August 13, 2009 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 13, 2009 [00:02:31] *** cilly has quit IRC[00:03:42] *** kfo has quit IRC[00:03:43] *** kfo_ is now known as kfo[00:16:08] *** paulez has quit IRC[00:18:20] *** eye69 has quit IRC[00:20:14] *** jelly has quit IRC[00:21:00] *** eye69 has joined #postfix[00:21:03] *** jelly has joined #postfix[00:25:07] *** ek has joined #Postfix[00:26:39] <cite> seekwill: So, are you homeboy or homegirl, then?[00:27:03] <seekwill> homegirl![00:27:14] * seekwill bros KB1JWQ[00:28:15] <cite> seekwill: Ok. That means im homeboy then. Do I get a cape or sth.?[00:28:37] <seekwill> cape and speedos[00:33:08] *** madrescher has quit IRC[00:36:09] *** eye69 has quit IRC[00:36:13] *** madrescher has joined #postfix[00:36:17] *** Zordrak has quit IRC[00:36:30] *** Zordrak has joined #postfix[00:38:18] *** kfo_ has joined #postfix[00:41:39] *** UdontKnow is now known as KnightWhoSaysNI[00:42:07] *** Zordrak has quit IRC[00:42:10] *** eye69 has joined #postfix[00:42:19] *** Zordrak has joined #postfix[00:42:50] *** shasta has quit IRC[00:42:52] *** ikaro has quit IRC[00:43:26] *** ikaro has joined #postfix[00:43:36] *** shasta has joined #postfix[00:45:06] *** KnightWhoSaysNI is now known as UdontKnow[00:50:29] <cite> seekwill: Erm. That Barracuda quote of yours...[00:50:58] <cite> seekwill: We had several questions about this come up on two German postfix mailing lists. Is that a misconfiguration of some kind?[00:51:44] <cite> seekwill: Was that a recent policy change by Barracuda(central)?[00:52:34] <seekwill> I don't know[00:53:10] <seekwill> But receiving MTAs should not be checking for reverse DNS's on received headers in a message.[00:53:17] <seekwill> It's fundamentally wrong.[00:53:28] <seekwill> Even Gmail includes Received headers with internal IP addresses.[00:53:38] <seekwill> It's like greylisting. It doesn't work![00:54:12] *** guy has quit IRC[00:55:23] *** kfo has quit IRC[00:55:23] *** kfo_ is now known as kfo[00:55:39] <cite> Ah, damn. I thought you had more information on that issue. I mean, this issue came up recently, and it affected a lot of people.[00:57:14] <seekwill> cite: Have to complain to Barracuda[00:58:17] <cite> seekwill: I just copy/wasted them a header_checks pcre file to replace the offending headers with X-Submission: ... :-P[00:59:02] <seekwill> cite: Hacks like that won't get them to change[00:59:16] <cite> True.[01:00:51] <seekwill> cite: Senders need to push to have their receivers "whitelist" them[01:01:02] <seekwill> Just like Yahoo and Gmail does it. THere's a "not spam" button.[01:01:13] <seekwill> Or "add to address book"[01:01:14] <seekwill> etc[01:04:00] <cite> That's just stupid. Adding a personal whielist for every receiver because your spam detection algorithms suck galaxies through nanotubes.[01:04:11] <cite> Hm.[01:04:20] <cite> Actually, that sounds like a pretty solid business idea.[01:05:42] <seekwill> How is that different than adding a filter file messages into folders?[01:06:33] <cite> That's probably my bad English again, but what does that sentence mean?[01:13:34] <seekwill> It means I have to go![01:13:36] <seekwill> Ask KB1JWQ[01:13:38] <seekwill> And Dominian[01:13:40] <seekwill> !fooP[01:13:40] <knoba> seekwill: Error: "fooP" is not a valid command.[01:13:42] *** seekwill has left #postfix[01:14:37] *** hever has quit IRC[01:14:56] <cite> wtf...[01:15:33] *** pingouin has quit IRC[01:19:18] *** bluethundr has joined #postfix[01:23:58] *** psteyn has quit IRC[01:24:16] *** psteyn has joined #postfix[01:25:23] *** xpeed has quit IRC[01:25:53] *** kfo_ has joined #postfix[01:30:33] *** madrescher has quit IRC[01:35:20] *** madduck has quit IRC[01:36:56] *** madduck has joined #postfix[01:37:29] *** war9407 has quit IRC[01:42:37] *** kfo has quit IRC[01:42:38] *** kfo_ is now known as kfo[02:03:11] *** pingouin has joined #postfix[02:16:47] *** jmedina has quit IRC[02:32:05] *** bluethundr has quit IRC[02:41:21] *** F6F has joined #postfix[02:46:57] *** bluethundr has joined #postfix[02:49:41] *** bluethundr has quit IRC[02:58:13] *** Zblakany has quit IRC[03:00:12] *** ming_zym has joined #postfix[03:04:51] *** GoGi has quit IRC[03:10:09] *** Fallenou has quit IRC[03:14:30] *** jtaji has joined #postfix[03:26:05] *** githogori_ has quit IRC[03:28:36] *** shinao1 has joined #postfix[03:40:40] *** clockspider has joined #postfix[03:55:46] *** F6F has quit IRC[04:00:09] *** Motoko-chan has joined #postfix[04:02:42] *** pickcoder has joined #postfix[04:04:43] *** master_of_master has quit IRC[04:07:21] *** tjz has joined #postfix[04:09:11] *** master_of_master has joined #postfix[04:20:03] *** nb_ has joined #postfix[04:25:35] <pickcoder> 6:15pm... I finally got to power everything back up afeter 6pm[04:25:42] <pickcoder> almost 5 hours of power problems[04:25:46] * pickcoder grumbles[04:35:10] <Dominian> that is exactly why sometime in the future I'm going to invest in a decent generator[04:35:27] <pickcoder> that's a naughty word here...[04:35:42] <Dominian> nah[04:35:46] <pickcoder> The only way I'll get one is if I buy one and plug the machines up with a drop cord[04:35:48] <pickcoder> :P[04:35:51] <Dominian> This is a quiet, good sized one that runs on natural gas :)[04:36:02] <Dominian> and runs the whole house hehe[04:36:05] <pickcoder> I priced a variety of auto and manual setups[04:37:32] <pickcoder> actually.. if I can find a decent priced 240V model I may beg for a way to hook it up during emergencies[04:43:34] *** bluethundr_ has joined #postfix[04:44:10] *** bluethundr_ has quit IRC[04:51:03] <pickcoder> anyone on the west coast US?[04:51:42] <rob0> KB1JWQ, seekwill are out thattaway[04:52:30] <pickcoder> wanna check dkim propegation[04:52:49] <lunaphyte> what's dkim propagation?[04:52:55] <pickcoder> pubkey propegation[04:53:14] <lunaphyte> oh, dns?[04:53:19] <pickcoder> yeah[04:53:24] <pickcoder> dig -t TXT primary._domainkey.all-spec.com[04:54:23] <lunaphyte> "v=DKIM1\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh7qga6LXlcBkJnFQBCQr0dN3F" "4GDDRtVgcmFJWnGsme3cq+m76+TtMCaDtQDlGlLs/1ljFZ3Zg+XiThA4cyuD1BT2" "ZeRSeST6yMqZybehXz+PqECT1IXCXRqo776gQeDLllyiNFH2Etc3UznTPR6vHvyt" "+ZtjWSeQQXl3yqw4gQIDAQAB"[04:54:38] <pickcoder> that'd be it[04:54:38] <rob0> yeah that[04:54:40] <lunaphyte> i didn't think you could split up the key like that.[04:55:00] *** tjz2 has joined #postfix[04:55:02] <lunaphyte> yours is short enough anyway, you really shouldn't have to, i would think.[04:55:59] <pickcoder> lemme look at the local DNS copy[04:56:14] <lunaphyte> i thought i read somewhere it was a good idea to explicitly specify the granularity and key type.[04:56:43] <lunaphyte> the caveat here being the this is all coming from someone who really knows very little about dkim.[04:56:48] <lunaphyte> *that[04:57:05] <pickcoder> it should be fine as-is[04:57:09] <pickcoder> it validates locally[04:57:12] <pickcoder> same conetnt[04:57:23] <pickcoder> content too[04:57:36] <lunaphyte> hmm, cool. i wonder if i could get away with a 2048 bit key then after all.[04:57:54] <pickcoder> depends on the verifier[04:58:32] <lunaphyte> i guess i'd still be nervous that some dns parser that some less than stellar dkim implementation used wouldn't handle multi word txt records though.[05:02:17] <pickcoder> if I run into issues I'll definately say so here[05:02:45] * lunaphyte feeds the guinea pig a carrot[05:02:49] *** pinoyskull has joined #postfix[05:02:50] <lunaphyte> :)[05:03:33] <pickcoder> so far I've not seen any issues with the newsletter[05:04:54] <lunaphyte> cool[05:07:35] <lunaphyte> weird, though, because i subscribed a bunch of throwaway addresses and have been marking it as spam.[05:08:23] <lunaphyte> jk, of course.[05:08:46] <pickcoder> the RFC demonstrates a DNS record with the pubkey being broken into quoted lines[05:09:02] *** chesty` is now known as chesty[05:10:07] <lunaphyte> page 68?[05:10:34] <pickcoder> 67 in the 2007 copy of #4871[05:11:29] <lunaphyte> gotcha, yeah, i see that. the parens are new to me - i wonder what format they're presenting that data as represented in.[05:11:58] *** tjz has quit IRC[05:15:09] <pickcoder> the parenths normally contain the broken line segments[05:15:31] <pickcoder> parentheses even[05:16:02] *** ambackstrom has joined #postfix[05:16:59] <pickcoder> it looks like a pseudo BIND format[05:18:14] *** beawesomeinstead has joined #postfix[05:19:03] <ambackstrom> I have transport maps set up for mailman (main.cf and master.cf) but i'm getting "User unknown in local recipient table"[05:19:50] <ambackstrom> Mail seems to get to the list sending mail from the command line, but not from external servers.[05:20:23] <ambackstrom> I do see some successes: "status=sent (delivered via mailman service"[05:20:58] <ambackstrom> Any thoughts on why I might see "User unknown" errors? I believe I've followed everything here: https://help.ubuntu.com/community/Mailman[05:21:15] *** nb is now known as nb__[05:21:15] *** nb_ is now known as nb[05:22:26] <lunaphyte> weird. i've never ever seen parens before, in dns or in any bind zone data. bind doesn't complain, but it doesn't seem to have much impact.[05:22:57] <pickcoder> not even with SOA?[05:23:44] <pickcoder> most of the domain configs I've seen split the expiration and serials into lines grouped into parentheses[05:23:47] <lunaphyte> doh - you're right, i take that back. :)[05:24:05] <lunaphyte> yeah, you're totally right, i completely forgot that.[05:25:06] <pickcoder> ambackstrom: user unknown means they are not found in one of several potential user resources[05:25:38] *** Edgan has quit IRC[05:25:49] <pickcoder> ambackstrom: read /topic[05:26:13] <lunaphyte> ah, there it is right there in the arm: ""most RRs are shown on a single line, although continuation lines are possible using parentheses"[05:27:29] *** will has joined #postfix[05:27:36] <pickcoder> shhh...[05:33:47] <pickcoder> heh.. we got a shipment of Fast Orange hand cleaner in today. The entire warehouse smells like an army of oranges attacked.[05:33:53] *** githogori has joined #postfix[05:34:52] <ambackstrom> pickcoder: what would cause mail from localhost to go through the transport, but mail from other hosts to fail the user lookup?[05:35:40] <pickcoder> ambackstrom: any one of a number of things[05:36:07] <pickcoder> if you could pastebin postconf -n and relevant logs as stated in the /topic then someone may be able to help[05:37:49] <ambackstrom> ok. you weren't very specific about what exactly in /topic you wanted to highlight, before.[05:42:05] <will> Reading the whole topic is a good thing[05:42:33] <pickcoder> will: can you do a dkim key lookup for me?[05:42:49] <will> dig selector._domainkey.domain.com txt[05:42:55] <will> Sure![05:43:06] <pickcoder> dig -t TXT primary._domainkey.all-spec.com[05:43:26] <ambackstrom> postconf -n and logs: http://pastebin.ca/1527494[05:43:50] <will> pickcoder: heh[05:43:51] <ambackstrom> s/realhost/example.com[05:44:06] <will> pickcoder: You got some quoting issues it seems like[05:44:22] <pickcoder> ambackstrom: what is in transports?[05:44:28] <pickcoder> will: huh?[05:44:33] <lunaphyte> your ttl is only an hour, so as long as it's been longer than that since you changed it, there's no stale data.[05:44:55] <will> "v=DKIM1\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh7qga6LXlcBkJnFQBCQr0dN3F" "4GDDRtVgcmFJWnGsme3cq+m76+TtMCaDtQDlGlLs/1ljFZ3Zg+XiThA4cyuD1BT2" "ZeRSeST6yMqZybehXz+PqECT1IXCXRqo776gQeDLllyiNFH2Etc3UznTPR6vHvyt" "+ZtjWSeQQXl3yqw4gQIDAQAB"[05:45:02] <ambackstrom> pickcoder: lists.example.com mailman:[05:45:02] <will> I've never seen a key broken up like that before[05:45:07] <pickcoder> it's been entered in a split line group[05:45:19] <will> That works?[05:45:30] <pickcoder> will: it verifies on Yahoo for newsletter[05:45:42] <pickcoder> amavis checkkeys likes it localled[05:45:43] <will> oh[05:45:44] <pickcoder> ugh[05:45:45] <pickcoder> locally[05:45:49] <will> Cool[05:45:58] <will> I've never seen it like that before[05:46:01] <pickcoder> I can string it all together[05:46:28] <pickcoder> but I'll hope the tech that enters it doesn't get the line break wrong from e-mail[05:47:01] <ambackstrom> the relay_transport was an attempt to fix the problem. same behavior with and without[05:48:17] <pickcoder> ambackstrom: if postfix is to delivery via local transport then "listname" must be in a valid recipient list somewhere[05:48:54] <pickcoder> either don't accept local delivery for list.example.com (mydestination) and let the transport pass it to mailman, or specify recipients somehow[05:49:21] <Dominian> transport map ftw[05:49:52] <ambackstrom> so, comment out mydestination?[05:50:34] <Dominian> I use the mailman transport in master.cf and then specifcy lists.domain.tld mailman: in my transport file[05:50:39] <Dominian> postmap it.. then whammo.. no worries[05:50:45] <pickcoder> ambackstrom: you could.. unless $mydomain is list.example.com[05:50:59] <pickcoder> if it is then you need to change it to example.com[05:51:14] <pickcoder> er.. $myhostname[05:51:15] <pickcoder> sorry[05:51:18] <pickcoder> not $mydomain[05:51:28] <pickcoder> your best bet is to set it to "localhost"[05:51:39] <pickcoder> which will only deliver mail for users in /etc/passwd[05:51:43] <pickcoder> and/or aliases[05:53:29] <ambackstrom> awesome, works great now. thanks for the help[05:54:19] <ambackstrom> so there must be some setting i didn't override that told postfix to accept mail for all those domains[05:55:21] <pickcoder> !mydestination[05:55:21] <knoba> pickcoder: "mydestination" : a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents.[05:55:27] <ambackstrom> mydestination, before i commented it out and saw slightly different behavior[05:55:42] <ambackstrom> yar.[05:56:48] <ambackstrom> ok, thanks again. cheers[05:57:14] <pickcoder> no prob[05:59:13] *** ubergoober has joined #postfix[06:00:26] <ubergoober> good evening everyone[06:01:49] <ubergoober> forgive the nubeness here. I'm using postfix, amavisd-new, clamd and spamd with dovecot LDA and looking for a way to keep a specific mail account from getting any incomming mail scanned by clamd. You see I want to get viruses :O).[06:02:03] <ubergoober> would that be a postfix setting or amavisd-new?[06:02:20] <lunaphyte> could be either, potentially. your choice.[06:02:39] <ubergoober> Some one told me to look into transport maps. Does that sound right?[06:02:59] <Dominian> that sounds about right[06:03:24] <Dominian> probably have to make another transport in master.cf just for that.. tell it not to use the content_filter[06:03:35] <Dominian> then user at domain dot tld donotusefilter;[06:03:37] <Dominian> or something[06:03:44] <ubergoober> ok[06:03:50] <ubergoober> I'll check that out[06:03:56] <ubergoober> thanks[06:04:09] *** jens__ has quit IRC[06:04:40] *** jens__ has joined #postfix[06:07:20] <Dominian> You may be able to tell amavisd to ignore for email to a certain addresses too[06:09:01] <ubergoober> that would probably be the easiest. I'm only seeing white lists referring to spamd though. I should just try it.[06:14:13] *** saurabhb has joined #postfix[06:17:56] *** AndrewKT_ has joined #postfix[06:18:30] *** Edgan has joined #postfix[06:18:43] *** sbathe_ has joined #postfix[06:24:22] *** AndrewKT__ has joined #postfix[06:26:49] *** pinoyskull has left #postfix[06:28:35] *** pickcoder has quit IRC[06:30:44] *** redbrain has joined #postfix[06:31:30] *** AndrewKT has quit IRC[06:31:52] <redbrain> hi i am having problems setting up my postfix mail server[06:32:29] <redbrain> i want to have a full mail server for one domain for 2 adresses with an imap using dovecot and a mail forward to another adress for another domain[06:32:40] <redbrain> but the mail forward is all i want to do now[06:35:01] *** hparker has quit IRC[06:36:15] <redbrain> i was trying to setup a /etc/postfix/virtual is what i think you need to do for a email forward[06:36:19] <redbrain> but i have no idea[06:36:37] <lunaphyte> !tell redbrain basic[06:36:41] *** AndrewKT_ has quit IRC[06:36:43] <lunaphyte> !tell redbrain examples[06:36:47] <lunaphyte> !tell redbrain welcome[06:41:52] <redbrain> how can you even tell if the server even recived a mail[06:45:36] <redbrain> ah i think i see what i need to do now brb[06:45:51] <redbrain> thanks for the links btw i'll let you know what i did wrong[06:46:44] *** ubergoober has quit IRC[06:51:21] <redbrain> hmm its not working i am trying to add an alias to /etc/aliases to do a mail forward[06:51:32] <redbrain> but when i do postmap to update the .db it gives me errors[06:56:30] <redbrain> the myorigin does does this be the domain name of a website you want to recieve mail from[06:56:41] <redbrain> and can you specify more than one[07:00:40] *** uqlev has joined #postfix[07:21:47] <redbrain> this worked for me https://help.ubuntu.com/community/PostfixBasicSetupHowto[07:22:12] <redbrain> my problem was mailx wasnt installed and i had some stupid things in my virtual hosts[07:45:55] <redbrain> ah its all working now all i needed was the .forward and the cleanup of my chroot[07:46:02] <redbrain> for the users on my server[08:05:39] *** gerhard7 has joined #postfix[08:19:15] *** digitalmortician has quit IRC[08:19:56] *** digitalmortician has joined #postfix[08:23:25] *** uqlev has quit IRC[08:24:20] *** Skaag has quit IRC[08:28:01] *** xabbuh has joined #postfix[08:28:07] *** sophokles has joined #postfix[08:29:30] *** F6F has joined #postfix[08:29:34] *** polaru has joined #postfix[08:32:14] *** sbathe__ has joined #postfix[08:34:15] *** saurabhb has quit IRC[08:34:17] *** sbathe_ has quit IRC[08:38:24] *** sbathe__ is now known as saurabhb[08:40:08] *** Verilium has quit IRC[08:42:34] *** madrescher has joined #postfix[08:44:47] *** bhagat has joined #postfix[08:49:55] *** Skaag has joined #postfix[08:52:56] *** redbrain has quit IRC[08:55:31] *** dinopsys has joined #postfix[09:00:55] *** hever has joined #postfix[09:04:53] *** cilly has joined #postfix[10:01:31] *** echelog has joined #postfix[10:03:47] *** jtrm has joined #postfix[10:05:32] *** shinao1 has quit IRC[10:13:04] *** blackflag has quit IRC[10:13:24] *** blackflag has joined #postfix[10:14:31] *** Robbie has quit IRC[10:14:32] *** saurabhb has quit IRC[10:14:32] *** sophokles has quit IRC[10:14:32] *** nb has quit IRC[10:14:32] *** kfo has quit IRC[10:14:32] *** deadpigeon has quit IRC[10:14:32] *** damcgett has quit IRC[10:14:32] *** js_ has quit IRC[10:14:32] *** jonez has quit IRC[10:14:32] *** mac-_ has quit IRC[10:14:33] *** Dominian has quit IRC[10:14:33] *** tuxxie has quit IRC[10:15:30] *** thermoman has quit IRC[10:15:34] *** thermoman has joined #postfix[10:16:09] *** Robbie has joined #postfix[10:16:09] *** saurabhb has joined #postfix[10:16:09] *** sophokles has joined #postfix[10:16:09] *** nb has joined #postfix[10:16:09] *** kfo has joined #postfix[10:16:09] *** deadpigeon has joined #postfix[10:16:09] *** damcgett has joined #postfix[10:16:09] *** js_ has joined #postfix[10:16:09] *** mac-_ has joined #postfix[10:16:09] *** Dominian has joined #postfix[10:16:09] *** tuxxie has joined #postfix[10:16:09] *** jonez has joined #postfix[10:18:23] *** hever has quit IRC[10:18:58] *** hever has joined #postfix[10:23:19] *** lkumar has joined #postfix[10:24:41] *** cilly has quit IRC[10:40:49] *** cilly has joined #postfix[10:50:39] *** trukosh has joined #postfix[10:51:15] <trukosh> Hi, how do i manage 2 smarthosts? senderdom1 -> smarthost1, senderdom2 -> smarthost2?[10:56:25] *** Zblakany has joined #postfix[10:56:27] *** cilly has quit IRC[11:00:17] <Pinchiukas> Anyone care to explain what virtual_alias_domains does? Cause I'm not comprehending http://www.postfix.org/postconf.5.html#virtual_alias_maps .[11:01:10] *** cilly has joined #postfix[11:11:25] *** klem has quit IRC[11:12:16] *** klem has joined #postfix[11:12:18] <klem> tp[11:13:10] <klem> hi[11:17:27] *** Filbert- has quit IRC[11:18:37] *** cilly has quit IRC[11:19:18] <dinopsys> hi klem[11:20:04] *** jtrm has quit IRC[11:24:00] *** ambackstrom has left #postfix[11:29:31] <f3ew> Pinchiukas http://www.postfix.org/postconf.5.html#virtual_alias_domains /[11:29:45] <f3ew> All email addresses in v_a_d are to be rewritten[11:34:15] *** yajith has joined #postfix[11:36:06] *** cilly has joined #postfix[11:42:59] *** lkumar has quit IRC[11:52:56] <trukosh> Info (i asked for it): you can have 2 relayhosts for different sender domains by using: sender_dependent_relayhost_maps[11:53:52] *** redbrain has joined #postfix[11:54:59] <redbrain> hey i am having a problem my postfix, if i use telnet localhost 25 and send a mail to a domain on my machine it is picked up and the alias works and forward the mail to an external domain which is good but if i send a mail from externaly it doesn't do anything[11:56:53] *** dinopsys has quit IRC[12:00:55] <f3ew> !tell redbrain debug[12:03:20] *** Fallenou has joined #postfix[12:12:10] <redbrain> i cant belive in the debugging doc for users in postfix is asks you to use ddd or gdb thats overkill :P[12:13:26] *** scylla has joined #postfix[12:14:07] *** podman99 has joined #postfix[12:14:57] <podman99> hey all ... running an ISP i want to redirect a mailaddress i.e. ssladministrator@* to my at email dot address ... can i do this through /etc/postfix/transport ?[12:17:33] <mefiX> can someone explain the parameters of a av-scanner in /etc/amavis/conf? i have sophos and it seems that the regex doesn't fit anymore[12:18:04] *** Fallenou_ has joined #postfix[12:18:39] <mefiX> i have the following: http://pastebin.org/8714[12:20:07] *** cpm has joined #postfix[12:25:17] <redbrain> ah this is so frustrating i have no idea why this isnt doing anything[12:26:03] *** ulterior has joined #postfix[12:26:37] <ulterior> anyone here?[12:27:39] <ulterior> been having some problems getting emails signed with dk-filter[12:29:06] <redbrain> i've been having problems making it recive mail externaly[12:29:46] <cpm> http://home.messiah.edu/~jlong/dkfilter/faq.html[12:30:02] <ulterior> http://pastebin.com/mffe2322[12:30:07] <ulterior> tried just about everything[12:30:13] <cpm> http://home.messiah.edu/~jlong/dkfilter/faq.html#tlserror[12:30:23] <cpm> ulterior, ^^^^^^^^^^^^^^^^^^^^^^^[12:30:33] <ulterior> heh k[12:32:01] <ulterior> tls is disabled[12:32:57] <ulterior> went through that already[12:33:16] <ulterior> ive searched for the warning its giving me currently[12:33:23] <ulterior> with no results[12:34:04] <podman99> hey all ... running an ISP i want to redirect a mailaddress i.e. ssladministrator@* to my at email dot address ... can i do this through /etc/postfix/transport ?[12:36:03] <cite> oh my[12:36:22] <cite> podman99: You probably want to do this with virtual_alias_maps mappings, using a PCRE or regexp table.[12:36:33] <podman99> thanks cite[12:36:47] *** Wad has joined #postfix[12:36:50] <Wad> hi2all[12:37:12] <mefiX> does anyone know, how i can see what amavis is doing during virus checks? (log-level, log-facility)???[12:37:32] <Wad> maillog: Aug 13 13:24:33 mail postfix/smtpd[29362]: connect from unknown[209.85.219.212][12:37:32] <Wad> root@mail:/ # host 209.85.219.212[12:37:32] <Wad> 212.219.85.209.in-addr.arpa domain name pointer mail-ew0-f212.google.com.[12:37:47] <cite> mefiX: It's probably sufficient to start amavisd-new in debug moe: amavisd debug (or, on Debian, amavisd-new debug)[12:37:52] <Wad> why postfix does not resolve reverse hostname?[12:38:03] <cite> ulterior: Are you using the Milter or the Proxy?[12:38:48] <ulterior> milter[12:38:52] <cite> Wad: Is you smtpd chrooted? If so, does the chroot contain a valid resolv.conf? If it is rooted, is the partition/logical volume which contains the chroot perhaps mounted with the "noexec" option?[12:39:24] <Wad> cite: no, smtpd is not chrooted[12:40:55] <cite> Wad: Can you pastebin the output of "postconf -n" and "grep smtpd /etc/postfix/master.cf"?[12:41:28] *** Fallenou has quit IRC[12:42:44] <Wad> cite: http://pastebin.com/me6c6d88[12:44:02] <cite> Wad: Obviously, you lied to me. Your smtpd _is_ chrooted.[12:47:37] <mefiX> why does amavis during init say "No primary av scanner: Sophos Anti Virus (savscan)"? the binary i specified in config is definetly present!?[12:48:22] <cite> ulterior: I can't offer any more insights, just one hint: Don't get confused by those posts referring you to the "dkfilter" proxy by jason long - if you are really using the _milter_, then you got a completely different program.[12:49:16] <ulterior> k ya im running ubuntu and using there postfix guides.. should be pretty straight forward from the looks of it im just getting owned.[12:51:06] <cite> mefiX: Perhaps you better ask that question on the amavis-users mailing list.[12:52:25] <Wad> cite: hm, why do you think so?[12:52:54] <cite> Wad: Because the fifth column is set to "y".[12:53:13] <Wad> hm[12:53:25] <Wad> and where is it chroot dir?[12:54:40] <mefiX> cite: thx[12:55:19] <cite> Wad: Usually it's the same as the queue_directory. "postconf queue_directory" should output where the queue is located.[12:55:49] <cite> Wad: Often, it's something like /var/lib/postfix.[12:56:15] <Wad> so i need to place etc/resolv.conf link to queue_directory?[12:56:38] <ulterior> managed to get it to quit erroring but still the emails arent getting signed http://pastebin.com/m32c97b9f[12:56:46] <Wad> strange, cause rbl lists work ok[12:58:52] <cite> Wad: No, you replace the fifth column of all lines which end in "smtpd" with a "n" instead of a "y" (or a "-") and then type "postfix reload"[13:00:14] <Wad> you mean i cant get dns worked in chroot at all?[13:00:33] <cite> It means I don't want to walk you through the process of setting up a correct chroot environment.[13:01:10] <Wad> I mean this configuration works great long time[13:01:26] <Wad> so this env not too bad[13:03:22] <Wad> oh, i just copy resolv.conf to $chroot/etc and its go to work =))[13:03:28] <Wad> thx, cite[13:04:37] <cite> rob0: If yoz read this, can you tell me how often you've seen (here, in this channel I mean) postfix setups where the queue_directory was _not_ /var/lib/postfix (or $prefix/var/lib/postfix)?[13:05:06] * cpm mumbles 'mine isn't'.[13:06:48] *** Quadro has quit IRC[13:07:08] *** Quadro has joined #postfix[13:07:54] *** saurabhb has quit IRC[13:08:38] *** ming_zym has quit IRC[13:14:59] *** Niemi has joined #postfix[13:15:49] *** thunderstrike_ has joined #postfix[13:23:41] *** gerhard7 has quit IRC[13:32:13] <theblackbox> hello all, just trying to sort something out - I just set up a user with a thunder buyrd email client (using IMAP) to supersede her webmail (using POP), and I was wondering if there would be a way to retrieve all the messages that had been "popped"?[13:32:41] <theblackbox> sorry if it's OT, but I thought it was postfix/dovecot that would be handling this[13:33:10] <jduggan> not if they sent DELE after downloading with pop[13:33:28] <jduggan> best thing you can do is copy them from the local client to the imap server[13:33:56] <jduggan> if they didnt have delete after download enabled... you would see them with imap without doing any magic[13:34:13] <theblackbox> yeah, I thought as much[13:35:23] <theblackbox> what do you mean "copy from local client to imap"? the old messages are on webmail[13:36:48] *** stephan48 has joined #postfix[13:37:26] *** trukosh has quit IRC[13:37:40] <redbrain> i have a mail server setup when i send a mail its picked up and its in the maildir for that user[13:37:59] <redbrain> but if i use a .forward in that user home it isnt being forwarded unless i do a send mail localy[13:38:57] <cite> redbrain: Pastebin output of postconf -n[13:39:41] <cite> theblackbox: If you can't access the old messages with a client which speaks IMAP, you can't APPEND/STORE them to the new IMAp server.[13:39:48] <redbrain> http://pastebin.com/m5a303f73[13:40:21] <theblackbox> cite, right, cheers - I'll just forward them as attachments (was only a do[13:40:24] <theblackbox> zen at most)[13:40:41] <cite> redbrain: Can you show logs of a failed forwarding?[13:40:49] <redbrain> yup just a sec[13:41:46] *** Filbert- has joined #postfix[13:42:21] <redbrain> cite: http://pastebin.com/m25c3005d[13:43:09] <redbrain> i never recieve the forward :S[13:43:22] <cite> redbrain: That's a well known problem with google. One sec.[13:43:28] <redbrain> but if i was to do netcat localhost 25 ehlo....[13:43:44] <redbrain> cite: awh really thanks !! this has been bugging me all morning[13:43:49] <cite> redbrain: http://mail.google.com/support/bin/answer.py?hl=en&answer=6588[13:44:33] <cite> redbrain: In short: Google is being to smart with this, and there is no known workaround.[13:44:51] *** jtaji has quit IRC[13:45:37] <redbrain> cite: oh ok yeah but i cant find the forwarded mails at all it says they are skipped inbox and are in all mail or sent mail? but where is all mail[13:45:55] <redbrain> just inbox?[13:47:32] <redbrain> omg[13:47:36] <redbrain> i see them!!!!!!!!!!!![13:47:54] <redbrain> awh no way this was driving me crazy for a while[13:48:59] <cite> :-)[13:50:02] *** Muhis has joined #Postfix[13:50:13] <redbrain> cite: thanks is it safe that postfix conf for now, for just ismple forwards[13:50:17] <redbrain> or should i setup ssl[13:52:50] <cite> Since Google is reading your mail anyways, I#d say scre TLS.[13:52:53] <cite> screw*[13:58:45] <thunderstrike_> I've got this issue with the postfix mail server when the server was accidentally rebooted... i'm not able to figure out exactly why did this happened..[13:58:55] <thunderstrike_> Here is the Mail Log[13:58:56] <thunderstrike_> http://pastebin.com/f333cd57d[13:59:36] <thunderstrike_> could anybody temme plz... what did i missed..[14:00:43] <cite> thunderstrike_: Your first issue seems to be that there is actually a legac _Sendmail_ running on your box.[14:01:21] *** Internat-afk has joined #postfix[14:01:25] <thunderstrike_> chkconfig --list | grep sendmail sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off[14:01:55] <thunderstrike_> chkconfig --list | grep postfix postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off[14:01:59] <cite> thunderstrike_: Uninstall the sendmail RPM, reinstall the postfix RPM. Nobody knows where /usr/sbin/sendmail is pointing to.[14:02:30] <cite> thunderstrike_: The second issue seems to be that either because Postfix couldn't start or because the clock jumped, messages in the queue were older than queue_lifetime and were expired for that reason.[14:03:13] <thunderstrike_> okhe... will do that right away...[14:03:33] <cite> thunderstrike_: I recommend you unisntall sendmail, reinstall postfix and scheduele a maintenance to see what happens if you reboot the server.[14:03:51] <thunderstrike_> ok.[14:03:51] <cite> "scheduele a maintenance downtime"[14:03:57] <cite> Damn. English is hard :-P[14:04:10] <thunderstrike_> :)[14:04:18] <thunderstrike_> thanks for ur hepl[14:04:19] *** yajith has quit IRC[14:04:23] <Zerberus> thunderstrike_: alternatives --config mta is sufficuent to set your preferred mta[14:04:45] *** gerhard7 has joined #postfix[14:05:15] <Zerberus> thunderstrike_: alternatives --display mta will show you the links[14:06:58] <thunderstrike_> alternatives --display mta[14:07:07] <thunderstrike_> http://pastebin.com/d24c8fa8f[14:07:52] <Zerberus> thunderstrike_: link currently points to /usr/sbin/sendmail.sendmail[14:08:03] *** redbrain has quit IRC[14:08:26] <Zerberus> thunderstrike_: use --config and switch to postfix[14:08:51] <thunderstrike_> okhe[14:09:59] <thunderstrike_> done..!![14:10:01] <thunderstrike_> thanks[14:12:30] *** Niemi has quit IRC[14:16:27] *** hever has quit IRC[14:16:32] *** bhagat has quit IRC[14:17:09] *** hever has joined #postfix[14:18:38] *** internat has quit IRC[14:23:37] *** Verilium has joined #postfix[14:46:10] *** benjamin2 has joined #postfix[14:46:57] <benjamin2> Hi, does any bady know why my postfix server woul say : timed out while performing the EHLO handshake when contacting some servers[14:47:56] <benjamin2> a telnet on port 25 plus EHLO hostname timeouts on some servers.[14:51:40] <sysmonk> !pix[14:51:40] <knoba> sysmonk: Error: "pix" is not a valid command.[14:51:54] <thumbs> !will[14:51:54] <knoba> thumbs: Error: "will" is not a valid command.[14:51:59] <sysmonk> !smtp_fixup[14:51:59] <knoba> sysmonk: Error: "smtp_fixup" is not a valid command.[14:52:01] <sysmonk> damn[14:52:16] <sysmonk> what was that smtp fuckup factoid[14:52:31] <thumbs> !smtp_fix[14:52:31] <knoba> thumbs: Error: "smtp_fix" is not a valid command.[14:52:41] <thumbs> arg[14:53:06] <sysmonk> benjamin2: anyway, might be pix smtp fuckup in the way[14:54:01] <sysmonk> try telnetting to the server you have timeouts with, and look what smtp banner will it show[14:54:09] <sysmonk> if it's ********** then it's pix[14:56:20] <Zerberus> sysmonk: factioids are here http://workaround.org/f=postfix[14:56:23] *** cps0 has joined #postfix[15:00:03] *** gerhard7 has quit IRC[15:00:03] <benjamin2> benjamin2: pix smtp ? whatÅ› that ?[15:00:21] <benjamin2> sysmonk: sorry Im talking to you[15:00:37] <benjamin2> the SMTP banner shows up[15:01:24] <Zerberus> !cisco_pix[15:01:25] <knoba> Zerberus: "cisco_pix" : The Cisco PIX firewall has a SMTP proxy feature which breaks ESMTP. If your Postfix server is behind such a firewall you should disable the SMTP Fixup feature.[15:01:27] <benjamin2> But the domain is not the right one, it an old sub domain[15:01:33] *** nitbix has quit IRC[15:01:46] <benjamin2> Ok, thats not pix :)[15:03:43] *** eanxgeek has joined #postfix[15:05:26] <benjamin2> I fixed the smtp_banner, there are still timeouts[15:06:11] <benjamin2> If I try to telnet from another client, it just works, and this client can connect to standards mail server (google hotmail..)[15:11:31] <Zerberus> benjamin2: I think you misunderstood: it is not a problem with your specific banner text, but the cisco smtp-fixup breaks ESMTP[15:11:52] *** Fallenou_ has quit IRC[15:14:39] <benjamin2> Zerberus: I do not have any cisco equipment[15:15:28] <benjamin2> I tested the same commands on another machine of the vlan, and there is no such bugs[15:15:35] <Zerberus> maybe you have an MTU problem?[15:16:02] <cpm> some hosts or all hosts?[15:16:20] <benjamin2> cpm: some hosts[15:16:39] <benjamin2> the server I'm trying to contact is a home made installation[15:17:00] <cpm> what's the IP address?[15:17:05] <benjamin2> It can receive mails from any other host of the vlan except one[15:17:18] <cpm> except one eh?[15:17:29] <cpm> interesting[15:17:31] <benjamin2> yes, I don't know why[15:17:34] *** webtango has joined #postfix[15:17:39] *** webtango has quit IRC[15:17:50] *** Keizer has joined #postfix[15:17:52] *** webtango has joined #postfix[15:18:06] <cpm> networking all good? machine routable, pingable ect?[15:18:11] <cpm> etc even[15:18:17] <benjamin2> yes[15:18:31] <Keizer> Anyone know the smtpd configuration parameter for to relay $mynetworks?[15:19:27] <cpm> what happens when you try to do an smtp conversation manually?[15:19:47] <Keizer> Well for localhost it's no problem[15:19:53] <benjamin2> From the problematic host I enter EHLO and get no response[15:20:00] <benjamin2> ThatÅ› the timout[15:20:10] <cpm> what say the logs?[15:20:10] <benjamin2> s/timout/timeout[15:20:18] <rob0> cite: queue_directory = /var/spool/postfix ("postconf -d queue_directory" on all mine) , FreeBSD uses $PREFIX of /usr/local/[15:20:48] <benjamin2> Conversation with <host> timed out while performing the EHLO handshake[15:20:49] <rob0> !permit_mynetworks[15:20:50] <knoba> rob0: "permit_mynetworks" : Permit the request when the client IP address matches any network or network address listed in $mynetworks. Can be used in smtpd_*_restrictions.[15:20:53] <benjamin2> I see that in the mailq[15:21:43] <webtango> hi guys[15:21:44] <webtango> when i use localhost to connect to my new mail server everything works fine, but once i change to the ip of the server i get an error, cannot connect input output error. what could be causing this?[15:21:50] <Zerberus> benjamin2: you enter EHLO without a FQDN?[15:21:55] <rob0> EHLO syntax is "EHLO your.resolvable.hostname.domain.tld"[15:22:15] <benjamin2> Zerberus: well if tried both, but from any other host I get at least an error message[15:22:22] <benjamin2> There's just a timeout here[15:22:28] <cpm> pastebin the output of postconf -n[15:22:37] <cpm> and give us the link[15:22:38] <benjamin2> on the server or the client ?[15:22:45] <Zerberus> !tell webtango inet_interfaces[15:22:49] <cpm> what machine is it that you are having problems with?[15:22:57] <benjamin2> ok, the client[15:23:13] <cpm> are you running a firewall *ANYWHERE* ?[15:24:35] <benjamin2> http://pastebin.com/d1d81d956[15:24:52] <benjamin2> cpm: on both sides, server->packet filter[15:25:20] <cpm> disable firewalls and try again[15:25:25] <benjamin2> and on client side the firewall is the same for all the hosts[15:25:28] <benjamin2> ok[15:26:56] <benjamin2> there's no problem about the firewalls :/[15:28:20] <benjamin2> I'll ask a check of the firewall on the client side, there may be an error, but in that case I would not be able to contact the server at all[15:28:21] <Zerberus> benjamin2: to be sure, before entering your EHLO command you see the greeting message of the remote MTA? or nothing?[15:28:24] <cpm> all firewalls disabled, and same result?[15:28:33] <benjamin2> yes.[15:28:42] <cpm> dns all good?[15:28:48] <benjamin2> cpm: No[15:29:05] <benjamin2> the server is not configured for rDNS[15:29:32] <benjamin2> but other hosts can talk with him, thatÅ› why I don't think it could matter[15:29:48] <Keizer> Hey where does it say the commands to enter after you tenlet hostname 25[15:30:55] <benjamin2> Keizer: As I said, its just ¨EHLO¨ and ¨EHLO hostname¨, with another host I get a response with both commands, and with this host i get a timeout[15:31:05] <rob0> Keizer, various RFCs, beginning with 821 IIRC, continued at 2821[15:31:17] <benjamin2> Keizer: sorry i misunderstood[15:31:59] <rob0> You can also use a MUA like thunderbird for testing. It already knows how to speak ESMTP.[15:32:04] <Keizer> I want to try sending an e-mail from the telnet session[15:32:24] <benjamin2> Ok[15:33:54] <rob0> A Sendmail or Exim daemon, maybe others (but not Postfix) is helpful for learning SMTP, because it has a "HELP" command.[15:34:11] *** havoc has joined #postfix[15:34:15] <havoc> morning[15:35:41] <havoc> quick question: I'm implementing a blacklist of IPs and/or hostnames and/or domains, if I want to maintain a human-readable text file which would be the table type with the best performance?[15:36:38] <benjamin2> Keizer: One IP/hostname/domain per line ?[15:36:43] <benjamin2> havoc:[15:37:05] <havoc> I'm guessing it has to be one of cidr, prce, or regexp[15:37:12] <havoc> pcre[15:38:03] <havoc> at least those are the plain text table types supported on my system according to postconf -m[15:38:12] <rob0> Main thing to do is to be clear on your goal, and name your files sensible names. Client lookups and sender (or recipient) lookups should not be confused.[15:38:14] <havoc> benjamin2: yes, one per line[15:38:38] <rob0> see DB_README.html[15:38:42] *** iasmina has joined #postfix[15:38:53] <iasmina> postfix/cleanup[4270]: warning: connect to Milter service unix:/var/run/dkim-milter/dkim.sock: Permission denied[15:38:58] <iasmina> how do i fix?[15:39:00] <havoc> I'm leaning towards cidr[15:39:05] <rob0> and probably also DATABASE_README.html[15:39:50] <rob0> cidr: is only for CIDR expressions, see cidr_table(5) / cidr_table.5.html[15:40:03] <iasmina> smtpd_milters = unix:/var/run/dk-milter/dk.sock, unix:/var/run/dkim-milter/dkim.sock[15:40:04] <havoc> rob0: yup, already read it[15:40:16] <iasmina> non_smtpd_milters = unix:/var/run/dk-milter/dk.sock, unix:/var/run/dkim-milter/dkim.sock[15:40:37] <havoc> I'm just guessing that would be fastest as there's no overhead of regexp processing[15:41:17] *** bluethundr_ has joined #postfix[15:41:40] <rob0> No, for one thing, ... "I'm implementing a blacklist of IPs and/or hostnames and/or domains, ...", CIDR is not appropriate, hash: is best.[15:42:03] <havoc> well, yeah, I have flexibility though[15:42:16] <havoc> cidr limits me to cidr addresses[15:43:11] <rob0> hash: (or cdb: if you have it) will be best performance.[15:45:10] <havoc> if I can get the other people to remember to postmap it that may work[15:45:19] <iasmina> help?[15:45:51] <Zerberus> iasmina: why do you run 2 milters for the same purpose?[15:46:11] <f3ew> havoc use a config management system for that?[15:46:23] <Zerberus> iasmina: and why do list them as non_smptd and as smptd_milters?[15:46:30] <havoc> f3ew: not on this system :([15:46:48] *** Nockian has quit IRC[15:48:03] <iasmina> what bothers me is why the dkim isnt working?[15:49:00] <havoc> ok, just to verify, I can have multiple check_client_access type:table[15:49:10] <havoc> in main.cf?[15:49:14] <havoc> bah, bad paste[15:49:16] <Zerberus> iasmina: the error messages looks clear: no permissions to reach the socket file[15:49:26] <iasmina> that socket file has 777[15:49:46] *** jamesmacleod has joined #postfix[15:49:49] <Zerberus> iasmina: but the path is not correct[15:49:57] <Zerberus> iasmina: see your pasting through #centos[15:50:03] * cpm clears rob0[15:50:05] *** jamesmacleod is now known as JMacLeod[15:50:17] <Zerberus> the directory is owned dkim-milt only[15:50:27] <iasmina> ouh[15:50:27] <iasmina> done[15:50:29] <iasmina> :)[15:52:51] *** damcgett has quit IRC[15:53:32] *** JMacLeod has quit IRC[15:54:01] *** jamesmacleod has joined #postfix[15:55:27] *** benjamin2 has left #postfix[15:57:10] *** tuxxie has quit IRC[16:00:15] <cite> rob0: Thanks.[16:03:50] <f3ew> havoc how about a nagios event handler which runs Postmap?[16:03:58] *** Nockian has joined #postfix[16:06:02] *** jamesmacleod is now known as JMacLeod[16:06:04] *** gerhard7 has joined #postfix[16:06:05] *** saurabhb has joined #postfix[16:09:09] <Signum> KB1JWQ: We interrupt this channel for a mind-boggling announcement. Signum just got his motorcycle driving license! :)[16:09:31] <rob0> Signum: !! Fun![16:09:37] <lunaphyte> how many people died?![16:09:41] <lunaphyte> :p[16:09:53] <Signum> lunaphyte: I stopped counting after a while...[16:10:20] <havoc> f3ew: no nagios[16:10:39] <havoc> f3ew: this is a stop-gap measure for an old system that will be replaced in a few months[16:10:41] *** will has quit IRC[16:10:43] <rob0> It's hard to kill other people (not counting passengers) with a motorcycle. Possible, but not easy.[16:11:20] <lunaphyte> like running a mail server![16:11:28] <Signum> rob0: Indeed. I'd rather say that even in the last weeks I found enough people who didn't look well and were on the track to kill me.[16:11:50] <lunaphyte> do you have a bike?[16:11:58] <havoc> anyway, thanks for the insights[16:12:07] *** havoc has left #postfix[16:12:38] <Signum> lunaphyte: Yes. Yamaha XJ 600. My wife had an accident with it a month ago. :( But I got all parts and we fixed it. So I hoped to get it from my coworker's garage today and drive a few kilometers. *without* a driving teacher in my ear. :)[16:12:56] <lunaphyte> cool.[16:13:05] <lunaphyte> your wife is ok?[16:13:29] <rob0> I have a Suzuki Burgman 400.[16:13:51] <rob0> not as cool, and yet, cooler :)[16:14:25] <Signum> lunaphyte: Yes, thanks. She had a whiplash. Got frightened because of other cars while making a U-turn and got confused with the controls. Full speed (1st gear) through a fence and into a wall.[16:14:30] <Signum> lunaphyte: She's been lucky.[16:14:49] <lunaphyte> yeesh. that's no good at all. i'm glad she's ok.[16:15:39] <Signum> lunaphyte: She took it easy. First question she asked was... "Is the bike okay?" right before the ambulance took her to hospital.[16:15:46] *** Fallenou has joined #postfix[16:15:48] <lunaphyte> haha[16:15:58] <_bt> hi[16:16:05] <_bt> can anyone explain the postfix "delays" to me please?[16:16:19] <_bt> delays=0.03/0.01/0.03[16:16:57] <Signum> lunaphyte: Now she's really scared though. And I doubt she'll drive again any time soon.[16:17:21] <lunaphyte> i can appreciate that.[16:18:43] <f3ew> _bt time spent before qmgr/time spent in queue/time to establish remote session/tiem in actual message delivery[16:18:48] <twobithacker> _bt: http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit[16:20:57] *** web_knows has joined #postfix[16:21:40] <rob0> Yeah, that's the hard thing about a bike wreck: getting back on. Especially when you know it was your mistake.[16:26:45] *** JD__ has joined #Postfix[16:26:56] <JD__> Hi guys[16:27:44] <JD__> I received a 554 5.7.1 <correctusername at aol dot com>: Relay access denied message from my postfix server this morning - other aol users were able to use it - is this common?[16:29:36] <Dominian> Should they be able to relay through your server?[16:29:38] <webtango> anyone got an article handy on how to move all existing user email from my current server running sendmail to my new server runnin postfix and dovecot?[16:30:06] *** JMacLeod has left #postfix[16:30:14] <Dominian> webtango: rsync+ssh :P[16:30:20] *** clockspider has quit IRC[16:31:23] <rob0> !relay_denied[16:31:23] <knoba> rob0: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or (1 more message)[16:31:39] <webtango> anyone got an article handy on how to move all existing user email from my current server running sendmail to my new server runnin postfix and dovecot?[16:32:43] <Signum> webtango: depends on the format of the mails. I just know the mailbox format (mbox) and postfix handles that well - just like sendmail. copy the files over into the right location and you are done.[16:32:52] *** digitalmortician has quit IRC[16:32:54] *** digitalmortician has joined #postfix[16:35:32] *** seekwill has joined #postfix[16:36:20] <JD__> knoba, if I'm successfully submitting emails to aol users and receive a relay denied message for just one aol user, what does that mean? Is it just a fluke?[16:36:25] <rob0> webtango: why was that question repeated 2 minutes after the first time? And is Dominian on /ignore?[16:36:32] <Zerberus> webtango: the MTA part does matter less, how is the user mail stored and accessed? most people make use of tools like imapsync to get mail from one storage to another one[16:38:45] *** JD__ has quit IRC[16:40:38] *** web_knows has quit IRC[16:42:58] *** web_knows has joined #postfix[16:43:32] *** triarius has joined #postfix[16:43:39] <triarius> hello postfix fellows![16:45:32] <triarius> i'm trying to integrate my postfix-2.6.2_1,1 (freebsd box) with MS AD[16:46:01] <triarius> but having warning: dict_ldap_lookup: Search error 1: Operations error[16:53:08] *** jtrm has joined #postfix[16:58:58] *** xabbuh has quit IRC[17:03:07] <_bt> f3ew and twobithacker thanks[17:03:59] <lunaphyte> !tell triarius welcome[17:08:55] *** loompek has joined #postfix[17:09:01] <loompek> morning[17:11:24] *** pickcoder has joined #postfix[17:11:29] <loompek> i don't get something... i'd like postfix to sign all outgoing mail via dkimproxy but not incoming mail... the server is both incoming (from internet to storage) and outgoing (from local clients to internet)[17:11:46] <loompek> i planned to do this like this... http://pastebin.com/d21c63fb4[17:12:40] <loompek> but i think i started wrong...[17:13:52] *** f3ew has quit IRC[17:13:57] <KB1JWQ> Signum: CONGRATULATIONS![17:14:05] <KB1JWQ> Signum: Please try not to die, kthx?[17:20:57] *** korozion has joined #postfix[17:21:41] <korozion> If I'm using amavis and have the line 127.0.0.1:10025 inet n - - - - smtpd in master.cf. Is that accepting mail *back* from amavis?[17:22:01] <loompek> korozion yeah... it should...[17:22:22] <korozion> I'm asking because I have amavis binding to a valid IP and want to actually move amavis to a seperate physical machine some day[17:22:37] <loompek> korozion if you have content_filter in main.cf set to amavis... and master.cf has htat line... and amavis is configured correctly...it should work[17:22:53] <korozion> if I change that 127.0.0.1 to a valid IP (one on the same box) mail stop[17:23:21] <lunaphyte> you need to make sure that both parties are in agreement.[17:24:00] <lunaphyte> i'd probably add alias interfaces, using some other netblock (maybe even a testnet block) and adjust the configuration to work that way.[17:24:11] <loompek> korozion in that case, set content_filter=amavis:[amavis.ip]:10024 in main.cf, postfix.ip:10025 inet... smtpd in master.cf on postfix box[17:24:30] <loompek> and in amavis.conf set the notify_method and forward_method[17:24:40] <loompek> of course change all the needed ips[17:24:52] <loompek> maybe open a firewall etc...[17:24:57] <korozion> yeah, I have everything set to the valid IP right now, except that part in master.cf[17:24:58] <lunaphyte> also, you'll almost certainly want an isolated (crossover if possible) connection between the computer running postfix and the computer running amavis.[17:25:04] <korozion> without it being 127.0.0.1 it fails[17:25:13] <lunaphyte> (down the road, i mean)[17:25:22] <loompek> korozion yeah.. another amavis feature...[17:25:48] <lunaphyte> how is that a deficiency with amavis?[17:26:08] <loompek> check mynetworks in amavis conf[17:26:20] <lunaphyte> configure it right and it will work just fine. that's just basic networking, it has no bearing on either amavis nor postfix[17:26:21] <korozion> k[17:26:53] <lunaphyte> i must be on his /ignore list[17:27:39] <korozion> sorry, phone rang :)[17:28:50] *** sophokles has quit IRC[17:29:43] <korozion> currently I'm testing everything on the same machine. Right now the IP of postfix and amavis is xx.xx.96.97 which is a public IP. Everything in postfix and amavis is set to use that IP, *except* the amavis line in master.cf which is 127.0.0.1:10025. If I change it to xx.xx.96.97, mail stops[17:30:35] <lunaphyte> like i said, i'd use different addresses for that sort of thing. besides being more security conscious, it will help with troubleshooting too.[17:31:33] <korozion> ok[17:31:39] <seekwill> Isn't amavis supposed to use 127.0.0.1?[17:31:48] <lunaphyte> no[17:31:54] <lunaphyte> that's just "the norm"[17:32:06] <lunaphyte> since it's almost always on the same computer as the mta.[17:32:13] <seekwill> ah[17:32:15] <seekwill> yeah[17:35:59] *** Filbert- has quit IRC[17:36:01] *** Ryushin has joined #postfix[17:37:00] *** Filbert- has joined #postfix[17:39:00] *** thunderstrike_ has quit IRC[17:40:50] *** Robbie has quit IRC[17:41:42] *** LinuxCode has joined #postfix[17:44:49] <loompek> umm.. as for my question before.. seems amavis has quite extensive dkim implementation so there's no need for dkimproxy[17:52:28] *** kisisten has joined #postfix[17:53:58] *** magyar has quit IRC[17:54:02] *** GoGi has joined #postfix[18:01:10] <webtango> guys does anyone know a guide for transfering mail over from an existing sendmail server to a postfix server? not sure how to move my inbox and sent mail over to teh new Maildirs[18:01:56] <seekwill> That's a mailstore kind of question[18:02:01] <lunaphyte> i'd use a mail client.[18:02:09] <seekwill> I would too[18:02:25] <lunaphyte> or, maybe just print them out and then scan them back in.[18:03:30] <seekwill> Make sure to use a high quality DSLR to scan it[18:04:53] *** Wad has quit IRC[18:07:27] <rob0> webtango has a write-only IRC client![18:07:34] <pickcoder> webtango: Postfix doesn't care about your mail storage. You configure that with a local delivery agent of your choice.[18:07:56] <rob0> pickcoder, several people have already answered this.[18:08:05] <pickcoder> they did?[18:08:39] <pickcoder> wth is everyone getting on my case today[18:09:10] <rob0> Dominian at 14:30, Signum at 14:32, and more. webtango has the whole channel on /ignore.[18:09:18] * rob0 checks calandar[18:09:32] * rob0 checks *calendar[18:09:35] <seekwill> pickcoder: What's your problem man???[18:09:41] <seekwill> pickcoder: And where is my coupon???[18:09:55] <rob0> Yup, August 13 is International Pick On Pickcoder Day.[18:09:58] <lunaphyte> wow, he really does.[18:10:08] <lunaphyte> webtango: are you there, DUDE?[18:10:08] <seekwill> lol[18:10:49] *** pickcoder has quit IRC[18:10:54] <seekwill> :([18:10:55] <rob0> pickcoder: Clean up your desk. What a slob![18:11:13] *** jtrm has quit IRC[18:11:17] <KB1JWQ> webtango: Did you get your answer?[18:11:35] <seekwill> KB1JWQ: His IRC client doesn't have read capabilities[18:11:48] <seekwill> KB1JWQ: Kline him[18:11:48] <thumbs> maybe he's blind[18:11:49] *** melia has joined #postfix[18:11:59] <rob0> kline :)[18:12:03] <KB1JWQ> Hah, no.[18:12:08] <KB1JWQ> I could remove him from the channel though. :D[18:12:11] <seekwill> :([18:13:05] <rob0> What's scary is that he works for navsim.com ... can find his way around the world, but not around IRC![18:13:31] <seekwill> heh[18:14:19] <rob0> International Pick On Pickcoder Day sure sucks without having pickcoder to kick around.[18:14:30] <webtango> luna sorry i was away from my desk[18:14:57] <lunaphyte> he fixed it![18:15:00] *** WildPikachu has joined #postfix[18:15:02] <lunaphyte> yay![18:15:07] <KB1JWQ> webtango: I've been reading through logs here; you've asked a lot of questions, but never respond to the answers you get. Why?[18:15:12] <WildPikachu> is it possible to limit the concurrency to a smarthost?[18:15:18] <rob0> webtango: that still doesn't explain why you keep asking the same thing.[18:15:28] *** nb is now known as i[18:18:22] *** i is now known as nb[18:18:36] <lunaphyte> maybe his office is on fire.[18:18:43] <lunaphyte> or his hair.[18:18:47] <seekwill> Or his pants[18:18:58] * rob0 hates it when that happens[18:19:17] *** podman99 has quit IRC[18:19:35] <lunaphyte> that's what happens when you use acetylene for making ballon animals.[18:19:37] *** saurabhb has quit IRC[18:20:37] <cpm> heh[18:21:40] *** triarius has quit IRC[18:23:07] <rob0> is it too late to "echo International Pick On Pickcoder Day | sed s/Pickcoder/cpm/" ?[18:23:54] <cpm> Yeah, I think so.[18:24:05] <cpm> that would have been yesterday.[18:24:25] <cpm> yesterday was the day I got notified that I'd been @this place for exactly 13 years.[18:24:31] <cpm> at least it's prime.[18:24:41] <lunaphyte> hey, you beat me :)[18:25:05] <cpm> funny, seems longer than that somehow.[18:32:58] *** polaru has quit IRC[18:33:36] <lunaphyte> hmm, maybe you aren't accounting for leap years?[18:34:14] <cpm> or dog years.[18:35:20] <rob0> 13 years![18:38:12] <cpm> so that's 68 in dog years. that sounds right.[18:38:18] <lunaphyte> haha[18:38:37] <lunaphyte> i think you hit on something there - that would definitely explain things.[18:38:59] <cpm> internet years and dog years share a lot of commonalities I think[18:39:29] <rob0> haha, on the Internet, no one knows you're a dog ;)[18:39:41] <cpm> indeed![18:43:07] <lunaphyte> oh, speaking of the internet - i was thinking the other day that the internet is like guns. while no one can deny that they don't offer dramatical value in certain respects, we'd probably really just be better off without them.[18:43:14] <lunaphyte> *dramatic[18:43:48] <rob0> I like ready access to weather and wx radar.[18:44:03] <rob0> nothing else delivered that so well before Internet[18:44:19] <rob0> also, wikipedia++[18:44:25] *** korozion has left #postfix[18:44:35] <sysmonk> hi there deerkiller[18:45:14] *** githogori has quit IRC[18:45:37] <rob0> Deer decapitator, too. More decapita percapita.[18:46:08] <rob0> I used a hacksaw. Consider yourself warned![18:46:22] <cpm> nice![18:46:51] <sysmonk> cpm: you're next...[18:47:55] <rob0> There too, the gun helped the suffering deer, and the Internet helped me figure out how to keep her from dying in vain.[18:47:56] <cpm> he has to shoot me in the eye with a .22 first. Like I'll just jump in front of a car for massive injury so he can pull that one off easily.[18:47:59] <cpm> sheesh[18:49:07] <rob0> You'd have trouble getting hit by a car on this road, there's not much traffic. And the driver would see/avoid you, probably.[18:49:35] <sysmonk> i wouldn't avoid cpm if i would see him[18:49:39] <sysmonk> *evil*[18:49:40] <sysmonk> ;)[18:50:52] <sysmonk> it'll be a suicide, 29 wounds in his back. :)[18:51:22] *** WildPikachu has left #postfix[18:51:23] <cpm> rob0, the trick is to hide in the tall grass and jump out at the last second.[18:51:23] *** melia has left #postfix[18:51:23] <rob0> Indeed. But you're even less likely to be driving in front of my house than cpm is to be running about trying to be hit by a car.[18:51:36] <rob0> (or, hiding/jumping out)[18:52:08] <cpm> hard to say about these things.[18:52:36] <rob0> Actually if it had been cpm and not a deer, I probably would have called an ambulance. Keep him suffering![18:53:15] <cpm> you rat bastard![18:53:25] <rob0> Thank you.[18:54:15] *** pincombe has joined #postfix[18:55:10] *** pincombe_ has joined #postfix[18:57:17] <pincombe_> when setting a virtual alias up the catchall @domain.com is overriding my info at domain dot com settings how can i fix this?[18:59:38] <Dominian> don't use a catchall[18:59:40] <Dominian> !catchall[18:59:41] <knoba> Dominian: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[19:00:00] <seekwill> But he _NEEDS_ one!!!111one[19:00:14] <Dominian> yah[19:00:20] <Dominian> heard that beforfe[19:00:27] <seekwill> Everyone thinks they are the exception[19:00:35] <Muhis> That setting should be renamed "catchspam"[19:00:39] * rob0 is the exception[19:00:57] * rob0 is now known as exception[19:01:18] <pincombe_> lol yeah one solution would be to remove the catchall[19:01:37] <pincombe_> the weird thing is its only occuring with the main domain[19:01:49] <pincombe_> the domain thats also the hostname of the server[19:02:02] <rob0> add specific aliases where needed. See /topic for how to ask a real (answerable) question here.[19:02:08] <pincombe_> all other virtual domains work normally[19:03:29] * cpm excepts rob0[19:03:47] * lunaphyte excepts rob0 for who he is.[19:03:50] * rob0 takes exception![19:04:37] * seekwill throws exception[19:04:50] <pincombe_> fair enough you should take exception i didn't follow the rules correctly[19:04:58] * lunaphyte rips out seekwill's core[19:05:09] <lunaphyte> (and starts inspecting it to find the problem)[19:06:33] <seekwill> lunaphyte: Let me know what you find![19:06:45] *** Nek has joined #postfix[19:06:55] <Nek> Hi ^^'[19:06:56] <lunaphyte> well, so far, the spine is missing. :p[19:07:02] <seekwill> ouch![19:07:49] <lunaphyte> actually, it looks like it use to be there, but was previously ripped out, probably from years and years of abuse.[19:07:55] <seekwill> haha[19:07:57] <lunaphyte> *used[19:08:19] <Nek> ^^' I'm a youn french and speak not very good english but need help... Can you help me ?[19:08:22] <lunaphyte> we can probably fabricate something up from these leftover dinosaur bones i found.[19:08:36] <lunaphyte> Nek: we'll sure try.[19:08:41] <lunaphyte> !tell Nek welcome[19:08:56] <seekwill> !welcome[19:08:56] <knoba> seekwill: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:09:12] <seekwill> ah[19:09:25] <rob0> seekwill: Welcome![19:09:29] <seekwill> Thanks!!![19:09:29] <lunaphyte> haha[19:09:41] <lunaphyte> rule number one in #postfix is that we don't talk about #postfix[19:09:56] <seekwill> Can we talk about #qmail?[19:09:57] <rob0> Invertabrates are quite welcome here.[19:10:02] *** F6F has joined #postfix[19:10:13] <seekwill> woohoo[19:10:22] <lunaphyte> what about devertabrates?[19:10:24] *** Skaag has quit IRC[19:10:32] <Nek> I must send /topic ? :o[19:10:35] <Zerberus> Nek: if you are not just young and french, but female and good looking, we can make anything you can imagine ;)[19:10:44] <lunaphyte> holy f.[19:10:53] <rob0> When spongebob and Patrick went to the chiropractor, they found discrimination against invertabrates.[19:11:09] <Nek> lol Zerberus I'm sorry I'm a guy[19:11:27] <Zerberus> Nek: was kidding ;)[19:11:53] <lunaphyte> yeah, you say that now...[19:12:06] <Nek> so I installed postfix and some soft around[19:12:06] *** pincombe has quit IRC[19:12:40] <Nek> when I send mail with root directly on the server it's ok[19:12:43] <Zerberus> lunaphyte: at least you can better think with less testosterone in your blood[19:12:54] *** pincombe_ has quit IRC[19:12:56] *** pincombe_ has joined #postfix[19:13:47] <Nek> But if I try to connect with thunderbird I have an error: chdir nek.fr.nf/web/ failed[19:14:34] <Zerberus> Nek: that does not sound like a primary postfix problem[19:15:05] <rob0> What is it with people and the /topic? They won't read it, and if they do, they won't comply.[19:15:17] <Nek> so what it is ? =/[19:15:31] * cpm topics rob0[19:15:33] <lunaphyte> i wonder if the language barrier caused a misinterpretation[19:16:01] <rob0> Nek, I am *guessing* it's a POP3 or IMAP problem.[19:16:03] <rob0> !imap[19:16:04] <knoba> rob0: "imap" : IMAP is an application layer Internet protocol that allows a client (MUA) to access mailboxes on a remote server (see: http://en.wikipedia.org/wiki/IMAP). Postfix does not provide IMAP (or POP3) service; see !courier or !dovecot for common IMAP/POP3 choices.[19:16:17] <rob0> No more guesses allowed today, sorry.[19:16:23] <Nek> =S[19:16:29] <Zerberus> Nek: does that error string come up when you want to send mail?[19:16:30] <cpm> !rob[19:16:31] <knoba> cpm: Error: "rob" is not a valid command.[19:16:33] <cpm> !rob0[19:16:33] <knoba> cpm: "rob0" : a pathetic bot that reacts to newly joined users with reciting the !basic factoid :)[19:16:59] <Nek> no when I received[19:17:03] <Zerberus> Nek: never seen Thunderbird complaining connectivity problems with a "chdir $URL" error type[19:17:29] <rob0> lunaphyte, sure, in this case it may be, but it seems to be the rule that new people come in and do this.[19:17:44] <lunaphyte> oh, absolutely agreed, yeah.[19:17:46] <Zerberus> Nek: are you able to identify your mail access & storage server?[19:17:49] <Nek> The probleme is not from thunderbird[19:17:55] *** scooby2 has joined #postfix[19:18:09] <Zerberus> Nek: maybe dovecot?[19:18:27] <Nek> dovecot ? what's that ?[19:19:07] <scooby2> imap/pop server[19:19:09] <Zerberus> Nek: really, to be best supported by all those interested in here around, write down your configuration parameters and exact error messages, paste that with a pastebin page[19:19:47] <Zerberus> Nek: postfix is just one single part out of the whole mail story[19:20:09] <rob0> Tell me a story![19:20:25] <Nek> Yes... Okey wait I try thunderbird with imap and I send you the real message ![19:21:26] <Zerberus> Nek: you know any of these pastebin services like pastebin.ca? please use it and give us the URL[19:21:35] <pincombe_> i have my configuration files ready now[19:21:42] <pincombe_> http://paste.debian.net/44088/[19:21:45] <pincombe_> this is my main.cf[19:22:02] <Zerberus> I have to leave the office now, bye folks[19:22:10] <pincombe_> http://paste.debian.net/44090/ <---- my virtual file[19:22:13] <lunaphyte> !tell pincombe_ error report[19:22:28] <lunaphyte> you must comply to get your pie.[19:22:49] <Nek> Zerberus, why paste for one line ? ^^[19:22:52] *** scylla has quit IRC[19:23:10] <Nek> aw you want all my configuration ![19:23:12] <pincombe_> when i try to send an email to any email address it is getting picked up by the catchall and ignoring the other virtual rules i setup[19:23:38] <Zerberus> Nek: one single line of error code is ok to show up here, but often that quickly gets much more[19:24:23] <Zerberus> Nek: first you should try to describe best what your test case is: used software and configuration parameters[19:24:34] <Nek> for thunderbird and imap it's simple: CONNEXION ERROR[19:25:01] <Zerberus> Nek: may be caused by a packet filter aka firewall[19:25:41] <Nek> hum... the firewall is ok[19:26:13] <Zerberus> Nek: then maybe the service is not running[19:26:18] <Nek> But if the soft try to have access to nek.fr.nf he can't, it's a protection of my box...[19:26:40] <Zerberus> Nek: imap server specific questions should better be asked and answered in the appropriate channel[19:26:52] *** Ruperto has joined #postfix[19:27:15] <Zerberus> Nek: yes, your host typically has its own firewall[19:27:19] <Nek> nano /var/log/mail.log: Aug 13 19:00:19 puissanceweb courierpop3login: chdir nek.fr.nf/web/: No such file or directory[19:27:51] <rob0> pincombe_: config AND LOGS in a single pastebin[19:28:01] <rob0> !tell nek courier[19:28:02] <Zerberus> Nek: ok, now we know that you are running courier and you are trying POP3[19:28:36] <Zerberus> well, must leave - you are in best hands with the others ;)[19:28:54] <pincombe_> sorry rob0 my logs are pretty useless but i will put the info in the same pastebin[19:29:10] <rob0> well, I looked at that virtual file[19:29:31] <rob0> Could be that the problem is, you're using unqualified addresses as result[19:29:50] <rob0> and you're making some wild assumption about where those go[19:30:12] * cpm unqualifies rob0[19:30:27] <rob0> !append_at_myorigin[19:30:28] <knoba> rob0: "append_at_myorigin" : a configuration parameter in the main.cf: Append the string "@$myorigin" to mail addresses without domain information.[19:30:45] <rob0> cpm@myorigin[19:31:36] <Nek> I have a box in front of the server who ban connexion of the server to the server (for example the serveur can't access to http://nek.fr.nf)[19:32:45] <pincombe_> i will have a quick look at that setting[19:32:58] *** tkrin has joined #postfix[19:33:23] <rob0> No, don't change the setting, just understand it.[19:33:56] <pincombe_> yeah i wouldn't change anything would first understand it :D[19:34:09] *** tkrin has quit IRC[19:34:30] <Nek> http://nek.fr.nf/mail/main.cf[19:34:40] *** master_of_master has quit IRC[19:35:17] <pincombe_> i have just spotted a warning message[19:35:18] <pincombe_> warning: do not list domain realsubliminal.com in BOTH mydestination and virtual_alias_domains[19:35:54] <pincombe_> that might be having some affect on the situation[19:40:42] <Nek> Zerberus ?[19:42:40] *** VaNNi has joined #postfix[19:43:08] *** s0ber_ has joined #postfix[19:44:27] *** tjado has quit IRC[19:45:52] *** master_of_master has joined #postfix[19:48:26] *** F6F has quit IRC[19:48:29] * Nek go to eat back later[19:53:26] <Signum> KB1JWQ: Heh, thanks. No way I'm becoming a deliberate organ donor.[19:53:28] *** burnersk has joined #postfix[19:54:08] *** s0ber has quit IRC[19:56:46] *** spq` has quit IRC[19:57:14] *** spq` has joined #postfix[19:57:36] *** amrit|WRK is now known as amrit|wrk[19:58:18] <KB1JWQ> Signum: No kidding. :)[19:58:22] <KB1JWQ> Signum: Gear is your friend.[19:58:38] <Signum> KB1JWQ: Right, the highest gear... wrooooooom[19:58:46] <Signum> KB1JWQ: I'm wearing decent protectors all the time.[19:59:03] <KB1JWQ> Signum: I had gear save me from an 80mph death. :)[19:59:23] <KB1JWQ> Signum: Check your PM if you get a few.[19:59:23] <Signum> KB1JWQ: From all the other students I appear to be the only one caring for security. No idea why.[19:59:34] <KB1JWQ> "Young and stupid?"[19:59:51] <Signum> KB1JWQ: Old guys around here are stupid, too.[20:00:00] *** pincombe__ has joined #postfix[20:00:12] <Signum> KB1JWQ: T-shirts, flip-flops, short pants...[20:01:15] <thumbs> heh[20:01:30] <KB1JWQ> Signum: Jesus christ, they let people take the class in that?[20:02:09] <Signum> KB1JWQ: No way. Not during classes. But in real-life on the streets.[20:02:29] *** pincombe_ has quit IRC[20:03:41] *** jmedina has joined #postfix[20:04:13] *** Skaag has joined #postfix[20:05:17] *** sako has joined #postfix[20:05:39] <sako> hey all, is there a nice open source webmail interface out there that has a nice look? css/javascript?[20:05:49] <sako> i guess one that can be skinned will work too[20:05:54] <lunaphyte> i like roundcube[20:05:55] <jduggan> roundcube[20:06:00] <sako> thanks guys :)[20:06:03] * cpm imagines Signum in short shorts, >SHUDDER<[20:06:11] <sako> i found atmail.com it looks amazing but not free[20:06:11] <Dominian> roundcube is known to have some security issues off and on..[20:06:11] <jduggan> lol[20:06:15] <Signum> cpm: wait, I have a picture here![20:06:20] <Dominian> sako: there's an opensource atmail[20:06:31] <jduggan> better than imagining him in speedos[20:06:40] <seekwill> I have issues with roundcube[20:06:47] <seekwill> It doesn't feel very safe[20:06:51] <jduggan> i have issues with seekwill[20:06:55] <jduggan> he doesnt feel very safe[20:06:55] <jeev> yea roundcube sucks[20:06:56] <seekwill> :P[20:07:01] <cpm> but shiny![20:07:06] <cpm> shiny shiny![20:07:07] <jduggan> shiny shiny[20:07:08] <Dominian> roundcube doesnt suck per se..[20:07:08] <jduggan> lol[20:07:10] *** Skaag_ has joined #postfix[20:07:15] <Dominian> I just think they have a lot of ground to cover when compared to squirrelmail[20:07:22] <cpm> not shiny![20:07:24] <jeev> horde/imp > *[20:07:29] <Dominian> There are places out there to get squirrelmail skins btw[20:07:38] <Dominian> they cost a one time fee.. but are damn worth it[20:07:40] <sako> Dominian: no way!![20:08:00] <Dominian> sako: I'm not talking the shitty ones.. I'm talking these are full custom[20:08:14] <seekwill> Dominian: SECURITY: SquirrelMail Webserver Compromised[20:08:14] <seekwill> Jun 16, 2009 by Jonathan Angliss[20:08:16] <seekwill> :P[20:08:17] <Dominian> http://www.nutsmail.com/[20:08:22] <Dominian> seekwill: yeah I know[20:08:34] <cpm> there are some shiny re-boxes of squirrelmail, but they are full builds. Not squirrelmail builds, and not subject to squirrelmail fixes.[20:08:47] <Dominian> check out that link[20:08:51] <Dominian> those skins are freakin' awesome[20:09:08] <seekwill> Dominian: Nice[20:09:14] <jeev> Dominian, why wouldn't you want to use what is default? like michael jackson should've stayed black[20:09:17] <jeev> you change skin = you die soon[20:09:28] <Dominian> what?[20:09:37] <jeev> nevermind[20:09:38] <jeev> genius ;)[20:09:40] <cpm> heh[20:09:41] <Dominian> jeev: If you were trying to be funny.. you've failed miserably[20:09:51] <jeev> i never fail[20:09:57] <Dominian> I know what you were trying to say[20:10:12] <sako> Dominian: i cant find the free atmail on their site..[20:10:17] <Dominian> sako: wait one[20:10:32] <Dominian> http://atmail.org/[20:10:38] <Dominian> its pretty nice[20:10:51] <jmedina> :O[20:11:04] <jmedina> apache license[20:11:12] <jmedina> Dominian: thanks[20:11:25] *** Skaag_ has quit IRC[20:12:00] <Dominian> np[20:12:05] <Dominian> Its actually quite nice[20:12:58] <Dominian> and horde/imp has turned into bloat lately[20:14:23] <jmedina> I like horde's server side filtering[20:14:44] <Dominian> eh[20:14:52] <jeev> horde is hot[20:16:30] <sako> Dominian: thank you[20:16:40] <sako> Dominian: atmail looks great[20:16:58] <jmedina> Atmailopen is now in Debian: http://packages.qa.debian.org/a/atmailopen.html :)[20:17:14] * jmedina trying demo[20:17:29] *** ChanServ sets mode: +o KB1JWQ[20:17:29] *** KB1JWQ sets mode: +b %*!*@unaffiliated/jeev[20:17:29] *** KB1JWQ sets mode: -o KB1JWQ[20:18:46] <cpm> horde/imp is, well, pretty heavy if you want a webmail app. Might as well just run zimbra or something.[20:18:59] <cpm> horde/imp was a cool idea 10 years ago.[20:22:41] <KB1JWQ> sako: I'd doge atmail.[20:22:49] <KB1JWQ> We ran it here at $dayjob; was garbage.[20:22:51] <KB1JWQ> dodge**[20:22:57] <KB1JWQ> Migrated to Zimbra.[20:23:09] <cpm> how'd that work out for ya?[20:23:17] <cpm> it's got the shiny down.[20:23:30] <cpm> i expect it to be abandoned within the next year.[20:23:31] <seekwill> KB1JWQ: Atmail Open or the commercial version?[20:23:50] <seekwill> cpm: ?[20:24:16] <cpm> I expect the zimbra project to be abandoned.[20:24:19] <seekwill> Why?[20:24:45] *** cps0 has quit IRC[20:24:55] <seekwill> I'm holding you to that![20:25:03] <cpm> it competes directly with xchange. Yahoo is kinda floundering a bit, and the borg is closing. Borg takeover, the project will be jettisoned[20:25:19] <seekwill> Ah[20:25:26] <KB1JWQ> rob0: Have a minute?[20:25:42] <cpm> folks @zimbra might try to orphan it, and rescue it. But somehow I doubt it.[20:25:46] *** pincombe_ has joined #postfix[20:25:58] <KB1JWQ> Dammit rob0, stop doing work![20:26:05] <seekwill> I thought MS abandoned Y![20:27:23] <thumbs> KB1JWQ: +1 on the ban[20:27:24] *** Skaag has quit IRC[20:28:00] <cpm> seekwill, they are still closing. The right go round was a feint[20:28:05] <cpm> s/right/first[20:28:11] <seekwill> ah[20:28:15] *** ChanServ sets mode: +o KB1JWQ[20:28:15] *** KB1JWQ sets mode: -b %*!*@unaffiliated/jeev[20:28:15] *** KB1JWQ sets mode: -o KB1JWQ[20:28:17] <seekwill> I mean, bling[20:28:21] <cpm> 'partnership' announced[20:28:21] <seekwill> err.. bing[20:28:21] <thumbs> :([20:28:27] <seekwill> thumbs: WHY DID YOU DO THAT[20:28:29] <KB1JWQ> Ten minute timeout quietban.[20:28:32] <KB1JWQ> :)[20:28:40] <KB1JWQ> I... have other modes at my disposal.[20:28:41] <thumbs> seekwill: I was voting for a longer ban, actually.[20:28:55] <seekwill> KB1JWQ: kline![20:29:35] <KB1JWQ> seekwill: Yes. Because (slightly) crossing a line in one channel totally warrants a networkwide ban. :)[20:29:52] <Signum> And if kline doesn't help we'll install Exchange on his mail server[20:29:53] <seekwill> KB1JWQ: We go all out[20:30:02] <seekwill> hehe[20:31:18] <cpm> seekwill, there was a 'partnership' announced a few weeks back. Partnerships between a strong partner and a weak partner usually only go in one direction.[20:31:20] <rob0> hiya[20:31:27] <KB1JWQ> rob0: Helo.[20:31:30] <seekwill> cpm: Domination[20:31:36] <KB1JWQ> rob0: You're being punished for your sins.[20:31:45] <seekwill> I expect Yahoo to take over Microsoft[20:31:45] <rob0> I see. Mea culpa![20:31:52] <seekwill> By next year[20:33:33] <thumbs> seekwill: no, Dominianation[20:33:49] <seekwill> oooh[20:33:58] <seekwill> Total Dominianation![20:34:13] <thumbs> see, I can be clever too.[20:34:18] <Signum> Cool, Yahoo takes over Microsoft. And SCO takes over Yahoo. And SCO goes bancrupt. Three problems solved.[20:36:33] *** Bad_Religion has joined #postfix[20:39:19] * cpm dares not daydream in that fashion[20:39:51] <sako> KB1JWQ: thats for the heads up jsut curious what was bad about atmail?[20:40:15] <rob0> Hey guys, don't badmouth Lord Dominian.[20:40:30] <thumbs> rob0: it was not badmouthing.[20:40:40] <seekwill> We are fans[20:40:47] <seekwill> I'm a facebook fan of Dominianation[20:41:42] *** pincombe__ has quit IRC[20:42:23] <_ruben> seems debian removed atmail again for it not being looked after by upstream security-wise[20:42:40] * thumbs blames debian[20:43:22] *** bluethundr___ has joined #postfix[20:44:00] <KB1JWQ> sako: Logging was crap.[20:44:12] <dan__t> Hrm, what's the proper way to change the HELO address?[20:44:13] <KB1JWQ> sako: It had significant scaling / load issues.[20:44:15] <KB1JWQ> It's exim based.[20:44:32] <dan__t> smtp_helo_name ?[20:45:12] <Dominian> rob0: You do realize that KB1JWQ is a lord too :P[20:45:13] *** pincombe_ has quit IRC[20:46:34] <sako> KB1JWQ: good to know thanks..[20:48:19] <thumbs> Dominian: but we can't call KB1JWQ KB1JWQnian[20:48:30] <thumbs> (it doesn't sound right)[20:48:32] <Dominian> lol[20:48:57] <seekwill> KB1JWQ: Ah, you were using the commercial, full featured one[20:49:06] <seekwill> I think we're talking about the Open version (web client only)[20:50:54] <sysmonk> he's using what?[20:51:33] <KB1JWQ> seekwill: Yeah, we paid for it.[20:51:41] <KB1JWQ> For free web only? I'd go Zimbra.[20:52:04] <seekwill> Zimbra![20:52:13] <sysmonk> pimbra[20:52:15] <rob0> yes, "Lord KB1JWQ" ... naaah[20:52:30] *** emcepe has joined #postfix[20:52:39] <rob0> Titles of nobility and ham callsigns don't mix.[20:52:48] <KB1JWQ> Generally not.[20:54:44] <thumbs> oh, it's a ham callsign?[20:57:01] *** brancaleone has joined #postfix[20:59:58] *** bluethundr_ has quit IRC[21:00:55] *** Vince42 has joined #postfix[21:01:34] *** pincombe_ has joined #postfix[21:04:51] *** pincombe__ has joined #postfix[21:04:57] *** will has joined #postfix[21:08:13] *** mcp has quit IRC[21:08:14] *** emcepe is now known as mcp[21:09:50] *** pincombe_ has quit IRC[21:11:54] *** seekwill has quit IRC[21:14:40] *** goldie has joined #postfix[21:15:02] <goldie> welcome all.[21:15:42] <goldie> i'm trying to make a config with virtual aliases to have forward & copy.[21:17:00] <goldie> I have "virtual_alias_maps = hash:/etc/postfix/aliases" in my main.cf[21:17:56] <goldie> and "mail at example dot com mail at example dot com,another@example.com"[21:19:09] <goldie> copy of message sent to mail at example dot com is kept on the server as expected, but another at example dot com gets two copies. What's wrong?[21:19:14] <goldie> is there a workaround?[21:19:37] <Signum> goldie: do you use a content_filter?[21:19:52] <goldie> Signum: yes, spamfilter[21:19:58] <Signum> goldie: that's the problem.[21:20:00] <goldie> (spamassassin)[21:20:13] <Signum> goldie: so your "content_filter" parameter is set in your main.cf?[21:20:31] <goldie> yes, it is.[21:20:56] <Signum> goldie: alright. the reason for the two mails is that the aliases are evaluated. then the two mails are sent to the content_filter.[21:21:06] <Signum> goldie: the content_filter sends back the emails to postfix on another port.[21:21:18] <Signum> goldie: and postfix applies the aliases again thus creating double mails.[21:21:35] <goldie> I see...[21:21:40] <Signum> goldie: The usual solution is to set "receive_override_options = no_address_mappings" in your main.cf to stop postfix from applying the aliases the first time.[21:22:11] *** Muhis has quit IRC[21:22:40] <goldie> Signum: are there any side effects I should be aware of? I'm quite new to Postfix.[21:23:23] <Signum> goldie: And then setting the options "-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" in the master.cf at the service (e.g. 127.0.0.1:10025) port where postfix gets the emails sent back from the content filter.[21:23:49] <Signum> goldie: The only side effect is that you need to unset the "no_address_mappings" again if you unset the "content_filter".[21:24:00] <Signum> goldie: Otherwise the aliases would not get applied any more.[21:24:30] <Signum> goldie: I know it sounds a little confusing. :) If you want to read about that settings feel free to check out http://workaround.org/ispmail/lenny/amavis-filtering-spam-and-viruses where I talk about it a little.[21:24:41] *** Ryushin has quit IRC[21:27:06] <Signum> goldie: http://www.postfix.org/FILTER_README.html#advanced_filter may also be a good place to read about it.[21:27:22] <goldie> hm, netstat -ap |grep master shows only one port where master process is listening...[21:27:37] *** pincombe__ has quit IRC[21:27:47] <goldie> but if my last remark is very lame, I better read those documents first >:>[21:27:50] *** pincombe__ has joined #postfix[21:28:39] <Signum> goldie: where is your content filter sending the email to after scanning?[21:28:39] <Signum> goldie: I have used AMaViS here (which also uses spamassassin as a spam scanner) and by default it sends email back to 127.0.0.1 on port 10025.[21:29:01] *** Skaag has joined #postfix[21:29:13] <Signum> goldie: No, it's not lame at all. Content filters in Postfix may look a bit strange at first.[21:29:45] <Signum> goldie: It's just a matter of Postfix sends the email through SMTP to a content filter. The content filter needs to send the email back to Postfix (on another port so that Postfix doesn't get into a loop) via SMTP.[21:29:46] *** GoGi has quit IRC[21:29:54] <rob0> Still, IIRC the amavisd-new documentation pretty well covered what you need to get it working.[21:31:10] *** GoGi has joined #postfix[21:31:16] <Signum> Right, I think I saw some README.Postfix there that also explains it.[21:31:45] *** standon_ has joined #postfix[21:33:30] *** burnersk has quit IRC[21:34:43] <goldie> Signum: ooh, I see. My content filter just writes filtered content into the stdin of sendmail -i[21:35:01] <Signum> goldie: Hmm, that's not so good.[21:35:58] * Signum wonders if there is a milter for integrating spamassassin[21:37:55] <goldie> so there is no other port...[21:37:56] <goldie> it's handcrafted perl script[21:37:56] <goldie> I know Perl good enough to change this - that script just checks spam level and completely discards emails with too high score.[21:38:23] *** AbsoluteBeginner has joined #postfix[21:38:53] <Signum> goldie: Perhaps you may be interested in AMaViS which is a more sophisticated perl script (daemon) that does what you say but works with Postfix easily.[21:38:57] <Signum> !amavis[21:38:57] <knoba> Signum: "amavis" : see !amavisd-new[21:39:01] <Signum> !amavisd-new[21:39:01] <knoba> Signum: "amavisd-new" : amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers. See http://www.ijs.si/software/amavisd/[21:40:07] <goldie> Signum: should be no problem, I'm running debian... thanks for help, will try this (later this night >:>)[21:40:22] *** sfire has joined #postfix[21:40:33] <goldie> bbl[21:41:36] <sfire> I have an interesting problem. I have the mail server setup to use encryption (TLS) and everything works. The security certificate is invalid so I got one from godaddy. I have been trying to install it following a few guides I've found however I cannot seem to get it to work[21:41:49] <sfire> when users log in they get prompted to accept the invalid certificate[21:42:03] <sfire> does anyone have a guide for how to use a godaddy certificate with postfix?[21:42:44] *** will has quit IRC[21:43:13] <rob0> !tls[21:43:14] <knoba> rob0: "tls" : Short for Transport Layer Security (RFC2246). It adds an additional layer of encryption to protocols such as SMTP, POP3 or IMAP to improve security during transmission over the Internet. TLS features in Postfix are documented here: http://www.postfix.org/TLS_README.html[21:43:20] *** will has joined #postfix[21:43:33] *** standon has quit IRC[21:43:35] <rob0> Sounds like a client configuration problem, actually.[21:43:51] *** will is now known as seekwill[21:43:52] * cpm configures rob0[21:45:38] * sysmonk deinstalls cpm[21:45:40] <sfire> well I was using a self signed certificate on the server.. I've tried several of the guides to configure the "valid" certificate[21:46:09] *** webtango has quit IRC[21:47:15] <sfire> has anyone set up postfix using a "real" certificate?[21:47:20] *** AndrewKT__ is now known as AndrewKT[21:47:43] <_ruben> place certs under /etc/ssl/ .. point postfix to those files .. profit[21:47:52] <_ruben> or any other place woudl do too[21:47:59] <_ruben> as long as postfix can access it[21:48:09] *** Skaag_ has joined #postfix[21:48:56] <sfire> I put them in /etc/postfix/ssl/[21:48:59] <sfire> is that a bad location[21:49:05] <sfire> ?[21:49:10] <rob0> There's no difference between a "real" cert and a self-signed one. You're looking in the wrong place. Postfix is not the problem.[21:49:14] <_ruben> good enough[21:50:05] <rob0> Personally, I keep certs under /etc/ssl, because I use the same one for multiple purposes: IMAP, HTTPS, et c.[21:50:16] *** Skaag has quit IRC[21:51:12] <sfire> so I got the cert files.. but it seems to complain about not being able to verify the certs[21:52:03] <sfire> outlook claims "The server you are connected to is using a security certificate that cannot be verified" "The target principal name is incorrect"[21:52:09] <sfire> does that mean anything to you guys?[21:52:15] *** Skaag has joined #postfix[21:52:36] *** mhterres has joined #postfix[21:52:55] <_ruben> name incorrect ... name of cert doesnt match hostname?[21:52:55] <rob0> I already answered you.[21:53:12] <rob0> oh ... name incorrect ...[21:53:13] <_ruben> click details or something[21:53:19] <mhterres> hey[21:53:26] <mhterres> anybody here use vda patch ?[21:53:29] <rob0> You probably need to buy a cert with the correct commonName.[21:53:42] <rob0> And have all your DNS ducks in a row.[21:53:46] <rob0> !fcrdns[21:53:47] <knoba> rob0: "fcrdns" : http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS : $myhostname should resolve to your IP address, which in turn should resolve to $myhostname. This is very important if you want big sites to accept your mail. If you can't have it from your ISP, see !relayhost .[21:53:58] * cpm get's some ducks for rob0[21:54:05] <rob0> quack[21:54:10] * seekwill shoots rob0[21:54:22] <rob0> WABBIT SEASON DAMMIT![21:54:32] *** cpm has quit IRC[21:54:35] * rob0 straightens his bill[21:54:40] <sfire> oh man... you guys are totally right :([21:54:56] <sfire> its totally 100% my fault.. its using the server name itself not the domain name I entered[21:55:10] <mhterres> I need some help with virtual_overquota_bounce parameter[21:55:13] <sfire> so its saying the cert is issued to Fax-Email when it should be the domain name[21:55:14] * rob0 sends seekwill a bill[21:55:24] <seekwill> rob0: I want the head too[21:56:06] <rob0> Um ... no ... I don't give head.[21:57:24] *** gerhard7 has quit IRC[21:58:23] *** Skaag_ has quit IRC[22:01:32] *** CrazyFoam has joined #postfix[22:05:02] <sfire> so I renamed the machine thinking it would change the name postfix is presenting to outlook.. outlook is still claiming the certificate is issued to "fax-email" (the old server name)[22:05:14] <sfire> how do I tell postfix the proper name?[22:05:27] <lunaphyte> make a new cert[22:06:09] *** eanxgeek has quit IRC[22:07:17] <sfire> the cert came from godaddy.. how did that name get into the cert? maybe I'm just totally confused by this process.. how do I create a new certification?[22:07:38] <lunaphyte> the same way you made the last one presumably.[22:07:47] *** tjado has joined #postfix[22:08:08] <seekwill> heh[22:10:23] <rob0> The commonName must be the !fcrdns name.[22:10:24] <Nek> =/[22:10:41] <Nek> Frenchee noob is back, somebody can help me ?[22:11:40] <sfire> ls[22:11:42] <sfire> oops[22:11:59] *** vys has joined #postfix[22:12:03] *** Skaag has quit IRC[22:13:53] <rob0> And again, this problem seems to have nothing to do with Postfix, it's just a misunderstanding of SSL.[22:14:43] <Nek> rob0 you're speaking to me ?[22:14:44] *** podman99 has joined #postfix[22:15:17] <sfire> ok.. I totally understand that... the thing that is confusing me is that its somehow reporting the old address and its no where in the certs.. it has to be pulling it from somewhere else[22:16:03] <sfire> the certs are all direct from godaddy[22:16:24] <rob0> Let's see some Postfix logs which illustrate the problem.[22:17:27] *** pincombe__ has quit IRC[22:18:39] *** eanxgeek has joined #postfix[22:23:03] <Verilium> éwi[22:23:27] <KB1JWQ> Nek: What's the issue?[22:24:32] <Nek> Aug 13 21:55:04 puissanceweb courierpop3login: Connection, ip=[::ffff:79.93.29.92][22:24:32] <Nek> Aug 13 21:55:04 puissanceweb courierpop3login: chdir nek.fr.nf/web/: No such file or directory[22:24:55] <KB1JWQ> Nek: Delightful. Not a Postfix issue.[22:24:59] *** stephan48 has quit IRC[22:26:18] <Nek> KB1JWQ, so what is that ? =S[22:27:42] <rob0> Nek, no, I was not speaking to you because you ignored me earlier when I had the bot tell you the "courier" factoid.[22:28:19] *** webtango has joined #postfix[22:28:28] <KB1JWQ> Nek: As others have told you, it's a Courier issue.[22:28:34] <KB1JWQ> Nek: Go talk to the Courier people.[22:28:37] <Nek> I speak so bad english I don't understand all...[22:29:05] <Nek> =S[22:29:14] <Nek> Courier people ?[22:29:23] <Nek> another chan ?[22:29:31] <KB1JWQ> Nek: C'est pas un probleme avec Postfix.[22:30:00][22:30:25] <KB1JWQ> Nek: http://www.courier-mta.org/imap/[22:30:29] <thumbs> KB1JWQ: you speak French?[22:30:31] *** mhterres has left #postfix[22:30:36] <KB1JWQ> thumbs: I have lots of strange talents.[22:30:54] <thumbs> KB1JWQ: I see that.[22:31:25] <thumbs> KB1JWQ: hablas Espanol?[22:31:43] <KB1JWQ> thumbs: Very, VERY little.[22:31:58] <thumbs> aww.[22:32:05] <KB1JWQ> And I live in Los Angeles.[22:32:06] <KB1JWQ> Go figure.[22:32:19] <rob0> Je ne comprende pas.[22:32:41] <thumbs> KB1JWQ: surprisingly, Spanish is not very popular here, in Montreal.[22:32:44] <KB1JWQ> rob0: Mais tu fais.[22:32:51] <thumbs> rob0: you lie.[22:32:53] <seekwill> He called you fat[22:32:54] *** _infidel has quit IRC[22:33:31] <thumbs> I think Nek is asking to be spoon fed[22:33:43] <thumbs> (if my French lessons paid off)[22:35:13] <Nek> lol.. I'm a noob =_= and other french don't have solution for my problem... So I come here =/[22:35:29] <thumbs> Nek: so you're looking for someone to spoon feed you, still.[22:35:50] <thumbs> Nek: and you think anyone will waste hours of their time spoon feeding you instead of working?[22:36:45] <Nek> Hum.. Okey I live out... Thanks =_=[22:39:24] *** Nek has left #postfix[22:42:35] *** Fallenou_ has joined #postfix[22:45:55] *** podman99 has quit IRC[22:45:56] <thumbs> live out like a rock star![22:51:26] <KB1JWQ> There we go.[22:51:36] <KB1JWQ> Yeah, nice enough guy-- just not willing to do the research.[22:52:29] *** uqlev has joined #postfix[22:52:34] <thumbs> ran into one of those the other day[22:52:48] <thumbs> he was asking me the permission to press the enter key after each command.[22:54:36] <jmedina> :)[22:54:49] <KB1JWQ> thumbs: You can get root access on his box trivially easily if you just ask for it, I'd wager.[22:54:58] <KB1JWQ> Should be a fun gamee.[22:55:01] <thumbs> KB1JWQ: not interested.[22:55:05] <KB1JWQ> "How many roots can I get in a day?"[22:57:05] <thumbs> 42.[22:59:01] <rob0> I disagree.[22:59:14] <thumbs> rob0: oh, shush.[22:59:14] <seekwill> I digress[23:00:47] <sfire> rob0, I appreciate your patience with me and my problem.. I recreated the keys on godaddy and placed them in the directory that is named in the main.cf configuration. Outlook still claims the key is from an issuer called "Fax-Email"... I know this isn't exactly a postfix problem but is there any way you could give me a little hint of where to go for the solution? The thing that is confusing me is that the valid from/to dates stayed the same as repo[23:00:47] <sfire> rted by outlook[23:01:10] *** Bad_Religion has quit IRC[23:02:06] <rob0> Well, I don't know much about SSL myself. Maybe there's documentation, but I never needed to go beyond the Postfix TLS_README.[23:03:07] <sfire> I'm going to go re-read that documentation and see what I can find.. totally baffled by this[23:04:44] *** Fallenou has quit IRC[23:07:42] *** oekotaco has quit IRC[23:08:22] <lunaphyte> sfire: openssl x509 -in filename.pem -noout -text[23:15:59] <sfire> I have a .csr and a .key and a .crt but I don't have a .pem file[23:17:21] <sfire> lunaphyte ^^[23:18:52] <lunaphyte> oh, yeah, those are all just made up extensions. the crt one and the csr one.[23:19:16] <lunaphyte> more appropriately, the filenames should be whatever-cert.pem, for example.[23:19:30] <lunaphyte> (assuming they are in pem format, which i'd imagine is the case).[23:20:09] <seekwill> lunaphyte: Any specific reasons, or just for consistency ?[23:20:53] <sfire> the .crt one works with that command.. and its the one that I specified in the main.cf[23:21:57] <sfire> the command worked and displayed all the info in the .crt file[23:21:59] <lunaphyte> seekwill: nothing that pertains specifically to the topic of ssl, just the same reason you wouldn't name a png file .jpg.[23:22:31] <lunaphyte> sfire: go ahead and pastebin output for both the crt and csr file.[23:22:35] <seekwill> I recall the httpd sample config had that[23:22:44] <sfire> lunaphyte, ok.. just 1 min[23:23:27] <lunaphyte> i'm kind of picky about it.[23:23:57] <lunaphyte> obviously, it really doesn't matter, since unix has no extensions, but like you said, consistency.[23:25:23] <sfire> lunaphyte, http://pastebin.ca/1528581[23:26:08] *** wereHamster is now known as wereSheep[23:26:45] <sfire> I don't know why that 2nd file wouldn't work[23:26:48] *** war9407 has quit IRC[23:27:23] *** Fallenou_ has quit IRC[23:27:51] <lunaphyte> easy. because i gave you the wrong command.[23:28:24] <lunaphyte> openssl req -in filename-csr.pem -text -verify -noout[23:29:11] <lunaphyte> boo for godaddy, btw.[23:30:00] <thumbs> godaddy--[23:30:12] <lunaphyte> there you go.[23:30:19] <jmedina> afaik, verify option wont work unless you have your root ca loaded in your openssl chain[23:30:29] *** wereSheep is now known as wereHamster[23:30:34] <lunaphyte> bummer too, i used to like them, once upon a time.[23:30:58] <lunaphyte> yeah, that part can be left off, or the output ignored.[23:31:21] <lunaphyte> sfire: also show postconf -n[23:31:33] <sfire> ok.. pulling the other file now[23:35:04] <sfire> http://pastebin.ca/1528589[23:36:13] <sfire> that 2nd command you gave me to try results in an error on both of the godaddy files[23:36:28] *** webtango has quit IRC[23:36:42] <lunaphyte> hmm. maybe try it without -verify[23:37:15] *** webtango has joined #postfix[23:37:18] *** Ruperto has quit IRC[23:37:20] <lunaphyte> 173.65.14.10 is where you're running this postfix install?[23:37:37] *** magyar_ has quit IRC[23:37:43] <sfire> yes.. that is the external IP[23:37:54] <sfire> well.. that is where people log in[23:37:56] *** Zblakany has quit IRC[23:39:12] *** cilly has quit IRC[23:40:34] <sfire> do I have to create a .pem file?[23:41:29] <sfire> the thing that really confuses me.. it says the cert is from "fax-email" which is what the server was called before.. I changed the name of the server thinking that would fix it. its almost like its ignoring my cert for some reason[23:42:17] <sfire> it says "issued to: fax-email" "issued by: fax-email" which is very confusing (this is what outlook is reporting)[23:42:29] <sfire> I even re-created the keys[23:43:03] <lunaphyte> well, we all know outlook sucks, so you probably won't get much help with that aspect of things here, but we can help you ensure that it's not postfix.[23:43:29] <lunaphyte> did they provide any sort of intermediate cert along with the other files?[23:44:00] <sfire> yea.. gd_bundle.crt[23:44:09] *** bluethundr has joined #postfix[23:44:57] <lunaphyte> sigh. these cert providers just *suck*.[23:46:36] <sfire> does that main.cf specify everything for postfix or is there some other place I need to put the certs for it to work?[23:46:38] *** vys has quit IRC[23:47:28] <sfire> this is the first problem I haven't been able to figure out through google in a LONG time[23:47:41] *** shinao1 has joined #postfix[23:48:47] *** shinao1 has quit IRC[23:49:12] <lunaphyte> yeah, depending on how the cert was generated/signed, you may need to concat the certs together.[23:49:13] *** LinuxCode has quit IRC[23:49:17] *** shinao1 has joined #postfix[23:50:35] *** shinao1 has quit IRC[23:52:11] *** pingouin has quit IRC[23:52:34] *** magyar_ has joined #postfix[23:54:41] <sfire> lunaphyte, I think I found it.. dovecot must be giving this error[23:55:03] <sfire> I have to setup dovcot to use the proper keys also correct?[23:55:45] <lunaphyte> sfire: so you'd do something like cat gd_bundle.crt windjammer.com-cert.pem > windjammer.com_new-cert.pem[23:55:49] <lunaphyte> yes, of course.[23:57:07] *** F6F has joined #postfix[23:59:41] <sfire> ahhhh ha[23:59:43] <sfire> that fixed it[23:59:50] *** shinao1 has joined #postfix