November 8, 2008 
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30
November 8, 2008 [00:00:52] *** niki has joined #postfix [00:05:39] *** c00l2sv has quit IRC [00:06:06] *** c00l2sv has joined #postfix [00:10:08] *** nonsequitir has joined #postfix [00:14:15] *** roe has quit IRC [00:14:45] *** roe has joined #postfix [00:17:34] *** Ryushin has joined #postfix [00:18:26] *** adaptr has quit IRC [00:18:31] *** adaptr has joined #postfix [00:22:37] *** MrPunkin has left #postfix [00:40:32] <growltiger_> First-time sender tempfailed as anti-spam measure; please try again [00:40:37] <growltiger_> what is this all about? [00:40:59] *** _nalle_ has joined #postfix [00:42:18] <shasta> sounds like greylisting :) [00:46:59] *** _nalle has quit IRC [00:48:37] *** muecke77 has joined #postfix [00:56:12] *** pirho has quit IRC [00:57:56] *** Zeit|awy has quit IRC [01:00:11] *** pickcoder has quit IRC [01:00:52] *** simoo has quit IRC [01:09:19] *** Ryushin has quit IRC [01:16:09] *** c00l2sv has quit IRC [01:23:26] *** roe has quit IRC [01:23:50] *** roe has joined #postfix [01:31:28] *** wick2o has quit IRC [01:32:23] *** war9407 has quit IRC [01:33:37] *** c00l2sv has joined #postfix [01:35:10] *** c00l2sv has quit IRC [01:39:42] *** ki_ has joined #postfix [01:41:06] *** ki__ has quit IRC [01:42:48] *** nonsequitir has quit IRC [01:51:39] *** muecke77 has quit IRC [01:53:01] *** c00l2sv has joined #postfix [01:58:41] *** c00l2sv has quit IRC [01:58:48] *** stas_ has joined #postfix [02:07:24] *** Marco_ has joined #postfix [02:13:05] *** GoGi has quit IRC [02:15:05] *** alienbrain has joined #postfix [02:15:05] *** stas_ has quit IRC [02:28:13] *** wick2o has joined #postfix [02:30:11] *** tshine has left #postfix [02:32:55] *** stas_ has joined #postfix [02:46:52] *** stas_ has quit IRC [02:47:55] *** pitakill has joined #postfix [03:02:08] *** stas_ has joined #postfix [03:16:29] *** stas_ has quit IRC [03:16:36] *** stas__ has joined #postfix [03:17:10] *** stas__ has quit IRC [03:19:20] *** roe has quit IRC [03:24:05] *** CrazyFoam has quit IRC [03:25:43] *** CrazyFoam has joined #postfix [03:27:09] *** alienbrain has quit IRC [03:34:53] *** stas__ has joined #postfix [03:36:46] *** hparker has quit IRC [03:37:39] *** stas__ has quit IRC [03:38:14] *** stas__ has joined #postfix [03:39:02] *** Tykling has left #postfix [03:39:16] <wick2o> I just setup my postfix server and everything is working fine sending and receiving email to the server, webmail even works fine, however I keep getting PAM errors when I try to use outlook or PAM to send email. Adding the accounts and downloading email via IMAP works fine [03:39:26] *** ki_ has quit IRC [03:39:28] <wick2o> I'm using virtual domains with mysql [03:39:49] <wick2o> has anyone incountered any issues with postfix/courier/mysql ? [03:42:03] *** ki_ has joined #postfix [03:47:45] *** stas__ has quit IRC [03:49:15] *** Marco_ has quit IRC [03:52:31] *** ki__ has joined #postfix [03:53:09] *** ki_ has quit IRC [03:53:11] *** tombar has joined #postfix [03:53:17] <deface> wick2o: i use that setup, no problems [03:54:38] <wick2o> its weird, logs look good, everything works fine via webmail, however it seems to have auth issues when I try and add pop3 or send via imap [03:54:43] *** manlymatt83 has quit IRC [03:54:51] <wick2o> i used a "perfect server" setup as a guide... [03:55:58] <wick2o> http://www.howtoforge.com/virtual_postfix_mysql_quota_courier [03:56:23] <deface> wick2o: what ISP ? [03:56:29] <wick2o> using ubuntu 8.04 [03:56:31] <deface> it could be your isp blocks outbound on port 25 [03:56:37] <deface> as alot of isp's do these days [03:56:48] <deface> i run my postfix on a 2nd port, 26, for that reason [03:56:50] <wick2o> ya, but that doesnt explain the imap issues [03:56:55] <deface> correct [03:57:01] <deface> have you tried authtest ? [03:57:13] <deface> authtest -s imap user at domain dot com password [03:57:16] <wick2o> and i have no problems with port 25 on any of my other servers [03:57:23] <wick2o> one sec, let me try that now [03:58:08] <deface> do it as root [03:58:13] <wick2o> Authentication FAILED: Operation not permitted [03:58:14] <deface> some of the binaries it uses will give oyu errors [03:58:17] <deface> ;) [03:58:21] * wick2o is root [03:58:24] <deface> hmm [03:58:28] <deface> so yeah, it's failing [03:58:35] <deface> which is why imap/pop aren't working [03:58:46] * wick2o checks syslog [03:59:15] <wick2o> nothing, im not sure what/where the log file is for that, as im sure that would give me a clue in the right direction [03:59:38] <deface> it should have given you more than that [03:59:43] <deface> sec, i'll post the output [03:59:47] <wick2o> should have, but didnt [03:59:53] <deface> did u sudo that command ? [03:59:56] <deface> or are you su'd up [04:00:09] <wick2o> im su'd up [04:00:19] <wick2o> let me try with sudo [04:01:09] <deface> http://rafb.net/p/YKVcr466.html [04:01:14] <deface> thats what it should produce [04:02:06] <wick2o> ok, now with sudo and a fixed typo in my password i get that kind of output [04:02:15] <deface> does it succeed, or fail ? [04:02:24] *** ikaro^ has joined #postfix [04:02:39] <wick2o> succeeded, let me make sure i dont have the same stupid typo in my imap setup [04:02:46] <deface> ok [04:03:06] <wick2o> i really dont think i do, but let me rule that out [04:04:06] *** stas__ has joined #postfix [04:04:24] *** manlymat_83 has joined #postfix [04:08:56] <wick2o> pass is good, but still no go on the outbound imap connection [04:09:24] <deface> do we have verbose logging enabled ? [04:09:38] <deface> have you tried telnet ? [04:09:40] <deface> telnet localhost 143 [04:09:46] <deface> a1 login user at domain dot com password [04:10:18] *** tombar_ has joined #postfix [04:10:38] <deface> more than likely its a permissions issue on the users maildir .. unless you failed to follow something in the config [04:10:57] <wick2o> that both works using locahjost and from outside [04:11:17] <deface> hmm [04:12:21] *** hparker has joined #postfix [04:13:10] *** stas__ has quit IRC [04:13:41] <wick2o> i read the config four times..my permissions are drwx------ and it is owned by vmail:vmail and not owned by my user, it uses a global vmail:vmail 5000 5000 setup like in the guide [04:14:04] <wick2o> folders were created automatily when the account was setup [04:14:23] <deface> yah [04:14:31] <wick2o> let me see if i can enable more logging in the mail.log [04:14:35] <deface> if the telnet 143 works, its a config error in outlook [04:14:55] <deface> you didn't build w/ kerberos did u? [04:14:57] *** ikaro has quit IRC [04:14:59] *** ikaro^ is now known as ikaro [04:15:15] <wick2o> I just used apt-get to install [04:15:25] <wick2o> however this problem is not just with outlook [04:15:30] <wick2o> its also with MAIL on my mac [04:15:46] <wick2o> normally an outlook issue is JUST with outlook [04:16:00] <deface> yeah [04:16:41] <wick2o> i have another postfix server that is perfect, but this is the first ive had to setup using virtual users/mysql [04:17:44] *** pitakill has quit IRC [04:18:01] *** pulsar has quit IRC [04:18:54] <deface> well the auth is working, something else [04:19:17] <wick2o> wonder if pam is having problem talking with mysql [04:19:34] <wick2o> does authtest test saslauth ? [04:20:38] *** tombar has quit IRC [04:21:50] <deface> i do believe [04:22:46] *** mavrick61 has quit IRC [04:23:54] *** mavrick61 has joined #postfix [04:23:58] <wick2o> arning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory [04:23:58] <wick2o> Nov 7 22:23:37 mail postfix/smtpd[18944]: warning: SASL authentication failure: Password verification failed [04:24:36] <wick2o> weird [04:25:02] <wick2o> but at least i have something to google [04:27:00] <deface> looks like your running in a chroot environment [04:27:14] <deface> take all of the 5th column in master.cf to - [04:27:22] <deface> err, from y to n [04:27:26] <wick2o> k [04:28:46] *** tombar_ has quit IRC [04:28:49] <wick2o> i dont really want to change them ALL do I? [04:29:04] <wick2o> just virtual and smtp, correct? [04:29:21] <deface> up to u [04:29:26] <deface> anyone else going to be on the machine ? [04:29:52] <wick2o> not with admin access [04:30:04] <deface> i dont run any of mine in chroot [04:30:50] *** stas__ has joined #postfix [04:31:11] <wick2o> hurm, i have no problems running my other boxes in chroot, this doesnt make sence to me [04:32:08] *** githogori has quit IRC [04:32:59] <wick2o> think i got it [04:33:53] <deface> nice, wha was it [04:34:44] <wick2o> welp i was wrong [04:35:48] <wick2o> still the same arning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory [04:35:48] <wick2o> Nov 7 22:36:45 mail postfix/smtpd[19311]: warning: SASL authentication failure: Password verification failed [04:36:19] <wick2o> i cant seem to find any other logs where the saslauthd stuff is held [04:36:28] <deface> cannot connect to saslauthd server: No such file or directory [04:36:32] <deface> chroot ! [04:37:48] <wick2o> but chroot is off [04:37:57] <deface> did u reload postfix ? [04:38:08] <wick2o> well i restarted it [04:38:35] <growltiger_> !broken_sasl_auth_clients [04:38:36] <knoba> growltiger_: "broken_sasl_auth_clients" : a configuration parameter in the main.cf: Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command (RFC 2554). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. [04:38:58] <deface> grep authdaemonvar /etc/courier/authdaemonrc [04:38:58] *** stas__ has quit IRC [04:39:28] <wick2o> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" is in my default config for saslauthd [04:39:41] *** stas__ has joined #postfix [04:40:01] <wick2o> broken_sasl_auth_clients = yes [04:40:12] <wick2o> I already have that in my main.cf [04:40:44] <wick2o> ##NAME: authdaemonvar:2 [04:40:44] <wick2o> # authdaemonvar is here, but is not used directly by authdaemond. It's [04:40:44] <wick2o> authdaemonvar=/var/run/courier/authdaemon [04:40:50] <deface> does that path exist ? [04:41:07] <wick2o> yes [04:41:12] <deface> DEBUG_LOGIN=2 [04:41:15] <growltiger_> !smtpd_sasl_path [04:41:15] <deface> and restart authdaemon [04:41:16] <knoba> growltiger_: Error: "smtpd_sasl_path" is not a valid command. [04:41:29] <growltiger_> it is too a valid command [04:41:46] <deface> lol [04:42:31] *** internat1 is now known as Internat [04:42:35] <growltiger_> anyways, i had to put the full path instead of just private/auth to get it working with dovecot [04:42:55] <growltiger_> smtpd_sasl_path = /var/spool/postfix/private/auth blah blah [04:43:31] <growltiger_> dont know aobur courier [04:43:54] <wick2o> deface: one sec while i reboot the courier-imap and such after making that change [04:45:52] <wick2o> warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory [04:45:52] <wick2o> Nov 7 22:46:39 mail postfix/smtpd[19472]: warning: SASL authentication failure: Password verification failed [04:45:52] <wick2o> Nov 7 22:46:39 mail postfix/smtpd[19472]: warning: unknown[*.*.*.*]: SASL PLAIN authentication failed: generic failure [04:46:00] <wick2o> same dumb error [04:46:19] <deface> just try it w/ out chroot please, .. process of elimination [04:46:20] <wick2o> this has to be a courier/mysql thing [04:46:57] <deface> if u say so [04:47:28] <growltiger_> it says quite plainly it cant find saslauthd [04:47:42] <wick2o> agreed [04:48:08] <growltiger_> leave off the /var/spool/postfix part [04:48:28] <growltiger_> try just /var/run/saslauthd [04:48:36] <wick2o> k [04:49:44] *** EasilyOdd has quit IRC [04:49:52] <growltiger_> it's chrooted right? so it dont know about the /var/spool/postfix part, its probably trying /var/spool/postfix/var/spool/postfix/var/run/saslauthd [04:50:14] <wick2o> no, not chrooted anymore [04:50:34] <growltiger_> well never mind what i said then [04:51:36] <deface> if you don't chroot it, the path should not be defined in main.cf [04:51:58] <dagbrown> If you don't chroot it, your life will generally be easier. [04:52:20] <deface> that too [04:52:27] <deface> !chroot [04:52:27] <knoba> deface: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems [04:52:59] <wick2o> i dont have a path in main.cf [04:54:24] <wick2o> just in /etc/default/saslauthd [04:54:25] <wick2o> ls [04:55:26] <growltiger_> i have one in mine [04:55:29] <growltiger_> and it works [04:56:00] *** Motoko-chan has joined #postfix [04:56:42] <wick2o> what command are you using? [04:57:04] <growltiger_> i am using dovecot though [04:57:17] <growltiger_> i hate courier with a passion [04:57:26] <Motoko-chan> Dovecot wins [04:59:12] *** EasilyOdd has joined #postfix [04:59:29] *** Sieg has quit IRC [04:59:53] <growltiger_> i have smtpd_sasl_auth_enable = yes [04:59:53] <growltiger_> smtpd_sasl_type = dovecot [04:59:53] <growltiger_> smtpd_sasl_path = /var/spool/postfix/private/auth [05:00:47] *** stas__ has quit IRC [05:00:54] *** stas_ has joined #postfix [05:01:43] <wick2o> well, whatever I've done, i know just get the SASL auth failure: Password verification failed [05:01:49] <wick2o> and not the "cant find sasl..." [05:04:20] <Motoko-chan> Is Dovecot sasl compiled in? [05:04:54] <growltiger_> he has courier [05:05:00] <growltiger_> postconf -a [05:05:20] *** eanxgeek has quit IRC [05:06:06] <wick2o> http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.04 [05:06:10] <wick2o> This is what I followed [05:06:12] <growltiger_> what does postconf -a say about this? [05:06:29] <growltiger_> ewww, debuntu [05:07:21] *** jeffspeff2 has quit IRC [05:07:40] <wick2o> cyrus [05:07:40] <wick2o> dovecot' [05:07:43] *** jeffspeff2 has joined #postfix [05:08:25] <growltiger_> hmm, no courier support [05:09:50] <wick2o> courier seems to work for the webmail [05:10:56] <growltiger_> the -a part is for auth methods supported for sasl [05:11:11] <growltiger_> the imap part of courier works, sure, but not the sasl part [05:12:13] <deface> latta dee [05:12:47] <wick2o> hurm [05:15:46] *** xpoint has quit IRC [05:16:57] <growltiger_> wait, you are using cyrus sasl or what? [05:19:37] <wick2o> libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin [05:21:25] <wick2o> aslauthd 2.1.22 [05:21:56] <growltiger_> !sasl [05:21:57] <knoba> growltiger_: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details. [05:22:12] <growltiger_> read that one instead of the debuntu one [05:22:35] *** nphase_ has joined #postfix [05:22:57] <growltiger_> you have cyrus sasl and courier imap [05:31:00] <wick2o> k [05:37:02] *** goldfischli has joined #postfix [05:37:13] *** goldfisc1li has quit IRC [05:43:46] *** jeffspeff2 has quit IRC [05:44:17] *** jeffspeff2 has joined #postfix [05:45:54] *** jeffspeff2 has quit IRC [05:46:16] *** jeffspeff2 has joined #postfix [05:47:42] *** jeffspeff2 has quit IRC [05:48:04] *** jeffspeff has joined #postfix [05:50:28] *** Knoedel2 has quit IRC [05:56:25] *** Evill has joined #postfix [06:04:52] <Evill> I'm currently using virtual_alias_domains + virtual_alias_maps so that a forwarding alias goes from bob at example dot com to bob at hotmail dot com. [06:05:00] <Evill> That's working fine.. but what is the best way for me to have that sent out from a separate postfix instance eg. mail2.example.com? [06:05:01] *** stas_ has quit IRC [06:05:47] *** stas_ has joined #postfix [06:05:54] <Evill> Changing the alias destination to bob at hotmail dot com[IP of mail2.example.com] works, but I'm guessing is not the ideal way. [06:05:59] <Evill> Err, bob at hotmail dot com2[IP of mail2.example.com] [06:06:15] <Evill> Sigh, 3rd try: bob at hotmail dot com@[IP of mail2.example.com] [06:06:49] <Evill> Should I be using relay_domains here? [06:06:52] <growltiger_> !transport_maps [06:06:54] <knoba> growltiger_: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details. [06:09:31] <Evill> growltiger_: Thanks. Does that mean using virtual_transport + virtual_mailbox_domains instead of virtual_alias_domains? [06:09:44] <growltiger_> sure [06:11:25] <Evill> The catch is, I don't want all all addresses at @example.com to be mapped that way. [06:11:47] <Evill> It looks like I can have a domain in virtual_alias_domains or virtual_mailbox_domains, but not both. [06:13:48] <growltiger_> why are you so picky? [06:14:46] <Evill> Heh. [06:14:59] <Evill> Some aliases at that domain are owned by users that receive a lot of spam. [06:15:36] <Evill> So I want to have their mail forwarded on a separate instance/IP so the reputation of my main IP isn't affected. [06:16:24] <sahil> if they *receive* a lot of spam, who cares? [06:16:34] <sahil> it's if they *send* spam that you need to worry about your IP's rep. [06:17:00] <Evill> sahil: I wish that were the case. [06:17:18] <sahil> if you're forwarding to third parties, then you're just going the wrong way about all this. :) [06:17:26] <sahil> make sure email is not spam before you forward it to third parties. [06:17:36] <sahil> and if you must route it through a 'shit rep' transport, use transport maps. [06:17:38] <Evill> sahil: But if Bob receives a lot of spam to his email alias on my server bob at example dot com, which forwards to bob at hotmail dot com, then Hotmail flags my server as the source. [06:17:57] <sahil> your server shouldn't forward spam to external destinations, as i just said above. [06:18:49] <Evill> Or that I shouldn't forward any mail. [06:18:55] <Evill> Because there will always be spam that gets through. [06:20:15] <growltiger_> !virtual_alias_maps [06:20:16] <knoba> growltiger_: "virtual_alias_maps" : a configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote address. The table format and lookups are documented in virtual(5). [06:20:39] <Evill> Yes, I'm already using virtual_alias_maps. [06:23:36] <Evill> Hmm, so transport_maps apply to virtual_alias_maps as well? [06:24:36] <sahil> read the documentation, please. [06:24:44] <Evill> I have been for hours. [06:24:47] <sahil> growltiger as referred you to some useful pages twice. :) [06:26:14] <Evill> The docs are easy to understand after you already know the answer. [06:28:29] <sahil> that is categorically false. [06:29:38] <Evill> Are you saying they are difficult to understand after you alread know the answer as well? :) [06:30:59] <Evill> Now if I'd said "only easy to understand after already knowing the answer", then you might be correct. [06:30:59] *** stas_ has quit IRC [06:34:35] *** wick2o has quit IRC [06:37:07] <sahil> *yawn* [06:37:17] <sahil> well, enjoy playing your semantic games. good luck. [06:38:16] *** hparker_lappie has joined #postfix [06:38:32] <Evill> I appreciate your help, just not your insinuations. [06:39:39] <amrit|wrk> haha. [06:46:49] *** stas_ has joined #postfix [06:52:47] *** stas_ has quit IRC [07:08:32] *** stas_ has joined #postfix [07:09:10] *** stas_ has quit IRC [07:09:37] *** stas_ has joined #postfix [07:13:14] *** stas_ has quit IRC [07:22:46] *** Thorn has joined #postfix [07:24:48] *** Thorn has left #postfix [07:28:00] *** stas_ has joined #postfix [07:41:59] <Evill> Well, I have a workable solution now at least. Cheers. [07:42:00] *** stas_ has quit IRC [07:44:08] *** Evill has quit IRC [07:47:57] *** hparker_lappie has quit IRC [07:56:40] *** githogori has joined #postfix [07:57:57] *** stas_ has joined #postfix [07:58:35] *** hparker_lappie has joined #postfix [08:07:30] *** hparker_lappie has quit IRC [08:08:51] *** hparker has quit IRC [08:09:06] *** hparker has joined #postfix [08:11:11] *** hparker has quit IRC [08:11:12] *** stas_ has quit IRC [08:16:00] *** amrit|wrk is now known as amrit|zzz [08:22:13] *** sophokles has joined #postfix [08:24:46] *** hparker has joined #postfix [08:27:42] *** stas_ has joined #postfix [08:27:42] *** nphase_ has quit IRC [08:33:14] *** cilly has joined #postfix [08:33:14] *** stas_ has quit IRC [08:33:32] *** stas_ has joined #postfix [08:38:14] *** sophokles1 has quit IRC [08:38:15] *** stas_ has quit IRC [08:53:03] *** cilly has quit IRC [08:55:16] *** stas_ has joined #postfix [08:58:11] *** VaNNi has quit IRC [08:58:42] *** VaNNi has joined #postfix [09:02:24] *** stas_ has quit IRC [09:11:33] *** internat1 has joined #postfix [09:11:53] *** Internat has quit IRC [09:15:09] *** madrescher has joined #postfix [09:15:33] *** alienbrain has joined #postfix [09:19:08] *** Motoko-chan has quit IRC [09:20:37] *** stas_ has joined #postfix [09:25:32] *** tuxinator has joined #postfix [09:25:41] *** nphase_ has joined #postfix [09:25:53] <tuxinator> hi all [09:26:24] <tuxinator> my server completely crashed, now i'm currently restoring and i run into a postfix related problem [09:26:35] <tuxinator> passing mails to procmail end up in this error [09:26:36] <tuxinator> home_mailbox = Maildir [09:26:40] <tuxinator> oh, sorry [09:26:48] <tuxinator> this one: , status=bounced (can't create user output file) [09:27:49] <tuxinator> some ideas? [09:30:58] *** Marco_ has joined #postfix [09:34:45] <deface> check permissions [09:38:49] <tuxinator> how? maybe a chroot issue? [09:54:40] *** BuenGenio has joined #postfix [09:57:20] *** war9407 has joined #postfix [10:07:53] *** muecke77 has joined #postfix [10:08:00] *** donald has joined #postfix [10:13:49] *** BuenGenio_ has joined #postfix [10:16:40] *** BuenGenio has quit IRC [10:21:42] <donald> Is it possible to configure the server to make a disconnect after a 554 error? [10:44:50] *** stas_ has quit IRC [10:55:46] *** BuenGenio__ has joined #postfix [11:00:21] *** BuenGenio has joined #postfix [11:03:05] *** BuenGenio__ has quit IRC [11:03:20] *** BuenGenio_ has quit IRC [11:10:53] <tuxinator> deface: some more help? [11:31:36] *** loadkast has joined #postfix [11:32:47] *** Balu has joined #postfix [11:33:13] *** Rockj has quit IRC [11:34:09] *** nphase_ has quit IRC [11:35:26] *** stever has joined #postfix [11:38:02] *** loadkast has quit IRC [11:38:06] *** whiteflag has joined #postfix [11:38:43] <Balu> hello everyone [11:38:53] <whiteflag> Hi all [11:39:04] <whiteflag> qmgr is running as root in my machine [11:39:13] <whiteflag> how can change the ownership to postfix [11:40:26] *** stever is now known as sterat [11:43:47] <Balu> I wonder what would be the best way to have a content_filter applied to some domains, but not others. transports? different IPs? other? [11:44:54] <cite> Balu: Generic answer: Use an access(5) table, specify a FILTER statement for the domains which need filtering. [11:45:26] *** mark-use has joined #postfix [11:46:19] *** Juspion has joined #postfix [11:46:52] <Balu> cite: I thought access is for remote clients only. Going to have a look at the docs... [11:51:18] *** cilly has joined #postfix [11:51:34] *** pirho has joined #postfix [11:52:57] *** BuenGenio has quit IRC [12:06:25] <Balu> cite: receive_override_options=no_address_mappings [12:06:49] <Balu> cite: how would I set that if I'm using access tables / FILTER statements? [12:08:30] <rob0> whiteflag, not possible as a user. If you trust your own programming skills more than you trust Wietse's, jump into the source and change it. [12:09:24] <Balu> rob0: just for the record - qmgr is running as "postfix" here [12:09:40] <rob0> hmmm, I didn't bother to look [12:10:15] <rob0> yeah, mine is too [12:11:13] <rob0> So, scratch that; whiteflag should surrender and start again. :) [12:11:36] *** pirho has quit IRC [12:12:19] <rob0> Balu, check_recipient_access, and yes, you must only have no_address_mappings on one side of the filter or other. [12:14:55] <Balu> rob0: My problem is that I want selective filtering based on recipient domains. So cite suggested access tables with FILTER statements for the domains that need filtering. For those I still need no_address_mappings, but for the others not [12:15:00] *** pirho has joined #postfix [12:15:24] *** cilly has quit IRC [12:15:33] <Balu> rob0: and I don't know where to specify them [12:17:21] <rob0> !access [12:17:22] <knoba> rob0: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server. [12:17:39] *** carl- has joined #postfix [12:18:11] <rob0> receive_override_options would be an -o option in master.cf, for the post-filter smtpd. [12:18:30] *** GoGi has joined #postfix [12:21:06] <Balu> rob0: but if I don't use a "global" no_address_mappings and instead use it in the post-filter smtpd, address mapping would be done before the filtering [12:22:13] *** richard_ has joined #postfix [12:23:43] *** Juspion has quit IRC [12:25:55] *** alienbrain has quit IRC [12:30:02] <cite> Balu: That's what you wanted, isn't it? [12:30:24] <cite> Besides, address mapping is only done if you are using a content_filter but not if you are using an smtpd_proxy_filter. [12:31:22] <Balu> cite: no - the idea is to have either "no address mapping + filter" or "direct delivery with address mapping" [12:32:02] <cite> That's impossible. [12:32:17] <cite> And it should never be needed. [12:32:21] <Balu> cite: otherwise the address mapping would be done before the filtering and e.g. forwarded addresses would not be filtered [12:33:18] <Balu> I thought thats why the address mapping is disabled when using content_filter in the first place? [12:33:34] <cite> Seems like you the source of you mapping data is slightly disorganized. [12:34:19] <cite> Granted, I don't have that forwarding problem because I don't do forwarding with virtual_alias_maps (using Sieve here). [12:34:50] <cite> But my database structure is very well able to tell my content filter whether a specific, unmapped address need/wants filtering or not. [12:35:32] <Balu> perhaps I should just use global filtering and configure amavis to simply pass the mails for the "spam and virus lovers" [12:35:53] <cite> rob0: Out of genuine interest - considering a companys network, the internet and a screened subnet (DMZ), where would you place your content filter, your frontend MXs and the database server holding filtering policies for your content filters? [12:35:54] <Balu> I just thought that selective filtering would help performance-wise [12:36:20] <cite> You can always skip filtering for certain domains/adresses/$WHATNOT. The setting is called "bypass_mumble_checks". [12:36:48] <rob0> I don't see the need for per-user spam settings. Spam is spam, regardless who gets it. I try to block abuse of my mailservers. [12:37:13] <cite> rob0: As a quick shot, I came up with frontend MX and content filters insinde of the screened subnet but allowing database connections inside the company's network. [12:37:40] <rob0> cite, a nice approach might be to have the MX outside and pass to an internal content filter, which does mailbox delivery. [12:37:47] <Balu> so do I, but in ISP business you have a boss who wants to only wants you to filter mails for paying customers [12:37:59] <cite> rob0: But I gues the "right" way would be to replicate the data to a dedicated second DB server in the firewalled subnet that also hosts the content filters. [12:38:13] <cite> rob0: You would pass possibly malicious files inside your companys network? ;-) [12:38:39] <rob0> cite, I'm unemployed. Perhaps that's why? ;) [12:38:45] <cite> I see. [12:39:23] <rob0> really, the bulk of the spam blocking belongs at the outer MX. [12:39:29] *** jense has quit IRC [12:39:46] <rob0> no one else has the opportunity that the MX has. [12:40:00] *** jense has joined #postfix [12:40:36] <cite> Sure does, and even a college freshman could tell you that that outer MX doesn't belong in your company's internal network. [12:41:54] <cite> Ok, goign to buy two more servers then. [12:42:07] <rob0> make it 3!!! Buy me one. ;) [12:42:30] <cite> I think my boss wouldn't like that ;-) [12:43:56] <cite> But I'll keep exporting the maps as .cdb to that outer MX and only read spam related settings from the outer database servers. [12:44:22] <cite> I can keep the load much lower that way, no need that the DB server has to carry the brunt of a dictionary attack. [12:44:31] <cite> Which in turn means cheaper servers. [12:44:39] <rob0> yup [12:46:42] <cite> Dell PowerEdge R200. Should be sufficient [12:47:35] <cite> That's just wonderful - I can finish mailserver migration until Christmas. [13:21:13] *** hparker has quit IRC [13:21:42] *** mark-use has quit IRC [13:31:10] <plee_> I want a R200 too [13:37:50] *** denis_ has joined #postfix [13:38:29] *** plee_ has quit IRC [13:42:25] <whiteflag> rob0: hey qmgr should run under user "postfix" rt ? but here its running as root [13:43:14] <whiteflag> anybody has idea ? why qmgr is running as root ? [13:45:38] *** plee_ has joined #postfix [13:51:32] <cite> whiteflag: What's the output of "postconf mail_owner"? [13:52:28] <whiteflag> cite: postfix [13:53:54] <whiteflag> cite: postfix is running as "postfix" .. but qmgr is running as "root" [14:02:09] *** mavrick61 is now known as _mavrick61 [14:12:10] *** whiteflag has quit IRC [14:14:13] *** mark-use has joined #postfix [14:15:15] *** donald_ has joined #postfix [14:15:53] *** martianixor has joined #postfix [14:17:29] *** mark-use has quit IRC [14:20:54] *** Rockj has joined #postfix [14:21:36] *** mark-use has joined #postfix [14:23:10] *** unomystEz has joined #postfix [14:23:53] <unomystEz> I'm migrating a postfix server over from another server and on the new one it's creating mailbox like $virtual_mailbox_base/<email address> [14:24:00] <unomystEz> instead of <domain>/<email_address> [14:24:09] <unomystEz> anyone know what option could be causing that? [14:24:48] *** madrescher has quit IRC [14:31:06] *** donald has quit IRC [14:39:16] *** shinao1 has joined #postfix [14:39:32] *** Tykling has joined #postfix [14:51:04] *** mrtechguy has joined #postfix [14:51:13] <mrtechguy> hey all, [14:52:25] <mrtechguy> I have a stack of eml files that were left by a previous mail server and I was wondering if there is a way to get postfix to process these, such as just dump them in a directory etc, they all have to go to the domains that postfix looks after, so there are no rogue domains as such [14:53:22] *** richard_ has quit IRC [14:55:13] *** muecke77 has quit IRC [14:56:05] *** richard_ has joined #postfix [14:56:31] *** muecke77 has joined #postfix [14:57:02] *** muecke77 has quit IRC [14:58:08] *** richard_ has quit IRC [14:58:46] *** richard_ has joined #postfix [15:02:13] *** mrtechguy has quit IRC [15:11:14] *** UQlev has joined #postfix [15:11:38] *** mcfloppy has joined #postfix [15:11:40] <mcfloppy> hello [15:12:41] <plee_> hi [15:13:16] <mcfloppy> i have follow system: postfix on our local terminalserver, this sends over smtp auth the outgoing mails to my webmailserver. now i have internal the addresses: "user at local dot domain" and want all outgoing mais rename to user@domain [15:13:19] <mcfloppy> is there a way? [15:14:45] <plee_> most likely yeah. but I'm not the person to ask.. but someone here will answer if they know. :) [15:16:02] <mcfloppy> hehe i hope something has a solution for my issue [15:17:16] <mcfloppy> i am so glad about the now runing system.... and this is the last edge to grind... [15:17:26] *** richard_ has quit IRC [15:18:08] <plee_> know the feeling :) I just wish I had the opportunity to do a reinstall of my system.. but that would be at a later stage. :) [15:18:50] <mcfloppy> hehe [15:19:05] <mcfloppy> i startet yesterday evening to install kolab... [15:19:19] <mcfloppy> now it runs with shared folder, getmail and so on [15:19:33] <plee_> cool :) [15:20:14] <mcfloppy> but my nerves were all on edge.... [15:20:46] <mcfloppy> everything ruffle up :p [15:20:55] <plee_> hehe [15:21:10] <plee_> it can be like that :) [15:21:22] <plee_> but nothing beats the feeling when it works :) [15:21:41] <mcfloppy> yes [15:21:47] <mcfloppy> :) [15:27:31] <cite> mcfloppy: You can use smtp_generic_maps with a pcre table to rewrite the addresses. [15:27:59] <mcfloppy> yes i found it just right now in the manpages ;) [15:28:03] <mcfloppy> thank you cite [15:28:23] <cite> mcfloppy: something like smtp_generic_maps=pcre:/etc/postfix/generic - and in thie file something like /(.*) at local\ dot domain/ ${1}@domain [15:28:52] <mcfloppy> this works? [15:29:05] <mcfloppy> i just tryed with an static name.... [15:29:16] <mcfloppy> then i try with your dynamic solution [15:30:42] <cite> mcfloppy: http://rafb.net/p/PiDwFy17.html [15:31:04] *** xpoint has joined #postfix [15:31:34] <mcfloppy> thanks [15:35:26] *** richard_ has joined #postfix [15:37:14] <mcfloppy> hmm the little test with postmap works [15:37:33] <mcfloppy> but the mails also have the local extension [15:37:58] *** richard- has joined #postfix [15:38:12] <mcfloppy> http://rafb.net/p/dbF4rv80.html [15:40:16] *** richard-_ has joined #postfix [15:46:13] *** richard-_ has quit IRC [15:49:56] *** donald__ has joined #postfix [15:51:15] *** donald_ has quit IRC [15:55:15] *** richard_ has quit IRC [15:57:54] *** richard- has quit IRC [15:58:48] *** jv has left #postfix [16:11:37] *** Knoedel2 has joined #postfix [16:13:30] *** EasilyOdd has quit IRC [16:23:56] *** muecke77 has joined #postfix [16:26:19] *** muecke77 has quit IRC [16:28:23] *** madsara has left #postfix [16:32:42] *** martianixor has quit IRC [16:32:44] *** weedar has joined #postfix [16:33:47] *** keffff has quit IRC [16:33:56] *** keffer has joined #postfix [16:34:13] *** UQlev has quit IRC [16:36:02] *** martianixor has joined #postfix [16:39:35] *** pulsar has joined #postfix [16:41:41] <unomystEz> what can I use to export mails and import them on another server? [16:49:12] <Balu> unomystEz: Do they have different Mailbox formats? [16:49:19] <unomystEz> no the same [16:49:23] <unomystEz> but the servername is different [16:49:34] <Balu> unomystEz: if you have access to the files itself, just copy them [16:49:50] <unomystEz> meaning [16:49:59] <unomystEz> 1226155095.V801I29046M68963.henan:2,S on the new one but 1226155095.V801I29046M68963.someotherhostname:2,S [16:50:02] <unomystEz> on the other one [16:50:08] <unomystEz> do I have to rename all the files? [16:50:09] <Balu> that does not matter [16:50:13] <unomystEz> I don't know how it encodes them [16:50:14] <unomystEz> oh [16:50:17] <unomystEz> well that's good news =) [16:50:54] <Balu> it's just important that the names differ, which is the idea behind using the host in the filename :) [16:51:00] <unomystEz> ah [16:51:06] <unomystEz> that's correct [16:51:10] <unomystEz> i'll try to move them over [16:51:13] <unomystEz> thanks Balu [16:51:18] <Balu> your welcome [16:52:13] <unomystEz> oh one more question if I may [16:52:20] <Balu> just for the record on my earlier question what mechanisms I have to bypass amavisd-new: http://www200.pair.com/mecham/spam/bypassing.html [16:52:59] <Balu> unomystEz: just go for it :) [16:53:05] <unomystEz> we are currently using courier-imapd, and I heard good things about dovecot, but I also heard that it has some incompatibilities with squirrelmail and other email clients [16:53:34] <unomystEz> dovecot seems to be simpler to setup, so I was considering trying it out [16:53:36] <unomystEz> what do you think? [16:54:20] <Balu> I'm just setting up a new server using dovecot. Our campus mailservers are Dovecot for quite a while now and they have Squirrelmail and lots of different clients. [16:54:36] <unomystEz> oh [16:54:37] <Balu> So I'm guessing it's ok. [16:54:53] <unomystEz> well that's good news [16:54:58] <unomystEz> its configuration seems a bit simpler [16:55:01] <Balu> I myself don't have any administrative experience with it though. [16:55:19] <unomystEz> well i'll get this going with courier-imapd [16:55:23] <unomystEz> then i'll try out dovecot afterwards [16:55:46] <Balu> debian server? [16:55:50] <unomystEz> Arch [16:56:32] <Balu> whatever, the configuration might be similar: http://workaround.org/articles/ispmail-etch/index.html.en [16:56:37] <Balu> and if it's just for some hints [16:57:02] <unomystEz> ncie domain name =) [16:57:07] <unomystEz> s/ncie/nice/ [16:57:12] <Balu> not mine, but yeah. [16:57:14] <Balu> :) [16:57:24] <unomystEz> thanks for the link [17:08:51] *** wick2o has joined #postfix [17:11:39] <wick2o> morning [17:12:10] <plee_> good day :) [17:14:55] *** pirho has quit IRC [17:18:22] <unomystEz> hmm, seems as though I keep on getting: Failed to create cache file: maildirwatch [17:18:27] <unomystEz> although, fam is running [17:18:35] <unomystEz> as well as portmap [17:24:33] *** GoGi has quit IRC [17:25:53] *** sophokles has quit IRC [17:31:20] *** verywiseman has joined #postfix [17:34:29] *** martiancode has joined #postfix [17:34:39] *** sterat has quit IRC [17:39:42] *** loddafni1 has joined #postfix [17:43:43] *** muecke77 has joined #postfix [17:44:00] *** martianc1de has joined #postfix [17:45:36] *** muecke77 has quit IRC [17:48:17] *** pulsar has left #postfix [17:49:26] *** shinao1 has quit IRC [17:56:01] *** martiancode has quit IRC [17:56:17] *** shinao1 has joined #postfix [17:58:09] *** BBishop has quit IRC [17:58:22] *** martianixor has quit IRC [17:58:29] *** BBishop has joined #postfix [18:00:33] *** madrescher has joined #postfix [18:01:45] *** martianixor has joined #postfix [18:07:46] *** hipodilski has joined #postfix [18:08:11] *** martiancode has joined #postfix [18:09:09] <hipodilski> hey guys, I need somebody familiar with SPF records to help me a bit. Anybody willing to help? [18:12:41] *** martianc1de has quit IRC [18:13:48] <war9407> hipodilski: what is the problem? [18:16:15] <hipodilski> well I would like to setup an SPF record [18:16:19] <hipodilski> like this [18:16:59] <hipodilski> "v=spf1 a mx ip4:1.1.1.1 ip4:1.2.3.4 ~all" [18:17:10] <hipodilski> where 1.1.1.1 and 1.2.3.4 are ips of legitimative mail servers [18:17:16] <hipodilski> is that correct? [18:17:23] <war9407> I only use one IP [18:17:24] <war9407> hold [18:17:28] <growltiger_> sure [18:17:37] <hipodilski> so when 1.2.3.4 is sending mails through 1.1.1.1 it won't be a problem [18:17:38] <hipodilski> ? [18:17:49] <war9407> http://www.openspf.org/SPF_Record_Syntax [18:17:57] <war9407> they only use one there as well [18:18:05] *** shinao1 has quit IRC [18:18:08] <war9407> but it looks correct [18:18:34] <hipodilski> war9407: I did look slightly at it but the info their looks vague to me [18:18:36] <war9407> I don't use a or mx since my mx+mailer is on the same server [18:18:53] *** martianc1de has joined #postfix [18:18:53] <war9407> "v=spf1 ip4:1.2.3.4 -all" [18:19:03] *** mark-use has quit IRC [18:19:26] <hipodilski> war9407: what does it mean that mx and mailer are on the same host [18:19:59] <hipodilski> you both send and receive mails through a server pointing to the same IP address [18:20:02] <hipodilski> ? [18:20:59] <war9407> yep [18:21:11] <war9407> homedepot.com descriptive text "v=spf1 ip4:207.11.7.54 ip4:207.11.0.83 ip4:207.11.0.82 mx a:iris.homedepot.com a:bridget.homedepot.com a:coalemus.homedepot.com a:thalia.homedepot.com include:cust-spf.exacttarget.com ~all" [18:21:15] <war9407> that's how they do it [18:22:01] *** knoba has quit IRC [18:22:07] <hipodilski> war9407: my case is like this I have 1 mail server and users use it as a pop3/imap smtp at the same time this is the server with IP 1.1.1.1 [18:22:17] *** Signum has quit IRC [18:22:20] <hipodilski> then I have 2 more with other ips in other subnets [18:22:24] *** hyper_ch has joined #postfix [18:22:27] *** shinao1 has joined #postfix [18:22:36] <hipodilski> this 2 depend on the 1.1.1.1 to send email [18:22:36] <war9407> hipodilski: do the other Ips send mail 'from that domain'? [18:22:39] <war9407> ah [18:22:49] <war9407> then yeah you'd want to have all 3 of them I believe [18:22:53] <hipodilski> war9407: well yes it is possible that they send mail from the same domain [18:23:19] <hipodilski> so I came up with a record like the one I pasted above [18:23:32] <war9407> <hipodilski> "v=spf1 a mx ip4:1.1.1.1 ip4:1.2.3.4 ~all" [18:23:37] <hipodilski> but I'm wondering if it's really correct thus I decided that it might be a good idea to ask here [18:24:02] <war9407> http://www.openspf.org/Forums [18:24:08] <war9407> there is a mailing list if you want to be 100% sure its correct [18:24:24] <war9407> ask there otherwise test it and send an email from each IP and then see what the policy-spf checker says [18:24:29] *** martianixor has quit IRC [18:25:04] <war9407> I only have a singel IP host/mx [18:25:06] <war9407> so I cant test here [18:26:03] *** Signum has joined #postfix [18:27:20] <war9407> a malformed record with '~' should not drop mail though [18:27:26] <war9407> even if it does match incorrectly [18:27:29] <war9407> '~' = > tag it only [18:27:38] *** knoba has joined #postfix [18:27:42] <hyper_ch> what was the command again to generate the Maildirs for a user? [18:27:47] *** Signum has left #postfix [18:27:53] <xmb_> hiya schwiizer [18:27:56] *** Signum has joined #postfix [18:27:59] <hipodilski> war9407: ok I'll check the forums [18:28:07] <hipodilski> war9407: 10x [18:28:19] <war9407> k, no problem let me know what the correct one is if you ifnd out thx [18:29:47] *** donald__ has quit IRC [18:37:17] *** deuterium has quit IRC [18:41:06] *** martiancode has quit IRC [18:59:16] *** tshine has joined #postfix [19:02:24] <wick2o> growltiger_: you around? [19:02:33] <growltiger_> nope [19:02:38] <wick2o> bah [19:02:55] <xmb_> i bet there are k or m copies that may do for you [19:03:05] <wick2o> deface,growltiger_ I figured out what my problem was from lastnight [19:03:41] <wick2o> I was missing libpam-mysql [19:03:47] <growltiger_> what was your problems from last night? [19:04:05] <wick2o> i was able to beef up all of my debug logs and finally found that error [19:04:14] *** hyper_ch has left #postfix [19:04:48] *** hparker has joined #postfix [19:06:39] <hipodilski> war9407: well seems that my records are fine and I don't need "a mx" at all [19:06:51] <hipodilski> plus I have to set TXT also for my MX hostname [19:07:05] <hipodilski> I just spoke with some buddy in #spf irc.perl.org [19:08:35] *** quentusrex has joined #postfix [19:08:39] <quentusrex> Hello all. [19:09:11] <quentusrex> What would cause my postfix server(fresh install) to only listen to smtp connections from the local host? [19:09:40] <quentusrex> It won't even respond(it doesn't refuse, just times out) when a non-localhost connection to smtp is made. [19:09:48] <xmb_> default [distro] configs [19:09:59] <rob0> Many distributors do that to prevent people who haven't read the docs from running a MTA on the Internet. [19:10:08] <rob0> !inet_interfaces [19:10:09] <knoba> rob0: "inet_interfaces" : a configuration parameter in the main.cf: The network interface addresses that this mail system receives mail on. By default, the software claims all active interfaces on the machine. The parameter also controls delivery of mail to user at [ip dot address]. If your server does not react to connection attempts on a certain interface you should check this setting. [19:10:42] <quentusrex> it's set to all [19:11:00] *** Marco__ has joined #postfix [19:11:29] <rob0> be methodical. Is port 25 bound and listening? Firewall blocking? [19:11:46] <quentusrex> through the netstat -tap command? [19:12:07] <quentusrex> tcp 0 0 *:smtp *:* LISTEN 5028/master [19:13:01] <quentusrex> tcp6 0 0 [::]:imaps [::]:* LISTEN 4918/couriertcpd////tcp6 0 0 [::]:pop3s [::]:* LISTEN 4957/couriertcpd////tcp6 0 0 [::]:pop3 [::]:* LISTEN 4937/couriertcpd///tcp6 0 0 [::]:imap2 [::]:* LISTEN 4898/couriertcpd [19:13:10] <quentusrex> so I would say yes. [19:14:32] *** Marco_ has quit IRC [19:15:36] *** weedar has quit IRC [19:16:05] <war9407> hipodilski: nice k thx. [19:16:06] <quentusrex> rob0, I think the port is bound, and the firewall is not blocking. [19:16:28] *** stainer has joined #postfix [19:17:25] <rob0> What is the hostname or IP address? [19:17:48] <quentusrex> may I pm? [19:21:11] *** AndyML has left #postfix [19:21:58] <rob0> The name doesn't resolve ... that's ONE problem :) [19:23:42] <quentusrex> no? [19:24:22] <quentusrex> it does for me. [19:24:41] *** Niemi_ has joined #postfix [19:34:44] <rob0> Connection timed out [19:35:28] *** stainer has quit IRC [19:41:25] *** Niemi has quit IRC [19:44:05] <quentusrex> right. [19:44:28] <quentusrex> it times out when you connect from a remote host, but from a local host it doesn't time out [19:48:14] *** hparker has quit IRC [19:48:50] *** amrit|zzz is now known as amrit [19:48:51] *** martianc1de is now known as martianixor [19:59:26] *** BuenGenio has joined #postfix [20:01:53] *** netcrash has joined #postfix [20:15:05] <mcfloppy> http://groups.google.com/group/alt.comp.mail.postfix/browse_thread/thread/fe8d1acb2c13d1e1# [20:15:12] <mcfloppy> can you help me? [20:15:42] *** muecke77 has joined #postfix [20:16:17] *** weedar has joined #postfix [20:16:45] *** netcrash has quit IRC [20:18:21] <cite> mcfloppy: As I told you this morning: [20:18:30] <cite> mcfloppy: Type is "pcre", not "hash". [20:18:47] <cite> mcfloppy: And there is no need to run "postmap" on "pcre" tables. [20:19:03] <mcfloppy> hehe ok [20:19:13] <mcfloppy> i doesent see this hint [20:19:15] <mcfloppy> thank you [20:19:18] <mcfloppy> i tr< [20:19:19] <mcfloppy> y [20:20:10] <cite> mcfloppy: Out of curiosity - are you just hosting a .de domain or are you from a German speaking country? [20:20:27] <mcfloppy> i am a german ;) [20:20:28] *** memetic has quit IRC [20:20:41] <cite> mcfloppy: Then you might want to join one of the German Postfix mailing lists. [20:20:56] <cite> mcfloppy: http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users or http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users [20:21:00] <mcfloppy> thanks [20:22:04] <cite> rob0: Are you a "Postgres" guy by chance? [20:22:33] <cite> rob0: If yes, please have a look at http://www.incertum.net/~cite/maildevel/ and give me some feedback. [20:24:01] <mcfloppy> it works [20:24:06] <mcfloppy> thank you [20:33:26] *** dcx has joined #postfix [20:33:30] *** dcx has left #postfix [20:33:30] *** rouri has joined #postfix [20:33:39] *** muecke77 has quit IRC [20:41:28] *** jeffspeff has quit IRC [20:42:41] *** jeffspeff has joined #postfix [20:42:44] *** rouri has quit IRC [20:52:19] *** tuxinator has quit IRC [20:55:46] *** muecke77 has joined #postfix [20:57:42] *** cilly has joined #postfix [21:06:18] *** Niemi__ has joined #postfix [21:22:06] *** muecke77 has quit IRC [21:23:27] *** cilly has quit IRC [21:23:30] *** Niemi_ has quit IRC [21:26:13] *** deftunix has joined #postfix [21:26:16] <deftunix> hi all [21:26:32] <xmb_> deftig? [21:26:40] <deftunix> virtual delivery agent support auto mailquota warning [21:26:44] <deftunix> like maildrop? [21:27:03] *** muecke77 has joined #postfix [21:35:43] *** RedShift has joined #postfix [21:35:50] <RedShift> hello [21:36:27] <growltiger_> hi! [21:36:28] <growltiger_> wb [21:36:30] <RedShift> I've set mail_spool_directory to /srv/emailboxes/, and local still wants to deliver email to the user's homedir as defined in /etc/passwd [21:36:49] <RedShift> am I mis-interpreting what mail_spool_directory is supposed to do? [21:37:54] <RedShift> I'm following this example: http://www.postfix.org/VIRTUAL_README.html#virtual_alias [21:38:26] *** chadmaynard has joined #postfix [21:39:54] *** BuenGenio_ has joined #postfix [21:41:52] <rob0> !mail_spool_directory [21:41:53] <knoba> rob0: "mail_spool_directory" : a configuration parameter in the main.cf: The directory where local(8) UNIX-style mailboxes are kept. The default setting depends on the system type. Specify a name ending in / for maildir-style delivery. [21:42:16] <rob0> I'll venture to guess that RedShift is using Debian or a derivative thereof. [21:42:26] <RedShift> I'm not using debian, using archlinux [21:42:43] <rob0> see /topic [21:45:48] <RedShift> the security issue? [21:46:06] <RedShift> I'm using maildirs so it shouldn't affect me? [21:46:24] <rob0> "... when asking questions ..." [21:46:28] <RedShift> oh [21:46:48] <rob0> This channel, unlike most, is not clairvoyant [21:47:01] <RedShift> this is my config: http://pastebin.com/dabf0939 [21:47:28] <RedShift> this is a log entry when attempting to send an email [21:47:29] <RedShift> http://pastebin.com/d34c75f37 [21:48:06] <rob0> line 2 looks interesting [21:48:29] <RedShift> yes, /dev/null is set up as the home directory for those users [21:48:41] <RedShift> in the thought that I would be able to override those with mail_spool_directory [21:48:55] <RedShift> since those users don't need a home directory anyway [21:49:01] <rob0> "man local" has the precedence of delivery directives [21:49:38] <RedShift> oh wait [21:50:08] <RedShift> aha! [21:50:37] <RedShift> home_mailbox caused the unexpected behaviour [21:50:38] <RedShift> thanks [21:53:04] *** nonsequitir has joined #postfix [21:55:02] *** BuenGenio has quit IRC [21:55:13] *** memetic has joined #postfix [21:56:43] *** Zeit|awy has joined #postfix [22:04:04] <sahil> douche. [22:08:16] *** chadmaynard has quit IRC [22:26:42] *** muecke77 has left #postfix [22:27:03] *** denis_ has quit IRC [22:33:18] *** muecke77 has joined #postfix [22:36:05] *** BuenGenio_ has quit IRC [22:41:38] *** mrichman has joined #postfix [22:42:18] <mrichman> Anyone here use a commercial cert for TLS? I have a cert from Entrust and I need their CA cert in .pem format [22:45:35] <sekhmet> mrichman: What format do you have it in right now? The usual text-based readout (w/ "BEGIN CERTIFICATE" etc) should be fine [22:46:20] <mrichman> sekhmet: they offer .cer, .der, and a copy/paste region with BEGIN CERTIFICATE [22:46:46] <sekhmet> mrichman: Yeah, just put the BEGIN CERTIFICATE stuff in a file named foo.pem [22:46:54] <mrichman> sekhmet: cool thanks [22:46:57] <sekhmet> np [22:47:16] <mrichman> sekhmet: while you're here... [22:47:37] <mrichman> sekhmet: I'm setting up postfix for the first time in production, and i want to make sure i'm not an open relay [22:48:08] <sekhmet> Note that you can put multiple certs/keys inside a .pem file; you may need to have your "BEGIN RSA PRIVATE KEY" in there as well, etc [22:48:18] <mrichman> sekhmet: how do I make sure I relay mail out for just the list of domains I specify? [22:48:47] <sekhmet> mrichman: A quick test would be to just telnet to the server and attempt sending mail to/from domains that you don't control [22:49:04] <mrichman> sekhmet: and what error should I expect to see? [22:49:08] <sekhmet> mrichman: There's services online that'll run a test for you as well, though you'd have to google for 'em [22:49:13] <sekhmet> mrichman: Something along the lines of 'relaying denied' [22:49:19] <mrichman> sekhmet: ok thank you [22:51:00] <sekhmet> mrichman: http://rafb.net/p/FPs37E37.html for instance [22:51:30] <mrichman> sekhmet: oh thank you very much [22:51:37] <sekhmet> np [22:52:53] *** muecke77 has quit IRC [22:57:22] <mrichman> sekhmet: actually, i should have asked how to specify the list of domains to which i want to restrict delivery [22:58:22] <sekhmet> Well, there's various ways [22:58:54] <sekhmet> mydestination + virtual_alias_domains is common, maybe? [22:59:23] <sekhmet> There should be lots of docs both online and on your system [22:59:27] <mrichman> right now, i would be an open relay given the link you sent [22:59:44] <mrichman> i'm working with the O'Reilly Postfix book [23:00:50] <mrichman> it says by default postfix is not an open relay, but it sure looks like it to me [23:01:42] <sekhmet> Well, it's also entirely possible that your postfix is configured to, say, allow relay from any mail originating from localhost [23:01:55] <sekhmet> A better test would be to try from some other host [23:02:11] <sekhmet> If you're worried about it, though, put your config in a pastebin somewhere (see the /topic, etc) [23:03:59] <mrichman> its the default config, aside from the .pem paths for tls [23:04:40] *** loddafni1 has quit IRC [23:05:26] *** F6F has joined #postfix [23:05:28] <mrichman> ah cool from outside localhost it denies open relay [23:05:30] <mrichman> thank you! [23:06:29] <sekhmet> np [23:09:44] *** RedShift has quit IRC [23:13:08] <mrichman> sekhmet: fyi, http://rafb.net/p/3YeNWw15.html [23:20:25] <mrichman> sekhmet: i think i just need to add relay_domains = abc.com, xyz.com, 123.com, etc. [23:21:10] <mrichman> sekhmet: do I need to do relay_domains = $mydestination, abc.com, xyz.com, or is $mydestination implicit in relaying [23:22:24] <sekhmet> mrichman: I'd take a look at the /usr/share/postfix/main.cf.dist file mentioned up at the top there [23:22:33] <sekhmet> mrichman: There should be pretty good docs as to what all the options do, in there. [23:23:37] <sekhmet> Personally I use virtual_alias_domains to define my domains and virtual_alias_maps to define the users valid within each domain [23:24:22] <mrichman> that .dist file doesnt really have a good example for relay_domains [23:24:30] <mrichman> so i think i just need to do relay_domains = hash:/etc/postfix/relay_domains [23:24:38] <mrichman> since i have a long list of domains (>10) [23:24:50] <mrichman> and put $mydestination at the top of the list [23:37:45] <rob0> !relay_domains [23:37:45] <knoba> rob0: "relay_domains" : A configuration parameter in the main.cf: What destination domains (and subdomains thereof) this system will receive mail for and will relay mail to. Subdomain matching is controlled with the parent_domain_matches_subdomains parameter. See also !address_classes [23:37:48] *** simoo has joined #postfix [23:39:04] <simoo> Hi, I generated my ssl cacert cert and key using openssl and my cert is .csr format but the docs tel me it should be .pem. How do I make a .pem cert? [23:43:41] <sekhmet> simoo: .pem is just a text file which can contain multiple certs/keys. I suspect your .csr contains the usual "BEGIN CERTIFICATE" type text; you can just rename that to .pem and it should be fine (though you probably need to put the similarly-textual key inside the .pem file as well) [23:44:19] <sekhmet> !pem [23:44:20] <knoba> sekhmet: Error: "pem" is not a valid command. [23:44:22] <sekhmet> Guess not [23:45:00] *** carl- has quit IRC [23:45:09] <simoo> sekhmet: thanks for explaining. Actually I used what I thought was my CAcert and the cert and it has worked [23:45:24] <simoo> *as the cert [23:47:04] <simoo> my key is in a separate file but there seems to be no problem with that, main.cf allows you to have them separate [23:52:27] <simoo> I have a TLS connection working with my client but it is still on port 25, should I change it? [23:56:59] <sekhmet> simoo: port 25 is fine [23:57:46] <sekhmet> simoo: TLS won't interfere with non-TLS communication [23:59:00] <simoo> sekhmet: great, thanks [23:59:43] <simoo> sekhmet: I would like to force my clients to use SSL/TLS but is that bad practice> [23:59:57] <simoo> ?