[00:01:47] *** war9407 has quit IRC
[00:05:21] *** githogori has joined #postfix
[00:06:04] *** Knoedel2 has quit IRC
[00:06:22] *** growltiger has quit IRC
[00:08:27] *** mmitch has left #postfix
[00:11:51] *** cilly has quit IRC
[00:14:47] *** dumewom has quit IRC
[00:18:44] *** lorof has joined #postfix
[00:24:03] *** lorof has quit IRC
[00:30:21] *** hever has quit IRC
[00:36:04] *** _mXr is now known as mXr
[00:41:45] <[shg]> my problem has something to with the virtual hosting via mysql
[00:42:04] <[shg]> I removed the virtual config lines and i was able to receive mail correctlu.
[00:42:05] *** bobbyd has joined #postfix
[00:42:06] <[shg]> y
[00:42:09] <[shg]> Hm...
[00:42:09] <bobbyd> hi
[00:42:16] <bobbyd> how do i stop postfix logging to my syslog?
[00:43:05] <xpoint> bobbyd, postconf -d | grep log
[00:43:19] <bobbyd> ta
[00:43:34] <xpoint> or change syslog it sef to not log thing comming from postfix
[00:43:48] <xpoint> but silly !
[00:46:27] <bobbyd> xpoint: ok, so can I set syslog_facility to "no" or something like that?
[00:47:02] <xpoint> no
[00:47:20] <xpoint> it does not mean yes or no
[00:48:37] <xpoint> learn syslog is a good ideer here
[00:48:59] <bobbyd> ok, I just want to stop messages going to /var/log/syslog but keep them going to /var/log/mail.*
[00:49:45] <xpoint> set syslog_facility = LOG_MAIL in postfix main.cf
[00:50:03] <xpoint> and then in syslog
[00:50:24] <xpoint> mail.* /var/log/mail
[00:50:48] <xpoint> but you may have seen this from stadard config no ?`
[00:53:06] <bobbyd> hmm
[00:53:11] <[shg]> I've isolated the issue down to virtual_mailbox_domains
[00:53:13] <bobbyd> I don't think so
[01:14:01] <sahil> heh
[01:15:32] <[shg]> Once I get this virtual mail box stuff working.
[01:16:08] <[shg]> I will be very excited and happy because I am going to be performing all administration via the postfix admin thing.
[01:16:19] <[shg]> It is really neat and funky like.
[01:17:11] <deface> sup [shg]
[01:17:44] <[shg]> Hello
[01:18:10] <[shg]> I am doing well and you?
[01:18:18] <deface> doin aight
[01:18:23] <deface> you still getting errors ?
[01:18:24] <[shg]> Cool
[01:18:30] <[shg]> Yeah,
[01:18:45] <[shg]> I think I have a leg up on the problem, going to test it to see if it fixes the problem.
[01:27:05] *** F6F has quit IRC
[01:39:16] <sahil> why use postfix admin when you have the command line?
[01:43:19] <[shg]> In which aspect would the command line be useful?
[01:48:02] <deface> lol
[01:51:33] <sahil> see: every aspect, for more details.
[01:57:25] *** bobbyd has quit IRC
[02:00:11] <[shg]> No manual entry for every aspect
[02:44:29] *** ming_zym has joined #postfix
[02:49:03] *** saurabhb has joined #postfix
[02:52:59] *** idle-boy has quit IRC
[02:59:36] *** maqr has quit IRC
[03:00:52] *** saurabhb has quit IRC
[03:02:06] *** saurabhb has joined #postfix
[03:05:43] *** ajaaya has left #postfix
[03:08:19] <deface> hmm .. is it possible to customize options for certain error messages ..
[03:08:31] <[shg]> Sure
[03:08:33] <deface> i'm running postfix as a gateway scanner
[03:08:51] <deface> i want to just delete the messages that get a - 550 5.1.1 User unknown
[03:09:07] <deface> i have bout 20 domains, and can't do ldap lookups against all 20
[03:09:20] <deface> so there is no user verification until it tries to relay it
[03:11:41] <[shg]> Hm... whoops wrong mailer agent
[03:19:03] *** mazpe- has quit IRC
[03:40:33] <deface> [shg]: you get it fixed yet
[03:46:25] *** pirho has quit IRC
[03:56:55] *** pitakill has joined #postfix
[04:15:57] *** Tanguy has quit IRC
[04:23:27] *** mavrick61 has quit IRC
[04:24:28] *** amrit|afk is now known as amrit
[04:24:35] *** mavrick61 has joined #postfix
[04:35:46] <xpoint> deface, just do catchall on that domain and user unknow will go away very easely :)
[04:41:11] *** growltiger has joined #postfix
[04:59:56] <sahil> don't do catchall; i don't need more backscatter. :P
[05:08:10] *** xpoint has quit IRC
[05:35:05] *** xpoint has joined #postfix
[05:43:31] <deface> xpoint: there is no boxes for the domains, there relayed to the actual mailserver
[05:44:12] <xpoint> deface, put users into relay_recipient_maps then
[05:44:45] <xpoint> if delivered to mbox/maildir outside of postfix
[05:45:21] <deface> im not up for maintaining 2 sets of users
[05:45:29] <xpoint> it just better to change mx to the mbox/maildir server
[05:45:33] <deface> i'd rather it stay in queue for 1 day
[05:46:04] <deface> im using it for strictly spam scanning, and nothing more
[05:46:22] <deface> i run exchange at all my client sites
[05:46:39] <xpoint> fine remove the domains in mydestination, and virtual_domain_maps
[05:46:53] <deface> their not there
[05:47:34] <deface> host 75.150.25.206[75.150.25.206] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
[05:47:45] <xpoint> fine no problem
[05:48:11] <deface> but was wondering if i can just have postfix drop that message if that error is returned from server
[05:48:55] <xpoint> explain more verbose what problem you like to solve, unknown user is not a problem
[05:49:38] <deface> internet > myserver > scanned for spam/virus > relayed to there exchange server
[05:49:41] *** goldfisc1li has joined #postfix
[05:50:00] <deface> the exchange server tells myserver the user doesnt exist upon sending, how do i get postfix to del when i get a 550 5.1.1
[05:51:34] <xpoint> stiill remove users from that box then, and use relay_domains to ldap domain in exchange server, and do the same with relay_recipient_maps to ldap in exchange server, its just a AD lookup no magic there :)
[05:52:06] <deface> im running 20 domains
[05:52:26] <xpoint> so what i am burt raynolds :)
[05:53:35] <xpoint> you need realtime domains from exchange to postfix via AD, and the same apply for relay_recipient_maps (users get checked via AD)
[05:53:58] <xpoint> postfix have no domains installed !
[05:54:17] <xpoint> all domains is backup mx domains seen in postfix thats all
[05:55:56] <xpoint> postfix still do the content filter
[05:58:21] <deface> yup
[05:58:37] <deface> meaning i cant do native lookups on all domains
[05:58:46] <deface> and im really not up for keeping 2 sets of users
[05:59:00] <deface> i'll be moving more than just the 20 to that server
[05:59:22] <xpoint> you can even think "millions" :=)
[06:00:31] <xpoint> the important part is DO NOT ACCEPT mails and later bounce since exchange dont know the user
[06:01:17] <xpoint> thats why i say 2 ldap fetchs is needed to sync postfix with exchange
[06:01:19] <deface> unfortunately im accepting all mails for the domain
[06:01:21] <xpoint> 1: domains
[06:01:28] <xpoint> 2: users
[06:01:50] <xpoint> that sooks to accept all, and you know it
[06:02:00] <deface> yups
[06:03:04] <deface> but could i do multiple ldap lookups ?
[06:03:15] <xpoint> why is reject_unverified_recipient hard ?
[06:03:37] <xpoint> yes
[06:03:53] <xpoint> google postfix exchange ldap howto
[06:04:00] <deface> yeah, ive read them
[06:05:36] *** goldfischli has quit IRC
[06:13:19] *** pingouin has quit IRC
[06:41:49] *** niki has quit IRC
[06:50:22] *** Motoko-chan has joined #postfix
[06:57:10] *** fabounio has joined #postfix
[07:05:33] *** pitakill has quit IRC
[07:23:27] *** hever has joined #postfix
[07:34:48] *** fabounio has quit IRC
[07:43:01] *** weedar has joined #postfix
[07:53:56] *** BuenGenio__ has joined #postfix
[07:54:26] *** BuenGenio__ has quit IRC
[07:54:48] *** BuenGenio__ has joined #postfix
[07:55:03] *** BuenGenio__ has quit IRC
[08:00:45] *** idle-boy has joined #postfix
[08:00:48] *** BuenGenio__ has joined #postfix
[08:01:03] *** BuenGenio__ has quit IRC
[08:01:11] *** idle-boy has quit IRC
[08:01:42] *** BuenGenio__ has joined #postfix
[08:02:03] *** idle-boy has joined #postfix
[08:04:01] *** BuenGenio__ has quit IRC
[08:06:59] *** madrescher has joined #postfix
[08:07:51] *** frido has quit IRC
[08:12:18] *** BuenGenio__ has joined #postfix
[08:18:41] *** Kako has joined #postfix
[08:19:12] *** phnord has joined #postfix
[08:19:41] *** BuenGenio__ has quit IRC
[08:20:20] *** BuenGenio__ has joined #postfix
[08:21:09] *** Kako has quit IRC
[08:30:28] *** BuenGenio__ has quit IRC
[08:30:43] *** BuenGenio__ has joined #postfix
[08:30:58] *** Fr0zen__ has joined #postfix
[08:30:59] *** Fr0zen_ has quit IRC
[08:33:50] *** Fr0zen__ has quit IRC
[08:35:03] *** Azrael has quit IRC
[08:35:17] *** arj__ is now known as arj
[08:35:37] *** BuenGenio__ has quit IRC
[08:36:05] *** BuenGenio__ has joined #postfix
[08:39:02] *** milligan_ has quit IRC
[08:44:13] *** idle-boy has quit IRC
[08:44:43] *** idle-boy has joined #postfix
[08:51:09] *** BuenGenio__ has quit IRC
[08:51:28] *** BuenGenio__ has joined #postfix
[08:56:22] *** sophokles has joined #postfix
[08:56:30] *** BuenGenio__ has quit IRC
[09:09:48] *** vivek has joined #postfix
[09:12:41] *** mandragor has joined #postfix
[09:16:52] *** Kako has joined #postfix
[09:21:52] *** idle-boy has quit IRC
[09:24:22] *** idle-boy has joined #postfix
[09:24:47] *** F6F has joined #postfix
[09:26:26] *** weedar has quit IRC
[09:27:09] *** brancaleone has joined #postfix
[09:27:12] *** Tex-Twil has joined #postfix
[09:27:26] *** Tex-Twil has left #postfix
[09:32:29] *** |_Knoedel_| has joined #postfix
[09:36:33] *** sophokles has quit IRC
[09:37:05] *** sophokles has joined #postfix
[09:52:56] *** milligan_ has joined #postfix
[09:53:36] <milligan_> jduggan, in policyd .. I set up the amount of e-mails that a user can send within a timelimit. Nothing seems to get logged though. I enabled full logging .. and checking that, it's using the "bypass" module. that sound wrong, doesn't it ?
[09:54:59] *** madrescher has quit IRC
[09:55:50] <xpoint> bypass what ?
[09:56:32] <milligan_> googling, it seems that bypass is loading when policyd fails in a module.
[09:57:17] <xpoint> policyd v1 ?, maybe mysql is not working ?
[09:57:33] <milligan_> yeah, v1.. it says that it connects to the db in the logs ..
[09:57:42] <milligan_> And I can log in to the db without problems.
[09:57:46] * xpoint is tired of myisam in v1
[09:58:18] <xpoint> how much data do you have in policydb ?
[09:58:29] <milligan_> Nada. Fresh install.
[09:58:38] <xpoint> hmm
[09:59:51] <xpoint> policyd can be setup with failsafe or not, failsafe does accept mails even if policyd cant talk to mysql
[10:00:05] *** war9407 has joined #postfix
[10:01:00] <milligan_> I set failsafe to 0 .. restarted policyd .. sent another test.. still not logging anything.
[10:01:20] <xpoint> try send outside localhost
[10:01:50] <milligan_> I am
[10:02:22] <xpoint> is policyd being called at all ?
[10:02:27] <milligan_> yep
[10:02:36] <milligan_> let me post the log .. one sec.
[10:03:00] <xpoint> maybe mysql log confirm it does something :)
[10:06:07] <milligan_> http://xna.multigan.com/pastebin/?page=view&id=1223885284
[10:06:58] <xpoint> http://bugs.gentoo.org/show_bug.cgi?id=238806 policyd 1.80 running innodb here on my host
[10:06:58] *** azka has quit IRC
[10:09:08] *** azka has joined #postfix
[10:09:17] *** azka has left #postfix
[10:10:30] *** Motoko-chan has quit IRC
[10:11:23] <milligan_> looks fine according to my logs, doesn't it ?
[10:12:08] <xpoint> yes, sender is whitelisted somewhere in mysql its just hard in logs to see where
[10:12:44] <milligan_> could it be because the sending ip is part of the allowed subnets?
[10:12:55] <xpoint> does yes
[10:14:00] *** quik__ has joined #postfix
[10:14:04] <quik__> hey folks
[10:14:05] <milligan_> Hm, ok.. I want everyone to be filtered ... I need to limit the amount of e-mails people are allowed to send.
[10:14:07] *** ming_zym has quit IRC
[10:14:11] <xpoint> be carefull whit whitelist local ips
[10:14:13] <quik__> one liner - why postfix over sendmail?
[10:14:36] <xpoint> quik__, 42
[10:14:53] <quik__> the answer to life, the universe and everything
[10:15:18] <milligan_> xpoint, I don't want them whitelisted. I didn't add them. Does policyd do that automatically ?
[10:15:42] <xpoint> see mysql db
[10:16:46] <milligan_> I disabled whitelisting. Still no difference.
[10:16:52] <quik__> xpoint: if I install postfix on debian
[10:16:56] <quik__> from packages
[10:17:14] <quik__> will I almost have a working mail server from apt-get install postfix?
[10:17:15] <xpoint> it make sense what is in mysql db even what is in policyd.conf
[10:17:39] <xpoint> quik__, no
[10:17:49] <quik__> xpoint: what more will there to do?
[10:18:09] *** madrescher has joined #postfix
[10:18:20] <xpoint> quik__, when you have it installed, empty main.cf to get a better debian default config for postfix
[10:18:37] <quik__> empty it? the config is rubbish?
[10:18:54] <milligan_> xpoint, which table should I check for data ?
[10:19:04] <xpoint> quik__, you have to know postfix to know the question on that
[10:19:38] <quik__> xpoint: I simply want to accept local mail from a web based application and deliver it
[10:19:57] <xpoint> go ssmtp then
[10:20:09] <quik__> satelliete system?
[10:20:39] <xpoint> not in debian ?
[10:20:54] *** Filbert has quit IRC
[10:20:58] <quik__> I was asking if thats what you meant by ssmtp
[10:21:20] <xpoint> apt-cache search ssmtp
[10:21:26] <xpoint> hard ?
[10:21:40] *** bosnianboy has joined #postfix
[10:21:43] <bosnianboy> hi all
[10:22:16] <bosnianboy> need some info about smtpd_client_restrictions
[10:22:19] <quik__> xpoint: not hard, I'm just new to mail servers ;) cut the crap
[10:22:48] <xpoint> keep away from postfix/sendmail/qmail then
[10:22:51] <bosnianboy> i set IP blacklisting defined in /etc/postfix/spamlist
[10:23:10] <bosnianboy> IP REJECT 550 MESSAGE
[10:23:17] <xpoint> quik__, for php mail to work you just need ssmtp then
[10:23:37] <quik__> xpoint: please don't assume I'm using php
[10:23:58] <bosnianboy> and I have dynamic script that inserts new IP's that send more than 100 msg/min
[10:24:04] <xpoint> quik__, or even sendmail command line sorry :)
[10:24:16] <bosnianboy> but if the rule is set during the session of that IP
[10:24:28] <bosnianboy> it won't be blocked if rset is used
[10:24:32] <bosnianboy> any ideas ?
[10:25:39] <xpoint> bosnianboy, IP REJECT MESSAGE
[10:25:58] <bosnianboy> ok, rule works if there is new connection from that IP
[10:26:10] <xpoint> postmap /etc/postfix/spamlist
[10:26:30] <bosnianboy> I connect from 10.0.0.10
[10:26:35] <bosnianboy> that is not blackliste
[10:26:40] <bosnianboy> blacklisted*
[10:26:53] <xpoint> smtpd_client_restriction = check_client_access = hash:/etc/postfix/spamlist
[10:27:08] <bosnianboy> but if I insert rule for that IP, postmap file and reload postfix
[10:27:12] <bosnianboy> then do rset
[10:27:16] <bosnianboy> rule is not working
[10:27:21] *** Filbert has joined #postfix
[10:27:33] <bosnianboy> on a new connection rule is rejecting
[10:27:53] <xpoint> see  topic so
[10:29:59] <xpoint> rset starts all again from point where you say ehlo/helo so you need to try again from that point
[10:31:01] <bosnianboy> problem is that IP is not rejected if the rule was set during the session, and rset is used for new mail. Hope I made it clear...
[10:31:42] <xpoint> yes i follow you here, is it a real problem you need to solve ?
[10:32:25] <xpoint> problem accours when spamlist is changed only as i understand
[10:35:00] <bosnianboy> it is a problem, I made dynamic blocking script
[10:35:13] <bosnianboy> that takes data from mailscanner database
[10:35:41] <bosnianboy> and at the moment it blocks IP on iptables
[10:35:50] <xpoint> database in mysql ?
[10:35:53] <bosnianboy> yes
[10:36:23] <xpoint> why not make a mysql map to postfix direct without scripting ?
[10:36:38] <bosnianboy> but users that don't know what happened, (spam spyware etc.) keep calling
[10:37:03] <bosnianboy> because I need to get IP's that send more than 100 msgs/min
[10:37:11] <bosnianboy> and it's not so simple bash script
[10:37:18] <bosnianboy> that is parsing data from mysql
[10:37:25] <xpoint> is this info in sql ?
[10:37:54] <xpoint> 100 msgs/min is not a soho server
[10:38:26] <bosnianboy> no, I select all data for last minute, sort it, count them, than select only those that have more than given number of connections
[10:38:43] <bosnianboy> mails/min to be exact
[10:38:50] <xpoint> stupid
[10:38:56] <bosnianboy> why ?
[10:39:00] <bosnianboy> how would you do it ?
[10:39:20] <xpoint> to much calls from users
[10:39:47] <bosnianboy> to many :)
[10:39:49] <milligan_> xpoint, did you have any ideas why my policyd isn't working ?
[10:40:19] <xpoint> using as few rules as possible that makes no call from users would be what i want
[10:40:20] <bosnianboy> nope, works fine on a new connection, nothing in maillog, nothing anywhere...
[10:41:17] <xpoint> milligan_, not much, but its problem in either policyd.conf or mysql db that makes policyd do what you show in logs
[10:42:53] <milligan_> xpoint, I don't see how it can be a problem though? The logs indicate no such thing.. ?
[10:43:41] <xpoint> logs dont show problem is external problem either
[10:43:49] <|_Knoedel_|> is there a greylist daemon which can handle with mysql master-master replication ? gld won't do this for me
[10:45:03] *** bosnianboy has left #postfix
[10:45:04] <xpoint> gld will olso do this yes
[10:45:56] *** cilly has joined #postfix
[10:46:39] <xpoint> else postgrey can be used with multiple mta at once
[10:47:32] <|_Knoedel_|> i have 2 servers with 2 mysql
[10:47:44] <|_Knoedel_|> this 2 mysql servers do a master-master replication
[10:48:05] <|_Knoedel_|> but i'm getting after an hour duplicate errors in my database
[10:48:09] <xpoint> fine, just keep one sql greylist daemond, and use that from 2 postfix
[10:48:22] <|_Knoedel_|> so gld is not designed to use with master-master replication
[10:48:34] <xpoint> wroung
[10:48:44] <milligan_> xpoint, it's not an external problem, that's for sure.
[10:49:10] <xpoint> milligan_, and i dont have a crystal ball :)
[10:49:36] <|_Knoedel_|> xpoint then the sql server is a SPOF
[10:50:01] <xpoint> hehe yep, problem is more that you use 2 gld not just one
[10:50:34] <|_Knoedel_|> yes, is there a way to set a delay
[10:50:39] <|_Knoedel_|> or something like that
[10:51:09] <|_Knoedel_|> http://rafb.net/p/QDuwjc10.html
[10:51:11] <xpoint> have you tryed postgrey ?
[10:51:14] <|_Knoedel_|> this is mysql conf
[10:53:54] <milligan_> ffs .. I found the error.
[10:54:09] <xpoint> 42 ?
[10:54:45] <milligan_> me ?
[10:55:33] <|_Knoedel_|> http://code.google.com/p/gross/
[10:55:37] <|_Knoedel_|> someone tested this ?
[10:58:16] * xpoint have tryed maRBL and postgrey that does basicly the same
[11:00:42] *** quik__ has left #postfix
[11:02:34] <|_Knoedel_|> ok so noone is using master/master replication...
[11:04:31] <sysmonk> in what?
[11:04:53] <|_Knoedel_|> mysql master-master replication combined with greylisting
[11:05:17] <sysmonk> ah, nope, but i think sqlgrey had something for that
[11:06:32] <xpoint> sysmonk, why is gld a problem with master 2 master replication when sqlgrey works ?
[11:06:53] <sysmonk> i never used gld
[11:07:02] <sysmonk> so i can't comment about that
[11:07:09] <xpoint> and why use 2 sqlgrey when sqlgrey can run on inet ?
[11:07:50] <robtone_> even postgrey can run on inet, be he talked previously about SPOF
[11:08:07] <robtone_> however, SPOF and greylisting do not belong in the same context
[11:08:08] <sysmonk> i really didn't read what he was talking about
[11:09:46] <|_Knoedel_|> my target is to have 1 Greylist MySQL Database for 2 Mail-Gateways, if one Server is down the other can continue to use the global database
[11:10:12] <|_Knoedel_|> and for that i did: 2 servers each of them has a mysql server with gld
[11:10:26] <robtone_> well, as xpoint pointed out, one greylist daemon accessed via check_policy_service inet: is the most elegant solution
[11:11:17] <|_Knoedel_|> and if this one fails ?
[11:11:26] <robtone_> you are using greylisting.
[11:11:42] <robtone_> you should know the sense behind 4xx
[11:11:55] <|_Knoedel_|> i know the temporary errors
[11:12:18] <|_Knoedel_|> but i want to pass them if they are in the database..and not loop them 4xx errors
[11:12:30] <robtone_> you trade SPOF against complexity and inconsistency.
[11:12:37] <robtone_> whats your point?
[11:13:49] <|_Knoedel_|> to have HA
[11:14:02] <robtone_> HA? as in nelsons ha haaa?
[11:14:10] <|_Knoedel_|> lol
[11:14:39] * Roobarb waves the DRBD flag
[11:15:34] <|_Knoedel_|> thought also about drdb,heartbeat, clustering fs etc. but i dont need it so complicate
[11:15:42] * robtone_ wonders whether there exists sql multiplexors
[11:15:49] <xpoint> please turn down your servers and get a life :)
[11:16:19] <|_Knoedel_|> the master-master repli is already working, the point is that my grey daemon writes at the same time
[11:16:20] <xpoint> postgresql
[11:17:04] <Roobarb> robtone_: slony on postgres
[11:17:11] <xpoint> use a single greylist daemond to solve this so
[11:18:09] <xpoint> else you will have mysql on over work sync 2 diff dbs
[11:18:38] <xpoint> but 2 mta can use 1 greylist daemon
[11:18:40] <f3ew> use master-slave with failover
[11:20:03] <|_Knoedel_|> watching currently over sqlgrey dbcluster readme
[11:20:05] *** saurabhb has quit IRC
[11:20:19] *** cilly has quit IRC
[11:21:15] * robtone_ wonders also why there is no greylist-via-dns
[11:21:35] <xpoint> or https
[11:22:10] <xpoint> for soho use :)
[11:23:40] <robtone_> hm, okay, DNS/UDP might be too unreliable/timewasting
[11:25:15] <xpoint> its olso silly most overloaded rbl have low cache time, are rbl managers fools ?
[11:26:03] <xpoint> rbl zone files will need new serial anyway when data changes if i understand dns currect
[11:26:15] *** jeffspeff has quit IRC
[11:26:43] *** jeffspeff has joined #postfix
[11:32:36] *** CrazyFoam has quit IRC
[11:34:56] *** cilly has joined #postfix
[11:34:58] *** internat85 has quit IRC
[11:35:07] *** tsauter has joined #postfix
[11:35:11] <tsauter> hi all
[11:35:54] *** pirho has joined #postfix
[11:36:09] <tsauter> I am search for a way to rewrite email addresses by regular expressions. in fact I need to strip the string +clean from the email (e.g. test+clean at google dot com). Is this possible?
[11:43:45] <[shg]> deface: Resolved, actual problem?  Hostname had to be changed.. why? postfix/virtual uses the system's actual hostname rather than myhostname.
[11:44:36] <f3ew> !recipient_delimiter
[11:44:38] <knoba> f3ew: "recipient_delimiter" : a configuration parameter in the main.cf: The separator between user names and address extensions (user+foo). See canonical(5), local(8), relocated(5) and virtual(5) for the effects this has on aliases, canonical, virtual, relocated and on .forward file lookups. Basically, the software tries user+foo and .forward+foo before trying user and .forward.
[11:45:22] *** davidroderick has joined #postfix
[11:48:05] <milligan_> xpoint, policyd doesn't pay attention to relay stuff? That's up the mta, isn't it ?
[11:52:33] *** Haris_ has joined #postfix
[11:52:50] *** Haris has quit IRC
[11:54:25] <xpoint> milligan_, its mta yes
[12:01:38] *** internat85 has joined #postfix
[12:18:23] <zamba> the date field in the email headers is the time set on the MUA, right?
[12:18:35] <f3ew> Yes
[12:19:08] <zamba> so that in other words be effectively spoofed
[12:19:54] <zamba> is there a tool to automatically generate the trace of the email?
[12:20:02] <zamba> by using the received headers?
[12:21:15] *** davidroderick has quit IRC
[12:22:03] <f3ew> no
[12:23:48] *** cilly has quit IRC
[12:30:40] *** cilly has joined #postfix
[12:31:04] <jelly> what's a "trace" of a mail anyway?
[12:38:01] <zamba> the path it took through the email servers
[12:43:51] *** fibbs has joined #postfix
[12:43:55] <fibbs> Hi folks
[12:45:38] <fibbs> i have a general question: I want to install a postfix as firstline-mailgateway. It should receive mails for some domains, check localparts from lists (exported from ldap) and then relay these mails to internal mail server. How can i configure this? The mailaddress-checks with virtual tables and then a virtual_transport for the internal server?
[12:45:46] <fibbs> or is there another recommended way?
[12:46:39] <xpoint> configure postfix as a backup mx with ldap then
[12:47:20] <xpoint> no not wirtual when mails go outside localhost lda delivery
[12:47:39] *** mandragor is now known as weedar
[12:48:17] <xpoint> relay_domains_maps = ldap:....
[12:48:33] <xpoint> relay_recipient_maps = ldap:...
[12:48:58] <xpoint> thats all in postfix, the remote will then have to do the lda
[12:49:54] <fibbs> ok, so the domains we will receive mails for should be in relay_domains or not?
[12:50:26] <xpoint> yes this will be the domains accept mails to
[12:51:01] <fibbs> but doesn't relay_domains switch relay_domains_maps off?
[12:52:33] <xpoint> relay_domains = $mydestination default
[12:52:38] <fibbs> ...and i guess i will need transport_maps to define the destination mailserver for the domains?
[12:53:22] <xpoint> this is not needed when its mx backup
[12:54:06] <xpoint> if final lda box is firewalled then it will get to backup and the backup is not firewall to send to the lda box
[12:54:27] <fibbs> so how will this setup figure out where to route the mails to? In my special case i have different internal addresses to send the mails to, one per domain
[12:54:31] <fibbs> a multi-company office
[12:55:17] <xpoint> so internal email is foo at localhost dot hosted-domain.tld ?
[12:55:47] <xpoint> where localhost.hosted-domain.tld can be writed to from outside ?
[12:56:16] <xpoint> localhost.junc.org have 127.0.0.1 here
[12:56:25] <xpoint> just to get the basic
[12:58:08] *** vivek has quit IRC
[12:59:53] *** bisoc has quit IRC
[13:00:00] <fibbs> xpoint: in my case, for example domain1.tld has mx-record to postfix, but is handled by internal exchange-server, domain2.tld also by the same exchange, domain3.tld by another mail server like scalix
[13:00:01] *** bisoc has joined #postfix
[13:00:39] <xpoint> but all domains have same frontend with postfix ?
[13:00:46] <fibbs> xpoint: exactly
[13:01:28] <fibbs> xpoint: additionally i want to be able to change these internal destinations in case of problems e.g. with the exchange server
[13:01:37] <xpoint> okay, then add domains that runs exchange to mydestination and fetch releay_recipient_maps from ldap
[13:02:15] <xpoint> and if scalix runs on localhost to postfix do this with virtual
[13:02:28] <fibbs> no, nothing on localhost
[13:02:38] <fibbs> only different machines inside different dmzs
[13:02:58] <xpoint> scalix is olso another box like the 2 exchangers is ?
[13:03:07] <fibbs> yes
[13:04:10] <fibbs> this is why i thought about transport_maps to tell postfix to relay domain1.tld to exchange1, domain3.tld to scalix
[13:04:23] <xpoint> okay, simplest on the postfix box is to do reject_unverified_recipient and have transport_maps to mydestination nexthops
[13:04:24] <fibbs> if this would work, i would be happy ;-)
[13:05:28] <fibbs> ok so i was right for this... should i put the domains in $mydestination or in relay_domains_maps? What is the difference?
[13:05:50] <xpoint> if you can do queury for all recipients from postfix then do it to the reley_recipient_maps to prevent bounces
[13:06:21] <xpoint> there is no relay_domains_maps my fault
[13:06:21] *** madrescher has quit IRC
[13:06:59] <xpoint> default is reley_domains = $mydestination
[13:07:23] <fibbs> ok, so having the mail addresses in relay_receipient_maps is sufficient and i will not need to have the domains in mydestination additionally?
[13:07:43] <xpoint> both is needed
[13:07:58] <xpoint> diffrent things is defined in them
[13:08:26] <fibbs> ok, i know i only was not sure how relay_recipient_maps behave
[13:09:17] <fibbs> so a last question: is it possible to query relay_recipient_maps for domain1.tld from AD, for domain3.tld from maybe mysql on another machine?
[13:09:27] <xpoint> it does not define domains so both is needed
[13:09:34] <fibbs> this is because domain1 and domain2 are on the same ADS, but domain3 is not
[13:10:02] <xpoint> maps type is all postconf -m you can use
[13:10:31] <xpoint> mix of maps is olso not a problem
[13:11:02] <xpoint> reley_recipient_maps = ldap:.., mysql:...
[13:11:14] <f3ew> relay_
[13:11:23] <xpoint> ups
[13:11:34] <xpoint> my bad keyboard
[13:12:25] <fibbs> in your example i would not have a separation for the domains, so mailaddress bla at domain3 dot tld which is internally hosted on scalix server would first be tried to be queried from MS AD
[13:13:08] <xpoint> yes
[13:13:31] <xpoint> first match wins the delivery
[13:13:35] <fibbs> ummm ok, this should not be a problem in my case, but would it be possible to do such a mapping?
[13:14:26] <xpoint> no, it will require rewrite on postfix internals to make more optimised way
[13:15:01] *** tsauter has quit IRC
[13:15:17] <fibbs> xpoint: ok thank you very much, i think the remaining questions i can handle myself by "asking" the documentation
[13:15:28] <fibbs> i will play around a bit ;-)
[13:15:44] <xpoint> yep, you need 2 ldap queury one pr ad
[13:16:16] <xpoint> and one to scalix all 3 to relay_recipients_maps
[13:16:36] <fibbs> xpoint: does the ldap-requests be cached or does postfix ask the ad everytime it receives a message?
[13:17:04] <xpoint> it will cache for limited time
[13:17:32] <xpoint> proxymap
[13:18:01] <fibbs> sounds good
[13:19:35] <xpoint> you can add reject_unverified_recipient and address_verify_map to have postfix accept mails when exchange is down
[13:20:01] <fibbs> nice
[13:20:47] <xpoint> google it on how to later when you are ready to make that final
[13:23:08] <fibbs> xpoint: thankx a lot
[13:23:36] *** Fallenou has joined #postfix
[13:23:43] <xpoint> domain need to be added as transport_maps to make the local transport
[13:24:26] <xpoint> domain1.tld relay:[lan.ip2]:port
[13:24:54] <xpoint> domain2.tld relay:[lan.ip1]:port
[13:25:23] <xpoint> and the same for domain3
[13:29:20] *** madrescher has joined #postfix
[13:38:02] *** cpm has joined #postfix
[13:42:52] *** xnixan has quit IRC
[13:48:24] *** cilly has quit IRC
[13:54:49] *** hever has quit IRC
[14:00:29] *** PcPixel has joined #postfix
[14:01:05] <PcPixel> quick question: assuming you have an IP list of full IPs (ie: A.B.C.D/32). which would be more efficient to use: CIDR map or a hash?
[14:01:37] <sysmonk> PcPixel: as in /32 or as in a.b.c.d ?
[14:01:49] <PcPixel> the second
[14:01:55] <sysmonk> hash doesn't understand cidr notation, so you'd have to hack down the /32 bit
[14:01:55] <sysmonk> ah
[14:02:02] <PcPixel> i added the /32 in an attempt to clarify, but i gues sit made it more confusing :P
[14:02:10] <sysmonk> hash would be faster afair
[14:02:13] <PcPixel> better way would have been a map of a.b.c.d or a cidr of a.b.c.d/32
[14:02:21] <sysmonk> but, if it's not chancing often, you could even have it in flat file
[14:02:30] <PcPixel> ive writtena program to extract IPs out of my maillog to aid in blacklising
[14:02:51] <PcPixel> and ive got the list. but before i write it out in a final format, was wondering which would be more efficient
[14:03:09] <sysmonk> PcPixel: um, isn't that what fail2ban does for you ?
[14:03:10] <sysmonk> ;P
[14:03:48] <PcPixel> sysmonk: im incredibly bored at work
[14:04:04] <PcPixel> sysmonk: and im weak on programming, so i figured it would be a nice little distraction
[14:04:15] <sysmonk> hehe
[14:04:16] <sysmonk> i see
[14:04:24] <PcPixel> the only thing ive got full control over is my mailserver
[14:04:36] <sysmonk> poor thing...
[14:05:11] *** Vivek has joined #postfix
[14:05:47] <PcPixel> sysmonk: you have no idea.
[14:05:58] <PcPixel> sysmonk: wel if you remember, then yeah... you have some idea lol
[14:06:54] * robtone_ provides some mass to the uninverse, too: >.<
[14:06:57] <PcPixel> sysmonk: oh i found out another wonderful little nugget about out mail configuration too
[14:07:57] <PcPixel> we use MS Exchange (no, that isnt it). Rather than have the MTA dual home, our Exchange server is dual homed. i just found out that we have half of the clients connect to the internet NIC for email while xternal clients connect to get mail out in the DMZ. this is using MS Outlook.
[14:08:50] *** Nockian has quit IRC
[14:10:05] <PcPixel> go us.
[14:10:28] <xpoint> hash cant do cidr so what use cidr: :)
[14:12:05] <PcPixel> ive never worked anywhere this messed up.
[14:12:27] <fibbs> aem xpoint, you told me to put my domains into mydestination, but what i see in documentation is that the domains listed in mydestination will tried to be deliverd locally, what is not correct in my case
[14:13:33] <xpoint> it is based on the fact that relay_domains = $mydestination as default
[14:14:19] <xpoint> but change it to relay_domains=domain1.tld, domain2.tld, domain3.tld then
[14:14:52] <xpoint> and remove it from mydestinatiion
[14:15:12] *** mark-use has joined #postfix
[14:15:36] *** PcPixel has quit IRC
[14:16:19] <xpoint> silly default imho
[14:16:32] *** madrescher has quit IRC
[14:18:24] <fibbs> xpoint: thx
[14:18:53] *** eanxgeek has joined #postfix
[14:19:22] <PodMan99a1> hey all ... im calling spamassassin as follows
[14:19:22] <PodMan99a1>         user=spamfilter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
[14:19:35] <PodMan99a1> can i set it to only scan messages below a certain size?
[14:19:44] <PodMan99a1> that snipet from was from master.cf
[14:21:36] <xpoint> nope this is not possiible in pipes
[14:22:09] <PodMan99a1> any docs on how to do it another way?
[14:22:14] <xpoint> but you can do it in procmail before calling spamassassin
[14:22:40] <PodMan99a1> will procmail work for purely a relay server... this is not a mailbox server
[14:22:59] <xpoint> postfix is not a content filter so external progs is needed
[14:24:34] <PodMan99a1> ne good docs for using procmail
[14:30:27] *** Fallenou has quit IRC
[14:32:35] *** Fallenou has joined #postfix
[14:35:13] *** internat1 has joined #postfix
[14:35:31] *** internat85 has quit IRC
[14:43:51] *** ohcibi has joined #postfix
[14:44:40] <ohcibi> hi folks i'm trying to send mails via postfix and php but it does not work... i use postfix as a satalite system... any ideas?
[14:45:41] *** issackelly has joined #postfix
[14:46:32] <Roobarb> ohcibi: "doesn't work" is so vague it borders on useless....
[14:47:15] <ohcibi> the mailqueue is empty but the mails do not arrive at the mailboxes which they are send to
[14:47:47] <issackelly> I followed a postfix setup guide, but my mailserver is still not acting right.  It is receiving mail, an IMAP etc, work, but I can't send mail via SMTP.  I think it has something to do with SASL and TLS.  When I disable either it still doesn't work, but when I disable both, I can send anonymously.
[14:47:49] <Roobarb> does postfix log anything
[14:49:26] <issackelly> http://pastie.org/291173 my logs when SASL is disabled
[14:49:36] <ohcibi> which logfiles are the interesting ones Roobarb?
[15:00:15] *** pecanha has joined #postfix
[15:01:25] *** idle-boy has quit IRC
[15:01:39] *** _idle-boy has joined #postfix
[15:03:51] <ohcibi> hm the mails could not be delivered since the senders domain-name did not exist in the target-servers DNS
[15:07:18] *** _idle-boy has quit IRC
[15:08:00] *** _idle-boy has joined #postfix
[15:08:23] *** _idle-boy has quit IRC
[15:09:24] *** _idle-boy has joined #postfix
[15:14:06] *** _idle-boy has quit IRC
[15:15:25] *** _idle-boy has joined #postfix
[15:17:41] *** _idle-boy is now known as idle-boy
[15:17:42] *** BuenGenio has joined #postfix
[15:17:48] *** sophokles has quit IRC
[15:18:26] *** sophokles has joined #postfix
[15:22:09] *** realbugix has joined #postfix
[15:22:17] <realbugix> hi
[15:23:53] <realbugix> i have troubles to set unknown_relay_recipient_reject_code = 550
[15:24:10] <realbugix> RCPT TO: <unknown at kiebitz dot ch>
[15:24:10] <realbugix> 450 4.1.1 <unknown at kiebitz dot ch>: Recipient address rejected: undeliverable address: host kiebitz05.kiebitz.ch[213.180.184.242] said: 550 5.1.1 User unknown (in reply to RCPT TO command)
[15:25:00] <realbugix> the exchange server i relay to gives me a correct 550, but postfix wont do this
[15:27:46] <Dominian> Does your postfix box know about the users it accepts email for before relaying to Exchange?
[15:28:33] <realbugix> nope, ill do that with address_verify_map = btree:/var/spool/postfix/data/verify
[15:28:43] <Dominian> Well, then that could be one problem
[15:28:59] <Dominian> If you're going to relay to exchange.. you're going to want to verify receipient first...
[15:29:43] <realbugix> but exchange clearly gives a 550 5.1.1 User unknown (in reply to RCPT TO command)
[15:30:21] <Dominian> dunno don't have time right now to really help out.. sorry
[15:30:37] <realbugix> no prob, thanks anyway
[15:35:25] <realbugix> found it, unverified_recipient_reject_code = 550
[15:35:40] <issackelly> What would cause this error? SSL_accept error from c-68-59-9-16.hsd1.sc.comcast.net[68.59.9.16]: -1
[15:36:05] *** mark-use has quit IRC
[15:36:12] *** Pazzo has joined #postfix
[15:38:45] *** mark-use has joined #postfix
[15:39:25] *** [Gandhi] has joined #postfix
[15:43:32] <realbugix> isnt it a bit dangerous to announce to which server we relay?
[15:44:47] *** adnc has joined #postfix
[15:44:48] <realbugix> i would prefer to just say 550  Recipient address unknown. Go away
[15:44:52] <f3ew> no
[15:45:45] <Dominian> realbugix: oh man.. good you found it.. I knew the answer.. got busy haha.. sorry about that.
[15:45:52] <adnc> hello, i get a certificate verification failed for mail2.itu.edu.tr when sending mails. is this because i miss the root certificate there cert was signed for the TLS connection?
[15:47:09] *** [Gandhi] has quit IRC
[15:47:23] <Dominian> pastebin?
[15:47:25] <realbugix> Dominian: hehe, I just wonder what unknown_relay_recipient_reject_code does then :-)
[15:47:54] <Dominian> hehe not sure
[15:49:32] <issackelly> Where would I start for debugging TLS issues?
[15:49:33] *** xnixan has joined #postfix
[15:49:43] <issackelly> SSL_accept error: -1
[15:50:04] *** adnc has quit IRC
[15:51:20] *** BuenGenio has quit IRC
[15:51:49] *** mark-use_ has joined #postfix
[15:53:19] <realbugix> f3ew: the postfix devs seem to think otherwise, 2.6 will contain unverified_recipient_reject_reason
[15:57:58] *** mark-use has quit IRC
[15:58:35] *** Fallenou[oqp] has joined #postfix
[15:59:17] <fibbs> i get a "Recipient address rejected" for relaying to one of my domains, with dig i have found out that there IS a MX and A record for this domain, how can i find out what exactly makes this error on reject_unknown_recipient_domain occur?
[16:01:01] *** Fallenou has quit IRC
[16:01:04] *** Fallenou[oqp] is now known as Fallenou
[16:05:16] <realbugix> fibbs: did you set relay_domains?
[16:05:57] <fibbs> realbugix: yes i found it out: internal dns was responding with mx host "blabla.bla.local"
[16:07:02] <realbugix> fibbs: as long as blabla.bla.local points to the server you like to relay to thats ok :-)
[16:07:34] *** mark-use_ has quit IRC
[16:23:34] *** Nockian has joined #postfix
[16:27:52] <fibbs> arg, i have mynetworks = 127.0.0.1, 192.168.2.0/24, hash:/etc/postfix/maps/sender_networks and a line 192.168.0.0/24<tab>OK in sender_networks file, but i can relay from 192.168.2.0/24 and NOT from 192.168.0.0/24, why this?
[16:28:30] <sysmonk> fibbs: hash doesn't support CIDR notation
[16:28:38] <fibbs> sysmonk: ahhhh
[16:28:46] <sysmonk> use cidr:/etc/psotfix/maps/sender_networks
[16:28:47] <fibbs> sysmonk: nobody told me that
[16:29:00] <sysmonk> fibbs: you didn't ask! :)
[16:29:02] <fibbs> sysmonk: ok and how is the syntax?
[16:29:16] <sysmonk> fibbs: the usual :)
[16:29:44] <fibbs> ok i see
[16:29:47] <fibbs> thx a lot
[16:30:05] <fibbs> so i will not have to do "postmap" on the cidr containing file?
[16:30:20] <sysmonk> no, but you will have to reload postfix if you change the file
[16:30:31] <fibbs> of course
[16:31:01] <sysmonk> 'of course' -> you don't have to reload postfix after changing a hash file, you only need to postmap it
[16:31:18] <fibbs> i know that but thanks
[16:31:41] <sysmonk> uh, k, college...
[16:31:50] * sysmonk hates to go to stupid classess
[16:34:02] *** PodMan99a has joined #postfix
[16:36:20] <jduggan> hrm, have you guys ever seen clients do some call ahead script which sends rcpt to to check teh recipient exists, but never actually sends DATA, as a way of determining an account exists (before accepting the mail from)
[16:36:42] *** Thorn has joined #postfix
[16:36:50] <jduggan> where clients = real mta, not a `client`
[16:36:51] <jduggan> ;]
[16:40:46] *** cilly has joined #postfix
[16:43:20] <f3ew> !reject_unverified_sender
[16:43:21] <knoba> f3ew: Error: "reject_unverified_sender" is not a valid command.
[16:43:25] <f3ew> !reject_unverified_recipient
[16:43:26] <knoba> f3ew: "reject_unverified_recipient" : a configuration parameter in the main.cf: A sender or recipient address is verified by probing the nearest MTA for that address, without actually delivering mail. Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are discarded.
[16:43:42] <f3ew> Also, callback in Exim terminology
[16:44:46] <jduggan> yea thats it
[16:44:49] <jduggan> is that a bad thing to do?
[16:45:46] *** PodMan99a1 has quit IRC
[16:46:20] <jduggan> i've taken over a big ish sendmail install (6 sendmail servers), of which i'll be slowly migrating into our own postfix cluster.  However they've already been blacklisted from hotmail, which i've managed to get removed already (wow at how quick hotmail postmaster responds) they said the mailservers showed signs of address harvesting by checking it accepts the rcpt to but send no data, upon further investigation they're doing the callback stuff
[16:46:21] *** felix-da-catz_zz is now known as felix-da-catz
[16:47:50] <jduggan> basically, i just wondered if it was a common thing to be doing..
[16:49:00] <brd> jduggan: it is bad :(
[16:49:25] <jduggan> it sounds bad thing to do
[16:49:28] <jduggan> i've never done it
[16:49:37] <jduggan> just wanted a feel of what people thought of doing it...
[16:49:54] *** tombar has joined #postfix
[16:50:08] <brd> I would avoid it
[16:53:15] *** issackelly has quit IRC
[16:53:45] <f3ew> jduggan bad thing to do at scale
[16:54:22] <jduggan> yea, figured as much, thanks for that
[16:55:54] *** supa_user has joined #postfix
[16:57:11] <supa_user> does anyone know a way to have separate virtual tables?  one working on the main (or all) IP address, one that is only accessible from a secondary eth0 alias.
[17:02:48] *** brancaleone has quit IRC
[17:07:10] *** weedar has quit IRC
[17:07:39] *** weedar has joined #postfix
[17:08:36] *** weedar has quit IRC
[17:10:32] *** luis14 has joined #postfix
[17:11:17] <luis14> hola
[17:11:22] *** |_Knoedel_| has quit IRC
[17:11:24] *** cilly has quit IRC
[17:12:00] <luis14> no se si alguien puede ayudarme
[17:17:46] *** seekwill has joined #postfix
[17:18:25] *** mazpe has joined #postfix
[17:19:24] *** cilly has joined #postfix
[17:20:34] *** luis14 has left #postfix
[17:21:04] *** brancaleone has joined #postfix
[17:25:24] *** Vivek has quit IRC
[17:26:15] *** hparker has joined #postfix
[17:34:44] *** hever has joined #postfix
[17:42:12] *** cpm has quit IRC
[17:44:04] *** realbugix has quit IRC
[17:46:47] *** blackflag has quit IRC
[17:53:22] <lunaphyte_> supa_user: run multiple instances of smtpd
[17:53:46] <supa_user> lunaphyte_: figured I might have to do something like that.
[18:00:39] *** denis__ has joined #postfix
[18:01:36] <lunaphyte_> of course, if associating mail recipients with network interfaces is just your idea of how to solve a problem you're having, then you might just state what your goal is, and see if anyone can offer another method.
[18:02:08] *** havvg has joined #postfix
[18:03:34] *** Thorn has quit IRC
[18:04:28] *** Thorn has joined #postfix
[18:06:59] *** Bombo_ has joined #postfix
[18:12:19] *** Roobarb has quit IRC
[18:15:54] *** cilly has quit IRC
[18:17:18] *** sophokles has quit IRC
[18:17:29] *** Bombo has quit IRC
[18:17:29] *** Bombo_ is now known as Bombo
[18:17:53] *** Roobarb has joined #postfix
[18:18:46] *** hever has quit IRC
[18:19:49] *** hever has joined #postfix
[18:20:08] *** weedar has joined #postfix
[18:21:18] *** growltiger has quit IRC
[18:24:37] *** phnord has quit IRC
[18:31:30] *** brancaleone has quit IRC
[18:31:45] *** weedar has quit IRC
[18:32:18] *** Ryushin has joined #postfix
[18:41:40] *** pitakill has joined #postfix
[18:45:35] *** weedar has joined #postfix
[19:00:08] *** madrescher has joined #postfix
[19:01:25] *** weedar has quit IRC
[19:01:29] *** BuenGenio has joined #postfix
[19:02:01] *** kpettit has joined #postfix
[19:02:31] *** BuenGenio has quit IRC
[19:02:41] *** fibbs has quit IRC
[19:04:09] *** BuenGenio has joined #postfix
[19:05:23] <kpettit> O
[19:05:44] <kpettit> I've setup a couple Postfix systems that I'm using to send out Fax2PDF type email's.
[19:06:47] <kpettit> Some servers accept the email, seem to send the email messages to the void.  What DNS settings do I have to use to make most mail servers happy?
[19:07:48] <kpettit> I don't need to be able to receive mail, just to send it.  BUt I know becuase of alot of the spam protection on some systems that I get blocked
[19:07:50] <supa_user> check the mail logs to see why they're failing
[19:08:05] <supa_user> but good rdns is a must
[19:08:12] <kpettit> supa_user, the main domain that I'm sending too dosen't give a reject.  It says accepted.
[19:08:30] <supa_user> kpettit: ask them why it was lost, then.
[19:08:54] *** weedar has joined #postfix
[19:10:02] <kpettit> I wish I could.  It's one of those big ISP's where everythign  is automated.  Just trying to do what I could on my end first.  I'm looking into rdns through
[19:10:30] *** BuenGenio has quit IRC
[19:11:12] *** BuenGenio has joined #postfix
[19:12:43] *** BuenGenio has quit IRC
[19:14:02] *** BuenGenio has joined #postfix
[19:15:26] *** BuenGenio has quit IRC
[19:15:54] *** szonek has quit IRC
[19:16:17] <jduggan> kpettit: suggest relaying through your connectivity provider
[19:16:24] *** szonek has joined #postfix
[19:16:33] *** BuenGenio has joined #postfix
[19:17:32] <kpettit> jduggan, I'm checking into that too.  It's getting more and more painfull to send simple email.  Damn spammers
[19:18:30] *** _Driver_ has quit IRC
[19:18:40] *** BuenGenio has quit IRC
[19:19:59] *** BuenGenio has joined #postfix
[19:20:04] *** githogori has quit IRC
[19:22:01] *** adaptr has quit IRC
[19:22:16] *** adaptr has joined #postfix
[19:23:52] *** BuenGenio has quit IRC
[19:37:02] *** denis__ has quit IRC
[19:37:42] *** gspr has joined #postfix
[19:43:17] <gspr> Hi. I seem to be somewhat confused here. I've set up a small Postfix setup which will mainly serve a few small mailman-managed mailinglists. After I added reject_unverified_recipient to smtpd_recipient_restrictions, mails for the lists never reach the Mailman transport.
[19:43:48] <gspr> Am I thinking correctly? Should I now correct this by explicitly accepting RCPT TO the lists?
[19:45:47] <adaptr> how would a mailing list manager EVER know what th efinal recipients are ? the mailing list does not verify them
[19:45:54] <adaptr> so it will always fail :)
[19:46:07] <adaptr> MLM != MTA
[19:46:19] <adaptr> an MTA can verify recipients, an MLM can and does not
[19:46:43] <adaptr> so you have told postfix to ask the MLM to prove that the recipients exist - which it cannot
[19:46:57] <adaptr> ergo, they don't exist, and you drop them
[19:47:59] <gspr> Hmm.. should I then tell postfix to explicitly allow RCPT TO listname at foo dot blargh?
[19:48:06] <adaptr> verifying recipients is a pointless exercise by and large
[19:48:06] <gspr> or is there a prettier way to do it?
[19:48:21] *** rouri has joined #postfix
[19:48:46] <gspr> I'm not talking about verifying the recipients who are on the lists, by the way - I'm talking about verifying the local recipients for all incoming mail
[19:48:48] <adaptr> is the MLM the final destination for all list mail ? i.e. does the MLM machine have direct access to ALL the mailboxes mentioned in th elists ?
[19:48:53] *** fabounio has joined #postfix
[19:48:56] <adaptr> oh
[19:48:56] <gspr> no
[19:49:11] <adaptr> that depends on where you have defined those local list recipients
[19:49:23] <adaptr> and hence on how the MLM works
[19:50:00] <adaptr> IIRC mailman inserts special transports to handle list mail, sort of like content filtering but..different
[19:50:08] <gspr> Yes
[19:50:10] <gspr> it does
[19:50:26] <adaptr> so the recipients should still actually *exist*, either as local or virtual mailboxes or as aliases
[19:50:36] <adaptr> define them
[19:50:59] <gspr> Currently, transport_maps lists which names should be handled by the Mailman transport
[19:51:04] <adaptr> IIRCA, the mailman site has explicit, user-friendly and quite easy to follow instructions for set-up
[19:52:59] <gspr> yes, I know :-)  I am just trying to make sure I don't misinterpret what postfix is doing. Am I correct to think that the local addresses defined in transport_maps don't count during verification?
[19:53:05] <gspr> i guess that's the heart of my question :)
[19:54:07] <gspr> Say if I have a special transport (in this case postfix-to-mailman, but that's irrelevant, right?) for foo at bar dot com, an RCPT TO foo at bar dot com will still be rejected during verification?
[19:54:37] <adaptr> a transport_map merely tells postfix HOW to route incoming mail, not whether it should route it
[19:54:56] <gspr> ok, I thought so
[19:55:03] <adaptr> that would be your relay, local* and smtpd_recipient_restrictions
[19:55:20] <adaptr> some 6 or 7 settings in all, some(like restrictions) quite complex
[19:55:47] <adaptr> !address_class_readme
[19:55:48] <knoba> adaptr: Error: "address_class_readme" is not a valid command.
[19:55:52] <adaptr> damn silly bot
[19:55:57] <rob0> !address_class
[19:55:58] <knoba> rob0: Error: "address_class" is not a valid command.
[19:56:01] <adaptr> !address_classes
[19:56:02] <rob0> !address_classes
[19:56:02] <knoba> adaptr: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.
[19:56:03] <knoba> rob0: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.
[19:56:07] <adaptr> beat ya!
[19:56:12] <rob0> no way
[19:56:16] <gspr> already reading it - but thanks :)
[19:56:19] <adaptr> on my system I won :)
[19:56:41] <rob0> oh hm, knoba replied to you first
[19:56:55] <adaptr> yay me :P
[19:56:59] <rob0> I guess you win this one. :(
[19:57:04] * rob0 plots revenge
[19:57:19] * adaptr shuffles into a strategic corener
[19:57:27] <adaptr> coroner ? hah :)
[19:59:39] *** mistermocha has joined #postfix
[20:00:47] <gspr> thinks for clarifying some things for me :)
[20:02:49] <adaptr> that's what we're here for - wait, did you say "clarified"?
[20:04:53] <gspr> I did...
[20:06:16] *** idle-boy` has joined #postfix
[20:09:42] *** havvg has quit IRC
[20:11:05] *** blake has quit IRC
[20:11:29] *** Zeit|awy_ has quit IRC
[20:12:35] *** Ryushin has quit IRC
[20:17:25] *** idle-boy` has quit IRC
[20:17:43] *** MrPunkin has joined #postfix
[20:18:26] <MrPunkin> Is there a way to delay all mail? We send emails through our postfix relay for our site and none of the emails going to customers are important enough to not go out 30 minutes later... and it would really help in the instances a bad mailing list was used or something along those lines.
[20:19:12] *** denis__ has joined #postfix
[20:19:13] *** githogori has joined #postfix
[20:20:58] <MrPunkin> anyone?
[20:23:32] <adaptr> reduce your queue runs
[20:23:36] <adaptr> to once every half hour
[20:23:52] <adaptr> or less
[20:26:38] *** fabounio has quit IRC
[20:27:14] *** amrit is now known as amrit|wrk
[20:33:04] *** gspr has quit IRC
[20:34:32] <MrPunkin> And so what setting is that? Sorry, I'm not super familiar with postfix, I just was asked to make some changes and I'm comfortable with command line stuff, just not familiar with postfix specifically
[20:37:06] *** Fallenou has quit IRC
[20:37:06] <sysmonk> simplest thing i can think of is telling postfix to defer all mail, and using a postsuper to re-queeu the mail when needed (i.e. in crontab with 30 mins interval)
[20:38:20] *** Motoko-chan has joined #postfix
[20:38:37] *** niki has joined #postfix
[20:39:02] *** Nockian has quit IRC
[20:39:07] <xpoint> http://rss.uribl.com/hosters/proboards_com.html :)
[20:40:05] *** tombar has quit IRC
[20:40:51] *** Azrael has joined #postfix
[20:42:32] <Azrael> any reason to use amavisd-new w/ spamassassin and clamav, instead of just integrating SA & clamav directly w/ postfix?
[20:43:12] <Motoko-chan> Because it's a nice framework?
[20:43:45] * Azrael shrugs
[20:43:49] <Azrael> i have it integrated now
[20:43:49] <sysmonk> because it does a lot of good stuff for ya ?
[20:43:52] <Azrael> doing filter-before-queue
[20:44:00] <sysmonk> Azrael: before-queue filter you mean :)
[20:44:09] <Azrael> sure...
[20:44:22] *** maqr has joined #postfix
[20:44:39] <Azrael> i'm evaluating the setup for a large deployment
[20:44:44] *** rouri has quit IRC
[20:44:59] <Azrael> amavisd-new seems interesting
[20:45:04] <sysmonk> Azrael: for a large deployment i'd use after-queue filtering
[20:45:10] <Azrael> its nice because it can easily load any additional mail AV's
[20:45:11] <sysmonk> and amavisd for sure
[20:45:15] <Azrael> but its config is such a hack heh
[20:45:21] <Azrael> nah, money isn't an issue
[20:45:32] <sysmonk> then maybe the setup isn't large enough
[20:45:33] <sysmonk> ;)
[20:45:34] <Azrael> so i have the option to easily scale with many MX's
[20:45:43] <sysmonk> Azrael: how large is the setup?
[20:46:05] <Azrael> its for a university domain
[20:46:27] <sysmonk> um... doesn't say anything about how large it is
[20:46:27] <Azrael> i have 3 Dell PowerEdge 1950's for the setup
[20:46:40] <Azrael> 16GB RAM, dual quad-core 3GHz cpu's, etc etc
[20:46:53] <Motoko-chan> I like AMaViSd-new because you can do per-user configurations easily.
[20:46:58] <Azrael> thats what i'm thinking
[20:47:04] <Motoko-chan> And manage quarantine with something like MailZu
[20:47:04] <sysmonk> Azrael: that might be too much, or might be too slow .. depends on HOW large the setup is
[20:47:09] <sysmonk> which you didn't answer yet
[20:47:31] <sysmonk> Motoko-chan: or put all the quarantined stuff into users spam folder o_O ;)
[20:47:36] <Azrael> Motoko-chan, yeah, quarantine is def a nice feature.  i'll see what i can do to integrate it with our zimbra setup.
[20:47:49] <Azrael> Motoko-chan, probably write a 'zimlet'
[20:48:00] <Azrael> sysmonk, give me some metrics you're looking for.
[20:48:07] <Azrael> "large" is rather vague
[20:48:22] <sysmonk> Azrael: mailboxes, messages / second or messages / day
[20:48:57] <Azrael> 14,000 individual mailboxes.  about half are forwarded off campus to sites like Gmail, etc. but we still filter for them.
[20:49:09] <Azrael> not sure on messages per sec or day but i'll look into it
[20:49:10] <sysmonk> not large then
[20:49:51] <sysmonk> those servers should be really enough ( and even more than enough )
[20:50:05] <Azrael> good
[20:50:09] <sysmonk> although... ghmm... wasn't zimbra java-based? :P
[20:50:15] *** havvg has joined #postfix
[20:50:17] <Motoko-chan> Zimbra is a lot of things.
[20:50:17] <Azrael> yeah, gross
[20:50:22] <sysmonk> i'd add a few more hundred gigs of ram then! :)
[20:50:27] <Azrael> deployed it under Xen on 64-bit systems
[20:50:40] <Motoko-chan> Postfix + MySQL + OpenLDAP + JSP (for the web portions)
[20:50:45] <Azrael> has to be 64-bit too.  JVM has a max heap size of ~1536MB on 32-bit arch.
[20:50:50] <sysmonk> Motoko-chan: yup, but i'm talking about the web stuff
[20:50:55] <sysmonk> not the underlying services
[20:50:59] <Motoko-chan> Oh, and it does SpamAssassin for filtering directly.
[20:51:03] <Azrael> my MX's are separate from the zimbra system
[20:51:11] <Azrael> my MX's are the front-end for 'em
[20:51:19] <sysmonk> ah, nice
[20:51:27] <sysmonk> btw, what does zimbra use for storage?
[20:51:32] <Azrael> the web interface is ajax/dhtml/js/etc
[20:51:35] <sysmonk> i mean lda or whatever
[20:51:52] <sysmonk> Azrael: yeah, i heard it's nice
[20:51:57] <Azrael> i believe they support clustered filesystems like GFS
[20:52:03] <Azrael> but we avoided that like the plague
[20:52:07] <Motoko-chan> It uses SQL for storage, afaik
[20:52:10] <xpoint> jduggan, http://libdbi-drivers.sourceforge.net/docs/dbd_mysql/x61.html policyd 1.8x change to this ?, can we rooks ?, please send me patches  :-)
[20:52:18] <Azrael> so its all on two of our SAN's
[20:52:24] *** fabounio has joined #postfix
[20:52:26] <Azrael> it uses MySQL for indexing
[20:52:34] <sysmonk> hm, it uses mysql for storing emails ?
[20:52:37] <Azrael> and contents stored in a directory hash setup
[20:52:43] <Azrael> nah, just the metadata
[20:52:49] <sysmonk> and what about pop3/imap ?
[20:52:55] <Azrael> supports both
[20:52:59] <Azrael> but i've turned off pop3
[20:53:04] <sysmonk> hehe, sure, but what runs on it?
[20:53:17] <sysmonk> or is it zimbras custom stuff too?
[20:53:29] <Azrael> ahh, not sure which pop3 daemon they integrated
[20:53:37] <Azrael> for imap it uses a customized cyrus i believe
[20:53:49] <Azrael> they've got other connectors too for like MAPI api's (outlook support)
[20:53:53] <sysmonk> ah, cyrus! :) /me hugs cyrus
[20:54:01] <Azrael> blackberry plugins to play with a BEZ server, etc
[20:54:09] <Azrael> BEZ or BES i forget
[20:54:14] *** chadmaynard_ has joined #postfix
[20:54:17] <sysmonk> i see
[20:54:37] <sysmonk> so basically they use cyrus as the backend/storage/lda ;)
[20:54:39] <Azrael> just beware that zimbra support SUUUUUCKS
[20:54:41] <Azrael> they have no clue
[20:54:52] <Azrael> they're about 0 for 20 on tech support issues
[20:55:06] <Azrael> we've figured out all 20 issues before tech support finished looking through logs
[20:55:08] <Azrael> days later
[20:55:12] <sysmonk> Azrael: hehe, i wouldn't buy zimbra anyway, don't have teh money for it
[20:55:25] *** weedar has quit IRC
[20:55:30] <Motoko-chan> There is an OS edition of Zimbra.
[20:55:38] <Azrael> and if you do go with zimbra, also beware that what they have called a "Q/A" department only does basic setups with single-server deployments
[20:55:48] <Motoko-chan> All the platform minus the Outlook plugin and hot-backup.
[20:55:48] <Azrael> they've obviously never split things out into separate systems
[20:56:01] <Azrael> our deployment is ~16 VM's
[20:56:03] <Azrael> for production
[20:56:50] <sysmonk> Motoko-chan: IF it wasn't for the java - i might use zimbra
[20:56:57] <sysmonk> but i'm a real hater of java
[20:57:03] <Motoko-chan> Java isn't bad.
[20:57:05] <Motoko-chan> It really isn't.
[20:57:13] <sysmonk> suuuure it's not....
[20:57:14] <Motoko-chan> The JVM has gotten a *lot* better since 1.2
[20:57:28] <Azrael> java sucks, agreed.  its a pita, but these days at least predictable.
[20:57:46] <sysmonk> not really predictable here
[20:58:21] <Azrael> lots of software comes packaged with a supported version of the JVM these days, like BEA WebLogic and Zimbra
[20:58:31] <sysmonk> oh, wait, it is predictable - i can predict that it'll crash this week!
[20:58:31] <sysmonk> ;))
[20:58:38] <Azrael> heh exaaaactly
[20:59:18] <Azrael> amavisd-new could use some cleanup on their docs and config
[20:59:21] <Azrael> but i think i may keep it around
[21:00:15] <Motoko-chan> Considering it is currently almost completely the work of one person, it's quite decent.
[21:00:25] <Motoko-chan> Well, current development.
[21:00:57] <Azrael> sorta why i hesitate and look for advice when considering deploying in a production environment
[21:01:35] <Motoko-chan> It's darn good software. I'm using it here.
[21:01:56] <Motoko-chan> Can be a bit cranky at times, and takes some optimization if you are putting a load on it, but decent.
[21:02:14] <Motoko-chan> Of course, I'm using all the plugins (Pyzor, Razor2, DCC)
[21:02:41] <Azrael> you using those in amavisd-new or in spamassassin?
[21:02:43] <Motoko-chan> So the big newsletter senders get to bypass the scan. If not, the box dies hard when they send to customers.
[21:02:54] <Motoko-chan> In SA through AM
[21:02:58] <Azrael> right
[21:03:30] *** kylepike has joined #postfix
[21:03:49] *** denis__ has quit IRC
[21:03:52] <Motoko-chan> A good amount of our customers are marketing people.
[21:04:03] <Motoko-chan> So they all subscribe to the same mailing lists.
[21:04:16] <Motoko-chan> Which means we can easily get over 3000 messages at a single time.
[21:04:23] <Motoko-chan> Not spread out.
[21:06:19] <Azrael> its too bad the mailing lists don't bundle it for your domain
[21:06:25] <Azrael> as that way it would only be scanned once
[21:06:46] <Motoko-chan> Well, it isn't just our domain. All the customer have their own, etc.
[21:06:51] *** fibbs has joined #postfix
[21:06:51] <Motoko-chan> And they use VERP for bounces.
[21:06:56] <fibbs> hi again folks
[21:07:14] <Motoko-chan> So I have services like BlueHornet and the like bypass the scanning
[21:07:31] <fibbs> i am just wondering how to avoid that people send me mails using my domain names from external like spammers sometimes do
[21:07:55] <Motoko-chan> There is some info on that at the postfix site.
[21:08:05] <fibbs> in my case i have a postfix machine with three domains in relay_domains which are relayed to internal exchange servers
[21:08:48] <fibbs> now i would have to block all mails from these three domains except those coming from $mynetworks
[21:08:55] <fibbs> any ideas?
[21:09:50] *** hever has quit IRC
[21:09:56] <Motoko-chan> Azrael, accd to my stats, I currently have 2,179 domains on the mail system
[21:10:04] <Motoko-chan> (Oh, it's running qmail. Ugh.)
[21:10:11] <Azrael> heh eww
[21:10:29] <Azrael> although exim is worse
[21:10:35] <Motoko-chan> Agreed
[21:12:01] *** Zeit|awy has joined #postfix
[21:16:51] <fibbs> Motoko-chan: did you mean me?
[21:17:11] <fibbs> Motoko-chan: "there is some info on that at the postfix site"
[21:17:17] <Azrael> aight i gotta jet, thanks for the tips Motoko-chan and sysmonk
[21:17:50] *** Azrael has quit IRC
[21:18:08] <Motoko-chan> fibbs, yes
[21:18:33] <fibbs> Motoko-chan: i am sure there is some info about that, but i have no clue what to search
[21:20:43] *** adaptr has quit IRC
[21:20:55] *** adaptr has joined #postfix
[21:21:14] <kylepike> OK, this might be a really stupid ? ... I changed the default mail port from 25. how the heck can I get the regular mail cmd line client to send via the new port? there is no port flag??
[21:21:24] *** adaptr has quit IRC
[21:22:14] <fibbs> kylepike: the "mail" command uses $(which sendmail) to send mail i think.
[21:24:01] <Haris_> !mail_spool_directory
[21:24:01] <knoba> Haris_: "mail_spool_directory" : a configuration parameter in the main.cf: The directory where local(8) UNIX-style mailboxes are kept. The default setting depends on the system type. Specify a name ending in / for maildir-style delivery.
[21:24:07] *** mogunus has joined #postfix
[21:24:17] <Haris_> I don't understand
[21:24:20] <Haris_> what does it mean?
[21:25:02] <sysmonk> Haris_: directory where mailboxes are stored
[21:25:05] <sysmonk> i.e. /var/spool/mail
[21:25:32] <Haris_> Well
[21:25:42] <Haris_> I'm putting all mailboxes under /myfolder/domain=name
[21:25:47] <Haris_> domain-name+
[21:25:55] *** adaptr has joined #postfix
[21:26:47] <Haris_> what's the difference between /var/spool/mail and /var/spool/postfix ?
[21:26:54] *** Southron has joined #Postfix
[21:26:58] <Haris_> !disable_vrfy_command
[21:26:59] <knoba> Haris_: "disable_vrfy_command" : a configuration parameter in the main.cf: Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
[21:27:17] <sysmonk> Haris_: for 'virtual' setup you don't have to care about mailspool directory
[21:27:26] <sysmonk> it's used in local setup
[21:27:43] <Haris_> ok
[21:27:44] <sysmonk> and /var/spool/mail is where mailboxes are stored (i.e. /var/spool/mail/haris)
[21:27:54] <Haris_> now! I get it
[21:27:55] <Haris_> !show_user_unknown_table_name
[21:27:56] <knoba> Haris_: "show_user_unknown_table_name" : a configuration parameter in the main.cf: Display the name of the recipient table in the "User unknown" responses. The extra detail makes trouble shooting easier but also reveals information that is nobody elses business.
[21:27:59] <sysmonk> whereas /var/spool/postfix is where postfix stuff is located ( pipes, queues and so on)
[21:28:20] <sysmonk> Haris_: wouldn't it be easier to read the actual postconf man page than to !factoid here?
[21:28:35] <sysmonk> those factoids are basically stuff from postconf manual
[21:28:50] <Haris_> Does it hurt when the channel scrolls?
[21:29:34] <Haris_> lol
[21:29:46] <sysmonk> telling the truth - yes
[21:29:56] <sysmonk> if it will scroll more i'll just ignore what happens here
[21:30:07] <sysmonk> and if i'll ignore that, you won't get answers (atleast from me) to your questions
[21:30:25] <Haris_> the world has gone lazy :p
[21:30:30] <Haris_> hehe
[21:30:33] <sysmonk> so it's up to you if you want to flood the chan with all those factoids reading whereas you can read those in postconf manual
[21:31:22] <Haris_> what's the difference between virtual_maps and virtual_alias_maps
[21:31:38] <sysmonk> virtual_maps is obsolete
[21:31:55] <Haris_> seems like none
[21:32:05] <sysmonk> ...
[21:32:48] *** ajith has joined #postfix
[21:33:34] <sysmonk> which part of 'obsolete' is not understandable...
[21:33:40] <sysmonk> oh, anyway...
[21:35:06] <Haris_> is virtual_mailbox_extended also gone?
[21:35:27] <Haris_> and virtual_create_maildirsize
[21:35:50] <sysmonk> first time i hear about those
[21:36:00] <Haris_> these aren't covered in http://www.postfix.org/postconf.5.html
[21:36:38] <Haris_> The guy who wrote this tutorial used 2.1.0
[21:36:50] <sysmonk> oh... tutorial...
[21:36:55] <sysmonk> !tutorial
[21:36:56] <knoba> sysmonk: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their mail server without reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to look for hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.
[21:36:56] <Haris_> virtual_maildir_limit_message
[21:37:08] <xpoint> Haris_, postconf -d | grep virtual
[21:37:10] <Haris_> I thought you didn't like the channel window scrolling
[21:37:12] <Haris_> lol
[21:37:16] <Haris_> xpoint: Thankyou
[21:37:50] <xpoint> Haris_, most of them depends on postfix version and compile options
[21:37:51] <sysmonk> Haris_: that one was for you...
[21:38:06] <Haris_> xpoint: I have the latest fbsd and the latest postfix in ports ;)
[21:38:20] <Haris_> sysmonk: Well, I don't like that factoid.
[21:38:31] <sysmonk> well, it tells truth
[21:38:39] <Haris_> xpoint: virtual_maildir_extended = no by default
[21:39:04] <Haris_> I still don't know what it means
[21:39:15] <sysmonk> because it's not there!
[21:39:30] <Haris_> sysmonk: did you check postconf -d|grep virtual?
[21:39:33] <Haris_> It IS there
[21:39:53] <sysmonk> it's not
[21:40:03] <Haris_> *sigh*
[21:40:11] <sysmonk> Haris_: i just checked
[21:40:13] <xpoint> fun stop winning :)
[21:40:22] <Haris_> looks like virtual_maildir_limit_message is pre-defined
[21:40:33] <Haris_> sysmonk: what version of postfix?
[21:40:40] <sysmonk> Haris_: oh wait
[21:40:43] <sysmonk> Haris_: 2.5.5
[21:40:44] <Haris_> xpoint: was that whining or winning?
[21:40:47] <sysmonk> Haris_: i think you're using vda
[21:40:49] <sysmonk> Haris_: right?
[21:40:53] <xpoint> Haris_, you have vda enabled, sysmonk have not vda
[21:41:03] <Haris_> yes
[21:41:10] <sysmonk> just what i said
[21:41:11] <sysmonk> ;)
[21:41:12] <Haris_> They told me vda is a builtin feature
[21:41:21] <sysmonk> it's not
[21:41:24] <Haris_> any side affects I should know of?
[21:41:27] <sysmonk> vda is 3rd party patch
[21:41:32] <xpoint> and i say compile options before
[21:41:37] * sysmonk doesn't use vda, so i don't know
[21:41:49] <sysmonk> xpoint: 3rd party patch != compile option
[21:42:03] <Haris_> Someone told me it is a builtin feature of postfix and not an addition from freebsd
[21:42:05] <xpoint> die :)
[21:42:25] <mogunus> If I want to limit sending mail to people who autenticate with sasl, does smtpd_client_restrictions = permit_sasl_authenticated reject work?
[21:42:26] <sysmonk> Haris_: it's NOT an addition from freebsd, and it's not a postfix builtin feature
[21:42:54] <Haris_> Is it documented?
[21:43:15] <sysmonk> Haris_: but freebsd lets you to use the patch because many people like it
[21:43:22] <sysmonk> Haris_: maybe in VDA, but not in postfix itself
[21:43:32] <mogunus> Also, I'm trying to figure out how to ensure that login information is sent over an encrypted pipe.
[21:43:38] <sysmonk> Haris_: http://vda.sf.net
[21:43:47] <Haris_> yes, just saw it
[21:44:07] <sysmonk> mogunus: use tls and smtpd_tls_auth_only for that
[21:44:13] <sysmonk> !smtpd_tls_auth_only
[21:44:14] <knoba> sysmonk: "smtpd_tls_auth_only" : When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections.
[21:44:16] <xpoint> Haris_, http://www.google.dk/search?hl=da&client=firefox-a&rls=org.mozilla%3Ada%3Aunofficial&hs=4q8&q=vda+postfix+patch+howto+fbsd&btnG=S%C3%B8g&meta=
[21:44:17] <sysmonk> mogunus: ^^
[21:45:09] <sysmonk> mogunus: and about the sasl stuff, smtpd_client_restrictions doesn't know anything about sasl, so you'd better use it in smtpd_recipient_restrictions
[21:45:22] *** Thorn has quit IRC
[21:45:28] <Haris_> xpoint: bottom line? Is it worth using?
[21:45:32] <Haris_> in production
[21:45:41] <xpoint> Haris_, depends
[21:46:00] <mogunus> sysmonk: excellent, thanks. Is there a minimal main.cf somewhere? The the default one is filled with comments, and I perfer reading documentation to reading comments inline.
[21:46:07] <xpoint> if you use dovecot its not
[21:46:15] <sysmonk> mogunus: !tls
[21:46:29] <Haris_> I'd use dovecot over cyrus any day
[21:46:44] <Haris_> I am going to use dovecot
[21:46:54] <xpoint> mogunus, make your own empty main.cf is this so hard ? :-)
[21:47:01] <Haris_> Is there a list of keywords it adds to postfix?
[21:47:14] <mogunus> xpoint: I'm trying to figure out what parameters are required.
[21:47:33] <xpoint> Haris_, if you want dovecot disable vda patch in postfix
[21:47:44] <Haris_> shEEP!
[21:47:52] <Haris_> I was almost finished configuring it
[21:48:15] <Haris_> ok, re-installing
[21:48:22] *** colesterol_dog is now known as m0f0x
[21:48:31] <mogunus> Ugh. Also, why is dovecot not advisable?
[21:48:51] <xpoint> Haris_, vda patch is more for lusers that use courier-imap :)
[21:49:17] *** cilly has joined #postfix
[21:49:21] <Haris_> xpoint: I wish they updated courier-imap with ssl features, so dovecot could be thrown out of the picture
[21:49:27] <Haris_> but wth, whichever gets the job done
[21:49:55] <xpoint> ssl problem with courier-imap but not with dovecot ?
[21:50:11] <Haris_> doesn't dovecot already support, sasl/ssl ?
[21:50:23] <xpoint> 42 :)
[21:50:46] <Haris_> that went over me
[21:50:58] <xpoint> dovecot-sasl enabled in postfix ? :)
[21:51:11] <Haris_> yes, I'm building a fresh mail server
[21:51:16] <Haris_> from scratch on the latest fbsd ;)
[21:51:27] <Haris_> postfix+mysql+dovecot
[21:51:38] <xpoint> Haris_, why are you always behind of me ?
[21:52:08] <Haris_> xpoint: My understanding of english keeps me here?
[21:52:12] <Haris_> here=there
[21:52:43] <Haris_> english = english language
[21:52:56] *** fabounio has quit IRC
[21:53:04] <xpoint> okay, i hope we both understand eachother, but life can be a bitch :)
[21:54:09] <mogunus> sysmonk: why is permit_sasl_authenticated listed under smtpd_client_restrictions in the docs?
[21:55:08] <sysmonk> mogunus: because default is smtpd_delay_reject = yes
[21:55:57] <mogunus> Okay... so that's about connections
[21:56:09] <mogunus> But I need to allow it again in recipient_restrictions to get relay?
[21:56:42] *** kpettit has quit IRC
[21:56:56] *** havvg has quit IRC
[21:57:10] <Haris_> this box is quad core xeon with scsi disks and still make deinstall clean rmconfig is took long
[21:57:20] <Haris_> I need to tune it :|
[21:57:49] <Haris_> in make config, I have seperate options for sasl2 and dovecot (sasl), should I choose both?
[21:58:22] <Haris_> I'v chosen pcre, sasl2, dovecot, tls, mysql, cdb, test, thus far
[21:59:18] <xpoint> Haris_, postconf -a is dovecot listed ?
[21:59:26] <Haris_> It was
[21:59:32] <Haris_> I'm reinstalling it without vda
[21:59:58] <xpoint> sasl works better with dovecot-sasl enabled
[22:00:13] <sysmonk> doh
[22:00:20] * sysmonk thinks xpoint lies
[22:00:24] <Haris_> I hate asking stupid Qs
[22:00:49] <sysmonk> Haris_: cyrus-sasl works as good as dovecot-sasl
[22:01:15] <xpoint> lies ? "i have freebsd 7.x here on localhost and i get the sources" :)
[22:01:33] <xpoint> sysmonk, lie
[22:01:44] <sysmonk> ?
[22:01:49] <sysmonk> sorry i didn't understand that one
[22:02:23] <Haris_> [12:52:44(am)] <xpoint> dovecot-sasl enabled in postfix ? :) <- yes it was
[22:02:27] <xpoint> dovecot sasl needs cyrus-sasl api
[22:02:45] <xpoint> was ?
[22:02:53] <Haris_> I'm re-installing
[22:02:53] <mogunus> http://paste.lisp.org/display/68442
[22:02:57] <Haris_> to remove vda
[22:02:58] <xpoint> are you downgrading ? :)
[22:02:58] <sysmonk> and why do you say 'sasl works better with dovecot-sasl enabled' ?
[22:03:00] <Haris_> it will! be
[22:03:43] <xpoint> sysmonk, for dovecot users this is a fact
[22:03:49] <Haris_> done, re-installation complete
[22:03:49] <Haris_> # postconf -a
[22:03:50] <Haris_> cyrus
[22:03:50] <Haris_> dovecot
[22:03:51] <Haris_> :D
[22:03:57] <xpoint> super
[22:04:05] <fibbs> hey i really can't find anything for my problem:
[22:04:27] <fibbs> i am just wondering how to avoid that people send me mails using my domain names from external like spammers sometimes do
[22:04:29] <sysmonk> xpoint: o_O then don't tell dovecot-sasl is better, it's not, it's just no need to have cyrus-sasl when you already work with dovecot
[22:04:31] <Haris_> I have 2 fans working and my LCD is still hot
[22:04:39] <Haris_> shEEP!
[22:04:40] <fibbs> in my case i have a postfix machine with three domains in relay_domains which are relayed to internal exchange servers
[22:04:58] <xpoint> sysmonk, dovecot-sasl needs cyrus-sasl api
[22:05:12] <sysmonk> xpoint: so what?!
[22:05:23] <Haris_> guys
[22:05:26] <sysmonk> xpoint: which part of that question says that DOVECOT-SASL work better with postfix?!
[22:05:29] <sysmonk> i don't get it
[22:05:31] <Haris_> stop quabbling about it
[22:05:33] <Haris_> its done
[22:05:33] <xpoint> so show me a way to get around it sysmonk :)
[22:06:04] *** Pazzo has quit IRC
[22:06:12] <sysmonk> xpoint: you don't understand. i'm asking for "why dovecot-sasl is better" and not "why dovecot-sasl requires cyrus-sasl api"
[22:06:17] <Haris_> I'm building the box. Let's work out antaganizing argument
[22:06:31] <Haris_> Let's work out a way from this antaganizing argument+
[22:07:15] <Haris_> antagonizing+
[22:07:20] <xpoint> Haris_, yep i will begin answer 42 more to all the inteligents questions sysmonk gives me :)
[22:07:31] <sysmonk> nevermind
[22:07:44] <sysmonk> Haris_: just talk to him, not to me
[22:08:02] <sysmonk> learn from him, he uses dovecot-sasl because it is better because it requires cyrus-sasl api
[22:08:11] <sysmonk> that's a nice explanataion why dovecot-sasl is better
[22:08:28] * Haris_ shakes head
[22:08:38] <Haris_> *sigh*
[22:08:47] <xpoint> sysmonk, show me a example on sasl in dovecot without dovecot sasl in postfix
[22:09:03] <sysmonk> o_O
[22:09:38] <xpoint> its easy done no ?
[22:09:45] <sysmonk> nevermind
[22:09:47] *** Fallenou has joined #postfix
[22:09:51] <sysmonk> i think somebody needs some english lessons
[22:09:55] <sysmonk> it's either me or xpoint
[22:10:07] <Haris_> sysmonk: wow!
[22:10:13] <xpoint> he maybe
[22:10:23] <sysmonk> yeah, must be me.
[22:11:21] <Haris_> is it needed to set both $mydomain and $myhostname?
[22:11:37] <Haris_> setting $myhostname should suffice, right
[22:12:22] *** cilly has quit IRC
[22:12:53] <xpoint> Haris_, postconf -d | grep myhostname is bad ?
[22:13:06] *** pecanha has quit IRC
[22:13:23] <Haris_> no, its perfect
[22:13:34] <xpoint> super remove it in main.cf then
[22:14:42] <Haris_> I made sure the dns and reverse dns was set before setting up postfix ;)
[22:14:47] <xpoint> best praktice is to only have what needs to be changed from postconf -d in main.cf
[22:15:16] <xpoint> Haris_, super, thumps up on this
[22:19:49] *** fibbs has quit IRC
[22:23:29] *** chadmaynard_ has quit IRC
[22:25:46] <Haris_> is there a necessity to have virtual_uid_maps and virtual_gid_maps = static:some-number?
[22:26:09] <xpoint> Haris_, not with dovecot
[22:26:37] <xpoint> virtual is internal lda in postfix not lda in dovecot
[22:27:32] <Haris_> ok, so if I don't set them, I am still ensuring local mail delivery and also dovecot is able to access it
[22:27:55] <xpoint> virtual_transport=dovecot
[22:28:40] <xpoint> and read guides on wiki.dovecot.org :=)
[22:30:16] <kylepike> Im trying to set sudo postconf -e 'default_destination_rate_delay = 1s'
[22:30:35] <kylepike> but if run postconf again to view everything, its not set?
[22:30:49] <xpoint> try postconf -n
[22:31:15] <kylepike> nope ...
[22:31:20] <xpoint> sudo postconf -n
[22:31:22] <kylepike> I have it in the main.cf as well
[22:31:35] <kylepike> xpoint, yeah I did it as root
[22:31:36] *** pitakill has quit IRC
[22:32:09] <mogunus> http://paste.lisp.org/display/68442#1
[22:32:15] <mogunus> That's the output of my postconf -n
[22:32:36] <mogunus> When I telnet to port 25 on my server, a pipe opens but I get no response.
[22:34:05] <xpoint> ehlo localhost
[22:34:22] *** adj has joined #postfix
[22:34:36] <sysmonk> mogunus: look in the logs - must be some error. or, if it's your first time starting postfix on this server - then it might be alias maps database missing
[22:34:56] <mogunus> sysmonk: this is the first time I'm starting it
[22:35:06] <sysmonk> mogunus: then newaliases should fix it
[22:35:08] <sysmonk> or postalias
[22:35:14] <mogunus> xpoint: ehlo localhost gives me nothing :\
[22:35:52] <xpoint> kylepike, check newlines in main.cf, so its on a single line on its own, when using postconf -e this can happend where a new line just gets added to previous line
[22:36:00] <sysmonk> mogunus: and it shouldn't if it's aliases problem
[22:36:11] <higuita> do postfix check and view the logs for any error (for the postfix check and for the telnet)
[22:37:04] * sysmonk bets for the aliases problem
[22:37:11] *** lunaphyte has quit IRC
[22:37:14] <mogunus> sysmonk: I actually don't have an /etc/aliases
[22:37:22] <mogunus> What should I put there?
[22:37:33] <sysmonk> mogunus: what does postconf alias_maps say ?
[22:37:49] <mogunus> alias_maps = hash:/etc/aliases, nis:mail.aliases
[22:38:08] <sysmonk> just touch /etc/aliases && postalias /etc/aliases
[22:39:23] <mogunus> sysmonk: awesome, it works now. thanks
[22:39:25] *** cilly has joined #postfix
[22:40:02] <kylepike> xpoint, well, even if I manually enter it in. restart postfix and postconf -n ... still doesn't show up. I can enter in different options and change them without any problems
[22:40:17] <mogunus> ...what are aliases for?
[22:40:33] <sysmonk> mogunus: well... they are for aliases :)
[22:42:30] <sahil> that is to say, aliases.
[22:43:34] *** lunaphyte has joined #postfix
[22:44:09] <sysmonk> kylepike: can you pastebin the whole procedure (without mangling) i.e. sudo postconf default_destination_rate_delay; sudo postconf -e 'default_destination_rate_delay=1s'; sudo postconf default_destination_rate_delay ?
[22:44:28] <kylepike> commin right up
[22:46:13] <mogunus> Hm. I'm getting a smtp protocol error. "client host rejected, access denied"
[22:46:54] <mogunus> I'm configured to use starttls without a client key or certificate.
[22:48:17] <kylepike> sysmonk, http://nopaste.com/p/a3mavJQPN
[22:48:51] <kylepike> you can see I can the default_destination_concurrency_limit = 1 set... and its taking it, and displays in postconf -n ... its the default_destination_rate_delay that is not sticking
[22:49:00] <kylepike> I have*
[22:52:08] <adj> hmm. i set up postfix to listen on port 2225 and to relay messages from addresses at a list of domains if the sending MTA is localhost as well. however, when a message is sent into the postifx mta on port 2225 it is deferred. the error is: mail for 127.0.0.1 loops back to myself.
[22:52:25] <adj> how do i set up postfix to blindly relay mail thats sent from another mta on localhost?
[22:53:14] <adj> i also see: warning: relayhost configuration problem
[22:53:37] <sysmonk> kylepike: i didn't ask for restart
[22:53:43] <sysmonk> kylepike: i didn't ask for cat's either
[22:54:31] <kylepike> sysmonk, I just wanted to show they got saved to main.cf
[22:55:08] <sysmonk> kylepike: are they still there after service postfix restart?
[22:55:14] *** internat85 has joined #postfix
[22:55:17] <sysmonk> with value of 5?
[22:55:36] <kylepike> sysmonk, it wasn't there when I added it, or after
[22:55:48] *** internat1 has quit IRC
[22:56:56] <mogunus> How do I say that all authenticated clients can relay to all other domains?
[22:57:19] <sysmonk> kylepike: can you just do what i asked? without any other actions?
[22:57:33] *** ohcibi has quit IRC
[22:57:42] *** hparker has quit IRC
[22:57:58] <sysmonk> no postfix restarts or cat's or whatever, i know what i want and i asked for it, i don't need a bit more unless i ask for it
[22:58:58] <kylepike> http://nopaste.com/p/ajJEbrkGC
[22:59:50] *** ohcibi has joined #postfix
[23:04:46] <sysmonk> kylepike: postconf mail_version
[23:04:58] <kylepike> [root@CentOS-64bit-VMWARE kylec]# postconf mail_version
[23:04:58] <kylepike> mail_version = 2.3.3
[23:05:24] <sysmonk> kylepike: that's your problem
[23:05:35] <sysmonk> _destination_rate_delay is 2.5.x feature
[23:06:00] <sysmonk> it's not available in 2.3.x, so postconf -e does write it in file, but postconf can't find it ( as it's not a variable it knows about )
[23:06:15] <kylepike> sysmonk, oh gay... I just installed on centOS 5.2 too... and upgraded.
[23:06:48] <kylepike> sysmonk, side question I guess. do you think this will help solve my problem. I'm trying to limit emails sent per domain (because they are black listing us)... thats sounds about right...
[23:07:09] <sysmonk> per domain as in sender?
[23:07:11] <mogunus> I'm not being offered the AUTH lines when I ehlo localhost
[23:07:12] <sysmonk> or per domain as in recipient?
[23:07:23] <kylepike> per domain for recipient
[23:07:26] <sysmonk> mogunus: smtpd_sasl_auth_enable is off ?
[23:07:43] <mogunus> smtpd_sasl_auth_enable = yes
[23:07:57] <mogunus> (from postconf -n)
[23:08:19] <sysmonk> mogunus: smtpd_tls_auth_only enabled?
[23:08:23] *** adj has left #postfix
[23:08:28] <mogunus> smtpd_tls_auth_only = yes
[23:08:35] <sysmonk> kylepike: i.e. sending to yahoo?
[23:08:39] <kylepike> sysmonk, right
[23:08:48] <mogunus> sysmonk: also from postconf -n'
[23:08:50] <sysmonk> mogunus: that's why. you have to issue starttls or use a tls
[23:08:59] <sysmonk> then it will offer auth to you
[23:09:01] <kylepike> dont want "yahoo" to black list me, for sending them too many emails
[23:09:37] <sysmonk> kylepike: should do the trick
[23:10:03] <sysmonk> although i'd create a seperate transport for yahoo :)
[23:10:17] <kylepike> well ... as a crazy work around. its going to be running on the same box as sendmail
[23:10:25] <kylepike> and sendmail will just forward to postfix for those demains
[23:10:30] <kylepike> domains*
[23:10:34] <mogunus> http://paste.lisp.org/display/68442#2
[23:10:40] <mogunus> It doesn't offer STARTTLS either?
[23:10:42] <sysmonk> kylepike: ouch :)
[23:10:53] <kylepike> sysmonk, hey, I just do as I'm told... haha
[23:11:04] <sysmonk> mogunus: maybe tls isn't configured?
[23:11:17] <sysmonk> kylepike: soemhow i remember thewebsiteisdown.com
[23:11:43] *** RonDamon has joined #postfix
[23:11:48] <RonDamon> hi
[23:11:57] <kylepike> sysmonk, wait, I think you just restarted the exchange server!?!
[23:12:09] <kylepike> reboot 3 times?
[23:12:23] <sysmonk> kylepike: no, i installed postfix as a smarthost for sendmail.
[23:12:24] <sysmonk> ;)
[23:12:47] <mogunus> sysmonk: okay, total noob question: I need to set up a seperate certificate, etc, for TLS from postfix? seperate from my dovecot certificates for user authentication?
[23:14:04] <sysmonk> mogunus: not really, unless you'll use a different common name for postfix
[23:14:17] <sysmonk> but if common name ( the hostname you connect to ) is the same - then no need for sepereate cert
[23:14:52] <mogunus> okay, so I'll just point it at my dovecot certs, then
[23:15:55] *** Supaplex has joined #postfix
[23:16:17] *** BuenGenio has joined #postfix
[23:16:44] <mogunus> smtpd_tls_key_file is the private part, yes?
[23:17:03] <xpoint> yes
[23:17:37] <mogunus> Fantastic! Works perfectly now.
[23:17:49] <mogunus> Thanks very much, all.
[23:18:54] <Supaplex> can always_bcc point to a maildir?
[23:20:10] <sysmonk> Supaplex: always_bcc must point to an email
[23:21:16] *** BuenGenio has quit IRC
[23:21:58] *** BuenGenio has joined #postfix
[23:26:51] *** hparker has joined #postfix
[23:27:17] *** RonDamon has left #postfix
[23:31:47] *** BuenGenio has quit IRC
[23:32:10] *** BuenGenio has joined #postfix
[23:32:19] *** szonek has left #postfix
[23:42:00] *** BuenGenio has quit IRC
[23:42:20] *** BuenGenio has joined #postfix
[23:47:46] *** madrescher has quit IRC
[23:52:10] *** BuenGenio has quit IRC
[23:52:37] *** zeqyqym has joined #postfix
[23:53:02] *** BuenGenio has joined #postfix
[23:54:00] *** felix-da-catz is now known as felix-da-catz_zz
[23:54:41] *** madrescher has joined #postfix
[23:54:44] *** mogunus has quit IRC
[23:57:26] <BuenGenio> hey vice-versa
[23:57:31] <BuenGenio> how's the crisis going?





top