August 28, 2008 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 28, 2008 [00:00:11] <pickcoder> (till today)[00:00:23] <pickcoder> first time a PS has bonked out on me in probably 10 years[00:00:38] <pickcoder> last time was an AT unit that shorted[00:00:52] <seekwill> :)[00:01:03] <seekwill> Servers are cheap. Downtime isn't[00:01:06] <seekwill> :/[00:01:39] <pickcoder> to be honest, unless something catastrophic happens, I can't convince the owner that I need a rack setup[00:01:48] <pickcoder> I'm already out of desktop space[00:02:12] <pickcoder> two LAN workstations with 8 systems running[00:02:13] <seekwill> Doesn't have to be onsite[00:02:17] <pickcoder> two more in the phone room[00:02:29] <seekwill> Run a secondardy MX on your iphone[00:02:30] <pickcoder> seekwill: it does if it's worthwhile[00:02:37] <seekwill> Why?[00:02:49] <pickcoder> I have a split server setup here[00:02:57] <pickcoder> the mailgate is just a filter/forward[00:03:09] <pickcoder> the "mail" server is only internally accessible[00:03:27] <seekwill> mailstore[00:03:38] <seekwill> Is it Exchange?[00:03:41] <pickcoder> no[00:03:58] <pickcoder> I can quarantine incoming mail easily[00:04:04] <pickcoder> apart from local mail[00:04:15] <pickcoder> and outgoing[00:04:26] <pickcoder> they're both Postfix[00:04:39] *** Zblakany has joined #postfix[00:05:29] <pickcoder> I could send it to a machine @home but I really don't want to waste my DSL connection on spammers[00:05:55] <pickcoder> I've run a CMS site for many years and the abuse is just getting uncontrollable[00:06:10] <pickcoder> plus it's not worth the work to protect it[00:07:08] <pickcoder> if they're not spamming the mail server they're spamming outward using PHP hacks to send e-mail via piggy-back postings[00:09:25] *** SniZ has joined #postfix[00:09:29] *** SniZ has left #postfix[00:09:37] <pickcoder> if you're on a known DSL IP, it's free game for spam bots[00:09:54] <pickcoder> I'm amazed at how much additional crap my box@home gets over my commercial IPs[00:11:00] <seekwill> RBL[00:11:30] <pickcoder> setting my home machine as a backup MX is a far last resort[00:11:35] <pickcoder> I already have 2 IPs designated[00:11:45] <pickcoder> they both are port forwarded to the same box[00:11:56] <pickcoder> I could easily plug in another machine and have 2 mailgates[00:11:58] <seekwill> You might be hit more at home by spammers if you're listed as the backupmx[00:12:07] <pickcoder> true[00:12:12] <seekwill> But it's all good![00:12:32] <pickcoder> I'm using NIS and all of the mail is transported, so it's a blind setup for the most part[00:12:38] <pickcoder> (as long as you have LAN access)[00:12:53] <pickcoder> *shrug*[00:13:03] <pickcoder> one day.. I have a zillion other projects that need to be finished[00:13:15] <seekwill> Sometimes it's just easier to outsource it[00:13:16] <pickcoder> speaking of which I need to play wth this new ScanJet[00:13:27] <seekwill> I wish I had a jet[00:13:30] <pickcoder> I have too much integration[00:13:38] <xpoint> 5000 uniq ips doing backscatter on my mx :/[00:13:40] <pickcoder> outsource would make it more complicated[00:13:45] <seekwill> ok[00:14:02] <seekwill> Well, just outsource the edge MTA[00:14:05] <seekwill> "mailgate"[00:14:31] <pickcoder> I could pay my wireless ISP to host a mail filter for us[00:14:44] <pickcoder> I'd rather have direct control over the filtering capabilities[00:14:58] <xpoint> pickcoder, pay a friend :)[00:15:06] <pickcoder> heh[00:15:15] <jeev> xpoint[00:15:19] <jeev> what's up with amavisd-new? anything new?[00:15:33] <xpoint> dkim working[00:15:36] <pickcoder> I've known the guys @ IntTek a lot longer than #postfix[00:15:41] *** xming_ has joined #postfix[00:15:44] <jeev> it's been working![00:15:46] <pickcoder> say.. 9-10 years[00:15:53] <jeev> man, people be telling me exim > *, obviously, thats not true.. RIGHT ?[00:16:03] <seekwill> exim is da bomb[00:16:09] <xpoint> exim is false[00:16:10] <seekwill> It blew up and made a mess everywhere :([00:16:31] *** TornadoChas3r has quit IRC[00:16:36] * jeev stabs seekwill[00:16:52] <pickcoder> I've been told that it's more flexible in some ways[00:16:53] <xpoint> doing spamassassin test and bounce if its spam, very nice :)[00:16:57] * seekwill bleeds all over the place[00:17:00] <pickcoder> but no one has yet to give me examples[00:17:15] <seekwill> pickcoder: You might find #exim a better resource for that[00:17:17] <xpoint> pickcoder, you need friends, hehe[00:17:49] *** TornadoChas3r has joined #postfix[00:17:50] <pickcoder> seekwill: sure.. they're just a _little_ biased[00:17:54] <pickcoder> kinda like #postfix[00:17:54] <pickcoder> :)[00:18:14] <xpoint> pickcoder, what are your problem with your postfix, shourt ?[00:18:40] <pickcoder> hm[00:18:53] <pickcoder> I don't think I've hit any roadblocks I couldn't find a solution for[00:19:29] <pickcoder> which is why I'd like to read about other's experiences comparing both[00:19:38] <pickcoder> I've never actually run exim[00:19:42] <pickcoder> to any depth[00:20:57] <pickcoder> consider the average developer that knows how to use data arrays but has never been shown data structures[00:21:33] <xpoint> running postfix is good, i have not using other mta for very long time here[00:21:46] <pickcoder> I used to run sendmail[00:21:53] <pickcoder> and actually wrote macros[00:22:00] <pickcoder> so postfix is simple[00:22:33] <xpoint> when one know the basic it is[00:26:34] *** cilly has quit IRC[00:28:07] *** xming has quit IRC[00:33:41] *** rootsvr has joined #postfix[00:39:49] *** lambda has quit IRC[00:40:01] *** cilly has joined #postfix[00:46:46] *** seekwill has quit IRC[00:50:46] *** TornadoChas3r has quit IRC[00:51:42] *** TornadoChas3r has joined #postfix[00:53:31] *** boink__ has joined #postfix[00:56:50] <xpoint> grep '<>' /var/log/messages | grep User | cut -d "[" -f 3 | cut -d "]" -f 1 | sort -u | wc -l[00:57:16] *** war9407 has quit IRC[00:57:17] <xpoint> 5019 here, where should i block :/[00:57:36] *** sosoriosv has joined #postfix[01:02:04] *** standel has joined #postfix[01:03:21] *** TornadoChas3r has quit IRC[01:05:13] *** raz has quit IRC[01:05:14] *** boink__ is now known as raz[01:09:48] *** pickcoder has quit IRC[01:24:59] *** higuita has quit IRC[01:26:51] *** madrescher has quit IRC[01:33:12] *** sosoriosv has quit IRC[01:33:43] *** hal1on has quit IRC[01:35:21] *** hal1on has joined #postfix[01:38:05] *** cilly has quit IRC[01:39:55] *** Zblakany has quit IRC[01:55:39] *** pirho_ has quit IRC[02:05:19] *** seekwill has joined #postfix[02:06:20] *** AcTiVaTe has quit IRC[02:08:38] *** githogori has quit IRC[02:10:30] *** pingouin_ has joined #postfix[02:13:48] *** Bejgli_ has joined #postfix[02:17:01] *** pingouin has quit IRC[02:17:30] *** Bejgli has quit IRC[02:19:12] *** Bejgli_ is now known as Bejgli[02:21:51] *** pitakill has joined #postfix[02:22:19] *** Bejgli has quit IRC[02:22:20] *** hal1on has quit IRC[02:22:35] *** dusty has quit IRC[02:22:35] *** _xous has quit IRC[02:22:36] *** cafuego has quit IRC[02:22:36] *** fx0_ has quit IRC[02:22:36] *** felix-da-catz_zz has quit IRC[02:25:47] *** seekwill has quit IRC[02:25:57] *** Bejgli has joined #postfix[02:25:57] *** hal1on has joined #postfix[02:26:11] *** xous has joined #postfix[02:27:16] *** rootsvr has quit IRC[02:28:21] *** cafuego has joined #postfix[02:28:21] *** dusty has joined #postfix[02:28:21] *** fx0_ has joined #postfix[02:28:21] *** felix-da-catz_zz has joined #postfix[02:28:39] *** standel has quit IRC[02:29:35] *** felix-da-catz_zz has quit IRC[02:29:35] *** fx0_ has quit IRC[02:29:35] *** dusty has quit IRC[02:29:35] *** cafuego has quit IRC[02:32:32] *** cafuego has joined #postfix[02:32:32] *** dusty has joined #postfix[02:32:32] *** fx0_ has joined #postfix[02:32:32] *** felix-da-catz_zz has joined #postfix[02:32:32] *** fx0_ has quit IRC[02:32:32] *** dusty has quit IRC[02:32:32] *** cafuego has quit IRC[02:36:16] *** cafuego has joined #postfix[02:36:16] *** dusty has joined #postfix[02:36:16] *** fx0_ has joined #postfix[02:36:16] *** felix-da-catz_zz has joined #postfix[02:36:16] *** fx0_ has quit IRC[02:36:16] *** dusty has quit IRC[02:36:16] *** cafuego has quit IRC[02:36:21] *** hal1on has quit IRC[02:36:21] *** Bejgli has quit IRC[02:39:54] *** seekwill has joined #postfix[02:40:17] *** internat1 has joined #postfix[02:40:23] *** Internat has quit IRC[02:41:52] *** Bejgli has joined #postfix[02:41:52] *** hal1on has joined #postfix[02:44:06] *** dusty has joined #postfix[02:44:06] *** fx0_ has joined #postfix[02:44:06] *** felix-da-catz_zz has joined #postfix[02:44:06] *** fx0_ has quit IRC[02:44:06] *** dusty has quit IRC[02:46:54] *** hal1on has quit IRC[02:46:54] *** Bejgli has quit IRC[02:52:03] *** dusty has joined #postfix[02:52:03] *** fx0_ has joined #postfix[02:52:03] *** felix-da-catz_zz has joined #postfix[02:52:03] *** fx0_ has quit IRC[02:52:03] *** dusty has quit IRC[02:53:13] *** dusty has joined #postfix[02:53:13] *** fx0_ has joined #postfix[02:53:13] *** felix-da-catz_zz has joined #postfix[02:53:56] *** Juspion has joined #postfix[02:55:13] *** Bejgli has joined #postfix[02:55:13] *** hal1on has joined #postfix[02:55:49] *** felix-da-catz_zz has quit IRC[02:55:49] *** fx0_ has quit IRC[02:55:49] *** dusty has quit IRC[03:00:09] *** dusty has joined #postfix[03:00:09] *** fx0_ has joined #postfix[03:00:09] *** felix-da-catz_zz has joined #postfix[03:00:23] *** PhilKC has quit IRC[03:04:43] *** hal1on has quit IRC[03:04:43] *** Bejgli has quit IRC[03:06:53] *** Bejgli has joined #postfix[03:07:21] *** hal1on has joined #postfix[03:15:39] *** AcTiVaTe has joined #postfix[03:30:22] *** amrit|wrk is now known as amrit|bbl[03:34:13] *** internat1 has quit IRC[03:34:13] *** Internat has joined #postfix[03:36:10] *** VivekVC has quit IRC[03:39:33] *** unsolo has quit IRC[03:39:50] *** unsolo has joined #postfix[03:48:18] *** ming_zym has joined #postfix[03:56:10] *** mavrick61 has quit IRC[03:57:19] *** mavrick61 has joined #postfix[03:59:55] *** xp_prg is now known as xp_gone2[04:00:53] *** githogori has joined #postfix[04:05:36] *** AcTiVaTe has quit IRC[04:09:03] *** Juspion has quit IRC[04:15:04] *** pitakill has quit IRC[04:15:22] *** Internat has quit IRC[04:15:35] *** Internat has joined #postfix[04:45:51] *** el has joined #postfix[04:45:53] *** RonDamon has joined #postfix[04:46:04] <el> yall[04:46:58] *** el has left #postfix[04:51:52] *** RonDamon has left #postfix[04:55:03] *** gabbernaster has quit IRC[04:55:06] *** pickcoder has joined #postfix[05:16:37] *** goldfischli has joined #postfix[05:32:41] *** goldfisc1li has quit IRC[05:58:07] *** xpoint has quit IRC[05:59:56] *** pickcoder has quit IRC[06:09:43] *** amrit|bbl is now known as amrit[06:11:13] *** seekwill has quit IRC[06:22:18] *** bhagat has joined #postfix[06:23:27] *** bhagat has quit IRC[06:25:47] *** hparker has quit IRC[06:29:55] *** saurabhb has joined #postfix[06:33:08] *** bhagat has joined #postfix[06:43:55] *** flart has quit IRC[06:47:59] *** seekwill has joined #postfix[07:02:14] *** ming_zym has quit IRC[07:06:03] *** ming_zym has joined #postfix[07:06:13] *** jeffspeff has joined #postfix[07:47:26] *** kk_CHN has joined #postfix[08:01:40] <seekwill> The Book of Postfix is such an awesome book! :)[08:02:30] *** Motoko-chan has joined #postfix[08:07:20] <seekwill> Does anyone use Postfix under CentOS/RHEL?[08:09:15] *** bhagat_ has joined #postfix[08:12:10] *** _Driver_ has quit IRC[08:12:20] <f3ew> yes[08:12:23] <f3ew> I do[08:13:14] <seekwill> I thought the default postfix package came with postgresql support... my postconf -m doesn't list it[08:13:28] <f3ew> It doesn't[08:13:33] <f3ew> rebuild from the srpm[08:13:34] <seekwill> Hmm...[08:13:59] <seekwill> It's ok... hash tables work :) Small installation, but I thought I could use pg[08:14:11] <f3ew> I have a suitable RPM around[08:14:16] <f3ew> for x86_64[08:14:45] <seekwill> Hmm.. I'm on i386. No worries though. I just swore I saw it having pg support already[08:14:58] <seekwill> I literally only have like... eight addresses[08:15:10] <seekwill> (virtual delivery )[08:15:20] <f3ew> ah[08:15:30] <seekwill> Just wanted to do it the db way for experience.[08:16:29] <seekwill> Is RHEL/CentOS your preferred distro for mail?[08:16:34] <jeev> rpm's are the reason why i hate linux[08:16:39] <jeev> i know not all distro's use them[08:17:10] <f3ew> RHEL is work standard[08:17:17] <f3ew> I don't really care :)[08:17:18] <jeev> sad[08:17:31] * f3ew likes RPMs, I dislike Deb[08:17:40] <jeev> ew[08:21:46] *** Filbert has quit IRC[08:28:19] *** Filbert has joined #postfix[08:33:57] *** Knoedel2 has joined #postfix[08:45:11] *** phnord has joined #postfix[08:48:27] *** madrescher has joined #postfix[08:51:41] *** sophokles has joined #postfix[08:55:26] *** seekwill has quit IRC[09:06:24] *** googlah has quit IRC[09:13:58] *** drindt has joined #postfix[09:22:16] <Knoedel2> morning how can i combine restriction classes with amavis (spamlovers,spamhaters,...)[09:32:47] *** pulsar has quit IRC[09:34:54] *** hnsz2002 has joined #postfix[09:35:40] <hnsz2002> morning! i have a mail server with postfix, spamassassin, dovecot, and virtual users with mbox[09:36:25] <hnsz2002> and i want to set up procmail/maildrop, to move spam message to different imap folder[09:36:36] <hnsz2002> how can i do this?[09:38:22] <hnsz2002> my problem is any example what i find, work with MailDir[09:40:40] *** boschi has joined #postfix[09:44:59] *** bhagat has quit IRC[09:45:36] *** bhagat has joined #postfix[09:51:50] *** hnsz2002 has left #postfix[09:51:51] *** Draecos_ has quit IRC[09:53:40] *** denis has joined #postfix[09:54:54] *** amrit is now known as amrit|zzz[09:57:22] *** bboschman has quit IRC[09:58:34] *** war9407 has joined #postfix[09:58:55] *** rootsvr has joined #postfix[10:01:09] *** Motoko-chan has quit IRC[10:01:25] *** f3ew has quit IRC[10:02:28] *** f3ew has joined #postfix[10:03:30] *** memetic has quit IRC[10:04:03] *** PhilKC has joined #Postfix[10:07:47] *** bhagat has quit IRC[10:07:47] *** bhagat_ has quit IRC[10:08:15] *** berndt has joined #postfix[10:09:07] *** memetic has joined #postfix[10:14:23] *** rootsvr has quit IRC[10:15:42] *** stefan-f has joined #postfix[10:20:10] *** pulsar has joined #postfix[10:21:27] *** stefan-f has quit IRC[10:30:52] *** felix-da-catz_zz has quit IRC[10:33:13] *** blackflag has quit IRC[10:34:56] *** dusty has quit IRC[10:35:53] *** dusty has joined #postfix[10:41:45] *** madrescher has quit IRC[10:46:35] *** denis has quit IRC[10:46:47] *** denis_ has joined #postfix[10:48:22] *** brancaleone has joined #postfix[10:55:17] *** mani|work has joined #postfix[10:59:56] *** F6F has joined #postfix[11:00:21] <mani|work> Hi there, i deleted some lines of my "mail" log, since then it was no more logging, so i tried again with the "mail.info", this one stopped logging, too, so i tried to delete mail.info and see there, it was recreated and still logging, so i thought "lets do this to all mail logs for continue logging" then i deleted the mail,mail.err,mail.warn and mail.info and they was no more recreated, now i still have no log, do you know a way to solve it[11:00:26] *** bhagat has joined #postfix[11:01:04] <sysmonk> mani|work: restart syslog[11:01:25] <sysmonk> and i don't see why you'd want to delete logs[11:03:18] <mani|work> sysmonk: i deleted a entry of the log file and then it simple stopped to log, i will try to restart syslog, but first i have to search, for how to do it, so it can still take a moment[11:03:36] <sysmonk> mani|work: WHY did you delete a entry of the log file?[11:06:01] <mani|work> sysmonk: i don't know, i was testing and so it happened, it is working now, thank you very much, i will never repeat this, sry[11:06:26] *** cilly has joined #postfix[11:14:37] *** Zblakany has joined #postfix[11:19:28] <berndt> hello, whern i send a mail via sendmail i get this error "Recipient address rejected: User unknown in virtual alias table (in reply to RCPT TO command)". waht is wrong on postfix config?[11:21:30] <sysmonk> user doesn't exist, that's all :)[11:25:32] <berndt> ok i add a user in /etc/aliases like "test: user" or?[11:29:53] <Roobarb> you can (and postalias that file)[11:30:19] <Roobarb> although its complaining about virtual users[11:34:02] *** mark-use has joined #postfix[11:35:45] <sysmonk> exactly, VIRTUAL[11:35:51] <sysmonk> /etc/aliases is for local users[11:36:01] <sysmonk> berndt: add it to your virtual_alias_maps[11:40:32] *** madrescher has joined #postfix[11:42:39] <berndt> yes i have this in my main.cf "virtual_alias_maps=hash:/etc/postfix/virtual", what am i add to virtual (syntax)?[11:47:44] *** munichlinux has joined #postfix[11:55:09] <Lukemob> hi[11:55:29] <Lukemob> I can't accept an email, in mail.log it says[11:55:52] <Lukemob> Aug 28 11:52:25 server01 postfix/smtpd[22170]: connect from gandalf.jen.cz[90.183.248.2][11:55:52] <Lukemob> Aug 28 11:52:25 server01 postfix/smtpd[22170]: NOQUEUE: reject: RCPT from gandalf.jen.cz[90.183.248.2]: 554 5.7.1 <info at gamesdesign dot org>: Relay access$[11:55:54] <Lukemob> Aug 28 11:52:25 server01 postfix/smtpd[22170]: disconnect from gandalf.jen.cz[90.183.248.2][11:57:12] <Lukemob> Aug 28 11:52:25 server01 postfix/smtpd[22170]: NOQUEUE: reject: RCPT from gandalf.jen.cz[90.183.248.2]: 554 5.7.1 <info at gamesdesign dot org>: Relay access denied; from=<lukemob at gmail dot com> to=<info at gamesdesign dot org> proto=SMTP helo=<jen.cz>[12:01:58] *** jeffspeff2 has joined #postfix[12:02:01] *** jeffspeff has quit IRC[12:02:44] <Roobarb> Lukemob: I'd guess that "gamesdesign.com" is not listed in mydestination[12:04:31] <munichlinux> i am using postfix and when i try to send mail i could see this in my log[12:04:32] <Lukemob> ah, solved[12:04:35] <munichlinux> warning: unable to look up public/pickup: No such file or directory[12:04:36] <Lukemob> thanks Roobarb[12:05:01] <munichlinux> i couldn't find pickup in the public folder[12:05:28] <Roobarb> munichlinux: run "postfix check"[12:05:47] <Roobarb> munichlinux: and read this: http://www.irbs.net/internet/postfix/0308/3059.html[12:06:15] <munichlinux> Roobarb: thanks[12:09:29] *** mark-use has quit IRC[12:12:31] *** tshine has quit IRC[12:13:12] *** munichlinux has quit IRC[12:15:58] <berndt> sysmonk: yes i have this in my main.cf "virtual_alias_maps=hash:/etc/postfix/virtual", what am i add to virtual (syntax)?[12:16:46] <sysmonk> add an alias to that file, and postmap[12:16:46] <sysmonk> !bsaic[12:16:47] <knoba> sysmonk: Error: "bsaic" is not a valid command.[12:16:50] <sysmonk> !basic[12:16:51] <knoba> sysmonk: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[12:16:54] <sysmonk> berndt: ^^[12:22:26] *** denis_ has quit IRC[12:24:47] *** mcblady has joined #postfix[12:28:40] <mcblady> hi all, does anyone have a clue whats wrong with postfix if one postfix will ask for tls connection and another will not offer it - logs TLS is required, but was not offered by host xxx. telnet on port 25 on that xxx server shows starttls[12:36:47] *** internat1 has joined #postfix[12:37:03] *** Internat has quit IRC[12:42:02] *** munichlinux has joined #postfix[12:42:28] *** denis_ has joined #postfix[12:48:40] *** standel has joined #postfix[12:51:02] *** _snd has joined #postfix[12:51:23] *** bhagat has quit IRC[12:51:24] <munichlinux> is it possible to store the incoming mail to postfix[12:51:26] <munichlinux> i am using mysql[12:51:36] *** kk_CHN has quit IRC[12:52:19] *** alienbrain has joined #postfix[12:52:20] <_snd> quick question: when using virtual_alias_domains, is there any way to tell postfix that any recipient not found in virtual_alias_maps for a domain should be forwarded to e.g. smtp:[1.2.3.4]?[12:52:31] <Roobarb> munichlinux: you mean you want to store you email in mysql?[12:52:45] <munichlinux> Roobarb: ya[12:53:19] *** rootsvr has joined #postfix[12:53:37] <Roobarb> munichlinux: sounds dangerous[12:53:53] <munichlinux> Roobarb: but why?[12:54:02] *** standel has quit IRC[12:54:08] <_snd> i gues sim asking: is there any such thing as fallback_relay for virtual aliases :)[12:54:18] <Roobarb> munichlinux: what happens to mail when mysql is down?[12:54:42] <munichlinux> Roobarb: that is a different issue[12:55:07] <Roobarb> munichlinux: and also, what benefit do you think adding an extra layer would give?[12:55:50] <munichlinux> to store the email in db for later processing or for reference[12:56:51] <jstrom> im doing a setup with postfix and LDAP, and i'm createing some "lists" for sending mail to all users, using groupOfNames etc (special_result_Attribute etc), and it all works fine. however, i'd like to somehow limit who are allowed to send do this address.. any hints?[12:57:01] <munichlinux> Roobarb: is it possible to store the mail in db?[12:57:10] *** cpm has joined #postfix[12:57:24] <Roobarb> munichlinux: in theory yes, but I can't seem to find any implementations[12:58:26] <Roobarb> munichlinux: generally, databases are used to store user data, not the messages themselves[12:59:02] <munichlinux> Roobarb: incoming mail becomes data when you store in the database[12:59:07] <munichlinux> :p[12:59:33] <Roobarb> it'll mostly be binary blobs I suspect[12:59:40] *** sypher has joined #postfix[12:59:50] <munichlinux> Roobarb: well what is the way then? if i want a record of incoming mails[13:00:16] <munichlinux> well how does any of the mail server like gmail, yahoo handle this ?[13:00:29] <Roobarb> clustered maildirs probably[13:00:38] <Roobarb> they're only web frontends to disk[13:02:32] <munichlinux> say if i want to process my incoming mail storing that in a db would be a better option ? wouldn't it be ?[13:02:48] <cpm> zimbra stores the mail in a mysql database. there is also dbmail.[13:02:49] <Roobarb> that very much depends on what you want to do with it[13:03:50] <Roobarb> if you just want a clustered (read: reliable) service for a bunch of users, there are other techniques you can use without resorting to databases[13:04:12] <munichlinux> Roobarb: what are those?[13:04:47] <Roobarb> I should say, things you can do without storing *mail* in databases[13:04:48] *** Tykling has joined #postfix[13:05:02] *** Tykling has left #postfix[13:05:15] <munichlinux> well i am trying to develop something like google groups or yahoo groups.[13:05:18] <cpm> same as you would use for any clustered file storage/serving.[13:05:21] <Roobarb> things like using a clustered filesystem over a san or drbd[13:05:41] <Roobarb> storing user account information in a database or ldap[13:05:48] <Roobarb> etc[13:06:21] <cpm> " something like google groups or yahoo groups" ? mailman+innd on a whopper of a san.[13:06:22] <Roobarb> storing message data in a database sounds like a very quick way of saturating your database connection pool[13:06:34] <munichlinux> is there any issues with mailman in scaling[13:06:38] <munichlinux> ?[13:06:47] <Roobarb> throw more CPU at it[13:07:20] <munichlinux> Right,[13:07:33] <cpm> munichlinux, why don't you go to the mailman website and read?[13:07:58] <cpm> http://wiki.list.org/pages/viewpage.action?pageId=4030518[13:08:43] <cpm> using innd, instead of native archives gets rid of a lot of those problems.[13:08:57] <cpm> but this is a bit beyond the scope of postfix.[13:09:08] <munichlinux> ya[13:18:52] *** rootsvr has quit IRC[13:19:37] *** standel has joined #postfix[13:29:30] <cpm> _snd ?[13:31:33] <cpm> _snd, in short, yes, you can do what you need, I'm still not clear on what 'what you need' is, exactly.[13:34:10] <_snd> cpm: :)[13:34:24] *** Haris has quit IRC[13:34:28] <_snd> cpm: there is the domain example.org[13:34:29] <cpm> just break it down for my simple mind.[13:34:35] <cpm> okay,[13:35:13] <_snd> cpm: i have a server that is the mx for that, due to companies being merged, split and god knows what else, there is a 50ish long table of virtual aliases that have been made, which then forwards all known recipients to their proper homes (outside my net)[13:35:28] <cpm> okay.[13:35:41] <_snd> cpm: suddenly someone comes along as says but usera at example dot org is actually housed on the the server at 1.2.3.4 which we just installed[13:35:57] <cpm> So you have alice at domain dot tld and bob at domain dot tld, bob is on a different network, alice otoh is on yet still another mail server, ?[13:36:15] <_snd> cpm: and in a non-virual world i'd yawn and put an entry in my transport table for usera at example dot org and route it to 1.2.3.4[13:36:23] <cpm> right.[13:36:42] <_snd> in a virtual world there is something else that has to be done and ive not figured that bit out :)[13:38:32] <cpm> I don't think it matters. As long as the MTA knows that domain1.tld and domain2.tld are local domains. it's not a big deal. mydestination and all that. So you would alias alice at domain dot tld to alice at host dot domain.tld and bob at domain2 dot tld to bob at host2 dot domain2.tld (I think) may not need to get into all kinds of wierd virtual alias handling, as long as it's a sane number of accounts.[13:38:48] <_snd> ah, not[13:38:49] <_snd> no[13:38:55] <cpm> and of course, set transports accordingly[13:39:18] <_snd> my machine is box.domain.com, the virutal domain is example.org, all users i know of is listed in my virtual alias table[13:40:07] <_snd> untill now, when they suddenly tell me there are additional users using the example.org domain on the mail server at 1.2.3.4[13:40:24] <cpm> write up an alice, bob, carol, and dave example on a pastebin, so we can disassemble it.[13:40:37] <_snd> k[13:40:42] <cpm> thanks[13:41:00] <cpm> foo.tld and bar.tld kinda thing[13:43:28] *** denis_ has quit IRC[13:44:56] *** Knoedel2 has quit IRC[13:45:01] *** Knoedel2 has joined #postfix[13:45:10] *** Broken|work has joined #postfix[13:45:23] <Broken|work> hi everyone[13:45:41] <_snd> cpm: http://pastebin.ca/1187313[13:46:06] <_snd> cpm: does that make sense now?[13:49:27] <cpm> ah, Okay, I think I'm getting a glimmer of understanding.[13:49:46] <cpm> Now, we get into one of those exclusive/inclusive logic problems. Shame I'm not smart.[13:50:12] <cpm> Now, for all in "all users for example.org that are not in my /etc/postfix/virtual"[13:50:17] <cpm> solve for all[13:50:36] <cpm> is 'all' *, or is all predefined?[13:50:44] <_snd> *[13:50:49] <cpm> damn.[13:50:52] <_snd> but can be picked out manually for now if need be[13:51:11] *** xming_ is now known as xming[13:51:16] <_snd> so i can say that usera, userb, userc are known to be at 1.2.3.4 and that is sufficient[13:51:31] <cpm> well, it's doable, it's just a bad idea, because, well for all the usual reasons. Means you have to accept 'all' mail to that domain. that could be a lot, starting at a@[13:51:33] <cpm> :)[13:51:57] <_snd> cpm: no, i mean that the accounts at 1.2.3.4 can be enoumerated and known[13:52:03] <cpm> okay, that's different, if all is known set, it's trickier, but better.[13:52:06] <cpm> okay[13:52:09] <_snd> cpm: so it's not a lot,in fact fo rnow i think a handfull is it[13:52:20] <cpm> lemme think, (it might start to stink in here, and take a while)[13:52:25] <_snd> as for this being a bad idea, i knew that before i posted here :)[13:53:09] <_snd> is that enough time for me to drive off 10 mins and get two sandwiches as im 4 hours past lunch?[13:54:40] <cpm> Oh yeah, /msg me your email in case we start missing each other.[14:00:27] * _snd off 10 mins then[14:01:25] <f3ew> I suspect that this is again http://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local[14:01:52] <cpm> f3ew, yup.[14:01:59] <cpm> I was reviewing that just as you posted it.[14:03:02] <cpm> he does have a twist, that being he's merging with another company, so it's a multiple domain thing.[14:03:15] <f3ew> bleh[14:03:30] <f3ew> repeat same thing for each domain[14:03:58] <cpm> yeah, that I was unclear on. Was going to mock it up first.[14:04:33] <f3ew> hell, just rewrite every account to the right email address via v_a_m, then route the addresses via t_m[14:06:30] *** mani|work has quit IRC[14:06:34] *** mani|work has joined #postfix[14:15:46] *** rootsvr has joined #postfix[14:20:38] <Broken|work> guys, I am trying to do this :[14:23:08] <_snd> cpm: back[14:23:18] <_snd> cpm: no[14:23:29] <_snd> cpm: all the incoming stuff i have to sort is to exmaple.org[14:23:50] *** Zeit|awy_ has joined #postfix[14:24:04] <_snd> cpm: but then the path splits, some needs to go to virtual aliasing and be turned around to new addresses, and some has to be routed to 1.2.3.4 which suddenly wants example.org[14:24:06] <Broken|work> I wan to run smtp service on 2 ports with combined limits, i.e. if I set max concurrent connections to 100, the system would stop accpeting new connections when the *total* of the connectoins on both services is 100[14:24:15] <Broken|work> is that possible ?[14:24:34] <cpm> _snd, what f3ew said, did you review it?[14:25:05] <_snd> cpm: i did, but the ones going to 1.2.3.4 are not to be rewritten,only routed, as they still use example.org[14:25:23] <cpm> transport_maps[14:25:34] <_snd> cpm: two sec, i'll show what i have[14:25:57] <cpm> example.org ;[14:26:04] <cpm> example.org : rather[14:26:12] <Broken|work> I can do that using iptables, but I was kinda hoping I could avoid that[14:26:17] <cpm> alice at example dot org smtp[1.2.3.4][14:26:41] <cpm> bob at example dot org smtp:[1.2.3.4][14:26:42] <cpm> and so on[14:26:57] <_snd> http://pastebin.ca/1187339[14:27:21] <sysmonk> no way, alice is on 1.2.3.5 ![14:27:23] <sysmonk> i know that![14:27:30] * sysmonk hides[14:27:38] <_snd> sysmonk: hehe[14:29:54] *** Zeit|awy has quit IRC[14:32:35] <_snd> f3ew: as far as i saw it virtual domains didnt touch transport tables before aliasing, that was the first and most ovbious thing i tried :)[14:33:58] *** pulsar has quit IRC[14:35:47] <cpm> and by the way _snd happy unbirthday[14:35:56] <_snd> cpm: huh?[14:36:05] <cpm> it's not your birthday is it?[14:36:12] <_snd> not for some time no?[14:36:14] <_snd> june 26th[14:36:52] <cpm> okay then, happy unbirthday[14:37:12] <_snd> :)[14:37:15] <_snd> thanks[14:38:17] <_snd> but did you see what i wrote about the transport solution?[14:38:43] * _snd knows hes nagging a bit but i have this one single problem to solve spo i can head out on a 9 hour drive and i want to get there before midnight[14:41:01] *** pulsar has joined #postfix[14:44:43] <_snd> i hacked it[14:44:54] <f3ew> _snd, but Postfix does look at the transport tables _after_ aliasing[14:45:10] <_snd> f3ew: i figured it out i think[14:45:57] <_snd> removes example.org from virtual_alias_domains and adding it to relay_domains, then adding exception to the transport table and the final entry is @example.org virtual:[14:46:04] <_snd> then the virtual alias map still kicks in[14:46:33] <f3ew> virtual_alias_maps _always_ kicks in[14:46:40] <_snd> k :)[14:47:19] <_snd> if i leave example.org in virtual_alias_domains and not in relay_domains it doesnt seem to do this, then it just rejects anyone no in virtual_alias_maps[14:47:22] *** _Driver_ has joined #postfix[14:48:22] *** _Driver_ has quit IRC[14:50:26] <cpm> _snd, in simple terms, I just added a bunch of addresses to my transport, for one of my virtual domains on one of my primary MX hosts, set up my laptop postfix to accept those mails, set the transport for alice at virtualdomain1 dot tld to route to my laptop, sent a mail from gmail to alice at virtualdomain1 dot tld and it came right to my laptop as it should. It works. Period.[14:50:55] <cpm> it came right to my laptop via the main MX host[14:51:07] <_snd> cpm: then we're only left with the obvious solution: pebkac :)[14:51:11] *** rootsvr has quit IRC[14:51:27] <sysmonk> that's the reason, not solution :)[14:51:32] <cpm> I didn't muck about with virtual domains, as the virtual domain already existed in my virtual_domain_maps lookup.[14:51:44] <cpm> sysmonk, happy unbirthday[14:51:44] <_snd> sysmonk: yes, mr smartiepants, i am the reason ;)[14:51:58] <sysmonk> cpm: thanks, you too![14:52:37] <cpm> you are most certainly welcome. The question is, is today not f3ew's birthday[14:52:55] <sysmonk> i thought today is alans birthday ?[14:53:28] <_snd> cpm: its not mine[14:53:33] <_snd> thanks for the help all, im off :)[14:54:14] <cpm> n'joy yer drive[14:54:59] <lunaphyte_> birthday party?[14:57:39] <sysmonk> yeah, unbirthday party[14:59:34] <f3ew> no[14:59:39] <cpm> whoops![14:59:42] <cpm> transport mailloop![14:59:49] * cpm bangs head on table[15:00:02] * cpm hugs postfix[15:00:13] <f3ew> heh[15:00:52] * _snd adivses cpm to write a poller to look for loops[15:02:48] *** wedge_ has joined #postfix[15:03:14] *** wedge has quit IRC[15:12:35] *** magesing has joined #postfix[15:15:03] *** tshine has joined #postfix[15:16:22] <magesing> Hi, I have postfix set-up to send mail through my gmail account, except when I send mail through mutt, my e-mail address shows up as "magesing at mechpc68 dot uwaterloo.ca" not "magesing at gmail dot com" I can change my return address in mutt, but when I do my e-mails tend to get filtered as spam! How do I configure postfix properly so that my emails will be coming from magesing at gmail dot com? Thanks.[15:16:41] *** ribasushi_ is now known as ribasushi[15:17:28] <magesing> my postconf -n: http://rafb.net/p/ZXTGrx79.html[15:18:50] *** MrWax has quit IRC[15:27:12] *** xpoint has joined #postfix[15:28:05] *** dusty has quit IRC[15:28:54] *** dusty_ has joined #postfix[15:30:35] *** internat1 has quit IRC[15:31:03] *** Internat has joined #postfix[15:37:07] *** RobertMLaptop has joined #postfix[15:42:11] <f3ew> magesing, I set the from address correctly in mutt, and have set envelope_from = yes in my muttrc[15:45:54] <milligan_> hm, greylisting has a pretty impressive effect on received spam[15:46:28] <Dominian> milligan_: that it doeds[15:46:38] <magesing> f3ew: aah, so it doesn't have anything to do with my postfix config?[15:47:00] <f3ew> no[15:49:20] *** Nockian has quit IRC[15:50:57] *** Internat has quit IRC[15:51:22] *** Internat has joined #postfix[15:53:49] *** nakeee has left #postfix[15:58:05] *** JC has joined #postfix[15:58:31] <JC> hi i have an huge issue i think my postfix server is been attacked[15:58:41] <JC> like right now[15:58:57] <JC> running postfix as a gateway with exchange[15:59:01] *** Nockian has joined #postfix[15:59:34] <JC> the postfix server is generating lost of mail from my internet hostname[16:00:05] <JC> fake address like 123 at mail dot mydomain.com to lots of yahoo account[16:00:20] <JC> postfix block it because of invalid helo[16:00:27] <f3ew> JC, and?[16:00:31] <JC> but is killing my server[16:00:48] <f3ew> Increase # of processes for smtpd in master.cf[16:00:53] <f3ew> Go to ~ 400 or so[16:01:00] <JC> ?[16:01:03] <f3ew> some throttling via your firewall is also good[16:01:09] <JC> sorry sort of a noob[16:01:15] <f3ew> the max proc column[16:01:19] <f3ew> !master[16:01:19] <knoba> f3ew: "master" : http://www.postfix.org/master.5.html[16:01:39] <JC> i know what master is[16:01:44] <piksi> is there a simple answer for why after following the postfix+maildrop howto in postfix.org and adding the mailbox_command for maildrop i get this error: temporary failure. Command output: /usr/bin/maildrop: Unable to write to a dot-lock. ?[16:02:06] <piksi> (i was following the latter with local-delivery)[16:02:20] <f3ew> JC the 7th column for smtpd, set it to 400 or 500[16:02:28] <f3ew> piksi, permissions[16:03:36] <JC> NOQUEUE: reject: etc....[16:03:55] <JC> ok ill try that now[16:04:41] <f3ew> It should let real mail flow through[16:05:03] <piksi> f3ew: ok now i fixed the permissions problem (it was with selinux), and now it shows: postfix/lmtp: status=sent (250 2.0.0 Ok: queued as 51E02F50056)[16:05:27] <piksi> so it's stuck in queue[16:05:33] <JC> its currently just - so is that default[16:05:44] <f3ew> yes[16:05:58] <JC> is there a way to clear the queue[16:06:11] <f3ew> mailq -q[16:06:20] <f3ew> but if yuo are rejecting, you shouldn't have a queue[16:06:30] <JC> i dont want to send these mails out[16:06:35] <JC> yes it rejecting[16:06:38] <f3ew> postsuper -d ALL[16:06:48] <JC> all the way[16:06:53] <f3ew> so the mail never makes it into your queue[16:07:00] <JC> no[16:07:10] <f3ew> In that case, you are running out of smtp listeners[16:07:12] <JC> postfix smtp restrictions blocks it[16:07:27] <JC> meaning?[16:07:27] <f3ew> which delays real mail[16:07:43] <f3ew> Do you have a 'connection limit' message in your logs?[16:07:55] <JC> no[16:08:08] *** phnord has quit IRC[16:08:16] <JC> tailing the log now but nothing like that[16:08:18] <f3ew> If you have 100 possible slots of incoming mail, and spammers are using them all, then legit mail has to wait till a slot is free[16:08:21] <f3ew> right[16:08:43] <f3ew> then your problem is most likely a lot of logging[16:08:54] <piksi> now all my mail is just queued in mailq and not delivered to mailbox, i don't get why postdrop doesn't work[16:09:10] <JC> ok[16:09:26] <JC> but how do i get rid of this[16:10:12] <e_> JC: do you know fail2ban?[16:10:25] <JC> no[16:10:52] <JC> i dont have user account on the postfix server[16:11:00] <JC> of any mail user[16:11:02] <e_> it's a script that reads logs for triggers and with a certain treshold like number of triggers per second, it bans the ip via your firewall (iptables most likely)[16:11:16] <JC> i changed the root password[16:11:23] <e_> ehm[16:13:03] <JC> will it not go away[16:13:03] *** Internat has quit IRC[16:13:11] *** internat1 has joined #postfix[16:13:11] <f3ew> no[16:13:11] <JC> it i just leave it?[16:13:14] <f3ew> yes[16:13:16] <JC> nice[16:13:17] <f3ew> Ignore it[16:13:27] <JC> ?[16:14:30] <JC> are you sure[16:14:39] <f3ew> yes[16:15:59] <JC> how will it go away[16:17:21] <JC> is this not a NDR attack[16:17:52] <e_> JC: as i said, fail2ban is one possible way of handling that..[16:18:20] <piksi> anyone else know why enabling maildrop just queues my mail and doesn't deliver it?[16:18:29] <piksi> i'm using maildrop + local with /etc/aliases[16:18:31] <JC> will it go away and why/how[16:19:17] <JC> i dont think is going to go way because is been like this the hole day[16:21:19] <JC> ok i am going to try fail2ban and see what happens[16:21:53] <e_> yes, but make sure you understand what it's doing before you enable it[16:23:24] <JC> cant download on the server its killing my internet connectiobn[16:23:30] <JC> times out[16:26:31] *** rootsvr has joined #postfix[16:26:44] *** jeffspeff2 has quit IRC[16:29:59] <piksi> now i see: postfix/local: status=sent (delivered to command: /usr/bin/maildrop -d ${USER})[16:30:11] <piksi> but no maildir file appears in home mailbox of the user[16:30:22] *** jeffspeff has joined #postfix[16:30:48] <JC> any other idees anyone?[16:32:41] *** jeffspeff has quit IRC[16:32:46] *** jeffspeff2 has joined #postfix[16:33:16] *** sosoriosv has joined #postfix[16:34:10] *** _bt has quit IRC[16:35:52] <JC> well anyone???[16:36:51] *** standel has quit IRC[16:37:14] *** internat1 has quit IRC[16:37:19] *** Internat has joined #postfix[16:39:59] <piksi> apparently no[16:40:13] <piksi> i'm googling, you might do the same[16:40:16] <piksi> and rtfming[16:41:25] *** madrescher1 has joined #postfix[16:41:26] *** madrescher has quit IRC[16:43:28] *** Madda has joined #postfix[16:43:35] <Madda> hi to all[16:44:33] <Madda> i've a connection problem with postfix anyone could help me please ?[16:44:55] <Roobarb> ask away[16:45:15] <cpm> !topic[16:45:15] <knoba> cpm: "topic" : The Postfix MTA || Wiki: postfixwiki.org || On using IRC: workaround.org/moin/GettingHelpOnIrc || Bot info: workaround.org/f=postfix || post postconf -n and relevant logs to a pastebin when asking questions / check your logs / know your unix basics || http://code.google.com/p/mail-trends/ || Channel log: http://echelog.matzon.dk/?postfix || http://permalink.gmane.org/gmane.mail.postfix.announce/110[16:46:08] *** trevordixon has joined #postfix[16:46:19] <Madda> delivery temporarily suspended: lost connection with 192.168.0.13[192.168.0.13] while sending message body[16:46:26] <Madda> this is the error message[16:46:57] <Dominian> what is 192.168.0.13[16:47:00] <Madda> 192.168.0.1 is a debian box with postfix, 192.168.0.13 is a ms exchange 2007 on a win2008 server[16:47:12] <Dominian> check the logs on exchange[16:47:20] <Madda> in the debian box also run amavis[16:47:45] <Madda> i can receive mails, check with amavis, but when i've to resend to exchange i've this error[16:47:56] *** ftp3 has quit IRC[16:48:06] <Madda> the error occur only when the mail size si above 200 K[16:48:29] *** JaccoH has joined #postfix[16:48:37] <Roobarb> Madda: have you looked on the MS Exchange logs?[16:48:38] <Madda> exchange works well, i've already bypass postfix and it received the mails without problems[16:48:54] *** syllogism has joined #postfix[16:49:15] *** drindt has quit IRC[16:49:22] <JaccoH> how do i stop postfix from rewriting a message header? im signing it on a server (domainkeys) and after that its routed through a smarthost.. how can i configure this smarthost to just do its thing[16:49:24] <JaccoH> ?[16:49:49] <Roobarb> JaccoH: which header is it rewriting?[16:50:03] <JaccoH> received for example[16:50:22] <Roobarb> every mail server that processes mail will add stuff to that header[16:50:50] <Roobarb> even if your smarthost didn't, the next hop would[16:50:54] <JaccoH> yes i know.. i was just wondering if it could be stopped from doing that[16:51:08] <JaccoH> roobarb.. the next hop isnt my concern :)[16:51:23] <JaccoH> i assume they have properly configured their domainkeys filter[16:51:38] <Roobarb> you assume they're not an intermediate relay[16:52:17] <JaccoH> ill first need to check if changing the headers will force domainkeys to fail or if something else is wrong :)[16:52:18] *** Knoedel2 has quit IRC[16:52:27] <Madda> Aug 28 15:04:18 murano postfix/qmgr[25389]: 05E5237843A: from=<S.Micolucci at vetrerieriunite dot it>, size=2276640, nrcpt=2 (queue active)[16:52:40] <Madda> Aug 28 15:26:37 murano postfix/smtp[25939]: 05E5237843A: to=<msabaini at spevetro dot it>, relay=192.168.0.13[192.168.0.13]:25, delay=4280, delays=3498/0.95/0.32/781, dsn=4.4.2, status=deferred (lost connection with 192.168.0.13[192.168.0.13] while sending message body)[16:53:19] <Madda> i've notice the delay time, this could be an hardware problem?[16:53:34] *** munichlinux has quit IRC[16:54:22] <JaccoH> darn.. domainkeys has a downside i see[16:54:46] <e_> JaccoH: which is?[16:55:37] *** trevordixon has left #postfix[16:55:37] <JaccoH> well apparently it doesnt allow for intermidiate hops to add a header[16:55:41] <JaccoH> or does it?[16:56:15] *** jeffspeff has joined #postfix[16:56:33] <Roobarb> JaccoH: why do you think it doesn't?[16:56:35] <JaccoH> does domainkeys sign on the body or on the headers as well?[16:56:39] <Madda> so, no one know what's appening into my postfix ?[16:57:01] *** JC has quit IRC[16:57:24] *** _bt has joined #postfix[16:57:29] <Roobarb> Madda: well connections to exchange are timing out, that much is obvious. Do you get the same behaviour if you conect to other servers ?[16:58:42] *** seekwill has joined #postfix[16:58:45] <Madda> no, i can send, using mutt, an email to an external server[16:59:53] <Madda> and the email smaller than 100k will delivered quite well to the exchange server, the only problem involves the attachments[17:02:32] <JaccoH> ok fixed it[17:02:41] <JaccoH> i was filtering the message id .. ;)[17:03:18] *** manofwar has joined #postfix[17:03:43] *** kreg_lt has quit IRC[17:03:45] <Roobarb> JaccoH: I didnt think domainkeys/DKIM would have such a problem :)[17:07:38] *** magesing has quit IRC[17:07:59] *** jeeter522 has joined #postfix[17:10:20] *** jeffspeff2 has quit IRC[17:11:16] <JaccoH> you were right.[17:11:33] <JaccoH> so now to add that public key to all 155 domains...[17:11:38] <JaccoH> man i wish i had a script :)[17:12:16] <e_> one key for all domains?[17:12:21] <seekwill> heh[17:13:07] *** Madda has quit IRC[17:13:26] <JaccoH> e_ i dont see the problem with that.. its all the same server?[17:13:57] *** jeffspeff2 has joined #postfix[17:14:08] <seekwill> One of our customers is doing that as well[17:14:21] <e_> jaccoh: if all domains are under control of the same person, best you, no problem[17:14:22] <seekwill> Same set of keys since it's on the same server...[17:14:30] <JaccoH> e_ they are[17:14:31] *** jeffspeff has quit IRC[17:14:40] <seekwill> e_: eh, that's why you have selectors...[17:15:00] *** batphone has quit IRC[17:15:09] <e_> seekwill: fair enough[17:15:12] <seekwill> If the key got compromised, just remove the selector[17:15:12] <f3ew> JaccoH puppet :)[17:15:19] <JaccoH> puppet?[17:15:36] <f3ew> More than a script![17:15:37] <seekwill> e_: I agree, it just doesn't sound right to share keys :)[17:15:43] <f3ew> see reductivelabs.com[17:15:45] <seekwill> But I couldn't figure out technically why[17:16:23] <thumbs> I know why.[17:16:24] <e_> seekwill: theorically if those were customer domains, the customer domains might not want other customers to be able to use the same domainkey thus being able to "fake" other customers sender domains because it's still the same key[17:16:32] <thumbs> just because it's seekwill[17:16:34] <JaccoH> i can use puppet to change all them zones for me?[17:16:46] <f3ew> JaccoH, and more![17:16:52] <f3ew> there's a learning curve though[17:16:57] <JaccoH> sounds like its worth a look[17:17:00] <f3ew> So it isn't an immediate solution[17:17:10] <f3ew> but it's a useful sysadmin tool[17:17:16] <JaccoH> i hate lurning curves ;)[17:17:17] <f3ew> #puppet, btw[17:17:21] <seekwill> e_: Yeah I thought of that..[17:17:27] <f3ew> It's just a different way of thinking[17:17:27] <JaccoH> thanks man[17:17:31] <seekwill> JaccoH: That's what gives us the $$$$$$ :)[17:17:35] <seekwill> thumbs: I rock[17:17:39] <Dominian> hrm.. for DKIM.. would you guys recommend using dkimproxy?[17:17:59] <seekwill> e_: What the customer doesn't know won't hurt them ;)[17:18:02] *** Internat has quit IRC[17:18:06] <JaccoH> well what do you know.. puppet is part of the ubuntu package system[17:18:18] <f3ew> yes it is :)[17:18:23] *** Internat has joined #postfix[17:18:27] <f3ew> Ok, time for me to go home[17:18:45] <cpm> g'night[17:18:47] <JaccoH> it has puppet and puppetmaster[17:18:52] <e_> dominian: yes[17:19:08] <Dominian> k[17:19:10] <jeeter522> anyone have any ideas what could be blocking local delivery? dovecot/postfix ?[17:19:15] <Dominian> I've never done DKIM, but I'm starting to think it would be a good idea ;)[17:19:20] <thumbs> seekwill: you suck![17:19:24] <seekwill> thumbs: :([17:19:56] <e_> dominian: the only "problem" with dkimproxy is that you need some trickery to distinguish between inbound and outbound mail[17:20:21] <Dominian> fsck[17:20:27] <Dominian> what else is there ?[17:21:25] *** ming_zym has quit IRC[17:21:40] *** Fallenou has joined #postfix[17:22:20] <Dominian> e_: dkimproxy.sf.net seems to have a nice walk through.. and that appears to handle incoming/outgoing..[17:24:19] <e_> dominian: if you read that, you will notice that this uses the "submission port"-trickery[17:24:29] <Dominian> oh fsck taht[17:24:40] <Dominian> I'm using the submission port for .. well.. smtp-auth[17:24:46] <e_> dominian: there is also the "second ip"-trickery[17:24:52] <e_> AND the pcre-map-trickery[17:24:54] <Dominian> no go on that[17:25:08] <Dominian> ok.. so DKIM in postfix is a headache is that what you're saying ;)[17:25:21] <e_> well if you already use the submission port for authenticated users sending mail, you are already using the submission-trickery[17:25:28] <e_> no, no, it just requires careful setup[17:25:31] <jeeter522> log/postconf = http://pastebin.com/m3fcc4c32 - for some reason no local delivery between users, this is a postfix/dovecot setup also using MailScanner, if anyone can help, im scratching my head here :\[17:25:46] <Dominian> ah[17:25:50] <Dominian> e_: then no worries..[17:25:51] <Dominian> :)[17:25:56] <e_> :)[17:26:09] <e_> dominian: just add the dkimproxy as filter to the smtpd running on submission, done[17:26:20] <e_> dominian: you might also want to add the dkimproxy filter to pickup[17:26:28] <Dominian> hrm[17:26:35] <Dominian> Well, I'll look into all this[17:26:47] <Dominian> I can put it in place and make sure stuff is where it needs to be.. if it "breaks" I'll just remove it hehe[17:27:00] <e_> mhm[17:27:18] <Dominian> I was working on a debian box for a friend last night .. trying to do dkim.. my god.. that box was soooo hosed[17:27:28] <Dominian> he had to upgrade it to get it working hah[17:27:40] <e_> it couldnt run dkimproxy?[17:27:58] <Dominian> errored out on one of the perl modules[17:28:03] <e_> ouch[17:28:10] <Dominian> well it was broken anyway[17:28:28] <Dominian> it had soemthing to do with that openssl thing that happened a few months back with Debian and its derivatives.[17:28:40] <Dominian> and apparently have Mail::DKIM installed already hehe[17:28:50] <Dominian> just need to get proxy going.. and my txt record[17:29:03] *** saurabhb has quit IRC[17:29:07] <Dominian> hrm.. will dkimproxy sign for ALL domains hosted on the server.. or just those specified?[17:29:12] <seekwill> What about dkim milter?[17:29:12] <Dominian> bah..[17:29:13] * Dominian reads[17:29:14] <e_> the latter[17:29:16] <Dominian> seekwill: what abou it?[17:29:24] <seekwill> Does it make things easier?[17:29:29] <e_> yes and slower[17:29:39] <e_> milter means it has to spawn one process for every mail..[17:29:46] <Dominian> yeah and that would suck[17:29:54] <e_> big time[17:30:06] <seekwill> ah[17:30:12] <seekwill> Depends on your volume :)[17:30:16] <Dominian> I mean..unless seekwill has a 20,000 bucks to give me and I'llb uild a monster email server to use milter ;)[17:30:24] <Dominian> heh[17:30:38] <Dominian> anyway.. going to work on getting htis going..[17:30:42] <seekwill> eh, for $20k, I'll buy a software package that does it much easier ;)[17:32:19] <seekwill> Sad when you have to throw hardware to fix a problem like that though :/[17:33:39] *** rootsvr has quit IRC[17:34:34] <e_> seekwill: that's about why people use java[17:35:03] <seekwill> heh[17:35:12] <seekwill> But that's why we have CoolThreads[17:35:37] <e_> there you go ;)[17:41:15] *** doodoo has joined #postfix[17:42:36] *** Zelest has joined #postfix[17:47:01] *** doodoo has quit IRC[17:52:22] *** mani|work has quit IRC[17:54:01] <seekwill> So in Postfix, you have to pass the message over to another process to get it DKIM signed? Could you do DK and DKIM signing at the same time to save a separate trip?[17:54:54] *** jeeter522 has left #postfix[17:55:41] <Dominian> for inbound you can use SA's plugin if you have Mail::DKIM installed[17:56:17] <seekwill> Cool... what about for outbound?[17:57:34] <seekwill> The thing I can't stand about DK/DKIM is that organizations don't implement it right. They sign some messages but not others... grrr![17:58:57] <Dominian> seekwill: for outbound.. dkimproxy[18:01:02] <seekwill> That looks pretty straightforward[18:06:43] *** simmerz has joined #postfix[18:07:21] <simmerz> hi. how might i go about dropping the initial sender header from an email send where the sending user is AUTHed into the SMTP server?[18:07:24] *** berndt has quit IRC[18:08:07] <simmerz> Thunderbird insists on sending an IP address as its HELO rather than the fqdn of the machine.[18:13:35] *** alienbrain has quit IRC[18:13:52] *** manofwar has quit IRC[18:14:02] <rob0> so? As per the SASL_README this should not be a problem. And FYI, thunderbird is DTRT. It only sends the IP if you don't have reverse DNS working.[18:14:26] <simmerz> I'm behind a NAT, so rDNS shouldn't work.[18:14:28] <seekwill> DTRT[18:14:33] *** sypher has quit IRC[18:14:37] <rob0> doing the right thing[18:14:43] <seekwill> ah[18:14:51] <rob0> my rdns works behind NAT[18:14:59] <simmerz> rob0: ?[18:16:01] <rob0> permit_sasl_authenticated comes before reject_* restrictions. Problem solved. And it has nothing to do with headers, BTW.[18:16:10] <simmerz> my /etc/hostname is "foo", so surely thunderbird should be sending "HELO foo", and the NAT gateway should be forwarding that as received from a.b.c.d (HELO foo) ?[18:16:48] *** technoid_ has joined #postfix[18:16:50] <simmerz> ok[18:16:55] <rob0> huh? You are describing an SMTP proxy.[18:17:14] <rob0> That's not the same thing as NAT. Check the documentation for your proxy.[18:17:36] * simmerz goes back to read more[18:25:08] *** j_s has joined #postfix[18:25:46] <Dominian> DKIM outbound signing = success[18:26:18] <seekwill> woohoo![18:26:34] <Dominian> thats really cool[18:26:43] <seekwill> What about DK?[18:26:51] <Dominian> eh[18:26:52] <Dominian> lost me[18:27:21] <seekwill> DK is what Yahoo uses (and a bit more established)[18:27:41] <Dominian> er..[18:27:46] <seekwill> I needed to have DK in order to be whitelisted by them[18:27:47] <Dominian> DKIM includes Domain Keys if thats what you mean..[18:28:12] <seekwill> oh. dkim-proxy might include DK, but DKIM in itself is not DK[18:28:17] <Dominian> DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM).[18:28:38] <Dominian> Well, I dunno then..[18:28:41] <Dominian> how can I be sure? lol[18:28:43] <Dominian> check the email header?[18:28:46] <seekwill> Yes.[18:28:56] <seekwill> Where did you get that snip?[18:29:22] <Dominian> wikipedia[18:29:36] <Dominian> and yes.. dkimproxy is adding a DomainKey-Signature: header[18:30:05] <seekwill> Ah nice[18:30:22] <seekwill> I'll definitely have to check it out..[18:30:44] * Dominian nods[18:30:46] <cpm> isn't that all patent encumbered?[18:30:47] <Dominian> itw as very easy to set up[18:30:58] <Dominian> a lot easier than I thought it would be[18:31:27] <seekwill> heh[18:31:47] <rob0> Don't think so, and it's a better thought-out scheme than SPF.[18:32:16] <cpm> Yeah, it I think yahoo owns it or some such.[18:33:01] *** sophokles has quit IRC[18:33:24] <sysmonk> :(((([18:33:30] <sysmonk> i've been kicked in my ass[18:33:45] <cpm> :)[18:33:54] <cpm> don't pout[18:34:08] <seekwill> sysmonk: Stop flashing it bro![18:34:44] *** ribasushi has quit IRC[18:35:14] *** ribasushi has joined #postfix[18:37:44] <rob0> There's no point in encumbering an email authentication scheme with a patent, since it is only effective if it gains widespread use.[18:37:57] <rob0> but then ... PHBs will be PHBs.[18:42:11] *** jonez has quit IRC[18:44:21] *** githogori has quit IRC[18:50:13] <cpm> rob0, remember, what's the intention?[18:50:17] *** havvg has joined #postfix[18:51:20] <Dominian> rob0: yeah.. I'm going to keep DKIM going outboudn for a bit.. if it seems to work ok with no issues.. I'll implement the DKIM plugin in SA to check received DKIM[18:53:18] <rob0> The intention is to pick on poor sysmonk![18:56:58] *** jwit has quit IRC[18:57:39] *** jwit has joined #postfix[18:58:42] *** standel has joined #postfix[18:58:52] <Dominian> hehe[19:00:56] <cpm> Yahoo tool![19:04:50] <Dominian> bah[19:04:57] <Dominian> DKIM is supported more than SPF[19:04:59] <Dominian> :P[19:05:18] *** jwit has quit IRC[19:05:28] *** jwit has joined #postfix[19:06:03] *** mcp has joined #postfix[19:06:10] <mcp> hello[19:07:44] <mcp> is it possible to change myhostname to the fqdn where I access the postfix machine? i.e. 1.2.3.4 is mx01.foo.bar and 5.6.7.8 is mx02.foo.bar and depending on where I connect postfix "changes" the myhostname?[19:09:24] *** jelly has quit IRC[19:10:04] *** simmerz has quit IRC[19:14:40] *** sega01 has joined #postfix[19:14:42] <sega01> hey[19:15:49] *** xp_prg3 has joined #postfix[19:17:23] <sega01> what opinions do you all have on different spam prevention methods such as SPF and DKIM?[19:17:48] *** madrescher1 has quit IRC[19:18:08] * cpm chuckles[19:18:18] <seekwill> SPF and DKIM are not related to spam filtering[19:18:48] <seekwill> sega01: if you want spam filtering, look into RBLs[19:19:40] <sega01> i mean email source authentication in that case[19:19:59] <sega01> they can help with spam, but you are right that they are not spam filtering[19:21:31] *** jelly has joined #postfix[19:22:36] <seekwill> I have a database of all DK/DKIM signatures, and manually whitelist the domains I like[19:22:47] <sega01> if inet_protocols is set to all, will postfix default to connect over ipv6, or is there another option needed?[19:23:06] <sega01> are there any issues with mailling lists?[19:24:00] <seekwill> Depends on how your mailing list works. My dk whitelisting just let's the message in without further scanning[19:24:12] *** jelly has quit IRC[19:24:31] *** xp_gone2 has quit IRC[19:24:33] *** Broken|work_ has joined #postfix[19:24:40] *** jelly has joined #postfix[19:25:19] <sega01> i would prefer to avoid white, black, and grey listing if possible[19:26:08] <mcp> hm? greylisting is fantastic :) i won't miss that[19:26:39] * seekwill pinches Dominian for greylisting[19:26:51] <PaSzCzUs> yes, greylisting is cool[19:26:51] <seekwill> sega01: umm ok[19:27:10] *** xp_prg3 is now known as xp_prg[19:27:19] <sega01> i like the idea of only relying on authentication[19:27:55] *** boschi has quit IRC[19:28:01] <seekwill> sega01: I thought you were talking about inbound[19:28:17] <seekwill> for local delivery...[19:28:23] *** jelly has quit IRC[19:28:25] <sega01> both, possibly[19:28:33] *** jelly has joined #postfix[19:28:57] *** sosoriosv has quit IRC[19:29:11] *** amrit|zzz is now known as amrit|wrk[19:29:14] *** jelly has quit IRC[19:29:36] <sega01> is it possible to setup DKIM and have it forwarded through mailling lists to other servers that are also setup with DKIM, without whitelisting?[19:29:40] *** jelly has joined #postfix[19:32:24] *** jonez has joined #postfix[19:34:49] <sega01> anyone know of a non perl or python implmentation of SPF for postfix?[19:35:53] <sega01> think i found something, nevermind[19:37:57] <mcp> sega01: share it[19:40:46] *** brancaleone has quit IRC[19:41:09] *** Broken|work has quit IRC[19:43:55] <seekwill> sega01: I'm not sure what you mean[19:44:20] <sega01> http://www.freestone.net/software/policyd-spf-fs/[19:44:36] <sega01> most of the SPF plugins for postfix are in perl or python[19:44:45] <sega01> i was hoping for one in C[19:44:52] <sega01> ^ is in[19:44:55] <sega01> *in C[19:47:25] *** felix-da-catz has joined #postfix[19:50:40] *** hparker has joined #postfix[19:51:55] *** githogori has joined #postfix[20:05:51] *** jelly has quit IRC[20:06:11] *** _snd has left #postfix[23:47:43] *** echelog has joined #postfix[23:48:21] <r8> Now I'm looking into what exactly reject_invalid_helo_hostname does. I see valid_hostname.c:100 has a comment about underscores: "/* grr.. */"[23:50:59] <vice-versa> r8: if you're concerned a restriction might cause rejections for some hosts you need to accept mail from you can always test drive them with warn_if_reject and monitor/review your logs after using them for some predetermined amount of time[23:51:43] <vice-versa> !warn_if_reject[23:51:44] <knoba> vice-versa: "warn_if_reject" : a parameter that means: Change the meaning of the next restriction, so that it logs a warning instead of rejecting a request (look for logfile records that contain "reject_warning"). This is useful for testing new restrictions in a "live" environment without risking unnecessary loss of mail.[23:52:09] <rob0> reject_invalid_helo_hostname should be safe too. Won't catch as many as non_fqdn, but it's safe.[23:52:23] <r8> Thanks. That's a good idea. I've tended to try to thoroughly investigate the options before implementing them, but the warn_if_reject option sounds convenient.[23:52:30] *** Motoko-chan has joined #postfix[23:52:50] <rob0> reject_non_fqdn_helo_hostname is the single most effective non-RBL restriction.[23:53:12] <rob0> I've seen it reject up to 25% of all attempts.[23:53:13] *** tombar has quit IRC[23:53:47] <vice-versa> yep, same here 25-30%[23:53:56] <r8> That's like free money.[23:54:26] <r8> I mean, great value for little (CPU) effort.[23:54:31] <rob0> indeed[23:54:43] <rob0> shooting fish in a barrel, I call it[23:54:56] <rob0> but I might be a redneck[23:55:05] <seekwill> I need to write this stuff down..[23:55:09] <r8> Well, for some reason guns come to mind for me too, when I'm thinking about spam.[23:55:20] <vice-versa> indeed, pre-data spam control rules ;)[23:55:20] <seekwill> Are all these settings in a guide somewhere?[23:55:31] <rob0> !cheatsheet[23:55:31] <knoba> rob0: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[23:55:31] <vice-versa> !cheatsheet[23:55:33] <knoba> vice-versa: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[23:55:35] <rob0> haha[23:55:36] <vice-versa> hehe[23:55:37] <seekwill> hah[23:55:38] <seekwill> nice[23:56:02] <vice-versa> old quickdraw beat me too it[23:56:16] <rob0> I already had my gun out[23:56:21] <vice-versa> :)[23:56:23] <r8> heh[23:59:36] *** felix-da-catz is now known as felix-da-catz_zz