[00:03:04] *** hever has quit IRC
[00:06:25] *** madrescher has quit IRC
[00:11:48] *** jeffspeff2 has joined #postfix
[00:12:05] <mazzen> hi! has anyone an example of a /etc/postfix/access ?
[00:12:49] <pickcoder> mazzen: that's too vague. access is a generic table used in different contexts
[00:12:52] *** madrescher has joined #postfix
[00:12:57] <pickcoder> check_sender_access
[00:13:02] <pickcoder> check_client_access
[00:13:03] <pickcoder> etc
[00:13:08] <blake> J2000_ca: http://www.postfix.org/LOCAL_RECIPIENT_README.html
[00:15:30] <mazzen> pickcoder: thanks, i tought that it's possible to write in this file something like  myaddress at myserver dot com OK and so, this mail adresse would have automatically the right to be send away.
[00:17:27] *** chadmaynard has quit IRC
[00:18:01] *** bitfrost has joined #postfix
[00:18:17] *** bitfrost has left #postfix
[00:21:04] <pickcoder> mazzen: check_recipient_access
[00:21:14] <pickcoder> you can configure a blacklist or whitelist that way
[00:21:21] <pickcoder> provided it's the first check in the list
[00:21:36] <pickcoder> or at least after SASL checks
[00:21:51] *** J2000_ca has quit IRC
[00:22:03] <mazzen> pickcoder: thanks for that hint. but what for a synatx must that whitelist have?
[00:22:15] <pickcoder> http://www.postfix.org/access.5.html
[00:22:18] <mazzen> i was googling for that file
[00:22:22] <mazzen> ah, thanks!
[00:23:21] <mazzen> i hope that will fix my issue, that i'm not able to send mail from myaddress at myserver dot com to someone at gmx dot net
[00:23:37] <pickcoder> that is only for incoming mail
[00:24:14] <pickcoder> if gmx.net is you postfix server then someone at gmx dot net can be whitelisted to accept all mail
[00:25:23] <mazzen> aha
[00:25:35] <mazzen> hm...
[00:26:00] <pickcoder> if you are delivery, not receiving, problems then it's the mail server on the other side
[00:26:00] <mazzen> but that would work for me, i think....
[00:26:05] <pickcoder> s/are/are having
[00:26:22] <mazzen> mails from myaddress@myserver to anotheradress at myserver dot com works fine.
[00:26:37] <mazzen> even somewhere at gmx dot de to myaddress@myserver works
[00:26:58] <mazzen> but not from mail1@myserver to someone at gmx dot net
[00:27:13] <mazzen> so, this whitelist would work for me, would it?
[00:27:27] <pickcoder> no
[00:27:42] * mazzen thinks args
[00:27:42] <pickcoder> I need to see an error transcript example
[00:28:00] <pickcoder> if gmx.net is bouncing the mail then it's not postfix's problem
[00:28:15] <pickcoder> unless your server/dns is misconfigured
[00:28:19] *** alienbrain has joined #postfix
[00:28:35] <pickcoder> I.E. there is no reverse DNS for your mail server
[00:28:38] <pickcoder> or no MX
[00:29:46] <pickcoder> the error log entry should provide an SMTP error code and message regarding why gmx won't accept it
[00:30:15] <mazzen> my evolution (mail client ) tells me:  RCPT TO <mail1 at gmx dot de> gescheitert: <mail1 at gmx dot de>: Relay access denied
[00:30:23] <pickcoder> ah
[00:30:45] <pickcoder> postconf mynetworks
[00:31:33] <mazzen> but i fear, that is some of these "all-time-questions-in-irc" which are not very likely seen in irc :-/
[00:31:47] <pickcoder> have you read the basic setup guide?
[00:32:47] <mazzen> i'm armed with tutorials and a book by Peer Heinerlein
[00:32:47] *** madrescher has quit IRC
[00:32:57] <pickcoder> !basic
[00:32:58] <knoba> pickcoder: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[00:33:08] <mazzen> mynetworks = 127.0.0.0/8 <servername>.de www.<servername>.de
[00:33:28] <pickcoder> is your evolution client in the mynetworks list?
[00:33:49] *** madrescher has joined #postfix
[00:35:36] <mazzen> if i put my ip next to the mynetworks variable it works, but i thought that there should be only the names of the server
[00:37:01] <pickcoder> !mynetworks
[00:37:02] <knoba> pickcoder: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.
[00:37:12] <pickcoder> SASL is option #2
[00:38:09] <pickcoder> if you're paranoid that a trojan or virus will infect your desktop client(s) and send out spam then consider SASL
[00:41:31] *** Knoedel2 has quit IRC
[00:42:42] * mazzen is reading http://www.postfix.org/SASL_README.html
[00:43:51] <pickcoder> I run Debian and had Dovecot SASL, without TLS, up and running in about 30 minutes after reading some how-to notes across the web
[00:44:36] <mazzen> hey! now i feel stupid! ;-)
[00:47:23] <lunaphyte> !stupid
[00:47:24] <knoba> lunaphyte: Error: "stupid" is not a valid command.
[00:47:28] <lunaphyte> darn.
[00:47:31] <pickcoder> keep in mind, though, that just because you are only allowing SASL to relay doesn't mean that your clients can't connect to port 25 outside your networm
[00:47:35] <pickcoder> ~network
[00:49:54] <mazzen> enabling SASL leads to  warning: SASL authentication failure: Password verification failed
[00:49:55] <mazzen>  in my log file
[00:50:17] <pickcoder> do you have an authentication sever configured?
[00:50:18] <mazzen> and as i'm testing the password is very, very basic
[00:52:40] <mazzen> hm... i guess that everything works together, although i could be that somewhere there is my failure. saslauthd is running and the mechanism is pam
[00:52:43] <pickcoder> if you're using plaintext aith then disable_plaintext_auth = no
[00:52:46] <pickcoder> for dovecot
[00:53:00] <pickcoder> ~auth
[00:54:06] <mazzen> i'm using courier. is that for courier important too?
[00:54:34] <pickcoder> dunno.. never installed courier
[00:54:45] <pickcoder> time to head home
[00:54:49] <pickcoder> bbl
[00:54:51] *** pickcoder has quit IRC
[00:56:56] *** war9407 has quit IRC
[01:16:13] *** victor- has quit IRC
[01:36:13] *** Fallenou has quit IRC
[01:42:53] *** [shg] has quit IRC
[01:52:47] *** tombar_ has joined #postfix
[01:57:09] *** saurabhb has joined #postfix
[01:57:58] *** mazzen has quit IRC
[01:59:15] *** pitakill has joined #postfix
[02:09:36] *** tombar__ has quit IRC
[02:09:37] *** davidroderick has quit IRC
[02:24:48] *** githogori has quit IRC
[02:25:26] *** kylepike has quit IRC
[02:34:39] *** Juspion has joined #postfix
[02:38:43] *** freddy_ has joined #postfix
[02:45:16] *** Juspion has quit IRC
[02:45:36] *** Motoko-chan has quit IRC
[02:47:30] *** madrescher has quit IRC
[02:47:40] *** alienbrain has quit IRC
[02:48:10] <freddy_> Hey all, I am trying to setup to be able to delivery to a user account and also
[02:48:10] <freddy_> copy to another user at the same time. So a message goes to bill at example dot com and
[02:48:10] <freddy_>  there is a local mailbox for bill, but fred wants a copy of the email in his lo
[02:48:10] <freddy_> cal account also. How would I go about doing this with out creating a mess.
[02:48:31] <growltiger> !bcc_maps
[02:48:32] <knoba> growltiger: Error: "bcc_maps" is not a valid command.
[02:51:22] <freddy_> I'm trying to convert from sendmail, where you just create an alias with the two maildirs as destinations, e.g. "bill at exmaple dot com bill, fred"
[02:51:31] *** ming_zym has joined #postfix
[02:51:34] <growltiger> you can do that as well
[02:52:31] *** pirho has quit IRC
[02:52:32] <growltiger> !recipient_bcc_maps
[02:52:33] <knoba> growltiger: "recipient_bcc_maps" : a configuration parameter in the main.cf: Optional BCC (blind carbon-copy) address lookup tables, indexed by recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.
[02:52:36] <freddy_> recipient_bcc_maps
[02:52:46] <freddy_> yeah found it.
[02:53:03] <growltiger> !sender_bcc_maps
[02:53:04] <knoba> growltiger: "sender_bcc_maps" : a configuration parameter in the main.cf: Optional BCC (blind carbon-copy) address lookup tables, indexed by sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.
[02:53:28] <growltiger> !aliases
[02:53:29] <knoba> growltiger: Error: "aliases" is not a valid command.
[02:53:34] <growltiger> !alias
[02:53:34] <knoba> growltiger: "alias" : ITYM !alias_maps
[02:53:41] <growltiger> !alias_maps
[02:53:42] <knoba> growltiger: "alias_maps" : a configuration parameter in the main.cf: The alias databases that are used for local(8) delivery. See aliases(5) for syntax details.
[02:57:10] *** HedgeMage has joined #postfix
[03:30:22] *** Motoko-chan has joined #postfix
[03:32:33] <stockholm> where can i find an example setup for ramping up mail delivery *slowly* per destination?
[03:33:32] *** Zelest has quit IRC
[04:04:22] *** amason_ has left #postfix
[04:07:17] *** PodMan99a has quit IRC
[04:07:44] *** ohcibi has quit IRC
[04:11:27] *** stainer has quit IRC
[04:21:35] *** m1n3s6 has joined #postfix
[04:23:11] *** mavrick61 has quit IRC
[04:24:21] *** mavrick61 has joined #postfix
[04:28:08] *** ohcibi has joined #postfix
[04:31:23] <lunaphyte> !tell stockholm tuning
[04:31:24] <knoba> lunaphyte: Error: No factoid matches that key.
[04:31:35] <lunaphyte> !tell stockholm bottleneck
[04:31:36] <knoba> lunaphyte: Error: No factoid matches that key.
[04:31:39] <lunaphyte> bah
[04:32:24] <stockholm> lunaphyte: can YOU tell me? :-)
[04:32:24] <lunaphyte> !tell stockholm tune
[04:32:43] <lunaphyte> !tune
[04:32:43] <knoba> lunaphyte: "tune" : Postfix performance tuning: See http://www.postfix.org/TUNING_README.html
[04:32:46] <lunaphyte> geez.
[04:32:56] <lunaphyte> knoba's ben having a rough week.
[04:32:59] <lunaphyte> *been
[04:44:16] <stockholm> the online documentation is not for the postfix version i use
[04:44:50] <lunaphyte> your version will have the same file.
[04:46:08] <seekwill> What postfix version do you use then?
[05:15:49] <rob0> So look on YOUR SYSTEM for the docs for your version.
[05:16:10] <rob0> The online docs always note what applies to which versions, FWIW.
[05:16:35] *** githogori has joined #postfix
[05:24:54] *** goldfisc1li has joined #postfix
[05:29:48] *** xpoint has quit IRC
[05:31:20] <growltiger> i guess he has a super-secret version
[05:33:51] *** tombar__ has joined #postfix
[05:38:55] *** Sephiroth has quit IRC
[05:39:10] *** Sephiroth_ has joined #postfix
[05:40:37] *** goldfischli has quit IRC
[05:49:26] *** dft has quit IRC
[05:53:36] *** tombar_ has quit IRC
[06:00:28] *** error404notfound has joined #postfix
[06:01:07] <error404notfound> hi! a couple of issues here. I am trying to 1. send email from commandline and that's not being sent. 2. try to configure for catch all... http://pastebin.com/m11489e1a
[06:02:56] <error404notfound> so anyone awake? :P
[06:04:28] <growltiger> !mailbox_format
[06:04:29] <knoba> growltiger: Error: "mailbox_format" is not a valid command.
[06:04:34] <growltiger> it is too!
[06:05:34] <error404notfound> growltiger: was that addressed to me?
[06:07:04] <growltiger> i dont know
[06:08:48] *** BuenGenio has joined #postfix
[06:09:02] <seekwill> You don't want a catchall
[06:09:02] *** BuenGenio has quit IRC
[06:09:13] <seekwill> So just skip that entirely...
[06:09:41] *** BuenGenio has joined #postfix
[06:16:57] <error404notfound> seekwill: I want that as well... but first issue is that mails aren't even sent...
[06:17:28] <seekwill> no, you dont
[06:18:21] <Dominian> catchalls will open you up to backscatter
[06:18:25] <Dominian> and then make me and seekwill kill you
[06:19:20] <seekwill> Dominian: Do you still have my chainsaw?
[06:19:21] <error404notfound> its just a local system, I need it for my application
[06:19:27] *** BuenGenio has quit IRC
[06:19:39] <Dominian> seekwill: aye.. I do.. just sharpened
[06:20:04] *** BuenGenio has joined #postfix
[06:20:12] <Dominian> error404notfound: that's kind of like saying " i need a grenade for my collection
[06:20:16] <seekwill> error404notfound: Well, for #1, did you check your logs? And how exactly are you "testing" this?
[06:21:18] <error404notfound> done with 1... it was problem of the mail problem, I didn't configure it to view mail dir mails
[06:21:36] <seekwill> And you're done with #2, since you don't need it :)
[06:21:51] <seekwill> Unless you can give us some compelling reason...
[06:22:34] <error404notfound> seekwill: hmmm, how do I say it... I need it for 5 minutes to just an application of mine...
[06:24:13] <seekwill> I don't know
[06:26:54] *** McGyver has joined #postfix
[06:27:08] *** McGyver has left #postfix
[06:30:11] *** BuenGenio has quit IRC
[06:30:39] *** BuenGenio has joined #postfix
[06:31:40] *** m0f0x has quit IRC
[06:33:40] <seekwill> Funny... it would have been faster to just create fake user accounts than to wait for an answer on how to get catchalls....
[06:34:38] *** growltiger_ has joined #postfix
[06:35:34] *** BuenGenio has quit IRC
[06:36:25] *** BuenGenio has joined #postfix
[06:38:34] *** BuenGenio has quit IRC
[06:38:52] *** BuenGenio has joined #postfix
[06:39:51] *** growltiger has quit IRC
[06:49:18] *** niki has quit IRC
[06:51:14] *** BuenGenio has joined #postfix
[06:53:27] *** kk_CHN has joined #postfix
[06:57:06] *** error404notfound has quit IRC
[07:05:14] *** hparker has quit IRC
[07:08:25] *** BuenGenio has quit IRC
[07:08:29] *** seekwill has quit IRC
[07:08:44] *** BuenGenio has joined #postfix
[07:11:46] *** pitakill has quit IRC
[07:15:17] *** error404notfound has joined #postfix
[07:16:15] *** error404notfound has quit IRC
[07:21:15] *** freddy_ has quit IRC
[07:26:27] *** Lap_64 has joined #postfix
[07:29:17] *** fabounio has joined #postfix
[07:37:15] *** deadpigeon has joined #postfix
[07:37:56] <deadpigeon> Hi all.
[07:38:03] <deadpigeon> Is there anyone around with some free time?
[07:39:19] <deadpigeon> I have an issue that I've been dealing with for 18 hours+ and I'm at the end of my rope and I don't ask for help very often, so I'm wondering if I could find someone in this world with a little know how?
[07:39:50] <lumpek> it depends...
[07:39:55] *** lumpek is now known as loompek
[07:40:25] <loompek> if you actually tell us what's the problem or you're just asking if you can ask...
[07:40:58] <deadpigeon> Well, we're running a spam server and an old admin configured it. I ran sa-update last night and ran into a brick wall at 2am, out of memory, I wasn't there.
[07:41:26] <loompek> you're prolly running anti-spam server but okay ;)
[07:42:19] <deadpigeon> So our queue grew pretty big. No biggie, I flushed. Now postsuper errors with bogus filenames, I'm not too worried, but our queue has grown to 160 thousand and I can't do anything to speed it up, continually builds.
[07:43:17] <f3ew> deadpigeon, first, block incoming mail
[07:43:29] <f3ew> use a firewall
[07:44:27] <deadpigeon> How am I to block incomming mail? Shut the filter down? I believe that will bounce everything, however it won't filter anything.
[07:45:03] <deadpigeon> I don't know anything about postfix, I code C++/C, I'm at a loss.
[07:45:12] <loompek> deadpigeon like f3ew said... firewall
[07:45:15] <f3ew> deadpigeon, which OS?
[07:45:21] <deadpigeon> crux :(
[07:45:27] <f3ew> crux linux?
[07:45:32] <deadpigeon> Yes.
[07:45:41] *** tombar__ has quit IRC
[07:45:44] <loompek> iptables -I INPUT -p tcp --dport 25 -j DROP
[07:45:47] <deadpigeon> I can find my way around it but I hate it.
[07:45:53] <f3ew> iptables -I INPUT -p tcp --dport 25 -j REJECT
[07:46:01] <f3ew> hehe
[07:46:05] <f3ew> REJECT is nicer
[07:46:09] <loompek> yeah...
[07:46:17] <f3ew> run that command
[07:46:31] <deadpigeon> If I reject port 25, how do I open it later on?
[07:46:32] <f3ew> that blocks all traffic coming to your host on port 25
[07:46:39] <f3ew> iptables -D INPUT -p tcp --dport 25 -j REJECT
[07:47:22] <f3ew> then show us some logs, which will generally be in /var/log/maillog
[07:47:23] <loompek> this command unblocks the blocked traffic
[07:47:36] <f3ew> or equivalent file mentioned in your syslog config
[07:48:33] <deadpigeon> Rejecting the traffic isnt anytthing like a bounce is it?
[07:48:41] <f3ew> no
[07:48:53] <f3ew> It's the equivalent of turning off your mailserver for some time
[07:48:58] <deadpigeon> I can't afford to lose emails, too much money involved.
[07:49:05] <f3ew> which will merely cause a short delay in email
[07:49:10] <f3ew> You won't lose mail
[07:49:22] <f3ew> did you block the traffic yet?
[07:49:39] *** F6F has joined #postfix
[07:49:40] *** Lap_64 has quit IRC
[07:49:44] <deadpigeon> No, I won't block the traffic until I'm sure I can get the traffic unblocked later. What is the command? -J ACCEPT?
[07:50:30] <loompek> no
[07:50:41] <loompek> iptables -I INPUT -p tcp --dport 25 -j REJECT
[07:50:45] <loompek> this one is for blocking
[07:50:48] <loompek> iptables -D INPUT -p tcp --dport 25 -j REJECT
[07:50:51] <loompek> this is for unblocking
[07:50:56] <deadpigeon> iptables confuses me, i hate to be a pain =/
[07:51:14] *** Lap_64 has joined #postfix
[07:51:44] *** Lap_64 has quit IRC
[07:52:20] <f3ew> deadpigeon, it's ok
[07:52:38] <f3ew> you will get accurate answers
[07:54:16] <deadpigeon> I'm confident in that much. I appreciate the help.
[07:54:18] *** weedar has joined #postfix
[07:55:11] <deadpigeon> What is the postsuper: bogus filename error? How does it occur? Does that have something to do with the queue of the mail?
[07:55:54] <f3ew> that happens when your incoming queue file write is interrupted
[07:56:13] <f3ew> Now for the more difficult bits
[07:56:27] <f3ew> We need logs and postconf -n output
[07:56:29] <f3ew> !debug
[07:56:30] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .
[07:57:38] <deadpigeon> I don't want to spam the channel, and I'm working from different terminals. Anything in particular you're looking for? I must warn the old admin was not very good at keeping clean logs.
[07:58:10] <f3ew> just a few sample messages, because there's no normal reason for a queue to grow that high
[07:58:15] <deadpigeon> I spent 2 hour sifting through errors from 2006 and deleting old logs today.
[07:58:21] <f3ew> yeow
[07:58:27] <f3ew> The last few lines
[07:58:38] *** |_Knoedel_| has joined #postfix
[07:58:47] <deadpigeon> in /var/log/mail ?
[07:58:52] <f3ew> Let's start by looking at postconf -n
[07:58:59] <deadpigeon> okay.
[07:59:00] <f3ew> yes, but wait on that
[07:59:27] <deadpigeon> one moment, off to server room.
[07:59:59] <f3ew> can't you ssh in?
[08:01:50] <deadpigeon> actually
[08:02:18] <deadpigeon> no i cant, i really wish i could, probably can ssh tomorrow but right now its physical access.
[08:02:18] *** _bugz_ has quit IRC
[08:02:30] *** chadmaynard has joined #postfix
[08:02:51] *** Lap_64 has joined #postfix
[08:03:12] <deadpigeon> i have no access via ssh, the old admin locked everything down pretty well and never had the grace of informing anyone of the pws
[08:03:58] <deadpigeon> i have a laptop and i can drag it with me into the server room, and can give you any output that is helpful.
[08:04:03] <f3ew> ah, ok
[08:04:18] <f3ew> because otherwise you have a _lot_ of accurate typing to do
[08:04:25] <deadpigeon> but i have to type it, i type fast though..
[08:04:32] <deadpigeon> I know, its a frustrating situation for me too.
[08:05:06] *** weedar has quit IRC
[08:05:07] <deadpigeon> I really want to avoid 20k in queues tomorrow if it's possible, I got a -lot- of php work to do besides this nightmare of a spam server.
[08:06:20] <deadpigeon> okay, im going to head into the server room, ill be right back i have to connect to a different part of the network
[08:06:31] *** deadpigeon has quit IRC
[08:09:06] *** deadpigeon has joined #postfix
[08:09:23] <deadpigeon> hola.
[08:09:49] *** phnord has joined #postfix
[08:11:28] <roe_> I am trying to send via authenticated smtp but I am getting "SASL authentication failure: cannot connect to saslauthd server: Permission denied"
[08:13:43] <deadpigeon> Interestingly enough our mail queue has doubled in size in the past hour.
[08:14:19] <deadpigeon> I don't see this server processing anything with a filter in the next few hours.
[08:15:02] <deadpigeon> So if I drop port 25 no incoming mail will be lost? it will bounce correct?
[08:16:32] *** _bugz_ has joined #postfix
[08:16:39] <deadpigeon> iptables -I INPUT -p tcp --dport 25 -j REJECT
[08:16:56] <deadpigeon> not capital -J REJECT...?
[08:17:00] <deadpigeon> going from memory.
[08:17:25] <f3ew> deadpigeon, right
[08:17:33] <deadpigeon> okay.
[08:17:34] *** amrit|wrk is now known as amrit
[08:17:36] <f3ew> iptables -I INPUT -p tcp --dport 25 -j REJECT
[08:18:05] <f3ew> No, mail will not flow into your server because there will be no TCP connection established
[08:18:18] <deadpigeon> Fucksticks.
[08:18:33] <f3ew> what?
[08:18:38] <lennard> its probably better to use iptables -I INPUT -p tcp --dport 25 -j REJECT --reject-with tcp-reset
[08:18:41] <deadpigeon> iptables cant initialize iptables 'filter': Table does not exist (do you need to insmod?)
[08:18:56] <f3ew> ouch
[08:19:00] <lennard> so modprobe it? :)
[08:19:04] <f3ew> Ok, nastier solution
[08:19:15] <deadpigeon> modprobe it? err.. modprobe iptables?
[08:19:18] <f3ew> lennard iptables is not installed/compiled into the kernel
[08:19:26] <f3ew> see if that works
[08:19:32] <lennard> modprobe iptables_filter, iirc
[08:19:37] <f3ew> my bet is that you don't have it compiled in
[08:19:41] <lennard> either that or iptable_filter or ipt_filter
[08:19:47] <deadpigeon> nah, module not found
[08:19:55] <lennard> or one of those with all caps
[08:19:58] <deadpigeon> but the command is found in /usr/sbin
[08:20:01] <lennard> its a confusing naming scheme :P
[08:20:23] <lennard> but, couldnt you just edit master.cf and reload?
[08:20:29] <lennard> as in, comment out the smtpd lines
[08:20:51] <deadpigeon> Well...
[08:21:09] <deadpigeon> I can make it so it doesn't filter it through the spamassassin, but that's it.
[08:21:24] <deadpigeon> Anyways, there is another deeper problem.
[08:21:53] <f3ew> yeah
[08:21:57] <deadpigeon> Iptables might not be configured right (big surprise), but our mail queue is 12,000 and growing as it is.
[08:22:04] <f3ew> Yes
[08:22:10] <f3ew> Which is what we want to fix
[08:22:16] <lennard> true
[08:22:22] <deadpigeon> what was that command, postfix -n?
[08:22:25] <deadpigeon> er, postconf?
[08:22:26] <f3ew> the iptables stuff is first-aid until we diagnose the cause
[08:22:29] <f3ew> postconf -n
[08:22:46] <f3ew> Edit master.cf, comment out the line(s) ending with smtpd
[08:22:49] <f3ew> run postfix reload
[08:23:12] <deadpigeon> i notice ntmp running as well, is that relevant?
[08:23:44] *** sophokles has joined #postfix
[08:23:55] <f3ew> no
[08:24:38] <f3ew> first step ==> prevent new mail from getting into the queue, second step ==> figure out why the queue is filling up, and how to stop that from happening
[08:25:07] <f3ew> third step => clear out queue, and fourth step => let new mail come back into the queue
[08:25:27] <deadpigeon> we're running amavisd-new, apparently that what they have chosen as a content filter.
[08:26:00] <deadpigeon> how about the lines under smptd, ie: -o x \
[08:26:16] <deadpigeon> \er: -o smtpd_##ecetera
[08:26:40] <f3ew> yes
[08:27:02] <f3ew> all the way upto the next line that has a non blank first character
[08:29:09] *** HedgeMage has quit IRC
[08:31:43] <deadpigeon> okay. reloading postfix.
[08:31:44] *** weedar has joined #postfix
[08:32:10] *** hever has joined #postfix
[08:32:29] <deadpigeon> I cleared everything that ended in snmpd and any option associated with it, i left spamassassin and content filtering in place.
[08:35:51] <deadpigeon> Some strange errors with mailq i've never seen before.
[08:38:52] *** bhagat has joined #postfix
[08:47:39] *** phantomcircuit has quit IRC
[08:48:37] *** fabounio has quit IRC
[08:50:59] <deadpigeon> flushing queue and going to bed, all i can do. ill be back tomorrow im sure.
[08:51:04] <deadpigeon> thx. peace.
[08:51:11] *** deadpigeon has quit IRC
[09:06:54] *** Spec has quit IRC
[09:11:23] *** cafuego has quit IRC
[09:59:01] *** war9407 has joined #postfix
[09:59:58] *** war9407 has quit IRC
[10:00:12] *** chadmaynard has quit IRC
[10:00:17] *** war9407 has joined #postfix
[10:06:52] *** madrescher has joined #postfix
[10:11:32] *** growltiger has joined #postfix
[10:14:59] <loompek> just a quick question.. how to tell postfix's not to add Received from... mail headers
[10:21:37] *** Lap_64 has quit IRC
[10:27:12] <f3ew> loompek you can't
[10:29:15] <stockholm> you can remove some, though
[10:29:32] <stockholm> look for header_checks IGNORE
[10:33:14] *** kk_CHN has quit IRC
[10:33:18] *** madrescher has quit IRC
[10:36:59] *** F6F has quit IRC
[10:42:52] *** Severed_Head_Of_ has joined #postfix
[10:44:42] *** brancaleone has joined #postfix
[10:53:07] *** havvg has joined #postfix
[10:53:24] *** OneFix_Work has quit IRC
[10:56:31] *** madrescher has joined #postfix
[10:57:24] *** growltiger has quit IRC
[11:04:25] <loompek> are you positive.. there is _no_ way to tell postfix not to add that headers..
[11:04:49] <loompek> or even better yet... not even change the mail.. leave it as-is
[11:05:43] <vice-versa> it's an rfc requirement
[11:06:01] *** _bt has quit IRC
[11:08:07] <loompek> argh :S
[11:08:09] <loompek> anyway...
[11:09:33] *** _bt has joined #postfix
[11:15:46] <loompek> could i intercept messages from one e-mail address?
[11:16:11] <loompek> let's say if the mail is sent from : aaaa at domain dot com i'd like to send it in quarantene and to the original recipient
[11:16:55] <Roobarb> sender_bcc_maps
[11:17:14] <loompek> thanks
[11:17:25] <Roobarb> http://www.postfix.org/postconf.5.html#sender_bcc_maps
[11:17:30] <sysmonk> 10 thousands chineese, a pipe to lpd, and a console where they can re-input the email
[11:17:30] <Roobarb> note the caveat about bounces
[11:17:33] <sysmonk> ;P
[11:18:45] *** sypher has joined #postfix
[11:19:42] <loompek> that shouldnt be the problem
[11:19:53] <loompek> +123 at domain dot com root
[11:20:02] <loompek> ran postmap
[11:20:04] <loompek> now i wait
[11:20:27] <vice-versa> why wait
[11:21:02] <loompek> to get the mail
[11:21:13] <loompek> to see if it works
[11:22:16] *** fabounio has joined #postfix
[11:22:35] <vice-versa> as if email addresses were impossible to forge and thus test
[11:30:26] <Roobarb> heaven forbid that might be possible
[11:32:11] <jduggan> what
[11:32:15] <jduggan> you can forge email?
[11:32:20] <sysmonk> you have to download a hacking tool for that
[11:32:24] <jduggan> oh
[11:32:26] <sysmonk> i think it's called telnet, or was it netcat?
[11:32:31] <jduggan> show me how to hack
[11:32:36] <jduggan> =]
[11:32:44] <jduggan> can i hack hotmail with it
[11:32:46] <sysmonk> jduggan: sure i'll teach ya, 50k $ / hour
[11:32:51] <vice-versa> it's an urban legend
[11:33:17] <Roobarb> yeah, its not as if SMTP is a plain-text protocol or anything
[11:35:03] <onre> i've heard it's EBCDIC encoded into 36-bit words
[11:42:14] <Roobarb> actually thats a lie - its ROT-26 encoded
[11:43:57] *** Fallenou has joined #postfix
[11:44:50] <onre> that's certainly not export-grade encryption
[11:54:33] *** pirho has joined #postfix
[12:05:36] *** Tykling has joined #postfix
[12:07:12] *** OneFix_Work has joined #postfix
[12:19:28] *** saurabhb has quit IRC
[12:24:45] *** hooch_ has joined #postfix
[12:25:59] *** Bombo has quit IRC
[12:26:18] *** Bombo has joined #postfix
[12:37:05] *** hooch has quit IRC
[12:52:15] *** hooch_ is now known as hooch
[12:55:29] *** sypher has quit IRC
[12:56:46] *** cafuego has joined #postfix
[12:58:29] <milligan_> urk, why isn't there a standard to the postfix logs... I need a utility that gets the ips of all senders in my log, and how many recipients they have sent/tried to send email to. I've asked before.. anyone know of one that does that? pflogsumm doesn't do ips.
[13:00:47] <Roobarb> awstats might
[13:05:00] *** weedar has quit IRC
[13:05:47] *** weedar has joined #postfix
[13:11:24] *** mandragor has joined #postfix
[13:18:17] <vice-versa> milligan_: why not script it yourself
[13:20:51] <jduggan> yea thats pretty quick script to knock up
[13:21:00] <vice-versa> indeed
[13:26:27] *** weedar has quit IRC
[13:26:37] *** littlesven has quit IRC
[13:40:46] *** ohcibi has quit IRC
[13:42:32] *** ohcibi has joined #postfix
[13:44:52] *** stephen has joined #postfix
[13:44:57] <stephen> hello everyone..
[13:45:09] <stephen> Im trying to setup a transport postfix setup..
[13:45:25] <stephen> I would like to have something like blah at blah dot com goto blah at lists dot blah.com
[13:45:30] <stephen> can this be done in transport?
[13:45:33] <stephen> many thanks
[13:46:02] <f3ew> yes
[13:46:19] *** _Driver_ has joined #postfix
[13:46:40] <stephen> f3ew thanks.. could you show me an example?
[13:46:49] <f3ew> !transport
[13:46:51] <knoba> f3ew: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html
[13:47:05] <f3ew> Actually, you just need virtual_alias_maps
[13:47:10] <f3ew> !virtual_alias_maps
[13:47:11] <knoba> f3ew: "virtual_alias_maps" : a configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote address. The table format and lookups are documented in virtual(5).
[13:47:26] <stephen> stephentest at blah dot com smtp:lists.[lists.blah.com]:25
[13:47:56] <stephen> stephentest at blah dot com is the inital address
[13:48:08] <stephen> I would like it to rewrite to stephentest at lists dot blah.com in transport
[13:48:27] <stephen> (rewrite the to address)
[13:49:48] <stephen> its needs to be done in transport as we have two mail servers .. this is just a gateway/router
[13:50:30] <milligan_> Roobarb, cheers.. awstats does the job.
[13:51:02] <milligan_> vice-versa, jduggan , I tend to overthink problems.. and there's no reason to reinvent the wheel if it's already out there :)
[13:52:33] <f3ew> stephen, do the rewrite in virtual_alias_maps
[13:52:50] <f3ew> then rout the rewritten domain using transport_maps or MX records
[14:09:14] *** Pazzo has joined #postfix
[14:14:21] <stephen> f3ew thanks
[14:17:29] *** tsauter has quit IRC
[14:31:36] *** Drezard has joined #postfix
[14:32:09] <Drezard> postfix server... POP works perfectly :) but SMTP denies me due to a relay something err rather?
[14:32:23] <f3ew> Drezard, logs
[14:32:32] <Drezard> one sec
[14:32:35] <f3ew> !relay access denied
[14:32:36] <knoba> f3ew: Error: "relay" is not a valid command.
[14:32:42] <f3ew> !access denied
[14:32:43] <knoba> f3ew: Error: "access" is not a valid command.
[14:32:55] <sysmonk> !relay_denied
[14:32:56] <knoba> sysmonk: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[14:32:58] <sysmonk> f3ew: ^^
[14:32:58] <sysmonk> ;P
[14:33:20] <Drezard> one ssec
[14:34:29] <Drezard> Mine is a Relay access denied.... so yea.... how do i fix?
[14:34:41] <Drezard> oh so i must add to my networks....
[14:35:34] <Drezard> i see....
[14:35:37] <Drezard> ok next question
[14:35:56] <Drezard> can i have my smtp server so I can access it from anywhere? that is, without it becoming an open relay?
[14:36:31] <jduggan> !sasl
[14:36:31] <knoba> jduggan: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[14:37:19] <Drezard> is it hard to set up :S
[14:38:55] *** m1n3s6 has quit IRC
[14:40:10] *** eanxgeek has joined #postfix
[14:41:07] <Drezard> when I send to some hosts, it gives me the Mail Delivery failed... error, but not because end email doesnt exist because I dont have an mx serveR???
[14:41:21] <Drezard> recipient denied, because <poweredsecurity.com> has
[14:41:22] <Drezard>     no acceptable MX server (in reply to RCPT TO command)
[14:42:37] <vice-versa> s/server/record/
[14:43:06] *** eanxgeek1 has joined #postfix
[14:43:43] *** eanxgeek1 has left #postfix
[14:45:00] <Drezard> huh?
[14:45:17] <vice-versa> !mxrecord
[14:45:18] <knoba> vice-versa: "mxrecord" : a DNS resource record specifying a host name that Internet mail for a recipients' domain is to be routed to. The host name assigned to the MX record must have a corresponding A record, not a CNAME, and the A record must not resolve to an IP address. A domain can have multiple exchangers with multiple MX records having varying levels of priority
[14:45:29] *** bhagat has quit IRC
[14:45:56] <vice-versa> however, if you're being rejected for having no mx record, well that's just plain wrong
[14:46:37] <Drezard> vice-versa, can u take a look at the bounce request and give me the just?
[14:46:41] <vice-versa> now having an invalid mx record, that I can see
[14:46:55] <Drezard> how is it invalid?
[14:47:05] <Drezard> please help :S im newish at this and i want to get better :P
[14:47:28] <vice-versa> poweredsecurity.com 	MX	0 mail
[14:47:47] <Drezard> yea?
[14:47:50] <Drezard> thats my MX
[14:48:11] <vice-versa> and you don't see anything wrong with that?
[14:48:44] <vice-versa> !fqdn
[14:48:44] <knoba> vice-versa: "fqdn" : the 'Fully-Qualified Domain Name'. It consists of the hostname part and the domain part. 'www.postfix.org' is a FQDN whereas 'www' is not. Only DNS resolvable, fully-qualified domain names (FQDNs) are permitted when domain names are used in SMTP.
[14:49:12] <vice-versa> postfix.org         	MX	10 mail.cloud9.net
[14:49:35] <Drezard> so it should be like....
[14:49:45] <Drezard> poweredsecurity.com MX 0 mail.poweredsecurity.com?
[14:49:57] <Drezard> i have an A record that is mail - ip
[14:50:14] <vice-versa> yes
[14:51:14] <vice-versa> I would use a priority of 10 though
[14:51:23] <Drezard> kk
[14:51:37] <Drezard> then allow 24 hours for propogation?
[14:51:55] <vice-versa> sure
[14:52:10] <Drezard> thanks :)
[14:52:15] <Drezard> next question, with setting up SASL
[14:52:21] <Drezard> do i have to set up encryption too?
[14:52:36] <vice-versa> it's recommend
[14:52:36] <Drezard> im going to follow this: https://help.ubuntu.com/community/Postfix
[14:52:42] <Drezard> but it has encryption too
[14:52:59] <Drezard> encryption i always get bad results with but ill give it a go
[14:53:36] *** Tykling has left #postfix
[14:53:37] <vice-versa> I would suggest using submission service if you're going to be roaming or supporting roaming users
[14:53:55] <Drezard> submission?
[14:53:59] <vice-versa> !msa
[14:54:00] <knoba> vice-versa: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf
[14:54:01] <Drezard> also... MX record modified :)
[14:54:18] <Drezard> !mua
[14:54:18] <knoba> Drezard: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird
[14:54:37] <Drezard> so it accepts mail from MUAs?
[14:55:21] <vice-versa> yes, and the reason why you would want this is many service providers now block port 25
[14:56:45] *** praedor has joined #postfix
[14:57:20] <praedor> I need some help getting fetchmail and postfix (sendmail) to properly interact.
[14:58:25] *** mandragor has quit IRC
[14:58:35] <praedor> Anyone here and active?
[14:59:02] <vice-versa> !anyone
[14:59:03] <knoba> vice-versa: "anyone" : Please do not ask if anyone uses some program or postfix feature. Instead ask your real question.
[14:59:38] *** weedar has joined #postfix
[14:59:54] <vice-versa> !ask
[14:59:55] <knoba> vice-versa: "ask" : If you have a question, just ask. Precise questions lead to precise answers. Vague descriptions of your problem will get you nowhere. See also: http://workaround.org/moin/GettingHelpOnIrc
[14:59:58] <Drezard> vice-versa, i see... im using a VPS, so would that matter?
[15:00:09] <praedor> I have fetchmail working on my PC (Mandriva) but cannot get it working on my laptop.  Both systems run postfix.
[15:00:28] <Drezard> praedor, why is the laptop running postfix?
[15:00:50] *** deadpigeon has joined #postfix
[15:01:08] <praedor> I have my own domain and like to send/receive mail for that domain.
[15:01:49] <praedor> At the moment, I use it primarily for sendmail
[15:02:08] <vice-versa> Drezard: it shouldn't, but you may have to ask the vps provider to unblock certain ports for you
[15:02:25] <Drezard> vice-versa, kk :)
[15:02:34] <deadpigeon> Hi it's me again.
[15:03:43] <praedor> It was working fine until I upgraded my install.  I ran fetchmailconf but when I try to fetch my mail from outside, I get:  SMTP transaction error while fetching from <my outside email> and delivering to SMTP host localhost.
[15:03:46] <deadpigeon> My queue is down to 30 thousand, atleast flushing did a little. Is it possible to flush for addresses at a specific domain?
[15:04:33] <vice-versa> heh, so you're not dead after all, in fact I'm starting to doubt you're even a pigeon
[15:04:43] <praedor> I do not have this problem on my home PC.  I have rerun fetchmailconf numerous times trying different settings to no avail.  I have checked my postfix settings as well but can find nothing wrong.
[15:04:45] <deadpigeon> ie: we have a business that's a law firm and I don't want to lose them, I'd like to move their mail to the top of the qeueue.
[15:05:00] <deadpigeon> hehe, well, my other nick is mypenquinisl33t, does that make any more sense?
[15:09:09] <Drezard> vice-versa, so now it seems i have encryption plus, smtp auth running :) can u test it and make sure its not an open relay... or how do i test that?
[15:10:07] <vice-versa> !relaytest
[15:10:08] <knoba> vice-versa: "relaytest" : a public service to test if your mail server is an open relay. Just run "telnet relay-test.mail-abuse.org" or visit http://www.abuse.net/relay.html
[15:10:38] <vice-versa> deadpigeon: so what's with the huge backlog in the first place?
[15:11:01] <deadpigeon> vice-versa: I have no idea. I guess clamav and amavisd is to blame.
[15:11:15] <vice-versa> has it been resolved?
[15:11:36] <deadpigeon> vice-versa: We're trying to filter the spam/viruses out, the spam server crashed again last night so I brought the child processes down to 9.
[15:12:02] <vice-versa> s/spam/anti-spam/
[15:12:05] <vice-versa> ;)
[15:12:07] <sysmonk> deadpigeon: you just need a sysadmin :P
[15:12:25] <deadpigeon> vice-versa: No it has not been resolved. I don't think it's possible. Between 7am and now we've gotten 20k in emails probably all junk.
[15:12:41] <deadpigeon> sysmonk: I am the sysadmin, I just have no experience with postfix, and our old admin apparently didn't either.
[15:12:50] *** bagigio has joined #postfix
[15:12:56] <sysmonk> so you need a sysadmin, familiar with postfix
[15:13:26] <deadpigeon> sysmonk: your concern is noted, however not very helpful. =/
[15:13:30] <Drezard> ...
[15:13:36] <Drezard> now it refuses all addresses :(
[15:13:39] <vice-versa> so do you have a high volume of mail still trying to deliver via the now defunct transport?
[15:13:50] <deadpigeon> vice-versa: Indeed.
[15:14:07] *** ming_zym has quit IRC
[15:14:55] *** Drezard has quit IRC
[15:14:58] <vice-versa> did you update your config to temporarily remove said transport?
[15:15:08] *** Drezard has joined #postfix
[15:15:16] <Drezard> sorry, just before i goto bed...
[15:15:24] <Drezard> vice-versa, cheers for all the help :)
[15:15:30] <vice-versa> np
[15:15:33] <Drezard> vice-versa, finally im getting somewhere with mail :)
[15:15:45] <Drezard> vice-versa, got an email btw?
[15:15:53] <sysmonk> good quesetion
[15:15:54] <deadpigeon> vice-versa: I did for a while, but I put it back into action and flushed so I could goto bed and see it's progress. It came down from 100k to 30k in emails so that was something I guess.
[15:15:55] <sysmonk> question*
[15:16:13] <Drezard> vice-versa, well i g2g
[15:16:18] <Drezard> vice-versa, lataz guys
[15:16:24] *** Drezard is now known as drezard_away
[15:16:33] <vice-versa> not that I'm willing to share with strangers ;)
[15:18:49] <vice-versa> deadpigeon: I'm confused, are you now saying the backlog issue has been resolved?
[15:19:33] <deadpigeon> vice-versa: No it hasn't. It will backup by noon time to 100k in emails sitting in the queue.
[15:20:02] <deadpigeon> I do appreciate the help a whole lot, btw.
[15:20:28] <bagigio> hi I have a problem
[15:20:51] <bagigio> I have installed postfix on an ubuntu server
[15:21:02] <deadpigeon> Atleast now I'm in the office and I can probably ssh in and get some config files a little easier.
[15:21:13] <bagigio> but I have the pop3server on an orhte machine in the network
[15:21:29] <vice-versa> ok, so that 100k backlog is what you want to start delivering?
[15:23:12] <SeJo> instead of sendmail (when postfix is installed) what should i use to send a mail commandline?
[15:23:51] <vice-versa> sendmail
[15:24:12] <vice-versa> it's a postfix supplied sendmail emulation binary
[15:24:17] <bagigio> can I configure postfix to relay only e-mails address to my domain to the pop3 and the other to my default connection smpt server?
[15:25:06] <bagigio> I haven't find nothing about this configuration
[15:25:32] <bagigio> I have found only a configuratione with a pop3 server on the same machine of the smtp
[15:26:11] <Roobarb> bagigio: I don't quite understand your question; is the POP3 server running on a different machine?
[15:26:18] <bagigio> yes
[15:26:29] <Roobarb> so this box is purely a relay?
[15:27:06] *** Drezard_ has joined #postfix
[15:27:18] <bagigio> yes but it is configured to relay emails only to the servers mails
[15:27:33] *** praedor has left #postfix
[15:27:33] <deadpigeon> vice-versa: Yes I'd like to start delivering the backlog. It is currently delivering what is in the queue, however very sluggishly.
[15:27:57] <bagigio> it is a windows server and I can't touch it
[15:28:31] <Roobarb> bagigio: so at the moment, mail comes into Postfix, then gets sent on to thw windows box ?
[15:28:55] <Roobarb> bagigio: are you doing that via relayhost or transport_maps ?
[15:29:06] <bagigio> no at the moment mails comes only to the windows server
[15:29:23] <deadpigeon> vice-versa: Is there a way I can start delivering mail for a specific site? I'd really like to get a certain customer on the top of the list.
[15:29:35] <vice-versa> deadpigeon: yup
[15:29:38] <Roobarb> bagigio: right, so this is a new server?
[15:29:40] <bagigio> I want to use postfix to have a smtp server on my public address
[15:29:54] <bagigio> yes this is a new server
[15:29:57] <Roobarb> ok
[15:30:09] <vice-versa> deadpigeon: find `postconf -h queue_directory` -type f | xargs fgrep -l 'SEARCH_STRING' | sed 's,.*/,,'  | postsuper -r -
[15:30:26] <vice-versa> deadpigeon: replace SEARCH_STRING with something relevant
[15:30:44] <bagigio> I tried to configure postfix on an other tcp port but in this configuration it don't work
[15:30:58] <vice-versa> deadpigeon: you may want to add a sleep into that too, up to you
[15:31:14] <Roobarb> bagigio: ok, well transport_maps along with relay_domains is probably the way to go
[15:31:56] <Roobarb> bagigio: you probably need to keep eveythign on port 25.   (internet) -> (postfix) -> (windows)
[15:32:25] <bagigio> Roobarb, yes it is the configuration I wont
[15:33:22] <deadpigeon> vice-versa: Slightly confused, forgive me. So if I want to deliver all mail for whatever at hobbinslaw dot com, I'd just use the domain hobbinslaw.com in the search string?
[15:33:33] *** don_vito has joined #postfix
[15:33:50] <don_vito> hello, how do I create an email account for my website. i.e. info at mywebsite dot com ?
[15:34:40] <Roobarb> don_vito: install postfix, setup a user "info", set a dns MX record for "mywebsite.com" to point to your new mailserver, then send mail to it.
[15:35:47] <bagigio> Roobarb, I don't understand how to configure my server in this mode
[15:36:06] *** Drezard__ has joined #postfix
[15:36:23] <Roobarb> bagigio: http://www.postfix.org/BASIC_CONFIGURATION_README.html
[15:36:36] <bagigio> thx
[15:37:00] *** Drezard_ has quit IRC
[15:37:52] *** bagigio has quit IRC
[15:38:59] <vice-versa> deadpigeon: yup
[15:39:56] *** Zelest has joined #postfix
[15:44:09] <deadpigeon> vice-versa: I really appreciate your help and patience. You're a good egg.
[15:44:33] <vice-versa> meh, i do what I can
[15:45:08] <vice-versa> deadpigeon: so did that do what you wanted?
[15:45:44] *** drezard_away has quit IRC
[15:46:22] <deadpigeon> vice-versa: Not sure, it appears to be going through every email in /incoming and mostly responding with 'no such file or directory' which makes sense, it only has 0.06% cpu attention because of amavisd-new hogging all the resources so it will be a few I'm guessing.
[15:46:25] <f3ew> deadpigeon, wb
[15:46:41] <deadpigeon> f3ew: top of the morning to ya.
[15:46:48] <f3ew> vice-versa I got him to stop accepting any new mail, so his queue will clear
[15:47:04] <f3ew> but we still don't have _why_ it's filling up
[15:47:51] <f3ew> so I am still waiting for a postconf -n
[15:47:55] <deadpigeon> f3ew: no, i had to accept mail last night. i wasn't comfortable with how it was blocking mail, so I flushed the queue and went to bed. It processed 100k in email down to 30k.
[15:48:05] <f3ew> Ouch
[15:48:31] <deadpigeon> f3ew: I guess I should recompile the kernel for iptables support at some point today. I can get you that postconf -n now that I'm ssh'd in from the office.
[15:48:40] *** Haris1 has joined #postfix
[15:49:13] <f3ew> !cheatsheet might also be a useful read
[15:49:14] <knoba> f3ew: Error: "cheatsheet" is not a valid command.
[15:49:18] <f3ew> !cheatsheet
[15:49:19] <knoba> f3ew: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[15:50:02] <deadpigeon> vice-versa: Thanks for the postsuper command, it worked and requeued my emails for that customer. :)
[15:50:12] <vice-versa> np
[15:50:14] <vice-versa> f3ew: I was given the impression from deadpigeon that it was due to a remote anti-uce host going down
[15:50:26] <f3ew> vice-versa, dunno
[15:50:45] <f3ew> My impression is that the host we are dealing with _is_ the anti-uce host
[15:50:52] <vice-versa> lol
[15:50:52] <deadpigeon> Our actual mail server is twiddling it's thumbs, everything is filtered through our anti-spam server.
[15:50:57] <f3ew> and it's merely SA being called from Amavisd
[15:50:58] <deadpigeon> f3ew is right.
[15:51:17] <vice-versa> oh my
[15:51:23] <f3ew> as opposed to a nice, !cheatsheeted host
[15:51:33] * Roobarb hopes you have some RBL checks before anything goes anywhere near amavisd
[15:51:47] <f3ew> Roobarb, no postconf -n yet
[15:51:51] <vice-versa> indeed, pre-data spam control++
[15:51:52] <deadpigeon> I hate to bring such a problem into #postfix, but #sa offers no help, except 'run sa-update'.
[15:52:04] <f3ew> deadpigeon, it's ok
[15:52:06] <deadpigeon> f3ew would you like me to post the whole thing in the channel? I can priv msg you if that's better.
[15:52:19] <vice-versa> !pastebin
[15:52:20] <knoba> vice-versa: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[15:52:27] <f3ew> sa-update and running a near bleeding edge SA are good things
[15:52:28] <deadpigeon> Okay.
[15:52:44] <Roobarb> http://pastebin.com/d1385effc
[15:52:46] * Roobarb uses those
[15:52:48] *** macsim`work has joined #postfix
[15:53:02] <f3ew> but there's a lot of stuff which you can do
[15:53:05] <deadpigeon> I understand this, it is updated. I've heard bad things about amavisd anyways, maybe I could work towards spamd in the near future.
[15:53:31] <f3ew> Nah,  amavisd isn't necessarily your problem
[15:53:34] <deadpigeon> As soon as this requeue command runs it's course I'll give you the postconf.
[15:53:35] <macsim`work> hi, I use postfix with mysql I change the quota for one account, where can I force postfix to get this new quota ? thanks
[15:53:41] <f3ew> and directly running spamd isn't any cheaper
[15:54:15] <f3ew> macsim`work, Postfix uses filesystem quotas, not ones from MySQL
[15:54:29] <deadpigeon> It isn't? Ok. There is no postgrey or anything on the system either, I'm not sure how it works but I was inclined to give it a try.
[15:54:45] * f3ew waits for postconf -n
[15:54:52] <Roobarb> the trick is limiting what goes through amavis to that which gets pastall the other smtpd_recipient_restrictions you have first
[15:54:54] <macsim`work> f3ew,  you are sure  about that ?
[15:54:58] <f3ew> macsim`work yes
[15:55:13] <f3ew> Roobarb, amongst other things
[15:55:17] <macsim`work> f3ew, because my quota is my mysql quota field
[15:55:21] <Roobarb> f3ew: indeed
[15:56:05] <deadpigeon> f3ew: http://rafb.net/p/HRO4dJ86.html
[15:56:33] <Roobarb> meh, default smtpd_recipient_restrictions
[15:56:56] <f3ew> ick
[15:57:01] <f3ew> !cheatsheet
[15:57:02] <knoba> f3ew: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[15:57:06] <f3ew> Read that link
[15:57:27] <f3ew> That should get rid of _most_ of your spam even before it hits amavisd-new
[15:58:22] <deadpigeon> Neato.
[15:58:41] <Roobarb> aye, in the last day the 3 relays we have have rejected ~60k messages before the DATA command
[15:59:00] <Roobarb> and we've only accepted 6k
[15:59:04] <vice-versa> deadpigeon: 72.8.60.0/22 in mynetworks seems a tad excessive, do you really trust all 1024 potential hosts to have relay access?
[16:00:10] <f3ew> vice-versa, that should still be a smaller problem than not blocking large swathes of 0/0
[16:00:33] <deadpigeon> vice-versa: I'm not sure, I didn't configure postfix, it's the old admin's settings. Those are all our office servers & dial-up users.
[16:00:49] * f3ew sympathises with deadpigeon
[16:00:53] <vice-versa> f3ew: right, but still worth pointing out
[16:01:03] <Roobarb> well as long as you own the netblock, it shouldn't be so much of an issue
[16:01:12] <f3ew> "You are the only guy here who knows any Unix, even if you are a C/C++ programmer, so go fix the mailserver"
[16:01:51] * Roobarb uses fail2ban too
[16:02:08] <deadpigeon> Yeah pretty much. I also am the asterisks voIP admin & the wireless motorola admin, but the mailserver is a bit over my head so I really appreciate you guys here.
[16:02:27] * f3ew suggests outsourcing
[16:03:07] <deadpigeon> I've suggested it too, but we're on a tight budget until we get our coppercom switch trunked up, we're about to become a phone company *head spins*
[16:03:16] <f3ew> ouch
[16:03:22] <Roobarb> deadpigeon: a large portion of that cheatsheet is designed to reject mail based on the sending server either not being in DNS or not being a valid domain in dns, or other such things
[16:03:25] <f3ew> gmail for domains is cheap?
[16:03:33] <Roobarb> free innit?
[16:03:41] <f3ew> Only upto 50 users
[16:04:07] <deadpigeon> Roobarb, okay, so we use to do reverse dns from what I've heard, and it caused a lot of problems, perhaps the admin was doing it on a per user basis?
[16:05:49] <Roobarb> even if you just put "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org", you'd see a big drop in siccessful connections
[16:05:57] <Roobarb> *successful
[16:06:50] *** rsc has left #postfix
[16:07:52] <deadpigeon> From what I understand, and this is a big problem around here, a lot of local ISPs in our area and including the police department and such do not have proper HELO addresses.
[16:08:25] <vice-versa> sad
[16:08:29] *** stephen has quit IRC
[16:08:29] <deadpigeon> Indeed.
[16:08:31] *** stephen has joined #postfix
[16:08:35] *** stephen has quit IRC
[16:08:37] *** stephen has joined #postfix
[16:08:44] *** stephen has quit IRC
[16:08:46] <deadpigeon> I think I know why the old mail admin took off so abruptly.
[16:08:46] *** stephen has joined #postfix
[16:09:11] <vice-versa> and fwiw, spamhaus.org isn't free for moderate to high volume sites, based off of the connects per day at the mta iirc
[16:09:33] *** stephen has quit IRC
[16:09:35] *** stephen has joined #postfix
[16:10:02] * vice-versa wacks stephen's router
[16:10:17] <deadpigeon> I was looking at this site yesterday, spamhaus... I was confused as to what the heck they were.
[16:10:35] <Roobarb> vice-versa: running your own caching nameservers helps with that
[16:11:17] <vice-versa> deadpigeon: a DNSBL IP based reputation system
[16:11:28] *** stephen has quit IRC
[16:11:30] *** stephen has joined #postfix
[16:11:31] <Roobarb> deadpigeon: you end up with entries like this in your logs:
[16:11:33] <Roobarb> NOQUEUE: reject: RCPT from unknown[79.120.53.247]: 554 5.7.1 Service unavailable; Client host [79.120.53.247] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=79.120.53.247
[16:11:36] *** weedar has quit IRC
[16:11:58] <Roobarb> if you go to that URL, they say why the client was blocked
[16:12:06] *** stephen has quit IRC
[16:12:08] *** stephen has joined #postfix
[16:12:11] <deadpigeon> Ah, I see.
[16:12:40] *** alienbrain has joined #postfix
[16:13:17] <vice-versa> speaking of DNSBLs, anyone using or testing b.barracudacentral.org have any comments?
[16:13:29] <Roobarb> you really do see some stupid crap if you watch your mail logs for too long :)
[16:14:00] <Roobarb> vice-versa: no IP for that hostname
[16:14:00] <vice-versa> and if you see angels of Jeebus, it's been way too long
[16:14:40] <vice-versa> Roobarb: right, it's a DNSBL
[16:14:58] <Roobarb> oh right
[16:15:56] <Roobarb> vice-versa: are you using it?
[16:16:47] <deadpigeon> I'm off for a smoke. brb.
[16:17:25] <vice-versa> Roobarb: we tested it, we we're actually impressed with it, using it in a controlled environment atm for further analysis
[16:17:43] <sysmonk> vice-versa: i thought of using it with warn_if_reject
[16:18:17] <vice-versa> they list backscatter sources too, which we really found ironic ;)
[16:18:35] <sysmonk> oh my, i'll be blocked! :)
[16:19:01] <sysmonk> k, studies. afk
[16:19:07] *** stephen has quit IRC
[16:19:11] *** stephen has joined #postfix
[16:24:58] *** Lap_64 has joined #postfix
[16:25:21] <vice-versa> you know, I've often thought that if several good globally diverse mail admins got together you could put together a really decent DNSBL
[16:26:04] <sysmonk> yup
[16:26:10] <sysmonk> we can make our own
[16:26:25] <vice-versa> indeed
[16:26:35] <sysmonk> that is, not that i'm 'good globally diverse mail admin' :)
[16:26:42] <deadpigeon> Dumb question, how do I get postfix to reply with it's version #?
[16:26:57] <sysmonk> k, i'm out, really now.
[16:27:03] <vice-versa> and there's good money to be had from it for heavy commercial users too
[16:27:30] <vice-versa> deadpigeon: postconf mail_version
[16:35:09] *** GoGi has joined #postfix
[16:41:39] *** tm-30740-exa has quit IRC
[16:46:15] *** ohcibi has quit IRC
[16:47:53] <Pazzo> vice-versa: we've put the barracuda list in production, and applying it to all mails that have made it through a small list of other rbls...
[16:48:38] <Pazzo> ...yesterday (even as the last list in the "queue") it catched about 300.000 mails (from a total reject count of about 4.200.000)
[16:48:53] <vice-versa> I guess if you're going to that extent you're liking what you see then
[16:49:05] <Pazzo> We're really satisfied with this list, yes
[16:49:53] <Pazzo> Got only one complaint in about a month right now - and that one knew why he finished on this list ;-)
[16:50:10] <Pazzo> However, no experience about their removal policies from my side
[16:50:11] <vice-versa> yeah we were too, only thing we were somewhat sceptical on was the delisting process, should be more passive
[16:50:13] <Pazzo> Anyone else?
[16:51:48] *** sophokles has quit IRC
[16:52:46] *** issackelly has joined #postfix
[16:53:30] <issackelly> What are the practical differences between dovecot and cyrus?
[16:54:48] <vice-versa> dovecot is supposedly easier to work with but lacks client-side sasl support in postfix
[16:54:57] *** Lap_64 has quit IRC
[16:56:45] <issackelly> Ok, So I'm a complete mailserver noob.  I want something that is secure for my clients, and can support multiple domains and virtual users with a mysql backend.  I don't know if I need SASL on the client or server and if I need TLS, and if I can do that with multiple domains, etc...
[16:57:21] <issackelly> I'm also on a virtual server, so my rDNS is different than the DNS address that I want to be using,  (I'm on EC2)
[16:58:22] *** download123 has joined #postfix
[16:59:04] <Roobarb> vice-versa: you mean you can't do sasl server->server if you have doevcot?
[16:59:05] *** yam has joined #postfix
[17:00:08] <vice-versa> afaik yes, though that may have changed recently
[17:00:25] <rob0> Roobarb, to be more precise, having/using Dovecot is not the issue there. The issue is that you MUST have Cyrus SASL. (You could have both.)
[17:00:40] *** xpoint has joined #postfix
[17:05:46] <vice-versa> issackelly: imo tls and sasl are not really options any more
[17:06:03] <vice-versa> what's the ptr?
[17:06:16] <issackelly> ptr?
[17:06:23] <issackelly> Why are they not options?
[17:06:28] <issackelly> What should I be using then?
[17:06:49] <vice-versa> !ptr
[17:06:50] <knoba> vice-versa: "ptr" : A PTR record or pointer record, maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address
[17:07:10] <vice-versa> aka, rDNS
[17:07:24] <issackelly> ah, ec2-75-101-148-70.compute-1.amazonaws.com
[17:07:32] <vice-versa> eww
[17:07:36] <issackelly> yea
[17:08:44] <Roobarb> vice-versa: you mean you wouldn't use tls/sasl ?
[17:08:54] <issackelly> yeah, just what I was going to ask
[17:09:25] <vice-versa> *not supporting
[17:09:25] *** madrescher has quit IRC
[17:09:27] <vice-versa> srry
[17:09:59] <vice-versa> as in they're a must have these days
[17:10:07] <issackelly> ahh, ok
[17:10:50] <issackelly> Does TLS work off of the requested server name, or the $myhostname ?
[17:13:42] <vice-versa> the DNS FQDN of the mail server
[17:14:31] <vice-versa> iirc, the CN (Common Name) of the server cert must match the DNS FQDN of the mail server
[17:15:07] <issackelly> then there is no way that I can provide a valid TLS, since I don't own the FQDN
[17:19:17] <vice-versa> sure there is, FQDN != rDNS/PTR
[17:20:26] <deadpigeon> How to check for PCRE support in postfix?
[17:20:40] <shasta> deadpigeon, postconf -m
[17:20:49] <deadpigeon> thankye.
[17:21:00] <issackelly> oh, so it must match the requested name.  if in outlook they type mail.server.com and my CN is mail.server.com there should be no errors
[17:21:03] *** nfi|ermes has quit IRC
[17:21:14] *** phnord has quit IRC
[17:23:46] <vice-versa> issackelly: correct, but that again depends on the certs being done correctly and the CA that signed the cert is known and trusted
[17:24:05] <issackelly> Right, That's not a problem.
[17:24:24] <issackelly> Ok, so that part is ok.  If I can get SASL working then I should be in good shape
[17:27:15] <vice-versa> partially, I would also suggest using submission service if you're going to be supporting roaming users or users that have port 25 blocked by their service providers
[17:29:07] <vice-versa> port 25 blocking by ISPs has thankfully become more common in recent years
[17:29:49] <issackelly> I'll have to look that up
[17:29:53] <vice-versa> !msa
[17:29:55] <knoba> vice-versa: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf
[17:30:09] *** felix-da-catz has joined #postfix
[17:30:20] *** madrescher has joined #postfix
[17:31:58] <issackelly> oh, seems easy enough.  Do most clients support that by default?
[17:35:46] <vice-versa> it's seamless to the client really, some you may have to specify the port in-line, mail.example.com:587
[17:36:32] <vice-versa> real question is do they support sasl auth/tls properly
[17:36:40] * vice-versa glares at Outhouse
[17:36:45] <rob0> !outlook
[17:36:46] <knoba> rob0: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us
[17:36:47] <mofino> doesn't 587 require SMTP AUTH?
[17:37:20] <rob0> 587 requires what you tell it to require, but indeed, you should require AUTH or $mynetworks.
[17:37:56] <mofino> hmm
[17:37:57] <issackelly> Yeah, unfortunately I can't send such messages to most of my clients.
[17:48:50] *** pitakill has joined #postfix
[17:49:27] *** F2Knight has joined #postfix
[17:50:27] *** Tykling has joined #postfix
[17:51:08] <F2Knight> What is the best way to back up a postfix/dovcot mail server ? I have a Postfix/Dovecot mailserver at my office and would like to keep a backup of my users mailboxes on a seperate system incase of system failuar. all clients access the mailserver via IMAP.
[17:52:55] <issackelly> I would do that with rsync if you want to keep a hot backup at another location.  if you want to just backup the files, there are other ways
[17:53:33] <rob0> none of which are specific to Postfix or Dovecot or to email in general
[17:54:31] * rob0 prepares to send messages to Isaac's clients
[17:54:41] <vice-versa> hehe
[17:55:00] <issackelly> lol
[17:55:01] <rob0> hey I got a snailed 419!
[17:55:10] <F2Knight> rob0, rsync the Maildir is what i was thinking.
[17:55:21] <F2Knight> issackelly, what is the way you would suggest?
[17:55:30] <rob0> that makes 3 votes for rsync
[17:56:10] <issackelly> Well, if you just want to keep the files backed up, and don't have an extra server, You could store them on S3 or some other server
[17:56:13] *** stephen_ has joined #postfix
[17:56:30] *** eanxgeek has quit IRC
[17:56:31] <vice-versa> rob0: lol, couldn't get you via your mta so the resorted to the old standby ;)
[17:56:32] <Dominian> rob0: make that 4
[17:56:37] <stephen_> f3ew heya.. You pointed me in the right direction earlier about rewriting for a lists server
[17:57:04] <issackelly> **Amazon s3 file store.  I'd still prefer rsync
[17:57:04] <stephen_> hello everyone..
[17:57:06] <vice-versa> rsync++
[17:57:29] <stephen_> Im trying to rewrite the to header of an email as it passes through transport
[17:57:47] <rob0> Weird thing, the stamp (from Spain) cost .78 Euro ... I bet they stole the stamps, because that could add up to a lot of money quick.
[17:57:52] <F2Knight> issackelly, S3?? whats that
[17:58:15] <vice-versa> rob0: counterfeit
[17:58:36] <rob0> the stamp was the one thing that looked genuine
[17:58:40] <stephen_> I used an alias to hopefully rewrite but it keeps the same name.. any idea how to change stephentest at blah dot com to stephentest at lists dot blah.com going to lists.blah.com
[17:58:41] <stephen_> many thanks
[17:58:41] <issackelly> S3, stands for simple storage something or other... basically it's an off-site file store provided by amazon for $0.15 /gb/month plus transfer fees
[17:58:42] <F2Knight> issackelly, never mind i see you mentioned it already
[17:59:00] <rob0> the scam was printed by a cheap inkjet printer
[17:59:14] <issackelly> lots of utilities, and APIs to run it
[17:59:32] <F2Knight> well i already have a box at the house acting as a backup server (Ubuntu w/rsync that connects to a freenas box in the office.)
[18:00:01] <F2Knight> so i think rsync the maildir will do then just was not sure about all the special file names/.
[18:00:06] <vice-versa> rob0: snail mail has more teeth for reporting such fraud
[18:00:17] *** Trengo has quit IRC
[18:00:48] *** don_vito has quit IRC
[18:01:54] <rob0> V, I don't have time, and this particular one is already well known.
[18:02:04] *** hparker has joined #postfix
[18:02:30] *** download123 has left #postfix
[18:06:41] *** niki has joined #postfix
[18:08:47] <deadpigeon> is there a file or log I can watch to see what the recipient restrictions rejects?
[18:09:41] <vice-versa> !logs
[18:09:41] <knoba> vice-versa: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf or grep -rl `postconf -h syslog_name` /var/log/* should tell you where logs are going. also see !have2mung
[18:12:37] <vice-versa> once you know where the log is located you could do, tail -F /var/log/maillog | grep NOQUEUE
[18:15:15] *** growltiger_ has quit IRC
[18:16:21] *** Tykling has left #postfix
[18:17:02] <deadpigeon> anyway to compare current queue to new restrictions, or is that done automatically?
[18:20:50] <vice-versa> not sure what you mean, if mail is queued it's past the point of having restrictions applied
[18:21:09] <deadpigeon> okay.
[18:27:44] *** _bt has quit IRC
[18:29:33] <deadpigeon> rejecting fqdn's seems to be blocking a lot of nasties, im just wondering how many legitimate mails it will block. so far so good, nothing too important.
[18:30:44] *** dantix has joined #postfix
[18:32:34] *** havvg has quit IRC
[18:32:59] *** |_Knoedel_| has quit IRC
[18:35:38] <dantix> hi all, I've have a box running postfix+amavis+spamassassin+clam. My problem is the server is tagging as SPAM messages sent by users authenticated by the server itself. what could be wrong?
[18:35:57] *** Trengo has joined #postfix
[18:37:24] <vice-versa> deadpigeon: rejecting fqdn's?
[18:37:25] <dantix> I've supposed that content_filter parameter only worked for incoming mails not for outgoing authenticated mails. Am I wrong?
[18:41:43] <vice-versa> dantix: postfix does not distinguish outgoing from incoming per se, it's all just mail to postfix
[18:43:25] *** felix-da-catz is now known as felix-da-catz_zz
[18:44:44] <dantix> vice-versa so amavis is in charge of that, isn't it?
[18:45:12] <deadpigeon> vice-versa: rejecting non_fqdn's, sorry. is there anything i need to setup to make fqdn lookups work properly?
[18:45:52] <vice-versa> deadpigeon: nope
[18:46:39] <deadpigeon> vice-versa: good deal. im watching this thing reject like crazy. it rejects some yahoo adresses and aol adresses, that worries me only slightly because they could be spoofed.
[18:46:55] <vice-versa> dantix: you maybe able to exclude authed users with amavis, dunno as I don't use it myself
[18:47:39] <deadpigeon> it says helo command rejected: need fqdn.... but i havnt enabled helo lookups, is that typical behavior?
[18:48:06] <vice-versa> deadpigeon: which they usually are, only thing you can trust to not be forged is the client address
[18:48:26] *** Haris________ has joined #postfix
[18:49:46] <vice-versa> deadpigeon: reject_non_fqdn_hostname?
[18:49:54] <deadpigeon> yes
[18:50:05] <vice-versa> what version of postfix are you using?
[18:50:12] <deadpigeon> and non_fqdn_sender, and non_fqdn_recipient
[18:50:13] <deadpigeon> 2.5
[18:50:41] <vice-versa> with Postfix > 2.3 that has been more appropriately named reject_non_fqdn_helo_hostname ;)
[18:50:53] <deadpigeon> oh.
[18:51:03] <vice-versa> *=> 2.3 rather
[18:51:07] <deadpigeon> should i change it in my config?
[18:51:16] <vice-versa> I would
[18:51:16] <deadpigeon> because currently its reject_non_fqdn_hostname
[18:51:25] <deadpigeon> however it seems to be rejecting.
[18:51:44] <vice-versa> yup still works as intended
[18:52:11] <deadpigeon> okay, then if reject_non_fqdn_hostname still works then i will leave it at that.
[18:52:14] <dantix> vice-versa thanks
[18:52:16] *** dantix has left #postfix
[18:52:50] <vice-versa> deadpigeon: up to you, reject_non_fqdn_helo_hostname is better named imo
[18:53:08] <vice-versa> had it of been that you wouldn't have asked now would you ;)
[18:53:22] <deadpigeon> okay, ill change it and it will take place on next reboot.
[18:53:42] <deadpigeon> if it was named helo_hostname i wouldn't have even added it as a restriction.
[18:53:49] <vice-versa> nope, will be almost instantaneous
[18:54:07] <deadpigeon> helo is too complicated for the businesses around here apparently.
[18:54:19] <vice-versa> you must code for a lot of Windows boxen do you  ;)
[18:54:34] <deadpigeon> yeah.
[18:54:35] <vice-versa> reboot, reboot, reboot
[18:54:54] <deadpigeon> I perfer not to, but I do what I'm paid to do.
[18:55:08] <deadpigeon> haha, yeah, well.. postfix reload is a godsend.
[18:55:17] <vice-versa> :)
[18:57:59] <vice-versa> yes unfortunately they do, mostly Windows boxen though, sad though as it's a rfc requirement
[18:58:03] <vice-versa> !ehlo
[18:58:04] <knoba> vice-versa: "ehlo" : The domain name given in the EHLO or HELO command MUST be either a host name that is resolvable to an DNS Resource Record address, or an IP address literal.
[19:02:45] *** simcop2387 has joined #postfix
[19:06:31] *** githogori has quit IRC
[19:07:00] *** blackflag has quit IRC
[19:07:41] *** Haris_ has quit IRC
[19:08:57] <deadpigeon> vice-versa: I can't thank you enough dude, my day has been a lot more productive in comparison to the last week of banging my head. :)
[19:09:36] <vice-versa> yw
[19:11:33] *** blackflag has joined #postfix
[19:12:40] *** Castigador has joined #postfix
[19:16:11] <Castigador> Hi, I have a local domain with postfix and I would like to know how I can deny the relay to another domains
[19:18:00] <mofino> reject_unauth_destination
[19:18:14] <mofino> don't add anything to mynetworks
[19:18:58] *** rouri has joined #postfix
[19:19:00] <Castigador> thanks mofino i'm going to test it
[19:22:41] <Castigador> :), now I can send to external domains but I can't receive in my local domain. I want the opposite :)
[19:23:19] <adaptr> you should deny relay regardless of intended use
[19:23:38] <mofino> Castigador, local domain is misconfigured then
[19:24:12] <mofino> i don't use local, but there is something about mydestinations?
[19:24:28] <Castigador> mydestination =
[19:24:36] <Castigador> is empty
[19:24:46] *** Bombo_ has joined #postfix
[19:25:27] <adaptr> you want to receive local mail but you have an empty local domain ?
[19:25:38] * adaptr scratches head
[19:26:21] <mofino> Castigador, as far as i know, that's broken
[19:26:26] <mofino> if you are using local
[19:26:34] <Castigador> agg sorry
[19:26:49] <Castigador> I empty the wrong variable
[19:26:56] <mofino> heh heh
[19:28:22] <Castigador> now mynetworks is empty
[19:28:30] <Castigador> but I can send mails to external domains
[19:28:41] <mofino> yeah?  sounds odd
[19:28:48] <mofino> you have reject_unauth_destination?
[19:29:04] <Castigador> smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_unauth_destination
[19:29:11] <adaptr> you have no clue what you're doing, do you ?
[19:29:16] <adaptr> !basic
[19:29:16] <knoba> adaptr: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[19:29:21] <adaptr> please start there
[19:29:26] *** Bombo has quit IRC
[19:29:26] *** Bombo_ is now known as Bombo
[19:29:39] <simcop2387> neither do i but i've got an advanced question that i'm working on :) (i'll have all the info in a minute
[19:29:50] <mofino> Castigador, comma
[19:29:55] <mofino> missing
[19:30:01] <Castigador> :'(
[19:30:10] <mofino> postfix won't complain about it either
[19:30:19] <mofino> if i remember correctly
[19:31:22] <Castigador> I think I'm going to drop all the packets using iptables :D
[19:31:32] <mofino> not a solution
[19:31:40] <mofino> very very poor solution!
[19:31:56] <Castigador> I know mofino but I've tested a lot of configs
[19:31:56] <mofino> just set it up properly
[19:32:23] <mofino> dont shortcut, it will fuck you over
[19:32:35] <Castigador> :)
[19:32:37] <mofino> especially for relaying
[19:35:09] *** dikdust has joined #postfix
[19:35:42] <dikdust> hi, do you know that are there some issues with elho thunderbird and tls ?
[19:36:07] <dikdust> since today I can't send messages trough my smtp
[19:36:17] *** F2Knight has quit IRC
[19:36:18] <adaptr> and that is our fault - how, exactly ?
[19:36:27] <adaptr> ridiculous
[19:36:44] <Castigador> mofino which option is used to set the domains that postfix allow to send email: relay_domains?
[19:36:54] <mofino> send?
[19:36:54] <dikdust> damn
[19:37:00] <mofino> it will send if it's non-local
[19:37:05] <dikdust> I'm an idiot
[19:37:14] *** eanxgeek has joined #postfix
[19:37:22] <dikdust> from internal it'll work
[19:37:29] <mofino> Castigador, you are trying to block relaying, but once your in (say a forward), it will relay automatically
[19:37:37] <dikdust> I' m using dovecot
[19:37:44] <dikdust> I guess sasl is dead
[19:37:53] <Castigador> ajam, I need to block relaying, understood
[19:38:00] *** githogori_ has joined #postfix
[19:38:08] <Castigador> I thought that postfix also relay locally
[19:38:24] <mofino> what?
[19:39:13] *** Haris1 has quit IRC
[19:39:50] *** dikdust has quit IRC
[19:40:57] *** m0f0x has joined #postfix
[19:41:41] <adaptr> Castigador: by default, postfix allows you to send mail FROM mynetworks TO anywhere in th eworld
[19:41:51] <adaptr> that's the normal mode of behaviour
[19:42:30] *** dikdust has joined #postfix
[19:42:34] <adaptr> similarly, it allows mail sent FROM anywhere in the world TO your local or virtual domains
[19:45:15] <Castigador> thanks adaptr
[19:46:17] <simcop2387> ok i'm trying to setup postfix to relay mail through gmail when the senders address is farnsworth.rt at gmail dot com and so far i haven't been able to get it to relay it properly, its instead attempting to send it directly to the destination (which doesn't work because i'm on a residential blacklist since i'm on comcast), http://sial.org/pbot/32664 my main.cf and other config files are there, anyone willing to help? (/me looks at mofino)
[19:47:06] <mofino> bleh
[19:47:22] <simcop2387> heh
[19:47:28] <adaptr> simcop2387: some clever thinking will allow yuo to perceive that this is not in fact theoretically possible
[19:47:43] <adaptr> gmail will not allow you to relay *from* that address
[19:47:53] <adaptr> it allows local *outgoing8 SMTP from that address
[19:47:57] <adaptr> but not incoming
[19:48:04] <rob0> !sender_dependent_relayhost_maps
[19:48:05] <knoba> rob0: "sender_dependent_relayhost_maps" : a configuration directive in main.cf for sender based message routing. See http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
[19:48:25] <adaptr> sure, postfix can do it - anybody CAN do it
[19:48:34] <adaptr> but it's spamvalhalla if you allow it
[19:49:39] <rob0> nono, it's not allowing relay based on the sender address; it's just routing it IF allowed.
[19:50:23] <rob0> Still has to pass smtpd_recipient_restrictions, such as mynetworks or AUTH.
[19:51:11] <simcop2387> i imagine i'm not explaining it correctly, but i think rob0's suggest should help
[19:54:12] *** Drezard_ has joined #postfix
[19:54:12] *** Drezard__ has quit IRC
[19:54:27] *** issackelly has quit IRC
[19:56:36] *** Spec has joined #postfix
[19:57:18] <deadpigeon> Sitting here watching this queue get smaller and smaller has made me a very happy puppy.
[19:58:34] <rob0> And of course still have to do client AUTH at gmail
[19:59:30] *** lumpek has joined #postfix
[20:00:16] <simcop2387> rob0: that i think i've got setup right, but i don't know for sure at the moment yet, its still not wanting to relay...
[20:04:26] <simcop2387> hrm
[20:05:25] *** Zeit|awy_ has joined #postfix
[20:08:47] *** weedar has joined #postfix
[20:11:28] *** Zeit|awy has quit IRC
[20:11:31] <vice-versa> deadpigeon: what's it down to now?
[20:13:04] *** felix-da-catz_zz is now known as felix-da-catz
[20:16:38] *** AcTiVaTe has quit IRC
[20:17:30] *** loompek has quit IRC
[20:17:44] *** loompek has joined #postfix
[20:18:37] *** lumpek has quit IRC
[20:25:13] <simcop2387> hrm this is being a real pain to setup, i think i'll just write a sendmail replacement for RT to use....
[20:29:33] *** c0rleone has joined #postfix
[20:30:26] <c0rleone> hello.. anyone can help me.. how fix this: http://pastebin.com/me8eda54 ?
[20:31:21] <shasta> c0rleone, running in chroot?
[20:31:35] <c0rleone> dont know.. im newb in postfix
[20:33:41] <c0rleone> shasta: how i check that?
[20:33:52] *** m0f0x is now known as colesterol_dog
[20:35:13] <c0rleone> shasta ok now
[20:35:13] <c0rleone> thx
[20:35:14] *** c0rleone has quit IRC
[20:40:37] *** Severed_Head_Of_ is now known as growltiger
[20:41:48] *** alienbrain has quit IRC
[20:43:49] <growltiger> cholesterol
[20:44:58] *** rouri has quit IRC
[20:48:03] <sysmonk> ho ho ho
[20:48:07] <sysmonk> meeeeery christmas
[20:48:21] <sysmonk> hum, i think i'm a bit too late / too early ;/
[20:53:36] *** devdas has joined #postfix
[20:54:14] *** pitakill has quit IRC
[20:57:56] *** growltiger_ has joined #postfix
[20:58:02] *** growltiger has quit IRC
[21:01:48] *** Castigador has left #postfix
[21:08:24] *** Knoedel2 has joined #postfix
[21:15:20] *** c0rleone has joined #postfix
[21:16:29] *** tflsh has joined #postfix
[21:17:05] <tflsh> hi all, any recommendation on setting up postfix?  i know i can just do ./configure && make && make install  but any recommendations?  i'd like to be able to support virtual mailboxes at some point
[21:18:02] <vice-versa> !basic
[21:18:03] <vice-versa> !standard
[21:18:03] <vice-versa> !virtual
[21:18:03] <vice-versa> !docs
[21:18:04] <knoba> vice-versa: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[21:18:05] <knoba> vice-versa: "standard" : Your question is probably answered in http://www.postfix.org/STANDARD_CONFIGURATION_README.html
[21:18:06] <knoba> vice-versa: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html
[21:18:07] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[21:18:55] *** amrit is now known as amrit|wrk
[21:19:29] <higuita> sysmonk: no, just in time!!
[21:19:36] <tflsh> thanks !
[21:20:30] <tflsh> i had used vmailadmin on one of my servers in the past
[21:20:39] <tflsh> but i dont think its been maintained in ages, vmailadmin
[21:20:46] <devdas> !postfixadmin
[21:20:47] <knoba> devdas: "postfixadmin" : used for managing email accounts through a web interface (http://high5.net/postfixadmin/)
[21:21:40] <rob0> Postfix does not use GNU autoconf, so no ./configure - read the README for any feature you need.
[21:21:41] <tflsh> anyone here actually use postfixadmin?
[21:23:13] *** adie_ is now known as adie
[21:23:53] <vice-versa> none or the regulars do to my knowledge
[21:24:17] <tflsh> vice-versa: any idea what they use, or what do you use?
[21:24:41] <vice-versa> command line tools
[21:25:20] <sysmonk> or custom coded ones
[21:25:24] <tflsh> hm
[21:25:33] <sysmonk> i use my own stuff
[21:25:35] <tflsh> vice-versa: any recommended command line tools?
[21:25:50] <tflsh> sysmonk: so to add virtual users, you have perl sripts to update a mysql database or something?
[21:26:28] <sysmonk> tflsh: i have really different envoirnments
[21:26:52] <Trengo> i have a customer portal and a customer support portal, both webbased
[21:26:55] <sysmonk> but yes, php/perl/c scripts update the databases (hash tables directly or sql )
[21:27:38] <vice-versa> bash, nano, perl, mysql, postsuper, postqueue, postcat, postconf, grep, sed, awk
[21:28:27] <sysmonk> s/bash/sh/ s/nano, //
[21:30:38] *** Pazzo has quit IRC
[21:31:19] <tflsh> well i'll try postfixadmin
[21:31:31] *** jeffspeff has quit IRC
[21:31:35] *** jeffspeff2 has quit IRC
[21:39:54] *** Fallenou has quit IRC
[21:47:22] *** User13 has joined #postfix
[21:47:58] *** User13 has quit IRC
[22:01:50] *** devdas has quit IRC
[22:02:00] *** chadmaynard has joined #postfix
[22:05:33] *** growltiger has joined #postfix
[22:05:45] *** brancaleone has quit IRC
[22:06:35] *** hever has quit IRC
[22:11:41] *** GoGi has quit IRC
[22:16:18] *** Haris_ has joined #postfix
[22:16:18] *** Haris________ has quit IRC
[22:18:11] *** sepski has joined #postfix
[22:18:12] *** madrescher has quit IRC
[22:19:30] *** growltiger_ has quit IRC
[22:19:52] *** madrescher has joined #postfix
[22:20:21] *** Sephiroth_ has quit IRC
[22:24:37] *** c0rleone has quit IRC
[22:28:02] *** Sephiroth_ has joined #postfix
[22:34:45] *** AcTiVaTe has joined #postfix
[22:56:57] *** Lukemob_ has joined #postfix
[23:07:21] *** sepski has quit IRC
[23:11:08] *** Lukemob has quit IRC
[23:15:46] *** Lukemob_ has quit IRC
[23:17:44] *** Knoedel2 has quit IRC
[23:18:06] *** Lukemob has joined #postfix
[23:19:43] *** colesterol_dog has quit IRC
[23:20:37] *** kipler has joined #postfix
[23:22:36] *** simcop2387 has left #postfix
[23:25:56] *** eanxgeek has left #postfix
[23:32:40] <kipler> Hi, is there anyone who could help me with a postfix problem?
[23:33:02] *** eanxgeek has joined #postfix
[23:34:01] *** pickcoder has joined #postfix
[23:34:36] <mofino> ask the question
[23:35:02] <kipler>  mail for dorado loops back to myself
[23:35:03] <kipler> Reporting-MTA: dns; dorado.lan
[23:35:12] <kipler> ive got no idea what that means
[23:35:27] <kipler> (using roundcube)
[23:35:52] <kipler> would it be a bind dns problem? or would it be related to the postfix config file?
[23:35:54] <mofino> domain is not configured in postfix
[23:36:41] <kipler> any advice?
[23:36:52] <mofino> i must say though, postfix client TLS is a bitch
[23:36:53] <mofino> oops
[23:37:03] <mofino> yes, the domain is NOT configured in postfix
[23:37:10] <kipler> okay, where is it configured?
[23:37:28] <mofino> do you know postfix at all?
[23:37:51] <kipler> not really
[23:37:57] <kipler> just trying to learn
[23:38:02] <mofino> alright well i'm off, so you'll need to do some learning
[23:38:09] <kipler> okay thanks
[23:38:20] <mofino> but basically, you need to put that domain in there with the rest of them
[23:38:38] <kipler> in there? wheres that?
[23:38:55] <mofino> chance that'll be under virtual_mailbox_domains or mydomains
[23:39:00] <mofino> in the postfix config
[23:39:04] <mofino> usually in /etc/postfix
[23:39:13] <mofino> you REALLY need to learn more first
[23:39:18] <mofino> if this is a production server
[23:39:39] <vice-versa> !loopback
[23:39:39] <kipler> well, im just installing this on a text box atm
[23:39:39] <knoba> vice-versa: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
[23:39:41] <mofino> and always copy your config files to another name before doing changes
[23:39:49] <kipler> thanks
[23:40:04] <mofino> yeah not mydomains, mydestination
[23:40:09] <kipler> alright
[23:44:47] <kipler> seems to work! but now the test email i sent to myself i showing twice, that would probably a fetchmail problem i guess
[23:44:53] <kipler> is*
[23:45:38] <vice-versa> probably
[23:45:44] <kipler> thanks alot guys
[23:45:48] <kipler> !
[23:45:58] <vice-versa> yw
[23:46:30] *** m4r71x has joined #postfix
[23:47:41] <m4r71x> hey guys
[23:47:51] <m4r71x> I asked the last time when I was here
[23:48:15] <m4r71x> how could I copy all incoming and outgoing mails to a specific account?
[23:48:35] <m4r71x> I tried aliases, but it repet mails as much as users are copied
[23:48:49] <m4r71x> not sure if recipient_bcc_maps will do that
[23:49:11] <m4r71x> I want just one copy of an email sent to for example a dozens of users
[23:49:19] <m4r71x> no the dozen copied
[23:49:30] <vice-versa> !always_bcc
[23:49:31] <knoba> vice-versa: "always_bcc" : a configuration parameter in the main.cf: Optional address that receives a "blind carbon copy" of each message that is received by the Postfix mail system.
[23:50:14] <m4r71x> knoba: but I "think" not tested yet, it will copy dozens of mails sent to users that are configured in the system
[23:50:16] <m4r71x> am I right?
[23:50:44] <vice-versa> !stupidbot
[23:50:45] <knoba> vice-versa: "stupidbot" : heh, more like dumb ass human!
[23:51:21] <vice-versa> m4r71x: tias
[23:51:34] <m4r71x> vice-versa: sorry I didnt understand
[23:51:53] <vice-versa> Try It And See
[23:52:11] <m4r71x> oh ok
[23:52:54] <m4r71x> then
[23:53:14] <m4r71x> what is the diference between aliases and recipient_bcc_maps??
[23:53:26] <m4r71x> sorry for my dumb question, I just want to be clear
[23:54:49] <vice-versa> the first redirects mail, the later sends a duplicate
[23:55:44] <vice-versa> s/later/latter/
[23:56:00] <m4r71x> vice-versa: and what if I have: user1, user2.user.3 and user4 and I want to bcc incoming and outgoing mails to userA
[23:56:12] <m4r71x> will userA recievie 4 mails of the same???
[23:56:19] <m4r71x> thats the problem I have now :(
[23:57:00] <m4r71x> my exact problem is whn I send a mails to user1, user2, user3 and user4, userA have 4copies of my email
[23:57:41] <vice-versa> so it's working as designed just not as you want
[23:58:41] <m4r71x> vice-versa: and how should I do to make userA only receive a single mail of me and not 4?
[23:59:51] <vice-versa> did you try it with always_bcc yet?





top