August 26, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 26, 2008 [00:00:28] *** gcleric has joined #postfix[00:00:50] *** gcleric has quit IRC[00:01:02] *** entropic has joined #postfix[00:01:37] *** entropic has quit IRC[00:04:10] *** F6F has quit IRC[00:06:29] *** Tykling has left #postfix[00:07:23] <pickcoder> \o/[00:08:10] <roe_> how would I go about getting postfix to stop logging to /var/log/syslog and /var/log/mail.log[00:08:50] <pickcoder> man syslog[00:08:59] *** angryuser has joined #postfix[00:11:09] <roe_> man sylogd...[00:11:13] <roe_> er syslogd[00:11:47] <logione> ah ok[00:11:53] <logione> thx roe_[00:12:10] <logione> roe_ oups not for me sorry :([00:12:16] <roe_> hehe[00:12:21] <logione> :)[00:14:44] *** Broken|work_ has quit IRC[00:14:45] <roe_> by all acounts it should not be logging to /var/log/syslog at least as far as I can tell: http://www.pastebin.ca/1184703[00:14:55] *** Broken|work_ has joined #postfix[00:16:31] <pickcoder> looks like the mirror is working nicely[00:16:59] *** amrit|bbl is now known as amrit|wrk[00:17:13] *** DarienWork_ is now known as DarienWork[00:19:23] *** f3ew has quit IRC[00:19:23] *** VivekVC has quit IRC[00:19:46] *** VivekVC has joined #postfix[00:20:36] *** f3ew has joined #postfix[00:21:01] *** RedShift has quit IRC[00:21:07] <pickcoder> I wish njabl had a data feed[00:21:46] <xpoint> i wish i had a million[00:22:05] <xpoint> not flyies :)[00:31:46] *** danbeck has quit IRC[00:31:58] *** pirho has quit IRC[00:35:17] *** VivekVC has quit IRC[00:35:37] *** VivekVC has joined #postfix[00:36:00] *** VivekVC has quit IRC[00:42:09] *** xiaomai has quit IRC[00:44:18] *** deuterium has quit IRC[00:47:03] *** logione has quit IRC[00:54:57] *** higuita has quit IRC[00:57:55] <tapped> using a custom transport, can i pass the contents of the mail as well?[00:58:48] *** car_watt has quit IRC[00:59:35] *** war9407 has quit IRC[01:00:43] *** pickcoder has quit IRC[01:05:07] *** habnabit_ has joined #postfix[01:06:15] <habnabit_> When communicating with a policy daemon, does 'recipient' only contain the data from the RCPT TO command, or is it parsed out of the To header?[01:07:10] <rob0> A policy daemon does not see the content of the mail, so there is no To: header to parse.[01:07:27] <habnabit_> Right.[01:07:50] <habnabit_> But what comes in the 'recipient' attribute?[01:08:45] *** rootsvr has quit IRC[01:09:04] <rob0> Headers are not used for routing (at least, not by responsible software.)[01:09:14] <habnabit_> Okay, so it's just RCPT TO.[01:09:59] <habnabit_> And if there's multiple recipients, how are those passed in? Comma-delimited?[01:10:07] *** EasilyOdd has joined #postfix[01:10:29] <rob0> check the SMTPD_POLICY_README, I don't know[01:10:37] <habnabit_> I can't find it in there.[01:11:03] *** Masterkiller has quit IRC[01:11:16] <rob0> if the policy daemon is consulted per recipient, it would only be one recipient.[01:11:52] <rob0> if it was done at DATA or end_of_data, I don't know[01:12:03] <habnabit_> Alright.[01:15:00] *** f3ew has quit IRC[01:16:20] *** f3ew has joined #postfix[01:17:44] <Fallenou[oqp]> <matrixneo> Grumbl, gueule sur tout le monde :)[01:17:44] <Fallenou[oqp]> <Waren> :)[01:17:44] <Fallenou[oqp]> <Grumbl> Muarf[01:17:44] <Fallenou[oqp]> <Grumbl> :p[01:17:44] <Fallenou[oqp]> <matrixneo> Waren, tu veux mon ordi fixe, 4 giga en mémoire vive, 2 disque dur de 500 giga, 2 processeur atlhon 3000+ et une petite carte vidéo nvidia 512 mo ?[01:17:45] <Fallenou[oqp]> <Waren> bof, pas envie de taper dans de l'occaz[01:17:47] <Fallenou[oqp]> * Horus[Abs] is now known as Horus[01:17:51] <Fallenou[oqp]> <Milkaway> lol[01:17:53] <Fallenou[oqp]> oops désolé[01:17:55] <Fallenou[oqp]> sorry.[01:19:15] *** Fallenou[oqp] has quit IRC[01:19:46] *** tapped has quit IRC[01:30:07] *** Broken|work_ has quit IRC[01:47:11] *** Haris1 has quit IRC[02:02:38] *** mark-use_ has quit IRC[02:15:51] *** tshine has joined #postfix[02:18:35] *** jeffspeff has quit IRC[02:18:54] *** jeffspeff2 has joined #postfix[02:23:02] *** phoenix7863 has quit IRC[02:31:16] *** pitakill has joined #postfix[02:33:47] <thumbs> what the hell?[02:36:53] *** jeffspeff2 has quit IRC[02:37:34] *** McJerry has joined #postfix[02:39:42] *** McJerry has quit IRC[02:51:58] *** Drezard has joined #postfix[02:52:05] <Drezard> harlan, u here?[02:52:26] *** jeffspeff has joined #postfix[02:53:18] *** danbeck has joined #postfix[02:54:02] *** angryuser has quit IRC[02:54:59] *** Drezard_ has joined #postfix[02:56:11] *** Zblakany has quit IRC[02:57:02] *** hwdyki has joined #postfix[02:57:55] *** hwdyki has quit IRC[02:58:18] *** Masterkiller has joined #postfix[02:58:49] <Masterkiller> i have 20k mails in the active queue, could this be because the server i'm relaying to (my exchange box) isn't accepting them fast enough?[02:59:35] *** madrescher has quit IRC[03:02:25] <Masterkiller> also, after i restart postfix it seems like it pushes a whole bunch of emails through and the longer it goes the more it slows down...[03:04:24] <magyar> hi, I have a domain "domain.com" that has mysql virtual users and unix based users. How can I get postfix to deliver mail to both virtual and non-virtual users?[03:05:58] <magyar> i got the following settings: local_recipient_maps = $virtual_mailbox_maps $alias_maps proxy:unix:passwd.byname and virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf[03:06:50] <magyar> if I add domain.com to $mydestinations I get unix user email. if I remove that I get virtual only email[03:10:22] <Dominian> !transport[03:10:23] <knoba> Dominian: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[03:12:24] *** Drezard has quit IRC[03:16:21] *** higuita has joined #postfix[03:20:58] *** lambda has quit IRC[03:23:50] *** xpoint has quit IRC[03:24:23] *** jeffspeff has quit IRC[03:28:34] *** _Driver_ has quit IRC[03:36:17] *** pickcoder has joined #postfix[03:40:31] *** will_ has joined #postfix[03:47:37] <magyar> anyone?[03:48:15] *** githogori has quit IRC[03:56:37] *** mavrick61 has quit IRC[03:57:48] *** mavrick61 has joined #postfix[04:02:57] *** _nalle has quit IRC[04:26:49] *** amrit|wrk is now known as amrit|afk[04:37:07] *** mkcos has joined #postfix[04:41:12] *** ming_zym has joined #postfix[04:46:05] *** Pupeno has quit IRC[04:46:30] *** Pupeno has joined #postfix[04:48:05] *** _nalle has joined #postfix[04:50:33] *** Juspion has joined #postfix[04:54:24] *** will_ has quit IRC[05:25:29] *** goldfisc1li has joined #postfix[05:25:35] *** pickcoder has quit IRC[05:26:41] *** VaNNi has quit IRC[05:27:06] *** VaNNi has joined #postfix[05:34:50] *** mkcos has quit IRC[05:37:00] *** will_ has joined #postfix[05:37:50] *** pitakill_ has joined #postfix[05:38:36] *** goldfischli has quit IRC[05:38:40] *** pitakill has quit IRC[05:39:20] *** Juspion has quit IRC[05:41:25] *** will_ has quit IRC[05:44:23] *** will_ has joined #postfix[05:45:41] *** EasilyOdd has quit IRC[06:02:54] *** hparker has quit IRC[06:08:55] *** cilly has quit IRC[06:09:31] *** cilly has joined #postfix[06:09:58] *** Drezard_ has quit IRC[06:25:29] *** slurpee_ has joined #postfix[06:25:42] <slurpee_> can someone straighten out some questions I had about how /etc/hosts /etc/hostname /etc/mailname are supposed to be setup for postfix?[06:31:07] <will_> You're going to have to ask the questions...[06:31:33] *** saurabhb has joined #postfix[06:32:40] <slurpee_> well i am following a tutorial[06:32:58] <slurpee_> http://workaround.org/articles/ispmail-etch/[06:33:10] <slurpee_> "make sure that your /etc/hostname contains the host name without the domain part. The file /etc/mailname is supposed to contain the fully-qualified host name with the domain part."[06:34:18] <will_> ok[06:34:52] <slurpee_> "/etc/hosts = 127.0.0.1 mydomain.com" ? "/etc/hostname = domainwithougdotcom"? "/etc/mailname = mydomain.com?"[06:35:29] <will_> Do you know what a FQDN is?[06:36:17] <slurpee_> fully qualified domain name[06:36:47] <slurpee_> tutorial shows this as right "20.30.40.50 mailserver42.example.com mailserver42[06:36:49] <slurpee_> "[06:37:05] <slurpee_> i have no idea where he 20.30.40.50 come from....[06:37:14] <slurpee_> am I required to use mailserver42.domain?[06:37:17] <will_> mailserver42.example.com is a FQDN, since it has the hostname "mailserver42" and the domain name "example.com"[06:37:20] <will_> No[06:37:29] <will_> Oh my...[06:37:32] *** JoeWulf has quit IRC[06:37:38] *** lunaphyte_ has quit IRC[06:38:59] <will_> slurpee_: Google "/etc/hosts"[06:39:03] <will_> Read up on it[06:39:30] *** JoeWulf has joined #postfix[06:39:57] <slurpee_> i kno about /etc/hosts....[06:40:04] <slurpee_> 20.30.40.50 = ip ??[06:40:11] <slurpee_> such as 127.0.0.1?[06:40:20] <slurpee_> i was just confused how that tutorial was talking about it[06:40:26] <slurpee_> i figued it was something special for postfix[06:40:37] <will_> /etc/hosts is completely independent of postfix[06:42:59] <slurpee_> i followed this tutorial for a while yesterday on a test server[06:43:13] <slurpee_> i had some issues and i wanted to make sure i covered everything little thing before i tried on production server[06:43:37] <will_> What kind of issues?[06:43:37] <slurpee_> i had ispconfig with some old email settings and i believe it messed up postfix[06:43:50] <will_> Why do you believe that?[06:44:23] <slurpee_> folders for mail users weren't being created[06:44:56] <slurpee_> user was only in mysql database and i believe directory /var/mail/example.com/username[06:45:12] <slurpee_> that directory should have been created....it never was[06:45:22] <slurpee_> so when i would send mail, it said unknown user.[06:45:55] <will_> Looks like a bad tutorial, vs an incorrect hostname[06:46:33] <f3ew> It's a Debian thiny[06:46:35] <f3ew> thingy[06:46:44] <slurpee_> recommend a better postfix debian tutorial ?[06:46:57] <will_> It's always a Debian thingie...[06:47:09] <will_> Even in MySQL... They like to do things their way...[06:47:41] <slurpee_> i am about to start tutorial now. it will probably waste a few hours of my time...[06:48:13] <will_> slurpee_: Have you read The Book of Postfix?[06:48:24] <will_> It's really the only tutorial you need[06:48:49] <slurpee_> is it good for debian ?[06:49:28] <will_> I don't know. I don't have Debian.[06:49:39] <slurpee_> i think this tutorial will work[06:49:40] <will_> But it couldn't be that far off...[06:49:51] <slurpee_> it made good seemed to be correct and I got pretty far.[06:50:07] <slurpee_> hahah sorry. i am watching borat. it is making me type wrong.[06:50:16] <will_> heh[06:50:21] <slurpee_> movie never gets old.[06:50:33] * will_ didn't really care for it[06:50:34] <vice-versa> !tutorial[06:50:34] <knoba> vice-versa: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their mail server without reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to look for hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[06:51:36] <slurpee_> i read the thing for HOURS before I even tried it. then I tried is on a test server. now I am going through and setting it up knowing much better what I am doing.[06:54:31] *** CdK1 has joined #postfix[06:54:42] <CdK1> spanish?[06:54:47] <will_> english?[06:54:50] <CdK1> xD[06:54:57] <will_> SD[06:56:08] <slurpee_> hola[06:56:15] <CdK1> hola[06:56:23] <CdK1> slurpee_,[06:56:26] <CdK1> me puedes ayudar?[06:56:33] *** Chicago has quit IRC[06:56:58] *** Chicago has joined #postfix[06:58:48] <CdK1> slurpee_, ?[07:02:01] *** bhagat has joined #postfix[07:02:26] *** kk_CHN has joined #postfix[07:21:30] *** amrit|afk is now known as amrit[07:24:49] *** Chicago has quit IRC[07:27:44] *** githogori has joined #postfix[07:27:59] *** lunaphyte_ has joined #postfix[07:40:38] <slurpee_> damnit, it didn't work[07:40:44] <slurpee_> stopped at same spot as before[07:50:27] *** Pupeno has left #postfix[07:54:45] *** Lap_64 has joined #postfix[08:02:58] *** DDevine has quit IRC[08:10:27] *** CdK1 has left #postfix[08:11:50] *** danbeck has quit IRC[08:12:18] *** slurpee_ has quit IRC[08:15:28] *** leyoda has joined #postfix[08:15:36] *** leyoda has left #postfix[08:24:21] *** EasilyOdd has joined #postfix[08:28:57] *** will_ has quit IRC[08:31:10] *** madrescher has joined #postfix[08:33:35] *** sophokles has joined #postfix[08:42:45] *** Tinozaure is now known as _Tino[08:42:47] *** _Tino is now known as Tinozaure[08:47:04] *** sbaragnaus has joined #postfix[08:52:22] <sbaragnaus> how can I automatically delete all the incoming messages to unknown mailbox of my domain?? I want that all this kind of messages stay must me deleted automatically and don't stay in queue until I delete them manually .... but how to??[08:56:48] <dragonheart> sbaragnaus: the usual configuration is for unknown addresses to be rejected at connection time. i think you've done something in your config to accept all mailboxes[08:57:07] <dragonheart> please pastebin your postconf -n output[08:58:49] *** Haris1 has joined #postfix[08:58:53] <Haris1> Hello guys, people, everyone, all[08:58:56] <Haris1> I remember now[08:58:58] *** sbaragnaus has quit IRC[08:59:06] <Haris1> I didn't installed sasl auth, because it required cyrus sasl[08:59:12] *** sbaragnaus has joined #postfix[08:59:15] <Haris1> and not anything from courier-imap[08:59:23] <Haris1> We currently have courrier-imap[08:59:30] <Haris1> running as imap and pop3[08:59:46] <Haris1> If I introduce sasl-auth, I'll have to remove courier-imap and go to dovecot[09:01:15] <sbaragnaus> what can I check on main.cf??[09:02:25] <Haris1> cyrus or dovecot sasl[09:02:41] <dragonheart> how are mailboxes/valid recipients deteremined. this should be a discrete set. Is your config the primary entry and delivery point for mail?[09:03:00] <dragonheart> Haris1: what is your questions/objective?[09:03:37] <Haris1> to enable outgoing mail[09:03:47] <Haris1> legitimate outgoing mail[09:04:21] <dragonheart> ok - so you want some authentication on sending email?[09:04:28] <Haris1> yep[09:04:57] <dragonheart> you want this the same as your pop3/imap auth?[09:05:14] <sbaragnaus> Should I define local_recipient_maps in main.cf[09:05:14] <Haris1> obviously[09:05:54] <f3ew> sbaragnaus see the default[09:07:12] <dragonheart> Haris1: in master.cf there is a submission line. uncomment this. configure postfix to use the cyrus auth and its pretty much done - apart from telling users to use port 587 with authentication to send email[09:07:45] <Haris1> 587? can't it be done over standard smtp port?[09:07:55] <Haris1> ah, I'm afraid not[09:08:08] <Haris1> master will run another process which will listen on a seperate port[09:08:16] <dragonheart> as long as its a different ip that your standard mx[09:08:29] <Haris1> didnm[09:08:32] <dragonheart> yes - regarding sparate process[09:08:37] <Haris1> didn't understand the last part[09:08:41] <Haris1> different IP?[09:09:20] <dragonheart> you could make it run on port 25 if you run the service on a different IP address[09:10:41] *** viyyer has joined #postfix[09:14:05] <f3ew> Why?[09:14:55] <dragonheart> i was 1/2 thinkign about that myself. putting the same options on port 25 would work.[09:15:39] <dragonheart> the permit_sasl_authentication on recipient_restrictions you mean?[09:15:47] *** brancaleone has joined #postfix[09:22:14] *** amrit is now known as amrit|zzz[09:23:54] <f3ew> yes[09:30:18] *** sbaragnaus has left #postfix[09:31:08] <Haris1> so, its possible?>[09:41:54] *** madrescher has quit IRC[09:42:16] *** spy6 has quit IRC[09:57:53] *** war9407 has joined #postfix[10:01:47] *** F6F has joined #postfix[10:03:53] *** noneo has joined #postfix[10:05:47] *** spion has joined #postfix[10:06:39] *** denis has joined #postfix[10:19:45] *** Draecos has joined #postfix[10:31:21] *** Fallenou has joined #postfix[10:41:54] *** madrescher has joined #postfix[10:51:57] *** ming_zym has quit IRC[11:00:49] *** _bt has joined #postfix[11:33:57] *** mark-use has joined #postfix[11:57:24] *** madrescher has quit IRC[11:58:33] *** madrescher has joined #postfix[12:08:26] *** MrWax has joined #postfix[12:08:30] <MrWax> I have just installed postfix, and tested mailing with it[12:08:31] <MrWax> how can I now set up an email account for my domain? for example info@domain[12:08:48] <f3ew> useradd[12:09:12] <MrWax> lets say my domain name is midegro.com[12:09:30] <MrWax> and I like to set up info at midegro dot com, is it necessary to add user info?[12:10:35] <f3ew> or use an alias to send it to your real account[12:10:40] <f3ew> !address_class_readme[12:10:41] <knoba> f3ew: Error: "address_class_readme" is not a valid command.[12:10:55] <f3ew> http://www.postfix.org/ADDRESS_CLASS_README.html[12:10:57] <f3ew> Start there[12:13:39] <MrWax> ok hold on[12:13:42] <MrWax> i just followed http://wiki.debian.org/Postfix[12:13:45] <MrWax> till the word quit[12:13:54] <MrWax> is there a lot more needed to set postfix up properly?[12:17:00] <f3ew> no[12:17:09] <f3ew> It really depends on what you need[12:19:05] <MrWax> I just run a colocated server, on leaseweb.com, and would like to set up some mail accounts for only few domains running on that server[12:19:27] <MrWax> I maybe need to have some spam protection, or at least, everyone can use this server now to spam with right?[12:19:38] <MrWax> I was checking /var/log/mail.log, and saw some attempts[12:21:36] <MrWax> Aug 25 22:00:29 midegro postfix/smtpd[3219]: connect from 118-161-60-126.dynamic.hinet.net[118.161.60.126][12:21:39] <MrWax> not sure what that is[12:21:53] <MrWax> Aug 25 07:34:37 midegro postfix/smtpd[2639]: NOQUEUE: reject: RCPT from 118-160-45-95.dynamic.hinet.net[118.160.45.95]: 554 5.7.1 <yaya59yaya59 at yahoo dot com.tw>: Relay access denied; from=<ttc585ttc58[12:21:58] <MrWax> 5 at yahoo dot com.tw> to=<yaya59yaya59 at yahoo dot com.tw> proto=SMTP helo=<85.17.87.140>[12:24:00] <f3ew> MrWax, not unless you horribly misconfigured it[12:24:11] <f3ew> There's a HOWTO in the topic for hosting multiple domains[12:24:11] <MrWax> i did as what was in that wiki[12:24:33] <MrWax> so those attempts everyone has?[12:24:36] <f3ew> You aren't relaying, Postfix just logged a rejected spam attempt[12:24:37] <f3ew> yes[12:24:48] <f3ew> !cheatsheet[12:24:49] <knoba> f3ew: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[12:24:49] <MrWax> ok, sorry don't have any experience in setting up mailservers at all[12:24:52] <MrWax> was just worried[12:24:56] <f3ew> might be good reading as well[12:24:57] <f3ew> np[12:26:20] <MrWax> so, everyone on this system, for example someone using the php mail() function, can make use of the running postfix now right?[12:26:29] <MrWax> without having to fill in any conf[12:26:32] *** sypher has joined #postfix[12:28:18] *** pitakill_ has quit IRC[12:28:25] <f3ew> right[12:29:02] <MrWax> and anyone else without being on this system can't use the mail server?[12:29:07] <MrWax> how come it is protected like that auto?[12:29:17] *** F6F has quit IRC[12:29:32] *** F6F has joined #postfix[12:30:33] <Internat> its part of the config[12:30:51] <Internat> typically anything listed in mynetworks is allowed to relay through your server.[12:31:05] <Internat> since 127.0.0.x is in mynetworks by default it can.[12:31:18] <MrWax> Internat: where is mynetworks to be found?[12:31:33] <Internat> /etc/postfix/main.cf[12:31:36] <MrWax> se[12:31:37] <MrWax> c[12:33:49] <f3ew> Same defaults[12:33:52] <f3ew> Sane*[12:36:10] <Internat> :)[12:37:34] <MrWax> http://www.pastebin.ca/1185155[12:37:38] <MrWax> is this a good default setup ?[12:47:17] *** GoGi has joined #postfix[12:47:58] *** denis has quit IRC[13:00:48] <MrWax> anyone knows?[13:01:07] <f3ew> MrWax it's reasonable[13:05:19] <milligan_> I have set message_size_limit = 102400000 at the bottom of main.cf .. still, postconf -d says 10240000 .. (One less zero). Why's that ?[13:08:21] <f3ew> remove -d[13:08:27] <f3ew> or just use postconf -n[13:08:36] <milligan_> yeah, found after googling[13:08:38] * milligan_ slaps himself.[13:10:19] <MrWax> f3ew: aren't there any security problems wth it?[13:11:37] <f3ew> no[13:11:44] <MrWax> pl[13:11:44] <f3ew> milligan_ or man 1 postconf[13:11:44] <MrWax> ok[13:13:48] <MrWax> f3ew: what would be the fastest way to set up the email account info at midegro dot com[13:14:30] *** Masterkiller has left #postfix[13:14:43] <f3ew> MrWax useradd[13:15:31] <MrWax> f3ew: is the same as adduser?[13:15:37] <f3ew> yes[13:15:58] <MrWax> but that would mean, I would need to add users for 100s of users?[13:16:05] <MrWax> emailaccounts* srry[13:16:05] <f3ew> you have the domain in mydestination, so your accounts need to be in /etc/passwd[13:16:31] <f3ew> If you use virtual_mailbox_domains, then your accounts can be in a RDBMS or LDAP[13:16:55] <f3ew> you can use a RDBMS or LDAP with mydestination as wll, but then you need pam_mysql or pam_ldap configured[13:16:58] <MrWax> mydestination = localhost, waxland.midegro.com, localhost.midegro.com, localhost, mail.midegro.com[13:17:01] <MrWax> is this correct?[13:17:13] <MrWax> can localhost be wiped out of this?[13:17:27] <milligan_> f3ew, do you have any experience with dovecot, and the quota plugin ?[13:17:42] <f3ew> no[13:17:49] <f3ew> yes[13:18:00] <f3ew> Actually, you need to add midegro.com to that list[13:18:19] <f3ew> http://www.postfix.org/ADDRESS_CLASS_README.html <=== READ[13:18:21] <MrWax> and, for example if I make a new domain name, where I have another info account for[13:18:23] *** denis_ has joined #postfix[13:18:24] <MrWax> ok[13:19:33] <f3ew> Also, /topic[13:19:47] <f3ew> !howto[13:19:48] <knoba> f3ew: Error: "howto" is not a valid command.[13:20:05] <rob0> useradd(8) can easily be scripted to add users from a list.[13:20:28] <rob0> In my OS (Slackware), adduser(8) is a frontend for useradd.[13:22:32] *** denis__ has joined #postfix[13:26:48] *** alienbrain has joined #postfix[13:36:16] *** denis_ has quit IRC[13:36:33] *** madrescher has quit IRC[13:47:40] <xming> O_o allowing 100MB mails[13:50:39] <MrWax> f3ew: my english is quite bad, can't make a lot up out of those adress classes description[14:02:53] *** Lethargik has quit IRC[14:13:47] *** suwro has joined #postfix[14:13:52] <suwro> hello[14:14:22] *** Zblakany has joined #postfix[14:16:04] <suwro> I use 2 servers one with DNS + Web + mail and the second for mail only just for 1 domain. I put in DNS that mail for domain x is server2. but after a week mails still don't come. Do I have to tell in server1's postfig configuration that this mail to forward domain's x mail to server 2? if so - how do I do this?[14:17:51] <lunaphyte_> if mail is being delivered directly to server 2, then server 1's config is irrelevant.[14:18:12] <suwro> well mail's are not comming to server2...[14:18:40] <lunaphyte_> prove it.[14:18:51] <suwro> ping setrio.ro goes to server1 mail.setrio.ro goes to server2[14:19:26] <suwro> dig setrio.ro MX setrio.ro. 2730 IN MX 10 mx.setrio.ro.setrio.ro. 2730 IN MX 0 mail.setrio.ro.[14:20:16] <lunaphyte_> give an example of an email address that should be delivered to server 2[14:20:59] <suwro> mihai.nastasescu at setrio dot ro[14:21:56] <lunaphyte_> mail will be delivered to whatever device has 82.76.67.110[14:22:12] <lunaphyte_> (which, btw, appears to be running sendmail, not postfix).[14:22:40] <suwro> lunaphyte_: that's serve2[14:22:57] <suwro> lunaphyte_: the admin from there complains that the mails does not arive.[14:23:17] <suwro> lunaphyte_: thank you for your support - this prove that It's not my fault.[14:23:21] <lunaphyte_> as a side note, having 2 mx records that both ultimately point to the same ip address is pointless.[14:23:33] *** Zeit|awy_ has joined #postfix[14:23:57] <lunaphyte_> yes- if 82.76.67.110 is where mail should be going, then the person who maintains that server is at fault.[14:24:20] <suwro> lunaphyte_: this is set in my dns:[14:24:25] <suwro> IN MX 10 mail.setrio.ro. TXT "v=spf1 a mx ptr ~all"[14:24:38] <suwro> ...mail IN A 82.76.67.110[14:24:41] *** jssa has joined #postfix[14:24:47] <suwro> so that's all I can do..[14:24:55] <suwro> I don't have 2 mx-es in dns.[14:25:17] <lunaphyte_> the internet disagrees.[14:25:39] <suwro> lunaphyte_: you-re totally right![14:26:17] <suwro> lunaphyte_: I just saw that the default nameserver for this domain is not on my server any more.[14:27:09] <suwro> lunaphyte_: well - thank you again for this - I have to make a biiig mail... ;) - coz the Boss from there started yelling at me on the phone... grrr.[14:27:27] <lunaphyte_> good luck.[14:27:29] <suwro> lunaphyte_: I own you a dozen of beers[14:27:47] <lunaphyte_> :)[14:29:33] *** Zeit|awy has quit IRC[14:30:38] *** saurabhb has quit IRC[14:34:07] *** Knoedel2 has joined #postfix[14:36:16] <milligan_> I'm running spamassassin, razor, pyzor, amavisd, clamav, spf, postgrey. Are there any further actions I should/could take to prevent spam ?[14:36:21] <milligan_> (Except for dkim)[14:36:50] <jssa> I have a weird problem. I'm using virtual users (with a MySQL backend) and spamassassin as a transport[14:36:56] <jssa> I mean, as a filter[14:37:14] <jssa> When arrives a mail to a alias address[14:37:26] <jssa> is passed by postfix to spamassassin, but when it comes back[14:37:47] <lunaphyte_> milligan_: before you do any of that, you should be implementing basic smtpd_*_restrictions.[14:37:47] <f3ew> milligan_ !cheatsheet is your friend[14:37:49] <jssa> postfix's virtual rejects with "unknown user" message[14:38:19] <milligan_> lunaphyte, those are in place.[14:38:24] <milligan_> !cheatsheet[14:38:24] <knoba> milligan_: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[14:39:06] <lunaphyte_> !zen[14:39:07] <knoba> lunaphyte_: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL[14:39:18] <lunaphyte_> jssa: prove it.[14:39:43] <jssa> what do you mean, lunaphyte?[14:42:31] *** darkyo has joined #postfix[14:42:39] <lunaphyte_> show logs.[14:42:58] <jssa> I have the following sequence: postfix -> spamc -> sendmail .[14:43:15] *** ribasushi has quit IRC[14:43:40] *** ribasushi has joined #postfix[14:48:05] *** kk_CHN has quit IRC[14:51:35] <jssa> Lunaphyte : http://pastebin.com/m5952857f[14:52:33] *** xpoint has joined #postfix[14:54:33] <jssa> pay attention on how postfix first accepts the destination (before send it to spamassassin) and later complies about nonexistent user![14:57:41] <f3ew> !debug[14:57:41] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .[14:59:04] *** rootsvr has joined #postfix[15:00:51] *** PaSzCzUs has joined #postfix[15:00:54] <PaSzCzUs> hello[15:01:08] <PaSzCzUs> I have a problem with postfix + ldap + gnarwl[15:01:37] <PaSzCzUs> I set up vacation, when i send an email to account with running vacation i got an autoresponse[15:01:58] <PaSzCzUs> but mail that i send to that user is disappering[15:02:39] *** gypsym has joined #postfix[15:02:40] <gypsym> hi[15:02:50] <gypsym> there is a way to forxe postfix to empty queues?[15:03:33] <PaSzCzUs> jest[15:03:35] <PaSzCzUs> sendmail -q[15:03:47] <lunaphyte_> postsuper or postfix flush[15:04:41] <PaSzCzUs> does the same as -q afaik :)[15:04:58] <PaSzCzUs> anyway, backing to my problem[15:05:02] <PaSzCzUs> in logs i got only[15:05:11] <PaSzCzUs> relay=phamm, delay=13, delays=0.03/0.02/0/13, dsn=2.0.0, status=sent (delivered via phamm service)[15:05:38] <PaSzCzUs> :([15:05:50] <Dominian> gypsym: postqueue -f[15:07:26] *** RonDamon has joined #postfix[15:09:48] <milligan_> hm .. the spf site says that the perl version of the solution is mainly for "smallscale" sites. What's the definition of small in this case? Anyone know ?[15:10:38] <Dominian> How many emails per day does your server receive?[15:10:46] <RonDamon> hi all[15:10:59] <RonDamon> i have a problem with a server postfix/debian[15:12:58] <RonDamon> my server create many conections with servers external in 25 port[15:13:06] <RonDamon> is not the lan[15:13:13] <RonDamon> i am down the lan[15:13:24] <RonDamon> become from server[15:13:25] <milligan_> Dominian, not sure. several thousands though[15:13:50] <Dominian> milligan_: I'd say that isn't.. small scale.. but I could be wrong.[15:14:20] <gypsym> tanx, I'm using postfix with maildrop for the delivery, but sometimes I get this error status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock. )[15:14:28] <gypsym> but maildrop has the right gid[15:14:30] <gypsym> uid[15:14:39] <gypsym> and Maildir folder too[15:14:50] <RonDamon> postfix/smtp[1335]: C68607B4A6: to=<mike.pappalardo at degussa dot com>, relay=mailin-ip2.degussa.com[149.216.91.185], delay=9, status=deferred (host mailin-ip2.degussa.com[149.216.91.185] said[15:14:51] <RonDamon> : 452 Too many recipients received this hour (in reply to RCPT TO command))[15:14:52] <gypsym> (rwx for the user)[15:20:08] *** cilly has quit IRC[15:20:43] *** cilly has joined #postfix[15:35:42] *** jstrom has joined #postfix[15:36:59] <jstrom> hm, reading virtual(5) says that the lookup order should be user+foo@domain,user@domain, user+foo, user, and @domain.. but when my postfix, configured to use LDAP, talks with my backend, it checks for user@domain, domain, and then nothing else.. any pointers to why this is the case?[15:41:11] <gypsym> uhm[15:41:31] <gypsym> I've the dotlock problem just on local delivery[15:41:40] <RonDamon> is posible that my server was hacked ?[15:42:17] <RonDamon> because i delete all the conteain in /var/spool/postfix/deferred | defer | active | incoming | bounce[15:42:18] <gypsym> does postfix use two different system of delivery when local or external?[15:42:28] <RonDamon> and , when start again postfix[15:42:32] <RonDamon> the spam began too[15:42:59] <_bt> RonDamon: do you have websites on the same server[15:43:13] <RonDamon> _bt: yes[15:43:26] <_bt> RonDamon: likely that one of them has been compromised and is being used to send spam[15:43:50] <RonDamon> _bt, if i stop apache must be stopped right ?[15:44:02] <_bt> you can try stopping it and see what happens[15:45:22] <RonDamon> wait , i see[15:45:59] *** rootsvr has quit IRC[15:47:55] <jssa> I have a weird problem involving virtual users: http://pastebin.com/d33ff049e[15:49:20] <RonDamon> _bt: you know, i stop the web server and the volumen reduce[15:49:25] <RonDamon> drastically[15:49:34] <_bt> there you go[15:50:51] *** bhagat has quit IRC[15:51:04] <Knoedel2> how can i activate sa,greylisting,av for different mail accounts, f.g. mail1 at mail dot com = av on; grey off; spam on | mail2 at mail dot com = av on; grey on; spam on ?[15:51:21] <Knoedel2> which programs do i need or which commands[15:51:41] <Knoedel2> running a mailgateway so only checking nad relaying to mailserver[15:51:42] <RonDamon> _bt: woops , began again[15:51:49] <RonDamon> with apache stopped[15:53:42] <rob0> js, not strange at all, very common. First turn off verbose logging, then see:[15:53:48] <rob0> !unknown_virtual[15:53:48] <knoba> rob0: "unknown_virtual" : \"User unknown in virtual $X table\" means that the recipient domain was found in $virtual_$X_domains but the username@domain was not found in $virtual_$X_maps. ("$X" can be either alias or mailbox .)[15:54:24] <rob0> And to test your virtual_mailbox_maps :[15:54:28] <rob0> !postmapq[15:54:28] <knoba> rob0: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.[16:01:53] *** Draecos has quit IRC[16:06:27] *** car_watt has joined #postfix[16:10:03] *** maat has joined #postfix[16:11:26] <RonDamon> _bt: you know another option in case that the web server is not compromise ?[16:13:29] <maat> hi all[16:14:51] <maat> i'm trying to configure postfix so that it rejects "im out of the office" autoreplies when targeted to mailing lists email[16:15:14] <maat> but i've not been very successfull till now[16:16:00] * maat 's calling for help[16:16:03] *** gcleric has joined #postfix[16:16:19] <maat> i played with header regexp checks[16:17:09] <maat> and i can detect those ooo messages[16:17:34] <rob0> Postfix has no native feature to do that. Autoresponders are often written by clueless people, so they don't have standard headers. You might see what your mailing list software can do about it.[16:17:37] <maat> but either i reject all of them or i allow all[16:17:49] *** gcleric has quit IRC[16:17:57] <rob0> and that, too[16:18:29] <maat> impossible to check both List-Id and Subject at the same time ?[16:19:01] <rob0> header_checks are one header at a time.[16:19:26] <maat> my mailing list software does provide nothing helpful :-([16:19:43] <maat> ok[16:19:55] <magyar_> hi, can postfix deliver to virtual and non-virtual users of the same domain?[16:20:21] <rob0> !transport_maps[16:20:22] <knoba> rob0: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[16:20:35] <rob0> (I answered that for you yesterday.)[16:20:38] <Knoedel2> can someone help me pls ?[16:20:40] *** gcleric has joined #postfix[16:21:18] <maat> thanks rob0 i guess ill have to play with FILTER[16:21:39] <maat> \/List-Id:/ FILTER reject_clueless_autoreplies.sh[16:21:41] <rob0> yes, write your own filter, that would work[16:22:05] <maat> (or something like that)[16:22:15] <rob0> what MLM are you using?[16:22:29] <maat> mailman[16:23:33] <rob0> hmmm, they don't have any hooks for screening list submissions?[16:23:49] <maat> i dont think so[16:23:57] <maat> (but i can be wrong)[16:26:37] <jssa> Can someone helpme with this issue? http://pastebin.com/d65f3b63d[16:28:31] <rob0> You ask questions here, you read the channel.[16:29:05] <jssa> I'm using virtual users on a mysql backend[16:29:30] <jssa> but when using aliases, virtual can't find the recipients[16:29:31] <rob0> Yes, I answered more than a half hour ago.[16:30:09] <jssa> the config, tests and logs are here: http://pastebin.com/d65f3b63d[16:31:14] *** madrescher has joined #postfix[16:31:44] *** denis__ has quit IRC[16:32:11] *** _Driver_ has joined #postfix[16:39:31] <jssa> I know, rob0 . I've made some testing as you said, and the results are here: http://pastebin.com/d65f3b63d[16:39:42] <jssa> can you help me a little more, rob0 ?[16:39:46] <Radiance> any one experienced issues with thunderbird trying to use SSL smtp with postfix on port 465 ? (After some testing outlook works fine over port 465 but thunderbird refuses and keeps asking for the password while this is tripple checked)[16:40:14] <Radiance> switching thunderbird to use TLS then that works fine too[16:41:23] <mofino> 465?[16:42:04] <mofino> wow, been awhile since i've seen 465[16:47:44] *** RonDamon has left #postfix[16:49:38] *** pitakill has joined #postfix[16:50:24] *** eidolon has joined #postfix[16:51:34] <eidolon> hi folks, i want to set up my postfix install to allow SASL authed clients to relay off my 'external' postfix box (this is the one that is firewall / sqlgrey filter / etc). I only have 2-3 mobile users, so I'm trying to enable SASL auth for those users, and allow them to relay -anywhere-. The docs on postfix.org seem to be trying to set up SASL for specific hosts only - I want to allow any destination.[16:52:00] <magyar_> rob0, I read that but not 100% sure how do i work the transport file is it mydomain.com local: and i have 50 virtual users, so I need to add them one by one to user@mydomain virtual: ?[16:52:12] <Dominian> !sasl[16:52:13] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[16:52:27] <eidolon> here's my current sasl config: http://pastebin.stonekeep.com/5088[16:52:41] <eidolon> Dominian, gee, thanks - that's the doc i just said i was reading and had a question about :)[16:52:46] *** lambda has joined #postfix[16:52:47] <Dominian> that's the doc I used[16:52:53] <Dominian> and people can SASL auth from anywhere[16:53:27] <eidolon> but can they relay -to- anywhere. the sasl_password file seems to require a relay host. and the docs specify 'relayhost' in the main.cf... which naturally i dont' have,s ince that box is a smarthost already[16:54:20] <rob0> !virtual[16:54:21] <knoba> rob0: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[16:54:45] <Dominian> !rob0[16:54:46] <knoba> Dominian: "rob0" : a pathetic bot that reacts to newly joined users with reciting the !basic factoid :)[16:54:56] <rob0> jssa: ^^ look at that again and carefully note the difference between virtual ALIAS and MAILBOX domains/maps.[16:55:46] <jssa> ok, rob0, thanks[16:55:55] * Dominian gives rob0 a cookie[16:55:57] <rob0> Presence in virtual_alias_maps does not mean it doesn't have to be in virtual_mailbox_maps[16:56:08] <rob0> sorry for the multi-negative[16:56:27] <rob0> mmmm cooky![16:56:43] <eidolon> ~botsnack[16:56:49] <eidolon> ah, not that kidna bot :)[16:57:22] <rob0> also:[16:57:24] <rob0> !mung[16:57:25] <knoba> rob0: "mung" : Mash Until No Good : the art of obfuscating data which ultimately results in unintentional consequences such as making diagnostics impossible.[16:57:41] *** Knoedel2 has quit IRC[16:58:01] <rob0> using munged domain names is pretty risky in trying to fix an issue which requires knowing the domain names.[16:58:37] *** slurpee has joined #postfix[16:58:38] *** JoeWulf has quit IRC[16:59:14] <slurpee> I followed a tutorial on how to setup a mail server with postfix. i was never once told to setup my domain as an MX record.[16:59:22] <slurpee> i assume I need to do this?[16:59:29] <Dominian> technically, yes[16:59:44] <Dominian> if the A record for the domain points at that server... DNS will failover to the A record if there is no MX[16:59:58] <rob0> HOWTOs generally assume that you have some understanding of the basics you need to know.[17:00:29] *** Fallenou has quit IRC[17:00:47] <slurpee> I bought the domain from namecheap. i setup an A record for the static IP on the server to the domain.[17:01:39] <jssa> rob0: but if an address in virtual_alias_maps resolves to two recipients,[17:01:54] <jssa> then that address doesn't needs to be in virtual_mailbox_maps[17:02:01] <jssa> (only the two real recipients)[17:02:11] <jssa> Am I wrong?[17:02:31] <eidolon> an A record will work just as well as an MX record for most situations.[17:03:33] <slurpee> yes but I want to follow good practice :) so I should also update the MX record?[17:04:22] <eidolon> *shrug* for a single host, single domain, simple setup, it doesn't matter. i suppose it's good practice to have an MX record for your domain pointing to an appropriate host... but functionally, until you have more than 1 IP address for -anything-, it doesn't make any difference.[17:05:13] <mofino> MX isn't required...[17:05:50] <seekwill> But they make you look cool[17:05:56] <eidolon> *snork*[17:06:45] <rob0> !tell jssa unknown_virtual[17:07:02] <rob0> That applies based on the recipient domain.[17:07:08] *** JoeWulf has joined #postfix[17:07:17] *** mirrorcolor has joined #postfix[17:07:18] <rob0> Again, you munged until no good.[17:07:27] <jssa> :([17:08:41] <rob0> First, the original virtual mailbox address must be in virtual_mailbox_maps. Second, all virtual_alias_maps to which that address resolves must be real addresses.[17:08:48] <eidolon> sasl_passwd without a domain.. is it just username:password, where password is plaintext?[17:08:57] <slurpee> cool, I am a postfix newb. configuring my second production server.[17:09:01] <slurpee> i think this one might actually be working.[17:09:19] <rob0> If those addresses happen to be in virtual_mailbox_domains, they must also be in virtual_mailbox_maps.[17:09:38] <eidolon> i don't think you can count that you set up a postfix server if it didn't work :)[17:10:18] <slurpee> haha[17:10:20] <slurpee> good point[17:10:40] *** Lap_64 has quit IRC[17:10:47] *** sireasoning has joined #postfix[17:10:49] <slurpee> at first i was following a tutorial which was disabling system users in postfix and only using users in a mysql db.[17:10:52] *** suwro has left #postfix[17:11:08] <slurpee> i enabled the pam passb stuff and added a user to my linux system.[17:11:14] <slurpee> those users seems to be reciving mail.[17:11:33] <sireasoning> I am having a problem getting fprot-d and spamassassin working through postfix.[17:12:33] *** xnixan has quit IRC[17:12:44] <sireasoning> I can get fprot-d working through their install script which set up a Postfix After-Queue Content Filter[17:13:06] <sireasoning> I just can't find a way to pipe in spamassassin without creating a loop[17:15:35] <sireasoning> anyone have any ideas?[17:15:58] <eidolon> okay, i see the problem here. the SASL docs on psotfix are crap.[17:17:12] <rob0> Oh, I think the Postfix interface to SASL is pretty well documented. But indeed, Wietse made no attempt to document Cyrus SASL. Should he?[17:17:45] <eidolon> no, it's just confusing on the SASL_README what exactly he's describing in each section.[17:17:55] *** gcleric has left #postfix[17:17:58] <eidolon> i think i see waht i need to follow now - i'm reading.[17:20:29] *** gypsym has quit IRC[17:21:42] *** phoenix7863 has joined #postfix[17:22:08] *** phoenix7863 has quit IRC[17:24:02] *** madrescher has quit IRC[17:28:40] *** drindt has joined #postfix[17:29:41] *** _Driver_ has quit IRC[17:30:14] <drindt> hello, i try a simple setup because i had only a simple task receive emails from a domain and not more. so my question is, if it needs when i setup a virtual map? i want simply to add one entry and postfix store the mail into a maildir[17:30:19] *** _Driver_ has joined #postfix[17:32:29] <lunaphyte_> !basic[17:32:29] <knoba> lunaphyte_: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[17:33:16] <drindt> thanks[17:35:38] *** RonDamon has joined #postfix[17:36:29] *** felix-da-catz_zz is now known as felix-da-catz[17:36:38] <jssa> rob0: I solved the issue with virtual mailbox maps[17:36:52] <jssa> but now, virtual requires to have a uid / gid for the alias[17:36:55] <jssa> is that right???[17:38:00] <f3ew> not for an alias[17:40:03] *** TheVox has joined #postfix[17:42:37] <TheVox> ok, I've got a question that's probably going to get me a "use mailman|majordomo|listserv" answer, but...I rather keep things as simple as possible and avoid a mailing list manager....is there anyway to make postfix rewrite the From of a mail so it matches an alias? We are trying to get the extremely basic basics of a mailing list working...and it's not worth (in my mind, at least) to install a list managing software for one list with 200 people in it.[17:42:41] <jssa> I see...[17:42:56] <jssa> so, the problem is that virtual is NOT seeing my aliases....[17:43:18] <jssa> If I give uid/gid, it tries to deliver the mail to the mailbox[17:44:53] *** darkyo_ has joined #postfix[17:44:54] *** darkyo has quit IRC[17:45:30] *** drindt has quit IRC[17:45:51] *** JoeWulf has quit IRC[17:46:46] *** sireasoning has quit IRC[17:55:53] *** sypher has quit IRC[17:56:36] *** darkyo_ has quit IRC[17:57:41] *** alienbrain has quit IRC[18:00:47] <eidolon> welllll nuts. i'm still not seeing AUTH in the EHLO message :-/[18:02:20] <f3ew> what's in the logs?[18:02:38] <sysmonk> woot log?![18:02:39] <sysmonk> ;)[18:02:44] <eidolon> saslauthd is starting, doesn't show errors. but nothing in postix startup shows anyting sasl related.[18:03:20] <sysmonk> eidolon: pastebin your postconf -n[18:03:28] <eidolon> one moment.[18:04:04] <eidolon> http://pastebin.stonekeep.com/5091[18:05:01] <sysmonk> you don't have sasl authentication enabled[18:05:10] <eidolon> #[18:05:10] <eidolon> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000,[18:05:11] <sysmonk> so no AUTH in the EHLO will be sent[18:05:12] <eidolon> do?[18:05:16] <sysmonk> don't?[18:05:18] <eidolon> what else is needed? :)[18:05:25] <sysmonk> eidolon: smtpd_sasl_auth_enable = yes[18:05:33] <eidolon> ooo. that... looks clever. one moent. :)[18:05:39] <sysmonk> :))[18:05:40] <sysmonk> !sasl[18:05:41] <knoba> sysmonk: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[18:05:42] <sysmonk> eidolon: ^^[18:05:46] <eidolon> yes[18:05:48] <eidolon> i've read that :)[18:06:00] <sysmonk> next time try understanding what you read ;)[18:06:11] <eidolon> glrk![18:06:26] * eidolon is but a lowly sysadin, suh.[18:06:29] * eidolon edits meekly.[18:06:44] <vice-versa> huh? you mean postfix isn't clairvoyant?[18:06:47] <sysmonk> sysadin? :)[18:07:05] <eidolon> and a poor speller at that.[18:07:07] <rob0> Gungadin[18:07:10] <sysmonk> eidolon: do you belew in hare krishna?[18:07:20] <sysmonk> believe*[18:07:35] * sysmonk powers up his spellchecccccker[18:07:48] <rob0> !hare_krishna[18:07:49] <knoba> rob0: "hare_krishna" : Rumor has it that Hare Krishna means hire a consultant in Hindi.[18:08:05] * sysmonk loves that factoid[18:08:11] <sysmonk> it's my favourite for now :P[18:08:25] <jssa> If an address is found in virtual_alias_maps, redirecting to a lists of other addresses, it must be also in virtual_mailbox_maps???[18:08:26] <sysmonk> maybe untill i'll find a part-time remote job somewhere ...[18:08:39] <sysmonk> jssa: no[18:08:41] <jssa> (i'm going crazy with this problem...)[18:08:43] <eidolon> woote! an informitive message[18:08:43] <eidolon> Aug 26 12:07:56 guardian postfix/smtp[23597]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter[18:08:46] <eidolon> m/e edits :)[18:09:04] <jssa> ok, sysmonk, but virtual seems to be ignoring my virtual_alias_maps[18:09:05] <eidolon> aha. okay, sysmonk, here's where i get confused.[18:09:17] <sysmonk> jssa: postconf, logs, pastebin.[18:09:32] <jssa> hold on sysmonk[18:09:39] <eidolon> becuse that smtp_sasl_password_maps appears to be for when my postfix install istrying to authenticate -itself- to a remote install. that's not what i'm doing. i want users coming in to be prompted with AUTH[18:09:51] <sysmonk> right[18:10:04] <rob0> jssa: 15:08 < rob0> First, the original virtual mailbox address must be in virtual_mailbox_maps. Second, all virtual_alias_maps to which that address resolves must be real addresses. 15:09 < rob0> If those addresses happen to be in virtual_mailbox_domains, they must also be in virtual_mailbox_maps.[18:10:07] <eidolon> (that _maps entry is in teh README under 'authentication in the Postfix SMTP client."[18:10:08] <sysmonk> eidolon: did you make smtpD_sasl_auth_enable or smtp_sasl_auth_enable ?[18:10:08] *** manofwar has joined #postfix[18:10:17] * eidolon squints closely.[18:10:23] <eidolon> i did smtp_ not smtpd_[18:10:24] * eidolon changes[18:10:40] <rob0> !smtp!=smtpd[18:10:40] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[18:11:09] <eidolon> okay, don't see any warnings.[18:11:22] <eidolon> whoah[18:11:24] <sysmonk> great, then i'm going back to anime :)[18:11:26] <eidolon> now i don't see any helo at all.[18:11:27] <eidolon> nonon[18:11:29] <eidolon> hang on[18:11:31] * sysmonk has an anime-watching-day today[18:11:39] <eidolon> it's not answering at all now. i get a socket connect by no banner[18:11:59] <sysmonk> eidolon: is postfix runing at all ?[18:11:59] <sysmonk> ;)[18:12:01] <jssa> rob0 : The aliases resolves to real addresses, but if I put the original address in virtual_mailbox_maps, then virtual looks for uid/gid[18:12:06] <sysmonk> if it does, what's in the log?[18:12:14] <eidolon> i think amavis is borked. sec.[18:12:21] <jssa> and if I put uid/gid... the looks for the mailbox path! :([18:12:27] <sysmonk> amavis shouldn't be a problem here, unless it's before-queue[18:12:33] <eidolon> oh sigh[18:12:37] <eidolon> hang on[18:12:37] <sysmonk> if it's after queue - it's not the case[18:12:45] <jssa> sysmonk: http://pastebin.com/d65f3b63d[18:13:01] <eidolon> http://pastebin.stonekeep.com/5092[18:13:08] <sysmonk> jssa: rob0 is handling your case ;) i want to go anime-watching asap so i'm only helping eidolon this time[18:13:28] * eidolon wooties.[18:13:57] * eidolon stops postfix[18:13:58] <jssa> ok, thanks anyway sysmonk[18:14:12] <sysmonk> eidolon: postconf -a does have cyrus in the output?[18:14:22] <eidolon> yessir.[18:14:53] <sysmonk> eidolon: pastebin your postconf -n again please[18:14:58] <eidolon> std by[18:15:28] <eidolon> http://pastebin.stonekeep.com/5093[18:17:07] <sysmonk> eidolon: pastebin your smtpd.conf[18:17:15] <eidolon> sec[18:17:42] <eidolon> http://pastebin.stonekeep.com/5094[18:18:51] <eidolon> (btw, note the path to the smtpd.conf file - that's what i'm understanding the path is, according tot eh postfix HOWTO)[18:19:04] <eidolon> but i'm not 100% sure that saslauthd in fact is using that[18:19:19] * vice-versa smells chroot poop[18:19:27] <eidolon> it's possible[18:19:37] <eidolon> this is Debian Etch[18:20:10] <manofwar> Hello[18:20:22] <eidolon> can i ask saslauthd a) if it loaded the smtpd.conf file, and b) where it got it from? maybe saslauthd in debg mode?[18:20:23] <sysmonk> eidolon: pastebin your master.cf[18:20:29] <eidolon> eef. k[18:20:32] <manofwar> Is anyone familiar with the network settings in /proc?[18:20:38] <eidolon> it's long :)[18:20:43] <eidolon> </overshare>[18:20:49] <vice-versa> !anyone[18:20:50] <knoba> vice-versa: "anyone" : Please do not ask if anyone uses someprogram. Instead ask your real question.[18:21:08] <manofwar> OK.[18:21:10] <manofwar> Isn't there a /proc setting to route packets out the same interface they came in on?[18:21:18] <eidolon> master.cf: http://pastebin.stonekeep.com/5095[18:21:20] <manofwar> I have a box with 2 internet connections and packets are always routed thru default gateway.[18:21:22] <sysmonk> is this a question for postfix manofwar ?[18:21:27] <manofwar> Yes[18:21:39] <sysmonk> i don't think so[18:21:43] <sysmonk> it's linux question[18:21:45] <sysmonk> not postfix question[18:21:53] <manofwar> I have SMTP sessions coming in thru 2 NIC's, both of which have Internet connections.[18:22:05] <jssa> Rob0, I'm really confused...[18:22:08] <manofwar> But responses are always routed thru default gateway instead of the nIC they came in on.[18:22:12] <eidolon> sysmonk, saw the master.cf?[18:22:18] <sysmonk> eidolon: line 10 in that pastebin, change the chroot to 'n'[18:22:25] <eidolon> GLRK[18:22:26] <sysmonk> 5th colon[18:22:26] *** sophokles has quit IRC[18:22:26] <jssa> the virtual alias table is supposed to rewrite the virtual address[18:22:29] <eidolon> yeah, i see it.[18:22:34] <eidolon> i'm a little nervous abotu doing that.[18:22:39] <sysmonk> manofwar: it's your linux problem, not postfix problem[18:22:45] <jssa> using the virtual_alias_maps, i'm right?[18:22:46] <eidolon> this is a pretty heavily used gateway. is this goign to break other stuff?[18:22:55] <sysmonk> eidolon: shouldn't[18:23:13] <eidolon> rgr. changing.[18:23:14] <jssa> so.... I don't understand why the message is still sent to the original (alias) address...[18:23:17] <manofwar> sysmonk: Then where should I ask my questions? I don't mean to waste anyone's time by posting in the wrong place.[18:23:36] <jssa> (and obviously the virtual delivery can't find the mailbox!)[18:23:39] <eidolon> just 'submission'?[18:23:40] <sysmonk> manofwar: it's linux networking question[18:23:43] <sysmonk> i don't use linux[18:23:47] <sysmonk> eidolon: ?![18:23:50] <eidolon> oops, sorry[18:23:52] <eidolon> smtp[18:23:59] <sysmonk> yes, try that[18:24:09] <sysmonk> (you're connecting via 25 and not 587 right now to test stuff, right?)[18:24:09] <eidolon> pastebin's line numbers != vim's line numbers, cuz of the cat command :)[18:24:14] <sysmonk> yes[18:24:15] <eidolon> yessir[18:24:52] <jssa> rob0, are u there?[18:25:41] <manofwar> well, thanks anyways dudes.[18:25:44] <eidolon> still not restarting[18:26:29] <sysmonk> eidolon: what's your postfix version? 2.5.x ?[18:26:30] <eidolon> stopping[18:26:41] <eidolon> um[18:26:58] <eidolon> according to apt, 2.3.8-2+etch1[18:27:08] <sysmonk> yuk[18:27:20] <sysmonk> i don't know where your smtpd.conf should be located[18:27:29] <sysmonk> i don't use lesbian^Wdebian linux[18:27:32] <eidolon> you think it's not being read?[18:27:37] <sysmonk> could be it[18:27:42] <eidolon> bleah. okay.[18:27:44] <sysmonk> eidolon: try locate smtpd.conf[18:27:59] <sysmonk> it might be in /lib/sasl2/ or whatever[18:28:06] <sysmonk> /var/lib/sasl2[18:28:13] <eidolon> the onlyh one is /etc/postfix/sasl/smtpd.conf[18:28:20] <sysmonk> was it there when you installed?[18:28:24] <eidolon> lemme see if i can get saslauthd to dump debugging[18:28:24] <sysmonk> or you created it ?[18:28:28] <eidolon> nosir. i created it.[18:28:33] *** Haris has quit IRC[18:28:33] <sysmonk> eidolon: it doesn't get that far[18:28:40] * eidolon stops saslauthd[18:28:41] <sysmonk> it doesn't get to saslauthd at all[18:28:44] * eidolon nods.[18:28:52] <eidolon> chroot?[18:28:53] <jssa> rob0, my question is: Why must I add an address to virtual_mailbox_maps if it is already in virtual_alias_maps? (it is an alias, not a real address!)[18:28:57] <sysmonk> eidolon: try mv /etc/postfix/sasl /etc/postfix/sasl2[18:29:03] <eidolon> k[18:29:37] *** alphanet has joined #postfix[18:30:05] * eidolon is also trying to turn on debugging[18:30:13] <eidolon> /etc/default/saslauthd has a bunch of settings[18:30:29] <eidolon> ahhh[18:30:30] <eidolon> helpful![18:30:43] <sysmonk> what's helpful?[18:30:58] <alphanet> hello, I would like to be able to send mail directly (no smart-host), unless the destination e-mail address has ".smart-host". In that case, I would like to remove the ".smart-host" `extension' and send through a smart-host. I shall assume this must be some rewriting in the transport map, but so far I haven't found out how. Any pointers? thank you.[18:31:09] <eidolon> http://pastebin.stonekeep.com/5096[18:31:29] <eidolon> it doesn'ta ppear to be referencing smtpd.conf at all[18:31:38] <eidolon> let me see if postfix tickles it.[18:31:48] <sysmonk> eidolon: man[18:31:51] <sysmonk> eidolon: saslauthd != sasl[18:31:54] *** mirrorcolor has quit IRC[18:31:55] <eidolon> ??[18:31:57] <sysmonk> eidolon: it doesn't even get to saslauthd yet[18:32:06] <sysmonk> it's stuck in 'sasl' now[18:32:09] <eidolon> OIC[18:32:11] <eidolon> okay[18:32:43] <eidolon> so now what? :)[18:32:54] <sysmonk> did you rename sasl to sasl2 ?[18:32:56] <eidolon> oh, i moved the... yeah[18:33:00] <eidolon> i didn't restart yet though, sec.[18:33:01] <sysmonk> restarted?[18:33:19] <sysmonk> did you check if you can telnet?[18:33:29] *** brancaleone has quit IRC[18:33:32] <sysmonk> did you send me your 2-years-worth sallary?[18:33:41] <eidolon> rewsi'm restarting now, sec. :)[18:33:59] <eidolon> stopping[18:34:24] <eidolon> still getting no applicable SASL mechanisms[18:34:49] <eidolon> i don't understand why this is happening though[18:34:49] *** logione has joined #postfix[18:34:49] <eidolon> Aug 26 12:34:06 guardian amavis[23773]: (23773-03) (!) FWD via SMTP: <cws at arisia dot org> -> <dbs at homeport dot org>, 450 4.4.1 Can't connect to 127.0.0.1 port 10025, (Bad file descriptor) at (eval 42) line 145, <GEN21> line 596., MTA([127.0.0.1]:10025), id=23773-03[18:34:58] <eidolon> prot 10025 is amavis, isn't it?[18:35:26] <eidolon> hrm. no, i'm wrong[18:35:40] <sysmonk> eidolon: locate sasl2[18:35:52] <eidolon> long list. whatcha want?[18:36:03] <sysmonk> pastebin it[18:36:05] <eidolon> k[18:36:24] <sysmonk> amavaisd can't reconnect to postfix cause there's some trouble with it[18:36:24] <eidolon> http://pastebin.stonekeep.com/5097[18:36:33] <eidolon> oh duh[18:36:36] <eidolon> yes, you're right, sorry[18:36:39] * eidolon is thick.[18:36:51] <sysmonk> eidolon: cp /etc/postfix/sasl2/smtpd.conf /usr/lib/sasl2/[18:36:59] <eidolon> rgr.[18:37:02] <eidolon> and restart?[18:37:02] <jssa> sysmonk, when you finish with eidolon, could you give me a hand?[18:37:11] <sysmonk> eidolon: try without it first[18:37:19] <eidolon> try.. sorry?[18:37:28] <sysmonk> nevermind, restart[18:37:33] <eidolon> k[18:37:51] <sysmonk> jssa: after i finish watches 'full metal alchemist' ... 53 series ...[18:38:05] <eidolon> restaertingrestarting.[18:38:30] <eidolon> stopping[18:38:41] <eidolon> Aug 26 12:38:25 guardian postfix/smtpd[24326]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms[18:38:51] *** brancaleone has joined #postfix[18:39:11] <eidolon> now it's psosible i'm missing pieces of sasl.[18:39:33] *** AcTiVaTe has joined #postfix[18:39:34] <eidolon> either libraries, binaries, whatever. i had to apt install sasl2...[18:40:11] * eidolon installs libsasl2-modules[18:40:13] <eidolon> for example.[18:40:31] <sysmonk> eidolon: just to be sure, postconf -a[18:40:47] <eidolon> cyrus / dovecot[18:41:14] <eidolon> hang on a moment![18:41:16] <alphanet> eidolon: could also happen if you have noplaintext somewhere, I had strange issues with that.[18:41:25] <eidolon> we may have success[18:41:50] *** pulsar has joined #postfix[18:41:53] <eidolon> 250-AUTH LOGIN PLAIN[18:41:57] <eidolon> SCOOOOOOOOOOOOOOOORRRRRRRRRRRRRRRRREEEEEEEEEEEEEEEEEEEEE[18:42:10] <sysmonk> i wasn't that happy when i first scored...[18:42:15] <vice-versa> missing libs?[18:42:17] <eidolon> i'm going to undo that chroot[18:42:20] <eidolon> yep, missing libs[18:42:25] <sysmonk> o_o[18:42:36] <eidolon> apt-cache install libsasl2-modules[18:42:46] <sysmonk> stupid debian[18:42:48] <sysmonk> or lesbian[18:42:50] <sysmonk> or whatever[18:42:51] <eidolon> that's the authentication modules.[18:42:55] <eidolon> apaprently :)[18:43:09] * sysmonk hugs freebsd[18:43:16] * eidolon was once a freebsd wank.[18:43:31] <vice-versa> yeah, have another look in /usr/lib/sasl2/ it should be obvious now[18:43:34] <eidolon> nothing different here. apt == ports packages :)[18:43:47] <sysmonk> i was a linux looser for a few years, happy freebsd looser for ~5+ years now[18:43:52] <eidolon> many more libs there now[18:43:57] <sysmonk> and i even don't want to look back at lunix[18:44:41] <eidolon> put the chroot back, seems okay[18:44:54] <sysmonk> question now is - which smtpd.conf is the right one :P[18:44:59] <eidolon> sysmonk, i owe you a beer, man. thanks.[18:45:04] <sysmonk> the one in /etc/postfix/sasl2 or in /var/lib/sasl2/[18:45:14] <eidolon> i cp'ed them over, so i don't know which one is 'real'[18:45:16] <eidolon> i'll tinker.[18:45:18] *** j_s has joined #postfix[18:45:19] <sysmonk> eidolon: suuuure... but i'll never get it, right? :)[18:45:24] <eidolon> dunno, ever in boston? :)[18:45:30] <sysmonk> hah[18:45:38] * eidolon guesses not.[18:45:40] <sysmonk> eidolon: ever in Lithuania ?[18:45:41] <sysmonk> ;)))[18:45:47] <eidolon> about as often as you're in boston :)[18:45:52] <sysmonk> yeah[18:45:58] <eidolon> anyway - appreciate it. happy anime-ing :)[18:46:09] * sysmonk powers up mplayer[18:46:31] *** pitakill has quit IRC[18:46:43] * eidolon hauls out the iphone and reconfigures outbound SMTP to use this gateway.[18:46:46] <cpm> heh[18:46:53] <jssa> sysmonk , rob0 : I'll kill my server's old sysadmin: he added "receive_override_options = no_address_mappings" on main.cf[18:47:09] *** manofwar has quit IRC[18:47:24] <jssa> and that's why virtual_alias_maps don't work...[18:49:23] *** viyyer has quit IRC[18:50:59] *** mofino has quit IRC[18:53:18] <eidolon> hmmhmmmm.[18:55:52] <eidolon> ZOMG! sasl gave me a USEFUL MESSAGE![18:56:03] <eidolon> Aug 26 12:45:53 guardian postfix/smtpd[24747]: looking for plugins in '/etc/postfix/sasl', failed to open directory, error: No such file or directory[18:56:12] <eidolon> This is a UNIX system! I can fix this![18:56:17] <eidolon> </movie_reference>[19:01:32] <eidolon> ping sysmonk? :)[19:01:55] <vice-versa> jssa: heh, there's actually a channel factoid about that[19:01:57] <eidolon> http://pastebin.stonekeep.com/5098[19:02:08] <vice-versa> !valiaswoes[19:02:08] <knoba> vice-versa: "valiaswoes" : Having virtual alias woes? Check if you're using no_address_mappings in receive_override_options. This will disable virtual alias map expansion, see the !receive_override_options channel factoid for more details[19:02:29] *** blackflag has quit IRC[19:03:35] <vice-versa> eidolon: chroot enabled again?[19:03:41] <eidolon> yep[19:03:58] <eidolon> ther'es some noise about symlinking something in /var/run to make ths socket visible.. i'm tryign to find the references.[19:06:39] *** blackflag has joined #postfix[19:07:29] *** TheVox has left #postfix[19:08:14] <eidolon> oh look. even in the docs for saslauthd: "# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd""[19:08:18] * eidolon doo doo doos.[19:09:54] *** ftp3 has joined #postfix[19:11:33] <eidolon> 35 2.0.0 Authentication successful[19:11:36] <eidolon> I ROCK LIKE NO OTHER[19:11:49] <vice-versa> lol[19:11:59] <ftp3> my postfix is running very slow.. I am reading here: http://www.postfix.org/faq.html#moby-linux it says: increase the default_process_limit setting in the main.cf file. there is no default_process_limit setting in the main.cf file.. i can add it.. but i do not even know what the default number is to raise it[19:12:35] <vice-versa> eidolon: now write a howto while it's fresh in your mind[19:12:50] <eidolon> while what's fresh in my mind?[19:12:56] <eidolon> *blank stares*[19:13:03] <eidolon> :)[19:13:04] <vice-versa> hh, who are you?[19:13:24] <jssa> thanks for your help rob0, vice-versa sysmonk! see you![19:13:27] *** jssa has quit IRC[19:13:35] <eidolon> who me?[19:13:38] <cpm> Pigeon friendly[19:13:45] <cpm> as pigeon's go.[19:14:14] <vice-versa> ftp3: postconf default_process_limit[19:14:40] <vice-versa> eidolon: ;)[19:15:24] * vice-versa suffers from dementia too[19:15:33] <ftp3> ahh, thank you vice-versa.. it is 100.. what do you think is a good number for a high traffic server?[19:16:14] <magyar_> rob0, my virtual users are mysql type[19:16:23] <eidolon> isn't there an 'smtp checker' (like thednsreport.com) that'll check your smtp server for Stupid Shit - like open relays and the like?[19:16:34] <shasta> ftp3, postconf -d variable_name will tell you the default value for variable_name[19:17:26] <vice-versa> ftp3: you should probably read the postfix bottleneck analysis & performance tuning docs[19:17:34] <vice-versa> !docs[19:17:34] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html[19:17:41] <ftp3> vice-versa, thanks[19:20:40] <magyar_> hi, i got an advice to use transport_maps. I have a domain with non-virtual and virtual (mysql based users) now I am not sure how I set transport to deliver "local" to mydomain.com and i have 50 sql users to the same domain[19:21:28] *** Daemonik has joined #postfix[19:21:30] *** TheVox has joined #postfix[19:22:16] <TheVox> can you do a regex:mysql:<sometable> for tables?[19:22:23] <TheVox> or is it one-type only?[19:23:13] <shasta> hehe, no you can't[19:23:24] *** githogori has quit IRC[19:25:55] <vice-versa> TheVox: what are you trying to accomplish, have a sql table containing regex patterns?[19:26:07] *** goibhniu has joined #postfix[19:26:14] *** alphanet has quit IRC[19:27:17] <shasta> iirc, you need postfix reload anyway to let postfix refresh the regexp: and pcre: tables[19:27:22] <shasta> correct me if i'm wrong[19:27:32] <shasta> so using SQL for that is pretty useless[19:27:36] *** f3ew has quit IRC[19:27:57] <TheVox> vice-versa: yup[19:28:06] <TheVox> vice-versa: for aliases maps[19:28:36] *** f3ew has joined #postfix[19:29:43] *** mirrorcolor has joined #postfix[19:31:55] *** TheVox` has joined #postfix[19:33:17] *** phoenix7863 has joined #postfix[19:34:14] <TheVox`> shasta: actually, the manual says that if you do changes to an SQL db you don't need to reload postfix[19:35:12] <TheVox`> shasta: and regex tables don't have to force a reload under all circumstances (I'd have to experiment to know if it'd be needed the way the people here want to do this...)[19:36:31] *** Internat has quit IRC[19:36:52] *** Internat has joined #postfix[19:37:44] <vice-versa> not for sql, but with regex and pcre it might be necessary for long running processes like trivial rewrite on a loaded server[19:38:47] <shasta> that's what I'm saying[19:39:12] <vice-versa> other short lived processes like local, cleanup, smtp etc. are somewhat more forgiving though[19:39:15] <TheVox`> vice-versa: read that...I may have to end up doing reloads....but...on the other hand, the reason they want to do regex:mysql: tables isn't avoiding reloads...on the other hand, I haven't read the specs of the stuff they are writing, so.... :)[19:40:15] <vice-versa> I take this is to appease some kind of management interface[19:40:58] <shasta> giving end-users power to use regexp? ohmy ;)[19:40:59] <TheVox`> nah, to appease a client...we are setting up an email cluster for a bit over 2 million accounts....they want some stupid stuff that we are trying to give them.[19:41:11] *** Hibbelharry has joined #postfix[19:41:26] <TheVox`> shasta: fortunately, once this thing is turned on, it's not my problem anymore lol![19:42:31] <vice-versa> sounds like a server one would want to avoid unnecessary reloads on though[19:42:49] <Hibbelharry> hi people, i need help. i have set up postfix on a new box and it ignores my aliases defined in /etc/aliases gracefully. i did postalias /etc/aliases and reloaded postfix. anyone here with a clue ? see main.cf here: http://pastebin.com/d62a0808d[19:43:54] <TheVox`> vice-versa: I absolutely agree on the avoidance of reloads...which is why they want to see if we can use regexes in the sql db...or at least that's what they told me...I just do infrastructure lol![19:44:31] <vice-versa> postconf -n output is prefered Hibbelharry[19:44:57] <Hibbelharry> ok, mom[19:45:42] <Hibbelharry> http://pastebin.com/d5a01820[19:47:00] <Hibbelharry> argh, should have inserted foobar stuff, nevermind, i'm tired ;)[19:47:24] <vice-versa> Hibbelharry: can you elaborate, what makes you think it's not working as expected?[19:47:24] *** brancaleone has quit IRC[19:47:35] *** jelly has quit IRC[19:48:06] <Hibbelharry> yip, i tried :)[19:48:31] <Hibbelharry> i have entrys like this in /etc/aliases: hibbelharry: me at hibbelharry dot de[19:49:00] <Hibbelharry> i also have a local account but i want mails to get forwarded to my external server, as some other people need[19:49:04] *** amrit|zzz is now known as amrit|wrk[19:49:09] <Hibbelharry> i gets delivered to the local mailstore[19:49:26] *** mark-use has quit IRC[19:50:47] *** TheVox has quit IRC[19:51:31] *** julian__ has joined #postfix[19:51:54] <vice-versa> have you confirmed the alias mapping with a postmap query?[19:52:01] <vice-versa> !postmapq[19:52:02] <knoba> vice-versa: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.[19:52:45] <Hibbelharry> let me try[19:53:47] <julian__> i'm consistently getting 'relay access denied' in the header of bounced mail sent from my machine. i've set a virtual_alias_domains and set the relay_host to $mydomain. if the reason for the failing is because my mail server doesn't like being a relayhost, what are my options?[19:54:11] <julian__> (aside from changing mail server)[19:56:13] * julian__ tries relayhost ""[19:56:29] <vice-versa> !relayhost[19:56:29] <knoba> vice-versa: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[19:56:33] <shasta> !relay_denied[19:56:34] <knoba> shasta: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[19:58:26] <Daemonik> The proprietary MTA we use here at work tells local MUAs that local mailboxes are busy sometimes. Postfix would be smarter and accept the message, queue it, and put it in the mailbox first chance instead of rejecting it right?[19:58:49] <Hibbelharry> somehow i still don't get this thingy. sure aliases are not used anywhere in the transport map from ldap. but i thought aliases are alway used first before using transport_map. am i wrong here ?[19:59:05] *** maat has quit IRC[19:59:10] <julian__> i fixed this once before but entirely forgot how i did it. i don't recognise the above solutions. anyway, isn't RCPT_DOMAIN the remote email addresss i'm sending to?[19:59:17] <Hibbelharry> and i somehow don't get this postmap thingy. no output for me. hmmm[20:00:14] <julian__> also, CLIENT_IP can't be in mynetworks as it's dynamic in my case..[20:00:45] <julian__> time for some googling.[20:03:26] *** phoenix7863 has quit IRC[20:03:35] <vice-versa> !sasl[20:03:35] <knoba> vice-versa: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[20:03:53] *** goibhniu has quit IRC[20:06:06] <Hibbelharry> did i get that right: using a transport map knocks out alias mapping ?[20:06:19] *** pitakill has joined #postfix[20:07:52] *** havvg has joined #postfix[20:11:00] *** jelly has joined #postfix[20:14:13] <Hibbelharry> !local_recipient_map[20:14:13] <knoba> Hibbelharry: Error: "local_recipient_map" is not a valid command.[20:14:21] <Hibbelharry> damn ;)[20:14:35] <sysmonk> !local_recipient_maps[20:14:36] <knoba> sysmonk: "local_recipient_maps" : a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.[20:14:55] <Hibbelharry> thx ;)[20:18:06] <vice-versa> Hibbelharry: a postmap query should look like this, postmap -q root hash:/etc/aliases[20:19:51] <Hibbelharry> no output[20:20:25] <vice-versa> you sure your db is being updated? ls -l /etc/aliases*[20:21:07] <Dominian> aliases.db is whaty ou should check[20:21:08] <vice-versa> no aliases.db?[20:21:09] <Hibbelharry> it's 20:20 here, hmm[20:21:29] *** Zblakany has quit IRC[20:21:58] <Hibbelharry> ls -l /etc |grep alias ;)[20:22:19] <Hibbelharry> timestamp on alias.db is correct[20:22:21] *** boink__ has joined #postfix[20:22:31] <Hibbelharry> it's 20:20 here localtime[20:22:40] <shasta> smmsp?[20:22:49] <shasta> i bet postfix can't read aliases.db ;)[20:22:56] <vice-versa> yup[20:23:01] <shasta> looks like a nasty sendmail leftover[20:23:01] <shasta> :p[20:23:06] <Hibbelharry> i'm curious on this too[20:23:30] <vice-versa> make the perms 644[20:23:30] <Hibbelharry> i just took this server over from someone who failed to setup things right TM ;)[20:24:07] <Hibbelharry> i did[20:24:11] <Hibbelharry> world readable[20:24:20] <Hibbelharry> still no output from postmap[20:24:37] <shasta> what's your postmap line?[20:24:53] <Hibbelharry> postmap -q root hash:/etc/aliases[20:25:14] <shasta> grep root /etc/aliases[20:25:19] <vice-versa> is there an actual alias for root?[20:25:36] <Hibbelharry> tons of outpout for root[20:25:41] <Hibbelharry> default system mappings[20:25:52] <Hibbelharry> webmaster: root ...and so on[20:25:55] <shasta> Hibbelharry, grep ^root /etc/aliases[20:25:58] <vice-versa> lhs?[20:26:52] <vice-versa> postmap -q webmaster hash:/etc/aliases[20:26:55] <vice-versa> root[20:27:37] <eidolon> will postfix always tag TLS encription in Received? or si that an option?[20:27:59] <Hibbelharry> grep ^root /etc/aliases : no output[20:28:19] <shasta> eidolon, smtpd_tls_received_header[20:28:27] <shasta> Hibbelharry, so there's no alias for root[20:28:29] <Hibbelharry> postmap -q webmaster hash:/etc/aliases gives me: root[20:28:37] <shasta> see? works fine[20:28:41] <Hibbelharry> yip[20:29:10] <Hibbelharry> think i got this postmap thing[20:29:13] <vice-versa> ok, now for the alias you say isn't working[20:29:37] <Hibbelharry> postmap -q hibbelharry gives me me at hibbelharry dot de which is fine[20:30:07] <Hibbelharry> last thing: why is this still ignored ? mailing[20:30:14] <Hibbelharry> still thinking[20:31:32] <Hibbelharry> just checked, still doesn't work[20:32:12] <eidolon> shasta, thanks[20:32:18] <Hibbelharry> sending a mail to hibbelharry at linksfraktion-bremen dot de is delivered internally instead of using alias to extern[20:32:27] *** TheVox` has left #postfix[20:33:16] *** githogori has joined #postfix[20:33:20] <shasta> is linksfraktion-bremen.de a local destination?[20:33:36] <shasta> (ie. handled by the local(8) delivery agent, not virtual(8)?)[20:34:02] <Hibbelharry> see my postconf -n where i forgot to remove that ;) http://pastebin.com/d5a01820[20:34:13] *** raz has quit IRC[20:34:14] *** boink__ is now known as raz[20:34:18] *** Haris has joined #postfix[20:34:34] *** julian__ has quit IRC[20:34:57] *** Haris1 has quit IRC[20:35:20] *** farspace has joined #postfix[20:35:58] *** hparker has joined #postfix[20:36:13] <shasta> there's no linksfraktion-bremen.de in mydestination[20:36:40] <eidolon> okayk, HERE'S a long shot. anyone set up postfix to take outbound messages from an iphone? with TLS and SASL auth? it's dropping somewhere, we're not sure why.[20:37:41] <Hibbelharry> servername is server1.linksfraktion-bremen.de, thought linksfraktion-bremen.de is the automatically taken into account[20:37:42] <vice-versa> defective chipset?[20:37:44] <DarienWork> eidolon: how do you have it set up?[20:37:44] * vice-versa hides[20:37:56] <DarienWork> eidolon: dovecot auth?[20:38:14] <eidolon> well, tls is working, sasl is working... oh, i see. Cyrus. mechs are PLAIN and LOGIN[20:38:31] <DarienWork> I have postfix/TLS + dovecot SASL and it works great[20:38:39] <DarienWork> mail just isn't being delivered?[20:38:39] <shasta> Hibbelharry, you might want to add mydomain=linksfraktion-bremen.de, and $mydomain to mydestination[20:38:40] <eidolon> what are you using for auth mechs?[20:38:54] <eidolon> yeah, it connects to the server, postfix shows a TLS convo starting then ending immediately[20:39:04] <eidolon> like there's a missing capability. and the mail stays in '1 unsent message'[20:39:06] <DarienWork> did you enable extended debugging?[20:39:28] <eidolon> not yet... my understanding it's a deluge of traffic when i do.[20:39:31] <eidolon> this is a =-very- busy mailserver.[20:39:40] <DarienWork> debug_peer_list = <iphone's IP address>[20:39:51] <DarienWork> then you'll get extremely verbose debugging for that IP[20:40:01] <DarienWork> when you're done, turn it off[20:40:02] <shasta> eidolon, what auth mechanisms can iphone do?[20:40:18] <eidolon> so under authentication i have MD5 Challenge-Response, NTLM, HTTP MD5 Digest, and Password[20:40:30] <eidolon> currently i'm using Password, which i had assumed was the same as PLAIN[20:40:40] <shasta> eidolon:[20:40:42] <shasta> !smtpd_sasl_security_options[20:40:43] <knoba> shasta: "smtpd_sasl_security_options" : a configuration parameter in the main.cf: Restrict what authentication mechanisms the Postfix SMTP server will offer to the client. The list of available authentication mechanisms is system dependent.[20:40:45] * eidolon waits for a factoid.[20:40:46] <shasta> !smtpd_sasl_tls_security_options[20:40:47] <knoba> shasta: "smtpd_sasl_tls_security_options" : The SASL authentication security options that the Postfix SMTP server uses for TLS encrypted SMTP sessions. This feature is available in Postfix 2.2 and later. See also smtpd_sasl_security_options[20:40:48] <Hibbelharry> still the same[20:41:11] <shasta> !debug_peer_list[20:41:11] <knoba> shasta: "debug_peer_list" : a configuration parameter in the main.cf: Optional list of SMTP client or server patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level.[20:41:35] <shasta> eidolon, use debug_peer_list and see what the iphone sends[20:41:47] <DarienWork> I have both of those two smtpd_sasl options set to 'noanonymous'[20:41:57] <DarienWork> (I have my system working with my iPhone via Password auth[20:41:58] <DarienWork> )[20:42:09] <eidolon> DarienWork, *nod* okay[20:42:29] <eidolon> shasta, hang on a sec.[20:42:32] <shasta> i'd add noplaintext to smtpd_sasl_security_options, but that's just me[20:43:57] <eidolon> k[20:44:34] <eidolon> smtpd_sasl_tls_security_options = noanonymous, noplaintext[20:44:34] <eidolon> smtpd_sasl_security_options = noanonymous, noplaintext[20:44:36] <eidolon> like that?[20:44:41] <shasta> no[20:44:55] * eidolon loses.[20:44:57] <shasta> why noplaintext for tls-secured connection?[20:45:12] <eidolon> oops[20:45:14] <eidolon> good point.[20:45:29] *** adaptr_ is now known as adaptr[20:46:20] <eidolon> okay, refreshed.[20:46:22] <DarienWork> I set smtpd_tls_auth_only[20:46:33] <DarienWork> so postfix won't even offer AUTH until after STARTTLS[20:46:33] <eidolon> Aug 26 14:46:34 guardian postfix/smtpd[26756]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms[20:46:33] <eidolon> Aug 26 14:46:34 guardian postfix/smtpd[26756]: fatal: no SASL authentication mechanisms[20:46:36] <eidolon> heeeyyyy[20:46:38] <eidolon> how'd that happen?[20:47:31] <DarienWork> check your /usr/lib/sasl2/smtpd.conf (or wherever your smtpd.conf is)[20:47:53] <eidolon> pwcheck_method: saslauthd[20:47:53] <eidolon> mech_list: PLAIN LOGIN[20:47:56] <eidolon> thats all that's in there.[20:48:14] <DarienWork> so what's the phone requesting? does it say?[20:48:19] <eidolon> well...[20:48:26] <eidolon> wait[20:48:26] <DarienWork> or does it not even get that far?[20:48:30] <eidolon> my postfix server is down right now :)[20:48:53] <eidolon> those 2 lines (_security_options) caused sasl to stop postfix from starting.[20:48:58] <DarienWork> weeird[20:49:04] * eidolon undoes and restarts[20:49:26] <DarienWork> !smtpd_tls_auth_only[20:49:26] <knoba> DarienWork: "smtpd_tls_auth_only" : When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections.[20:49:37] <DarienWork> that might be worth implementing[20:50:49] <DarienWork> does anyone else run another smtpd process on an alternate port (to get around ISP port 25 firewalling)? Is there a port that people generally use for that?[20:51:25] <adaptr> submission[20:51:33] <adaptr> !submission[20:51:34] <knoba> adaptr: "submission" : I am knoba! Yield to my power and authority mortal[20:51:38] <adaptr> pfft[20:51:43] <DarienWork> well, I'm sold[20:51:45] <adaptr> it's in your config[20:51:50] <adaptr> read master.cf[20:52:14] <DarienWork> nice, now I can stop using port 1024[20:52:57] *** havvg has quit IRC[20:53:20] <eidolon> dammit[20:53:21] <Hibbelharry> people, anymore ideas ? i've still not found the clue[20:53:24] <eidolon> can't get the iphone to force a resend[20:53:26] * eidolon grumps[20:55:23] <eidolon> can debug_peer_list be wildcarded / patterned?[20:55:29] <eidolon> like 1.2.3.* ?[20:55:35] <eidolon> doc is not clear.[20:56:29] <eidolon> aha![20:56:33] <eidolon> grabbed the convo from the iphone[20:57:28] <eidolon> of course, the convo is taking place over TLS, so i can't see it :)[20:57:51] <eidolon> (the mastch_hostaddr's here are some other filters we have in place)[20:57:52] <DarienWork> is there an easy method to implement SMTP banner delays (and disconnect overeager clients) in Postfix? I've never found one[20:57:57] <eidolon> http://pastebin.stonekeep.com/5101[20:58:07] <eidolon> at least TLS is working.[20:58:11] <slurpee> is there such thing as phpmypostfix?[20:58:25] <slurpee> some sort of web interface to manage postfix stuff?[20:58:36] <adaptr> there is postfixadmin, which sucks[20:58:45] <adaptr> or slurps, rather[20:59:48] <DarienWork> I love it when someone complains that I broke something, and it turns out it's been broken for four months and no one noticed[21:00:14] <slurpee> all i have is mysql statements to add and create uesrs??[21:00:22] <slurpee> i can't use webmin or something?[21:00:27] <DarienWork> slurpee: you could use phpmyadmin[21:00:35] <DarienWork> or write a little interface yourself[21:00:37] <eidolon> Aug 26 15:00:11 guardian postfix/smtpd[26964]: EE26799015C: client=unknown[63.173.32.68], sasl_method=PLAIN, sasl_username=dbs[21:00:40] <eidolon> there you go.[21:00:50] <eidolon> so[21:01:01] <eidolon> if i turn off 'SSL' on the iphone, and say 'use port 25' it goes through okay[21:01:12] <eidolon> if i turn on SSL on the iphone, and say 'go port 587', it fails.[21:01:31] <slurpee> darien, i don't like pma stoo much. sql commands i enjoy from the command line. i was hoping for something visual to manage mail accounts.[21:01:46] <DarienWork> slurpee: there are a few things, I'm thinking of trying to write something using sproutcore[21:02:18] <Hibbelharry> damn ! that's crazy ![21:02:53] <Hibbelharry> i just added an alias for root , root: hibbelharry and sent a mail to webmaster which is a real chain of aliasing[21:03:00] <Hibbelharry> and that got delivered to extern[21:03:03] <Hibbelharry> wtf...[21:04:43] <adaptr> why not[21:04:58] <adaptr> the address at the end of said chain is external, obviously[21:05:26] <slurpee> anyone good with mailman?[21:05:43] <slurpee> i am under the assumption I can now installed mailman with postfix installed fairly easily[21:08:55] <cpm> depends on what you mean by fairly.[21:09:06] *** RonDamon has left #postfix[21:09:11] <Hibbelharry> yip, but if i pick up somewhere in the middle of that chain it doesn't work adpatr[21:09:27] *** pickcoder has joined #postfix[21:10:14] <adaptr> Hibbelharry: pick up what ?[21:11:40] <Hibbelharry> see this adaptr: webmaster maps to root, root maps hibbelharry, hibbelharry map to hibbelharry at extern dot com[21:11:58] <adaptr> and ?[21:12:11] <Hibbelharry> if i write a message to webmaster (@local) it gets delivered to hibbelharry at extern dot com[21:12:43] <Hibbelharry> if i write a message adressed to hibbelharry (@local) it gets delivered to hibbelharry@local[21:12:58] <Hibbelharry> instead of extern[21:13:15] <adaptr> what is the actual Mail To: address ?[21:13:20] <adaptr> your log tells you this[21:13:20] *** logione has left #postfix[21:13:44] * cpm mails to adaptr[21:13:53] <adaptr> that, in combination with myorigin, determines the real address[21:14:04] <adaptr> and may or may not hit the local alias database[21:14:13] <adaptr> in this case, it obviously doesn't[21:14:47] <Hibbelharry> wait adaptr[21:17:30] <eidolon> DarienWork, do you have any other paths i could look at? i set debug_peer_level up to 5, atched traffic from the iphone - no change in what it was saying. under TLS it never delivers, under non-TLS, it works fine.[21:17:39] <eidolon> this is port 25 or 587.[21:18:04] <eidolon> all i see is: Aug 26 15:14:31 guardian postfix/smtpd[27202]: lost connection after STARTTLS from unknown[63.173.32.68][21:18:14] <adaptr> does the iphone actually support STARTTLS ?[21:18:22] <eidolon> wellk the iphone is sending it :)[21:18:25] <eidolon> so 'yes'[21:18:28] <adaptr> or does it want to do TLS immediately ?[21:18:33] <adaptr> it obviously isn't[21:18:37] <adaptr> "conneciton LOST"[21:18:39] <eidolon> heh[21:18:49] <adaptr> the server is not giving it the right response[21:18:54] <adaptr> bugger if you know what response that is[21:18:58] <eidolon> yeah[21:19:04] <cpm> we have 5 iPhones here. If you are using self signed certs, it ain't gonna work easy.[21:19:17] <DarienWork> eidolon: ya, that's kind of weird[21:19:17] <DarienWork> have you tried a Mac?[21:19:17] <DarienWork> should work the same and give you more detail[21:19:21] <cpm> if you want to know how to fix it, you'll need a mac.[21:19:38] <eidolon> well, i can talk from t-bird via tls to this server, and it works fine.[21:19:45] <cpm> adaptr, it works fine. the iPhone will not accept a lot of CAs[21:19:59] <cpm> eidolon, are you using self signed certs?[21:20:14] <eidolon> cpm, oooo. well. no, that's not it. i am using self-signed certs for my imaps connection - and got a warning when i first set up, but it's wrking fine.[21:20:15] * rob0 self-signed cpm[21:20:30] <cpm> if it's working fine, then why isn't it working?[21:20:46] <DarienWork> if it were a self-signed cert, the iPhone should choke on it before it establishes a TLS connection[21:20:47] <eidolon> inbound (imaps) is working. outbounbd (smtp + tls + auth) is not working.[21:20:58] <DarienWork> in theory[21:21:03] * adaptr challenges cpm's certification path, and encounters a bogus rob0 root[21:21:12] <cpm> eidolon, if you are using self signed certs, it's going to choke.[21:21:14] <eidolon> right[21:21:15] <DarienWork> eidolon: what if you turn off AUTH and just use smtp + TLS[21:21:15] <eidolon> Aug 26 15:14:31 guardian postfix/smtpd[27202]: setting up TLS connection from unknown[63.173.32.68][21:21:15] <eidolon> Aug 26 15:14:31 guardian postfix/smtpd[27202]: TLS connection established from unknown[63.173.32.68]: TLSv1 with cipher AES128-SHA (128/128 bits)[21:21:18] <cpm> Do you have access to a macintosh?[21:21:25] <DarienWork> cpm: I use self-signed certs and it works[21:21:31] <eidolon> that paste is the iphone establishing the TLS connection successfully.[21:21:31] <Hibbelharry> adaptr: see these transcripts: http://pastebin.com/d2ebe15 and http://pastebin.com/d5f474d00[21:21:41] <eidolon> no, i don't have access to a mac.[21:21:50] <DarienWork> eidolon: try a Mac, or if you don't have one, give me a login and I'll try[21:22:02] <eidolon> um.[21:22:11] <eidolon> how would a mac do this better, btw?[21:22:15] <cpm> DarienWork, self-signed certs on a forced tls + auth + iPhone? I'm quite doubtful.[21:22:51] *** Daemonik has quit IRC[21:22:56] <eidolon> DarienWork, i'm a little nervous handing out logins - this is my firewall / gateway machine into our internal network, and i'm using passwd auth right now. it would essentially be giving you shell access to our firewall :)[21:23:00] <cpm> eidolon, because there are features available to the iPhone mail client that you cannot directly configure. But you *can* configure in macintosh mail.app, and then sync to the iPhone.[21:23:27] <DarienWork> eidolon: great, can you point out some interesting fileservers that I can visit while I'm there? :p[21:23:29] <cpm> it isn't a question of doing it better, it's a question of doing it at all.[21:23:33] <eidolon> heh.[21:23:56] <DarienWork> cpm: I'd be doubtful if it weren't working on my iPhone[21:24:10] <eidolon> what darien said.[21:24:26] <cpm> check your logs. You are either skipping auth, or skipping tls.[21:24:28] <eidolon> me just tests again - mail from t-bird via tls + auth, worked.[21:24:49] <cpm> eidolon, right, because on tbird, it's trivial to accept your certs on a send.[21:24:52] * rob0 sees adaptr's bogus root and raises two vice-versas.[21:25:01] <eidolon> cpm, do you hagve a helpful suggestion on how to check what is being skipped?[21:25:06] <eidolon> also, i think the self signed certs are a red herring[21:25:11] <eidolon> as darien just pointe dout, it's working for him[21:25:12] <cpm> eidolon, they aren't.[21:25:18] <eidolon> and my logs are showing that the TLS negotiation worked.[21:25:20] <cpm> doubtful.[21:25:28] <eidolon> wtf? 'doubtful'?[21:25:28] <cpm> so?[21:25:31] <eidolon> he says it's WORKING.[21:25:45] <cpm> drop auth, or drop tls and it will work.[21:25:52] <eidolon> yes, dropping tls and it works.[21:25:55] <cpm> right.[21:26:08] <eidolon> for _ME_[21:26:10] <cpm> as I said, I have doubts.[21:26:18] <eidolon> what the fuck are you doubting? that darien has it working?[21:26:20] * rob0 doubts cpm[21:26:23] <eidolon> TLS is working.[21:26:25] <cpm> eidolon, correct.[21:26:26] <eidolon> the log shows it's working.[21:26:29] <DarienWork> eidolon: now leave TLS on and drop auth[21:26:35] <eidolon> DarienWork, cpm says you're lying.[21:26:39] <eidolon> heads up.[21:26:43] <cpm> no, I'm saying he's mistaken[21:27:03] <rob0> I thought I was mistaken once, but it turned out I was wrong.[21:27:12] *** adaptr_ has joined #postfix[21:27:16] <DarienWork> and see if it works[21:27:37] <eidolon> trying to figure out how to disable auth here. i guess i can turn it off on the iphone and send to a local address, so i don't tgrigger my relaying blocks.[21:27:39] * eidolon fiddles.[21:28:09] <cpm> DarienWork, did you configure your mail client with mail.app?[21:28:47] *** internat1 has joined #postfix[21:28:55] <DarienWork> cpm: I did[21:29:34] *** fx0_ has joined #postfix[21:29:40] *** cyr- has joined #postfix[21:29:40] <DarienWork> eidolon: add the iPhone to your $mynetworks and then it shouldn't need auth to send[21:29:52] <eidolon> hrm[21:30:03] <eidolon> tls is on, i disabled auth in the phone (made the login 'optional')[21:30:06] <eidolon> and it still failed.[21:30:15] <eidolon> Aug 26 15:29:37 guardian postfix/smtpd[27328]: lost connection after STARTTLS from unknown[63.173.32.68][21:30:56] *** Fallenou has joined #postfix[21:31:16] <eidolon> so, cpm, now that that theory is nixed, what's your next suggestion?[21:31:18] *** Internat has quit IRC[21:31:18] *** adaptr has quit IRC[21:31:18] *** fx0 has quit IRC[21:31:18] *** Bushmills has quit IRC[21:31:42] <DarienWork> ok, now disable TLS and enable AUTH[21:31:51] <eidolon> that works.[21:31:57] <eidolon> did that before.[21:32:18] *** adaptr_ is now known as adaptr[21:32:19] *** julian__ has joined #postfix[21:32:25] <adaptr> buggersplits[21:32:25] <eidolon> there's something int he server that is not accepting auth the 'iphone way' when TLS is enabled.[21:32:28] <eidolon> and i dont know what it is.[21:32:39] <DarienWork> it's not really nixed, since TLS seems to be the part that makes it break[21:33:33] <DarienWork> eidolon: I have another idea[21:33:34] <eidolon> well i'm open to suggestions on how to proceed. perhaps enabling other auth mechanisms on cyrus might do it.[21:33:58] <DarienWork> set up a mail client to send via the host, enable TLS and give them a username and password, but don't accept the cert[21:34:09] <DarienWork> then see if the logs say the same thing[21:34:22] <eidolon> oof[21:34:31] <DarienWork> because 'Lost connection after STARTTLS' could mean that the iPhone connects, sends STARTTLS, then bails[21:34:37] * eidolon nods[21:34:38] *** Xzisted has joined #postfix[21:34:53] <DarienWork> at this point, I think cpm is likely right in his suspicion that that's part of the cause[21:34:56] <cpm> eidolon, let me see if I can explain this to you. Negotiate the tls goes fine. the iPhone mail client doesn't accept the root CA for your self signed cert, drops the connection. In which case you will see a droipped connection after starttls.[21:34:59] <Xzisted> hey....if i want to route incoming mail for one user to /dev/null, how would i go about doing that[21:35:18] <cpm> it can't accept it, because there is no mechanism to import it.[21:35:24] <cpm> in the iPhone mail client.[21:35:26] <eidolon> except that darien is working with a self signed cert without any problems.[21:35:30] <cpm> you have to get it in some other way[21:35:35] <eidolon> and my imaps client in the mail app is using a self signed cert as well.[21:35:48] <cpm> the imap client allows you to accept it[21:36:02] <cpm> it's an oversight on the part of the iPhone mail client[21:36:02] *** f3ew has quit IRC[21:36:08] <cpm> I expect they will fix it.[21:36:20] <eidolon> ng.[21:36:28] <eidolon> so why is darien's working and mine isn't?[21:36:29] <cpm> the client *can* do it, as evidenced by anyone who uses the sync function with the macintosh mail.app[21:36:41] <cpm> probably the same reason all of ours are working[21:36:43] <eidolon> okay, i see that - somethign in mail.app is configuring bits i don't have.[21:36:47] <eidolon> but[21:36:48] <cpm> correct[21:36:53] <eidolon> hmm. darien, you're not using cyrus, are you?[21:36:57] <eidolon> you're using dovecot?[21:37:07] *** ams has quit IRC[21:37:16] *** pitakill has quit IRC[21:38:08] <eidolon> i think what i may end up doing is making a 'dummy' account for auth for remote users (there's only 3), and let them auth on the server with this gatekeeper password - something dopey that has no ssh security risk tot he machine (unless a spammer sniffs it out, decodes it, and starts authing with it).[21:38:11] *** xnixan has joined #postfix[21:38:20] <cpm> eidolon, that's a good plan.[21:38:27] <eidolon> or.[21:38:30] <cpm> I expect this to get fixed, because it's a problem for a lot of folks.[21:38:41] <eidolon> if i can get cyrus to use a basic passwd file, that would work too[21:38:45] <eidolon> rather than use /etc/passwd[21:38:57] <Xzisted> i have an emergency problem. i need to know how to take mail coming in for one user on my mail server and route it to /dev/null. can someone help me with that[21:39:28] <eidolon> alias it?[21:39:43] <Xzisted> eidolon: in /etc/mail/virtual or in /etc/aliases[21:39:51] <eidolon> depends on how yo'ure set up.[21:39:52] <adaptr> depends on the address[21:39:58] <Xzisted> eidolon: and how do i route it instead of to another user or address......to /dev/null[21:40:09] <eidolon> why are you doing this?[21:40:16] <eidolon> you could always put a .forward | /dev/null file[21:40:30] <Xzisted> any mail coming in to user at domain dot com gets forwarded to another server....this is a preprocessing server[21:40:42] <Xzisted> one guy at my company is getting his email account DOS'ed right now[21:40:46] <eidolon> ah[21:40:52] <Xzisted> about 4000 messages a minute[21:40:53] <eidolon> sounds like a transport.[21:40:54] <DarienWork> eidolon: my suggestion, if you don't need fancy features Cyrus provides, would be to move to Dovecot, which is awesome imho[21:41:21] * cpm agrees with DarienWork. if you aren't already a cyrus master admin.[21:41:21] <adaptr> dovecat ftw[21:41:34] * eidolon is -definately- not a cyrus master admin :)[21:41:38] <eidolon> but i have cyrus 'working' now.[21:41:44] <adaptr> that's what they all think[21:41:45] <eidolon> maybe i can just change the auth mechanism.[21:41:49] <Dominian> dovecot > *[21:41:53] <Xzisted> on the preprocessing server i have /etc/postfix/transport set to foward all mail coming in for domain.com to another email server. i need to preprocess it here and route that address to devnull is that possible[21:42:03] <eidolon> Xzisted, what i'd do is something like putting an ew stransport iin[21:42:13] <eidolon> foo at bar dot com /dev/null or whatever the syntax in[21:42:14] <adaptr> an ewww transport ?[21:42:29] <eidolon> adaptr, it's been a long day. :)[21:42:37] <cpm> they are all long days.[21:42:39] <adaptr> al ong day, then[21:42:44] <adaptr> rebooting[21:42:50] * cpm reboots adaptr[21:42:52] *** adaptr has quit IRC[21:42:56] *** jarg has joined #postfix[21:43:04] *** cpm has quit IRC[21:43:04] <eidolon> dude, that was impressive[21:43:10] <eidolon> and rebooted himself.[21:43:27] <DarienWork> I guess that whole 'I'm rubber you're glue' thing works after all[21:43:34] *** Haris has quit IRC[21:44:07] <sysmonk> tis is magic[21:44:21] <jarg> hello everybody, i have a question, i want to rewite my To header where To = user at domain dot com and From = user2 at domain2 dot com, is it posible with canonical maps or any other way?[21:46:03] <DarienWork> hmm, I didn't see anyone answer - is there an easy way to implement SMTP banner delays?[21:46:07] *** lex has joined #postfix[21:46:39] <DarienWork> well, delay, since I guess there's only one delay[21:47:53] *** syllogism has joined #postfix[21:47:56] <lex> AW postfix master, ive a sortta newbie question: I want to make mailinglists that preserve the name of the lists in the From: or Reply To: headers. Thus, virtual aliases wont do and neither will sender_cannonical maps or recipeint canonical maps seem to be adequate for the trick. Does anyone has something like this? I use mysql tables as my maps backend.[21:48:25] <eidolon> saslpasswd2: generic failure[21:48:29] * eidolon cries quietly.[21:48:50] <DarienWork> see, this here? this is why I use dovecot[21:49:13] <eidolon> there we go.[21:49:19] <eidolon> i wasn't root. :)[21:49:48] <eidolon> hokee, lets see if this works[21:49:59] <DarienWork> that's also why I use root all the time, for even the most trivial or sensitive of tasks[21:50:48] <sysmonk> DarienWork: sleep[21:51:02] *** cyr- has quit IRC[21:51:02] <DarienWork> tempting[21:51:06] <sysmonk> !sleep[21:51:06] <knoba> sysmonk: Error: "sleep" is not a valid command.[21:51:10] <sysmonk> damn[21:51:17] <sysmonk> DarienWork: read postconf(5)[21:51:37] *** madrescher has joined #postfix[21:51:41] <sysmonk> search for 'sleep'[21:52:17] <pickcoder> I thought banner delays were not RFC compliant[21:52:26] <eidolon> oops[21:52:26] <DarienWork> there's lots of stuff in there for pausing, but I'm talking about the anti-spam, 'delay the banner and disconnect clients who don't wait for it' banner delay[21:52:36] <sysmonk> pickcoder: so bad connectivity isn't rfc compliant? :)[21:52:36] <eidolon> Aug 26 15:51:07 guardian postfix/smtpd[27730]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory[21:52:44] <eidolon> i bet thats cuz it's not chrooted.[21:52:47] <pickcoder> sysmonk: exactly[21:52:51] <eidolon> or, postfix is, but the database is not.[21:53:03] <pickcoder> shotty ISPs should be disowned[21:53:12] <sysmonk> !reject_unauth_pipelining[21:53:13] <knoba> sysmonk: Error: "reject_unauth_pipelining" is not a valid command.[21:53:16] <sysmonk> damn it[21:53:31] <sysmonk> DarienWork: read the manual, search for reject_unauth_pipelning, it has an example with sleep[21:53:36] *** adaptr has joined #postfix[21:53:37] <pickcoder> !smtpd_client_restrictions[21:53:37] <knoba> pickcoder: "smtpd_client_restrictions" : a configuration parameter in the main.cf: Optional SMTP server access restrictions in the context of a client SMTP connection request.[21:54:31] <pickcoder> delays just jam up processes[21:54:38] <pickcoder> trap and ban[21:54:58] <DarienWork> ok[21:54:58] <rob0> adaptr, how was the reboot? There went your uptime, eh?[21:55:10] *** tore has quit IRC[21:55:22] <adaptr> no biggie, I last rebooted two kernels ago, and it actually works now[21:55:42] <adaptr> (ubnoobu 804)[21:55:54] <pickcoder> hm.. how about a personal uptime clock[21:55:56] <sysmonk> ubuwhat ?[21:56:00] <rob0> It was cool how cpm was able to do that to you. I'll have to be careful what I say to him.[21:56:01] <DarienWork> well I'm already throwing away something like 88% of connections before they get to DATA[21:56:07] <eidolon> HAH![21:56:10] <eidolon> VICTORY OVER SASL![21:56:12] <eidolon> wel,l mostly[21:56:20] <eidolon> i switched the auth mech to sasdl2 db files[21:56:24] <eidolon> and created a 'dummy' account in it.[21:56:33] <DarienWork> oh, ew[21:56:35] <pickcoder> DarienWork: I mean firewall blocking[21:56:35] <adaptr> now if only you'd chosen dovecot to start with[21:56:44] <Dominian> switch to dovecot; victory is instant.[21:56:48] <sysmonk> adaptr: don't start around[21:56:48] <DarienWork> eidolon: seriously, dovecot > *[21:56:50] <sysmonk> cyrus is great[21:56:56] <eidolon> :)[21:56:57] <sysmonk> cyrus > dovecot > *[21:56:58] <DarienWork> pickcoder: how do I firewall spammers?[21:57:00] <Dominian> sysmonk: for a migraine[21:57:04] <eidolon> this was actually pretty easy. just took a twiddle or two[21:57:07] <Dominian> DarienWork: fail2ban[21:57:15] <DarienWork> Dominian: I have fail2ban already[21:57:23] <DarienWork> but if it's someone's first connection, I can't ban them[21:57:28] <sysmonk> Dominian: yeah, dovecot is fine for healing migraine[21:57:30] *** pirho has joined #postfix[21:57:32] <Dominian> DarienWork: use RBLs[21:57:34] <DarienWork> at least, not until I know they're a douche[21:57:36] <Dominian> sysmonk: heh[21:57:37] <DarienWork> I do use RBLs[21:57:38] <sysmonk> but not for anything else ;P[21:57:40] <DarienWork> and greylisting[21:57:42] <Dominian> sysmonk: :P[21:57:47] <pickcoder> greylisting is just annoying[21:57:58] <DarienWork> meh[21:58:01] <Dominian> DarienWork: Well banning spammers at the firewall level .. is.. kind of nuts really.. at least to keep a running firewall configuration of all of them[21:58:14] <xpoint> greylist one day, fun :)[21:58:15] <Dominian> DarienWork: Before you know it.. YOu'll have a million entries.[21:58:17] <pickcoder> Dominian: it does alot for bandwidth[21:58:21] <Dominian> bah[21:58:23] <DarienWork> Dominian: not really, using iptables + ipset + fail2ban, it's simple[21:58:24] <Dominian> its a waste of time[21:58:31] <pickcoder> not imo[21:58:34] <Dominian> DarienWork: fail2ban byitself is sufficient heh[21:58:38] <DarienWork> it's not a waste of any time, fail2ban handles it for you automatically[21:58:43] <Dominian> right[21:58:46] <pickcoder> looks like things settled around 15700 bands here[21:58:49] <Dominian> and I only keep bans in fail2ban for an hour[21:58:49] <pickcoder> ~bans[21:59:05] <Dominian> because its never the same connection hitting me twice[22:00:14] <DarienWork> Dominian: if you're busy, then your iptables rule set can get pretty huge... ipset is a lot more efficient[22:00:23] * Dominian nods[22:00:35] <Dominian> I'm not so busy that I need another utility other than fail2ban + iptables[22:00:43] <DarienWork> the real cruelty is fail2ban + iptables + the TARPIT target[22:00:44] <Dominian> I doubt I'll ever get that busy[22:00:57] <Dominian> DarienWork: eh.. tarpit can screw you as much as the person you're tarpitting though..[22:01:01] <Dominian> so its kind of a double-edged sword[22:01:04] <DarienWork> not really[22:01:13] <Dominian> er.. huh?[22:01:14] <Dominian> yes really[22:01:52] <Dominian> If you use connectiont racking in iptables...[22:02:04] <Dominian> and then use TARPIT while that's loaded.. EVERY connection that you TARPIT uses resources[22:02:22] <DarienWork> I don't use connection tracking on my SMTP server[22:02:22] <Dominian> so eventually you could shoot yourself in the foot hehe[22:02:26] * Dominian nods[22:03:04] <Dominian> There was a list of drawbacks swomewhere.. trying to find it[22:03:16] <Dominian> I'd rather just: ip route blackhole <ip>[22:03:18] <Dominian> ;)[22:03:32] <DarienWork> blackhole routing is not for firewalling :p[22:03:37] <Dominian> of course[22:03:39] <Dominian> but it does the trick[22:04:24] <DarienWork> TARPIT + conntrack would murder a busy box, sure, but on a firewall I can't see why I would have an incoming SMTP server as well[22:04:39] <pickcoder> port forwarding?[22:04:40] <DarienWork> I'd just bind postfix to the internal IP[22:05:02] <pickcoder> to avoid direct access?[22:05:15] <pickcoder> (which also makes it easy to swap machines if something croaks)[22:05:42] <DarienWork> I've got servers all over the place, all of them set up with the same mail configuration, so they can all work as SMTP relays (AUTH'ed over TLS) or backup MX[22:07:22] <adaptr> impossible[22:07:28] *** pirho_ has joined #postfix[22:07:29] <adaptr> no two MXen can have the same configuration[22:08:10] <pickcoder> even if they aren't plugged in? :)[22:08:58] <adaptr> well, we have a cold standby, so I would be lying if I said no, but I'm going to say no just to spite you[22:09:04] <adaptr> "no"[22:09:22] *** logione has joined #postfix[22:10:27] *** tore has joined #postfix[22:10:47] *** pirho_ has quit IRC[22:12:40] <DarienWork> :([22:13:11] <DarienWork> to correct myself, near-identical configurations, including an identical authentication database[22:13:31] <adaptr> identical, or the same one ?[22:13:48] <DarienWork> live replicated[22:14:16] <DarienWork> I'm in the process of writing a comparison engine to detect inconsistencies, but for now, it's just two-way replicating itself[22:16:03] *** pirho has quit IRC[22:18:05] *** syllogism has quit IRC[22:25:42] *** pirho has joined #postfix[22:25:58] *** f3ew has joined #postfix[22:27:41] *** brancaleone has joined #postfix[22:28:40] *** drzed_ has joined #postfix[22:28:44] <drzed_> hi ther[22:28:47] <drzed_> +e[22:29:15] <adaptr> rebooting...again... forgot to enable sound in my BIOS :$[22:29:32] *** adaptr has quit IRC[22:32:56] <drzed_> any suggestion how i could conf postifx so that it rewrite all recipients to a certain domain?[22:33:46] <drzed_> i.e. any mail that reaches postix should be sent to a specific domain (!= relayed)[22:34:01] <seekwill> That doesn't sound like a good idea...[22:34:27] <drzed_> it may does not sond like one but it is[22:34:54] <drzed_> its for analyzing spam mails[22:34:58] <seekwill> oh[22:35:08] *** adaptr has joined #postfix[22:35:46] *** logione has left #postfix[22:35:49] <drzed_> so any ideas on that?[22:38:08] <seekwill> A specific domain or specific user?[22:38:32] <seekwill> I don't have my book with me :([22:38:40] <rob0> always_bcc comes to mind, and no, I still don't think it's such a great idea :)[22:39:46] <seekwill> drzed_: Without actually becoming a compromised system, I don't think you'll see that great of a spam trap[22:40:25] <adaptr> hrm.. sound but no sound cable... drat[22:40:44] <seekwill> They are smart, and test to see if they can really relay through your box[22:41:51] <drzed_> just a specific domain[22:42:03] <rob0> adaptr, Linux? Try the snd_telepathy driver ;)[22:42:16] *** _Driver_ has quit IRC[22:42:38] *** _Driver_ has joined #postfix[22:43:30] *** EasilyOdd has quit IRC[22:43:36] <drzed_> seekwill: interesting, you're saying that these guys are not just testing if relaying is enabled but also if it really works (by sending a mail to one of their hosts)?[22:43:57] *** EasilyOdd has joined #postfix[22:44:38] *** lex has quit IRC[22:44:57] <seekwill> drzed_: Yes[22:45:19] <drzed_> interesting indeed[22:45:36] <seekwill> Why waste time on a sink?[22:45:59] <drzed_> however i my case this is no problem as there already is enough inbound spam traffic[22:46:05] <magyar_> NOQUEUE: reject: RCPT from fbr02.csee.onr.siteprotect.com[64.26.60.146]: 451 4.3.5 Server configuration error; from=<>[22:46:15] <magyar_> I keep getting simular errors[22:46:17] <seekwill> drzed_: Sure ok[22:46:28] <magyar_> 451 4.3.5 Server configuration error; from=<>[22:47:17] *** f3ew has quit IRC[22:47:39] <drzed_> now i just dump all mail to /dev/null and i still get enough[22:48:09] <seekwill> It's better to reject it during the smtp process. Are you trying to reduce the spam or just learn about it?[22:48:16] *** f3ew has joined #postfix[22:49:35] <drzed_> i really do not want to reduce it, but learn as much as possible about it[22:49:56] <drzed_> however, i think we got a little off topic[22:50:31] <adaptr> rob0: nah, think I'll just stick with snd_nosuchluck for now[22:51:58] <Hibbelharry> won ! working ! yay[22:53:01] * pickcoder boggles[22:53:27] <pickcoder> Vista SP1 finally installed after several days of tinkering, an over-install, and some manual updates[22:53:33] <pickcoder> what a POS[22:53:41] *** j_s has quit IRC[22:55:31] <vice-versa> PoS[22:56:01] <pickcoder> I've been pondering OpenQM as a dbmail backend.. There are a few options for a mail admin front end and virtual integration.[22:56:37] <pickcoder> it comes with a built-in web server[22:57:11] <pickcoder> which loads pages that can include "code" to be executed[22:57:18] <vice-versa> Hibbelharry: you just getting that sorted out now?[22:57:23] <pickcoder> or it could be integrated with CGI[22:57:43] <pickcoder> how many of you run web servers on your mail server?[22:59:01] <xpoint> thoes that olso have webmail[22:59:15] *** AcTiVaTe has quit IRC[22:59:15] <pickcoder> xpoint: well.. not always[22:59:29] <pickcoder> so perhaps a webmail setup would be worthwhile[22:59:53] <vice-versa> or those with limited hardware assets[23:00:01] <pickcoder> self-contained mail storage, admin, and webmail[23:00:08] <pickcoder> just plug in postfix[23:00:35] <xpoint> vice-versa, i only have one server so far it needs to do all for me[23:01:22] <pickcoder> I suppose a POP service would be needed as well[23:01:39] *** tshine_ has joined #postfix[23:01:41] <xpoint> pickcoder, i have windows vista rc1 with lifetime key[23:02:12] <vice-versa> who's lifetime? ;)[23:02:12] <xpoint> pickcoder, downloaded and burned from microsoft.com homepage muha[23:02:18] <pickcoder> xpoint: it's too bad that my OS MSDN subscription came with a non-SP1 release[23:02:44] *** Draecos has joined #postfix[23:03:22] <xpoint> vice-versa, microsofts lifetime not my lifetime :)[23:03:57] <seekwill> What's a lifetime key?[23:03:58] *** manlymatt83 has quit IRC[23:03:59] *** VivekVC has joined #postfix[23:04:01] *** tshine has quit IRC[23:04:06] *** tshine_ is now known as tshine[23:06:55] <pickcoder> a way for Microsoft to make money[23:07:14] <pickcoder> I doubt it's life-tme for EOL products[23:11:53] *** AcTiVaTe has joined #postfix[23:17:48] *** manlymatt83 has joined #postfix[23:26:10] *** eidolon has quit IRC[23:34:24] *** DarienWork_ has joined #postfix[23:38:43] *** DarienWork_ has quit IRC[23:39:12] *** DarienWork_ has joined #postfix[23:40:45] <DarienWork_> pickcoder: just slipstream SP1 into it then[23:47:58] *** Hibbelharry has left #postfix[23:48:25] *** DarienWork has quit IRC[23:55:51] *** jarg has quit IRC[23:57:44] *** felix-da-catz is now known as felix-da-catz_zz