[00:03:02] <syska> postsuper -r ALL did the trick for me :-)
[00:03:33] *** Albertein has joined #postfix
[00:04:14] *** Albertein is now known as AlbertEin
[00:07:36] *** Fallenou has quit IRC
[00:10:27] *** stas_ has joined #postfix
[00:18:22] *** hparker has quit IRC
[00:21:33] *** hparker has joined #postfix
[00:23:01] *** war9407 has quit IRC
[00:25:46] *** pirho has quit IRC
[00:25:49] *** stas has quit IRC
[00:26:15] *** cilly has joined #postfix
[00:28:15] *** stas_ has quit IRC
[00:35:13] <SARGuy> Verilium: I'm having the SQL rewritten to handle the virtual alias stuff but in the meantime, is there a way that messages from a specific sender can be redirected?
[00:36:20] *** stas has joined #postfix
[00:36:21] *** jelly has quit IRC
[00:36:36] <SARGuy> more out of curiosity than functionality..
[00:37:01] *** jelly has joined #postfix
[00:37:23] *** non-sequitir has quit IRC
[00:47:52] *** cilly has quit IRC
[00:50:07] *** mcepl has joined #postfix
[00:51:11] *** timotiCK has left #POSTFIX
[00:51:24] *** jelly has quit IRC
[00:51:36] *** jelly has joined #postfix
[00:56:36] *** Haris_ has joined #postfix
[00:56:37] *** Haris has quit IRC
[00:57:14] *** cilly has joined #postfix
[00:57:23] *** mcepl has left #postfix
[01:02:08] *** deadpigeon has quit IRC
[01:03:21] *** Vince42 has quit IRC
[01:03:41] *** Vince42 has joined #postfix
[01:04:47] *** cilly has quit IRC
[01:07:40] *** war9407 has joined #postfix
[01:13:11] *** stas has quit IRC
[01:13:46] *** hparker has quit IRC
[01:16:24] *** stas has joined #postfix
[01:30:13] *** stas has quit IRC
[01:31:06] *** Juspion has joined #postfix
[01:42:28] *** stas has joined #postfix
[01:55:39] *** stas has quit IRC
[01:55:56] *** stas has joined #postfix
[01:56:19] <SARGuy> i'm getting  Recipient address rejected: User unknown in virtual alias table when sending to hotmail accounts???  anyone???
[02:03:41] *** stas has quit IRC
[02:04:15] *** war9407 has quit IRC
[02:04:31] *** stas has joined #postfix
[02:06:09] *** ming_zym has joined #postfix
[02:20:17] *** Knoedel2 has quit IRC
[02:26:09] *** AlbertEin has quit IRC
[02:26:44] <higuita> SARGuy :)
[02:27:30] <higuita> looks like you add the hotmail to your mydestination, virtual
[02:30:57] *** stas has quit IRC
[02:33:35] *** stas has joined #postfix
[02:43:27] *** felix-da-catz_zz is now known as felix_da_catz
[02:53:06] *** Juspion has quit IRC
[02:56:21] *** dberry has joined #postfix
[02:56:54] *** Twinkletoes|H has joined #postfix
[03:01:41] *** dberry has quit IRC
[03:07:47] <Twinkletoes|H> How can I suspend mail delivery whilst I test Postfix (and then flush the queue)?
[03:09:10] *** pluto has joined #postfix
[03:12:23] *** pluto has quit IRC
[03:13:05] *** pluto has joined #postfix
[03:16:54] *** pluto has left #postfix
[03:23:53] *** BuenGenio has quit IRC
[03:24:06] <higuita> Twinkletoes|H: postsuper -h ALL; postfix stop
[03:24:20] <higuita> postsuper -H ALL release the email
[03:24:42] <Twinkletoes|H> Thank you - I did read that man page but that didn't jump out at me
[03:25:20] <higuita> postsuper -r ALL requeue the email (it will reapply any new rule)
[03:25:43] *** stas has quit IRC
[03:25:51] <Twinkletoes|H> higuita: Thank you :)
[03:26:01] <higuita> you are welcome ;)
[03:26:21] <Twinkletoes|H> higuita: I suppose that all the mail processing will be done, so I can watch the logs, it just won't get relayed to my smtp server upstream?
[03:27:36] *** stonith has quit IRC
[03:28:00] <higuita> after the postsuper -H ALL, you have to wait for the next period to queue manager to re-pickup the messange
[03:28:20] <higuita> you can force it with postfix flush
[03:35:44] *** xpoint has quit IRC
[03:36:53] <Twinkletoes|H> higuita: If you're still there - I can't find which post* command allows me to see the status of each queue
[03:41:21] <higuita> mailq
[03:42:06] <higuita> or postqueue -(somehing)
[03:42:14] <higuita> i use the old mailq )
[03:42:43] <Twinkletoes|H> higuita: It just says it's empty, I want to be SURE I've halted the queues before I go ahead and test
[03:43:01] <PatrickDK> postqueue -p shows the content of all queues
[03:43:08] <PatrickDK> postqueue -f flushs
[03:43:27] <Twinkletoes|H> PatrickDK: But how can I Tell if the queues are currently halted or not?
[03:43:52] *** pitakill has joined #postfix
[03:45:48] <PatrickDK> dunno, I never done it that way
[04:00:21] *** kwgossett has joined #postfix
[04:00:34] *** kwgossett has left #postfix
[04:00:53] *** kwgossett has joined #postfix
[04:00:59] *** kwgossett has left #postfix
[04:01:21] *** dberry has joined #postfix
[04:03:47] <cite> Good morning.
[04:05:09] *** nphase_ has joined #postfix
[04:05:26] *** pickcoder has joined #postfix
[04:07:23] *** nphase_ has quit IRC
[04:07:31] *** nphase_ has joined #postfix
[04:08:22] *** bacaci__2 has quit IRC
[04:09:08] <lunaphyte> hi
[04:09:59] <rob0> lo
[04:12:52] <cite> Oh no. The Internet is b0rken again. 12k mails in deferred queue.
[04:12:54] *** _fury has quit IRC
[04:13:32] <lunaphyte> i wish interface names could be specified in inet_interfaces.
[04:13:48] <cite> Isn't that the "old way"?
[04:14:01] <rob0> I think they can!
[04:14:26] <PatrickDK> the little postfix that could :)
[04:14:54] <lunaphyte> really?  i was just grumbling at man 5 postconf because it seems to indicate that you can't.  i guess i'll tias.
[04:15:58] <cite> What is the advantage of specifiyng an interface name, aside from having less to type if your interfaces have a lot of addresses associated with them?
[04:17:01] <pickcoder> limitations on which devices are communicated on
[04:17:11] <PatrickDK> easier vrrp interaction?
[04:17:13] <pickcoder> you could run multiple services under master
[04:17:19] <pickcoder> each one on a different interface
[04:17:23] <rob0> Also, might be transportable to another system
[04:17:39] <cite> I'm not convinced.
[04:18:09] <cite> PatrickDK: vrrp as in having two routers and stuff?
[04:19:04] <PatrickDK> no, as in someone sharing ip's between two servers, and not wanting to restart postfix to bind to those ip's all the time
[04:20:34] *** OneFix has joined #postfix
[04:21:07] <cite> Is there actually a syscall() which supports binding to an interface in the way that additional IPs are listened on if those are added after the bind() call was performed?
[04:21:33] <cite> (which is exactly what you would need in that case)
[04:21:54] *** growltiger_ has joined #postfix
[04:22:20] *** mavrick61 has quit IRC
[04:22:56] <OneFix> I seem to have a problem in a specific situation.  It only happens on mistyped addresses...and only on specific types...
[04:23:17] <OneFix> the address is "" at example dot com
[04:23:27] *** mavrick61 has joined #postfix
[04:23:35] <OneFix> And it redirects the message to MAILER-DAEMON
[04:23:56] <OneFix> I would like to have it simply bounce the message back
[04:24:59] <PatrickDK> cite, there are calls for that, dhcpd has to use those kinds of stuff
[04:28:22] <cite> No, dhcpd is just binding to 0.0.0.0
[04:28:32] <PatrickDK> no
[04:28:32] <sekhmet> ls
[04:28:37] <sekhmet> er
[04:28:40] <PatrickDK> dhcpd binds to something else
[04:29:00] *** OneFix has left #postfix
[04:29:23] <rob0> Must have found one fix.
[04:30:40] <lunaphyte> or in my case, nothing beyond pure laziness.
[04:31:01] <rob0> did you tias? did it work?
[04:31:34] <lunaphyte> actually, i changed my tactic and left inet_interfaces alone and adjusted master.cf.
[04:31:39] <cite> PatrickDK: common/socket.c from dhcp3-server says otherwise.
[04:32:29] <cite> It even complains about the standard socket API not being able to work the way it needs to work on multi-homed hosts.
[04:32:49] <PatrickDK> hmm, maybe this was older
[04:33:02] <PatrickDK> I remember it binding into something that you had to compile into the kernel
[04:33:04] <rob0> what does ntpd do?
[04:33:08] <PatrickDK> maybe I'm thinking 2.0 or 2.2
[04:33:09] <rob0> WWND?
[04:33:17] <pickcoder> this has been a reoccurring discussions
[04:33:22] <pickcoder> s/ns/n/
[04:35:17] *** growltiger has quit IRC
[04:38:52] <pickcoder> INADDR_ANY is normally set for all interfaces
[04:39:21] *** felix_da_catz is now known as felix-da-catz_zz
[04:40:27] * pickcoder notes a comment typo in myaddrinfo.c
[04:40:56] <pickcoder> I don't remember using a unix socket function to retrieve all addresses assigned to a device handle
[04:41:04] *** bluethundr has joined #postfix
[04:41:59] <sahil> go tell venema.
[04:42:38] <pickcoder> pfft
[04:42:43] <pickcoder> bbias
[04:43:14] *** jiffe99 has joined #postfix
[04:43:24] <sahil> pfft.  narly!
[04:43:40] *** growltiger has joined #postfix
[04:45:00] *** Twinkletoes|H has quit IRC
[04:48:53] <pickcoder> yay. I'm back
[04:51:26] <lunaphyte> anagrams for pickcoder: Riced Pock, Corked Pic, Cod Picker.
[04:51:58] <rob0> Cop Dicker
[04:52:11] <lunaphyte> and my two favorite: Cock Pride and Coed Prick
[04:52:30] <rob0> 0bro
[04:52:44] <lunaphyte> 0orb
[04:52:55] <pickcoder> bor0
[04:56:47] *** saurabhb has joined #postfix
[04:58:43] *** growltiger_ has quit IRC
[05:01:25] *** Hiweed has joined #postfix
[05:03:55] *** growltiger_ has joined #postfix
[05:04:26] <pickcoder> hrm.. if you wanted to assign the inet_interfaces by name then wouldn't it be the same as listing the IPs?
[05:04:36] <pickcoder> you can't have multiple ips per inet device name
[05:04:44] <pickcoder> they'd be virtual devices
[05:04:53] <rob0> you can too and they are not :)
[05:04:54] *** growltiger has quit IRC
[05:04:59] <pickcoder> how ?
[05:05:16] <rob0> Should I tell a Coed Prick? ;)
[05:05:30] <rob0> I only know Linux
[05:05:55] <rob0> but ... ip addr add ip.ad.re.ss/nm dev eth0
[05:06:10] <pickcoder> hm
[05:06:52] <pickcoder> I've never set it up that way
[05:07:10] <pickcoder> but now I remember doing that once before
[05:07:12] <rob0> Not suggesting you should ... but you CAN
[05:11:05] *** jwit_ is now known as jwit
[05:11:39] *** growltiger_ has quit IRC
[05:11:56] *** growltiger has joined #postfix
[05:12:02] <pickcoder> I imagine there'd have to be platform specific code if it was implemented since it's not part of the unix socket lib
[05:13:04] * pickcoder doesn't want to think about winsock/winsock2
[05:13:59] *** nphase_ has quit IRC
[05:19:53] *** dberry has quit IRC
[05:20:39] *** Haris1 has joined #postfix
[05:32:13] <pickcoder> according to one of the ntp and bind9 developers, they look up ips by device name
[05:32:41] <pickcoder> ntpd/ntp_io.c
[05:33:52] <pickcoder> libisc/ifiter_*.c
[05:35:47] *** Motoko-chan has joined #postfix
[05:36:51] <pickcoder> I'll look at it when I get a free weekend
[05:36:54] * pickcoder laughs
[05:37:56] <pickcoder> free weekend
[05:46:19] <Hiweed> Hi all, I'm configuring my Postfix following by the guide at http://workaround.org/articles/ispmail-etch/.
[05:46:20] <Hiweed> It worked great, until I added the two lines to main.cf:
[05:46:20] <Hiweed> 	content_filter = smtp-amavis:[127.0.0.1]:10024
[05:46:20] <Hiweed> 	receive_override_options = no_address_mappings
[05:46:20] <Hiweed> The SMTP does not work now, it takes Outlook Express long time to connect (I used `tail -f /var/log/mail.log` to watch the mail.log), when I stopped the connection, the "SSL_accept error" ocurred.
[05:46:21] <Hiweed> The /var/log/mail.log is here: http://rafb.net/p/PazS4B84.html
[05:46:23] <Hiweed> The /etc/postfix/main.cf is here: http://rafb.net/p/mHCmtg81.html
[05:46:25] <Hiweed> lines I added to /etc/postfix/master.cf are: http://rafb.net/p/7UI1aY70.html
[05:46:28] <Hiweed> If I comment the above two lines out from main.cf and reload Postfix, it will work again.
[05:46:29] <Hiweed> Any hints will be appreciative.
[05:48:37] <Hiweed> ... and, here is the result of `telnet localhost smtp`: http://rafb.net/p/sqGNqy35.html
[05:49:24] <pickcoder> broken_sasl_auth_clients = yes
[05:54:40] <pickcoder> Hiweed: ^^^
[05:55:10] <Hiweed> thanks pickcoder, I did `postconf -e broken_sasl_auth_clients=yes`, but did not help...
[05:56:37] <pickcoder> how did you configure OE?
[05:56:51] <pickcoder> make sure you didn't check SPA for example
[05:56:59] <Hiweed> let me check it
[05:58:06] <Hiweed> no, the SPA checkbox is not checked
[06:01:53] <pickcoder> if you take out the content_filter it works?
[06:02:01] <Hiweed> yes
[06:03:22] *** cite has quit IRC
[06:03:22] <pickcoder> postconf mynetworks
[06:03:42] <Hiweed> mynetworks =
[06:04:06] <pickcoder> you should probably make that localhost
[06:04:09] <pickcoder> hold on
[06:04:37] <pickcoder> set mynetworks to 127.0.0./8
[06:04:44] <pickcoder> er.. 127.0.0.0/8
[06:04:52] <pickcoder> restart postfix
[06:05:21] <pickcoder> I don't see why that would be a problem considering smtp-amavis is a transport
[06:05:26] <pickcoder> but who knows
[06:06:00] * pickcoder has to go in a sec
[06:06:18] <Hiweed> ...did not help... thank you anyway, pickcoder
[06:07:01] <pickcoder> bummer
[06:07:17] <pickcoder> add -vvvv to the end of the smtpd line in master.cf to get verbose logging
[06:07:21] <pickcoder> that may help you find the problem
[06:07:29] <pickcoder> it should be the first service listed
[06:07:39] <Hiweed> ok
[06:07:58] <pickcoder> if you still can't figure it out pastebin the verbose logs
[06:08:07] <pickcoder> more info is always useful
[06:08:27] <pickcoder> just don't forget to remove the verbose flags
[06:09:17] *** pickcoder has quit IRC
[06:28:25] *** pitakill has quit IRC
[06:32:35] <rob0> !verbose
[06:32:36] <knoba> rob0: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.
[06:32:57] <rob0> telnet(1) is not SSL-capable. Try openssl s_client(1).
[06:33:26] <rob0> !outlook
[06:33:26] <knoba> rob0: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us
[06:34:11] <rob0> Note, "You probably do not need verbose logging," I bet you don't.
[06:36:42] <rob0> the snippet you posted was way too snipped
[06:57:41] <recon1025> lol @ "then once you know it works, you can go back and break it such that Outlook will work"
[07:01:15] <rob0> Perhaps a little harsh, but not much. More harsh with newer versions of Outhouse, which aren't as badly broken as the older ones.
[07:18:46] <recon1025> outhouse? lol
[07:26:36] *** Chiku has quit IRC
[07:30:03] <recon1025> unforunately at my job im obligated to use outhouse
[07:30:39] <recon1025> exchange.. =/
[07:34:27] <recon1025> http://maketecheasier.com/10-of-the-best-linux-desktop-customization-screenshots-to-inspire-your-creativity/2008/11/28
[07:34:40] *** Hiweed has left #postfix
[07:36:23] *** Fallenou has joined #postfix
[07:43:19] *** Hiweed has joined #postfix
[07:47:22] *** brancaleone has quit IRC
[07:54:12] *** Fallenou has quit IRC
[08:06:04] *** jonez has quit IRC
[08:14:47] *** sophokles has joined #postfix
[08:18:20] *** dupondje has joined #postfix
[08:18:31] <dupondje> Is it possible to disable spamassassin only for users auth'ed with SASL ?
[08:19:51] *** Hiweed has left #postfix
[08:21:58] *** hever_ has joined #postfix
[08:33:13] *** githogori has quit IRC
[08:36:54] *** madrescher has joined #postfix
[08:38:30] <rob0> A FILTER access(5) action overrides the global content_filter setting.
[08:41:42] *** _bt has quit IRC
[08:41:43] *** Daviey has quit IRC
[08:41:57] *** Daviey has joined #postfix
[08:42:04] *** _bt has joined #postfix
[08:44:56] *** Motoko-chan has quit IRC
[08:49:28] <dupondje> rob0: how can u check in access file if its from a SASL authed user ?
[08:50:16] *** phnord has joined #postfix
[08:59:51] *** growltiger_ has joined #postfix
[09:02:25] <R1ck> does anyone have recommendations about stable NAS appliances to store mail data which are able to sync data between eachother?
[09:03:14] *** BuenGenio has joined #postfix
[09:04:37] *** growltiger has quit IRC
[09:07:10] *** bluethundr_ has joined #postfix
[09:14:54] *** sophokles has quit IRC
[09:23:39] *** bluethundr has quit IRC
[09:24:56] *** BuenGenio has quit IRC
[09:25:00] *** BuenGenio has joined #postfix
[09:25:44] *** sophokles has joined #postfix
[09:29:10] *** BuenGenio has quit IRC
[09:29:14] *** BuenGenio has joined #postfix
[09:29:25] *** giskard has joined #postfix
[09:29:28] <giskard> morning *
[09:29:46] <giskard> do you know if it possible to change mailbox size limit per mailbox?
[09:33:35] *** xnixan_ has joined #postfix
[09:34:27] *** cite has joined #postfix
[09:34:31] *** growltiger has joined #postfix
[09:34:34] *** growltiger_ has quit IRC
[09:40:01] *** denis_ has joined #postfix
[09:42:20] *** sophokles has quit IRC
[09:43:04] *** sophokles has joined #postfix
[09:46:32] *** xnixan has quit IRC
[09:51:08] *** hark has quit IRC
[09:55:56] *** war9407 has joined #postfix
[10:00:17] *** dupondje has quit IRC
[10:02:50] *** growltiger_ has joined #postfix
[10:04:56] *** papul has joined #postfix
[10:05:03] *** papul has left #postfix
[10:11:38] *** impulse150 has joined #postfix
[10:12:28] *** amrit|wrk is now known as amrit|zzz
[10:16:17] *** samix has joined #postfix
[10:18:28] *** growltiger has quit IRC
[10:21:19] *** Mr_Grim has quit IRC
[10:24:52] *** sysdef has joined #postfix
[10:28:37] *** jense has joined #postfix
[10:31:59] *** growltiger has joined #postfix
[10:34:23] *** sophokles has quit IRC
[10:36:28] *** jra has joined #postfix
[10:37:24] *** Twinkletoes|H has joined #postfix
[10:37:46] *** sophokles has joined #postfix
[10:41:22] *** Stavros has joined #postfix
[10:41:26] <Stavros> hello
[10:41:46] <Stavros> someone is sending spam mail from my postfix, the log says this client=unknown[70.85.156.98], sasl_method=LOGIN, sasl_username=root
[10:41:53] <Stavros> how can they be logging in as root?
[10:41:57] <shasta> (-8
[10:42:05] <_ruben> weak password for root?
[10:42:11] <Stavros> it's blank
[10:42:17] <_ruben> thats pretty weak
[10:42:25] <Stavros> it allows people to log in with blank passwords?
[10:42:37] <_ruben> blank passwords stupid either way
[10:42:41] <_ruben> +are
[10:42:55] <Stavros> they mean "don't let people log in this way" usually, though
[10:42:58] <Stavros> how can i fix this?
[10:43:09] <Stavros> i don't want to enter a password for every single account
[10:43:20] <Stavros> can i just whitelist the accounts with passwords, or not allow blanks?
[10:43:27] <_ruben> no, "no password" wont let you login usualy, "blank password" is smth different
[10:43:39] <Stavros> that's what i meant, no password
[10:43:59] <Roobarb> if none of your accounts have paddwords, how do you login?
[10:44:04] <Roobarb> *passwords
[10:44:12] <Stavros> i didn't say no accounts have passwords
[10:44:16] <Stavros> i said root doesn't
[10:44:27] <shasta> to the point
[10:44:36] <shasta> what is your sasl authenticating against?
[10:44:38] <_ruben> and perhaps your sasl engine is flawed
[10:44:47] <Stavros> erm, passwd
[10:44:50] <shasta> shadow? sasldb? some sql?
[10:45:19] <Stavros> i don't know, what's the config line? :/
[10:45:30] <shasta> /usr/lib/sasl2/smtpd.conf usually
[10:45:32] <Stavros> it's shadow, but i want to make sure
[10:45:43] <Stavros> pwcheck_method: saslauthd   mech_list: plain login
[10:46:00] <shasta> ok, how do you start saslauthd?
[10:46:05] *** non-sequitir has joined #postfix
[10:46:18] <shasta> saslauthd -a whathere?
[10:46:41] <Stavros> it's the default ubuntu init.d script, let me check
[10:46:57] <shasta> ps axu | grep saslauthd
[10:47:04] *** growltiger_ has quit IRC
[10:47:20] <Internat> yeah see the problem with plain
[10:47:23] <Stavros> shadow
[10:47:25] <Internat> is that it does an exact copy
[10:47:37] <Stavros>  /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
[10:47:39] <Internat> i had this with proftpd and the mysql user
[10:47:59] <Internat> because even though the mysql user has /nologin as its shell, it has no password.
[10:48:10] <Stavros> what should the passwd file say for "no password"?
[10:48:31] <_ruben> shadow should have a ! or * for the password
[10:48:36] <Stavros> ouch
[10:48:38] <_ruben> the password in /etc/passwd isnt used
[10:48:39] <Stavros> mine is root::
[10:48:51] <Stavros>  /etc/shadow, i mean
[10:48:53] <_ruben> thats empty password iirc, not no password
[10:49:04] <Stavros> ouch
[10:49:09] <Internat> yeah..
[10:49:12] <Stavros> how can i check that it actually is empty before i change it?
[10:49:17] <Stavros> su root or something?
[10:49:31] <Internat> mm yeah that could work..
[10:49:36] <Stavros> su root, enter, auth failure
[10:49:38] <Stavros> odd
[10:49:46] <shasta> grep ^root: /etc/shadow
[10:50:15] <Internat> im pretty sure its todo with the PLAIN login though.
[10:50:26] <Stavros> root::13691:0:99999:7:::
[10:50:31] <Internat> i dont know that it checks if the account has the no password flag
[10:50:55] <Internat> although
[10:50:56] <_ruben> Stavros: root:: sure isnt an ubuntu default .. so someone has been fiddling with it
[10:51:00] *** neonoe_ has quit IRC
[10:51:05] <Internat> the fact that sasl_method says login makes me wonder
[10:51:16] <Stavros> _ruben: i probably did passwd with root at some point to delete it and set it to blank instead :/
[10:51:30] <_ruben> Stavros: which is a pretty stupid thing to do
[10:51:42] <shasta> Stavros, put an asterisk ('*') between two first colons
[10:51:46] <Stavros> i didn't know blank != none
[10:51:52] <sysmonk> Stavros: yeah
[10:52:14] <Stavros> passwd -d root leaves it as is
[10:52:29] <_ruben> by default the root user in ubuntu has a !, and thus no password (not an empty one, or random one as lots of people think)
[10:52:33] <Stavros> hmm
[10:52:45] <shasta> or !, yeah
[10:53:24] <shasta> but make sure you can still get root capabilities afterwards :)
[10:53:40] <shasta> ie. open one session as root, change the shadow entry (and don't close this session)
[10:53:56] <Stavros> it's root:: at my other install too
[10:54:00] <shasta> then open another session and try to gain root
[10:54:00] <Stavros> ubuntu
[10:54:00] <_ruben> then you changed it there as well
[10:54:10] <Stavros> hmm
[10:55:09] <Stavros> passwd -d root doesn't change that line, though
[10:55:53] <_ruben> try passwd -l root instead
[10:56:07] <_ruben> d = delete = empty password .. l = lock = no password
[10:56:11] <Stavros> that does it
[10:56:13] <Stavros> oh
[10:56:15] <Stavros> damn
[10:56:36] <Stavros> how can i verify that postfix allows blank logins before i do it (to make sure that was it)?
[10:57:21] <Stavros> is there a way to specify manual username/password, or should my email client do it?
[10:57:36] <shasta> telnet yourserver 25
[10:57:40] <shasta> EHLO blah
[10:57:53] <shasta> AUTH PLAIN cm9vdAByb290AA==
[10:58:24] <Internat> wouldnt he want AUTH LOGIN
[10:58:31] <Internat> since thats what sasl was repoirting the method as?
[10:58:46] <shasta> PLAIN and LOGIN are almost the same
[10:58:58] *** Twinkletoes|H has quit IRC
[10:59:15] <Stavros> shasta: what you said is base64 for root?
[10:59:27] <Internat> i personally dont know the difference, nor how to use either.. but if he is having a problem with ppl sending email, and sasl is saying the mthod is SASL_METHOD=LOGIN i would suggest emulating the same..
[10:59:58] *** rmayorga has quit IRC
[11:00:02] <_ruben> i'd use a mailclient to easily test the different auth methods to be sure
[11:00:51] <Stavros> it said 334
[11:01:48] <Stavros> sending failed with blank password :/
[11:02:30] <shasta> what I said is base64 for root\0root\0
[11:02:38] <Stavros> ah
[11:02:44] <shasta> (it's login\0login\0password)
[11:03:01] <Stavros> oh, i see
[11:03:06] *** BuenGenio has quit IRC
[11:03:07] <Stavros> what's 334?
[11:03:33] <shasta> error code, what's the entire message?
[11:04:31] <Stavros> 334 UGFzc3dvcmQ6
[11:04:41] *** Yancho has joined #postfix
[11:06:07] <shasta> you used AUTH LOGIN or AUTH PLAIN? :)
[11:06:19] <shasta> because UGFzc3dvcmQ6 is base64 for "Password:" :>
[11:06:21] <Stavros> err, login, plain says 535 5.7.8 Error: authentication failed: authentication failure
[11:06:23] <Stavros> oh
[11:07:41] *** ming_zym has left #postfix
[11:07:58] *** rouri has joined #postfix
[11:08:39] *** rmayorga has joined #postfix
[11:09:06] *** weedar has joined #postfix
[11:09:55] *** romwid has joined #postfix
[11:10:14] *** romwid has left #postfix
[11:10:27] *** hever_ has quit IRC
[11:10:47] *** BuenGenio has joined #postfix
[11:11:32] *** rouri has quit IRC
[11:11:32] *** non-sequitir has quit IRC
[11:13:36] *** buntstift has joined #postfix
[11:14:57] <buntstift> hi all
[11:15:05] *** nonsequitir has joined #postfix
[11:15:25] *** romwid has joined #postfix
[11:15:38] <romwid> hallo buntstift
[11:15:39] <shasta> Stavros, try also AUTH PLAIN AHJvb3QA      ('\0root\0')
[11:15:47] <buntstift> i've got a question regarding greylisting and postfix ... may someone help me?
[11:16:03] <shasta> not until you state your problem, buntstift
[11:16:10] <buntstift> sure :D
[11:16:47] <buntstift> a co-worker sent a mail to a customer and the mail was rejected (our mta was greylisted for 300s)
[11:17:15] <Stavros> shasta: 501 5.5.4 Syntax: AUTH mechanism
[11:17:19] <buntstift> and the problem now is that our mailserver retried delivery some seconds after the first try
[11:18:19] <buntstift> i tried to find a solution by myself but didn't find anything relevant
[11:19:28] <buntstift> the only thing i found are the following parameters: queue_run_delay = 1000s, maximal_backoff_time = 4000s and minimal_backoff_time = 1000s
[11:20:16] <shasta> i don't quite get the line: "the problem now is that our mailserver retried delivery some seconds after the first try"
[11:20:22] <buntstift> so i think that the queue manager should retry delivery not before 1000s are over?
[11:20:29] <jra> and how is that a problem? it'll retry until it gets accepted
[11:20:42] <cedric3> Hi i have a problem procmail i config postfix and create a file /etc/procmailrc  but when i send a mail the mail not passed to procmail i have only (delivered via maildrop service) but nothink for procmail thanks for your help
[11:21:06] <buntstift> our mailserver retries tooo fast, so that the foreign mailserver blocks the 2nd try and the messages is bounced
[11:21:47] <_ruben> thats bad
[11:21:56] <_ruben> remote server being bad that is
[11:22:02] <jra>  in that case the foreign mailserver admin should ask someone else to do his job
[11:22:51] <cedric3> nobody have any idea please
[11:23:31] <Stavros> shasta: any idea?
[11:23:35] <buntstift> but why does our mta try to re-transmit the mail 4s after the first try, and not 1000s as configured in my mta?
[11:23:48] <buntstift> or do i misunderstand something about that parameters?
[11:24:32] *** hoovie has joined #postfix
[11:24:41] <hoovie> good morning folks
[11:25:08] <Twinkletoes|W> Just looking to clarify... the aliases file is only consulted if postfix considers itself the final destination for that domain?
[11:25:13] <Twinkletoes|W> IS that correct?
[11:25:45] <hoovie> is it possible to tell postfix to use a certain SMTP relay depending on the sender's email address?
[11:27:24] <shasta> Stavros, AUTH LOGIN, wait for VXNlciBOYW1lAA==, reply with cm9vdA==, if asked for UGFzc3dvcmQA, reply with, well, blank line? ;)
[11:27:49] <shasta> hoovie, sender_dependent_relayhost_maps
[11:28:25] <buntstift> @twinkletoes did you mean me?
[11:30:14] <hoovie> thanks much shasta
[11:31:05] <Stavros> shasta: authentication failed :/
[11:31:32] <Stavros> shasta: is there something in the logs that would help me figure out how they are sending spam?
[11:31:51] <buntstift> anyone has an idea how to configure my postfix to not retry delivery too fast?
[11:32:28] <shasta> buntstift, those parameters you've pasted are fine
[11:32:47] <shasta> how did you obtain them?
[11:33:40] <buntstift> thanks, but they where configured like that when my postfix retried already 4s after the 1st try.
[11:34:36] <_ruben> buntstift: you did reload after the change? :)
[11:35:32] *** Trengo has quit IRC
[11:36:04] <buntstift> the parameters are configured as i wrote for about 2 years now :D
[11:37:49] <buntstift> maybe the mail didn't get into the deferred queue and stayed in the active one?
[11:44:51] *** Trengo has joined #postfix
[11:47:19] *** pirho has joined #postfix
[11:47:20] <buntstift> Dec  4 12:50:21 ox postfix/smtp[4286]: 6CCD636C004: host mail.abc.pl[xx.xx.xx.xx] said: 450 <user at abc dot pl>: Recipient address rejected: Greylisted for 300 seconds (see http://host.server.pl/xyz.html) (in reply to RCPT TO command)Dec  4 12:50:26 ox postfix/smtp[4286]: 6CCD636C004: to=<user at abc dot pl>, relay=mail2.abc.cz[xx.xx.xx.xx], delay=6, status=bounced (host mail2.abc.cz[xx.xx.xx.xx] said: 554 5.7.1 <user at abc dot pl>: Recipient addres
[11:48:00] <buntstift> these are the log entries.
[11:48:23] <buntstift> maybe i'm too confused to read it right :D and someone can point me into the right direction?
[11:51:24] <_ruben> 2 different mailservers
[11:51:48] <rob0> truncated!
[11:52:14] <_ruben> and altered
[11:52:21] <rob0> oh yes
[11:52:33] <buntstift> ???
[11:54:02] <buntstift> but why did it try to send to another mailserver?
[11:55:20] <jra> multiple mx records?
[11:56:06] <buntstift> yes, but how to send mail to this server when the 2nd one blocks the mails?
[11:58:04] <_ruben> complaint to the domain admin, override its mx records using transports, etc
[11:58:20] <shasta> doh :)
[11:58:33] <shasta> buntstift, your postfix is doing it right
[11:58:48] <buntstift> thanks for your help
[11:58:52] *** sophokles has quit IRC
[11:59:00] <shasta> first MX responds with 4xx code, so your mta tries the second one
[11:59:12] <shasta> that's how it's supposed to work
[11:59:16] <buntstift> clear, clear
[11:59:29] <buntstift> but how does this mailserver get mails when the 2nd one blocks?
[12:00:20] <buntstift> i mean when, as you said, our mailserver works properly, then all other proper configured mailserver should also fail to send mail to this domain.
[12:00:34] <buntstift> shouldn't the admin think about his configuration when he doesn't receive any mails?
[12:01:03] <buntstift> that's why i was that confused. or better said, i still am :D
[12:01:10] *** wdp__ has joined #postfix
[12:01:26] <shasta> can you paste the whole 5xx rejection line?
[12:01:36] <shasta> it was truncated: 554 5.7.1 <user at abc dot pl>: Recipient addres
[12:01:55] <buntstift> 554 5.7.1 <user at abc dot pl>: Recipient address rejected: Access denied (in reply to RCPT TO command))
[12:02:00] <buntstift> better that way?
[12:02:56] <Stavros> can i see the sasl auth log somewhere?
[12:03:38] <buntstift> @stavros you meant me?
[12:04:04] <Stavros> buntstift: no, generally
[12:04:07] <Stavros> i mean my sasl log
[12:04:49] <buntstift> oh sorry. thought you wanted to see mine ;)
[12:04:50] <rob0> You wazant us to tell you why this munged-domain mailserver has given you "Access denied"?
[12:05:01] *** sophokles has joined #postfix
[12:05:01] <rob0> um, bad lag here ... *want
[12:05:38] <buntstift> don'T know why, sorry. how can i find out?
[12:06:05] *** BuenGenio has quit IRC
[12:07:31] <rob0> I am trying to suggest that the only way to find out is to ask them.
[12:08:03] <rob0> You cannot possibly hope to work around every site's misconfigured spam fighting strategies.
[12:08:57] <buntstift> okay so i'll do so. thanks a lot for all your help.
[12:09:34] <cedric3> if i use maildrop to MDA i can't use procmail no ?
[12:09:47] <Roobarb> anyone know how to stop /dev/ttyUSB0 from being created as root:uucp, so I can use it as my logged-in user?
[12:09:49] <cedric3> because i want to make header filter
[12:09:55] <Roobarb> eep, E_CHAN
[12:10:32] <rob0> Roobarb: udev rules, if it's a recent linux :)
[12:10:59] <rob0> or maybe, add your user to uucp group?
[12:11:12] <Roobarb> =)
[12:17:53] <Stavros> someone's sending spam from my server, is there any way to figure out how, since i use sasl for auth?
[12:18:14] *** wdp_ has quit IRC
[12:18:27] *** Kako has joined #postfix
[12:18:32] <cpm> look at your logs.
[12:18:38] <Stavros> i did
[12:20:22] <rob0> and?
[12:20:38] <Stavros> i don't know what to look at, that's why i'm asking :p
[12:20:40] <Stavros> i see a relevant line
[12:20:49] <rob0> I don't.
[12:20:50] <Stavros> 3DB2F9455B: client=unknown[70.85.156.98], sasl_method=LOGIN, sasl_username=root
[12:20:53] <Stavros> you do now
[12:21:02] <rob0> yikes, root?
[12:21:09] <Stavros> apparently :/
[12:21:12] <Stavros> but i can't reproduce it
[12:21:29] <Stavros> do you think someone is logged in as root, or just connecting to the server and auths as root?
[12:21:29] <rob0> 98.156.85.70.in-addr.arpa domain name pointer robust.ae.
[12:21:38] <Stavros> yes
[12:21:41] <Stavros> that's also in the logs
[12:21:54] <Stavros> i just want to plug the hole, i don't care that much about the spammer
[12:23:05] <Stavros> so if it says an IP they're connecting, they aren't logged in, right?
[12:23:37] <Yancho>  hi .. i set up postfix .. and i did : http://pastebin.com/m6d3a0b1b to test .. mail is being said to be sent .. but received no mail .. mailserver i'm setting it as 192.168.1.5 which is the local ms exchange server - any help please?
[12:24:22] <shasta> you'll find out reading postfix logs
[12:25:23] <Stavros> shasta: what should i look for?
[12:26:56] *** jintxo has joined #postfix
[12:28:48] <hoovie> bye for now
[12:29:53] <jintxo> Hi guys, I'm reading a bunch of different HOWTOs on enabling SMTP auth (relaying for authenticated users). I have most of the postfix stuff worked out but I can't seem to find what the "standard" way of authenticating the incoming smtp clients against the local user database (/etc/passwd and /etc/shadow). Any links to current documetnation would be very much appreciated.
[12:31:18] <Stavros> jintxo: i'd give you mine but i'm having a bit of a spamming problem so i wouldn't advise it :/
[12:32:17] <jintxo> Stavros: heh, thanks but no thanks :-) you running an open relay there?
[12:32:27] <shasta> !sasl
[12:32:27] <knoba> shasta: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[12:32:31] <shasta> jintxo, ^^^^
[12:33:09] <jra> saslauthd will do it
[12:33:11] <shasta> and "standard way" is usually to authenticate against saslauthd (running as saslauthd -a shadow)
[12:33:23] <shasta> man saslauthd
[12:33:32] <Stavros> jintxo: no :(
[12:33:48] <Stavros> jintxo: i can't even reproduce it
[12:34:38] *** hoovie has left #postfix
[12:35:03] <jintxo> shasta: great. I just wantd to know which direction to go (got all the cyrus sasl stuff except for saslauthd) since I0ve been reading so many different things about this (like pwcheck, saslauth, going against a local sasldb2). so if saslauthd is the way to go, then I'll work in that direction. thanks again :-)
[12:36:27] *** madrescher has quit IRC
[12:37:25] *** pirho has quit IRC
[12:38:59] *** sophokles has quit IRC
[12:39:13] *** stas has joined #postfix
[12:39:39] *** pirho has joined #postfix
[12:40:08] *** deftunix has joined #postfix
[12:40:39] <deftunix> hi all, is possible call unix pipe on particular mail in postfix?
[12:41:21] <Stavros> how can i see if a mail was sent from the local machine or if someone connected to it?
[12:41:34] <cpm> look at your logs.
[12:41:53] <Stavros> i am, and i still don't see it
[12:43:35] <Stavros> what am i supposed to be looking at?
[12:43:43] <Stavros> s/at/for
[12:44:51] <cpm> http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html
[12:45:48] <Stavros> ah, thanks
[12:45:55] <cpm> yw
[12:48:33] <Stavros> i see "connect from"s, what would i see if someone sent mail from the console?
[12:48:42] <Stavros> localhost?
[12:50:27] <cpm> http://workaround.org/moin/GettingHelpOnIrc
[12:50:52] <Stavros> which one am i supposed to look at?
[12:53:29] <shasta> you'd see "connect from localhost[127.0.0.1]"
[12:53:45] <Stavros> shasta: ah, i don't see that, so someone is connecting from the outside
[12:54:00] <Stavros> which is utterly puzzling, because i don't know how they'd authenticate
[12:54:01] <shasta> (or nothing with "connect from")
[12:56:07] <_ruben> Stavros: did you disable the root login yet?
[12:56:27] *** bluethundr_ has quit IRC
[12:57:16] <Stavros> _ruben: i want to be sure it's that when i do it, so i want to reproduce it first :/
[12:58:15] <_ruben> Stavros: i'd have different priorities: 1. disable root pw .. 2. check if abuse continues .. 3. try to reproduce on a shielded off system .. tho thats just me
[12:59:06] <_ruben> no harm is done when u disable root pw and the problem is somewhere else, you'd have atleast one security hole less
[13:01:57] <Stavros> oh i will disable it, certainly, i just want to see that disabling it has an effect (so i don't have to wait for people to send a million emails again before i know something's wrong) :/
[13:02:57] <Stavros> so, my root password is blank, someone is authenticating and sending emails as root, but I can't reproduce it... does anyone have an idea how i could do it?
[13:04:05] *** jintxo has quit IRC
[13:13:31] *** faileDop has joined #postfix
[13:16:45] *** Kako has quit IRC
[13:19:31] <_ruben> i'd try playing around with the settings of one or more email clients (on a remote network)
[13:20:10] <Stavros> _ruben: i tried thunderbird, it did nothing, and i tried telnet
[13:22:31] <Stavros> :(
[13:27:06] <Roobarb> Stavros: are they doing it *right now* ?
[13:27:14] <Stavros> Roobarb: no, i shut postfix down
[13:27:59] *** growltiger_ has joined #postfix
[13:28:11] <Roobarb> as an aside, can you pastebin a full connect-to-disconnect log session from one of these connects?
[13:28:28] <Stavros> sure, if i can figure out where it starts and where it ends
[13:28:46] <Stavros> they used some 50 threads
[13:29:09] *** anebi has joined #postfix
[13:30:14] *** BuenGenio has joined #postfix
[13:31:47] *** rjd_ has joined #postfix
[13:33:12] <rjd_> Hi. Just did a standard debian install of postfix. Chosed internet-site etc. The problem is that I cant mail external domains, get "relaying denied". What must I do to allow everybody, without authentication, to mail everywhere?
[13:33:45] *** wdp__ is now known as wdp
[13:34:37] <_ruben> rjd_: so you want to be an open relay? .. guess spammer will get to love you pretty fast
[13:36:04] <rjd_> internal server
[13:36:59] <rjd_> must be open relay for atleast two networks, but it will be behind a very strict firewall
[13:37:58] *** madrescher has joined #postfix
[13:38:48] <rjd_> adding the networks to mynetworks is enough?
[13:38:56] <Stavros> something like this, it is: http://dpaste.com/96387/
[13:39:19] <faileDop> hi. I'm setting up a postfix mailserver using dovecot to deliver email, but I'm having an issue with delivery. http://slexy.org/view/s20kFmRwnc is the setuid line because I've maybe picked a wrong uid range?
[13:41:51] *** growltiger has quit IRC
[13:44:05] *** hf|work has joined #postfix
[13:44:09] <hf|work> hi
[13:44:59] <Stavros> what does saslauth do when a user has a blank password?
[13:45:14] <hf|work> can someone shortly point me to the right variable which disables full message body in mail bounces?
[13:48:17] <cedric3> if i use maildrop to MDA i can't use procmail no ?
[13:50:40] *** nonsequitir has quit IRC
[13:51:36] <Stavros> okay, if anyone's interested, my server was accepting root/root for logins (even though the root password was blank), i have locked out the root account and now it doesn't
[13:52:19] <cpm> wow
[13:52:32] <Stavros> yeah :/
[13:56:59] <Yancho> is it possible that that i install postfix so i can just send emails to a local address .. but then such server i dont want it to send emails to the outside world .. and receive anything either .. the local address is on a MS Exchange .. and i want to make sure it doesnt conflict
[13:57:39] <deftunix> hi all, is possible using root user in pipe command?
[13:57:56] <cedric3> i think i am casper
[13:58:21] <Stavros> cedric3: are you translucent?
[13:58:35] <cpm> where's cedric3 ?
[13:59:02] <cedric3> i am on channel postfix :)
[13:59:23] <cedric3> and  i try to use procmail :)
[14:00:18] <cedric3> cpm : i think it's a basic question for you :)
[14:00:39] *** growltiger has joined #postfix
[14:00:44] <cpm> lucky me.
[14:00:51] * cpm doesn't use procmail, hasn't for many years
[14:01:13] *** Zblakany has joined #postfix
[14:01:21] <cedric3> cpm : just if i use maildrop i can't use procmail to filter header
[14:01:39] <cedric3> if i use maildrop i must use the filter of maildrop i can't use both
[14:02:40] <cpm> Correct.
[14:03:15] <cedric3> cpm : are you aready use maidroprc i think yes but in the lomg time
[14:03:45] *** saurabhb has quit IRC
[14:04:07] <cedric3> and my last question the best is maildrop or procmail
[14:04:15] *** Southron has joined #Postfix
[14:04:50] <rjd_> I get the ""Recipient add ress rejected: User unknown in local recipient table;", how can I disable this check? I want to be able to send mail without authentication or users
[14:05:44] <cpm> cedric3, depends. If you are using virtual users/domains, you can't use procmail (easily) anyway. So, just go with maildrop, since you are already using it.
[14:06:53] *** eanxgeek has joined #postfix
[14:06:53] <cedric3> cpm : yes iuse virtual users/domains   very thanks for this information now i know why i use maildrop :) very thanks
[14:07:03] <cpm> yw
[14:07:27] <hf|work> can someone shortly point me to the right variable which disables full message body in mail bounces?
[14:08:13] <cpm> a bounce *should* contain the entire message. The assumption that the sender retained it as 'Sent' or similar is a wrongheaded assumption.
[14:11:26] <hf|work> cpm: in the case the sender is a spammer who wants to spread backscatter not. If the bounce gets redirected to the faked sender the spammer is happy and reached is goal - because his spam is attached to the bounce msg
[14:11:35] *** wdp has quit IRC
[14:12:09] <Stavros> i wish the people who bought things off spam would just die
[14:12:14] <cpm> hf|work, you should not be accepting mail that you will not deliver in the first place. Whether it contains the entire message or not.
[14:12:27] <cpm> why are you generating backscatter?
[14:12:49] <hf|work> ok, start from the beginning
[14:13:08] <hf|work> there's a MX which many mailboxes on it
[14:13:18] <hf|work> +has
[14:13:23] <sysmonk> cpm: backscatter++
[14:13:24] <sysmonk> ;)
[14:13:29] <hf|work> hehe
[14:13:57] <hf|work> all unknown addresses are rejected directly of course
[14:14:04] *** Stavros has quit IRC
[14:14:31] <Yancho> how can i test postfix installed correctly ?
[14:14:48] <hf|work> let's say the spammer sends his shit from cpm at somewhere dot com to an unknown address to the server
[14:15:03] <hf|work> provocating a bounce message to YOUR address
[14:15:18] <hf|work> you will find the whole original message attached
[14:15:25] <cpm> hf|work, no, it will not bounce if it isn't accepted. It will simply be rejected.
[14:15:28] *** growltiger_ has quit IRC
[14:15:43] <cpm> mail to unknown should never be accepted in the first place.
[14:15:48] <cpm> should get a 5xx not found.
[14:15:56] <cpm> there should never be a bounce.
[14:16:02] *** sophokles has joined #postfix
[14:16:04] <hf|work> hm
[14:16:09] <sysmonk> or have a luser_relay = cpm entry
[14:16:10] <sysmonk> ;)
[14:16:18] *** growltiger_ has joined #postfix
[14:16:21] <cpm> heh
[14:17:42] <hf|work> hm ok, sounds right - so searching for the reason why there's no 5xx
[14:18:11] *** giskard has left #postfix
[14:18:34] <faileDop> hi, could someone please see if they could explain line 9 at http://slexy.org/view/s20kFmRwnc ?
[14:19:16] <Nockian> faileDop: looks like a file system permissions issue
[14:21:19] <faileDop> Nockian: I thought it might be that, but the permissions are definitely fine
[14:21:34] <Nockian> http://www.dovecot.org/list/dovecot/2008-April/030000.html
[14:21:41] <faileDop> checking
[14:21:48] <Nockian> no, the permissions are not definitely fine. that's why it's giving you that error :)
[14:23:22] <faileDop> lemme rephrase, they "seem" fine :-)
[14:23:25] <faileDop> sec, pasting
[14:24:48] <faileDop> http://slexy.org/view/s2cMuaALVH
[14:24:55] <Nockian> also, the guys in #dovecot may have more insight, as it's a dovecot issue and not a postfix issue
[14:25:51] <faileDop> fair 'nuff. will ask there, thanks
[14:26:25] <faileDop> was uncertain whether it lay at postfix->master or dovecot->deliver
[14:28:30] *** growltiger has quit IRC
[14:30:49] *** wdp has joined #postfix
[14:33:27] *** hf|work has left #postfix
[14:37:37] *** growltiger has joined #postfix
[14:38:49] *** jonez has joined #postfix
[14:42:19] *** rouri has joined #postfix
[14:42:19] <R1ck> does anyone have recommendations about stable NAS appliances to store mail data which are able to sync data between eachother?
[14:43:49] *** rouri has quit IRC
[14:45:35] *** impulse150 has quit IRC
[14:47:13] *** BuenGenio_ has joined #postfix
[14:48:29] *** scientes has joined #postfix
[14:48:32] *** growltiger_ has quit IRC
[14:49:12] *** sophokles has quit IRC
[14:49:14] *** buntstift has left #postfix
[14:49:38] *** UQlev has joined #postfix
[14:49:58] *** romwid has left #postfix
[14:50:00] <scientes> how do i do a wildcard address that all mail that doesnt fix an existing user goes to
[14:50:07] *** anebi has left #postfix
[14:51:48] <UQlev> scientes: why do you want it?
[14:52:09] <scientes> cause its a mail server only for me
[14:52:16] <scientes> and then i can give a web site any address
[14:52:39] <cpm> and be subject to successful dictionary attacts.
[14:52:43] <cpm> attacks even
[14:52:48] <jra> catchall = fail
[14:53:00] <jra> dns or otherwise, doesn't matter
[14:54:55] <Yancho> is it somehow possible that i test my postfix please? i am trying to send an email from php mail() but i am not receiving anything .. any help please?
[14:56:00] *** BuenGenio has quit IRC
[14:56:43] <UQlev> Yancho: how is this corresponding to postfix?
[14:57:33] <cpm> check the logs
[14:57:37] <Yancho> UQlev: well i am trying to send using postfix as the mta no? is there something i can use to rule out that its not a postfix prob?
[14:57:49] <cpm> check the logs
[14:58:59] <Yancho> its empty here : /var/log/maillog
[14:59:46] <UQlev> Yancho: it seems that postfix is not involved at all
[15:00:08] <Yancho> is there a way to involve it straight away?
[15:00:28] <cpm> is postfix even running? the logs shouldn't be empty.
[15:00:32] <UQlev> Yancho: yes telnet localhost 25
[15:00:32] <cpm> !basic
[15:00:33] <knoba> cpm: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[15:01:18] *** growltiger_ has joined #postfix
[15:01:47] *** jra has quit IRC
[15:02:10] <Yancho> thanks cpm
[15:02:15] <cpm> yw
[15:02:18] <Yancho> yes i can telnet UQlev
[15:03:06] <UQlev> Yancho: amd maillog is still empty?
[15:03:15] <Yancho> http://pastebin.ca/1276852
[15:03:21] <Yancho> yep
[15:03:40] <UQlev> Yancho: may be your sendmail is still running
[15:04:16] <Yancho> no its saying Postfix
[15:07:54] *** xst has joined #postfix
[15:09:50] <Yancho> or im missing something? :S
[15:10:07] <Yancho> 220 helpdesk ESMTP Postfix
[15:10:28] *** samix has quit IRC
[15:10:31] <UQlev> Yancho: ps ax | grep postfix
[15:10:37] <sysmonk> pistfox
[15:10:51] <Yancho>  9241 ?        Ss     0:00 /usr/libexec/postfix/master
[15:10:59] <UQlev> well
[15:12:24] <UQlev> Yancho: ls -l /var/log/mail*
[15:13:25] <Yancho> hehe there are more than 1
[15:14:38] <UQlev> Yancho: ls -l /var/log/maillog
[15:14:47] *** [Gandhi] has joined #postfix
[15:15:09] <sysmonk> what will you achieve by that UQlev ?
[15:15:15] *** growltiger has quit IRC
[15:16:00] <UQlev> sysmonk: this one is really empty
[15:16:15] <sysmonk> maybe he didn't restart syslog after rotation
[15:16:21] <sysmonk> or syslogd isn't runing
[15:17:42] <Yancho> http://pastebin.ca/1276854
[15:20:08] <UQlev> Yancho: check is there anything corresponding to postfix in /var/log/messages?
[15:20:20] <Yancho> should i remove all logs / stop postfix / reload ?
[15:20:48] *** drutlandgp has joined #postfix
[15:21:07] <Yancho> nope just many maillog
[15:21:42] <drutlandgp> can anyone help me with maildrop authentication issues?
[15:23:09] *** faileDop has quit IRC
[15:23:27] <sysmonk> patebin.ca doesn't work for me :(
[15:24:06] *** sophokles has joined #postfix
[15:24:17] <Yancho> let me pastebin.com it
[15:26:51] *** scientes has quit IRC
[15:26:53] <Yancho> darn its down for me
[15:27:13] <sysmonk> rafb.net/paste/ works for me
[15:27:28] <Yancho> kk doing it there
[15:28:09] <Yancho> http://rafb.net/p/E1nwe785.html
[15:29:06] <sysmonk> Yancho: and remind me, what problem do you have?
[15:29:35] <Yancho> sysmonk: php's mail() is not working .. "empty" log files .. but telnet works
[15:29:50] <sysmonk> Yancho: OS/distro?
[15:29:59] <Yancho> fedora 7
[15:30:02] <sysmonk> yuk
[15:30:06] <sysmonk> ps -xuaw | grep syslog
[15:30:23] <Yancho> root      2127  0.0  0.0   1800   636 ?        Ss   Dec04   0:00 syslogd -m 0
[15:30:34] <sysmonk> try restarting that one
[15:30:41] <sysmonk> /etc/init.d/syslogd restart or something like that
[15:32:16] <Yancho> usage: syslogd [-46AdiIrvxh] [-l hostlist] [-m markinterval] [-n] [-p path]
[15:32:17] <Yancho>  [-s domainlist] [-D dispatcher] [-f conffile]
[15:32:52] *** scientes has joined #postfix
[15:33:05] <onre> that's the binary itself, not the startup script...
[15:34:22] <onre> argh
[15:34:27] <onre> it is under /etc
[15:34:29] *** scientes has quit IRC
[15:34:42] <onre> somewhere
[15:34:44] *** scientes has joined #postfix
[15:34:44] <sysmonk> didn't i say /etc/init.d/syslogd restart?
[15:34:47] <onre> depending on your distribution
[15:34:54] <onre> that's a very probable place
[15:34:56] <sysmonk> onre: feehdora 7
[15:35:01] <Yancho> sysmonk its not there
[15:35:15] <sysmonk> Yancho: is there /etc/init.d at all?
[15:36:11] <Yancho> yes
[15:36:29] <Yancho> ow its syslog not syslogD
[15:36:43] <Yancho> Starting system logger:                                    [  OK  ]
[15:36:44] <Yancho> Starting kernel logger:                                    [  OK  ]
[15:37:18] <sysmonk> now check if logs are populated in some way or another
[15:37:25] <Yancho> should i restart it ?
[15:37:42] <sysmonk> restart what?
[15:37:52] * cpm restarts sysdef
[15:37:56] <cpm> sysmonk, even
[15:38:01] <Yancho> postfix
[15:38:06] * cpm apologizes to sysdef
[15:38:18] <sysmonk> Yancho: you might just try telnetting to it, it should spit something to logs
[15:39:31] * sysdef feels fresh restarted ;>
[15:40:07] *** scientes has quit IRC
[15:40:25] *** denis_ has quit IRC
[15:41:30] <Yancho> still empty
[15:41:49] <sysmonk> Yancho: postconf -n && pastebin the syslogd.conf
[15:42:20] <Yancho> i also tried moving the present log files .. and created a new one .. it got filled with the header
[15:42:22] <Yancho> but thats it
[15:42:28] *** rjd_ has left #postfix
[15:42:50] <Yancho> its waiting for me to give it another command
[15:42:52] *** denis_ has joined #postfix
[15:42:57] <Yancho> or the && i shouldnt write it/
[15:42:57] <sysmonk> don't move the log files yourself...
[15:43:19] <sysmonk> Yancho: don't blindly pastebin the commands, try to understand what they mean ...
[15:45:40] <Yancho> http://rafb.net/p/95YfHC52.html
[15:46:10] * cpm tries to understand sysmonk
[15:47:22] *** rouri has joined #postfix
[15:48:54] <Yancho> sysmonk or u wanted the echo'd result?
[15:49:29] <Yancho> if yes this is it : http://rafb.net/p/YJW6uN76.html
[15:53:55] <adj> postfix is the jam
[15:54:01] <adj> word to your mother
[15:54:02] <adj> out
[15:54:04] *** adj has left #postfix
[15:56:23] *** UQlev has quit IRC
[15:56:34] <xst> I try to set up postfix with authenticated smtp over SSL. However, when I try to connect using over SSL, firefox responds: the server may be unavailable or refusing smtp connections postfix
[15:56:36] <xst> What to do?
[15:56:39] <Yancho> what do u mean adj ?
[15:57:49] <sysmonk> what do you mean FIREFOX responds ... ?
[15:58:25] *** growltiger has joined #postfix
[15:58:35] <Yancho> sysmonk:  have any idea what can i do please?
[15:58:37] <sysmonk> Yancho: i don't know what syslogd that is, never seen it, so i can't help
[15:58:51] <sysmonk> check if all other logging works at all
[15:58:56] <sysmonk> postfix logs to syslog
[15:59:12] <sysmonk> so if logging doesn't work - it's a syslog problem
[15:59:25] <Yancho> any check u suggest i do please?
[15:59:40] *** scientes has joined #postfix
[15:59:46] <sysmonk> like, learn your distro ;)
[16:00:04] <xst> sysmonk: Eh, hehe, I mean Thunderbird responds. Sorry :-)
[16:00:04] <sysmonk> i'm not familiar with fedora, i don't know what crazy syslog software it uses, so i can't help
[16:00:43] <sysmonk> xst: the usual stuff- pastebin your postconf -n, master.cf and logs + would be nice to know to which port does thunderbird tries to connect
[16:02:01] <Yancho> ls
[16:02:08] <Yancho> sorry wrong window :)
[16:03:02] *** deadpigeon has joined #postfix
[16:03:32] *** AlbertEin has joined #postfix
[16:03:55] <xst> sysmon: Here is the main.cf file: http://rafb.net/p/Tg5Cuk41.html  There comes no output to mail.log when I try to send a mail using smtp over SSL...
[16:04:23] <xst> sysmonk: ^^^^
[16:07:05] *** weedar has quit IRC
[16:10:50] <xst> Isn't it strange that there are no output in mail.log when I try to connect using thunderbird (smtp over ssl)?
[16:11:00] <Yancho> sysmonk:  is it mail[.]log or maillog ?
[16:12:23] *** growltiger_ has quit IRC
[16:12:46] *** deftunix has left #postfix
[16:12:49] *** Pazzo has joined #postfix
[16:12:54] *** jonez has quit IRC
[16:14:32] *** xpoint has joined #postfix
[16:16:27] <sysmonk> Yancho: it depends on your SYSLOG
[16:16:45] <sysmonk> that's what i'm trying to say to you for some time already
[16:17:23] <sysmonk> xst: i said i want postconf -n, not main.cf
[16:17:44] <sysmonk> can you read the difference ? postconf -n is a command, main.cf is a file
[16:17:45] *** drutlandgp has quit IRC
[16:17:58] <sysmonk> i aske for postconf -n, master.cf and logs
[16:18:05] <sysmonk> asked*
[16:19:11] *** rouri has quit IRC
[16:21:26] *** jp- has joined #postfix
[16:22:15] *** [Gandhi] has quit IRC
[16:23:31] <xst> sysmonk: Sorry. First, the output of postconf -n is here: http://rafb.net/p/2fEGx933.html  I have explored the problem a bit more: I can use smtp over TLS just fine. It is just over SSL it happens.
[16:24:14] <sysmonk> xst: where's your master.cf ?
[16:24:28] <xst> sysmonk: Yes, one moment...
[16:25:21] <xst> sysmonk: Here it is: http://rafb.net/p/Fftduj73.html
[16:25:55] <sysmonk> ok, and what do you want to achieve?
[16:26:41] <xst> sysmonk: My problem is that SSL does not work: Thunderbird claims that the server is either unavailable or refuses smtp connections
[16:26:58] <xst> sysmonk: but TLS does indeed work - so it is not completely bad
[16:27:06] *** F6F has joined #postfix
[16:27:23] <xst> (I am following this HowTo: http://workaround.org/articles/ispmail-etch/)
[16:27:24] <sysmonk> so you want to be able to send mail using SSL ?
[16:27:29] *** madrescher has quit IRC
[16:27:30] <xst> yes
[16:27:38] <sysmonk> first of all
[16:27:43] <sysmonk> mostly people use tls on submission
[16:27:51] <sysmonk> you're using tls on the default port (25)
[16:28:01] <xst> yes
[16:28:07] <sysmonk> secondly, SSL requires it's own port (465 is the default)
[16:28:17] <sysmonk> you have to uncomment smtps in master.cf
[16:28:30] <sysmonk> lines 14-17 inclusive in your master.cf pastebin
[16:28:54] <xst> ok, thanks! But you would generally recommend to stick with TLS-only?
[16:29:15] <sysmonk> i don't see any problem with having both tls and ssl
[16:29:24] <sysmonk> i would let those two be able to work
[16:29:45] <sysmonk> some software support tls, some support ssl only, so give the user a choice
[16:30:05] <xst> And it is perfectly normal for the server to just deliver mails for domains that are "hosted" on the server itself without requirering authentication? Right?
[16:30:22] *** bkw has joined #postfix
[16:31:07] <bkw> Do I need any MDA to be able to authenticate my smtp sessions using a mechanism, e.g. plain login.. ?
[16:39:52] *** brancaleone has joined #postfix
[16:40:18] <Dominian> !sasl
[16:40:19] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[16:41:01] *** weedar has joined #postfix
[16:43:32] *** Yancho has quit IRC
[16:44:41] *** bkw has left #postfix
[16:46:16] <sysmonk> xst: right
[16:52:11] *** denis_ has quit IRC
[17:04:38] *** sophokles has quit IRC
[17:06:12] *** pulsar has joined #postfix
[17:14:30] *** ovb__ has joined #postfix
[17:14:50] *** ovb_ has quit IRC
[17:15:37] *** BuenGenio_ has quit IRC
[17:42:53] *** SteveC has left #postfix
[17:47:59] *** phnord has quit IRC
[17:51:04] <Twinkletoes|W> My local mail server 'mine.foo.bar' is trying to send email to our main mail server 'smtp.foo.bar' but it's being rejected because "Domain of sender address root at mine dot foo.bar" does not exist.  Is this where I have to use address masquerading, or is there an option in main.cf that can rectify this?
[17:54:01] <Dominian> Twinkletoes|W: if mine.foo.bar doesn't exist in DNS.. it will be rejected
[17:54:25] <Twinkletoes|W> Dominian: that is correct - it's just one of my test servers and I'm only forwarding root's email to my personal account
[17:54:49] <Twinkletoes|W> Dominian: If I re-write the address on the way out, it will be accepted but is there a neater way of doing it, like a simple setting in main.cf?
[17:55:06] <Twinkletoes|W> Dominian: It's not in DNS becuase it's running in VMware (NAT'd)
[17:55:57] *** growltiger has quit IRC
[18:01:17] *** nonsequitir has joined #postfix
[18:01:42] *** jonez has joined #postfix
[18:01:46] *** scientes has quit IRC
[18:14:11] *** assignme has joined #postfix
[18:14:20] *** growltiger has joined #postfix
[18:20:18] *** rouri has joined #postfix
[18:22:14] *** recon1025 has quit IRC
[18:25:43] *** ALVAN has joined #postfix
[18:26:32] <ALVAN> there is an option in postfix to drop mailer-daemon  bounces  mails if the real mail was not sent from the postfix server ?
[18:26:45] <PatrickDK> Twinkletoes|W, you either have to not reject on invalid dns, or add that mailservers ip to your allowed list
[18:27:24] <PatrickDK> alvan, yes
[18:27:27] <Twinkletoes|W> PatrickDK: I eventually found what I'm looking for, courtesy of Postfix docs! - This is exactly my issue (and resolution): http://www.postfix.org/STANDARD_CONFIGURATION_README.html#fantasy
[18:27:35] <Twinkletoes|W> PatrickDK: Thank you anyway :)
[18:28:10] <ALVAN> PatrickDK, can you gibe me a faq on that postfix option ?
[18:28:11] <PatrickDK> oh, you basically did a masquerade remapping
[18:28:16] <PatrickDK> my way would leave it alone
[18:28:24] <Twinkletoes|W> PatrickDK: I *will* do it... just changing now
[18:28:34] <Twinkletoes|W> PatrickDK: I don't have control over the DNS stuff
[18:28:57] <ALVAN> s/gibe/give
[18:31:24] *** growltiger_ has joined #postfix
[18:31:48] *** rouri has quit IRC
[18:32:00] *** growltiger has quit IRC
[18:32:05] <PatrickDK> alvan, hmm, I must of got ride of that in my configs
[18:32:09] <PatrickDK> I can't find it anymore
[18:32:17] <PatrickDK> I know at one point in time I was using it, or attempting to
[18:32:41] <ALVAN> PatrickDK, why did you drop it  .. something is not ok with it ?
[18:32:53] *** plee has quit IRC
[18:33:05] <ALVAN> or you want to report bad vulnerable mail servers ?
[18:33:23] <PatrickDK> I think I just fixed my setup so it wouldn't make those bounces
[18:33:43] <PatrickDK> my mail system currently doesn't create any bounce emails at all
[18:33:55] <PatrickDK> so I didn't need to drop them
[18:34:05] <ALVAN> ah ok
[18:35:20] <ALVAN> i will search in the faq`s  then ...
[18:36:54] *** plee has joined #postfix
[18:36:58] <PatrickDK> I guess in your master.cf you could always change: bounce unix - - n - 0 bounce
[18:37:04] <PatrickDK> to: bounce unix - - n - 0 discard
[18:40:40] <ALVAN> iok thanks
[18:41:32] *** growltiger has joined #postfix
[18:43:22] <rob0> Ouch, that is SO the wrong solution. The right solution is to validate recipients in SMTP, don't accept mail you can't deliver.
[18:44:03] *** nonsequitir has quit IRC
[18:44:13] <PatrickDK> rob0, unless he has an issue like me
[18:44:29] <PatrickDK> accepting mail from local lan (webservers mainly) with invalid domains and crap
[18:44:41] <PatrickDK> and the web application used an invalid from address
[18:44:46] <PatrickDK> so the bounces just stick in the queue forever
[18:44:52] <rob0> ah
[18:45:01] <rob0> you could fix that with DNS
[18:45:09] <ALVAN> PatrickDK, yes kind of but is not like this
[18:45:21] <ALVAN> i will do a RDNS check against  too
[18:45:38] <ALVAN> my problem is that i receive  mailer-daemon that i never sent
[18:46:01] <PatrickDK> oh, so your getting backscatter?
[18:46:09] <ALVAN> yeah
[18:46:18] <PatrickDK> that shouldn't be an issue
[18:46:27] <PatrickDK> what rob0 said :) check valid users :)
[18:46:34] <PatrickDK> you won't make bounces
[18:46:35] *** Severed_Head_Of_ has joined #postfix
[18:47:14] <ALVAN> i wont make bounces but i dont want to receive  mailer-daemon mails that are not mine
[18:47:40] <PatrickDK> then you have to use header filter rules to catch what was really sent from your mailserver
[18:47:45] *** pulsar has quit IRC
[18:47:48] <PatrickDK> I saw an example on how to do that somewhere
[18:48:33] <rob0> !backscatter
[18:48:33] <knoba> rob0: "backscatter" : http://www.postfix.org/BACKSCATTER_README.html
[18:48:35] <ALVAN> PatrickDK, on my server no one uses bad from .. if is not on the server then will be rejected no matte if is form or smtp authentication
[18:48:47] *** Severed_Head_Of_ is now known as growltiger__
[18:49:04] <rob0> that's the only completely safe way to reject backscatter
[18:50:36] *** karrotx has joined #postfix
[18:51:50] <ALVAN> rob0, do you know this will slow mails or only a little  ?
[18:52:25] <ALVAN> you are right as this checks against the MEssage-ID "stuff"
[18:56:10] *** growltiger_ has quit IRC
[18:58:46] *** growltiger_ has joined #postfix
[19:00:21] *** growltiger has quit IRC
[19:01:26] *** randra has joined #postfix
[19:03:38] *** growltiger has joined #postfix
[19:06:13] *** amrit|zzz is now known as amrit|wrk
[19:06:55] *** rouri has joined #postfix
[19:10:48] *** AlbertEin_ has joined #postfix
[19:10:51] *** growltiger__ has quit IRC
[19:11:25] *** Severed_Head_Of_ has joined #postfix
[19:12:25] *** growltiger has quit IRC
[19:16:32] *** growltiger has joined #postfix
[19:17:02] *** weedar has quit IRC
[19:17:06] *** Zeit|awy_ has joined #postfix
[19:17:57] *** growltiger_ has quit IRC
[19:19:50] *** rouri has quit IRC
[19:21:53] *** growltiger_ has joined #postfix
[19:23:05] *** Zeit|awy has quit IRC
[19:25:01] *** pitakill has joined #postfix
[19:26:15] *** AlbertEin has quit IRC
[19:26:17] *** Haris1 has quit IRC
[19:30:06] *** Severed_Head_Of_ has quit IRC
[19:30:24] *** Severed_Head_Of_ has joined #postfix
[19:36:37] *** growltiger has quit IRC
[19:36:59] *** growltiger has joined #postfix
[19:43:44] *** growltiger_ has quit IRC
[19:43:50] *** growltiger has quit IRC
[19:44:05] *** growltiger has joined #postfix
[19:50:26] *** Severed_Head_Of_ has quit IRC
[19:51:44] *** githogori has joined #postfix
[19:53:12] *** randra has quit IRC
[19:55:22] *** growltiger_ has joined #postfix
[19:55:34] *** growltiger has quit IRC
[20:01:16] *** growltiger has joined #postfix
[20:10:41] *** pitakill has quit IRC
[20:12:40] *** F6F has quit IRC
[20:12:42] *** Severed_Head_Of_ has joined #postfix
[20:13:34] *** growltiger has quit IRC
[20:15:43] *** brancaleone has quit IRC
[20:16:24] *** growltiger_ has quit IRC
[20:19:51] *** niki has joined #postfix
[20:30:28] *** niki has quit IRC
[20:32:33] *** cpm has quit IRC
[20:36:53] *** BuenGenio has joined #postfix
[20:38:00] *** growltiger has joined #postfix
[20:38:12] *** Severed_Head_Of_ has quit IRC
[20:42:03] *** rouri has joined #postfix
[20:43:00] *** growltiger_ has joined #postfix
[20:43:27] *** growltiger has quit IRC
[20:44:49] *** m0t3jl has joined #postfix
[20:50:07] *** growltiger has joined #postfix
[20:50:33] *** growltiger_ has quit IRC
[20:54:17] <SARGuy> i have 2 identical (at least they look that way) postfix servers with 2 virtual alias maps seperated by a ",".  one of them works perfect.  looks at the first, if address not found, looks at the second.  the other one just looks at the second...  any way to troubleshoot this?  ideas?
[20:56:03] *** rouri has quit IRC
[20:56:59] *** niki has joined #postfix
[20:57:41] *** F6F has joined #postfix
[21:07:21] *** havvg has joined #postfix
[21:10:42] <m0t3jl> Hi, my Postfix machine has two inet interfaces, is it possible to make postfix use of both of them in this way: The interface A would be used for receiving e-mails as the Aserver.example.com and the interface B would be used for receiving e-mails as the Bserver.example.com? I tried some tweaks in the master.cf file and Postfix is now visible on both the interfaces, on both of them it has a different myorigin and myhostname. It is able to send and rece
[21:10:43] <m0t3jl> ive e-mails from both the interfaces, but whenever it's needed to relay some e-mails to our ISP, it just simply chooses to use the interface A (not depending on the e-mail coming to the process serving the interface B). Could I be omitting something? Pardon my explanatory skills, feel free to ask for any other explanation or info and thanks a lot in advance for any help.
[21:20:29] *** growltiger has quit IRC
[21:22:41] *** ikaro has quit IRC
[21:22:49] *** ikaro has joined #postfix
[21:29:06] *** stas has quit IRC
[21:35:11] <xst> Something is wrong: I have set up postfix to use virtual domains but even if I send a mail to the non-existing user foobar at mydomain dot com the mailbox for foobar is being created automatically. What is wrong?
[21:40:37] <adaptr> define "the mailbox" - even virtual users have mailboxes
[21:44:34] <xst> adaptr: There is a postfix config file for virtual mailbox maps and a file for virtual alias maps. I would expect the entries in the virtual mailbox maps to be delivered in the local mail folders while entries in the aliases should only be delivered to the destinations
[21:47:03] *** HammerFall has joined #postfix
[21:47:07] <HammerFall> hi
[21:48:09] <adaptr> xst: correct
[21:48:13] <HammerFall> can someone tell me how to configure postfix to wait until the delivery agent has finished and not directly sending 250 queue?
[21:48:23] <adaptr> xst: UNLESS you have wildcarded any of your virtual domains, of course
[21:48:45] <xst> adaptr: I don't
[21:48:50] <adaptr> HammerFall: that's logically impossible
[21:49:25] <xst> adaptr: But mails to whatever at mydomain dot com is still being delivered. Even though "whatever" is neither in aliases or in the mailbox maps
[21:49:34] <adaptr> xst: is the virtual domain also in mydestination ?
[21:50:10] <xst> adaptr: mydestination contains only "localhost"
[21:50:23] <adaptr> xst: pastebin postconf -n somewhere
[21:52:03] <xst> adaptr: http://rafb.net/p/QreHR660.html
[21:52:20] <HammerFall> adaptr: the problem is - when mails to full mailboxes are sent - postfix generates a bounce with MDA's error message to the sender.
[21:52:40] <adaptr> yes, that would be a design decision
[21:52:51] <adaptr> how else would you solve a full mailbox ?
[21:53:21] <HammerFall> if postfix would know about the full mailbox
[21:53:30] <HammerFall> it could discard it directly in smtp stream
[21:53:36] <HammerFall> instead of queeuing it
[21:53:42] <HammerFall> and prevent backscatter
[21:54:50] <adaptr> backscatter ? how is that backscatter ? it is perfectly valid SMTP traffic
[21:54:57] <adaptr> methinks you need a rethunk
[21:55:22] <adaptr> there are, howveer, several solutions, one difficult, one challengingly so
[21:56:06] <HammerFall> okay
[21:56:09] <HammerFall> lets imagine
[21:56:17] *** stas has joined #postfix
[21:56:38] <HammerFall> evil spammer sends a mail to mail at box dot com, faking from as adaptr at domain dot com
[21:57:05] <HammerFall> mail at box dot com is full, and bounces the mail to your address
[21:57:36] <adaptr> if evil spammer sends bogus sender address, evil spammer should be stopped at the door
[21:57:48] <adaptr> if he can get to mailbox it's already too late
[21:58:02] <xst> adaptr: Could you spot any wrong things in the postcof output?
[21:58:47] <HammerFall> adaptr: okay - but how should I verify it - it is an usual MX server
[21:58:48] *** eanxgeek has quit IRC
[21:59:00] <adaptr> there are many ways to control UCE with postfix
[21:59:40] <Dominian> !spam
[21:59:41] <knoba> Dominian: "spam" : for you and SPAM for me, we'll all live together in SPAM harmony at SPAM.com
[21:59:46] <Dominian> damn it
[21:59:47] <HammerFall> true, but what if customer does not want any spamfilters for his box?
[21:59:50] <Dominian> !uce
[21:59:51] <knoba> Dominian: "uce" : "unsolicited commercial email" also known as "spam". Postfix can help you fight spam easily. See http://www.securitysage.com/guides/postfix_uce.html for an introduction.
[21:59:54] <HammerFall> force him?
[22:00:08] <adaptr> HammerFall: absolutely, your MTA policy is you rbusiness
[22:00:22] <adaptr> it's YOUR MTA, YOUR responsibility that ALL your users have good service
[22:00:28] <adaptr> HIS opinion doesn't matter
[22:00:39] <adaptr> if they ALL complained, you'd have to listen :)
[22:00:50] <HammerFall> that's right - but of course every voice should count
[22:02:29] *** d0uglas has joined #postfix
[22:02:48] <d0uglas> hi. i'm running postfix and dovecot and i'd like authentication on smtp, don't really care much about messing with dovecot. Do do this do i need cyrus or can i tweak postfix or maybe switch to exim4-daemon-heavy?
[22:02:49] <adaptr> no, it shouldn't, that's American doublethink
[22:03:11] <adaptr> d0uglas: dovecot auth is the easiest bar none to set up and maintain
[22:03:31] *** hparker has joined #postfix
[22:03:37] <d0uglas> adaptr: to secure from bad relaying?
[22:03:51] <adaptr> that's oe purpose of SMTP auth, yes
[22:03:54] <adaptr> *one
[22:04:15] <adaptr> the functionality is identical no matter which auth agent you use, don't confuse protocol with programs
[22:04:39] <d0uglas> ah.. didn't realize dovecot's role included that of a mail transfer agent
[22:04:49] <adaptr> it doesn't
[22:04:59] <adaptr> but that's pretty much the only thing it cannot do
[22:05:30] <d0uglas> well i want it so that no one can telnet to port 25 and send a mail without a login and password being processed and accepted
[22:06:01] <adaptr> you don't want to receive mail ?
[22:06:11] <adaptr> better not run an MTA, then
[22:06:30] *** xnixan_ has quit IRC
[22:06:46] <d0uglas> touche. okay i'll work with dovecot and leave postfix.. i think i'm starting to understand what you're saying
[22:07:02] <d0uglas> s/leave postfix/leave postfix alone
[22:08:21] <adaptr> xst: you don't actually *have* any virtual_alias_maps
[22:08:44] <xst> adaptr: I just spottet that and added it
[22:09:14] <xst> adaptr: However, mails to non-existing users are still being delivered (their mailbox is even created automatically)
[22:09:14] <adaptr> have you verified those maps ?
[22:09:36] <adaptr> since I have no idea what's in them, it's rather hard to say, isn't it?
[22:09:53] <xst> adaptr: How can I verify them?
[22:10:05] <d0uglas> adaptr: your thoughts on pop-before-smtp?
[22:10:27] <adaptr> d0uglas: finicky, and very 1990s
[22:10:33] <adaptr> set up proper SMTP auth, any client can use it
[22:10:49] <adaptr> slap on TLS while you're at it, it's much more relevant
[22:10:55] <SARGuy> anyone have any thoughts on how much mail postfix can handle theoretically?  or based on experience?  in an hour/minute/day, whatever
[22:11:02] <xst> adaptr: I have verified that the following gives the correct output, yes: postmap -q john at example dot com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
[22:11:05] <d0uglas> ... and to do that i should start by reading a dovecot howto
[22:11:20] <adaptr> xst: you're not USING mysql maps
[22:11:43] <d0uglas> because for relaying i have a few ip ranges set and i'd like to feel a little safer
[22:11:55] <adaptr> SARGuy: it has been benchmarked many years ago at a million normal (random) mails a day on one piece of hardware
[22:11:56] <xst> adaptr: no, this was a copy/paste from the HowTo. On my system I replace mysql with pgsql
[22:12:14] <adaptr> xst: bad practice all round - which is it ?
[22:12:15] <SARGuy> hmm...  nicce thansk
[22:12:23] <xst> adaptr: Why?
[22:12:34] <adaptr> SARGuy: mail is trivial to loadbalance across many boxes
[22:12:43] <xst> adaptr: It is pgsql
[22:12:52] <adaptr> xst: because I am running after what your config really looks like, which I do not enjoy
[22:13:30] <xst> adaptr: The config is exactly as seen in the pastebin but now with the alias_maps line added
[22:13:35] <xst> I can re-paste
[22:13:39] <xst> one moment
[22:14:29] *** stas has quit IRC
[22:15:15] <xst> adaptr: http://rafb.net/p/aaEFnx39.html
[22:15:24] <xst> This is the actual config
[22:15:54] *** m0t3jl has quit IRC
[22:16:44] *** stas has joined #postfix
[22:18:06] *** stas has quit IRC
[22:19:00] <adaptr> sure, but I don't know what is IN those maps
[22:19:13] <adaptr> and I see you have dovecot defined as your virtual DELIVERY
[22:19:25] <adaptr> how is dovecot to know whether a virtula user exists or not ?
[22:21:57] <xst> adaotr: I have tried to explain the maps and the testing here: http://rafb.net/p/01UNEM19.html
[22:22:31] *** hyper_ch has joined #postfix
[22:22:32] <xst> adaptr: I thought that dovecot was only handed the mail if it existed in a map?
[22:22:45] *** scientes has joined #postfix
[22:22:54] <adaptr> in your mailbox_maps, yes
[22:22:57] <scientes> how do i turn on a wildcard address?
[22:23:01] <scientes> catchall
[22:23:08] <hyper_ch> hi there, how do I router outgoing mail through my ISP or rather my account at my ISP since a lot of mailservers reject incoming mail from dyn. ips?
[22:23:12] <adaptr> it follows that that is taken as a wildcard if the maps don't match, since it is being delivered
[22:23:20] <adaptr> hyper_ch: relayhost
[22:23:32] <adaptr> scientes: for what ? a local domain ? a virtual domain ?
[22:23:38] <xst> adaptr: Yes, and that is pretty strange I gues
[22:23:45] <adaptr> scientes: read about luser_relay
[22:24:01] <adaptr> xst: agreed, but we won't reason it out here - up the debugging and read yer logs ;)
[22:25:08] <xst> adaptr: OK, will try to do it. I just don't know how to debug for the logs just says that everything is fine and the mail is being delivered, which it certainly is - but it shouldn't
[22:25:41] <adaptr> !debug_peer_level
[22:25:42] <knoba> adaptr: "debug_peer_level" : a configuration parameter in the main.cf: The increment in verbose logging level when a remote SMTP client or server matches a pattern in the debug_peer_list parameter.
[22:25:54] <adaptr> you can wildcard the list
[22:25:59] <adaptr> to debug everything, or just oen domain
[22:26:38] <xst> ok, just debug_peer_level = * ?
[22:27:01] <xst> no, that didn't work
[22:27:15] <adaptr> no
[22:27:19] <adaptr> wildcard the *list*
[22:27:26] <adaptr> read the factoid again, more closer
[22:30:15] *** madrescher has joined #postfix
[22:30:21] *** Juspion has joined #postfix
[22:31:03] *** Tino is now known as _Tino
[22:31:11] *** _Tino is now known as Tinozaure
[22:32:32] <xst> I have now added both debug_peer_level = 40 and debug_peer_level = * but I see no more output in /var/log/mail.*
[22:32:47] <adaptr> postfix reload ?
[22:33:18] <xst> adaptr: I have both reloaded and restarted
[22:33:30] <adaptr> restarting is never needed for main.cf changes
[22:34:50] <adaptr> try 0.0.0.0/0.0.0.0 instead, it wants a host
[22:35:38] <adaptr> the man page doesn't specify teh allowed syntax either :(
[22:36:20] *** stas has joined #postfix
[22:37:07] 
[22:37:45] <adaptr> no, it's not
[22:37:59] <adaptr> local mail acts very differently
[22:38:04] *** Pazzo has quit IRC
[22:38:42] <xst> adaptr: ok? Where can I read more about that?
[22:39:00] <xst> adaptr: (I'm tired of bothering you with all this :-)  )
[22:39:02] <adaptr> just test it - mail foo at virtual dot com should work properly
[22:39:20] <adaptr> if not, some rewriting is going on there, governed by various main.cf settings
[22:39:39] *** rcsu has joined #postfix
[22:40:15] <xst> adaptr: OK, so there is a difference on using "sendmail" as I did and just "mail" as in your example?
[22:40:33] <adaptr> theoretically, yes
[22:40:39] <adaptr> sendmail skips certain maps
[22:40:40] *** m0t3jl has joined #postfix
[22:40:47] <adaptr> mail does not
[22:40:58] <adaptr> let me get The Book
[22:41:58] <xst> adaptr: Just tried your example. Mail for non-existing users is still being delivered.
[22:42:01] <xst> Even with "mail"
[22:43:36] <adaptr> the virtual delivery daemon does notperform alias expansion
[22:44:05] <SARGuy> i have 2 virtual_alias_maps defined...  i enabled verbose logging and it shows that when it does the lookup on the first table, it finds the addres...  but it still pulls the information from the second table (a catchall) and sends to that damn address instead...  i have the exact config on another machine and it works beautifully
[22:44:09] <SARGuy> ideas?
[22:44:24] <xst> adaptr: ok, but still it should check if the mailbox maps contained the user, I guess
[22:45:57] <adaptr> xst: yes, but if they don't, they go to your virtual transport - dovecot
[22:46:30] <xst> adaptr: aah, ok, so the problem is actually that dovecot does not check for the users existence?
[22:46:48] <adaptr> that would be up to dovecot
[22:47:06] <adaptr> any particular reason WHY you are using dovecot ?
[22:47:14] <adaptr> virtual(8) will do it just fine
[22:47:38] *** Juspion has quit IRC
[22:48:14] <xst> adaptr: I would like spam-mail to be delivered in the users "spam" folder and I use dovecot for authenticated smtp. Furthermore it is what the HowTo I am following recommends.
[22:48:40] <xst> adaptr: dovecot can also send vacation-responds
[22:48:47] <adaptr> well, if it does not recommend how to solve your current predicament, I can only advise you to learn how to actually configure postfix
[22:50:59] *** ALVAN has quit IRC
[22:52:28] <adaptr> SARGuy: a map lookup always looks for localpart, domain, AND localpart@domain
[22:52:39] <adaptr> them it chooses the best match
[22:52:41] <adaptr> *then
[22:52:56] <SARGuy> there is an EXACT match in the first table
[22:53:12] <adaptr> can you paste the map line ?
[22:53:15] <SARGuy> but only the @domain in the second.
[22:53:17] <SARGuy> yeah
[22:53:57] <SARGuy> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_aliases.cf, proxy:mysql:/etc/postfix/mysql-virtual_unknown.cf
[22:54:12] <adaptr> two proxy maps... sigh
[22:54:24] <adaptr> any particular reason WHY ?
[22:55:03] <SARGuy> cause the original admin had no clue how to properly setup a mail environment..  so now i have to band-aid the problem until i can redo everything
[22:55:31] <adaptr> using proxy maps exclusively is not going to help
[22:55:38] <adaptr> ONE proxy, and one real map, yes
[22:55:42] <adaptr> bot not both
[22:55:58] <SARGuy> not sure i follow...  this same config works on another machine
[23:03:14] <adaptr> why are you using proxy: maps at all ?
[23:03:23] <adaptr> you either use a database lookup or yo udon't
[23:05:01] <SARGuy> my understanding is that the proxy map keeps a single connection to mysql instead of multiple connections for each postfix proc, is that not correct?
[23:05:14] <m0t3jl> If I explicitly use the smtp_bin_address parameter, should Postfix try to relay e-mails through an interface that is assigned to completely different IP address than the one specified in the smtp_bind_address parameter?
[23:06:41] <adaptr> !proxy
[23:06:42] <knoba> adaptr: Error: "proxy" is not a valid command.
[23:07:14] <m0t3jl> adaptr, proxy?
[23:07:25] <SARGuy> !proxymap
[23:07:25] <knoba> SARGuy: Error: "proxymap" is not a valid command.
[23:07:35] <m0t3jl> What should I set it to?
[23:08:04] *** dft has quit IRC
[23:08:06] <SARGuy> denied......  but it is a valid command:
[23:08:06] <SARGuy> The  proxymap(8)  server  provides read-only or read-write
[23:08:06] <SARGuy>        table lookup service to Postfix processes. These  services
[23:08:06] <SARGuy>        are  implemented with distinct service names: proxymap and
[23:08:06] <SARGuy>        proxywrite, respectively. The purpose  of  these  services
[23:08:06] <SARGuy>        is:
[23:08:21] <adaptr> SARGuy: it is not a command, it is a map type
[23:08:30] <adaptr> the daemon implements the map type
[23:08:41] *** war9407 has quit IRC
[23:08:46] <adaptr> but you are correct, it should serialize mysql connections
[23:09:30] <m0t3jl> I'm sorry guys, seems like I thought you were both talking to me ;)
[23:13:11] *** Fallenou[oqp] has joined #postfix
[23:13:47] <SARGuy> so back to the origianl problem, with or without the proxy...  it's not working correctly..  and i'm out of options for troubleshooting.
[23:14:05] <SARGuy> postconf virtual_alias_maps shows the correct order...
[23:15:41] *** jra has joined #postfix
[23:16:08] *** Roobarb has quit IRC
[23:16:35] *** Roobarb has joined #postfix
[23:21:15] <SARGuy> is it possible that amavis is rewriting something?
[23:21:20] <SARGuy> this is just strange
[23:21:37] *** HammerFall has left #postfix
[23:24:18] *** havvg has quit IRC
[23:25:14] *** Southron has left #Postfix
[23:28:22] *** d0uglas has quit IRC
[23:30:04] *** madrescher has quit IRC
[23:33:54] *** githogori has quit IRC
[23:35:13] *** madrescher has joined #postfix
[23:36:06] *** karrotx has quit IRC
[23:38:50] *** wdp has quit IRC
[23:44:39] <adaptr> it's afterqueue, so all rewriting has been done already
[23:46:26] <SARGuy> then im at a loss
[23:46:40] *** rmayorga has quit IRC
[23:46:49] <adaptr> you say it works on a different physical machine ?
[23:46:54] <SARGuy> yup
[23:46:58] <SARGuy> flawlessly
[23:46:58] <adaptr> which is configured identically ?
[23:47:02] <SARGuy> well, at least for now
[23:47:03] <SARGuy> yup
[23:47:10] <adaptr> then compare them
[23:47:14] <SARGuy> did that
[23:47:15] <adaptr> and the postfix versions
[23:47:17] <SARGuy> 5 times
[23:47:22] <SARGuy> hmm..  didnt do that
[23:47:32] <adaptr> defaults may have changed
[23:47:34] <SARGuy> pretty sure they are the same
[23:47:37] <SARGuy> lemme check
[23:48:28] *** Twinkletoes|H has joined #postfix
[23:48:39] <SARGuy> yup, same
[23:48:40] <SARGuy> 2.3.8
[23:49:02] *** rcsu has quit IRC
[23:49:02] <adaptr> oldish
[23:49:43] *** rmayorga has joined #postfix
[23:49:55] <SARGuy> debian imag
[23:50:11] *** Twinkletoes|H has quit IRC
[23:55:25] *** BuenGenio has quit IRC
[23:59:53] *** Mr_Grim has joined #postfix
[23:59:54] *** incidence has quit IRC





top