[00:15:41] <Zeit|awy> glad there  is none...
[00:16:10] <Zeit|awy> "elo command rejected: need fully-qualified hostname".. ^^
[00:37:47] *** sypher has quit IRC
[00:37:52] *** sypher has joined #postfix
[00:44:55] *** tshine has left #postfix
[00:46:28] <xpoint> Zeit|awy, its stupid windows boxes with botnet software
[00:51:44] *** lunaphyte has quit IRC
[00:55:26] *** pingwin has joined #postfix
[00:58:43] *** pingwin has left #postfix
[01:01:31] *** hparker has joined #postfix
[01:04:47] *** adaptr has quit IRC
[01:04:59] *** adaptr has joined #postfix
[01:23:16] *** lunaphyte has joined #postfix
[01:31:09] *** weedar has quit IRC
[01:53:03] *** Juspion has joined #postfix
[01:58:42] *** Juspion has quit IRC
[01:59:07] *** Juspion has joined #postfix
[02:04:24] *** kris_ has joined #postfix
[02:09:15] *** sypher has quit IRC
[02:13:58] *** pirho has quit IRC
[02:17:18] *** Fallenou has quit IRC
[02:34:29] *** ming_zym has joined #postfix
[02:38:30] *** pitakill has joined #postfix
[02:51:15] <MarkRichman> Why do I get this when connecting via openssl? 65224:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:
[02:51:38] <Emmett> Because your mother never really loved you.
[02:51:44] <MarkRichman> very likely ;)
[02:51:53] <Emmett> :)
[02:51:54] *** Templar_Xion has quit IRC
[02:52:08] *** Templar_Xion has joined #postfix
[02:53:20] <MarkRichman> in all seriousness, can you try openssl s_client -connect dev.markrichman.com:587 -state -debug
[02:53:52] <deface> why would you ever need to connect over openssl ?
[02:54:02] <MarkRichman> for testing
[02:54:03] <Emmett> SSL_connect:error in SSLv2/v3 read server hello A
[02:54:04] <Emmett> 5469:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:
[02:54:33] <deface> no, testing would be - telnet dev.markrichman.com 587
[02:54:47] <edman007|work> MarkRichman, there is no ssl on that port
[02:54:54] <MarkRichman> i am trying to test mandatory tls + client cert
[02:55:13] <edman007|work> well openssl s_client can't test that AFAIK
[02:55:30] <MarkRichman> openssl s_client -connect dev.markrichman.com:587 -starttls smtp ... ?
[02:55:40] <edman007|work> if you want mandatory ssl just use ssl instead of tls
[02:55:57] <MarkRichman> tls is sslv3
[02:56:18] <edman007|work> MarkRichman, i know, but what is the point of TLS is the SSL is not optional?
[02:56:37] <MarkRichman> i dont follow
[02:56:56] <MarkRichman> i want to require clients to connect via tls AND use a client cert
[02:57:12] <edman007|work> who said you need a client cert?
[02:57:28] <MarkRichman> its a requirement from a client
[02:57:41] <edman007|work> but if your requiring all clients to support ssl then just make them connect over ssl
[02:57:59] <MarkRichman> is that not what i'm doing?
[02:58:38] <edman007|work> TLS has text startup, you can just do everything over SSL, i do that with my IMAP server
[02:59:00] <MarkRichman> i was told mandatory TLS + client cert, so i have to work with that
[02:59:54] *** k-man has quit IRC
[03:01:41] <edman007|work> MarkRichman, well TLS is optional SSL, if you make it TLS required then you might as well do smtp over ssl (which is smtps), and you should be able to do a client cert using either method
[03:02:01] <MarkRichman> like i said, i have no choice in the matter unfortunately
[03:03:37] <MarkRichman> this is my main.cf: http://pastie.org/295990
[03:07:48] <edman007|work> MarkRichman, you have read this? http://www.postfix.org/TLS_README.html
[03:08:05] <edman007|work> but it looks ok to me so far, though i haven't really tested your server
[03:08:37] <MarkRichman> yes i read that, and i also have the o'reilly book which goes into detail about TLS, client certs, self-signing, etc.
[03:08:44] <MarkRichman> i just dont understand that error i am getting
[03:10:50] <edman007|work> MarkRichman, have you tried connecting with an email client?
[03:10:58] <MarkRichman> not yet
[03:11:17] <edman007|work> that error looks like openssl is having problems with smtp, not with ssl
[03:11:19] *** Templar_Xion has quit IRC
[03:11:29] <edman007|work> try a email client and use a sniffer to see whats happening
[03:11:36] <MarkRichman> will do
[03:11:52] <MarkRichman> was just looking for a quick answer if this were common
[03:14:19] *** madrescher has quit IRC
[03:31:50] *** gturner_ has quit IRC
[03:33:04] *** gturner_ has joined #postfix
[03:37:27] *** Templar_Xion has joined #postfix
[03:42:00] *** edman007|work has quit IRC
[03:42:46] <googlah> i have ssl working on my machine.. but I don't have smtpd_tls_req_ccert = yes
[03:42:54] <googlah> and smtpd_tls_security_level = encrypt
[03:43:10] <googlah> in my main.cf. maybe causing any problems? i dunno. :)
[03:44:18] <googlah> MarkRichman: noticed you have 2 lines of "smtpd_tls_CAfile"?
[03:45:22] *** Juspion has quit IRC
[04:01:26] *** inflex has joined #postfix
[04:06:02] *** m1n3s6 has joined #postfix
[04:12:00] *** amrit|zzz is now known as amrit
[04:21:52] *** m1n3s6 has quit IRC
[04:23:01] <Emmett> So, here's a curious question.
[04:23:08] *** mavrick61 has quit IRC
[04:23:14] <Emmett> I want to use postfix to send mail with a Reply-To address
[04:23:25] <Emmett> and when mail comes back to that address, forward it on
[04:23:28] <Emmett> *but*
[04:23:34] <Dominian> Reply-To is usually added by the client
[04:23:38] <Emmett> ignore anything but mail that uses that reply-to.
[04:24:15] *** mavrick61 has joined #postfix
[04:24:46] <Emmett> in other words, whitelist for a specific address.
[04:33:04] *** hing has quit IRC
[04:34:28] *** hing has joined #postfix
[04:46:54] *** hing has quit IRC
[04:47:03] *** higuita has joined #postfix
[04:59:43] <cite> Good morning.
[05:00:33] *** Motoko-chan has quit IRC
[05:16:21] <inflex> Is there a central place I can announce a package that works with Postfix?
[05:20:25] <googlah> Think that would be distro specific in that case..
[05:20:50] <googlah> like for ubuntu, look for ubuntu dev.
[05:21:49] <inflex> well, the package / add-on is actually distro agnostic
[05:22:08] <inflex> (as much as I can make it such... there are some distros out there that push the boundaries a little too far :) )
[05:24:24] <googlah> Yeah. whatever agnostic mean. :)
[05:24:53] <inflex> it means basically that it isn't bound to a specific distro :D
[05:24:55] *** goldfisc1li has joined #postfix
[05:26:07] *** muecke77 has joined #postfix
[05:28:16] <googlah> Almost no package is, I think. just that they are packaged in different ways..
[05:28:24] <googlah> :P
[05:28:53] <googlah> what package is it?
[05:31:15] *** chadmaynard_ has joined #postfix
[05:32:29] *** saurabhb has joined #postfix
[05:34:24] <inflex> .tar.gz ;)
[05:34:49] <inflex> it has an installer script in it that works out things, rather than assuming where things should go.
[05:35:01] <inflex> (sadly the installer script is almost as large as the app it installs)
[05:37:36] <deface> whats it do?
[05:37:51] <inflex> it's a disclaimer/footer/header inserter for emails.
[05:37:55] <inflex> ( alterMIME Pro )
[05:38:06] <deface> tru .. mailscanner does that
[05:38:14] <deface> atleast footer
[05:38:14] <inflex> http://pldaniels.com/altermimepro
[05:38:34] <inflex> ja, I think mailscanner uses altermime (the opensource engine I wrote) to do it
[05:38:48] <deface> 67
[05:39:17] <deface> whats that in $
[05:39:24] <inflex> which $, AU, US ?
[05:39:30] <deface> US
[05:39:51] <inflex> about $90
[05:39:56] <inflex> tends to move around a lot these days :(
[05:40:13] <deface> your telling me
[05:40:20] <deface> too much for an opensource proggie
[05:40:22] <inflex> the whole financial upheval is forcing a lot of people to move over to the Euro as a base currency
[05:40:23] <deface> good luck selling it
[05:40:45] <inflex> ja, came about as I had a lot of requests from people to bring it out.
[05:41:00] <inflex> obviously the OpenSource one still is there too
[05:41:03] *** goldfischli has quit IRC
[05:41:06] <inflex> (both are developed in sync)
[05:42:01] <googlah> would be better with a donation-button :-)
[05:43:12] <inflex> Time will tell, it's only been 7~10 days now, takes a long time to ramp up marketing
[05:43:33] <inflex> also completely opposite end of the spectrum to what I normally deal with in terms of cost
[05:43:54] <inflex> None the less, all the opensource projects I have provided still go on :)
[05:46:59] <googlah> yeah, hopefully someone will try it out. :p  I'm not in need, though, hehe
[05:47:24] <inflex> If you want a shot at it, I'm happy to hand out copies.
[05:47:34] <inflex> But yes, there's several people trialing it atm
[05:48:24] <inflex> Sadly I'm rather anti-"legal disclaimers", they rank with EULA's
[05:49:05] <inflex> however, disclaimers of other sorts can be rather useful when used for constructive purposes, so long as they don't deluge your system
[05:49:25] * inflex is starting to get emails with 2~3K long disclaimers, it's rediculous.
[05:50:34] <inflex> anyhow, coffee time - I sent off an email to the Postfix site regarding the add-on (they already list the OpenSource one I have)
[05:50:57] <googlah> Yeah, pretty much what opensource is about. of course. Thanks anyway, but I'm not too big of an expert in mail servers.. yet. Don't even know how to set up AmAViS yet. so. Your application is probably too advanced for me to come. :)
[05:52:30] *** muecke77 has quit IRC
[05:54:08] *** pitakill has quit IRC
[05:55:09] *** Templar_Xion1 has joined #postfix
[05:55:23] *** Templar_Xion has quit IRC
[05:58:13] *** Azrael has quit IRC
[06:02:03] *** xpoint has quit IRC
[06:17:36] *** kk_CHN has joined #postfix
[06:25:11] *** bhagat has joined #postfix
[06:34:49] *** niki has quit IRC
[06:36:08] <Emmett> so, a question I asked earlier
[06:36:22] <Emmett> is it possible to have postfix eliminate all but one E-mail address?
[06:36:53] <inflex> I read what you asked before - but unsure of the context
[06:36:54] <Emmett> Basically reject all mail except for mail to a specific address
[06:37:21] <Emmett> no reject, just boom, nothing?
[06:37:39] <inflex> I suppose there's many ways to achieve that goal
[06:38:12] <inflex> do you want the sending MTA to know the address isn't valud?
[06:38:14] <inflex> valid
[06:38:27] <inflex> or do you just want to silently ignore ?
[06:38:34] <Emmett> I'd prefer to silently ignore
[07:00:21] *** chadmaynard_ has quit IRC
[07:02:19] *** Templar_Xion1 has quit IRC
[07:08:31] *** hparker has quit IRC
[07:15:49] *** F6F has joined #postfix
[07:40:01] *** Motoko-chan has joined #postfix
[07:47:29] *** F6F has quit IRC
[07:49:28] *** k-man has joined #postfix
[07:51:12] <k-man> i had a problem with my mail records so now i have all these emails in the queue that are stuck with "domain of sender address does not exist"
[07:51:21] <k-man> can i get postfix to try sending them again?
[07:56:22] *** denis has quit IRC
[08:04:46] *** munichlinux has joined #postfix
[08:05:07] *** munichlinux has left #postfix
[08:05:52] *** Severed_Head_Of_ has joined #postfix
[08:06:05] *** growltiger_ has quit IRC
[08:17:36] <deface> k-man: postqueue -f
[08:17:53] *** |_Knoedel_| has joined #postfix
[08:21:11] *** k-man_ has joined #postfix
[08:21:13] *** k-man has quit IRC
[08:26:01] *** sophokles has joined #postfix
[08:26:06] *** weedar has joined #postfix
[08:26:11] *** k-man_ has quit IRC
[08:32:54] *** alienbrain has joined #postfix
[08:46:35] *** Severed_Head_Of_ is now known as growltiger
[08:49:05] *** phnord has joined #postfix
[08:52:01] *** m1n3s6 has joined #postfix
[08:58:53] *** Lap_64 has joined #postfix
[08:59:01] *** Tykling has joined #postfix
[09:01:44] *** jsm has quit IRC
[09:04:44] *** weedar has quit IRC
[09:06:48] *** _ruben has quit IRC
[09:10:38] *** denis_ has joined #postfix
[09:13:05] *** jsm has joined #postfix
[09:21:22] *** JeffH has joined #postfix
[09:21:51] <JeffH> anyone here run just their own personal e-mail server and use a MX backup service?
[09:22:59] <deface> yah
[09:23:47] *** Fallenou has joined #postfix
[09:24:47] <JeffH> where do you get your service from?
[09:26:43] <deface> i run them myself
[09:26:54] <deface> on seperate servers
[09:27:32] <JeffH> ooh, gotcha.
[09:27:59] *** Motoko-chan has quit IRC
[09:28:05] <JeffH> dyndns offers it for $32/year.  Don't really feel like paying that much.
[09:29:14] <deface> yeah
[09:30:32] <deface> http://www.mxsave.com
[09:30:43] <deface> 4$ per domain name per month
[09:30:50] <deface> a little more than dyndns
[09:33:16] <JeffH> I should just find out if anyone else I know runs their own server and just swap backup mx with them.
[09:33:33] <sysmonk> sure, why not
[09:33:46] *** weedar has joined #postfix
[09:34:17] *** kk_CHN has quit IRC
[09:39:28] *** _ruben has joined #postfix
[09:42:07] <inflex> ja, that can work - so long as they're willing to anticipate the deluge :)
[09:42:47] <sysmonk> don't forget that you have to trust them, because some of your mail will fly through their servers
[09:42:51] <sysmonk> and they can copy it
[09:43:36] <f3ew> hell, just ask sysmonk for service :P
[09:45:23] <JeffH> I don't get much e-mail.. maybe 5-10/day not including spam.
[09:45:39] <inflex> so, about 2~3000 with spam?
[09:47:03] <JeffH> hahaha
[09:54:44] *** weedar has quit IRC
[09:55:08] *** weedar has joined #postfix
[09:59:07] *** _bt has joined #postfix
[10:00:24] *** JeffH has left #postfix
[10:00:43] *** war9407 has joined #postfix
[10:09:44] <stockholm> i would like to be able to send out generic info mail to people, with heavy throttling per recipient (-domain) and still be   able to send invites quickly, bypassing the per-domain queue
[10:10:28] *** madrescher has joined #postfix
[10:11:07] <stockholm> can i have different mailclasses? how could i let postfix know if its this or that?
[10:35:26] *** harobed has joined #postfix
[10:42:52] *** inflex has quit IRC
[10:44:57] *** Pazzo has joined #postfix
[10:49:23] *** A|3x has quit IRC
[11:08:02] *** harobed has quit IRC
[11:11:40] *** Pazzo has quit IRC
[11:14:12] *** znag has joined #postfix
[11:14:52] *** _ruben_ has joined #postfix
[11:17:21] *** ming_zym has quit IRC
[11:18:22] *** hooch is now known as joetheplumber
[11:18:32] *** joetheplumber is now known as hooch
[11:18:35] *** _ruben has quit IRC
[11:18:42] *** _ruben_ is now known as _ruben
[11:23:47] <sysmonk> did anyone spam from aol servers lately ?
[11:23:48] *** madrescher has quit IRC
[11:25:57] <jduggan> yup, i spam from AOL daily
[11:26:16] <sysmonk> http://pastebin.com/d4f7e1b44
[11:26:21] <sysmonk> something like this
[11:26:32] <sysmonk> everything comes from *.mx.aol.com
[11:26:45] <sysmonk> and spams links with *.tk
[11:27:16] *** madrescher has joined #postfix
[11:27:29] <jduggan> ive seen alot of .zip attachments in spam lately, presumably virus infected
[11:28:16] *** mark-use has joined #postfix
[11:30:08] <Roobarb> jduggan: thats 90% of the viruses I see these days
[11:30:32] *** Lap_64 has quit IRC
[11:31:00] *** Lap_64 has joined #postfix
[11:46:45] *** pirho has joined #postfix
[11:49:30] *** FallOnMe has joined #postfix
[11:51:02] *** FallOnMe is now known as jelly
[11:51:54] *** hever has joined #postfix
[11:52:01] <Internat> question.. with something like virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf. can you list multiple definitions? ie mysql-virtual_domains.cf mysql-othervirutaldomains.cf that might say query a diff db?
[12:10:10] *** temba has joined #postfix
[12:10:48] <temba> hello, do i have to set useflag "vda" when i want to have quota fpr users in postfix-virtual-domains-virtual-users-setup
[12:15:51] *** sypher has joined #postfix
[12:18:31] *** jelly has quit IRC
[12:18:38] *** jelly has joined #postfix
[12:21:48] *** alienbrain has quit IRC
[12:23:00] *** mark-use_ has joined #postfix
[12:26:56] *** mark-use_ has quit IRC
[12:28:17] *** sypher has quit IRC
[12:31:31] *** mark-use_ has joined #postfix
[12:34:25] *** mark-use has quit IRC
[12:40:17] *** mark-use_ is now known as mark-use
[12:56:56] *** BBishop has quit IRC
[13:00:20] *** BBishop has joined #postfix
[13:16:13] *** m1n3s6 has quit IRC
[13:24:18] *** lunaphyte_ has quit IRC
[13:34:34] *** stephen has joined #postfix
[13:34:43] <stephen> Hello postfix gurus..
[13:35:03] <stephen> I have a postfix router type box.. I want to be able to have it in a multihomed environment.. so essentially it is sitting on a NAT box..
[13:35:10] <stephen> How do i get postfix to listen on both interfaces?
[13:35:23] <stephen> eg 194.3.23.6 and 10.0.0.1 ?
[13:35:33] <stephen> (two different network interfaces
[13:35:57] <shasta> it does that by default
[13:36:02] <shasta> !inet_interfaces
[13:36:03] <knoba> shasta: "inet_interfaces" : a configuration parameter in the main.cf: The network interface addresses that this mail system receives mail on. By default, the software claims all active interfaces on the machine. The parameter also controls delivery of mail to user at [ip dot address]. If your server does not react to connection attempts on a certain interface you should check this setting.
[13:36:08] <shasta> stephen, ^^^^
[13:36:10] <stephen> shasta thank you :-)
[13:44:45] *** lunaphyte_ has joined #postfix
[13:51:13] *** gturner_ has quit IRC
[13:52:12] *** CrazyFoam has joined #postfix
[13:52:42] <rob0> If you want different behavior on different interfaces, you'll need anything from multiple smtpd(8) lines in the master(5) config, up to multiple complete Postfix instances (depending on a lot of things.)
[13:59:55] *** Gaaah has joined #postfix
[14:00:07] <Gaaah> Hello everybody!
[14:00:53] <_bt> hi Gaaah
[14:00:54] <_bt> also
[14:00:57] <_bt> hello everybody!
[14:00:59] <Gaaah> I have a little problem, I have installed postfix + LDAP on a server I have, it all went just fine! Until now I see that I cannot recieve mail
[14:01:14] <_bt> what does your mail log say?
[14:01:18] <Gaaah> I get : Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)  ... which is logical
[14:01:40] <Gaaah> as I just noticed that postfix looks up it's users in /etc/aliases
[14:02:05] <Gaaah> whilst it should do so in the LDAP db, anyone knows how to make it do the lookups in LDAP?
[14:04:41] <Gaaah> anyone?
[14:06:03] <rob0> !unkown_local
[14:06:04] <knoba> rob0: Error: "unkown_local" is not a valid command.
[14:06:08] <rob0> !unknown_local
[14:06:10] <knoba> rob0: "unknown_local" : User unknown in local recipient table means that the recipient domain was found in $mydestination but the username was not found in local_recipient_maps (by default: users in /etc/passwd and aliases(5) in /etc/aliases).
[14:06:13] <rob0> !ldap
[14:06:14] <knoba> rob0: "ldap" : a lookup method that can be used by Postfix. An introduction can be found in the LDAP_README also found at http://www.postfix.org/LDAP_README.html. A worthy project dealing with LDAP and Postfix can be found at: http://jamm.sourceforge.net/howto/html/
[14:10:15] *** felix-da-catz_zz has quit IRC
[14:24:04] *** eanxgeek has joined #postfix
[14:24:52] *** eanxgeek has left #postfix
[14:25:14] *** eanxgeek has joined #postfix
[14:38:38] *** mandragor has joined #postfix
[14:42:34] *** weedar has quit IRC
[14:44:21] *** brancaleone has joined #postfix
[14:49:20] *** Lap_64 has quit IRC
[14:50:40] *** saurabhb has quit IRC
[14:54:12] *** saurabhb has joined #postfix
[14:55:49] *** eanxgeek has left #postfix
[14:57:09] *** eanxgeek has joined #postfix
[14:57:15] <MarkRichman> Okay, I have my server set up to require TLS and client certs...how do I test this from a remote client at the command line?
[15:00:42] <rob0> Is this for user submission, or MX (MTA-to-MTA)?
[15:01:09] <rob0> If submission, why not just use a MUA to test?
[15:03:59] <MarkRichman> its to test my local postfix relaying to a remote postfix
[15:04:23] <MarkRichman> i thought there was a way to test using openssl s_client -connect host:port -starttls smtp...
[15:04:27] <onre> ~ .
[15:04:29] <onre> ~ .
[15:06:24] <MarkRichman> i can connect using thunderbird, and it presents the cert, but i get back an error "4.7.1 dev.markrichman.com Error: No client certificate presented"
[15:07:25] <MarkRichman> i told tbird to use my self-signed client cert in .pem format
[15:08:26] <MarkRichman> sorry, .p12 format, with no password
[15:13:04] *** brancaleone has quit IRC
[15:14:42] <lunaphyte_> told thunderbird how?
[15:14:56] <MarkRichman> using its Certificate Manager...I imported the .p12 file
[15:15:09] <lunaphyte_> that has nothing to do with starttls.
[15:15:09] <onre> oh. sorry about ~. stuff
[15:15:21] <onre> having a bit of router issues here
[15:15:21] <lunaphyte_> or smtps either.
[15:15:38] <MarkRichman> hmmm ok
[15:15:53] <rob0> onre, <Enter>~., no space after ~
[15:15:55] <MarkRichman> so how do i properly respond to starttls from the client?
[15:16:11] <lunaphyte_> i'm not sure that you can, with thunderbird.
[15:16:15] <lunaphyte_> i could be wrong though.
[15:16:24] <onre> rob0, yup... i just forgot whether this particular workstation has ~ as a dead key or not :)
[15:17:06] <MarkRichman> lunaphyte: well it does let you choose TLS, so i'm assuming it also supports client certs
[15:17:14] <rob0> Yeah Mark, you're in unexplored territory for me (and probably most.) Not many openssl gurus that I have seen here.
[15:17:25] <lunaphyte_> that's probably a poor assumption.
[15:17:32] <MarkRichman> yeah it could be
[15:17:45] <rob0> Client AUTH is a more common means of relay authentication.
[15:18:03] <MarkRichman> i'm quickly learning that mandatory TLS with mandatory client cert is an atypical configuration
[15:18:12] <lunaphyte_> indeed
[15:18:34] <MarkRichman> unfortunately, this is the scenario that my client requires (non-negotiable) so i have to reproduce it in my development environment
[15:18:42] <rob0> Client IP address is even more common than AUTH. :)
[15:18:49] <lunaphyte_> yucky.
[15:18:53] <rob0> but I guess one end is dynamic
[15:19:03] <MarkRichman> well originally, it was MTLS with no client certs
[15:19:12] <MarkRichman> and that was acceptable and worked just fine
[15:19:16] <stockholm> now i set default_destination_rate_delay = 30s
[15:19:16] <stockholm> default_destination_concurrency_limit = 5
[15:19:35] <stockholm> and thought that that would work on a per-domain base
[15:19:39] <stockholm> isnt that so?
[15:19:41] <MarkRichman> but then they changed the requirements at the end of the project (what a shocker) and said "oh yeah you have to use client certs)
[15:19:57] <lunaphyte_> MarkRichman: which software do you intend to use on the "client" side?
[15:20:05] <sysmonk> mtls ?
[15:20:07] <MarkRichman> lunaphyte: another postfix box
[15:20:12] <stockholm> it seems that any delivery error will slow down the whole queue
[15:20:14] <MarkRichman> sysmonk: mandatory tls
[15:20:18] <rob0> mandatory TLS I think he meant
[15:20:19] <sysmonk> ah
[15:20:20] <rob0> ah
[15:20:22] <rob0> :)
[15:20:25] <sysmonk> :)
[15:20:29] <lunaphyte_> mtls is something different, yeah.
[15:20:33] <MarkRichman> as opposed to opportunistic
[15:20:41] <sysmonk> yeah i see
[15:20:55] <sysmonk> and afair postfix supports client-certs auth
[15:21:02] <sysmonk> but i don't know any MUA which supports it
[15:21:06] <sysmonk> is there any? :)
[15:21:22] <lunaphyte_> in fact, iirc, mtls is more or less an ms invented backronym.
[15:21:28] <stockholm> wont there be different queues per destination?
[15:21:50] <MarkRichman> when postfix is relaying to its destination, isn't it acting as the MUA?
[15:21:51] <rob0> I think the TLS README has a client cert authentication example, but again, it's unexplored territory for me.
[15:21:56] <MarkRichman> MUA = mail user agent, yes?
[15:22:11] <MarkRichman> yeah i'm walking through the readme and the o'reilly book
[15:22:22] <rob0> SMTP client is not the same thing as MUA.
[15:22:35] <MarkRichman> ok
[15:22:43] <rob0> MUA means there is a human or user process sitting there.
[15:23:12] <MarkRichman> well in my case, the SMTP client will be a piece of code connecting to my local postfix box, which will in turn, relay via TLS + client cert to the remote destination
[15:23:18] <lunaphyte_> to be clear though - an mua almost invariably includes an smtp client.
[15:23:34] <rob0> unless it's mutt(1) :)
[15:23:52] <lunaphyte_> MarkRichman: yes, as long as the other side is postfix, it's perfectly achievable.
[15:23:56] <MarkRichman> nah this is some crappy old C# code that makes SMTP connections
[15:24:18] <MarkRichman> i'm pretty sure its not postfix on the other end....i keep asking and all i'm told is "sendmail"
[15:24:28] <lunaphyte_> then ymmv.
[15:24:39] <rob0> oh you don't control both ends?
[15:24:57] <MarkRichman> nope
[15:25:11] <rob0> I hope you're billing accordingly :)
[15:25:12] <MarkRichman> we need to securely relay to our client, who outsources mail to messagelabs.com
[15:26:12] <lunaphyte_> who has made the arbitrary determination that authing with a cert is any more "secure" than authing with a user:pass?
[15:26:14] <MarkRichman> http://www.messagelabs.com/products/email/encryption.aspx#_tab_Approach
[15:26:27] <MarkRichman> some pencil pusher at my client
[15:26:52] <lunaphyte_> that entire concept, from top to bottom, is fundamentally flawed.
[15:27:00] <lunaphyte_> where will the messages go?
[15:27:00] <MarkRichman> i said to them, "we can support TLS with basic auth...client certs are not supported by our infrastructure"
[15:27:07] <MarkRichman> they responded with "non-negotiable"
[15:27:15] *** Haris_ has joined #postfix
[15:27:22] <rob0> I'd respond with a bill.
[15:27:32] <lunaphyte_> then i heartily echo rob0's comment.
[15:27:45] <MarkRichman> we already pushed back and told them that a change like this pushes the schedule back a month at least
[15:28:05] <MarkRichman> its not even a technical constraint...just some douchebag protecting his process
[15:28:45] <lunaphyte_> someone needs to smack him with a clue bat and enlighten him that he's not protecting anything.
[15:29:48] *** bhagat has quit IRC
[15:29:57] <MarkRichman> well the fact that they outsource their email means to me that they have no expert in house
[15:31:00] <lunaphyte_> is postfix connecting to messagelabs?
[15:31:52] <MarkRichman> that was my plan
[15:32:00] <rob0> Yeah, who exactly are you auth'ing against?
[15:32:14] <MarkRichman> in production, messagelabs who run sendmail
[15:32:31] <lunaphyte_> have you obtained clarity regarding what their little tls propaganda page actually means?
[15:32:33] <MarkRichman> here in devlopment, i'm just setting up two postfix boxes...one to mimic mesagelabs
[15:32:37] <rob0> and their client cert authentication is known to work?
[15:32:56] <lunaphyte_> i'd be willing to bet no.
[15:33:04] <lunaphyte_> but wtf do i know? :)
[15:33:16] <MarkRichman> i'd want to talk to someone else who's done this and get their take on it
[15:33:44] <rob0> I don't know of anyone, have you posted on the mailing list?
[15:34:29] <MarkRichman> i posted on alt.comp.mail.postfix and list.postfix.users
[15:34:44] <MarkRichman> http://groups.google.com/group/alt.comp.mail.postfix/browse_thread/thread/a1253be85af80d9b
[15:34:52] <MarkRichman> http://groups.google.com/group/list.postfix.users/browse_thread/thread/2861553de6157fee
[15:34:55] <f3ew> Hmmm?
[15:34:59] *** saurabhb has quit IRC
[15:35:16] <f3ew> You want to relay to another host via opportunistic TLS?
[15:35:31] <MarkRichman> not opportunistic.
[15:35:33] <MarkRichman> mandatory
[15:35:40] <MarkRichman> and client cert
[15:37:58] <MarkRichman> they said "If they are configured for Mandatory TLS on our end, they *must* have a cert signed by a trusted CA. This isn't negotiable."
[15:38:20] <MarkRichman> so self-signed is out
[15:38:31] <lunaphyte_> that is different, though, i would say.
[15:38:35] <MarkRichman> and i'm pretty sure those certs have passwords in them, which i was told postfix can't handle
[15:39:06] <lunaphyte_> i'd interpret that as referring to the cert you provide when messages labs relays a message to you.
[15:39:25] <lunaphyte_> huh? certs with passwords?
[15:39:44] <MarkRichman> to import into a store, doesnt it need a password?
[15:39:46] <vice-versa> pem private keys
[15:40:04] <lunaphyte_> no
[15:40:04] <MarkRichman> messagelabs wont be relaying to me
[15:40:12] <MarkRichman> we only need to send out
[15:40:23] *** brancaleone has joined #postfix
[15:40:24] <lunaphyte_> smtp is a two way street.
[15:40:37] <lunaphyte_> you need to be able to receive, almost certainly.
[15:40:50] *** bieb has joined #postfix
[15:40:50] <MarkRichman> we dont run our own smtp servers
[15:41:18] <MarkRichman> not for inbound at least
[15:41:56] <lunaphyte_> right, sorry, i forgot you're intended on using postfix as an mua, so to speak.
[15:42:03] <lunaphyte_> *intending.
[15:42:47] <lunaphyte_> nonetheless, that snippit from messagelabs isn't written as a function of your intentions.
[15:43:06] <MarkRichman> my intentions are moot
[15:43:08] <MarkRichman> lol
[15:43:15] <lunaphyte_> exactly.
[15:43:48] <f3ew> MarkRichman, you don't need a passphrase on a cert signed by a third party CA
[15:43:57] <MarkRichman> f3ew: thanks
[15:46:15] <MarkRichman> so i dont know how to satisfy their ridiculous requirement
[15:46:40] <lunaphyte_> MarkRichman: you really should get clarification from messagelabs regarding their expectations.  i strongly suspect your interpretation is inaccurate.
[15:47:37] <MarkRichman> lunaphyte: i havent even spoken to them yet....but i agree something is being lost in translation
[15:48:38] *** danbeck has joined #postfix
[16:05:39] *** hacim has joined #postfix
[16:06:10] <hacim> i'm having these odd situations where my active queue spikes, from an average of 1-2 messages up to 1-2k messages
[16:06:37] <Dominian> sounds like spammers
[16:08:26] <MarkRichman> when i connect, why do i see "no client certificate ca names sent" ?
[16:08:31] <hacim> it does, but i'm having trouble identifying any patterns
[16:08:44] <hacim> qshape shows that all the messages in the active queue are bound for that host
[16:10:37] *** mandragor has quit IRC
[16:12:47] *** mrfree has joined #postfix
[16:15:11] <Gaaah> !pastebin
[16:15:12] <knoba> Gaaah: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[16:15:49] *** Tykling has left #postfix
[16:16:17] <Gaaah> Sooo heya all
[16:16:31] <mrfree> I'm checking and cleaning up my postfix configuration now reading the docs I'm refactoring the *_restrictions part  http://pastebin.com/d47e15357  what about the smtpd_recipient_restrictions?
[16:16:39] <Gaaah> I am still struggling with the stupid ldap lookups
[16:16:49] <Gaaah> or may be I am the stupid one :<
[16:17:27] <Gaaah> I get : <me at mydomain dot ltd>:Recipient address rejected: User unknown in local recipient table;
[16:17:50] <Gaaah> I have checked out the wiki and I have configured postfix as it should be
[16:18:20] <Gaaah> (or at least I think so ) Now it still does not want to lookup the users in ldap
[16:18:38] <mrfree> do I need to move permit, permit, reject_unauth_destination first of all and the the other rules?
[16:19:35] <rob0> permit cannot be the first restriction in smtpd_recipient_restrictions
[16:20:08] *** mandragor has joined #postfix
[16:21:08] <mrfree> rob0, the docs report "smtpd_recipient_restrictions (default: permit_mynetworks, reject_unauth_destination)" so permit is the first restricton per default
[16:21:30] <rob0> That is not so. Can you see the difference?
[16:21:41] <vice-versa> no, it must be last, and is in fact the default unless something else implicit is used like reject, typically one only uses permit for clarity
[16:23:23] *** xpoint has joined #postfix
[16:23:49] <mrfree> in "permit_mynetwors, reject..." the first restiction is permit_mynet, isn't it?
[16:25:09] <mrfree> ... it isn't really a restriction... I called restriction only because it is in a restriction-set :)
[16:26:16] <vice-versa> as in permit the hosts listed in mynetworks, 'postconf mynetworks' to see what those would be, permit on it's own means permit everything
[16:27:11] <mrfree> vice-versa, sorry my bad with "permit, permit" I mean the two permit rules in the pasted text not a "generic" permit
[16:28:56] *** |_Knoedel_| has quit IRC
[16:29:16] <mrfree> pratically is the order I used in the pasted text right?
[16:29:34] *** mandragor has quit IRC
[16:29:50] <vice-versa> still confusing, try rephrasing your question
[16:30:14] <mrfree> http://pastebin.com/d47e15357
[16:30:29] <mrfree> smtpd_recipient_restrictions part
[16:30:56] <mrfree> I read in the docs "you should place non-recipient restrictions AFTER the reject_unauth_destination restriction" so I thing it should be fine
[16:32:41] *** mandragor has joined #postfix
[16:33:06] *** mandragor has quit IRC
[16:34:19] <rob0> Perhaps a coherent description of the problem would be best?
[16:35:04] <mrfree> It isn't a problem... or I hope so, only a double-check :)
[16:35:37] <rob0> Well, you'll reject some relaying MUAs with line 2
[16:36:11] <Gaaah> So anyone knows the way I can make Postfix lookup the addresses he should deliver to in LDAP?
[16:36:16] <rob0> if you think you want multiple restriction stages, you need to know how they interact.
[16:36:30] <Gaaah> http://postfix.wiki.xs4all.nl didn't do the trick
[16:36:50] *** mandragor has joined #postfix
[16:36:57] <mrfree> rob0, I simply followed the docs...
[16:37:01] <rob0> Most folks do pretty well with just smtpd_recipient_restrictions and that little smtpd_data_restrictions you use.
[16:39:46] *** seekwill has joined #postfix
[16:40:48] *** gangsterlicious has joined #postfix
[16:41:31] <gangsterlicious> anyone using ASSP? getting this "Couldn't create server socket to 125 -- aborting connection" error and cannot get it to work
[16:41:56] <gangsterlicious> mynetworks are set to 127.0.0.0/8 or even my network block
[16:42:45] <xpoint> mrfree, and line 5 needs smtp auth working
[16:42:59] <Gaaah> Want to buy help :< (jk)
[16:43:26] <mrfree> xpoint, It should work
[16:43:30] <Gaaah> Anyone ? postfix + ldap? Sending goes just fine, it's the reception that's acting up
[16:44:05] <xpoint> mrfree, there is no tls, there is no sasl, no smtp auth without
[16:44:48] *** havvg has joined #postfix
[16:45:18] <mrfree> xpoint, it's just a configuration snipped :)
[16:45:48] <mrfree> I'm interested in the restrictions order the other parameters should be fine
[16:45:55] <xpoint> mrfree, is needs finalalize then
[16:46:10] *** unevermetme has joined #postfix
[16:46:31] <unevermetme> a multiple domains postfix question
[16:46:53] <unevermetme> let's say i have 2 domains xxx.com, yyy.com
[16:47:18] <unevermetme> if I setup postfix variable $myhostname = xxx.com
[16:47:38] <unevermetme> my yyy.com mail headers will contain xxx.com ?
[16:47:51] <rob0> !myhostname
[16:47:51] <knoba> rob0: "myhostname" : a configuration parameter in the main.cf: The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
[16:48:16] <unevermetme> from the man it's look like i'm guessing correct
[16:48:31] <rob0> One of those other parameters is smtp_helo_name, so yes.
[16:48:44] <unevermetme> but anyone that has already this setup (multiple domain) can confirm it ?
[16:48:56] <f3ew> unevermetme yes
[16:48:57] <unevermetme> ok rob0, thanks
[16:49:08] *** Gaaah is now known as desperateforhelp
[16:50:14] *** deadpigeon has joined #postfix
[16:50:58] *** muecke77 has joined #postfix
[16:51:05] <unevermetme> can I avoid this ?
[16:51:09] *** muecke77 has left #postfix
[16:51:44] <rob0> Sure, set up multiple Postfix instances on different IP addresses (or different hosts.)
[16:51:51] <unevermetme> :)
[16:56:28] *** mark-use has quit IRC
[16:58:22] *** denis_ has quit IRC
[16:59:02] <desperateforhelp> Anyone here that knows a bit of postfix with ldap? and that has some time to give me a hand?
[16:59:31] *** desperateforhelp is now known as gaaah
[17:02:50] *** war9407 has quit IRC
[17:03:11] *** war9407 has joined #postfix
[17:03:15] *** war9407 has quit IRC
[17:03:46] <f3ew> gaaah ask
[17:03:51] <f3ew> !ldap_readme
[17:03:52] <knoba> f3ew: Error: "ldap_readme" is not a valid command.
[17:04:01] <f3ew> !ldap
[17:04:02] <knoba> f3ew: "ldap" : a lookup method that can be used by Postfix. An introduction can be found in the LDAP_README also found at http://www.postfix.org/LDAP_README.html. A worthy project dealing with LDAP and Postfix can be found at: http://jamm.sourceforge.net/howto/html/
[17:04:44] <xpoint> it can be done with one single postfix if the box have more then one ip
[17:04:45] <gaaah> f3ew, well I have postfix installed, with what should be a LDAP backend. Quering mail work just fine. Sending mail works just fine, receiving mail does NOT work.
[17:04:59] <f3ew> logs?
[17:05:11] <gaaah> f3ew, it does not recognize the users (: Recipient address rejected: User unknown in local recipient table;)
[17:05:26] <f3ew> test your ldap lookup table with postmap -q
[17:05:38] <f3ew> !debug
[17:05:39] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .
[17:06:04] <gaaah> euuh the -q is not a valid param
[17:06:21] *** war9407 has joined #postfix
[17:06:33] <f3ew> postmap -q user ldap:/etc/po...
[17:09:39] <gaaah> postmap: warning: dict_ldap_connect: Unable to bind to server ldap://myserver.ltd:389
[17:11:09] *** mandragor has quit IRC
[17:11:25] <gaaah> f3ew, with a whole lot more to that, kinda repeating itself with each line of my config file
[17:11:34] *** weedar has joined #postfix
[17:11:43] *** mark-use has joined #postfix
[17:11:50] <f3ew> gaaah that's your problem then
[17:12:00] <gaaah> can't auth yeah
[17:12:00] <f3ew> You might need to give it a bind username and password
[17:12:07] <f3ew> fix that :)
[17:12:12] <gaaah> I did
[17:12:19] <gaaah> sec
[17:12:47] *** war9407 has quit IRC
[17:16:33] *** pitakill has joined #postfix
[17:16:58] <gaaah> f3ew, why would it be unable to bind to server? (ps the bind_dn and pw are set)
[17:17:31] *** adj has quit IRC
[17:17:41] <gaaah> f3ew, just like mentioned in: http://tinyurl.com/6oofks
[17:19:51] <f3ew> did you set the correct basedn?
[17:20:05] <f3ew> Can you test with ldapsearch?
[17:21:49] <gaaah> yes ldapsearch -x works
[17:22:58] <gaaah> f3ew, wait a sec, I changed the indentation in the file and now I don't have an error when doing the postmap query
[17:24:02] <f3ew> heh
[17:24:03] <gaaah> f3ew, but I don't have results either, and I still get a Recipient address rejected: User unknown in local recipient table;
[17:24:14] <f3ew> postmap -q has to return OK
[17:25:18] <gaaah> debbie:~# postmap -q "somevalidaddress at mydomain dot ltd" ldap:/etc/postfix/ldap_relay_recipient_maps.cf
[17:25:18] <gaaah> debbie:~#
[17:26:06] <gaaah> Nothing in the logs either... (no errors nor OK)
[17:26:23] <f3ew> gaaah no @mydomain.tld for local
[17:26:35] <f3ew> Oh wait, relay
[17:26:39] <f3ew> then the full address
[17:27:57] *** war9407 has joined #postfix
[17:29:22] <gaaah> f3ew, any ideas left in there ? :)
[17:29:50] <f3ew> gaaah your query needs to return OK
[17:30:58] <f3ew> Err, local_recipient_table and relay_recipient_maps
[17:31:12] <gaaah> Well, I guess it does as I don't get any error, so even if I needed to look something up in google, I wouldn't know what to look for :) postmap -q no messages ? :)
[17:31:18] <f3ew> Are you sure you want to use mydestination, or relay_domains?
[17:32:50] *** Tadej has joined #postfix
[17:33:10] <gaaah> f3ew, I am not sure (not rly comfortable with Postfix quite yet) I just want to recieve mail. So far the only good clear doc told me that (on the wiki) that's why
[17:33:35] <f3ew> gaaah, postconf -n and logs
[17:34:01] <f3ew> you need to query with only the localpart for domains in mydestination
[17:34:18] <gaaah> f3ew, no local_recipient_table
[17:34:42] *** mark-use has quit IRC
[17:35:00] * f3ew sighs
[17:35:04] <f3ew> !debug
[17:35:05] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .
[17:36:32] <gaaah> Hmmm
[17:44:03] *** Katana_Steel has joined #postfix
[17:49:43] *** homerico has joined #postfix
[17:51:09] *** Templar_Xion has joined #postfix
[17:52:06] * f3ew waits the URL of the paste
[17:52:32] *** mrfree has quit IRC
[17:53:56] *** homerico has left #postfix
[17:55:37] *** sophokles has quit IRC
[17:55:37] *** jelly has quit IRC
[18:02:01] *** adminko has joined #postfix
[18:02:57] *** phnord has quit IRC
[18:05:06] *** Bombo_ has joined #postfix
[18:05:49] *** adminko has quit IRC
[18:05:59] *** Thorn has quit IRC
[18:06:58] *** temba has quit IRC
[18:07:47] *** Thorn has joined #postfix
[18:08:31] *** jelly has joined #postfix
[18:09:59] *** Templar_Xion has quit IRC
[18:11:47] *** brancaleone has quit IRC
[18:15:30] *** Bombo has quit IRC
[18:15:30] *** Bombo_ is now known as Bombo
[18:16:46] *** gaaah has quit IRC
[18:18:08] *** kris_ has quit IRC
[18:20:58] *** Roman123 has joined #postfix
[18:21:29] *** Roman123 has quit IRC
[18:22:43] *** josinalvo has joined #postfix
[18:24:00] *** znag has quit IRC
[18:27:54] <deface> i want to cc all email to user1 at domain1 dot com to user2 at domain dot com
[18:28:31] <mofino> create a forward
[18:28:36] <deface> not sure how .. both domains are relayed through postfix
[18:28:54] <deface> if the boxes were hosted on the server, i could do it
[18:28:59] <mofino> actually nevermind, i don't use forwards, may not be what you want
[18:29:01] <deface> but just relayed through
[18:29:31] <josinalvo> Hi there ! I'm thinking about migrating from qmail to postfix. Does anyone know a way to make postfix check for a .foward and, if it is not present, forward the email to another server ?
[18:32:40] *** metalman has joined #postfix
[18:34:55] <metalman> Any tips for debugging mail delivery delays with postfix? I have some users reporting 30 minute delays with email, but I see no apparent delays in the postfix logs, nor can I find any tips in the postfix documentation. What would you do to track down delays in a postfix mail server?
[18:35:56] <deface> monitor your queue
[18:36:33] <vice-versa> and get some headers from some of these supposedly delayed messages
[18:37:06] *** niki has joined #postfix
[18:38:47] <deface> vice-versa: know of anyway to do what i want?
[18:39:18] <deface> both domains are relayed through the server, but i want user1 at domain1 dot com to auto-bcc to user2 at domain2 dot com
[18:40:28] *** kapowaz has joined #postfix
[18:41:08] *** LordDicranius has joined #postfix
[18:41:22] *** kapowaz has left #postfix
[18:42:09] <vice-versa> deface: recipient_bcc_maps, but somehow I get the feeling you've tried this
[18:43:58] <deface> actually nope.. not yet ;)
[18:49:12] *** Haris________ has joined #postfix
[18:59:47] *** war9407 has quit IRC
[19:02:12] *** war9407 has joined #postfix
[19:08:13] *** Haris_ has quit IRC
[19:09:26] *** pitakill has quit IRC
[19:11:03] *** hparker has joined #postfix
[19:12:56] *** weedar has quit IRC
[19:13:54] <metalman> can I paste some headers here for help troubleshooting?
[19:14:22] *** rootsvr has joined #postfix
[19:17:31] <xpoint> metalman, no use !pastebin
[19:17:57] <metalman> !pastebin
[19:17:58] *** githogori has quit IRC
[19:17:58] <knoba> metalman: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[19:18:15] *** mio has joined #postfix
[19:18:59] *** rootsvr has quit IRC
[19:20:10] <metalman> http://paste.debian.net/19639
[19:20:26] <mio> lo all, I got a question about postfix and LDAP. I don't recieve mail! log says "User unknown in local recipient table;"  when I check for ldap it's running, a ldapsearch works and a postmap doesnt give any error messages. Why wouldn't postfix work ?
[19:20:52] <metalman> does that mean that the message got delayed half-hour on ironport.foo.org before arriving to mail.foo.org?
[19:26:00] *** amrit is now known as amrit|wrk
[19:28:19] *** denis_ has joined #postfix
[19:34:25] *** Templar_Xion has joined #postfix
[19:35:18] <mio> anyone?
[19:37:15] <sysmonk> yo yo
[19:38:24] <sysmonk> mio: pastebin postconf -n and the postmap -q output and the postfix file with ldap cf
[19:38:42] <mio> ok sec
[19:39:21] <mio> !pastebin
[19:39:21] <knoba> mio: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[19:40:58] <mio> http://rafb.net/p/1kCBGc50.html postconf -n
[19:41:31] <sysmonk> damn it, you could be slower
[19:41:40] * sysmonk is having a lunch/breakfast/whatever
[19:43:23] <mio> http://rafb.net/p/KOm0qZ67.html main.cf
[19:43:26] <vice-versa> metalman: that's how I would interpret it
[19:43:33] <mio> sysmonk, soz on a damn slow laptop
[19:43:47] <mio> for it to switch between apps it's hell
[19:44:00] *** rouri has joined #postfix
[19:44:09] <sysmonk> mio: DID i ask for main.cf?
[19:44:17] <metalman> cool, thanks
[19:44:47] <sysmonk> i thought i told you exactly what to pastebin - postconf -n, postmap -q the ldap file and the actual ldap file contents
[19:45:07] <seekwill> You never ask for main.cf
[19:45:21] <mio> sysmonk, http://rafb.net/p/WENOy449.html local recipients
[19:45:56] <mio> sysmonk, sorry mate, what filenames do you exactly want?
[19:46:03] <mio> sysmonk, I misunderstood you
[19:46:35] <mio> btw postmap -q shows nothing, nor error nor OK
[19:46:59] <sysmonk> mio: so, there are no entries in ldap matching your query
[19:47:05] <sysmonk> what postmap command do you use?
[19:47:09] <sysmonk> what args do you give it ?
[19:47:14] <mio> debbie:~# postmap -q "csauth at something dot ltd" ldap:/etc/postfix/local_recipients.cf
[19:47:14] <mio> debbie:~#
[19:47:47] <vice-versa> try it with -v and see if that spits out anything useful
[19:47:57] <sysmonk> yup
[19:49:00] <sysmonk> mio: and, if you won't find anything in postmap -vq, then pastbein the ldapsearch with (mail=csauth at something dot ltd
[19:51:18] <mio> http://rafb.net/p/jlEmm346.html with -v
[19:52:21] <mio> that doesnt even exist sysmonk the csauth at something dot ltd I actually used THAT example. I could use a valid address but it gives me the exact same thing
[19:52:32] *** josinalvo has quit IRC
[19:54:30] <sysmonk> use a valid one
[19:54:36] <sysmonk> and as i said, pastebin the ldapsearch output
[19:54:50] *** A|3x has joined #postfix
[19:55:24] <mio> hmm the ldapsearch -x validname gives like all my users
[19:56:26] <sysmonk> mio: use the filter mail=validname
[19:56:36] <mio> sysmonk, and the result of the postmap with a valid user is the exact same thing as the non existant one
[19:56:41] <mio> ok
[19:58:44] <mio> http://rafb.net/p/jV0RLr79.html
[19:59:46] *** Tykling has joined #postfix
[20:00:27] <mio> sysmonk, is that what you meant?
[20:00:53] *** danbeck has quit IRC
[20:00:56] <sysmonk> mio: so?
[20:01:12] *** adaptr has quit IRC
[20:01:22] <sysmonk> mio: 0 results
[20:01:27] *** adaptr has joined #postfix
[20:01:43] <sysmonk> mio: show me an ldap entry which you think you queried
[20:01:44] <mio> yep
[20:01:54] *** adaptr has quit IRC
[20:06:10] *** Zeit|awy_ has joined #postfix
[20:06:31] *** adaptr has joined #postfix
[20:06:46] *** denis_ has quit IRC
[20:09:04] *** war9407 has quit IRC
[20:10:18] *** khussein78 has joined #postfix
[20:10:50] <khussein78> hi there
[20:11:29] <khussein78> i need a good manual to install postfix with smtp auth on CentOS from packages not from source
[20:11:48] *** denis_ has joined #postfix
[20:11:58] *** war9407 has joined #postfix
[20:12:16] *** Zeit|awy has quit IRC
[20:13:33] <vice-versa> http://wiki.centos.org/HowTos/postfix
[20:14:27] <mio> vice-versa, any clue about what else to do ?
[20:14:51] <vice-versa> sysmonk mio: show me an ldap entry which you think you queried
[20:15:01] <sysmonk> vice-versa: ;)
[20:15:10] <mio> hehe
[20:15:15] <mio> sysmonk, back?
[20:15:22] <sysmonk> vice-versa: he showed, the entries don't even have 'mail' attribute
[20:15:32] <sysmonk> and even if they'd have, he queries local_recipient_maps
[20:15:33] <mio> I changed it now sysmonk
[20:15:39] <mio> uid gives a result
[20:15:40] <sysmonk> which go with a username, not the email
[20:15:43] <sysmonk> so uid should be the way
[20:15:50] <mio> it is
[20:15:51] <sysmonk> also, you're delivering via local
[20:16:03] <sysmonk> which means, postfix will accept the email (because of the local_recipient_maps)
[20:16:21] <sysmonk> but you have to configure your nsswitch to use the same ldap database to actually deliver to a user by that name
[20:16:25] *** hacim has left #postfix
[20:16:37] <sysmonk> or else postfix won't find the user, and generate a bounce
[20:16:48] <mio> passwd:         files ldap
[20:16:48] <mio> group:          files ldap
[20:16:48] <mio> shadow:         files ldap
[20:16:48] <sysmonk> and no, i'm not back, i'm just temporary not holding my fork and spoon :)
[20:17:06] *** eanxgeek has quit IRC
[20:17:08] <sysmonk> mio: that part isn't postfix related, so you know, #your_distro channel
[20:17:12] <sysmonk> ;)
[20:18:03] <vice-versa> fork and spoon, sounds like spaghetti
[20:18:12] <xpoint> sysmonk, postfix does no bounce unknown users
[20:18:30] <mio> sysmonk, my problem right now is not the distro which is not working when I do getent passwd it show all my ldap users
[20:18:35] <mio> which is what you mean I think
[20:19:04] *** adaptr has quit IRC
[20:19:06] <sysmonk> xpoint: postfix queues depending on the local_recipient_maps, but local(8) will bounce if it won't find the user (that is, it will try to query the system user database, and if it fails - bouncey bouncey we go! )
[20:19:16] *** adaptr has joined #postfix
[20:19:32] <mio> sysmonk, also when I check out my mail I can authenticate with the ldap users and such... what I cannot do is recieve mail; the error I get is : Recipient address rejected: User unknown in local recipient table;
[20:19:42] <xpoint> sysmonk, silly setup :)
[20:19:46] *** adaptr has quit IRC
[20:19:58] <sysmonk> xpoint: it's not me who chose it :)
[20:20:18] <sysmonk> ok, guys, give me a break :P /me is hungry
[20:20:24] <mio> haha go for it mate
[20:21:12] *** eanxgeek has joined #postfix
[20:21:43] <mio> vice-versa, so now I actually did change the query to use uid instead of mail which now does return results if I look it up with ldapsearch. and like I said, getent passwd does return the users un ldap so my system does use ldap for auth
[20:22:23] <xpoint> mio, postmap -q vs ldapsearch
[20:22:42] <mio> xpoint, postmap -q does not return anything still
[20:23:17] <mio> actually
[20:23:29] <xpoint> mio, you should test ldap maps carefully before use in postfix
[20:23:36] <mio> xpoint, with -v postmap: dict_ldap_get_values[1]: Search found 1 match(es)
[20:24:16] *** adaptr has joined #postfix
[20:24:34] <mio> xpoint, so yeah now postmap does find users
[20:24:47] *** adaptr has quit IRC
[20:24:52] <sysmonk> mio: with postmap -q 1. query the username only (i.e. mio, not mio at domain dot com )
[20:25:12] <sysmonk> 2. return something! if you returned 'mail' previously, which doesn't exist, you have to return something what does exist
[20:25:15] <sysmonk> i.e. the uid itself
[20:25:21] <xpoint> postmap -q postmaster at yourdomain dot tld ldap:/etc/postfix/ldap_user_maps.cf
[20:25:45] <sysmonk> oh sure, go listen to xpoint, ke knows everything, he's a guru!
[20:25:46] <sysmonk> ;)
[20:25:53] * sysmonk goes to watch a movie
[20:25:54] <mio> sysmonk, that's what I did only used myusernam for the query, not myusername at mydomain dot ltd
[20:26:18] <xpoint> sysmonk, thanks for your time here
[20:26:57] <sysmonk> mio: yeah we love each other
[20:27:23] <sysmonk> mio: anyway, i just stop helping when xpoint moves in, i hate to listen to his stuff :)
[20:28:04] <mio> sysmonk, so anyhow i changed query_filter to  (uid=%s) instead of mail
[20:28:15] <sysmonk> mio: and what about result?
[20:28:21] <sysmonk> result_attribute
[20:28:27] <mio> with -v it does give results
[20:28:34] <sysmonk> i mean the result_attribute in the .cf
[20:28:42] <mio> sysmonk, postmap: dict_ldap_get_values[1]: Search found 1 match(es)
[20:28:48] <mio> oh
[20:29:07] <sysmonk> what is it set to?
[20:29:12] <mio> uid
[20:29:15] *** adaptr has joined #postfix
[20:29:16] <sysmonk> good
[20:29:37] <mio> yay
[20:29:41] <mio> it does return the name now
[20:29:50] * mio hat off!
[20:30:17] <mio> ok
[20:30:22] *** githogori has joined #postfix
[20:30:23] <mio> you have become my new her
[20:30:24] <mio> o
[20:31:28] <vice-versa> sounds kinky
[20:32:29] <mio> sysmonk, gah not totally working
[20:32:41] <mio> I still get user unknown
[20:33:12] <xpoint> mio, postmap -q postmaster at yourdomain dot tld ldap:/etc/postfix/ldap_user_maps.cf
[20:33:34] <xpoint> mio, postmap -q yourdomain.tld ldap:/etc/postfix/ldap_domain_maps.cf
[20:34:07] <xpoint> mio, postmap -q postmaster at yourdomain dot tld ldap:/etc/postfix/ldap_domain_maps.cf
[20:34:36] <xpoint> last one shoul return nothhing :)
[20:35:42] <mio> xpoint, mate, I don't have any of the files you are refering to for query
[20:36:01] <mio> xpoint, what I have is a file I called local_recipients.cf
[20:36:09] <xpoint> thats not my fault mio :-)
[20:36:16] <mio> and the lookups without the @blabla.bla work
[20:36:28] <mio> xpoint, did I say it was ? O;o
[20:36:36] <mio> O.o *
[20:37:36] <mio> sysmonk, still there?
[20:37:38] <xpoint> mio, if its works with hash: maps it works on any maps from postconf -m
[20:39:46] <sysmonk> mio: sorry, got a phone call
[20:39:58] <mio> xpoint, only thing I configured that shows in postconf -n (maps wise) is local_recipient_maps = ldap:/etc/postfix/local_recipients.cf
[20:40:02] <mio> sysmonk, nps mate
[20:40:32] <mio> sysmonk, did you check that log I sent you ?
[20:40:38] <sysmonk> mio: as i said
[20:40:42] <sysmonk> postfix did queue the mail
[20:40:51] <sysmonk> but local delivery agen't couldn't deliver it
[20:41:22] <mio> sysmonk, hmmm so now we(you) solved the 1st problem, and this is another ?
[20:41:28] *** denis_ has quit IRC
[20:41:40] <mio> hmpf ... okay ... so what's up with this one? what should I do
[20:41:43] <sysmonk> mio: this is the one i talked before - system user (getpwent stuff)
[20:41:52] <sysmonk> getent even
[20:42:16] <mio> that works
[20:42:27] <mio> getent works
[20:42:28] <xpoint> why not setup postfix to use pam ?
[20:42:39] <mio> cause I have my users in ldap mate
[20:42:46] <xpoint> and drop the ldap maps :)
[20:42:59] <sysmonk> ldap maps are working already
[20:43:09] * vice-versa shakes his head
[20:43:13] <sysmonk> because you can make it more custom
[20:43:15] <xpoint> lda uses pam ?
[20:43:35] <sysmonk> lda uses nsswitch
[20:43:57] <xpoint> postfix can use this via pam
[20:44:05] <sysmonk> ...
[20:45:07] <xpoint> no ?
[20:45:12] <mio> anyhow xpoint I am using ldap for many reasons and it's almost working now and everything is setup, won't NOW change my whole setup
[20:45:49] <xpoint> mio, can ldap users login via telnet on the box ?
[20:45:54] *** hever has quit IRC
[20:45:56] <mio> sysmonk, can you see what's wrong in that config file?
[20:47:00] <xpoint> mio, ldap in postfix is a bit silly for unix users :)
[20:47:56] * sysmonk thinks xpoint is a bit silly
[20:48:04] <sysmonk> but who cares!
[20:48:05] <sysmonk> ;)
[20:48:23] <xpoint> who cares abount bounces ?
[20:48:41] <sysmonk> ok, i'll just stick somebody in my ignore list
[20:48:51] * vice-versa bounces xpoint
[20:49:45] * sysmonk blacklists vice-verrsa
[20:49:59] * sysmonk reminds vice-versa about his pm about blacklisting vice-versa
[20:50:32] <vice-versa> pfft, you won't be the first ;)
[20:50:48] <sysmonk> was that for me? :)
[20:51:04] <vice-versa> yeah
[20:51:13] <sysmonk> i see you don't get it, or atleast don't remember it
[20:51:39] *** danbeck has joined #postfix
[20:52:22] <vice-versa> who are you anyway?
[20:52:25] * vice-versa suffers from dementia
[20:53:21] * vice-versa shakes sysmonk
[20:54:03] <sysmonk> vice-versa: yeah, shake it baby!
[20:54:04] <sysmonk> ;P
[20:58:13] *** orly0wl has joined #postfix
[20:58:17] <orly0wl> ehlo
[20:58:36] <vice-versa> 250-orly0wl
[20:58:38] <orly0wl> so, i'm still getting this random 'bounce' message ocassionally from someone who sends my server mail
[20:58:47] <orly0wl> i still have been unable to figure out why
[20:58:58] <orly0wl> nothing is logged into log files, even at full debug mode logging
[20:59:21] <vice-versa> MTA gremlins
[21:05:25] *** denis_ has joined #postfix
[21:06:51] * seekwill sells gremlin spray
[21:08:56] <orly0wl> meh
[21:08:59] <orly0wl> i think it's just outlook
[21:09:20] <orly0wl> because in this instance, a bounce happened right in front of me (user in office), but i saw no evidence of it in logs
[21:09:29] <orly0wl> and looked, she's sending an attachment ~8MB
[21:09:38] <orly0wl> which was delivered before....
[21:09:39] <orly0wl> hmm
[21:10:17] <seekwill> What did it say?
[21:10:27] <orly0wl> it is random, essentially
[21:10:36] <orly0wl> in the case where these messages are bouncing
[21:10:41] * seekwill sells gremlin spray
[21:10:53] <orly0wl> i initially thought it was the clients, not allowing a message to go to delivery because of whatever local issue
[21:11:03] <orly0wl> i thought it was attachment size, but i have ruled that out
[21:11:18] <orly0wl> 9mb can hardly be called 'large' these days
[21:11:43] * vice-versa sells magic MTA dust by the gram
[21:12:11] *** eanxgeek has quit IRC
[21:12:26] <orly0wl> the server itself isn't under excessive load, so it's not just dropping mails
[21:12:29] * radius wonders if orly0wl scanned the pc getting the bounce back? ;p pctools is your friend
[21:12:39] *** rouri has quit IRC
[21:12:50] <orly0wl> nah, not yet
[21:12:52] <orly0wl> ya rly
[21:12:57] <vice-versa> orly0wl: original file size != encoded attachment size
[21:13:12] <radius> mebroot is the latest malware out there coming into outlook clients
[21:13:20] <orly0wl> ?
[21:13:51] <vice-versa> ?
[21:13:56] <seekwill> ?
[21:14:24] <vice-versa> !?
[21:14:24] <knoba> vice-versa: Error: "?" is not a valid command.
[21:14:46] <vice-versa> !stupidbot
[21:14:47] <knoba> vice-versa: "stupidbot" : heh, more like dumb ass human!
[21:14:51] *** eanxgeek has joined #postfix
[21:15:20] *** ph^ has joined #postfix
[21:16:04] <ph^> Anyone got any idea why forwarding mail from localhost works but not from google in postfix? postgrey says pass for google, but nothing for localhost
[21:17:43] *** pickcoder has joined #postfix
[21:18:23] <vice-versa> parse error
[21:19:01] <rob0> llllllooooooggggggssssss
[21:19:47] *** muecke77 has joined #postfix
[21:21:51] <vice-versa> !tse
[21:21:52] <knoba> vice-versa: "tse" : Translate server error
[21:22:21] <sysmonk> heh, i remember that image :P
[21:22:57] *** chadmaynard_ has joined #postfix
[21:23:05] <vice-versa> Chinese restaurant?
[21:23:14] *** Fallenou has quit IRC
[21:23:17] *** fXsTar has joined #postfix
[21:23:23] <fXsTar>  its posible to set up postfix to work with no true domain just noip?
[21:24:03] <seekwill> Yes
[21:24:34] <fXsTar> ok thx
[21:24:41] <fXsTar> seekwill
[21:24:59] <seekwill> Yes?
[21:25:21] *** Templar_Xion1 has joined #postfix
[21:25:35] <fXsTar> i need to edit my conf and put my adress ther as domain?
[21:26:03] <ph^> rob0: http://pastie.textmate.org/private/sfuc6tq27qy6sieaiwu2fg
[21:26:16] *** Thorn has quit IRC
[21:26:31] <ph^> the latter gets forwarded
[21:26:38] <ph^> The former doesn't
[21:27:14] *** m0f0x has joined #postfix
[21:27:23] *** khussein78 has quit IRC
[21:29:49] *** Templar_Xion1 has quit IRC
[21:30:03] <rob0> test at test dot test is not a real email address, I wouldn't expect gmail to accept it. Your relayhost cannot return it.
[21:30:44] <ph^> well, that's the one working
[21:30:54] <ph^> when I send from my gmail, to post at hh-media dot com it doesn't work
[21:33:22] *** mio has quit IRC
[21:36:36] *** ph^ has quit IRC
[21:39:24] *** ph^ has joined #postfix
[21:41:03] *** hparker has quit IRC
[21:41:21] *** Templar_Xion has quit IRC
[21:43:50] *** BBishop has quit IRC
[21:44:14] *** BBishop has joined #postfix
[21:44:37] <cos> how do I delivberately slow down outbound connections per second to just one domain, without affecting others?  Do I need to set up a separate transport for it?    (postfix 2.2)
[21:45:30] <vice-versa> !dedicated_transport
[21:45:31] <knoba> vice-versa: "dedicated_transport" : dedicated transports are used to control delivery behaviour for a specific domain or a user@domain pattern based on transport_maps. For an example see: http://linuxnet.ca/postfix/dedicated_transport.html
[21:47:51] *** hparker has joined #postfix
[21:49:35] <rob0> 2.2, wow
[21:51:14] <Dominian> whoa
[21:51:19] <Dominian> you are so out of touch hehe
[21:51:30] <sysmonk> i think he's the second one with 2.2 this week
[21:52:04] <Dominian> ouch
[21:52:09] <Dominian> running debian ?
[21:52:10] <Dominian> ;)
[21:56:38] *** eanxgeek has quit IRC
[21:56:40] <hparker> centos?
[21:57:37] <Dominian> <insert distro that runs old crap here>
[22:00:11] *** jeffspeff has joined #postfix
[22:17:47] <ph^> rob0: I think google was filtering mail sent from myself, via a forwarding, to myself
[22:23:28] *** Lukemob_ has joined #postfix
[22:23:39] *** tombar has joined #postfix
[22:24:07] *** denis__ has joined #postfix
[22:28:25] *** muecke771 has joined #postfix
[22:28:33] *** muecke771 has quit IRC
[22:30:55] *** denis_ has quit IRC
[22:32:21] *** chadmaynard_ has quit IRC
[22:32:32] *** muecke771 has joined #postfix
[22:36:27] *** Lukemob has quit IRC
[22:39:41] *** muecke77 has quit IRC
[22:43:57] <SeJo> hey all i have a simpel setup, with postfix and dovecot and only local users
[22:44:09] <SeJo> how do i setup that they can send mail through my server?
[22:44:15] <shasta> !sasl
[22:44:16] <knoba> shasta: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[22:44:20] <shasta> SeJo, ^^^^^
[22:44:48] <SeJo> shasta does that tell me how to relay?
[22:44:59] <SeJo> users are already checked with sasl
[22:45:14] *** orly0wl has quit IRC
[22:46:29] <shasta> it does.
[22:47:28] *** metalman has quit IRC
[22:52:33] *** bieb has left #postfix
[22:55:21] *** m0f0x has quit IRC
[23:01:42] *** madrescher has quit IRC
[23:02:24] *** ph^ has left #postfix
[23:02:34] *** muecke771 has quit IRC
[23:11:40] *** Sylphid|work has joined #postfix
[23:14:54] <Sylphid|work> hello, could anyone explain how postfix interfaces with spamassassin and explain a workaround for better performance .... from what i understand (probably wrong) but when qmgr calls spamc it must wait for spamassassin to finish with scanning before it can continue thus only one message can be processed by spamassassin at a time?
[23:16:15] *** david73cetane has joined #postfix
[23:17:06] *** rootsvr has joined #postfix
[23:18:41] *** stephen is now known as Guest83351
[23:19:10] <deadpigeon> postfix calls spamassassin/amavis/ecetera/ecetera through a content_filter option.
[23:19:53] <Sylphid|work> hey deadpigeon,
[23:20:04] <deadpigeon> that would be in your postfix config file.
[23:20:20] <Sylphid|work> i have spamassassin working... it just seems abnormally slow
[23:20:45] <deadpigeon> takes some tweaking to get it up and running right.
[23:21:04] <deadpigeon> using just spamassassin? nothing like amavisd or anything?
[23:21:09] <Sylphid|work> am i right in thinking that qmgr can only process one message at a time?
[23:21:16] <Sylphid|work> just spamassassin and postfix
[23:21:29] <deadpigeon> no it can process as many as you specify
[23:21:41] <deadpigeon> something sane for spamassassin is about 10 processes to start with.
[23:21:56] <deadpigeon> youll want to call spamD in place of spamassassin if you want to use spamC
[23:22:02] <Sylphid|work> w/o spamassassin im processing approx 3250 messages/min but drop to 50 or so after spamassassin
[23:22:29] <deadpigeon> well you should be processing more about 150-200 every minute.
[23:23:02] <deadpigeon> check your postfix config, postfix will queue up to 200 msgs by default for delivery
[23:23:33] *** denis__ has quit IRC
[23:24:01] <Sylphid|work> are you referring to the active queue?
[23:24:32] <deadpigeon> yeah
[23:24:41] <deadpigeon> so what is the problem? your queue is getting full?
[23:24:57] <Sylphid|work> yes the active queue will hold up to 20k messages
[23:24:59] <Sylphid|work> correct
[23:25:11] <deadpigeon> you are making spamassassin do too much work.
[23:25:30] <deadpigeon> most of those in the queue are probably spams.
[23:25:36] *** fXsTar has quit IRC
[23:25:59] <deadpigeon> are you doing any recipient restrictions in main.cf?
[23:26:29] <Sylphid|work> yes...
[23:26:45] *** rootsvr has quit IRC
[23:26:47] <deadpigeon> like? you can pastebin the file if its easier.
[23:26:55] <Sylphid|work> 1 moment
[23:27:24] <deadpigeon> I only reject invalid hostnames, non_fqdn's, unknown sender & recipient domains, unuath_pipelining, rejecting unauth_destination and that is it.
[23:27:55] <deadpigeon> seems to keep my system pretty unclogged, and not many false positives at all, infact non so far.
[23:28:09] <deadpigeon> we deal with about 150 thousand emails an hour
[23:28:29] *** Tykling has left #postfix
[23:28:35] <Sylphid|work> main.cf   >   http://pastebin.com/d5deb5980
[23:29:13] <Sylphid|work> helo restrictions are commented out for testing but are normally not so
[23:29:38] <deadpigeon> I don't do any helo requirements, they cause too much issue on our networks, might be different for you.
[23:29:55] <Sylphid|work> smtp      inet  n       -       -       -       -       smtpd
[23:29:55] <Sylphid|work>   -o content_filter=spamassassin
[23:29:56] <Sylphid|work> spamassassin unix -     n       n       -       -       pipe
[23:29:56] <Sylphid|work>   user=spamd argv=/usr/bin/perlbin/vendor/spamc -f -e
[23:29:56] <Sylphid|work>         /usr/sbin/sendmail -oi -f ${sender} ${recipient}
[23:30:09] <Sylphid|work> those are the relevant lines in master.cf
[23:30:40] <deadpigeon> what is your postfix ver?
[23:31:08] <Sylphid|work> 2.5.3
[23:31:08] <rob0> I have several, most are in the 2.5 range.
[23:32:13] *** havvg has quit IRC
[23:32:41] <deadpigeon> well, I'd add smtpd_data_restrictions after the recipient ones
[23:32:47] <deadpigeon> with reject_unauth_pipelining
[23:32:50] <deadpigeon> and permit after that
[23:33:31] <deadpigeon> also I'd make your recipient restrictions a little tighter.
[23:34:17] *** hever has joined #postfix
[23:35:42] <deadpigeon> i'd run: reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, permit
[23:36:07] <deadpigeon> thats what ive been comfortable with and its kept my spamassassin from clogging up.
[23:36:20] <deadpigeon> all under smtpd_recipient_restrictions
[23:36:34] <deadpigeon> and reject_unauth_pipelining under smtpd_data_restrictions (followed by permit of course)
[23:38:23] <Sylphid|work> ok that would deffinitly drop the number of messages that spamassassin processes but it still seems spamassassin should be able to processes them faster
[23:41:01] *** ek has quit IRC
[23:41:05] *** ek has joined #Postfix
[23:43:02] *** bahadunn has joined #postfix
[23:44:28] <deadpigeon> it should, you might have to call spamassassin differently
[23:44:42] <deadpigeon> im not sure, i dont use spamD, I use amavisd-new to call spamD
[23:45:44] <deadpigeon> amavis handles the rest for me. you should have something like 9 or 10 spamC processes going when its processing such a large queue.
[23:46:15] <deadpigeon> if you only have one process running, then it will only be able to handle however much one processes can handle.
[23:46:54] <Sylphid|work> ok , ill have to look into amavisd-new
[23:46:59] <bahadunn> what kind of setup would be best for handling several million emails a day?
[23:49:45] *** pickcoder has quit IRC
[23:51:44] *** kreg__ is now known as Kreg
[23:52:26] *** Kreg is now known as kreg
[23:53:03] *** LordDicranius has quit IRC
[23:58:41] *** danbeck has quit IRC





top