August 9, 2009 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 9, 2009 [00:01:35] *** Skaag has quit IRC[00:02:31] *** s0ber has quit IRC[00:09:27] *** AndrewKT has joined #postfix[00:18:22] *** war9407 has quit IRC[00:19:03] *** beawesomeinstead has quit IRC[00:28:02] *** troy- has joined #postfix[00:37:37] *** _wms has joined #postfix[00:38:03] *** denis has quit IRC[00:38:26] *** justeco has joined #Postfix[00:39:02] *** _wms has left #postfix[00:42:41] *** Zerberus has joined #postfix[00:44:53] *** Ugly_Duck has quit IRC[00:55:51] *** Gavin has joined #postfix[01:24:52] *** Vince42 has quit IRC[01:29:29] *** madrescher has quit IRC[01:48:49] *** GoGi has quit IRC[01:57:09] *** stephan481 has quit IRC[02:02:22] <justeco> OK, so if I write a little filter that is only for spam trap addresses, and all it does is add the client to a blacklist and then stores the email in a quarantine dir, is it considered bad form to not pass the email back to postfix for some type of "delivery"? Should I write a script to act as an LDA instead of a filter if I don't want to pass the message back to Postfix?[02:02:43] *** Southron has left #Postfix[02:14:24] <lunaphyte> not at all. postfix couldn't care less.[02:15:02] <lunaphyte> although for that sort of thing, you're probably better off using a policy daemon and then just rejecting the message.[02:16:23] <rob0> 'cept some folks do want to "preserve the evidence" against spammers ... pointless IMO, but common.[02:16:38] <rob0> (Many major RBLs do it.)[02:21:20] <justeco> I am using it to build a blacklist, so I can shunt more stuff to my tarpit instead of postfix.[02:22:17] <justeco> The small possibility exists that I could block something legit, so I will save the emails. I don't even want the accounts to actually exist, isn't their a map file for excepting emails that aren't actually on the system?[02:22:49] <justeco> There could be backscatter or some crap for those spamtrap boxes from a legit host...[02:23:06] <justeco> I need more beer.[02:42:36] *** makerc has quit IRC[02:54:51] *** muh2000 has joined #postfix[02:55:29] *** Zblakany has quit IRC[03:10:38] *** pingouin has quit IRC[03:31:52] *** Gavin has quit IRC[03:41:30] *** pingouin has joined #postfix[03:51:19] *** jluedke_ has joined #postfix[04:04:27] *** master_of_master has quit IRC[04:08:49] *** master_of_master has joined #postfix[04:20:53] *** AndrewKT_ has joined #postfix[04:36:04] *** AndrewKT has quit IRC[04:38:29] *** digitalmortician has quit IRC[04:39:09] *** digitalmortician has joined #postfix[04:44:40] *** TomHome has joined #postfix[04:49:24] *** beawesomeinstead has joined #postfix[05:00:14] *** brancaleone has joined #postfix[05:29:31] *** ramoni has quit IRC[05:52:37] *** jens_ has joined #postfix[06:09:19] *** jense has quit IRC[06:31:13] *** _bugz_ has quit IRC[06:53:48] *** _bugz_ has joined #postfix[07:11:27] *** Verilium has quit IRC[07:13:57] <KB1JWQ> O HAI[07:27:21] <seekwill> OHBAI[07:36:12] *** uqlev has joined #postfix[07:39:45] <KB1JWQ> seekwill: Meh.[07:50:16] *** beawesomeinstead is now known as GitHub122[07:51:35] *** GitHub122 is now known as beawesomeinstead[08:08:39] *** gerhard7 has joined #postfix[08:13:31] *** wdp has joined #postfix[08:15:14] *** justeco has quit IRC[08:39:01] *** zz_nb has joined #postfix[08:58:04] *** vys has joined #postfix[09:00:10] *** Motoko-chan has quit IRC[09:02:37] *** madrescher has joined #postfix[09:31:55] *** burnersk_ has joined #postfix[09:33:05] *** burnersk_ is now known as burnersk[09:33:18] *** burnersk is now known as burnersk_[09:33:38] *** burnersk_ is now known as burnersk__[09:33:51] *** burnersk__ is now known as burnersk[09:37:30] *** LinuxCode has joined #postfix[09:39:22] *** Zblakany has joined #postfix[09:39:54] *** madrescher has quit IRC[09:43:56] *** pater1965 has joined #postfix[09:45:02] *** Verilium has joined #postfix[09:54:15] *** war9407 has joined #postfix[09:56:23] *** wdp_ has joined #postfix[09:56:52] *** pater1965 has left #postfix[09:57:00] *** wdp has quit IRC[10:34:39] *** sophokles has joined #postfix[10:35:03] *** Rado has quit IRC[10:48:44] *** Extend has left #postfix[11:01:45] *** wild_oscar has joined #postfix[11:06:18] <wild_oscar> hi! I am hoping someone can help me with a bug in procmail[11:06:54] <wild_oscar> I have two postfix installations where mail gets delivered with the command (delivered to command: procmail -a "$EXTENSION"). Sometimes I get a blank message in my MUA. Upon investigating it I discovered that the procmail.log file has: http://pastebin.com/m668bfc33[11:07:33] <wild_oscar> "Couldn't create or rename temp file" - and the mail goes to the queue dir /var/mail/user and just stays there...[11:09:36] *** uqlev has quit IRC[11:10:00] <wild_oscar> does anyone know how to fix this problem?[11:10:55] *** Gavin has joined #postfix[11:26:28] *** Takayama- has quit IRC[11:28:52] *** brancal has joined #postfix[11:29:03] *** brancaleone has quit IRC[12:00:07] *** Gerdesas has quit IRC[12:00:41] *** Gerdesas has joined #postfix[12:08:51] *** clockspider has joined #postfix[12:14:43] *** stephan48 has joined #postfix[12:15:41] *** clockspider_ has quit IRC[12:17:28] *** sophokles has quit IRC[12:20:44] *** tjado has joined #postfix[12:21:12] <tjado> hi[12:21:27] *** wdp_ has quit IRC[12:26:17] <war9407> hmm[12:26:38] *** vys has quit IRC[12:27:10] <tjado> can someone tell me who the certificates will be analysed by the client? what happens when a client connects to a postfix smtp server and the tls cert isnt the correct one for the domain?[12:43:35] <tjado> :/[13:09:22] *** githogori has quit IRC[13:58:04] *** Gavin__ has joined #postfix[14:16:05] *** Gavin has quit IRC[14:21:14] *** Skaag has joined #postfix[14:37:24] *** bluethundr_ has joined #postfix[14:44:59] *** F6F has joined #postfix[15:01:38] *** hever has joined #postfix[15:07:43] *** TomHome has quit IRC[15:11:56] *** burnersk has quit IRC[15:17:12] *** wdp has joined #postfix[15:21:37] <Zordrak> does anyone use queuegraph?[15:21:44] <Zordrak> having some trouble[15:29:13] *** francisr has joined #postfix[15:31:19] <francisr> Hello gents, I have a problem getting postfix to deliver all my mail. I want to receive all mails, and have them delivered to a php script (main.cf: mailbox_command = php /full/path/to/my.php). I get this working for actual users, but nonexistant accounts bounce.[15:31:37] <francisr> Have tried to add "local_recipient_maps = " to main.cf to no avail..[15:44:30] *** uqlev has joined #postfix[15:51:17] *** s0ber_ has quit IRC[15:52:22] *** muh2000 has quit IRC[15:56:47] *** wdp has quit IRC[16:00:11] *** Skaag has quit IRC[16:02:31] *** vys has joined #postfix[16:04:01] *** hever has quit IRC[16:41:17] *** wdp has joined #postfix[16:54:43] *** uqlev has quit IRC[17:07:13] *** Muhis has quit IRC[17:19:32] <tjado> is there a need to run postfix/master as root?[17:19:41] *** hever has joined #postfix[17:22:36] <Zerberus> tjado: who can bind on low ports?[17:26:38] <tjado> Zerberus: lighttpd runs as www too ;)[17:26:50] <tjado> or some other user than root[17:27:04] <tjado> etc...[17:27:09] <Zerberus> tjado: it forks threads, doesn't it?[17:28:09] <tjado> Zerberus: www lighttpd 89695 4 tcp4 10.200.200.102:80 *:*[17:28:18] <tjado> Zerberus: www 89695 0.0 0.5 31916 5452 ?? S 2Aug09 0:17.07 /usr/local/sbin/lighttpd[17:28:42] <tjado> so as www user[17:29:50] *** s0ber has joined #postfix[17:34:00] <tjado> kk :P[17:34:16] <tjado> runs postfix on freeBSD with secure level 3 without any problems?[17:35:46] *** t0mas has joined #postfix[17:35:47] <t0mas> hi[17:37:08] <t0mas> My postfix smtpd process is "killed by signal 6" when trying to lookup aliases from LDAP, I have tried from a host in debug_peer_list, but it does not seem to list a specific reason for aborting, what should I do to get some specific debug output?[17:39:00] <t0mas> this is the log output: http://pastebin.com/d2634e577[17:46:17] *** hwdyki has joined #postfix[17:46:36] <lunaphyte> t0mas: does postmap work with that lookup map?[17:46:39] <hwdyki> how can i enable tls for server side smtp auth?[17:46:49] <lunaphyte> !tell hwdyki tls[17:47:27] *** mcarter has quit IRC[17:47:43] <t0mas> lunaphyte: it does not output any errors[17:48:05] <lunaphyte> and it returns expected lookup results?[17:48:47] <t0mas> I think I'm not using the options you expect :)[17:49:26] <lunaphyte> !tell t0mas postmapq[17:49:52] <t0mas> when I run "postmap ldap-alias" it runs without outputting anything and creates ldap-alias.db, when I run "postmap ldap:/etc/postfix/ldap-alias" it reports this: unsupported dictionary type: ldap does not allow map creation.[17:49:56] *** Gavin__ has quit IRC[17:50:36] <t0mas> lunaphyte: postmap -q works[17:50:47] <lunaphyte> pastebin output[17:51:03] <t0mas> it outputs nothing when I search for a non-existant alias, and it outputs the correct maildrop when I search for an existing alias[17:51:10] <lunaphyte> ok[17:51:27] <t0mas> doesn't output more than a single line containing the correct destination address[17:51:48] <lunaphyte> if you replace that lookup map with a hash format file, does postfix still encounter the error?[17:51:57] <t0mas> I was just trying that :)[17:56:52] <t0mas> lunaphyte: it works when reading aliases from hash:/etc/aliases[17:57:22] <lunaphyte> do you have other ldap lookup maps that are working without this issue?[17:57:26] <t0mas> so it has something to do with the LDAP lookup that does work in postmap but doesn't work in postfix[17:57:39] <t0mas> no, I have not setup other ldap maps yet[17:57:51] <lunaphyte> what does postconf -m say?[17:58:21] *** hwdyki has quit IRC[18:00:36] <t0mas> lunaphyte: a long list, you wonder if it includes ldap? then yes it does[18:00:42] <t0mas> or should I upload it to pastebin?[18:00:50] <lunaphyte> no, that's fine.[18:01:06] <lunaphyte> so, my guess for the moment is[18:01:08] <lunaphyte> !chroot[18:01:08] <knoba> lunaphyte: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[18:01:09] <t0mas> I have just disabled the chroot option for smtpd and it does not crash now[18:01:13] <t0mas> but it also doesn't seem to work[18:01:16] <lunaphyte> hah[18:01:20] <t0mas> great timing ;)[18:01:46] <lunaphyte> are you using ldaps ?[18:01:49] <t0mas> yes[18:02:15] <t0mas> ooooh wait.. it probably tries to access /etc/ssl/certs/Company-Root-CA.crt? which is not in the chroot?[18:02:24] <lunaphyte> try without, yeah.[18:02:46] <t0mas> I can't access ldap without SSL from here, the machine is in a testing VLAN without direct access to the main ldap[18:03:11] <lunaphyte> not even for the purposes of testing?[18:03:24] <t0mas> I can setup a testing tree somewhere[18:04:45] <lunaphyte> well, you might just debug form the perspective of ssl then, if that limitation exists.[18:05:18] <t0mas> yeah, the testing setup is almost identical to production and thus includes ldap-ssl instead of normal ldap[18:16:27] <t0mas> lunaphyte: I have non-ssl ldap access, without chroot it still works and I can verify that it connects to port 389 (normal ldap)[18:17:19] <t0mas> and with chroot it also seems to work[18:17:56] <lunaphyte> sounds like you've found the culprit then, i'd say.[18:18:19] <lunaphyte> i had issues for a while with ldaps too. it was challenging to troubleshoot.[18:18:56] <t0mas> yes, because it just gets killed with the abort-signal without reporting any errors[18:18:59] <lunaphyte> iirc, tls_ca_cert_file is what i ended up using to fix it.[18:19:11] <t0mas> you moved that into the chroot jail?[18:19:31] <lunaphyte> yeah, most of the operational aspects are abstracted within the openldap libraries.[18:19:34] <lunaphyte> yes[18:20:24] <lunaphyte> it needed to be maintained, which it wasn't initially (i was also using a private ca), and needed to be available in the chroot[18:20:56] <t0mas> any hints on how to make it available in the chroot? :)[18:22:32] <lunaphyte> what os?[18:23:01] <t0mas> debian[18:23:09] <t0mas> it seems to try to update the chroot from the init-script[18:23:37] <t0mas> there are some lines trying to copy CA-certs when TLS is enabled (which it is not in my setup)[18:23:37] <lunaphyte> first, you'll need to make sure your ca cert is in /usr/share/ca-certificates/, in an appropriate subdirectory.[18:24:42] <lunaphyte> then you'll need to add it to /etc/ca-certificates.conf[18:25:24] <t0mas> ah, I've got it[18:25:47] <lunaphyte> then run update-ca-certificates --verbose --fresh, which will build the /etc/ssl/certs/ca-certificates file[18:26:38] <t0mas> yes and then enable tls to get the debian script to copy the file[18:26:51] <lunaphyte> i'm using tls already, so i didn't need to adjust the init script, but if you're not, just adjust it so it doesn't do the check, and instead always copies the file into the chroot.[18:26:53] <t0mas> or modify the script to copy the files independently from the TLS setting[18:27:05] <t0mas> yes[18:27:08] <lunaphyte> yeah, that's what i would do.[18:27:24] <t0mas> do we happen to have the debian maintainer of postfix in this channel? :)[18:27:27] <lunaphyte> it's just an error by the script maintainer that they're only doing it if tls is on.[18:27:34] <lunaphyte> not as far as i know.[18:27:37] <t0mas> maybe nice to propose a change to their script[18:27:52] <lunaphyte> but it would be nice if you submitted a bug against that behavior.[18:27:55] <lunaphyte> yes, indeed.[18:28:05] <t0mas> I'll try to find the maintainer[18:28:29] <lunaphyte> lamont jones, iirc.[18:29:00] <t0mas> yes[18:43:21] *** hever has quit IRC[18:56:02] *** hever has joined #postfix[18:59:49] *** madrescher has joined #postfix[19:03:18] *** hparker has joined #postfix[19:06:19] <t0mas> lunaphyte: you're not going to like this ;)[19:06:28] <t0mas> with the certificate in place it still crashes[19:15:42] *** troy- has quit IRC[19:26:35] *** mtosatti has joined #postfix[19:26:53] *** MrGrieves has quit IRC[19:33:08] *** LinuxCode has quit IRC[19:34:17] <lunaphyte> you've added the directive you your lookup map pointing to the cert?[19:34:41] *** mtosatti has quit IRC[19:35:27] *** teddy has quit IRC[19:35:31] <t0mas> yes, and I've found another problem with Debian[19:35:44] *** teddy has joined #postfix[19:35:44] <thumbs> t0mas: why am I not surprised?[19:35:59] <t0mas> it does not provide /dev/random and /dev/urandom in the chroot, which causes GnuTLS (used in the ldap lib used by postfix-ldap) to fail[19:36:08] <t0mas> which is actually documented by Postfix[19:36:23] * thumbs blames the debian maintainers[19:36:50] <t0mas> in TLS_README it is listed as: NOTE: Do not use Gnu TLS. It will spontaneously terminate a Postfix daemon process with exit status code 2[19:38:37] <t0mas> but Debian linked it with Gnu TLS anyway (probably one of their infamous license problems?)[19:39:17] <lunaphyte> t0mas: oh, right, i forgot about that - yeah, i had to create those.[19:41:38] *** teddy has quit IRC[19:41:51] *** teddymills has joined #postfix[19:43:03] * t0mas is documenting the "Debian Postfix-ldap" procedure.. quite a complicated setup because of some poor choices in Debian..[19:44:09] <lunaphyte> http://postfix.wiki.xs4all.nl might be a good place to collect that info.[19:45:14] <t0mas> does not seem to load from here?[19:46:34] <lunaphyte> hmm, not sure.[19:50:56] *** bluethundr_ has quit IRC[19:52:53] *** nb has quit IRC[19:54:10] *** zz_nb is now known as nb[19:57:42] *** bluethundr has joined #postfix[20:18:02] *** nb has quit IRC[20:19:37] *** zz_nb has joined #postfix[20:20:27] *** zz_nb has quit IRC[20:21:27] *** zz_nb has joined #postfix[20:23:41] *** zz_nb is now known as nb[20:38:52] *** wild_oscar has left #postfix[20:39:57] *** githogori has joined #postfix[20:42:16] *** vys has quit IRC[21:06:03] *** brancal has quit IRC[21:06:48] *** brancal has joined #postfix[21:17:26] *** thirsteh has quit IRC[21:18:09] *** thirsteh has joined #postfix[21:20:36] *** Gavin_ has joined #postfix[21:22:25] *** xpeed has joined #postfix[21:24:11] *** Gavin_ has quit IRC[21:24:26] *** brancal is now known as brancaleone[21:33:53] *** war9407 has quit IRC[21:51:54] *** nb is now known as zz_nb[21:54:42] *** mac_ has joined #postfix[21:54:44] *** zz_nb is now known as nb[21:54:46] <mac_> hello[21:55:59] <mac_> I found such section on my master.cf file[21:56:02] <mac_> http://debian.pastebin.com/d5ff11c87[21:56:37] <mac_> how it is related to my TLS/SSL configuration of Postfix which is done by Cyrus[21:56:38] <mac_> ?[21:57:16] <rob0> those appear to be comments![21:57:21] <rob0> !submission[21:57:21] <knoba> rob0: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409.[21:57:35] <rob0> !smtps[21:57:35] <knoba> rob0: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[21:58:32] *** arnee has joined #postfix[22:02:37] <mac_> but TLS is handle by Cyrus now ?[22:05:06] <rob0> um ... I don't know?[22:05:11] <rob0> !tls[22:05:12] <knoba> rob0: "tls" : Short for Transport Layer Security (RFC2246). It adds an additional layer of encryption to protocols such as SMTP, POP3 or IMAP to improve security during transmission over the Internet. TLS features in Postfix are documented here: http://www.postfix.org/TLS_README.html[22:05:15] <seekwill> Cryus handles TLS?[22:05:35] <seekwill> Cryus handles Postfix's TLS?[22:05:40] <mac_> Cyrus provide authentication for SMTP cleints[22:05:45] <mac_> as SASL[22:05:52] <seekwill> ok[22:06:26] <rob0> !sasl[22:06:26] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[22:06:40] <rob0> Different things. Don't confuse them.[22:07:59] <mac_> then, TLS is encryption protocol which transport encry[pted data to server, and there it will provide or not suthorization as SASL ?[22:10:23] <rob0> TLS is not typically used for authentication, but usually you would want your SASL AUTH credentials to be passed over an encrypted connection.[22:11:27] <seekwill> It's possible to use TLS for authentication?[22:13:26] <mac_> rob0: yesh that waht I have on mind :>[22:16:11] <rob0> seekwill: postconf.5.html#permit_tls_clientcerts and postconf.5.html#relay_clientcerts[22:17:02] <rob0> I don't know if any MUA implements this, but it could CERTainly be done for MTA-to-MTA relaying.[22:17:43] <seekwill> rob0: ah[22:39:43] *** stephan48 has quit IRC[22:43:02] *** markl_ has quit IRC[23:01:52] *** gerhard7 has quit IRC[23:05:27] *** Skaag has joined #postfix[23:19:36] *** t0mas has quit IRC[23:37:55] *** F6F has quit IRC[23:45:22] *** MatBoy has quit IRC[23:46:28] *** MatBoy has joined #postfix[23:48:27] *** GoGi has joined #postfix[23:54:03] *** ALVAN has joined #postfix[23:54:41] <ALVAN> hi, there is an option in postfix so it wont log non-utf8 chars in maillog ?[23:57:08] *** Muhis has joined #Postfix