[00:01:28] *** deadpigeon has quit IRC
[00:03:19] *** pitakill has joined #postfix
[00:11:07] *** Niemi_ has quit IRC
[00:11:15] *** war9407 has quit IRC
[00:14:37] *** Knoedel2 has quit IRC
[00:14:58] *** gutocarvalho has quit IRC
[00:19:33] *** mypenquinisl33t has quit IRC
[00:32:35] *** xnixan_ has joined #postfix
[00:35:27] *** chadmaynard has quit IRC
[00:39:11] *** xnixan has quit IRC
[00:47:00] *** asdzxc has quit IRC
[00:48:57] *** pickcoder has quit IRC
[00:50:43] *** jeffi has joined #postfix
[00:56:11] *** xnixan_ has quit IRC
[00:57:38] *** xnixan_ has joined #postfix
[00:58:43] *** xnixan_ has quit IRC
[00:59:09] *** xnixan_ has joined #postfix
[01:00:33] *** xnixan_ has quit IRC
[01:01:01] *** xnixan_ has joined #postfix
[01:03:31] *** pulsar has quit IRC
[01:05:28] *** pulsar has joined #postfix
[01:09:18] *** pirho has quit IRC
[01:11:42] *** pirho has joined #postfix
[01:20:33] *** seekwill has quit IRC
[01:21:49] *** saurabhb has joined #postfix
[01:23:05] *** jeffi has quit IRC
[01:25:47] *** havvg has quit IRC
[01:25:55] *** hparker has quit IRC
[01:29:15] *** TheBirdMan has joined #postfix
[01:29:19] *** Motoko-chan has quit IRC
[01:29:44] <TheBirdMan> I know that postqueue -f flushes all messages in the queue... is there a way to just flush/retry an individual message?
[01:35:07] *** hparker has joined #postfix
[01:35:12] <growltiger> queueid
[01:39:27] <euphidime> Is there any reason why mail to virtual user joe at example dot com is seemingly randomly sometimes delivered (or attempted to be delivered) to joe at host dot example.com? It only happens with certain senders, but it always happens with those senders.
[01:39:57] *** keffer has quit IRC
[01:40:21] *** keffer has joined #postfix
[01:41:05] <euphidime> Output of postconf -n: http://pastebin.com/m6f86e729
[01:43:04] <euphidime> Running on FreeBSD 7.0, if that's relevant
[01:52:49] *** ming_zym has joined #postfix
[01:58:45] *** orzel has joined #postfix
[01:59:53] <orzel> Hello. Using aliases (http://www.postfix.org/aliases.5.html) it is possible to pipe the mail to a command or to append it to a file. Is there a way to have postfix create a new file, whatever the name is (though unique) in some given directory ?
[02:00:07] <orzel> kind of 'splitting' mails instead of appending always to the same file
[02:00:40] <orzel> i would like to avoid writing a file doing exactly this as found in majordomo or other mailing lists software
[02:02:28] <growltiger> pipe it to a command that creates the new file
[02:02:50] <growltiger> postfix is just here to deliver mail, not to create files for you
[02:05:32] *** pirho has quit IRC
[02:06:23] *** wei has joined #postfix
[02:06:35] *** pirho has joined #postfix
[02:07:35] <cafuego> orzel: It's called maildir and yes, postfix can do that just fine.
[02:08:57] <cafuego> http://www.postfix.org/faq.html#maildir
[02:13:41] <jeev> uh
[02:13:42] <jeev> http://www.openspf.org/Why?s=mfrom;id=BestBuyOnlineStore%40response.bestbuy.com
[02:13:47] <jeev> my shit is rejecting best buy
[02:14:11] <growltiger> nifty
[02:14:39] <jeev> stupid morons
[02:14:42] <jeev> can't config their shit
[02:15:00] <growltiger> neither can union bank of california
[02:15:31] <jeev> However, the domain response.bestbuy.com has declared using SPF that it does not send mail through mh4.response.bestbuy.com (70.87.26.166). That is why the message was rejected.
[02:18:13] *** _fury has quit IRC
[02:27:30] <jeev> gr
[02:27:33] <jeev> how can i add this to the whitelist
[02:34:23] <jeev> ahh, i hda the wrong shit in there
[02:38:25] <deface> UncleD-: you get it going?
[02:38:52] <orzel> cafuego: thanks. I know about maildir (i use this), but did not know i could use that for aliases
[02:39:48] *** shinao1 has joined #postfix
[02:40:32] *** shinao1 has quit IRC
[02:42:33] *** web_know1 has joined #postfix
[02:45:20] *** web_knows has quit IRC
[02:45:28] <cafuego> orzel: Um...
[02:45:51] <cafuego> orzel: Well, the email to the alias would get saved as a file in the destination user's Maildir
[02:46:03] <orzel> there's no user
[02:46:20] <orzel> but the page says "The maildir format is also supported with delivery via aliases or via .forward files. Specify /file/name/ as destination. The trailing / turns on maildir delivery. "
[02:46:30] <cafuego> orzel: So where does it save the mail now?
[02:46:52] <orzel> not tested yet, i only have real users or "|" in aliases
[02:47:30] <cafuego> orzel: maildir isn't really a replacement for aliases; it's a replacement for mbox style mailboxes.
[02:48:00] <orzel> i understand that
[02:48:02] <orzel> (?)
[02:48:31] <orzel> but i think this line i quote solve my pb, dont worry, just let me check
[02:49:50] <cafuego> righto
[02:54:10] *** loddafni1 has quit IRC
[02:55:36] *** seekwill has joined #postfix
[02:58:10] *** Motoko-chan has joined #postfix
[02:59:31] *** eanxgeek_ has quit IRC
[03:09:17] *** pirho has quit IRC
[03:17:11] *** z\ has joined #postfix
[03:19:23] <z\> what should i input in mydomain, myhostname, myorigin, mydestination, mynetworks in main.cf? sorry its a noob question. im tryin to setup a postfix mail server on my freebsd box.
[03:19:49] <deface> !basic
[03:19:50] <knoba> deface: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[03:20:08] <deface> z\: -^
[03:20:25] <z\> ok ok thanks alot sir
[03:20:25] *** pulsar has quit IRC
[03:20:26] <z\> :)
[03:24:31] *** stevieB has quit IRC
[03:27:29] *** pulsar has joined #postfix
[03:33:01] *** seekwill has quit IRC
[03:35:47] *** stevieB has joined #postfix
[03:57:11] <z\> how can i test if postfix is correctly configured?
[03:58:21] <z\> !ping z\
[03:58:22] <knoba> pong
[04:06:05] <deface> z\: send an email?
[04:06:07] *** Tykling has left #postfix
[04:06:21] <sahil> z\: use common sense and read the documentation.  concurrently.
[04:13:57] *** zch-alexa has joined #postfix
[04:15:05] <sahil> tty2: yes.
[04:15:23] <tty2> sahil: what?
[04:15:52] <sahil> tty2: you asked whether it were possible to have spamassassin place mail in a certain folder when/if it is tagged as UCE rather than dumping it entirely.  the answer to that question is yes.
[04:16:35] <tty2> sahil: when did i ask that?
[04:16:49] <tty2> must have been days ago
[04:18:03] *** plee has quit IRC
[04:22:30] *** _mavrick61 has quit IRC
[04:23:20] <deface> sup tty2
[04:23:27] <tty2> deface: howdy
[04:23:38] *** _mavrick61 has joined #postfix
[04:23:41] <tty2> deface: how ya been buddy?
[04:23:48] <deface> another day
[04:24:14] <tty2> is it? oh crap it is another day!
[04:24:21] <tty2> i really gotta start setting an alarm or something :)
[04:25:36] <deface> yups
[04:26:32] *** wei has left #postfix
[04:26:33] <tty2> deface: youll be happy to know the spam filter has had 99.7% accuracy so far
[04:27:02] *** digex7778 has joined #postfix
[04:27:09] <deface> ;)
[04:27:43] <digex7778> Can someone tell me if regexp got disabled in the postfix package recently?
[04:28:45] *** stevieB has quit IRC
[04:28:46] <deface> digex7778: of course, regexp is dead
[04:28:54] <digex7778> For some reason I'm getting the message "postmap: fatal: dict_mkmap_func: unsupported dictionary type: regexp: Is the postfix-regexp package installed?"
[04:29:06] <deface> which distro ?
[04:29:08] <digex7778> huh? dead?
[04:29:11] <digex7778> Ubuntu 7.10
[04:29:17] <digex7778> Ubuntu 8.x
[04:29:35] <digex7778> regexp has been totally dropped?
[04:30:03] <deface> was a joke
[04:30:11] <deface> do you have postfix-regexp installed ?
[04:30:18] * digex7778 whew!
[04:30:19] <deface> i dont use ubuntu, for fear i may turn gay
[04:30:24] <digex7778> hehe
[04:30:25] <tty2> ahh there's your problem! your using ubuntu :) lol .. do you have the...  damnit deface beat me to it
[04:30:36] <digex7778> There is no package named "postfix-regexp" that I can find
[04:30:46] *** pulsar has quit IRC
[04:31:28] <deface> apt-cache search postfix-* | grep map
[04:31:32] <digex7778> It is Ubuntu Server after all - not totally gay
[04:31:42] <deface> its cool, if you swing that way
[04:31:47] <deface> just not i, im exit only
[04:32:16] <tty2> "Ubuntu Server"... isnt that an oxymoron? :) hehe
[04:32:17] <digex7778> postfix-cdb - CDB map support for Postfix
[04:32:19] <digex7778> postfix-ldap - LDAP map support for Postfix
[04:32:21] <digex7778> postfix-mysql - MYSQL map support for Postfix
[04:32:23] <digex7778> postfix-pcre - PCRE map support for Postfix
[04:32:23] *** pulsar has joined #postfix
[04:32:24] <digex7778> postfix-pgsql - PGSQL map support for Postfix
[04:32:26] <digex7778> Not quite - it works well...
[04:32:37] <digex7778> Should there be a "regex" map or something?
[04:32:40] <tty2> im just kidding but im throughl confused :)
[04:32:43] <deface> idk
[04:32:55] <tty2> i used to use debian which was similar...
[04:33:00] <tty2> and never had this problem
[04:33:07] <deface> tty2: ubuntu is debian
[04:33:22] <digex7778> Ubuntu is like debian, with updates
[04:33:25] <tty2> deface: jsut about, yea.. but they are different distros int heir own right
[04:33:41] <digex7778> Do any of those packages add regexp?
[04:33:49] <tty2> i like to look at ubuntu as a fork of debian without much of a split
[04:34:08] <digex7778> It's a fork with funding, that's all
[04:34:19] <tty2> digex7778: are youusing stable or unstable?
[04:34:25] <digex7778> stable, always
[04:34:32] *** pulsar has quit IRC
[04:34:48] <digex7778> is there a postfix-regexp that's not ported yet perhaps?
[04:35:07] <deface> try the pcre package
[04:35:20] <tty2> i wouldnt now... im no postfix pro.. im just trying to offer what little help i can come up with from my expiernce with debian
[04:35:32] <digex7778> hmm
[04:35:47] <tty2> let me check if my distro has such a package.. might offer a clue
[04:36:19] <digex7778> perl compatible regular expressions...
[04:36:34] <tty2> no postfix-regex package on this distro...
[04:37:08] <tty2> although it may just be built in on the other packages
[04:37:17] <digex7778> I think it's in pcre....
[04:37:25] <digex7778> I'll give that a try - thanks!
[04:37:27] <deface> digex7778: thing is, postmap doesn't do regexp
[04:37:28] <deface> tree, cdb, dbm, hash, and sdbm
[04:37:30] <deface> man postmap
[04:39:27] *** githogori has quit IRC
[04:39:31] <tty2> digex7778: the odd thing is that no one else seems to have this problem (a google search didnt come up with much).. and considering how popular ubuntu and postfix is that suggests to me you are doing something unusual
[04:40:08] <lunaphyte> postconf -m will tell you which maps types are available.  support for pcre is one such option.
[04:40:33] <tty2> lunaphytei dont think he even has postfix installed yet
[04:43:02] <deface> lol
[04:43:25] <lunaphyte> since he was running postmap, i assumed postfix was installed.
[04:45:20] *** stevieB has joined #postfix
[04:45:59] <deface> tty2: i forgot to email u that bkg .. didnt i?
[04:46:26] *** plee has joined #postfix
[04:48:49] *** z\ has quit IRC
[04:48:49] *** syntax- has joined #postfix
[04:49:19] *** syntax- is now known as z\a
[04:54:45] *** tshine has quit IRC
[04:58:33] *** tshine has joined #postfix
[05:04:05] *** stevieB has quit IRC
[05:05:55] *** plee has quit IRC
[05:14:54] <z\a> what should i use as my smtp server? i have postfix and dovecot working, im able to recieve mails but i have no idea what to use as my outgoing mail server..
[05:15:12] <growltiger> what about postfix
[05:15:19] <growltiger> i hear it's a good smtp server
[05:15:34] <z\a> so i should setup a different thing?
[05:15:37] *** Captain is now known as captain
[05:16:45] <euphidime> Regarding the problem I described earlier: http://rafb.net/p/epYuIz27.html I'd love to know how this could possibly happen. The only thing I can think of is that the other mail server is incorrectly configured... but that seems highly unlikely.
[05:16:56] *** plee has joined #postfix
[05:19:46] <deface>  Relay access denied;
[05:21:09] <euphidime> deface: The issue is that the mail is coming from ramsey at rebirthro dot com, a valid virtual address, but the auto responder is replying to ramsey at nemesis dot rebirthro.com--what could possibly cause it to do that that would be my fault?
[05:21:57] <deface> what are you using for the auto-reply ?
[05:22:02] <deface> vacation ?
[05:23:17] <euphidime> The auto-reply isn't mine, it's some cisco mail server (as you can see) that's used for testing DKIM/DomainKeys. I'm only using it because it's one of the mail servers I've experienced the problem with--it also happens with regular users sending mail to me, but only from certain mail servers.
[05:25:00] <deface>  < totec.cisco.com[128.107.232.146]: RCPT To:<ramsey at nemesis dot rebirthro.com>
[05:25:07] <euphidime> My initial suspicion would obviously be that it's something wrong with their mail server, but I've tried sending mail to the same auto responder from a variety of other mail providers and it works just fine.
[05:25:10] <deface> looks like its sending to the nemesis.rebirthro.com
[05:25:33] <euphidime> Yes, but I have no idea why, and it only does that for this mail server.
[05:25:46] <deface> what do your address re-writes look like ?
[05:25:53] <deface> pastebin some conf files
[05:26:16] <euphidime> Alright, one second--but doesn't that RCPT To get displayed before rewrites take place?
[05:26:59] <deface> rewrite_clnt: local: ramsey at nemesis dot rebirthro.com -> ramsey at nemesis dot rebirthro.com
[05:27:09] <euphidime> postconf -n : http://rafb.net/p/uvdzhS20.html
[05:27:14] *** pitakill has quit IRC
[05:28:16] <deface> mydestination = $myhostname localhost.$myhostname localhost
[05:28:54] <deface> mydomain = rebirthro.com .. should also be nemesis
[05:29:49] <euphidime> So change mydomain to $myhostname?
[05:30:06] <deface> sure
[05:30:16] <euphidime> Just for reference, I just changed myhostname to www.rebirthro.com instead of nemesis.rebirthro.com--it still sent the response to nemesis.rebirthro.com
[05:31:13] <deface> reload ?
[05:31:21] <euphidime> (yes, I did)
[05:32:09] <euphidime> New postconf -n: http://rafb.net/p/GCKkIN85.html
[05:32:12] <euphidime> Problem persists
[05:34:04] <euphidime> (Except now postfix is trying to deliver the response to my system account, because it's treating nemesis.rebirthro.com as a local destination)
[05:35:02] <deface> if your doing local, take it back
[05:35:29] <euphidime> The only thing I can even think of at this point that might be causing the problem is @.rebirthro.com is a CNAME to nemesis.rebirthro.com
[05:35:57] <deface> < totec.cisco.com[128.107.232.146]: RCPT To:<ramsey at nemesis dot rebirthro.com>
[05:36:03] <deface> thats quite obvious its looking for that addy
[05:36:12] *** goldfischli has joined #postfix
[05:36:18] <deface> is your outbound being rewritten as nemesis.rebirthro ?
[05:36:24] <euphidime> Nope
[05:36:46] <euphidime> (Confirmed by sending an e-mail to a remote e-mail account, received as ramsey at rebirthro dot com)
[05:37:03] *** goldfisc1li has quit IRC
[05:37:04] <deface> [22:28][root@zeus][jeremy]$ host rebirthro.com
[05:37:04] <deface> rebirthro.com is an alias for nemesis.rebirthro.com.
[05:37:04] <deface> nemesis.rebirthro.com has address 67.202.76.7
[05:37:24] <deface> yeah, jacked up dns
[05:37:25] <deface> lol
[05:37:25] <euphidime> Alright, but why would a mail server rewrite the destination part of an e-mail address
[05:37:31] <deface> rebirthro.com.		271	IN	CNAME	nemesis.rebirthro.com.
[05:37:38] <euphidime> :/
[05:37:42] <deface> cname is illegal for an mx record
[05:38:00] <euphidime> It's not used for the MX record
[05:38:11] <euphidime> The MX record is nemesis.rebirthro.com. (which is an A record)
[05:38:21] <deface> dig MX rebirthro.com
[05:38:29] <deface> ;; ANSWER SECTION:
[05:38:29] <deface> rebirthro.com.		271	IN	CNAME	nemesis.rebirthro.com.
[05:38:32] <lunaphyte> i see no mx record for rebirthro.com
[05:38:38] <deface> ty lunaphyte
[05:39:23] *** c0rleone has quit IRC
[05:39:45] <lunaphyte> of course, you need one if you expect to receive email at <someuser> at rebirthro dot com.  having a cname instead won't do you any good.
[05:40:11] <lunaphyte> aside from the fact that you're breaking an rfc by having a cname for a zone's apex in the first place.
[05:40:57] <euphidime> Alright, well I guess that solves my incredibly frustrating problem
[05:41:16] <euphidime> Thanks very much for your help
[05:42:02] <lunaphyte> do yourself a favor.  forget about cnames.  forget they ever even existed.  :)
[05:43:03] <deface> agreed
[05:58:52] *** hparker has quit IRC
[06:13:45] *** Southron has left #Postfix
[06:14:03] *** hparker has joined #postfix
[06:15:45] *** zch-alexa has quit IRC
[06:19:34] <f3ew> CNAMEs at the top?
[06:19:42] <f3ew> How did the DNS server accept those?
[06:22:37] <lunaphyte> i can think of 2 possible scenarios.  shitty software or shitty admin.
[06:33:34] *** mitcheloc_laptop has quit IRC
[06:41:18] *** githogori has joined #postfix
[06:49:19] *** niki has quit IRC
[06:54:03] *** muecke77 has joined #postfix
[06:58:58] *** muecke77 has quit IRC
[07:21:57] <z\a> where do i define smtp.my.domain.com in postfix? if i was to use thunderbird
[07:22:58] <growltiger> !mydestination
[07:22:59] <knoba> growltiger: "mydestination" : a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents.
[07:23:55] <deface> z\a: in the outbound smtp settings ?
[07:24:17] <z\a> yup
[07:24:28] <deface> im telling you
[07:24:29] <deface> lol
[07:24:56] <jeev> postfix is the hottest thing since qmail
[07:28:07] <deface> z\a: http://zeus.fluxlabs.net/~jeremy/images/settings.png
[07:28:10] *** Fallenou has joined #postfix
[07:29:15] *** Fallenou has quit IRC
[07:30:10] <z\a> where can i set that letsay if i wanted to do smtp.freebsdbox.net
[07:30:31] <growltiger> !myhostname
[07:30:32] <knoba> growltiger: "myhostname" : a configuration parameter in the main.cf: The internet hostname of this mail system. The default is to use the fully-qualified domain name from gethostname(). $myhostname is used as a default value for many other configuration parameters.
[07:44:04] *** muecke77 has joined #postfix
[07:59:00] *** |_Knoedel_| has joined #postfix
[08:01:25] *** F6F has joined #postfix
[08:12:53] *** phnord has joined #postfix
[08:20:27] *** Motoko-chan has quit IRC
[08:20:38] *** muecke77 has quit IRC
[08:27:06] *** shinao1 has joined #postfix
[08:31:08] *** sophokles has joined #postfix
[08:33:56] *** xnixan_ is now known as xnixan
[08:36:37] *** jwit has quit IRC
[08:38:10] *** jwit has joined #postfix
[08:46:51] *** F6F has quit IRC
[08:47:32] *** muecke77 has joined #postfix
[08:51:10] *** muecke77 has left #postfix
[09:03:03] *** Polysics has joined #postfix
[09:03:07] <Polysics> hi all
[09:03:48] <Polysics> what would be a "standard" setup on an Ubuntu VPS? i'd like to have virtual mailboxes (ie. addresses are not tied to users), is that possible?
[09:05:35] <sep> Polysics, http://workaround.org/articles/ispmail-etch/   defines the standard :) unbuntu is debian based so you can use that and tweak it where needed.
[09:05:53] <Polysics> thanks
[09:06:16] <Polysics> i'm new to mail management, it's apaprently harder than apache configuration:-)
[09:07:51] <Polysics> ah! i was missing that MySQL was part of the stack. that's mostly what i was wondering about: WHERE data is :-)
[09:08:00] <Polysics> this is an excellent article
[09:10:12] *** shinao1_ has joined #postfix
[09:11:52] <Polysics> would you recommend using Debian at all, instead of ubuntu?
[09:12:20] <Polysics> most docs i find refer to debian... it might be a better choice?
[09:15:37] *** shinao1 has quit IRC
[09:19:28] *** kjs has joined #postfix
[09:20:17] <kjs> is there really much point in setting up MySQL db for my mail users if im hosting less than 100 users on a mail server/
[09:20:21] <kjs> ?
[09:21:48] <deface> its easier
[09:22:10] <Polysics> deface, what is the alternative? maintaining the two virtual files?
[09:22:25] <deface> yah
[09:22:39] <Polysics> virtual_mailbox_maps and virtual_mailbox_domains
[09:22:57] <Polysics> reading the article doing it with mysql is actually easier
[09:23:07] <Polysics> but you can do it with files if you don't use mysql
[09:23:13] <kjs> thats what I do currently on my existing server.
[09:23:28] <deface> postfix+postfix admin .. makes life easy
[09:23:47] <kjs> is it any faster using sql?
[09:23:55] <kjs> deface: did you mean mysql ?
[09:24:18] <deface> postfix admin uses mysql
[09:24:46] <kjs> what is postfix admin?
[09:24:48] *** Landon has joined #postfix
[09:25:08] <Landon> is anyone up this late? :) I've been having problems with virtual aliases
[09:25:14] <deface> kjs: google it
[09:25:21] <kjs> just have
[09:25:28] <deface> Landon: /topic .. need logs & conf files
[09:28:58] <Landon> http://rafb.net/p/4JYflL96.html , the problem is that they just aren't working, I'll send mail to someuser at butterdog dot org and it will get sent to my address, landon at lfowle dot org
[09:29:40] <Landon> Nov 18 02:24:51 c29150 postfix/error[14439]: 49DD5140C6: to=<landon at lfowles dot org>, orig_to=<someuser at butterdog dot org>, relay=none, delay=0.37, delays=0.21/0.03/0/0.13, dsn=5.0.0, status=bounced (User unknown in virtual alias table)
[09:30:43] <f3ew> So where should landon at lfowles dot org go?
[09:30:59] <Landon> to landon at lfowles dot org
[09:31:14] <Landon> but someuser at butterdog dot org needs to go to that user, just a second, let me paste /etc/postfix/virtual
[09:31:36] <f3ew> Postfix is complaining about landon at lfowles dot org
[09:31:55] <Landon> http://rafb.net/p/eKuGMF94.html
[09:32:06] *** Polysics has quit IRC
[09:32:19] <deface> jackd up virtual
[09:32:25] <Landon> going off of this page: http://www.postfix.org/VIRTUAL_README.html#virtual_alias
[09:32:28] <kjs> any of you guys use ASSP infront of postfix
[09:32:30] <Landon> I may be interpreting it wrong though
[09:33:25] <f3ew> Landon, Postfix is confused about landon at lfowles dot org
[09:34:07] <Landon> I don't see why it should be
[09:34:33] <deface> landon at lfowles dot org landon
[09:34:33] <deface> @lfowles.org landon
[09:34:35] <deface> me either
[09:37:50] *** weedar has joined #postfix
[09:38:26] *** ribasushi_ is now known as ribasushi
[09:39:49] <kjs> is there any way to setup a system where any mail that gets tagged with spam that is not spam can be fwd'd to an email address to be marked in the white list, and vice versa.
[09:40:21] *** jra has joined #postfix
[09:41:04] <deface> how the hell would it know a spam is not spam/
[09:41:07] <deface> ?*
[09:41:43] <deface> you mean if its clean, it gets auto-whitelisted ?
[09:46:33] <kjs> if it gets marked as spam
[09:46:38] <kjs> when its not spam
[09:46:57] <kjs> a user fwds it to an address which then adds the mail to the whitelist
[09:48:26] <Landon> I see this line in the page I linked earlier: NEVER list a virtual alias domain name as a mydestination domain!, would this also apply to myhostname ?
[09:49:02] <deface> kjs: could pipe that addy through a whitelisting program
[09:49:22] <deface> but if you setup your spam filters properly .. you wont have to worry about that
[09:49:52] <kjs> deface: what would your suggestion be?
[09:50:06] <deface> setup the spam filters right
[09:50:19] <kjs> :) what spam filters I mean
[09:50:48] <deface> your pick
[09:51:32] <Landon> aha
[09:51:35] <Landon> I think I figured it out
[09:52:05] <Landon> in my /etc/postfix/virtual it was doing landon@$mydomain instead of landon@localhost like I intended
[09:52:47] <deface> Landon: your whole config is botched imo
[09:52:55] <Landon> oh?
[09:52:55] <deface> quit guessing, and read the guides
[09:52:57] <deface> !basic
[09:52:58] <knoba> deface: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[09:53:03] <Landon> I did read the guides to make it...
[09:54:20] *** shinao1_ has quit IRC
[09:56:56] *** war9407 has joined #postfix
[09:58:10] <Landon> the only thing I see is that the alias_maps may not be needed anymore, I had that set up probably due to conflicting guides
[10:01:09] *** Landon has quit IRC
[10:01:12] *** _bt has joined #postfix
[10:01:31] *** active_si has quit IRC
[10:02:21] *** Verilium has quit IRC
[10:07:31] *** shinao1_ has joined #postfix
[10:19:04] *** shinao1_ has quit IRC
[10:21:38] *** amrit is now known as amrit|zzz
[10:23:31] *** active_si has joined #postfix
[10:37:03] *** hparker has quit IRC
[10:42:33] *** z\a has quit IRC
[10:54:34] *** mark-use has joined #postfix
[10:56:25] *** xpoint has joined #postfix
[10:58:55] *** tm-30740-exa has joined #postfix
[10:58:59] *** tm-exa has joined #postfix
[11:02:22] *** denis_ has joined #postfix
[11:02:39] *** xpoint has quit IRC
[11:03:20] *** denis_ has quit IRC
[11:12:59] *** xpoint has joined #postfix
[11:17:04] *** tobias- has joined #postfix
[11:18:09] <tobias-> Hey - I want to authenticate a user for a certain domain for sending mails. But, I want that user to ONLY be able to send FROM the domain he authenticated with; for instance tobias at fotobias dot se can't send mail for tobias at anotherdomainonthispostfix dot com
[11:19:47] <shasta> smtpd_sender_login_maps, reject_sender_login_mismatch restriction
[11:19:51] *** Juspion has joined #postfix
[11:20:01] <sysmonk> shasta is back in action! :)
[11:20:45] <tobias-> shasta: Do you have an example for this, maybe an url?
[11:21:11] <sysmonk> !smtpd_sender_login_maps
[11:21:12] <knoba> sysmonk: "smtpd_sender_login_maps" : a configuration parameter in the main.cf: Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses.
[11:21:13] <sysmonk> tobias-: ^^
[11:21:18] <sysmonk> damn
[11:21:36] * sysmonk thought there will be a link
[11:21:49] <sysmonk> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
[11:25:12] <tobias-> smtpd_sender_login_maps=reject_sender_login_mismatch in main.cf only?
[11:27:57] *** jra has quit IRC
[11:28:16] <tobias-> w8, i see the wrongness in that :)
[11:31:43] *** Juspion has quit IRC
[11:35:00] <tobias-> shasta: I'm using dovecot and mysql for authentication (sasl). Is there a specific "map" for sasl?)
[11:42:06] *** cpm has joined #postfix
[11:45:28] *** ming_zym has quit IRC
[11:45:35] *** tm-30740-exa has left #postfix
[11:49:30] *** pirho has joined #postfix
[12:00:07] *** mark-use_ has joined #postfix
[12:00:31] <f3ew> no
[12:00:53] *** mark-use has quit IRC
[12:01:46] <tobias-> shasta: I would guess that I could use like: smtpd_sender_login_maps=hash:/etc/postfix/accepted_senders and accepted_senders would be "tobias at fotobias dot se" and have reject_sender_login_mismatch in smtpd_recipient_restrictions ?
[12:01:57] <tobias-> at first
[12:02:47] <shasta> the login map should be something like:
[12:03:25] *** saurabhb has quit IRC
[12:03:26] <shasta> SaslUsernameYouEnterInYourMailClient      only.allow at this dot from.address.example.com
[12:03:34] <PaSzCzUs> !loops back
[12:03:34] <knoba> PaSzCzUs: Error: "loops" is not a valid command.
[12:03:40] <shasta> PaSzCzUs, !loopback
[12:03:45] <PaSzCzUs> !loopback
[12:03:46] <knoba> PaSzCzUs: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
[12:03:50] <PaSzCzUs> shasta ;)
[12:06:23] <tobias-> shasta: And the login_mismatch should be in smtpd_receipient_restrictions and not in smtpd_sender_restrictions ?
[12:06:55] *** Tykling has joined #postfix
[12:10:11] <PaSzCzUs> hmm i got loopback to myself if i not add another domain to "mydestination". But after adding it i got an error that no such user here
[12:10:47] <shasta> actually, that doesn't matter much. see smtpd_delay_reject
[12:12:58] <PaSzCzUs> Recipient address rejected: User unknown in local recipient table;
[12:13:01] <PaSzCzUs> damn i hate ldap
[12:13:15] *** skyweb has joined #postfix
[12:15:00] *** netcrash has joined #postfix
[12:15:54] *** neil has joined #postfix
[12:15:56] <neil> hi
[12:16:33] *** bhagat has joined #postfix
[12:16:59] <netcrash> Hello, I'm trying to control wich networks the server may act has an open relay to make the users to start using smtp auth but a problem has ocurred since It seems mynetworks can't handle vlsm's. Am I doing something wrong ?
[12:17:54] <neil> i use postfix to relay mails through gmail. is it possible to set different users to login to gmail depend on who is the sender of the mail? now i have a passwd file that contains: [smtp.gmail.com]:587 mymail at gmail dot com:mypassword        i need to send from an other gmail address too. how can i do that?
[12:18:05] <sysmonk> netcrash: vlsm's?
[12:18:06] *** mark-use__ has joined #postfix
[12:18:13] <shasta> neil, what's wrong with cidr?
[12:18:16] <shasta> erm
[12:18:18] <shasta> s/neil/netcrash/
[12:18:25] * shasta stabs his tabcompletion
[12:18:38] *** mark-use__ is now known as mark-use
[12:19:38] <sysmonk> shasta: what's vlsm?
[12:19:40] <netcrash> shasta: well the server is not relaying traffic based in netmasks like for example 192.168.0.0/19 , and continuous divisions like that. when I telnet to test the server it rejects the relay
[12:20:16] <netcrash> sysmonk: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
[12:20:31] <sysmonk> netcrash: i know what's a cidr, but what's a vlsm ? :)
[12:20:48] <sysmonk> ah, variable-length subnet masking
[12:21:02] <sysmonk> netcrash: mynetworks  support cidr's
[12:21:03] <netcrash> :)
[12:21:54] <shasta> netcrash, pastebin relevant log entries, and postconf -n output
[12:23:21] <PaSzCzUs> shasta: only english here?
[12:23:25] <shasta> yes
[12:23:28] <PaSzCzUs> shasta: or maybe i can ask you sth in polish? :)
[12:23:28] <sysmonk> tak :)
[12:23:30] <sysmonk> er, yes
[12:23:31] <sysmonk> ;))
[12:23:33] <PaSzCzUs> hehe ;>
[12:23:51] <netcrash> shasta: pasting please hold :)
[12:24:01] <sysmonk> pastebining you mean? :P
[12:24:18] * sysmonk prepares a /kick just in case that was really pasting :P
[12:24:51] *** amrit|zzz has quit IRC
[12:25:05] *** amrit has joined #postfix
[12:25:09] <netcrash> shasta: sysmonk http://pastebin.com/d2201f53f
[12:25:11] <PaSzCzUs> ok so my problem is: i want to have foo.com and student.foo.com domains. i have an ldap and when i`m sending mail from paszczus at foo dot com to someone at student dot foo.com i got an error with loops back to myself
[12:25:24] <PaSzCzUs> so `ve added student.$mydomain to my mydestination
[12:25:28] <netcrash> forgot the log entries
[12:25:34] *** diazepam1 has joined #postfix
[12:25:39] <PaSzCzUs> and now i got an error with not finding username
[12:26:07] <shasta> netcrash, gee, why hash: for mynetworks?
[12:26:07] <sysmonk> netcrash: hash doesn't support cidr's
[12:26:14] <sysmonk> you must use cidr: for that kind of maps
[12:26:19] <sysmonk> !cidr
[12:26:19] <knoba> sysmonk: "cidr" : cidr_table(5) - format of Postfix CIDR table. Lookup table in Classless Inter-Domain Routing form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated.
[12:26:23] <sysmonk> netcrash: ^^
[12:26:36] <netcrash> looking into it
[12:27:06] <sysmonk> PaSzCzUs: student.foo.com on the same server or not?
[12:28:30] *** captain is now known as Captain
[12:29:02] *** mark-use_ has quit IRC
[12:32:32] <netcrash> sysmonk: shasta working well ... :D thank you
[12:33:22] <shasta> see? i am working well! (:
[12:33:24] <PaSzCzUs> sysmonk: yes, on the same
[12:34:36] <sysmonk> and does the user exist on the server?
[12:35:59] *** s0what has joined #postfix
[12:36:10] <PaSzCzUs> yes
[12:36:25] <PaSzCzUs> there is 81197 at student dot foo.com
[12:36:35] <PaSzCzUs> it looks like postfix is not looking for users in that domain
[12:36:50] <sysmonk> PaSzCzUs: does 'id 81197' return anything ?
[12:36:54] *** neil has quit IRC
[12:36:59] <PaSzCzUs> no, cause it`s ldap user
[12:37:23] <sysmonk> you added the domain to mydestination, that means it's a local user
[12:37:37] <PaSzCzUs> if i create user for example 81197 at foo dot com it exist. but after adding 81197 at student dot foo.com it`s not
[12:37:53] <sysmonk> PaSzCzUs: is foo.com a virtual domain?
[12:37:56] <sysmonk> or local domain?
[12:38:02] <PaSzCzUs> virtual domain
[12:38:06] <PaSzCzUs> i only have a virtual domain
[12:38:07] <sysmonk> where is it specified? virtual_*_maps or mydestination?
[12:38:24] <sysmonk> er, better pastebin the postconf -n - it'll be a bit faster
[12:38:27] <PaSzCzUs> mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain, $mydomain, student.$mydomain
[12:38:47] <sysmonk> pastebin the postconf -n
[12:39:58] <PaSzCzUs> http://pld.pastebin.com/m391c77eb
[12:40:09] <PaSzCzUs> but there is no entries vith virtual*
[12:40:13] <PaSzCzUs> not all
[12:41:25] <sysmonk> wait, does ANY user in ldap work ?
[12:41:28] <PaSzCzUs> http://pld.pastebin.com/m672a506 they are here
[12:41:37] <PaSzCzUs> sysmonk: yes, of course, all users at foo dot com works
[12:41:40] <PaSzCzUs> about 1200 users
[12:42:09] <sysmonk> can you show me a successiful delivery to @foo.com and unsuccesiful to student.foo.com ?
[12:42:19] <PaSzCzUs> ok
[12:45:44] <PaSzCzUs> sysmonk: http://pld.pastebin.com/pastebin.php here is succesfull delivered for paszczus at foo dot com
[12:46:07] <sysmonk> nothing there
[12:46:42] *** pirho has quit IRC
[12:46:54] <PaSzCzUs> i know, cause it is ok and it is working fine ;)
[12:47:20] <PaSzCzUs> but now i will show you unsuccesfull delivered for 81197 at student dot foo.com
[12:47:22] <sysmonk> i mean nothing in the pastebin.
[12:47:33] *** pirho has joined #postfix
[12:47:37] <PaSzCzUs> ahg
[12:47:38] <PaSzCzUs> heheh
[12:47:41] <PaSzCzUs> sorry wrong link ;)
[12:48:13] <PaSzCzUs>     * Sorry, your post tripped our spam filter - let us know if you think this could be improved
[12:48:16] <PaSzCzUs> damn
[12:48:45] <PaSzCzUs> sysmonk: http://paszczus.darpa.pl/success.txt
[12:48:47] *** pirho has quit IRC
[12:49:33] *** pirho has joined #postfix
[12:50:05] <PaSzCzUs> looks ok, right?
[12:50:10] <PaSzCzUs> s/ok/fine
[12:50:19] <sysmonk> just go on with the pastebins
[12:50:25] *** stas` has quit IRC
[12:50:38] <PaSzCzUs> but they spamfilter denied my pastebin
[12:50:48] <PaSzCzUs> so i paste it on my server - what`s the problem? :)
[12:50:49] <sysmonk> i mean go on pasting
[12:50:49] <sysmonk> damn it
[12:50:52] *** stas` has joined #postfix
[12:50:54] <PaSzCzUs> ah ok
[12:50:54] <PaSzCzUs> [;
[12:53:16] <PaSzCzUs> http://pld.pastebin.com/m570f6754 here it is
[12:53:24] <PaSzCzUs> unsuccesfull sending mail
[12:53:32] <PaSzCzUs> from foo.com to student.foo.com
[12:53:46] <PaSzCzUs> with student.foo.com in mydestination
[12:53:55] <sysmonk> PaSzCzUs: 'id paszczus'
[12:54:03] <sysmonk> that returns anything?
[12:54:20] <PaSzCzUs> yes cause it`s local (and virtual) user
[12:54:25] <sysmonk> imho you have a real system user called 'paszczus'
[12:54:28] <PaSzCzUs> local: paszczus
[12:54:32] <sysmonk> PaSzCzUs: and how about a user which is 'virtual' but not local ?
[12:54:35] <PaSzCzUs> virtual: paszczus at foo dot com
[12:54:43] <sysmonk> that is, a user which is in ldap but isn't a local user on the system ?
[12:54:49] <PaSzCzUs> sysmonk: 81197 is not local, just virtual
[12:55:02] <sysmonk> PaSzCzUs: so, why did you answer that LDAP users are working fine ?
[12:55:05] <PaSzCzUs> but i can try to send it from user which is ONLY in ldap
[12:55:11] <PaSzCzUs> sysmonk: cause they are !
[12:55:16] <sysmonk> PaSzCzUs: not 'from' but 'to'
[12:55:35] <PaSzCzUs> sysmonk: i can send an email from/to virtual user from foo.com but cannot to student.foo.com
[12:55:38] <sysmonk> PaSzCzUs: send an email to @foo.com which isn't a local user
[12:55:49] <PaSzCzUs> no problem, it works all the time ;)
[12:55:52] <sysmonk> PaSzCzUs: send a mail to virtual user which is ONLY virtual for @foo.com
[12:55:55] <sysmonk> ok
[12:58:07] <PaSzCzUs> sysmonk: http://paszczus.darpa.pl/fine-virtual.txt
[12:58:28] <PaSzCzUs> it is to virtual user 'test1234' just created
[12:59:26] <PaSzCzUs> now you belive me that this is working fine ? :)
[13:00:39] <sysmonk> PaSzCzUs: pastebin your 'accounts' ldap conf file
[13:00:40] *** diazepam1 has left #postfix
[13:01:06] <PaSzCzUs> you mean part from ldap? already pasted: http://pld.pastebin.com/m672a506
[13:01:59] <sysmonk> that's not a postfix configuration file syntax
[13:02:16] <sysmonk> i'm talking about the virtual_mailbox_maps = ldap:accounts
[13:02:25] <sysmonk> it should be something like /etc/postfix/accounts
[13:03:04] <sysmonk> oh wait, is that a main.cf part?!
[13:03:18] * sysmonk hates when people use in-main.cf ldap/mysql configuration
[13:03:24] <sysmonk> that's SOOOO unuseful
[13:05:27] <PaSzCzUs> yes, it`s in main.cf
[13:05:39] <sysmonk> PaSzCzUs: that's really uneuseful in debuging
[13:05:41] <PaSzCzUs> sysmonk: i started that job few months ago and it was already here ;)
[13:05:44] <sysmonk> you can't just easily postmap -q it
[13:05:49] <sysmonk> !postmap-q
[13:05:51] <knoba> sysmonk: Error: "postmap-q" is not a valid command.
[13:05:52] <sysmonk> !postmapq
[13:05:52] <knoba> sysmonk: "postmapq" : You can check your lookups with the postmap command. Example: if you defined "transport_maps = mysql:/etc/postfix/transport.cf" you may check this mapping by running "postmap -q domain.com mysql:/etc/postfix/transport.cf" and see if it works.
[13:06:21] <PaSzCzUs> but.. what now? :)
[13:06:26] <sysmonk> knoba: you can try postmap -q test123 ldap:accounts
[13:06:30] <sysmonk> although i don't know if it'll work
[13:06:52] <PaSzCzUs> it works
[13:07:17] <PaSzCzUs> mailFC postfix # postmap -q test1234 ldap:accounts
[13:07:17] <PaSzCzUs> mailFC postfix # postmap -q test1234 at foo dot com ldap:accounts
[13:07:17] <PaSzCzUs> foo.com/test1234/
[13:07:41] <sysmonk> and try the same with the 'non working' one ?
[13:08:06] <PaSzCzUs> postmap -q 81197 at student dot foo.com ldap:accounts
[13:08:10] <PaSzCzUs> #
[13:08:18] <sysmonk> doesn't return anything?
[13:08:22] <PaSzCzUs> yep
[13:08:51] <sysmonk> PaSzCzUs: show me the ldap object for that account
[13:10:15] *** tty2 has quit IRC
[13:10:49] *** tty2 has joined #postfix
[13:11:48] <PaSzCzUs> sysmonk: http://pld.pastebin.com/m5559b580
[13:13:33] <sysmonk> *tsss* you forgot to hide your domain;)
[13:13:50] <PaSzCzUs> damn:P
[13:13:58] <PaSzCzUs> right
[13:14:02] <PaSzCzUs> in mailbox
[13:14:08] *** m0f0x has quit IRC
[13:16:09] *** m0f0x has joined #postfix
[13:22:52] <sysmonk> PaSzCzUs: did you see what i wrote in your PM ?
[13:26:10] *** gutocarvalho has joined #postfix
[13:32:36] *** mark-use has quit IRC
[13:34:04] *** Southron has joined #Postfix
[13:35:29] *** Zelest has quit IRC
[13:42:31] *** Zelest has joined #postfix
[13:51:47] *** githogori has quit IRC
[13:51:53] *** tty2 has left #postfix
[13:52:31] *** githogori has joined #postfix
[13:54:03] *** verywiseman has joined #postfix
[13:56:33] *** Verilium has joined #postfix
[14:01:37] *** brancaleone has joined #postfix
[14:12:54] *** ikevin_ has quit IRC
[14:13:07] *** ikevin_ has joined #postfix
[14:13:31] *** xnixan_ has joined #postfix
[14:13:32] *** donald has joined #postfix
[14:15:11] *** skyweb has quit IRC
[14:15:23] <tobias-> shasta: Thanks with your help. Now i've successfully implemented this ;)
[14:19:04] *** xnixan__ has joined #postfix
[14:19:05] <shasta> np
[14:25:59] *** active_si has quit IRC
[14:26:53] *** xnixan_ has quit IRC
[14:31:00] *** active_si has joined #postfix
[14:34:35] *** xnixan has quit IRC
[14:36:03] *** denis_ has joined #postfix
[14:37:41] *** jelly has quit IRC
[14:39:09] *** denis_ has quit IRC
[14:40:03] *** denis_ has joined #postfix
[14:48:30] *** eanxgeek has quit IRC
[14:48:45] *** eanxgeek has joined #postfix
[14:51:35] *** donald has quit IRC
[14:53:04] *** sophokles has quit IRC
[14:53:45] *** sophokles has joined #postfix
[14:54:38] *** sophokles has quit IRC
[14:55:07] *** sophokles has joined #postfix
[14:56:57] *** sophokles has quit IRC
[14:57:25] *** sophokles has joined #postfix
[14:57:39] *** web_know1 is now known as web_knows
[15:03:33] *** Disconnect has joined #postfix
[15:04:29] <Disconnect> is there a simple way to flush the queue -and- recheck mx records? had a broken mx record (sigh) and now i've got 15k pending messages. mx is fixed (verified with dig on the mail box) but the queue flush still tries to use the A record.
[15:06:29] *** bhagat has quit IRC
[15:07:14] *** denis_ has quit IRC
[15:07:50] <f3ew> postsuper -r ALL
[15:08:08] *** Haris1 has quit IRC
[15:09:25] *** active_si has quit IRC
[15:10:31] <Disconnect> cool thanks :) looks like the person who arfed up the mx record also failed to tell that host it should accept the mail. sigh.
[15:13:47] *** denis_ has joined #postfix
[15:17:17] *** jelly has joined #postfix
[15:17:29] *** gstaniak has joined #postfix
[15:22:34] *** sophokles has quit IRC
[15:23:11] <Disconnect> perfect, its all flushed. thanks again :)
[15:23:12] *** Disconnect has left #postfix
[15:23:26] *** mandragor has joined #postfix
[15:23:27] *** sophokles has joined #postfix
[15:23:51] <gstaniak> hi
[15:26:33] *** ehird has left #postfix
[15:27:07] <gstaniak> is there a way to set up an msa using postfix and to use external pop3 authentication, so that postfix would accept a (mangled?) email address and password, check its validity at a remote site and then accepted mail for relay? is there perhaps already a policy daemon that would do that?
[15:27:53] *** sophokles has joined #postfix
[15:28:06] <sysmonk> gstaniak: postfix + cyrus-sasl + saslauthd + -a rimap
[15:30:22] <gstaniak> sysmonk: wow. a bit complex.
[15:30:50] *** sophokles has quit IRC
[15:31:10] <sysmonk> gstaniak: your idea is a bit complex too, isn't it ?
[15:31:24] <sysmonk> i might make it simpler
[15:31:32] <sysmonk> postfix + cyrus-sasl + 'saslauthd -a rimap' :)
[15:32:09] <gstaniak> sysmonk: now that's better ;)
[15:32:30] <gstaniak> sysmonk: is it restricted to imap? no way to use pop3?
[15:33:12] <sysmonk> yeah, afaik imap only
[15:34:39] <gstaniak> sysmonk: ok, thanks anyway, i'll check whether imap only is acceptible. if it's not, is there a way to provide pop3 auth other than modifying saslauthd?
[15:35:18] <sysmonk> you could write your own auxprop plugin to sasl
[15:35:19] <sysmonk> ;)
[15:35:57] *** sophokles has joined #postfix
[15:36:27] *** weedar has quit IRC
[15:36:30] <gstaniak> sysmonk: i will, if there's no other way. have to migrate from zmailer eventually.
[15:36:31] *** xnixan has joined #postfix
[15:42:37] *** UQlev has joined #postfix
[15:43:57] *** xnixan__ has quit IRC
[15:46:15] *** gstaniak has quit IRC
[15:58:00] *** s0what has quit IRC
[16:01:15] *** rmr-f has joined #postfix
[16:01:39] <rmr-f> my postqueue doesnt have a -i feature... can i grab an external binary that does have that feature and use that instead?
[16:04:21] *** karrotx has joined #postfix
[16:07:06] *** TGM has joined #postfix
[16:13:32] *** waKKu has joined #postfix
[16:13:35] <waKKu> hi folks..
[16:14:04] <UQlev> anybody using sasl via dovecot authentication?
[16:14:26] <waKKu> i'm reading/following docs in postfix.org but i've a doubt (it works, but i dont know why :) ... what "dummy" means for content filter? -o content_filter=filter:dummy ???
[16:15:43] *** xpeed has joined #postfix
[16:16:16] *** mandragor has quit IRC
[16:17:52] *** munga has joined #postfix
[16:17:58] *** denis_ has quit IRC
[16:19:01] <munga> I want to rewrite all email from user at olddomain dot org to user at newdomain dot org ... which map should I use ? user at oldomain dot org are not local users ...
[16:20:05] <munga> my guess is a virtual_regexp + oldomain.org in relay_domains ... is this correct ?
[16:20:18] *** denis_ has joined #postfix
[16:29:25] *** denis_ has quit IRC
[16:34:04] *** Dr_ST has joined #postfix
[16:34:13] <Dr_ST> hey folks
[16:34:54] <Dr_ST> anyone can drive me a little for postfix + smtps relay ?
[16:35:24] <Dr_ST> my goal is to use my local postfix to realy mails via an authenticated smtps server (i have valid credentials, of course)
[16:37:30] <Dr_ST> but so far i'm not sure of the procedure, i should use the "relayhost", but i just want to ensure this is the right procedure (i mean, is sending mail this way is like sending mail using thundebird?)
[16:39:20] <munga> for what I know relayhost is the right way yo do it. I'm not sure how to provide the credentials...
[16:40:27] <Dr_ST> ok, then i'll try to configure it this way, for the credentials, i think i need to use the server certificates, but i'm still searching (i found good pointers on the web, i'll dig them more closely)
[16:45:45] *** googlah has quit IRC
[16:48:19] *** denis_ has joined #postfix
[16:50:00] <rmr-f> I keep getting timed out while sending MAIL FROM for mail in my postfix queue from certain emails (while thousands of others pass fine)
[16:50:13] <rmr-f> postqueue -f doesnt fix it... any ideas?
[16:51:38] *** xnixan has quit IRC
[16:52:22] *** waKKu has left #postfix
[16:55:04] *** deadpigeon has joined #postfix
[16:59:21] <munga> rmr-f: maybe you have some kind of rbl checks on you recipients ? just a wild guess ...
[16:59:50] <rmr-f> yeah but would that cause a timeout?
[17:05:05] <munga> the fact that you're not able to contact the remote rbl provider ...
[17:07:07] *** |_Knoedel_| has quit IRC
[17:10:26] *** pitakill has joined #postfix
[17:12:33] *** UQlev has quit IRC
[17:21:07] <rmr-f> hmmmmmmm
[17:22:09] *** Spec has joined #postfix
[17:24:19] <raz> has anyone here ever set up TLS between two postfix mta's?  i'd like to relay all mail from postfix1 through postfix2 - over a secure connection
[17:24:46] <raz> currently i fail to get postfix1 to send a STARTTLS command to postfix2 early enough
[17:24:56] <raz> (or at all, i dunno)
[17:26:07] <Roobarb> raz: http://www.postfix.org/postconf.5.html#smtp_use_tls
[17:26:35] <raz> Roobarb, i have smtp_use_tls = yes on both sides
[17:26:52] <raz> but postfix2 rejects the connection with: 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command))
[17:27:37] <Roobarb> I see log entries such as:  postfix/smtp[19418]: setting up TLS connection to <server>
[17:27:46] *** phnord has quit IRC
[17:28:01] <raz> well, since this is postfix 2.3 i guess i should rather be using smtp_tls_security_level, too
[17:28:11] <raz> most of the howto's and tutorials are outdated :\
[17:28:13] *** RickRoss has joined #postfix
[17:28:46] <RickRoss> does anyone know a way to manually pick out emails in the queue? my postfix doesnt have a postqueue -i feature
[17:29:35] <Roobarb> RickRoss: to do what with them? view them?
[17:30:06] <RickRoss> well send them..... id run a postqueue -f, but i have at least 20,000 emails that are stuck and it will kill the remote mail server
[17:30:47] *** karrotx has quit IRC
[17:31:34] *** netcrash has quit IRC
[17:34:02] *** netcrash has joined #postfix
[17:37:16] *** felix-da-catz_zz is now known as felix-da-catz
[17:38:09] *** denis_ has quit IRC
[17:41:59] <Roobarb> raz: on the sending machine, I have just two lines: smtp_use_tls = yes   and    smtp_tls_loglevel = 1
[17:42:45] <Roobarb> raz: the recieveing machind has a few more, but "smtpd_use_tls = yes" is the key one (note the smtpd instead of smtp)
[17:42:57] <Roobarb> smtpd_tls_loglevel = 1  may be useful there too
[17:44:04] *** sophokles has quit IRC
[17:47:20] <raz> hmm yea i get that far now
[17:47:24] <raz> but it's still rejecting
[17:47:29] <raz> Recipient address rejected:
[17:47:30] <raz> hmm
[17:47:46] <Roobarb> thats different from a TLS failure
[17:47:55] <raz> yes
[17:48:07] <raz> i think these two lines are key here:
[17:48:11] <raz> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
[17:48:11] <raz> smtpd_client_restrictions = permit_tls_clientcerts
[17:48:23] <raz> apparently "permit_tls_clientcerts" does not override the first line :\
[17:49:17] <Roobarb> that does assume you have your CA certs loaded into the server
[17:49:37] <raz> aaah
[17:49:55] <raz> permit_tls_clientcerts can also be added to smtpd_*recipient*_restrictions
[17:50:02] <raz> the docs are misleading because they don't contain the ssl values
[17:50:17] <Roobarb> as an aside, it's generally easier if you set "smtpd_delay_reject = yes" then put ALL your restrictions ito smtpd_recipient_restrictions, instead of splitting them out
[17:50:38] <Roobarb> then you can understand the restriction flow better
[17:51:02] <raz> ahh that's a good tip, thx
[17:51:45] *** UQlev has joined #postfix
[17:53:18] <Roobarb> raz: life is slightly easier if you can enforce the use of the submission port for (SASL) clients and leave the rest of us to port 25
[17:54:11] <Roobarb> then you can simply set smtpd_client_restrictions=permit_sasl_authenticated,reject on the submission port, and safely assume that messages hitting port 25 are all inbound
[17:54:53] <raz> life is even easier here. my receiving MTA must *only* accept mail from MTAs that have a valid client cert :)
[17:55:02] *** pulsars has joined #postfix
[17:55:19] <raz> i'm not even using SASL here
[17:55:20] <raz> valid cert is enough
[17:55:25] <Roobarb> that works too, although simply setting mynetworks properly is just as good imho
[17:55:39] <raz> that's the problem, my clients can come from anywhere
[17:55:47] <raz> i have no known ips
[17:56:15] <Roobarb> why don't you implement sasl too?
[17:56:32] <Roobarb> or are you using client certs instead of password auth?
[17:56:36] <raz> all i wanna know is that the client is authorized to relay through my mta
[17:56:45] <raz> yes, i'm using client certs. actually the same client cert for all clients.
[17:56:46] <Roobarb> right
[17:56:55] <Roobarb> well, i'm off - enjoy :)
[17:56:59] <raz> :)
[17:57:02] <raz> thx for the pointers
[17:57:05] <Roobarb> np
[17:57:38] <Roobarb> I have a working TLS -> TLS  system, albiet not with client certs, if you still have problems tomorrow
[17:58:42] <rmr-f> is there a way to determine how many smtp connections postfix has going out at a given time?
[18:00:35] *** Niemi_ has joined #postfix
[18:02:03] <cpm> ps aux | grep smtp | wc -l
[18:02:03] <cpm> ?
[18:02:16] <cpm> not very accurate
[18:06:22] *** loddafnir has joined #postfix
[18:09:43] *** havvg has joined #postfix
[18:10:10] *** pulsars is now known as pulsar
[18:12:17] *** tm-exa has quit IRC
[18:19:32] *** havvg has quit IRC
[18:21:03] *** Dr_ST has left #postfix
[18:33:12] *** _fury has joined #postfix
[18:40:18] <_fury> I'm having a bit of a problem with ms outhouse clients connecting via ssl to my server, here's the log file: http://rafb.net/p/jNfTja66.html
[18:40:25] <_fury> I get SSL_accept error from ool-45701936.dyn.optonline.net[69.112.25.54]: -1
[18:40:33] <_fury> any way to work around that?
[18:41:04] <shasta> are you sure the client tries to use SSL at all?
[18:41:10] <_fury> positive
[18:41:23] <_fury> in fact this has been working for a long time without any problem at all
[18:41:36] <_fury> yesterday I added a second smtpd instance to master.cf to support two different ssl certs
[18:41:59] <_fury> so nothing has changed in their clients since then
[18:41:59] *** githogori has quit IRC
[18:41:59] <_fury> http://rafb.net/p/BmhpgB85.html
[18:42:04] <_fury> there's the relevant portion of the conf file
[18:42:05] <shasta> so you broke it :P
[18:42:20] <_fury> heh well *my* mail client, which isn't outhouse, works just fine :)
[18:42:59] <_fury> what I found was that with dovecot, where I'm using stunnel instead of dovecot's built-in ssl (because it doesn't support multiple certs)
[18:43:19] <_fury> stunnel was telling me it was trying to use sslv3, and clients were trying to connect with sslv2, and changing stunnel to sslv2 fixed the problem
[18:43:28] <_fury> I'm thinking it could be a similar issue here, is postfix maybe using sslv3?
[18:43:41] <_fury> the log file seems to indicate that
[18:43:49] <_fury> SSL23_GET_CLIENT_HELLO:unknown protocol
[18:46:48] *** havvg has joined #postfix
[18:46:55] *** xpoint has quit IRC
[18:47:29] *** havvg has quit IRC
[18:47:34] *** havvg has joined #postfix
[18:53:58] *** pickcoder has joined #postfix
[18:54:02] *** niki has joined #postfix
[18:54:11] <_fury> so I guess my question is, is there a way to specify the ssl version that it uses?
[18:58:21] *** UncleD- is now known as UncleD
[18:58:46] *** Zeit|awy_ is now known as Zeit|awy
[18:59:56] *** TheBirdMan has quit IRC
[19:07:20] *** UncleD has left #Postfix
[19:08:10] *** madrescher has joined #postfix
[19:10:24] *** wild_oscar has joined #postfix
[19:10:46] <wild_oscar> good afternoon
[19:10:48] *** madrescher has quit IRC
[19:11:10] <wild_oscar> I need to change a postfix configuration to enable relay through an authenticated smtp
[19:11:35] <wild_oscar> what is described here - http://ben.franske.com/blogs/2005/09/06/postfix_smtp_auth_support_for_relayhost - seems what I need
[19:12:35] <wild_oscar> however, I'm getting this http://pastebin.com/d110f887f
[19:13:02] <wild_oscar> fatal: SASL library initialization
[19:13:45] *** Zeit|awy_ has joined #postfix
[19:14:33] *** arooni has quit IRC
[19:14:37] *** arooni_____ has joined #postfix
[19:20:39] *** Zeit|awy has quit IRC
[19:21:57] *** seekwill has joined #postfix
[19:26:19] <pickcoder> argh.. I have to rewrite my bounce collector script
[19:26:35] <pickcoder> is there a tool available out there to collect to: and bounce status from the logs?
[19:36:05] <seekwill> How do you tell how many messages are in the queue?
[19:36:45] <seekwill> How can you quickly find the number of messages in queue (approx 800k messages)?
[19:37:54] <growltiger> wc
[19:38:14] *** jense has joined #postfix
[19:41:20] <seekwill> I'll try that. Thanks
[19:41:51] *** carl- has joined #postfix
[19:44:12] *** hparker has joined #postfix
[19:45:07] <stockholm> seekwill: how long does mailq take with 8e5 messages?
[19:45:25] <seekwill> I don't know, it's not really my box :)
[19:46:22] *** T_G_M has joined #postfix
[19:46:37] <seekwill> He doens't know since it took so long he afk'd
[19:47:03] *** T_G_M has left #postfix
[19:47:26] *** T_G_M has joined #postfix
[19:47:29] *** T_G_M has left #postfix
[19:50:19] *** gutocarvalho has quit IRC
[19:51:30] *** gutocarvalho has joined #postfix
[19:51:58] *** brancaleone has quit IRC
[19:56:37] <pickcoder> once I get this all setup I get to wipe the server again and do it all over
[19:59:20] *** juro has joined #postfix
[20:00:16] <juro> hi, if I get emails from a server using fetchmail and mirror them to local user accounts, what is the best way to set up postfix?
[20:05:50] *** skyweb has joined #postfix
[20:08:42] <pickcoder> postfix is not a MDA
[20:08:49] <pickcoder> so it really doesn't matter
[20:09:07] <pickcoder> are you using maildrop?
[20:09:53] <juro> the standard one that comes with Ubuntu
[20:10:09] <stockholm> ah, ubuntu
[20:10:21] <pickcoder> I don't run ubuntu so I have no idea what "standard" is
[20:10:35] <pickcoder> postfix is going to use whatever mailbox_command you tell it to
[20:10:50] <stockholm> juro: maildirs are good
[20:10:51] <pickcoder> as long as your fetchmail and it play together then it shouldn't be a problem
[20:11:00] <juro> basically the email accounts are situated with a crap hoster, that doesn't spam filter, so I pull all the emails, run them through spamassassin, clam-av, etc and then dump them into the Maildir/ format
[20:11:10] <stockholm> doesnt fetchmail deliver to the local mta?
[20:11:15] <juro> pickcoder, yeah, that works
[20:11:34] <pickcoder> stockholm: never used it
[20:11:47] <juro> I have set up a few small mail servers before and just wanted to learn some more
[20:11:48] <stockholm> i think it does
[20:12:17] <stockholm> it is ~13 years that i set it up last
[20:12:56] <juro> stockholm, I think so too. fetchmail polls the pop3 account and queues the emails. postfix takes over, does all the checks and converts them to Maildir format and then fetchmail just dumps them whereever - (or that is how I understand it anyway)
[20:13:27] <stockholm> i dont thikn fetchmail dumps them
[20:13:38] <rmr-f> is it ok to see 57 processes for "smtp -t unix -u" running under ps aux at a given time?
[20:13:46] *** netcrash has quit IRC
[20:13:52] *** wild_oscar has left #postfix
[20:14:10] <stockholm> i think you local mail delivery agent drops them. a program like maildrop, procmail or postfix can do it too
[20:14:21] <juro> stockholm - maybe but you tell fetchmail, what email account associates with which local user ...
[20:15:22] <stockholm> juro: that is because fetchmail sends a local mail
[20:15:34] <juro> stockholm, anyway, in my szenario, do I need the local_recipient_maps? I am assuming no
[20:16:40] <stockholm> i dont think so either
[20:17:12] <juro> ok, then I'll try that with some test emails (I can't remember how I set up this sepcific server 3 years ago ...)
[20:17:31] <juro> unfortunately, MailScanner stopped working and the Ubuntu version doesn't support anything newer
[20:19:27] <juro> thanx for your time!
[20:25:09] <stockholm> welcome. :-)
[20:29:47] *** cpm has quit IRC
[20:30:14] *** Knoedel2 has joined #postfix
[20:39:25] *** ribasushi has quit IRC
[20:40:14] *** ribasushi has joined #postfix
[20:44:39] *** pirho has quit IRC
[20:46:02] *** xpeed has quit IRC
[20:46:24] *** pirho has joined #postfix
[20:59:16] *** xpeed has joined #postfix
[21:00:48] <rmr-f> hey guys, i need to delete an individual bad mail from the postfix queue.... anyway to do this?
[21:01:24] <onre> postsuper command
[21:08:10] *** githogori has joined #postfix
[21:09:47] <rmr-f> if i have the queueid of a message, is there a way to view that message?
[21:12:36] <shasta> man postcat
[21:14:29] <rmr-f> yeah i did.... theres no switch there for queueid
[21:14:33] <rmr-f> only for viewing files
[21:15:45] <shasta> you're wrong
[21:16:58] <pickcoder> the manpage doesn't say queue ID specifically
[21:17:55] *** BauernhofPheonix has joined #postfix
[21:18:03] <BauernhofPheonix> hi
[21:19:22] *** BauernhofPheonix has quit IRC
[21:19:26] *** freqmod_qu has quit IRC
[21:19:32] *** freqmod_qu has joined #postfix
[21:24:03] *** TGM has quit IRC
[21:25:26] *** xpeed has quit IRC
[21:26:11] <shasta> that's why you have to read *and* understand
[21:26:45] *** rouri has joined #postfix
[21:34:02] *** rouri has quit IRC
[21:42:09] <seekwill> I can't just read?
[21:42:48] <stockholm> sure you can.
[21:42:55] <stockholm> that will take you a long way
[21:43:34] <pickcoder> to no where
[21:43:53] <stockholm> not true
[21:44:53] <pickcoder> if you don't understand what you're reading then where's the gain
[21:46:11] <seekwill> Pattern recognitiion
[21:46:37] <pickcoder> I suppose it would help with puzzles
[21:46:53] <seekwill> You can read a config file all day and not understand what it does.... but if you see another config with wrong syntax, you might be able to spot that
[21:47:24] <pickcoder> even if you make it worse by offering to fix it incorrectly?
[21:47:30] <pickcoder> :)
[21:47:57] *** juro has quit IRC
[21:48:05] <seekwill> :)
[21:48:16] <seekwill> Well, a simple syntax error...
[21:49:18] <pickcoder> I hope you don't work my car anytime soon...
[21:49:25] <pickcoder> :P
[21:50:04] *** ToreadorVampire has joined #postfix
[21:50:49] * pickcoder is finally done with the holiday mailings
[21:51:14] <pickcoder> apart from the stampede of <webmail service name> mail
[21:52:06] <ToreadorVampire> Hi all ... have been struggling with MTAs and SMTP auth all day long (trying to do it with sendmail and not getting anywhere) - I switched over to postfix and I have 90% of the problem solved now ... one last thing remaining:
[21:53:17] <ToreadorVampire> I am using postfix + SASL to provide SMTP auth based on local UNIX user accounts (which is what I want), and that is working just fine - I can telnet localhost:25 and authenticate to the mailserver (hurrah) ...
[21:53:23] <seekwill> pickcoder: lol :P
[21:53:36] <seekwill> pickcoder: How large is your list?
[21:53:49] <pickcoder> erm
[21:54:12] <pickcoder> 33.8K this time
[21:54:13] <pickcoder> not huge
[21:54:15] <pickcoder> not tiny
[21:54:21] <pickcoder> just time consuming to babysit
[21:54:29] <ToreadorVampire> ... but the last step of what I am trying to achieve is controlling which local UNIX users are allowed to authenticate and send mail via the mailserver ... this might be a postfix question or might be a sasl question (although I'm not sure) - so if I am asking in the wrong place, I'll accept "go ask the sasl guys!" as the answer ;)
[21:55:12] *** tm-30740-exa has joined #postfix
[21:55:39] <seekwill> pickcoder: Which ISP is your largest? Yahoo?
[21:55:40] <pickcoder> ToreadorVampire: which auth service did you deploy
[21:55:49] <ToreadorVampire> Ideally I'd like "which local users can authenticate to the postfix server" to be controlled by a UNIX group on the server, so I can control "who can send mail and who can't" by group membership, rather than having to disable their account
[21:55:52] *** pitakill has quit IRC
[21:55:54] <pickcoder> seekwill: dunno I'll have to do a count
[21:55:55] * seekwill guesses 10k+
[21:55:58] <seekwill> oh
[21:56:08] <seekwill> I put my money between 10-15k
[21:56:30] <ToreadorVampire> pickcoder> Erm ... you mean which sasl version?  or whether sasl is using PAM or something?
[21:56:41] <pickcoder> yahoo.*  = 2678
[21:56:45] <seekwill> yikes
[21:57:04] <seekwill> Must be a really good targeted list
[21:57:06] <pickcoder> ToreadorVampire: no.. what auth service.. dovecot, courier, etc
[21:57:24] <pickcoder> aol = 2030
[21:57:53] <pickcoder> msn/hotmail is about the same
[21:58:26] * pickcoder checks his syntax
[21:58:41] <ToreadorVampire> Oh ... I don't have any of those installed ... sorry - left out some important info - this mta is send-only, and only listens on localhost ... it doesn't handle inbound mail at all
[21:59:03] <ToreadorVampire> The scenario is "mta that handles outgoing mail generated by hosted websites"
[21:59:10] <pickcoder> ToreadorVampire: if people are sending mail from outside of localhost then it is smtp and smtpd oriented
[21:59:14] <adaptr> local unix users do not authenticate, period. they just call sendmail
[21:59:18] <pickcoder> you still have to have an auth setup
[21:59:52] <pickcoder> unless you hooked up sasl manually
[22:00:27] <pickcoder> hrm.. you still need an auth socket though
[22:00:36] * pickcoder stops thinking
[22:01:25] <adaptr> mailing lists have addled your brain
[22:01:44] *** Tykling has left #postfix
[22:01:51] <ToreadorVampire> Hmm ... well - hang on - I have the auth part working - I may need to somehow prevent them using the /usr/sbin/sendmail avenue (because I don't want people bypassing the auth on TCP connections)
[22:01:55] *** Tykling has joined #postfix
[22:03:04] <ToreadorVampire> That is - postfix (connecting via TCP 25) forces me to authenticate before I do anything more
[22:03:51] *** eanxgeek has quit IRC
[22:03:58] <adaptr> ToreadorVampire: you make no sense
[22:04:16] <adaptr> if users log in, they ARE authenticated, and hence SMTPauth is superfluous
[22:04:31] <adaptr> if they do log in, then the will not use TCP - why would they ?
[22:04:53] <pickcoder> seekwill: did you get the html mailing?
[22:05:11] <seekwill> pickcoder: Yup :)
[22:05:19] <pickcoder> does the toolmug link work?
[22:05:31] <pickcoder> a few people in chat have said it doesn't work
[22:05:38] <ToreadorVampire> adaptr> Right - sorry ... they are not logged in via a shell ... I am referring to a web process running on the server, using the smtp server to send emails
[22:06:06] <adaptr> and people log in through this "web process" ?
[22:06:42] <ToreadorVampire> adaptr> Erm, no - imagine for example a "contact us" form on a website - there is no user authentication there - the web process just uses the mta to send emails
[22:06:44] *** pirho has quit IRC
[22:06:45] *** bG909 has joined #postfix
[22:06:56] <adaptr> it uses sendmail
[22:06:59] <adaptr> never SMTP
[22:07:10] *** Tykling has quit IRC
[22:07:13] <pickcoder> unless it's PHP
[22:07:19] <pickcoder> or possibly Perl
[22:07:23] <adaptr> still no
[22:07:27] <pickcoder> people do use SMTP
[22:07:52] <adaptr> the whole point of the sendmail entrypoint is to be able to bypass SMTP routing and stuff, since you're ON the machine, so it doesn't need to do SMTP
[22:07:57] *** pirho has joined #postfix
[22:08:02] <adaptr> of course it CAN
[22:08:05] <adaptr> but it doesn't NEED to
[22:08:18] <pickcoder> not all machines are configured to route mail and host web apps
[22:08:31] <ToreadorVampire> Right - but I want to prevent some websites from sending email - say a website I host is compromised and starts sending junk - I want to be able to quickly revoke that site's mail-sending permissions by removing the user that the httpd process runs under from a "mail-sending" group
[22:09:09] <seekwill> pickcoder: Yeah, seems to
[22:09:13] <pickcoder> ToreadorVampire: so configure the MTA to relay through a control gateway
[22:09:21] <adaptr> pickcoder: apart from the original use of sendmail, to ..erm..send mail
[22:09:22] *** pirho has quit IRC
[22:09:27] <adaptr> pickcoder: but you KNEW I meant that
[22:09:46] <pickcoder> seekwill: ok.
[22:09:49] <seekwill> pickcoder: Yeah, all three
[22:09:53] <ToreadorVampire> I don't want to mangle/disable the whole user account that the website runs under - because then A) The website goes down and B)  I have disabled their ftp access, and I want them to keep that so they can go fix whatever was causing the junk-emailling
[22:10:19] *** pirho has joined #postfix
[22:10:20] <pickcoder> seekwill: ok.. stop clicking unless you want to increase our click-through rate..
[22:10:23] <pickcoder> :)
[22:10:32] <seekwill> pickcoder: :)
[22:10:37] <seekwill> Sorry
[22:10:48] <ToreadorVampire> pickcoder> So - when you say "relay through a control gateway" - what do you mean?  Put another mta in front of it?
[22:11:00] *** bG909 has left #postfix
[22:13:26] <pickcoder> seekwill: no worries it's a new item and we want to gauge interest
[22:13:35] <seekwill> ah
[22:13:36] <pickcoder> ToreadorVampire: behind it
[22:13:56] <pickcoder> if customer A starts spamming then you can drop relay access for that machine
[22:14:14] <pickcoder> if they don't have port 25 access going out then they can't override the settings and send it directly
[22:14:41] <ToreadorVampire> Oh, right, but customer A, customer B, customer C etc etc are all on the same physical machine - it's shared osting
[22:14:46] <ToreadorVampire> hosting*
[22:15:01] <pickcoder> do they each have a unique IP?
[22:15:13] <ToreadorVampire> So if I drop relay permissions per-machine then I cut off a swathe of customers at once
[22:15:16] <ToreadorVampire> pickcoder> No
[22:15:37] <pickcoder> well there are other methods using transports by name
[22:15:51] <pickcoder> but you don't sound interested in the approach
[22:15:54] *** tcpsyn_ is now known as tcpsyn
[22:16:43] <adaptr> he wants a quicky web-host-for-less fix
[22:17:20] <ToreadorVampire> No, I had thought that "what I mostly already have" would be sufficient - force SMTP auth (which is working) and then (based on the username that is auth'd as) permit or deny the sending of email
[22:17:42] <pickcoder> that only works for SMTP
[22:17:43] *** Tykling has joined #postfix
[22:18:06] <adaptr> you cannot deny the use of sendmail unless you make it a lot hader to use sendmail at all, i.e. root:root and sudo lists
[22:18:11] <adaptr> *harder
[22:18:27] <pickcoder> or wrap sendmail into an SMTP tool
[22:18:34] <pickcoder> which breaks a lot of other things
[22:18:38] <adaptr> and again deny its use to normal system users
[22:18:45] <ToreadorVampire> adaptr> OK - if that's what I need to do then that's what I need to do ...
[22:18:46] <adaptr> which you really don't want to do
[22:19:30] <ToreadorVampire> There are no interactive system users - this is a server, so very few things need to be able to send emails beyond root and maybe a few service accounts that I can wrap into a group ...
[22:20:06] <pickcoder> the biggest problem I've seen wiith mail forms is piggy-back spam
[22:20:38] <pickcoder> that can be prevented if the form data is inteligently sanitzed  before dumping to sendmail
[22:20:48] <pickcoder> ~sanitized
[22:21:18] <ToreadorVampire> Well - it's not just mail forms ... until now I have only been hosting websites that I have written myself ... so I have been confident that the sites I wrote were secure and couldn't be compromised and turned into automated spam-sending drones
[22:22:33] <ToreadorVampire> However - I'm getting asked more and more about hosting other people's stuff, that I haven't written myself, and of course because of that I *can't* be sure that a site I'm hosting isn't going to start sending a crapload of automated junk - so I want some kind of accountability for the owners of those sites ...
[22:22:39] <UQlev> can anybody recommend how to debug this? http://rafb.net/p/20wCoL86.html
[22:22:56] <ToreadorVampire> ... so that I can shut them down really quickly if their sites do get compromised
[22:25:46] <pickcoder> sender_dependent_relayhost_maps
[22:26:07] <UQlev>  testsaslauthd -s smtp -u postmaster at smak1 dot com -p Bu7ahk7a
[22:26:07] <UQlev> 0: OK "Success."
[22:30:18] *** Niemi_ has quit IRC
[22:30:29] <pickcoder> ToreadorVampire: you can still have relaying control even if there's only one IP on the souce machine
[22:30:57] <ToreadorVampire> pickcoder>  Oh?
[22:31:38] <pickcoder> mail coming from @domain can be relayed through <protocol>:<hop>
[22:32:09] *** anykey has joined #postfix
[22:32:16] <pickcoder> transport is probably the easiest way
[22:32:57] <ToreadorVampire> Right, the only issue there is that it doesn't always have a predictable FROM address, although I probably could change that safely ...
[22:33:09] <pickcoder> if it doesn't it doesn't go anywhere
[22:33:20] <pickcoder> provided you block everything except stuff in the transport maps
[22:33:32] <pickcoder> or
[22:33:44] <pickcoder> configure a default relayhost on another machine to capture the bad mail
[22:33:46] *** F6F has joined #postfix
[22:33:49] <pickcoder> which the transport overrides
[22:34:00] <pickcoder> s/on another machine/to another machine
[22:34:27] <ToreadorVampire> So, yeah - have a default policy of "your email goes straight to /dev/null" unless there is an entry in a list that says "email from * at good dot domain.com gets routed normally"
[22:35:49] <ToreadorVampire> Then, if the website hosted at bozos.com gets compromised, remove (or comment out) their line in the config that tells the MTA to process mail from * at bozos dot com and it gets black-holed until I add that line back in?
[22:36:14] *** digex7778 has quit IRC
[22:36:18] <anykey> hi all. Our windows guy requires me (the unix guy) to conf our postfix such that all user can relay mails for all their mail accounts through our postfix, even if they are located on another mail provider, using SMTP-Auth with their credentials. I don't know if that is even possible without me manually record their credentials (they do not seem to care though). Can this be done?
[22:37:23] <anykey> and sorry if I am interrupting anything here -- I am just at my wit's end, and cannot seem to talk him out of it.
[22:38:00] <ToreadorVampire> Hmm, I don't know enough about email servers to answer directly, but if there's an answer and I'm reading the question right, it probably involves ldap somewhere along the line ;)
[22:38:20] <anykey> no... no think "stupider" than that
[22:38:46] <anykey> it is just, they want to use our exchange web access, but continue to send using their other addresses
[22:39:04] <anykey> the different accounts are not related in any common directory or something
[22:39:18] <ToreadorVampire> Oh, woah ... yeah - that IS stupid :s
[22:39:34] <anykey> I KNOW
[22:39:38] <ToreadorVampire> Sorry - I really did misread the question
[22:39:53] <anykey> you see, they don't care about this, and I am really worn out, nerve-wise
[22:39:59] <anykey> so PLEASE tell me it is impossible
[22:40:15] <anykey> so that I may answer "sorry dude, it is impossible" and be in peace
[22:40:25] * ToreadorVampire thinks
[22:40:42] <anykey> I know postfix can auth, for a specific domain
[22:40:54] <anykey> but... From:-wise?
[22:41:23] <ToreadorVampire> It's sort of possible, but even then it would require a LOT of hacking and bespoke coding (AFAIK, I don't know of an off-the-shelf that will do it)
[22:41:26] <anykey> and even if it could, why would anyone give their credentials to a complete stranger (me)? That's just SICK
[22:41:41] <ToreadorVampire> That is - do it like the blackberries do it
[22:42:08] * anykey is confused.
[22:42:16] <anykey> how do they do it?
[22:42:19] <ToreadorVampire> blackberries make calculated guesses at what the auth setup is when you set them up to receive email
[22:42:40] *** UQlev has quit IRC
[22:42:51] <ToreadorVampire> So ... for example, I have an email account at something at provider dot com
[22:43:18] <pickcoder> anykey: if you can get the auth DB through SASL then you can permit_sasl_authenticated
[22:43:22] <sysmonk> anykey: sorry dude, it's possible :)
[22:43:25] <sysmonk> ;)))
[22:43:30] <pickcoder> it doesn't matter where the auth db is
[22:43:45] <sysmonk> pickcoder: yeah, just what i wanted to say
[22:44:11] <ToreadorVampire> I want to access that on a BB, I type in my email address and the BB goes out and examines provider.com's MX records, and based on those it makes guesses about how THEIR mailserver is set up
[22:44:28] *** verywiseman has quit IRC
[22:44:43] <ToreadorVampire> (at least, I assume that's how it works)
[22:44:50] <anykey> sysmonk: something tells me that this really isn't gonna end good
[22:44:53] <seekwill> huh?
[22:44:55] <pickcoder> ToreadorVampire: your BB is making an SMTP connection to the server and doing what all clients to
[22:44:57] <pickcoder> s/to/do
[22:45:10] <seekwill> What is BB?
[22:45:11] <pickcoder> it asks for auth options and finds a mech it likes
[22:45:23] <pickcoder> that's nothing special
[22:45:25] <sysmonk> anykey: you want your users able to send email through postfix using the login details from exchange?
[22:45:26] <ToreadorVampire> Right, but it has to guess whether to connect via POP/IMAP/Exchange ActiveSync etc in order to read emails ...
[22:45:27] <pickcoder> and it's not "guessing"
[22:45:35] <anykey> sysmonk: no
[22:45:38] <pickcoder> POP != SMTP
[22:45:52] <ToreadorVampire> Oh, yeah, for sending/SMTP I suppose that's correct, it can just look at the MX records
[22:45:55] *** stpierre has joined #postfix
[22:45:55] <anykey> sysmonk: that's not so stupid as the thing they want
[22:46:08] <pickcoder> ToreadorVampire: the MX only provides the IP of the mail host
[22:46:54] <sysmonk> pickcoder: and does some voodoo magic! :)
[22:47:03] <ToreadorVampire> It has to be able to guess for receive though?  Because I don't have to tell it "My recieve server is IMAP" - I just give it my email address and it works it out
[22:47:17] <anykey> sysmonk: we have accounts at a.com, our users have several different accounts spread over the internet, and want to relay all such mails to the MXes of their different accounts
[22:47:19] <stpierre> we have some measure in place to ensure that people don't set up automatic forwarding and pass spam along with it, so i'd like to set up header checks that discard any messages with SA headers in them, but _only_ if those messages are from certain hosts (i.e., our imap servers, where all forwarded messages will originate).  how do i do that?
[22:47:24] <anykey> sysmonk: using their credentials.
[22:47:31] <stpierre> all i can figure out is how to apply header_checks globally
[22:47:45] <ToreadorVampire> Oh well, blah ... I don't want to be screwing around with email - it's not my speciality ... I just want to get this set and then get back to doing what I should be doing ...
[22:47:50] <pickcoder> ToreadorVampire: if it's not protocol specific for inbox, then yes it will try protocols until it finds one that the server offers
[22:51:11] <pickcoder> anykey: I'm lost
[22:51:21] <anykey> pickcoder: what with?
[22:51:33] <anykey> pickcoder: should I get you an example?
[22:51:40] <pickcoder> "their credentials"
[22:51:57] <pickcoder> unless "their credentials" are available on your machine then postfix won't have a clue about the user
[22:52:28] <anykey> pickcoder: Alice has an account at gmx.de, and wants our postfix -- which sends and receives mail for ourdomain.com -- to contact mx.gmx.de with her credentials to drop that mx mail sent by her address at gmx.de
[22:52:57] <anykey> pickcoder: and they want me to record manually their credentials such that postfix knows them.
[22:53:04] <pickcoder> hah
[22:53:07] <sysmonk> ...
[22:53:14] * sysmonk offers anykey a shotgun
[22:53:16] <anykey> pickcoder: and I don't see ANY REASON why I should DO that
[22:53:24] <anykey> because this is STUPID
[22:53:26] <pickcoder> why?.. I'd say "how" instead
[22:53:34] <pickcoder> what if there's 50K users
[22:53:36] <pickcoder> pr more
[22:53:38] <pickcoder> or more
[22:53:44] *** digex7778 has joined #postfix
[22:53:53] <pickcoder> what's the reason behind the relaying?
[22:54:07] <anykey> because they are windows people who don't give a damn
[22:54:20] <pickcoder> s/don't give a damn/can't filter the mail?
[22:54:29] <anykey> and the "admin" slipped onto the admin chair by chance
[22:54:31] <anykey> NO
[22:54:49] <anykey> they can filter, they just want to SEND with their other adresses and the other network employs SPF
[22:55:46] * anykey is just... near crying.
[22:56:08] <anykey> all those lectures I gave them about password security...
[22:56:14] <anykey> NO ONE EVER LISTENED
[22:56:17] <anykey> *sob*
[22:56:38] <anykey> sorry, I didnt mean to shout.
[22:57:26] *** cilquirm has joined #postfix
[22:57:50] <cilquirm> hi, having some trouble setting up verp on postfix
[22:58:13] <cilquirm> i'm trying to use the XVERP command, and running into 55 5.5.4 Unsupported option: XVERP
[22:58:31] <pickcoder> anykey: so the mail is coming from your machine but they want you to deliver it directly to the MX @ gmx.de
[22:58:35] *** FireRabbit has joined #postfix
[22:58:58] <anykey> pickcoder: yes, because mail must pass through there because of spf
[22:59:20] <pickcoder> that will happen automatically if the MX is setup for gmx.de correctly
[22:59:21] <anykey> but the part that bugs me most is that this function SHOULD NOT be in our mission critical MX
[22:59:35] <pickcoder> how is the mail getting to you
[22:59:37] <cilquirm> i'm doing this from the mail server itself and i have localhost in mynetworks
[22:59:52] <FireRabbit> hi everyone. how do I add a virtual mailbox user along side real users for the same domain name? the documentation makes it sound like adding the domain to virtual_mailbox_domains will break delivery for real users.
[23:00:04] <anykey> pickcoder: they use exchange, exchange talks then to postfix (my box)
[23:00:12] <pickcoder> over the LAN?
[23:00:20] <anykey> pickcoder: from there, it is off into the internet
[23:00:24] <anykey> pickcoder: yes.
[23:00:28] <anykey> same subnet.
[23:00:32] <pickcoder> well that's not biggie
[23:00:34] <ToreadorVampire> anykey>  Yeah, the ONLY way I can think of doing it is have some kind of "guess/discover the correct MTA to forward to from the sender address" and then have a smart-host-style routing rule to forward the email from those domains on to the correct mta
[23:00:45] <ToreadorVampire> But I don't know any off-the-shelf MTA that will let you do that
[23:00:49] * ToreadorVampire shrugs
[23:00:59] <pickcoder> you'll have to tell postfix to relay for Exchange
[23:01:16] <pickcoder> if if gmx.de requires TLS/SASL for delivery then that's in the docs
[23:01:49] <anykey> I know about sasl_password_maps
[23:01:56] <ToreadorVampire> (oh, and you'd have to re-use the same auth they gave to your local mta)
[23:02:05] <anykey> but this lets you specify user:password
[23:02:11] <anykey> for ONE user
[23:02:38] <anykey> so alice at gmx dot de can auth. but then ALL gmx mail is tried to auth with alice:password
[23:02:47] <anykey> which causes gmx to reject.
[23:03:28] <anykey> but, you can guess what this is going to turn to... we have several users owning several addresses on several mail providers that overlap.
[23:03:46] <anykey> And I cannot record all credentials whenever we get new users that wish to do this.
[23:04:20] <ToreadorVampire> anykey>  Yeah, seriously, I'd just go tell them "you're crazy!  stop being so crazy!"
[23:04:42] <anykey> he tried to make exchange do it.
[23:04:45] <anykey> it doesn't.
[23:04:57] <ToreadorVampire> Of course not
[23:05:06] <anykey> who WOULD, dam**t?
[23:05:09] *** shinao1 has joined #postfix
[23:05:12] *** tm-30740-exa has quit IRC
[23:05:17] <ToreadorVampire> I don't think you will find an MTA in the world that does, you
[23:05:39] <ToreadorVampire> 're not just asking for relaying - you're talking about something along the lines of dynamic proxying
[23:05:49] * seekwill perks up...
[23:05:51] <seekwill> Hmmm?
[23:05:54] <ToreadorVampire> Which AFAIK is a non-existant technology
[23:06:06] <anykey> you lost me at dynamic proxying.
[23:06:12] <seekwill> dynamic proxying?
[23:06:37] <ToreadorVampire> Yeah - I am making that term up because it doesn't exist AFAIK
[23:06:38] <ToreadorVampire> But:
[23:07:03] <seekwill> What was the problem?
[23:07:18] <ToreadorVampire> I'm a fictious "dynamic proxy" MTA - I receive an email with SENDER: foo at gmx dot de with SMTP auth username:password
[23:07:56] <anykey> uh, I think, I cannot tell this in short time, but as far as I am concerned, the problem is an admin who cannot do, doesn't care, and wants me to work magic.
[23:08:12] <seekwill> anykey: Good luck :)
[23:08:13] <ToreadorVampire> I can see that the sender says gmx.de so I go look up gmx.de's MTA in some kind of database, then try re-sending that email through it using the same auth as was given to me
[23:08:28] <anykey> ToreadorVampire: yes, that is somehow a very concise description.
[23:08:42] <ToreadorVampire> I don't think the technology exists
[23:08:44] <ToreadorVampire> AFAIK
[23:08:52] <ToreadorVampire> I think you would have to write it yourself
[23:08:55] <seekwill> ToreadorVampire: Why would you want to do that?
[23:08:58] <anykey> ToreadorVampire: no no, you forget the part where I am required to manually record the creds for that remote MTA
[23:09:11] <anykey> seekwill: see my comment about the actual problem
[23:09:29] <anykey> that guy is somehow... a bit clueless
[23:09:50] <seekwill> oh
[23:10:00] <anykey> but he knows that "windows sucks", but "linux sucks worse", and always wants me to work such things you would just....
[23:10:14] <anykey> sysmonk: I accept that shotgun you offered me.
[23:10:14] <ToreadorVampire> anykey>  Oh - nominally "accept anything" on your MTA (if the email has a SENDER is coming from anything other than your own managed email domain) and then go by whatever result the downstream MTA gives you
[23:10:22] <ToreadorVampire> So ... nominally ...
[23:10:32] * seekwill goes back to work....
[23:10:55] <ToreadorVampire> Accept username:password - then kind of "proxy" that email on to gmx.de's MTA, and return whatever result gmx.de gives you
[23:11:24] <ToreadorVampire> So if gmx.de says "authentication accepted" when you re-use username:password, then return "authentication accepted" to the user inside your network
[23:11:36] <ToreadorVampire> If gmx.de tells you to sod off, tell the local user to sod off
[23:11:39] <seekwill> Why would you want to give another MTA your credentials ?
[23:11:57] <seekwill> Or is this part of the problem?
[23:12:04] <anykey> seekwill: this is part of the problem.
[23:12:08] <seekwill> oh
[23:12:14] <ToreadorVampire> seekwill>  Because in this instance - the credentials they gave you in the first place are not their credentials on your local network - they gave you the other MTA's credentials
[23:12:26] <seekwill> So <insert good reason here> you can't connect to gmx.de directly...
[23:12:45] <seekwill> But you /must/ go through this relay (i.e., firewall block)?
[23:13:07] <seekwill> Seems wrong
[23:13:09] <ToreadorVampire> Your local MTA is supposed to say "Oh hey, they don't want to really send email through me, I'm going to go proxy the request onwards to some other mta and re-use the credentials they gave me over there"
[23:13:27] <ToreadorVampire> Well - yeah - actually ... it feels to me like it breaks the email spec
[23:13:44] <ToreadorVampire> I didn't think the smtp spec included a definition for a proxy server
[23:14:02] <ToreadorVampire> (see, I'm normally an HTTP person, I know that spec nearly back to front ;) )
[23:14:12] <ToreadorVampire> And what you're describing is like an HTTP proxy, but for smtp
[23:14:17] <ToreadorVampire> And I didn't think smtp could do that
[23:14:58] <ToreadorVampire> So my answer to them would be "stop being crazy, you crazy person"
[23:15:01] *** stpierre is now known as runnybabbit
[23:15:15] <anykey> yes.
[23:15:18] <anykey> mine will be, too.
[23:15:24] <anykey> you saved my sanity, thank you.
[23:15:27] <ToreadorVampire> np
[23:15:28] *** runnybabbit is now known as stpierre
[23:15:37] <ToreadorVampire> At only a slight cost to my own :s
[23:15:48] * ToreadorVampire rolls d6 and subtracts SAN as appropriate ...
[23:18:29] <cilquirm> is it not possible to have a luser and verp at the same time?
[23:18:33] <cilquirm> luser_relay*
[23:19:19] <cilquirm> actually that wasn't it
[23:19:36] <cilquirm> but i can't seem to figure out why i can't XVERP going on a stock ubuntu 8.0.4 box
[23:19:43] <pickcoder> anykey: tell the exchange guys to send you a comma delimited list of the credentials
[23:20:29] <ToreadorVampire> Hmmmmmm
[23:20:57] <ToreadorVampire> I'm thinking more about my problem ... maybe I am attacking it from the wrong angle?
[23:21:10] <anykey> pickcoder: what for?
[23:22:04] <ToreadorVampire> Is there instead a good way of spamfiltering my outgoing email?  Assume everything is sent from localhost though, so I would need a way of catching potential phishing/spam based (as far as I can think of) solely on their content?
[23:22:08] <adaptr> for pissing them off
[23:22:45] <pickcoder> anykey: if they can actually provide it tell them that you will consider setting it up
[23:23:06] <anykey> pickcoder: but it is not possible to do it in the first place.
[23:23:19] <anykey> pickcoder: I will just say "no" and that's it.
[23:23:20] <pickcoder> sender-dependent auth allows you to do one user:password pair by sender address
[23:24:09] <pickcoder> you can build an sasl map using a scripting language, from the CSV
[23:24:40] <anykey> and if it for some reason doesnt work, they will hang me.
[23:24:44] <anykey> that is the catch.
[23:24:50] <pickcoder> everytime they need to update the sasl map, you need 1-week notice
[23:24:56] <pickcoder> and $1 in the beer fund
[23:25:16] <pickcoder> why wouldn't it work?
[23:25:35] <anykey> I dunno
[23:25:37] <pickcoder> you shouldn't _have_ to make it work
[23:26:10] <seekwill> Stand your ground, man!
[23:26:30] <anykey> I really don't know.
[23:26:43] *** eanxgeek has joined #postfix
[23:26:48] <anykey> you see this whole thing irritates me
[23:26:50] <seekwill> ToreadorVampire: Yes. It's just like any other mail that comes into the MTA
[23:26:53] <pickcoder> the biggest headache is keeping it updated
[23:27:03] <pickcoder> that's what auth DBs are for
[23:27:50] <seekwill> LDAP!
[23:28:02] *** havvg has quit IRC
[23:28:15] <pickcoder> too bad there isn't an smtp_sasl_ldap_map
[23:28:29] <pickcoder> though you could build the sasl map file from LDAP
[23:28:48] <anykey> pickcoder: too late. my boss has already informed the windows people it isn't gonna happen.
[23:29:49] <anykey> he read part of that conversation earlier...
[23:29:59] <anykey> and I got an email and was on Bcc
[23:30:02] <seekwill> Your boss is here?
[23:30:11] <anykey> no, I think he isn't
[23:30:22] <anykey> I got him on ICQ in the other window
[23:30:34] * seekwill uses Jabber to talk to his boss
[23:30:44] *** FireRabbit has left #postfix
[23:30:47] *** TomHanks has joined #postfix
[23:31:11] <anykey> seekwill: I tried that, they didn't want to.
[23:31:47] <anykey> he wanted to end my suffering, I think.
[23:31:57] <TomHanks> Hallo. Ich bekomme alle paar Sekunden in der mail.log das folgende:
[23:31:57] <TomHanks> pop3-login: Can't load private key file /etc/ssl/private/dovecot.key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[23:31:58] <pickcoder> I thought ICQ got trampled by <insert new IM protocol>
[23:32:11] <pickcoder> TomHanks: #dovecot
[23:32:32] <TomHanks> ?
[23:32:32] <seekwill> AOL bought ICQ
[23:32:40] <pickcoder> TomHanks: that's not a postfix error
[23:32:44] <anykey> seekwill: I know that
[23:32:53] <seekwill> anykey: Good! :)
[23:32:55] <anykey> seekwill: it's just... they don't really care.
[23:33:05] <seekwill> I was sorta answering pickcoder's question
[23:33:18] <anykey> seekwill: chicken-and-egg-problem: everyone is not on Jabber, so they don't go Jabber.
[23:33:18] <TomHanks> achso... komme vom workaround.org tutorial und da war ein hinweis auf #postfix - alles klar ok thanks
[23:33:43] <seekwill> anykey: Jabber is the way
[23:33:49] <seekwill> anykey: Actually, Gtalk :P
[23:34:06] <anykey> seekwill: dunno, I got an ejabberd running myself
[23:34:26] *** TomHanks has quit IRC
[23:36:38] *** eanxgeek has quit IRC
[23:36:50] *** eanxgeek has joined #postfix
[23:39:10] <ToreadorVampire> Hmm ... this whole exercise today is just worrying me that I don't know about email/smtp/mtas to safely host someone else's untrusted web application :s
[23:39:16] <seekwill> :)
[23:39:24] <seekwill> Outsource!
[23:39:43] <seekwill> There needs to be better oursourcing options...
[23:40:27] *** verywiseman has joined #postfix
[23:40:50] <ToreadorVampire> seekwill>  Well, no point ... at the moment I only provide hosting for sites/web-apps that I write myself ... under those circumstances I can be reliably confident that the stuff I write won't get pwned and start acting as a spam-sending drone site ...
[23:41:40] <seekwill> There's more to email than just that... but I guess if you're not having problems now, there's no worry
[23:42:06] <ToreadorVampire> BUT - if I host someone else's stuff, and it DOES get compromised, then my IP could be blacklisted etc, and I don't want to deal with that crap - plus I could lose my dedicated server hosting - which is really bad to me
[23:42:15] <seekwill> Very true
[23:43:03] <ToreadorVampire> So - someone asked me today whether they could host their site on my hosting (and, knowing them, they are AWFUL at web security, like - they will merrily leave their whole site world-writable) - I don't want them to blow my whole hosting system up
[23:43:30] <seekwill> Tell them no!
[23:44:12] <ToreadorVampire> Indeed, I suspect the reason they want to use me for hosting is because their existing hosting has been shut down (because they got compromised too often, and were damaging the hosts, although I don't know that for a fact)
[23:44:22] <ToreadorVampire> Yeah ... I am seriously considering the "no" option right now ...
[23:44:40] <seekwill> lol
[23:44:50] <seekwill> There are PLENTY of places for them to get hosting
[23:45:06] <ToreadorVampire> ... especially having spent a day trying to work out how I can protect myself against the possible damage they could cause, and not getting very far with it ...
[23:45:21] <seekwill> It's not worth it
[23:46:08] <ToreadorVampire> Yeah ...
[23:46:09] <ToreadorVampire> ... yeah
[23:46:15] <seekwill> .. yeah ..
[23:47:51] *** hparker has quit IRC
[23:48:10] *** Knoedel2 has quit IRC
[23:48:36] *** shinao1 has quit IRC
[23:48:54] *** shinao1 has joined #postfix
[23:49:07] <pickcoder> at least you get paid
[23:49:19] *** hparker has joined #postfix
[23:49:23] <ToreadorVampire> ?
[23:49:30] <pickcoder> I spent years running free CMS systems and got nothing in return apart from spam and content leechers
[23:49:46] <ToreadorVampire> Oh right ...
[23:49:53] <ToreadorVampire> Oh, I don't do hosting for free ;)
[23:50:12] <ToreadorVampire> But hosting is not my core business ... design/programming is
[23:50:59] *** shinao1 has quit IRC
[23:51:30] <ToreadorVampire> I have the hosting so that "if I need to make a quick reconfiguration to the server to accommodate a specific technology" then I can
[23:51:34] *** shinao1 has joined #postfix
[23:51:41] <pickcoder> bbl
[23:51:44] *** pickcoder has quit IRC
[23:52:48] <seekwill> ToreadorVampire: Definitely wouldn't do hosting for someone else if it's not your thing... look how much time was wasted that you could have been coding!!!!
[23:53:02] <ToreadorVampire> yeah
[23:53:08] <ToreadorVampire> Well - this is true
[23:54:26] <anykey> still, thanks people about earlier. I have to go now.
[23:54:35] *** anykey has quit IRC
[23:54:42] <ToreadorVampire> I just hate saying "no" if there was a way around doing it ... and it was probably a worthwhile exercise either way - if I could have reliably set myself up a robust/secure hosting platform then I wouldn't be opposed to the idea ... but anything I do would have to pretty much run itself in that vein ...
[23:55:05] *** F6F has quit IRC
[23:56:08] <seekwill> ToreadorVampire: No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
[23:56:23] <ToreadorVampire> lulz
[23:56:35] <ToreadorVampire> So ... "no"
[23:56:43] <seekwill> right
[23:56:46] * ToreadorVampire will tell him tomorrow, since it's 11pm now :s
[23:57:00] <ToreadorVampire> Hmm, now what was I *supposed* to be doing today I wonder?
[23:57:21] * ToreadorVampire destroys his test postfix and sendmail servers
[23:57:26] <seekwill> Designing that porn site
[23:58:19] <ToreadorVampire> lol - actually, a local golf club want a CMS site designed - which is a nice break from the big programming job I've been working on recently ...
[23:58:35] <ToreadorVampire> Nice easy graphic-based job ... been doing too much coding of late
[23:58:42] <seekwill> yay!
[23:58:57] *** pirho has quit IRC
[23:59:08] <seekwill> Home!
[23:59:10] *** seekwill has quit IRC
[23:59:54] <ToreadorVampire> Indeed ... Yay!  Ho ... oh, wait, I work from a home office ...
[23:59:58] <ToreadorVampire> Oh well ...





top