[00:00:52] *** Knoedel2 has quit IRC
[00:01:26] *** chadmaynard has quit IRC
[00:02:09] *** dan__t has quit IRC
[00:05:23] *** Fallenou has quit IRC
[00:05:52] *** deftunix has quit IRC
[00:14:28] *** buc0vat has quit IRC
[00:15:27] *** Juspion has joined #postfix
[00:21:56] <tonyyarusso> Gah.  I can't even get postfix to deliver mail to another local user.  Could someone point me in the right direction for that?
[00:25:01] <jordancason> ok so at some point i will set up my own authoritative server but for now how does it work if I have no-ip host my mx record and how do i know what to put in the mx record field at no-ip
[00:26:54] *** avri210984 has quit IRC
[00:27:00] *** avri210984 has joined #postfix
[00:27:54] *** Thorn has quit IRC
[00:28:53] *** Pazzo has quit IRC
[00:30:32] *** Thorn has joined #postfix
[00:30:48] <growltiger_> you dont know the ip address of your mail server?
[00:31:11] <growltiger_> and you did not setup an A record for it?
[00:31:16] <vice-versa> jordancason: from what I can see, you're missing an A record for mail.ttmy.servebeer.com
[00:31:26] <growltiger_> you need to know how to do these things if you want to run a mail server
[00:38:34] <tonyyarusso> Is 'sendmail -bv user@domain' still a valid command?  It doesn't seem to actually send to the recipient - only the sender.
[00:45:02] <bahadunn> I setup a postfix smtp client sasl but I get relay access denied on the postfix client machine and the postfix server
[00:45:05] <bahadunn> any ideas?
[00:47:15] <jordancason> So how it works is I set up an mx record on my DNS server to point to the mx record on no-ip
[01:03:39] <rob0> !relay_denied
[01:03:40] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[01:13:05] *** Juspion has quit IRC
[01:13:32] *** greenchicken has joined #postfix
[01:14:01] *** avri210984 has quit IRC
[01:14:11] *** dragonheart has quit IRC
[01:35:10] *** web_knows has joined #postfix
[01:37:03] *** internat1 has quit IRC
[01:37:13] *** Internat has joined #postfix
[01:38:52] <jordancason> so my mail server is ttmy.servebeer.com so when i go to no-ip.com and they ask for the name of my external mail exchangers (mx records) as hostnames are thay asking for ttmy.servebeer.com ?????
[01:41:32] *** stainer has joined #postfix
[01:41:56] <jordancason> ya i think thats right please tell me if I'm not understanding this correctly
[01:57:17] <rob0> ttmy.servebeer.com.     60      IN      A       75.60.184.30
[01:57:37] *** githogori has quit IRC
[02:00:17] <jordancason> when I do :~$ dig mx ttmy.servebeer.com i get this now that i tryed to set up the mx at no-ip "ttmy.servebeer.com.	60	IN	MX	5 ttmy.servebeer.com."
[02:00:29] <jordancason> ttmy.servebeer.com.	60	IN	MX	5 ttmy.servebeer.com.
[02:01:04] *** snadge has joined #postfix
[02:01:09] <jordancason> ttmy.servebeer.com.	          60           IN            MX          5         ttmy.servebeer.com.
[02:01:30] <rob0> you set ttmy.servebeer.com. as MX for ttmy.servebeer.com. ?
[02:02:19] <jordancason> lol hey im confessed here im tring what is the right way to set it up
[02:02:33] <snadge> i have some instructions for setting up mail piping for a ticketing system, that is specific to postfix.. however, it tells you to edit the "aliases" file.. for whatever reason, all our "aliases" are set up in a file called "virtual" and its a different format
[02:02:42] *** Thorn has quit IRC
[02:02:59] <snadge> incredibly novice question, but maybe someone can point me in the right direction
[02:04:53] <snadge> perhaps what im asking is.. what is the difference between aliases and virtual? .. they both map email addresses or users to other email addresses
[02:05:32] <snadge> and can piping be set up with virtual addresses? if so what is the syntax for doing that
[02:05:51] *** poptix has joined #postfix
[02:06:33] <poptix> I can't seem to locate the backoff interval that decided how long a host stays in 'delivery temporarily suspended' mode
[02:06:37] <poptix> any ideas?
[02:07:15] <poptix> gmail.com stopped resolving for about 15-20 minutes this morning, postfix went from 'can't find mx' to 'delivery temporarily suspended' and stayed that way.. all day
[02:12:53] <tonyyarusso> What's something simple I can use to try sending a message out from a server?
[02:14:45] *** suprsonic has joined #postfix
[02:16:22] <growltiger_> virtual lets you send mail to users and domains that are not local
[02:16:45] *** pirho has quit IRC
[02:18:16] *** poptix has left #postfix
[02:19:27] <suprsonic> if I were to create a check_recipient_access rule, is there a keyword that addresses everything else that wasn't matched?
[02:21:58] <snadge> growltiger_: that would make sense.. can virtual addresses also be piped?
[02:22:14] <snadge> as well as delivered to whatever its currently deliveredt o
[02:24:31] *** ming_zym has joined #postfix
[02:24:51] *** pitakill has joined #postfix
[02:29:47] <snadge> it looks like the answer is no ;) according to the documentation im being forced to consult :P
[02:33:19] <snadge> i have to redirect it to a local account which can then pipe it to where it needs to go
[02:34:22] <suprsonic> anyone?
[02:38:00] <snadge> wish i knew
[02:38:12] <snadge> seems theres more questions than there are answers.. i ended up looking up the documentation ;)
[02:40:40] *** Motoko-chan has joined #postfix
[02:40:53] <suprsonic> is it possible to use a wildcard *?
[02:41:27] *** AwayML is now known as AndyML
[02:43:37] *** VaNNi has quit IRC
[02:44:52] *** VaNNi has joined #postfix
[02:46:03] *** thumbs has joined #postfix
[02:50:20] *** pickcoder has joined #postfix
[03:14:45] *** suprsonic has quit IRC
[03:22:25] *** BuenGenio has joined #postfix
[03:23:32] <jordancason> any one here willing to help me out over a skipe video chat : )
[03:25:43] <tonyyarusso> All right, I feel like we're getting close, but are now encountering http://mail.google.com/support/bin/answer.py?answer=10336
[03:26:07] *** BuenGenio_ has quit IRC
[03:27:55] *** BuenGenio_ has joined #postfix
[03:31:51] *** Southron has joined #Postfix
[03:34:37] *** jdv79 has left #postfix
[03:34:45] *** VaNNi has quit IRC
[03:38:14] *** VaNNi has joined #postfix
[03:44:46] *** AndyML is now known as AwayML
[03:45:49] *** BuenGenio has quit IRC
[03:46:06] *** growltiger has joined #postfix
[04:01:09] *** growltiger_ has quit IRC
[04:03:31] *** githogori has joined #postfix
[04:04:18] *** chadmaynard has joined #postfix
[04:14:24] *** cdavis has quit IRC
[04:22:55] *** mavrick61 has quit IRC
[04:24:03] *** mavrick61 has joined #postfix
[04:28:23] <jordancason> I called my ISP and every thing is set ok for me to set up a mail server im just having some problems i would really appreciate if some one would take the time and help me through this
[04:30:43] <growltiger> your mailhost is not listening on port 25 or something is blocking it, or it's behind a nat router
[04:30:44] *** AwayML is now known as AndyML
[04:31:03] <growltiger> [mjd@localhost ~]$ telnet 75.60.184.30 25
[04:31:03] <growltiger> Trying 75.60.184.30...
[04:31:09] <growltiger> never connects
[04:43:20] <growltiger> sona, if this machine is behind a router and has a 192.168 type of address, you need to forward port 25 on the router to go to the internal machine ip address
[04:43:48] <jordancason> hmmm yes it is but i have it DMZed right now
[04:44:10] <growltiger> on the machine itself try telnet localhost 25
[04:45:37] <jordancason> telnet ttmy.servebeer.com 25
[04:45:38] <jordancason> Trying 75.60.184.30...
[04:45:38] <jordancason> Connected to ttmy.servebeer.com.
[04:45:38] <jordancason> Escape character is '^]'.
[04:45:38] <jordancason> 220 ttmy.servebeer.com ESMTP Postfix (Ubuntu)
[04:45:57] <growltiger> then your isp is probably blocking it
[04:46:01] <thumbs> jordancason: so it's a routing/firewall issue.
[04:46:03] <jordancason> ya its up
[04:46:15] <growltiger> the tech support drones probably just wanted to get you off the phone
[04:46:29] <jordancason> no for that telnet i sshed to my server at home and telneted back
[04:46:33] <growltiger> try doing portforward instead of dmz
[04:46:45] <jordancason> ok i will do
[04:47:07] <growltiger> yeah, but they didnt have 23 blocked, and why are you running telnetd anyways?
[04:47:45] <jordancason> to port 25
[04:47:49] <jordancason> not 23
[04:49:06] <jordancason> i called the tech support and the guy seemd like he new what he was talking about
[04:49:37] <jordancason> sed that they were not blocking 25
[04:50:05] <growltiger> you are using the same ip address of the mailserver, so you are in the same network
[04:50:22] <jordancason> no hold on let me explain
[04:50:23] <growltiger> i cannot telnet to it on port 25 from my connection
[04:51:10] <growltiger> hmm, i can from my colo server
[04:51:57] *** Haris________ is now known as Haris_
[04:52:04] <jordancason> ok im at my apartment i have my server set up here and i also have a server set up at home like 40 min from here i sshed to the server at home and talented back to the one here on port 25 and it did connect
[04:52:50] <growltiger> i sent a test message to root
[04:52:53] <growltiger> hope you get it
[04:52:56] <growltiger> 250 2.0.0 Ok: queued as 981B81BA4B3
[04:53:27] <jordancason> all right ill take a look
[04:53:29] <jordancason> thanks
[04:54:53] <growltiger> seems my isp is blocking outbound port 25
[04:55:05] <growltiger> i cant telnet to port 25 on my colo server
[04:55:10] <jordancason> lol i c
[04:55:41] <thumbs> jordancason: did you lose the e key on your keyboard?
[04:57:07] <jordancason> i can let you ssh to my server to take a look around im going to reinstall the os in a bit any way fresh start
[04:57:32] <thumbs> why would we want to ssh to your server?
[04:57:39] <growltiger> there is nothing there for me to see that i have not seen before
[04:57:59] <growltiger> and never never give ppl from IRC access to your server, ever
[04:59:03] <jordancason> dident think it would matter im goint to re-install it to night
[04:59:10] <growltiger> thumbs, you are supposed to be in #apache
[04:59:38] <thumbs> growltiger: am I?
[05:00:25] <jordancason> so is my mx set up right
[05:00:53] <jordancason> MX record
[05:00:54] <thumbs> jordancason: what's your domain name?
[05:00:56] <growltiger> well it's setup
[05:01:30] <growltiger> technically you can use just a hostname for mx, but it's better to dedicate a hostname for it
[05:01:45] <jordancason> ttmy.servebeer.com
[05:01:58] <growltiger> like make an A record for mail.ttmy.servebeer.com
[05:02:04] <growltiger> then point your mx to that
[05:02:20] <jordancason> ya thats were i think im stuck
[05:02:43] *** AndyML is now known as AwayML
[05:03:13] <jordancason> how do i set up an a record
[05:03:38] *** bhagat has joined #postfix
[05:03:41] *** kk_CHN has joined #postfix
[05:03:52] <jordancason> ive ben doing resarch for the last 2 days on MX and A records but i still do quite get it
[05:04:03] <tonyyarusso> growltiger: Would you mind looking at the various DNS records for flamtap.com and seeing if you can figure out why we're being greylisted by providers and not being allowed to send stuff to their users?  I suspect something with the SPF/PTR stuff, but don't really understand it and we're about to pull our hair out..
[05:04:18] *** kk_CHN has quit IRC
[05:04:43] *** pickcoder has quit IRC
[05:05:01] <growltiger> inyour zone file put mail.ttmy.servebeer.com. <tab> IN <tab> A 75.60.184.30
[05:06:09] <growltiger> on another line put ttmy.servebeer.com. <tab> IN <tab> MX 10 mail.tty.servebeer.com
[05:06:14] <growltiger> then restart bind
[05:06:24] <tonyyarusso> http://archives.neohapsis.com/archives/postfix/2008-10/1241.html describes our problem a bit more thoroughly.
[05:07:03] <growltiger> you cant setup ptr unless you have been delagated auth of the ip address you are using
[05:07:05] <jordancason> all right thank you growltiger one more thing were is the zone file located
[05:07:12] <growltiger> try /var/named
[05:07:58] <growltiger> your /etc/named.conf file will tell you where they are
[05:08:12] <tonyyarusso> growltiger: Oh.  We own the domain name, but obviously not the IP.  Is there some other workaround for this sort of thing?
[05:08:39] <growltiger> you will need to have whoever is in charge of your ip address space set it up, there is no way around this
[05:09:18] <tonyyarusso> All right, well obviously Comcast isn't going to be keen on that.  Would sending it through some other service be a possibility?
[05:09:28] <growltiger> sbcglobal does it
[05:09:46] <growltiger> if you have dedicated ip address
[05:09:47] <tonyyarusso> For home users with dynamic IPs?
[05:09:50] <tonyyarusso> gotcha
[05:09:59] <growltiger> dynamic = big fat NO
[05:10:30] <growltiger> get a linode or something
[05:11:06] <tonyyarusso> Okay, here's an even crazier thing:  We somehow managed to get ONE message to send properly, but didn't see it until a while later and don't know what config did that.  Just a fluke?
[05:11:29] <growltiger> the server you were sending to was not as anal as the others
[05:11:32] <tonyyarusso> It would make more sense for us to get a Comcast Business connection than a linode - the whole point here is we're setting up a brand new $1600 server :)
[05:12:33] *** bhagat_ has joined #postfix
[05:12:50] *** bhagat_ has quit IRC
[05:13:23] <growltiger> yes, you are going to have to get static ip addresses and delegation if you plan on running a mail server that will actually send business mail
[05:14:08] <growltiger> thank spammers for this, but in reality it's better for the Internet in general
[05:18:15] <tonyyarusso> Okay, one more clarification:  How is sending stuff from this server different from when I send things from my PC through Thunderbird or whatever?  Both should just be using some provider's SMTP server, and I know I can send from my Google account through TB just fine, so why not with Postfix?
[05:18:50] <growltiger> when you send from tb, you are using your isp's smtp server
[05:19:13] <growltiger> and when you send using google, you are using googles smtp server
[05:19:47] <growltiger> those server have dedicated ips, are not home connections, and generally are setup for being mail servers
[05:20:12] <tonyyarusso> We can use Google's directly too.  For instance, I'm looking right now at an Outlook configuration that has the Outgoing mail server as mail.our-google-apps-domain.com
[05:20:22] <growltiger> right
[05:20:38] <tonyyarusso> Okay, so I want to use Google's SMTP server, in the same way.
[05:20:44] <growltiger> you can probably use that as a smarthost for your postfix server for the time being
[05:21:18] <tonyyarusso> smarthost eh?
[05:21:28] <growltiger> in your postfix.conf use: relayhost = mail.yourgoogleappthing-domain.com
[05:21:38] <growltiger> main.cf
[05:21:47] <tonyyarusso> anything else to do, or just that pretty much?
[05:22:11] <growltiger> !relayhost
[05:22:12] <knoba> growltiger: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.
[05:22:38] <growltiger> tias
[05:22:45] <growltiger> try it and see
[05:22:58] <thumbs> !tias
[05:22:59] <knoba> thumbs: "tias" : Try It And See
[05:23:12] <tonyyarusso> Ah, so I have to BOTH specify relayhost AND get rid of the transport table entry.  Trying.
[05:23:16] <growltiger> i keep thinking the fajita is in here
[05:23:55] <growltiger> you dont HAVE to get rid of transport, depends on what you have in there of course
[05:29:23] *** chadmaynard has quit IRC
[05:29:30] *** goldfischli has joined #postfix
[05:29:58] *** chadmaynard has joined #postfix
[05:30:51] <tonyyarusso> growltiger: Okay, I'm getting a different error at least now - "Authentication required" (I thought we were doing that...)
[05:31:00] <growltiger> !saslclient
[05:31:00] <knoba> growltiger: "saslclient" : See http://www.postfix.org/SASL_README.html#client_sasl when you need client-side SASL authentication to deliver mail to another server
[05:31:27] <growltiger> your outhouse express does it, your postfix server is not
[05:31:43] <growltiger> it should be
[05:31:51] <tonyyarusso> "outhouse express"?
[05:32:24] <growltiger> M$ OutHouse part of M$ Oriface
[05:36:02] <growltiger> just setup according to that saslclient readme and you will be good to go for the time being
[05:37:06] <growltiger> googles apps help probably has an article on this as well
[05:39:35] <tonyyarusso> growltiger: You're our favorite person of the day!
[05:39:51] <growltiger> i rule
[05:40:05] <tonyyarusso> No doubt.
[05:41:18] *** goldfisc1li has quit IRC
[05:41:38] *** jmazaredo has joined #postfix
[05:41:50] <tonyyarusso> growltiger: Matt wants to know if you have one of those "buy me a beer" paypalish-type accounts.
[05:42:22] <growltiger> Nockian, those are lame
[05:42:32] <growltiger> i mean. no, those are lame
[05:42:46] <growltiger> buy me a beer, buy me a latte, blah blah
[05:42:55] <tonyyarusso> Suit yourself.
[05:43:28] <growltiger> only bloggers have those
[05:52:14] <growltiger> note: this is not a replacement for running a real mail server, you should get that business connection with dedicated ips eventually, this is just a workaround
[05:59:52] *** razym has quit IRC
[06:04:19] *** saurabhb has joined #postfix
[06:07:30] *** BuenGenio_ has quit IRC
[06:10:41] *** tonyyarusso has quit IRC
[06:11:56] *** chadmaynard has quit IRC
[06:11:56] *** bhagat has quit IRC
[06:11:56] *** githogori has quit IRC
[06:11:56] *** Zeit|awy has quit IRC
[06:13:30] *** chadmaynard has joined #postfix
[06:13:30] *** bhagat has joined #postfix
[06:13:30] *** githogori has joined #postfix
[06:13:30] *** Zeit|awy has joined #postfix
[06:21:02] *** growltiger_ has joined #postfix
[06:27:53] *** naoto_gohko has quit IRC
[06:32:41] *** saurabhb has quit IRC
[06:35:30] *** growltiger has quit IRC
[06:38:56] *** naoto_gohko has joined #postfix
[06:40:36] *** chadmaynard has quit IRC
[06:40:36] *** bhagat has quit IRC
[06:40:36] *** githogori has quit IRC
[06:40:36] *** Zeit|awy has quit IRC
[06:41:05] *** chadmaynard has joined #postfix
[06:41:05] *** bhagat has joined #postfix
[06:41:05] *** githogori has joined #postfix
[06:41:05] *** Zeit|awy has joined #postfix
[06:48:11] *** bhagat has quit IRC
[06:48:11] *** githogori has quit IRC
[06:48:11] *** Zeit|awy has quit IRC
[06:48:11] *** chadmaynard has quit IRC
[06:48:32] *** chadmaynard has joined #postfix
[06:48:32] *** bhagat has joined #postfix
[06:48:32] *** githogori has joined #postfix
[06:48:32] *** Zeit|awy has joined #postfix
[06:50:00] *** niki has quit IRC
[06:51:44] *** chadmaynard has quit IRC
[07:01:46] *** chadmaynard has joined #postfix
[07:12:41] *** snadge has left #postfix
[07:15:20] *** bhagat has quit IRC
[07:44:41] *** growltiger has joined #postfix
[07:46:42] *** Kako has quit IRC
[07:48:14] *** growltiger_ has quit IRC
[07:53:41] *** Southron has quit IRC
[07:59:28] *** |_Knoedel_| has joined #postfix
[08:13:35] *** Motoko-chan has quit IRC
[08:18:00] *** wei has joined #postfix
[08:21:43] *** growltiger_ has joined #postfix
[08:22:16] <wei> hi all, when telneting localhost 25.. ive found these in maillog:
[08:23:13] <deface> !pastebin
[08:23:14] <knoba> deface: "pastebin" : a way to paste larger amounts of text so that other people can read it. Try http://www.rafb.net/paste/ or http://paste.debian.net/ - Do not forget to tell us the URL where you pasted it.
[08:23:27] <wei> system using postfix 2.5.5, cyrus sasl2, courier+imap
[08:23:31] <wei> deface: aye
[08:24:02] *** m0niker has joined #postfix
[08:26:47] <deface> what do you have for your authmodules in authdaemonrc ?
[08:27:00] <deface> what distro
[08:29:27] *** sophokles has joined #postfix
[08:31:20] *** pitakill has quit IRC
[08:32:38] <idle-boy> hello, i wanna control the number of how much email are going to specifice server, maybe by pausing sending for amount of time, any "configuration word" to search about that help me?
[08:33:33] *** chadmaynard has quit IRC
[08:34:09] *** Severed_Head_Of_ has joined #postfix
[08:34:10] <deface> the time to retry a send, or how often it sends ?
[08:34:32] <idle-boy> yes deface
[08:34:56] <deface> that was a question, not a choice
[08:35:06] <idle-boy> deface, :)
[08:35:29] <Severed_Head_Of_> did you compile this?
[08:35:44] *** Severed_Head_Of_ is now known as growltiger__
[08:36:15] <wei> deface: i try to re-logging daemons from they start from beginning.. pls wait, thanks.. im using centOS x86_64, each install from source.. authdaemonrc using: authmysql authpam
[08:36:25] <growltiger__> 2.5.5 is too new to be ina distro
[08:36:37] <growltiger__> you didnt compile with cyrus sasl
[08:36:53] *** growltiger has quit IRC
[08:36:55] <growltiger__> funny, cause i just compiled 2.5.5 today on centos
[08:38:24] *** sophokles1 has joined #postfix
[08:41:20] *** growltiger has joined #postfix
[08:41:33] *** weedar has joined #postfix
[08:41:38] *** leonidas_ has joined #postfix
[08:41:50] <wei> growltiger_: compile n install succeed too.. but well, theres something havent figure out
[08:43:13] *** Severed_Head_Of_ has joined #postfix
[08:43:35] *** growltiger has quit IRC
[08:46:15] *** growltiger has joined #postfix
[08:48:00] *** growltiger_ has quit IRC
[08:50:19] <growltiger> anyways, idle-boy you have to build with cyrus support look at SASL_README in the README_FILES dir in src
[08:54:10] *** sophokles has quit IRC
[08:54:12] <wei> deface: growltiger__ : and all.. http://paste.debian.net/20296/
[08:55:57] <growltiger> most of that means nothing, what is important is: warning: unsupported SASL server implementation: cyrus
[08:56:13] <growltiger> that means postfix was compiled without cyrus support
[08:56:23] <growltiger> you are going to have to recompile
[08:56:43] <growltiger> or, use your package manager and install a preconfigured postfix
[08:57:01] <idle-boy> growltiger, cyrus support is relate to the number of out going mails to a specfic server/IP ?
[08:57:25] <growltiger> Nockian, it is what is causing the errors
[08:57:48] *** war9407 has joined #postfix
[08:58:08] *** growltiger__ has quit IRC
[08:58:47] <growltiger> that, or take out permit_sasl_authenticated
[09:00:22] <growltiger> you cant support sasl auth because you didnt compile it in, so you might as well remove that line
[09:00:34] <growltiger> then restart postfix and it should work
[09:01:01] <wei> thank you, growltiger.. noticed, but have tried recompile both postfix n cyrus sasl wont do any good
[09:01:44] *** internat1 has joined #postfix
[09:01:45] *** Internat has quit IRC
[09:01:50] <growltiger> if you are compiling cyrus too, the paths will probably be different than what is specified in SASL_README
[09:02:09] <deface> wei: libauthpam.so: cannot open shared object file: No such file or directory
[09:02:17] <wei> some article found that maybe better install the centos postfix rpm n re-install it from source
[09:02:39] <growltiger> then centos rpm is only 2.3.4 or something
[09:02:57] <growltiger> what article would say that?
[09:03:11] *** Severed_Head_Of_ has quit IRC
[09:03:18] <growltiger> you need to remove the postfix rpm before you install from source
[09:13:11] *** blackflag has joined #postfix
[09:20:08] *** wei has left #postfix
[09:20:53] *** wei has joined #postfix
[09:23:08] *** greenchicken has quit IRC
[09:23:25] *** dragonheart has joined #postfix
[09:27:46] *** m0niker has quit IRC
[09:30:45] *** Tykling has joined #postfix
[09:30:51] *** Kako has joined #postfix
[09:39:27] *** bhagat has joined #postfix
[09:53:19] *** deftunix has joined #postfix
[10:03:30] <wei> has been recompile both postfix n cyrus sasl, but maillog still warning: unsupported SASL server implementation: cyrus , maybe i miss some config when compiling, will continue after break ) , deface: growltiger: *THANK* really relieving and helping..
[10:04:30] <wei> deface: authpam has removed
[10:04:53] *** weedar has quit IRC
[10:05:02] <wei> growltiger: should try install cyrus-sasl .rpm from centOS?
[10:05:03] *** weedar has joined #postfix
[10:09:16] *** seekwill has quit IRC
[10:09:56] *** seekwill has joined #postfix
[10:12:04] *** strummula has joined #postfix
[10:12:20] <growltiger> what does postconf -a say?
[10:12:49] <growltiger> maybe it would be better to uninstall your compiled cyrus and use the rpm
[10:16:45] *** ming_zym has quit IRC
[10:20:24] <wei> ok
[10:20:28] <wei> btw, http://paste.debian.net/20297
[10:20:59] *** xpoint has joined #postfix
[10:21:00] <wei> for postconf result, and configs when compiling both
[10:21:24] <stockholm> does anyone have success and experience sending mail to hotmail?
[10:21:34] <stockholm> i read blogs about people failing.
[10:21:49] <stockholm> and hotmail blackholing domains and ips
[10:25:37] <growltiger> postconf -a should only give you 1 word, not a bid slew of stuff like that
[10:27:41] *** denis_ has joined #postfix
[10:28:59] *** Edward123 has joined #postfix
[10:29:08] *** Edward123 has left #postfix
[10:29:34] <wei> dovecot .. ??
[10:29:39] <Zeit|awy> hmm.. scrolling through my stats I wonder if there are any hosts outside _not_ infected with a spambot..
[10:30:27] <growltiger> you have dovecot sasl support compiled in, not cyrus
[10:32:24] <growltiger> you probably have installed a compiled postfix over the rpm install of postfix and made a big mess of things
[10:34:46] <growltiger> your init script is probably pointing to the leftover rpm binary of postfix
[10:35:06] <wei> in this new try, i'm not reinstalling the postfix rpm.. install clean from source
[10:35:06] <wei> quite wierd, i'm not installing dovecot, no rpm of it too..??
[10:36:02] <growltiger> you had postfix installed via rpm before, correct?
[10:36:11] <wei> yes
[10:36:25] <wei> left behind thou..? okay
[10:36:32] <growltiger> you did not yum erase postfix before you compiled and installed the new postfix
[10:36:53] <wei> correct, not yum erase
[10:37:09] <growltiger> your init script is probably pointing to the old rpm binary of postfix
[10:37:23] <wei> agree, will check )
[10:37:24] <growltiger> you should have uninstalled the rpm first
[10:38:29] *** gutocarvalho has joined #postfix
[10:43:33] *** F6F has joined #postfix
[10:43:54] <wei> oya, postfix rpm has uninstalled on first run was
[10:45:06] *** F6F has quit IRC
[10:47:43] *** pirho has joined #postfix
[10:52:13] *** leonidas_ has quit IRC
[10:53:09] *** madrescher has joined #postfix
[11:12:49] <cite> stockholm: I registered with there Sender ID service about 12 months ago. 9 months ago, suddenly, all my mails to hotmail were going through.
[11:13:05] <cite> I never heard anything back from them, though.
[11:13:27] *** BuenGenio has joined #postfix
[11:15:03] <stockholm> "suddenly"? cool
[11:16:29] <cite> But delivering to live.com/hotmail/msn is a real PITA, almost as worse as getting mails to through to yahoo.
[11:16:41] *** _Driver_ has quit IRC
[11:17:01] <cite> I had to slow down delivery to them several times.
[11:17:10] *** _Driver_ has joined #postfix
[11:19:55] *** CrazyFoam has quit IRC
[11:20:44] *** x-spec-t has joined #postfix
[11:21:55] *** CrazyFoam has joined #postfix
[11:23:35] *** Spec has quit IRC
[11:25:37] *** Tykling has left #postfix
[11:31:40] <wei> finally i try install both cyrus sasl 2.1.22 n postfix 2.3.3 rpm.. combine with previous courier authlib n imap..  quick try telnet 110, 143, 25 doing fine.. gotta continue after to make sure.. see ya all soon, thank you
[11:32:22] *** wei has left #postfix
[11:35:38] *** jense has quit IRC
[11:37:27] *** jense has joined #postfix
[11:41:31] *** Tykling has joined #postfix
[11:42:19] *** deftunix has quit IRC
[11:48:02] *** cpm has joined #postfix
[12:04:29] *** pirho has quit IRC
[12:05:27] *** alienbrain has joined #postfix
[12:07:43] *** pirho has joined #postfix
[12:12:10] *** jwit_ has joined #postfix
[12:12:29] *** jense has quit IRC
[12:12:57] *** jense has joined #postfix
[12:14:43] *** jwit has quit IRC
[12:16:47] *** Juspion has joined #postfix
[12:31:36] *** jordancason has quit IRC
[12:36:28] *** Juspion has quit IRC
[13:08:26] *** jordancason has joined #postfix
[13:18:01] *** _Driver_ has quit IRC
[13:28:13] *** BuenGenio has quit IRC
[13:32:39] *** daryl__ has joined #postfix
[13:35:35] *** znag has joined #postfix
[13:37:59] *** jonez has quit IRC
[13:38:01] *** xnixan_ has joined #postfix
[13:39:13] *** jonez has joined #postfix
[13:39:32] *** xnixan has quit IRC
[13:52:28] *** postfix has joined #postfix
[13:52:41] *** postfix has left #postfix
[13:57:36] *** muecke77 has joined #postfix
[14:03:25] <quentusrex> Hello all. Would the directive 'virtual_mailbox_limit" in the file /etc/postfix/main.cf work for all mail boxes globally or would it work for each individual mailboxes as defined in the mysql database?
[14:04:41] *** bhagat has quit IRC
[14:08:56] *** moggie2 has joined #postfix
[14:11:03] *** muecke77 has quit IRC
[14:13:27] <moggie2> afternoon, i'm trying to setup canonical address mapping to modify the sender address of all mail for me. i've created a sender_canonical_maps file and stuck the domain names i want to re-write and it sets the Retrun-Path of the emails properly
[14:13:45] <moggie2> but in the 'From' field, they still appear to be sent by the original domain, not the one i wish to re-write to
[14:14:09] *** BuenGenio has joined #postfix
[14:14:38] <moggie2> have i missed something or is canonical mapping not able to do this
[14:22:03] *** Tykling has left #postfix
[14:22:55] *** Snoopotic has joined #postfix
[14:26:15] *** Tykling has joined #postfix
[14:28:25] *** rafajsp has joined #postfix
[14:29:00] *** rafajsp has quit IRC
[14:30:38] *** Tykling has left #postfix
[14:39:07] *** daryl__ has quit IRC
[14:44:11] *** Tykling has joined #postfix
[14:44:18] *** resmo has joined #postfix
[14:44:20] <resmo> hi
[14:46:06] <resmo> i do greylisting and a spf check smtpd_recipient_restrictions, but i would like to only greylist if not spf, how can i do that?
[14:59:49] *** riz_ has joined #postfix
[15:01:33] *** vivia has joined #postfix
[15:01:45] <riz_> Hello. Lately I've receive a lot of spam with "Re: <something>" in the subject. Could someone have a suggest for solving this problem? I'm using postgrey also.
[15:02:44] <vivia> Hello... I'd like a solution quickly. Spammers are using the address of one of the users of my system to send their messages so I'm getting like 20-30 emails per second from mailer-daemon to that specific user. How can I filter these out? Probably using header_ckecks ?
[15:03:09] <vivia> I tried googling but every second is crucial, since the server is being overloaded and I'm manually emptying the queue every few seconds
[15:05:41] <moggie2> overloaded?
[15:06:15] <vivia> the queue gets incoming mails faster than it can process them
[15:06:27] <vivia> it
[15:06:40] <vivia> 's my old pc converted to a server which also runs spamassassin :0
[15:06:42] <moggie2> faster than postix can process them?
[15:06:51] <vivia> postfix + spamassassin, yeah
[15:07:39] <vivia> and i'm getting more stuff than mailer-daemons, for example "email verification required" or "illegal sender for this mailing list", so if i just stop spamassassin and step out for 10 minutes i'll have 30 of those in my inbox
[15:08:03] <moggie2> yeah it's quite a common problem, been happening to lots of people lately
[15:08:07] <moggie2> bloody spammers
[15:08:29] <moggie2> the trouble is, they are legitimate emails from real mail servers.
[15:08:37] <Trengo> disable the account
[15:08:43] <Trengo> wait for the storm to pass
[15:08:45] <Trengo> enable again
[15:08:56] <moggie2> so there is no way to tell between real error messages and ones generated by spammers :(
[15:09:05] <vivia> actually, i only use that address for receiving email, not sending. so if it's from mailer-daemon to me, it's a spam
[15:09:19] <moggie2> oh
[15:09:21] <moggie2> there you go then
[15:09:58] <vivia> so how can i tell postfix "if it's from any mailer-daemon to vivia at this dot server.name just ignore it"?
[15:10:53] <vivia> i tried googling for header_checks but can't quite figure out how to make it match both from mailer-daemon and to vivia
[15:11:35] <moggie2> i don't think it can
[15:11:42] <vivia> any other solution?
[15:11:54] <vivia> apart from procmail - it's proving to be too slow
[15:11:55] <moggie2> can you match the subject line?
[15:11:57] <cite> vivia: http://www.postfix.org/BACKSCATTER_README.html
[15:12:02] <cite> vivia: Might be a good starting point.
[15:12:09] <vivia> thx, let me see
[15:12:58] <moggie2> i think i'll give that a read later too, might be useful.
[15:13:15] <moggie2> thanks cite :)
[15:13:15] <cite> You should indeed configure this _before_ backscatter hits ;-)
[15:17:02] <vivia> cite: thanx a lot :) -- 2613 Kbytes in 307 Requests.  <-- the time it took me to copy-paste the lines from the backscatter-readme to my files and restart postfix. you see why i'm getting desperate right? : )
[15:17:26] <cite> vivia: Well, not really.
[15:17:37] <cite> A queue builds up? So what?
[15:17:40] <cite> It will drain eventually.
[15:18:26] *** deftunix has joined #postfix
[15:18:37] <vivia> cite: it's draining very quickly now! thanx for the hint, it was a treasure ! :)
[15:18:48] <cite> vivia: Besides, copy/paste will do you no good in this case - you have to modify the domains/servers lsited there.
[15:19:15] <vivia> sure, :1,$s/porcupine\\\.org/my\\\.server\\\.domain/g
[15:19:15] <deftunix> hi all
[15:19:15] <deftunix> some one have experiense about maildirsize file recalculation?
[15:19:16] <deftunix> without quota defined on db?
[15:20:51] *** jordancason has quit IRC
[15:22:53] *** deftunix has quit IRC
[15:26:29] *** deftunix has joined #postfix
[15:28:41] <vivia> cite: cheers! mail queue is empty :)
[15:28:52] * vivia offering chocolate :)
[15:29:02] <cite> vivia: Did you verify that mail is actually still coming in? I mean legitimate mail?
[15:29:20] <vivia> cite: yes, i sent one from the email address i actually use and it got through :)
[15:29:42] <cite> Well, than, congratulations to you.
[15:29:56] <vivia> thanx a lot for your tips :)
[15:33:29] *** saurabhb has joined #postfix
[15:38:57] *** Fallenou has joined #postfix
[15:39:54] *** saurabhb has quit IRC
[15:42:27] *** jmazaredo2 has joined #postfix
[15:44:10] *** deadpigeon has joined #postfix
[15:48:53] *** deftunix_ has joined #postfix
[16:02:39] *** deftunix has quit IRC
[16:15:15] *** adj has joined #postfix
[16:15:55] <adj> hi, i'm trying to block a domain from sending email to me. i added 'smtpd_client_restrictions = check_client_access hash:/etc/postfix/access.db, permit' to my main.cf, and reloaded postfix
[16:16:25] <Dominian> remove the .db
[16:16:31] <Dominian> and reload postfix
[16:16:43] <adj> in access i have 'domain.com  REJECT', and i used postmap to build the db, however when i do a config reload it works, but says smtp encoutered an error starting up
[16:16:49] <adj> ahh. damn. lemme try that
[16:17:20] <sysmonk> that's what opensource support does - gives an answer even before you can finish your question
[16:17:24] <sysmonk> ;)
[16:18:10] <jmazaredo2> is there a definite time for uceprotect level 3 be fully deactivated?
[16:18:53] <jmazaredo2> been 2 days since lifted, still cannnot send to other servers
[16:18:54] <adj> hmm. well, i did remove the .db suffix, but it doesnt seem to want to block email
[16:19:22] <sysmonk> adj: but atleast it doesn't spit an error, right?
[16:19:24] <adj> however, the smtp program is running and delivering now =)
[16:19:29] *** iloza has left #postfix
[16:19:30] <adj> sysmonk: yes
[16:19:30] <sysmonk> :))
[16:20:05] <sysmonk> adj: check_client_access works on source ip's not on domain from's
[16:20:12] <sysmonk> !check_client_access
[16:20:13] <knoba> sysmonk: "check_client_access" : Search the named access database for the client name, parent domains, client address, or networks obtained by stripping least significant octets. Reject if the result is REJECT or [45]XX text . Permit otherwise
[16:20:24] <sysmonk> if you want to block based on the from you have to use check_sender_access
[16:20:25] <vivia> sysmonk: opensource support also has an extremely high tendency to give a real answer instead of "Your answer looks 15% like that FAQ entry, so we'll just copy-paste the FAQ entry to you"
[16:20:27] <sysmonk> !check_sender_access
[16:20:28] <knoba> sysmonk: "check_sender_access" : Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action.
[16:20:30] <sysmonk> adj: ^^
[16:20:43] <sysmonk> also, check_sender_access must be used from smtpd_sender_restrictions or higher
[16:20:57] <sysmonk> vivia: heh, true
[16:21:29] <sysmonk> although i don't have any commercial support so i don't have to talk to those stupid^Wsmart guys
[16:21:54] <sysmonk> but i can see how my co-workers are having "pleasure" with commercial support :)
[16:22:09] <vivia> sysmonk: i've needed support from, say, google or M$ (about windows live messenger)
[16:22:10] <adj> sysmonk: bingo. that did it, thanks
[16:23:11] <sysmonk> vivia: "ah, your question has 'messenger' and also a 'tcp' word inside, the answer must be this one ->>> because it has the same words too!"
[16:23:54] <vivia> sysmonk: bingo. :) and you know how it feels when you're a developer of amsn, so you know the protocol more or less upside down, and they treat you like a n00b which forgot to configure something obvious... :)
[16:24:14] <sysmonk> vivia: aren't you one!?
[16:24:14] <sysmonk> ;)
[16:24:19] * sysmonk hides
[16:25:02] * vivia performs ls -a and can see sysmonk
[16:25:46] <sysmonk> chmod 000 .
[16:25:49] <sysmonk> now you can't
[16:25:49] <sysmonk> ;)
[16:25:58] <vivia> sudo ls -a
[16:26:04] <sysmonk> sudo: command not found
[16:26:04] <sysmonk> ;)
[16:26:24] <vivia> almost reminds me of "sudo make me a sandwich"
[16:26:41] <seekwill> rm -rf sysmonk; touch sysmonk
[16:26:49] <sysmonk> k, got to go, need to buy a new bathtube
[16:26:58] <seekwill> Buy me one too
[16:27:04] <sysmonk> seekwill: i'll remind you that in the next football seasson!
[16:27:04] <sysmonk> ;)
[16:27:08] <seekwill> :)
[16:27:15] <vivia> what does football have to do with bathtubes?
[16:27:20] <seekwill> By then I hope to have a TV!
[16:27:26] *** netcrash has joined #postfix
[16:27:31] <seekwill> What doesn't football have to do with anything?
[16:27:59] <netcrash> in mynetworks var does postfix support vlsm networks ?
[16:28:01] *** weedar has quit IRC
[16:28:08] <netcrash> Hello :D
[16:28:57] *** denis_ has quit IRC
[16:29:44] <cos> anyone know why qmgr might have a lot more open filehandles than the number of smtp processes?
[16:30:16] <cos> I have a postfix 2.5 server whose qmgr occasionally crashes during active mailings, with "Too many open files".  but when I monitor how many filehandles it has, it's waaay below the limit most of the time.
[16:30:37] <cos> and then occasionally it suddenly spikes in under a minute, from 100-300 all the way up to the 1024 limit, and crashes
[16:30:38] <netcrash> Maybe limited by the operating system ?
[16:30:50] <cos> oh, I know there's a limit, that's not the point of the question
[16:30:52] <cos> the limit is 1024
[16:31:00] <adj> up the limit
[16:31:02] <cos> but based on my config that should be more than enough
[16:31:15] <cos> and given the nature of these spikes, I don't know that increasing the limit would do any good
[16:31:25] <cos> what I want to understand is *why* it might spike like that
[16:31:37] <adj> run a script to dump lsof periodically and watch whats happening
[16:31:38] <netcrash> well queue manager may be having trouble delivering to smtp process
[16:31:38] <cos> when most of the time it has only 100-300 filehandles open
[16:31:59] <cos> I just updated my script that counts, to also save a dump of the lsof output the next time it's approaching the limit.
[16:32:11] *** jwit_ is now known as jwit
[16:32:19] <cos> so hopefully that will help, but I don't know
[16:33:05] <cos> if I just see a lot more lines that say "socket" I don't know that that will help me understand anything
[16:33:17] <cos> netcrash: hmm.  what do you mean?
[16:34:42] *** cilly has joined #postfix
[16:34:43] <deftunix_> hi all, how i can enabling maildirs format in postfix?
[16:34:50] <deftunix_> without vda patch
[16:36:28] <netcrash> cos Well how many messages is the smtp process configured to handle ?
[16:37:09] <netcrash> can't say this is the exact problem but...
[16:37:21] <netcrash> adj what do you think ?
[16:37:29] <cos> netcrash: there are two transports, one with mxproc 580 and the other with maxproc 380.  so at most there are 960 smtp processes at a time.
[16:37:55] <cos> most of the time qmgr doesn't have that many open filehandles, but if it spiked to a little above 960 and not much further then I wouldn't be puzzled
[16:38:17] *** jmazaredo2 has quit IRC
[16:38:20] <adj> netcrash: possibly, it could also be postfix opening FD's to ldap or spam filters, or log files, etc, etc, etc
[16:38:21] <cos> this server does not receive mail from the outside, so smtpd is not an issue
[16:38:29] <cos> (and I've checked, there's never more than one smtpd)
[16:38:43] <cos> no ldap.  no spam filter.
[16:38:58] <cos> only one socket to syslog AFAIK
[16:39:04] <adj> cat /proc/sys/fs/file-max
[16:39:32] *** phnord has joined #postfix
[16:39:52] <adj> or sysctl fs.file-max
[16:39:59] <adj> 1024 is tiny
[16:40:00] <cos> I've checked that, but we're nowhere near the systemwide limit.  it's the per-process limit that's crashing it.  but what I want to understand is not *whether* it's hitting the limit (I *know* it is), but *why*
[16:40:36] <adj> ahh
[16:41:30] <cos> 1024 is the default per-process filehandle limit in all linuxes I know of.  and it *should* be sufficient on this system, but it's not.  trying to figure out why qmgr is doing what it's doing.
[16:42:03] <adj> yeah, it is, i see what you are saying now. i've had a box crash and burn because it hit the system limit when ldap went AWOL
[16:42:12] <adj> your situation is different
[16:42:40] <adj> i really am not sure, howver monitoring lsof ought to explain it
[16:44:25] *** Fallenou has quit IRC
[16:44:58] <cos> turns out, all I get in the logged file is ... a lot more lines that say "socket" that look just like the other lines that say "socket".  all I can tell is that there are more of them.  can't tell what they're for/to.
[16:45:14] <cos> When I get a line from lsof like this:
[16:45:14] <cos> qmgr    30301 postfix  879u  unix 0x000001017a6263c0           1131242555 socket
[16:45:22] <cos> is there any way to find out what it's talking to?
[16:45:29] <vivia> cos: lsof -i
[16:47:18] <cos> that'll just limit it to only listing internet connections.  of which qmgr has none.
[16:48:00] *** Tykling has left #postfix
[16:48:04] <cos> well, network sockets, some of which may be connections.  regardless, the ones qmgr has open aren't network, so -i will exclude them.
[16:51:14] <vivia> cos: there are a few options in a manpage
[16:51:26] <vivia> the manpage*
[16:51:56] *** Tykling has joined #postfix
[16:52:55] *** syslogd has joined #postfix
[16:53:57] *** omry has quit IRC
[16:54:08] *** akyra has joined #postfix
[16:54:57] *** strummula has quit IRC
[16:59:14] *** |_Knoedel_| has quit IRC
[17:02:30] *** AwayML is now known as AndyML
[17:02:39] <deftunix_> hi all, how can i configuring postfix for using courier for delivery message?
[17:05:11] *** syslogd_ has quit IRC
[17:09:16] *** vivia has left #postfix
[17:09:25] *** x-spec-t is now known as Spec
[17:14:25] <tuxick> ???
[17:14:36] <tuxick> i didn't know courier could do that at all
[17:16:27] <Snoopotic> oO I have set up "smtpd_sender_restrictions = reject_unlisted_sender" but this does not work if the senders-domain is not provided$virtual_alias_domains Oo
[17:17:41] <Snoopotic> ++$virtual_mailbox_domains
[17:19:28] <Snoopotic> if the senders-domain is neither provided in $virtual_alias_domains nor in $virtual_mailbox_domains the sender can fake the FROM: Header. I don't wnt that _( how can I fix that?
[17:23:13] *** cilly has quit IRC
[17:28:30] *** xnixan_ is now known as xnixan
[17:28:38] <xpoint> Snoopotic, see smtpd_sender_login_missmatch
[17:29:23] <xpoint> Snoopotic, bounded to smtpd auth senders cant fake from anylonger, but this olso needs working smtp auth
[17:30:07] <xpoint> Snoopotic, so first step is !sasl
[17:30:36] *** madrescher has quit IRC
[17:31:13] <Snoopotic> sals works :D
[17:31:24] <Snoopotic> so smtp auth is given.
[17:39:33] *** opetznick has joined #postfix
[17:40:07] *** Fallenou has joined #postfix
[17:40:44] <opetznick> hi! does someone know how to reject a specific username?
[17:41:17] *** loddafnir has joined #postfix
[17:45:11] *** sophokles1 has quit IRC
[17:47:56] <snappy> opetznick: as a recipient?
[17:48:21] <opetznick> snappy: no as sender
[17:48:55] <snappy> check_sender_access, use a regex and apply the REJECT rule.
[17:49:58] *** acustic has joined #postfix
[17:50:53] <opetznick> snappy: thanks i will try it
[17:52:49] <opetznick> snappy: this only rejects the mailaddress right?
[17:53:08] <snappy> this rejects the envelope sender.
[17:53:38] <snappy> the sender that comes after the MAIL FROM: command.
[17:53:49] <snappy> anyways i gotta run.
[17:53:59] <opetznick> snappy: ok thanks!
[17:54:18] <snappy> if in the body the person you want to reject is in the "From: " field, you will need to do a header check. Same idea.
[17:56:21] *** alienbrain has quit IRC
[18:02:45] *** akyra has quit IRC
[18:04:02] *** BBishop has quit IRC
[18:05:18] *** BBishop has joined #postfix
[18:09:06] *** phnord has quit IRC
[18:09:48] *** CrazyFoam has quit IRC
[18:12:15] *** CrazyFoam has joined #postfix
[18:23:53] *** niki has joined #postfix
[18:24:22] <Snoopotic> I use a mysql-database. and I need an additional arg to do the query but I know that is not possible but maybe you have a better Idea... I want to verify if an authenticated user is allowed to use that senders-alias or not. I thought I can use my alias-table where the "address" and the "goto" columns are specified. address provides the alias and "goto" specifies the mailaccount the mail gets 'physically' sendet to.
[18:24:22] <Snoopotic> Now I thought I could use  in  smtpd_sender_restrictions = check_sender_access... doing following query: http://pastebin.ca/1240766
[18:25:42] *** githogori has quit IRC
[18:30:56] <Snoopotic> But as I commented in that example such an arg does not exist. So what way may I use or what can I do? I want to give one account more than one mail-addresses he can use to send but only permitted ones.
[18:35:00] *** neuro_damage has left #postfix
[18:35:36] *** Knoedel2 has joined #postfix
[18:36:05] *** F6F has joined #postfix
[18:41:10] <cite> Snoopotic: Use smtpd_sender_login_maps
[18:41:28] *** laurier57 has joined #postfix
[18:41:35] <cite> Snoopotic: Pair that with a "reject_authenticated_sender_login_mismatch" right befor the "permit_sasl_authenticated".
[18:45:17] <Snoopotic> thanks will have a look
[18:51:03] *** BuenGenio has quit IRC
[19:00:20] *** Zeit|awy has quit IRC
[19:00:28] *** tonyyarusso has joined #postfix
[19:04:56] *** opetznick has quit IRC
[19:09:00] *** Zeit|awy has joined #postfix
[19:15:45] *** qdot has quit IRC
[19:24:15] <AndyML> i'm using php_mail to send messages from a web application. the system is one with an admin panel (cube panel) that includes postfix as a mail server componant.
[19:24:51] <AndyML> the panel is creating some kind of domain authority for e-mail in that postfix install so outbound mail from php_mail to that domain never makes it out of postfix.
[19:25:10] <AndyML> postfix says "I'm the e-mail server for that domain. nope, don't have that mailbox' and errors out.
[19:25:12] *** acustic has quit IRC
[19:25:44] * seekwill hugs xpanels...
[19:25:50] <AndyML> i'd love some help telling postfix that it is NOT the mail server for those domains...
[19:26:36] <seekwill> Messing around with Postfix's config files when you're running an admin panel like that is a bad idea. You should try talking to the panel vendor first and getting support through their channels
[19:27:20] *** idle-boy is now known as Shaker|
[19:27:20] <AndyML> yeah, we've tried. they suggested we remove the domains from virtual_mailbox_domains  and restart postfix, but it didn't work. the logs still show the same thing.
[19:28:24] <seekwill> That's all the support they gave you>?
[19:29:08] <AndyML> well, first they had us change the MX records on the local dns server, which we did. didn't make a different. then they had us put bind in front of hosts in host.conf. didn't work. then that was their last suggestion.
[19:29:15] <AndyML> i cannot recommend cubepanel...
[19:29:43] * AndyML is a little annoyed at his customer for requiring that he install cubepanel on his dedicated webserver...
[19:30:00] <AndyML> is there anything i need to do to update virtual_mailbox_domains.db from virtual_mailbox_domains  ?
[19:30:32] <sysmonk> postmap
[19:33:04] *** riz_ has quit IRC
[19:34:05] <AndyML> thats it?  i'll try it. thanks.
[19:35:26] *** madsara has joined #postfix
[19:35:36] <madsara> Hey, anyone here using postfix/vda?
[19:36:22] *** netcrash has quit IRC
[19:38:08] <AndyML> sysmonk: that did it.
[19:44:17] *** githogori has joined #postfix
[19:44:32] *** deftunix has joined #postfix
[19:51:54] *** Motoko-chan has joined #postfix
[19:56:47] *** muecke77 has joined #postfix
[19:58:31] *** xpoint has quit IRC
[20:03:24] *** AndyML is now known as AwayML
[20:15:13] *** deftunix_ has quit IRC
[20:23:08] *** hayalci has joined #postfix
[20:31:12] <hayalci> Hi, I'm having problems with setting up procmail on the server. As I understand from the documentation, mailbox_command is run with priviledges of the recipient. But when I chmod go-rwx on the .procmailrc file, it does not get processed.
[20:32:04] <hayalci> when I give read permission it gets executed ( currently only logging the messages and not performing any filtering)
[20:32:08] <hayalci> What may be the problem ?
[20:32:39] <hayalci> By the way, I am using postfix and procmail from debian etch
[20:33:35] <hayalci> I have tried some parameters but currently "mailbox_command = /some/where/procmail"
[20:33:48] <hayalci> I mean /usr/bin/procmail :)
[20:34:53] *** pitakill has joined #postfix
[20:35:08] *** AcTiVaTe has quit IRC
[20:39:00] *** JonMarkGo has joined #postfix
[20:39:44] *** alessio has joined #postfix
[20:40:21] *** alessio has quit IRC
[20:41:11] <JonMarkGo> Hi guys, I'm having a problem where postfix can't find a conf file it needs, even though it is there: http://pastebin.com/d1464a803
[20:41:18] <JonMarkGo> All the relevant data is there (the error, postconf -n, etc.)
[20:41:57] <JonMarkGo> Anyone ever seen anything like this?
[20:43:09] <hayalci> What I am trying to do is, mark spams with address extension (plus addressing) "user+spam@domain", then filter that out to spam boxes _without making users have to write procmailrcs_
[20:43:40] <hayalci> @JonMarkgo, the file may have bogus unprintable characters in the name, try creating a new one with a clean name
[20:43:50] *** adaptr has quit IRC
[20:43:58] *** adaptr has joined #postfix
[20:44:01] *** Niemi_ has joined #postfix
[20:44:33] <JonMarkGo> Hah, I think you're right
[20:44:35] *** deadpigeon has quit IRC
[20:45:34] *** cpm has quit IRC
[20:46:48] <rob0> hayalci, ~/.forward+spam : maildir/spam/
[20:46:56] <JonMarkGo> I think that did it, thanks
[20:48:33] <hayalci> @rob0 , thanks but I want to have a system-wide setting, and I don't want users to create ~/.forward* files or ~/.procmailrc files. I'm now experimenting with /etc/procmailrc file
[20:48:33] <rob0> hayalci, I would take procmail out of it
[20:48:48] *** matt_ has quit IRC
[20:48:51] <hayalci> I want to retain existing procmail feature for users who want to use it
[20:49:09] <rob0> Okay, but you can script something to make and chown their .forward files.
[20:49:25] <rob0> Any user who wants procmail can .forward to it
[20:49:59] <hayalci> rob0: that seems possible.
[20:50:24] <hayalci> Is there a way to make postfix deliver the mail itself when address extension matches, and deliver to  mailbox_command otherwise ?
[20:50:43] <hayalci> I'm not sure how I use mailbox_command_maps
[20:51:01] <rob0> I think .forward takes precedence over mailbox_command, not sure, see local.8.html
[20:51:13] *** oversize has joined #postfix
[20:51:36] <rob0> mailbox_command_maps are per-user mappings, and if a user isn't listed, no mailbox_command
[20:51:42] *** dennisharrison has joined #postfix
[20:53:29] <dennisharrison> I have never touched postfix before (yeah... how can that happen in 10 years?)  I just need to get this box to change what ip's it listens on.  Looks like I can just edit main.cf in /etc/postix/ then will I need to run a generator on the config to make the changes live, or just restart the daemon ?
[20:56:41] <dennisharrison> answer to my own question: just need to reload postfix
[21:04:24] *** Moten has joined #Postfix
[21:06:55] <Moten> Anyone dying to help a postfix newb figure out an sasl mysql config issue?  General Linux knowledge, and not so bad at postfix after fighting it for a week.
[21:09:09] <Moten> not everyone at once
[21:09:30] *** jordancason has joined #postfix
[21:12:11] <jordancason> hey guys if I wont to edit my A records what file am i looking for "ubuntu server"
[21:12:40] <Moten> try /etc/hosts
[21:15:06] <jordancason> that file looks like this it this correct
[21:15:09] <jordancason> 127.0.0.1       localhost.localdomain   localhost
[21:15:09] <jordancason> 192.168.1.100   TTMY.com                TTMY
[21:15:09] <jordancason> # The following lines are desirable for IPv6 capable hosts
[21:15:09] <jordancason> ::1     ip6-localhost ip6-loopback
[21:15:10] <jordancason> fe00::0 ip6-localnet
[21:15:10] <jordancason> ff00::0 ip6-mcastprefix
[21:15:11] <jordancason> ff02::1 ip6-allnodes
[21:15:13] <jordancason> ff02::2 ip6-allrouters
[21:15:15] <jordancason> ff02::3 ip6-allhosts
[21:16:02] <Moten> If you want to add an A record, you should just have to add the IP address, then the hostname, like the 127.0.0.1 entry is
[21:17:26] *** havvg has joined #postfix
[21:20:25] *** deftunix_ has joined #postfix
[21:21:05] *** alienbrain has joined #postfix
[21:21:18] <dennisharrison> actually .. the "correct" syntax there would be 127.0.0.1 localhost localhost.localdomain, but that is just semantics really
[21:22:30] <hayalci> I have this setting in main.cf
[21:22:31] <hayalci> mailbox_command = /usr/bin/procmail -a "$EXTENSION" -d "$USER"
[21:23:13] <hayalci> when I log procmail's variables, $LOGNAME $HOME $SHELL seem correct
[21:23:26] <rob0> "A record" implies that you're running your own authoritative nameserver, is that right?
[21:23:48] <hayalci> but when I try to deliver via /etc/procmailrc, log says this : procmail: Couldn't chdir to "/users/home/
[21:24:03] <hayalci> also the delivery is made into /var/spool/postfix directoy
[21:24:09] <jordancason>  no I am not running my own authoritative server
[21:24:27] <dennisharrison> jordancason what is the name server / dns server for you?
[21:24:55] *** pitakill has quit IRC
[21:25:05] <hayalci> It says in the man page that mailbox_command is run as the recipient user, also I explicitly state  -d "$USER", still the UID does not seem to change
[21:25:14] <hayalci> What may be the problem ,where should I look
[21:25:52] <dennisharrison> hayalci what is /users/home ?
[21:25:58] <rob0> Just make procmail more verbose, I guess, and see procmail man pages. It has been years since I tinkered in that, and I have no desire to relearn it.
[21:26:43] <jordancason> all right i just have an old pc right now running behind a router all the ports are forwarded. im using no-ip.com for my name server ttmy.servebeer.com
[21:27:13] <hayalci> dennisharrison: well, it is /home/bs01/dummy/mail  mounted over nfs, and very accessible when i su to dummy
[21:27:19] <rob0> You need to go to your DNS provider to change your DNS records.
[21:27:59] *** weedar has joined #postfix
[21:29:08] <dennisharrison> hayalci mmm.... nfs ;)  just kidding, so /usrs/home is where it should be going, is what I understand, correct?
[21:29:24] <dennisharrison> so you want to figure out why procmail is erroring on chdir ?
[21:29:55] <hayalci> yes, It should run under user's priviledges and it should be able to access the $HOME/mail directory
[21:30:12] <hayalci> here's /etc/procmailrc
[21:30:22] <hayalci> MAILDIR=$HOME/mail
[21:30:26] <hayalci> ADDREXT=$1
[21:30:26] <hayalci> :0:
[21:30:26] <hayalci> * ADDREXT ?? ^spam$
[21:30:26] <hayalci> spam
[21:31:04] <hayalci> with logging enabled, it says
[21:31:04] <hayalci> rocmail: Assigning "LOG=dummy /home/bs01/dummy /bin/bash newmailhost"
[21:31:04] <hayalci> dummy /home/bs01/dummy /bin/bash newmailhostprocmail: Assigning "MAILDIR=/home/bs01/dummy/mail"
[21:31:04] <hayalci> procmail: Couldn't chdir to "/home/bs01/dummy/mail"
[21:31:28] <hayalci> log is LOG="$LOGNAME $HOME $SHELL $HOST"
[21:31:39] <sysmonk> how about using a pastebin
[21:31:50] <sysmonk> just in case some people don't want to read all this jibberish
[21:31:50] <sysmonk> ;)
[21:32:15] <hayalci> @sysmonk: good idea, I thought the config was very short but It seems it's not-so-short ;)
[21:32:48] *** deftunix__ has joined #postfix
[21:33:09] <dennisharrison> hayalci, I don't know man ... problem with nfs?
[21:34:10] <dennisharrison> a little fuzzy on this, but I have had problems with nfs not being active until after auth for the user
[21:34:31] <hayalci> dennisharrison: nfs is working fine , I can create files in $HOME/mail when I do "su - dummy", somehow postfix is not running mailbox_command under user's priviledges ? or procmail's failure?
[21:34:59] <dennisharrison> see what happens if you free up permissions on it
[21:35:10] <hayalci> yeah, good idea, trying now
[21:36:36] <hayalci> dennisharrison: I gave full permissions to "others" and it delivered correctly to user's mailbox :-/
[21:36:49] <hayalci> a related thing
[21:37:08] <hayalci> users's ~/.procmailrc was not executing before I gave read permission to others
[21:37:24] <hayalci> in the currently running system, procmailrc files are not world readable and it works
[21:37:56] <hayalci> but in this new installation, "something" happened with permissions or uids
[21:39:06] <dennisharrison> hayalci, yeah I would agree with you on that for sure :)
[21:39:15] <hayalci> default_privs = nobody
[21:39:20] <hayalci> can this be causing errors ?
[21:39:31] <dennisharrison> hayalci, maybe?
[21:39:40] <dennisharrison> I have never touched a postfix config file before today
[21:39:50] <dennisharrison> I have still been operating in the stone age, with my ancient qmail boxes
[21:40:05] <hayalci> :)
[21:40:16] <hayalci> qmailsucks.com :-p
[21:41:00] <dennisharrison> hehe
[21:41:01] <hayalci> ^^^ wow, not taken
[21:41:15] <dennisharrison> we all race to our favorite registrar ;)
[21:41:21] <hayalci> ;)
[21:41:31] <dennisharrison> might get sued by djb !
[21:41:51] <dennisharrison> don't we have to send him a photocopy of our ID whenever we say 'qmail' ?
[21:43:36] <rob0> DJB has been out of qmail for many years, the one exception being when he recently released it to public domain.
[21:44:11] *** deftunix has quit IRC
[21:45:19] <hayalci> dennisharrison: found the problem :-/
[21:45:21] <hayalci> There are some significant differences between the Debian Postfix packages,
[21:45:21] <hayalci> and the source from upstream:
[21:45:21] <hayalci> 1.  The Debian install is chrooted by default.
[21:45:39] <sysmonk> i'm fealing like if hayalci was pasting and not typing...
[21:45:50] <rob0> local(8) cannot be chrooted, IIRC
[21:46:18] <hayalci> rob0: then, that brings me to where I begin
[21:46:18] <anders_l> can i change the to=user at domain dot com  to be the as in to_orig=user at domain2 dot com ?  i get all mails to be in log user at domain dot com
[21:46:45] <anders_l> i got 5 virtuals domains
[21:47:07] <anders_l> local user accounts
[21:47:30] <jordancason> hay can any of you send a test email to jordan at ttmy dot servebeer.com
[21:48:47] <anders_l> all spam mails got stored in mysql as user at domain dot com
[21:48:49] *** AcTiVaTe has joined #postfix
[21:48:56] *** Moten has quit IRC
[21:50:52] *** mattx86 has joined #postfix
[21:51:36] <seekwill> jordancason: You don't have a Yahoo or Gmail account?
[21:53:21] <jordancason> yes i do but for some reason i can not send it from gmail but i did reseave an email from a nuther postfix server
[21:54:08] <seekwill> What did the gmail bounce say?
[21:58:11] <jordancason> never mind im getting them now
[21:58:14] *** Haris_ is now known as Haris
[21:58:20] *** [Jasper] has joined #postfix
[21:58:24] <jordancason> but now theres this problem
[21:58:30] <[Jasper]> hej guys, how can I prevent postfix from requiring a valid user id to send mail?
[21:58:43] *** deftunix_ has quit IRC
[21:59:15] <zer0mdq> [Jasper] i wouldn't recomend that, i think that is what you call "an open relay" and it's extremly dangerous
[21:59:43] <zer0mdq> peopple could use your mail sever to send spam and any kind of stuff without authenticating
[21:59:48] <jordancason> never mind ever thing works now wtf
[21:59:49] <jordancason> lol
[21:59:50] <zer0mdq> a mi right?
[22:00:03] <zer0mdq> s/a mi right?/am i right?
[22:00:43] <seekwill> [Jasper]: What kind of users do you want to allow, and send to whom?
[22:00:43] <rob0> Depends what "requiring a valid user id" means, I suppose.
[22:01:25] <zer0mdq> rob0: i thought it ment to authenticate a valid user
[22:02:11] <growltiger> qmailsucks.com is already taken
[22:02:12] *** oversize has quit IRC
[22:02:24] <growltiger> i was going to reg it
[22:02:43] <seekwill> Money to burn?
[22:03:07] *** muecke77 has left #postfix
[22:03:08] <growltiger> it's only 5 s
[22:03:11] <growltiger> bucks
[22:03:21] <seekwill> That doesn't change the fact
[22:03:38] <seekwill> Some countries, $5USD can buy a lot
[22:03:41] <zer0mdq> growltiger: i can register qmailsucks.com.ar if you want
[22:03:49] <growltiger> that's not "money to burn"
[22:03:51] <zer0mdq> in argentina .com.ar are totally free :)
[22:04:01] <zer0mdq> (free as in free domains :P)
[22:04:33] <growltiger> actually, i think i might have regged it...
[22:04:36] <zer0mdq> if you give me 1USD i'll register the domain for you ;)
[22:04:53] <growltiger> nah, not my nameserver
[22:04:56] <zer0mdq> ('cause you need to live in  .ar to have a .com.ar )
[22:05:10] <jpalmer> I don't understand human nature sometimes.  instead of devoting time to negativity (like qmailsucks.com)  why not spend that same time and energy promoting software you like?
[22:05:19] <seekwill> jpalmer: :)
[22:05:27] <dennisharrison> jpalmer, I think it is just a joke?
[22:05:48] <[Jasper]> seekwill I have non existent users under which apache is running becuase of vhosts..
[22:05:54] <[Jasper]> so they are not validd unix users
[22:06:11] <growltiger> !virtual
[22:06:12] <knoba> growltiger: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html
[22:06:20] <seekwill> qmailsucks.com is already taken...  in 2005
[22:06:22] <dennisharrison> rob0, and I know djb hasn't touched it in years, was just joking about the restrictive license that was associated with it for the longest
[22:06:49] <seekwill> [Jasper]: So you want to allow anyone from the local server?
[22:06:50] <jpalmer> dennisharrison: that perfectly validates my point.  this negative energy "joke" has been going for 20 minutes now.
[22:07:00] *** weedar has quit IRC
[22:07:37] <seekwill> We'd be living on Mars if we spent the same amount of money as we do for weapons
[22:08:03] <growltiger> that does it. I am regging jpalmersucks.com
[22:08:09] <seekwill> lol
[22:08:13] <dennisharrison> jpalmer, so it is something fun to talk about for a while?  Not saying it is not an absolute waste of time.  But not everyone is progressive minded 24/7 ;)
[22:08:19] * seekwill paypals growltiger $5
[22:08:23] <rob0> Dennis, I know it was a joke, I forgot a ":)"
[22:08:24] <dennisharrison> lol
[22:08:54] <dennisharrison> rob0, ahh.. the joys of being textual :)
[22:09:05] <jpalmer> growltiger: feel free.  google will show tons of postive information I've given people over the years.  if you want to spend time painting me as a negative,  more power to you.  ;)
[22:09:33] *** weedar has joined #postfix
[22:09:58] * dennisharrison stares blankly
[22:10:24] * seekwill pokes dennisharrison in the eye with a spork
[22:10:32] <rob0> blood!!!
[22:10:42] <dennisharrison> lol
[22:10:59] * thumbs kills seekwill
[22:11:12] * seekwill fingers thumbs to work
[22:11:14] * rob0 fires up the grill
[22:11:16] * dennisharrison puts on his robe and wizard hat
[22:11:33] <seekwill> You were naked all this time? Thank goodness for IRC
[22:11:40] <dennisharrison> lol!
[22:11:50] <thumbs> disgusting.
[22:12:19] <seekwill> Well, we've all have IRC in the nude at one point in our life...
[22:12:33] <thumbs> I have not.
[22:12:40] <rob0> thumbs up
[22:12:41] <dennisharrison> I do it all the time
[22:12:46] <dennisharrison> lol
[22:13:07] <seekwill> This conversation can go really bad.... really fast
[22:13:19] * seekwill blames .ar
[22:13:35] * thumbs blames seekwill
[22:13:36] <dennisharrison> arsucks.com ?
[22:13:44] <seekwill> arsucks.com.ar?
[22:13:45] <rob0> sucks.ar
[22:13:52] <dennisharrison> lol
[22:15:38] *** Blogger has joined #postfix
[22:16:01] <[Jasper]> yes seekwill
[22:16:02] <[Jasper]> that's it
[22:16:07] <[Jasper]> I wanna allow everyone from localhost
[22:16:29] <[Jasper]> now I'mg etting the following error:Oct 30 20:07:09 server-x postfix/sendmail[26 no login name found for user ID 10008
[22:18:24] *** cyr- has joined #postfix
[22:18:53] <seekwill> This is the part where /topic comes in...
[22:21:18] <JonMarkGo> I'm getting this error: SASL plain authentication failed: authentication failure
[22:21:23] <JonMarkGo> I'm trying to use a mysql DB for user authentication
[22:22:05] <dennisharrison> JonMarkGo have you followed a tutorial at all for this ?
[22:22:05] <dennisharrison> if so what url?
[22:22:23] <[Jasper]> what do you mean seekwill ?
[22:22:37] <JonMarkGo> http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL
[22:23:00] <dennisharrison> lol ... wichert ackerman, good ole xs4all
[22:23:30] <dennisharrison> JonMarkGo, you followed this 100% and get errors ?
[22:23:38] <dennisharrison> or, where did you deviate?
[22:24:01] <JonMarkGo> I'm not sure, I apologize.
[22:26:29] <dennisharrison> JonMarkGo, ok.. hehe, I would double check your configuration then
[22:26:39] <dennisharrison> maybe something like meld would help
[22:26:50] <dennisharrison> http://meld.sourceforge.net/
[22:27:21] <JonMarkGo> http://pastebin.com/m60113eff
[22:27:29] <JonMarkGo> There's my errors/the command I'm using
[22:28:24] <dennisharrison> well, if I had to poke a stick
[22:28:32] <dennisharrison> I would poke it at your mysql setup
[22:28:38] <dennisharrison> pretty general though
[22:28:41] <JonMarkGo> Heh, in postfix?
[22:29:06] <dennisharrison> well what is handling authentication ?
[22:29:29] <dennisharrison> you are using mysql as an authentication directory right?
[22:29:37] <hayalci> Where can I find the syntax supported in .forward files ? is there anything special beyond \ and |
[22:29:38] <JonMarkGo> Yes, there is a mysql database that stores the user data
[22:29:52] <dennisharrison> JonMarkGo why would authentication be failing then?
[22:29:53] <cite> rob0: Given that you havd to setup authentication using a SQL backend, would you store passwords in cleartext so you can offer PLAIN, LOGIN, CARM-MD5, DIGEST-MD5 or would you hash them?
[22:30:11] <dennisharrison> cite, hash for sure
[22:30:21] <JonMarkGo> Not sure, honestly
[22:30:22] <cite> (restricting you to PLAIN and LOGIN or having to store multiple secrets for CRAM/DIGEST)
[22:30:26] *** Niemi_ has quit IRC
[22:30:49] <[Jasper]> can anyone tell me how I can send mail with postfix without complaining about a non-exisiting userid ?
[22:31:00] <dennisharrison> JonMarkGo, wow, I hate to sound some of the people who upset me when I ask for help
[22:31:06] <dennisharrison> but re read that tutorial
[22:31:07] <cite> [Jasper]: Fix PAM.
[22:31:26] *** seekwill has quit IRC
[22:31:38] <JonMarkGo> Alright.
[22:31:48] <cite> [Jasper]: Ther error is generated by the Postfix 'sendmail' binary when a call to getpwuid() for the UID calling the binary does not yield a "username".
[22:31:59] <dennisharrison> if you have a very specific question hopefully I can help
[22:32:03] <cite> [Jasper]: Ths means that you system was not able to associate UID 1008 with a username.
[22:33:03] <cite> [Jasper]: If you are using pam_nss or a similar PAM service to athenticate against LDAP/MySQL, it might very well be that the configuration file is only readable by root and not by the user executing "sendmail".
[22:33:45] <[Jasper]> cite the problem is that php script uses suphp to send mail...meaning it runs under that user..which is a FAKE unix user
[22:33:51] <[Jasper]> so I want it to NOT look to userid...
[22:33:55] <[Jasper]> is this possible?
[22:33:59] <[Jasper]> or always send under www-data ?
[22:34:09] <cite> [Jasper]: Same answer as yesterday, my friend.
[22:34:37] <cite> dennisharrison: Out of curiosity: Why hashed? Fear of security breach so that someone else beside legitimate admins can access the passwords?
[22:34:56] <dennisharrison> cite, sorry it is just a base answer, I am paranoid by nature :)
[22:35:36] <dennisharrison> cite, but yes, I would hash them and then require a krb5 ticket to decrypt, personally
[22:35:52] <dennisharrison> however... the chances of 'needing' that are slim to none really
[22:36:17] <dennisharrison> depends on your environment
[22:36:32] *** loddafnir has left #postfix
[22:36:43] <dennisharrison> at university we want to keep as much distance between permissions and groups / users as possible :)
[22:36:57] <dennisharrison> mostly to compensate for lazy people in the middle
[22:37:29] <cite> [Jasper]: For god's sake, just tell us about how you set up your "fake unix users" so that we can help you troubleshoot that. Our simply copy /usr/sbin/sendmail to /usr/sbin/sendmail.suid, execute chown www-data /usr/sbin/sendmail.suid and chmod +s /usr/sbin/sendmail.suid - and add that one to you php.ini as "sendmail_path".
[22:37:34] <dennisharrison> if you have more control over your environment clear could be a viable choice, as long as you understand the risk associated (and you seem to)
[22:38:12] <dennisharrison> cite, lol, angry, and to the point :)  Good call
[22:38:21] <dennisharrison> I was going to let him google for a few minutes first
[22:38:24] <cite> dennisharrison: While I _do_ understand the risks (which are more located in the frontends, e.g. accessing SQL data you are not supposed to access), I am mainly worried about _functionality_.
[22:38:55] <[Jasper]> cite I just gave the files a chown of 10001
[22:39:05] <cite> I mean - if I do offer CRAM-MD5 and DIGEST-MD5, users who don't find that "Use SSL/TLS" checkbox in Apple Mail will at least not send cleartext passwords across the net.
[22:39:28] <dennisharrison> cite, what is your user base really would be the question
[22:39:32] <dennisharrison> if you have a reason to not hash
[22:39:49] <dennisharrison> then you are stuck unless you want to keep two directories (which you don't)
[22:40:05] <cite> Mostly technically unexperienced online gamers.
[22:40:09] <cite> (read: World of Warcraft)
[22:40:14] <dennisharrison> lol
[22:40:18] *** youareno6 has joined #postfix
[22:40:29] <dennisharrison> but they are going to be using this from desktop client software ?
[22:40:34] <cite> Yes.
[22:41:02] <dennisharrison> like I said, I would use hashing
[22:41:04] <cite> And I'm sick and tired of getting support requests because ppl can't send mail
[22:41:13] <dennisharrison> but, there are other factors
[22:41:16] <cite> (because they don't use STARTTLS, for god's sake)
[22:41:32] <dennisharrison> and they don't read documentation
[22:41:40] <dennisharrison> because ... they never read documentation
[22:41:41] <cite> Hell, they are ONLINE GAMERS!
[22:42:00] <dennisharrison> I find that if you put it in a video with rock music and explosions, they pay attention for the first 15 seconds
[22:42:03] <cite> Most of them will probably fail at school, college or university because they are spending too much time slaughtering virtual foes.
[22:42:08] <youareno6> I am not sure how to describe this, but, why is it that mail from a delete account gets routed to current account users. jon at foo dot com mail shows up in jill at foo dot com's mailbox. There is NO jon at foo dot com account.
[22:42:24] <dennisharrison> so you could have a 'howto' video with helicopter crashing in the background and big CHECK STARTTLS USE SSL
[22:42:37] <cite> dennisharrison: You made my day :)
[22:42:57] <dennisharrison> lol, I deal with college students all the time
[22:43:10] <cite> Or, I could sell that company. It's not my main job and it's not like I need to do that for a living.
[22:43:35] <dennisharrison> how many customers?
[22:43:46] <dennisharrison> I might be interested in buying
[22:43:56] <cite> about 3k mailboxes
[22:44:04] <cite> But only about 700 contracts.
[22:44:09] <dennisharrison> what is the main attraction?
[22:44:15] <dennisharrison> the domain available?
[22:44:33] <dennisharrison> the advertising laden webmail? :)
[22:45:04] <cite> Providing a domain, a content management system, Teamspeak/Ventrilo servers, a forum, mail accounts and things specific to the online game ("Dragon Kill Point" systems, e.g.):
[22:45:15] <[Jasper]> cite that didn't work
[22:45:19] <[Jasper]> the solution your typeed
[22:45:31] <cite> [Jasper]: Now you are being precise.
[22:45:40] <[Jasper]> the script still gets run under that fake unix id
[22:45:44] <[Jasper]> instead of under www-data
[22:45:55] <[Jasper]> php calls that sendmail_path ....with the fake userid
[22:46:00] *** muecke77 has joined #postfix
[22:46:02] <dennisharrison> [Jasper] so what program calls it, and why don't you set ....
[22:46:03] <dennisharrison> oh, php
[22:46:13] <dennisharrison> read the config file
[22:46:14] 
[22:46:16] <cite> ?
[22:46:51] <cite> dennisharrison: So basically, those online "guilds" buy one of my packages and are "virtually" (no pun intended) set.
[22:48:04] <cite> [Jasper]: If that didn't work out, you have to fix PAM.
[22:48:48] <cite> Or rather, libnss.
[22:48:59] <[Jasper]> cite but isn't this completely logical that it doesn't work? since the script gets called by that user?
[22:49:07] *** weedar has quit IRC
[22:49:12] <dennisharrison> also, make sure in nsswitch config you keep file first if you are using a remote directory for auth
[22:49:14] <cite> [Jasper]: No, since the new binary is suid...
[22:50:12] *** muecke77 has left #postfix
[22:50:43] <cite> dennisharrison: I guess if I can have the web application only access the database with cleartext passwords if they get changed, i.e. only do an UPDATE, I'd be fine.
[22:51:13] <dennisharrison> cite, it sounds like you should be fine either way really
[22:51:16] <cite> If there is a hole in Postfix or dovecot, I'm screwed anyway.
[22:51:17] <dennisharrison> although you never know
[22:51:25] <dennisharrison> I don't trust users
[22:51:34] <cite> I can do web authentication with hashed passwords.
[22:51:51] <dennisharrison> yeah
[22:52:00] <[Jasper]> huh I don't understand this..
[22:52:01] <cite> That way I'd only have to secure (well, I think it _is_ aleready secure) one point in the whole application.
[22:52:06] <[Jasper]> silly stuff that it checks unixid..
[22:52:29] <cite> [Jasper]: Now would you please provide us with information (on a pastebin) on how you configured your fake unxi users?
[22:53:01] <dennisharrison> [Jasper] your problem actually has nothing to do with postfix :)
[22:53:14] <cite> dennisharrison: I was about to say exactly that!
[22:53:17] <cite> :-)
[22:53:31] * dennisharrison goes for the disgruntled nerd high five!
[22:53:50] <dennisharrison> [Jasper] would still like to help you out thought
[22:54:01] <dennisharrison> [Jasper] so, a little more information is in order
[22:55:29] * dennisharrison hears the crickets
[22:57:28] <[Jasper]> cite, I use a proftpd-mysql plugin...which creates users in a database...those users are used to login
[22:57:42] <[Jasper]> then proftpd creates file when you upload under a certain user with the userid which is in the db
[22:57:52] <[Jasper]> so there are no unix users, just ftp users in the database
[22:58:00] <cite> You are screwed, then
[22:58:28] <cite> Make PHP's mail function deliver mails using a TCP socket to localhost:25
[22:58:30] <rob0> cite, re: plaintext v. hashed passwords, I don't have any strong feelings. Just understand that a db with plaintext passwords is a juicier target, and secure it accordingly.
[22:59:48] *** GoGi has joined #postfix
[23:00:44] <cite> rob0: Thanks for your input.
[23:01:08] <[Jasper]> is that the only way to solve this?
[23:01:40] <cite> [Jasper]: You could get rid of suphp.
[23:01:59] <cite> [Jasper]: You could dump the database and add the appropriate entries to /etc/passwd
[23:02:04] <[Jasper]> Do not allow the SMTP VRFY command, which allows remote users to verify the existance of a user account on your machine
[23:02:07] <[Jasper]> is that usefull?
[23:02:16] <cite> [Jasper]: NO.
[23:02:22] *** hayalci has left #postfix
[23:02:32] <cite> [Jasper]: This behaivour is HARDCODED in the source code of the sendmail bianry.
[23:02:37] <cite> You can NOT change that.
[23:02:43] <cite> You don't have a Postfix problem.
[23:02:47] <cite> Go away.
[23:03:16] <cite> [Jasper]: Hell, you could even configure libnss to do lookups in that proftpd database.
[23:03:25] <dennisharrison> easily
[23:03:32] <dennisharrison> but.. why? ;)
[23:03:35] <cite> But no, you are hanging aroudn in #postfix evening after evening, not listening to what people tell you.
[23:08:12] *** alienbrain has quit IRC
[23:08:12] *** Mosu has quit IRC
[23:09:12] *** mattx86 has quit IRC
[23:15:34] *** weedar has joined #postfix
[23:16:13] *** magyar has quit IRC
[23:22:05] *** magyar has joined #postfix
[23:26:40] *** Blogger has quit IRC
[23:35:36] *** GoGi has quit IRC
[23:39:13] <jordancason> all right i can now receive gmail but i cant send to my gmail the log just seas connection timed out. what could be the problem????
[23:40:33] <jordancason> I Called my ISP and they seed thay were not blocking port 25
[23:42:27] <jordancason> Oct 30 18:36:40 TTMY postfix/smtp[18217]: connect to alt1.gmail-smtp-in.l.google.com[209.85.201.114]:25: Connection timed out
[23:42:27] <jordancason> Oct 30 18:36:40 TTMY postfix/smtp[18217]: BE9011BA4F1: to=<jordanCason at gmail dot com>, relay=none, delay=151, delays=0.05/0/151/0, dsn=4.4.1, status=deferred (connect to alt1.gmail-smtp-in.l.google.com[209.85.201.114]:25: Connection timed out)
[23:43:17] <shasta> use tcptraceroute to confirm that
[23:46:29] *** Blogger has joined #postfix
[23:49:28] *** youareno6 has left #postfix
[23:52:13] *** Mosu has joined #postfix
[23:55:30] <jordancason> all right heres what i got with that "shasta"
[23:55:33] <jordancason> jordan@TTMY:~$ tcptraceroute -q 4 gmail.com 25
[23:55:33] <jordancason> Selected device eth0, address 75.60.184.30, port 43942 for outgoing packets
[23:55:33] <jordancason> Tracing the path to gmail.com (209.85.171.83) on TCP port 25 (smtp), 30 hops max
[23:55:33] <jordancason>  1  adsl-75-60-184-29.dsl.wotnoh.sbcglobal.net (75.60.184.29)  1.812 ms  1.530 ms  0.479 ms  1.713 ms
[23:55:34] <jordancason>  2  * * * *
[23:55:34] <jordancason>  3  * * * *
[23:55:35] <jordancason>  4  * * * *
[23:55:57] <jordancason> looks to me like thay are blocking it
[23:56:04] <shasta> looks like they are blocking it after all :)
[23:56:57] <jordancason> thanks for the new tcptraceroute program though : )
[23:57:12] <jordancason> is thaere any ting i can have my isp do for me
[23:58:16] *** Fallenou has quit IRC
[23:58:25] *** [Jasper] has quit IRC





top