[00:10:48] *** Juspion has joined #postfix
[00:13:49] *** pirho has quit IRC
[00:14:50] *** growltiger_ has quit IRC
[00:17:49] *** growltiger has quit IRC
[00:20:19] *** Haris_ has joined #postfix
[00:20:32] <Haris_> Hello people
[00:20:39] <Haris_> What does this mean ? -> Dec 17 00:16:00 mc2 postfix/smtpd[92037]: warning: TLS library problem: 92037:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:562:
[00:20:53] <Haris_> also -> Dec 17 00:15:57 mc2 postfix/smtpd[92037]: warning: 202.59.70.58: hostname 202-59-70-58.nexlinx.net.pk verification failed: hostname nor servname provided, or not known
[00:23:27] <Haris_> what does this mean? -> Dec 17 00:15:26 mc2 postfix/smtpd[92037]: SSL_accept error from unknown[202.59.70.58]: -1
[00:23:38] <Haris_> do I need more verbose logging for tls?
[00:24:04] <Haris_> as soon as I punch in the auth line on telnet session, on submission port, it disconnects me
[00:24:49] <sfergut> Haris_, use openssl_client for testing ssl connections telnet will always fail
[00:24:53] *** randra has joined #postfix
[00:26:13] <Haris_> worked before
[00:26:33] <sfergut> Haris_, when ?? maybe when you did not have ssl connections
[00:26:37] <Haris_> checking
[00:26:51] <Haris_> that's possible
[00:27:03] <sfergut> Haris_,  hostname 202-59-70-58.nexlinx.net.pk  means there is no hostname named
[00:27:06] <jra> bruce schneier uses telnet for ssl
[00:27:08] <sfergut> 202-59-70-58.nexlinx.net.pk
[00:27:14] <Haris_> damned 208volts
[00:27:29] <Haris_> jra: Yes, I was looking at that
[00:27:40] <Haris_> 280+ volts
[00:28:34] <sfergut> jra, hm how ... most of the SSL protocols will fail on telnet
[00:28:44] <sfergut> i dont think postfix is an exception
[00:29:32] <jra> I was being funny, sorry.
[00:29:46] <jra> Will happen again, though.
[00:29:50] <Haris_> damn, its going back to 300 volts
[00:30:13] <Haris_> http://qmail.jms1.net/test-auth.shtml <- is this page opening slow at this time?
[00:31:08] *** hever has quit IRC
[00:32:45] <sfergut> Haris_, on that pave with telnet you see only if TLS connection is reported on ehlo command
[00:33:02] <sfergut> but you are not testing the ssl connection with telnet
[00:33:25] <sfergut> err TLS connection i meant TLS authentication
[00:33:48] <sfergut> telnet reports if TLS authentication is available for you that`s all
[00:33:59] <sfergut> it can not test your ssl connection
[00:34:10] <sfergut> and probably by the error you got a bad certificate
[00:34:52] <Haris_> I'v tried creating a self signed pem which contains both the private key and certificate. Can't find a good example
[00:35:26] <Haris_> sfergut: should smtp auth work without tls?
[00:35:42] <Haris_> ah, I only have permit_sasl_authenticated; reject there
[00:36:24] <sfergut> Haris_, yes but only plain text or login but not SSL
[00:36:26] <Haris_> Actually no
[00:37:16] <Haris_> Ok, I'm still getting this error -> 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
[00:37:40] <Haris_> I'm not sure how to tell postfix to use plain or md5-crypt as the auth mechanism
[00:38:06] *** bluethundr has joined #postfix
[00:38:48] *** bluethundr has quit IRC
[00:39:06] *** bluethundr has joined #postfix
[00:39:31] <Haris_> Verify return code: 18 (self signed certificate)
[00:39:33] <Haris_> that's ok
[00:39:44] <Haris_> with openssl connection works over tls
[00:39:52] <Haris_> how do I fix the auth mechanism issue?
[00:40:12] <sfergut> Haris_, then maybe your mail client dont like self signed
[00:40:26] <Haris_> the self signed bit is ok
[00:40:26] <sfergut> telnet 127.0.0.1 25
[00:40:29] <Haris_> I can deal with that
[00:40:36] <sfergut> ehlo test
[00:40:46] <Haris_> What I need to figure out is the auth mechanism problem
[00:40:50] <sfergut> see if you have 250-AUTH CRAM-MD5 LOGIN PLAIN DIGEST-MD5
[00:40:56] <Haris_> I do get that
[00:41:08] <sfergut> then you can  login plain text
[00:41:13] <Haris_> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
[00:41:13] <Haris_> 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
[00:41:20] <Haris_> I get these
[00:41:32] <sfergut> then you can login plain text
[00:41:34] <Haris_> I don't know why it comes 2 times
[00:41:36] <sfergut> maybe this is bad for you
[00:41:39] <sfergut> !smtpd_recipient_restrictions
[00:41:40] <knoba> sfergut: "smtpd_recipient_restrictions" : A configuration parameter in the main.cf: The access restrictions that the Postfix smtpd(8) applies in the context of the SMTP RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; see also !sasl if SMTP AUTH is needed.
[00:41:58] <Haris_> what about smtpd_recipient_restrictions ?
[00:42:05] *** xpeed has quit IRC
[00:42:14] <Haris_> My smtpd_recipient_restrictions rules are set
[00:42:27] *** xnixan has quit IRC
[00:42:30] *** jimpop has joined #postfix
[00:42:33] <Haris_> the problem is, postfix isn't using the correct auth method or something's missing
[00:42:59] <sfergut> Haris_, you can see fomr the telnet that postifx allow plain text and login and STARTSSL
[00:43:13] *** Xzisted has quit IRC
[00:43:18] <sfergut> *STARTTLS
[00:43:27] <Haris_> default_pass_scheme = MD5-CRYPT in dovecot's sql.conf
[00:43:48] *** mib_g836nwu6 has joined #postfix
[00:43:49] <Haris_> auth works with the same user/pass over imap and pop3
[00:43:56] <Haris_> but doens't work in smtp auth
[00:44:55] <mib_g836nwu6> hellow..
[00:44:58] <sfergut> Haris_, maybe the postfix db does not have those users and pass you set for imap
[00:45:04] <mib_g836nwu6> can you help me about postfix
[00:45:06] <mib_g836nwu6> ?
[00:45:23] <Haris_> sfergut: in smtpd_recipient_restrictions ?
[00:45:30] <sfergut> no
[00:45:32] <Haris_> mysql_virtual_mailbox is set
[00:46:45] <sfergut> what do you have at smtpd_recipient_restrictions
[00:46:54] <Haris_> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject
[00:47:14] <sfergut> smtpd_sasl_auth_enable is yes ?
[00:47:33] <mib_g836nwu6> about postfix, sasl configuration..
[00:47:57] <Haris_> sfergut: yes
[00:47:59] *** weedar has joined #postfix
[00:48:13] <Haris_> I tried smtp_sasl_mechanism_filter = md5-crypt
[00:48:17] <Haris_> that didn't work
[00:48:59] *** jtaji has quit IRC
[00:49:28] <sahil> Dominian: really?  because on the About page, it says: "Maia Mailguard is a web-based interface and management system based on the popular amavisd-new e-mail scanner and SpamAssassin."
[00:49:48] <sfergut> Haris_, then maybe your .db files are corrupt or they dont have records
[00:49:59] * sahil has never used Maia but that's a pretty clear SA reference to me. :)
[00:50:06] <Haris_> sfergut: everything is in mysql db
[00:50:50] <sfergut> well check if the records are ok .. also if you authenticate what error do  you get
[00:51:00] <sfergut> this using plain text
[00:51:29] <Haris_> I don't get any errors in log
[00:51:32] <Haris_> re-checking
[00:51:40] <mib_g836nwu6> people, i need to configure postfix authenticated on ldap server. I have a LDAP server with services of mail (Courier-pop and Courier-imap) and squid integrated.
[00:52:23] <Haris_> Dec 17 00:35:21 mc2 postfix/smtpd[92145]: warning: unknown[202.59.70.58]: SASL AGFhtWluIX1vbG8jb20ubWsAZmxleDk5 authentication failed: Invalid authentication mechanism
[00:53:19] <Haris_> what's the difference between a password scheme and auth mechanism?
[00:53:59] <sfergut> password uses the unix type password
[00:54:37] <sfergut> auth mechanism uses sasl type to store passwords and users in mysql db sqlite dbv
[00:54:39] <mib_g836nwu6> the postfix authenticated on ubuntu distribuition is realized usind sasl?
[00:55:05] <Dominian> sahil: it is based off of it.. when you install maia mailguard.. you use their amavisd-maia and symlink amaivsd to it
[00:55:15] <Dominian> back later
[00:56:14] <Haris_> bbl folks
[00:56:17] <Haris_> must get some sleep
[00:56:56] <sfergut> Haris_, so you have chosen some sasl authentication that is not enabled or supported on your system
[00:58:29] <sfergut> mib_g836nwu6, see http://www.postfix.org/LDAP_README.html
[00:58:29] <sahil> Dominian: yes, it's a drop-in, standalone replacement for amavisd-new based on my cursory glance.  i'll stick with the real mccoy for now. :)
[00:59:02] *** war9407 has quit IRC
[00:59:08] <roe_> the license for maia is iffy
[00:59:21] <mib_g836nwu6> sfergut i dont understand..
[00:59:33] <sfergut> what ?
[00:59:41] <mib_g836nwu6> this link is a referencial of postfix..
[00:59:58] <mib_g836nwu6> but the authentication is realized using sasl?
[01:00:08] <mib_g836nwu6> is this correct or no..?
[01:00:49] <sfergut> no read the link
[01:00:49] <mib_g836nwu6> i heard to authentique can be used the cyrus,.. but i dont no..
[01:02:26] <mib_g836nwu6> ok..
[01:02:40] <mib_g836nwu6> " to use LDAP with Debian GNU/Linux's Postfix, all you need is to install the postfix-ldap package and you're done".. ok this package is installed..
[01:03:13] <mib_g836nwu6> to receive mail is ok (ask password each time to receive).. but to send no..
[01:03:24] <jimpop> is there a way to force HELD queued mail to go direct to a local account, bypassing checks/aliases, etc.
[01:04:46] <mib_g836nwu6> i found some information about sasl and i realized some modifications on main.conf ...
[01:05:09] <mib_g836nwu6> but to receive mail i am usind localhost..
[01:05:53] <mib_g836nwu6> the domain of ldap database (dc) is dc=tcclincon,dc=com,dc=br .. but to receive and send mails is realized locally..
[01:06:20] <mib_g836nwu6> of course the user is a user of ldap database..
[01:06:42] *** Juspion has quit IRC
[01:07:08] <mib_g836nwu6> do you understand the situation Haris_ ?
[01:10:57] <mib_g836nwu6> Haris_ ?
[01:18:20] *** mib_g836nwu6 has left #postfix
[01:18:29] *** mib_g836nwu6 has joined #postfix
[01:18:40] <mib_g836nwu6> Haris_?
[01:18:42] <sfergut> mib_g836nwu6, well basically you use sasl to have dovecot ..and dovecot uses LDAP
[01:20:10] <mib_g836nwu6> if i had configurated the courier-pop and courier-imap to receive mails.. i need to configure dovecot?
[01:20:56] <xpoint> 42
[01:21:10] <mib_g836nwu6> i had a packages of postfix..
[01:21:18] <mib_g836nwu6> installeds..
[01:21:48] <mib_g836nwu6> to receive mails is configurated on evoluttion : server=localhost
[01:22:52] <mib_g836nwu6> i found some information about alterations on main.cf .. but my ask is .. i dont have a dns configurated... i would to use local to this..
[01:23:47] <mib_g836nwu6> iam confused to configure this..
[01:24:12] *** deadpigeon has quit IRC
[01:24:26] <sfergut> no you dont need to configure dovecot then courier will work too
[01:24:59] <mib_g836nwu6> ok sfergut..
[01:25:32] *** jimpop has quit IRC
[01:25:47] <sfergut> i gtg
[01:25:51] *** sfergut has quit IRC
[01:26:05] <mib_g836nwu6> one minute sfergut
[01:27:18] <mib_g836nwu6> need i to configure or install a cyrus to resolve this problem with postfix authentication..?
[01:28:35] <xpoint> mib_g836nwu6, postfix uses sasl in cyrus-sasl
[01:29:05] <xpoint> mib_g836nwu6, cyrus_sasl can use ldap backend
[01:29:08] *** dcolish has joined #postfix
[01:29:30] <dcolish> how do i rate limit my postfix server so it only sends on mail to one destination at a time
[01:30:02] <xpoint> destination_*
[01:30:21] <mib_g836nwu6> hmm ok xpoint..
[01:30:51] <xpoint> postconf -d | grep destination
[01:30:58] <dcolish> i've tried default_destination_conncurrency_limit but that doesn't seem to work
[01:31:11] <mib_g836nwu6> i install a cyrus and the cyrus authentics on ldap server.. ok?
[01:31:23] <xpoint> mib_g836nwu6, yes
[01:32:18] <mib_g836nwu6> ok.. and the client mail..
[01:32:33] <mib_g836nwu6> to authentic on sender..?
[01:32:43] *** bluethundr has quit IRC
[01:32:48] <xpoint> mib_g836nwu6, no not the client mail
[01:33:00] <mib_g836nwu6> how can I do?
[01:33:09] <mib_g836nwu6> ops.. postfix..
[01:33:20] <mib_g836nwu6> postfix authentics on ldap server
[01:33:24] *** non-sequitir has quit IRC
[01:33:25] <mib_g836nwu6> ok?
[01:33:29] <xpoint> see courier-imap authdaemond
[01:34:00] <xpoint> postfix uses sasl
[01:34:27] <xpoint> cyrus-sasl provide the api for this
[01:34:50] <mib_g836nwu6> hm ok xpoint..
[01:35:16] <xpoint> answer goes to config of smtpd.conf
[01:35:21] <mib_g836nwu6> on courier-imap authdaemon have a parameter : authmodulelist="authldap"
[01:36:04] <xpoint> this is for clients to pop3 imap
[01:36:08] *** randra has quit IRC
[01:36:46] *** bluethundr has joined #postfix
[01:36:48] <mib_g836nwu6> hm..
[01:36:51] <xpoint> and yes this need to work first
[01:37:17] <rob0> Cyrus SASL can use Courier authdaemond as its backend ... in fact that is very easy to set up.
[01:38:12] <xpoint> rob0, depending on os :)
[01:38:16] *** stas has quit IRC
[01:38:25] <mib_g836nwu6> ok.. I will try to configure cyrus
[01:38:55] <xpoint> mib_g836nwu6, after authdaemond is working
[01:39:22] *** bluethundr has quit IRC
[01:39:46] <xpoint> mib_g836nwu6, just configure smtpd.conf to use authdaemond socket
[01:40:40] <xpoint> mib_g836nwu6, google smtpd.conf authdaemond socket
[01:41:16] <rob0> The only OS-related issue I can think of might be SELinux or similar. In that case you have to do more to allow Postfix to access the authdaemond socket.
[01:41:18] *** SARGuy has quit IRC
[01:41:33] <xpoint> cyrus sasl does not need to know anything about ldap
[01:41:50] *** SARGuy has joined #postfix
[01:42:08] *** internat1 has joined #postfix
[01:42:26] *** Internat has quit IRC
[01:42:51] *** weedar has quit IRC
[01:43:48] <dcolish> seriously how do i rate limit postfix
[01:44:10] <dcolish> none of the default_destination settings work
[01:44:52] <xpoint> client or server rate ?
[01:44:59] *** githogori has quit IRC
[01:45:01] <dcolish> server send rate
[01:45:12] <rob0> Seriously describe what the problem is, before you can get an answer. Yahoo?
[01:46:38] <mib_g836nwu6> xpoint, i need to install a respective package "cyrus" ?
[01:46:39] <dcolish> i want to have my postfix server send less mail per second so I am not connecting to a mx relay with more than a few conns at a time
[01:46:58] <rob0> your relayhost throttles you?
[01:47:10] <xpoint> http://www.postfix.org/rate.html dcolish
[01:47:29] <dcolish> have you looked at that page, ever?
[01:47:57] <xpoint> dcolish, sorry for trying
[01:48:01] <dcolish> it clearly claims to be _out_of_date
[01:48:18] <xpoint> info is still valid
[01:48:30] *** jtaji has joined #postfix
[01:49:46] <rob0> Anyway, the question comes up regularly on the mailing list.
[01:49:50] <dcolish> does this actually do anything: http://www.postfix.org/postconf.5.html#default_destination_concurrency_limit
[01:50:08] *** Motoko-chan has quit IRC
[01:51:07] <mib_g836nwu6> xpoint .. i have already installed these packages: libsasl2 , libsasl2-2 , libsasl2-modules, libsasl2-modules-ldap and sasl2-bin.. but how i configure to authentic.. i'm confused yet..
[01:51:52] <xpoint> mib_g836nwu6, smtpd.conf
[01:52:05] <dcolish> rob0: if it comes up a lot where's the man page?
[01:52:45] <rob0> ?
[01:53:23] <jra> commands have manpages
[01:53:25] <mib_g836nwu6> xpoin .. oh.. where i found this file stmpd.conf?
[01:53:33] <mib_g836nwu6> xpoint .. oh.. where i found this file stmpd.conf?
[01:54:02] <xpoint> dont know on your os mib_g836nwu6
[01:54:13] <mib_g836nwu6> hm ok xpoint
[01:54:45] <xpoint> mib_g836nwu6, see postconf -d | grep sasl
[01:54:49] <mib_g836nwu6> i found now at /etc/postfix/sasl/smtpd.conf
[01:54:57] <dcolish> rob0: next time you _seriously_ feel like saying something, _seriously_ know what the eff you're talking about
[01:55:02] *** dcolish has left #postfix
[01:55:31] <rob0> Smart fellow, there.
[01:55:35] <roe_> wow
[01:55:43] <roe_> didn't even stick around
[01:55:56] <rob0> Didn't answer my questions
[01:56:09] <mib_g836nwu6> when i executed this command "postconf -d | grep sasl".. appeared a many information..
[01:56:11] <rob0> Asked a stupid question to begin with
[01:56:13] <xpoint> mib_g836nwu6, http://groups.google.com/group/mailing.unix.courier-imap/browse_thread/thread/15bdbe00a957e047
[01:58:28] <mib_g836nwu6> ok xpoint..
[01:58:41] <xpoint> mib_g836nwu6, http://nuxx.net/blog/2008/09/04/smtp-auth-for-postfix-via-courier-authlib-authdaemond/ this link is better for you :=)
[02:00:03] *** growltiger has joined #postfix
[02:02:11] *** Miguel1234 has joined #postfix
[02:02:14] <Miguel1234> hi
[02:03:07] <xpoint> /topic
[02:03:17] *** Samson100 has joined #postfix
[02:03:54] <Miguel1234> somebody who can help me please?
[02:04:02] <xpoint> 42
[02:04:22] <Miguel1234> I have a problem with smtpd and postfix
[02:04:27] *** stas has joined #postfix
[02:04:39] <xpoint> show logs then
[02:04:54] <mib_g836nwu6> ok xpoint.. i realized the configurations..
[02:04:59] <Miguel1234> q happens when I telnet localhost 25
[02:05:52] <Miguel1234> ehlo localhost
[02:05:53] <Miguel1234> 250-XXXXXXX
[02:05:53] <Miguel1234> 250-PIPELINING
[02:05:53] <Miguel1234> 250-SIZE 10240000
[02:05:53] <Miguel1234> 250-VRFY
[02:05:53] <Miguel1234> 250-ETRN
[02:05:55] <Miguel1234> 250-STARTTLS
[02:05:57] <mib_g836nwu6> in site not have a parameter on main.cf file
[02:05:57] <Miguel1234> 250-ENHANCEDSTATUSCODES
[02:05:59] <Miguel1234> 250-8BITMIME
[02:06:01] <Miguel1234> 250 DSN
[02:06:07] <roe_> roh-uh
[02:06:10] <xpoint> mib_g836nwu6, use the first 4 lines in smtpd.conf on the last link, ignore mysql there
[02:06:38] <xpoint> Miguel1234, read topic
[02:06:47] <mib_g836nwu6> ok xpoint..
[02:06:49] <Miguel1234> but I do not see 250-AUTH PLAIN LOGIN
[02:07:59] <xpoint> that does mean we are not blind, still read topic might help us both :)
[02:08:12] <Miguel1234> :S
[02:08:27] <rob0> Don't flood.
[02:08:43] <mib_g836nwu6> xpoint .. need i configure the tls:?
[02:08:51] <xpoint> and dont think we have crystall balls
[02:09:13] <Miguel1234> helmp me
[02:09:14] <xpoint> mib_g836nwu6, in postfix yes
[02:09:17] <Miguel1234> :(
[02:10:10] <xpoint> Miguel1234, we can when you post postconf -d on pastebin.ca
[02:10:19] <xpoint> Miguel1234, we can when you post postconf -non pastebin.ca
[02:10:25] <Miguel1234> ok xpoint
[02:10:32] <xpoint> postconf -n
[02:11:03] <rob0> 250-XXXXXXX ?? What is that?
[02:11:10] <rob0> !cisco_pix
[02:11:12] <knoba> rob0: "cisco_pix" : The Cisco PIX firewall has a SMTP proxy feature which breaks ESMTP. If your Postfix server is behind such a firewall you should disable the SMTP Fixup feature.
[02:11:46] <rob0> but, obviously localhost is not behind a PIX from localhost :)
[02:12:12] <xpoint> rob0, nothing todo with missing 250 auth line
[02:12:21] *** growltiger has quit IRC
[02:12:28] <mib_g836nwu6> xpoint.. the tls is using to improve security .. ssl on ldap.. ok?
[02:12:45] <xpoint> mib_g836nwu6, what ?
[02:13:01] *** Miguel1234__ has joined #postfix
[02:13:13] <Miguel1234__> xpoint,  http://pastebin.ca/1287295
[02:13:51] <mib_g836nwu6> xpoin .. why i use tls on ldap server..?
[02:13:54] <xpoint> empty post
[02:14:27] <xpoint> mib_g836nwu6, no tls only needed in postfix
[02:15:28] <xpoint> Miguel1234, i belive you have set tls only auth
[02:16:13] <mib_g836nwu6> postix need a tls? yes/no?
[02:16:45] <Miguel1234__> xpoint,  tls_only_auth ? yes o no ?
[02:17:01] <xpoint> yes
[02:17:18] <xpoint> you need to set it NO
[02:17:53] <mib_g836nwu6> i dont undersand yet..
[02:18:16] <mib_g836nwu6> i need to configure a tls on this case..to use sasl and cia..
[02:18:26] <mib_g836nwu6> ok?
[02:19:01] <xpoint> postfix need tls for sasl to work
[02:19:19] <xpoint> tls is unneeded in backend
[02:19:23] *** Samson_99 has quit IRC
[02:19:24] *** Samson100 is now known as Samson_99
[02:21:47] <mib_g836nwu6> ok xpoint..
[02:22:06] <mib_g836nwu6> now.. i understand better..
[02:23:49] *** netcrash has joined #postfix
[02:24:02] *** netcrash has quit IRC
[02:24:04] *** albanach_ has joined #postfix
[02:24:26] <Miguel1234__> xpoint,  smtpd_tls_auth_only = yes
[02:24:42] <Miguel1234__> but I do not see 250-AUTH PLAIN LOGIN
[02:25:01] <xpoint> set it to NO
[02:25:35] <Miguel1234__> xpoint,  was in NO
[02:25:59] *** growltiger has joined #postfix
[02:26:01] <xpoint> then the problem is in smtpd.conf
[02:27:03] <Miguel1234__> I would put my config smtpd.conf
[02:27:25] <mib_g836nwu6> ok xpoint.. thanks..
[02:27:30] <mib_g836nwu6> i need to go to sleep..
[02:27:55] <xpoint> super mib_g836nwu6 got it working ?
[02:28:55] <mib_g836nwu6> no yet.. but tomorrow..i iam working more in this case..
[02:29:08] <Miguel1234__> xpoint,  http://pastebin.com/m79f28dad
[02:29:19] <xpoint> okay talk later if i am here then
[02:29:33] *** Miguel1234 has quit IRC
[02:29:43] <mib_g836nwu6> xpoint.. can me pass you mail..?
[02:29:44] <Miguel1234__> xpoint,  that is my configuration smtpd.conf
[02:30:51] <mib_g836nwu6> could you pass your mail xpoint?
[02:31:20] <xpoint> mib_g836nwu6, no my mailserver does not work :)
[02:32:01] <mib_g836nwu6> your email..tomorrow i talk to you about this..
[02:32:01] <xpoint> mib_g836nwu6, me at junc dot org
[02:32:25] <mib_g836nwu6> fulano at domain dot com ..
[02:32:36] <xpoint> mib_g836nwu6, see my whois
[02:32:42] <Miguel1234__> xpoint looked the pastebin my smtpd.conf?
[02:33:03] <xpoint> Miguel1234__, yes remove cram-md5
[02:34:04] <Miguel1234__> xpoint use postfixadmin and passwords when creating the accounts in md5 encrypted no problem?
[02:34:09] <Miguel1234__> ok
[02:35:00] <xpoint> Miguel1234__, cram-md5 is not supported with postfixadmin
[02:35:09] <Miguel1234__> ok xpoint
[02:35:32] <Miguel1234__> remove and cram-md5
[02:35:47] *** brancal has joined #postfix
[02:37:00] <xpoint> this olso why tls is needed in postfix
[02:37:21] <Miguel1234__> xpoint,  http://pastebin.com/m9b5aae1
[02:37:26] *** mib_g836nwu6 has quit IRC
[02:37:39] <rob0> A quick survey ... oops
[02:37:41] <Miguel1234__>  but I do not see 250-AUTH PLAIN LOGIN :s
[02:38:07] <rob0> I was going to ask how many of the folks here who are asking about SASL have read SASL_README ...
[02:38:54] <xpoint> rob0, none
[02:39:10] <xpoint> Miguel1234__, see !sasl
[02:39:14] <xpoint> !sasl
[02:39:15] <knoba> xpoint: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[02:40:03] *** albanach has quit IRC
[02:40:04] <rob0> Splendid idea, that is. :)
[02:41:14] <xpoint> rob0, starttls is there but 250-auth is missing can we call it ubuntu features ? :)
[02:41:49] <Miguel1234__> xpoint,  configure sasl with pam
[02:42:26] <xpoint> anything
[02:43:37] <rob0> "smtpd_tls_auth_only = yes" would mean STARTTLS shows, but AUTH does not.
[02:44:40] <xpoint> starttls is not shown with yes
[02:45:38] *** brancal has quit IRC
[02:46:37] <xpoint> so are you edit the right main.cf Miguel1234__  :;)
[02:47:44] <Miguel1234__> xpoint, smtpd_tls_auth_only ?
[02:48:27] <Miguel1234__> no
[02:48:30] <Miguel1234__> :)
[02:50:11] <Miguel1234__> but the problem will persist as
[02:50:29] <xpoint> Miguel1234__, my friend on servers is gentoo
[02:50:34] *** brancaleone has quit IRC
[02:50:47] <xpoint> i hate any os that is prebuildt
[02:51:07] <Miguel1234__> xpoint,  my i ubuntu server 8.10
[02:51:17] <xpoint> and it works :)
[02:52:29] <Miguel1234__> xpoint,  but I still have the problem does not appear to support me rose 250 AUTH PLAIN
[02:53:39] <xpoint> http://cvs.caudiumforge.net/viewvc/openvisp/admin/contrib/configurations/postfix/smtpd.conf?revision=1.3&view=markup
[02:54:11] *** jelly has quit IRC
[02:55:57] *** saurabhb has joined #postfix
[02:55:58] <xpoint> this is the config that should work for postfixadmin !
[02:56:51] *** growltiger_ has joined #postfix
[03:03:32] <Miguel1234__> xpoint,  uso postfix + dovecot + sasl2 +pam +postfixadmin +
[03:04:30] <xpoint> hmm
[03:04:47] <Dominian> sahil: trust me.. I totally understand.. apparently the development version of maia mailguard is based on the newer amavisd-new stuff.. and from what I gather they are trying to work it out so you can use amavisd-new without their drop-in but with some added stuff
[03:04:55] <xpoint> nearly same as me :-)
[03:05:59] <xpoint> dogmeat, when mailguard is a amavis-custom hook will try it
[03:06:11] <xpoint> Dominian,
[03:06:21] <xpoint> dogmeat, sorry
[03:06:50] <Dominian> aye
[03:06:54] <Dominian> I like it so far
[03:07:17] <xpoint> no doubt, but updates
[03:07:26] <Dominian> aye
[03:07:40] <Dominian> I think I may "test" putting the latest amavisd-new in place to see what happens
[03:07:53] <Dominian> from what I can tell their binary doesn't really do anything different
[03:08:01] <xpoint> this breaks mailguard
[03:08:13] *** githogori has joined #postfix
[03:08:28] <Dominian> yeah.. damn it
[03:08:31] <Dominian> i guess SI could've used mail zu
[03:08:44] <Dominian> but I like how maia has built-in IMAP authentication to my existing mail accounts
[03:09:01] <xpoint> diff -u amavisd-new-perl amavisd-new-mailgaurd > diff.patch
[03:09:58] <Dominian> hah
[03:10:00] <xpoint> mailguard vs mailzu
[03:10:03] *** Severed_Head_Of_ has joined #postfix
[03:10:13] <Dominian> so mail zu does the same thing that maia mailguard does?
[03:10:20] <Dominian> imap auth and all.. SQL bayes etc etc
[03:10:29] <xpoint> not exacly as is now
[03:10:39] <Dominian> ah
[03:11:13] <xpoint> mailzu does NOT need a patched version of amavisd
[03:11:56] *** growltiger has quit IRC
[03:12:18] <xpoint> point is that mailguard can be rewrited to be a custom hook in amavisd now
[03:12:19] <Dominian> aye
[03:12:30] <Dominian> right which I believe they are doing with the development version
[03:12:42] <Dominian> and heeping the maia DB to be compatible.
[03:15:37] *** amrit|wrk is now known as amrit|afk
[03:17:09] *** jra has quit IRC
[03:18:34] *** Miguel1234__ has quit IRC
[03:21:46] *** growltiger has joined #postfix
[03:22:58] *** diazepam has joined #postfix
[03:23:21] *** albanach has joined #postfix
[03:24:28] *** growltiger_ has quit IRC
[03:27:41] *** albanach has quit IRC
[03:33:02] <sahil> Dominian: cool.
[03:34:00] *** weedar has joined #postfix
[03:37:08] <sahil> postfixadmin.. *spit*..
[03:37:10] <sahil> CLI FTW!
[03:37:44] *** Severed_Head_Of_ has quit IRC
[03:40:09] *** albanach_ has quit IRC
[03:42:34] *** diazepam has quit IRC
[03:59:33] *** Zeit|awy_ has quit IRC
[04:02:58] *** Vince421 has joined #postfix
[04:10:09] *** SARGuy has quit IRC
[04:13:21] *** yajith has joined #postfix
[04:19:35] *** Vince42 has quit IRC
[04:24:07] *** mavrick61 has quit IRC
[04:25:14] *** mavrick61 has joined #postfix
[04:29:25] *** freyes has joined #postfix
[04:29:30] <freyes> hi everybody
[04:29:38] *** Motoko-chan has joined #postfix
[04:31:03] <freyes> I have a problem with a postfix server, if I connect from any ip and try to send mail from @$mydomain to @$mydomain it's accepted, how can I avoid this?
[04:40:08] *** hparker has quit IRC
[04:40:29] <yajith> freyes: maybe check_sender_access under smtpd_recipient_restrictions
[04:41:31] <Dominian> uhhh
[04:41:32] <freyes> I'm gonna try it, yajith
[04:41:34] <Dominian> that's normal freyes
[04:41:43] <yajith> freyes: i think under default settings what ur getting is normal..
[04:41:46] <Dominian> postfix is doing its job
[04:42:26] <freyes> but the spammer are using this to send spam using that weak point
[04:42:44] <rob0> A few things are broken by such a policy, such as if one of your users has a shell on my server with a .forward going to your server.
[04:42:46] <Dominian> then use greylisting.. or institue a content_filter.. use RBLs etc
[04:43:05] <rob0> But IMO, same-envelope forwarding should be a thing of the past.
[04:44:13] <yajith> freyes: think spam filter wud be a better option though..
[04:44:23] <yajith> Dominian: exactly.
[04:44:24] <sahil> rob0: bingo!
[04:45:02] <freyes> postgrey will be my next step
[04:45:08] *** hparker has joined #postfix
[04:45:09] <Dominian> sqlgrey ftw!
[04:45:14] <sahil> postgrey ftw!
[04:45:27] <sahil> use zen before postgrey; save yourself a few seconds.
[04:45:32] <Dominian> aye
[04:45:40] <Dominian> I use dnsbl as well
[04:45:43] <Dominian> I think
[04:45:45] * Dominian looks
[04:45:47] * sahil too
[04:46:00] <rob0> Indeed they're right, blocking FROM <.*@$mydomain> from external sources won't have much impact on spam.
[04:46:06] <Dominian>  safe.dnsbl.sorbs.net
[04:46:20] <Dominian> zen and that is what I use
[04:46:28] <rob0> simple HELO checks are very effective too
[04:46:30] <sahil> only one i reject with at smtp is zen.  then postfwd uses a few -- if guys are listed on 2 or more and or 1 + have something odd like weird helo's or no reverse dns, they get rejected... things like that markedly reduce the amount of mail that needs to be postgrey'd.
[04:46:43] <Dominian> rob0: yeah.. I need to get so me o those configured...
[04:46:52] <Dominian> rob0: just haven't had time to research it.. well.. just haven't taken the time to research it
[04:46:55] <sahil> HELO checks for dynamic douchebags is highly effective.
[04:46:57] <rob0> reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
[04:47:20] <rob0> those two might bag 20% or more of all connections
[04:47:30] <sahil> unknown_user bags more than 20%
[04:47:33] <sahil> so many dictionary attacks
[05:26:24] *** Aya18111 has joined #postfix
[05:37:36] *** jens_ has joined #postfix
[05:37:41] *** aya18119 has joined #postfix
[05:37:48] *** Jense has quit IRC
[05:45:36] *** sektor1952 has joined #postfix
[05:45:46] <sektor1952> evening
[05:46:28] <sektor1952> I was trying to research an error when I start postfix and I can not seem to find anything about it
[05:47:51] <sektor1952> usr/lib/sendmail and /usr/sbin/sendmail different Replace one by a symbolic link
[05:48:27] <sektor1952> I am following the guide on corebsd.com/node/6
[05:48:44] <rob0> Your OS might have a means to select among multiple installed MTAs. Check their documentation.
[05:49:06] <sektor1952> ahh
[05:49:23] <sektor1952> I thought I didn't have that package installed
[05:49:27] <sektor1952> thx
[06:10:34] <sektor1952> cool that cleared it
[06:16:41] *** Haris1 has joined #postfix
[06:17:47] <sektor1952> is there a postfix init.d script when compiling from source?
[06:18:01] <sektor1952> trying to look for it
[06:21:29] *** freyes has quit IRC
[06:21:45] <rob0> nope, but a pretty simple wrapper around postfix(1) should do fine
[06:22:31] <sektor1952> oh ok I was just wondering
[06:24:39] <f3ew> sektor1952, which OS?
[06:24:52] <sektor1952> centos 5.2
[06:25:08] <f3ew> So use Simon Mudd's RPM packages
[06:25:53] <sektor1952> oh ok I was just following a document and it had me compile from source
[06:26:20] *** Fallenou has joined #postfix
[06:26:58] *** SARGuy has joined #postfix
[06:28:47] *** SARGuy has quit IRC
[06:39:32] *** sektor1952 has quit IRC
[06:49:07] *** UQlev has joined #postfix
[06:50:21] *** bluethundr has joined #postfix
[06:57:27] *** mcp has quit IRC
[06:58:33] *** mcp has joined #postfix
[06:59:13] *** bluethundr_ has joined #postfix
[07:02:50] *** bluethundr__ has joined #postfix
[07:05:45] *** bluethundr_ has quit IRC
[07:07:49] *** r33 has joined #postfix
[07:08:17] *** bluethundr has quit IRC
[07:10:05] *** bluethundr has joined #postfix
[07:11:00] *** bluethundr__ has quit IRC
[07:17:02] *** bluethundr_ has joined #postfix
[07:18:49] *** Fallenou has quit IRC
[07:19:15] *** Aya18111 has quit IRC
[07:21:56] *** UQlev has quit IRC
[07:25:14] *** r3r3 has quit IRC
[07:29:52] *** bluethundr has quit IRC
[07:30:38] *** miguel1234 has joined #postfix
[07:31:35] *** thetimoo has quit IRC
[07:33:56] *** deepjoy has joined #postfix
[07:42:17] *** bluethundr_ has quit IRC
[07:56:33] *** amrit|afk is now known as amrit
[07:58:13] *** alibaba has joined #postfix
[08:00:13] <alibaba> Hello, I kindly please for your help. I am new to postfix and want that it sends mail from "root-hostname@domain" instead of "root@fqhn".  How do I do that? In sendmail this is easy done.
[08:02:17] <alibaba> Somebody here who can help?
[08:07:40] <alibaba> Nobody here?
[08:12:36] <xpoint> no
[08:12:51] <xpoint> show me a example log
[08:14:07] <xpoint> is it that you like to use mydomain as sender not myhostname as sender for unix accounts ?
[08:14:09] <alibaba> hi! What do you need exactly?
[08:14:49] <xpoint> change myorigin then
[08:15:27] <xpoint> eg root@myorigin
[08:15:34] *** phnord has joined #postfix
[08:16:01] <xpoint> myorigin=$myhostname is default
[08:16:15] <alibaba> Mails go out masqueraded from this machine. This works. I could also make it work that root is masqueraded, too. So all mail goes out now as ".....@dimain". This is correct. But I would like to get root's name renamed to "root-hostname", as there are more servers, and I want to be able to see which machine's root sent that notification mail.
[08:16:30] <xpoint> change to myorigin=$mydomain
[08:16:56] <alibaba> Must be something with /etc/postfix/virtual, I guess...
[08:17:15] <xpoint> no
[08:17:28] <xpoint> smtpd_generic_maps
[08:17:50] <xpoint> smtp_generic_maps ups
[08:18:08] <alibaba> Where is this file?
[08:18:28] <xpoint> postconf -d | grep generic_maps
[08:18:46] <xpoint> just add it to main.cf
[08:19:35] <alibaba> Yes, it's empty. How is the content of this file? (meanwhile I'll edit main.cf)
[08:19:47] <xpoint> content is:
[08:20:15] <xpoint> oldvalue@fqdn newvalue@fqdn
[08:23:03] <alibaba> it appears still empty after adding the line to main.cf, creating the file, and doing a postfix restart.
[08:23:58] <alibaba> Talking of the output of postconf -d ...
[08:24:18] <xpoint> postmap  the file
[08:24:28] <alibaba> How?
[08:24:45] <xpoint> postmap local_generic_maps
[08:25:06] <xpoint> add to main.cf with:
[08:25:47] <xpoint> postconf -e 'smtp_generic_maps=hash:/etc/postfix/local_generic_maps'
[08:26:03] <xpoint> after this postfix reload
[08:26:19] <alibaba> No spaces in the line?
[08:26:45] <xpoint> space between old new
[08:26:54] <xpoint> oldvalue@fqdn newvalue@fqdn
[08:27:12] <alibaba> SPACE, no TAB ?
[08:27:20] <xpoint> yes no tab !
[08:27:27] <alibaba> Aha!
[08:27:44] <deepjoy> Hi I'm trying to configure postfix to not try to deliver mails locally. i.e. only local emails are sent to the relay host at $mydomain
[08:27:48] <alibaba> Can I also enter only root on the left side?
[08:27:58] *** sophokles has joined #postfix
[08:28:06] <xpoint> postmap -q oldvalue@fqdn hash:/etc/postfix_local_generic_maps
[08:28:19] <xpoint> should show newvalue@fqdn
[08:28:32] <deepjoy> I'm still getting Recipient address rejected: User unknown in local recipient table')}
[08:28:43] <deepjoy> how do I disable local delivery?
[08:28:44] <xpoint> if no match is found nothing should be shown :)
[08:29:59] <xpoint> deepjoy, make local_recipient_maps totaly empty
[08:30:36] <xpoint> and make all aliases end on fqdn :)
[08:31:32] <alibaba> doesn't work. Back to start...
[08:31:35] <xpoint> alibaba, you can but i wont
[08:31:49] *** Lap_64 has joined #postfix
[08:31:59] <xpoint> remove maqurade
[08:32:33] <xpoint> and READ TOPIC :)
[08:32:47] <alibaba> I created /etc/prostfix/smtp_generic_maps  witrh one line inside:  "root at obelix dot localdomain root:_hostname@domain"
[08:33:15] <xpoint> remove the :
[08:33:29] <alibaba> Then I added this line to main.cf: smtp_generic_maps = hash:/etc/postfix/smtp_generic_maps
[08:33:41] <alibaba> Oh, this was a typo: I have no : there.
[08:34:17] <xpoint> why not set myorigin=domain
[08:35:54] <deepjoy> xpoint: that doesnt give any errors but I recieved no email on the @mydomain email address
[08:35:58] <alibaba> I have that. All mail goes out as "<username>@domain".   But root's mail goes out as "root@domain", too.  But I want/need root's mail to be origined by "root-hostname@domain".
[08:36:09] <xpoint> try:
[08:36:17] <xpoint> sendmail -bv root
[08:36:49] <alibaba> Mail Delivery Status Report will be mailed to <root>.
[08:37:06] <xpoint> now see logs and that email
[08:40:22] <deepjoy> xpoint: do I need to specify the relayhost?
[08:41:18] <xpoint> deepjoy, relayhost have nothing to do with local:
[08:41:54] <xpoint> alibaba, in generic then:
[08:42:13] <alibaba> There is actually no difference now.
[08:42:17] <xpoint> root@domain root-hostname@domain
[08:42:18] <deepjoy> if i set the local_recipient_maps to empty will that cause all email sent to @mydomain to be ignored/delivered accordind to the MX records of the domain?
[08:43:15] <alibaba> is this in addition or instead of the previous stuff?
[08:43:46] <xpoint> remove the @mydomain to less domains that cant be delivered to from outside
[08:44:22] <xpoint> deepjoy, all mydestination will be delivered to local:
[08:45:04] <xpoint> so mydestination=locahost.$myhostname
[08:45:35] <xpoint> deepjoy, and add all the rest domains as virtual
[08:45:49] <deepjoy> sorry I lost you.
[08:46:02] <deepjoy> I wanted postfix to actually deliver mails to all domains and not treat anything as local delivery
[08:46:45] <alibaba> xpoint: Must I add something to main.cf to get generic being used?
[08:46:49] <xpoint> show logs with the problem might help me more :=)
[08:47:18] <xpoint> postconf -e 'smtp_generic_maps=hash:/etc/postfix/local_generic_maps'
[08:47:29] <deepjoy> I'm not sure where the log file is or what its named I tried 'locate postfix|grep log'
[08:47:47] <xpoint> locate syslog.conf
[08:48:01] <xpoint> and see where logs goes
[08:48:08] <alibaba> It's a SuSE system, so it is in /var/log
[08:48:12] <miguel1234> xpoint,  have problem
[08:48:13] <miguel1234> :(
[08:48:23] <xpoint> me 2 :)
[08:49:22] <miguel1234> me  250 AUTH LOGIN not found
[08:49:22] <miguel1234> :s
[08:49:40] <miguel1234> use dovecot +sasl +postfix+postfixadmin
[08:51:05] <alibaba> xpoint: Nothing extraordinary in the logs. Mail "From: root@fqhn"  where fqhn is with local domain, and status is sent. (Another server is the relay in this LAN. The mail comes to me, but from root@official-domain". :-/
[08:53:29] <xpoint> alibaba, i want postconf -n
[08:53:43] <xpoint> on pastebin
[08:54:57] <alibaba> How do I post there? (Never did that)
[09:01:50] <xpoint> http://pastebin.com/
[09:04:02] <xpoint> miguel1234, ask specifict in a #ubuntu-server irc channel
[09:04:15] <miguel1234> thanks xpoint
[09:04:16] <miguel1234> :)
[09:07:17] <deepjoy> xpoint: http://pastebin.com/d706cd94a
[09:07:24] <deepjoy> finally found the log file
[09:09:18] <xpoint> deepjoy, postconf -n olso
[09:10:29] <deepjoy> http://pastebin.com/m32d46cb7
[09:11:03] <alibaba> xpoint: http://pastebin.com/d768f346f
[09:11:31] <xpoint> deepjoy, remove line 3
[09:12:27] <deepjoy> append_dot_mydomain = no
[09:12:29] <deepjoy> ?
[09:12:55] <xpoint> deepjoy, all domains in mydestination apply to local:
[09:13:34] <xpoint> deepjoy, thats why i  would change non local to be virtual
[09:14:48] <xpoint> deepjoy, as it is now if you dont have users in local_recipient_maps there is no mail recieved
[09:16:03] <deepjoy> so I should remove the line append_dot_mydomain = no
[09:16:08] <deepjoy> and then set up a postmap?
[09:16:40] <alibaba> xpoint: I posted what you asked for.
[09:16:47] <xpoint> deepjoy, not sure since i still dont know really what you want in then end
[09:17:15] <xpoint> alibaba, i still have no clotches on :)
[09:17:31] <xpoint> to many friends to help, damm
[09:18:37] <alibaba> :D
[09:21:10] <xpoint> alibaba, remove line 3 8 10 16 18 21 22 23
[09:22:46] <xpoint> change line 27 to obelix-plansinn.localdomain
[09:24:33] <xpoint> line 33 sends all mail to that host
[09:24:52] <xpoint> but it should be routed via mx
[09:25:06] <xpoint> olso on lan :)
[09:25:31] <alibaba> line 33 is correct! This is the mail relay.
[09:25:41] <xpoint> no
[09:26:05] <xpoint> postfix try mx if relayhost is not defined
[09:26:24] <xpoint> and we praticaly always want that
[09:27:12] <xpoint> if this fails then the recipients is wroung in the first place
[09:28:06] <alibaba> So postfix makes no rewritings if it uses a relay?
[09:28:36] <xpoint> mail from unix accounts gets myorigin added
[09:28:49] <alibaba> nothing else?
[09:29:08] <alibaba> I cannot re-write before a mail leaves the local host?
[09:29:09] <xpoint> and the recipient is controlled in aliases maps
[09:29:35] <xpoint> rewrites is done in generic maps
[09:29:57] <xpoint> but start with a more empty main.cf :)
[09:30:28] <alibaba> but then it should re-write root's name.  (My problem. This is a running system. I cannot simply change the config file.
[09:30:30] <alibaba> )
[09:30:46] <xpoint> too much messed up and alot of defaults
[09:31:15] <alibaba> It's not my setup. This was "created" by the one before me. :-/
[09:31:20] *** madrescher has joined #postfix
[09:31:24] <alibaba> I would have used sendmail instead.
[09:31:38] <xpoint> no you wont
[09:31:48] <alibaba> Oh, yes, I do! :D
[09:32:13] <alibaba> Much smoother.
[09:33:21] <xpoint> alibaba, now i know your real problem better
[09:33:41] <alibaba> yes?
[09:34:02] <xpoint> learn postfix
[09:34:34] <alibaba> :D    Honestly, no.
[09:34:57] <xpoint> a good conf is one with 300 default lines one do not know what does
[09:35:02] *** denis_ has joined #postfix
[09:35:24] *** wdp has joined #postfix
[09:35:42] *** Aya18111 has joined #postfix
[09:36:10] <Aya18111> hii , can i ask for some advice on postfix ?/
[09:36:40] <xpoint> Aya18111, go on, we are even sendmail geeks here :-)
[09:36:50] *** denis_ has quit IRC
[09:37:18] <alibaba> I know, everybody prefers what he knows. I prefer therefore sendmail and had the hope that postfix would be able to do that easily. In sendmail, I simply add one line to virtuser and I am done.
[09:37:25] <Aya18111> i was trying to install GUI interface for administration purpose in postfix
[09:38:09] <Aya18111> and abt back up mail in postfix, should i use mysql for back up?//
[09:38:43] <alibaba> Anyway, thank to you, xpoint.  Hope that I will never have to repair this postfix setup. If so, I'll kick it out. :)
[09:39:07] <xpoint> Aya18111, if postconf -m shows mysql you can
[09:39:27] *** alibaba has left #postfix
[09:40:09] <Aya18111> then does we have any software help with admin postfix ?/
[09:40:10] <xpoint> Aya18111, and by gui you mean webui ?
[09:40:15] <Aya18111> yea
[09:40:18] <Aya18111> web GUI
[09:40:35] <xpoint> Aya18111, maybe postfixadmin ?
[09:41:13] *** denis_ has joined #postfix
[09:41:34] <Aya18111> it have all the feature postfix have ?/ like create user , change setting and so on ?/
[09:41:55] <xpoint> Aya18111, http://postfixadmin.sourceforge.net/
[09:42:42] <deepjoy> xpoint: I have my primary users and mx records pointing to a saparate mail server
[09:42:59] <deepjoy> some of my applications need to send mail from inside a firewalled network
[09:43:31] <xpoint> deepjoy, fine mx will handle this as default
[09:43:57] <deepjoy> I want to set up postfix such that the internal mail server delivers to outside hosts correctly and for mail in the same domain it uses the MX record to send to the external mail server
[09:44:00] <deepjoy> exactly
[09:44:08] <xpoint> deepjoy, but you need to use the mx as recipients on aliases tables
[09:44:26] <deepjoy> the only part of the whole process that is not working is  postfix sending same domain emails
[09:45:11] <xpoint> deepjoy, as i understand you want 2 postfix behind nat using one INTERNET domain ?
[09:45:13] <deepjoy> so I need to add separate aliases for each user on the internal mail server as well?
[09:45:20] <Aya18111> btw, xpoint , abt back up mail , the command " postconf -m shows mysql" wat it mean ?/
[09:45:48] <xpoint> Aya18111, it means you still miss postfixadmin
[09:45:51] <deepjoy> xpoint:  no 1 outide server thats the primary server which has MX etc pointed to it
[09:46:14] <deepjoy> 1 behind the NAT  using the same domain
[09:46:24] *** kk_CHN has joined #postfix
[09:46:30] <Aya18111> so i need the postfixadmin 1st , then can back up mail  ?/
[09:46:35] *** bhagat has joined #postfix
[09:46:35] <xpoint> deepjoy, same problem :)
[09:46:55] <deepjoy> yeah. I have set up the TXT and MX  records to allow all this
[09:47:03] <xpoint> Aya18111, i need to know what you want to backup
[09:47:06] *** EugenA has joined #postfix
[09:47:06] <deepjoy> the external mail server is sending and recieving mail
[09:47:16] <deepjoy> the internal maio server is sending mail to other domains
[09:47:16] <Aya18111> all the user mail
[09:47:31] *** weedar has quit IRC
[09:47:37] <deepjoy> the internal mail server does not send to same domain
[09:47:45] <xpoint> Aya18111, that part is not a job for postfix
[09:48:35] <Aya18111> so if i save all the mail in postfix using mysql , i can use mysql for back up ?/
[09:48:36] <xpoint> deepjoy, but the lan postfix do use myorigin shared with the one on internet ?
[09:49:01] <deepjoy> yes
[09:49:18] *** weedar has joined #postfix
[09:49:48] <EugenA> hi, i checked /var/log/mail and saw some emails sent not by me. I think someone from internet uses my server to send mails
[09:49:55] <xpoint> deepjoy, can you use relayhost to the internet postfix so ?, myorigin is the envelope sender so
[09:50:39] <EugenA> what can i do?
[09:50:59] <xpoint> Aya18111, its more related to have DBMail then a question on if postfix can use mysql
[09:52:05] <xpoint> Aya18111, http://www.dbmail.org/ and use mysql cluster
[09:52:34] <xpoint> or better postgresql :)
[09:53:29] <xpoint> EugenA, show logs
[09:53:48] <xpoint> EugenA, and postconf -n on pastebin.com
[09:54:18] <deepjoy> you mean all mail gets routed through the external mail server?
[09:54:35] <Aya18111> ok , ty alot for ur help , xpoint , =D , will try to study more abt it
[09:54:54] <xpoint> deepjoy, yes as i understand it was you this you wanted ?
[09:55:01] <deepjoy> no
[09:55:25] <deepjoy> I don't want all mails to be sent from the external mail server
[09:55:44] <deepjoy> only mails to the same domain should be sent there
[09:55:50] <deepjoy> rest should be delivered directly
[09:55:57] <xpoint> Aya18111, yes just remember that DBMail works on a single sql server, but it should only be used on clustered servers
[09:56:21] <xpoint> Aya18111, that way you always have backupp
[09:56:35] <Aya18111> ic
[09:57:04] *** amrit is now known as amrit|zzz
[09:57:42] <deepjoy> xpoint: as in all email should be delivered according to the mx records of the domains they were sent to
[09:58:02] <xpoint> deepjoy, okay, first thing to make sure is then to have "proxy_interfaces=van-ip" on the lan postfix
[09:58:02] *** war9407 has joined #postfix
[09:58:18] <EugenA> xpoint, i have a lot of these messages in /var/log/mail http://pastebin.com/m1688fd81 and my config: http://pastebin.com/m524e5705
[09:59:11] <xpoint> deepjoy, postfix then just need to have helo as the wan ip ptr dns !
[10:00:20] <xpoint> deepjoy, host wan-ip, then set smtp_helo_name=result from host
[10:02:08] *** jelly has joined #postfix
[10:02:20] <deepjoy> so smtp_helo_name=domain.com?
[10:02:31] <deepjoy> or smtp_helo_name=xxx.xxx.xxx.xxx
[10:02:45] <xpoint> deepjoy, if this is what host wan-ip gives :)
[10:03:09] <xpoint> dont use numeric hostnames
[10:04:01] <deepjoy> IP addresses are always numeric ???
[10:04:05] <xpoint> EugenA, is line 34 manglede ?
[10:04:25] <xpoint> deepjoy, host 127.0.0.1
[10:04:33] <xpoint> deepjoy, dig localhost
[10:04:54] <xpoint> deepjoy, host ip on wan
[10:05:03] <EugenA> xpoint, i have there my real relay host, i just removed it for posting
[10:06:45] *** csy has joined #postfix
[10:07:05] <xpoint> EugenA, its not open relay with that config
[10:07:49] <xpoint> unless you have a maps file with OK in
[10:08:23] <xpoint> use PERMIT_AUTH_DESTINATION where guides says OK
[10:09:24] *** hever has joined #postfix
[10:09:54] <EugenA> xpoint, i have drupal site on that server
[10:10:22] <EugenA> xpoint, maybe someone using drupal to send mails?
[10:10:55] *** chrissy has joined #postfix
[10:11:02] *** csy has quit IRC
[10:11:02] <xpoint> EugenA, check content in mysql on the drupal db then, and make spam check from mail that is sent from drupal, maybe your drupal is hacked
[10:11:23] <deepjoy> I set smtp_helo_name = <WAN (internet visible) IP address of my NAT>
[10:11:27] <deepjoy> still doesn't work
[10:11:31] <xpoint> EugenA, some dirs is world writelble ?
[10:11:56] <xpoint> EugenA, or can be writede to by apache ?
[10:12:41] <xpoint> deepjoy, yes that part works, but i miss what is left to make work now :-)
[10:12:59] *** Motoko-chan has quit IRC
[10:13:15] <xpoint> deepjoy, smtp_helo_name must NOT be a ip
[10:14:00] <deepjoy> :-) sorry for not being clear. If i use the internal postfix server to send mails to email addresses on the same domain it does not try to deliver them to the external mail server as specified by the MX record for the domain
[10:14:41] <xpoint> deepjoy, this is becurse the lan postfix see domain as local
[10:14:55] <deepjoy> yes
[10:15:16] <xpoint> remove domains in mydestination on the lan for this domain
[10:15:21] *** Samson_99 has quit IRC
[10:15:27] <deepjoy> ah
[10:15:48] <deepjoy> ok removed domain.com from there
[10:15:55] <xpoint> deepjoy, but only for this one domain
[10:16:08] <deepjoy> should I add a helo name?
[10:16:08] <EugenA> xpoint, thanks, i'll check these points
[10:16:39] <xpoint> EugenA, if this was the problem, reinstall mysql db
[10:16:44] <deepjoy> cool it works
[10:16:49] <deepjoy> thanks a ton xpoint
[10:17:08] <xpoint> super now i can get my clotches on maybe
[10:17:26] <deepjoy> you are completely swamped today
[10:17:34] <deepjoy> :-( sorry to be a bother
[10:17:38] *** EugenA has quit IRC
[10:17:57] <xpoint> deepjoy, i am a retired admin so no problem
[10:20:15] *** deepjoy has left #postfix
[10:21:07] *** fx0 has left #postfix
[10:34:42] *** hever has quit IRC
[10:35:02] <wdp> xorl, retired? or retarted?
[10:35:05] <wdp> errm.
[10:35:10] <wdp> xpoint i mean
[10:35:10] <wdp> :)
[10:44:29] <xpoint> wdp, retated :)
[10:44:48] <xpoint> is another problem
[10:49:09] *** miguel1234 has quit IRC
[10:52:39] *** Zeit|awy has joined #postfix
[10:57:06] <xpoint> offline, later
[10:57:37] *** xpoint has quit IRC
[10:59:25] *** |_Knoedel_| has joined #postfix
[11:06:57] *** Juspion has joined #postfix
[11:13:26] *** ronr has joined #postfix
[11:15:07] * jelly tarts wdp again
[11:15:28] <ronr> hi, my postfix server starts to send mails when there are smtp errors, about all the smtp errors I get are a result of the server being too busy with handling lots of mail and the smtp error mails are only adding to the problem, can I disable this feature somehow?
[11:17:44] <f3ew> notify_classes?
[11:22:07] *** madrescher has quit IRC
[11:22:45] *** Juspion has quit IRC
[11:23:12] *** weedar has quit IRC
[11:23:24] *** madrescher has joined #postfix
[11:26:00] *** ronr has quit IRC
[11:28:14] *** ronr has joined #postfix
[11:30:58] *** cpm has joined #postfix
[11:45:14] <chrissy> Wondering if someone can make sense of my log file...i seem to be going round in circles - http://pastebin.com/d1e6b398f
[11:47:39] <chrissy> Just nothing seems to go through to wherever I send it to
[11:48:06] <chrissy> I've sent 3 emails as you can see in the log file to 3 different addresses, 3 different errors...
[11:50:33] <hparker> The email to google when through, line 9 says sent.. The connection to 1and1 dropped for some reason, and bowdenonline looks like it didn't like the To: address
[11:51:54] <hparker> If you're healthycomputer why would you be sending an email to healthycomputer via bowdenonline?
[11:51:59] *** weedar has joined #postfix
[12:00:14] *** mandragor has joined #postfix
[12:00:33] *** SARGuy has joined #postfix
[12:01:08] <chrissy> probably because i've got something wrong in my config
[12:01:17] <chrissy> i've just never setup a mailserver before so i'm not sure
[12:01:49] <chrissy> the mail also never gets through to my gmail account
[12:02:16] <chrissy> it just seems strange that i get 3 different responses for sending to different domains
[12:02:49] *** pirho has joined #postfix
[12:03:28] <hparker> I don't see anything in your postconf -n output that would mess up the mail routing.. As for google eating your email, don't try sending to hotmail for testing :P
[12:05:29] <Haris1> guys
[12:05:39] * cpm eats hparker's email
[12:05:39] *** mark-use has joined #postfix
[12:05:48] <Haris1> dammit
[12:05:51] <Haris1> don't you guys ever sleep
[12:05:56] <cpm> no sleep!
[12:05:56] <Haris1> or are you in the right timezones
[12:05:59] * hparker hands cpm the antacid
[12:06:03] <Haris1> or on night shifts
[12:06:10] * cpm gratefully accepts
[12:06:35] <hparker> Haris1: I sleep every 24-36 hours whether I need it or not :P
[12:06:43] <ronr> nevermind, found it, the notify_classes option does the trick
[12:08:27] <chrissy> any ideas in that case hparker?
[12:09:07] * f3ew grins at ronr
[12:09:09] <hparker> I don't see anything unusual in either the logs or your postconf -n output
[12:09:47] <hparker> I'd be worried more if I was getting the same errors/having the same problems everywhere
[12:10:19] <cpm> chrissy, send me a mail at cpm at daviswv dot net
[12:10:28] <chrissy> will do
[12:10:39] <Haris1> ok, why does postfix tell me -> 535 5.7.8 Error: authentication failed: Invalid authentication mechanism ?
[12:10:45] <chrissy> sent cpm
[12:10:57] * hparker points spamtrap at cpm@daviswv.net
[12:12:03] *** SARGuy has quit IRC
[12:12:27] <cpm> chrissy, this you? DEBIANSERVER.healthycomputer.co.uk
[12:12:39] <Haris1> http://rafb.net/p/2Qivp258.html
[12:12:50] <Haris1> This is the log for the smtp auth session
[12:12:55] *** wdp_ has joined #postfix
[12:12:56] <chrissy> yes cpm
[12:13:13] <cpm> there is no A record for that name. That's one problem.
[12:13:48] <cpm> also, the relevant IP *was* blacklisted as of this am. apparently it's been removed, but not all the rbls have updated yet. Let it sleep for a while, and fix your dns stuff.
[12:13:50] *** weedar has quit IRC
[12:13:51] <hparker> Haris1: No clue :P
[12:13:57] <Haris1> Does md5-crypt fall into auth method plain?
[12:14:08] <chrissy> yeah i've just been looking at that cpm >:/
[12:14:20] <Haris1> In dovecot, I have the defaults set against auth methods/mechanisms
[12:14:22] <chrissy> thanks, can you see of any other problems?
[12:14:30] <cpm> Haris1, fix this >warning: TLS library problem:
[12:14:36] <cpm> chrissy, nope.
[12:14:38] <Haris1> cpm: Any pointers?
[12:15:09] <Haris1> let me see if openssl people can help
[12:15:15] <Haris1> identify the issue with tls
[12:15:46] <Haris1> Let me increase the verbose log levl
[12:15:48] <Haris1> level+
[12:17:38] <cpm> does it work w/out tls?
[12:18:11] <Haris1> nope, same message
[12:18:21] *** wdp_ has quit IRC
[12:20:09] <Haris1> postconf -d|grep tls doesnt show any keyword through which I could set any auth mechanisms
[12:20:39] <Haris1> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
[12:20:39] <Haris1> 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
[12:20:42] <Haris1> is also mentioned
[12:20:49] <Haris1> md5-crypt should fall in one of these
[12:24:00] <Haris1> auth=plain AGFkbWluQG1vbC5jb20ubWsAZmxleDk5
[12:24:01] <Haris1> 502 5.5.2 Error: command not recognized
[12:24:11] <Haris1> is auth=plain not correct syntax?
[12:25:04] <Haris1> Do I need to configure saslauthd?
[12:25:13] <Haris1> in postfix+dovecot+mysql setup
[12:26:53] *** wdp has quit IRC
[12:27:52] <f3ew> no =
[12:27:57] <f3ew> auth plain ...
[12:28:11] *** yajith has left #postfix
[12:28:27] *** randra has joined #postfix
[12:29:28] *** jens_ is now known as Jense
[12:32:37] *** _sng has joined #postfix
[12:51:55] *** _sng has quit IRC
[12:52:31] *** _sng has joined #postfix
[12:52:54] *** madrescher has quit IRC
[12:54:05] *** _sng has quit IRC
[12:55:56] *** _sng has joined #postfix
[12:56:10] *** gypsymauro has joined #postfix
[12:56:14] <gypsymauro> hi
[12:56:20] <gypsymauro> there is a way to accelerate local delivery?
[12:56:31] *** Aya18111 has quit IRC
[12:56:45] *** m1n3s6 has joined #postfix
[13:05:50] *** gypsymauro has quit IRC
[13:08:27] <f3ew> add faster local disk
[13:16:00] *** _sng_ has joined #postfix
[13:22:37] *** mark-use has quit IRC
[13:26:32] *** mark-use has joined #postfix
[13:38:36] *** _sng has quit IRC
[13:41:48] <R1ck> f3ew: what kind of SAN's does your company use?
[13:43:50] *** UltraCool has joined #postfix
[13:48:33] *** wdp has joined #postfix
[13:53:18] <f3ew> MD3000 and Infotredn comets
[13:59:17] *** gutocarvalho has joined #postfix
[14:04:17] *** naoshige has joined #postfix
[14:04:19] <naoshige> hello
[14:05:12] <naoshige> getting this here NOQUEUE: reject: RCPT from mail-bw0-f11.google.com[209.85.218.11]: 554 5.7.1 <ad-3 at mysite dot no>: Relay access denied; from=<reddvinylene at gmail dot com> to=<ad-3 at mysite dot no> proto=ESMTP helo=<mail-bw0-f11.google.com>
[14:05:46] <naoshige> i guess i gotta add mysite.no to mydestination?
[14:08:04] <naoshige> ok just did that
[14:08:08] <naoshige> now im getting NOQUEUE: reject: RCPT from mail-bw0-f11.google.com[209.85.218.11]: 450 4.2.0 <ad-3 at mysite dot no>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/mysite.no.html; from=<reddvinylene at gmail dot com> to=<ad-3 at mysite dot no> proto=ESMTP helo=<mail-bw0-f11.google.com>
[14:08:24] <naoshige> that should be alright yeah? now i just gotta sit back and relax for the greylist to go through?
[14:09:27] *** mark-use has quit IRC
[14:09:43] *** jra has joined #postfix
[14:47:44] *** chrissy has quit IRC
[14:48:49] *** kk_CHN has quit IRC
[14:49:13] <R1ck> naoshige: indeed
[14:49:27] *** Fallenou has joined #postfix
[14:49:46] <R1ck> f3ew: cool
[14:53:32] <R1ck> f3ew: do you have multiple md3000's which replicate to eachother? we're looking for a clustered NAS to put our maildirs on..
[14:53:48] *** saurabhb has quit IRC
[14:58:26] *** hparker has quit IRC
[15:02:54] *** xpoint has joined #postfix
[15:03:29] *** hparker has joined #postfix
[15:05:50] <f3ew> R1ck, not yet
[15:06:22] <f3ew> That stuff is due in a few days
[15:11:44] *** bhagat has quit IRC
[15:14:18] *** davidj has joined #postfix
[15:14:24] *** madrescher has joined #postfix
[15:23:00] <jduggan> you want drbd with OCFS :P
[15:25:36] *** csy has joined #postfix
[15:25:45] *** k4z has joined #postfix
[15:27:23] <k4z> Hi, I have problem with sending email to few servers - I got status=bounced, and server response with: 554 Transaction Failed. Spam Message not queued. (in reply to end of DATA command)). I`m not on blacklists...
[15:38:33] <R1ck> jduggan: no, i really really dont :)
[15:38:37] <R1ck> hm, reboot
[15:38:40] *** R1ck has quit IRC
[15:40:23] *** bigtone has joined #postfix
[15:40:29] *** bluethundr has joined #postfix
[15:44:23] <bigtone> I'm setting up a postfix filtering gateway, but am having trouble nutting out the best way to forward the email on once the gateway has filtered it.  For most domains, the destination is on the local lan, and I was using 'relayhost = [mail.inside]'.  Works well...
[15:45:07] <bigtone> now I want to add that I am a backup MX for an external domain.  I want to queue and deliver mail directly to that server, without seinding it to mail.inside.  Can't get it working...
[15:45:11] <Dominian> !transport
[15:45:11] <knoba> Dominian: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html
[15:45:33] <bigtone> Dominian: yes, but in what parameter?
[15:45:53] <Dominian> what do you mean what parameter?
[15:46:04] <Dominian> look at the transport file that is with you distro.. usually /etc/postfix/transport
[15:46:07] <Dominian> gives you examples
[15:46:13] <bigtone> I've tried it as an access map in postconf -e 'smtpd_recipient_restrictions = ... check_recipient_access hash:/path/to/file'
[15:46:52] <Dominian> I may not be understanding what you're doingthen..
[15:48:43] <bigtone> Dominian: no, it's me who's not understanding.  So I don't need to specify a parameter and tell it to look at /etc/postfix/transport?
[15:48:46] *** bluethundr_ has joined #postfix
[15:49:06] <Dominian> Shouldn't.. if you put something in transport.. thendo: postmap transport
[15:49:07] <bigtone> and, there is no /etc/postfix/transport file currently - this is Debian lenny
[15:49:12] <Dominian> postfix will automatically read it
[15:49:13] <bigtone> k, will try
[15:49:25] <Dominian> bigtone: yeah then just read that page I sent you.. if you need examples.. they are there
[15:51:14] *** R1ck has joined #postfix
[15:54:21] <bigtone> Dominian: no luck.  554 Relay access denied
[15:54:31] <Dominian> !relay_domains
[15:54:31] <knoba> Dominian: "relay_domains" : A configuration parameter in the main.cf: What destination domains (and subdomains thereof) this system will receive mail for and will relay mail to. Subdomain matching is controlled with the parent_domain_matches_subdomains parameter. See also !address_classes
[15:54:42] <bigtone> I've tried, with the target domain both in relay_domains, and not
[15:54:53] <Dominian> hrm
[15:55:02] <Dominian> WEll I wish I could help more, but I'm freakin' swamped here at work
[15:55:09] <bigtone> relay_domains is a hash, or rather a list
[15:55:23] <Dominian> right
[15:55:37] <bigtone> is there some default config that tells postfix to look at /etc/postfix/transport?
[15:55:43] <Dominian> Wha tdoes your relay_domains look like?
[15:56:01] <bigtone> relay_domains = hash:/etc/postfix/zimbra/domains
[15:56:08] <Dominian> transport_maps = hash:/etc/postfix/transport
[15:56:24] <bigtone> which is a hashheh
[15:56:28] <bigtone> ta, that was blank
[15:56:35] <bigtone> heh
[15:58:30] <Dominian> heh
[16:02:26] *** csy has quit IRC
[16:03:17] <bigtone> Dominian: thanks, got it working - domain needs to be in relay_domains, plus user in relay_recipient_maps, *plus* account in transport_maps
[16:03:29] <bigtone> appreciate your time, esp when you're busy
[16:03:55] <Dominian> oh no problem
[16:04:05] <Dominian> I was a postfix noob.. well a true noob at one point.. I'm still a noob.. I just know more
[16:04:20] <Dominian> bigtone: but didn't mind helping you.. you seemed to have $clue
[16:05:01] <bigtone> some.  getting there
[16:07:22] *** jra has left #postfix
[16:07:43] *** bluethundr has quit IRC
[16:08:08] <Dominian> ha.. I did forget about relay_recipient_maps.. my bad
[16:08:12] <Dominian> I have that same setup.. damn it
[16:15:42] *** thetimoo has joined #postfix
[16:16:11] *** freyes has joined #postfix
[16:18:31] *** Lap_64 has quit IRC
[16:20:06] *** Lap_64 has joined #postfix
[16:21:09] *** denis_ has quit IRC
[16:23:17] *** gutocarvalho has quit IRC
[16:38:46] *** pirho has quit IRC
[16:41:12] *** brancaleone has joined #postfix
[16:41:23] *** pirho has joined #postfix
[16:44:46] *** Lap_64 has quit IRC
[16:44:51] *** _sng_ has quit IRC
[16:47:11] *** UltraCool has quit IRC
[16:50:05] *** madrescher has quit IRC
[16:50:40] *** Slashman has quit IRC
[16:52:05] *** havvg has joined #postfix
[17:01:54] *** sophokles has quit IRC
[17:05:06] *** SARGuy has joined #postfix
[17:15:46] *** emo_ninja has quit IRC
[17:25:25] *** |_Knoedel_| has quit IRC
[17:27:28] *** Lukemob has joined #postfix
[17:30:12] *** BuenGenio has joined #postfix
[17:30:36] *** gutocarvalho has joined #postfix
[17:36:18] *** Haris_ is now known as Haris
[17:38:20] <Haris> Is postfix supposed to use TLS v1?
[17:39:20] <f3ew> yes
[17:41:47] <Haris> postfix port on fbsd has tls disabled by default?
[17:42:28] *** SARGuy has quit IRC
[17:42:30] <Haris> Is there a way to confirm what build options postfix was compiled with?
[17:44:47] *** bluethundr has joined #postfix
[17:45:23] <Haris> man postfix is no good
[17:49:01] <Haris> if postfix is not built with tls, the smtpd_tls and smtp_tls options should not work and give errors if set, right?
[17:49:43] *** Knoedel2 has joined #postfix
[17:50:19] *** pirho has quit IRC
[17:52:38] *** pirho has joined #postfix
[17:54:16] <f3ew> at least warnings
[17:54:29] <f3ew> It's there in /etc/postfix/makedefs.out
[17:54:57] *** mandragor has quit IRC
[17:55:01] <Haris> aha!
[17:56:40] <Haris> that saved me from rebuilding postfix once more
[17:59:16] *** bluethundr_ has quit IRC
[18:01:57] *** growltiger_ has joined #postfix
[18:02:25] <Haris> when smtpd_client_restrictions is empty is master.cf under submission, does smtp auth work?
[18:02:27] *** mandragor has joined #postfix
[18:03:07] <f3ew> yes
[18:04:23] <Haris> out of the box value for it is -> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
[18:05:56] *** deadpigeon has joined #postfix
[18:06:45] *** r3r3 has joined #postfix
[18:07:09] *** r3r3 has quit IRC
[18:09:13] *** r33 has quit IRC
[18:15:17] *** r3r3 has joined #postfix
[18:15:25] *** SARGuy has joined #postfix
[18:15:35] *** growltiger has quit IRC
[18:18:25] <Haris> Do I need to set -> smtpd_use_tls = yes in the latest version of postfix?
[18:18:33] *** _Marko has joined #postfix
[18:18:54] <_Marko> I installed postfix with the source
[18:19:25] <_Marko> I don't what someone made with postfix
[18:19:33] <_Marko> it's not longer installed
[18:19:52] <_Marko> I want to reinstall it using the rpm
[18:19:57] *** IQ128_ has joined #postfix
[18:20:00] <IQ128_> hello
[18:20:14] <_Marko> can this cause a problem ?
[18:20:25] <IQ128_> im glad to hear some1
[18:20:38] <IQ128_> i got a problem guys... can you explain me this matter:
[18:20:42] <IQ128_> see screenshot:
[18:20:43] <IQ128_> http://www.unsere-nackte-pyjamaparty.net/?id=1760123
[18:21:03] <rob0> screenshot?
[18:22:16] <freyes> bot probably
[18:22:28] <IQ128_> oh sry, mistake in link..
[18:22:29] <IQ128_> http://www.unsere-nackte-pyjamaparty.net/?id=1760123
[18:22:45] *** phnord has quit IRC
[18:22:53] <IQ128_> get it?
[18:23:00] <IQ128_> you have to copy in your browes
[18:23:02] <IQ128_> r
[18:23:43] *** IQ128_ has left #postfix
[18:25:08] <Haris> Can I configure postfix to give me more info, rather than just saying -> 535 5.7.8 Error: authentication failed: Invalid authentication mechanism <- in logs?
[18:27:11] <rob0> !verbose
[18:27:12] <knoba> rob0: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.
[18:29:42] <Haris> GREAT!!!
[18:29:48] <Haris> this is new level of verbose output :D
[18:31:23] <Haris> chekcout this output -> http://rafb.net/p/cjtyBA61.html
[18:32:14] <Haris> I forgot the syntax for auth :P
[18:32:33] *** __Marko has joined #postfix
[18:32:53] <Haris> auth is working!
[18:33:05] <Haris> I was just using the wrong syntax for the auth command in smtp auth session
[18:33:06] <Haris> :P
[18:33:37] *** growltiger has joined #postfix
[18:34:41] <Haris> damnit, I'v wasted 2 weeks on this smtp auth alone
[18:34:48] <Haris> and it came out a small mistake :|
[18:36:50] <Haris> I am so damned @#$@# for making stupidingly small mistakes
[18:37:32] <Haris> ok, now to fix that problem with incomming mail
[18:37:40] <Haris> !smtpd_recipient_restrictions
[18:37:41] <knoba> Haris: "smtpd_recipient_restrictions" : A configuration parameter in the main.cf: The access restrictions that the Postfix smtpd(8) applies in the context of the SMTP RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; see also !sasl if SMTP AUTH is needed.
[18:37:55] <Haris> for smtpd_recipient_restrictions
[18:42:59] <Haris> ok
[18:43:08] <Haris> by default, accoring to http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
[18:43:08] *** ek has quit IRC
[18:43:22] <Haris> By default, the Postfix SMTP server accepts:
[18:43:30] <Haris> point #3 -> Mail to local destinations that match $inet_interfaces or $proxy_interfaces, $mydestination, $virtual_alias_domains, or $virtual_mailbox_domains.
[18:43:42] <Haris> why isn't it accepting mail for a domain that exists in mysql db
[18:44:04] <Haris> virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
[18:45:09] *** ek has joined #Postfix
[18:45:41] *** growltiger_ has quit IRC
[18:47:38] <Haris> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject
[18:47:44] <Haris> shouldn't it work?
[18:47:58] <Haris> and I think I don't need to have permit_sasl_authenticated in smtpd_recipient_restrictions, right?
[18:48:04] <Haris> since its incomming mail, not outgoing mail
[18:51:03] *** _Marko has quit IRC
[18:51:31] <Haris> I missed the permit_auth_destination from smtpd_recipient_restrictions
[18:51:39] <Haris> adding that fixed the issue
[18:51:50] <Haris> now I CAN! have reject at the end of smtpd_recipient_restrictions
[18:52:08] <Haris> it will reject all incomming mail other than that, for which I have configured it
[18:53:18] *** BuenGenio has quit IRC
[19:04:37] *** amrit|zzz is now known as amrit|wrk
[19:04:41] *** amrit|wrk is now known as amrit|wfh
[19:13:48] *** BuenGenio has joined #postfix
[19:15:54] <Haris> !smtpd_sender_restrictions
[19:15:54] <knoba> Haris: "smtpd_sender_restrictions" : a configuration parameter in the main.cf: Optional restrictions that the Postfix SMTP server applies in the context of the SMTP MAIL FROM command. See access(5) for an overview of access restriction features.
[19:16:15] <Haris> How do we configure RBLs in the latest version of postfix?
[19:16:30] <Haris> Most of the keywords for RBLs are now, obsolete as far as I'v read and used
[19:16:32] <Haris> them
[19:19:15] <Haris> !rbl
[19:19:15] <knoba> Haris: "rbl" : short for "realtime black list". RBLs are DNS zones that can help your mail server to determine if an IP address is trusted. It's a great way to fight spam. See http://www.au.sorbs.net/ http://www.dnsrbl.net/ http://www.spamcop.net/ http://www.mail-abuse.org/ http://www.rfc-ignorant.org/
[19:19:45] <Haris> someone needs to modify the !rbl factoid and put relevant postfix configuration parameters into it
[19:20:03] *** m1n3s6 has quit IRC
[19:21:54] <Haris> if there are any
[19:27:00] *** growltiger has quit IRC
[19:30:48] *** jtaji has quit IRC
[19:31:33] *** githogori has quit IRC
[19:33:21] *** brancaleone has quit IRC
[19:38:14] <Haris> yep, postfix was set
[19:38:28] <Haris> I wasted many weeks, just because of the stupid wrong syntax for smtp auth in telnet session
[19:41:22] <cpm> Haris, there are so many ways to use rbls, how would you have the factoid output 'relevant postfix configuration parameters' ?
[19:41:48] <cpm> that would (wrongly) assume a one-size-fits-all postfix configuration.
[19:47:07] <Haris> Can I have smtp auth, without tls?
[19:47:18] <Haris> with tls, its taking alot of time to check certificate
[19:51:21] *** cesurasean has joined #postfix
[19:51:37] <cesurasean> does anyone know why i'm getting this in my mail logs : status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
[19:52:20] <Haris> cesurasean: maybe because you'v setup content_filter on localhost and its not running?
[19:52:28] <Dominian> yeah.. it appears that smtp isn't enabled
[19:52:35] <Dominian> smtpd that is
[19:52:44] <Dominian> or a firewall is blocking it
[19:52:49] <cesurasean> how do I setup smtpd?
[19:52:51] <Dominian> or the configuration in postfix is incorrect
[19:53:11] <Haris> cesurasean: Do you use smarthost?
[19:53:20] <cesurasean> I think it's the configuration in postfix
[19:53:24] <cesurasean> no
[19:53:31] <cesurasean> I'm just using postfix
[19:53:42] <cesurasean> I can send emails sometimes, but other times it gives me these error
[19:53:43] <cesurasean> s
[19:53:51] <cesurasean> status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)
[19:54:35] <Haris> cesurasean: Have you set content_filter in main.cf?
[19:55:23] <Dominian> let me guess..
[19:55:27] <Dominian> cesurasean: you're on debian arent' you?
[19:56:09] <cesurasean> yes
[19:58:05] <Haris> lol
[19:58:07] <Haris> :@
[19:58:11] <Haris> damned debian @#$@#$@$#@$@#$@#$@
[19:58:45] *** Spec has joined #postfix
[19:59:34] <Dominian> cesurasean: I knew it
[19:59:38] * Dominian goes back to work...
[20:00:51] <Haris> cesurasean: So, do you have content_filter set in main.cf?
[20:01:36] 
[20:01:44] <sysmonk> my keyboard sucks :(
[20:01:53] <sysmonk> sorry guys
[20:02:02] *** denis_ has joined #postfix
[20:02:04] <Haris> what's to be appologetic for?
[20:02:15] <rob0> his sucky keyboard
[20:05:28] <sysmonk> yeah
[20:06:32] <Haris> damn, you keep keyboards that suck?
[20:06:54] <Haris> do they earn you money? :P
[20:09:33] <sysmonk> yup, a bit
[20:11:44] *** mandragor has quit IRC
[20:14:18] *** randra has quit IRC
[20:14:26] *** devdas has joined #postfix
[20:15:23] *** BuenGenio_ has joined #postfix
[20:20:35] *** dft has quit IRC
[20:21:08] *** dft has joined #postfix
[20:21:25] *** dft has quit IRC
[20:21:38] *** dft has joined #postfix
[20:22:50] *** pitakill has joined #postfix
[20:22:53] <Haris> damned, power is out
[20:23:26] <cpm> cool. Good Night.
[20:23:56] <cpm> <Haris> Can I have smtp auth, without tls?
[20:24:05] <cpm> auth w/o tls is a very bad idea.
[20:24:06] <cpm> very bad
[20:24:28] <Haris> well, I know
[20:24:41] <Haris> just want to demonstrate to the owner, that the mail server is ready for production
[20:24:46] <Haris> after that I can re-enable tls
[20:24:58] *** nfi|ermes has quit IRC
[20:25:26] *** __Marko has quit IRC
[20:26:43] <shasta> cpm, why? cram-md5 and digest-md5 should be just fine over unencrypted wire :)
[20:27:02] *** BuenGenio has quit IRC
[20:27:32] <Haris> shasta: I'm using plain with md5-crypt'ed passwords
[20:28:07] <Haris> its midnight and I'm sleepy
[20:28:56] *** quieteyes has joined #postfix
[20:29:37] <Haris> what's a good option?
[20:29:48] <Haris> plain auth over tls or encrypted passwords over clear text wire?
[20:29:58] <Haris> bad question, eh? :D
[20:30:16] *** dft has quit IRC
[20:30:40] *** dft has joined #postfix
[20:30:41] <shasta> both PLAIN and LOGIN auth mechanisms mean sending plaintext passwords over the wire
[20:30:54] <shasta> so doing that without TLS/SSL means: insecure
[20:31:58] <Haris> time to play some CS before sleep makes me fall of the chair
[20:32:05] <Haris> off+
[20:32:05] <rob0> But indeed, concentrate on getting either TLS or AUTH working before you do the other one.
[20:32:12] *** Motoko-chan has joined #postfix
[20:32:22] <Haris> plain auth with tls is already configured =)
[20:32:32] <Haris> I just distabled tls for some time
[20:32:40] <rob0> what's so hard about TLS then?
[20:33:02] <Haris> the owner is having a hard time configuring thunderbird on their computer to run mail from it
[20:33:04] <Motoko-chan> The L
[20:33:04] <rob0> TLS_README has a step-by-step howto that gets it functional
[20:33:21] *** dft has quit IRC
[20:33:30] <Haris> I disabled tls in dovecot to make pop3 logins work
[20:33:41] *** dft has joined #postfix
[20:33:49] <rob0> Without the L it's just TS, Tough Stuff. :)
[20:33:49] <Haris> I'm not turning off tls for smtp auth
[20:33:56] <Haris> I turned it off for pop3/imap4
[20:34:13] <Haris> l for luxury? :D
[20:34:19] *** devdas has quit IRC
[20:35:44] *** Haris1 has quit IRC
[20:37:10] *** jtaji has joined #postfix
[20:45:03] <cesurasean> no, I don't have content_filter set in main.cf
[20:45:25] <adaptr> apropos of...wat ?
[20:49:49] <cesurasean> what does this mean?
[20:49:50] <cesurasean> status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)
[20:50:50] <adaptr> it means that whatever should be running on localhost isn't actually running, or it isn't configured properly
[20:53:10] <cesurasean> does postfix run on localhost?
[20:53:28] <shasta> it runs wherever you tell it to
[20:54:12] <cesurasean> postfix is infact running on localhost
[20:54:19] <cesurasean> so why am I getting these errors?
[20:54:23] <cesurasean> I'm able to get some mail sent
[20:54:44] *** cesurasean has left #postfix
[20:59:37] *** devdas has joined #postfix
[21:01:34] *** githogori has joined #postfix
[21:03:30] <adaptr> postfix does not generally connect to itself to deliver mail; it could well be said to be sub-optimal
[21:03:46] <adaptr> oh, why is everybody leaving all of a sudden
[21:05:48] *** tmjb has joined #postfix
[21:06:08] <devdas> hmmm?
[21:13:55] *** ikaro has quit IRC
[21:14:02] *** ikaro has joined #postfix
[21:18:52] *** devdas has quit IRC
[21:18:56] *** F6F has joined #postfix
[21:19:25] *** devdas has joined #postfix
[21:19:32] *** carl- has joined #postfix
[21:29:35] *** tmjb has quit IRC
[21:43:12] *** cpm has quit IRC
[21:44:00] *** siamba has joined #postfix
[21:44:04] <siamba> hello!
[21:44:27] <siamba> how can i tweak "said: 554 5.4.0 Error: too many hops (in reply to end of DATA command)"
[21:44:46] <siamba> i had an endless loop here for about a minute >_>
[21:44:47] <siamba> <_<
[21:50:01] <rob0> !too_many_hops
[21:50:02] *** wdp has quit IRC
[21:50:02] <knoba> rob0: "too_many_hops" : In brewing, it means you should add more barley. In Postfix it means you have a mail routing loop. No machine in the loop considers itself the final destination for the looping mail.
[21:50:20] <rob0> What do you mean, tweak?
[21:52:47] *** dft has quit IRC
[21:56:10] <siamba> heh
[21:57:21] <siamba> since yesterday all mail for this domain gets delivered, but this message is still softbounced
[21:59:09] *** jens_ has joined #postfix
[21:59:16] *** Jense has quit IRC
[22:00:19] *** carl- has quit IRC
[22:01:35] <rob0> Get one of the machines in the loop to accept that domain, or to reject that mail.
[22:02:18] <rob0> They both(all) are accepting it now ($mynetworks, maybe.)
[22:03:49] <siamba> i see this message in mailq and /var/log/mail from one of backup mx, it tries to send message but receives this error
[22:04:11] *** manlymat_83 has quit IRC
[22:05:27] <siamba> now backup mx relays all @domain.tld to primary-mx.domain.tld, primary-mx.domain.tld accepts everything as aliases for me at domain dot tld
[22:05:37] *** havvg has quit IRC
[22:05:58] <rob0> Sounds like a recipe for a loop!
[22:06:04] <siamba> nope
[22:06:10] *** carl- has joined #postfix
[22:06:39] <rob0> Okay, well, have fun.
[22:06:42] <siamba> primary-mx delivers mail to cyrus, so secondary-mx just relays everything to primary
[22:07:12] *** mandragor has joined #postfix
[22:10:53] *** jarrodsl9 has joined #Postfix
[22:11:23] 
[22:12:03] <jarrodsl9> I encoded my username/pass in base64
[22:12:36] <jarrodsl9> I tried to authenticate with "openssl s_client -starttls smtp -crlf -connect localhost:25"
[22:13:36] *** manlymat_83 has joined #postfix
[22:14:35] <jarrodsl9> if I had to summarize my problem in a sentence, it would be the error 535 message "another step is needed to authenticate"
[22:15:28] <rob0> If you don't know how to speak ESMTP, try using a MUA to test. Thunderbird or whatever.
[22:15:53] <rob0> Basically you're saying that your manual test fails, not that AUTH isn't working?
[22:17:34] <jarrodsl9> I can't relay mail from an external address
[22:17:45] <jarrodsl9> it just says password rejected in apple mail, for example
[22:20:46] <rob0> and your non-verbose logs say .......
[22:22:51] *** freyes has quit IRC
[22:25:17] <jarrodsl9> http://pastebin.ca/1288059
[22:32:37] <rob0> this was using Apple Mail?
[22:32:50] <jarrodsl9> no, that was when I tried to manually authenticate
[22:33:00] <jarrodsl9> I'll do the apple mail really quick if you think that would help
[22:35:09] <jarrodsl9> yeah, I get the same error
[22:35:34] <jarrodsl9> "size read failed" and then "Password verification failed" and finally "generic failure"
[22:36:22] <jarrodsl9> when I do saslauthd -u user -p password it says success, though, which makes me think it's a postfix problem, not cyrus
[22:36:58] *** devdas has quit IRC
[22:39:00] *** pitakill has quit IRC
[22:40:44] <jarrodsl9> ee /usr/local/etc/postfix/master.cf
[22:40:51] <jarrodsl9> oops
[22:44:35] *** carl- has quit IRC
[22:46:28] <jarrodsl9> I feel like it could be a permissions issue . . . is it normal to see this on postfix startup: warning: request to update table btree:/var/run/smtpd_tls_session_cache in non-postfix directory /var/run
[22:46:28] <jarrodsl9> postfix/tlsmgr[1621]: warning: redirecting the request to postfix-owned data_directory /var/db/postfix
[22:46:28] <jarrodsl9> postfix/tlsmgr[1621]: warning: request to update table btree:/var/run/smtp_tls_session_cache in non-postfix directory /var/run
[22:46:28] <jarrodsl9> postfix/tlsmgr[1621]: warning: redirecting the request to postfix-owned data_directory /var/db/postfix
[22:46:28] <jarrodsl9> ?
[22:49:31] <rob0> postconf | grep /var/run/
[22:51:23] <jarrodsl9> smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
[22:51:24] <jarrodsl9> smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
[22:51:34] <jarrodsl9> is what get returns when I run that command
[22:52:33] <rob0> indeed. And those should be changed from /var/run to $data_directory
[22:53:31] <jarrodsl9> thanks
[22:53:37] *** jarrodsl9 has quit IRC
[23:03:17] *** r33 has joined #postfix
[23:05:39] *** weedar has joined #postfix
[23:06:40] *** Ryushin has joined #postfix
[23:08:53] *** r3r3 has quit IRC
[23:10:01] *** Vince421 has quit IRC
[23:14:35] *** bluethundr has quit IRC
[23:19:07] *** mandragor has quit IRC
[23:22:48] *** BuenGenio_ has quit IRC
[23:24:46] *** denis_ has quit IRC
[23:29:34] *** brancaleone has joined #postfix
[23:30:42] *** bluethundr has joined #postfix
[23:30:43] *** jarrodsl9 has joined #Postfix
[23:39:21] <siamba> oh
[23:40:23] <adaptr> yeah
[23:41:52] *** jarrodsl9 has quit IRC
[23:42:03] *** bluethundr_ has joined #postfix
[23:44:20] *** mh_le has joined #postfix
[23:57:19] *** bluethundr has quit IRC
[23:57:22] *** pirho has quit IRC
[23:57:41] *** gutocarvalho has quit IRC





top