postfix IRC logs [October 19

[00:00:05] *** berto- has joined #postfix
[00:01:16] <berto-> i've been looking around, but cannot find a difinitive source for how to implement SRS in postfix.  can someone point me in the right direction.
[00:09:00] *** piparkuka has quit IRC
[00:17:02] *** berto- has quit IRC
[00:30:25] *** pirho has quit IRC
[00:32:38] *** pirho has joined #postfix
[00:33:54] *** gutocarvalho has quit IRC
[00:56:05] *** MaD^MaRe` has joined #postfix
[01:00:20] *** war9407 has quit IRC
[01:07:10] *** war9407 has joined #postfix
[01:25:55] *** Tykling has joined #postfix
[01:28:51] *** Weasel[DK] has quit IRC
[01:35:58] *** Fallenou has quit IRC
[01:41:17] *** jpalmer has quit IRC
[01:47:57] *** jacobat has quit IRC
[01:49:36] *** jpalmer has joined #postfix
[02:04:44] *** war9407 has quit IRC
[02:35:51] *** madrescher has quit IRC
[02:37:45] *** madrescher has joined #postfix
[02:38:42] *** henkie_ has quit IRC
[02:44:43] *** Haris_ is now known as Haris
[02:46:12] *** havvg has quit IRC
[02:53:37] *** RetroAA has joined #postfix
[02:59:27] <RetroAA> anyone in here awake and able to perhaps explain why "virtual_mailbox_domain" and "virtual_alias_domain" do not work?
[03:04:03] *** pirho has quit IRC
[03:05:35] *** pirho has joined #postfix
[03:11:02] *** madrescher has quit IRC
[03:26:54] *** pirho has quit IRC
[03:33:39] *** blackflag has quit IRC
[03:36:00] <xpoint> RetroAA, thay do not work for you might be right but it works for any here in this irc channel :)
[03:36:15] <RetroAA> lol
[03:36:17] <RetroAA> thanks
[03:36:50] <RetroAA> I've probably set something which is causing them to not work, but no idea what that might be?
[03:37:29] <RetroAA> so at the moment the work around is to add every hosted domain to "mydestination"
[03:46:29] *** Severed_Head_Of_ has joined #postfix
[03:47:00] <xpoint> RetroAA, you know the drill ?
[03:47:23] <RetroAA> RTFM ?
[03:47:40] <xpoint> or !basic
[03:48:01] <xpoint> !tell RetroAA basic
[03:48:16] <RetroAA> heh? !basic ?
[03:48:20] <RetroAA> a bot?
[03:48:26] <xpoint> !tell basic RetroAA
[03:48:27] <knoba> xpoint: Error: No factoid matches that key.
[03:48:37] <xpoint> !basic
[03:48:38] <knoba> xpoint: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[03:50:07] <xpoint> RetroAA, but why not use postfixadmin  ?
[03:51:47] <RetroAA> from http://www.postfix.com/VIRTUAL_README.html : Canonical versus hosted versus other domains
[03:51:47] <RetroAA> Most Postfix systems are final destination for... Hosted domains are usually implemented with the virtual alias domain address class and/or with the virtual mailbox domain address class, as defined in the ADDRESS_CLASS_README file.
[03:51:56] <RetroAA> from virtual readme...  The virtual mailbox  domain class.
[03:51:56] <RetroAA>     *
[03:51:56] <RetroAA>       Purpose: final delivery for hosted domains where each recipient address can have its own mailbox, and where users do not need to have a UNIX system account. A virtual mailbox example is given in the VIRTUAL_README file.
[03:52:16] <RetroAA> so i did follow the documentation, at least as I understood it.
[03:52:28] *** roe_ has quit IRC
[03:52:53] <RetroAA> what is postfixadmin? I don't generally need to change the postfix config very often and tend to do things the old school way
[03:53:46] <xpoint> postfixadmin can run on localhost web and you can learn the old school way with it
[03:54:17] <xpoint> just need mysql or postgresql or sqlite if i remember
[03:54:46] <RetroAA> There is this old theory about not breaking something that works
[03:54:56] <RetroAA> and a front end is most likely going to do that :(
[03:54:57] <xpoint> then you can dump the tables to flat files and remove postfixadmin and or sql
[03:55:26] <RetroAA> I see... I'll take a look
[03:56:14] <xpoint> RetroAA, nothing breaks, postfix is not that unstable :)
[04:01:05] *** growltiger_ has quit IRC
[04:02:21] *** growltiger_ has joined #postfix
[04:06:11] *** growltiger has joined #postfix
[04:11:18] *** Tykling has left #postfix
[04:18:32] *** Severed_Head_Of_ has quit IRC
[04:20:47] *** growltiger_ has quit IRC
[04:23:15] *** mavrick61 has quit IRC
[04:24:21] *** mavrick61 has joined #postfix
[04:29:30] *** m1n3s6 has joined #postfix
[04:40:34] *** growltiger_ has joined #postfix
[04:43:46] *** growltiger_ has quit IRC
[04:44:03] *** growltiger_ has joined #postfix
[04:50:33] *** growltiger_ has quit IRC
[04:50:56] *** growltiger_ has joined #postfix
[04:55:57] *** growltiger has quit IRC
[05:20:11] *** growltiger has joined #postfix
[05:22:26] <RetroAA> xpoint, you around?
[05:22:41] <xpoint> no :)
[05:23:26] * xpoint < is there
[05:23:36] <RetroAA> so i've installed postfixadmin and it's all sleek and so far looking pretty awesome and I'm wondering why I've never looked into it before. BUT, no that I have it installed, I'm not really sure what to do with it?
[05:23:37] <RetroAA> lol
[05:23:56] <RetroAA> Do I need to manually point postfix to the new database structure?
[05:24:09] <xpoint> install a mysql database as in readme
[05:24:31] <RetroAA> yeah, done all that and added some users and domains
[05:24:39] <xpoint> yes you need to have mysql maps
[05:25:00] <xpoint> postfixadmin olso support postgresql
[05:25:01] <RetroAA> right, so basically it's just an interface for editing the SQL backend?
[05:25:12] <xpoint> yep
[05:25:31] *** goldfischli has joined #postfix
[05:25:39] <RetroAA> ok, but this is still not going to solve my problem with the virtual_domains parameter in the conf which doesnt work?
[05:25:52] <RetroAA> I already use MySQL for the backend
[05:26:09] <xpoint> see the sql maps in postfixadmin and apply them to main.cf
[05:26:23] <RetroAA> hmmm.... ok 1 sec
[05:26:35] <xpoint> is postfix ready ? postconf -m some sql listed ?
[05:27:18] <RetroAA> yep
[05:28:18] <RetroAA> and in main.cf I have virtual_alias_domains = mysql:/etc/postfix/mysql/virtual-domains.cf
[05:28:18] <RetroAA> virtual_alias_maps = mysql:/etc/postfix/mysql/virtual-aliases.cf
[05:28:18] <RetroAA> virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual-domains.cf
[05:28:18] <RetroAA> virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual-mailboxes.cf
[05:28:46] <RetroAA> but for whatever reason, it's not reading the domains out of the DB when mail is received?
[05:29:47] <xpoint> virtual_alias_domains is not tested well if i remember it needs aktive perl maps to work well
[05:30:38] <RetroAA> aaaah. so the real question is: Is there a way to dynamically change hosted domains?
[05:31:04] <xpoint> read the postfixadmin docs
[05:31:38] <xpoint> do not add domains to mydestination that is not used for unix users
[05:31:52] <xpoint> this is important
[05:32:31] <RetroAA> why? there seems to be no other way of forcing the system to accept email for hosted domains if I dont?
[05:33:25] <xpoint> tell me more, it works here :)
[05:33:50] *** growltiger_ has quit IRC
[05:34:34] <RetroAA> ok, so before I discovered postfixadmin I set this up. I have a seperate table just for hosted domains specifically for this purpose.
[05:35:26] *** growltiger_ has joined #postfix
[05:35:35] <RetroAA> virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual-domains.cf    and virtual-domains.cf looks like:  query = SELECT domain FROM domains WHERE domain = '%d'
[05:35:56] <vice-versa> wrong
[05:36:12] <xpoint> RetroAA, read the docs
[05:39:32] <RetroAA> from the docs: The virtual mailbox  domain class. Purpose: final delivery for hosted domains where each recipient address can have its own mailbox, and where users do not need to have a UNIX system account. Domain names are listed with the virtual_mailbox_domains parameter. Valid recipient addresses are listed with the virtual_mailbox_maps parameter. The mail delivery transport is specified with the virtual_transport parameter.
[05:39:45] <RetroAA> So what have I missed?
[05:40:05] *** _Driver_ has quit IRC
[05:40:10] <xpoint> postfixadmin docs
[05:41:05] *** goldfisc1li has quit IRC
[05:41:17] <RetroAA> postfixadmin docs have the query as: SELECT domain FROM domain WHERE domain='%s'
[05:41:23] <RetroAA> but %s is the address?
[05:42:59] <xpoint> 42
[05:43:11] <jduggan> xpoint, you need to sleep moe
[05:43:12] <jduggan> more
[05:43:14] <jduggan> =]
[05:44:12] <RetroAA> The answer to everything ;)
[05:45:30] *** _Driver_ has joined #postfix
[05:48:45] *** growltiger has quit IRC
[05:52:56] <xpoint> jduggan, send more patches
[06:08:31] <RetroAA> http://www.coolfunnyjokes.com/Funny-Jokes/Misc-Jokes/Electric-Train.html
[06:43:30] *** sypher_ has quit IRC
[06:43:45] *** sypher_ has joined #postfix
[06:47:12] *** hparker has quit IRC
[06:51:42] *** hparker has joined #postfix
[06:59:23] *** Templar_Xion has joined #postfix
[07:35:37] *** Templar_Xion has quit IRC
[07:44:35] *** Templar_Xion has joined #postfix
[07:49:34] *** denis has quit IRC
[08:01:10] *** jsm has quit IRC
[08:02:08] *** jsm has joined #postfix
[08:04:27] <RetroAA> xpoint, cheers for pointing me in the direction of postfixadmin. I've just finished migrating from my old setup to one that uses postfixadmin.
[08:06:15] *** DarklyCute has joined #postfix
[08:07:29] *** m1n3s6 has quit IRC
[08:23:26] *** Motoko-chan has quit IRC
[08:37:58] *** F6F has joined #postfix
[08:42:58] *** RetroAA has quit IRC
[08:50:17] *** hparker has quit IRC
[09:18:22] *** Templar_Xion1 has joined #postfix
[09:33:46] *** Templar_Xion has quit IRC
[09:40:15] *** plee has joined #postfix
[09:48:26] *** Filbert has quit IRC
[09:49:12] *** Haris has quit IRC
[09:49:19] *** Haris_ has joined #postfix
[09:54:00] *** Filbert has joined #postfix
[09:57:46] *** war9407 has joined #postfix
[10:01:50] *** muecke77 has joined #postfix
[10:02:00] *** amrit|car is now known as amrit|zzz
[10:06:47] *** madrescher has joined #postfix
[10:17:27] *** Templar_Xion1 has quit IRC
[10:38:18] *** growltiger_ has quit IRC
[11:32:07] *** ikevin has joined #postfix
[11:32:11] <ikevin> hello
[11:33:56] <ikevin> i have a problem with postfix, i try to setup dkim on, i have a message:  warning: connect to transport content_filter = dksign: No such file or directory
[11:34:52] <ikevin> i try to remove dksign from my master.cf, for that a put my backup config file, and i always have this warning
[11:34:57] <ikevin> how can i remove it?
[11:36:12] *** muecke77 has left #postfix
[11:42:40] *** DarklyCute has quit IRC
[11:59:55] *** growltiger has joined #postfix
[12:04:24] *** Fallenou has joined #postfix
[12:05:28] *** Internat has joined #postfix
[12:14:07] *** Haris________ has joined #postfix
[12:14:07] *** Haris_ has quit IRC
[12:16:22] *** milligan_ has quit IRC
[12:32:48] *** growltiger has quit IRC
[12:33:08] *** growltiger has joined #postfix
[12:40:34] *** Drezard has joined #postfix
[12:41:12] *** Braden` has joined #postfix
[12:41:15] <Braden`> Hello
[12:41:15] <Drezard> hey
[12:41:29] <Braden`> What is the parm I can add to main.cf to reject mail from certain hosts?
[12:41:36] <Drezard> need some help with my MX records, im still getting flagged as a spammer because i have not correctly set it up
[12:41:36] *** pirho has joined #postfix
[12:41:52] <Braden`> Drezard:  Relay through your ISP's SMTP server instead.
[12:41:56] <Drezard> Braden`, use a firewall
[12:42:11] <Braden`> Drezard:  I would prefer a postfix solution.
[12:42:19] <Drezard> Braden`, I would, but its a VPS so it should techniqually work
[12:49:32] *** inux has joined #postfix
[12:49:40] *** inux has left #postfix
[12:50:29] *** Braden` has left #postfix
[13:00:15] <Drezard> can someone help me with MX records?
[13:05:12] *** war9407 has quit IRC
[13:08:19] *** war9407 has joined #postfix
[13:13:04] *** war9407 has quit IRC
[13:15:02] *** war9407 has joined #postfix
[13:37:22] *** Tykling has joined #postfix
[13:37:58] *** F6F has quit IRC
[13:39:15] *** denis has joined #postfix
[13:44:23] *** muecke77 has joined #postfix
[13:59:00] <_bugz_> anybody have seen this before... dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user inna
[14:14:21] *** Drezard has quit IRC
[14:28:08] *** weedar has joined #postfix
[14:55:19] *** muecke77 has quit IRC
[15:05:16] *** muecke77 has joined #postfix
[15:13:46] *** muecke77 has quit IRC
[15:27:48] *** Cata has joined #postfix
[15:29:04] *** plee has quit IRC
[15:31:35] <Cata> Hello all. Following Signums howto isp style email and gets stuck when restarting dovecot after editing the configuration file. The error is "Restarting mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 639: Protocol section not allowed here" and the line 639 is "protocol lda {" but i think if I comment this out I will get more errors on conf file. System is debian etch
[15:35:22] <vice-versa> just a guess, I would suspect there's a syntactical error in the config prior to the line being reported
[15:35:50] <Cata> I will check
[15:38:04] *** martianixor has joined #postfix
[15:38:15] <Cata> Good guess. Thx. Think the next error I got might be the same. So thx so far
[15:47:18] *** martiancode has joined #postfix
[15:48:00] *** martianixor has quit IRC
[15:48:57] *** plee has joined #postfix
[15:53:22] *** F6F has joined #postfix
[15:57:31] *** plee has quit IRC
[16:00:00] *** Juspion has joined #postfix
[16:00:55] *** plee has joined #postfix
[16:02:06] *** suwro has joined #postfix
[16:02:12] <suwro> hello
[16:02:35] <suwro> when does content_filter come - when I send or when I receive mail - or both...
[16:06:31] *** plee has quit IRC
[16:08:31] *** Lap_64 has joined #postfix
[16:08:56] *** plee has joined #postfix
[16:09:33] *** Lap_64 has quit IRC
[16:11:27] *** Juspion has quit IRC
[16:16:25] *** Lap_64 has joined #postfix
[16:19:27] *** growltiger_ has joined #postfix
[16:20:40] *** Lap_64 has quit IRC
[16:22:22] *** Knoedel2 has joined #postfix
[16:26:49] *** growltiger has quit IRC
[16:30:19] *** Lap_64 has joined #postfix
[16:39:41] *** plee has quit IRC
[16:47:51] *** suwro has quit IRC
[17:06:19] *** Fallenou has quit IRC
[17:09:00] *** Jax has joined #postfix
[17:14:36] *** Pazzo has joined #postfix
[17:14:58] *** Sephiroth_ has quit IRC
[17:15:14] *** Pazzo has quit IRC
[17:15:32] *** martiancode has quit IRC
[17:16:14] *** hparker has joined #postfix
[17:41:31] *** Cata has quit IRC
[17:44:41] *** hever has joined #postfix
[17:45:45] <MarkRichman> How do I find the cause of this? "421 4.7.1 dev.markrichman.com Error: No client certificate presented" I am using openseel s_client to present the cert
[17:46:42] <MarkRichman> `openssl s_client -connect dev.markrichman.com:587 -starttls smtp -CAfile TestCA-cacert.pem -key macpro.local-client-key.pem -cert macpro.local-client-cert.pem`
[17:47:02] <MarkRichman> is it because my .pem files require passwords, or that i haven't trusted them on my postfix server?
[17:49:24] <vice-versa> postfix cannot work with pass phrase encrypted private keys
[17:49:48] <higuita> if iy have password, you have to remove it, no daemon with ssl will work with a cert with password, it would required to ask a user for the password, but as a daemon, he dont have anyone to ask
[17:51:17] <MarkRichman> ok great
[17:51:36] <MarkRichman> also, do I need to tell my postfix server to explicitly trust this client cert?
[17:52:00] <higuita> and by the way, you are requiring also a client cert for port 25
[17:52:23] <higuita> this way, no smtp server with ssl enable will be able to deliver emails to that server
[17:52:33] <MarkRichman> how so?
[17:52:47] <higuita> only require a client cert on the submission port, not on the smtp port
[17:53:10] <MarkRichman> not sure i follow
[17:53:18] <MarkRichman> 587/tcp is submission right?
[17:53:23] <higuita> yes
[17:53:30] <MarkRichman> and that's what i'm connecting to
[17:53:52] <vice-versa> 421 4.7.1 dev.markrichman.com Error: No client certificate presented
[17:53:53] <higuita> but the 25/tcp is the smtp and if we try openssl s_client -connect dev.markrichman.com:25 -starttls smtp
[17:53:57] <vice-versa> that's on 25
[17:54:09] <higuita> you will see that it also required a client cert
[17:54:15] <MarkRichman> openssl s_client -connect dev.markrichman.com:587 -starttls smtp
[17:54:17] <MarkRichman> 587
[17:54:50] <higuita> if any server try with ssl enable try to deliver a email to this server, it will be rejected because it doesnt have any client cert
[17:55:03] <MarkRichman> thats fine
[17:55:05] <higuita> yes, i'm talking about port 25
[17:55:17] <MarkRichman> i want to ONLY accept connections with a client cert
[17:55:43] <MarkRichman> i am trying to duplicate a scenario for a client...they are set up with mandatory TLS + client cert
[17:55:52] <higuita> i dont know it that server is yours or from someone you know, but as is, it required client cert to deliver any email to it
[17:55:57] <MarkRichman> but i have to use 587, not 25 since my ISP blocks it
[17:56:03] *** Jax has quit IRC
[17:56:05] <higuita> ok, if is that what you want :)
[17:56:11] <MarkRichman> yes that's what i need to test for
[17:56:29] <MarkRichman> dev.markrichman.com is my remote server configured for MTLS + ccert
[17:56:35] <MarkRichman> macpro.local is this machine
[17:56:49] <MarkRichman> but i need to recreate my .pem files without passwords
[17:57:26] <vice-versa> also your CN should match the FQDN DNS hostname of the server, not your personal name
[17:58:09] <MarkRichman> because it will do a reverse lookup on it?
[17:59:10] <MarkRichman> so i need to put "adsl-067-035-107-190.sip.bct.bellsouth.net" in there?
[17:59:53] <vice-versa> not rDNS/PTR but what your server HELOs as
[18:00:22] <MarkRichman> oh, ok so in my case "macpro.local" which is my local machine
[18:00:38] <vice-versa> ...which should have a corresponding DNS A record
[18:00:51] <MarkRichman> which it can't
[18:00:55] <MarkRichman> its my machine at home
[18:00:55] <vice-versa> in this case, dev.markrichman.com
[18:01:07] <MarkRichman> dev.markrichman.com is the remote machine i am connecting to from macpro.local
[18:01:20] <MarkRichman> macpro.local = adsl-067-035-107-190.sip.bct.bellsouth.net
[18:02:51] <MarkRichman> dev.markrichman.com will HELO as dev.markrichman.com
[18:03:05] *** Bombo_ has joined #postfix
[18:03:36] <vice-versa> yes, I'm referring to the certs on the postfix host
[18:03:49] <MarkRichman> ohhh
[18:03:59] <MarkRichman> i dont recall their CN
[18:04:03] <MarkRichman> how can i see that?
[18:04:14] <vice-versa> CN=Mark A. Richman
[18:04:28] <MarkRichman> where do you see that?
[18:04:48] <vice-versa> openssl s_client -connect dev.markrichman.com:25 -starttls smtp
[18:04:58] *** Lap_64 has quit IRC
[18:05:12] <MarkRichman> i cant see port 25 from here lol
[18:05:28] *** Lap_64 has joined #postfix
[18:05:28] <MarkRichman> i see it on 587
[18:05:42] <MarkRichman> subject=/C=US/ST=Florida/L=Parkland/O=Empire Software, Inc./OU=Development/CN=Mark A. Richman/emailAddress=mark at markrichman dot com
[18:05:45] <MarkRichman> that?
[18:05:46] <vice-versa> yeah should be the same
[18:05:54] <vice-versa> yes
[18:05:58] <MarkRichman> so change CN=dev.markrichman.com ?
[18:06:03] *** Thorn has quit IRC
[18:06:37] <MarkRichman> and create that cert with no password? or is that just for the client cert?
[18:07:08] <vice-versa> and typically the email would be postmaster@ or hostmaster@ for the CA root cert
[18:07:24] <MarkRichman> this is a self-signed cert...i'm using tinyca2
[18:07:35] *** Thorn has joined #postfix
[18:08:31] <MarkRichman> so i need to create a new CA with email postmaster at dev dot markrichman.com to create a server cert with CN=dev.markrichman.com ?
[18:09:20] <vice-versa> here's how I normally do self-signed certs...
[18:10:09] <vice-versa> the CA root cert, CN=example.com,emailAddress=hostmaster at example dot com
[18:10:33] <vice-versa> the MTA server cert, CN=smtp.example.com,emailAddress=postmaster at example dot com
[18:10:43] <MarkRichman> even if those are not real addresses?
[18:11:00] <vice-versa> sigh
[18:11:01] *** madrescher has quit IRC
[18:11:06] <vice-versa> it's a fucking example
[18:11:07] <rob0> um, you're running a mail server, you can MAKE addresses
[18:11:22] <MarkRichman> sorry...i'm just trying to learn here
[18:11:28] <MarkRichman> i appreciate your help, please dont be rude
[18:13:26] *** Bombo has quit IRC
[18:13:26] *** Bombo_ is now known as Bombo
[18:17:36] <vice-versa> MarkRichman: you should have a postmaster@ it's an rfc requirement, but the point being is certs are usually role based
[18:17:47] <MarkRichman> ok i undersatnd
[18:18:03] <MarkRichman> i created a new root CA and a server cert with CN=dev.markrichman.com
[18:18:20] <MarkRichman> i'm also trying to create a client cert for macpro.local, but it won't let me omit a password
[18:18:40] <rob0> The CN of a server cert should be that server's hostname. CN for a CA should typically be the company name.
[18:19:06] <MarkRichman> gotcha
[18:19:37] <vice-versa> or the second level domain name
[18:19:42] <MarkRichman> so now i just need the client cert, but i cant seem to create one passwordless
[18:20:12] <rob0> Seems like some time in openssl man pages is called for.
[18:20:35] <rob0> (I've never made a client cert either, except for openvpn.)
[18:20:36] <MarkRichman> yes thanks....tinyca2 is probably trying to do my thinking for me ;)
[18:22:13] *** war9407 has quit IRC
[18:24:51] *** war9407 has joined #postfix
[18:27:50] *** war9407 has quit IRC
[18:31:18] *** Haris________ is now known as Haris_
[18:31:36] *** Haris_ has quit IRC
[18:32:40] *** madrescher has joined #postfix
[18:41:42] *** Fallenou has joined #postfix
[18:41:56] <cite> It is, AFAIR, not possible to make Postfix create a "bounce" for a missing postmaster@ in a local domain.
[18:42:11] <cite> If a postmaster alias is not found or not vaild, the mail is silently discarded and a warning is logged.
[18:42:16] <Dominian> postmaster should never be "missing"...
[18:42:32] <cite> I had a, erm, "Lengthy" discussion with Victor and Wietse about that topic on postfix-users.
[18:46:03] <vice-versa> imo abuse@ and postmaster@ should be functional and exempt from most policy restrictions
[18:46:34] *** war9407 has joined #postfix
[18:47:28] <cite> vice-versa: Uh oh. I agree on the functionality part, and I agree with "most policy restrictions", but I think keeping a basic set like FQDN sender/recipient, known sender domain etc. is a good thing[tm].
[18:48:16] <vice-versa> yup, agree totally, why I said most ;)
[18:48:51] *** adminko has joined #postfix
[18:50:28] <adminko> hello people, it's been almost a week that i'm playing with postfix and trying to get it send my emails, but i always get this error message Oct 19 15:30:30 server postfix/error[27305]: B34B8120076: to=<... at gmail dot com>, relay=none, delay=0.12, delays=0.07/0.02/0/0.03, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to alt2.gmail-smtp-in.l.google.com[66.249.83.27]:25: Connection refused)
[18:50:44] <adminko> does anyone know where could the problem be?
[18:50:55] <adminko> thank you
[18:51:12] <rob0> postfix/error ?
[18:51:17] <adminko> yes
[18:51:34] <adminko> and i can receive emails, i just cannot send them
[18:52:53] <cite> "connect to alt2.gmail-smtp-in.l.google.com[66.249.83.27]:25: Connection refused"
[18:53:15] <cite> So obviously, Postfix has tried to estanlish a connection to a bunch of servers listed as MX for gmail.com and failed miserably.
[18:53:22] <rob0> that would suggest that perhaps your ISP blocks port 25
[18:53:46] <cite> If I were to bet, I#d bet there is a firewall somewhere between you and those servers (perhaps your ISP)?
[18:53:57] <adminko> maybe
[18:54:20] <adminko> but i'm not sure about it, is there any workaround if it was true?
[18:54:29] <adminko> can i change port or something?
[18:54:39] <cite> Verify this first by entering: telnet 85.214.107.53 25
[18:54:50] <cite> And no, there is no real workaround.
[18:55:02] <adminko> connection failed
[18:55:19] <adminko> your right, it's blocked probably
[18:55:19] <cite> Well, there is a firwall and you are basically screwed.
[18:55:53] <adminko> well, that pretty sucks, but thanks a lot, at least it's clear now, i was desperate about it:)
[18:55:55] <cite> You can, however, get a cheap virtual private server, install postfix and configure it to listen on port 587 (aka "submission").
[18:56:14] <cite> Then your local server can use this host as a relayhost.
[18:56:26] <adminko> yes, but i wanted to build my home server
[18:56:36] <cite> Get another ISP.
[18:56:38] <adminko> so i will try to set up relay to gmail
[18:56:50] <cite> Or better yet, get a neigbour with a different ISP and an open WLAN.
[18:56:52] <adminko> that should work, right?
[18:57:08] <adminko> well, i don't think i can get better ISP here
[18:57:11] <cite> Try using your provider's smarthost as a relay.
[18:57:18] <vice-versa> why not use your ISPs smarthost to relay for you
[18:58:05] <cite> If your ISP blocks outgoing port 25, chacnes are slim that submission hosts are excluded.
[18:58:05] <adminko> the thing is, i need to send email from more domains, will it work if i use my isp's server as relay?
[18:58:42] <cite> Depends entirely on your ISP's smarthost's configuration.
[18:58:57] <vice-versa> should unless they have some anal restriction policies in place
[18:59:49] <adminko> i'm going to try it right now
[18:59:50] <cite> .o0(So if they have "anal restrictions" in place he is really "screwed". OMFG)
[19:00:12] <adminko> thank you so far
[19:00:28] <vice-versa> adminko: are you running this server on a dynamic residential broadband service?
[19:00:29] <rob0> !basic
[19:00:30] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[19:00:34] <rob0> !relayhost
[19:00:34] <knoba> rob0: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.
[19:01:17] <adminko> ok, i'll take a look
[19:01:23] <vice-versa> !dynamic
[19:01:24] <knoba> vice-versa: "dynamic" : If your server is using a dynamic IP, (DHCP leased IP address), you should consider using your ISP's SMTP server to relay for you as many dynamically assigned IP address spaces are listed within DNSBLs reducing the likelihood of successfully delivering mail to many servers. See the !relayhost factoid. If your ISP requires SASL auth see the !sasl & !saslclient factoids
[19:01:44] <adminko> it's static ip
[19:01:52] <adminko> but it's nat-ed
[19:02:00] <adminko> does it matter?
[19:02:48] <vice-versa> adminko: if it's static, sometimes it's only a phone call to get the ip unblocked
[19:03:37] <adminko> i will try it tomorrow, because they don't work on sunday
[19:05:40] <vice-versa> s/work/answer the phone/ ;)
[19:07:12] <adminko> i know, they even should be working, but no one is there:D
[19:07:13] <rob0> they probably don't work, in the classic sense of "work", that is.
[19:07:59] <adminko> the problem will be their super-stupid blondies that work on support deppartment
[19:08:41] <vice-versa> yeah, first tier, always a treat :(
[19:09:22] <adminko> i hope i will have enough strength to fight them:D
[19:12:43] *** adminko has quit IRC
[19:34:33] *** denis has quit IRC
[19:41:22] *** x-spec-t has joined #postfix
[19:43:29] <cite> I once got laid with one of our super-stupid first level support blondies. But I guess that's a bit offtopic in #postfix, isn't it?
[19:44:13] *** Spec has quit IRC
[19:45:15] <vice-versa> depends, did you do her on/over a postfix mta?
[19:46:12] *** weedar has quit IRC
[19:46:33] <cite> Not really.
[19:46:53] *** hever has quit IRC
[19:47:33] <cite> Which just strengthens the suspision already lingering inside of me that this might really be offtopic ;-)
[19:52:54] <rob0> Did you send her emails afterward?
[19:53:28] <cite> Actually, I did.
[19:53:48] <rob0> Great! We're on topic!! :)
[19:53:50] <cite> And now that you mention it, I did this using Posftix!
[19:53:57] <rob0> of course
[19:54:35] <vice-versa> yeah sounds on topic to me too
[19:55:10] <cite> This was in around 2004, she was working on the other side of the Atlantic (Chicago). I just stayed there for two weeks.
[19:55:36] <vice-versa> where there any performance issues or undesirable long term side-effects?
[19:55:50] <cite> And I decided to discard(8) her when I found out she was actually married.
[19:56:07] <rob0> oh my, that is not a good user interface
[19:56:44] <cite> Now that I think of it, I could have used a check_sender_access map ;-)
[19:57:25] <cite> Was there a DISCARD action in Postfix back in 2004?
[19:57:32] <cite> Or a discard(8) transport?
[19:59:17] <vice-versa> I would have used REDIRECT husband@
[19:59:40] *** weedar has joined #postfix
[19:59:44] <cite> That wouldn't even break recipient validation.
[19:59:46] <cite> I'm amazed!
[20:04:00] *** [shg] has joined #Postfix
[20:05:46] *** Lap_64 has quit IRC
[20:06:52] *** denis has joined #postfix
[20:06:57] *** [shg] has quit IRC
[20:12:24] *** Zeit|awy_ has quit IRC
[20:13:26] *** Zeit|awy has joined #postfix
[20:14:01] *** [shg] has joined #postfix
[20:17:41] *** muecke77 has joined #postfix
[20:46:24] *** pickcoder has joined #postfix
[20:47:29] *** Fallenou has quit IRC
[21:01:05] *** Motoko-chan has joined #postfix
[21:07:02] *** pickcoder has quit IRC
[21:25:38] *** rouri has joined #postfix
[21:27:18] *** roe_ has joined #postfix
[21:28:26] *** roe_ has quit IRC
[21:36:02] *** muecke771 has joined #postfix
[21:45:37] *** muecke772 has joined #postfix
[21:52:41] *** Azrael has joined #postfix
[21:52:47] *** muecke77 has quit IRC
[22:02:40] *** muecke771 has quit IRC
[22:07:34] *** muecke772 has quit IRC
[22:12:21] *** roe_ has joined #postfix
[22:14:42] *** higuita has quit IRC
[22:14:42] *** sysmonk has quit IRC
[22:15:56] *** Emmett has joined #postfix
[22:22:43] *** hparker has quit IRC
[22:23:22] *** [shg] has quit IRC
[22:25:44] *** Fallenou has joined #postfix
[22:27:27] *** Internat has quit IRC
[22:28:53] *** MatBoy has joined #postfix
[22:28:56] <MatBoy> hi guys !
[22:29:04] * MatBoy is back from qmail @ postfix :D
[22:29:10] *** sypher has joined #postfix
[22:29:35] <MatBoy> but I have an issue in my main.cf that I can' t solve: missing '=' after attribute name:
[22:29:43] <MatBoy> how should I look for this ?
[22:30:01] <MatBoy> in what direction should I look, typo ?
[22:34:53] *** Internat has joined #postfix
[22:36:47] <vice-versa> MatBoy: what makes you think it's in main.cf?
[22:37:02] <MatBoy> vice-versa: I get the error from the syslog :)
[22:37:17] <MatBoy> this line should be wrong: passthru("postconf -e \"myhostname = $hostname \"");
[22:37:42] *** sypher_ has quit IRC
[22:41:14] * vice-versa shrugs
[22:44:57] <MatBoy> vice-versa: ok, issue solved :D
[22:47:56] *** ikevin has quit IRC
[23:01:29] *** tshine has joined #postfix
[23:01:55] *** tshine has quit IRC
[23:02:13] *** rouri has quit IRC
[23:02:28] *** tshine has joined #postfix
[23:05:11] *** edman007|work has joined #postfix
[23:05:49] <edman007|work> what is the config variable that i have to change to make postfix tone down its logging, right now it logs whenever anything happens to anything
[23:06:00] <edman007|work> which results in my logs growing really fast
[23:07:58] <war9407> do you have verbose on or something?
[23:10:00] <edman007|work> i don't see anything except debug_peer_level =1 but i don't have debug_peer_list set
[23:11:20] <vice-versa> !verbose
[23:11:21] <knoba> vice-versa: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.
[23:11:33] <edman007|work> i don't have that
[23:12:50] *** F6F has quit IRC
[23:13:02] <vice-versa> pastebin an example of what you consider to be excessive logging
[23:19:34] <edman007|work> vice-versa, http://pastebin.ca/1231294 its not really that its too verbose, if just that i get way too much repeats and such, i care more about the first and final results then i care about stuff like it got deferred (and then tell me again and again the same message)
[23:20:27] <edman007|work> like some messages are getting deferred for a long time, and i get 3 lines for every try, and it caused one of my logs to hit 2GB and then the logging stuff broke
[23:21:21] <edman007|work> i'm working on the deferred issue right now (i think yahoo hates me :/), but i want something to tone down the logging for a while so i don't end up with broken logging again
[23:23:05] <vice-versa> looks typical, are you not rotating your logs?
[23:24:37] <edman007|work> i am rotating logs....i actually looked at the stuff and i guess everything is using syslog and i think it broke before it rotated or something, because the log file go rotated but i had nothing in the new logs
[23:24:39] <Dominian> I think debug_peer_level =1 is default
[23:24:42] <Dominian> set it to 2
[23:24:56] <edman007|work> Dominian, but thats more verbose no? i want less
[23:25:05] <Dominian> I have mine set to 2 and its not that verbose
[23:25:41] <Dominian> ahh no default is 2
[23:26:07] <Dominian> and that's only used if debug_peer_list is enabled
[23:28:07] <edman007|work> exactly
[23:29:28] <Dominian> and I agree with vice-versa that logging looks normal
[23:29:45] <Dominian> and yahoo hates everyone
[23:30:12] <vice-versa> and vice-versa
[23:31:04] *** Tykling has left #postfix
[23:34:07] <Zeit|awy> anyone else noticed a crazy high amount of spam today?
[23:34:33] <edman007|work> well the other issue i'm having is both smtpd and authdaemond are holding mysql connections open and sucking up connections causing problems on the mysql side of things, is there any way to make those close the connection when its not in use?
[23:35:03] <vice-versa> Zeit|awy: nope, looks pretty normal here
[23:35:55] <vice-versa> edman007|work: are you using proxymap at all?
[23:36:41] <vice-versa> as in proxy:mysql:/etc/postfix/....
[23:37:39] <edman007|work> vice-versa, nothing with "proxy" in my main.cf
[23:37:53] <Zeit|awy> hmm... about >10x today, esp. from .ru, .cz, .br, .ar
[23:38:06] <edman007|work> but i'm using mysql:/blah for most of the virtual_*maps and auth stuff
[23:39:28] <vice-versa> edman007|work: yeah, see proxymap(8), one of the benefits is to consolidate the number of open lookup tables amongst postfix processes
[23:39:41] *** Templar_Xion has joined #postfix
[23:39:49] <edman007|work> vice-versa, alright, thanks
[23:39:55] *** hing has joined #postfix
[23:39:55] *** sysmonk has joined #postfix
[23:42:13] *** freqmod_qu has left #postfix
[23:43:19] <edman007|work> vice-versa, so is it as simple as putting proxy: in front of all the mysql:/ things in my config?
[23:45:18] *** Knoedel2 has quit IRC
[23:47:13] *** war9407 has quit IRC
[23:50:54] *** hing has quit IRC
[23:51:31] *** hing has joined #postfix
[23:52:48] *** madrescher has quit IRC
[23:53:47] *** madrescher has joined #postfix
[23:56:02] <Zeit|awy> I love it.. helo=<Wireless_Broadband_Router>, helo=<athlon>, helo=<mamma_XP>, helo=<ISA-server.local>, helo=<firewall>, ...
[23:57:35] <xpoint> Zeit|awy, i hate them all, there is no valid tld





top