[00:06:08] *** hparker has joined #postfix
[00:07:24] <deadpigeon> does anyone know? =/
[00:09:29] *** Tykling has left #postfix
[00:13:21] *** Snader_LB has joined #postfix
[00:13:42] <Snader_LB> hi everyone.
[00:16:42] *** Southron has left #Postfix
[00:18:29] <Snader_LB> to let Postfix communicate correctly (that is, securely) with a SMTPS host, is it enough to specify ``relayhost = smtps.example.com:465''?
[00:19:07] <Snader_LB> in main.cf, i mean of course
[00:22:44] <vice-versa> deadpigeon: good question, I don't honestly know the answer, but I would speculate not much weight would be given to sender or recipient addresses themselves
[00:23:21] <vice-versa> Snader_LB: you'll need tls support
[00:23:26] <deadpigeon> I wouldn't think so, considering all of those addresses can be likely forged anyways, so it shouldn't be looking into them and concentrating more on subject matter and body content.
[00:23:28] <vice-versa> !tls
[00:23:29] <knoba> vice-versa: "tls" : short for "Transport Layer Security" (RFC2246). It adds an additional layer of encryption to protocols like SMTP, POP3 or IMAP to improve security during transmission over the internet. You can find HOWTOs on that topic on http://www.postfix.org/docs.html
[00:23:53] <vice-versa> deadpigeon: agreed
[00:24:04] <Snader_LB> vice-versa: ok, i'll take a look at postfix.org/docs. thanks.
[00:24:12] <deadpigeon> Do you think it's a safe idea to learn from these emails?
[00:24:18] *** lazz0 has quit IRC
[00:24:54] <Snader_LB> s/docs/docs.html/
[00:25:02] <deadpigeon> I guess I can always make it unlearn if it causes a problem.
[00:26:30] <vice-versa> I'm thinking it will be ok, but then again I don't have to live with the end result ;)
[00:27:31] <vice-versa> deadpigeon: how are you accumulating the spam?
[00:28:20] <deadpigeon> Well, I have several computers in the office that have been saving spam for the past year, so I was just forwarding the messages to a mailbox I made and downloading them to spam server itself.
[00:29:06] <deadpigeon> So technically it's coming from my trusted addresses, the original message is still in the body. I havn't implemented anything yet.
[00:30:57] <roe_> Can I use system group as an alias??
[00:49:52] <deadpigeon> what is exactly the difference between sa-learn --sync and --no-sync?
[00:58:58] *** deadpigeon has quit IRC
[01:06:25] *** wei has left #postfix
[01:09:55] *** Motoko-chan has quit IRC
[01:17:50] *** war9407 has quit IRC
[01:36:37] <Snader_LB> after each change of /etc/postfix/generic, "postmap /etc/postfix/generic" needs to be executed. but what if i delete /etc/postfix/generic?
[01:36:57] <Snader_LB> then it says ``postmap: fatal: open /etc/postfix/generic: No such file or directory''
[01:37:09] <Snader_LB> so, how to `clean' this?
[01:37:53] *** Motoko-chan has joined #postfix
[01:38:06] *** cpm has quit IRC
[01:38:23] <vice-versa> Snader_LB: what?
[01:39:13] <Snader_LB> 1) create /etc/postfix/generic. 2) execute "postmap /etc/postfix/generic".
[01:39:25] <Snader_LB> 1) delete /etc/postfix/generic. 2) execute "postmap /etc/postfix/generic" -> fatel error
[01:39:44] <vice-versa> wtf? you deleted the file then you somehow expect a command to work with the file?
[01:41:26] <Snader_LB> no. i expect it to do whatever is necessary to /etc/postfix/generic.db (perhaps delete it?) so `sync' it with an absent /etc/postfix/generic
[01:41:33] <Snader_LB> s/so/to/
[01:41:35] *** Haris________ has joined #postfix
[01:42:12] <vice-versa> no
[01:43:19] <Snader_LB> no?
[01:43:38] <vice-versa> !no
[01:43:39] <knoba> vice-versa: "no" : No means No!
[01:43:43] <Snader_LB> should (or: can) i delete /etc/postfix/generic.db myself?
[01:44:09] <vice-versa> if you no longer want it then yes
[01:46:16] <Snader_LB> well, i no longer have /etc/postfix/generic
[01:46:30] *** Haris_ has quit IRC
[01:46:55] <Snader_LB> so i doubt i will still need /etc/postfix/generic.db, which is generated from /etc/postfix/generic by postmap(1)
[01:49:19] *** roe_ has quit IRC
[01:49:43] *** roe_ has joined #postfix
[01:50:28] <Snader_LB> vice-versa: thanks you for your help
[01:50:34] <Snader_LB> s/thanks/thank/
[02:13:40] *** sfire||mouse has joined #postfix
[02:20:32] *** madrescher has quit IRC
[02:28:11] *** RomanaMentalis has joined #postfix
[02:28:24] <RomanaMentalis> hello - is there any way to tell when an email was deleted off the server from a user's account?
[02:29:38] <JoaoCarneiro> RomanaMentalis: like... undelete?
[02:29:52] <JoaoCarneiro> assuming you had maildirs
[02:30:27] *** havvg has quit IRC
[02:31:20] <rob0> Check your imapd's documentation, maybe it can do verbose logging. But it will be hard to correlate the name of the deletion with any human-usable name.
[02:31:40] <rob0> !yes
[02:31:41] <knoba> rob0: "yes" : Yes, it is.
[02:31:46] *** xnixan has joined #postfix
[02:31:51] <rob0> !maybe
[02:31:51] <knoba> rob0: Error: "maybe" is not a valid command.
[02:32:00] <rob0> !try
[02:32:01] <knoba> rob0: Error: "try" is not a valid command.
[02:32:49] *** madrescher has joined #postfix
[02:33:24] <rob0> !learn try as Do, or do not. There is no 'try'.
[02:36:08] <vice-versa> !learn maybe as possible/probable, but not sure
[02:38:50] <RomanaMentalis> JoaoCarneiro is there a way to undelte a message and get it back on the server??
[02:40:54] <RomanaMentalis> !learn undelete
[02:40:55] <knoba> RomanaMentalis: Invalid arguments for learn.
[02:42:08] *** ikaro has joined #postfix
[02:45:20] *** githogori has quit IRC
[02:46:14] <vice-versa> learn undelete as muhahahaha
[02:46:27] *** keffer has joined #postfix
[02:48:18] *** deadpigeon has joined #postfix
[02:51:10] <sfire||mouse> I'm having an issue with postfix authing against dovecot which auth's against mysql    http://pastie.org/299394
[02:53:13] *** wei has joined #postfix
[02:54:33] <deadpigeon> hmm
[02:57:00] <rob0> Rome, your off-topic question was answered.
[03:00:25] *** ming_zym has joined #postfix
[03:00:46] <rob0> sfire, if that query is wrong, obviously, it won't work. Sounds like your issue is between Dovecot/mysql and the MUA, your postconf (which I ignored anyway, I won't read all that) is irrelevant.
[03:01:12] <sfire||mouse> rob0, except that I can imap to dovecot
[03:01:37] <sfire||mouse> but when I try AUTH PLAIN to postfix, its giving the wrong username
[03:01:56] <rob0> what MUA?
[03:02:21] <sfire||mouse> telnet
[03:02:40] <rob0> how did you make the AUTH PLAIN string?
[03:02:56] <rob0> let me guess ... perl?
[03:03:03] <sfire||mouse> yup
[03:03:11] <rob0> escape your @
[03:03:15] <vice-versa> \@
[03:03:24] <sfire||mouse> thanks
[03:03:58] <rob0> works now?
[03:04:03] <sfire||mouse> yup
[03:04:07] <rob0> :)
[03:04:36] <sfire||mouse> should have used the mmencode command
[03:05:12] <vice-versa> or tried decoding your auth string as part of the troubleshooting process
[03:05:53] <sfire||mouse> true
[03:06:26] <sfire||mouse> now to see if I can figure out why thunderbird isn't working
[03:06:32] <sfire||mouse> but thanks
[03:06:50] <rob0> you require SSL/TLS?
[03:07:03] <rob0> (normally you should)
[03:07:21] <sfire||mouse> I'll figure it out
[03:07:32] <rob0> okay, gl
[03:07:42] <sfire||mouse> and its past time for me to head home, my wife is waiting
[03:07:58] *** sfire||mouse has quit IRC
[03:23:56] *** adnc has joined #postfix
[03:24:03] <adnc> !relay_domains
[03:24:03] <knoba> adnc: "relay_domains" : A configuration parameter in the main.cf: What destination domains (and subdomains thereof) this system will receive mail for and will relay mail to. Subdomain matching is controlled with the parent_domain_matches_subdomains parameter. See also !address_classes
[03:26:13] *** sfire||mouse has joined #postfix
[03:26:44] <sfire||mouse> actually, she's busy :P   so my next trouble shooting after I poke around in the docs more
[03:27:10] <sfire||mouse> put if you guys know what I'm doing wrong with postfix/trivial-rewrite[9489]: warning: do not list domain mail.singular-lamp01.ristech.net in BOTH virtual_mailbox_domains and relay_domains  That would be great
[03:27:29] <sfire||mouse> I have a virtual_mailbox_domains of mail.HOSTNAME
[03:27:43] <sfire||mouse> I'm thinking its something to do with parent_domain_matches_subdomains
[03:35:26] *** AwayML is now known as AndyML
[03:35:34] <deface> sfire||mouse: its pretty simple
[03:36:19] <deface> if your domain your sending it is in virtuals, dont add it to your main.cf under mydomain
[03:36:22] <sfire||mouse> yeah, got it set down
[03:36:25] <deface> or relay_domains
[03:36:52] <sfire||mouse> still getting Oct 23 18:32:02 singular-lamp01 postfix/smtpd[9593]: NOQUEUE: reject: RCPT from dsl081-082-084.lax1.dsl.speakeasy.net[64.81.82.84]: 554 5.7.1 <cwevans at acm dot org>: Relay access denied; from=<cwevans at mail dot singular-lamp01.ristech.net> to=<cwevans at acm dot org> proto=ESMTP helo=<Macintosh.local>
[03:37:03] <sfire||mouse> but no more of that
[03:37:09] <sfire||mouse> warning
[03:37:39] <deface> postconf -n to a pastebin
[03:38:23] <deface> btw, that helo isn't an fqdn, and would more than likely be blocked by most mail servers
[03:38:48] <sfire||mouse> yeah
[03:39:03] <sfire||mouse> but I think I authed against dovecot
[03:39:09] <sfire||mouse> so I would think it would allow me
[03:39:15] <sfire||mouse> http://pastebin.com/m2291450f
[03:39:33] <sfire||mouse> ah, wait
[03:39:38] <sfire||mouse> I think I know
[03:39:38] <deface> ubuntu ?
[03:39:50] <deface> mailbox_size_limit = 0
[03:39:53] <deface> 2nd time i've seen that
[03:40:00] <sfire||mouse> centos
[03:40:01] <deface> what distro is that stupid
[03:40:02] <deface> wow
[03:40:21] <sfire||mouse> actuaully, I think we have that because the default is 10 MB
[03:40:23] <deface> an ubuntu box last night had that .. is it by default ?
[03:40:32] <sfire||mouse> and we have some clients that are stupid on their own boxes
[03:40:33] <deface> no, the default is 512mb
[03:40:35] <higuita> deface: maybe that mean unlimited? if not, is totally stupid 8)
[03:40:38] <deface> 51200000 .. or something
[03:40:44] <deface> higuita: yeah, possibly
[03:40:53] <deface> but not defining wouldn't = 0
[03:40:57] <deface> so idk, have to check
[03:41:14] <sfire||mouse> blah, thought it was the noplaintex
[03:41:15] <sfire||mouse> t
[03:41:41] <sfire||mouse> anyways, time to debug later
[03:41:47] <higuita> or maybe it defaults to 0 if the mailbox is a maildir instead of mbox?
[03:41:47] <sfire||mouse> tomorrow is another day
[03:43:15] *** Juspion has joined #postfix
[03:44:04] *** pitakill has joined #postfix
[03:45:15] <rob0> !relay_denied
[03:45:16] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[03:48:35] <vice-versa> 512MB? that sounds off
[03:49:00] <deface> vice-versa: i was geussing, idk
[03:49:28] <deface> link:/var/www/link.fluxlabs.net/mailscanner# postconf -d | grep mailbox_size_limit
[03:49:28] <deface> mailbox_size_limit = 51200000
[03:49:45] <vice-versa> yeah are you ever, more like 48MB
[03:51:57] <deface> ;)
[03:52:51] <vice-versa> wanna buy some good used hard drives? ;)
[03:55:37] <rob0> uuog, "postconf -d mailbox_size_limit" works
[03:57:26] <deface> vice-versa: what kind, size ?
[03:57:48] <deface> rob0: yeah, as you can see above, not sure what there measuring in though ..
[03:59:28] *** AndyML is now known as AwayML
[03:59:30] *** sfire||mouse has quit IRC
[04:00:17] <vice-versa> bytes
[04:04:31] *** PodMan99a has quit IRC
[04:04:39] <vice-versa> deface: umm, I think they're 802MB ;)
[04:04:52] <deface> nice
[04:04:55] <vice-versa> 80216064
[04:07:43] *** majikman has joined #postfix
[04:08:53] <majikman> my mail server is attempting to send emails to a lot of people that have invalid email addresses. this is causing a lot of stuff to be logged by my postfix. can i reduce the number of times it attempts to connect to non-existent domains?
[04:10:14] <vice-versa> deface: got some 18373349376's too, huge suckers, you'll have to make me an offer on those though
[04:10:33] <deface> eh? .. whats that
[04:10:50] <deface> majikman: sounds like your server is sending out spam
[04:10:57] <deface> fix that, then you wont have to deal w/ them
[04:11:25] <majikman> deface, no, i have a website where users sign up and they do things like type in a0l.com as their email address
[04:11:45] <deface> so fix your code to validate before submit
[04:12:15] <majikman> hmm.... is that common practice?
[04:12:23] <majikman> seems like it'd slow down my registration process quite a bit
[04:12:56] <vice-versa> you should do some common validation
[04:13:01] <majikman> actually, no, thats not common practice.... at least not amongst all the other large sites
[04:13:36] <majikman> i am doing validation to make sure the email address is a valid format
[04:13:41] *** Juspion has quit IRC
[04:13:50] <majikman> but... i don't check the domain names
[04:14:16] <vice-versa> I would, although it wouldn't help with a0l.com
[04:14:17] <majikman> also, i'm noticing a lot of seemignly valid mail servers showing me that they're timing out. is that normal?
[04:14:39] <vice-versa> nope
[04:16:08] <majikman> does this happen because i'm not white listed?
[04:16:26] *** felix-da-catz_zz is now known as felix-da-catz
[04:18:56] <vice-versa> !maybe
[04:18:57] <knoba> vice-versa: "maybe" : possible/probable, but not sure
[04:19:43] <majikman> hmm.... i'll try white listing and installing stuff like dkim and domain keys
[04:19:47] <majikman> hopefully that'll fix this
[04:19:50] <rob0> !try
[04:19:50] <knoba> rob0: "try" : Do, or do not. There is no 'try'.
[04:20:32] <majikman> i think you're misinterpreting the context in which i'm using try
[04:20:48] <rob0> I think I'm making a joke
[04:20:54] <rob0> trying to ;)
[04:21:03] <vice-versa> !try
[04:21:03] <knoba> vice-versa: "try" : Do, or do not. There is no 'try'.
[04:21:12] <vice-versa> majikman: or you could show us something tangible
[04:21:13] <majikman> lol, vice-versa, he made a joke
[04:21:29] <majikman> vice-versa, like entires in my log files?
[04:21:38] <vice-versa> that's a good start
[04:21:41] <rob0> The punchline worked the second time but not the first.
[04:23:03] *** _mavrick61 has quit IRC
[04:23:29] <majikman> vice-versa, http://rafb.net/p/SQgk8H79.html
[04:24:09] *** _mavrick61 has joined #postfix
[04:25:20] *** wei has quit IRC
[04:26:34] *** chadmaynard has joined #postfix
[04:27:02] <vice-versa> wow
[04:27:18] <vice-versa> wtf is going on on that box
[04:27:35] <majikman> ??? what seems wrong?
[04:28:53] *** roe_ has quit IRC
[04:28:54] *** roe has joined #postfix
[04:29:22] <vice-versa> umm, you think 40 plus messages a second being queue is normal
[04:29:52] <majikman> i have no idea. i'm a total noob  to postfix.... i wouldn't even know how to change that if it is a problem
[04:30:02] <majikman> i mean, i can google the solution, bu ti don't know it off the top of my ehad
[04:31:04] <vice-versa> I would start by shutting down postfix until you get it sorted, someone is abusing your host for sure
[04:31:46] <majikman> i shoudln't be accepting incoming mails though. the only time it sends out mail is when a member on the stie gets a notification or something
[04:32:03] <majikman> can they still abuse that?
[04:37:08] *** joobie has joined #postfix
[04:37:16] <joobie> hi guys anyone know how to troubleshoot "SASL LOGIN authentication failed: authentication failure"
[04:39:08] *** Desynced has quit IRC
[04:39:18] <vice-versa> majikman: it's possible
[04:40:18] <vice-versa> regardless, you definitely got a problem on your hands
[04:40:38] <majikman> yea....  i know that for sure...
[04:41:05] <majikman> i'm just not certain what is considered best practice configuration so i'm not sure what i ned to do to my server to make it work properly
[04:42:37] *** deadpigeon has quit IRC
[04:43:43] <vice-versa> majikman: did you flushing the queues or anything?
[04:44:31] <majikman> not yet
[04:44:56] <vice-versa> ok, well don't
[04:45:24] <majikman> lol, ok
[04:45:27] <vice-versa> I just thought that could have been the result of a flush or requeue
[04:47:44] <vice-versa> it's hard to gauge what's going on from just a glimpse of a couple seconds of your logs, but you should shut it down until you get it sorted out
[04:50:27] <vice-versa> joobie: hard to say from that alone, bad credentials, missing needed sasl libs
[04:50:52] <vice-versa> !obvious
[04:50:52] <knoba> vice-versa: "obvious" : look for obvious signs of trouble, egrep '(warning|error|fatal|panic):' /some/log/file See: !logs factoid if you're unsure of where your mail logs are located
[04:51:12] *** pirho has quit IRC
[05:03:23] <vice-versa> majikman: in just that brief glimpse it's obvious you've managed to agitate comcast, road runner, aol and yahoo
[05:03:42] <majikman> yea.... i really need to get one some white lists
[05:04:03] <vice-versa> what?
[05:04:27] <majikman> if i get on some white lists with those email providers, won't that help?
[05:04:37] *** pulsar has quit IRC
[05:04:47] <vice-versa> help what exactly
[05:05:59] <rob0> I'm not sure why they would whitelist you.
[05:06:06] <vice-versa> indeed
[05:07:05] <majikman> they won't? why not? i'm not sending spam... these users are requesting the mails that i send them...
[05:19:57] <vice-versa> hmm, sounds dubious
[05:21:08] <rob0> I know (or presume) you're not a spammer in the classic sense of "one who deliberately sends junk in a means to make money", but you're indeed sending [U]nsolicited [B]ulk [E]mail.
[05:21:57] <vice-versa> he went from "it sends out mail is when a member on the stie gets a notification or something" to "these users are requesting the mails that i send them"
[05:24:21] * Motoko-chan was a spammer last month
[05:26:32] <vice-versa> how's that Motoko-chan?
[05:26:56] <Motoko-chan> I sent out about 500k unsolicited "announcements"
[05:27:13] <vice-versa> opps
[05:27:21] <Motoko-chan> Yeah, long story.
[05:27:36] <Motoko-chan> Basically, I didn't care that Y! had banned it. Neither did my boss.
[05:27:43] *** adnc has quit IRC
[05:27:52] <Motoko-chan> Essentially we were saving a business partner from his own mouth
[05:28:11] *** felix-da-catz is now known as felix-da-catz_zz
[05:28:57] * vice-versa listens earnestly
[05:29:11] <vice-versa> sounds like an interesting story
[05:29:45] *** goldfisc1li has joined #postfix
[05:31:29] *** wei has joined #postfix
[05:32:42] <vice-versa> I can see Motoko-chan is just gonna give us enough to salivate on ;)
[05:32:58] <Motoko-chan> Yeah, but I really can't expand on it.
[05:33:17] <Motoko-chan> Essentially, they shot their mouth off to someone on how many people were subscribed.
[05:33:35] <vice-versa> ahh
[05:36:50] <cite> Forgive me my stupid question, but what does "to shoot one's mouth about sth." mean?
[05:37:00] <cite> My dictionary is not helpful.
[05:37:57] *** joobie_ has joined #postfix
[05:39:03] <deface> talk shit
[05:39:17] <cite> i see. thanks
[05:39:23] <vice-versa> before thinking it though
[05:39:40] <Motoko-chan> Basically, they were bragging without anything to back it up.
[05:40:00] <Motoko-chan> I can say that Career Builder was the source of a lot of the list, along with a cruise scam site.
[05:40:08] <Motoko-chan> The company listed their collection sources.
[05:40:14] * Motoko-chan now knows where to avoid
[05:40:32] <rob0> Oh, some customer slipped in a purchased list? Yikes.
[05:41:38] *** goldfischli has quit IRC
[05:44:14] *** HedgeMage has joined #postfix
[05:44:21] <Motoko-chan> No, the business partner bought one quickly so they could send the mail.
[05:45:28] <vice-versa> I was in a boardroom meeting about a month or so ago with one of our clients that wanted to do a very large mass "targeted mail out"
[05:46:17] <vice-versa> turned into a hot debate and I finally said, "look if you really want this done then we'll do it, but just reverse the roles for a few minutes and think about back when you first hired us and your inbox was on the receiving end of shit like this" .... *crickets*
[05:46:44] <vice-versa> they dropped it
[05:47:02] *** joobie has quit IRC
[05:47:55] <Motoko-chan> Heh.
[05:48:07] <Motoko-chan> In this case, it was just a bad situation that had to get done.
[05:48:15] <Motoko-chan> The first and only time it will happen.
[05:57:58] <HedgeMage> I'm using postfix+dovecot on Debian Etch... I can receive email just fine, but I can only send from my webmail client (on the email server), not another client.  The SMTP connection times out whether it's secured or not; I've already eliminated the firewall as a possible cause.  What should I check next?  I can pastebin postconf -n or whatever else may be helpful.
[05:59:57] <vice-versa> service provider on either end of the connections blocking 25 maybe
[06:01:02] *** joobie- has joined #postfix
[06:01:02] <HedgeMage> nope, I can use 25 to my other server from here, and no one else with that server provider has noted any problem recently
[06:02:27] <vice-versa> anything obvious in the logs?
[06:02:31] <vice-versa> !obvious
[06:02:32] <knoba> vice-versa: "obvious" : look for obvious signs of trouble, egrep '(warning|error|fatal|panic):' /some/log/file See: !logs factoid if you're unsure of where your mail logs are located
[06:05:50] <vice-versa> HedgeMage: on the client your testing with, can you telnet to any other hosts on 25?
[06:06:02] <vice-versa> telnet 74.125.47.27 25
[06:06:17] *** HedgeMag1 has joined #postfix
[06:07:02] <majikman> what is classified as UBE?
[06:07:31] <majikman> rather, let me ask if my emails are classified as ube...
[06:08:22] <majikman> so... i have emmbers on the site that get notifications when users send them mail, if their friends upload new pictures, etc. classic social networking stuff. i also provide them a section to not receive emails for those types of events/notifications. is that classified as unsolicited bulk email?
[06:08:31] *** hparker has quit IRC
[06:08:39] <Motoko-chan> If they don't request it, it is.
[06:08:49] *** chadmaynard has quit IRC
[06:08:51] <HedgeMag1> majikman: it should be opt-in, not opt out
[06:09:11] <HedgeMag1> majikman: however, if the site itself is double-opt-in, any settings re: mail can be single
[06:09:11] <majikman> hmm.... so if i change it to opt-in, does that help me with mail servers like aol and yahoo blocking me?
[06:09:25] <HedgeMag1> majikman: I'd start by checking what blocklists you are in
[06:09:26] <majikman> will they actually create an account on my site to check?
[06:09:36] <majikman> oh ok
[06:11:05] <HedgeMag1> majikman: large ESPs maintain their own lists, but they also pull from public lists
[06:11:27] <majikman> alright. i'll check that out this weekend...
[06:11:53] <majikman> oh, and if this isn't off topic for this channel, is there a general method to getting off those lists?
[06:12:05] *** joobie_ has quit IRC
[06:12:38] <vice-versa> majikman: regardless of validity, if you're hammering the piss out of other MTAs with un-throttled deliveries it can be viewed as abusive
[06:13:14] <majikman> oh.... thats why you were saying i need to increase my delay time for my queue, or something in that regards
[06:13:40] *** HedgeMage has quit IRC
[06:13:42] *** HedgeMag1 is now known as HedgeMage
[06:14:36] <Motoko-chan> openrbl.org <-- Good place to check major blacklists
[06:15:02] <majikman> ah, sweet. thanks for your help guys
[06:15:04] <HedgeMage> majikman: 1) figure out what you did to piss them off  2) Fix it, and document the fix in a note to the blocklist in question (including your complete contact info)
[06:15:33] <HedgeMage> majikman: Be respectful of their time... they are volunteers providing a valuable service.
[06:15:53] <majikman> will do
[06:15:55] <vice-versa> !dedicated_transport
[06:15:55] <knoba> vice-versa: "dedicated_transport" : dedicated transports are used to control delivery behaviour for a specific domain or a user@domain pattern based on transport_maps. For an example see: http://linuxnet.ca/postfix/dedicated_transport.html
[06:16:00] <vice-versa> see that too
[06:16:13] <majikman> ok
[06:17:34] *** saurabhb has joined #postfix
[06:18:18] <HedgeMage> vice-versa: no, nothing in the logs indicating a problem
[06:18:48] <vice-versa> and the telnet test?
[06:20:05] <HedgeMage> brb
[06:37:56] *** niki has quit IRC
[06:46:21] <HedgeMage> vice-versa: thanks for the help, but I'll have to tackle this over the weekend
[06:46:24] <HedgeMage> mommy duty calls
[06:54:04] *** HedgeMage has quit IRC
[07:20:49] *** growltiger has quit IRC
[07:21:07] *** growltiger has joined #postfix
[07:24:08] *** growltiger has quit IRC
[07:24:16] *** growltiger has joined #postfix
[07:35:32] *** githogori has joined #postfix
[07:37:19] *** nfsnobody- has joined #postfix
[07:42:53] *** hever has joined #postfix
[07:44:29] *** dan__t has joined #postfix
[07:44:31] <dan__t> Good evening.
[07:44:37] *** nfsnobody has quit IRC
[07:46:19] *** pitakill has quit IRC
[07:46:54] *** growltiger_ has joined #postfix
[07:47:13] *** growltiger has quit IRC
[07:47:38] *** xpoint has joined #postfix
[07:47:46] <dan__t> I'm playing around with DKIM, and I'd really like to implement it.  I'm a bit confused, however.  If I have a mail server which serves several domains, and I want to sign outgoing messages - are those outgoing messages signed on behalf of the actual sender domain, or on behalf of the mail server itself?
[07:49:38] *** amrit|wrk is now known as amrit
[07:49:54] *** Alanin has joined #postfix
[07:50:04] <Alanin> good morning
[07:50:59] *** Severed_Head_Of_ has joined #postfix
[07:53:01] <dan__t> Hello.
[07:56:32] <dan__t> I guess I'd ask the same question about SPF, as well.
[07:56:57] *** Niklas-_ has joined #postfix
[07:57:05] *** Niklas- has quit IRC
[08:05:43] *** growltiger_ has quit IRC
[08:06:51] <Alanin> Is it possible that mails sent out by my Postfix are identified as Spam cause of a wrong Postfix configuration. I am asking cause unspammy mails get identified as Spam and my IP is added to the CBL, but i am sure the Server is not sending spammails.
[08:07:36] <dan__t> A number of factors can contribute to how remote mail servers assume messages from your server to be spam.
[08:07:56] <dan__t> Content, misconfigured DNS, lots of other things.  However, I don't see how Postfix directly can contribute to this.
[08:08:03] <dan__t> Unless, of course, you were an open relay as well.
[08:08:27] <Alanin> open relay im not
[08:08:43] <Alanin> and i can say the content is not the problem
[08:08:50] <Alanin> so i should check the dns settings?!
[08:09:03] <dan__t> I would.
[08:09:12] <Alanin> thank you
[08:09:14] <dan__t> By that, I mean make sure there is a valid PTR record.
[08:09:44] *** BuenGenio has joined #postfix
[08:10:26] *** growltiger_ has joined #postfix
[08:11:02] <Alanin> should the ReverseDNS point to my server in some way our should it be the same "thing" the Postfix is unsing?
[08:11:07] <Alanin> using
[08:11:21] <deface> rdns should match dns
[08:11:31] <dan__t> Postfix just uses what it has available.
[08:11:31] <deface> and vice-versa
[08:12:18] <Alanin> i have a domain fubit.info which points to the server and this domain is set as rdns
[08:12:33] <deface> what does the server HELO as ?
[08:12:47] *** sophokles has joined #postfix
[08:13:04] <deface> also check your spf record
[08:13:20] <deface> every mail server checks for different aspects for spam classificatoins
[08:13:22] <deface> ions*
[08:14:00] <deface> main things i'd say - dns matches rdns, spf record, valid fqdn for HELO, not on a dynamic IP
[08:14:11] <deface> those should get you through on 99.9% of servers
[08:14:32] *** BuenGenio has quit IRC
[08:14:37] <deface> if your ip is getting tagged on CBL/RBL's .. you may want to relay through your isp
[08:15:08] *** BuenGenio has joined #postfix
[08:15:20] <dan__t> I'm trying to hack out SPF right now.  I'm a bit confused on include:.  Should that list like cox.net, my ISP, if I use cox.net's mail servers to send a mail having a MAIL FROM: customerdomain.tld?
[08:16:19] <Alanin> ok - thank you for that hints - i am going to check all that
[08:17:13] <dan__t> Does that make any sense, deface?  haha
[08:17:31] <deface> it can
[08:18:15] <dan__t> Situation being, what if customers of mine use their ISP's SMTP server to send mail from their own domain.
[08:18:49] <dan__t> My shared mail server hosts custdomain.com, they have a user at custdomain dot com address configured in Outlook that uses their ISP's SMTP host to relay through.
[08:18:53] *** sophokles1 has joined #postfix
[08:19:04] <dan__t> Sorry, just trying to wrap my head around this.
[08:19:42] *** loddafnir has joined #postfix
[08:20:01] <deface> it checks the recieving domain's spf
[08:20:06] *** BuenGenio has quit IRC
[08:20:07] *** growltiger_ has quit IRC
[08:20:09] <deface> not the @custdomain.com
[08:20:19] <dan__t> "it"?
[08:20:21] *** BuenGenio has joined #postfix
[08:20:28] *** growltiger_ has joined #postfix
[08:20:39] <deface> http://old.openspf.org/wizard.html
[08:21:41] <dan__t> Yeah, I'm using it
[08:22:07] <dan__t> "If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here."
[08:22:34] <deface> yeah .. spf is not a "forced' methodology of checking against spam
[08:22:46] <deface> it can be enforced per server .. or not
[08:22:50] <Motoko-chan> I don't like SPF.
[08:22:57] <Alanin> hmm, there is no spf record for my domains - is this a problem?
[08:23:03] <Motoko-chan> No, that is fine.
[08:23:04] <deface> ie - its not ready for mainstream
[08:23:11] <Motoko-chan> I'd just not publish one.
[08:23:13] <dan__t> I understand.
[08:23:25] <deface> i said those are things I would do ..
[08:23:28] <deface> others may differ
[08:23:45] <cafuego> SPF is fine. it means that sites that use it don't send me backscatter
[08:24:04] <dan__t> So, worst case scenario, those messages sent out through the "Outlook method" would not benefit from SPF at all.
[08:24:07] <Motoko-chan> I don't publish one for my customers. They use too many weird ISP mail servers to manage efficiently.
[08:24:08] <cafuego> This is a good thing[tm]
[08:24:22] <dan__t> Noted, Motoko-chan.
[08:24:40] *** sophokles2 has joined #postfix
[08:24:42] *** growltiger has joined #postfix
[08:24:43] <Motoko-chan> They'd be yelling loud if the mail they sent from that hotel's server didn't get to the important client because of it.
[08:24:44] *** growltiger_ has quit IRC
[08:24:51] <cafuego> dan__t: If you added their ISPs SMTP server to the SPF record as a permitted sender, it would work fine.
[08:25:14] <cafuego> Motoko-chan: I choose my clients carefully, and if I had one like that I'd drop 'em.
[08:25:22] *** BuenGenio has quit IRC
[08:25:29] <Motoko-chan> dan__t, but if they changed providers, or the ISP changed the IP of that server, you'd need to be notified.
[08:25:35] <cafuego> well, suggest someone else who might offer them a more fitting solution
[08:25:50] <Motoko-chan> cafuego, I wish I could, but it is a client of ours reselling a service we developed for them.
[08:25:52] *** BuenGenio has joined #postfix
[08:26:13] <cafuego> Motoko-chan: Mine actually use my SMTP server; if there is fail it's sually a matter of using port 587 instead f 25.
[08:26:32] <dan__t> Understood.
[08:26:36] <Motoko-chan> Considering these people are "marketing professionals", they wouldn't know how.
[08:26:45] <cafuego> heh
[08:26:56] <cafuego> That said.
[08:27:00] <dan__t> A few customers are set up to use submission, as they often travel etc etc
[08:27:13] <dan__t> I need to further refine that though... make an "allowed" column in SQL and do some hackery there
[08:27:17] <cafuego> There are of course valid reasons for not using it, like Motoko-chan's.
[08:27:28] <Motoko-chan> And by "marketing professionals" I mean mom and pop shops that imprint logos on stuff.
[08:27:32] <dan__t> Right now the only authentication is for a valid username and password, there's no flag to say if they can relay or not.
[08:27:34] <Motoko-chan> Like logoed pens.
[08:27:36] <cafuego> But on a domain that uses a fixed smtp server, why wouldn't you
[08:28:00] *** growltiger has quit IRC
[08:28:11] *** growltiger has joined #postfix
[08:28:39] <cafuego> dan__t: Normally I think authenticated users are allowed to relay by default.
[08:29:07] <dan__t> I would, too, cafuego.  However, I don't want the world relaying through me like that.  Even if the world only consists of my users heh.
[08:29:38] * Motoko-chan still loves Postfix's "I can break rules, too" error
[08:29:49] <sysmonk> dan__t: in dkim, you configure which domains you want to sign
[08:29:59] <sysmonk> i.e. i only sign one domain out of 3 on my home mail server
[08:30:08] <sysmonk> Motoko-chan: yeah :P
[08:30:15] *** Severed_Head_Of_ has quit IRC
[08:30:26] <Motoko-chan> I saw that for the first time in a bounce alert.
[08:30:30] * cafuego signs 3 out of - um lots
[08:30:31] <Motoko-chan> Laughed my ass off.
[08:30:52] *** BuenGenio has quit IRC
[08:30:53] <sysmonk> Motoko-chan: it was a bit confusing when i saw it for the first time :)
[08:30:55] <dan__t> Ok, so I *can* pick and choose like that.
[08:31:01] <cafuego> dan__t: Oh yes.
[08:31:06] <sysmonk> dan__t: yup
[08:31:11] <Motoko-chan> sysmonk, I just love the attitude though.
[08:31:18] <dan__t> What if I wanted to sign all mail originating from my server?  Would each domain need its own DKIM rules, or can I use the mail server's "own" DKIM implementation?
[08:31:21] <cafuego> dan__t: DKIm and SPF are strictly on a per-domain basis.
[08:31:23] <dan__t> I suppose that's my question.
[08:31:24] *** BuenGenio has joined #postfix
[08:31:28] <dan__t> Ahhhhh ok, cafuego.
[08:31:28] <sysmonk> dan__t: although you can't pick and choose that you want to sign dan@lopsa but not to sign blah@lopsa
[08:31:40] * Motoko-chan just uses OpenPGP
[08:31:41] <sysmonk> cafuego: don't add spf there
[08:32:01] <dan__t> I understand SPF being per-domain, as each domain would require its own SPF ruleset.
[08:32:04] <dan__t> per DNS, anyway.
[08:32:10] <cafuego> dan__t: DKIM needs an entry in the DNS zone file as well.
[08:32:11] <sysmonk> dan__t: right, per dns :)
[08:32:19] <dan__t> As for DKIM, I was under the impression that "mail server" could sign all originating mail in the same manner.  This is not true?
[08:32:20] <sysmonk> it's not something which is configured on mail server
[08:32:37] <cafuego> sysmonk: Yesh, we're discussing SPF publishing, not checking.
[08:32:50] <dan__t> Publishing only, I don't need/want to check it.
[08:33:08] <sysmonk> Motoko-chan: same here, but i use dkim just for the sake of testing it
[08:33:10] <dan__t> I'm not a BOFH, I just want mail reliably delivered to the "big guys"
[08:33:30] <dan__t> I know neither DKIM nor SPF guarantee that, but it would give me an advantage.
[08:33:44] <dan__t> From the research I've done, that small advantage may be all that I need.
[08:34:39] <cafuego> I don't know if they have positive weightings for DKIM/SPF. I'd hope not, spammers would catch on fast
[08:34:46] <dan__t> So, what, I'd need a separate policy server per each domain, or what
[08:35:02] <Motoko-chan> They do, to a degree.
[08:35:06] *** sophokles has quit IRC
[08:35:08] <cafuego> dan__t: for DKIM?
[08:35:18] <dan__t> Yes, DKIM.
[08:35:20] <Motoko-chan> All SPF and DKIM do is show you are authorized for that domain.
[08:35:26] <cafuego> dan__t: You just tell the DKIm server about each domain and point it as a secret key for that domain.
[08:35:27] <Motoko-chan> Doesn't mean the domain isn't spam.
[08:35:28] *** joobie- has quit IRC
[08:35:33] <dan__t> Ah ha, ok.
[08:35:42] <cafuego> s/as/at/
[08:35:46] <dan__t> Yes, I understand, Motoko-chan.
[08:36:07] <cafuego> postfix hands it the mail, it checks if it needs to do anything and hands it back when done.
[08:36:39] <Motoko-chan> I remember a survey showing more spammers were using SPF than valid domains.
[08:36:54] <dan__t> dkim-milter would then be DomainList:  example.com
[08:37:11] <cafuego> Motoko-chan: I expect gmail/yahoo/hotmail all use it, so yes, spammers would start using it too :-)
[08:37:15] <dan__t> keylist would be as documented, sender-pattern:signing-domain:keypath, referencing my keys per-domain.
[08:37:22] <dan__t> Got it.
[08:37:58] *** sophokles1 has quit IRC
[08:38:42] <dan__t> Ok, this rocks.  Easy as pie.
[08:39:36] <dan__t> On another subject, I have a lot of mail being deferred by mac.com.  I looked, mac.com doesn't seem to be very willing to provide a resolution to that.  Anyone have experience delivering mail to mac.com?  Do they offer any of the same communications paths as Yahoo, Gmail, AOL, etc etc?
[08:44:25] *** growltiger has quit IRC
[08:44:50] *** growltiger has joined #postfix
[08:45:01] <Motoko-chan> It's Apple, they're pretty tight-lipped on things.
[08:45:58] <deface> dan__t: i have no problems delivering to my mac.com addy
[08:46:00] <deface> from any of my servers
[08:46:23] *** BuenGenio has quit IRC
[08:46:50] *** BuenGenio has joined #postfix
[08:51:26] *** growltiger_ has joined #postfix
[08:52:26] <dan__t> Hrm.
[08:53:20] *** f3ew has quit IRC
[08:55:09] <dan__t> Ah well, just thought I'd ask.
[08:59:07] *** Severed_Head_Of_ has joined #postfix
[09:01:53] *** BuenGenio has quit IRC
[09:02:10] *** BuenGenio has joined #postfix
[09:05:33] *** phnord has joined #postfix
[09:05:55] *** growltiger has quit IRC
[09:06:30] *** growltiger has joined #postfix
[09:08:30] *** Tykling has joined #postfix
[09:11:31] *** growltiger_ has quit IRC
[09:14:15] *** growltiger has quit IRC
[09:14:24] *** phnord is now known as agi|water
[09:14:28] <agi|water> ups
[09:14:31] *** agi|water is now known as phnord
[09:14:40] *** growltiger has joined #postfix
[09:18:01] *** Severed_Head_Of_ has quit IRC
[09:18:21] *** sjamaan has joined #postfix
[09:18:27] <deface> downs
[09:18:34] <sjamaan> morning
[09:18:45] <deface> 2am .. i geuss its morning
[09:18:51] <deface> going to pull an all nighter ..
[09:18:54] <sjamaan> I'm getting this error: Host or domain name not found. Name service error for name=mail.solide-ict.nl type=MX: Host not found, try again
[09:19:01] <sjamaan> The host most certainly exists
[09:19:06] <sjamaan> How can I debug this?
[09:19:08] <deface> lets me check
[09:19:38] <deface> nope, no MX record
[09:19:52] <deface> dig MX @4.2.2.2 mail.solide-ictl.nl
[09:19:54] <deface> returns nothing
[09:19:55] <deface> now
[09:20:13] <deface> neither does just solide-ictl.nl
[09:20:32] <sjamaan> It's solide-ict.nl, not solide-ictl.nl
[09:20:41] <deface> ah
[09:21:22] <deface> solide-ict.nl.          900     IN      SOA     ns1.solide-dns.nl. root.solide-ict.nl. 2008102102 14400 3600 1209600 86400
[09:21:38] <deface> mail.solide-ictl.nl has no MX record
[09:21:44] <deface> solide-ictl.nl does
[09:21:59] <deface> solide-ict.nl.          14400   IN      MX      40 fallbackmx.spamexperts.com.
[09:21:59] <deface> solide-ict.nl.          14400   IN      MX      30 mx.spamexperts.com.
[09:22:18] *** BuenGenio has quit IRC
[09:22:19] <sjamaan> I'm using mail.solide-ict.nl as a smarthost
[09:22:43] *** BuenGenio has joined #postfix
[09:23:31] <deface> which is fine
[09:23:39] <dan__t> So what other kinds of things can I do to ensure reliable delivery on the basis of messages not being flagged as spam?
[09:23:42] <deface> but there is no MX record for mail.solide-ictl.nl
[09:23:52] <deface> it should be using solide-ictl.nl .. not mail.
[09:23:59] <dan__t> I've got the basics down, including not making a message actually look like spam heh.
[09:24:16] <sjamaan> deface: How can I make mail.solide-ict.nl use the same MX as solide-ict.nl?
[09:24:52] <deface> add an entry
[09:25:28] *** user_ has joined #postfix
[09:26:14] *** Motoko-chan has quit IRC
[09:28:03] *** BuenGenio has quit IRC
[09:28:22] *** BuenGenio has joined #postfix
[09:30:43] <user_> Hi! I got the working system postifx + courier and i want to make server-side filtering. For this i've installed procmail and made serveral settings. I have a simpe rule that moves messages with "test" in the subject to the folger test. The rule works (i can see it from the procmail.log), but i can't see the message from my mail client. I think this is because the procmail saves in msg file format and but i have couirer db.
[09:31:03] <sjamaan> deface: I'll try just on solide-ict.nl
[09:31:18] <sjamaan> It's weird that it worked up until yesterday, though
[09:31:35] <user_> Here is the tree of the directory where procmail moves messages http://pastebin.com/m693650ac
[09:31:52] <sjamaan> I don't understand it's looking up the MX record for that host, since I'm using it as a smarthost it should just use the host directly, I thought
[09:32:28] <cite> sjamaan: You probably forgot to add the parentheses, i.e. [mail.solide-ict.nl]
[09:32:51] <sjamaan> cite: If I enclose it in parens, it won't do an MX lookup?
[09:32:58] <sjamaan> (rather, brackets)
[09:33:06] <cite> Erm. Sure. brackets. My fault.
[09:33:43] <sjamaan> wow, that did the trick
[09:33:45] <sjamaan> Thanks a lot!
[09:33:48] <deface> sjamaan: im assuming your referring to smart host (windows term) as the relay host ?
[09:33:56] <sjamaan> deface: Yeah
[09:33:58] <sjamaan> Sorry for that
[09:34:01] <deface> j/c ;)
[09:34:28] <sjamaan> I wonder where I picked up that term
[09:34:33] <sjamaan> I don't even *use* windows :)
[09:36:23] *** growltiger_ has joined #postfix
[09:37:16] <sjamaan> Great, stuff is working again
[09:37:20] <sjamaan> Thanks a bunch!
[09:38:02] * sjamaan should learn to read
[09:38:11] <sjamaan> The example configfile states this pretty clearly
[09:38:21] <sjamaan> Guess I didn't understand the implications of 'MX lookup' until now :)
[09:38:34] *** xpoint has quit IRC
[09:40:02] *** growltiger has quit IRC
[09:43:09] <user_> in mailq i have about 50 requests with messge "mail transport unavailable"
[09:43:21] <user_> (they are all the the mailboxes that do not exist)
[09:43:44] *** sjamaan has left #postfix
[09:43:54] <user_> is it ok, that such messages exist in mailq for some time?
[09:44:14] *** Severed_Head_Of_ has joined #postfix
[09:44:15] *** growltiger_ has quit IRC
[09:46:42] *** growltiger has joined #postfix
[09:47:14] *** Severed_Head_Of_ has quit IRC
[09:52:15] *** rmayorga has quit IRC
[09:53:17] *** BuenGenio has quit IRC
[09:53:35] *** BuenGenio has joined #postfix
[09:53:37] *** dan__t has quit IRC
[09:56:58] *** war9407 has joined #postfix
[09:58:41] *** growltiger has quit IRC
[09:58:54] *** growltiger has joined #postfix
[09:59:11] *** growltiger has quit IRC
[10:13:30] *** user_ has quit IRC
[10:13:32] *** BuenGenio has quit IRC
[10:13:51] *** BuenGenio has joined #postfix
[10:14:37] *** BuenGenio has quit IRC
[10:32:12] *** amrit is now known as amrit|zzz
[10:52:09] *** xpoint has joined #postfix
[10:52:48] *** xemacs has quit IRC
[10:53:41] *** rmayorga has joined #postfix
[10:54:20] *** macsim`work has quit IRC
[10:54:30] *** Tex-Twil has joined #postfix
[10:54:47] *** Tex-Twil has left #postfix
[10:58:23] *** Tex-Twil has joined #postfix
[10:58:35] *** Tex-Twil has left #postfix
[11:00:26] *** rmayorga has quit IRC
[11:06:30] *** rmayorga has joined #postfix
[11:42:50] *** pirho has joined #postfix
[11:50:21] *** Tykling has left #postfix
[11:51:19] *** Lap_64 has joined #postfix
[11:57:09] *** Alanin_ has joined #postfix
[11:57:27] *** AMorozov has joined #postfix
[11:57:35] <AMorozov> Hi!
[12:00:40] <Lap_64> hi i am getting error 501 <'xyz at domain dot com'>: malformed address: '> may not follow <'xyz at domain dot com
[12:00:46] <Lap_64> though the email account is there
[12:00:57] <Lap_64> it happnes once in 2-3 days
[12:01:03] <Lap_64> any clue folks
[12:04:34] *** RomanaMentalis has quit IRC
[12:07:47] *** Alanin has quit IRC
[12:15:09] <war9407> Lap_64: the address is there with a ' mark?
[12:16:15] *** jpalmer has quit IRC
[12:16:18] *** jpalmer has joined #postfix
[12:25:55] *** wei has left #postfix
[12:27:55] *** Mosu has quit IRC
[12:28:06] *** Mosu has joined #postfix
[12:32:44] <Lap_64> war9407,  sorry didnt get you
[12:34:02] <Lap_64> war9407,   its saying  may not follow <'xyz at domain dot com
[12:35:40] <rob0> IIRC, an apostrophe cannot be a part of a DNS RR, the RHS of an email address. Looks like the author of whatever software which is making this connection did not read SMTP standards.
[12:36:12] <war9407> jeap
[12:37:16] <Lap_64> oh
[12:43:41] <AMorozov> How to force postfix to deliver mail to root at localhost dot localdomain?
[12:44:22] <AMorozov> localhost.localdomain IS in $mydestination
[12:44:33] <rob0> man 5 aliases
[12:46:28] <AMorozov> rob0: it's a good recipe, but if I remember correctly, ``name'' part of an alias line should be "local part only", that is address w/o domain part.
[12:46:53] <AMorozov> so I can't simply write root at localhost dot localdomain: root
[12:47:00] <rob0> Um, to be specific I might add: that man page says Postfix's local(8) will not deliver as root, yes.
[12:47:16] <rob0> (maybe it was "man local")
[12:47:51] <AMorozov> rob0: it may be some other "local address", the question is in 'localhost.localdomain'
[12:48:37] <rob0> What happened when you tried?
[12:49:56] <AMorozov> vdeb40b postfix/smtp[18975]: D6FE161F5E: to=<root at localhost dot localdomain>, relay=none, delay=0.23, delays=0.18/0.03/0.01/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=localhost.localdomain type=A: Host not found)
[12:51:01] <rob0> 10:45 < AMorozov> localhost.localdomain IS in $mydestination
[12:51:12] <rob0> this is not true ^^
[12:51:12] <AMorozov> it is
[12:51:30] <rob0> postconf mydestination
[12:51:37] <AMorozov> Ooops, sorry.
[12:51:40] <AMorozov> :-)
[12:51:50] <AMorozov> mydestination = localhost,localdomain, ....
[12:51:59] <AMorozov> comma instead of a dot
[12:52:04] <rob0> aha, one of those dots with a tail!
[12:54:49] <AMorozov> rob0: thank you, w/o your help I would break my desk :-)
[12:56:56] <rob0> :)
[12:57:59] <AMorozov> ... with fists and (preferrably) forehead
[13:11:49] *** Desynced has joined #postfix
[13:11:58] *** Alanin_ has quit IRC
[13:19:25] *** jeffspeff2 has joined #postfix
[13:19:34] *** jeffspeff has quit IRC
[13:44:16] *** AMorozov has left #postfix
[13:50:51] *** ming_zym has quit IRC
[13:52:49] *** Alanin_ has joined #postfix
[14:16:56] *** BuenGenio has joined #postfix
[14:37:40] *** rouri has joined #postfix
[14:37:41] *** saurabhb has quit IRC
[14:38:29] *** eanxgeek has joined #postfix
[14:44:18] *** madduck has joined #postfix
[14:44:34] <madduck> anyone here to agree that http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching is not perfectly clear or sensible on the choice of callout sender?
[14:44:38] <madduck> #
[14:44:38] <madduck> By default, Postfix probe messages have "double-bounce@$myorigin" as the sender address (with Postfix versions before 2.5, the default is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address.
[14:44:42] <madduck> You can change this into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@$myorigin" would succeed.
[14:44:46] <madduck> double-bounce is not a standard
[14:45:11] <madduck> and something isn't SAFE if postfix does the right thing, especially not when it's about callouts to other machines out there.
[14:53:49] *** Southron has joined #Postfix
[14:59:11] *** deadpigeon has joined #postfix
[15:01:23] *** muecke77 has joined #postfix
[15:02:21] *** randra has joined #postfix
[15:06:58] *** xDie has joined #postfix
[15:08:36] *** cjbmed has joined #postfix
[15:09:51] *** neoXite has joined #postfix
[15:11:52] <neoXite> hi, can anyone point me to a method to enhance postfix to encrypt/decrypt mail with gnupg, by relaying it through another local process for example? i noted 'geam' and 'kuvert' for encryption, but i need encryption/decryption support.
[15:12:35] *** pvh_sa has quit IRC
[15:13:34] *** pvh_sa has joined #postfix
[15:15:51] <madduck> this is a royally bad idea
[15:16:57] <Alanin_> hi there - is there a way to find out how other servers "see" my server when communication with em? to find out why my server is added to cbl when sending out mails
[15:17:31] *** Alanin_ is now known as Alanin
[15:17:36] <neoXite> well, it's also what the customer demands: all outbound company mail should get encrypted before it gets sent off, any encrypted inbound mail should get decrypted and forwarded to the internal mailserver
[15:18:04] *** hever has quit IRC
[15:18:45] <vice-versa> then used enforced tls
[15:18:57] <cjbmed> Hey guys - Postfix/MailScanner, having an issue when loading up postfix, it tells me cant create SpamAssassin cache database, I have verified permissions on my /var/spool/MailScanner/incoming dirs, and its all postfix/postfix ...anyone have any ideas?
[15:19:20] <madduck> neoXite: encrypoted to whom??
[15:19:42] <neoXite> tls just protects the transport to the next relay
[15:19:59] <neoXite> i want to build a relay that performs gnupg encryption/decryption
[15:20:00] <madduck> neoXite: unless you know the recipient and have a key for him/her, gnupg is of no use
[15:20:08] <neoXite> i'm well aware of that
[15:20:12] <madduck> neoXite: good luck
[15:20:16] *** rouri has quit IRC
[15:20:17] <deadpigeon> Okay, after doing sa-learn last night on 1000 spam and 2000 ham, I am still receiving spams that I told sa-learn were spams. Frustration.
[15:20:34] <madduck> deadpigeon: this is #postfix, not #spamassasin, right? :)
[15:21:02] <deadpigeon> Right. But #spamassassin isn't much of a channel. =/
[15:21:07] <madduck> cjbmed: mailscanner runs as a daemon, right?
[15:21:20] <madduck> deadpigeon: that's another sory.
[15:21:22] <madduck> story
[15:22:16] <vice-versa> deadpigeon: make sure sa is using the config your think it is
[15:22:21] <cjbmed> madduck : yep
[15:22:38] <madduck> cjbmed: so it's unlikely to run as user postfix.
[15:22:55] <madduck> and also has nothing to do with postfix
[15:22:57] <cjbmed> well you integrate mailscanner w/ postfix
[15:23:05] <madduck> at SMTP/LMTP level
[15:23:12] <cjbmed> true
[15:23:23] *** muecke77 has left #postfix
[15:23:24] <cjbmed> just wondering if anyone in here had any knowledge on it
[15:23:32] <cjbmed> worth a shot ;\
[15:23:54] <deadpigeon> vice-versa: Well there's only one local.cf on the server... I'm pretty sure it's using the right configuration. I'll dig some more.
[15:25:20] <Alanin> deadpigeon: can you see in the header of the recieved mails that the mail is checked?
[15:25:35] <deadpigeon> Alanin, yup.
[15:26:02] <Alanin> let me check how i managed to fight spam
[15:26:11] <Alanin> think spamassassin did a small job for mwe
[15:26:12] <Alanin> me
[15:26:26] <Alanin> think i did it via postfix
[15:26:32] *** madduck has left #postfix
[15:26:42] <Alanin> most spam i recieve is blocked via spamlists
[15:26:56] <deadpigeon> I have to use postfix as well to scan headers, but that is supposed to be sa's job.
[15:27:13] <Alanin> no not the headers
[15:27:54] <Alanin> i am using rbl
[15:27:56] <deadpigeon> Indeed. As is a lot of ours, but there's a boatload still leaking through. Only way to block those via postfix is to require helo, but that blocks all our customer's from receiving mail. (grrrr, windows)
[15:28:02] * deadpigeon nods.
[15:30:41] <Alanin> yeah i did nothing else but spamassassin and rbl filtering
[15:32:08] *** Dantix has joined #postfix
[15:32:55] <Dantix> hi!, are there a way to add domains with wildcards into transport table? for example: terra.*.*
[15:36:50] *** milligan_ has quit IRC
[15:37:07] <Dantix> sorry, silly question.... must read before ask :$
[15:37:10] *** Dantix has left #postfix
[15:39:40] *** pulsars has joined #postfix
[15:41:10] *** pulsars is now known as pulsar
[15:42:36] *** cjbmed has quit IRC
[15:43:52] *** Dantix has joined #postfix
[15:44:03] <Dantix> hi!, are there a way to add domains with wildcards into transport table? for example: terra.*.*
[15:44:35] <Alanin> deadpigeon: maybe that link can help you
[15:44:36] <Alanin> http://www.roedie.nl/wiki/index.php/Spam_Filtering_With_Postfix
[15:45:14] <deadpigeon> i appreciate any help.
[15:46:09] <Alanin> basicaly its the same i did
[15:46:20] <Alanin> but i used another tutorial
[15:46:26] *** brancaleone has joined #postfix
[15:49:28] *** Southron has quit IRC
[15:53:12] *** Southron has joined #Postfix
[15:58:01] *** Southron has quit IRC
[15:58:04] *** gencha_ has joined #postfix
[15:58:36] <gencha_> i don't quite understand the documentation on virtual_mailbox_limit regarding maildirs. so does it mean the whole maildir or any single file in the maildir?
[15:58:47] <gencha_> cause the documentation kinda sounds like the latter
[16:06:22] <xpoint> no its what maildir++ see as maildirsize
[16:08:54] *** Southron has joined #Postfix
[16:11:55] <Dantix> hi!, are there a way to add domains with wildcards into transport table? for example: terra.*.*
[16:12:41] *** sophokles2 has quit IRC
[16:13:24] *** bieb has joined #postfix
[16:13:47] <vice-versa> use a regexp or pcre table
[16:14:43] <Dantix> vice-versa: please give me an example of regexp
[16:15:36] <vice-versa> http://www.postfix.org/regexp_table.5.html
[16:16:05] <vice-versa> !docs
[16:16:06] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[16:16:25] <Dantix> vice-versa: thanks
[16:30:10] *** Alanin_ has joined #postfix
[16:39:26] *** bahadunn has joined #postfix
[16:39:33] <bahadunn> howdy
[16:40:33] <bahadunn> when sending an email from a mail client on the vorison network for example some people get the mail in their spam boxes even though it is not spam
[16:40:56] <bahadunn> when sending the same mail using instead webmail on the sending server itself the mail goes through no problem
[16:41:16] <xpoint> so use webmail
[16:41:18] <xpoint> :)
[16:41:39] <bahadunn> is there any way to fix it for the mail client on the server so that when the mail client sends it will go through without being thought as spam?
[16:42:12] <xpoint> na just kidding a little, problem is that webmail and client does not have same ip
[16:42:25] <bahadunn> right
[16:42:48] <bahadunn> the client's ip from verison gets flagged I think
[16:43:13] <xpoint> so for the client to send outside of the webmail "dig webmailhost" "host webmailip"
[16:43:15] <bahadunn> or their domain
[16:43:49] <bahadunn> xpoint: I dont understand
[16:44:16] <xpoint> myip.dk see that webpage and tell me what you have on it
[16:46:10] *** Alanin has quit IRC
[16:46:13] <bahadunn> 116.12.49.113
[16:46:17] <bahadunn> 113.49.12.116.in-addr.arpa
[16:46:36] <xpoint> thats might be the problem
[16:47:07] <bahadunn> what is the problem?
[16:47:59] <xpoint> no reverse dns ptr record that match a forward dns a record to that ip
[16:48:20] <bahadunn> when sending from the webmailhost there are no problems of the mail getting flagged
[16:48:48] <bahadunn> so that would affect a mail client on verison network who sends a mail through that mail server?
[16:48:50] <xpoint> http://www.robtex.com/ip/116.12.49.113.html#a1
[16:49:25] <xpoint> see the graph
[16:50:58] <bahadunn> I do not understand the graph
[16:51:17] <bahadunn> it is just an oval with the ip in it
[16:51:20] <xpoint> http://www.robtex.com/ip/80.166.75.18.html see this page so
[16:51:33] <bahadunn> ah
[16:51:49] <xpoint> now you see a diff ?
[16:51:53] <bahadunn> yes
[16:52:00] <xpoint> good :)
[16:52:21] <bahadunn> so if the ptr matches the a records for the host the client on any network should not have any issues?
[16:53:05] <xpoint> ask how to have this on the ip you have from verizon and you can send mail from homeserver
[16:53:16] *** Lap_64 has quit IRC
[16:53:26] <xpoint> but if the ip you have is dynamic, no go
[16:53:41] <bahadunn> it is dynamic
[16:53:51] <xpoint> then use dyndns
[16:54:03] <xpoint> dyndns.org that is
[16:54:17] <bahadunn> to do like a proxy sort of thing?
[16:54:36] <xpoint> or use verizon smtp servers
[16:55:10] <xpoint> !dynamic
[16:55:10] <knoba> xpoint: "dynamic" : If your server is using a dynamic IP, (DHCP leased IP address), you should consider using your ISP's SMTP server to relay for you as many dynamically assigned IP address spaces are listed within DNSBLs reducing the likelihood of successfully delivering mail to many servers. See the !relayhost factoid. If your ISP requires SASL auth see the !sasl & !saslclient factoids
[16:55:48] *** xDie has quit IRC
[16:56:21] <bahadunn> xpoint: what about if one could get a static ip?
[16:56:27] <bahadunn> xpoint: that might also solve the issue?
[16:57:19] <xpoint> if you have static ip, then setup a dns A record to that ip, and later ask isp to set the reverse dns ptr record, then you are proff
[16:58:49] <bahadunn> xpoint: thank you very much for your help
[16:59:00] <xpoint> np problem
[16:59:18] <seekwill> no problem problem?
[16:59:42] <xpoint> no problem, did wroung key here
[16:59:48] <seekwill> :)
[17:02:42] <xpoint> knoba, remember that DHCP olso can be static ip, so the howto is not that all good
[17:03:49] <seekwill> I don't know if you can talk to knoba like that...
[17:04:41] <xpoint> seekwill, :)
[17:04:56] *** orly0wl has quit IRC
[17:05:14] <xpoint> i know its a bot, but i hope who runs that bot will see my query here
[17:21:06] *** jeet522 has joined #postfix
[17:23:48] <jeet522> Hey guys, http://pastebin.com/m11e464f5 - is my postconf -n and at the bottom is showing an error im getting in my maillog. I am getting this nameserver error, not sure whats going on, I think it might be within the config file. I've checked my /etc/resolv.conf and also assured I can ping the hosts from a terminal, any ideas?
[17:24:57] *** m0f0x has joined #postfix
[17:32:24] <xpoint> jeet522, dns is not working on that box
[17:34:35] <jeet522> yes it is, im on it right now
[17:34:57] <jeet522> i switched 25 on the firewall back to the other server and forgot, that might have caused the problem
[17:35:06] <jeet522> cant get out via 25
[17:35:36] <vice-versa> that shouldn't cause a 'Name service error' though
[17:36:07] <jeet522> well any domain that have came in the queue as name service error (and this is every email after it gets scanned) gets that error
[17:36:11] <jeet522> i ping all the domains, and they reply fine
[17:36:14] <jeet522> or at least resolve
[17:37:25] <vice-versa> is your postfix using chrooted services?
[17:37:29] <jeet522> yep
[17:37:55] <jeet522> you think the chroot is screwed ?
[17:38:42] <vice-versa> you need a resolv.conf within the postfix chroot environment
[17:39:03] <jeet522> i ran that LINUX2 script inside examples, i figured that would have copied everything, let me check
[17:39:12] <vice-versa> !chroot
[17:39:13] <knoba> vice-versa: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems
[17:40:43] *** tombar has joined #postfix
[17:41:40] *** deadpigeon has quit IRC
[17:42:02] <jeet522> although right on the money vice-versa, thanks that was the issue
[17:42:14] <jeet522> why is it that LINUX2 didnt work properly i wonder
[17:42:26] <jeet522> this might be the issue why my relay_recipient_maps could not be functioning properly ?
[17:43:12] *** rouri has joined #postfix
[17:46:58] <jeet522> would relay_recipient_maps be an issue if your relay server and postfix server share the same domain name ?
[17:51:55] <vice-versa> relay_recipient_maps are optionally used for recipient address validation for domains listed in relay_domains (default: $mydestination)
[17:54:32] *** sfire||mouse has joined #postfix
[17:55:11] <jeet522> right, and if the domain in relay_domains is the same domain as my postfix server, wont they clash ?
[17:59:21] <mikeys> hello
[17:59:26] <mikeys> anayone around ???
[17:59:42] *** havvg has joined #postfix
[17:59:42] *** mikeys has left #postfix
[18:00:11] *** mikeys has joined #postfix
[18:00:20] <xpoint> according to Mr author of postfix chroot is stupid :)
[18:00:34] <jeet522> yea but its required to use postfix w/ mailscanner
[18:00:43] <mikeys> can anyone help me diagonse a spam issue..with my setup ?
[18:00:53] <xpoint> thats olso stupid
[18:01:07] <mikeys> i need to send an email..and if someone can go through their postfix logs and tell me what it says
[18:01:09] <jeet522> Mailscanner? or the fact that it needs to be jailed
[18:01:12] <mikeys> i would appriciate it.
[18:01:33] <mikeys> yahoo and google thinks my mail is spam and do not know why
[18:01:41] <mikeys> can i get an email ?
[18:01:48] <jeet522> have you checked the xbl/cbl ?
[18:02:19] <mikeys> hello
[18:02:23] *** bbs has joined #postfix
[18:02:38] <bbs> how hard is it to set up a basic server
[18:03:00] <xpoint> mikeys, http://myip.dk/ take you ip from there and go to http://www.robtex.com/ and test your ip from there, see the graph page
[18:03:01] <bbs> i want to setup a postfix mta and an imap server but i'm not sure which kind of imap server to use
[18:03:02] <mikeys> does anyone know of a way to diagonse how an email is being seen by the world?
[18:03:27] <mikeys> thanks xpoint
[18:03:41] <mikeys> but i do not think it is an issue with my ip on a blacklist..
[18:04:08] <mikeys> but a miss-configuration that is occuring..some header info .is not showing properly...
[18:04:17] <mikeys> so yahoo thinks it is spam
[18:04:30] <jeet522> setup DKIM
[18:04:38] <mikeys> ??
[18:04:44] <jeet522> dkim.org
[18:04:49] <jeet522> yahoo wont refuse you
[18:05:01] <mikeys> i do not understand ?
[18:05:13] <xpoint> mikeys, does your look like my here ?
[18:05:19] <xpoint> http://www.robtex.com/ip/80.166.75.18.html
[18:05:57] *** eanxgeek has left #postfix
[18:06:34] <vice-versa> jeet522: so your mta isn't the final destination for any domain, just a gateway?
[18:07:00] <jeet522> vice-versa : correct
[18:07:13] <jeet522> just taking everything in and pushing it to an exchange server
[18:08:15] *** mio has joined #postfix
[18:08:27] <jeet522> but when incoming msgs come it, it tells me, "user at domain dot com not found in recipient table" and rejects it, when clearly - its in the db
[18:08:31] *** nfi|ermes has joined #postfix
[18:08:45] <jeet522> i have it postmaped and i also have user@domain  OK
[18:09:52] <mikeys> hey..
[18:10:01] <mikeys> heloo
[18:10:05] <vice-versa> jeet522: on a relay gateway only you would typically disable local mail delivery completely
[18:10:13] <mikeys> oh..
[18:10:29] <mikeys> xpoint ...i do not get a record..like you do.
[18:10:46] <mio> Hey all, I need to create an alias for an adresse mail (user in ldap), how can I do that? just define an alias in /etc/aliases and postmap it?
[18:10:52] <mikeys> for dlink.junc.org
[18:12:50] <vice-versa> jeet522: iirc it's something like, mydeatination =   local_recipient_maps =   local_transport = error:This MTA does not accept local mail deliveries
[18:13:03] <jeet522> local_recipient_maps =
[18:13:09] <jeet522> just blank in my main.cf i think
[18:13:34] <vice-versa> check it, postconf local_recipient_maps
[18:13:47] <mikeys> hello xpoint
[18:13:48] <mikeys> you there
[18:15:18] <xpoint> mikeys, thats the problem you have, if you have static ip at home
[18:16:10] <jeet522> ya that was it
[18:16:11] <jeet522> perfect
[18:16:21] <jeet522> local_recipient_maps = , left blank
[18:17:12] <vice-versa> jeet522: to keep your gateway rfc compliment you'll have to make provisions for handling postmaster & abuse mail forwarding too
[18:17:40] <jeet522> where is that explained ?
[18:17:49] *** eanxgeek has joined #postfix
[18:18:20] <vice-versa> for rfc compliance or how to handle them on the mta?
[18:19:51] <jeet522> how to handle them on the mta, sorry
[18:20:18] <mio> anyone? aliases and stuff :)
[18:20:56] <vice-versa> jeet522: start with testing the postmaster account and see what happens
[18:21:57] <vice-versa> might be just as easy as setting up the account on exchange and adding it to relay_recipient_maps
[18:22:31] *** mio has quit IRC
[18:25:51] <jeet522> vice-versa : in my logs it tells me "postmaster account not available"
[18:26:04] <jeet522> and i got a bounceback
[18:26:27] <jeet522> should i just create postmaster/abuse accts on the exchange box and fwd to their respective places ?
[18:26:29] <xpoint> hopefully not a bounce
[18:26:39] <jeet522> yea it bounced, im gonna create the accts now
[18:26:46] <jeet522> ima kvm over 1sec
[18:26:48] *** x-spec-t has joined #postfix
[18:26:57] *** Spec has quit IRC
[18:27:01] <xpoint> no not a bounce, its a reject
[18:27:13] <vice-versa> jeet522: yeah, like I mentioned in my last comment
[18:27:23] *** rouri has quit IRC
[18:28:00] *** eanxgeek has quit IRC
[18:28:37] <xpoint> jeet522, http://www.rfc-ignorant.org/policy-postmaster.php http://www.rfc-ignorant.org/policy-abuse.php
[18:29:06] <jeet522> its brick cold in this server room
[18:29:18] <seekwill> Turn on the servers!
[18:29:49] <jeet522> heh
[18:30:21] <vice-versa> or turn off the ac
[18:30:40] <jeet522> wow vice-versa, thanks I have to take care of this on a few other boxes as well
[18:30:40] *** phnord has quit IRC
[18:30:51] <jeet522> i didnt know they block you for not having those accts
[18:30:54] <xpoint> or reverse the ac to take hot air into the room :)
[18:31:44] *** joelsolanki has joined #postfix
[18:31:46] <vice-versa> jeet522: yeah, it's actually quite common on Windows boxen for those accounts to be ignored unfortunately
[18:32:31] <joelsolanki> Hi friends
[18:32:32] <xpoint> vice-versa, bad excuses is olso common :)
[18:33:21] <joelsolanki> i was at my client place for installing server. postfix is used for sending mails with local mail routing feature.
[18:33:24] <vice-versa> yup, in all my years I can count on one hand how many Windows boxen actually accepted my complaints to the postmaster and or abuse role accounts :(
[18:33:29] *** zer0mdq has joined #postfix
[18:33:55] <jeet522> heh, thanks for all your help, much appreciated. im off to lunch :)
[18:33:56] <joelsolanki> and it uses fetchmail to fetch the mails from real mail server and deliver it thru local postfix.
[18:33:59] *** jeet522 has quit IRC
[18:34:40] <joelsolanki> fetchmail recieves email corectly but when delievering to local client i recieve this error in syslog
[18:34:43] <joelsolanki> mail for localhost loops back to myself in postfix
[18:34:51] <joelsolanki> what things should i check ?
[18:35:01] <joelsolanki> it says joel at localhost dot stergel.com
[18:35:19] <joelsolanki> any help plz
[18:35:32] <vice-versa> !loopback
[18:35:33] <knoba> vice-versa: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
[18:36:01] <joelsolanki> hmm
[18:36:59] <joelsolanki> i will test out :)
[18:38:08] <zer0mdq> i had a problem with exim, a friend told me to try postfix, and in only 3 commands i alredy have it runnig perfetly fine :D
[18:38:23] <joelsolanki> gr8
[18:38:38] <xpoint> knoba, or postfix running on NAT and miss proxy_interfaces=wan-ip if this miss in mynetworks
[18:38:58] <joelsolanki> i was using before sendmail and qmail lastly but then migraed to postfix and found it very easy / fast and stable
[18:43:12] *** HSorgYves has joined #postfix
[18:43:20] <HSorgYves> morning
[18:43:43] <vice-versa> not any more
[18:44:06] <HSorgYves> i have a security related question...
[18:44:40] <HSorgYves> the isp pt.lu in Luxembourg does not accept mail relayed to them if sent using a @pt.lu email
[18:44:50] *** growltiger has joined #postfix
[18:45:27] <vice-versa> what's their rational for that?
[18:45:42] <HSorgYves> i can rewrite the header using sender_canonical_maps; if i introduce a "password" in the rewrite rule, is that enough to not make my server an open relay?
[18:47:15] <HSorgYves> rational -> http://www.pt.lu/webdav/site/portailEPT/groups/DT_redacteurs/public/downloads/Politique%20e-mail.pdf
[18:48:41] <vice-versa> can you summarise it in English
[18:48:50] * vice-versa wonders what "introduce a "password" in the rewrite rule" means
[18:49:07] *** cratylus has joined #postfix
[18:49:26] <HSorgYves> vice-versa: it is in English further down, page 5
[18:50:04] <HSorgYves> vice-versa: something like /^([^ at ]+)@pt\ dot lu$/ $1+pt.lu+secure at hosting-skills dot org
[18:50:50] <HSorgYves> vice-versa: and then rewrite the emails ending in "+secure at hosting-skills dot org" back to the original sender
[18:52:39] *** rouri has joined #postfix
[18:57:37] *** Dantix has left #postfix
[18:58:31] <vice-versa> HSorgYves: ahh, so it's the opposite of what you stated
[18:58:52] <HSorgYves> ?
[18:59:55] *** githogori has quit IRC
[19:00:08] <vice-versa> You must have a @pt.lu From: address, the way you worded it it was the opposite
[19:00:32] *** sfire||mouse has quit IRC
[19:01:37] <HSorgYves> the problem is: user with user at pt dot lu sends mail to test at hosting-skills dot org which gets redirected to someone at pt dot lu and gets rejected
[19:01:57] *** Thorn_ has joined #postfix
[19:02:26] <HSorgYves> the solution is: rewrite user at pt dot lu (in the header) to user+pt.lu+password at hosting-skills dot org and redirect to someone at pt dot lu, then it gets delivered
[19:03:38] <HSorgYves> however if the mailbox is full (for example) there will be an error answer which doesn't get lost if i rewrite user+pt.lu+password at hosting-skills dot org back to user at pt dot lu and redirect the error message
[19:04:11] <vice-versa> sounds convoluted
[19:04:13] * vice-versa shrugs
[19:04:30] *** GoGi has joined #postfix
[19:04:38] <HSorgYves> the backdraw: every xxx+pt.lu+password at hosting-skills dot org will be redirected to xxx at pt dot lu which makes the mailserver an open relay (at least in theory)
[19:05:15] <seekwill> We love open relays
[19:05:22] <HSorgYves> vice-versa: easier solution?
[19:05:39] <HSorgYves> or is the solution acceptable?
[19:06:43] *** deadpigeon has joined #postfix
[19:06:49] <vice-versa> dunno, try describing the problem without injecting any theoretical solutions
[19:07:13] <HSorgYves> the problem is: user with user at pt dot lu sends mail to test at hosting-skills dot org which gets redirected to someone at pt dot lu and gets rejected
[19:08:13] <HSorgYves> seekwill: *smile*
[19:08:45] <vice-versa> apparently the redirection is the issue then
[19:08:51] *** rpaddock has quit IRC
[19:09:21] <HSorgYves> no the problem is that the mailserver of pt.lu does only accept mail from @pt.lu if the user is on their ip network
[19:10:32] <vice-versa> which sounds like a sane policy to me, especially if it's a residential broadband service provider
[19:13:00] <HSorgYves> well that is unchangeable unfortunately
[19:14:11] <vice-versa> ...hence you're forced to use them as your relay host due to port 25 port blocking policies too
[19:14:35] <HSorgYves> no, this is not about relay host
[19:14:44] <vice-versa> oh
[19:16:01] *** nfi|ermes has quit IRC
[19:17:28] *** pitakill has joined #postfix
[19:20:37] <vice-versa> well maybe someone else will have a better grasp of what the actual problem is and suggest an amicable solution
[19:20:44] * vice-versa just isn't comprehending it
[19:23:32] *** randra has quit IRC
[19:24:30] *** bachis has joined #postfix
[19:25:07] <sysmonk> requres some black voodoo magic
[19:25:56] <vice-versa> and a dash of magic mx dust
[19:26:34] <seekwill> I have a black cat
[19:26:36] * sysmonk didn't read the full problem description, so i don't know which dust is required
[19:26:43] <rob0> magic.type = voodoo ; magic.color = black ; magic.dust = mx
[19:26:43] <sysmonk> seekwill: damn, i have a white one
[19:26:48] <sysmonk> seekwill: white power!
[19:27:23] <sysmonk> rob0: doh, we're talking about postfix! use postconf -e !
[19:27:37] <sysmonk> and _ not .
[19:27:46] <vice-versa> seekwill: ha, funny you should mention that, we have a black cat that's been hanging around for the last week or so
[19:27:51] <sysmonk> oh, you could also use _maps ...
[19:27:58] <seekwill> vice-versa: feed it
[19:28:40] <HSorgYves> anyone willing to comment on my solution?
[19:28:54] <sysmonk> HSorgYves: problem or solution?
[19:29:29] <HSorgYves> sysmonk: both, the risk i am going with my solution, is it acceptable?
[19:29:36] <vice-versa> seekwill: yeah, was trying to avoid that, just started to the other night as it's getting lethargic and thin :(
[19:29:50] <sysmonk> ah, then i have to read all the way up, and i'm not into it :P
[19:30:08] * sysmonk powers up his mplayer /data/tor/....
[19:30:44] <seekwill> vice-versa: Feed it to the magic brew
[19:30:47] <HSorgYves> sysmonk: did you get my problem? then i might summarize the solution?
[19:31:01] *** Thorn__ has joined #postfix
[19:31:02] *** joelsolanki has quit IRC
[19:31:07] *** magyar_ has quit IRC
[19:33:05] *** pitakill has quit IRC
[19:33:32] <vice-versa> seekwill: hmm, good idea, maybe I should just get it drunk and it might get into a scrap and run away and or just wander off in a drunken stooper
[19:37:59] <vice-versa> gah, I see some botnet has broken yahoo and hotmail's captcha's yet again :(
[19:38:38] <seekwill> Yeah, feed the poor kitty :(
[19:39:52] <vice-versa> seeing shit like JABUU8 at hotmail dot com, RI1KU7 at hotmail dot com, Y4AEGE0 at yahoo dot com, DPDCCUI at yahoo dot com etc. etc.
[19:40:06] <seekwill> heh
[19:40:37] <HSorgYves> seekwill: if i rewrite headers from $1 at pt dot lu to $1+pt.lu+password at mydomain dot com and if i get a message ending in $1+pt.lu+password at mydomain dot com back to $1 at pt dot lu; which risk am i going to get abused as open relay?
[19:40:38] *** pirho has quit IRC
[19:40:43] *** magyar_ has joined #postfix
[19:41:52] *** Haris_ has joined #postfix
[19:42:07] *** pirho has joined #postfix
[19:42:25] <vice-versa> ahh, looks like MS has finally gotten wise to it
[19:43:15] *** neoXite has quit IRC
[19:43:52] <vice-versa> starting to see '550 Requested action not taken: mailbox unavailable' for address validation
[19:45:03] *** Thorn_ has quit IRC
[19:46:01] *** WildPikachu has joined #postfix
[19:46:28] <WildPikachu> hi guys, quick question ..... how would I get   root+spam  to end up in root's mailbox if I use virtual delivery
[19:46:43] <WildPikachu> I think I"m missing something
[19:48:42] <Entroacceptor> wtf?
[19:48:57] <Entroacceptor> I just found mail in /var/mail/
[19:49:08] <Entroacceptor> but configured postfix to send it to ~/Maildir
[19:49:44] <Entroacceptor> and the maildirs work
[19:49:58] * Entroacceptor is confused
[19:50:38] <HSorgYves> a short question: if i rewrite $1 at pt dot lu to $1+pt.lu+password at mydomain dot com using sender_canonical_maps and then $1+pt.lu+password at mydomain dot com back to $1 at pt dot lu; how big is the risk to get abused as open relay for xxx at pt dot lu?
[19:51:14] <vice-versa> Entroacceptor: who's the mail for in /var/mail?
[19:51:44] <Entroacceptor> it's for two users
[19:52:15] <Entroacceptor> one of them is me
[19:52:21] <Entroacceptor> and I do get my mails into the maildir
[19:52:32] <vice-versa> do they predate the configuration change?
[19:52:38] <Entroacceptor> no...
[19:52:48] <Entroacceptor> this config's running for two years now
[19:53:20] <Entroacceptor> I've had some problems with the server a few weeks ago
[19:53:38] <Entroacceptor> but didn't change the postfix conf until a week ago, because Mailman stopped working
[19:54:06] <Entroacceptor> and the mail is from before that
[19:54:30] <Entroacceptor> it's only two mails each
[19:54:34] <Entroacceptor> but still...
[19:55:08] <vice-versa> trace them in your mail logs
[19:56:53] <vice-versa> and pastebin some headers and see if anyone else can make something of them
[19:57:43] *** LordDicranius has joined #postfix
[19:59:20] <Entroacceptor> will do if I find them...
[20:00:53] *** dan__t has joined #postfix
[20:00:56] <Alanin_> hi there - is there a way to find out how other servers "see" my server when communication with em? to find out why my server is added to cbl when sending out mails
[20:01:18] *** Haris________ has quit IRC
[20:02:34] *** muecke77 has joined #postfix
[20:03:59] <vice-versa> Alanin_: what's you host and or ip?
[20:04:07] <vice-versa> *your
[20:04:08] *** bachis has quit IRC
[20:04:14] <Alanin_> 217.20.112.191
[20:04:30] <Alanin_> or 217-20-112-191.internetserviceteam.com
[20:04:45] <Alanin_> have that set as hostname and reversedns
[20:05:08] <vice-versa> I don't see it listed in the cbl
[20:05:23] <Alanin_> yeah, i delisted it
[20:05:26] <Alanin_> this morning
[20:05:31] <vice-versa> ahh
[20:05:35] <Alanin_> checking my server the whole day
[20:05:48] <Alanin_> got listed in the last days several times
[20:06:10] <Alanin_> and the timestamps match outgoing mails in my mail.log
[20:06:29] <Alanin_> and most of these mails i've sent myself not containing spam
[20:06:53] *** githogori has joined #postfix
[20:06:57] <vice-versa> well that host name/ptr may cause issues in a scoring policy
[20:07:55] *** Zeit|awy_ has joined #postfix
[20:08:18] <vice-versa> but obviously you've found some correlation
[20:08:38] <Alanin_> yeah
[20:08:50] <Alanin_> i think (and hope) its the hostname stuff
[20:09:07] <Alanin_> cause then i can do something
[20:09:21] <Alanin_> checked for virus and worm several times today and over night
[20:10:07] <vice-versa> well if you won't/can't share your findings then it's just going to be speculation from us
[20:10:24] <Alanin_> yeah, true
[20:10:56] *** pitakill has joined #postfix
[20:11:05] <Alanin_> i am going to watch it
[20:11:34] <Alanin_> thank you
[20:12:33] <vice-versa> yw
[20:12:48] <Alanin_> btw: should mydomain and myhostname set to that 217-20-...internetserviceteam.com, like the reverse dns?
[20:13:23] <Alanin_> and the hostname
[20:13:59] *** Zeit|awy has quit IRC
[20:14:11] <vice-versa> well it's good practice to have the ptr match your A and ehlo/helo
[20:14:16] <vice-versa> !ehlo
[20:14:17] <knoba> vice-versa: "ehlo" : The domain name given in the EHLO or HELO command MUST be either a host name that is resolvable to an DNS Resource Record address, or an IP address literal.
[20:15:09] <Alanin_> and that helo is the thing the servers tells the other server who it is
[20:15:13] <Alanin_> kinda...
[20:15:45] <vice-versa> no kinda about it, that's exactly what it is ;)
[20:15:59] <Alanin_> ok, cool
[20:16:12] <Alanin_> where can i find out which helo its using? or set it?
[20:17:11] *** HSorgYves has quit IRC
[20:17:16] <vice-versa> but something that looks generic and or dynamic I can guarantee will have issues
[20:17:44] <Alanin_> could that 217-20-112-191.internetserviceteam.com work?
[20:17:53] <Alanin_> or should i change that whole stuff to a domain i am using?
[20:18:12] <Alanin_> (sorry for that whole bunch of questions)
[20:18:28] <vice-versa> 220 217-20-112-191.internetserviceteam.com ESMTP Postfix (Debian/GNU)
[20:18:59] <vice-versa> so yeah, 217-20-112-191.internetserviceteam.com is currently the hostname
[20:19:10] <vice-versa> I would change it
[20:19:19] <Alanin_> kk
[20:19:41] <Alanin_> so i change it to any of my domains being connected to my server
[20:20:01] <adaptr> it should be set to a domain that resolves to the actual IP of the machine
[20:20:10] <adaptr> and preferably also the main mail domain of the machine
[20:20:20] <Alanin_> k - then it will be alanin.de
[20:20:28] <Alanin_> and i will set the reversedns to it aswell
[20:20:28] <adaptr> in particular, it MUST be the same as the MX record for that domain
[20:20:32] *** Spec has joined #postfix
[20:20:37] <vice-versa> right, with the ptr also matching if at all possible
[20:20:40] <adaptr> that is the only actual requirement per the RFC
[20:21:04] <adaptr> mailhost.domain.com is an MX record for domain.com
[20:21:16] <adaptr> otherwise, you won't GET any mail
[20:23:25] <Alanin_> ok
[20:23:40] <Alanin_> recieving mails wasnt a problem yet
[20:23:45] <adaptr> forget about reverse DNS for now
[20:24:01] <adaptr> what is the MX set to then ? the IP address ?
[20:24:11] <adaptr> that is bad form at best, and stupid at worst
[20:24:18] <adaptr> an MX record MUST be a FQDN
[20:24:25] * seekwill violates adaptr's RFCs
[20:24:29] <vice-versa> !mxrecord
[20:24:30] <knoba> vice-versa: "mxrecord" : a DNS resource record specifying a host name that Internet mail for a recipients' domain is to be routed to. The host name assigned to the MX record must have a corresponding A record, not a CNAME, and the A record must not resolve to an IP address. A domain can have multiple exchangers with multiple MX records having varying levels of priority
[20:24:31] <adaptr> most people do
[20:24:46] <adaptr> knoba--
[20:24:51] <adaptr> MUST NOT resolve to an IP ?!?
[20:25:00] <adaptr> somebody better correct that
[20:25:47] <Alanin_> 217-20-112-191:~# host alanin.de
[20:25:47] <Alanin_> alanin.de has address 217.20.112.191
[20:25:47] <Alanin_> alanin.de mail is handled by 10 mail.alanin.de.
[20:26:13] <seekwill> adaptr: lol
[20:26:17] <Alanin_> so i make it mail.alanin.de? or is alanin.de enough??
[20:26:33] <vice-versa> adaptr: correct what, the character case?
[20:26:51] *** BuenGenio_ has joined #postfix
[20:27:03] <vice-versa> adaptr: nm, see it now
[20:27:11] <adaptr> vice-versa: "the A record must not resolve".. need I go on ?
[20:27:12] *** neoXite has joined #postfix
[20:27:21] <adaptr> there is but ONE thing an A record can ever do
[20:27:43] <adaptr> Alanin_: the MX looks fine
[20:28:07] <adaptr> so the machine running postifx should be something.alanin.de and postfix should be told that its name is mail.alanin.de
[20:28:08] <Alanin_> ok, then i will change the reverse dns to alanin.de aswell
[20:28:12] <adaptr> no
[20:28:22] <adaptr> the reverse DNS should point to the mail HOST
[20:28:34] <Alanin_> yeah, its just one machine
[20:28:35] <adaptr> pointing it to a wildcarded domain 9which this essentially is) is pointless
[20:28:56] <Entroacceptor> it works for me...
[20:29:08] <Entroacceptor> unserver.de has a IN A to the IP address
[20:29:12] <Entroacceptor> and a MX of unserver.de
[20:29:28] <adaptr> I never said it doesn't work
[20:29:40] <adaptr> sssh, I'm trying to educate here!
[20:29:55] <vice-versa> adaptr: I guess a better description would be, "the A record must not be an IP address litereral"
[20:30:03] <adaptr> also wrong
[20:30:13] <adaptr> because an A record cannot be anything BUT a literal IP
[20:30:31] <adaptr> the MX *record* MUST contain a FQDN
[20:30:43] <adaptr> and that FQDN MUST resolve to an actual IP, and not be a CNAME
[20:30:44] <Entroacceptor> adaptr: so, WHY is it better to make an artificial mail.unserver.de name?
[20:30:46] <adaptr> that's what the RFCs say
[20:31:04] <adaptr> Entroacceptor: to give you some flexibility for future use
[20:31:28] <adaptr> and the ability to give that machine another real DNS name if so required
[20:32:06] *** denis_ has joined #postfix
[20:32:23] <adaptr> since the reverse PTR thing is NOT a requirement, this allows you to name the machine www.domain.co (including real reverse DNS), and tell postfix to advertise itself as mail.domain.com; by just setting an additional A record to mail.domain.com you have a fully valid email system with two hostnames
[20:32:49] <adaptr> postfix is not a nazi; it doesn't care if its real name matches its HELO
[20:34:26] <Alanin_> ok, i have changed everything to mail.alanin.de
[20:34:32] <Alanin_> reversedns is alanin.de now
[20:34:36] *** neoXite has quit IRC
[20:34:42] *** neoXite has joined #postfix
[20:34:51] <Alanin_> hope that keeps my ip away from cbl
[20:35:15] <Alanin_> a realy big thank you all
[20:35:32] *** niki has joined #postfix
[20:36:22] *** growltiger has quit IRC
[20:36:35] *** growltiger has joined #postfix
[20:37:39] <Entroacceptor> I can see the future use, yes
[20:37:42] <adaptr> if any MTA checks your reverse NDS then it will FAIL, and if it doesn't check it then setting it serves no purpose
[20:38:06] <adaptr> so, Alanin_ - IFF you decide to match the reverse DNS, it should *match*
[20:38:12] <Alanin_> ok
[20:38:13] <Alanin_> sorry
[20:38:22] <adaptr> why ?
[20:38:31] <adaptr> you didn't offend me in any way :)
[20:38:42] <Alanin_> :)
[20:38:46] <Alanin_> oh guys you rock
[20:38:48] <Alanin_> fixed that
[20:39:06] <Alanin_> its mail.alanin.de now
[20:41:25] *** WildPikachu has left #postfix
[20:41:28] *** neoXite has quit IRC
[20:42:23] <Alanin_> but i have to say that this cbl problem had some advantages
[20:42:53] <Alanin_> took the time to fix my ssl certificates and the imap server stuff
[20:44:12] *** Spec has quit IRC
[20:44:14] *** BuenGenio has quit IRC
[20:44:14] *** CelticSoul has joined #postfix
[20:44:15] *** x-spec-t has quit IRC
[20:44:29] *** Spec has joined #postfix
[20:45:57] *** havvg has quit IRC
[20:46:19] <vice-versa> adaptr: I think I know what it's try to say now, s/A/MX/
[20:47:12] <adaptr> maybe
[20:47:47] <CelticSoul> Hi guys, this is my first time with postfix, is there a reason why when I telnet to my mail server on port 25 and HELO or EHLO the server replies nothing?
[20:48:13] <seekwill> Did you get a banner?
[20:48:46] <seekwill> What's the address to your server?
[20:48:50] <growltiger> you should type your hostname after ELHO
[20:49:08] <CelticSoul> growltiger, yes I did type it
[20:49:43] <CelticSoul> after telnet, I got something like: ..... Escape character is '^]'.
[20:49:44] <vice-versa> adaptr: as in host -t mx example.com shouldn't come back with 'example.com                MX       10 92.112.71.178'
[20:50:06] <seekwill> You're not connected
[20:50:12] <seekwill> I take that back
[20:50:17] <CelticSoul> seekwill, ngochai.homelinux.org
[20:50:44] <seekwill> CelticSoul: I get a connection refused. Sounds like postfix isn't running
[20:51:10] <seekwill> Or listening to the public
[20:51:31] <CelticSoul> seekwill, nmap showes me smpt is on port 25, my server is on DMZ
[20:51:47] <seekwill> I'll let you figure it out :)
[20:51:59] <adaptr> CelticSoul: nmap from WHERE ?
[20:52:05] <adaptr> (ding!)
[20:52:15] <CelticSoul> adaptr, nmap from local
[20:52:25] *** pulsar has quit IRC
[20:52:38] <growltiger> i can connect to it
[20:52:38] <adaptr> CelticSoul: wrong answer
[20:53:24] <CelticSoul> http://canyouseeme.org does tell me that my server is replying on port 25
[20:53:36] <seekwill> uh
[20:53:56] <growltiger> Connected to ngochai.homelinux.org.
[20:53:56] <growltiger> Escape character is '^]'.
[20:54:07] <growltiger> then nothing
[20:54:13] <adaptr> CelticSoul: what is your smtpd_banner set to ?
[20:54:15] <seekwill> Hmm..works for me now
[20:54:18] <vice-versa> adaptr: so have the wording change to, "and the MX record must not be an IP address literal"
[20:54:21] <seekwill> err... I get tha too
[20:54:46] <CelticSoul> ah ha, I need to set the banner stuff?
[20:54:55] <CelticSoul> ok, will try that then
[20:54:58] <CelticSoul> thank you guys
[20:55:26] <adaptr> no... there is no postfix SMTPD listening on port 25
[20:55:51] <adaptr> who wants to bet it's not even going to his machine
[20:56:57] *** Thorn__ has quit IRC
[20:57:14] <seekwill> :)
[20:57:41] *** MalMen has joined #postfix
[20:57:43] <MalMen> hello
[20:57:48] <adaptr> I'm not judging mind, merely inviting ridicule
[20:57:58] <MalMen> anyone can help me to configure courier + postfix to login on ldap users please ?
[20:58:06] *** TGM has joined #postfix
[20:58:07] <adaptr> postfix does not log in
[20:58:10] <adaptr> ergo, no
[20:58:15] <vice-versa> !mxrecord
[20:58:16] <knoba> vice-versa: "mxrecord" : a DNS resource record specifying a host name that Internet mail for a recipients' domain is to be routed to. The host name assigned to the MX record must have a corresponding A record, not a CNAME and the MX record must not be an IP address literal. A domain can have multiple exchangers with multiple MX records having varying levels of priority
[20:58:44] <vice-versa> better?
[20:58:54] <adaptr> vice-versa: now it's redundant and less clear... sorry
[20:59:09] <vice-versa> meh
[20:59:09] <adaptr> "The hst name assigned to the MX record" already says eerything that needs to be said
[20:59:10] <Alanin_> btw is there any problem, when i just forward mails to other servers via my own mailserver?
[20:59:20] <adaptr> Alanin_: from whom ?
[20:59:29] <adaptr> yes, there may be big problems
[20:59:38] <adaptr> it's known as "spam", perhaps you've heard of it
[21:00:08] <Alanin_> i had some adresses configured that just forward the mail to several other external mailboxes
[21:00:17] <Alanin_> but are spamchecked before
[21:00:22] *** Pinchiukas has left #postfix
[21:00:26] <Alanin_> so i dont forward everything
[21:00:36] *** pulsar has joined #postfix
[21:00:42] <Alanin_> so better not to do
[21:02:09] <MalMen> can  i get help here to configure courier ?
[21:02:12] <Alanin_> so ppl will have to get their mail direct from my server instead of having them forwared to their privat boxes
[21:02:13] <MalMen> i am getting that error: Oct 24 20:49:40 mail authdaemond: ldap_simple_bind_s failed: Can't contact LDAP Server
[21:03:04] <TGM> google it, I found it on google by mistake yesterday
[21:03:12] *** GoGi has quit IRC
[21:03:24] *** jeffspeff has joined #postfix
[21:04:18] *** jeffspeff2 has quit IRC
[21:05:52] <adaptr> Alanin_: forwarding individual users' mail is fine, of course, since you already control their mail
[21:06:54] <Alanin_> i stopped that for now and will reactivate it, if i can be sure that the cbl problem is fixed
[21:07:15] <adaptr> I never saw what "the cbl problem" actually was
[21:07:25] <adaptr> so I'm going to consider it fixed by default
[21:07:47] <Alanin_> i do hope so, i got listed on cbl with sending normal emails
[21:08:02] <Alanin_> not spammy emails
[21:08:41] *** magyar has quit IRC
[21:09:10] *** JustMe13 has joined #postfix
[21:10:03] <JustMe13> Should postfix be logging connections refused because smtpd_client_connection_count_limit is reached?
[21:11:10] <JustMe13> The remote site is getting Error: too many connections but I don't see anything in my logs.
[21:13:39] *** denis_ has quit IRC
[21:15:03] <TGM> how do I generate /etc/postfix/ virtual ?
[21:16:25] <cite> I'd suggest using a text editor.
[21:17:02] <adaptr> JustMe13: you're confusing at least 3 things
[21:17:08] *** pitakill has quit IRC
[21:17:50] *** Emmett has quit IRC
[21:17:56] *** wdp has joined #postfix
[21:17:58] <wdp> ehlo
[21:17:59] <JustMe13> What am I confusing?
[21:18:17] <wdp> someone here gave me a line how to remove double-bounces from the queue ago some weeks
[21:18:28] <wdp> i lost my chat logs.. someone know how?
[21:18:31] <adaptr> JustMe13: an SMTP*D* cannot SEND mail
[21:18:47] <wdp> C50CF51A28     1403 Fri Oct 24 21:18:41  double-bounce at gw dot example.com
[21:18:58] <wdp>                                          postmaster at gw dot example.com
[21:18:59] <adaptr> oh, you mean postfix is giving the remote site that error
[21:19:01] <wdp> wanna delete those.
[21:19:05] <adaptr> then it will be in the logs
[21:19:28] <wdp> it's due to some mistake i made.. and : -- 24045 Kbytes in 18778 Requests. -- bit much :>
[21:19:31] <JustMe13> Someone is trying to send email to my servers.   They are getting too many connections.
[21:19:42] <cite> wdp: The example is in man postsuper...
[21:19:46] <wdp> cite, ty
[21:19:46] <adaptr> man postsuper
[21:19:49] <JustMe13> I don't see it in my logs, but I thought I should
[21:20:02] <adaptr> JustMe13: that fact WILL be in your logs, IFF postfix is doing the refusing
[21:20:04] <sysmonk> wdp: mailq | grep 'double-bounce at gw dot example.com' | awk '{print $1}' | sed -e 's/*//' | xargs -n 1 postsuper -d
[21:20:11] <vice-versa> wdp: think that was me, a delete from queue by string one-liner I use
[21:20:12] <wdp> ah yes
[21:20:15] <wdp> it was something like that.
[21:20:17] <wdp> sysmonk,
[21:20:18] <wdp> :)
[21:20:36] <sysmonk> wdp: that's limited to your imagination :P
[21:20:48] <JustMe13> adaptr: That's what I thought.  I counted and they are hitting the limit, but no log message.
[21:22:09] <adaptr> JustMe13: up the debug level, perhaps it's filtered now
[21:22:30] <wdp> sysmonk, anyway, ty ;)
[21:22:49] <TGM> can anybody give me a hand to fix this? http://pastebin.ca/1235895
[21:22:54] <cite> adaptr: Nope, the default minimum loglevel (which you can only increase by adding "-v" to a service) will log that.
[21:23:48] <cite> JustMe13: You are either not looking hard enough (try grep reached $maillog) or have syslog set up so that warnings/errors go to a different file or are filtered on a per string basis.
[21:23:58] <JustMe13> What is a reasonable value for smtpd_client_connection_count_limit for a server doing 2mil messages per day
[21:24:37] <vice-versa> TGM: I would say you're missing the table type prefix for the related parameter in main.cf
[21:25:16] <vice-versa> ie, hash:/etc/postfix/virtual if it's a db hash table
[21:25:47] <cite> JustMe13: That depends on how often you run out of free smtpd processes...
[21:25:49] <TGM> it's default conf
[21:26:07] <vice-versa> TGM: from what?
[21:26:19] *** Mr_O has joined #postfix
[21:26:24] <JustMe13> cite: Very rarely, I allow 600
[21:26:45] <TGM> from postfix-2.5.1-i486-1kjz.tgz
[21:26:50] <TGM> i didn't touched the db tables
[21:26:55] <adaptr> JustMe13: some calculation will tell you
[21:27:25] <Mr_O> hi
[21:27:27] *** m0f0x is now known as colesterol_dog
[21:27:32] <adaptr> 2M/day at 50% utilization (which is high) means approx. 50 connections per second
[21:27:34] <vice-versa> TGM: it's not a standard postfix default, must be distro specific
[21:28:05] <adaptr> if the mail is all spam-checked etc then each mail could take up to 5 or 10 seconds to process, meaning you will need 250~500 listeners
[21:28:10] <vice-versa> TGM: pastebin the output from, postconf -n
[21:28:14] <TGM> I use slackware
[21:28:20] <TGM> hold on
[21:28:50] <TGM> here http://pastebin.ca/1235901
[21:28:58] <JustMe13> Avg connection rate is 1300/min
[21:29:32] <vice-versa> TGM: does /etc/postfix/virtual exist?
[21:29:54] <JustMe13> Peak is 9000/min or 150/sec
[21:30:33] <cite> JustMe13: Set it to 50. 50 is fine.
[21:30:36] <TGM> yes, but only commented lines
[21:30:41] <TGM> no real conf
[21:31:09] <vice-versa> TGM: is there a corresponding /etc/postfix/virtual.db?
[21:31:12] <JustMe13> So one site using 1/12 of my capacity seems OK?
[21:31:25] *** pulsar has quit IRC
[21:31:25] <TGM> yes it is
[21:31:44] <JustMe13> I had it set at 10, but I'm getting legitimate servers exceeding it.
[21:31:49] <cite> JustMe13: Sure, why not? I mean, the world doesn't come to an end if some clients get delayed or lose connection after CONNECT:
[21:31:56] <vice-versa> TGM: then it should be virtual_alias_maps = hash:/etc/postfix/virtual
[21:32:09] <JustMe13> They should be connecting once and sending 100 messages instead of connecting 100 times, but I cannot control that.
[21:32:10] <cite> And if you don't run out of free smtpd processes often...
[21:32:19] <adaptr> JustMe13: yes, you can
[21:32:44] <TGM> in main.cf ?
[21:33:00] <JustMe13> adaptr I can limit them, but I cannot make the send multiple message in one SMTP session.
[21:33:06] *** rouri has quit IRC
[21:33:11] *** rouri has joined #postfix
[21:33:14] <vice-versa> TGM: Yes, I think the package maintainers foobared the conf
[21:33:19] <adaptr> !smtpd_client_connection_count_limit
[21:33:20] <knoba> adaptr: "smtpd_client_connection_count_limit" : a configuration parameter in the main.cf: How many simultaneous connections any SMTP client is allowed to make to the SMTP service. By default, the limit is set it to half the default process limit value.
[21:33:30] <TGM> ok, 2 sec
[21:33:50] <adaptr> that's *simultaneous* connections, mind you - set it to 10 or so, and they will start getting a lot of WAITs
[21:33:52] <JustMe13> cite:  Except when your customers want to know when it is taking 36 hours for their email to be delivered.
[21:34:24] <JustMe13> adaptr: Yes, that is what is happening now.
[21:34:38] <cite> JustMe13: That would only happen _if_ you ran out of free smtpd processes frequently. You said this doesn't happen too often.
[21:34:53] <TGM> added and restarted, but on postconf -n is still virtual_alias_maps = /etc/postfix/virtual
[21:35:16] <cite> JustMe13: So, set it to 50. There is a reason that the Postfix's default is 50% of the (default) process limit.
[21:35:18] *** pulsar has joined #postfix
[21:35:31] <TGM> same error
[21:35:31] <adaptr> TGM: restarted or reloaded ?
[21:35:35] <TGM> yes
[21:35:39] <TGM> postfix reload
[21:35:41] <vice-versa> TGM: are you sure you saved your changes?
[21:35:41] <adaptr> no
[21:35:45] <adaptr> restart
[21:35:48] *** muecke771 has joined #postfix
[21:36:06] <TGM> yes, in main.cf I added virtual_alias_maps = hash:/etc/postfix/virtual
[21:36:09] <cite> TGM: try postconf -e 'virtual_alias_maps = hash:/etc/postfix/virtual'
[21:36:16] <TGM> sec
[21:36:20] <JustMe13> cite How would I set it to 10 when the system is stressed?  I do not recall how to set stress settings?
[21:36:31] <TGM> postconf: warning: /etc/postfix/main.cf: multiple entries for "virtual_alias_maps"
[21:36:37] * vice-versa thinks there may be more then one occurrence
[21:36:42] <TGM> hold on
[21:36:51] <cite> JustMe13: smtpd_client_connection_count_limit = ${stress:10:50}
[21:37:12] <JustMe13> cite Sweet!  Thanks.
[21:37:19] <cite> JustMe13: STOP
[21:37:32] <cite> JustMe13: It's smtpd_client_connection_count_limit =  ${stress?10}${stress:50}
[21:38:00] <JustMe13> cite That doesn't scan to me
[21:38:08] <TGM> finaly, it's started up
[21:38:13] <TGM> still not working tough
[21:38:40] <cite> JustMe13: Just believe me, copy/wasted that from my own main.cf
[21:39:08] <JustMe13> cite: OK.   Is that in a man page?   I cannot find it.
[21:39:10] *** LordDicranius has quit IRC
[21:39:13] <TGM> new errors http://pastebin.ca/1235913
[21:39:17] <TGM> off
[21:39:17] <Mr_O> is there a clean method to have postfix saying : i'm busy try again later ?
[21:39:29] <cite> JustMe13: There is a STRESS_README and this is standard
[21:39:30] <cite> ain.cf notation
[21:40:22] <vice-versa> TGM: it's basically the same thing, just a different parameter and source
[21:40:37] <TGM> yes, i figure it out
[21:40:41] <TGM> added and restarted
[21:40:54] <TGM> ty
[21:41:03] <vice-versa> yw
[21:41:07] <TGM> btw
[21:41:15] <TGM> I got this now fatal: open database /etc/postfix/aliases.db: No such file or directory
[21:41:36] <vice-versa> newaliases
[21:41:37] <JustMe13> Do some of the defaults changes when stress is set?
[21:41:56] <cite> JustMe13: No.
[21:42:17] <TGM> omg, i think it works :D
[21:42:17] <JustMe13> Ok, I thought I saw something about that a while ago.
[21:42:35] <TGM> a damn,no postfix/smtpd[32652]: fatal: open database /etc/postfix/aliases.db: No such file or directory
[21:42:41] <TGM> newaliases didn't work
[21:44:44] <vice-versa> TGM: hmm, find /etc/ -name aliases*
[21:44:51] <cite> TGM: What is the output of postconf alias_maps && postconf alias_database
[21:45:12] <TGM> alias_maps = hash:/etc/postfix/aliases
[21:45:12] <TGM> alias_database = hash:/etc/aliases
[21:45:41] <vice-versa> cite: fwiw you can use multiples with postconf
[21:45:51] <vice-versa> postconf alias_maps alias_database
[21:45:59] <cite> TGM: Do postconf -e 'alias_database =  hash:/etc/postfix/aliases' && [ -f /etc/aliases ] && cp /etc/aliases /etc/postfix && newaliases
[21:46:07] <cite> vice-versa: Thanks, never tried/needed that one.
[21:46:58] <cite> TGM: Or, even better:  postconf -e 'alias_database =  hash:/etc/postfix/aliases' && [ -f /etc/aliases ] && ln -s /etc/aliases /etc/postfix/ ; newaliases
[21:47:06] <TGM> postconf -e 'alias_database =  hash:/etc/postfix/aliases' && [ -f /etc/aliases ] && cp /etc/aliases /etc/postfix && newaliases
[21:47:08] *** muecke772 has joined #postfix
[21:47:09] <TGM> did the trick
[21:47:16] <TGM> all ok now started
[21:47:19] <TGM> ty very mutch
[21:47:49] <TGM> now I just have to figure out the (unknown mail transport error)'s
[21:49:34] *** havvg has joined #postfix
[21:49:34] <vice-versa> TGM: now that you've made it this far we'd like to introduce you to !basic, !standard and !docs
[21:49:37] <vice-versa> !basic
[21:49:37] <vice-versa> !standard
[21:49:37] <vice-versa> !docs
[21:49:38] <knoba> vice-versa: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[21:49:39] <knoba> vice-versa: "standard" : Your question is probably answered in http://www.postfix.org/STANDARD_CONFIGURATION_README.html
[21:49:40] <knoba> vice-versa: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[21:50:26] <cite> knoba: fwiw, you can do a "!tell user factoid"
[21:50:49] <TGM> I'll get to reading then :D
[21:50:52] <TGM> thank you
[21:50:57] <vice-versa> yeah that got screwed up recently
[21:51:07] <adaptr> cite: is that stress trick in 2.5 or earlier ?
[21:51:09] <cite> !tell vice-versa basic
[21:51:22] <vice-versa> right, private msg
[21:51:26] <cite> adaptr: 2.5, there are patches for 2.4
[21:51:34] <adaptr> thought so, never seen it yet :)
[21:52:03] <TGM> tnk alot guys, mutch appreciated!
[21:52:48] *** muecke77 has quit IRC
[21:54:14] <vice-versa> cite: Signum changed it from private to in channel to user as some don't see the private messages but it somehow got reverted along with the loss of a few new commands he added recently
[21:54:44] <vice-versa> !seen Signum
[21:54:45] <knoba> vice-versa: Signum was last seen in #postfix 1 week, 3 days, 1 hour, 17 minutes, and 55 seconds ago: <Signum> stockholm: OTOH... ;)
[21:54:49] <cite> vice-versa: what a shame.
[21:55:52] *** web_knows has joined #postfix
[21:56:36] <vice-versa> meh, I liked how it worked previously anyhow so no lose here ;)
[21:57:33] *** alienbrain has joined #postfix
[21:58:25] *** muecke771 has quit IRC
[22:01:02] *** hparker has joined #postfix
[22:02:47] *** rouri has quit IRC
[22:04:04] *** loddafnir has quit IRC
[22:10:54] *** neoXite has joined #postfix
[22:11:56] *** LuftWoffle has joined #postfix
[22:11:57] *** neoXite has quit IRC
[22:12:39] *** colesterol_dog has quit IRC
[22:23:16] *** pitakill has joined #postfix
[22:29:58] *** deadpigeon has quit IRC
[22:31:17] *** JustMe13 has left #postfix
[22:34:22] *** LuftWoffle has quit IRC
[22:43:29] *** neoXite has joined #postfix
[22:44:06] *** MalMen has quit IRC
[22:48:16] *** MalMen has joined #postfix
[22:51:34] *** MalMen has quit IRC
[22:53:00] *** tombar has quit IRC
[22:53:44] <TGM> guys, how do I handle fatal: unknown service: smtp/tcp after i disabled the chroot in /etc/postfix/master.cf?
[22:55:05] <adaptr> enable the chroot
[22:55:22] <adaptr> and then read about what it actually means
[22:55:26] <adaptr> before doing it again
[22:56:01] <TGM> oki doki
[22:56:02] <seekwill> lol
[22:56:27] *** alienbrain has quit IRC
[22:56:37] <TGM> I enabled it, but still dosen't work
[22:56:50] <adaptr> you might want to restart postfix
[22:56:58] <TGM> allready did :))
[22:57:10] <adaptr> want to bet ?
[22:57:16] <TGM> postfix reload
[22:57:36] <adaptr> another fucking lousy reader
[22:57:39] <adaptr> RESTART
[22:57:46] <adaptr> reload DOES NOT
[22:57:51] <adaptr> and NEVER FUCKING WILL
[22:57:56] <adaptr> re-read master.cf
[22:57:57] <TGM> erm
[22:58:01] <seekwill> :(
[22:58:33] <adaptr> the postfix man page obviously states this fact in no uncertain terms
[22:58:38] <TGM> restarted, stopped and started, same mf error
[22:58:56] <adaptr> then you did not revert the change back to what it originally was
[22:59:04] <TGM> dude
[22:59:08] <adaptr> indeed
[22:59:09] <TGM> I tryed all the variables
[22:59:12] <TGM> dosen't work
[22:59:14] <TGM> trust me
[22:59:15] <adaptr> no, you didn't
[22:59:21] *** growltiger_ has joined #postfix
[22:59:27] <TGM> there are 3 -> -, y, n
[22:59:28] <adaptr> there are several hundred
[23:01:24] *** bieb has quit IRC
[23:01:56] *** muecke772 has quit IRC
[23:02:04] *** muecke77 has joined #postfix
[23:08:32] *** Alanin_ has quit IRC
[23:08:32] *** growltiger_ has quit IRC
[23:08:38] *** Knoedel2 has joined #postfix
[23:08:45] *** growltiger_ has joined #postfix
[23:10:51] *** sepski has joined #postfix
[23:13:01] *** Severed_Head_Of_ has joined #postfix
[23:13:27] *** BuenGenio_ has quit IRC
[23:13:28] *** growltiger has quit IRC
[23:13:45] *** Alanin_ has joined #postfix
[23:16:50] *** growltiger has joined #postfix
[23:23:28] *** muecke77 has quit IRC
[23:26:54] *** brancaleone has quit IRC
[23:28:27] *** growltiger_ has quit IRC
[23:33:33] *** Severed_Head_Of_ has quit IRC
[23:35:21] *** neoXite has quit IRC
[23:41:12] *** Orchun has joined #postfix
[23:41:46] *** neoXite has joined #postfix
[23:41:58] *** sepski has quit IRC
[23:43:19] *** jeffspeff has quit IRC
[23:47:39] *** web_knows has quit IRC
[23:55:26] *** pirho has quit IRC
[23:57:07] *** neoXite has quit IRC





top