *** jelly has joined #postfix[01:22:39] *** loompek has joined #postfix[01:22:39] *** Zeit|awy has joined #postfix[01:22:39] *** tshine has joined #postfix[01:22:39] *** goldfisc1li has joined #postfix[01:22:39] *** CosMiC_Touch has joined #postfix[01:22:39] *** tm-30740-exa has joined #postfix[01:22:39] *** sysmonk has joined #postfix[01:22:39] *** jwit has joined #postfix[01:22:39] *** Tanguy has joined #postfix[01:22:39] *** _bt has joined #postfix[01:22:39] *** riz_ has joined #postfix[01:22:39] *** linkslice has joined #postfix[01:22:39] *** VaNNi has joined #postfix[01:22:40] *** dhg has joined #postfix[01:22:40] *** memic has joined #postfix[01:22:40] *** chrisq has joined #postfix[01:22:40] *** glitch- has joined #postfix[01:22:40] *** Lukemob has joined #postfix[01:22:40] *** dragonheart has joined #postfix[01:22:40] *** _nalle has joined #postfix[01:22:40] *** jduggan_ has joined #postfix[01:22:40] *** Zerberus has joined #postfix[01:22:40] *** mathez has joined #postfix[01:22:40] *** rmayorga has joined #postfix[01:22:40] *** lysander has joined #postfix[01:22:40] *** hal1on has joined #postfix[01:22:40] *** soren has joined #postfix[01:22:40] *** Bejgli has joined #postfix[01:22:40] *** biz has joined #postfix[01:22:40] *** Zborg has joined #postfix[01:22:40] *** sv-- has joined #postfix[01:22:57] *** tshine has quit IRC[01:23:03] <serialthrilla> e_: netsplit, i'm not sure if you got that message[01:23:14] *** tshine has joined #postfix[01:23:19] <e_> serialthrilla: you aware of the fact there is more than one queue?[01:25:51] <serialthrilla> yea i think there's 4 or 5[01:27:08] <e_> "local storage was used for: " ... "3) postfix incoming mail spool " ...[01:27:59] <e_> anyway, i really think this is less a postfix then a linux-cluster issue... subscribe to the mailing list and try to find help there[01:31:04] <serialthrilla> really all i'm asking if i can just throw it on GFS and set any options to enable queue locking to get it to work but that doesn't appear to be the case, thanks though[01:31:29] <e_> try it![01:34:10] <e_> and post some experience to the linux-cluster[01:34:15] <e_> would be great :)[01:36:58] *** lambda has quit IRC[01:37:10] *** lambda has joined #postfix[01:46:31] *** michaelbradley has left #postfix[01:58:12] *** pirho has quit IRC[02:05:27] *** Fallenou has quit IRC[02:12:23] *** ploploop has joined #postfix[02:13:02] *** skyweb has quit IRC[02:15:03] *** ming_zym has joined #postfix[02:21:36] *** archangel7863 has quit IRC[02:21:56] <vice-versa> I wonder what the rational was for changing the address_verify_sender from postmaster to double-bounce in 2.5[02:27:27] *** grigora has joined #postfix[02:27:34] *** brancaleone has quit IRC[02:29:10] <grigora> Hi, I am getting (User unknown in virtual alias table) error and the map is specified like so: virtual_alias_maps = pgsql:/etc/postfix/pgsql_virtual_alias_maps.cf hash:/etc/postfix/virtual_alias_maps Does anyone know what the issue might be? TIA.[02:31:38] * vice-versa takes a wild guess that the user doesn't exist[02:33:48] <grigora> vice-versa: the user does exist in the db and has existed all along, I am just migrating the installation to a new machine and the user is in the db. I tried putting wrong SQL in my psql_* file and it came back with an error, which makes me think it's not failing silently on the db looked, so I am really not sure why I am getting the error[02:34:23] <grigora> I also have alias_maps specified, could Postfix be looking there and not finding the user?[02:38:33] <vice-versa> virtual(8) doesn't use alias_maps[02:39:14] <vice-versa> try doing a postmap query on the address in question[02:39:34] <vice-versa> !obvious[02:39:35] <knoba> vice-versa: "obvious" : look for obvious signs of trouble, egrep '(warning|error|fatal|panic):' /some/log/file See: !logs factoid if you're unsure of where your mail logs are located[02:40:19] <grigora> here is my postconf -n - http://rafb.net/p/5FQjDd58.html[02:40:59] <grigora> vice-versa: didn't see your comments, will check now[02:49:54] <rob0> !unknown_virtual[02:49:54] <knoba> rob0: "unknown_virtual" : \"User unknown in virtual $X table\" means that the recipient domain was found in $virtual_$X_domains but the username@domain was not found in $virtual_$X_maps. ("$X" can be either alias or mailbox .)[02:50:08] <rob0> !postmapq[02:50:09] <knoba> rob0: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.[02:55:17] <grigora> vice-versa: postmap -q 'grigora' pgsql:/etc/postfix/pgsql_virtual_alias_maps.cf - returns a valid result[02:55:45] <vice-versa> define "valid result"[02:56:40] <grigora> grigora at mydomain dot com [tab] grigorian at anotherdomain dot com[02:58:07] <rob0> reread the !unknown_virtual factoid[02:58:44] <vice-versa> !virtual_alias_maps[02:58:44] <knoba> vice-versa: "virtual_alias_maps" : a configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote address. The table format and lookups are documented in virtual(5).[02:59:59] *** ploploop has quit IRC[03:00:00] <rob0> Also, you're munging domains, which is always a bad idea if you want to solve the issue, but is particularly bad in the case of virtual alias domains.[03:01:27] <grigora> rob0: is it saying that the %s in [ WHERE login='%s' ] really is username@domain vs just username? is there any way to check what %s is?[03:01:48] <grigora> rob0: what does munging exactly mean?[03:02:03] <rob0> The lookup is username@domain[03:02:23] <vice-versa> mung = obfuscating meaningful details[03:02:44] <grigora> must be the new version ...[03:02:45] <rob0> Mung Until No Good[03:03:13] <grigora> rob0: well, it's mydomain.com - what difference does it make what the actual domain is?[03:03:19] <rob0> bye[03:03:29] <vice-versa> lol[03:03:44] <grigora> rob0: later, thanks for your help[03:05:09] <vice-versa> nice, you just alienated yourself from one of the most knowledgeable users of this channel[03:05:25] <xpoint> !tls[03:05:26] <knoba> xpoint: "tls" : short for "Transport Layer Security" (RFC2246). It adds an additional layer of encryption to protocols like SMTP, POP3 or IMAP to improve security during transmission over the internet. You can find HOWTOs on that topic on http://www.postfix.org/docs.html[03:05:58] <grigora> vice-versa: why is that? I certainly didn't mean to.[03:05:59] <rob0> well, that, but mostly the fact that I really don't have time to hang out here right now.[03:08:06] <grigora> vice-versa: well, I wouldn't mind sharing with you or rob0 the domain, but there are a lot of people on the channel and I simply don't want to publicize the domain. Nothing personal.[03:08:46] <Alumin> he doesn't want to admit he's the goatse admin :P[03:08:50] <vice-versa> why, it's a public server for the domain is it not?[03:09:21] <vice-versa> I can understand email addresses, but the domain, come on[03:09:32] <e_> is the configuration of the server a public detail?[03:09:39] <grigora> vice-versa: yes, but do you see all the config params for all public domains out there?[03:12:19] <grigora> Alumin: not sure what that means and don't really want to know either[03:12:26] *** serialthrilla has quit IRC[03:12:46] <Alumin> yeah, you probably don't :)[03:13:02] <e_> most probably[03:13:13] <grigora> Alumin: not probably, but certainly[03:13:30] <vice-versa> well it's a frigging mail server, and anyone worth their salt that you should be concerned about probably knows more about your mail server software and config than you do[03:16:13] <grigora> vice-versa: by the same token i should publicize my root password because someone wrote my kernel ... look dude, i am not here to argue, if you think displaying your mail server's configuration with a domain name is ok to do, please do so, I on the other hand would rather not, that's all[03:16:59] *** F6F has quit IRC[03:17:39] *** F6F has joined #postfix[03:18:28] <vice-versa> now that's just plain ludicrous logic[03:24:30] <grigora> vice-versa: ok[03:25:21] <vice-versa> they way you munged the postconf -n output it's unclear whether you should be using virtual anything[03:26:15] <vice-versa> if you're going to or have to mung, at least do it in a somewhat meaningful way[03:28:00] <grigora> vice-versa: fair enough ... what exactly is unclear from the output? myhostname is my domain without the '.com' piece, just like it was posted, virtual_alias_domains = mydomain.com[03:29:40] <grigora> vice-versa: the reason I am using virtual_alias_domain/maps is that the user's do not have a mailbox at all, any mail sent to those addresses is forwarded to qpsmtpd which has a custom built module which processes these emails and stores them in a database. Also going forward, I would like to have the flexibility to host more domains on this box. Does that explain?[03:30:56] <vice-versa> yes, you want separate domains with non-unix accounts[03:31:37] *** m0f0x has joined #postfix[03:31:48] *** xpoint has quit IRC[03:32:04] <grigora> vice-versa: and this same setup has worked for months on a different machine, my Postfix is version 2.5 which is what's causing the issues, I am guessing[03:32:11] <grigora> vice-versa: yes, that is correct[03:32:28] <grigora> it was 2.2 before[03:32:49] <vice-versa> I doubt it the version difference[03:32:59] <vice-versa> s/it/it's/[03:33:55] <grigora> vice-versa: yeah, i don't know ... tried replacing %s with %u, still no go[03:34:03] <vice-versa> if your goal is a setup as you explained, you should have a look at the virtual readme[03:34:08] <vice-versa> !virtual[03:34:08] <knoba> vice-versa: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[03:34:14] <grigora> vice-versa: do you know of any way to see what %s/u has?[03:35:24] <grigora> I looked at it twice today, problem is I don't know what exactly I am looking for ...[03:35:37] <vice-versa> Postfix virtual MAILBOX example: separate domains, non-UNIX accounts[03:36:37] <vice-versa> which is probably the most common virtual setup[03:38:00] <grigora> vice-versa: so are you saying virtual_mailbox_maps is more appropriate than virtual_alias_maps?[03:39:55] <vice-versa> if it's for non-unix users, it has to have somewhere to deliver the mail to[03:40:21] <vice-versa> that's what virtual_mailbox_maps defines[03:40:29] <vice-versa> !virtual_mailbox_maps[03:40:30] <knoba> vice-versa: "virtual_mailbox_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains.[03:41:24] *** cmatheso1 has joined #postfix[03:41:28] <vice-versa> hmm, that factoid certainly could be clearer[03:41:51] <grigora> vice-versa: but what if it doesn't have to deliver the mail? my mail gets processed by qpsmtpd, it doesn't get delivered[03:41:57] <cmatheso1> i'm having trouble understanding the difference between alias_maps and alias_database from the manpages--could someone explain that to me? (also, i assume you should never have the same hash in both?)[03:41:57] <vice-versa> The virtual(8) delivery agent uses this table to look up the per-recipient mailbox or maildir pathname. If the lookup result ends in a slash ("/"), maildir-style delivery is carried out, otherwise the path is assumed to specify a UNIX-style mailbox file. Note that $virtual_mailbox_base is unconditionally prepended to this path.[03:42:10] *** bimbomio has quit IRC[03:43:14] <vice-versa> grigora: how is that being implemented[03:43:32] <grigora> cmatheso1: alias_database determines what sort of databases the server supports, IIRC[03:44:39] <vice-versa> type:/path/to/map[03:44:49] <grigora> vice-versa: well, qpsmtpd has plugins, you can also develop your own, so i have a plugin that takes the message, processes it and stores it in a database[03:46:08] <vice-versa> as it pertains to postfix, how is postfix handing the mail off to qpsmtpd?[03:47:40] <grigora> vice-versa: Postfix forwards the mail to port 10025, as if qpsmtp were a content filter[03:48:57] <vice-versa> with content_filter = ?[03:50:17] *** pickcoder has joined #postfix[03:50:54] <cmatheso1> grigora: the manpage says that alias_database is 'The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi".' (explaining that the difference is that $alias_maps doesn't necessarily need to be composed of local files). i don't quite understand the distinction. i'm actually looking at a config right now that has the same map specified in both directives, which seems wrong to me[03:52:12] <grigora> vice-versa: yes ... at some point i removed it, trying to narrow the problem down, my bad[03:53:42] <vice-versa> that's not really that important[03:56:05] <grigora> vice-versa: well, now that I have it in place, I get a different error ... but my user is recognized[03:57:00] <vice-versa> interesting, what's the new error[03:57:07] <grigora> vice-versa: go figure, now it tells me [warning: connect to transport scan: Connection refused][03:57:27] *** mavrick61 has quit IRC[03:57:27] <grigora> vice-versa: but when i do telnet localhost 10025, it accepts the connects and show the greeting[03:58:27] <vice-versa> does the master.cf from the previous system have an entry with a service name of scan?[03:58:32] *** mavrick61 has joined #postfix[03:58:47] <grigora> vice-versa: no[03:59:28] <grigora> vice-versa: it does, sorry[04:01:00] <grigora> and now I get - relay=none, delay=1.5, delays=1.5/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=localhost type=A: Host not found) - which is back to square 1![04:01:19] <pickcoder> name service error[04:01:32] *** tomocha6 has quit IRC[04:01:35] <pickcoder> dejavu[04:01:36] <grigora> pickcoder: localhost?[04:01:58] <grigora> pickcoder: why is it even using a name server to look up localhost?[04:02:30] <pickcoder> indeed[04:02:53] *** RobertLaptop has quit IRC[04:03:31] *** tomocha6 has joined #postfix[04:03:59] <grigora> Aug 21 22:00:13 ubuntu postfix/smtp[1113]: D14A3C7EE: to=<grigora at mydomain dot com>, relay=none, delay=1.5, delays=1.5/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=localhost type=A: Host not found)[04:04:07] <pickcoder> perhaps the service is localhost:10025 instead of 127.0.0.1:10025[04:04:29] <e_> ha![04:04:33] <e_> that's funny[04:04:48] <e_> that happened to me too[04:05:07] <e_> a setup with localhost in my transport table stopped working on this monday with that error[04:05:16] <e_> just from one second to the other..[04:05:26] <grigora> pickcoder: meaning ...[04:05:26] <e_> changed it to [127.0.0.1] and that made it work again..[04:05:28] <e_> very weird[04:06:07] <pickcoder> grigora: change your service config to an IP so it won't do lookups[04:06:12] *** xp_prg has quit IRC[04:06:37] <grigora> pickcoder: as in config_filter = scan:127.0.0.1:10025?[04:06:50] <pickcoder> as well as master.cf[04:07:37] <vice-versa> sounds like they made changes in 2.5 as to how it resolves names[04:07:38] <grigora> pickcoder: master.cf doesn't even have that port number (10025)[04:07:55] <pickcoder> well that would be another problem[04:08:13] <grigora> is this a bug or is something misconfigured ... localhost should always resolve from /etc/hosts[04:08:15] *** githogori has quit IRC[04:08:39] <pickcoder> grigora: if it follows your resolv / nsswitch config[04:09:11] <pickcoder> apparently it doesn't[04:09:37] <pickcoder> I'm not sure if 2.3 does it or not[04:09:48] <vice-versa> try resolving it on the command line with dig[04:09:51] <pickcoder> I never specify "localhost" for localhost except in mydestination[04:10:10] <pickcoder> I get an A record on my box[04:11:15] *** shoonya has joined #postfix[04:11:51] <grigora> this is what I get - Aug 21 21:55:04 ubuntu postfix/smtpd[958]: warning: dict_nis_init: NIS domain name not set - NIS lookups disable[04:12:03] <grigora> pickcoder: could this be the reason?[04:12:55] <e_> in my case i could get an A record via dns but postfix would still complain with that exact error until i replaced "localhost" with the ip in my transport map..[04:13:28] <grigora> vice-versa: this is what dig returns - http://rafb.net/p/3T27Ga58.html[04:13:39] <pickcoder> heh[04:13:46] <pickcoder> lookups must be broken[04:14:02] <pickcoder> let me try something[04:17:31] <grigora> pickcoder: got to be broker cause localhost should always resolve[04:17:32] <pickcoder> works fine here[04:17:48] <grigora> or at least [localhost][04:19:33] <pickcoder> relay=localhost[127.0.0.1]:10025[04:19:40] <pickcoder> it resolved fine[04:20:00] <pickcoder> grigora: must be your name resolv setup[04:20:32] <grigora> pickcoder: why are you even specifying a relay?[04:20:41] <pickcoder> amavis is a relay[04:20:44] <grigora> content_filter should just handle it, shoudn't it?[04:20:44] <pickcoder> content_filter[04:29:28] <vice-versa> grigora: yeah 67.18.92.7 replied with 127.0.0.1 for localhost[04:29:42] <vice-versa> not all nameservers do[04:31:45] <grigora> and what does that mean? in this context[04:31:58] <grigora> i mean the fact tha 67.... responded[04:32:44] <vice-versa> it didn't come from /etc/hosts[04:32:48] <shoonya> hi all, i am trying to setup dynamic list configuration using openldap overlay dynlist. the ldap configuration is done and is working (ldapsearch from command line shows the resulting mail ids after the expansion)[04:33:16] <shoonya> but when the query is send from postfix, the dynamic list expansion is not happening[04:33:31] <shoonya> postfix ldap configuration - http://rafb.net/p/XjzxHK94.html[04:34:55] <vice-versa> grigora: we ran into some crazy shit a while back with localhost resolution, so we added 'domain ourdomain.com' /etc/resolv.conf and created an A record of localhost.ourdomain.com 127.0.0.1 and that was the end of that foolishness[04:35:43] <shoonya> i have found that is the query is done using "filter=uid" list expansion does not occur, but when the query is done using filter "uid=%u" where the %u is the uid value the list expansion works[04:36:54] <shoonya> from postfix configuration how to i make result_attribute to send uid=%u instead of just uid[04:37:16] <vice-versa> iirc it was because we rotated nameservers and some replied to localhost while other didn't[04:37:32] <vice-versa> s/other/others/[04:37:38] <shoonya> any help on this[04:43:58] *** hwdyki has joined #postfix[04:44:50] <hwdyki> can postfix relay mail based on the recipient's address?[04:44:59] *** Ryushin has quit IRC[04:45:37] <vice-versa> !relay_recipient_maps[04:45:37] <knoba> vice-versa: "relay_recipient_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that do not have a valid recipient list.[04:50:10] <cmatheso1> postfix is getting read timeouts from my relayhost, but i can connect to the relayhost from my mail server via telnet (to port 25). what could cause that?[04:50:54] *** hwdyki_ has joined #postfix[04:50:59] <cmatheso1> (restarting postfix solves the problem, so i don't think it's an actual network issue)[04:51:04] *** hwdyki has quit IRC[04:51:06] *** hwdyki_ is now known as hwdyki[04:52:36] <hwdyki> what if i have only one domain. but over 100k mailboxes? i'd like to spread the mboxes across multiple machines. is there a way to specify a list of usernames for a relay?[04:54:36] <vice-versa> !transport_maps[04:54:37] <knoba> vice-versa: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[04:54:39] <vice-versa> !transport[04:54:40] <knoba> vice-versa: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[04:55:31] <vice-versa> cmatheso1: odd, how often does it happen?[04:56:29] <hwdyki> must the hostnames given in the transport map be MX records?[04:57:22] <vice-versa> no, you can use [nexthop] to forego mx lookups[04:57:57] <cmatheso1> vice-versa: not sure, i'm helping debug some mail issues for a friend, and i've just seen it happen now. he's been complaining about mail not getting delivered all the time, and i've found several issues so far. this is one i haven't seen before[04:58:20] *** hparker has quit IRC[04:58:21] <vice-versa> any cisco gear involved in any of this?[04:58:39] <cmatheso1> possibly. it's a dedicated server w/ godaddy[04:59:00] <vice-versa> !cisco[04:59:01] <knoba> vice-versa: Error: "cisco" is not a valid command.[04:59:08] <vice-versa> hmm[04:59:20] <vice-versa> !cisco_pix[04:59:20] <knoba> vice-versa: "cisco_pix" : The Cisco PIX firewall has a SMTP proxy feature which breaks ESMTP. If your Postfix server is behind such a firewall you should disable the SMTP Fixup feature.[05:02:12] *** pickcoder has quit IRC[05:03:05] <vice-versa> cmatheso1: and if it not anything to do with that, only other thing that comes to mind is a mtu problem[05:03:36] <vice-versa> but the symptoms don't really fit[05:08:13] *** keffer has joined #postfix[05:09:35] <grigora> vice-versa: yeah, it's really weird ... maybe Weitse would have some ideas ...[05:10:18] <vice-versa> well he's pretty active on the mailing lists[05:11:02] <vice-versa> although his bedside manner is a little frosty[05:11:21] <rob0> lol, indeed[05:11:33] <vice-versa> with him being a Dr. an all, lol[05:12:56] <rob0> Still on the same !unknown_virtual issue, are we?[05:16:39] <vice-versa> no, we moved on to localhost resolver issues[05:18:36] <grigora> vice-versa: it does work if you replace localhost with 127.0.0.1 but I am fairly sure something is off there cause localhost should work just as well[05:19:55] <vice-versa> yeah something seems fishy, maybe a debug trace might shed some light on it[05:20:01] <vice-versa> !debug[05:20:01] <knoba> vice-versa: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .[05:22:55] <vice-versa> but I think something has been going on with name resolution changes with postfix[05:23:24] <vice-versa> seems to me the default for mydestination has changed in recent versions[05:23:58] <rob0> In what context is "localhost" failing to resolve?[05:24:01] <grigora> vice-versa: is it fair to say that all mailers / MUAs send a text/plain part regardless of what else they send?[05:24:23] <cmatheso1> vice-versa: thanks. i'll check that out.[05:24:25] <grigora> rob0: content_filter = scan:localhost:10025 - context[05:24:44] <vice-versa> they're supposed to, but not all do[05:24:46] <rob0> without the [] that's doing MX lookup[05:25:03] <grigora> rob0: even with [], doesn't seem to work[05:25:12] <vice-versa> tias[05:25:44] <rob0> With the [] it does an A lookup. Apparently your nameserver doesn't have "localhost".[05:25:55] <hwdyki> vice-versa: transport_map doesn't seem to accept user names.[05:25:57] <rob0> it's not a Postfix problem.[05:26:21] <grigora> vice-versa: does Outlook?[05:26:22] <vice-versa> we already confirm that it does rob0[05:26:43] *** nphase_ has joined #postfix[05:27:15] <vice-versa> grigora: fuck knows, MS is the all time king of standards abuse[05:27:34] <grigora> vice-versa: i know, that's why i am curious ...[05:28:46] <grigora> vice-versa: anywho, gotta go, thanks for your help and i hope no hard feelings, cheers[05:29:06] <vice-versa> none at all mate[05:29:07] *** grablin has joined #postfix[05:29:41] *** grigora has left #postfix[05:30:33] <hwdyki> anyone?[05:31:36] <rob0> anyone what?[05:32:44] <rob0> You want someone to scroll up and paste the answers you already got?[05:33:25] <hwdyki> i'm trying to specify a list of usernames for a relay. i've been told to use transport_maps. but transport_maps doesn't seem to accept usernames.[05:33:47] <vice-versa> user@domain transport:nexthop[05:34:13] <rob0> But it does accept user@domain which you would have known if you had read the transport(5) man page as recommended.[05:37:20] *** cite has quit IRC[05:37:34] *** rus-DieZel has joined #postfix[05:40:44] <vice-versa> rob0: any idea what the rational was for changing the address_verify_sender from postmaster to double-bounce in 2.5 was?[05:42:05] <rob0> no, did you look in release notes?[05:42:13] <rob0> um, I can guess[05:42:32] <rus-DieZel> Good day.[05:42:39] <rob0> I know I get way too much spam at postmaster.[05:43:39] *** goldfischli has joined #postfix[05:45:13] <rus-DieZel> I have a little problem but I very bad in postfix configuration :) When user trying send mail thourg stmp with authentication postfix gets a annoyed message 553 5.7.1 <diezel at wstel dot ru>: Sender address rejected: not owned by user diezel at wstel dot ru. Can anyone help me to solve that problem?[05:46:07] *** cite has joined #postfix[05:46:47] <vice-versa> rob0: no I didn't check[05:47:57] *** m0f0x has quit IRC[05:50:39] <vice-versa> rob0: yeah it's mentioned[05:50:51] <vice-versa> The default sender address for address verification probes was changed from "postmaster" to "double-bounce", so that the Postfix SMTP server no longer causes surprising behavior by excluding "postmaster" from SMTP server access controls.[05:53:44] *** bhagat has joined #postfix[05:53:55] * vice-versa wonders what a good example of that would be[05:54:22] <rob0> !sasl_readme[05:54:22] <knoba> rob0: "sasl_readme" : www.postfix.org/SASL_README.html[05:54:29] <rob0> rus ^^[05:56:46] <vice-versa> and shouldn't the address_verify_sender be a valid recipient address[05:57:15] <rob0> I think Postfix makes it valid automagically[05:57:28] <vice-versa> hmm[05:58:27] <vice-versa> must be magic within local(8) then[05:58:52] <rob0> depends on the class of $mydomain I guess[05:59:26] *** hwdyki has left #postfix[05:59:43] *** goldfisc1li has quit IRC[06:18:36] *** shoonya has quit IRC[06:29:14] *** saurabhb has joined #postfix[06:33:50] <vice-versa> sweet, my little hacked together Perl script for postgrey log file analysis seems to be working well[06:35:56] <vice-versa> pglogsumm v0.01 - Postgrey log file analyser (Perl v5.8.8)[06:36:52] *** darkphader has quit IRC[06:56:34] *** gonewestcoast has quit IRC[06:56:53] *** xp_prg has joined #postfix[06:58:05] *** snadge has joined #postfix[06:58:10] <snadge> razor2: razor2 check failed: Connection reset by peer[06:58:22] <snadge> been getting a few of those in my logs lately.. razor is getting upset with me?[06:58:42] <snadge> i have a caching dns now .. its not a huge volume of mail[07:17:04] *** _Driver_ has joined #postfix[07:20:43] *** _Driver_ has quit IRC[07:24:22] *** Haris__ has joined #postfix[07:24:30] *** Haris__ is now known as Haris[07:26:51] *** majikman has joined #postfix[07:27:05] <majikman> is there a way to automatically drop mail to be sent to a specific user?[07:28:03] *** Motoko-chan has joined #postfix[07:28:32] *** nixbox has quit IRC[07:33:46] *** Lap_64 has joined #postfix[07:35:27] <f3ew> check_recipient_access access(5) see DISCARD[07:37:15] <majikman> thanks![07:41:09] <majikman> f3ew, that appears to drop mail that postifx receives. is it possible to drop mail that someoen attempts to have postfix deliver?[07:42:21] *** DieZel has joined #postfix[07:42:22] *** ejos has joined #postfix[07:42:35] <ejos> Greetings![07:43:22] *** ejos has left #postfix[07:43:29] *** ejos has joined #postfix[07:43:38] <ejos> Greetings![07:44:56] *** gonewestcoast has joined #postfix[07:45:26] <f3ew> majikman, check_sender_access?[07:45:32] <f3ew> lo ejos[07:46:09] <majikman> thanks[07:46:41] *** rus-DieZel has quit IRC[07:48:30] <ejos> I want to make a relay to exchange, and i just create of user en /etc/passwd only to validate that the user exist and then resendto exchange but doesn't work[07:49:05] <ejos> hi f3ew[07:49:39] <f3ew> ejos use relay_domains and relay_recipient_maps[07:49:47] <f3ew> !standard[07:49:47] <knoba> f3ew: "standard" : Your question is probably answered in http://www.postfix.org/STANDARD_CONFIGURATION_README.html[07:49:56] <f3ew> See the firewall solution there[07:50:46] *** shoonya has joined #postfix[07:50:55] <ejos> ok thanks, but i wanna forward the email to exchange then[08:00:46] *** Zeit|awy_ has joined #postfix[08:06:43] *** Zeit|awy has quit IRC[08:07:28] *** gonewestcoast has quit IRC[08:08:18] <ejos> f3ew, how to make a forwarding when i have a users on /etc/passwd (local) and i want to relay to exchange, i all ready read the documentation but it doesn't work[08:09:03] <ejos> i still recive reject email[08:15:24] *** ejos has quit IRC[08:24:21] *** cmatheson has quit IRC[08:25:08] *** cmatheso1 has quit IRC[08:29:02] *** Motoko-chan has quit IRC[08:32:09] <sunru> I'm getting NOQUEUE: reject: RCPT[08:32:41] <sunru> and warning: connect to pgsql server localhost: FATAL: connection limit exceeded for non-superusers?[08:32:48] <sunru> but I can connect.[08:33:06] <sunru> it could be linking to an old libpq or something?[08:33:50] *** leyoda has joined #postfix[08:44:54] <f3ew> are you connecting as user postgres?[08:46:27] <f3ew> you probably want to increase the connection limit in postgresql.conf[08:46:37] *** shinao1 has joined #postfix[08:46:53] *** leyoda has left #postfix[08:46:56] <sunru> yeh its that[08:47:09] <f3ew> that's a superuser[08:51:24] <sunru> no its not connecting as superuser.[08:52:16] <sunru> its my fault.[09:01:55] <sysmonk> f3ew: or use proxymap..?[09:05:16] *** rootsvr has joined #postfix[09:06:07] *** _Driver_ has joined #postfix[09:06:57] *** vecsigma has joined #postfix[09:07:16] <vecsigma> anyone know if there's a web front end for users to create their own server side mailfilter rules?[09:07:29] <vecsigma> such as if i was using maildrop, and enable per user homedir mailfilter include files[09:07:43] <sunru> sieve?[09:07:45] <sysmonk> if you'd use sieve there's web sieve tools[09:08:50] <vecsigma> ok cool thanks[09:10:41] *** vecsigma has quit IRC[09:11:13] <f3ew> sysmonk or both[09:15:04] *** lumpek has joined #postfix[09:18:03] *** ejos has joined #postfix[09:18:09] <ejos> GreetingsQ[09:18:11] *** snadge has quit IRC[09:18:14] <ejos> Greetings![09:19:11] *** stou has joined #postfix[09:19:13] <stou> hello[09:20:36] <ejos> hi[09:22:10] <ejos> i have users on /etc/passwd, and i wanna verificate that the user exist and if is true then relay to a non-loca-server, how can i do?[09:22:39] *** snadge_ has joined #postfix[09:23:15] <ejos> i did ones, but using ldap, was more easy but with a /etc/passwd i just don't know[09:23:18] *** loompek has quit IRC[09:26:51] *** sophokles1 has joined #postfix[09:28:34] *** j_s has joined #postfix[09:33:44] *** _Driver_ has quit IRC[09:37:29] *** madrescher has joined #postfix[09:38:37] <f3ew> ejos, don't use /etc/passwd[09:40:18] *** xp_prg has quit IRC[09:42:35] *** rootsvr has quit IRC[09:44:17] *** sophokles has quit IRC[09:46:54] *** brancaleone has joined #postfix[09:48:27] <stou> hey... is there a way I can implement DKIM so that mail from domain A is signed as domain A but on server B ?[09:48:54] <stou> that is... we have two domains, one runs the mail server... but mail also gets sent from another domain through the mail server of the first domain[09:50:16] *** _Driver_ has joined #postfix[09:51:30] <ejos> f3ew thanks, i don't wanna used but was a emergency, as soon as i can i'll chage to ldap o other things[09:51:48] <f3ew> ejos use a flat file instead[09:54:16] <ejos> f3e, yes it could be better; thanks agains[09:58:06] *** war9407 has joined #postfix[10:08:32] *** F6F has quit IRC[10:08:44] *** F6F has joined #postfix[10:16:06] *** _Driver_ has quit IRC[10:16:26] *** _Driver_ has joined #postfix[10:25:00] <dragonheart> stou: as long as the private key of dkim is on B and the public key is in DNS for domain A it will be ok[10:26:59] <stou> dragonheart, excellent... that's what I was hoping for =)[10:27:40] <stou> does anyone know of a good SPF + Postfix tutorial?[10:28:23] *** _Driver_ has quit IRC[10:28:40] <dragonheart> openspf.org/tools has a few impmentstations. the also describe the two lines to change to implement checking[10:29:03] <dragonheart> http://www.openspf.org/Software correction[10:29:10] <stou> dragonheart, two lines?[10:29:41] <dragonheart> one master.cf line change and adding a policy restriction to main.cf[10:29:45] <stou> I install postfix-polycyd-spf-perl but I get: "warning: premature end-of-input on private/policy while reading inputattribute name"[10:29:49] <stou> *installed[10:30:14] <dragonheart> more info? version/testcase?[10:31:40] <stou> the script is version 2.006, postfix 2.3.3-2.1 (RHEL 5.1)... I don't have a test case I am just tailing the logs and I see warnings about perl exit status 2 and the message above[10:31:52] *** ejos has left #postfix[10:31:53] <stou> but it doesn't happen all the time and I do get mail from gmail[10:32:17] <stou> and: warning: problem talking to server private/policy: Connection reset by peer[10:32:26] <jduggan_> hrm, im being raped on an MX backup server by clients connecting and disconnecting before even sending helo, maxing out all processes.. problem is if i increase maxproc, the number of connections goes up with it and there's simply too many hosts to firewall, has anyone had anything like this before? or know of a good place to start combatting it?[10:32:46] <f3ew> postfic stop[10:32:49] <f3ew> waot 5 minutes[10:32:51] <f3ew> wait[10:32:57] <jduggan_> already tried that[10:33:01] <jduggan_> :([10:33:15] <stou> ugh... no I am not... gmail stuff is broken[10:33:57] <jduggan_> im not getting any data or rcpt to so the concurrency stuff is useless, i have put a smtpd_error_sleep_time = 2[10:34:03] <dragonheart> could try stracing it stou[10:34:10] <jduggan_> which unless im mistaken has helped[10:34:13] <f3ew> jduggan_ delay giving them a greeting?[10:35:45] <stou> dragonheart, good idea, I'll track it down some day... incoming SPF isn't that important right now...[10:36:14] *** snadge_ has left #postfix[10:36:43] <dragonheart> i dont imagine it would be that difficult. well done on being proactive with dkim/spf though[10:37:47] <stou> =) Only because Yahoo/Msn are directly sounding our mail to the junk folder with ~1 hour delay... but DKIM is sooooo easy to install why isn't everyone using it?[10:40:59] <dragonheart> apathy i guess. i have small fear about mail lists breaking signatures too often but otherwise i'm quite in favour of impmentation[10:45:25] *** cilly has quit IRC[10:45:33] <stou> Ah, one benefit of lots of spam is quicker testing...[10:46:24] <stou> sweeeeeeet! It works. I had the script file in the wrong directly, and 'nobody' was not allowed to execute stuff from there[10:47:20] <stou> *directory[10:48:00] <f3ew> heh[10:48:01] *** habnabit_ has quit IRC[10:48:05] *** adaptr has quit IRC[10:48:08] *** adaptr has joined #postfix[10:51:58] *** Braden` has joined #postfix[10:52:00] <Braden`> Hello[10:54:55] <Braden`> I am not on the same network as my server. My server runs postfix to handle the mail for my domain. In my e-mail client, if I set the outgoing mail server as my server's host (mail.domain.com), it seems to be blocked somewhere along the way, but if I set the outgoing mail server to my isp's smtp server my e-mail goes into the spam folder of the destination.[10:55:13] *** Rowellen has joined #postfix[10:55:35] <stou> Braden`, some ISPs do not let you send mail from your local machine (ATT I think is one of them)[10:56:04] <Rowellen> hi. is it possible for postfix to discard delivery failure mails for one account?[10:56:52] <Braden`> stou: Is there a way I can get postfix to receive mail on more than one port?[10:57:12] <Braden`> So instead of me trying to connect to postfix on port 25 I could connect on a non-priveledged port?[10:57:40] *** Ham1979 has joined #postfix[10:57:42] <Ham1979> hello[10:57:42] <stou> Braden`, I am fairly certain there is a 'workaround'... another port[10:58:09] <Braden`> stou: Yea, but it still needs to listen on port 25 as well[10:58:19] <Ham1979> Where does postfix store messages, I have a mail/mbx/user folder and can see unread messages in new, rest of inbox in cur folder but where are all the others[10:59:03] <stou> Braden`, is this the problem you are running into: http://help.yahoo.com/l/us/att/smallbusiness/bizmail/pop/pop-32.html[10:59:07] *** grablin has left #postfix[10:59:55] <stou> Braden`, port 587[11:00:34] <stou> Braden`, although I am not quite sure that's the exact solution to your problem. What I ran into was that ATT wouldn't let me connect to my mailserver to my postfix to send mail[11:00:55] <Braden`> stou: I have the exact same problem as you then[11:01:02] <Braden`> I need to connect to my mail server to send e-mail[11:01:19] <stou> ah... yea so it's port 587[11:01:33] <stou> Braden`, http://www.pcmag.com/article2/0,1759,1838667,00.asp[11:02:21] <stou> Braden`, http://rackerhacker.com/2007/07/04/enable-submission-port-587-in-postfix/ how to do it[11:02:33] <stou> the first article is about the port itself and blah blah[11:04:31] <Braden`> Thank you, I will read them[11:05:51] *** carrera has joined #postfix[11:06:10] <stou> np[11:06:15] <carrera> Greetings Earthlings![11:06:50] <Braden`> stou: I don't have the submission line in the main.cf, and it doesn't look like main.cf format. It looks /sort/ of similar to master.cf format though.[11:07:45] <carrera> can anyone explain when someone might use a corp POP/IMAP server to retrieve emails and an ISP SMTP to send?[11:08:37] <Ham1979> can anyone help with finding my email messages![11:08:44] <Ham1979> I have a mail/mbx/user folder and can see unread messages in new, rest of inbox in cur folder but where are all the others[11:09:49] <Braden`> stou: nm, it is a master.cf parm[11:09:53] <Braden`> stou: Thank you =][11:11:12] <stou> Braden`, no problem... that's probably the only postfix related question I can answer... you lucked out :)[11:11:23] <stou> night all[11:11:25] *** stou has quit IRC[11:11:32] <Braden`> While I am here, is there any documentation on enabling user/pass for setting up smtp user/pass auth?[11:17:33] *** Ziroday-eee has joined #postfix[11:22:09] *** Kako has joined #postfix[11:23:59] *** rus-DieZel has joined #postfix[11:25:48] *** Rowellen has quit IRC[11:26:38] *** rootsvr has joined #postfix[11:28:42] *** cilly has joined #postfix[11:33:15] *** DieZel has quit IRC[11:33:41] <Ham1979> I have a mail/mbx/user folder and can see unread messages in new, rest of inbox in cur folder but where are all the others[11:34:05] *** Ziroday-eee has left #postfix[11:44:11] *** no_maam has joined #postfix[11:44:19] <no_maam> hi, got a little problem with virtual[11:45:01] <no_maam> mail to foo at bar dot com should be piped to "|script command", but somehow I think postfix is calling "script command at bar dot com"[11:45:19] <no_maam> I wrote foo at bar dot com "|script command" in the virtual table[11:46:40] <Braden`> I am now getting this error in /var/log/syslog whenever I try to connect remotely to send an e-mail:[11:46:41] <Braden`> Aug 22 05:45:11 balthasar postfix/smtpd[17763]: warning: SASL authentication failure: no secret in database[11:46:41] <Braden`> Aug 22 05:45:11 balthasar postfix/smtpd[17763]: warning: unknown[121.1.30.122]: SASL NTLM authentication failed: authentication failure[11:48:10] <Braden`> nm, I think I figured it out[11:48:17] <f3ew> no_maam virtual(8) does not deliver to pipes[11:48:28] <f3ew> use a custome transport, or local aliases[11:48:36] <f3ew> Braden` well?[11:51:31] <Braden`> f3ew: The jury is still out.[11:52:13] *** rootsvr has quit IRC[11:57:36] *** Ham1979 has quit IRC[12:02:38] <f3ew> Braden` what is your setup like?[12:09:07] <no_maam> f3&w: ok, thanks[12:10:01] <no_maam> f3ew: didn't know that[12:11:31] *** Fallenou has joined #postfix[12:17:48] *** k4z has quit IRC[12:25:29] *** ming_zym has quit IRC[12:37:30] *** cpm has joined #postfix[12:37:44] *** Broken|work_ has joined #postfix[12:40:00] *** Broken|work has quit IRC[12:57:35] *** carrera has quit IRC[12:59:02] <Braden`> f3ew: Sorry for the delayed responce. Simpsons and King of the Hill were on tv.[12:59:14] <Braden`> f3ew: Debian + Postfix + SASL2[12:59:52] <Braden`> I followed the instructions on this site: http://www.jimmy.co.at/weblog/?p=52 and the test comes out ok. Its just when I try to use an actual e-mail client is when the problem occurs[13:02:55] <f3ew> !debug[13:02:55] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .[13:03:28] *** bhagat has quit IRC[13:04:03] *** bhagat has joined #postfix[13:06:15] <Braden`> http://pastebin.com/d63d026c0[13:14:24] <Braden`> I am now getting this error[13:14:25] <Braden`> postfix/smtpd[18584]: NOQUEUE: reject: RCPT from unknown[121.1.30.122]: 450 4.7.1 Client host rejected: cannot find your hostname, [121.1.30.122]; from=<braden at tenament dot com> to=<dbtem at yahoo dot com> proto=ESMTP helo=<batemme>[13:14:48] <Braden`> As you can see from my rafb.net paste, I don't verify hostnames[13:14:54] <Braden`> So I shouldn't (afaik) be getting that error[13:18:16] *** drzed_ has joined #postfix[13:18:25] <drzed_> hi there![13:19:08] <drzed_> i want to set up a fake mail-server which accepts all mail, but delivers them to /dev/null[13:19:20] <Braden`> nullmailer[13:19:22] <drzed_> any suggestions how to do that[13:22:03] <Braden`> 450 4.7.1 Client host rejected: cannot find your hostname, [121.1.30.122][13:23:16] <drzed_> Hm the thing is it should accept incomming mails not only from localhost but from any host and it should not relay it to anywhere[13:23:17] <cpm> http://untroubled.org/nullmailer/[13:23:22] <cpm> like Braden` said[13:24:03] <drzed_> ok, thx will have a look at it[13:25:37] <drzed_> hm the mentioned page states "relay to a fixed set of smart relays. (upstream hosts)"[13:29:05] <Braden`> http://pastebin.com/d63d026c0 - I am getting "450 4.7.1 Client host rejected: cannot find your hostname" whenever I try to send an e-mail via outlook. As you can see in my paste, I do not reject_invalid_hostname so I don't know why I am getting that error. My IP address is in my mynetworks.db hash file.[13:30:50] <cpm> what do the logs show?[13:31:22] <Braden`> postfix/smtpd[18584]: NOQUEUE: reject: RCPT from unknown[121.1.30.122]: 450 4.7.1 Client host rejected: cannot find your hostname, [121.1.30.122]; from=<braden at tenament dot com> to=<dbtem at yahoo dot com> proto=ESMTP helo=<batemme>[13:31:57] <cpm> helo=<batemme> ?[13:32:05] <cpm> doesn't look like a valid host name to me.[13:32:16] <cpm> or fqdn rather.[13:33:04] <Braden`> Well[13:33:18] <Braden`> How do I force outlook to output a valid hostname?[13:34:44] <cpm> well, I don't force outlook to do anything, because I don't like it, and refuse to support it. But I don't think that's at the root of this.[13:35:10] <Braden`> Well, outlook would be the e-mail client passing the EHLO to the postfix mail server.[13:35:21] <cpm> I'd go back and review your main.cf, ask youself why you have separate client and recipient restrictions, when you don't seem to need them.[13:35:31] <Braden`> Outlook is reporting batemme because that is the name of my comp on an internal network[13:36:48] <cpm> reconfigure all your restrictions under recipient restrictions unless you have a deep and abiding requirement.to do otherwise.[13:38:38] <drzed_> cpm: hm the suggested nullmail does relay mail to another host, which i do not want[13:38:46] <cpm> you're internal network is Smart Broadband Incorporated in the Philippines[13:38:51] <cpm> ?[13:39:01] <Braden`> cpm: Yea[13:39:24] <cpm> regardless.[13:39:29] <Braden`> Though I am not sure I feel "Smart" as the service is questionable and the charges are high for said crappy service.[13:39:41] <Braden`> I never thought I would say I miss Comcast, but... I miss Comcast.[13:40:07] <cpm> reconfigure all your restrictions under recipient restrictions unless you have a deep and abiding requirement.to do otherwise.[13:40:16] <cpm> heh[13:40:42] <Braden`> cpm: I commented everything out except for recipeint restrictions, and it allows me to send my e-mail. I will go through and fine tune it then[13:40:50] <cpm> Braden`, I think your email is getting rejected before it gets a chance to pass.[13:40:51] <Braden`> Thanks[13:40:59] <cpm> good luck.[13:42:14] *** saurabhb has quit IRC[13:43:03] *** cilly has quit IRC[13:47:43] *** shinao1 has quit IRC[13:52:33] <Braden`> Works great now. Thanks for the help. I really appreciate it =][13:54:19] *** rus-DieZel has quit IRC[13:55:51] <cpm> you're welcome[13:55:55] * cpm can go home now[14:07:04] *** pingouin_ has joined #postfix[14:08:53] *** hwdyki has joined #postfix[14:09:11] *** pingouin has quit IRC[14:09:20] <hwdyki> do i still need to specify mydestination if i use virtual alias domains?[14:09:57] <lunaphyte_> no[14:20:51] *** Tex-Twil has joined #postfix[14:21:03] *** Tex-Twil has left #postfix[14:25:23] *** raz has quit IRC[14:25:34] *** raz has joined #postfix[14:38:30] *** xming has joined #postfix[14:50:34] *** internat1 has joined #postfix[14:50:50] *** Internat has quit IRC[14:57:35] *** Fallenou has quit IRC[15:15:13] *** kk_CHN has joined #postfix[15:15:44] <Braden`> Anyone around?[15:15:51] <Nockian> probably[15:17:57] <cpm> Nope.[15:19:47] <Braden`> Nevermind =P[15:30:48] *** nphase_ has quit IRC[15:36:08] *** j_s has quit IRC[15:38:02] <hwdyki> how do i disable local unix accounts from receiving mail. i'm using virtual_alias_domains and i only want those listed in my virtual_alias_maps to be able to receiving mail.[15:38:16] *** cilly has joined #postfix[15:41:19] <rob0> "mydestination =", but then if you're wanting to deliver the virtual_alias_maps to Unix users, that won't work. "mydestination = localhost" and "append_dot_mydomain = no" if so, and use "user at virtual dot alias.domain user@localhost" in virtual_alias_maps.[15:46:22] *** nfsnobody has quit IRC[15:47:15] <xming> any one knows is it's possible to apply milter per domain? Using restriction class it's possible to have access list per domain/user, but since milter is before queue I wonder if it applies?[15:48:10] <f3ew> nope[15:49:24] <xming> and check_policy_service? It's possible with a policy server, no?[15:50:48] <sysmonk> lithuania pwn3d in basketball by spain :P[15:52:18] <Dominian> Did the US win Gold yet?[15:52:56] <sysmonk> yeah, a bronze 'gold'[15:52:56] <sysmonk> ;))[15:54:16] *** kk_CHN has quit IRC[15:54:43] <Dominian> no kidding?[15:54:48] <Dominian> Damn they were doing well.. that sucks.[15:54:49] <sysmonk> nah, dunno[15:54:55] <Dominian> oh.. haha[15:55:01] <sysmonk> i'm not really interested[15:55:22] <sysmonk> just everybody around is watching olympic games[15:55:32] <sysmonk> especially lithuanians watch basketball[15:55:36] <sysmonk> today it started at 3pm[15:55:46] <sysmonk> so work was over at 3pm ;)[15:56:16] *** bhagat has quit IRC[15:57:16] <Dominian> hah[15:59:38] *** UQlev has joined #postfix[16:07:04] *** Tex-Twil has joined #postfix[16:07:21] *** Tex-Twil has left #postfix[16:14:43] *** pingouin_ has quit IRC[16:14:43] *** pingouin has joined #postfix[16:15:39] *** hwdyki has left #postfix[16:23:39] *** cichlid02 has joined #postfix[16:26:11] *** frato has joined #postfix[16:28:43] *** lambda has quit IRC[16:31:03] <pUmkInhEd> hi[16:31:35] <pUmkInhEd> anyone noticed a huge increase in the number of virus' hitting their smtp servers?[16:31:48] <pUmkInhEd> or is it just my lucky two weeks?[16:31:54] *** _frato has joined #postfix[16:33:05] *** pickcoder has joined #postfix[16:33:20] *** frato389 has joined #postfix[16:37:28] *** xpoint has joined #postfix[16:37:49] <Trengo> pUmkInhEd i only get one/two viruses every couple days max[16:37:51] *** internat1 has quit IRC[16:38:18] *** Internat has joined #postfix[16:38:24] <pUmkInhEd> mailgraph daily=25, weekly=80, monthly=204[16:40:53] <Trengo> stats for yesterday: clean 1k, rejected 8k, spam 147, virus 1[16:42:28] <seekwill> What do you use for stats?[16:45:51] * pickcoder is afraid to look at bounce stats[16:46:21] <pickcoder> 68K today so far[16:46:30] <pickcoder> 390K for the week[16:46:39] <pickcoder> 12M for the year[16:46:49] * pickcoder checks fail2ban[16:47:42] <xpoint> pickcoder, please do anyway, bounce is hell in the spam fight[16:48:19] <pickcoder> argh[16:48:26] * pickcoder shoots fail2ban[16:48:31] <xpoint> pickcoder, how do you use fail2ban with postfix ?, want to share the confs ?[16:48:34] <pickcoder> it keeps %^#$% dying on me[16:48:37] <pickcoder> wth[16:48:43] <pickcoder> this is like the 10th time I've restarted it[16:48:58] <pickcoder> sure hold on[16:49:10] <pickcoder> I bet lograte is blowing it up[16:49:57] <xpoint> i will try make fail2ban use mysql backend for ip block, and then dump this to shorewall blacklist[16:51:20] *** frato has quit IRC[16:51:28] *** frato389 is now known as frato[16:51:51] *** frato has quit IRC[16:51:51] *** _frato has quit IRC[16:51:53] <xpoint> fail2ban should really have gdbm persisisten db so when server do a reboot it remember what was blocked before the reboot[16:53:26] <pickcoder> xpoint: yeah it should[16:56:00] *** _Driver_ has joined #postfix[16:56:31] <pickcoder> man this update is taking forever[16:56:37] <pickcoder> lemme log on another terminal[16:57:00] <pickcoder> failregex = reject: RCPT from (.*)\[<HOST>\]: (554|450|550|504)[16:57:39] <pickcoder> xpoint: if you have an iptables-save / restore script setup in the init.d then your old rules would be saved[16:58:05] <pickcoder> for a reboot[16:59:11] <xpoint> its a hack that way, but i have one jail that make shorewall blacklist of rbl hits[16:59:34] <pickcoder> there is a shorewall action config for it[16:59:43] <pickcoder> and hostsdeny[17:02:11] *** jeffspeff2 has quit IRC[17:03:08] <pickcoder> !pastebni[17:03:09] <knoba> pickcoder: Error: "pastebni" is not a valid command.[17:03:11] <pickcoder> !pastebin[17:03:11] <knoba> pickcoder: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.[17:03:31] <pickcoder> xpoint: http://rafb.net/p/mWFaaH45.html[17:04:32] <pickcoder> 208 drops since I just restarted it[17:05:00] <pickcoder> I think the highest I've seen is around 350[17:08:44] <xpoint> pickcoder, http://gate.junc.org/f2b/ please extend it if you can[17:08:44] *** madrescher has quit IRC[17:09:39] *** madrescher has joined #postfix[17:10:09] <pickcoder> xpoint: you're time orientation is based on two different error codes[17:11:20] <pickcoder> I only temp ban 450 and 5XX errors for 2 hours[17:12:15] <pickcoder> what are you wanting to do?[17:12:20] <xpoint> pickcoder, my lists is listed in rbl[17:12:39] <pickcoder> I know, but for which error codes do you want to ban permenantly[17:12:42] <xpoint> yuur is not tested in rbl[17:12:42] <pickcoder> and is it really a good idea?[17:12:49] <pickcoder> oh[17:13:18] <pickcoder> so the 554 is RBL blacklisted[17:13:23] <xpoint> yes[17:13:28] <pickcoder> hm[17:13:35] <xpoint> with that execat error reason[17:13:41] <pickcoder> ok[17:14:06] <pickcoder> I would add 450,550, and 504 to your temp ban[17:14:12] <pickcoder> but that's up to you[17:14:32] <xpoint> but then its a new jail if it should make sense[17:14:47] <pickcoder> yes[17:15:01] <pickcoder> because you are matching on specific error messages[17:15:04] <xpoint> i will add it, my f2b conf is big :-)[17:15:04] <pickcoder> not just the code[17:15:29] <pickcoder> I should probably follow you and fix my RBL blocking[17:16:00] <xpoint> yes that was my point to make it more exact match and do diff blocks in jail for it[17:16:40] <pickcoder> problem is I'm not running shorewall[17:16:50] <pickcoder> it's running fom a port forward[17:17:07] *** _bt has quit IRC[17:17:33] *** UQlev has quit IRC[17:18:34] *** jeffpc has joined #postfix[17:23:49] <xpoint> pickcoder, nat setup ?[17:25:00] *** archangel7863 has joined #postfix[17:25:43] <pickcoder> hmm.. no errors in the logs so I dunno why fail2ban is dropping out[17:25:44] *** nightcrawler7863 has joined #postfix[17:26:17] <pickcoder> I could install shorewall but at this point the problem is fail2ban[17:27:52] *** nightcrawler7863 has quit IRC[17:28:00] *** nightcrawler7863 has joined #postfix[17:29:05] *** ph8 has quit IRC[17:31:37] *** entropic has joined #postfix[17:33:01] <pickcoder> ugh spamassassin keeps blocking .PNG quotes from a vendor[17:33:41] *** archangel7863 has joined #postfix[17:37:21] <jeffpc> I'm reading though http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup and I'm a bit confused by first 3 bullet points[17:37:22] <jeffpc> #[17:37:22] <jeffpc> Do not list the.backed-up.domain.tld in mydestination.[17:37:22] <jeffpc> #[17:37:22] <jeffpc> Do not list the.backed-up.domain.tld in virtual_alias_domains.[17:37:22] <jeffpc> #[17:37:24] <jeffpc> Do not list the.backed-up.domain.tld in virtual_mailbox_domains.[17:37:50] *** archangel7863 has quit IRC[17:37:54] *** root has joined #postfix[17:38:16] *** root is now known as Guest14433[17:38:18] <Guest14433> how do i automatically move mail that spamassasin flagged as junk to a junk folder?[17:38:31] <jeffpc> (I have a postfix setup, and I want to have a backup MX - keeping the postfix setup I have now as the primary)[17:42:55] <jeffpc> (on the primary) if I remove the domain name from mydestination won't it affect mail delivery?[17:48:32] *** phoenix7863 has joined #postfix[17:49:17] *** phoenix7863 has quit IRC[17:49:26] *** phoenix7863 has joined #postfix[17:49:56] <f3ew> jeffpc list the domain in relay_domains[17:50:06] <f3ew> and the valid addresses in relay_recipient_maps[17:50:28] *** phoenix7863 has quit IRC[17:50:46] *** phoenix7863 has joined #postfix[17:50:47] <jeffpc> f3ew: is there a way to make relay_recipient_maps be constructed by postfix based on /etc/passwd + /etc/aliases?[17:51:35] <jeffpc> f3ew: and does relay_recipient_maps respect aliases?[17:51:37] <jeffpc> I got:[17:51:38] <jeffpc> alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases[17:52:23] <f3ew> !alias_maps[17:52:23] <knoba> f3ew: "alias_maps" : a configuration parameter in the main.cf: The alias databases that are used for local(8) delivery. See aliases(5) for syntax details.[17:52:29] <f3ew> !relay_recipient_maps[17:52:29] <knoba> f3ew: "relay_recipient_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that do not have a valid recipient list.[17:53:49] <jeffpc> hrm[17:54:53] *** cilly has quit IRC[17:56:00] *** pingouin has quit IRC[17:56:22] *** pingouin has joined #postfix[17:56:41] *** cilly has joined #postfix[17:57:40] <jeffpc> I guess I should just try it and see if it works :)[17:57:53] <jeffpc> thanks[17:59:57] *** Tykling has joined #postfix[18:16:50] *** Lap_64 has quit IRC[18:34:19] *** netcrash has joined #postfix[18:38:22] *** nixbox has joined #postfix[18:42:33] *** Kako has quit IRC[18:47:34] *** Braden` has quit IRC[18:57:35] <Guest14433> exit[18:57:37] *** Guest14433 has quit IRC[19:17:11] *** jelly is now known as unreggednik[19:18:08] *** unreggednik is now known as jelly[19:19:01] *** jeffpc has quit IRC[19:24:39] *** xp_prg has joined #postfix[19:25:03] *** hparker has joined #postfix[19:27:15] <pickcoder> what's the hash format for amavis whitelists[19:27:18] <pickcoder> I can't find it anywhere[19:27:49] <pickcoder> ah forget it.. I'll just use postfix to bypass[19:29:24] <pickcoder> hm.. I can't[19:36:53] *** jlund has joined #postfix[19:41:58] <magyar_> hi, how can i tell postfix that mail for anything at domain dot ca go to > /dev/null ?[19:42:28] *** Haris has left #postfix[19:42:39] <magyar_> or not even connect[19:42:52] <jlund> Take domain.ca out of the list of domains that you host mail for?[19:43:09] <jlund> Or are you just trying to blacklist a single email address?[19:43:19] <jlund> Because unless domain.ca is a catchall, that should be very easy too[19:43:49] <magyar_> jlund, i dont have mydestiantion for that domain, but MX points to me[19:45:07] <jlund> Well then Postfix shouldn't be accepting mail for it anyway right?[19:47:52] *** cichlid02 has quit IRC[19:49:02] *** Bagualas has joined #postfix[19:52:11] *** DarienWork has joined #postfix[19:52:46] <rob0> pickcoder: you can, possibly, with a FILTER target.[19:53:02] <DarienWork> I know it's a bad idea to do but I'm going to ask anyway - is there a way to tell Postfix to relay mail 'from' certain addresses?[19:53:45] <rob0> what is the real problem you want to solve? Surely there is a better way. SASL?[19:53:48] <rob0> !sasl[19:53:48] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[19:54:11] <DarienWork> rob0: I have SASL set up; however, I need to, for one specific user, allow mail through without being able to reconfigure his laptop[19:54:21] <DarienWork> he has it with him and can't change the settings[19:54:55] <DarienWork> he's set up to send through our mail server, which allows from our office IP, but he's gone to LA for the weekend so I'd like to make his e-mail 'just work' until he gets back[19:55:39] <rob0> check_sender_access in smtpd_recipient_restrictions, but you're right, it's a bad idea[19:55:47] <DarienWork> excellent, thanks[20:04:18] *** YellowSub has joined #postfix[20:07:59] *** gonewestcoast has joined #postfix[20:12:11] *** gonewestcoast_ has joined #postfix[20:19:57] *** _Driver_ has quit IRC[20:20:05] *** master_of_master has joined #postfix[20:20:42] *** _Driver_ has joined #postfix[20:20:55] <magyar_> jlund, but I get "mail loops back to myself"[20:22:29] <cpm> !loop[20:22:29] <knoba> cpm: Error: "loop" is not a valid command.[20:22:31] <cpm> !loops[20:22:31] <knoba> cpm: Error: "loops" is not a valid command.[20:23:53] <cpm> !best_mx_transport[20:23:53] <knoba> cpm: "best_mx_transport" : a configuration parameter in the main.cf: Where to deliver mail when the local MTA is listed as the best mail exchanger for a destination that is not listed in $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains. By default, the Postfix SMTP client reports a "mail loops back to myself" error and returns the message as undeliverable.[20:24:09] <cpm> magyar_, ^^^^^[20:24:11] <cpm> !basic[20:24:11] <knoba> cpm: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[20:24:13] <cpm> magyar_, ^^^^^[20:24:57] <jlund> maygar_: It doesn't make any sense that you would be receiving messages for a domain that isn't configured to be handled by Postfix. It should be getting rejected well before any message processing takes place. What cpm just posted should be all that you need to know.[20:27:43] *** gonewestcoast has quit IRC[20:30:29] *** master_o1_master has quit IRC[20:31:33] *** pitakill has joined #postfix[20:32:10] *** Knoedel_ has joined #postfix[20:33:18] *** Entelin has joined #postfix[20:33:57] <Entelin> I would like to have postfix listen on 2525 in addition to 25 how is this done?[20:34:23] <cpm> why?[20:34:28] <Dominian> !basic[20:34:28] <knoba> Dominian: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[20:34:37] <cpm> that makes no sense.[20:34:47] <Knoedel_> hi all[20:34:56] <Entelin> some isp's block outbound 25 and I would like to provide one single port that works for everyone[20:35:12] <pickcoder> Entelin: port foward?[20:35:27] <cpm> Entelin, that's what port 587 (submission) is for. No one delivers mail to port 2525, so that doesn't solve jack shit.[20:35:53] <Entelin> cpm: i dont want mail delivered to 2525[20:36:03] <Entelin> mail servers will always be able to contact 25[20:36:20] <rob0> and users, 587[20:37:08] <Entelin> ok ill use 587, same question though[20:37:29] <rob0> sample, commented, in master.cf[20:38:43] <Entelin> hmm ok cool[20:38:47] <Entelin> testing[20:41:01] <Entelin> great looks like it works[20:43:01] * cpm directs rob0 to track down whomever started that 2525 nonsense, and kill them, horribly.[20:43:22] <rob0> Should I beat them into submission?[20:43:45] <cpm> That'll do for now.[20:43:57] <cpm> but eventually, 40 or 70 or so years from now, they should die.[20:45:59] <pickcoder> ++friday[20:46:36] *** Fallenou has joined #postfix[20:47:00] <cpm> -----faxes[20:47:01] <pickcoder> so far most of our suppliers agreed to e-mail POs[20:47:07] <pickcoder> \o/[20:47:13] <pickcoder> no one ever asked I suppose[20:47:25] <cpm> faxes in the time of email make so little sense, I just can't get my head around it.. and I start to get worked up, over nothing.[20:47:39] <pickcoder> we have a few stubborn ones that refuse to use e-mail[20:47:50] <pickcoder> they probably still do orders by hand on 3-ply[20:47:53] <cpm> yeah, because faxing is so secure.[20:48:24] *** dp has joined #postfix[20:48:26] <cpm> now, I have some sympathy for that. If you have eschewed the 'lectronic age, then do it altogether. No faxes either.[20:48:37] <dp> is there any way to make postfix ntop log queue rejections?[20:48:53] <dp> s/ntop/stop/;[20:49:04] <cpm> huh?[20:49:21] <dp> is there any way to make postfix stop log queue rejections?[20:49:38] <cpm> why?[20:49:47] <cpm> a mail server that doesn't log every transaction is worthless.[20:49:55] <dp> because I don't want it to log that data[20:49:57] <Entelin> whats the point of making a standard for a nonstandard smtp port? if it ever got popular with servers and spammers you would just have the same issue all over again and isp's would block it too[20:50:20] <cpm> Entelin, 587 isn't smtp. It's submission.[20:50:59] <dp> cpm: and it's your belief that not logging every transaction makes a mail server worthless. it is not mine[20:51:12] <Entelin> if it wasnt identical to smtp clients wouldnt support it[20:52:14] <Entelin> it IS smtp, by definition in the master.cf its exactly the same[20:52:27] <cpm> No, it isn't.[20:52:29] <cpm> Go read[20:52:29] <Entelin> just because you change the port doesnt somehow make it a different protocol[20:52:31] <cpm> http://www.faqs.org/rfcs/rfc2476.html[20:52:44] <Entelin> smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes[20:52:44] <Entelin> submission inet n - n - - smtpd[20:52:49] <Entelin> looks the same to me[20:53:08] <Entelin> without sasl obviously[20:53:44] <cpm> go read the rfc please.[20:56:13] *** habnabit_ has joined #postfix[20:57:21] <Entelin> this doesnt really solve anything that would give an isp reason not to block it down the road[20:57:23] <pickcoder> up to 329 on bans[20:57:38] <habnabit_> You get that many trolls here?[20:57:51] <Entelin> its just smtp with a few extensions as far as I can tell[20:58:04] <pickcoder> 329 naughty SMTP IPs[20:58:09] <habnabit_> Oh, haha.[20:58:23] <jelly> Entelin: is there a special reason why you would want to receive mail sent from a dynamically-assigned ip from those ISPs that block outbound tcp/25?[20:58:26] <cpm> Entelin, aside from the fact that it is only useful for submitting mail to a queue from authorized clients, you are correct.[20:58:41] *** dp has left #postfix[20:58:42] <xpoint> pickcoder, i have 674 here for the last 24 hours, no fp[20:58:59] <cpm> is there any reason to accept mail from a dynmically assigned ip at all.[20:58:59] <Entelin> im using smtp auth[20:59:08] <pickcoder> that reminds me I need to try perm jails[20:59:22] <pickcoder> is shorewall really the thinnest solution?[20:59:30] <pickcoder> I don't need a huge firewall solution[20:59:37] <xpoint> pickcoder, no see host.deny[20:59:41] <Entelin> i didnt read anything in that rfc that isnt already done with smtp really[20:59:42] <pickcoder> true[21:00:04] <pickcoder> hrm[21:00:04] <cpm> you can submit to port 25 without auth.[21:00:09] <pickcoder> that's not packet level[21:00:12] <cpm> which is how email moves around the world.[21:00:20] <pickcoder> does postfix even obey it?[21:00:23] <cpm> port 587 must be authed.[21:00:24] <rob0> Why would an ISP block 587, other than out of extreme stupidity?[21:00:38] <cpm> extreme stupidity is reason enough to do anything.[21:00:43] <habnabit_> If a policy server returns 'dunno', postfix moves down to the next check on a restrictions list, right?[21:00:47] <Entelin> smtp can be authed, and can decide that based on where your coming from[21:00:51] <pickcoder> rob0: they don't have a reason right now because bots are still too busy abusing 25[21:01:00] <cpm> Entelin, do you really want to argue this?[21:01:05] <rob0> Too bad the marketplace is equally if not more stupid ... if not, Darwin's law would get rid of them.[21:01:40] <pickcoder> habnabit_: I think it depends on the context[21:02:32] <pickcoder> dunno confuses me sometimes[21:02:35] <pickcoder> heh[21:02:40] <cpm> Entelin, yes, the underlying mechanism is the same. However, port 587, again, is used for submitted mail to the queue. That's all.[21:04:05] <jlund> I have the Postfix 'submission' transport enabled in my setup. I just tested it and it seems to behave exactly the same as port 25 does. I can relay mail to my server through a port 587 telnet connection from an unauthenticated host. Is something configured improperly, or is this the default behavior? I just uncommented that line in master.cf.[21:04:31] <jlund> So for me at least, there isn't any reason at all why spammers couldn't start connecting to my server on port 587.[21:04:38] <cpm> in section 3.3 it states that the connection must be authed, and suggests that one can do that by all sorts of means, but common practice is sasl only, forced. And best practice is forced tls as well.[21:05:14] <cpm> jlund, what is your submission line in your master.cf?[21:05:49] <jlund> submission inet n - - - - smtpd[21:05:49] *** car_watt has joined #postfix[21:06:02] <rob0> !chroot[21:06:02] <knoba> rob0: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[21:06:20] <cpm> jlund you *DID NOT* uncomment the section.[21:06:27] <Entelin> heres whats going to happen, someday, 587 will be a security target for spammers just like 25 is now, because any mail server running on 587 is likely running the exact same daemon thats on 25 meaning anything that already is wrong with the deamon is also on submission. This will be exploited to send spam, and enduser isps will shut it down. This will happen if it becomes a sufficently popular port.[21:06:32] <cpm> there are 3 more lines, that are critical[21:06:38] <rob0> the indented -o lines which follow[21:06:41] <Entelin> until then ill use it though[21:06:45] <cpm> Entelin, how?[21:06:48] *** car_watt has quit IRC[21:07:03] <cpm> requires sasl auth? how are you going to spam it?[21:07:10] <cpm> give it your best shot.[21:07:13] *** car_watt has joined #postfix[21:07:31] <rob0> If you have AUTH credentials, indeed, you can exploit 587.[21:07:37] <jlund> cpm: I only see two indented lines but I feel pretty silly now.[21:07:44] <Entelin> well, according to master.cf its running the same deamon anyway. so if some moron makes it an open relay, or a security flaw does the same, you have the same issue[21:07:45] <rob0> cpm, this guy just isn't getting it.[21:07:51] <cpm> you can't exploit it, if you have permission.[21:07:57] <cpm> rob0, no, he doesn't get it.[21:08:12] <rob0> Must be a lawyer.[21:08:17] <jlund> cpm: '-o smtpd_etrn_restrictions=reject' and '-o smtpd_client_restrictions=permit_sasl_authenticated,reject' -- are there any others?[21:08:54] <cpm> umm, yeah, there *should* (and is by default, in a normal package) -o smtpd_enforce_tls=yes[21:09:52] <cpm> Entelin, again, and for the last time. port 587 *requires* authentication.[21:10:01] <cpm> no tickee, no laundry.[21:10:23] <jlund> cpm: This is an older version. 2.2.10. Thank you for your help. I was wondering what was wrong. I can't believe I didn't see those lines.[21:11:28] <cpm> jlund, it's okay. Common amongst folks who don't read.[21:11:29] <cpm> :)[21:12:02] <jlund> My distro didn't have a comment above the lines at all[21:12:06] *** brancaleone has quit IRC[21:13:10] <cpm> No, it wouldn't. Believe it or not. There is a whole world of documentation outside of comments in conf files, and a solid postmaster would do well to familiarize themselves with some of these.[21:13:22] <Entelin> actually according to the master.cf file im looking at it isnt the default, the options are commented out on additional lines below the protocol line, which you can then of course optionally uncomment. nothing *requires* anyone to uncomment those lines, and how much do you want to bet me that many people looking to get around the isp blocking dont wind up spending more than 2 seconds looking at that line, let alone reading the rfc[21:13:23] <Entelin> and actually learning that your supposed to run sasl on it.[21:13:54] *** Ryushin has joined #postfix[21:14:22] <Entelin> cpm: most people running mailservers are not "solid postmasters"[21:14:38] <rob0> Entelin, you're absolutely right, nothing prevents idiots from running mailservers. That's why we have blacklists.[21:15:48] <cpm> in fact, I'll have to agree, most people who run mailservers shouldn't. I can't argue with that.[21:16:08] <cpm> there ain't much 's' left in smtp.[21:16:26] <jlund> cpm: No need to be incredibly rude or dismissive. I'm still learning. I appreciate the help. The unchecked ego is completely inappropriate though.[21:16:44] <cpm> I apologize.[21:16:47] <Entelin> so that just returns me to my origonal arguement, that given that fact, even submission may one day be blocked by isp's outbound from home users[21:16:54] <cpm> Entelin, fine.[21:17:06] <cpm> I'm completely okay with that.[21:17:52] <cpm> for a long time, many isps have been offering webmail interfaces for those who are unable to make effective use of their email clients. Not optimum, I'll grant. But if that's what it comes to, oh well.[21:17:55] *** shinao1 has joined #postfix[21:18:27] <cpm> jlund, http://www.postfix.org/documentation.html[21:18:39] <Entelin> which is why I made the comment about the submission port to start with, just have people run their submit ports on whatever they will, dont assign some standard to it and there will never be one to block.[21:19:12] <jlund> FWIW I think that Entelin is being crazy. Port 587 is part of the RFC and when properly configured is totally secure. It will never be blocked. I think you're grouping me with him when I'm obviously a competent sysadmin who is just starting to learn about mail servers. I recognized that something was wrong and asked for help which you provided. I shouldn't feel insulted afterward. How would I have noticed there was a problem if I was ignorant?[21:19:12] <rob0> And MUAs won't be able to support it, so no one will ever use anything but 25.[21:19:15] <pickcoder> xpoint: hosts.deny isn't permanent[21:19:45] <cpm> jlund, no, I am not grouping you. Really.[21:19:55] <rob0> Why is jlund getting so defensive? I didn't see anyone attacking him.[21:20:03] <rob0> Get a grip.[21:20:18] <jlund> cpm: jlund, it's okay. Common amongst folks who don't read.[21:20:20] <xpoint> pickcoder, hmm thats so why i use shorewall[21:20:24] <jlund> cpm: No, it wouldn't. Believe it or not. There is a whole world of documentation outside of comments in conf files, and a solid postmaster would do well to familiarize themselves with some of these.[21:20:26] <Entelin> jlund: actually i do know what im talking about, ive run a small isp for 10 some years (qmail not postfix though)[21:21:10] <rob0> qmail is so lacking in functionality that you don't really learn much from it, from what I've seen anyway.[21:21:17] <pickcoder> it still follows unban practice[21:21:32] <pickcoder> I just made it 2 weeks[21:21:38] <xpoint> pickcoder, change the action to not unban[21:21:46] <Entelin> the base package is yes, and ive been looking into postfix for some of those reasons, but qmail is just so elegant[21:21:52] <pickcoder> that's a new one for me.. how?[21:22:12] <rob0> ewww[21:22:25] <Entelin> i use qmail-ldap though, it comes with a number of features that the base system doesnt[21:22:27] * cpm bows to rob, and bows out. Have a good weekend all.[21:22:32] *** cpm has quit IRC[21:22:32] <xpoint> pickcoder, make the unban empty[21:23:03] <xpoint> pickcoder, eg make no changes on unban :)[21:23:58] <pickcoder> I'm lost[21:24:06] <xpoint> pickcoder, good :)[21:24:08] <Entelin> pickcoder, to appreciate qmail you would have to be familiar with it... ive done some programming with it and I really like it a lot[21:24:09] <pickcoder> all I do is action = hostsdeny[21:24:20] <pickcoder> configure the failregex[21:24:22] <pickcoder> and setup the jail[21:24:29] <Entelin> its very very modular[21:24:45] <pickcoder> Entelin: this isn't #qmail[21:24:47] <xpoint> pickcoder, change the hostdeny action file to not do unban save it withj hostdeny.local[21:24:54] <pickcoder> oh[21:24:56] <pickcoder> got ya[21:24:59] <pickcoder> :/[21:25:00] <Entelin> pickcoder, im just answering your question[21:25:09] <pickcoder> Entelin: I didn't ask you about qmail[21:25:39] <Entelin> <pickcoder> that's a new one for me.. how?, in responce to my comment right? :/[21:25:42] <Entelin> anyway i gtg[21:25:47] <pickcoder> no[21:25:50] <pickcoder> to xpoint[21:25:52] <Entelin> ok[21:26:42] * pickcoder watches /etc/hosts.deny explode[21:26:58] <xpoint> proper does soon[21:27:00] <pickcoder> anything to reduce poor iptable's drop chains[21:27:13] <xpoint> out of disk space :)[21:27:16] <pickcoder> ugh[21:27:26] <pickcoder> 2GB of bans?[21:27:30] <pickcoder> that's a lot of bots[21:27:44] <pickcoder> I see why you're looking @ MysQL[21:27:45] <Entelin> doesnt that take a long time to parse?[21:27:47] <Entelin> :/[21:27:52] <xpoint> i just warn you on it, not if it will happend[21:28:03] <pickcoder> it probably will with my luck[21:30:05] <pickcoder> hrm.. there are definately more RBL blocks than anything else[21:31:04] <xpoint> pickcoder, if disk space is a issue make it dynamic in fail2ban not using hostdeny[21:31:48] <pickcoder> I was actually pondering using postgres or mysql in conjunction with iptables[21:31:50] <xpoint> i dont know if host.deny can do include hostdeny.local[21:32:30] <xpoint> pickcoder, make a postgresql action then[21:32:47] <pickcoder> then there's sqlite[21:32:49] <xpoint> where you add block ip with command line[21:32:49] <seekwill> sqlite[21:33:08] <pickcoder> would that be more accepted, you think, for a simple IP ban solution?[21:33:13] <xpoint> better gdbm :)[21:33:17] <pickcoder> heh[21:33:27] <pickcoder> I'll probably write it in perl[21:33:31] <xpoint> fail2ban is python, use gdbm is native[21:33:33] <pickcoder> so as long as there's a DBI for it[21:33:38] <pickcoder> oh[21:33:45] <pickcoder> I don't do Python yet[21:33:46] <pickcoder> :/[21:34:40] <pickcoder> better yet.. a direct action from postfix?[21:35:41] <pickcoder> the only problem there is situations where you want an extended ban, not permanent[21:39:29] <xpoint> pickcoder, thats why i like to see gdbm db for fail2ban[21:39:54] <xpoint> if hit on same ip, extend ban time[21:40:31] <xpoint> same way as queue manager do the sending of queue files[21:40:40] <xpoint> first in first out[21:41:05] <xpoint> let older wait[21:51:43] <pickcoder> how can there be a hit by a banned IP if no connection is allowed?[21:52:41] <pickcoder> or do you mean repeat offenders[21:54:48] <xpoint> i think future with gdbm :)[21:55:24] <xpoint> my plan was to let each ip be in gdbm even not banned[21:56:05] *** pitakill has quit IRC[21:56:06] <xpoint> so if ip is banned once and first time make a small ban time[21:57:25] <Dominian> fail2ban[21:57:27] <Dominian> ftw![21:57:30] *** tapped has joined #postfix[21:57:34] <pickcoder> would't it make more sense to do that directly from postfix?[21:57:50] <pickcoder> as a filter or some sort[21:57:55] <pickcoder> s/or/of[21:58:32] <tapped> should this addition to my master.cf "work"?[21:58:33] <tapped> fbl unix - n n - - pipe[21:58:33] <tapped> flags=F user=fbl argv=/bin/echo "test" > /home/fbl/test.txt[21:58:41] <xpoint> pickcoder, such software does not exists, i see fail2ban works here :-)[21:58:54] <pickcoder> xpoint: it also involves sniffing old news[21:59:09] <pickcoder> whereas a postfix filter could block it immediately[21:59:31] <pickcoder> must less disk I/O[21:59:38] <xpoint> pickcoder, shorewall reject ip[21:59:43] <xpoint> works live[21:59:52] <pickcoder> but it still polls the log files[22:00:04] <pickcoder> I'm suggesting to not even consider the logs[22:00:06] <xpoint> so what ? :-)[22:00:27] <pickcoder> apparently, something log related is breaking fail2ban here[22:00:32] <pickcoder> logrotate or something else[22:01:00] <xpoint> running gamin ?[22:01:04] <pickcoder> no[22:01:11] <xpoint> install[22:01:28] <xpoint> see fail2ban.conf[22:02:34] <pickcoder> not much there[22:03:33] *** entropic_ has joined #postfix[22:03:40] <xpoint> tapped, that was olso my ideer to make fail2ban use comand line tools to update gdbm or mysql or postgresql or sqlite, to get a persistense db[22:04:15] *** entropic_ has quit IRC[22:04:29] <tapped> huh?[22:05:34] <pickcoder> tapped:is fbl a valid user[22:05:43] <tapped> yes[22:06:12] <pickcoder> tapped: check your mail logs for permission errors[22:06:28] <xpoint> hehe[22:06:29] <pickcoder> I have a custom pipe transport that works just fine, but I'm pulling the message in via stdin[22:07:08] <tapped> pickcoder, it says delivered to mailbox[22:07:11] <tapped> nothing about postfix[22:07:17] *** REdOG has quit IRC[22:07:28] *** REdOG has joined #postfix[22:07:41] *** _Driver_ has quit IRC[22:08:02] *** Joe_Wulf has joined #postfix[22:08:09] <tapped> after editing master.cf, all i have to do is restart postfix right?[22:08:21] <pickcoder> yes[22:08:32] <tapped> i wonder why it's not working[22:08:52] <tapped> how about i try a simpler test?[22:11:30] <pickcoder> cat > /home/fbl/test.txt[22:11:44] <pickcoder> should contain the message[22:12:19] <tapped> wtf[22:12:21] <tapped> i tried:[22:12:21] <tapped> fbl unix - n n - - pipe[22:12:22] <tapped> flags=F user=fbl argv=/bin/touch /home/fbl/test.txt[22:12:23] <tapped> and no go[22:15:10] <drzed_> re[22:15:42] <rob0> touch(1) doesn't read stdin[22:16:05] <drzed_> how can i config postfix that it accepts every incommoing mail but deliver it to /dev/null (i.e. dump it)?[22:17:01] <rob0> Tell me why, maybe I'll point you in the right direction. :)[22:17:07] <xpoint> (/^/ discard[22:17:10] <tapped> pickcoder, i tried yours too[22:17:11] *** JoeWulf has quit IRC[22:17:13] <tapped> that doesn't work[22:17:15] <tapped> arg!!![22:17:26] <pickcoder> tapped: do you see "relay=fbl" in your mail logs?[22:18:02] <rob0> and why not just deliver it to fbl using local(8)?[22:18:03] <tapped> no[22:18:04] <drzed_> rob0: its for analyzing incomming mail traffic (using tcpdump)[22:18:11] <xpoint> pickcoder, you begin to understand i do not mess with postfix ? :-)[22:18:11] <pickcoder> then fbl isn't being used[22:18:25] <pickcoder> xpoint: of course not[22:18:35] <xpoint> hehe[22:19:06] <xpoint> pickcoder, fail2ban does not change my email routeing in postfix[22:19:34] *** pirho has joined #postfix[22:19:34] <pickcoder> tapped: how are you using fbl?[22:19:41] <tapped> what do yo umean?[22:19:53] *** entropic has quit IRC[22:20:17] <pickcoder> it's a pipe service.. how does mail get to it[22:20:43] <pickcoder> in my case, I'm using a transport that sends the mail to a "queue" hop/pipe transport[22:20:56] <rob0> drzed_, discard(8) transport[22:21:21] <tapped> pickcoder, i'm not sure[22:21:27] <rob0> Has tapped yet explained what the goal is?[22:21:32] <pickcoder> no[22:21:40] <tapped> i just setup a user "fbl" and then added that line to master.cf thinking that's all i needed to do[22:21:53] <tapped> because i have another program running that does something similar[22:21:53] <rob0> what is the goal?[22:22:22] *** xiaomai has joined #postfix[22:22:24] <tapped> a mail is sent to fbl, some process uses the data within the main to do some processing[22:22:33] <rob0> 20:18 < rob0> and why not just deliver it to fbl using local(8)?[22:22:35] <pickcoder> xpoint: I'll go with you there. it's better not have a filter in the middle unless needed[22:23:01] <tapped> rob, deliver it?[22:23:04] <xiaomai> i have a postfix installation that only has one message in the queue (it's active), but isn't getting delivered. i've been noticing this a lot (many active messages in the queue--but no activity at all in the logs). the system has 0 load. what kinds of config parameters should i be looking into?[22:23:08] <tapped> i just want to use the data then delete the mail[22:23:12] <pickcoder> s/better/best to[22:23:32] <rob0> tapped, "man local"[22:24:20] <tapped> what am i supposed to be looking for[22:24:42] <tapped> n/m[22:24:47] <seekwill> xiaomai: Make sure your box can deliver to it... try telnet[22:24:56] <rob0> .forward, deliver to command[22:25:21] *** adaptr has quit IRC[22:25:23] <xiaomai> seekwill: it's going through a relayhost, but i am able to telnet to the relay host fine[22:25:37] *** adaptr has joined #postfix[22:25:48] *** Knoedel_ has quit IRC[22:26:00] <pickcoder> xiaomai: does mailq tell you why it's sitting there?[22:26:02] <seekwill> Logs have anything interesting?[22:26:04] <pickcoder> or is it just queued[22:26:19] <pickcoder> with an * on the queue ID[22:27:11] *** hparker has quit IRC[22:27:22] <xiaomai> pickcoder: it just shows it as active (w/ the *)[22:27:39] <xiaomai> pickcoder: hold on, maybe it had been deferred previously... it got a read timeout from the relayhost[22:27:43] <xiaomai> maybe my backoff time is too long?[22:27:51] <xiaomai> so it's just not retrying even after i flushed the queue several minutes ago?[22:28:57] <pickcoder> xiaomai: your logs will tell you.. just grep for the destination address[22:29:41] <xiaomai> pickcoder: thanks[22:51:35] *** echelog has joined #postfix[22:52:39] *** entropic has joined #postfix[22:52:53] *** McJerry has joined #postfix[22:53:34] *** elux has left #postfix[22:55:13] <pickcoder> impatient people[22:58:16] *** pingouin has quit IRC[22:58:56] <xpoint> pickcoder, yep, we can say 42 next time without thinking :-)[23:01:40] * pickcoder notes impatient users too[23:01:53] <pickcoder> I love tandeming to a "froze" port to see it working[23:02:05] *** Knoedel2 has joined #postfix[23:02:10] <pickcoder> especially when I'm in the middle of trying to fix another REAL problem[23:03:19] <xpoint> dont fix your postfix[23:03:48] <xpoint> its better to scan logs then to get more problems[23:04:21] <seekwill> It's better to ignore your logs and pretend everything is running just peachy[23:06:01] *** tapped has quit IRC[23:06:25] <pickcoder> nothing to do with postfix[23:06:41] <pickcoder> my admin scope far exceeds mail admin[23:12:20] *** habnabit_ has left #postfix[23:13:25] <pickcoder> /etc/hosts.deny is nearing 1000 IPs[23:15:15] <seekwill> People still use hosts.deny?[23:15:24] <pickcoder> I'm trying it out[23:15:28] <pickcoder> for extended ban times[23:15:30] <sysmonk> seekwill: i'm using hosts.allow[23:15:42] <sysmonk> mostly for sshd : DENY : ALL[23:15:43] <sysmonk> :)[23:16:04] <seekwill> I thought that was only for things than ran in inetd[23:16:18] <seekwill> I block all that stuff anyways at the firewall[23:16:30] <sysmonk> seekwill: nope[23:16:39] <sysmonk> seekwill: hosts.allow is for everything that uses tcpwrappers[23:16:43] <sysmonk> sshd does use them[23:16:50] <seekwill> Does postfix?[23:17:55] <sysmonk> hm, dunno, but i thought it doesn't[23:18:37] <Dominian> I don't think postfix uses hosts.deny,allow[23:19:05] * seekwill hugs firewalls[23:19:07] <pickcoder> doesn't look that way[23:19:13] <Dominian> seekwill: hehe yep[23:19:15] <sysmonk> seekwill: yeah, firewalls are better[23:19:21] <Dominian> iptables rocks[23:19:25] <pickcoder> until you reboot[23:19:27] <seekwill> I trust my Microsoft ISA server[23:19:32] <pickcoder> and lose all the rules[23:19:32] * sysmonk disagress with Dominian[23:19:37] <sysmonk> seekwill: :P[23:19:40] <seekwill> :P[23:20:36] <Dominian> pickcoder: why is that?[23:20:47] <Dominian> My firewall goes back right where I want it on every reboot ;)[23:20:54] *** githogori has joined #postfix[23:20:54] <Dominian> seekwill: ISA.. ick.[23:21:00] *** shinao1 has quit IRC[23:21:03] <Dominian> seekwill: don't get me wrong.. its nice, but freakin' overkill imo[23:21:17] <seekwill> Dominian: I hate ISA... :P[23:21:22] <Dominian> and I can't imagine using a Windows Server as a firewall[23:21:25] <Dominian> seekwill: ass[23:21:25] <sysmonk> I See Ass ?[23:21:33] <Dominian> heh[23:21:37] <seekwill> :P[23:22:18] <pickcoder> Dominian: that's why Cisco makes so much $[23:22:43] <Dominian> pickcoder: yeah I work on cisco[23:22:46] * Dominian shrugs[23:22:51] <Dominian> I still prefer iptables when I can use it[23:22:56] <Dominian> iptables-save > iptables.txt[23:22:57] <sysmonk> Dominian: on : for ?[23:23:03] <Dominian> mv iptables.txt /etc/iptables[23:23:17] <Dominian> cat "iptables-restore < /etc/iptables" /etc/rc.d/rc.local[23:23:18] <Dominian> done[23:23:24] <Dominian> actuall..[23:23:25] <Dominian> echo[23:23:27] <Dominian> but you get the picture[23:23:36] <Dominian> sysmonk: I do configurations for fireawlls/routers for lots of clients[23:23:49] <sysmonk> oh, so work WITH cisco ?[23:24:02] <Dominian> Yeah.. work with Cisco products[23:24:04] <Dominian> not for cisco[23:24:14] <sysmonk> heh, then that's allright[23:24:17] <Dominian> hehe[23:24:33] <Dominian> alright[23:24:35] <Dominian> crap[23:26:11] <xiaomai> i'm having to relay mail through godaddy's smtp server. i don't know the details of godaddy's setup, but telnetting to the ip of the relay they gave me brings up a different box each time. sometimes the box that comes up isn't responding, which causes all my mail to get deferred (smtp timeout). is there some way to tell postfix to try again (or to try again more often)?[23:28:02] <Dominian> It should try again on its own[23:28:06] <Dominian> deferral is a temp failure[23:28:15] <Dominian> postfix will automatically try again[23:28:27] <Dominian> or at least, by default. it should unless you've told it not to[23:29:05] <DarienWork> xiaomai: http://www.postfix.org/QSHAPE_README.html#deferred_queue[23:30:42] <Knoedel2> little question my postfix shows me always as client ip: 172.16.0.1[23:30:54] <Knoedel2> it doesnt matter from who i get a mail[23:33:13] <DarienWork> on sent messages or received message? are you referring to the 'Received' header?[23:34:54] *** GBE has joined #postfix[23:35:13] <Knoedel2> http://rafb.net/p/6qwKrG35.html[23:35:30] <Knoedel2> i'm testing only one way -> receiving[23:36:17] <GBE> Hello everyone! Would someone have a idea on how to delay email with .zip file for 24 hours?[23:37:41] <Knoedel2> any idea DarienWork ?[23:37:54] <DarienWork> never used postfix-policyd-sf[23:38:44] <DarienWork> hmm[23:38:55] <DarienWork> Knoedel2: are you on a LAN using those IP ranges?[23:39:35] <Knoedel2> yes[23:39:41] *** entropic has quit IRC[23:39:52] <Knoedel2> it's a jail and i'm connected over vpn[23:40:04] <Knoedel2> but port25 is also from wan reachable (NAT)[23:40:12] <seekwill> GBE: Curious, why would you want to do that?[23:41:42] <xiaomai> DarienWork: thanks. the queue is trying again eventually. I'd just like it to try again immediately (or at least soon) for this particular error, because I know that I will get it a lot[23:42:04] <DarienWork> xiaomai: then tweak the variables it gives you there, but don't be a dick about it - hammering the server may well get you banned[23:42:05] <xiaomai> DarienWork: is my only option to change the queue_run_delay down a bunch?[23:42:23] <DarienWork> and postfix should be able to pipeline any queued messages[23:42:25] <GBE> seekwill: I'm behing hit with 0-day trojans that both ClamAV and McAfee fail to detect.[23:42:43] <DarienWork> meaning that once you get a server that works, it should flush the queue to that server, if the server allows SMTP pipelining[23:42:58] <seekwill> GBE: ah![23:42:59] <rob0> xiaomai, honestly, Godaddy is one of the worst possible choices for colo/business ISP.[23:43:09] <seekwill> GBE: That's a good idea[23:43:11] <DarienWork> I'm hoping GoDaddy dies[23:43:13] <pickcoder> GBE: run amavis with spamassassin[23:43:23] <xiaomai> rob0: yeah, i hate godaddy. this isn't my site[23:43:24] <pickcoder> it catches most of that stuff before either of them know about it[23:44:32] <pickcoder> typically it's an exe inside a zip and I don't allow binaries[23:45:01] <GBE> pickcoder: Allright running amavis with both AV both it's not working.. And my SPAM defense are not working against it. SpamAssasion say it's clean.[23:45:07] <GBE> Allready, that is.[23:45:20] <pickcoder> more often than not the embedded attachment is undecipherable so it gets banned[23:46:34] <pickcoder> $banned_filename_re[23:47:03] *** Bagualas has quit IRC[23:48:08] <GBE> pickcoder: I'm not familliar with that. Is that SpamAssasin directive?[23:48:12] <pickcoder> amavis[23:48:17] <pickcoder> what distro[23:48:56] <GBE> pickcoder: Debian. Running amavis 2.4.2.[23:49:13] <pickcoder> /etc/amavis/20-debian_defaults[23:50:05] <pickcoder> # block certain double extensions anywhere in the base name[23:50:16] <pickcoder> # banned extension - basic[23:52:19] <GBE> pickcoder: Gotcha! So a << qr'[0-9]{6,}.*\.zip'i >> should do the trick since the virus is always using filename with a bunch of digits in it. << {6,} >> mean 6 times or more, right?[23:53:20] *** lambda has quit IRC[23:54:55] <pickcoder> not sure[23:55:20] <pickcoder> yeah that should work[23:57:11] *** pickcoder has quit IRC[23:57:13] *** adaptr has quit IRC[23:57:24] *** adaptr has joined #postfix[23:57:49] <GBE> I'll try and implements that right away...[23:57:53] *** f3ew has quit IRC[23:57:54] *** adaptr has quit IRC[23:58:01] * GBE goes plays with stuff and hopes not to break things.[23:58:53] *** f3ew has joined #postfix