[00:00:36] *** BuenGenio has joined #postfix
[00:00:51] *** gonewestcoast has quit IRC
[00:01:22] *** hparker has quit IRC
[00:01:27] *** non-sequitir has joined #postfix
[00:02:16] *** jtaji has quit IRC
[00:06:08] *** hparker has joined #postfix
[00:06:30] *** seekwill has quit IRC
[00:06:52] *** hparker has quit IRC
[00:07:47] *** karrotx has quit IRC
[00:10:27] *** BuenGenio has quit IRC
[00:18:36] *** BuenGenio has joined #postfix
[00:20:49] *** BuenGenio has quit IRC
[00:21:25] *** BuenGenio has joined #postfix
[00:24:40] *** non-sequitir has quit IRC
[00:26:27] *** BuenGenio has quit IRC
[00:27:03] *** BuenGenio has joined #postfix
[00:27:23] *** dogmeat has quit IRC
[00:29:01] *** xpeed has joined #postfix
[00:30:37] *** gutocarvalho has quit IRC
[00:31:57] *** BuenGenio has quit IRC
[00:32:25] *** BuenGenio has joined #postfix
[00:39:33] *** hever has quit IRC
[00:42:08] *** xXx_JaZz_xXx has joined #postfix
[00:44:57] *** war9407 has quit IRC
[00:46:51] <hkais> someone here who uses postini with postfix? if so, could you paste your config?
[00:49:22] <xXx_JaZz_xXx> hiDec 15 23:49:36 root1 postgrey[2427]: action=pass, reason=triplet found, delay=350, client_name=unknown, client_address=79.97.249.157, sender=test at 5loops dot net, recipient=mail at andreas-glaser dot com
[00:49:22] <xXx_JaZz_xXx> Dec 15 23:49:36 root1 postfix/smtpd[17707]: NOQUEUE: reject: RCPT from unknown[79.97.249.157]: 554 5.7.1 <mail at andreas-glaser dot com>: Relay access denied; from=<test at 5loops dot net> to=<mail at andreas-glaser dot com> proto=ESMTP helo=<[192.168.0.153]>
[00:49:26] <xXx_JaZz_xXx> hi
[00:49:30] <xXx_JaZz_xXx> sry...
[00:49:45] <xXx_JaZz_xXx> i got this error as soon as i try to send a message
[00:49:52] <xXx_JaZz_xXx> any ideas
[00:50:07] *** Knoedel2 has quit IRC
[00:50:11] <xXx_JaZz_xXx> i installed a multidomain postfix server with this tutorial
[00:50:19] <xXx_JaZz_xXx> http://wiki.sharlaan.net/us:howto:postfix:debian
[00:51:06] <sahil> !tutorial
[00:51:07] <knoba> sahil: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their mail server without reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to look for hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.
[00:51:11] *** BuenGenio has quit IRC
[00:51:19] <sahil> xXx_JaZz_xXx: please read the topic and provide the requested information when asking for help in this channel.
[00:53:06] *** xpoint has joined #postfix
[00:53:10] <rob0> !relay_denied
[00:53:11] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[00:53:29] <xXx_JaZz_xXx> http://pastie.org/private/sy37zbsphyxxgzyojntd9q
[00:54:15] *** RedShift has quit IRC
[00:55:01] <xXx_JaZz_xXx> here the entire log.... http://pastie.org/private/sy37zbsphyxxgzyojntd9q
[00:56:52] *** bigtone_ has joined #postfix
[00:57:20] *** unsolo has joined #postfix
[00:57:22] <unsolo> anyone here using drbd + ocfs2 ?
[00:57:46] *** MarkBao has joined #postfix
[00:58:55] <Trengo> i used ocfs2 on a san
[00:59:13] <Trengo> completely fucked up
[00:59:22] <Trengo> going for qfs soon
[01:00:15] <unsolo> <--- tried qfs2 went bad
[01:00:15] *** xXx_JaZz_xXx has quit IRC
[01:00:20] *** matt_ has quit IRC
[01:00:21] *** xXx_JaZz_xXx has joined #postfix
[01:00:31] <unsolo> but i have used ocfs2 on top of drbd 8.0
[01:00:41] <unsolo> in primary primary mode
[01:00:42] *** xXx_JaZz_xXx has quit IRC
[01:00:53] <unsolo> just wondering if there is an alternative really
[01:01:17] <unsolo> other than buying the real deal ready nas.
[01:01:38] <Trengo> nas?
[01:01:42] <Trengo> you mean san?
[01:01:43] <adaptr> "real deal" ? what;s wrong with using XFS on a SAN ?
[01:01:55] *** matt_ has joined #postfix
[01:02:04] <Trengo> what was wrong with qfs?
[01:02:18] <xpeed> NAS = Network Atached Storage, not San
[01:02:30] <adaptr> xpeed: yes, thank you
[01:03:01] *** ghtry has joined #postfix
[01:04:08] <Trengo> unsolo so what was wrong with qfs?
[01:04:38] <unsolo> sorry i meant nas
[01:04:46] <unsolo> Trengo: it locked on me
[01:04:54] <ghtry> Hello fellow postfix chatters.  I am having an issue specifically with local accounts being allowed to spoof the From: mail header.  I have been reading and checking logs but still confused as to how to deal with it.  I successfully setup apolicy daemon roughly 4 hours ago.
[01:05:01] <unsolo> on the first reboot it locked up
[01:05:17] <Trengo> unsolo ocfs2 completely thrashed on me
[01:05:18] <unsolo> i think drbd8 + ocfs2 is fairly safe
[01:05:23] *** dogmeat has joined #postfix
[01:05:24] <unsolo> how did it crash on you ?
[01:05:37] <unsolo> where you running with primary primary underneath
[01:05:38] <unsolo> ?
[01:05:46] <Trengo> ocfs2 isnt meant to handle many small files
[01:06:03] <Trengo> it had a bug related to unlink
[01:06:10] <unsolo> oh
[01:06:28] <Trengo> then one day 3 weeks ago it screwed up bad
[01:07:00] <Trengo> screwed up a few superblocks even
[01:08:00] *** jtaji has joined #postfix
[01:08:12] <Trengo> what kind of shared storage did you run qfs on?
[01:08:15] *** f3ew has joined #postfix
[01:08:54] <roe_> ghtry, not sure you're gonna have any luck
[01:09:35] *** bigtone has quit IRC
[01:11:05] <ghtry> Well I have been hacking away at this thing lol.  Technically the user in question has a local account.  I setup smtpd_sasl_security_options = noanonymous and I have pointers towards the apolicy daemon but nothing seems to defeat a spoofed From: header.
[01:12:31] <unsolo> Trengu drbd as well
[01:12:45] <ghtry> The log shows the correct user in question who sent the message but mail clients only seem interested in that From: header.  It appears what needs doing is to check the local account against the from header they are sending but I am not sure how to accomplish that.
[01:12:53] <unsolo> and i do belive ocfs2 works well with small files as i have used it on a mail server for 6 months now
[01:13:00] <roe_> ghtry, are you trying to stop the envelope address or the header address?
[01:13:05] <roe_> from being forged
[01:13:07] <unsolo> problem was the SATA controller on one went bad
[01:14:00] <roe_> if you require sasl to send, then as long as I auth correctly I can send any time of email I want, postfix doesn't care/ nor does it have the ability to check for it
[01:14:09] <roe_> and you don't want to get involved in header checks
[01:14:19] <ghtry> Not sure I guess to be fair to say.  I am trying to stop the From: header which can also manually be specified in a sendmail -t call.
[01:15:50] <ghtry> johndoe@myhost is allowed to say the message is from ghtry@myhost for example.  johndoe has a local account and is permitted relay.  The particular spoofing used with the From: header is what I am trying to prevent.
[01:16:09] <roe_> oh I understand what you are trying to stop
[01:16:25] <adaptr> roe_: of course postfix has the ability to check the sender
[01:16:48] <roe_> provided after the DATA tag
[01:16:57] <roe_> ?
[01:17:10] <roe_> not sure it 'tag' is correct but, you get my meaning
[01:17:16] <ghtry> I have apolicy so if there was a certain rule I could use I'd be more than happy to try it.  My attempts seem to fail but I seem to have enhanced other areas of security in my travels.
[01:17:51] <adaptr> !smtpd_sasl_security_options
[01:17:52] <knoba> adaptr: "smtpd_sasl_security_options" : a configuration parameter in the main.cf: Restrict what authentication mechanisms the Postfix SMTP server will offer to the client. The list of available authentication mechanisms is system dependent.
[01:18:03] <roe_> adaptr, of the envelope sure
[01:18:16] <adaptr> oh, he wants to restrict the From header ?
[01:18:24] <roe_> yea
[01:18:25] <adaptr> !smtpd_sasl_authenticated_header
[01:18:26] <knoba> adaptr: Error: "smtpd_sasl_authenticated_header" is not a valid command.
[01:18:40] <adaptr> yes it is!
[01:19:07] <adaptr> anyway, ghtry , headers are not very important
[01:19:09] <ghtry> A barebones sendmail -t is specified /usr/sbin/sendmail -t target@address From: canbespoofed@host Subject: self-explanatory [message]
[01:19:25] <adaptr> the header sender can always be spoofed
[01:19:32] <adaptr> it's not even violating anything
[01:19:38] <ghtry> :(
[01:20:01] <adaptr> you could want to appear to send from another, equally valid, account, yes ?
[01:20:17] <adaptr> so responses will go to that other account
[01:20:30] <adaptr> this is well within the RFCs, and is actually desired functionality
[01:20:55] <adaptr> the often-seen microsoftism Return-path is NOT in the RFC, that's what the From: header is actually for
[01:20:58] <roe_> adaptr, that option 'smtpd_sasl_authenticated_header' just adds a line in the header about what user sent the message?
[01:21:04] <adaptr> yerp
[01:21:09] <roe_> that is kinda neat
[01:21:11] <adaptr> so the recipient can at least check
[01:21:21] <roe_> and ghtry that might get your friend off your back
[01:21:44] <ghtry> But the mail server *knows* who it came from.  The log (/var/log/maillog) points it out.  My mail client however incorrectly sees the message as what was spoofed.  I was curious to know if there was some way to double check that From: actually matches the originator.
[01:21:53] <roe_> so you can look at the headers and say "stfu, look you we can see right here you sent it"
[01:22:42] <roe_> most mail clients read FROM: TO: etc.. from the DATA of the message not the envelope
[01:23:01] <ghtry> I see that seems to make a bit more sense
[01:23:35] <ghtry> So there is technically 2 froms but one is a simple header while the other is *truth* or the true sender?
[01:24:53] *** hkais has quit IRC
[01:26:20] <rob0> What is truth, when it comes to sender addresses? Truth is what you can prove. If it came from outside your system, you cannot know the "true sender".
[01:26:29] *** bigtone_ has quit IRC
[01:27:19] <roe_> there is no sender?
[01:27:29] <roe_> oh wait that is spoon
[01:27:31] <ghtry> But if the from header matches a local account is there not a way to auth the request?  Enforce a password or secure the fact that it really came from the local account which the From: claims it does?
[01:27:36] *** k-man_ has joined #postfix
[01:28:52] <adaptr> ghtry: a mail client does not and never will see the nevelope sender
[01:28:59] <ghtry> If users for example received important info about accounts or security updates: any ol cracker could simply spoof that address and end users would not be the wiser.  Even at being RFC compliant there is absolutely no way I can fix this?
[01:29:02] <adaptr> only mail servers do
[01:29:26] *** yacc has quit IRC
[01:29:29] <adaptr> and as I have already tried to explain, the fact that the envelope sender does not need to match teh from header is actually an RFC *requirement*
[01:29:43] <rob0> Many projects GPG-sign their security updates, this is the only way to be sure.
[01:29:45] <adaptr> you MAY NOT enforce them to be identical
[01:30:29] <adaptr> if you do, you will absolutely kill list servers
[01:30:30] <roe_> to be compliant
[01:30:40] *** hparker has joined #postfix
[01:30:46] <roe_> I think he only cares about outgoing
[01:30:55] <adaptr> doesn't matter
[01:31:00] <adaptr> it applies to both
[01:31:32] <rob0> it helps to give a description of the real problem
[01:31:44] <ghtry> I am simply saying a check possibly RegEx even that is [whateveruser]@{host} if the {host} matches then perform double checking?  If a hostname belongs to someone how is that wrong?  I understand now why it needs to work as it does but this is not helping me much in my specific case.
[01:32:10] <rob0> So many people lead us on wild goose chases with their questions here, because what they want cannot be done.
[01:32:37] <adaptr> ghtry: you can implement a wildly inefficient and convoluted header check, sure
[01:33:02] <roe_> refer to my comment 20 minutes ago, "you don't want to get involved in header checks"
[01:33:15] <adaptr> but you'd have to show real practical application for me to want to help you do this
[01:33:24] <rob0> What about a mailing list? Envelope sender: listserv at list dot server; From: real at human dot sender
[01:33:33] <ghtry> Well the nitty gritty that I need is if From header @{host} == "hostname" simply double check they have rights to use it.  All other mail is free to travel as desired.
[01:33:36] <adaptr> roe_: I already commented he would kill list servers
[01:33:49] <roe_> I agree with you
[01:34:09] <adaptr> I meant rob0 , darnit, I type two characters
[01:34:26] <adaptr> that's usually enough, up to 700+ nicks in a channel
[01:34:32] <adaptr> if the distribution were perfect :)
[01:34:57] <roe_> shall I change my nick for you? :)
[01:35:04] <adaptr> ghtry: "rights to use it" is what is the issue here - who cares ?
[01:35:30] <adaptr> ghtry: normally you only care that other MTAs don't impersonate your MTA, so you refuse mail that pretends to coe from your domain or hostname
[01:35:39] <rob0> This kind of thing isn't going to have a major impact on your spam problem.
[01:35:41] <adaptr> in every other conceivable situation - who cares ?
[01:35:47] <rob0> (if any)
[01:36:28] <roe_> because some smart a** is giving ghtry a hard time and ghtry doesn't know enough to tell him to go spit... at least that is my guess
[01:36:36] *** havvg has quit IRC
[01:36:40] <xpoint> roe_, try to register at freenode ?
[01:36:55] <adaptr> and don't use a nick that starts with "ro"
[01:37:01] <roe_> xpoint, I am registered
[01:37:03] *** SARGuy has left #postfix
[01:37:12] <adaptr> it's a bit too late to ask rob0 to change his nick, he's near-wedded to it
[01:37:21] <rob0> oh indeed
[01:37:42] <adaptr> in fact, I even dislike seekwill and sysmonk both having nicks that start with "s"
[01:37:50] <ghtry> adaptr: I will re-word a bit.  Let's say you had an email address and someone spoofed your email to lets say uhm someone important to you.  Would you not wish that the other person know it was really you?  A simple From: header check (if matches certain host) then make sure the envelope matches the From header?  It appears however seeing it is RFC compliant my request will go to bit bucket.  But I won't disrespect an RFC I suppose.
[01:37:50] <ghtry>   I just feel it's wrong.
[01:37:52] <xpoint> adaptr, should i change to xp then ? :)
[01:38:19] <adaptr> ghtry: then start making a habit of GPG signing your mail
[01:38:25] <rob0> Consider using GPG, yes.
[01:38:38] <adaptr> ghtry: there is *NO*, read my lips NO other means of absolutey certainty
[01:38:39] <roe_> aye GPG will do what you want
[01:38:44] <ghtry> Hmm you mean signed mail?
[01:38:46] <xpoint> or dkim if you want it to work
[01:39:04] <roe_> dkim is domain signing not user signing
[01:39:16] <adaptr> ghtry: fuck me! no, of COURSE I don't mean :signed mail" when I tell you to SIGN YOUR MAIL
[01:39:23] <adaptr> JE-SUS
[01:39:27] <xpoint> roe_, NOT
[01:39:39] <roe_> NOT what?
[01:39:47] <ghtry> Alright I understand why mail signing is important now.  As I have been using postfix I have learned alot of scary underlying email facts I was never aware of before.
[01:40:00] <xpoint> dkim signs pr domain, but its pr user key signed
[01:40:06] <adaptr> ALOT
[01:40:18] <adaptr> somebody kick him out before my head explodes
[01:40:53] <ghtry> adaptr that won't be necessary.  I am sorry I offended you.  If you want me to leave I can.
[01:41:34] <adaptr> no, not at all, I just get this inexplicable craving for BRAINZ when somebody thinks ALOT is a word
[01:41:42] <adaptr> hint: it isn't
[01:42:18] <roe_> irregardless ;)
[01:42:40] <adaptr> and if somebody forged the sender address of someone important to me and I was indoubt as to its veracity, I would check the headers and its falsity would be established withi a matter of seconds
[01:42:56] <adaptr> roe_: the jury is still out on that one, although I agree it's ugly
[01:43:07] <ghtry> Well I catch on eventually.  Spent 2 days so far working with postfix and what I have learned gives me a few chills.  My friend is much smarter in the whole email field than I and what he is showing me is discomforting.
[01:43:14] <xpoint> roe_, gpg is nice but its not supported in mailservers
[01:43:26] <adaptr> xpoint: they don't need its support
[01:43:41] <roe_> xpoint, enigmail
[01:44:08] <roe_> or the l337 alternative for uber admins
[01:44:11] *** SARGuy has joined #postfix
[01:44:32] *** k-man has quit IRC
[01:44:36] <ghtry> smtpd shows him sending mail for example but KMail shows the mail came from me when I in fact know I never sent anything to myself.  I was only looking to see if there was some solution to stop that behaviour.
[01:44:46] <xpoint> i belive i learn new things now on blocking on the recipients mta when sender signs with a dkim key that fails on recipient mta
[01:44:57] <adaptr> ghtry: it is not "behaviour" - it is something he did, and it is trivial
[01:44:59] *** SARGuy has quit IRC
[01:45:10] <roe_> very trivial
[01:45:11] <sidh> roe_: when i send a mail to a local account (for virtual account everything is ok )
[01:45:18] <xpoint> this makes alot of points for using gpg :)
[01:45:25] <adaptr> okay, where's my axe ?
[01:45:30] <adaptr> your head is coming off RIGHT NOW
[01:45:53] <sidh> i can see that in log
[01:45:57] *** Mosu has quit IRC
[01:46:03] <sidh> relay=dovecot, delay=0.17, delays=0.12/0.02/0/0.03, dsn=5.1.1, status=bounced (user unknown)
[01:46:04] <adaptr> "alot is not a word" will be engraved upon your tombstone
[01:46:08] *** Mosu has joined #postfix
[01:46:43] <roe_> sidh, pastebin postconf -n
[01:46:53] <sidh> i know this is because relay=dovecot references a ldap:transport
[01:47:01] <ghtry> adaptr could you at least point me towards a way I may scan the mail headers plz.  I know it is probably not my wisest move but mails addressed in from which match my host I want checked against the envelope.  I won't ask for help on how to actually do that.
[01:47:03] *** r3r3 has quit IRC
[01:47:09] <sidh> which does not contain any local account info
[01:47:11] <sidh> ok
[01:47:13] <roe_> !header_check
[01:47:13] <knoba> roe_: Error: "header_check" is not a valid command.
[01:47:36] <roe_> knoba come on, you know what I want, give me some love
[01:47:48] <adaptr> ghtry: in case the past 30 minutes were not enough: don't do this, it's not worth it, you will break more than you comprehend
[01:47:59] <rob0> !header_checks
[01:48:00] <knoba> rob0: "header_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.
[01:48:00] <adaptr> and we won't fix it when yuo do
[01:48:06] <thumbs> even more than adaptr can break
[01:48:13] <thumbs> and we don't want that to happen
[01:48:14] <adaptr> I can break yer thumbs!
[01:48:24] <adaptr> they have 2 bones each
[01:48:25] <thumbs> you already tried
[01:48:31] <adaptr> when ?
[01:48:40] <thumbs> a couple years ago.
[01:48:46] <adaptr> I sat on yer ?
[01:48:47] <sidh> roe_: http://pastebin.com/f2f06f76d
[01:48:54] *** bluethundr has joined #postfix
[01:48:55] <adaptr> I musta been lighter then, you'd break now fo sho
[01:49:21] <thumbs> that's what I'm saying.
[01:49:56] <ghtry> What would you recommend then?  I can follow good advice.  I just really despise what a friend has been able to do and was kind enough to show.  On one side I see why it would be needed (forwarding etc) but on the other it causes undesired spoofing.
[01:50:19] <thumbs> !backscatter
[01:50:20] <knoba> thumbs: "backscatter" : http://www.postfix.org/BACKSCATTER_README.html
[01:50:54] <adaptr> set a good set of restrictions initially, use a decent RBL, implement amavis or something similar, and learn to live with the rest
[01:51:00] <adaptr> we do
[01:51:07] <roe_> ghtry, if I drive your car to break the speed limit, do you then put a governor on your car to guarantee no one who drives it can exceed 25miles an hour?
[01:51:14] <xpoint> sidh, where is your wan ip ?
[01:51:32] <ghtry> roe_ good point
[01:51:40] <ghtry> No because emergencies happen
[01:51:50] <xpoint> sidh, postconf -d | grep mynetworks is wroung ?
[01:51:55] <ghtry> If my wife had to go to the hospital parsay I would want quick travel
[01:51:57] <roe_> and sometimes it is correct/safe to go 40 or 60mph
[01:51:58] <adaptr> xpoint: because ?
[01:52:49] <roe_> sidh, so your server won't deliver mail to you at mysite dot com?
[01:53:03] <sidh> xpoint: the mail server is behind a firewall/router
[01:53:55] <xpeed> is XFS a reliable FS ( as ReiserFS) ?
[01:54:25] <adaptr> very reliable
[01:54:36] <adaptr> and reiser isn't that reliable, ext3 is better in most ways
[01:54:40] <ghtry> My suggestion was simply to scan the From: and if the host portion (right side of @) matched my host, simply double check the envelope user was the same otherwise you would know it was spoofed.  I can't figure out why that is getting ridiculed really.  But ok I'll stick to officialness ;)
[01:55:19] <adaptr> ghtry: what if the user has two accounts, one not on your server, and wishes to receive replies to that other account ?
[01:55:29] <xpeed> adaptr, and XFS reliability vs ext3 reliability differ very much?
[01:55:34] <roe_> if you want my advice I would turn on that option adaptr mentioned an hour ago and move on
[01:55:37] <ghtry> Well simple really
[01:55:56] <xpoint> sidh, proxy_interfaces=wan-ip then
[01:55:56] <adaptr> xpeed: XFS is very wel lsuited to large (>2TB) partitions; ext3..not so much
[01:56:08] <roe_> and anyone wanting to work with signed email set them up with a gpg key and enigmail
[01:56:35] <ghtry> If he wished to sendmail from an account at coolhost.com for example he would be forced to login truely to his coolhost.com account not spoof it from elsewhere.
[01:56:46] <adaptr> he did not wish that
[01:56:52] <xpeed> XFS for a short FS in range of GBs has adventages over conventionals FS?
[01:56:54] <adaptr> he wished to receive replies to that account
[01:57:06] <ghtry> Hmm excellent point.
[01:57:10] <adaptr> who are you to limit his perfectly valid usage of email ?
[01:57:13] <ghtry> That would break things
[01:57:27] *** bluethundr has quit IRC
[01:57:33] <adaptr> xpeed: it has some enterpise features that will be mostly lost on small partitions
[01:57:56] <xpeed> um oks thanks for the info adaptr.
[01:58:17] <adaptr> xpeed: it does not, however, cope very well with power loss... use JFS for that
[01:58:27] <adaptr> I have been using that for quite some time now with zero problems
[01:58:50] <ghtry> Alright adaptr you win heh.  I owe you a thanks because I was thinking of setting up return addresses.  That would have had drastic results.  How does email handle these then?  A signed message I am guessing uses the public/private encryption?
[01:58:50] <adaptr> XFS is fine for battery-backed RAID systems
[01:59:08] <adaptr> ghtry: it depends on the client
[01:59:16] <adaptr> as none of that is MTA functionality
[01:59:20] <adaptr> it's pure MUA
[01:59:30] <xpeed> i am searching a FS who performs in a very fast way, but not for storage.  but as a main FS for the OS
[01:59:45] <adaptr> then use ext3 or reiser; my preference is ext3
[01:59:56] <xpeed> i use reiserFS actually
[01:59:58] <adaptr> set noatime for performance
[02:00:05] <ghtry> My MUA (I am assuming you mean IMAP and POP3) is Dovecot.  MTA is postfix (SMTP 25).
[02:00:06] <adaptr> and notail if on reiser
[02:00:16] <xpeed> just looking for a better choice, but i think i'll still at reiser
[02:00:23] <adaptr> no, I don't mean IMAP and POP3
[02:01:04] <ghtry> Mail User Agent I see my bad.
[02:01:14] <sahil> ghtry: from: header spoofing has been around since the beginning of time.  welcome to the world wide internet.
[02:01:27] *** Juspion has joined #postfix
[02:01:32] *** r3r3 has joined #postfix
[02:01:53] <sidh> xpeed: roe_ nothing change with adding my wan ip
[02:02:21] <roe_> sidh, didn't answer my question
[02:02:28] <ghtry> heh sahil I am fairly new to some aspects of hosting things.  Apache taught me about HTML and how those headers work.  Never seen surfing the same.  Now my perception of email is much different than it was 3 days ago.
[02:02:56] <adaptr> apache taught you about HTML ?
[02:03:02] <adaptr> that's a first
[02:03:07] <ghtry> Makes me wonder if a fight I had over email was truthfully from its originator or not.
[02:03:12] <adaptr> apache doesn't *care* about HTML
[02:03:14] <sidh> nor with proxy interfaces setting
[02:03:35] <roe_> <roe_> sidh, so your server won't deliver mail to you at mysite dot com?
[02:03:44] <ghtry> I meant when I started hosting apache and writing html - sorry.
[02:04:08] <ghtry> Been a long day heh.
[02:05:10] <sidh> roe_: yes i don't deliver to mysite.com
[02:05:28] <sidh> but i does deliver to my virtual site
[02:05:42] <sidh> s/i/it
[02:05:48] <sahil> ghtry: you're yet to clearly explain the problem.  once you do that, you might get some traction here.  hint: don't explain in abstracts.  give a clear real-world example of the situation.
[02:08:28] <ghtry> sahil: A friend could spoof my email address to my wifes local account, say trashy things and she would assume it came from me when I am innocent.  Real enough?
[02:08:29] *** madrescher has quit IRC
[02:09:54] *** madrescher has joined #postfix
[02:10:02] <adaptr> actual data, is what we mean
[02:10:05] <adaptr> logs
[02:10:09] <adaptr> headers
[02:10:16] <adaptr> something concrete
[02:10:33] <ghtry> Better: EvilUser@host forges a nasty email which appears to come from ghtry@host to wife@host.  Wife does not know the difference and assuming it came from me we have a big fight about it.
[02:10:44] <ghtry> Oh hmm
[02:11:10] *** madrescher has quit IRC
[02:11:31] <ghtry> I suppose I don't mind sharing my hostname and such.  If it gets a problem answered it's worth every word.
[02:12:18] <ghtry> I'll put tail output on my site then give a concrete example (try to).
[02:12:21] <roe_> are we still talking about this, if you turn on the smtpd_sasl_authenticated_header then show your wife who sent it and end the argument
[02:12:34] <ghtry> heh true
[02:12:40] <ghtry> He asked for an example though
[02:12:44] <adaptr> or slap her one for not believing you in th efirst place
[02:12:53] <ghtry> lol >.>
[02:14:38] <ghtry> I suppose mail signing is the only truth.  I never honestly understood it until digging deeper and being shown how such mail could be spoofed.  I laughed when I seen a message from myself that clearly I di dnot write.  I paniced when the realization hit me.
[02:15:12] <adaptr> you must not have used teh intarwebs very frequently in the past 10 years then
[02:15:19] <thumbs> ghtry: give me your email address. I can send you plenty.
[02:15:33] <ghtry> I know you could thumbs
[02:15:44] <ghtry> I am new to the whole email thing.
[02:15:56] <adaptr> scary
[02:16:02] <ghtry> Classified as newb.  But I will never learn if I don't just dive in.
[02:16:18] <adaptr> might I suggest NOT starting by running a public MTA ?
[02:16:28] <adaptr> install one, fool around - inside your own network
[02:17:23] <ghtry> Probably very wise advice.  I may end up leaving email to more professional hands.  I now see why the configuration is so large scale.  There is more to email than meets the eye.
[02:17:42] <thumbs> adaptr and wise in the same sentence is weird.
[02:18:20] <adaptr> I agree
[02:18:24] <ghtry> Well when I am wrong I am wrong period.  No sense arguing when you have nothing to be right about.
[02:21:49] <ghtry> Sorry for the confusion.  I believe I will try enforcing (persuading?) mail signing for important accounts.  I am not sure any longer how to tackle this.  A few of the things I run depend on the mail system I have setup.
[02:22:10] <sidh> roe_: i still get the bounced status
[02:22:39] <sidh> i don't know how to add a second transport which would be local
[02:22:56] *** jra has joined #postfix
[02:23:03] <ghtry> In particular when users receive mail from Anope they should be assured it is my services program and not a potential attacker giving evilish instructions.
[02:23:10] <rob0> "Adaptr is a wise ass."
[02:23:14] *** r3r3 has quit IRC
[02:23:18] *** r3r3 has joined #postfix
[02:23:22] <adaptr> well, it's still better than the current one
[02:23:24] <adaptr> !adaptr
[02:23:25] <knoba> adaptr: "adaptr" : a small shell script that floods the channel with factoids
[02:23:34] <rob0> "People would be wise to ignore adaptr."
[02:23:51] <adaptr> elvish instructions ?
[02:24:10] <ghtry> evilish*
[02:24:13] <rob0> Elves too
[02:25:12] <ghtry> Reminds me of a virus class known I think as a hoax where an evil user gives bad instructions and tells the recipient to forward the email to his/her friends.
[02:25:22] <xpeed> "XFS does NOT do well with unexpected shutdowns."
[02:25:42] <adaptr> xpeed: yes, I said that
[02:25:43] <xpeed> most of places where discuss FS choices, agree with that
[02:25:51] <xpeed> um
[02:26:12] <xpeed> then reliability isn't a pr for this FS xD
[02:26:16] <xpeed> pro*
[02:26:20] <xpeed> oks
[02:26:23] <rob0> I have a Linux laptop with xfs, MANY battery failures, the xfs held up fine.
[02:26:27] <jra> use JFS, jra approves.
[02:26:49] <xpeed> JFS vs ReiserFS got adventages?
[02:26:55] <xpeed> srry aboyut grammar
[02:26:59] <xpeed> about*
[02:27:09] <xpeed> it is painfully, i know xD
[02:27:24] <adaptr> xpeed: XFS is VERY reliable, but using it outside an enterprise environment is your own responsibility
[02:28:10] *** Motoko-chan has quit IRC
[02:28:20] <adaptr> like XFS, JFS is suited to large filesystems
[02:28:26] <jra> He means you should better use an UPS.
[02:28:27] <rob0> xfs is more mature outside of Linux.
[02:28:33] <xpeed> jra, what about JFS, performs faster than ReiserFS ?
[02:28:44] <jra> I've never used Reiser.
[02:28:51] <xpeed> oks
[02:29:07] <rob0> "faster"?
[02:29:31] <jra> tmpfs should be good at that
[02:29:37] <xpeed> xD
[02:29:50] <xpeed> the thing is this
[02:29:56] <adaptr> finally!
[02:31:26] <xpeed> i have a laptop, with a damn 250GB HD SATA AT 5400 RPM, but it performs pretty "slow" compared with laptops or desktops with lower specs (RAM, Processor, etc) but hds at 7200 rpm
[02:31:51] <adaptr> yes, of course
[02:31:57] <xpeed> i know,  rpm is a decicive feature at disk performance
[02:31:59] <adaptr> this is unrelated to the filesystem
[02:32:15] <adaptr> use ext3 or reiser, I would use ext3
[02:32:18] <xpeed> so i want just tune up most i can the FS on the 5400 rpm
[02:32:38] <adaptr> match the filesystem readahead with the disk physical readahead, that's the best you can do
[02:32:45] <xpeed> i use reiserfs with gentoo 64 bit compiled
[02:32:54] <adaptr> ah
[02:32:57] <adaptr> all bets are off, then
[02:33:09] <xpeed> but it really pissed me off, i am a little obsesed with performance on OSs
[02:33:23] <xpeed> adaptr, why?
[02:33:57] <adaptr> stop obsessing and get a 7200rpm drive, then
[02:34:04] <adaptr> scorpios are very good
[02:34:16] <xpeed> yes i am searching one supported by mi laptop's board
[02:34:21] <ghtry> Some of todays hardware can really offer performance gains
[02:34:31] <adaptr> xpeed: every single one is supported
[02:34:33] <ghtry> SATA II is nice
[02:34:47] <xpeed> umm
[02:34:56] <adaptr> unless it's a lousy laptop
[02:35:00] *** brancaleone has quit IRC
[02:35:19] <xpeed> FS perform can be affected by a 32 or 64 bit OS?
[02:35:21] *** r33 has joined #postfix
[02:35:23] <adaptr> no
[02:35:30] <xpeed> i ask because the answer above
[02:35:42] <xpeed> when i cmmented the gentoo 64 bit sentece
[02:35:56] <xpeed> i thought that
[02:36:34] <ghtry> adaptr thanks for stopping me from doing something stupid.  I will research more and at this point I am highly considering mail signing.  Some service programs have issues though and only know the /usr/sbin/sendmail so I am a bit stuck currently.
[02:36:42] <adaptr> read up on how disk interfaces work, and how they communicate with an OS
[02:36:52] <sidh> how can we specify a second transport for local domain ?
[02:37:03] <adaptr> ghtry: for services it is trivial to match the envelope to the header
[02:37:17] <adaptr> sidh: what do you mean ?
[02:37:49] <sidh> mail incoming for local (unix account) are rejected
[02:38:09] <ghtry> I just dont want users receiving a spoofed service message such as please send your password to blah at host dot ext for further assistance.  It's a very uncomfortable thought.
[02:38:22] <xpeed> adaptr, too many partitions on the disk do can affect disk performance right?
[02:38:36] <sidh> because the relay which is used make reference to ldap:transport
[02:38:55] <adaptr> ghtry: there is literally nothing you can do about that unless yo configure postfix properly, and you're not even close to configuring basic spam prevention if this bothers you
[02:39:01] <adaptr> xpeed: no
[02:39:13] *** skeeziks has left #postfix
[02:39:55] <xpeed> talnkig about ldap, can a mail system with virtual transport based on a Postgresql or mysql DB for users and virtual domains use ldap for users?
[02:40:16] *** r3r3 has quit IRC
[02:40:19] <adaptr> ...yes?
[02:40:30] <xpeed> >.<
[02:40:40] <xpeed> is that a stupid question? xD
[02:40:40] <ghtry> Well relaying needs a local auth.  I am 100% safe from outsiders.  It is the inside which has privileges that I am worried about.  My IRC services uses only 1 account.  If a local user could spoof it that spells disaster depending on what they try convincing the recipient of believing/doing.
[02:41:08] <xpeed> was that*
[02:41:14] <sidh> adaptr: do you see what i mean
[02:41:18] <adaptr> if you don't trust your local users then I suggest you kick them out; there's very little you can do about that
[02:41:57] *** r3r3 has joined #postfix
[02:42:20] <sidh> when a mail is incoming for a local user, this error appears
[02:42:24] <ghtry> I suppose you are correct in this scenario.  I am a little disappointed but some things just can't really be changed.  My email is mostly kept internal amongst the server.  But again I will just say you are probably right.
[02:42:26] <sidh> relay=dovecot, delay=0.22, delays=0.17/0.02/0/0.03, dsn=5.1.1, status=bounced (user unknown)
[02:42:45] *** r33 has quit IRC
[02:42:58] <adaptr> sidh: and this surprises you because ?
[02:43:39] <sidh> adaptr: i would like to add another transport or modify the existing one
[02:43:55] <adaptr> it doesn't work
[02:44:00] <adaptr> I suggest you fix that
[02:44:00] <sidh> for it looks to ldap AND to local (/etc/aliases)
[02:44:07] <adaptr> !local
[02:44:08] <knoba> adaptr: "local" : The local(8) daemon processes delivery requests from the Postfix queue manager to deliver mail to local recipients, meaning users that exist in your /etc/passwd. This is done for domains listed in $mydestination. See !basic.
[02:44:15] <adaptr> !local_transport
[02:44:17] <knoba> adaptr: "local_transport" : a configuration parameter in the main.cf: The default mail delivery transport for local destinations. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces. This information can be overruled with the transport(5) table.
[02:45:19] *** ghtry has quit IRC
[02:45:33] <sidh> the domain is listed in mydestination
[02:45:33] <adaptr> I think you're confusing some basic concepts
[02:45:53] <adaptr> a TRANSPORT actually transports messages
[02:46:04] <adaptr> you're talking about recipient validation
[02:46:29] *** Juspion has quit IRC
[02:46:38] <adaptr> !local_recipient_maps
[02:46:39] <knoba> adaptr: "local_recipient_maps" : a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.
[02:49:15] *** Samson100 has joined #postfix
[02:50:19] <sidh> local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, $virtual_mailbox_maps
[02:50:26] <sidh> adaptr: it is set
[02:50:32] <sidh> and changes nothing
[02:51:04] <adaptr> so, look them up, do they pass ?
[02:51:26] <sidh> no the mails are bounced too
[02:51:34] <adaptr> you have taken a very strange turn somewhere, and I doubt you even understand where or how
[02:51:46] <adaptr> read that log line again
[02:52:35] <sidh> mail are bounced because the user (recipient) is unknown
[02:52:40] <adaptr> no
[02:52:47] <adaptr> you are using dovecot as your MDA
[02:52:58] <adaptr> does dovecot know who your valid users are ?
[02:53:24] <sidh> you mean in dovecot.conf ?
[02:53:30] <adaptr> here's a hint: no, it doesn't
[02:54:13] <adaptr> *deliver* is the one bouncing the message; postfix wouldn't *bounce* unknown recipients, it REJECTS them.
[02:54:23] <adaptr> free $clue
[02:54:56] <adaptr> deliver has no clue who thsi user is, refuses to deliver, and postfix, having already accepted the message, has no choice but to bounce it
[02:55:15] <adaptr> hint #2: don't use deliver, use postfix
[02:56:05] <jra> lmtp ftw
[02:56:13] <adaptr> agreed, too
[02:56:25] *** amrit|wrk is now known as amrit|afk
[02:58:08] <sidh> adaptr: with dovecot lda , mails are reindexing as they arrives, not by the mua
[02:58:13] <sidh> isn't it ?
[02:58:22] <adaptr> what does that have to do with anything ?
[02:58:37] <roe_> deliver also has the added benefit of sieve
[02:58:40] <adaptr> did you really fail to read what I just said ?
[02:59:05] <adaptr> IF you use deliver to deliver local mail, deliver MUST have access to and knowledge of all user and mailbox databases
[02:59:11] <sidh> when you talk about deliver
[02:59:12] <adaptr> yours does not
[02:59:19] <sidh> you talk about
[02:59:30] <sidh> flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
[02:59:37] <sidh> in master.cf ?
[02:59:49] <adaptr> however you configured it
[02:59:54] <adaptr> I don't know how
[03:02:39] *** thetimoo_ has joined #postfix
[03:03:11] *** thetimoo has quit IRC
[03:05:37] *** Samson_99 has quit IRC
[03:05:37] *** Samson100 is now known as Samson_99
[03:12:22] *** memetic has quit IRC
[03:12:32] *** loadk2008 has joined #postfix
[03:12:48] *** xpeed has quit IRC
[03:13:17] <loadk2008> hello
[03:13:35] <loadk2008> hey thumbs whats up?
[03:15:56] *** jra has quit IRC
[03:16:38] *** Radiance has joined #postfix
[03:19:11] *** githogori has quit IRC
[03:19:46] *** loadk2008 has left #postfix
[03:20:14] *** xpeed has joined #postfix
[03:24:15] *** k-man_ has quit IRC
[03:24:30] <thumbs> the sky, clouds, the sun
[03:47:13] *** _bugz_ has quit IRC
[03:47:36] *** _bugz_ has joined #postfix
[03:51:48] *** Zeit|awy_ has joined #postfix
[03:54:58] *** amrit|afk is now known as amrit
[03:56:14] *** adaptr has quit IRC
[03:59:23] *** Zeit|awy has quit IRC
[04:02:51] <cite> Good morning.
[04:19:05] *** adaptr has joined #postfix
[04:25:21] *** mavrick61 has joined #postfix
[04:30:21] <xpoint> sidh, relay=dovecot, delay=0.22, delays=0.17/0.02/0/0.03, dsn=5.1.1, status=bounced (user unknown) < this means that postfix know the LOCAL user exists, but dovecot dont know that user
[04:30:43] <adaptr> are you still on that ? wow
[04:31:05] <adaptr> I did a desktop update, logged out, rebooted, played around with compiz like, for HOURS, and he still doesn't get it ?
[04:31:36] <xpoint> adaptr, have fun with ubuntu ? :)
[04:31:54] <adaptr> sure, what else is there to do ?
[04:32:19] <xpoint> make a gentoo server running glibc 2.9 :)
[04:32:50] <xpoint> and then give a beer trying to get one to downgrade it to 2.8
[04:33:55] *** bluethundr_ has joined #postfix
[04:40:22] *** saurabhb has joined #postfix
[04:46:31] *** memetic has joined #postfix
[05:05:08] *** deadpigeon has quit IRC
[05:26:24] *** thetimoo_ has quit IRC
[05:30:10] *** thetimoo has joined #postfix
[05:32:16] *** Haris1 has joined #postfix
[05:32:43] *** mynullvoid has joined #postfix
[05:38:10] <xpeed> when a mail message is  sended to a mail like asdasd at klamsdlasd dot com and it can't be delivered wich parameter at main.cf set the time to wait for send a "delivered Failed Message"? (Delay-warning_time?)
[05:38:16] *** Jense has quit IRC
[05:38:44] *** Jense has joined #postfix
[05:42:51] *** githogori has joined #postfix
[05:52:08] *** Spec has quit IRC
[06:02:01] *** jimpop has joined #postfix
[06:06:06] <xpeed> do you know why the message can get stuck in qmail quee list and don't get a delivery failure?
[06:06:47] <rob0> "qmail quee list"?
[06:08:10] <xpeed> nevermin
[06:08:15] <xpeed> nevermind.
[06:13:15] *** mynullvoid has quit IRC
[06:14:40] *** SARGuy has joined #postfix
[06:14:45] *** MarkBao has quit IRC
[06:16:12] *** MarkBao has joined #postfix
[06:17:10] *** MarkBao has quit IRC
[06:17:51] *** garysmith3 has joined #postfix
[06:18:10] <garysmith3> anyone of the most current list of recommended rbls?
[06:22:16] *** Haris1 has quit IRC
[06:25:16] *** thetimoo has quit IRC
[06:28:03] <Gokee2> Hello all,  I was looking through my logs for today.  ghtry has a long conversation about email spoofing
[06:29:08] <Gokee2> You (the channel as a whole) seem to say most mail systems let you send mail with any from field?
[06:29:57] <Gokee2> I tested out with my gmail account and even if I gave it a diffrent from field to send from it send it with my normal email address
[06:30:29] <garysmith3> gmail isn't most email systems.  It's gmail.  They replace the from field with the login credentials.
[06:30:59] <Gokee2> garysmith3, Hmm so if I take something like my isp mail I can send mail from anyone?
[06:31:54] <garysmith3> In theory...  You can set it to validate senders on some systems.  It all really depends on how people configured their smtp servers.
[06:33:17] <garysmith3> Gokee2: Is there a particular reason for wanting to send as a different user?
[06:34:24] <Gokee2> garysmith3, Well I noticed on my mail system awhile ago that I could send out as anyone logging in as a normal user... I figured this was a problem with my setup as I thought normal users should not be able to forge mail that I am sending out...  I guess thats the normal practice though?
[06:35:17] *** samix has joined #postfix
[06:35:35] <Gokee2> Basicly I figured as a mail admin I should keep users from forging outgoing emails on my system :)
[06:35:42] <garysmith3> In normal systems, this should be fine.  You might want to validate domain's though.  The reason for it might be for user A to be able to have aliases B, C and D.  If you are running postfix, I believe you can setup sender domain validation for users.
[06:36:39] <Gokee2> Right I was wondering how alieses would be handled if I did not allow users to sendout from anywhere they pleased
[06:36:46] <garysmith3> of course, we use two different postfix setups.  One for incoming from the internet, the other from authenticated users so we can validate sender domains.  we can also further validate senders at the email address.
[06:37:46] <Gokee2> garysmith3, So if one of your users sent a email with a from field of foo at mycooldomain dot com what would happen?
[06:38:10] <garysmith3> well, without any type of sender validation, it would go...
[06:39:31] <Gokee2> So do you validate or let it go?
[06:39:37] <garysmith3> I think you want to look into smtpd_sender_restriction and check_sender_access.  We use it with a list of all email addresses that exist on the network.
[06:40:13] <garysmith3> if they do not exist in that list, they can't send.  Beyond that I'll have to defer to the list.
[06:41:00] <Gokee2> So anyone on your system can sendout as anyone else on your system?  But not as anyone else?
[06:41:52] <garysmith3> Yes.  But we also retain 100% of the logs which shows with authenticated user sent which email.
[06:42:07] <Gokee2> I see
[06:42:35] <garysmith3> Also, I'm not sure, but I think the email also holds the authenticated user that sent the email.  Let me check real quick
[06:42:48] <xpeed> how can i setup podtfix for if a user insert a incorrect mail address at a domain wich not exists, he/she get a message inmediatly telling that server do not exists
[06:42:50] <xpeed> ?
[06:43:12] <xpeed> if is a wrong user at gmail eg, it returns error
[06:43:13] <xpeed> but
[06:43:49] <xpeed> if is an inexistent domain the message stays at queue list for a couple of days and several times not a message warning
[06:43:50] <xpeed> :S
[06:45:59] *** jimpop has quit IRC
[06:49:28] <Gokee2> xpeed, Hmm if I send to a domain that does not exist I get a email back right away :)  Not sure whats up with your system.
[06:55:38] *** hparker has quit IRC
[06:57:47] *** mynullvoid has joined #postfix
[06:57:50] <mynullvoid> hello all
[06:58:15] <mynullvoid> I got problem with my certificate
[06:58:21] <mynullvoid> my cert expired
[06:58:31] <mynullvoid> so I try to recreate the certificate
[06:58:38] <mynullvoid> and now I am getting problem
[06:58:51] <mynullvoid> Out: 454 4.3.0 TLS not available due to local problem
[06:59:40] <mynullvoid> and the log showing warining: cannot get private ker from file /etc/postfix/ssl/newreq.pem
[07:04:24] <garysmith3> mynullvoid: is the private key password protected?  can postfix read the file?
[07:05:52] <mynullvoid> how to tell
[07:06:05] <mynullvoid> when I create I do enter password
[07:06:56] <mynullvoid> I use CA.pl to create
[07:07:24] <garysmith3> I found that I have to convert the password encoded pem file to a passwordless one using openssl.  I can't remmember the procedure.  Are you using a locally created CA or a commercial one?
[07:07:24] <mynullvoid> the steps are ./CA.pl -newreq
[07:07:52] <mynullvoid> then ./CA.pl -newreq-nodes
[07:08:03] <mynullvoid> and later ./CA.pl -sign
[07:08:27] <mynullvoid> I create it localy
[07:08:35] <garysmith3> don't know much about locally created ones.  I have commercial ones since I used them publicly.  You might want to add the local CA key as well.
[07:08:44] <garysmith3> #smtpd_tls_CAfile =
[07:10:22] <mynullvoid> where
[07:11:09] <garysmith3> in main.cf.  find the line where you have smtpd_tls_key_file  and smtpd_tls_cert_file and add a line for the CA file pointing to your local CA file.
[07:11:53] <mynullvoid> the file?
[07:12:38] <mynullvoid> http://pastebin.com/d62702d21
[07:13:42] <garysmith3> I think that your cert file should be a .cert and not a .pem file.  You might need to convert it with openssl.
[07:14:29] <mynullvoid> why
[07:14:49] <garysmith3> not sure.  That's just what I had to do.  ymmv
[07:15:08] *** f3ew has quit IRC
[07:15:22] <mynullvoid> i followed a sample from http://www.fatofthelan.com/articles/articles.php?pid=22
[07:15:57] <garysmith3> Don't know then
[07:28:06] *** hkais has joined #postfix
[07:29:27] *** growltiger has joined #postfix
[07:31:44] *** f3ew has joined #postfix
[07:32:19] *** xpeed has quit IRC
[07:41:19] *** Bart[mdv] has joined #postfix
[07:48:54] *** F|oFF has quit IRC
[07:49:38] *** Fallenou has joined #postfix
[07:50:12] *** F|oFF has joined #postfix
[07:57:43] <Gokee2> So is reject_sender_login_mismatch not recomended?
[07:59:17] *** |_Knoedel_| has joined #postfix
[07:59:37] <garysmith3> ?  Don't know.  You hit my limit of knowledge on the subject
[08:02:47] *** xpoint has quit IRC
[08:03:40] *** kk_CHN has joined #postfix
[08:06:35] *** Haris1 has joined #postfix
[08:08:05] *** phnord has joined #postfix
[08:11:34] *** yajith has joined #postfix
[08:16:18] *** sophokles has joined #postfix
[08:20:01] *** denis_ has quit IRC
[08:21:24] <Zumu> hello!
[08:21:45] <garysmith3> hello back to you
[08:22:42] <Zumu> garysmith3, how can i make postfix relay deliver local mail(for several domains), and relay all other mail?
[08:23:22] <Zumu> garysmith3, i used postfixadmin, but now all local mail loops via next hop back to my server
[08:24:26] <garysmith3> zumu.  Not sure.  I have a pretty complicated email setup myself and I don't use any of those tools.  give me a minute
[08:26:17] <garysmith3> Zumu: you need to look into mydestination maps and virtual_alias_maps (if necessary).
[08:26:39] <garysmith3> Also, for local delivery, you need to make sure the right mailbox command (or transport) is setup.
[08:33:50] <Zumu> garysmith3, i have lines like "mydomain.tld :\.mydomain.tld :\n* smtp:[nexthop.mydomain.tld]"
[08:34:09] <Zumu> also i have virtual_alias_maps
[08:34:18] *** sepski has joined #postfix
[08:35:02] <Zumu> seems like postfix uses transport, it doesn't do local delivery, so it sends all mail to nexthop, nexthop sends all local mail back
[08:35:09] <Zumu> it's kinda endless loop
[08:35:10] <garysmith3> zumu: all of mine are mysql interfaces.  I',m not really an expert on this.  I'll have to defer this.
[08:35:29] <garysmith3> zumu: what mailbox server are you using?  cyrus/uwimap?
[08:35:33] <Zumu> so you think i should define mydestination parameter?
[08:35:40] <Zumu> it's cyrus
[08:36:45] <garysmith3> make sure you have lmtp setup properly.  That's about the only thing I can think of.  You might also want to check the logs to if there is an error triggering the nexthop.  I've got to call it a night.
[08:37:02] *** garysmith3 has left #postfix
[08:37:44] <Zumu> i have mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
[08:44:02] *** reiner has joined #postfix
[08:45:19] *** kk_CHN has quit IRC
[08:50:42] *** puff has quit IRC
[08:50:54] *** puff has joined #postfix
[09:09:55] *** madrescher has joined #postfix
[09:27:34] *** denis_ has joined #postfix
[09:42:51] *** dan__t has quit IRC
[09:44:44] *** puff has quit IRC
[09:51:38] *** r3r3 has quit IRC
[09:51:56] *** r3r3 has joined #postfix
[09:52:42] *** hever has joined #postfix
[09:53:13] *** puff has joined #postfix
[09:58:29] *** war9407 has joined #postfix
[10:05:50] *** jonez has quit IRC
[10:19:38] *** growltiger_ has joined #postfix
[10:34:18] *** growltiger has quit IRC
[10:35:17] *** randra has joined #postfix
[10:43:31] *** ttzou has left #postfix
[10:44:16] *** wdp has joined #postfix
[10:45:12] *** _bt has quit IRC
[10:47:44] *** _bt has joined #postfix
[11:05:59] *** perlmonkey has joined #postfix
[11:06:42] <perlmonkey> hi, am I right in thinking Postfix and Exim4 are separate MTA and are not dependent?
[11:07:49] <yajith> yes..
[11:08:24] <perlmonkey> thanks
[11:08:46] <perlmonkey> sheesh I installed exim4 by accident on my system (Ubuntu) and now I cannot remove it, and Postfix wont start
[11:08:51] *** reiner has quit IRC
[11:09:03] <yajith> dpkg don't work ?
[11:09:09] <perlmonkey> exim4 seems to be difficult to remove
[11:09:20] <yajith> hm..
[11:09:35] <yajith> u should be able to stop the exim4 service n start postfix..
[11:09:49] <yajith> don't think u have to remove it..
[11:10:14] <perlmonkey> sudo apt-get remove exim4: The following packages have unmet dependencies:  exim4-daemon-light: Depends: exim4-base (>= 4.69) but it is not going to be installed
[11:10:42] <perlmonkey> i can start postfix, but i see no process running for it...usually its just "postfix" the process right?
[11:11:58] <perlmonkey> pretty sure my system is screwed
[11:12:03] <perlmonkey> from a botched upgrade
[11:12:14] <yajith> i think it starts a couple of processes...
[11:13:14] <yajith> perlmonkey: try telnet localhost 25 ;)
[11:13:38] <perlmonkey> says connection refused, i dont think MTA is running... also im not getting any e-mails delivered for 2 days
[11:14:05] *** hever has quit IRC
[11:14:07] <perlmonkey> this is one of the probs u need like a hole in the head
[11:14:33] <yajith> perlmonkey: is postfix configured..?
[11:14:51] <perlmonkey> ya, i had it working fine until 2 days ago been using it on this server for months
[11:15:07] *** hever has joined #postfix
[11:15:49] <perlmonkey> i did an upgrade, and i decided to replace dovecot with another pop3 server as it was spawning too many processes, and by accident i installed exim4
[11:15:49] <yajith> perlmonkey: can't u stop the exim service from init.d
[11:15:53] <yajith> and then start postfix.. ??
[11:16:06] <perlmonkey> exim4 doesnt seem to be running
[11:16:21] <perlmonkey> at least i cant see a process for it
[11:17:01] <yajith> netstat -ntlp | grep 25
[11:17:20] <perlmonkey>  sudo /etc/init.d/exim4 stop * Stopping MTA    /sbin/start-stop-daemon: warning: failed to kill 4866: No such process
[11:17:24] *** sepski has quit IRC
[11:17:51] <perlmonkey> tcp        0      0 0.0.0.0:35625           0.0.0.0:*               LISTEN      6608/rpc.mountd
[11:17:59] <perlmonkey> nothing
[11:18:22] <perlmonkey> now i start postfix..
[11:18:45] <perlmonkey> sudo /etc/init.d/postfix start
[11:18:47] <perlmonkey> no c
[11:18:56] <perlmonkey> no confirmation its started which is odd
[11:19:27] <perlmonkey> sure enough, no process running and nothing listening on port 25
[11:19:28] <perlmonkey> grrrr
[11:19:50] <perlmonkey> dont you just love problems like this
[11:20:45] <bda> What does /var/log/mail.log say?
[11:21:30] <bda> What is the output of `/usr/sbin/postfix start`?
[11:23:01] *** mynullvoid has quit IRC
[11:23:12] *** ndonegan has joined #postfix
[11:23:36] <perlmonkey> exim4 is like a freakin virus
[11:24:14] <perlmonkey> my mail log ended 2 days ago, no log entries since
[11:25:28] <perlmonkey> no output from /etc/init.d/postfix
[11:25:32] <perlmonkey> *start
[11:25:38] *** aleix has joined #postfix
[11:26:14] <perlmonkey> this just sucks
[11:26:25] <perlmonkey> looks like im gonna have to completely reinstall the server OS
[11:26:45] <aleix> i'm trying to understand the check_sender_access via ldap... does any one have this working? What return should I expect from the LDAP server?
[11:27:51] <ndonegan> Hi, have a box with multiple postfix instances running and need to do SMTP AUTH on some of them. sasl doesn't seem to like this at all. Any simple way of supplying a simple shadow style file to each instance?
[11:37:19] *** madrescher has quit IRC
[11:37:34] <bda> perlmonkey: Uh. You're reinstalling because you messed up a package install?
[11:37:44] <perlmonkey> bda: yes
[11:37:47] <bda> That's crazy.
[11:38:08] <perlmonkey> bda: I know, but what can I do :-/ this sucks, but I can't see any way to fix the problem of exim4
[11:38:23] <bda> apt-get --purge remove exim4
[11:38:37] <bda> apt-get update && apt-get install postfix # just in case
[11:38:59] <perlmonkey>  exim4-daemon-light: Depends: exim4-base (>= 4.69) but it is not going to be installed E: Unmet dependencies.
[11:39:10] <perlmonkey> doesnt seem to want to let go of exim4 eh
[11:39:28] <bda> shrug, use dpkg and force the uninstall.
[11:39:47] <yajith> perlmonkey: exactly...force uninstall...
[11:40:29] <perlmonkey>  sudo apt-get install postfix  The following packages have unmet dependencies.   exim4-daemon-light: Depends: exim4-base (>= 4.69) but it is not going to be installed                       Conflicts: mail-transport-agent  postfix: Conflicts: mail-transport-agent
[11:40:32] *** UltraCool has joined #postfix
[11:40:46] <perlmonkey> its like a can of worms opened eh.. this wreaks of an upgrade botch up
[11:41:08] <bda> If you do apt-get update && apt-get -y dist-upgrade what does it want to install/fix?
[11:41:27] <yajith> perlmonkey: dpkg -l | grep exim
[11:42:27] <perlmonkey> http://pastebin.com/m69de867f
[11:42:38] <perlmonkey> bda: will try
[11:43:28] <perlmonkey> bda: The following packages have unmet dependencies.  exim4-base: Depends: exim4-config (>= 4.30) but it is not installed or exim4-config-2
[11:43:56] <perlmonkey> does seem to be a package version inconsistency in exim4 eh
[11:44:08] <bda> Are you running unstable?
[11:44:15] <yajith> perlmonkey: alternatives --display mta
[11:44:24] <bda> Or experimental. Whatever they're calling it these days.
[11:44:35] <bda> Regardless, you can force uninstall the rest of exim, then install postfix.
[11:44:40] <bda> Or anyway, that's what I'd do.
[11:44:45] <bda> (and do do, on my legacy Debian boxes)
[11:44:55] <perlmonkey> yes
[11:45:23] <perlmonkey> I'm running 8.04
[11:45:30] <perlmonkey> (Ubuntu)
[11:45:44] <bda> shrug.
[11:46:18] <perlmonkey> there seems to be no way to force a remove of exim
[11:46:29] <bda> That seems unlikely.
[11:47:12] *** Fallenou has quit IRC
[11:48:50] <perlmonkey> http://pastebin.com/m7422739
[11:49:20] *** sepski has joined #postfix
[11:50:00] *** hever has quit IRC
[11:51:12] <bda> dpkg --force-all -r or reinstall the exim packages so you can have apt replace them with postfix.
[11:51:18] <bda> Assuming the pkgs themselves aren't actually hosed.
[11:52:13] *** sepski has quit IRC
[11:52:52] <perlmonkey> finally fixed it
[11:52:56] <perlmonkey> with this command:
[11:53:06] <perlmonkey> ?sudo rm /etc/init.d/exim4* ; sudo apt-get remove postfix+ exim4-base exim4 exim4-daemon-light
[11:53:26] <bda> Heh.
[11:53:52] <perlmonkey> bizarre
[11:54:05] <perlmonkey> that exim4 is a ROGUE
[11:54:41] <yajith> perlmonkey: it is apt-get remove wut u have used..!
[11:57:14] *** Samson100 has joined #postfix
[11:57:19] *** Fallenou has joined #postfix
[11:57:23] <perlmonkey> apt-get remove wud not work
[11:59:55] *** hkais has quit IRC
[12:00:09] *** perlmonkey has left #postfix
[12:00:15] *** aleix has quit IRC
[12:08:38] *** pirho has joined #postfix
[12:10:54] *** csy has joined #postfix
[12:10:59] *** Samson_99 has quit IRC
[12:10:59] *** Samson100 is now known as Samson_99
[12:12:29] *** wdp_ has joined #postfix
[12:13:56] <csy> Hi guys, wondering if someone can help me with my postfix config.. it appears as so: http://rafb.net/p/r6XZLu50.html
[12:14:53] <csy> I'm sure I've probably got quite a lot of it wrong...but I thought I had all the relevant DNS records pointing correctly
[12:23:05] *** wdp has quit IRC
[12:29:20] <csy> anyone home?
[12:35:01] *** yajith has left #postfix
[12:37:53] *** madrescher has joined #postfix
[13:02:43] <csy> mooo? :(
[13:08:39] *** tmjb has joined #postfix
[13:11:29] <f3ew> hmmm?
[13:12:03] <f3ew> Well?
[13:19:27] *** growltiger has joined #postfix
[13:20:21] <Haris1> damn that smtp auth mechanism issue
[13:21:56] <oekotaco> :D
[13:22:05] <oekotaco> yead smtp auth sucks.. hehe..
[13:22:14] <oekotaco> or is confusing sometimes
[13:22:40] *** growltiger_ has quit IRC
[13:23:31] *** saurabhb has quit IRC
[13:23:52] <csy> anyone any idea with my query?
[13:33:09] <_bt> csy: you haven't told us what the problem is
[13:33:21] *** saurabhb has joined #postfix
[13:33:46] *** saurabhb has quit IRC
[13:35:10] *** henkie32 has joined #postfix
[13:36:43] *** bluethundr_ has quit IRC
[13:37:02] <henkie32> hey guys, i have a mysql table to get postfix lookup "valid" recipients... that works.. but now i want to get postfix to relay everything it recieves on localhost to my ISP's smtp server.. everytime i send a mail to localhost, postfix trys to find it in the database and ofcourse can't find it...and drops the mail
[13:38:00] *** aleix has joined #postfix
[13:38:34] <aleix> i've been searching all morning without luck... can anyone post a simple ldap access map please?
[13:39:25] <f3ew> csy WHAT query?
[13:39:49] <f3ew> henkie32,  relayhost
[13:40:20] <Haris1> s,t[ aitj dpesm
[13:40:24] <Haris1> smtp auth doesn't suck
[13:40:26] <Haris1> its straight forward
[13:40:36] <Haris1> the usage of auth mechenisms is confusing me
[13:40:43] <Haris1> or its configuration to be more straight forward
[13:40:44] <f3ew> http://directory.fedoraproject.org/wiki/Howto:Postfix @ aleix
[13:41:07] <Haris1> f3ew: I have a problem. auth via IMAP and pop3 works. smtp auth doesn't work
[13:41:22] <Haris1> I have postfix+dovecot+mysql
[13:41:23] <f3ew> !debug
[13:41:24] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .
[13:41:44] <Haris1> I there a way to make postfix give MORE detailed output on an error?
[13:41:48] <Haris1> I = Is
[13:42:06] <csy> hello...yeah the problem is it says 250 sent, however I never seem to receive any mail
[13:42:14] <henkie32> f3ew, i added relayhost = [myispsmtp.org] but it still does not want to relay... it still keeps on looking up in my mysql tables
[13:43:38] <aleix> f3ew: thanks for the link... i don't see why the second ldap config doesn't have a result_attribute, is this normal? How do you assign a OK, REJECT... to the ldap result?
[13:47:14] <f3ew> henkie32, is the domain listed in your local domains
[13:47:28] <f3ew> csy it went to gmail
[13:47:48] <csy> I didn't receive it in my account though
[13:47:56] <henkie32> what domain f3ew the domain iam sending to? or the domain iam sending from?
[13:48:56] <f3ew> henkie32 sending to
[13:49:04] <f3ew> csy, postmaster@gmail may help
[13:49:26] <henkie32> no f3ew , i can not have all the worlds domains in my config file
[13:50:12] <f3ew> henkie32 show the output of
[13:50:13] <f3ew> !debug
[13:50:14] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://rafb.net/paste/ .
[13:52:39] <aleix> anyone know... please? How do you assign a OK, REJECT... to the ldap result?
[13:52:39] *** SeJo has quit IRC
[13:53:12] *** SeJo has joined #postfix
[13:53:55] *** SeJo has quit IRC
[13:54:16] <csy> postmaster@gmail f3ew?
[13:54:41] <f3ew> csy, it's gone to gmail, ask them for help
[13:55:10] *** SeJo has joined #postfix
[13:55:29] *** aleix has quit IRC
[13:56:45] *** hkais has joined #postfix
[14:00:14] *** SeJo_ has joined #postfix
[14:00:43] *** SeJo has quit IRC
[14:01:56] *** SeJo has joined #postfix
[14:02:10] *** thetimoo has joined #postfix
[14:05:03] *** sophokles1 has joined #postfix
[14:11:22] *** ghtry has joined #postfix
[14:13:45] <ghtry> In reference to the mail From: header it is the job of the MUA not the MTA.  I have a special scenario and a simple question.  How would I: If a From: header matches a particular address, verify it came from a certain envelope address?  If envelope matches allow else deny.
[14:17:44] <ghtry> The reject_sender_login_mismatch config param is too harsh for what I want.  I need a single header check (only 1 unix account is allowed to say that particular From address).  I am having tons of fun trying to decipher how it can be done.
[14:17:55] <lunaphyte_> !tell ghtry policy
[14:17:56] <knoba> lunaphyte_: Error: No factoid matches that key.
[14:18:45] <lunaphyte_> ghtry: a policy server would probably be appropriate for that.
[14:19:26] <ghtry> I run apolicy (python based) but it does not appear to suppost checking the From header only the envelope.
[14:19:36] <lunaphyte_> you are still trying to prevent others from sending mail as root?
[14:19:40] *** sophokles has quit IRC
[14:20:41] <ghtry> I want my unix account (ircd at gsystem dot localhost.net) to be the only allowed account to say in a mail message (From: services at aondcrey dot homeip.net)
[14:21:37] <ghtry> I am not looking to change the entire way things work this is a protection need.  Unless the sendmail postfix replacement command might yield something?
[14:21:57] <jduggan> would require end of data to get that header as its set after DATA, in which case you need a content filter
[14:22:39] <ghtry> I have the smtpd end of data check set for apolicy (inet:127.0.0.1:1001)
[14:23:06] <sarts> ghtry: can't you force ircd to 'sign' the mail, and only forward signed emails? :-p
[14:23:28] <jduggan> thats probably used for getting the full size, policy api doesnt know about the message data
[14:23:39] <jduggan> thats reserved for content filters
[14:23:41] <ghtry> Well if I knew C++ and modules in Anope I suppose but the options for me seem complex at every turn.
[14:24:10] <sarts> I wonder how much the load would increase if you would force the mail-server to check for PGP signatures ^_^
[14:24:38] <ghtry> The MTA is not supposed to be concerned with the From header but spoofed service messages are a real concern for me.
[14:25:30] *** thetimoo has quit IRC
[14:25:52] <ghtry> postfix is wonderful by the way.  I see the log shows it has batted away alot of spam using the sorbs spamcop and zenhaus RBLs
[14:26:38] <ghtry> If I could just tackle this last obstacle I would be all setup and I could just let it run.
[14:27:21] *** thetimoo has joined #postfix
[14:28:51] <ghtry> The end of data check was required to deal with apolicy size.  apolicy supports python regex as well but I can't seem to find the param name for the From header.  The envelope is checked by simply stating sender in the policy.conf file.
[14:34:04] <ghtry> Could I get an opinion on the mesmtpd extension? ( http://freshmeat.net/projects/mesmtpd/ ).  Appears to maybe address my issue.
[14:38:37] *** bigbor has joined #postfix
[14:40:10] <lunaphyte_> !tell ghtry tias
[14:40:11] <knoba> ghtry: "tias" : Try It And See
[14:41:41] <ghtry> It is a from header re-writer.  I don't suppose any solution will easily fix my problem unless you know how I could invoke a From header check with apolicy.  I am not sure if that is supported and again google results are extremely scattered.
[14:44:54] <f3ew> you ca't
[14:44:56] <f3ew> can't
[14:46:30] *** henkie32 has quit IRC
[14:48:36] *** hever has joined #postfix
[14:51:03] *** ^tmjb^ has joined #postfix
[14:53:52] *** sophokles1 has quit IRC
[14:54:01] *** sophokles has joined #postfix
[14:57:56] <thumbs> what the hell, ghtry is still at it?
[14:58:10] <ghtry> I am always having issues it seems
[14:58:20] <ghtry> I can't download mesmtpd anyhow
[14:58:31] <ghtry> wget resolves the address then hangs
[15:00:22] <ghtry> thumbs if you needed to restrict the From header and preferred it be accomplished via the MTA (against RFC) for a single account, how would you go about doing it?
[15:02:31] <ghtry> header_checks is PCRE which I am unfamiliar. reject_sender_login_mismatch config is very brutal and would break many things.  apolicy lacks From header scanning.  I can't get mesmtpd to download.  Heh what a time I am having.
[15:07:20] *** tmjb has quit IRC
[15:18:33] *** ^tmjb^ has quit IRC
[15:22:02] *** f3ew has quit IRC
[15:22:30] *** xpeed has joined #postfix
[15:22:31] *** samix has quit IRC
[15:22:54] *** f3ew has joined #postfix
[15:23:52] *** samix has joined #postfix
[15:24:29] *** denis_ has quit IRC
[15:25:22] *** zox has joined #postfix
[15:25:25] *** p_masho has joined #postfix
[15:25:28] *** cpm has joined #postfix
[15:27:58] <p_masho> an anyone help a newbie, emails aint being send.. and I cant figure out what to do.. I get a mail.err > amavis[3451]: (03451-03-156) Blocked MTA-BLOCKED http://nopaste.com/p/a0EmaFYQob
[15:29:37] <p_masho> an anyone help a newbie, emails aint being send.. and I cant figure out what to do.. I get a mail.err > amavis[3451]: (03451-03-156) Blocked MTA-BLOCKED http://nopaste.com/p/a0EmaFYQob
[15:30:34] <p_masho> an anyone help a newbie, emails aint being send.. and I cant figure out what to do.. I get a mail.err > amavis[3451]: (03451-03-156) Blocked MTA-BLOCKED http://nopaste.com/p/a0EmaFYQob
[15:33:10] <p_masho> anyone here ?
[15:33:38] *** mark-use has joined #postfix
[15:36:57] <ghtry> p_masho it appears the MTA is blocking forwarding.  I recall reading the postfix defaults on new installs to a medium level of security.
[15:37:46] <cpm> !basic
[15:37:47] <knoba> cpm: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[15:38:05] <ghtry> heh thanks cpm
[15:39:16] <p_masho> ghtry: just done an upgrade on debian... and hints on where to look (newbie)
[15:39:28] <ghtry> Could anyone tell me if postfix sends header information to a policy daemon?  I understand that the daemon is an external checker.  If header info is sent I could try a hand at writing something customized.
[15:40:29] <f3ew> ghtry it does not
[15:40:38] <f3ew> content_filters get all the information
[15:40:39] <ghtry> p_masho I had difficulty with postfix at first as well.  The initial setup was complex.  Your future needs however might be much different depending.  I would recommend following cpm's bot-given link.
[15:41:05] <cpm> !ask
[15:41:06] <knoba> cpm: "ask" : If you have a question, just ask. Precise questions lead to precise answers. Vague descriptions of your problem will get you nowhere. See also: http://workaround.org/moin/GettingHelpOnIrc
[15:41:49] <ghtry> Ahh thanks f3ew that clears up the fact that a policy daemon will not help me regardless how hard I try.  I suppose the only solution appears to be the header_checks option at this point in time.
[15:41:59] <f3ew> ghtry content_filter
[15:42:07] <f3ew> !content_filter
[15:42:08] <knoba> f3ew: "content_filter" : a configuration parameter in the main.cf: The name of a mail delivery transport that filters mail after it is queued.
[15:42:33] <ghtry> Oh hmm
[15:42:39] <ghtry> I see now
[15:44:22] <ghtry> So is content_filter external?
[15:44:37] <ghtry> i.e. apolicy is a python daemon
[15:45:16] *** samix_ has joined #postfix
[15:45:17] <ghtry> nvm I will look it up
[15:46:38] *** marl_scot has joined #postfix
[15:50:23] <marl_scot> hi folks, am having a problem with postfix/amavisd, i have set amavis to quaratine banned file extensions, but cant find a way to re-inject the mail back into the system after i have manually checked it, without it going through the filtering proces again and being rejected! anyone tell me the command to use? i have postfix sending mail to amavis on port 10025 and acepting mail from amavis on port 10026, using postfix 2.2.7
[15:51:55] *** jtaji has quit IRC
[15:54:49] <ghtry> Thanks f3ew I came across http://www.postfix.org/FILTER_README.html which gives a bash shell script example.  I am not 100% sure about the actual filter but the exit codes and such seem useful.  I have a bit of hope now that I might solve my problem.
[15:55:26] *** xpoint has joined #postfix
[16:01:50] *** f3ew has quit IRC
[16:02:04] *** hparker has joined #postfix
[16:02:08] *** samix has quit IRC
[16:02:28] *** jtaji has joined #postfix
[16:02:39] *** f3ew has joined #postfix
[16:02:44] <p_masho> this is strange this command gives me error > mail -s "test" pedromorgan at gmail dot com < temp.txt > Dec 16 15:01:39 m2 postfix/smtpd[8616]: fatal: unexpected command-line argument: unixDec 16 15:01:39 m2 postfix/smtpd[8616]: fatal: unexpected command-line argument: unix
[16:06:57] *** bluethundr has joined #postfix
[16:07:01] <p_masho> this is strange this command gives me error > mail -s "test" pedromorgan at gmail dot com < temp.txt > Dec 16 15:01:39 m2 postfix/smtpd[8616]: fatal: unexpected command-line argument: unixDec 16 15:01:39 m2 postfix/smtpd[8616]: fatal: unexpected command-line argument: unix
[16:07:28] * p_masho not sure if laste message was recieved cos my connection keeps dropping ;-( - hence second posting
[16:08:07] <f3ew> smtpd needs an "inet" entry in master.c
[16:08:08] <f3ew> ff
[16:10:32] *** hkais has quit IRC
[16:11:38] <xpeed> p_masho, put something like:
[16:11:42] <xpeed> smtp      inet  n       -       n       -       -       smtpd
[16:11:48] <xpeed> at /etc/postfix/master.cf
[16:14:06] <p_masho> xpeed: its there already ? http://nopaste.com/p/aKTKTRgw8
[16:17:11] <p_masho> should I add the chroot option? it was all fine till upgraded to lenny
[16:22:59] *** randra has quit IRC
[16:23:01] *** randra has joined #postfix
[16:25:01] * p_masho bangs head against wall
[16:27:17] <marl_scot> hi folks, am having a problem with postfix/amavisd, i have set amavis to quaratine banned file extensions, but cant find a way to re-inject the mail back into the system after i have manually checked it, without it going through the filtering proces again and being rejected! anyone tell me the command to use? i have postfix sending mail to amavis on port 10025 and acepting mail from amavis on port 10026, using postfix 2.2.7
[16:27:29] <p_masho> I keep getting this error >> postfix/smtpd[9439]: fatal: unexpected command-line argument: unix << in mail.err, and it seems the smtp is there in master.cf.. Dont know what to do  http://nopaste.com/p/aKTKTRgw8
[16:28:00] <marl_scot> sorry to re-post there, but thought maybe someone new might know?
[16:29:18] *** Xjs has quit IRC
[16:29:29] *** growltiger_ has joined #postfix
[16:33:48] <xpeed> p_masho, postfix already reloaded?
[16:33:57] <p_masho> yes
[16:35:08] *** samix_ has quit IRC
[16:35:11] *** seekwill has joined #postfix
[16:38:28] *** Xjs has joined #postfix
[16:40:02] *** denis_ has joined #postfix
[16:42:06] *** cesurasean has joined #postfix
[16:42:10] <cesurasean> Can anyone tell me why postfix is giving me the error Relay access denied when sending emails?
[16:43:01] <xpeed> Dec 16 10:42:17 MailServer postfix/smtp[27030]: certificate verification failed for oxy.com.s7a1.psmtp.com[64.18.6.14]:25: untrusted issuer /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
[16:43:24] <xpeed> the certification from oxy failed or my certificate failed at oxy?
[16:43:59] <seekwill> cesurasean: That isn't obvious? :)
[16:44:17] <cesurasean> no, what does relay access mean exactly?
[16:44:20] *** growltiger has quit IRC
[16:44:47] <seekwill> cesurasean: Means that you're trying to relay a message through the system (to somewhere else like Gmail), but was denied
[16:44:47] <cesurasean> does it mean that I need to have a relay on my config?
[16:45:02] <seekwill> Where are you trying to send the email from?
[16:45:14] <seekwill> (another machine on your network?)
[16:46:23] <cesurasean> I'm sending mail from a machine outside the network
[16:46:36] <seekwill> Well, yeah
[16:47:02] <cesurasean> why would I not be able to send outside the network?
[16:47:14] <cesurasean> im able to send it to myself fine
[16:47:32] <seekwill> I don't think you should be hosting your own mailserver...
[16:47:38] <seekwill> Consider buying "The Book of Postfix"
[16:48:31] *** UltraCool has quit IRC
[16:48:35] <cesurasean> why don't you consider licking my ass?
[16:49:45] <cesurasean> you are the type of guy that makes opensource suck.
[16:50:25] <rwmx> cesurasean, and you're the one who should buy microsoft software and be quiet
[16:50:32] <seekwill> :)
[16:51:02] <cesurasean> why don't you just help me and get off your high horse?
[16:51:04] <cesurasean> :)
[16:53:53] <hparker> cesurasean: Actually, the suggestion of the book is a good one.. I've read most of it, good book.. To solve your problem though look into mynetworks or just use AUTH everywhere
[16:54:10] *** havvg has joined #postfix
[16:54:39] <f3ew> See ADDRESS_CLASS_README
[16:56:10] <marl_scot> cesurasean, the problem you have is you are not allowed an 'open relay mail server' connected to the internet, you will loose your internet connection VERY quickly
[16:56:20] <cesurasean> mynetworks = 127.0.0.0/8
[16:56:26] <cesurasean> this config should be good enough, no?
[16:56:49] <f3ew> as long as you are sending from that network range
[16:56:54] <cesurasean> how do I close off an open relay server?
[16:57:00] <marl_scot> therefore your best option is to use auth for all your mail users, this requires them to authenticate with a username/password before they can send any emails
[16:57:11] *** ghtry has quit IRC
[16:57:12] <cesurasean> I am using auth
[16:57:22] <cesurasean> let me postbin my postfix config
[16:57:24] <cesurasean> hold on
[16:57:28] *** ndonegan has left #postfix
[16:58:07] <cesurasean> here is a pastebin of my config - http://pastebin.com/f1b744e74
[16:58:12] <cesurasean> shouldn't everything be working fine?
[16:58:35] <marl_scot> cesurasean, one of the best sites i have found for setting  up postfix is http://www.howtoforge.com just have a read through the postfix section, and pick the howto that best meets your needs
[16:59:11] <cesurasean> yes, I followed the howtoforge on setting up a ubuntu server just fine
[16:59:20] <cesurasean> I even copied their postfix config, but I am still getting this error.
[16:59:27] <marl_scot> is your sasl auth working ok?
[16:59:35] <cesurasean> yes
[16:59:36] <marl_scot> thats the bit htat always gives me a headache
[16:59:39] <cesurasean> I am able to send emails to myself
[17:00:10] <marl_scot> emails to yourselve are localy delivered therefore they dont have any restrictions
[17:00:28] <cesurasean> well, I was sending to hotmail just fine
[17:00:34] <cesurasean> and gmail also
[17:00:40] <marl_scot> sounds like a problem i have had a few times setting up postfix and auth
[17:00:42] <cesurasean> now it's giving me relay access denied
[17:01:00] <marl_scot> did u do a postfix restart between it working and not?
[17:01:27] <cesurasean> yes
[17:02:00] <p_masho> I've got (in main.cf) content_filter = amavis:[127.0.0.1]:10024 .. amavis is started, but when I do a port scan its not there? any ideas ?
[17:02:02] <marl_scot> and i know it sounds like a daft question, but when u were sending to hotmail/gmail werre u definatly outside the network? (i sometimes test mail servers by tunneling smtp to 127.0.0.1 and use localhost for smtp on my client)
[17:02:35] <marl_scot> can u remember what settings u had changed before you restarted postifx?
[17:02:51] <cesurasean> yes, I know what settings I removed from postfix
[17:02:57] <cesurasean> but, before that I was still getting errors
[17:03:12] <marl_scot> what where the errors be4 that?
[17:03:37] <marl_scot> p_masho, try running 'netstat -tap |grep 10024'
[17:04:16] <marl_scot> p_masho, you should see a line like : tcp        0      0 localhost.localdomain:10024 *:*                         LISTEN      17016/amavisd (mast
[17:05:08] <marl_scot> brb
[17:06:42] <marl_scot> bck
[17:07:48] <cesurasean> I just copied the exact config file from howtoforge, and I'm still getting relay access denied
[17:07:50] *** cesurasean has left #postfix
[17:08:30] <seekwill> That's the exact reason why he should buy that book...
[17:11:25] <p_masho> marl_scot: yep thats there... tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      14234/amavisd (mast
[17:11:36] <marl_scot> seekwill, yup i would agrea, but i followed the howtoforge stuff and hit problems, and managed to solve them, i think he should have made it a bit clearer at the start that he was following a howto thow.
[17:12:23] <marl_scot> p_masho, thats good, it means that amavis is running corectly, the reason it doesnt show up in a port scan, is because it is only listning on the localhost ip addy (127.0.0.1)
[17:13:34] <marl_scot> seekwill, it would have saved himn getting his back up when someone said read the book, as i thought at first he was trying to create an open relay!
[17:15:06] <seekwill> marl_scot: It seems like he's lacking some fundemental concepts of email. Normally I wouldn't be such an ass (well, maybe), but it's that kind of mind send that makes _my_ job harder.
[17:15:16] <jduggan> liar
[17:15:19] <marl_scot> p_masho, if your doing anything with linux and services running via tcp then that netstat command is a great help, a lot more informative than a port scan, as in therory trying to port scan a machine should end up with your ip being blocked
[17:15:20] <jduggan> youre always an ass
[17:15:20] <jduggan> :P
[17:15:34] <seekwill> :)
[17:15:34] <marl_scot> lol
[17:15:45] <marl_scot> seekwill, whats your job?
[17:15:54] <seekwill> Tech support! :)
[17:16:40] <marl_scot> lol, but look at it this way, if others muck up there configs, at leaste we get paid to fix them!
[17:16:54] <marl_scot> or at leaste some of them!
[17:17:17] <marl_scot> seekwill, dont supose u know an answer to my re-injecting problem do u?
[17:17:35] <seekwill> That's true... but there's enough business out there for me already. I rather be here helping people for free, but not to hand hold or encourage bad practices
[17:17:53] <marl_scot> ok you win :)
[17:19:05] <marl_scot> if he comes back on ill tell him to read the howtoforge for his distro and setup, as he apeared to sya that it worked on an ubuntu machine
[17:19:34] <marl_scot> howtoforge has saved me SOOOOOO much money NOT buying the books!
[17:19:49] *** jtaji has quit IRC
[17:20:15] <seekwill> Yes, but that book is cheap compared to the value you learn from it
[17:20:46] <marl_scot> i think i have it someware, but have no idea where :(
[17:21:03] <seekwill> Oh, you mean in general... sorry
[17:21:18] *** sophokles has quit IRC
[17:21:50] *** deadpigeon has joined #postfix
[17:26:20] <p_masho> can someone help me this this.. cant see what the problem is (after lenny upgrade)
[17:26:24] <p_masho> http://nopaste.com/p/aiDTkYuiN
[17:28:02] *** pirho has quit IRC
[17:28:45] *** pirho has joined #postfix
[17:30:30] <marl_scot> p_masho, have shutdown and started all proceses associated with postfix? eg. amavis/postfix/clam etc?
[17:30:55] <p_masho> yep .. been there and done all that (for last 3+ hours)
[17:30:59] <marl_scot> and did u shut them all down then start them up again? rather than restarting them?
[17:31:09] <marl_scot> ok, had to ask, sorry :)
[17:31:13] <p_masho> even rebotted the server ..
[17:31:28] <p_masho> oops rebooted..
[17:31:32] <marl_scot> ok, thought of sujesting that one, but i always try and avoid that if i can
[17:31:50] <p_masho> precisely
[17:31:51] <marl_scot> to my detriment on a couple of times!
[17:32:23] <p_masho> what only twice !!! ;-)
[17:32:24] <Haris_> Is this ( debug_peer_list ) he only thing to have MORE verbose log output?
[17:32:35] <Haris_> I don't think it provdes verbose log output
[17:34:02] <marl_scot> p_masho, yup after those times, i started shutting down servers waiting a min or two then ps -A to make sure they were stoppped and restarting them :)
[17:34:13] <Haris_> he=the
[17:34:16] *** |_Knoedel_| has quit IRC
[17:34:17] <marl_scot> p_masho, have u tried sending an email directly to amavis?
[17:34:30] <p_masho> errr. no..
[17:35:04] <marl_scot> do you know the format for sending a mail via telnet?
[17:35:25] <p_masho> not yet..
[17:35:33] <marl_scot> http://www.ijs.si/software/amavisd/README.postfix.old
[17:36:01] <marl_scot> about 1/3rd way down the page
[17:36:14] <marl_scot> search for the line : 3. Do a 'postfix reload', check its log file for any complaints,
[17:36:15] <p_masho> bit green to postfix... (even though a developer).. in fact thinking of buying a postfix book for myself for xmas.. so i can be an expert
[17:36:50] <marl_scot> lol, just remember where u left it, be4 going out on new years eve!!!!!!
[17:37:30] <p_masho> url not there..
[17:37:49] <marl_scot> that part of the page has 2 smtp mails, one with the eicars virus, it allowes you to test the amavis process without inviolving the first part of postfix
[17:38:09] <marl_scot> www.ijs.si/software/amavisd/README.postfix.old
[17:38:10] *** F6F has joined #postfix
[17:38:17] <marl_scot> works ok from here
[17:39:14] <marl_scot> still not get there?
[17:40:06] <marl_scot> try : locate -i readme.postfix
[17:40:25] <marl_scot> and open that file up if u can find it, approx line 120
[17:40:36] * p_masho its not my day.. compiz crashed ;-(
[17:40:38] <marl_scot> the file should have been installed with amavis
[17:40:47] <marl_scot> :(
[17:43:22] <Haris_> this ( http://rafb.net/p/zoK7P875.html ) is my postfix sasl configuration
[17:43:39] <Haris_> when I do starttls during smtp auth, postfix says;
[17:43:49] <Haris_> 454 4.7.0 TLS not available due to local problem
[17:43:53] <Haris_> wth?
[17:45:14] <marl_scot> Haris_, anything in the postfix logs?
[17:46:04] <dh> Hi, I'm writing custom postfix policy daemon but postfix behaves odd or something - I have specified smtpd_client_restrictions = check_policy_service inet:127.0.0.1:10031 (which is checked when client connects) but postfix won't do the policy check .. only after I do the "rcpt to:" the postfix connects to my policy daemon and sends three sets of data, but they're all the same (request=smtpd_access_policy, protocol_state=RCPT, ...). What am I missing?
[17:47:37] *** marl has joined #postfix
[17:48:13] <Haris_> marl_scot: Nothing conclusive. Nothing that gives a clue
[17:49:32] <Haris_> just says tls not available
[17:50:27] <Haris_> !smtp_tls_enforce_peername
[17:50:28] <knoba> Haris_: Error: "smtp_tls_enforce_peername" is not a valid command.
[17:51:05] *** madrescher has quit IRC
[17:52:26] *** havvg has quit IRC
[17:52:29] <Haris_> !smtp_tls_fingerprint_digest
[17:52:30] <knoba> Haris_: Error: "smtp_tls_fingerprint_digest" is not a valid command.
[17:53:08] *** Gokee2 has quit IRC
[17:54:40] <Haris_> !smtp_tls_loglevel
[17:54:41] <knoba> Haris_: Error: "smtp_tls_loglevel" is not a valid command.
[18:00:30] <Haris_> what does postfix mean tls is not available?
[18:00:54] *** p_masho has left #postfix
[18:01:24] *** denis_ has quit IRC
[18:01:44] *** denis_ has joined #postfix
[18:04:47] *** marl_scot has quit IRC
[18:05:27] *** xpeed has quit IRC
[18:07:33] *** hkais has joined #postfix
[18:07:55] *** marl is now known as marl_scot
[18:12:52] * Haris_ drops a pin
[18:15:33] <Haris_> found the problem
[18:15:53] <Haris_> Dec 16 18:11:11 mc2 postfix/smtpd[90398]: warning: cannot get private key from file /path/to/ssl/server.crt
[18:15:56] *** Knoedel2 has joined #postfix
[18:19:42] *** jtaji has joined #postfix
[18:24:17] *** phnord has quit IRC
[18:24:43] *** hkais has quit IRC
[18:26:03] *** hkais has joined #postfix
[18:28:55] *** growltiger has joined #postfix
[18:35:31] *** hkais1 has joined #postfix
[18:42:48] *** csy has quit IRC
[18:43:05] *** growltiger_ has quit IRC
[18:46:12] *** sexyemilie has joined #postfix
[18:46:15] <sexyemilie> if you want to show my webcam : http://www.sexyemilie.com/?id=623537
[18:46:17] *** sexyemilie has left #postfix
[18:49:36] *** pitakill has joined #postfix
[18:52:47] *** hkais has quit IRC
[19:03:09] *** albanach has joined #postfix
[19:05:00] <albanach> Hi. We've got a development server where we test  some apps  that generate mail. Is there a way I can make any mail passed to postfix on that box be rewritten so it's delivered to a single account elsewhere?
[19:06:35] *** denis_ has quit IRC
[19:06:49] *** xpeed has joined #postfix
[19:08:16] *** Odd_Bloke has joined #postfix
[19:12:31] *** SARGuy has left #postfix
[19:14:16] *** devdas has joined #postfix
[19:15:27] <albanach> Maybe there's away with canonical mapping, but I'm not sure how...
[19:19:24] *** cesurasean has joined #postfix
[19:19:40] <cesurasean> can someone tell me why I can send to outside sources, but am getting this error: Command output: procmail: Couldn't create "/var/mail/jgalindo.seiton.com
[19:19:42] <cesurasean> ?
[19:19:59] <cesurasean> on some emails being sent
[19:20:49] <devdas> cesurasean: that's a procmail error
[19:21:02] <devdas> Does procmail have permissions to write to /var/mail?
[19:21:07] <cesurasean> do you have to use procmail?
[19:21:13] <devdas> No
[19:21:17] <devdas> but you are using it
[19:21:28] <cesurasean> where is it asking for promail? inside mail.cnf?
[19:21:55] <devdas> Yes
[19:22:03] <devdas> See postconf -n | grep procmail
[19:23:40] <cesurasean> mailbox_command = procmail -a "$EXTENSION"
[19:25:50] *** cesurasean has left #postfix
[19:25:51] *** githogori has quit IRC
[19:26:56] *** pitakill has quit IRC
[19:29:39] <dh> Disregard my question (as you probably did anyway) .. the devil was in smtpd_delay_reject that defaulted to "yes"
[19:30:51] *** jimpop has joined #postfix
[19:32:27] *** devdas has quit IRC
[19:32:48] *** devdas has joined #postfix
[19:35:34] *** amrit is now known as amrit|wrk
[19:36:14] *** pitakill has joined #postfix
[19:36:24] *** thetimoo has quit IRC
[19:47:37] *** xpeed has quit IRC
[19:49:23] *** thetimoo has joined #postfix
[19:49:24] *** bigbor has quit IRC
[19:49:37] *** boris has joined #postfix
[19:49:53] *** boris is now known as bigbor
[19:50:25] *** bigbor has left #postfix
[19:50:39] *** boris has joined #postfix
[19:51:17] *** boris has quit IRC
[19:52:43] *** bigbor has joined #postfix
[19:53:19] *** mark-use has quit IRC
[20:00:28] *** rwmx has quit IRC
[20:03:49] *** devdas has quit IRC
[20:03:53] *** growltiger has quit IRC
[20:05:15] *** growltiger has joined #postfix
[20:05:19] *** pv2b has quit IRC
[20:08:36] *** SARGuy has joined #postfix
[20:14:42] *** ghtry has joined #postfix
[20:15:02] *** randra has quit IRC
[20:16:32] <ghtry> I figred out the From: header scanning but can't pass an owner check.  Message is: 553 5.7.1 <borgx at aondcrey dot homeip.net>: Sender address rejected: not owned by user borgx at aondcrey dot homeip.net
[20:17:12] <ghtry> I assume I am lacking an understanding of the maps but the postfix official docs is sketchy about how to use the directive.
[20:17:16] * seekwill wonders what an "owner check" means
[20:18:01] <ghtry> http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
[20:18:45] <ghtry> I am trying to use that directive but it fails when used with any one of the virtual mysql files I setup with a tutorial.
[20:19:56] <ghtry> Currently I set it for: smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
[20:20:48] <ghtry> The mysql files query the database and contain things such as hashed password and email addresses.
[20:21:18] <ghtry> I don't mind maintaining another table for the vmail DB but I am trying to understand how it works.
[20:21:38] *** keffer has quit IRC
[20:22:23] <ghtry> The mailbox-maps.cf mysql file contains a line like this: query = SELECT 1 FROM view_users WHERE email='%s'
[20:22:45] <ghtry> So %s indicates the given email address
[20:23:11] <ghtry> I am not sure what type of query would be needed for the login mapping
[20:24:33] <ghtry> A friend of mine was helping me with it but we are both stumped.  I decided upon using the reject_sender_login_mismatch directive under the smtpd_sender_restrictions config param for main.cf
[20:31:25] *** Haris1 has quit IRC
[20:35:50] *** thetimoo has quit IRC
[20:37:07] *** thetimoo has joined #postfix
[20:41:38] *** Motoko-chan has joined #postfix
[20:52:05] *** gvachon has joined #postfix
[20:55:07] *** hparker has quit IRC
[21:00:24] *** hednod has joined #postfix
[21:01:04] <hednod> i have a system with two interfaces, one publicly routable on the internet, the other internal lan. the default gateway is public routable.  i want to send all mail to a mail server on the LAN side. how can I acomplish this?
[21:04:27] <gvachon> Hi all, I am wondering if the following can be done : Can i configure postfix so that only person inside my network can send mail to my domaine?! for example if i am at home (outside of my business network) and try to send an email to my domain is there a way for me to block that ?!
[21:06:49] *** ghtry has quit IRC
[21:09:57] <Dominian> gvachon: does the server receive email from you domain at all? or you don't want it ot receive email from the Internet at all?
[21:10:36] *** jimpop has quit IRC
[21:10:47] *** MarkBao has joined #postfix
[21:11:48] <gvachon> dominian :from my local network people can send email to each other...... if they are from their home they can connect through a vpn to send mail localy. But i dont want spoofer to spam me with my domain
[21:12:09] <gvachon> dominian and they do receive mail from other people outside the network
[21:12:21] *** MarkBao has quit IRC
[21:12:33] <Dominian> eh
[21:12:41] <Dominian> Enable SMTP-AUTH if you're that paranoid
[21:12:56] <Dominian> spammers can still "spoof" your email address even if they send using a different server other thanyour own
[21:13:00] <gvachon> but id like to reject mail going to my server that have a from :@mydomain when they come from elsewhere then my network....... i dont know if im explaining it right i have some problem sometimes explaining myself in english lol
[21:13:23] *** keffer has joined #postfix
[21:13:45] <gvachon> dominian, hehe i know but the customer that asked me that im starting to think he his that paranoid.... :p
[21:14:19] <Dominian> eh.. well, there's no way to truly stop someone from spoofing.
[21:14:22] <Dominian> you can add an SPF record to DNS
[21:14:27] <Dominian> but not everyone checks SPF
[21:16:42] <gvachon> right :p i guess that customer would be more happy to receive spam that is not from is domain then receiving spam that seems to come from his domain lol
[21:16:46] <seekwill> DKIM
[21:19:21] <seekwill> Dominian: I think he wants it only on his side
[21:19:49] *** growltiger_ has joined #postfix
[21:19:59] <seekwill> I don't think it's necessary, more work than it's worth, but, I see where he's going
[21:20:12] *** hparker has joined #postfix
[21:20:36] <Dominian> ahhh
[21:21:18] <seekwill> You know how you get spam that says it's from your domain? he doesn't want that
[21:21:46] <seekwill> I think he's just making sure no one spoofs "admin@hisdomain" Hey, you need to rese your password at this site..." kind of email.
[21:21:53] <seekwill> fishing!
[21:22:04] <Dominian> aye
[21:23:58] <gvachon> right that is exactly what i want lol
[21:24:06] <gvachon> thanks i am sorry i had some trouble to explain it lol
[21:24:13] *** githogori has joined #postfix
[21:25:10] *** Haris________ has joined #postfix
[21:25:59] <gvachon> seekwill, dominian, so do you have any idead of what i could do about that ?!
[21:31:19] *** SARGuy has quit IRC
[21:33:42] *** growltiger has quit IRC
[21:42:18] *** cpm has quit IRC
[21:44:39] *** Haris_ has quit IRC
[21:47:36] <gvachon> seekwill are you still there ?!
[21:52:29] *** hkais has joined #postfix
[21:53:42] *** gutocarvalho has joined #postfix
[22:00:52] <seekwill> I'm gone!
[22:01:29] <gvachon> :p
[22:01:57] <gvachon> or you may have told me a hint but i might not have seen it if its the case im sorry lol
[22:04:28] <seekwill> gvachon: There are a number of ways to do that. Better question is, why do you want to do that? What problem are you really trying to solve?
[22:04:40] <seekwill> There are things you can do that is "better" than what you're asking.
[22:04:51] <seekwill> More time and effort, but will acomplish the same thing, and more
[22:05:29] <gvachon> i am willing to learn about these :p its a customer that just does not want to receive spam that has his domain in the FROM field
[22:05:57] <seekwill> oh
[22:05:59] <seekwill> That sucks
[22:06:31] <gvachon> i know that he will still receive spam he just dont want to receive them from his domain in the from field :p
[22:06:37] <seekwill> How about you just stop spam in the first place?
[22:06:42] <gvachon> thats pretty much it so if there is a way that i can do this ill be happy :p
[22:07:06] <gvachon> well he has a antispam solution
[22:07:11] <seekwill> No
[22:07:25] <seekwill> You are the postmaster. You have things you can do the block spam as well
[22:08:29] <gvachon> well there is a spamassassin on that server if its what you are talking about
[22:08:34] *** jra has joined #postfix
[22:08:51] <seekwill> Personally, I would implement DomainKeys/DKIM and start checking for that.
[22:08:56] <seekwill> That's not enough. SA.... sucks.
[22:09:06] <seekwill> !pre-data
[22:09:07] <knoba> seekwill: Error: "pre-data" is not a valid command.
[22:09:15] <seekwill> !cheatsheet
[22:09:16] <knoba> seekwill: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[22:09:19] <seekwill> Read that
[22:09:28] <seekwill> Learn about RBLs
[22:09:32] <seekwill> DK/DKIM
[22:09:33] <seekwill> SPF
[22:09:55] *** hkais1 has quit IRC
[22:10:16] <gvachon> okay ill take some time to read these... and you say that there is no way to actualy block what i said at least for now ?!
[22:10:38] <gvachon> likse using something like this     smtpd_sender_restrictions    or something else
[22:10:39] <seekwill> I don't know how in Postfix
[22:10:44] <gvachon> ok
[22:10:50] <seekwill> Because what you want to do is check the header
[22:11:01] <seekwill> As that is generally seen by the end user
[22:11:16] <seekwill> I would say don't invest in any time to solve that
[22:11:18] <seekwill> Do it the right way
[22:12:01] <seekwill> Du da rite ting
[22:13:13] <gvachon> heheh
[22:13:16] <gvachon> sounds good :D
[22:13:20] <gvachon> ill look into that
[22:13:22] <gvachon> thanks for your time
[22:14:33] *** jdolan_ has joined #postfix
[22:14:58] <jdolan_> hi, what configuration elements am i looking for in order to add a "relay whitelist" based on sender address or something?
[22:15:01] *** growltiger has joined #postfix
[22:15:23] *** growltiger_ has quit IRC
[22:15:28] *** carl- has joined #postfix
[22:15:51] <lunaphyte_> you're not likely to get help here in that endeavor.
[22:16:23] <jdolan_> because i'm theoretically providing an avenue for spammers to relay through my host?
[22:16:33] <lunaphyte_> right.
[22:16:47] <jdolan_> what's the right way to lock down the host so that i can always send through it, regardless of where i'm connecting from?
[22:16:54] <lunaphyte_> !smtpauth
[22:16:55] <knoba> lunaphyte_: "smtpauth" : a feature that allows road-warriors (trusted users which are outside your network) to send mail via your mail server. The user needs to send a username and password which allows him/her to relay email. See: http://www.postfix.org/SASL_README.html
[22:17:19] <jdolan_> rockin.  that's easy.  can it be configured to just allow all real users (read: shell accounts)?
[22:17:28] <lunaphyte_> sure.
[22:17:31] <seekwill> lol, "road-warriors!"
[22:17:33] <jdolan_> marvelous :)
[22:18:18] <lunaphyte_> !sasl
[22:18:19] <knoba> lunaphyte_: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[22:19:42] <jdolan_> ok.  i run the washington imap daemon, and i use thunderbird almost exclusively.
[22:20:07] <jdolan_> so.. no dovecot.  and i'm using Ubuntu 8.10's postfix package, so i'm not sure if it was compiled with this cyrus thing.
[22:20:26] <lunaphyte_> you can still use dovecot's sasl implementation.
[22:21:03] <lunaphyte_> cyrus can be ...challenging.
[22:21:11] <jdolan_> k
[22:23:25] *** Haris________ is now known as Haris_
[22:27:39] <jdolan_> wow, this all sounds retardedly hard.
[22:28:25] *** Fallenou has quit IRC
[22:29:29] <lunaphyte_> you get what you put in.
[22:30:58] <jdolan_> well, i am certainly capable of configuring all of this.  it just seems rather stupid that there isn't a simple config element 'require smtp auth for clients not on my_networks' and 'use passwd/shadow for smtp auth'
[22:31:18] <jdolan_> i would imagine that's a somewhat common deployment scenario.
[22:31:48] <seekwill> Why not require smtpauth for... everyone?
[22:32:26] <seekwill> Then you don't have to worry when you want to move the mailserver to a colo
[22:32:53] <jdolan_> well, it is colo.  some apps want to send through localhost, and those apps don't support smtp auth.
[22:32:56] *** pitakill has quit IRC
[22:33:07] <jdolan_> i'm the entire human user base of this server, for sending purposes.
[22:33:12] *** timotiCK has joined #POSTFIX
[22:33:13] <seekwill> oh
[22:33:34] <jdolan_> (Trac, Drupal, and a few other apps are running there, and like to send mail)
[22:34:13] <jdolan_> i basically just want it to let me send mail through it no matter where i am -- and i'm never on my_networks :)
[22:34:35] <jdolan_> maybe i could do something crazy like an ssh tunnel to the box.
[22:34:47] <jdolan_> and instruct thunderturd to send locally at that tunnel.
[22:34:57] <rob0> Postfix does not implement its own SASL, it requires an external SASL implementation.
[22:35:27] <rob0> The "simple" thing you suggest would require that.
[22:35:39] <jdolan_> right.  bummer.
[22:35:53] <jdolan_> the tunnel might actually be the easiest thing.
[22:36:01] <rob0> Cyrus SASL sucks, but it's not real difficult.
[22:36:50] <rob0> Oh I would recommend openvpn, not ssh tunnels. With openvpn you get a whole IP address.
[22:37:31] <timotiCK> Hello, I've setup my Postfix server to host mail for three different domains...two of these domains are by virtual hosts
[22:37:46] *** gutocarvalho has quit IRC
[22:38:01] <timotiCK> I can send email out from the two virtual hosted domains
[22:38:14] <seekwill> rob0: What's wrong with tunnels? Yeah, openvpn is better in many ways, but he'd have to set that up. He already has ssh on
[22:38:23] <timotiCK> even from the main domain
[22:39:30] <timotiCK> but when I send mail in to the two virtual hosts, I receive a  "Relay access denied" error
[22:39:36] <timotiCK> can anyone help
[22:39:37] *** sfergut has joined #postfix
[22:39:44] <rob0> !relay_denied
[22:39:45] <knoba> rob0: "relay_denied" : \"554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER_ADDRESS> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>\": This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[22:40:12] <rob0> sounds like the virtual domains are not being recognized as such
[22:40:30] <rob0> !virtual
[22:40:32] <knoba> rob0: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html
[22:40:46] <rob0> !virtual_alias_domains
[22:40:47] <knoba> rob0: "virtual_alias_domains" : a configuration parameter in the main.cf: Optional list of names of virtual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains.
[22:40:54] <rob0> !virtual_mailbox_domains
[22:40:55] <knoba> rob0: "virtual_mailbox_domains" : a configuration parameter in the main.cf: The list of domains that are by default delivered via the $virtual_transport mail delivery transport. This list uses the same syntax as the mydestination configuration parameter.
[22:41:33] <sfergut> how can i have postfix to  put in  headers the php script path that`s sends using  mail()
[22:42:24] <timotiCK> knoba: I've used Virtualmin to configure my virtual domains....
[22:45:52] <jdolan_> rob0, ssh tunnel works perfectly -- sweet.
[22:46:11] <jdolan_> i don't need "the whole IP", whatever you meant by that.
[22:46:30] <jdolan_> it'd be nice if i could make Thunderbird create/destroy the tunnel on demand tho.
[22:47:49] <seekwill> ...
[22:48:55] <adaptr> Thunderbird is go!
[22:49:03] *** gvachon has quit IRC
[22:51:02] *** Haris_ has quit IRC
[22:51:53] *** hkais has quit IRC
[22:52:52] <jdolan_> thanks for the help guys
[22:53:06] <jdolan_> maybe i'll revisit cyrus another time.
[22:53:09] *** jdolan_ has left #postfix
[22:55:01] *** carl- has quit IRC
[22:57:35] *** xpeed has joined #postfix
[22:58:27] <sfergut> can i make postfix  to display  the path location of an uid 48 mail script  ??
[22:58:58] <sfergut> uid 48 =  user apache
[23:00:29] *** SARGuy has joined #postfix
[23:03:25] *** carl- has joined #postfix
[23:05:52] *** carl__ has joined #postfix
[23:13:54] *** carl__ has quit IRC
[23:21:09] *** carl- has quit IRC
[23:23:55] *** hever has quit IRC
[23:24:39] *** bluethundr has quit IRC
[23:25:28] *** non-sequitir has joined #postfix
[23:26:08] *** brancaleone has joined #postfix
[23:27:52] *** hever has joined #postfix
[23:28:02] <SARGuy> !reject_unknown_sender_domain
[23:28:03] <knoba> SARGuy: "reject_unknown_sender_domain" : a configuration parameter in the main.cf: Checks the domain name in the MAIL FROM: address, to make sure it exists.
[23:38:01] <seekwill> How does it check to make sure it exists?
[23:38:27] <seekwill> Tries to send a message to it?
[23:38:58] *** timotiCK has left #POSTFIX
[23:41:30] *** F6F has quit IRC
[23:41:36] *** wdp_ has quit IRC
[23:45:41] *** Knoedel2 has quit IRC
[23:50:41] *** growltiger has quit IRC
[23:50:45] *** growltiger has joined #postfix
[23:54:38] *** growltiger has quit IRC
[23:54:42] *** growltiger_ has joined #postfix
[23:57:08] *** growltiger has joined #postfix





top