[00:03:31] *** Southron has left #Postfix
[00:03:39] *** neoXite has joined #postfix
[00:13:29] *** wietze has quit IRC
[00:17:40] *** LuftWoffle has joined #postfix
[00:17:41] *** neoXite has quit IRC
[00:20:08] *** wdp has quit IRC
[00:23:34] *** seekwill has quit IRC
[00:24:06] *** Orchun has quit IRC
[00:28:02] *** neoXite has joined #postfix
[00:33:28] <googlah> 220- OK
[00:37:31] *** AwayML is now known as AndyML
[00:39:27] *** havvg has quit IRC
[00:40:21] *** nfsnobody- has quit IRC
[00:40:41] *** TGM has quit IRC
[00:41:30] *** LuftWoffle has quit IRC
[00:47:52] *** TGM has joined #postfix
[00:47:58] *** TGM has quit IRC
[00:52:23] *** jpalmer has quit IRC
[00:59:00] *** tomocha66 has joined #postfix
[00:59:08] *** tomocha6 has quit IRC
[00:59:08] *** bahadunn has quit IRC
[00:59:08] *** piksi- has quit IRC
[00:59:08] *** PRAEDO has quit IRC
[00:59:08] *** glitch- has quit IRC
[00:59:08] *** mjoseph has quit IRC
[00:59:08] *** fremo has quit IRC
[00:59:08] *** tshine has quit IRC
[00:59:08] *** Rockj has quit IRC
[00:59:28] *** bahadunn has joined #postfix
[00:59:28] *** piksi- has joined #postfix
[00:59:28] *** Rockj has joined #postfix
[00:59:28] *** tomocha6 has joined #postfix
[00:59:28] *** tshine has joined #postfix
[00:59:28] *** PRAEDO has joined #postfix
[00:59:28] *** mjoseph has joined #postfix
[00:59:28] *** fremo has joined #postfix
[00:59:28] *** glitch- has joined #postfix
[01:00:08] *** tomocha6 has quit IRC
[01:17:24] *** pitakill has quit IRC
[01:21:46] *** jpalmer has joined #postfix
[01:26:44] *** ikaro has quit IRC
[01:31:50] *** TGM has joined #postfix
[01:38:40] *** [shg] has quit IRC
[01:39:00] *** [shg] has joined #postfix
[01:43:21] *** war9407 has quit IRC
[01:44:10] *** githogori has quit IRC
[01:47:24] *** syslogd has joined #postfix
[01:50:14] <syslogd> Hello. How do I disable that the postfix server tries to relay mails. The only exception should be senders that are set in sender_dependent_relayhost_maps.
[01:50:41] <syslogd> By default postfix uses the value of the relayhost variable.
[02:00:47] *** dan__t has quit IRC
[02:20:15] *** TGM has quit IRC
[02:20:18] <cratylus> hey all i'm being weirded out by my saslauthd when i try to send a message.  my sending hangs.  when i look at the log i see "SASL LOGIN authentication failed: authentication failure" but the password i use is right. then i tail the mysql log and lo and behold it's using the wrong query. the weird thing is that my /etc/postfix/sasl/smtpd.conf file has the right password query.  furthermore when i try to send a welcome message from pos
[02:20:18] <cratylus> tfixadmin, it works just fine calling on the right query from that smtpd.conf file. so i'm wondering why when my MUA tries to send, the old query is used
[02:21:12] <dragonheart> syslogd: set relay_transport to error"
[02:21:18] <dragonheart> syslogd: set relay_transport to error:'some message'
[02:22:50] <syslogd> Thanks! I will try that.
[02:25:43] <dragonheart> syslogd:  seems relay_transport overrides sender_dependent_relayhost_maps ( http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps ) maybe make the sender_dependent_relayhost_maps default to the error transport somehow
[02:26:53] <syslogd> Yeah, I have read that but I think address_verify_sender = <> is what I am looking for.
[02:26:58] <syslogd> relay_transport = error is not working.
[02:28:17] <syslogd> No, my mail provider is still getting e-mails relayed with imaginary sender addresses.
[02:30:09] <rob0> !relay_transport
[02:30:17] <knoba> rob0: "relay_transport" : a configuration parameter in the main.cf: The default mail delivery transport and next-hop information for domains that match the $relay_domains parameter value. This information can be overruled with the transport(5) table.
[02:31:15] *** pitakill has joined #postfix
[02:33:30] <rob0> Who is entering these imaginary sender addresses?
[02:35:56] <syslogd> I do. I am expecting the server not to deliver those mails with unknown addresses to the mail provider.
[02:36:42] <syslogd> Ah. It seems to work: Oct 25 02:36:54 tux postfix/error[31066]: 5D13F764763: to=<...>, relay=none, delay=0.07, delays=0.06/0/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
[02:36:50] <syslogd> That's what the syslog says.
[02:37:02] <syslogd> But the client does not get notified that the mail was not sent.
[02:37:15] <rob0> That has nothing to do with relay_transport
[02:37:38] <syslogd> Oh.
[02:39:24] <rob0> submitting these using a MUA like thunderbird?
[02:39:24] <syslogd> So there is no possibility to deny delivering of mails with unknown sender fields?
[02:39:28] <syslogd> mutt
[02:39:47] <rob0> "man sendmail" for a start
[02:39:58] *** Knoedel2 has quit IRC
[02:40:04] <rob0> !authorized_submit_users
[02:40:05] <knoba> rob0: Error: "authorized_submit_users" is not a valid command.
[02:40:06] <syslogd> sendmail is not installed
[02:40:15] <rob0> read it anyway :)
[02:40:31] <syslogd> Ok, I have to read it online because man does not find that page
[02:40:55] <rob0> is Postfix installed? Um, you showed some logs ...
[02:41:09] <rob0> sendmail.1.html
[02:41:31] <rob0> What distribution is installing Postfix without man pages?
[02:42:02] <syslogd> Yes, it is installed. Sending mails is working properly. It even uses the correct SMTP server depending on its sender address. But if I use a sender that is not set, it will try to send it anyway which of course fails because I only have a dynamic IP.
[02:42:07] <syslogd> Gentoo ?
[02:42:20] <syslogd> Perhaps I have not set the right USE flags.
[02:42:26] <rob0> mutt is not a smtp client
[02:42:40] <rob0> maybe a patched mutt
[02:43:01] <syslogd> I compiled mutt with SMTP support.
[02:43:05] <rob0> ah
[02:43:35] <syslogd> Anyways, if Postfix should give an error mutt does not see, it must appear in the syslog but it does not.
[02:43:44] <rob0> and mutt is using SMTP to send, not sendmail?
[02:43:59] <syslogd> Yeah.
[02:45:04] <rob0> then you need a check_sender_access lookup preceding your permit_mynetworks restriction in smtpd_recipient_restrictions.
[02:45:10] <syslogd> By the way, the log says "mail transport unavailable" because I set default_transport to <>
[02:45:28] <rob0> oh my, you're breaking things
[02:45:37] <syslogd> Sorry. ?
[02:46:11] <syslogd> Ok, but what has permit_mynetworks to do with it?
[02:47:01] <syslogd> I only want to restrict the sender's mails.
[02:47:09] <rob0> answered
[02:47:15] <syslogd> sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
[02:47:16] <rob0> that, above
[02:47:19] <syslogd> Only these senders should be allowed.
[02:47:38] <rob0> the check_sender_access lookup would have those same sender addresses
[02:47:47] <syslogd> Ah.
[02:48:10] <rob0> I'd do a pcre with "dunno" for the allowed senders and a wildcard "reject" at the end
[02:48:33] <syslogd> Hm, can I also do it wihout PCRE?
[02:48:35] <rob0> offer void if you are in fact using sendmail
[02:48:47] <syslogd> Where?
[02:48:58] <syslogd> Why do I need sendmail for that?
[02:49:15] <rob0> mutt's default is to use sendmail
[02:49:41] <syslogd> Yeah, but I am using mutt's SMTP feature.
[02:50:03] <rob0> yeah, you CAN do it without pcre
[02:50:18] <rob0> might be more complicated tho
[02:50:46] <syslogd> Ah, you seem to be right with check_sender_access.
[02:50:52] <rob0> regexp works the same as pcre, slightly slower, but so what
[02:51:26] <syslogd> I thought regex = PCRE?
[02:51:30] <syslogd> Isn't that the same?!
[02:52:24] <cratylus> nevermind, found the problem. turns out the query was also cached in a form in the file /etc/pam.d/smtp . i adjusted it there and authentication worked as should. fun times
[02:52:38] <rob0> DATABASE_README.html
[02:55:05] <cratylus> rob0: i shoulda read that
[02:55:33] <syslogd> *               REJECT
[02:55:33] <syslogd> user@host       ALLOW
[02:55:44] <syslogd> This is what I have put in check_sender.
[02:55:59] <syslogd> I have set check_sender_access = hash:/etc/postfix/check_sender in smtpd_recipient_restrictions.
[02:56:03] <syslogd> But that does not work.
[02:58:38] *** madrescher has quit IRC
[03:00:55] <cratylus> rob0, for the record, even in that DATABASE_README.html file, the pam.d/smtp details are not there
[03:01:03] *** muecke77 has joined #postfix
[03:02:40] <rob0> cratylus, there are others in this channel, you are not the only one here
[03:03:33] *** syslogd has quit IRC
[03:03:35] *** syslogd has joined #postfix
[03:03:41] <rob0> Right, which is exactly why I said to use pcre/regexp
[03:03:46] <rob0> 00:57 < syslogd> But that does not work.
[03:04:06] <syslogd> Sorry, have you written anything? My ISP disconnected.
[03:04:13] <rob0> just that
[03:04:14] <cratylus> rob0: i don't quite get that as a retort, i just commented on the doc.
[03:04:31] *** _ruben has quit IRC
[03:04:42] *** _ruben has joined #postfix
[03:05:17] <syslogd> rob0: What about smtpd_reject_unlisted_sender? I think that does exactly the same but it won't work for me. :(
[03:05:23] <rob0> cratylus, I just thought it might be helpful for you to realize that I had not addressed any comments to you before this one: 01:03 < rob0> cratylus, there are others in this channel, you are not the only one here
[03:05:42] <rob0> !smtpd_reject_unlisted_sender
[03:05:42] <knoba> rob0: "smtpd_reject_unlisted_sender" : a configuration parameter in the main.cf: Request that the Postfix SMTP server always rejects mail from unknown sender addresses. This can slow down an explosion of forged mail from worms or viruses. This feature is not available prior to Postfix 2.1.
[03:06:37] <rob0> Well, I presume all your sender_dependent_relayhost_maps addresses are "unknown" to Postfix.
[03:06:39] <syslogd> Oh, I am using Postfix 2.3.
[03:06:42] <cratylus> rob0, my apologies,, the DATABASE_README.html was a proper fit for what i was dealing with and so i thought it was addressd to me. i stand corrected
[03:06:44] <rob0> unlisted
[03:06:55] <syslogd> *2.5.5
[03:07:11] *** muecke77 has quit IRC
[03:07:23] <syslogd> Yes, they are unlisted.
[03:07:43] <syslogd> I only want to allow some e-mail addresses for the sender.
[03:08:26] <rob0> Is this Postfix receiving any mail, or just used for sending from mutt?
[03:08:40] <syslogd> Both.
[03:09:01] <rob0> yeah then it gets complicated without using pcre/regexp as suggested.
[03:09:34] <syslogd> Ok. Is there an example on how to use regular expressions for that purpose? I could not find anything in the manual.
[03:10:33] <rob0> /^sender at example dot com$/ dunno
[03:10:38] <rob0> /^sender at example dot net$/ dunno
[03:10:50] <rob0> /./ reject
[03:11:21] <rob0> pcre_table(5) or regexp_table(5) (basically the same man page for each)
[03:11:45] <rob0> (both assume you already know the proper RE syntax)
[03:12:00] <syslogd> Thanks, I will try that.
[03:12:03] <syslogd> RE?
[03:12:20] <rob0> um, I forgot to escape the "." in domains
[03:12:44] <syslogd> ah
[03:12:52] <syslogd> Is it really dunno?
[03:12:56] <syslogd> Not "accept"?
[03:13:20] *** growltiger has quit IRC
[03:13:23] <rob0> in smtpd_recipient_restrictions, indeed, it is dunno
[03:13:56] <syslogd> ah, okay
[03:15:05] *** bbs has left #postfix
[03:21:46] *** Southron has joined #Postfix
[03:23:45] *** Mr_O has quit IRC
[03:23:54] *** growltiger has joined #postfix
[03:24:59] <syslogd> rob0: Hm. I can't get this working. smtpd_recipient_restrictions contains: check_sender_access = pcre:/etc/postfix/check_sender
[03:25:17] <syslogd> Are you sure /./ is correct?
[03:26:17] <syslogd> I added "/^test at test\ dot com$/      REJECT" to check_sender and used that e-mail address but it is still working. :(
[03:26:45] <shasta> how do you check if it's working?
[03:26:48] <syslogd> Oh, I think there must not be a "="
[03:27:13] <syslogd> I send an e-mail and change the from header.
[03:27:23] <shasta> oh, okay
[03:27:46] <shasta> some people check that by doing "EHLO blah; MAIL FROM: <some at one dot com>" and claim something is not working as expected
[03:28:03] <shasta> ... when they (often without knowing it) using delay checks
[03:28:35] <syslogd> ah
[03:28:39] <rob0> pastebin the logs of this along with the /etc/postfix/check_sender file
[03:29:01] <syslogd> Even without "=" it still does not work.
[03:29:02] <syslogd> Okay.
[03:29:25] <rob0> um right, no "="
[03:29:45] <rob0> postconf smtpd_recipient_restrictions in the same pastebin (or here)
[03:31:49] <syslogd> http://pastebin.com/d75e8f80f
[03:31:51] <syslogd> That's the syslog.
[03:32:23] <syslogd>  /^test at test\ dot com$/REJECT
[03:32:28] <syslogd>  /./boot/REJECT
[03:32:35] <syslogd> That's what check_sender contains.
[03:32:54] <syslogd> (irssi stripped out the tab between / and REJECT)
[03:33:52] <syslogd> http://pastebin.com/d1b87c768 The relevant parts of the main.cf
[03:37:34] <rob0> postconf smtpd_recipient_restrictions
[03:38:33] <rob0> !verbose
[03:38:33] <knoba> rob0: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.
[03:43:58] <syslogd> rob0:
[03:43:59] <syslogd> smtpd_recipient_restrictions = permit_sasl_authenticated,  permit_mynetworks,  reject_unauth_destination,  check_sender_access pcre:/etc/postfix/check_sender
[03:44:23] *** Juspion has joined #postfix
[03:44:25] <syslogd> rob0: verbosity is enabled.
[03:46:22] <rob0> "You probably do not need verbose logging ..."
[03:46:49] <rob0> anyway, your client is authenticating and you didn't put the restriction where I said.
[03:46:57] <rob0> it should go first
[03:47:25] <rob0> AUTH and TLS, on a RFC 1918 network!
[03:48:51] <syslogd> The order of smtpd_recipient_restrictions is relevant?
[03:50:14] <syslogd> How do I disable AUTH and TLS on this network?
[03:51:18] <syslogd> But it should not be disabled completely because I want to be able to access my SMTP server securely when I am not in the local netwokr.
[03:51:22] <syslogd> *work
[03:52:22] <syslogd> rob0: Sorry, but where do I have to put check_sender_access  pcre:/etc/postfix/check_sender
[03:52:31] <syslogd> after permit_sasl_authenticated?
[04:00:44] *** pitakill has quit IRC
[04:00:45] <syslogd> When I put that after permit_mynetworks, the e-mails still get relayed.
[04:00:53] <syslogd> Is it relayed or relaid?
[04:08:46] *** nfsnobody has joined #postfix
[04:09:22] <syslogd> Ah, I have to use smtpd_sender_restrictions instead of smtpd_recipient_restrictions ?
[04:09:42] <syslogd> Now mutt gives me "SMTP session failed: 554 5.7.1 <test at test dot com>: Sender address rejected" as expected!
[04:09:48] <syslogd> Thanks rob0 for your help!
[04:18:07] *** magyar has joined #postfix
[04:22:24] <syslogd> Why does not this match an e-mail: /^.@.$/
[04:23:03] *** _mavrick61 has quit IRC
[04:24:10] *** _mavrick61 has joined #postfix
[04:26:34] *** neoXite has quit IRC
[04:30:46] <higuita> syslogd: because . is a single character. so a@b isnt a valid email nor what you want
[04:31:08] <higuita> what you want is ^/.*@.*$/
[04:31:50] <higuita> but this regexpt is totally stupid, i dont know why you would need if
[04:31:54] <higuita> oops
[04:32:05] <higuita> its /^.*@.*$/
[04:32:33] <higuita> a simpler one is /@/
[04:43:48] *** m0f0x has joined #postfix
[04:45:01] *** nfsnobody- has joined #postfix
[04:45:14] *** Motoko-chan has joined #postfix
[04:46:38] *** githogori has joined #postfix
[04:51:16] *** Juspion has quit IRC
[04:53:25] *** nfsnobody has quit IRC
[05:01:53] *** m0f0x has quit IRC
[05:01:53] *** syslogd has quit IRC
[05:01:53] *** lunaphyte_ has quit IRC
[05:01:53] *** cpbills has quit IRC
[05:01:53] *** BBishop has quit IRC
[05:01:53] *** magyar has quit IRC
[05:01:53] *** PRAEDO has quit IRC
[05:01:53] *** glitch- has quit IRC
[05:01:53] *** mjoseph has quit IRC
[05:01:53] *** fremo has quit IRC
[05:01:53] *** tshine has quit IRC
[05:01:53] *** Rockj has quit IRC
[05:01:53] *** bahadunn has quit IRC
[05:01:54] *** piksi- has quit IRC
[05:01:54] *** jwit_ has quit IRC
[05:01:54] *** sysmonk has quit IRC
[05:01:54] *** googlah has quit IRC
[05:01:54] *** Sieg has quit IRC
[05:01:54] *** F|oFF has quit IRC
[05:01:54] *** hooch has quit IRC
[05:01:57] *** growltiger has quit IRC
[05:01:57] *** pulsar has quit IRC
[05:01:57] *** cos has quit IRC
[05:01:57] *** blackflag has quit IRC
[05:01:57] *** MarcWeber has quit IRC
[05:01:57] *** thumbs has quit IRC
[05:01:58] *** lawnchair has quit IRC
[05:01:58] *** idle-boy has quit IRC
[05:01:58] *** AllenJB has quit IRC
[05:01:58] *** Signum has quit IRC
[05:01:58] *** dh has quit IRC
[05:01:58] *** tris has quit IRC
[05:01:59] *** Hyperi has quit IRC
[05:01:59] *** neonoe_ has quit IRC
[05:01:59] *** rjbs has quit IRC
[05:01:59] *** higuita has quit IRC
[05:02:00] *** xpoint has quit IRC
[05:02:00] *** xnixan has quit IRC
[05:02:00] *** nitbix has quit IRC
[05:02:00] *** Nockian has quit IRC
[05:02:00] *** e_ has quit IRC
[05:02:00] *** dikdust has quit IRC
[05:02:51] *** Katana_Steel has quit IRC
[05:02:51] *** Zelest has quit IRC
[05:02:52] *** JoaoCarneiro has quit IRC
[05:02:52] *** jstrom has quit IRC
[05:02:52] *** razym has quit IRC
[05:02:52] *** dalurka has quit IRC
[05:02:58] *** m0zzzy has quit IRC
[05:02:58] *** JT has quit IRC
[05:02:58] *** tomocha66 has quit IRC
[05:02:58] *** matt_ has quit IRC
[05:02:58] *** freqmod_qu has quit IRC
[05:02:58] *** _ruben has quit IRC
[05:02:59] *** pvh_sa has quit IRC
[05:02:59] *** piksi has quit IRC
[05:02:59] *** lunaphyte has quit IRC
[05:02:59] *** lennard has quit IRC
[05:02:59] *** js_ has quit IRC
[05:02:59] *** _nalle has quit IRC
[05:02:59] *** Bejgli has quit IRC
[05:03:00] *** hal1on has quit IRC
[05:03:00] *** kiliko has quit IRC
[05:03:00] *** vertigo- has quit IRC
[05:03:00] *** lysander has quit IRC
[05:03:00] *** memetic has quit IRC
[05:03:00] *** no_maam_ has quit IRC
[05:03:00] *** ek has quit IRC
[05:03:00] *** jelly has quit IRC
[05:03:00] *** cite has quit IRC
[05:03:00] *** AndyML has quit IRC
[05:03:01] *** mathez has quit IRC
[05:03:01] *** imm_ has quit IRC
[05:03:01] *** stockholm has quit IRC
[05:03:01] *** mofino has quit IRC
[05:03:01] *** Zerberus has quit IRC
[05:03:01] *** stony has quit IRC
[05:03:01] *** amason_ has quit IRC
[05:03:01] *** biz has quit IRC
[05:03:01] *** maqr has quit IRC
[05:03:01] *** Entroacceptor has quit IRC
[05:03:01] *** MatBoy has quit IRC
[05:03:01] *** LordLamer has quit IRC
[05:03:01] *** Zborg has quit IRC
[05:03:01] *** rob0 has quit IRC
[05:03:01] *** memic has quit IRC
[05:03:01] *** dhg has quit IRC
[05:03:01] *** nfsnobody- has quit IRC
[05:03:01] *** [shg] has quit IRC
[05:03:01] *** jpalmer has quit IRC
[05:03:02] *** zer0mdq has quit IRC
[05:03:02] *** jonez has quit IRC
[05:03:02] *** Supaplex has quit IRC
[05:03:02] *** Spec has quit IRC
[05:03:02] *** Zeit|awy_ has quit IRC
[05:03:02] *** magyar_ has quit IRC
[05:03:02] *** cratylus has quit IRC
[05:03:02] *** Niklas-_ has quit IRC
[05:03:02] *** roe has quit IRC
[05:03:02] *** keffer has quit IRC
[05:03:03] *** VaNNi has quit IRC
[05:03:03] *** _Driver_ has quit IRC
[05:03:03] *** dragonheart has quit IRC
[05:03:03] *** adaptr has quit IRC
[05:03:03] *** lataffe has quit IRC
[05:03:03] *** sep has quit IRC
[05:03:03] *** Slashman has quit IRC
[05:03:03] *** _bt has quit IRC
[05:03:03] *** pa has quit IRC
[05:03:03] *** MaD^MaRe` has quit IRC
[05:03:03] *** robtone_ has quit IRC
[05:03:03] *** radius has quit IRC
[05:03:03] *** confound has quit IRC
[05:03:03] *** frag4 has quit IRC
[05:03:03] *** majikman has quit IRC
[05:03:03] *** bio___ has quit IRC
[05:03:03] *** chrisq has quit IRC
[05:03:03] *** rapha has quit IRC
[05:03:04] *** tibyke has quit IRC
[05:03:04] *** _Tino has quit IRC
[05:03:04] *** jduggan has quit IRC
[05:03:04] *** Captain has quit IRC
[05:03:04] *** kreg has quit IRC
[05:03:04] *** sv-- has quit IRC
[05:03:04] *** telmich has quit IRC
[05:03:04] *** barnie has quit IRC
[05:03:04] *** deface has quit IRC
[05:03:04] *** Southron has quit IRC
[05:03:04] *** hparker has quit IRC
[05:03:04] *** bisoc_ has quit IRC
[05:03:05] *** Filbert has quit IRC
[05:03:05] *** CrazyFoam has quit IRC
[05:03:05] *** Trengo has quit IRC
[05:03:05] *** Guest56877 has quit IRC
[05:03:05] *** adie has quit IRC
[05:03:05] *** dogmeat has quit IRC
[05:03:05] *** Motoko-chan has quit IRC
[05:03:05] *** _mavrick61 has quit IRC
[05:03:05] *** knoba has quit IRC
[05:03:06] *** Radiance has quit IRC
[05:03:06] *** vice-versa has quit IRC
[05:03:06] *** blake has quit IRC
[05:03:06] *** qdot has quit IRC
[05:03:06] *** onre has quit IRC
[05:03:06] *** sekhmet has quit IRC
[05:03:06] *** derrick has quit IRC
[05:03:06] *** Matt has quit IRC
[05:03:06] *** niki has quit IRC
[05:03:06] *** Desynced has quit IRC
[05:03:06] *** rmayorga has quit IRC
[05:03:06] *** Snader_LB has quit IRC
[05:03:06] *** alex_alex has quit IRC
[05:03:06] *** amrit|zzz has quit IRC
[05:03:06] *** aba- has quit IRC
[05:03:06] *** Verilium has quit IRC
[05:03:06] *** felix-da-catz_zz has quit IRC
[05:03:07] *** manlymat_83 has quit IRC
[05:03:07] *** mXr has quit IRC
[05:03:07] *** shasta has quit IRC
[05:03:07] *** mcp has quit IRC
[05:03:26] *** SeJo has quit IRC
[05:04:41] *** Motoko-chan has joined #postfix
[05:04:41] *** nfsnobody- has joined #postfix
[05:04:41] *** m0f0x has joined #postfix
[05:04:41] *** _mavrick61 has joined #postfix
[05:04:41] *** magyar has joined #postfix
[05:04:41] *** growltiger has joined #postfix
[05:04:41] *** Southron has joined #postfix
[05:04:41] *** _ruben has joined #postfix
[05:04:41] *** syslogd has joined #postfix
[05:04:41] *** [shg] has joined #postfix
[05:04:41] *** jpalmer has joined #postfix
[05:04:41] *** glitch- has joined #postfix
[05:04:41] *** fremo has joined #postfix
[05:04:41] *** mjoseph has joined #postfix
[05:04:41] *** PRAEDO has joined #postfix
[05:04:41] *** tshine has joined #postfix
[05:04:41] *** Rockj has joined #postfix
[05:04:41] *** piksi- has joined #postfix
[05:04:41] *** bahadunn has joined #postfix
[05:04:41] *** tomocha66 has joined #postfix
[05:04:41] *** hparker has joined #postfix
[05:04:41] *** pulsar has joined #postfix
[05:04:41] *** Spec has joined #postfix
[05:04:41] *** niki has joined #postfix
[05:04:41] *** Zeit|awy_ has joined #postfix
[05:04:41] *** magyar_ has joined #postfix
[05:04:41] *** cratylus has joined #postfix
[05:04:41] *** zer0mdq has joined #postfix
[05:04:41] *** pvh_sa has joined #postfix
[05:04:41] *** Desynced has joined #postfix
[05:04:41] *** rmayorga has joined #postfix
[05:04:41] *** xpoint has joined #postfix
[05:04:41] *** Niklas-_ has joined #postfix
[05:04:41] *** roe has joined #postfix
[05:04:41] *** majikman has joined #postfix
[05:04:41] *** keffer has joined #postfix
[05:04:41] *** xnixan has joined #postfix
[05:04:41] *** Snader_LB has joined #postfix
[05:04:41] *** bisoc_ has joined #postfix
[05:04:41] *** cos has joined #postfix
[05:04:41] *** jonez has joined #postfix
[05:04:41] *** e_ has joined #postfix
[05:04:43] *** vertigo- has joined #postfix
[05:04:43] *** nitbix has joined #postfix
[05:04:43] *** lysander has joined #postfix
[05:04:43] *** lunaphyte_ has joined #postfix
[05:04:43] *** VaNNi has joined #postfix
[05:04:43] *** _Driver_ has joined #postfix
[05:04:43] *** dalurka has joined #postfix
[05:04:43] *** dragonheart has joined #postfix
[05:04:43] *** adaptr has joined #postfix
[05:04:43] *** memetic has joined #postfix
[05:04:43] *** alex_alex has joined #postfix
[05:04:43] *** lataffe has joined #postfix
[05:04:43] *** piksi has joined #postfix
[05:04:43] *** sep has joined #postfix
[05:04:43] *** amason_ has joined #postfix
[05:04:43] *** amrit|zzz has joined #postfix
[05:04:43] *** AndyML has joined #postfix
[05:04:43] *** Nockian has joined #postfix
[05:04:43] *** aba- has joined #postfix
[05:04:43] *** matt_ has joined #postfix
[05:04:43] *** Bejgli has joined #postfix
[05:04:43] *** knoba has joined #postfix
[05:04:43] *** googlah has joined #postfix
[05:04:43] *** lunaphyte has joined #postfix
[05:04:43] *** Verilium has joined #postfix
[05:04:43] *** Slashman has joined #postfix
[05:04:43] *** Sieg has joined #postfix
[05:04:43] *** blackflag has joined #postfix
[05:04:43] *** jwit_ has joined #postfix
[05:04:43] *** MarcWeber has joined #postfix
[05:04:43] *** dikdust has joined #postfix
[05:04:43] *** freqmod_qu has joined #postfix
[05:04:43] *** js_ has joined #postfix
[05:04:43] *** cpbills has joined #postfix
[05:04:43] *** felix-da-catz_zz has joined #postfix
[05:04:43] *** Filbert has joined #postfix
[05:04:43] *** _bt has joined #postfix
[05:04:43] *** F|oFF has joined #postfix
[05:04:43] *** pa has joined #postfix
[05:04:43] *** no_maam_ has joined #postfix
[05:04:43] *** hooch has joined #postfix
[05:04:43] *** CrazyFoam has joined #postfix
[05:04:43] *** ek has joined #postfix
[05:04:43] *** BBishop has joined #postfix
[05:04:43] *** jelly has joined #postfix
[05:04:43] *** Katana_Steel has joined #postfix
[05:04:43] *** higuita has joined #postfix
[05:04:43] *** sysmonk has joined #postfix
[05:04:43] *** MatBoy has joined #postfix
[05:04:43] *** MaD^MaRe` has joined #postfix
[05:04:43] *** thumbs has joined #postfix
[05:04:43] *** Entroacceptor has joined #postfix
[05:04:43] *** Zelest has joined #postfix
[05:04:43] *** Radiance has joined #postfix
[05:04:43] *** lennard has joined #postfix
[05:04:43] *** sekhmet has joined #postfix
[05:04:43] *** rjbs has joined #postfix
[05:04:43] *** cite has joined #postfix
[05:04:43] *** Trengo has joined #postfix
[05:04:43] *** m0zzzy has joined #postfix
[05:04:43] *** manlymat_83 has joined #postfix
[05:04:43] *** mofino has joined #postfix
[05:04:43] *** vice-versa has joined #postfix
[05:04:43] *** shasta has joined #postfix
[05:04:43] *** mcp has joined #postfix
[05:04:43] *** mXr has joined #postfix
[05:04:43] *** biz has joined #postfix
[05:04:43] *** dhg has joined #postfix
[05:04:43] *** memic has joined #postfix
[05:04:43] *** Zborg has joined #postfix
[05:04:43] *** kiliko has joined #postfix
[05:04:43] *** Zerberus has joined #postfix
[05:04:43] *** imm_ has joined #postfix
[05:04:43] *** Hyperi has joined #postfix
[05:04:43] *** dh has joined #postfix
[05:04:43] *** lawnchair has joined #postfix
[05:04:43] *** tris has joined #postfix
[05:04:43] *** mathez has joined #postfix
[05:04:43] *** stockholm has joined #postfix
[05:04:43] *** LordLamer has joined #postfix
[05:04:43] *** AllenJB has joined #postfix
[05:04:43] *** _nalle has joined #postfix
[05:04:43] *** rob0 has joined #postfix
[05:04:43] *** neonoe_ has joined #postfix
[05:04:43] *** idle-boy has joined #postfix
[05:04:43] *** maqr has joined #postfix
[05:04:43] *** stony has joined #postfix
[05:04:43] *** JT has joined #postfix
[05:04:43] *** JoaoCarneiro has joined #postfix
[05:04:43] *** jstrom has joined #postfix
[05:04:43] *** razym has joined #postfix
[05:04:43] *** Signum has joined #postfix
[05:04:43] *** hal1on has joined #postfix
[05:04:43] *** robtone_ has joined #postfix
[05:04:43] *** sv-- has joined #postfix
[05:04:43] *** blake has joined #postfix
[05:04:43] *** radius has joined #postfix
[05:04:43] *** chrisq has joined #postfix
[05:04:43] *** Supaplex has joined #postfix
[05:04:43] *** barnie has joined #postfix
[05:04:43] *** onre has joined #postfix
[05:04:43] *** rapha has joined #postfix
[05:04:43] *** derrick has joined #postfix
[05:04:43] *** kreg has joined #postfix
[05:04:43] *** telmich has joined #postfix
[05:04:43] *** adie has joined #postfix
[05:04:43] *** qdot has joined #postfix
[05:04:43] *** deface has joined #postfix
[05:04:43] *** Guest56877 has joined #postfix
[05:04:43] *** dogmeat has joined #postfix
[05:04:43] *** _Tino has joined #postfix
[05:04:43] *** tibyke has joined #postfix
[05:04:43] *** Captain has joined #postfix
[05:04:43] *** confound has joined #postfix
[05:04:43] *** jduggan has joined #postfix
[05:04:43] *** frag4 has joined #postfix
[05:04:43] *** bio___ has joined #postfix
[05:04:43] *** Matt has joined #postfix
[05:04:52] *** SeJo has joined #postfix
[05:04:54] *** Snader_LB has quit IRC
[05:05:03] *** Snader_LB has joined #postfix
[05:15:31] <cratylus> anyone have good experiences with spamassassin's milter?
[05:25:14] *** goldfischli has joined #postfix
[05:25:43] *** goldfisc1li has quit IRC
[05:32:14] *** pulsar has quit IRC
[05:53:30] *** growltiger has quit IRC
[05:55:26] * xpoint use amavisd-new not milters
[05:59:07] <cratylus> xpoint: i think you're right. it's easier to set up
[06:02:16] * Motoko-chan nods
[06:12:29] *** rmayorga has quit IRC
[06:12:44] *** rmayorga has joined #postfix
[06:15:54] * xpoint http://bugs.gentoo.org/show_bug.cgi?id=222713 good
[06:16:46] <xpoint> cratylus, it olso does my dkim :)
[06:17:02] <xpoint> cratylus, without  extra milters
[06:18:05] <cratylus> xpoint , i didn't even know it could set that up. pretty cool how that tool covers both security measures and authenticity
[06:21:50] <vice-versa> anyone seeing this botnet activity that's using sender addresses like JABUU8 at hotmail dot com, RI1KU7 at hotmail dot com, Y4AEGE0 at yahoo dot com, DPDCCUI at yahoo dot com etc. etc.
[06:21:57] *** rmayorga has quit IRC
[06:22:25] *** rmayorga has joined #postfix
[06:22:33] <xpoint> spf/dkim protected
[06:24:00] <vice-versa> we're seeing it for many domains across quite a few servers now
[06:24:08] <xpoint> vice-versa, you see these emails comming with spf_fail or without dkim signed from yahoo ?
[06:24:32] <vice-versa> nope
[06:24:58] <vice-versa> none of it is making it through
[06:25:34] <xpoint> then it is botnet yes, with can be blocked with rbl checks
[06:26:44] <vice-versa> oh no question it's botnet
[06:27:15] <vice-versa> we're used to seeing bouts of this botnet activity, but usually only on one or two servers/domains at a time
[06:27:25] <xpoint> thay use hotmail and yahoo in the hope it will get spf_pass :)
[06:28:24] <vice-versa> this particular one is targeting way more domains than I've ever seen before
[06:29:41] <xpoint> scarry in its own yes, might be a new spammer that got a cd with spamtrap email adresses and dont know much about spf/dkim power
[06:31:11] <vice-versa> we've have a lot of spamtrap addresses, but they're not the targets, it's for valid addresses
[06:32:00] <xpoint> oh okay
[06:32:10] <xpoint> vierd
[06:32:54] <xpoint> this indicate that emails can be tracked to spamtrap or users then
[06:33:15] *** rmayorga has quit IRC
[06:33:31] <vice-versa> not sure what you mean
[06:33:32] *** rmayorga has joined #postfix
[06:33:56] <xpoint> spamtrap mua have not javascript
[06:35:05] <vice-versa> that doesn't make it any clearer I'm afraid
[06:35:59] <vice-versa> anyhow, I'm sure others are seeing this too, just figured I'd ask
[06:37:55] <cratylus> xpoint i set up amavis and spamassasin but i "got delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)" the weirt thing is that i freed up ports 10024 and 10025
[06:39:16] <xpoint> postfix needs stop start when changes goes to master.cf
[06:39:53] <xpoint> some say reload is enough but pratice says me something other then that :(
[06:39:54] <vice-versa> we noticed earlier today that the sender addresses they're using were valid too, then it appeared that at least the folks at hotmail were onto it and started purging the accounts
[06:41:46] <cratylus> xpoint, i agree with you as far as the difference. i ran a restart and the issue still came up
[06:41:49] <xpoint> vice-versa, reject mail with spf fail, but if thay really is from hotmail then dont whitelist @hotmail.com in spamassassin
[06:42:34] <xpoint> cratylus, google postfinger and show me the output on pastebin
[06:43:48] <vice-versa> xpoint: umm, I'm not looking for nor needing any advice on this
[06:44:33] <cratylus> xpoint: interesting shell script. i'll run it now
[06:45:07] <xpoint> vice-versa, if recipient want some senders at hotmail whitelisted do so with whitelist_auth in spamassassin, "whitelist_auth user at hotmail dot com" not "whitelist_auth * at hotmail dot com"
[06:45:39] <vice-versa> wtf, who said anything about spamassassin?
[06:46:02] <xpoint> me :)
[06:46:09] <vice-versa> but why?
[06:46:14] *** _Driver_ has quit IRC
[06:46:47] <xpoint> its relayted to spammers belive it makes sense for you to bypass spam filters on your server
[06:47:18] <cratylus> xpoint: here is the result http://pastebin.com/d684c13e6
[06:48:26] <vice-versa> I have no fucking idea what you're trying to convey to me xpoint
[06:50:54] <xpoint> vice-versa, but you know how to f..k.. :(
[06:52:19] <xpoint> cratylus, i see no error in this pastebin other then line 58 with disables dkim in amavid-new for sign of outgoing mails if dkim is enabled in amavisd-new
[06:52:47] <cratylus> xpoint interesting point, i'll enable it
[06:53:47] <cratylus> xpoint, what should line 58 say?
[06:54:08] <xpoint> cratylus, just comment it with #
[06:54:21] <cratylus> ah
[06:54:41] *** alienbrain has joined #postfix
[06:56:33] <xpoint> vice-versa, problem in postfix is when spf get pass we accept in postfix unless its weighted test in policy hence whitelist_auth * at hotmail dot com stupidnees in mta
[06:56:35] <cratylus> xpoint, hmm no change, commented -o content_filter= and restarted postfix
[06:56:41] <cratylus> same error
[06:57:14] <xpoint> cratylus, restart is not enough, stop postfix, start it again
[06:57:26] <vice-versa> xpoint: are you talking about what you're doing with cratylus?
[06:58:10] <cratylus> vice-versa, he's dispensing advice to help alleviate my noob misdirections
[06:58:48] <cratylus> xpoint, stop and start didn't help eithe
[06:58:56] <cratylus> i probably messed up something in the config
[06:59:06] <vice-versa> if you are, I wan't evening paying any attention to it nor commented on it
[07:00:33] <xpoint> cratylus, check amavisd.conf but its debian :(
[07:00:41] <cratylus> i know i know
[07:00:50] * vice-versa guesses some wires got crossed ... somehow
[07:02:09] <xpoint> cratylus, i dont like debian mess with defaults in amavisd-new so when one needs help the helpers need to know why debian changed the defaults
[07:03:00] <cratylus> xpoint: good point, i'll need to check out /etc/amavis/conf.d/25-amavis_helpers
[07:03:29] <xpoint> cratylus, overwrites goes to 50-user....
[07:03:52] <xpoint> do not change other files
[07:04:09] <cratylus> xpoint oh good point
[07:04:43] <xpoint> but see other files for whats wroung and add it as overwrites into 50-user
[07:05:52] <xpoint> 50-user will not be updated when there is a new amavisd in debian, all others will
[07:14:15] <xpoint> cratylus, line from 83 to 95 can olso be commented in master.cf since you proberly not need them, its wasted resources in postfix
[07:17:46] <cratylus> xpoint, yeah i was wondering about those sockets
[07:17:52] <cratylus> commented them
[07:28:05] <cratylus> well i'll look this over and let you know
[07:28:08] <cratylus> gonna go pass out now
[07:31:27] *** cratylus has quit IRC
[07:33:12] *** rmayorga has quit IRC
[07:33:12] *** PRAEDO has quit IRC
[07:33:12] *** bahadunn has quit IRC
[07:33:12] *** mjoseph has quit IRC
[07:33:12] *** fremo has quit IRC
[07:33:12] *** magyar has quit IRC
[07:33:12] *** Rockj has quit IRC
[07:33:12] *** tshine has quit IRC
[07:33:12] *** piksi- has quit IRC
[07:33:12] *** glitch- has quit IRC
[07:33:32] *** rmayorga has joined #postfix
[07:33:32] *** magyar has joined #postfix
[07:33:32] *** bahadunn has joined #postfix
[07:33:32] *** piksi- has joined #postfix
[07:33:32] *** Rockj has joined #postfix
[07:33:32] *** tshine has joined #postfix
[07:33:32] *** PRAEDO has joined #postfix
[07:33:32] *** mjoseph has joined #postfix
[07:33:32] *** fremo has joined #postfix
[07:33:32] *** glitch- has joined #postfix
[07:46:00] *** Edgan has joined #postfix
[07:58:17] *** xnixan_ has joined #postfix
[08:04:07] *** m0f0x has quit IRC
[08:07:00] *** Sieg has quit IRC
[08:07:29] <deface> http://rafb.net/p/WU5VVI54.html
[08:07:34] <deface> those 2 query's are not the same
[08:07:46] <deface> BOTH virtual_mailbox_domains and relay_domains .. crap on this new box
[08:08:08] *** UQlev has joined #postfix
[08:09:01] *** rootsvr has joined #postfix
[08:10:05] <deface> nor do the postmap -q query's return the results
[08:12:39] <xpoint> one of them miss %s :)
[08:14:34] *** xnixan has quit IRC
[08:14:47] <deface> yeah, im using a modified query on relay
[08:15:06] <deface> im using the backup-mx check option in postfixadmin to enable/disable relay on that domain ;)
[08:15:33] <deface> since the relay query must return a list
[08:15:33] <xpoint>  domain='%s' AND < add to line 1
[08:16:17] <xpoint> wroung
[08:16:19] <deface> no, its a modified query .. has to return a list for relay, i dont want %s
[08:16:30] <xpoint> no
[08:16:57] <deface> no what?
[08:17:02] <xpoint> 42
[08:17:04] <deface> the relay query isnt a list? or what ?
[08:17:22] <deface> 37
[08:17:29] <xpoint> relay_domains is not transport_maps
[08:17:47] <deface> i know, but thats what im using it as ;)
[08:17:59] <deface> cause im lazy
[08:20:02] <deface> i've got them listed in both transport & relay lists, but enable/disable the relay via the backupmx checkbox in postfix admin ..
[08:20:05] <deface> that making sense ?
[08:20:06] <xpoint> you need 2 things: 1: know what transport_maps is vs relay_domains 2: make a active php script that create the transport_maps
[08:20:15] <deface> so if i want to relay through .. i enable
[08:20:20] <deface> if i want to keep it local, i disable
[08:20:23] <deface> just cheating it a bit
[08:20:38] <deface> i have a bash script for it
[08:21:29] <xpoint> but normaly backupmx is done transport_maps from MX records, why will you need otherway ?
[08:22:20] <deface> its not the other way
[08:26:10] *** hparker has quit IRC
[08:26:11] <xpoint> just another server
[08:27:29] *** rootsvr has quit IRC
[08:27:53] <deface> lol
[08:33:12] <deface> ahh xpoint
[08:33:19] <deface> there is way to define that in postfixadmin ..
[08:33:34] <deface> $CONF['transport'] = 'YES';
[08:33:43] <deface> thats what i get for failing to read all the conf.php file .. haa
[08:33:48] <deface> i just hacked it to do what i wanted
[08:34:27] <deface> that case, i'll move them all around .. tomm
[08:34:29] <deface> off 2 bed
[08:34:37] <xpoint> just send patches to postfixadmin maintainers so we know how cool hacks you got
[08:37:34] <deface> lol .. will do
[08:38:19] *** [shg] has quit IRC
[08:44:40] *** joelsolanki has joined #postfix
[08:44:47] <joelsolanki> Hello friend
[08:44:54] <joelsolanki> mail for localhost.stergel.com loops back to myself
[08:45:10] <joelsolanki> i recieve this message in /var/log/syslog
[08:45:27] <xpoint> Hello Dear Sir/Maddam :)
[08:45:47] <xpoint> !loopback
[08:45:48] <knoba> xpoint: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
[08:45:49] <joelsolanki> i have mentioned localhost.stergel.com and proxy.stergel.com in mydestionation
[08:46:22] <joelsolanki> mydestination i have kept to localhost.stergel.com and proxy.stergel.com
[08:46:35] <joelsolanki> when i ping both it resolves to the same ip of server
[08:47:06] <xpoint> dig localhost.stergel.com gives 127.0.0.1 ?
[08:48:14] <joelsolanki> no it doesnt give that.
[08:48:28] <joelsolanki> stergel.com.            888     IN      SOA     yojnaindia. admin. 24 900 600 86400 3600
[08:48:54] <joelsolanki> i have disable_dns_lookups = yes in main.cf
[08:50:03] <joelsolanki> ok
[08:50:15] <joelsolanki> my hosts file is like below
[08:51:20] <xpoint> bind dns split view is better route then host file
[08:51:51] <joelsolanki> 127.0.0.1       localhost
[08:51:51] <xpoint> if that is not possible ad localhost.stergel.com to dns
[08:51:51] <joelsolanki> 192.168.21.18   proxy.stergel.com localhost.stergel.com
[08:52:01] <joelsolanki> oh
[08:52:23] <xpoint> localhost.stergel.com have wroung ip there
[08:52:48] <joelsolanki> 192.168.21.18 is the correct IP
[08:52:55] <joelsolanki> this is the server where postfix runs
[08:53:30] <xpoint> and the server does NOT have 127.0.0.1 :)
[08:53:39] <AndyML> anyone up to helping me diagnose a mail delivery problem? I'm lost.
[08:54:20] <xpoint> AndyML, me 2
[08:54:34] <AndyML> xpoint: you first if you want :)
[08:55:17] * xpoint takes my crystall ball and see if i can find AndyML pasted postconf -n somewhere
[08:55:42] <joelsolanki> xpoint: and the server does not have 127.0.0.1 means ?
[08:55:49] <joelsolanki> this server has 127.0.0.1 too
[08:56:01] <joelsolanki> what change you want me to make ?
[08:56:05] <xpoint> 192.168.21.18   proxy.stergel.com localhost.stergel.com change to 192.168.21.18   proxy.stergel.com
[08:56:31] <joelsolanki> ok so i should remove localhost.stergel.com right /
[08:56:32] <joelsolanki> ?
[08:56:41] <xpoint> 127.0.0.1       localhost localhost.stergel.com
[08:56:52] <joelsolanki> oh ok
[08:57:21] <joelsolanki> ok changed and now file is looking like this
[08:57:23] <joelsolanki> 127.0.0.1       localhost       localhost.stergel.com
[08:57:23] <joelsolanki> 192.168.21.18   proxy.stergel.com
[08:57:26] *** Filbert has quit IRC
[08:57:31] <joelsolanki> should i try now agian ?
[08:57:36] <xpoint> i hoped it was obervirus to you why it failed
[08:57:37] <joelsolanki> to see if works or not
[08:58:27] <AndyML> http://pastebin.ca/1236293
[08:58:45] <AndyML> mail's hitting the server (i can see it in the logs) but its bouncing or something. i don't really know how to read this stuff
[08:59:26] <xpoint> joelsolanki, postfix olso need to know what ip is your wan ip, add it to proxy_interfaces=wan-ip
[08:59:27] <AndyML> http://pastebin.ca/1236294
[09:00:07] <deface> connect to zimbra.genevaglobal.com[67.110.179.139]: Connection refused)
[09:00:15] <deface> pretty straight forward
[09:00:22] <AndyML> oh dear...
[09:01:07] <deface> no smtp server running on 67.110.179.139
[09:01:16] <joelsolanki> oh ok
[09:01:51] <AndyML> deface: did you check from your end? because from where i sit across the net from that thing, it seems to work ok...
[09:02:04] <deface> yeah, telnet 67.110.179.139 25
[09:02:05] <deface> .. nothing
[09:02:23] <AndyML> well crap - i guess i need to look more closely at my firewall then eh? ugh
[09:02:36] <deface> port 25
[09:03:26] *** Filbert has joined #postfix
[09:04:12] *** Filbert has joined #postfix
[09:04:13] <AndyML> is it tcp, udp, or both?
[09:04:38] *** mikeys has quit IRC
[09:04:50] *** Spec has quit IRC
[09:04:53] <joelsolanki> still error
[09:04:54] <joelsolanki> status=bounced (mail for localhost.stergel.com loops back to myself)
[09:05:21] <deface> joelsolanki: are you sending mail to user at localhost dot stergel.com ?
[09:05:30] <deface> AndyML: tcp
[09:05:33] <joelsolanki> no.
[09:05:35] <xpoint> joelsolanki, postconf -n
[09:05:38] <joelsolanki> ok
[09:05:49] <AndyML> deface: can you try again for me? telnet zimbra.genevaglobal.com 25
[09:06:10] <deface> still nothing
[09:06:20] <deface> are you sure your isp doesnt block port 25 ?
[09:06:27] <joelsolanki> http://pastebin.ca/1236296
[09:06:41] <joelsolanki> above is the config
[09:06:51] <AndyML> the host is in a telco datacenter on an 10meg enterprise ethernet connection...
[09:07:02] <joelsolanki> this server fetches mail using fetchmail from the original @stergel.com mail server
[09:07:08] <deface> AndyML: iptables ?
[09:07:13] <joelsolanki> and it distrubutes to local server.
[09:07:20] <joelsolanki> sorryy local user
[09:07:23] <AndyML> yeah - can i show you the rules for a sanity check?
[09:07:28] <AndyML> OH - i might know what it is.
[09:07:39] <AndyML> i may not have setup the SNAT..
[09:07:52] <joelsolanki> fetching is done correctly but whne it is trying to deliver it then i recieve looping error
[09:07:54] <deface> well get port 25 working and it should deliver, im off to bed .. really this time
[09:08:02] <AndyML> thanks deface
[09:08:54] <joelsolanki> postfix is also configured to do smtp authentication and local mail routing too.
[09:10:00] <joelsolanki> xpoint: u there?
[09:10:27] <AndyML> anyone care to try telnetting to port 25 on my server? :)
[09:10:45] <xpoint> joelsolanki, localhost.stergel.com miss in mydestination so postfix send out to internet where it finds later localhost.stergel.com have your wan ip
[09:11:59] <xpoint> joelsolanki, and why the heck did you disable dns = yes
[09:13:23] <joelsolanki> due to this problem.
[09:13:27] <joelsolanki> let me remove that line to
[09:13:31] <joelsolanki> and add to mydestionation
[09:14:10] <joelsolanki> ok made the changes now monitoring the logs
[09:15:16] <xpoint> joelsolanki, maybe reboot to clear out all bad caches now
[09:15:43] *** madrescher has joined #postfix
[09:16:06] <joelsolanki> hmm
[09:16:08] <joelsolanki> let me do that
[09:17:27] <AndyML> ok - telnet zimbra.genevaglobal.com 25 - half the hosts i try it on, it works fine. the others i get connection refused...
[09:17:33] <AndyML> what do any of you get?
[09:19:34] <xpoint> AndyML, https://www.grc.com/x/ne.dll?bh0bkyd2 try this test :)
[09:20:20] <xpoint> AndyML, if the link fail https://www.grc.com/x/ne.dll?bh0bkyd2
[09:20:33] <AndyML> link worked.
[09:21:10] <xpoint> arg same link, it will test to see what ports are open from outside to you ip in webbrowser
[09:21:30] <xpoint> so test from links on the postfix box
[09:22:13] <AndyML> difficult to do.
[09:23:57] <AndyML> xpoint: "so test from links on the postfix box" - i'm not sure how. can I tell the test what IP to run against?
[09:25:04] <xpoint> AndyML, http://myip.dk/ is your wan ip, grc.com does the same on the test :)
[09:25:48] <AndyML> i'm not running postfix from my connection here...
[09:25:52] <AndyML> its at the colo
[09:26:15] <xpoint> thats why i say links console webbrowser
[09:26:38] <AndyML> lynx - now i know what you're saying. sorry!
[09:26:57] <xpoint> olso works with lynx yes
[09:27:16] <AndyML> is links a console browser? shows you how much I know - very little it seams
[09:27:21] <xpoint> it just that links olso works with my fbcon at 1600x1200 :)
[09:27:49] <joelsolanki> xpoint: cool it worked
[09:27:51] <joelsolanki> thanks
[09:28:13] <xpoint> joelsolanki, i know the drill hehe
[09:28:24] <joelsolanki> :)
[09:30:58] <AndyML> xpoint: truth is, I can't figure out how to run the tests from the console browser
[09:36:11] *** alienbrain has quit IRC
[09:36:24] <xpoint> well then try from home to see if the ports are open or not
[09:37:08] <xpoint> AndyML, i just hopede the link gave you some tools to do it self
[09:38:14] <AndyML> xpoint: i was able to confirm that from a couple different sources across the net, some people can connect on port 25 and some can't...
[09:38:55] <AndyML> i've also confirmed that when a message goes into that server via SMTP, it accepts it and then doesn't deliver it to the mailbox.
[09:44:56] *** zch-alexa has joined #postfix
[09:45:29] <xpoint> AndyML, it migth be routes on ip level, or isp firewalls
[09:47:09] <AndyML> ok - i'll keep at it.
[09:53:06] *** niki has quit IRC
[09:57:58] *** war9407 has joined #postfix
[10:02:34] *** niki has joined #postfix
[10:04:04] *** muecke77 has joined #postfix
[10:14:25] *** Motoko-chan has quit IRC
[10:23:04] *** cssbkgn has joined #postfix
[10:34:10] <syslogd> higuita: Thanks!
[10:34:44] <syslogd> higuita: I just want to check if it is a user (no @ character).
[10:37:47] *** muecke771 has joined #postfix
[10:38:34] *** blackflag has quit IRC
[10:40:08] *** Thorn_ has joined #postfix
[10:41:33] *** joelsolanki has quit IRC
[10:42:31] *** Thorn_ is now known as Thorn
[10:47:33] <Thorn> hello. I have postfix on server.example.com. all mail for example.com is handled by ISP (mail.example.com). my server only needs to send out mail. I have myhostname = server.example.com and relayhost = mail.example.com when I send mail for @example.com it's accepted, but for other domains mail.example.com rejects it with 'Relay access denied'
[10:47:51] *** CelticSoul has left #postfix
[10:48:28] <Thorn> I guess it's because from fomain is server.example.com and not example.com, so is there a way to rewrite the from address while keeping local delivery working?
[10:49:43] <Thorn> s/from fomain/from domain/
[10:49:51] <xpoint> Thorn, see generic_maps
[10:50:50] <xpoint> Results for postfix generic_maps: 1. Mailing List Archive For postfix-users at postfix dot org: smtp_generic ...: http://library.pantek.com/Mailing%20Lists/postfix.org/postfix-users/07/08/2366.html | 2. NEOHAPSIS - Peace of Mind Through Integrity and Insight: http://archives.neohapsis.com/archives/postfix/2007-08/0412.html
[10:51:23] <xpoint> 3. Postfix 2.2.0 official release available: http://webui.sourcelabs.com/postfix/mail/user/threads/Postfix_2.2.0_official_release_available.meta
[10:52:14] *** muecke77 has quit IRC
[10:52:38] <Thorn> looking at it
[11:02:29] *** omry has joined #postfix
[11:03:00] <omry> I dist upgraded from debian etch to lenny, and now postfix can't send emails.
[11:03:16] <omry> I get this in the log when I try to flush the queue: warning: connect to transport amavis: Connection refused
[11:03:30] *** muecke771 has quit IRC
[11:04:00] <omry> since this system does not receive emails, I figured I can avoid using amavis at all, so I uninstalled it. but somehow postfix still tries to use it
[11:04:03] <omry> any idea?
[11:06:48] *** NZ3BSD has joined #postfix
[11:12:13] *** adaptr has quit IRC
[11:12:24] *** adaptr has joined #postfix
[11:12:38] *** Thorn has quit IRC
[11:14:51] *** adaptr has quit IRC
[11:16:25] *** Thorn has joined #postfix
[11:17:26] *** adaptr has joined #postfix
[11:20:31] *** UQlev has quit IRC
[11:23:58] *** Jax has joined #postfix
[11:28:26] *** Jax has quit IRC
[11:36:50] *** AndyML is now known as AwayML
[11:49:21] <xpoint> omry, olso empty main.cf will solve it
[11:50:21] <xpoint> omry, from that stage with empty see !basic
[11:50:35] <xpoint> !basic
[11:50:36] <knoba> xpoint: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[11:51:29] <xpoint> omry, debian is silly server os that mangles working configs for you so when something does not work thanks goes to debian
[11:53:54] <Entroacceptor> xpoint: I've not yet encountered that
[11:54:04] <Entroacceptor> it asks if there are changes
[11:54:25] <Entroacceptor> the default is even to keep your locally modified files
[11:54:54] <xpoint> okay but not when users newer changed it ?
[11:55:06] <rob0> Well, a lot of Debian people complain here (and the mailing list) about Debian bugs/issues.
[11:55:42] <rob0> If you know how to manage Debian well and know a little bit about Postfix, you can do it.
[11:56:27] <rob0> (As long as you don't need TLS in Woody. Debian broke that.)
[11:56:32] <Entroacceptor> yes...
[11:59:26] *** sophokles has joined #postfix
[12:13:24] *** likwid- has joined #postfix
[12:18:39] *** tombar has joined #postfix
[12:22:17] <sysmonk> rob0: whoa, broke it? :)
[12:22:24] <sysmonk> rob0: in what way?
[12:26:30] *** war9407 has quit IRC
[12:26:30] *** xnixan_ has quit IRC
[12:26:30] *** PRAEDO has quit IRC
[12:26:30] *** glitch- has quit IRC
[12:26:30] *** mjoseph has quit IRC
[12:26:30] *** fremo has quit IRC
[12:26:30] *** tshine has quit IRC
[12:26:30] *** Rockj has quit IRC
[12:26:30] *** bahadunn has quit IRC
[12:26:30] *** piksi- has quit IRC
[12:26:30] *** magyar has quit IRC
[12:26:30] *** rmayorga has quit IRC
[12:27:20] *** war9407 has joined #postfix
[12:27:20] *** rmayorga has joined #postfix
[12:27:20] *** magyar has joined #postfix
[12:27:20] *** bahadunn has joined #postfix
[12:27:20] *** piksi- has joined #postfix
[12:27:20] *** Rockj has joined #postfix
[12:27:20] *** tshine has joined #postfix
[12:27:20] *** PRAEDO has joined #postfix
[12:27:20] *** mjoseph has joined #postfix
[12:27:20] *** fremo has joined #postfix
[12:27:20] *** glitch- has joined #postfix
[12:27:26] *** magyar has quit IRC
[12:27:42] *** magyar has joined #postfix
[12:28:44] *** xnixan_ has joined #postfix
[12:28:55] <likwid-> im using a transport map to push all mail for a domain to another server, but it rejects everything unless i have a local user for it, relay_recipient_maps is empty, is there something else to check?
[12:34:13] <cite> likwid-: Add domain to relay_domains, provide a list of valid recipients using relay_recipient_maps parameter.
[12:35:34] <cite> rob0: Can you elaborate on Postfix configuration issues in Debian?
[12:37:00] <likwid-> cite: it is there in relay_domains, what does a relay_recipient_maps entry look like?  maybe my syntax is wrong
[12:37:47] <cite> likwid-: recipient at relaydomain dot invalid x
[12:38:09] <cite> likwid-: The right hand side is irrelevant, you can write "x", "foo" or anything else there, Postfix will only check if tehre _is_ a right hand part at all.
[12:38:39] <likwid-> cite:  ive tried it with @domain.com x  ..  is that not the proper wildcard?
[12:38:53] <likwid-> i have a domain i dont want to check recipients at all.. just forward blindly to the transport host
[12:39:49] <cite> likwid-: Yes, it is the right wild card. Do you perhaps habe the domain i nquestion listend in relay_domains AND, say, in "mydestination", "myorigin", "virtual_mailbox/alias_domains" or something like that?
[12:40:00] <rob0> Debian Woody shipped with a patched Postfix 2.1 -- the TLS patch that Wietse was not ready to include. Wietse got TLS working in 2.2. The patch is broken and unsupported.
[12:40:52] <likwid-> cite:  oooo. !  one sec testing
[12:41:10] <omry> xpoint, the problem was that current lenny postfix package is broken (lenny is not stable), so I tried to fix it by getting some files from my previous setup.
[12:41:15] <omry> you can see where this is goind.
[12:41:19] <omry> g
[12:41:36] <cite> rob0: Ah, I see.
[12:41:37] <rob0> cite, we see them here all the time, wondering about such things as where their mail has gone if the Debian configurator has set up procmail.
[12:42:29] <cite> rob0: I'm not here durign prime time often enough (GMT+1), so I didn't know what you were referring to, hence my question.
[12:42:32] <cite> No offense intended.
[12:42:56] <likwid-> cite: thx. i did have an extra entry.. and now that ive tested, it doesn't seem like a good idea to blind forward as the bounce traffic could get silly.
[12:43:24] <rob0> There are numerous packaging "issues" with Debian. Non-standard paths such as SASL (/etc/postfix/sasl), and the little /etc/mailname patch.
[12:43:29] <cite> likwid-: You might want to consider dynamic recipient validation _if_ you are not running a backup MX.
[12:43:33] *** GoGi has joined #postfix
[12:43:59] <rob0> Not necessarily all bad or wrong, but choices that the packager makes should be taken up with the packager, IMO.
[12:44:13] <cite> rob0: Know I get it. It seems I've jsut been doing Postfix for too long on Debian, those little things I don't register anymore.
[12:44:19] <cite> s/Know/Now/
[12:45:02] *** xnixan_ is now known as xnixan
[12:45:04] <rob0> cite, as above, I'm sure you'll have no problems, as you seem to know enough about each (Postfix and Debian) to stay out of trouble. :)
[12:45:49] <cite> Don't say that. I _got_ bitten by the standard chroot setup of smtpd and I also fell for /etc/postfix/sasl several times.
[12:46:30] <cite> I reverted most of these changes when I started building my own Postfix packages when the stress patch for 2.4 was out.
[12:47:14] <cite> Far worse is, in my opinion, that starting somewhere with 2.5.4, parent_domain_matches_subdomains doesn't include relay_domains anymore per default.
[12:47:22] <rob0> "Forward[ing] blindly to the transport host" without validating recipients is extremely bad. You're certain to become a backscatter spammer if the transport host rejects unknown recipients.
[12:47:39] <cite> This is really an incompatible change, and it isn't mentioned in the (README|NEWS).Debian files.
[12:47:55] <rob0> cite, I hadn't heard about that one!
[12:48:03] <cite> rob0: Gimme a second.
[12:48:13] <rob0> Well, I had heard about the bug.
[12:48:32] <cite> rob0: http://packages.debian.org/changelogs/pool/main/p/postfix/postfix_2.5.5-1.1/changelog
[12:48:36] <rob0> If parent_domain_matches_subdomains includes relay_domains, you can end up backscattering.
[12:48:38] <cite> rob0: 2.5.4-2
[12:48:40] *** Knoedel2 has joined #postfix
[12:49:05] <cite> rob0: Nevertheless, this is a not-so-small change away from the default upstream configuration.
[12:49:49] <cite> It should at least be documented, or else, you might end up upgrading your Postfix and all hell is breaking lose because maps are suddenly interpreted differently.
[12:50:31] *** toxygen has joined #postfix
[12:50:33] <toxygen> hello
[12:50:41] <rob0> yes. Eventually Wietse is planning to unset parent_domain_matches_subdomains, but until he does, there can be problems like this.
[12:51:46] <cite> But Wietse is alway clearly marking this kind of changes with "[Incompat $DATE]" in his release files ;)
[12:52:34] <toxygen> i would like to ask regarding virtual domain catching. i have two domains, one is given as mydomain = domain1 and the second one which is in virtual_alias_domains = domain2. in /etc/postfix/virtual i have @domain1 user1 and few lines below @domain2 user2. however, all the mails are caught in user1 mailbox, no matter which domain i send them to
[12:53:40] <toxygen> if i change the mydomain = blabla and add domain1 to virtual_alias_domains, then it works. but the mydomain is scrambled
[12:53:55] <toxygen> so i would like to ask what is the proper way to setup this?
[12:54:09] <rob0> tox, prepare a pastebin showing logs, the maps, and "postconf -n" (do not munge domains.)
[12:54:18] <toxygen> ok
[12:55:37] <cite> toxygen: I'd assume that either append_at_myorigin or append_dot_mydomain is set to "yes". Hence, the pattern @domain2 user2 gets rewritten to user2@domain1 (the one in mydestination) and subsequently to user1@domain1, at which point virtual alias expansion stops and mail is delivered to user1 locally.
[12:59:28] <toxygen> cite: does it matter if domain1 and domain2 are fully qualified domains like e.g. darken.sk darken.com ?
[12:59:38] *** rouri has joined #postfix
[13:01:15] <toxygen> cite: seems to be working
[13:01:18] <toxygen> cite: thank you
[13:01:24] <toxygen> cite: does it influence also outgoing mail?
[13:03:19] <cite> toxygen: TBH, I don't understand the question.
[13:04:59] <toxygen> cite: if the outgoing mail will be anyhow changed as i set append_at_myorigin = no and append_dot_mydomain = no. e.g. whether the header will be different than before
[13:05:07] *** neoXite has joined #postfix
[13:06:08] <toxygen> *whether
[13:08:55] *** madrescher has quit IRC
[13:10:24] <rob0> "append_at_myorigin = no" is a bad idea, not recommended. Best to use FQDN's anyway, not to rely on rewriting like this.
[13:15:00] <adaptr> toxygen: since those settings change the originator address, of course they will change the "header" (it's an envelope, not a header)
[13:15:02] <cite> toxygen: I'd recommend removing domain1.com from mydestination, i.e. in mydestination, keep the mail servers FQDN (mail.domain.com). Then rewrite @domain1.com to user1 at mail dot domain.com and @domain2.com to user2 at mail dot domain.com
[13:17:39] <cite> Anyone ever used postconf -e in a script? I'd like to add a specific host to debug_peer_list during the weekend and using postconf -e 'debug_peer_list...' && postfix reload would be nice for doing that.
[13:18:44] <toxygen> cite: you mean to rewrite @domain1.com to user1 at mail dot domain.com in /etc/postfix/virtual?
[13:18:50] <cite> toxygen: Yes.
[13:19:19] <cite> toxygen: You have to add domain1.com and domain2.com to virtual_alias_domains...
[13:19:34] <toxygen> cite: but what about mail catching then?
[13:20:14] <toxygen> mail to unknownuser at domain2 dot com should end up in myuser's mailbox
[13:20:34] <toxygen> if i rewrite it to user1 at mail dot domain.com then there is no catch-all, is there?
[13:20:40] <cite> Yes there is.
[13:21:00] <cite> All mail directed to domain1.com will go to user1, all mail for @domain2.com will go to user2.
[13:21:05] *** tombar_ has joined #postfix
[13:21:25] <toxygen> i see, sorry
[13:22:13] <toxygen> i thought that " at domain1 dot com" should be changed to "user1@..." i see you meant something other
[13:22:57] <rob0> cite, I would just use a hash: file for the debug_peer_list, add the host, postmap, the change is picked up without a reload.
[13:23:04] *** rouri has quit IRC
[13:23:22] <cite> rob0: Good idea. Thanks. *typetitype*
[13:23:41] <rob0> (that should be easily scriptable too)
[13:25:58] *** pirho has joined #postfix
[13:27:21] <toxygen> cite: seems to work, thanks once more
[13:29:55] *** denis_ has joined #postfix
[13:31:33] <toxygen> cite: however, now it seems postfix rewrites oneuser at domain1 dot com to oneuser at mail dot domain1.com
[13:31:38] <toxygen> cite: is there a way to avoid this?
[13:32:38] <toxygen> i mean orig_to is john at domain1 dot com but then it writes to=<john at mail dot domain1.com>
[13:32:58] <toxygen> mydomain should be mail.domain1.com, right?
[13:37:45] <adaptr> !Mydomain
[13:37:46] <knoba> adaptr: "Mydomain" : a configuration parameter in the main.cf: The internet domain name of this mail system. The default is to use $myhostname minus the first component. $mydomain is used as a default value for many other configuration parameters.
[13:37:55] *** tombar has quit IRC
[13:38:20] <adaptr> for all non-special cases, consider it to be the mail domain
[13:38:29] <adaptr> yours may not be non-special :)
[13:46:28] <toxygen> yes, but how then assure mail catching for the other virtual domains? because when i set mydomain then all the mail is caught as if it was addressed to @domain1.com. but if i set it to mail.domain1.com then the different virtual domains' catchings work
[13:46:47] <toxygen> but still, i want users to have their mail delivered without mail.domain...
[13:47:28] <cite> Set myorigin properly.
[13:48:21] <toxygen> ok, let me see
[13:48:55] <cite> mydestination = mail.domain1.com (add localhost and stuff), myorigin = domain1.com, mydomain=mail.domain1.com, virtual_alias_domains = domain1.com, domain2.com, @domain1.com user1 at mail dot domain1.com, @domain2.com user2 at mail dot domain1.com
[13:50:17] *** [shg] has joined #postfix
[13:50:43] <adaptr> errrrng
[13:50:51] <adaptr> !virtual_alias_domains
[13:50:52] <knoba> adaptr: "virtual_alias_domains" : a configuration parameter in the main.cf: Optional list of names of virtual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains.
[13:50:57] <adaptr> *domains*
[13:51:03] <adaptr> @ has no place there
[13:51:09] <adaptr> postfix will not start
[13:53:50] <cite> adaptr: I know. This was the entry for the actual virtual_alias_maps, as he will clearly know, beacuse we mentioned that like 12 times in the course of the discussion ;)
[13:54:12] <adaptr> and he still fucks it up eh ?
[13:54:16] <adaptr> extra points
[14:24:21] *** havvg has joined #postfix
[14:25:12] <Alanin_> lo guys
[14:26:03] <Alanin_> adaptr: didnt hit the cbl today
[14:26:07] <Alanin_> think its working
[14:27:27] *** splee has joined #postfix
[14:31:17] <adaptr> of course it works ! we told you it would, didn't we ? :)
[14:32:47] *** Alanin_ has quit IRC
[14:37:52] *** zch-alexa has quit IRC
[14:38:54] *** NZ3BSD has quit IRC
[14:41:19] *** Alanin_ has joined #postfix
[14:44:31] *** zch-alexa has joined #postfix
[14:46:42] *** tombar__ has joined #postfix
[14:48:05] *** aiju has joined #postfix
[14:48:22] <aiju> We're using one Postfix server for two domains, how to discriminate between them?
[14:57:40] *** war9407 has quit IRC
[14:59:42] *** war9407 has joined #postfix
[15:01:45] *** neurodamage has joined #postfix
[15:02:31] <neurodamage> http://rafb.net/p/GFWR8Z74.html
[15:02:43] *** aiju has left #postfix
[15:02:53] <neurodamage> what's the reason I'm getting relay access denied messages when trying to use smtp+tls with thunderbird client?
[15:03:27] *** [shg] has quit IRC
[15:04:00] <cite> neurodamage: Your smtpd_banner setting is foobared. It doesn't include the mail servers hostname nor the keyword "ESMTP".
[15:04:22] <cite> neurodamage: For the relay access denied part: _Did_ THunderbird use AUTH successfully?
[15:04:50] <neurodamage> cite: you could be right, let me fix that right quick, yes it did "auth"
[15:05:01] *** tombar_ has quit IRC
[15:06:01] <cite> neurodamage: How can it AUTH? You don't have smtpd_sasl_auth_enable = yes in your config.
[15:06:04] <neurodamage> cite: I did, $myhostname ESMTP $mail_name (Debian/GNU)
[15:06:13] <neurodamage> and still getting relay access denied issues
[15:06:41] <neurodamage> cite: yes I do, line 34
[15:06:56] <cite> neurodamage: You are missing a "d" in line 34.
[15:07:12] <cite> It's smtp"d"_sasl_auth_enable, you have smtp_sasl_auth_enable.
[15:07:18] <cite> smtpd is the server, smtp the client.
[15:08:36] <neurodamage> cite: yup that worked, huh...
[15:08:52] <neurodamage> now I'm not getting the right password...getting errors on password, used saslpasswd2 username
[15:08:56] <neurodamage> tos et the password for that.
[15:11:55] <neurodamage> I'm not this much of a muppet usually, just haven't gotten sleep for days, and coding is priority right now :(
[15:14:46] *** rootsvr has joined #postfix
[15:16:28] *** tombar_ has joined #postfix
[15:31:23] *** rootsvr has quit IRC
[15:34:13] *** ikaro has joined #postfix
[15:34:50] *** tombar__ has quit IRC
[15:47:11] *** tombar_ is now known as Tombar
[15:56:41] *** likwid- has quit IRC
[15:59:17] *** Niemi_ has joined #postfix
[16:01:18] *** higuita has quit IRC
[16:08:24] *** TGM has joined #postfix
[16:20:07] *** loddafnir has joined #postfix
[16:31:51] *** aiju has joined #postfix
[16:32:02] <aiju> I found some mails in /var/spool/postfix/active
[16:32:17] <aiju> Due to the qmgr documentation they should be delivered, but they aren't
[16:33:37] <aiju> and i found in the log files
[16:33:38] <aiju> Oct 25 16:35:21 sampi postfix/master[782]: warning: /usr/lib64/postfix/local: bad command startup -- throttling
[16:33:44] *** mark-use has joined #postfix
[16:37:34] *** Alanin___ has joined #postfix
[16:48:23] *** mark-use has quit IRC
[16:48:45] *** Alanin_ has quit IRC
[16:49:15] <deface> aiju: whats the error above it ?
[16:49:51] <aiju> Oct 25 16:46:21 sampi postfix/master[1034]: warning: process /usr/lib64/postfix/local pid 21432 exit status 1
[16:49:55] *** sepski has joined #postfix
[16:50:00] <deface> no, keep going
[16:50:24] <deface> how do i disable the transcript emails? - i seem to be getting all the errors from mailer-daemon at domain dot com - w/ all failure's
[16:50:53] <aiju> deface: they aren't any more
[16:51:07] <deface> should be more than that
[16:51:11] <aiju> these two just keep repeating again and again
[16:51:19] <aiju> it startet 16:20 (CEST)
[16:51:21] <deface> hmm, turn on verbose logging
[16:51:23] <aiju> *started
[16:51:32] <aiju> How?
[16:51:33] <deface> !verbose
[16:51:34] <knoba> deface: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.
[16:51:41] <aiju> I did
[16:51:56] <aiju> local     unix  -       n       n       -       -       local -v
[16:52:06] <deface> no, the smtp line
[16:52:59] <aiju> it just keeps repeating the same messages
[16:53:02] <aiju> ignoring the verbose flags
[16:53:56] <aiju> ah
[16:54:10] <aiju> it's now really verbose, there are a lot of messages in mail.info
[16:54:56] <aiju> but they don't explain the failure of local
[16:55:30] <aiju> Oct 25 16:55:29 sampi postfix/local[24712]: process generation: 24 (24)
[16:56:29] <aiju> ah mail.log
[16:56:36] <aiju> Oct 25 16:56:30 sampi postfix/local[24717]: fatal: open dictionary: expecting "type:name" form instead of "/etc/mail/aliases"
[16:57:47] <aiju> what file format is the /etc/mail/aliases file? dbm, hash, whatever?
[16:57:47] <deface> paste the output of postconf -n to a pastebin
[16:57:58] <deface> newaliases should hash that file for you
[16:58:58] <aiju> what lines do you want?
[17:00:11] <deface> !pastebin
[17:00:12] <knoba> deface: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[17:00:16] <deface> everything
[17:00:40] <aiju> ah k, it works now
[17:01:04] <TGM> guys, where i can mask my adress from 	apache at example dot example.net to apache at example dot net ?
[17:01:22] <aiju> TGM: mydestination, perhaps?
[17:01:42] <TGM> was Mail Aliases or something
[17:04:10] <TGM> nvm, i found it
[17:09:01] *** Juspion has joined #postfix
[17:09:09] *** Southron has left #Postfix
[17:10:54] *** Southron has joined #Postfix
[17:11:06] *** VietWOW has joined #postfix
[17:11:34] <VietWOW> hi all
[17:11:35] *** Alanin_ has joined #postfix
[17:11:45] *** aiju has left #postfix
[17:12:31] <thumbs> VietWOW: all is not in today
[17:13:04] <VietWOW> thumbs: why ?
[17:13:11] <thumbs> seen all
[17:13:22] <thumbs> VietWOW: type /whois all
[17:14:04] <VietWOW> i need some help about virtual domain in postfix
[17:14:07] <VietWOW> can u ?
[17:14:19] <thumbs> can I what?
[17:14:38] <VietWOW> can you help me about  virtual domain in postfix ?
[17:14:49] <thumbs> it depends on your actual question
[17:14:53] <VietWOW> ok
[17:15:15] <VietWOW> i setup virtual mailbox in postfix as guided from http://www.akadia.com/services/postfix_separate_mailboxes.html
[17:15:21] <VietWOW> here is my config
[17:15:33] <VietWOW> [root@vietwow home]# cat /etc/postfix/virtual_domains
[17:15:34] <VietWOW> vietwow.com
[17:15:34] <VietWOW> vietwow.net
[17:15:44] <thumbs> yeah, and don't flood the channel
[17:16:12] <VietWOW> sorry
[17:16:49] <VietWOW> my setup is ok, no error
[17:16:59] <VietWOW> but when I send a mail
[17:17:09] <VietWOW> from vietwow at vietwow dot com to vietwow at vietwow dot net
[17:17:12] <VietWOW> I got a error
[17:17:25] <VietWOW> virtual status=bounced (unknown user: "vietwow")
[17:17:36] *** zch-alexa has quit IRC
[17:17:53] <TGM> then useradd vietwow
[17:18:27] <VietWOW> no, I am configuring virtual mailbox, means not need to have a real acc for mailbox
[17:18:29] <VietWOW> virtual user
[17:19:06] <TGM> erm
[17:20:24] <VietWOW> erm ?
[17:20:27] *** Alanin___ has quit IRC
[17:22:05] <TGM> du no
[17:27:28] <TGM> quick question, If i use postfix, i now have to change sendmail_patch = /usr/sbin/postfix -t -i in php.ini so I can send mail tru php?
[17:28:14] <VietWOW> ok I fixed problem
[17:28:26] <VietWOW> thank you
[17:28:27] <VietWOW> :)
[17:29:10] <VietWOW> TGM: I use telnet, not command :D
[17:29:52] <TGM> oki doki
[17:30:19] *** cpbills has quit IRC
[17:30:19] *** lunaphyte_ has quit IRC
[17:30:19] *** BBishop has quit IRC
[17:30:19] *** syslogd has quit IRC
[17:30:44] *** syslogd has joined #postfix
[17:30:44] *** lunaphyte_ has joined #postfix
[17:30:44] *** cpbills has joined #postfix
[17:30:44] *** BBishop has joined #postfix
[17:31:17] *** piksi has left #postfix
[17:33:52] *** Juspion has quit IRC
[17:37:27] *** jwit_ is now known as jwit
[17:46:06] *** nfsnobody has joined #postfix
[17:46:12] *** pulsar has joined #postfix
[17:47:54] *** m0t3jl has joined #postfix
[17:49:24] <m0t3jl> Hello. I have just updated all my internal dns records to say that every computer's mail is handled by the one mail server. What changes should I make to my postfix configuration in order for it to receive the emails? The current situation is that it will relay those emails :(. Thanks
[17:52:35] *** syslogd_ has joined #postfix
[17:54:26] *** nfsnobody- has quit IRC
[17:55:06] <adaptr> you updatedet ALL your DNS records ? how about you changed just one MX record ?
[17:55:13] <adaptr> !local
[17:55:13] <knoba> adaptr: "local" : The local(8) daemon processes delivery requests from the Postfix queue manager to deliver mail to local recipients, meaning users that exist in your /etc/passwd. This is done for domains listed in $mydestination. See !basic.
[18:00:37] <m0t3jl> adaptr, There's one MX record for the domain itself, but there are also MX records for every computer in the network.
[18:00:37] *** neoXite has quit IRC
[18:00:51] <adaptr> m0t3jl: that's not actually possible, or even remotely useful
[18:02:22] <m0t3jl> adaptr, Having to check all the root's mailboxes on every computer in the network is not quiet useful, if I could receive the mail for every computer in the network on one server, I could easily read the emails for root for example.
[18:02:48] <adaptr> what does that have to do with per-machine MX records ?
[18:03:04] <adaptr> just install something simple like ssmtp on each box and forward to a real address
[18:03:29] <adaptr> or perhaps it's time to invest some time into setting up remote syslogging
[18:05:45] *** syslogd has quit IRC
[18:06:20] *** nfsnobody- has joined #postfix
[18:06:35] <m0t3jl> adaptr, I don't see that useful at all
[18:06:46] *** neoXite has joined #postfix
[18:11:19] <adaptr> whatever floats your boat
[18:11:58] <deface> yeah, that doesnt make sense
[18:12:03] <deface> internal dns records?
[18:13:03] <m0t3jl> deface, the internal DNS server ;)
[18:13:16] <deface> ok, how many domains ?
[18:13:20] <adaptr> one
[18:13:27] <deface> lol .. so 1 mx record
[18:13:27] <m0t3jl> deface, two
[18:13:39] <deface> ok, 2 mx records need modifying
[18:14:00] <m0t3jl> deface, but that's just for the exmaple.com, not for *.example.com, isn't it?
[18:14:34] <deface> depending on how you have them setup
[18:14:35] <adaptr> if there are no other MX records for any subdomains, yes, that is also valid for ALL subdomains
[18:14:44] <adaptr> grep some RFCs
[18:15:08] *** nfsnobody has quit IRC
[18:15:16] <m0t3jl> adaptr, that's not corrent, I believe.
[18:16:13] <adaptr> I don't care what you believe, it's in the RFCs
[18:16:22] <m0t3jl> adaptr, the MX records are just for the domain itself, normally when a user tries to send mail to something.example.com where the something has an existent A record, then the mail should be delivered to the machine...
[18:16:44] <adaptr> why would that ever happen ?
[18:16:48] <adaptr> that is what MXen are for
[18:17:54] <cite> m0t3jl: You are correct. an MX entry for example.com will not be used for sub.example.com
[18:18:12] <m0t3jl> cite, thanks
[18:18:18] <m0t3jl> adaptr, take a look here: http://www.langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-5.html
[18:18:57] <adaptr> don't wanna
[18:19:00] <m0t3jl> adaptr, in that howto (which I use every time, because it's very good howto) there's an example of a domain file, in which there are MXs for the domain itself and for every of the A records
[18:19:03] <adaptr> I'm on holiday
[18:19:36] <m0t3jl> adaptr, why are you so stretched? I am trying to be friendly, but you're surely not...
[18:20:07] <adaptr> I just think it's an asenine "solution" to invent MX records for every one of a gazillion machines just to manage their mail
[18:20:25] <adaptr> use one of the proper methods, which I already suggested
[18:20:44] <m0t3jl> adaptr, The domain records are generated from a database, so there's really no problem in generating one more line for every A record ;)
[18:20:54] <adaptr> you did nae say that
[18:21:10] <adaptr> if it's fully automated, then what's the problem ? is there a problem ?
[18:21:17] <m0t3jl> adaptr, there is ;)
[18:21:34] <m0t3jl> adaptr, the mail server will not receive the emails for the machines, it will relay them ...
[18:21:58] <adaptr> and I believe that is the very first answer I gave
[18:22:01] <adaptr> !local
[18:22:01] <knoba> adaptr: "local" : The local(8) daemon processes delivery requests from the Postfix queue manager to deliver mail to local recipients, meaning users that exist in your /etc/passwd. This is done for domains listed in $mydestination. See !basic.
[18:22:26] <adaptr> are we talking exclusively root mail here ?
[18:22:28] <m0t3jl> adaptr, so you are suggesting to generate mydestination automatically?
[18:22:35] <m0t3jl> adaptr, every email
[18:22:43] <adaptr> no, you don't have to, since postfix is less braindead than DNS
[18:22:58] <adaptr> it will accept all subdomains with pleasure
[18:23:20] <cite> m0t3jl: May I suggest another solution?
[18:23:22] <m0t3jl> adaptr, er, so what should I put into the mydestination then?
[18:23:26] <m0t3jl> cite, sure, why not ;)
[18:24:01] <cite> m0t3jl: If you just want to receive all the locally generated mails, why not just alias "root" to an address your Postfix server is responsible for?
[18:24:41] <m0t3jl> cite, that's what I was thinking of in the first place, but that would lead to manually editing all the 50 PCs ;)
[18:24:53] <cite> Why on earth do you have to manually edit them?
[18:24:56] *** amrit|zzz is now known as amrit
[18:25:11] <adaptr> and do you have postfix running on all 50 pc's ?
[18:25:18] <adaptr> you do, don't you?
[18:25:20] <m0t3jl> adaptr, no
[18:25:39] <adaptr> then an alias won't help any either
[18:25:51] <adaptr> since only an MTA actually uses them
[18:26:06] <cite> m0t3jl: What are your clients running?
[18:26:19] <m0t3jl> There's no MTA on any of the machines except for the mail server.
[18:26:37] <cite> If there is no MTA, how can they send mail, even locally?
[18:28:11] <m0t3jl> cite, oh, crap ... My bad, there is procmal running ;)
[18:28:15] <m0t3jl> s/procmal/procmail/
[18:28:30] <adaptr> ..which is not an MTA either
[18:28:45] <cite> Ok. So maybe i am dumb as a rock, but: Are we not talkign about mails generated by e.g. cron output?
[18:28:46] <adaptr> you need something that can SEND mail on each machine, eitehr sendmail, or ssmtp, or mailx
[18:29:02] <adaptr> he probably just uses mailx
[18:29:12] <cite> Which does nothing more than call sendmail.
[18:29:21] <adaptr> mailX ? surely that does smtp
[18:29:46] <m0t3jl> cite, it's mainly for mails like that, you're right
[18:29:53] <adaptr> I know *cron* uses it, exclusively
[18:30:34] <cite> m0t3jl: Then find out which MTA provides the /usr/lib/sendmail or /usr/sbin/sendmail program.
[18:32:28] *** Tombar has quit IRC
[18:33:04] <cite> adaptr: You are wrong again. cron is calling the sendmail binary.
[18:33:12] <cite> adaptr: At least, that's what Vixie cron does.
[18:33:14] *** Tombar has joined #postfix
[18:33:28] <cite> adaptr: config.h:# define _PATH_SENDMAIL "/usr/lib/sendmail"
[18:33:33] <m0t3jl> cite, oh crap for the second time, looks like my colleague has installed sendmail on all of them without telling me, I think I will have a fisttalk with him ;)
[18:34:25] <cite> m0t3jl: Then it's quite easy. Something along the lines of while read line; do ssh -l root $line "sed -i 's/root:.*/root: mail at example dot com/' ; newaliases"; done < /tmp/file-with-all-hosts
[18:35:49] <cite> Then just make sure the hosts sendmail program can do an MX lookup for example.com and create the necessary mailbox "mail at example dot com"
[18:35:59] <cite> Gonna fix my frdige.
[18:36:33] <m0t3jl> cite, that could be done, you're right .... but anyway, is there a way to tell postfix to receive email for *.example.com?
[18:36:46] <m0t3jl> s/email/emails/
[18:39:58] *** sepski has quit IRC
[18:42:15] *** adaptr has quit IRC
[18:42:26] *** adaptr has joined #postfix
[18:43:20] *** BBishop has quit IRC
[18:43:20] *** cpbills has quit IRC
[18:43:20] *** lunaphyte_ has quit IRC
[18:43:49] *** lunaphyte_ has joined #postfix
[18:43:49] *** cpbills has joined #postfix
[18:43:49] *** BBishop has joined #postfix
[18:44:54] <cite> m0t3jl: You can always use a regexp map to rewrite the addresses in virtual_alias_maps. Like / at host dot example.com/   user+host at example dot com
[18:45:05] <cite> Erm. user+$1 at example dot com, ofc
[18:46:07] <m0t3jl> cite, I was thinking about using regexp in mydestination
[18:46:40] <war9407> 3Anyone here ever try out ASSP? w/postfix?
[18:47:51] <m0t3jl> cite, the point is now that I though that locally generated emails would be sent according to the MX record, but it seems that the local sendmail will deliver them locally (if I won't rewrite the /etc/aliasses file)...
[18:47:56] *** tombar_ has joined #postfix
[18:52:57] <cite> m0t3jl: Sure, because "root" as an unqualified address will become "root@$(hostname)", an address that sendmail considers local hence no DNS lookups are done.
[18:53:27] <cite> So, go for the aliases. Believe me. I've been there and done that, for years. It saves you a lot of troubl.
[18:55:49] <m0t3jl> cite, I will, but think of a user writing to another user using mutt and using the username of the another user without the domain part, the username would become username@localhost and the email would be delivered to /var/spool/mail, where mutt or anyhing else would never find it ...
[18:56:16] <m0t3jl> cite, the real Solution would be to relay all emails (even the local ones) to the central mail server
[18:56:49] <cite> I thought we were talking about root
[18:57:51] <m0t3jl> cite, we were, that was the first step ;
[18:57:51] <m0t3jl> )
[18:58:12] <m0t3jl> cite, the next step is to prevent those user human errors stuff from happening
[19:00:02] <cite> Easily done, disable local delivery, set an empty mydestination, configure myorigin accordingly, seta relayhost.
[19:00:19] <cite> I don't know how to do this in sendmail, though.
[19:04:40] *** denis_ has quit IRC
[19:04:52] *** denis has joined #postfix
[19:05:57] *** tombar_ has quit IRC
[19:07:38] *** Tombar has quit IRC
[19:07:49] *** pitakill has joined #postfix
[19:14:07] <m0t3jl> cite, I've had a phone conversation with my colleague, he will switch from sendmail to postfix on those machines and we will configure it as you've said
[19:18:24] *** Dominian has quit IRC
[19:21:19] *** Dominian has joined #postfix
[19:21:32] *** rob0 has quit IRC
[19:21:35] *** rob0 has joined #postfix
[19:33:34] *** _Driver_ has joined #postfix
[19:41:46] *** hever has joined #postfix
[19:48:30] *** Pazzo has joined #postfix
[19:48:56] *** neoXite has quit IRC
[19:52:40] *** carl- has joined #postfix
[19:59:10] *** splee has quit IRC
[19:59:22] *** splee has joined #postfix
[20:03:38] *** SeJo is now known as maesjoch
[20:03:40] *** jense has joined #postfix
[20:04:22] *** rouri has joined #postfix
[20:08:56] *** Pazzo has quit IRC
[20:11:29] *** sepski has joined #postfix
[20:14:15] *** Pazzo has joined #postfix
[20:16:00] *** Zeit|awy_ has quit IRC
[20:21:23] *** hparker has joined #postfix
[20:30:01] *** aquini has joined #postfix
[20:30:48] *** Lap_64 has joined #postfix
[20:36:00] <deface> what sends out the connection errors ?
[20:36:15] <adaptr> whut?
[20:36:35] <deface> from mailer-daemon@domain .. they contain every failed connection attempt
[20:36:41] <aquini> Hi folks!
[20:36:51] <deface> Transcript of session follows.
[20:37:12] <aquini> how is the best way to rewrite the recipient address in incoming messages?
[20:37:28] <deface> masquerade ?
[20:37:29] *** BuenGenio has joined #postfix
[20:37:37] <cite> deface: ADjust the setting of notify_classes in main.cf Everything apart from 2bounce, software, resource is too noisy.
[20:37:56] <cite> !virtual_alias_maps
[20:37:57] <knoba> cite: "virtual_alias_maps" : a configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote address. The table format and lookups are documented in virtual(5).
[20:37:57] *** maesjoch is now known as Sejo
[20:38:01] *** Sejo is now known as SeJo
[20:38:45] <deface> ty cite
[20:39:12] <aquini> I'm trying to use the canonical lookup map... but it can't rewrite one to multiple addresses...
[20:39:44] <cite> !tell aquini virtual_alias_maps
[20:41:52] <aquini> is virtual_alias_maps works even if the incoming recipient (that will be rewritten) actually does not exist?
[20:42:45] <cite> aquini: Yes.
[20:43:16] *** Pazzo has quit IRC
[20:44:40] <aquini> and through it I will be able to define multiple recipients?
[20:44:58] <cite> aquini: Yes.
[20:45:43] <aquini> Ok! I'll try to do it! Thanks folks!
[20:46:11] <aquini> later I'll be back to report success or ask again!! ;)
[20:46:14] *** kjackson has joined #postfix
[20:46:17] <deface> cite: still kicking them out, i added delay only to it
[20:46:52] <cite> Did you issue "postfix reload" after the change? What is the output of "postconf notify_classes"?
[20:47:13] <cite> deface: Actually, "delay" is one of the worst choices :-P
[20:47:28] <deface> why so?
[20:47:31] <cite> deface: As I said, I'd only run "resource,software" and perhaps "2bounce" on a production server.
[20:47:33] <deface> if i have a delay, i'd like to know why
[20:47:38] <cite> Because mail get's delayed all the time.
[20:47:46] <deface> well the resource is whats causing me to get flooded
[20:47:58] <deface> well im only relaying to my client domains
[20:48:02] <cite> Show one of those postmaster bounces please.
[20:48:08] <cite> !tell deface nopaste
[20:48:08] <knoba> cite: Error: No factoid matches that key.
[20:48:09] <deface> http://rafb.net/p/2dBrZz65.html
[20:48:13] <deface> its pastebin
[20:48:55] <cite> You are zeus.fluxlabs.net?
[20:48:59] <deface> yes
[20:49:15] <deface> its the connection transcript
[20:49:18] <deface> i dont want it .. lol
[20:49:31] <cite> You have some kind of misconfiguration.
[20:49:53] *** xpoint has quit IRC
[20:50:44] <cite> YOu should want to investigate those errors.
[20:50:58] <cite> Postfix seems unable to do validation of local recipients.
[20:51:28] <kjackson> Ok... so I've got postfix+dovecotSASL+dovecot+mysql all set up. Since I changed auth in dovecot from PAM to MySQL I can no longer send mail when sasly authenticated in Postfix. Per the topic, here is my config, along with the log showing that the mail is not being relayed: http://pastebin.com/m57ebb8ed
[20:52:20] <adaptr> Recipient address rejected: User unknown in virtual mailbox table
[20:52:41] *** aquini has quit IRC
[20:52:46] *** Marco has joined #postfix
[20:52:50] <adaptr> I'd remove that constraint if I were you, unless you really want to hand-hack all microsoft mail addresses into your database
[20:52:54] <Marco> Hello
[20:53:03] <Marco> how would I go about running postfix on both 25 and 2525
[20:53:17] <adaptr> just add an smtp line in master.cf
[20:53:21] <adaptr> smtpd, sorry
[20:53:27] <kjackson> Err, perhaps I'm not clear. The point is I was SASL authenticated to postfix, so it shoudl have let me send mail wherever I wanted
[20:53:32] <adaptr> copy and paste the smtpd line and change the port
[20:53:45] <adaptr> kjackson: your restrictions suck
[20:53:57] <kjackson> They do?
[20:54:03] <adaptr> kjackson: postconf |grep restrictions
[20:54:26] <adaptr> you have shit before accepting anything an authed client does
[20:54:41] <adaptr> and the basic layout is to accept whatever an authed client does
[20:54:45] <adaptr> even if it's spam
[20:55:11] <cite> kjackson: What is the ouput of "postmap -q microsoft.com mysql:/etc/postfix/vdomains.cf"?
[20:55:47] <kjackson> Err, I'm confused.. isn't that the point of sasl authentication. Once I've sasl authenticated with my postfix server, I want it to let me send mail to wheover I want. I trust you if you are authenticated...
[20:56:07] <adaptr> only if you actually structured your *restrictions that way
[20:56:10] <kjackson> microsoft.com isn't in vdomains... that's not a host I'm serving locally, I'm tryiong to relay for myself
[20:56:21] <cite> kjackson: So the output is empty?
[20:56:23] <kjackson> I have permit_sasl_authenticated
[20:56:30] <adaptr> yes, but WHERE
[20:56:34] <adaptr> waht is before it
[20:56:44] <cite> kjackson: Because that error message indicates that you misconfigured you virtual_mailbox_domains somehow.
[20:56:56] <adaptr> either that, or you're relaying the wrong ...internet
[20:57:03] <cite> kjackson: Even SASL authenticated, Postfix will (per default) do an reject_unlisted_recipient.
[20:57:04] <adaptr> yes, the entire internet
[20:57:07] <Marco> adaptr: I added "2525      inet  n       -       -       -       -       smtpd" to master.cf and restarted postfix
[20:57:09] <Marco> but no cigar
[20:57:32] <kjackson> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
[20:57:32] <adaptr> Marco: you MUST specify an IP with a non-standard service: 0.0.0.0:2525
[20:57:59] <kjackson> permit_sasl_authenticated should let me do it... it did before I changed to mysql auth in dovecot sasl
[20:58:08] <cite> kjackson: Your smtpd_recipient_restrictions are fine (well, kinda). Your problem is not with the smtpd_recipient_restrictions.
[20:58:10] <Marco> using 0.0.0.0, still nothing
[20:58:12] <adaptr> kjackson: you're not hearing what cite's saying
[20:58:18] <kjackson> all the other restrictions are empty
[20:58:20] <cite> kjackson: So could you _please_ run that postmap command?
[20:58:29] <adaptr> Marco: restart postfix
[20:58:29] <kjackson> hurricane ~ # postmap -q microsoft.com mysql:/etc/postfix/vdomains.cf
[20:58:29] <kjackson> abenmael.com,crimebucket.com
[20:58:34] <Marco> adaptr: I did
[20:58:37] <cite> So, there you got it.
[20:58:41] <adaptr> Marco: what is in the log ?
[20:58:53] <kjackson> I got what?
[20:58:55] <cite> kjackson: Your setup of virtual_mailbox_domains is b0rken, the SQL query or the data is plain wrong.
[20:59:10] <Marco> adaptr: which log file?
[20:59:11] <cite> There is nothing wrong with any of your restrictions or with your SASl setup.
[20:59:16] <kjackson> oh, because....
[20:59:17] <adaptr> Marco: ....
[20:59:21] <kjackson> that shoudl return nothing, right?
[20:59:27] <Marco> you mean the output from the restart?
[20:59:31] <cite> kjackson: Right. Like I said some minutes ago.
[20:59:38] <kjackson> ok, sorry
[20:59:46] <Marco> I've never used postfix before today
[20:59:58] <adaptr> but you HAVE used a unix-like OS before today ?
[21:00:07] <Marco> yes
[21:00:08] <Marco> indeed
[21:00:08] <adaptr> so you DO know about syslog and how that works ?>
[21:00:10] <kjackson> ok, well glad I can stop pounding my head against sasl and have a new place to look now :)
[21:00:45] <kjackson> btw, off topic, anyone know an easy way to copy highlighted text from putty without copying the whole buffer?
[21:01:29] <Marco> adaptr: nothing out of the ordinary in syslog
[21:01:38] <Marco> Oct 25 19:02:18 mail postfix/master[4511]: daemon started -- version 2.5.1, configuration /etc/postfix
[21:02:17] <cite> Marco: what's the output of grep 2525 /etc/postfix/master.cf?
[21:02:34] <deface> and did you reload postfix ?
[21:02:43] <Marco> 0.0.0.0:2525	  inet	n	-	-	-	-	smtpd
[21:02:52] <Marco> deface: I did /etc/init.d/postfix restart
[21:03:07] <adaptr> kjackson: sadly, it sucks like that
[21:03:26] <adaptr> Marco: netstat -plant |grep 2525
[21:04:07] <Marco> tcp        0      0 0.0.0.0:2525            0.0.0.0:*               LISTEN      4511/master
[21:04:13] <Marco> nmap doesn't show it though :/
[21:04:30] <deface> telnet localhost 2525
[21:04:44] <deface> if its listening, then check your firewall/iptables
[21:05:24] <Marco> I don't even have iptables enabled
[21:05:31] <deface> just checking
[21:05:43] <Marco> let me try to connect from my computer
[21:05:59] <kjackson> query = select domain from domains where domain = '%d'
[21:06:17] <kjackson> Doesn't seem to work when domains is a table with just one column named domain
[21:06:38] <cite> kjackson: The right query key for this map would be %s.
[21:06:52] <cite> kjackson: There is no %d/%u in a query for virtual_mailbox_domains
[21:06:59] <deface> kjackson: you highlight it .. that copies
[21:07:13] <deface> kjackson: i think its %s
[21:07:23] <deface> hee .. cite said it
[21:07:28] <Marco> deface: is there any reason why it would listen on that port, but not show up on nmap?
[21:07:33] <Marco> besides a firewall
[21:07:52] <deface> nmap is just a scanner, by default it scans standard ports
[21:07:56] <deface> 2525 is not a standard port
[21:08:04] <deface> did you specify a range to scan ?
[21:08:06] <kjackson> Woot, it works
[21:08:12] <kjackson> Thanks guys
[21:08:14] <MarcWeber> postfix requires a FQDN, right? So is the recommended "domain" name for a personal computer  something.localhost or something.example to setup postfix for mail delivery within a private local network?
[21:08:52] <deface> MarcWeber: the requirement is based on a per postfix basis .. not required on all mail servers
[21:09:36] <cite> MarcWeber: http://www.postfix.org/SOHO_README.html#fantasy
[21:10:41] *** muecke77 has joined #postfix
[21:10:46] <MarcWeber> Thanks cite -  That's exactly what I was looking for . . /me is reading
[21:13:40] *** muecke77 has left #postfix
[21:14:03] <MarcWeber> But the recommended .local top level domains aren't reserved for that use, are they?
[21:14:29] <Marco> err, for some reason, I'm getting a "Relay access denied" error
[21:14:45] <Marco> when I send mail from so-and-so at mydomain dot com to anotherperson at gmail dot com
[21:15:34] *** hever has quit IRC
[21:15:50] <deface> !relay access denied
[21:15:50] <knoba> deface: Error: "relay" is not a valid command.
[21:15:54] <deface> blah
[21:16:47] *** hever has joined #postfix
[21:17:26] <kjackson> 'cite: kjackson: Your smtpd_recipient_restrictions are fine (well, kinda)'   what is the 'well, kinda' for, btw?
[21:17:44] *** muecke77 has joined #postfix
[21:18:30] <cite> kjackson: You don't do anything against UBE/UCE, but they are working and functional.
[21:19:04] <kjackson> so where does 'kinda' fit in? heh
[21:19:50] <Marco> deface: I guess I have to use authentication?
[21:20:02] <deface> Marco: nah
[21:20:24] <Marco> what do I do?
[21:20:34] *** stanman1 has joined #postfix
[21:20:39] *** stiv2k has joined #postfix
[21:20:49] <stiv2k> How would I specify to trust all LAN users in mynetworks
[21:20:51] <kjackson> use mynetworks = ips that can relay if it's a private net
[21:20:59] <stiv2k> mynetworks = 192.168.1.0/254 like this?
[21:21:06] <deface> no, /28
[21:21:11] <stiv2k> 28?
[21:21:18] <kjackson> 24
[21:21:22] <stiv2k> ...
[21:21:35] <stanman1> hi in my log i can see that some ip refused to talk to me. because i'm temporarely blacklisted. what's that?
[21:21:49] <deface> find out who blacklisted the ip
[21:21:55] <stiv2k> is it 28 or 24
[21:21:57] <deface> just means that server is doing an rbl lookup
[21:22:02] <deface> and your ip is on the one their using
[21:22:03] <shasta> stiv2k, depends. :)
[21:22:11] <stiv2k> shasta: depends on what?
[21:22:24] <kjackson> doing /24 is 192.168.0.*
[21:22:47] <shasta> 192.168.1.0/28 is 192.168.1.0-192.168.15
[21:22:57] <shasta> werm
[21:23:01] <stiv2k> so 28 covers a broader range?
[21:23:01] <shasta> 1.15 of course
[21:23:11] <shasta> 192.168.1.0/28 is 192.168.1.0-192.168.1.15
[21:23:14] <stanman1> wow, now i see a rejected mail , cause of a poor MTS reputation
[21:23:24] <shasta> 192.168.1.0/24 is 192.168.1.0-192.168.1.255
[21:23:29] <stanman1> how can i lookup the current queue in postfix?
[21:24:18] <stiv2k> shasta: and I need to have that if I want my mail server to relay mail for me when Im on the network w/o authentication?
[21:24:43] <shasta> stiv2k, man postqueue
[21:25:03] <shasta> stiv2k, you need to type !basic here and read what knoba suggests to you
[21:25:20] <shasta> shit
[21:25:23] <stiv2k> I used to have it working no problem.  I think one of the other sysadmins broke it
[21:25:27] <stiv2k> !basic
[21:25:28] <knoba> stiv2k: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[21:25:31] <shasta> i meant: stanman1: man postqueue
[21:25:42] <shasta> my typing-fu is weak today
[21:25:44] <stiv2k> shasta: yeah I was wondering why I needed postqueue
[21:26:19] <stanman1> shasta: thanks
[21:27:13] *** kjackson has left #postfix
[21:30:20] *** m0zzzy has left #postfix
[21:30:59] *** rouri has quit IRC
[21:32:44] <stanman1> i see mails in the queue, is it possible to get it out of the queue and into a maildir?
[21:33:13] <stanman1> !postqueue
[21:33:14] <knoba> stanman1: "postqueue" : The postqueue(1) command implements the Postfix user interface for queue management. It implements operations that are traditionally available via the sendmail(1) command. See the postsuper(1) command for queue operations that require super-user privileges such as deleting a message from the queue or changing the status of a message.
[21:33:14] <deface>  yeah .. deliver it
[21:33:48] <stanman1> deface: it wont, if i postqueue -f then in my log i get the same errors. Me being on a blacklist
[21:33:56] <stanman1> or having a poor reputation
[21:34:07] <deface> then it cant be delivered .. lol
[21:34:11] <stanman1> lol
[21:34:27] <stanman1> so i want it out of my queue, but i want to see what the mails are
[21:35:18] <deface> cat file
[21:35:41] <deface> i'd fix your reputation though
[21:35:48] <deface> what rbl is blocking ?
[21:35:50] <stanman1> i'm trying....
[21:35:52] <stanman1> dunno
[21:36:07] <deface> it should tell you on the denied server
[21:36:31] <deface> i'd also find out which user is abusing your server
[21:36:37] <deface> whose sending the shit out that got you tagged
[21:36:39] *** muecke77 has quit IRC
[21:37:01] <stanman1> maybe it's because i've got a static ip within a certain range
[21:37:24] <deface> the best way to avoid an rbl from a standalone .. forward it to a bigger isp
[21:37:28] <stanman1> if i send to a hotmail account, i get an NDR saying its a MS policy
[21:37:33] <deface> don't deliver directly via dns
[21:37:39] <deface> relay_host = smtp.isp.com
[21:37:48] <deface> yeah, your ip is trash
[21:37:59] <stanman1> how did you look it up?
[21:38:10] <deface> cause hotmail doesnt block anyone
[21:38:10] <deface> lol
[21:38:14] <stanman1> hahaha
[21:39:25] <stanman1> they block me...
[21:39:37] <deface> your isp blocks you?
[21:39:55] <stanman1> i think so.. :(
[21:40:07] <deface> if thats the case, tell your users you suck as an admin, and for them to get a free email service, or move their domains to an admin who knows what he's doing
[21:40:09] *** BuenGenio has quit IRC
[21:40:12] <deface> you are the fail @ atmin
[21:40:15] <deface> admin *
[21:40:37] <deface> thats me being nice :)
[21:40:59] <stanman1> lol. it's a small home network...
[21:41:05] <deface> thats what you get
[21:41:17] <stanman1> from what
[21:42:48] <stanman1> from learning?
[21:44:02] <deface> yeah, you learned how to get blacklisted
[21:44:07] <deface> now learn how to get un-blacklisted
[21:45:12] <stanman1> lol
[21:45:43] <stanman1> what should i look for in my logs?
[21:46:05] <deface> you already know what the issue is
[21:46:18] <deface> go check your ip against the rbl lists
[21:46:38] <deface> http://www.spamhaus.org/lookup.lasso
[21:46:58] <stanman1> this is what i got back from the hotmail try: 550
[21:46:59] <stanman1>     DY-001 Mail rejected by Windows Live Hotmail for policy reasons. We
[21:46:59] <stanman1>     generally do not accept email from dynamic IP's as they are not typically
[21:46:59] <stanman1>     used to deliver unauthenticated SMTP e-mail to an Internet mail server.
[21:47:15] <deface> ok, so you have a dynamic ip
[21:47:17] <deface> good luck getting mail to anyone
[21:47:40] <deface> your isp maintains the list of dynamic/static ip's .. and yours is on the dynamic
[21:47:47] <deface> no one accepts mail from dynamic ips
[21:47:54] <deface> so you have 2 options
[21:48:00] <deface> order a static ip, or relay to a bigger isp
[21:48:23] <stanman1> hmm.. i thought i had a static ip....
[21:49:57] <stanman1> i've got a dyndns mail relay account and will be using that one, cause the smtp server of my isp is having troubles.
[21:50:07] <deface> cite: still getting these message .. hmmm
[21:55:17] *** Zeit|awy has joined #postfix
[21:55:49] <cite> deface: Solve the problem.
[21:56:05] <cite> deface: Something is wrong with your recipient valiadation. Look in you logfiles.
[21:56:09] <deface> can't track it back .. lol
[21:56:15] <deface> its not even in my mail logs
[21:56:21] <deface> they get sent out w/ out passing through ?
[21:56:51] <deface> im serious - tail -f mail.log | grep postmaster ... is nothing
[21:57:12] <cite> There is a problem with _all_ incoming mail.
[21:57:27] <cite> Or at leas, a pretty large amount.
[21:58:11] <cite> egrep '(warning|error|fatal|panic):' mail.log | less
[21:59:00] *** denis has quit IRC
[21:59:21] <deface> no, mail flows just fine
[21:59:40] <deface> but im getting emails of all the connection attempts, instead of them being dropped
[21:59:56] <cite> You are getting the mail because your system throws a TEMPORARY ERROR.
[22:00:01] <cite> I mean, how blind can one person be?
[22:00:36] <deface> postfix/smtpd[11663]: dict_lookup: error_notice_recipient = postmaster at fluxlabs dot net
[22:00:38] <deface> all im seeing
[22:01:15] <deface> error_notice_recipient = postmaster
[22:01:16] <deface> blah
[22:01:23] <cite> deface: Out: 451 4.3.0 <KarenwatchbandSlaughter at gentoo-wiki dot com>: Temporary lookup failure
[22:01:27] <cite> You remember that one?
[22:01:36] <deface> yeah, but the user doesnt exist
[22:01:39] *** adaoraul has joined #postfix
[22:01:39] <deface> it shouldnt even accept it
[22:01:51] <deface> lemme rephrase
[22:02:01] *** cryptnix has joined #postfix
[22:02:05] <cite> So please show me all the logs pertaining to that delivery attempt.
[22:02:09] <deface> its not accepting the message, but im getting a notification of all lookup failures
[22:02:26] <cite> From initial connection to disconnect. please.
[22:03:01] <cryptnix> hrm, anyone have a tutorial here for a commercial type mail server setup?
[22:04:05] <deface> i just set error_notice_recipient to blank
[22:04:08] *** adaoraul has quit IRC
[22:04:54] <deface> and that stopped them
[22:04:59] <cite> deface: That's just so wring.
[22:05:04] <TGM> hi
[22:05:13] <cite> deface: You have a problem somewhere, and instead of fixing it, you turn of notifications.
[22:05:16] <deface> cite: why so ? .. lol
[22:05:21] <TGM> guys, what do I have to configure in php.ini to use postfix instead of sendmail?
[22:05:27] <TGM> sendmail_path?
[22:05:30] <cite> deface: Do you actually realize it takes AGES until zeus.fluxlabs.net shows an SMTP banner?
[22:05:53] <cite> TGM: Postfix comes with a drop-in replacement, called "sendmail"; which is either in /usr/sbin/sendmail or /usr/lib/sendmail
[22:05:57] <deface> cite: whatcha mean? .. delay in answering ?
[22:06:06] <cite> deface: Show those logs.
[22:06:15] <cite> deface: C'mon, I know you can do that.
[22:06:22] <cite> It's not hard.
[22:07:11] *** stiv2k has left #postfix
[22:07:18] <deface> ha, greylist getting you ?
[22:07:56] <cite> Greylisting is showing a 4xx error during SMTP. flux doesn't even begin a SMTP conversation.
[22:08:31] <deface> 220 zeus.fluxlabs.net ESMTP
[22:09:13] <cite> Ok. Everything is fine with your server. Those mails are sent out for fun only. Unsetting error recipient is fine. There is no problem with your mailservr.
[22:09:53] <cite> You are more than capable to take care of any problem on your own. I can see that clearly now.
[22:10:16] <deface> sorry, i've got about 60 domains, and im trying to filter the log
[22:10:23] <deface> for a single connection
[22:10:24] <TGM> cite, /usr/sbin/sendmail was in php.ini before I installed sendmail
[22:10:35] <TGM> and sending mails tru php works very hard
[22:10:49] <TGM> *takes very long
[22:11:46] <deface> cite: http://rafb.net/p/kk68lg98.html
[22:11:50] <deface> do you want verbose logging ?
[22:12:01] <deface> thats the only way i see anything
[22:12:49] <cite> deface: That's the wrong mail.
[22:13:08] <cite> The 435 error was created for KarenwatchbandSlaughter at gentoo-wiki dot com
[22:13:17] <deface> errr, lemme grep that one
[22:13:18] <cite> 451, even.
[22:13:44] <cite> deface: Do a grep -A10 -B10 "KarenwatchbandSlaughter at gentoo-wiki dot com" mail.log, please
[22:13:49] <cite> I need context.
[22:14:06] <cite> Or is it grep -C20?
[22:14:12] <cite> I don't remember.
[22:14:53] <deface> http://rafb.net/p/zRyR1F16.html
[22:15:58] *** MrY has joined #postfix
[22:16:30] <MrY> I installed dk-filter for postfix.. how can I track or log if postfix actually send the message into the filter?
[22:17:16] <deface> Oct 25 15:01:18 zeus postfix/smtpd[11643]: NOQUEUE: reject: RCPT from unknown[65.91.169.71]: 450 4.1.1 <KarenwatchbandSlaughter at gentoo-wiki dot com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<KarenwatchbandSlaughter at gentoo-wiki dot com> proto=ESMTP helo=<SYNEXCHES.synexches.synerfac.com>
[22:17:16] <deface> Oct 25 15:01:18 zeus postfix/smtpd[11643]: > unknown[65.91.169.71]: 450 4.1.1 <KarenwatchbandSlaughter at gentoo-wiki dot com>: Recipient address rejected: User unknown in virtual mailbox table
[22:17:20] <deface> err
[22:18:33] *** hever has quit IRC
[22:18:47] <cite> deface: That's not the 451 error you nopasted an hour before.
[22:20:05] <deface> cite: alot of traffic in this log .. trying to filter
[22:20:32] <TGM> can I use postfix smtp server instead of phpmail() to send mails faster?
[22:20:39] <TGM> or it will have the same effect
[22:20:40] <deface> 732mb log
[22:21:01] <cite> deface: You are running in debug mode while you are hit by backscatter. No wonder the log is large.
[22:21:17] <stanman1> deface: if i'd be spamming from the box, i'd see a very busy mail.log right?
[22:21:23] <deface> no, i actually just turned it on a few min ago
[22:21:37] <deface> stanman1: not in your case, cause your a dynamic ip
[22:21:57] <stanman1> i've set the relayhost up via dydns mailhop
[22:22:05] <stanman1> so the queue is empty now
[22:22:11] <deface> there yah go
[22:22:40] <stanman1> but i need to determine if it's me spamming or me having a dynamic ip
[22:22:59] <deface> probably dyn ip .. but watch the logs
[22:23:07] <deface> have you tested yourself as an openrelay ?
[22:23:37] <stanman1> not recently, but i've been fumbling around since wednesday, so i'll do it now
[22:24:46] <deface> cite: rm'd log .. let me find another 451
[22:25:12] <deface> Out: 451 4.3.0 <maryevzoneminor at gentoo-wiki dot com>: Temporary lookup failure
[22:25:31] <stanman1> no open relay (phew..)
[22:25:34] <deface> err, that was pre-del
[22:25:55] *** shinao1 has joined #postfix
[22:27:10] <cite> Lasst ihn doch.
[22:27:16] <cite> Wron channel, sorry.
[22:29:39] *** stanman1 has quit IRC
[22:32:15] <deface> cite: http://rafb.net/p/glftje78.html
[22:32:50] <deface> mail log has 450, email has 451
[22:33:55] <cite> deface: I see. Wrong entry from mail.log or do the timestamps match?
[22:34:43] <deface> not sure, timestamp is 07:46, email has 06:31
[22:34:56] <cite> Well, I think they don't match, then :)
[22:35:26] <deface> its just a retry, message above that copy has emailed timestamp
[22:35:40] <cite> And what caused the 451?
[22:36:00] <deface> http://rafb.net/p/DEVJwo27.html
[22:36:04] <deface> all 450's in logs
[22:36:07] <deface> no clue
[22:36:22] <deface> im running sqlgrey
[22:36:32] <deface> as greylist policy
[22:36:35] <deface> wonder if its fucked up
[22:38:23] <cite> You are obviously beign hit by backscatter.
[22:38:26] <cite> being, even
[22:38:41] <cite> So it seems that under stress one part of your mailserver failed.
[22:38:48] <deface> the thing is, that email attempt is never accepted
[22:38:56] <cite> Yes, I know.
[22:39:08] <deface> makes no sense to me
[22:39:11] <cite> But since some part of your mailsystem failed under load, Postfix was unable to perform it's duty.
[22:39:21] <cite> And what it did was sending you a notice.
[22:40:09] <cite> Like "Hey Mo, there's a lot of black smoke coming out of your car. Better have Pete from garage check it out!"
[22:40:17] <deface> ha
[22:40:30] <deface> nah, box is not under load, its a dual xeon e5535 w/ 12 gigs of ram
[22:40:32] <deface> box idles
[22:41:16] <cite> Well, obviously it was enough load to make some parts fail.
[22:41:29] <MrY> Could someone point me to a package name for postfix domainkey?
[22:41:30] <deface> every attempt fails ?
[22:41:33] <cite> Where "load" doesn't necessariliy mean that CPU or memory are exhausted.
[22:41:45] <cite> You could well have hit some connection limits or stuff.
[22:41:49] <deface> i can send mail to a legit message, and it gets through
[22:41:59] <deface> err, legit address
[22:42:02] <cite> Yo still don't understand it, do you?
[22:42:09] <cite> What you saw was a TEMPORARY error.
[22:42:19] <cite> It happened then, it doesn't have to happen NOW:
[22:42:40] <deface> http://rafb.net/p/WWEU5x95.html
[22:42:57] <deface> but its 'happening' on every message where a user doesnt exist
[22:43:06] *** chrisq has quit IRC
[22:43:19] <cite> So the transcript does also show "450 Greylisted?"
[22:43:28] <deface> nope
[22:43:37] <deface> its only going to greylist if user exists
[22:43:38] <cite> So ti doesn't happen on every incoming mail.
[22:43:48] <deface> correct, only to address's that don't exist
[22:44:27] <cite> deface: http://paste.debian.net/20025/
[22:44:33] <cite> deface: Did you get an error message?
[22:44:53] <deface> sec
[22:44:55] <TGM> guys, what do I have to check to not send mails in spam box?
[22:45:34] <deface> cite: http://rafb.net/p/djrtrK17.html
[22:45:35] <cite> MrY: dkim-filter
[22:45:48] <deface> now lets see if i get an email
[22:46:31] <cite> deface: First thing I notice when looking at your setup: You have mysql: tables.
[22:46:43] <deface> yes
[22:47:10] <cite> deface: MySQL without proxymap (and explicit proxymap process limits in master.cf) is often the culprit.
[22:47:16] *** m0t3jl has quit IRC
[22:47:45] <cite> deface: I see 3 mysql maps im your config, given a smtpd process limit of 100, they could use up to 300 mysql connections.
[22:47:53] <cite> The default connection limit of MySQL is 100.
[22:47:59] <deface> and i have mine set to 500
[22:49:05] <cite> deface: Second thing I see: In your recipient checks, you have a check_policy_service call (sqlgrey?) _before_ permit_sasl_authenticated. Then, you have a lot of reject_* _before_ reject_unauth_destination
[22:50:53] <deface> http://rafb.net/p/4E9SsE87.html
[22:50:54] <deface> better ?
[22:51:25] <cite> deface: Sec
[22:51:39] <deface> 7543 messages in the postmaster's box
[22:51:40] <deface> lol
[22:52:12] *** sepski has quit IRC
[22:52:43] <cite> deface: A much more efficient ordering would be: http://paste.debian.net/20026/
[22:53:18] <deface> that my list, or yours ?
[22:53:38] <cite> deface: Yours, reordered, added permit_auth_desination
[22:53:43] <deface> ty
[22:53:52] <cite> deface: Third thing I see: local_recipient_maps = $virtual_mailbox_maps unix:passwd.byname
[22:54:07] <cite> deface: Never mix address classes. local_recipient_maps = unix:passwd.byname is just fine.
[22:54:13] *** carl- has quit IRC
[22:54:32] <cite> deface: Fourth thing I see: You are using "maps_rbl_domains", which is deprecated. Remove it.
[22:55:32] <cite> deface: Fifth thing I see: You are configure tls, but you set "smtpd_use_tls = no" instead of "smtpd_use_tls = may". If you don't want TLS, you don't need to configure certificates and stuff.
[22:56:03] <deface> yeah, had no to disable it
[22:56:05] <cite> Ok, and you probably set "soft_bounce = yes" for debugging, so I won't mention it.
[22:57:52] <deface> all fixed
[22:58:11] <cite> Are there still mails in your mailqueue?
[22:58:24] <deface> queue was never backed up
[22:58:31] <deface> but i will flush all the errors
[22:59:19] <cite> I'd still recommend to use proxy:mysql instead of bare mysql: (and explicitely set a limit for proxymap in main.cf).
[22:59:33] <deface> whats the proxmap limit line ?
[22:59:36] <deface> proxy*
[22:59:49] *** blackflag has joined #postfix
[22:59:58] <cite> deface: Seventh column in master.cf, the line starts with "proxymap".
[23:00:34] <cite> deface: But if you are absolutely _sure_ that you set the connection limit to 500 and you did not change the smtpd process limit, there is no need to edit master.cf
[23:00:39] <deface> proxymap  unix  -       -       n       -       -       proxymap
[23:01:02] <deface> zeus postfix # grep max- /etc/mysql/my.cnf
[23:01:02] <deface> max-connections			= 600
[23:01:04] <deface> 600 .. actually
[23:01:38] <cite> What does the sixth colum for smtp in master.cf say?
[23:01:51] <cite> The one that ends in "smtpd", not just "smtp"?
[23:01:59] <deface> http://rafb.net/p/euvWly18.html
[23:02:23] <deface> i dont have an smtpd
[23:02:24] <deface> lol
[23:02:30] <cite> deface: You are fine.
[23:02:54] <cite> deface: SImply replace those "mysql:" text with "proxy:mysql", issue a postfix reload and you are done.
[23:03:13] <deface> i have
[23:03:43] <cite> Ok. Then delete all those error messages from you Postmaster account (after making sure your mailq is empty) and wait for the problem to happen again.
[23:03:54] <deface> done and done
[23:04:11] <cite> Happy mailing, then ;-)
[23:05:46] <deface> fuckin mailscanner
[23:05:47] <deface> errrr
[23:06:03] <deface> http://rafb.net/p/KyNw7X40.html
[23:06:08] <deface> crock of shit init script
[23:06:24] <cite> Hrhr.
[23:10:50] <war9407> #
[23:10:50] <war9407>    reject_rbl_client list.dsbl.org
[23:10:50] <war9407> #
[23:10:50] <war9407>    reject_rbl_client sbl.spamhaus.org
[23:10:50] <war9407> #
[23:10:50] <war9407>    reject_rbl_client pbl.spamhaus.org
[23:11:03] <war9407> dsbl.org -> dead, why include sbl/pbl when you have zen that defines both?
[23:11:56] <deface> mine ?
[23:12:08] <deface> in case xen doesnt respond
[23:12:09] <cite> deface: Yes, war9407 is right, totally missed that.
[23:12:14] <deface> i thought about it
[23:12:22] <deface> i know its the same lists
[23:12:25] <cite> dsbl.org is dead
[23:12:33] <deface> ahh, didnt see that one
[23:13:06] <cite> Have you ever thought about using a policy daemon to _score_ hits on RBLs?
[23:13:15] <deface> nope
[23:13:39] <war9407> cite: www.policyd-weight.org
[23:13:42] <war9407> cite: it does just that
[23:13:55] <war9407> cite: if NUM_HITS > X; reject
[23:14:02] <war9407> cite: or hit_values > Y; reject
[23:14:04] <cite> polw      2496     1  0 Oct17 ?        00:00:01 policyd-weight (master)
[23:14:04] <cite> polw      2497  2496  0 Oct17 ?        00:00:01 policyd-weight (cache)
[23:14:04] <cite> polw      6398  2496  0 Oct17 ?        00:00:03 policyd-weight (child)
[23:14:09] <cite> war9407: I know ;-)
[23:14:34] <war9407> k
[23:15:07] <cite> I'm thinking about a switch to postfwd or policydv2 (if it will ever be finished), though, since policyd-weight developement has stopped since March.
[23:15:31] <war9407> postfwd is a bit terse in its config, there is also ppolicy, apolicy and ASSP
[23:15:34] <cite> I _have_ a working config for postfwd which does the scoring thing, but I don't have the checks (HELO/EHLO, MX and so on) yet.
[23:15:41] *** shinao1 has quit IRC
[23:15:42] <war9407> but I found love in geo-ip policy server
[23:16:01] <war9407> it uses the geo-ip database to do lookup on country and if its in a certain country you can do what you want with it
[23:16:13] <cite> I have heard about ASSP (nothing good, to be honest), but I don't know apolicy and ppolicy yet.
[23:16:50] <war9407> cite: was that your main.cf btw or deface's?
[23:16:55] <cite> Can't use geip here, unfortunately.
[23:16:55] <deface> mine
[23:17:14] <cite> Too many false positives. Internet made the world a small palce.
[23:17:21] <war9407> cite: here is mine currently
[23:17:24] <war9407> cite: http://rafb.net/p/dm4rJx85.html
[23:17:34] <war9407> cite: not what you think
[23:17:42] <war9407> cite: its been posted to postfix-users before
[23:17:45] <war9407> cite: the concept
[23:17:53] <war9407> cite: but nobody talksa bout it much :P
[23:18:15] <cite> You sure love smtpd_restriction_classes ;-)
[23:18:20] <war9407> oh hell yes
[23:18:28] <war9407> otherwise my restrictions would be 500 lines long
[23:18:42] <cite> :)
[23:20:07] <war9407> that is my goal as well- little to no false positives
[23:21:51] <cite> I'm still looking for a greylisting daemon.
[23:22:05] <war9407> cite: I use postgrey
[23:22:11] <cite> I mean, I'm using postgrey atm, but if you get too many entries, log cleanup takes a lot of time.
[23:22:11] <war9407> cite: Ive tried policyd/others
[23:22:17] <deface> sqlgrey here
[23:22:26] <war9407> you may want sqlgrey if your site is really busy I suppose
[23:22:43] <deface> only thing is the swig (php interface) .. needs to do page sorting
[23:22:52] <deface> i have to flush database to view it
[23:23:00] <war9407> cite: rhsbls are also very useful
[23:23:05] <deface> loading a 100k+ queries on a single page locks up most browsers
[23:23:10] <war9407> cite: and zen is probably #2 now with barracuda = #1
[23:23:13] <cite> I don't know. I mean, somehow, using SQL to store triplets is just... overkill.
[23:23:14] <war9407> deface: yeouch
[23:23:19] <war9407> cite: agree
[23:23:23] <deface> yes, major coding flaw
[23:23:27] <war9407> cite: I didnt want my mTA to be dependent on mysql
[23:23:32] <war9407> or postgres for that matter
[23:23:41] <war9407> cite: also use fail2ban
[23:23:44] <cite> I'm about to package Google gross and give it a try.
[23:24:06] <cite> Greylisting with blooming filters sounds interesting. And it can do replication.
[23:24:12] <war9407> eh..
[23:24:51] <war9407> wow, see
[23:24:52] <war9407> C
[23:24:53] <cite> war9407: I have Barracudas list in policyd-weight, but only with a very low weight until today.
[23:25:09] <war9407> cite: I see
[23:25:13] <war9407> cite: do you use SPF checks?
[23:25:18] <war9407> cite: do you use RHSBLs?
[23:25:48] <cite> SPF checks in SA, RHSBL checks as part of policyd-weight. URIDNSBLs as part of SA.
[23:25:58] <cite> Pretty common standard setup here.
[23:26:03] <war9407> I prefer to block all at MTA level when possible.
[23:26:12] <war9407> spam-assassin=>if it gets through
[23:26:23] <war9407> gross looks interesting
[23:26:54] <cite> war9407: We had some very bad results with rejecting based on SPF records at (E)SMTP time - and very little benefit.
[23:27:04] <war9407> cite: what SPF tool did you use?
[23:27:09] <cite> So I thought, "What the hell..."
[23:27:48] <war9407> cite: where did you read about gross?
[23:27:56] <cite> war9407: I'm not 100% sure, it was policy-spf IIRC.
[23:27:59] <war9407> cite: I search all the time for new policy servers etc never ran across this
[23:28:01] <cite> war9407: Don't remember.
[23:28:11] <war9407> cite: try policy-spf-perl, its the official one on www.openspf.org
[23:28:31] <deface> spf isnt really enforced
[23:28:32] <cite> It was not a technical problem.
[23:28:38] <war9407> oh
[23:28:46] <cite> More like... administrative fuckups at customers and so on.
[23:29:46] <cite> war9407: Ich you get around to test gross, drop me a mail with your impressions/experiences. cite at incertum dot net is the address.
[23:29:51] <cite> s/Ich/If/
[23:29:54] <deface> cite: .. so far so good, no shit messages, thanks
[23:30:01] <cite> deface: :)
[23:30:03] <war9407> deface: already trying it?
[23:30:09] <deface> war9407: spf?
[23:30:13] <war9407> deface: gross
[23:30:13] <deface> not really
[23:30:40] <deface> its still optional on alot of servers, not ready for mainstream
[23:31:10] <cite> Besides, the people adopting SPF (and DKIM, fwiw) most quickly are spammers :-P
[23:31:17] <war9407> true
[23:31:34] <war9407> but it helps when random chinese ips are spoofing domains with spf='-'
[23:31:38] <war9407> dosnt help with '~' obviously
[23:31:46] <war9407> you can change the script to reject those as well
[23:31:51] <war9407> but it blocks homedepot.com if you do that :P
[23:31:52] <war9407> for example
[23:31:55] <deface> i drop all chinese ip's in iptables
[23:31:56] <deface> lol
[23:31:58] <war9407> mis-configured etc
[23:31:59] <war9407> deface: nice
[23:32:13] <deface> yeah, i've got quite a hella include list for iptables
[23:32:25] <war9407> deface: you use fial2ban as welli assume?
[23:32:30] <deface> of course
[23:32:57] <cite> I once saw a server being hit by backscatter. fail2ban really didn't look too good there.
[23:33:11] <deface> did they have the filter enabled ?
[23:33:31] <deface> fail2ban can't really help w/ backscatter, it's not doing any look-ups
[23:33:38] <deface> simple auth failures
[23:33:45] *** Alanin_ has quit IRC
[23:33:50] <cite> If you are frequently running out of resources, you are doing something wrong, anyways, so fail2ban won't really help. If it only happens on rare occasions, Postfix comes with stress adaptive behaviour, so you won't need fail2ban.
[23:34:09] <cite> For the password part, simply enforce good passwords.
[23:34:15] * cite shrugs.
[23:34:35] <war9407> ?> I use fail2ban when a host is rejected by an rbl/rhsbl
[23:34:36] <cite> Guess fail2ban is just not "my thing".
[23:34:39] <war9407> then it can go to hell
[23:35:00] <deface> nice
[23:35:00] <war9407> or illegal syntax or too many errors
[23:35:15] <cite> What's the benefit?
[23:35:25] <war9407> the benefit is less load on the box
[23:35:32] <war9407> I have seen single ips continiously error crap in my logs
[23:35:36] <war9407> like 10-20 times in a row
[23:35:39] <war9407> if it blocks them via iptables
[23:35:41] <war9407> it stops it
[23:35:53] <war9407>  Connection (.*) exceeded: (.*)\[<HOST>\] / Illegal address syntax from (.*)\[<HOST>\/  non-SMTP command from (.*)\[<HOST>\] / too many errors after (.*)\[<HOST>\]
[23:35:53] <cite> So you get less log output. Sounds like overkill.
[23:36:09] <war9407> cite: less crap in logs, and it blocks the spammers via iptables
[23:36:11] *** TGM has quit IRC
[23:36:16] <war9407> cite: I like banning them in firewall
[23:36:18] <cite> Yeah, well.
[23:36:26] <deface> cite: one more ? - how do i fix masquerading .. i want all local mail sent out such as 'root' .. to be root at domain dot com
[23:36:30] <deface> its coming in @ root
[23:36:36] <deface> no domain attached
[23:36:42] <deface> i thought by default it used $myhostname
[23:37:01] <war9407> $myorigin is set to what?
[23:37:17] <deface> $mydomain
[23:37:25] <deface> $mydomain = zeus.fluxlabs.net
[23:37:55] <war9407> when you send email out as root to local users it shows as root only?
[23:38:11] <war9407> # echo test | mail -s subject localuser@domain ?
[23:39:02] <deface> yes, only root
[23:39:17] <war9407> you using virtual domains and stuff?
[23:39:22] <war9407> (im not)
[23:39:22] <deface> yup
[23:39:39] *** Alanin_ has joined #postfix
[23:40:07] <war9407> not sure have you read postfix postconf html manpage?
[23:40:18] <war9407> http://www.postfix.org/postconf.5.html
[23:40:25] <cite> deface: append_at_myorigin is set?
[23:40:39] <war9407> append_at_myorigin (default: yes)
[23:40:41] <deface> war9407: not the whole page.. lol only when i need to reference an arg
[23:41:09] <deface> ahh, had it set for no
[23:41:10] <deface> idk why
[23:41:18] <deface> now lets test
[23:41:39] <cite> I will start typing "Did you issue postfix reload" in advance ;-)
[23:41:44] <war9407> lol
[23:41:49] <deface> warning: do not list domain domain.com in BOTH virtual_mailbox_domains and relay_domains
[23:41:51] <deface> i hate that shit
[23:41:59] <cite> deface: I told you!
[23:42:06] <deface> if i do a query with virtual_mailbox & relay_domains
[23:42:11] <deface> they do not return the same shit
[23:42:18] <deface> both queries are different .. yet it gives me that
[23:42:27] <deface> i can't pull the domain on both queries. . how can it
[23:42:48] <deface> fixed the append issue
[23:43:06] <deface> i get that error on every domain i relay through the server on transport
[23:43:14] <cite> deface: Show output of postconf relay_domains virtual_mailbox_domains and show associated maps (obfuscate username/passwords for database maps)
[23:43:51] <cite> deface: And while you are at it, show an example entry from your transport_maps, too ;-)
[23:45:41] <deface> http://rafb.net/p/C0l6YW22.html
[23:46:00] *** growltiger has joined #postfix
[23:46:22] <deface> the mysql queries are different, i can't pull domain.com on both if it's not relay'd
[23:46:35] <deface> relay_domains needs a list
[23:46:48] <cite> deface: Your query in relay_domains is missing an: AND domain = '%s'
[23:46:56] <deface> no, i removed that part
[23:47:12] <deface> i geuss i could put it back
[23:47:24] <cite> Can we see the virtual_mailbox_domains query, too?
[23:47:30] <deface> its there
[23:47:45] <cite> Nope. virtual_mailbox_maps.cf:query
[23:47:48] <cite> Not domains.
[23:48:04] <deface> i had originally (before realizing postfixadmin could manage relay/transport) .. modified the query to enable/disable a transport by using the backup-mx checkbox
[23:48:15] <cite> Oh my.
[23:48:21] <deface> query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
[23:48:25] <deface> that make sense?
[23:48:28] <deface> u understand what i did ..
[23:48:43] <cite> Thats still virtual_MAILBOX_maps, not virtual_mailbox_DOMAINS...
[23:48:50] <deface> err
[23:49:06] <deface> query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
[23:49:15] <cite> You see?
[23:49:21] <deface> query = SELECT domain FROM domain WHERE backupmx = '1' AND active = '1'
[23:49:29] <deface> yeah, still not the same query
[23:49:30] <deface> lol
[23:49:34] <cite> query = SELECT domain FROM domain WHERE backupmx = '1' AND active = '1' AND domain = '%s'
[23:50:01] <cite> That's because the query as you have it in relay_domains.cf will ALWAYS return a value.
[23:50:10] <deface> query = SELECT domain FROM domain WHERE backupmx = '1' AND active = '1'
[23:50:10] <deface> query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
[23:50:25] <cite> Don't you see?
[23:50:28] <deface> correct, but not a matching query
[23:50:34] <cite> Ha!
[23:50:37] <cite> I got you!
[23:50:41] <cite> You didn't read the manual!
[23:50:44] * cite dances.
[23:50:46] *** MrY has quit IRC
[23:51:31] <cite> If you are using an indexed map type as a bianry list (and that's exactly what you do at relay_domains / virtual_mailbox_domains), postfix will IGNORE the lookup result.
[23:51:35] <deface> query = SELECT domain FROM domain AND domain = '%s' WHERE backupmx = '1' AND active = '1'
[23:51:38] <deface> so u want that for relay ?
[23:51:40] <cite> The only thing that matters is IF there is any result at all.
[23:51:49] <deface> the same as virtual_domain_maps
[23:52:17] <cite> The same, but backupmx is "1" here.
[23:54:58] <cite> Completely off-topic: I need to learn ruby on rails within seven days. I don't "speak" ruby, let alone "ruby on rails". Any suggestions on where to start?
[23:56:17] <deface> cite: now im getting relay denied for the domains i was relaying for
[23:56:31] <deface> im just using this box as a spam/virus filter, then forwarding it to my clients actual email servers
[23:57:18] <cite> Then the data in your database are not correct.
[23:57:23] <cite> Ok, just revert that change then.
[23:57:57] <deface> then i'll get the error again
[23:58:02] <cite> I'm going to bed now, and knowing I screwed your mail setup would getting sleep very hard.
[23:58:11] <deface> ha
[23:58:18] <deface> thats it, fuck me up then go to bed
[23:58:20] <deface> ;)
[23:58:23] <cite> ;-)
[23:58:38] <cite> Seriously, if my change doesn't work, ignore it.
[23:59:43] <deface> no, your change is right, but i guess im just mis-interpreting what relay is





top