August 14, 2009 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 14, 2009 [00:00:09] <sfire> thank you lunaphyte and rob0 and everyone else for not getting mad at my n00bness[00:00:24] <sfire> I really REALLY appreciate all the help[00:00:46] *** bluethundr___ has quit IRC[00:05:05] <Signum> Nobody here minds noobs. We just get mad at lazy spoonfed babies. :)[00:05:13] <Signum> We are all noobs in many areas.[00:06:37] <KB1JWQ> sfire: Seriously. People only get mad when they want us to walk them through everything.[00:06:41] <lunaphyte> sfire: no worries. you'll still want to combine those certs though to avoid problems down the road with incomplete chains of trust.[00:07:22] <lunaphyte> sfire: you can test yourself with s_client[00:09:06] *** locohost has quit IRC[00:09:19] *** madrescher has joined #postfix[00:11:05] <sfire> I try to figure out everything on my own.. I'm going to write up a guide to help spoon feed (and help with google searches) on this topic[00:11:41] <seekwill> oh great :([00:13:11] *** pingouin has joined #postfix[00:13:39] *** geekboi has joined #postfix[00:19:40] <lunaphyte> i think most of us here would probably prefer you contribute to one of the already existing guides, rather than writing yet another one.[00:19:59] *** Skaag has joined #postfix[00:23:41] *** eanxgeek has quit IRC[00:23:42] *** Skaag has quit IRC[00:24:52] *** seekwill is now known as will[00:25:06] *** will has left #postfix[00:27:49] *** AbsoluteBeginner has quit IRC[00:32:07] *** geekboi has left #postfix[00:33:25] *** madduck has quit IRC[00:33:28] *** madduck has joined #postfix[00:34:50] *** uqlev has quit IRC[00:36:08] <cite> I've been looking at code from three different "frontends" for Postfix which help stroing virtual_mailbox_maps and virtual_alias_maps in a SQL database this evening.[00:37:02] <cite> One thing that strikes me is that rather "traditional" approach: There is a virtual mailbox in a domain, it belongs to one user, and if that user wants more than one address, they create a virtual alias.[00:37:44] <cite> The question is: Why? I can easily populate my SQL database so that cite at incertum dot net and godfather at incertum dot net both return mailboxes/cite/Maildir/.[00:38:17] <cite> I can understand that one uses a virtual alias entry if forwarding mail to a third party is necessary.[00:38:30] <cite> But just to provide a user with more than one mail address?[00:39:05] <rob0> Godfather? Vito Corleone?[00:39:23] <cite> As far as I can see, you could even implement a catch-all mailbox with virtual(8). Never tested that, though.[00:39:50] <cite> rob0: Hehe. Exactly.[00:40:01] <rob0> virtual_mailbox_maps = static:mailboxes/cite/Maildir/[00:40:21] <cite> Well, sure. But that's not really SQL ;-)[00:40:25] <rob0> (dumb idea, but simple to do)[00:45:23] *** pickcoder has joined #postfix[00:46:09] *** usman has joined #postfix[00:46:20] <usman> hello everyone[00:46:24] * pickcoder is puzzled[00:46:27] *** mactimes has joined #postfix[00:47:18] <pickcoder> I'm seeing client host rejected: cannot find your hostname errors but the IP resolves to a hostname via host and dig on the machine[00:47:28] <usman> i am actually kind of newbie in mailserver configuration but i am little confused with the mx records , do we need to define the mx records in dns such as bind[00:47:42] <cite> pickcoder: reject_unknown_client_reverse_hostname?[00:47:45] <pickcoder> usman: if you are hosting the DNS for your domains, yes[00:48:13] <pickcoder> cite: nope[00:48:33] <pickcoder> reject_invalid_hostname and reject_unknown_client_hostname are the only two that really apply[00:48:47] <pickcoder> reject_unknown_sender_domain would be a different error[00:49:12] <cite> pickcoder: Sorry, I meant reject_unknown_reverse_client_hostname. Anyways, which IP is it?[00:49:13] <usman> hmm and what is the purpose of A record[00:49:28] <pickcoder> cite: 216.201.190.114[00:49:42] <pickcoder> it resolves fine for me to a PTR[00:49:49] <pickcoder> usman: this is not #dns[00:49:51] <pickcoder> or #bind[00:50:08] <cite> pickcoder: 216.201.190.114 -> exch1.specialtyoptical.com. -> 205.178.172.60[00:50:10] <rob0> Pickcoder skipped out on Pick On Pickcoder Day?[00:50:33] <pickcoder> cite: I'm not checking reverse->forward[00:50:44] <pickcoder> I only have the two params I stated[00:50:51] <pickcoder> regarding client IP/host[00:51:14] <cite> pickcoder: "Reject the request when 1) the client IP address->name mapping fails, 2) the name->address mapping fails, or 3) the name->address mapping does not match the client IP address."[00:51:24] <rob0> reject_invalid_hostname is a HELO check (deprecated)[00:51:58] <pickcoder> hm[00:52:11] <pickcoder> so what's the point of the reverse check param then[00:52:15] <cite> pickcoder: ITYW reject_unknown_reverse_client_hostname.[00:52:16] <pickcoder> if it's being done anyway in the other one[00:53:18] <rob0> "client host rejected:" means it was a client check, not a HELO check[00:54:05] * pickcoder is off freq today[00:55:30] <cite> pickcoder: reject_unknown_client_hostname is the !fcrdns thing, reject_unknown_reverse_client_hostname does what you want.[00:55:31] <pickcoder> I'm also tired of arguing with "IT" people that their DNS should match in both directions and their mail servers should not just be some random IP[00:55:45] <pickcoder> I'm about to the point of just yanking out DNS checks[00:55:46] <cite> +1[00:55:59] <lunaphyte> don't argue, make them pay.[00:56:07] <pickcoder> most of them are vendors...[00:56:13] <pickcoder> and they are oblivious[00:56:16] <lunaphyte> so they want your money?[00:56:30] <lunaphyte> sounds like the best leverage you could ask for to me.[00:56:34] <pickcoder> unfortunately, we need their products more than they need our money[00:56:43] <lunaphyte> hmm.[00:56:59] <lunaphyte> the fate of the stricken consumer.[00:57:07] *** pingouin has quit IRC[00:57:17] <cite> If all else fails, there is still "facepalm".[00:57:28] *** usman has left #postfix[00:57:29] <pickcoder> I have zen and njabl[00:58:05] <pickcoder> I think they can save me...[00:58:10] <cite> pickcoder: TBH, I don't use DNS checks anymore as for rejection (apart from sender/recipient domain and whitelisting). I score DNSBL hits, and wrong DNS mappings lead to greylisting.[00:58:36] <pickcoder> greylisting is pointless here.. they'll never even realize it's been greylisted[00:58:45] <pickcoder> they'll just think we're "slow"[00:59:01] <cite> Yeah. The first time.[00:59:17] <cite> And you _want_ to receive their mail. So that's perfectly OK.[00:59:47] <pickcoder> Is it really worth the overhead to manage the greylist?[01:00:42] <cite> I don't know. I never managed one - I "aptitude install"ed postgrey, placed a smtpd_restriction_class in place and that was all.[01:00:58] <pickcoder> hm[01:01:08] *** hever has quit IRC[01:01:16] <cite> I mean, I don't greylist everyone. I greylist for certain DNSBL scores and with terribly wrong DNS/HELO settings.[01:01:17] <pickcoder> If I knew that someone was watching the error logs on the other side, then I'd consider it[01:02:28] <cite> Scoring is still pretty effective against spam, but the impact on regular mail is much lower than with any hard rejections triggered by a single hit from a DNSBL or similar.[01:03:00] <pickcoder> are you using amavisd-new?[01:03:03] *** sako has quit IRC[01:03:24] <cite> That one, too, yes.[01:03:41] <pickcoder> I've never done scoring with restriction classes[01:03:42] <cite> But we did most of the scoring in a policy daemon.[01:03:54] <jmedina> what do you use for for scoring?[01:04:05] <jmedina> policy-weight?[01:04:12] <cite> Nah, we just called that restriction class "greylisting" and added the check_policy_service call for postgrey there.[01:04:14] <jmedina> that is for cite[01:04:42] *** F6F has quit IRC[01:04:52] <jmedina> :O, /me would like to see cite configuracion[01:05:10] <cite> jmedina: We started with policyd-weight and selective greylisting (the latter based on an access(5) table), but later on, we just wrote our own policy daemon.[01:05:19] <cite> jmedina: We recycled a lot of policyd-weight's code, TBH.[01:05:45] <jmedina> cite: is your policy daemon free/open?[01:05:50] <cite> Nope.[01:05:51] <jmedina> available?[01:05:53] <jmedina> buuuu[01:06:39] <cite> But you can achieve almsot the same things with postfwd.[01:09:34] <cite> jmedina: http://paste.debian.net/44110/[01:10:51] <cite> jmedina: The policy service on 35353 is responsible for DNSBL, HELO/EHLO, fcrDNS checks and returns REJECT, DUNNO or "greylisting" as needed.[01:11:01] *** makerc has joined #postfix[01:14:39] <jmedina> cite: thanks, I'll try to understand your config[01:14:56] <cite> fsck. That fscking bee wanted to kill me![01:15:02] <cite> http://img13.imageshack.us/img13/8499/imag0067e.jpg[01:18:12] <rob0> The other day I picked up something with 2 wasp nests on it, not seeing them. They attacked me! I had at least 5 stings. Hurt real bad, but an hour later it was fine.[01:19:56] <cite> Ouch. You are lucky. Imagine you were allergic...[01:21:21] <rob0> yeah, I found out I'm not :)[01:22:09] <rob0> I didn't even know it was wasps until I had walked a ways, I was in tall grass and thought maybe I scratched my leg on something.[01:22:49] <pickcoder> gotta run.. bbl[01:22:50] *** pickcoder has quit IRC[01:22:56] *** aditsu has quit IRC[01:26:36] *** timotiCK has joined #POSTFIX[01:29:14] *** makerc has quit IRC[01:31:10] <cite> I'm going to bed. Good night.[01:34:13] *** ulterior has quit IRC[01:35:39] <rob0> Good night cite, sleep tight, you're in for quite a fright tonight.[01:35:55] <cite> erm[01:35:57] <cite> ?[01:36:11] <vho> sleep tight[01:36:22] <cite> Whatever.[01:37:14] <rob0> :)[01:40:49] *** jmedina has quit IRC[01:41:14] *** muh2000__ is now known as muh2000[01:42:11] *** hparker has joined #postfix[01:45:16] *** Vog has quit IRC[01:51:08] *** pingouin has joined #postfix[01:57:52] <lunaphyte> the summer before last, we had a wasps' nest behind some siding. i emptied out a couple of cans of wasp killer late one night into the crack, and the next morning we had 10 wasps flying around our dining room. it turned out to be a pretty big nest.[02:01:27] *** mactimes has quit IRC[02:01:28] *** timotiCK has quit IRC[02:11:27] *** Ammler has quit IRC[02:12:27] *** Ammler has joined #postfix[02:13:18] *** swarog_ has joined #postfix[02:13:18] *** swarog has quit IRC[02:14:06] *** mactimes has joined #postfix[02:20:08] *** gregcoit has joined #postfix[02:20:34] <gregcoit> Hi! How do I check to make sure that postfx is bound to the networ kport rather than just localhost?[02:20:53] <Dominian> what is inet_interfaces set to?[02:21:59] <gregcoit> all[02:22:31] <gregcoit> i guess that answers my question, eh? :)[02:26:24] <gregcoit> Dominian: thanks![02:26:30] *** timotiCK has joined #POSTFIX[02:26:34] <Dominian> :)[02:28:51] *** xpeed has joined #postfix[02:38:57] *** xpeed has quit IRC[02:47:54] *** madrescher has quit IRC[02:56:11] *** timotiCK1 has joined #POSTFIX[03:05:07] *** pingouin has quit IRC[03:15:28] *** kisisten has quit IRC[03:15:38] *** kfo_ has joined #postfix[03:16:15] *** magyar has joined #postfix[03:16:29] *** timotiCK has quit IRC[03:16:38] <standon_> *yawn*[03:16:39] *** standon_ is now known as standon[03:19:12] *** ming_zym has joined #postfix[03:26:34] *** GoGi has quit IRC[03:28:31] *** bluethundr has quit IRC[03:28:53] *** bluethundr has joined #postfix[03:32:39] *** kfo has quit IRC[03:32:39] *** kfo_ is now known as kfo[03:38:39] *** beawesomeinstead has quit IRC[03:39:19] *** beawesomeinstead has joined #postfix[03:40:23] *** clockspider has joined #postfix[03:56:11] *** pingouin has joined #postfix[03:56:44] *** clockspider_ has joined #postfix[03:58:12] *** seekwill has joined #postfix[04:04:14] *** Motoko-chan has joined #postfix[04:09:01] *** master_of_master has quit IRC[04:09:23] *** pickcoder has joined #postfix[04:10:43] *** clockspider has quit IRC[04:25:29] *** lunaphyte has quit IRC[04:30:06] *** timotiCK has joined #POSTFIX[04:32:57] *** lunaphyte has joined #postfix[04:35:34] *** timotiCK has left #POSTFIX[04:35:35] *** timotiCK1 has quit IRC[04:36:57] *** hparker has quit IRC[04:47:19] *** jtaji has joined #postfix[04:52:56] *** seekwill has quit IRC[04:55:34] *** dungbx has joined #postfix[04:55:51] <dungbx> How to transport bounced mail to other server?[04:56:58] <dungbx> How to transport bounced mail to other relay server?[04:58:47] <standon> dungbx: example?[05:00:35] <dungbx> standon: the email was sent from postfix1 server, when postfix1 got bounce notify, it transfers that email to postfix2 to process it[05:02:55] <dungbx> Actually I want to run 1 script when I got "bounced mail" and process that email[05:03:13] <standon> dungbx: you need VERP to solve your actual issue i think.[05:03:20] <standon> but i'm too tired to help. :P[05:03:25] <pickcoder> dungbx: I normally process the logs[05:04:22] <dungbx> standon: okay thanks. I will look into it[05:04:47] <dungbx> pickcoder: I think it wastes a lot of CPU to process logs...[05:05:09] <standon> dungbx: no, it doesn't.[05:06:36] <dungbx> standon: Really? Let's see, I need a deamon to watch the log...[05:07:11] <dungbx> standon: I'm new to linux, it would be easier if I can handle thing on PHP[05:07:58] <dungbx> standon: Oh I remember! Last time I came to this channel, you helped me smt also. Thanks for that! :)[05:09:16] <pickcoder> !verp[05:09:16] <knoba> pickcoder: "verp" : http://www.postfix.org/VERP_README.html[05:16:39] *** shinao1 has quit IRC[05:16:57] *** shinao1 has joined #postfix[05:17:56] *** shinao1 has quit IRC[05:18:39] *** amrit|wrk is now known as amrit[05:19:15] *** pinoyskull has joined #postfix[05:19:55] <dungbx> !fallback[05:19:55] <knoba> dungbx: Error: "fallback" is not a valid command.[05:20:05] <dungbx> What is fallback?[05:21:32] <pickcoder> !fallback_relay[05:21:32] <knoba> pickcoder: "fallback_relay" : a configuration parameter in the main.cf: Optional list of relay hosts for destinations that can't be found or that are unreachable.[05:50:35] *** saurabhb has joined #postfix[05:56:13] *** githogori has joined #postfix[06:06:12] *** ubergoober has joined #postfix[06:07:18] *** jens__ has quit IRC[06:08:05] *** jens__ has joined #postfix[06:11:51] *** dungbx has quit IRC[06:15:03] *** pickcoder has quit IRC[06:15:13] *** _bugz_ has quit IRC[06:34:54] *** _bugz_ has joined #postfix[06:39:57] *** nuonguy has joined #postfix[06:59:29] *** pinoyskull has quit IRC[07:02:08] *** loddafnir has joined #postfix[07:10:41] *** jonez has quit IRC[07:22:45] *** yajith has joined #postfix[07:23:24] *** gerhard7 has joined #postfix[07:27:05] *** Vince42 has quit IRC[07:27:53] *** Vince42 has joined #postfix[07:30:54] *** ubergoober has quit IRC[07:37:09] *** eyecue has joined #postfix[07:37:12] <eyecue> morning :D[07:37:22] <KB1JWQ> eyecue: Evening[07:37:37] <eyecue> it's actually afternoon here, but its friday, so im allowed to make mistakes ;)[07:38:13] <eyecue> I'd just like to know if its possible to add smtp-auth to postfix a) in any other way other than sasl, and b) with sasl against the unix passwd db[07:38:14] <eyecue> :][07:38:59] <eyecue> currently reading a few readme's/faqs/tutes at the moment looking for specifics[07:40:21] <KB1JWQ> Yes.[07:40:22] <KB1JWQ> !sasl[07:40:23] <knoba> KB1JWQ: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[07:40:25] <KB1JWQ> Go read. :)[07:41:50] <eyecue> im half way through it as we speak[07:50:38] *** sophokles has joined #postfix[07:55:27] *** bluethundr has quit IRC[08:09:31] *** ming_zym has quit IRC[08:10:57] *** cilly has joined #postfix[08:11:55] *** ming_zym has joined #postfix[08:12:48] *** dcfsl has joined #postfix[08:14:56] *** brancaleone has quit IRC[08:22:25] *** vys has joined #postfix[08:22:47] <dcfsl> is it possible one postfix instance to query user credntials from both lotus notes and zimbra[08:26:52] <Signum> dcfsl: for SMTP authentication? I don't think so.[08:28:30] <Signum> dcfsl: Of course that depends more on the authentication plugin used. I for example use Dovecot (for POP3/IMAP) and Postfix can use Dovecot for handling the authentication. So perhaps there is a way outside of Postfix.[08:36:01] *** vys has quit IRC[08:37:47] *** Slayerduck has joined #postfix[08:38:07] *** mactimes has quit IRC[08:39:55] *** dcfsl has left #postfix[08:47:27] *** Zblakany has joined #postfix[08:47:56] <eyecue> Question, for the FreeBSD port of postfix, I have the option of disabling/enabling PCRE support. Is that functionality worthwhile to add, and for what ? :][08:48:31] <Motoko-chan> PCRE = Perl Compatible Regular Expressions[08:48:46] <Motoko-chan> It makes maps more flexible in how you can manipulate things.[08:48:47] <eyecue> yah i know, im wondering about postfix specific functionality it would be useful for[08:48:56] <eyecue> ah, gracias[08:49:07] <eyecue> flexibility matching senders/recips/domains/etc ?[08:49:12] <Signum> eyecue: For blocking certain emails depending on patterns in the header lines. Let's say it's an advanced matter. :)[08:49:30] <eyecue> Signum; i had assumed, i wanted to make sure[08:49:42] <Signum> eyecue: I rarely use them actually.[08:49:52] <eyecue> do you use them for backscatter protection ?[08:50:16] *** ^shark_ has joined #postfix[08:50:28] <eyecue> im just a fan of reducing dependencies unless theyre explicitly needed[08:50:43] <Signum> eyecue: Just for HELO checks here. Example: /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant[08:50:50] <eyecue> cool :][08:51:06] <Signum> eyecue: But Postfix comes with sophisticated HELO checks so that's not exactly needed.[08:51:21] * Motoko-chan filters using AMaViSd-new[08:51:28] <eyecue> i come from qmail world.[08:51:36] * eyecue squirms.[08:51:44] <Motoko-chan> eyecue, I feel your pain[08:51:48] * Motoko-chan is still in that world[08:51:49] <eyecue> now now :][08:52:00] <eyecue> qmail+vpopmail was just, so good.[08:52:02] <Motoko-chan> qmail queue manipulation is beyond painful.[08:52:12] <eyecue> concur, i do see elegance in postfix[08:52:22] <eyecue> but yah.[08:52:38] <eyecue> i inherited these machines, and ive been wanting to tinker with postfix for a while[08:52:40] <eyecue> so heres my chance[08:53:09] <Motoko-chan> http://www.linuxmail.info/[08:53:20] <Motoko-chan> This tutorial looks good and up-to-date[08:53:24] <eyecue> heres a question, if i explicitly disable mysql/pgsql/ldap/dbd and cdb support in configure, what other methods are left ?[08:53:36] <Motoko-chan> Note that doesn't do virtual accounts[08:53:38] <eyecue> Motoko-chan; step one is a deal breaker for me[08:53:41] <eyecue> :][08:53:55] <Motoko-chan> eyecue, I'm not saying to follow each step.[08:54:02] * Motoko-chan prefers Slackware[08:54:05] <eyecue> Motoko-chan; I was joking :][08:54:19] <Motoko-chan> eyecue, if you disable all that, you have basic hashing and that's about it.[08:54:27] <eyecue> Motoko-chan; it has a virtuals section down the bottom through mysql[08:54:39] <Motoko-chan> Yeah. MySQL virtuals are flexible.[08:54:49] <eyecue> Motoko-chan; coolio, and that would be fine with a account count < say a few hundred ?[08:55:03] <Motoko-chan> Yeah, but a pain with multi-domain.[08:55:10] <eyecue> *nods*[08:55:21] <Motoko-chan> I used to manage a sendmail server configured that way[08:55:25] <eyecue> ack.[08:55:27] <Motoko-chan> Merged it into the qmail server.[08:55:34] <Motoko-chan> vpopmail is elegant, but qmail is ugly.[08:55:46] <eyecue> mm, cdb pulls in tinycdb[08:55:47] <eyecue> gah.[08:55:53] *** kkaji` has joined #postfix[08:55:57] <eyecue> Motoko-chan; its really not, but im sure youve been down this argument tree before[08:55:57] <Motoko-chan> postfixwiki.org[08:56:16] <Motoko-chan> That site isn't mentioned much in here, but I like it for the resources it points to.[08:56:27] <eyecue> looks good, appreciate it[08:56:30] <Motoko-chan> Also, check out the tutorials on the dovecot site.[08:56:35] <kkaji`> please help me - http://www.lostworlds.lv/go.php?1139723800[08:56:37] *** kkaji` has left #postfix[08:56:37] <eyecue> been, they are good[08:56:47] <Motoko-chan> Dovecot is a really secure and small pop3/imap daemon.[08:56:52] <Motoko-chan> Oh, fast too.[08:56:57] <eyecue> oh yeh[08:57:00] <eyecue> and it supports kqueue ;)[08:57:04] <eyecue> <3.[08:57:15] <eyecue> i dropped it in to replace courier a while back on my qmail mta[08:57:21] <eyecue> very sex.[08:57:24] <Motoko-chan> Yes.[08:57:27] <Motoko-chan> Did so too.[08:57:42] <Motoko-chan> It is nice when you have 1800+ domains to support.[08:57:47] <eyecue> oh yeh[08:57:50] <Slayerduck> good morning people ;o[08:57:56] <Motoko-chan> If only sieve support and Dovecot LDA could be supported...[08:58:02] <eyecue> mm.[08:58:14] <eyecue> do i want smtp/lmtp test server and generator ?[08:58:18] <Motoko-chan> http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL <-- Bit heavy, but I used that as a guide for a config at one point[08:58:20] *** madrescher has joined #postfix[08:58:33] <Motoko-chan> You don't need the test portions unless you are benchmarking.[08:58:47] <eyecue> roger[08:58:48] <Slayerduck> somebody knows what config i should look into if i get this error?: postfix/trivial-rewrite[5057]: warning: do not list domain advies4you.nl in BOTH mydestination and virtual_mailbox_domains[08:59:30] <Motoko-chan> Note that if you do use SQl and virtual users, that tutorial is outdated on config. Check the Postfix Admin docs on setting it up[08:59:41] <eyecue> Motoko-chan; ii just rememberd dovecot does vpopmail auth, could i plug PF into vpopmail via dovecot ?[08:59:51] <Motoko-chan> PF?[09:00:04] <Motoko-chan> Oh.[09:00:04] <eyecue> postfix[09:00:12] * eyecue fully qualifies frmo now on[09:00:14] <Motoko-chan> Um, not really. vpopmail relies a lot on qmail.[09:00:20] <eyecue> mm. this is true.[09:00:29] <eyecue> it will probably want stuff in /var/qmail[09:00:31] <eyecue> brb[09:00:34] <eyecue> thanks again motoko[09:00:41] <Motoko-chan> There were instructions a while back on running a split environment, but it was too complex to be realistic.[09:00:57] <eyecue> yah, i read up when i first realised id have postfix to support[09:00:59] <Motoko-chan> http://www.inter7.com/vpopmail/postfix.txt[09:01:07] <Motoko-chan> That's old, but still applies.[09:01:14] <eyecue> we're currently running on unix passwd + pop before smtp (ugh) and virtuals.[09:01:28] <eyecue> by virtuals i mean virtuals the file.[09:01:31] <eyecue> :|[09:02:00] <Motoko-chan> Essentially that solution means installing both qmail and postfix, and kinda "hiding" qmail.[09:02:07] <eyecue> yah, i didnt like that[09:02:19] <Motoko-chan> I converted my evironment from file to sql.[09:02:32] <eyecue> seems a tad onerous[09:02:33] <Motoko-chan> Now I can do live lookups on Postfix if I want.[09:02:37] <eyecue> obvious, but onerous[09:02:47] <Motoko-chan> It's a single convert command to make that move.[09:02:59] <eyecue> post config, sure :][09:03:06] <Motoko-chan> I currently have qmail+vpopmail on the mailbox server.[09:03:09] <eyecue> possible to have multiple auth backends while mgirating ?[09:03:13] <Motoko-chan> Postfix is in front scanning for spam.[09:03:21] <Motoko-chan> eyecue, flat to sql?[09:03:27] <Motoko-chan> On vpopmail?[09:03:38] <eyecue> postfix[09:03:41] <Motoko-chan> Oh.[09:03:43] <eyecue> so like, id setup mysql auth[09:03:47] <Motoko-chan> Not sure, never tried.[09:03:49] <eyecue> and keep the passwd db there[09:03:51] <eyecue> as a failover[09:03:54] <eyecue> until migrate complete[09:04:11] <Motoko-chan> My general migration process would be:[09:04:28] <Motoko-chan> (make sure to use clear passwords, it[09:04:35] <Motoko-chan> it'll help in the move)[09:04:36] <eyecue> im not migrating qmail to postfix :)[09:04:40] <eyecue> incase i didnt make it clear[09:04:42] *** f3ew has joined #postfix[09:04:46] <Motoko-chan> I was confused.[09:04:50] * Motoko-chan goes to rest and sleep[09:05:10] <eyecue> s'ok :][09:06:35] *** SARGuy has joined #postfix[09:12:58] *** SARGuy has quit IRC[09:13:14] *** SARGuy has joined #postfix[09:13:38] *** SARGuy has left #postfix[09:19:18] *** polaru has joined #postfix[09:19:43] *** madrescher has quit IRC[09:22:38] *** madrescher has joined #postfix[09:23:23] *** Slayerduck has quit IRC[09:26:46] *** sepski has quit IRC[09:29:16] *** sep has quit IRC[09:31:32] *** sep has joined #postfix[09:32:58] *** sep has quit IRC[09:36:03] *** xabbuh has joined #postfix[09:40:55] *** vys has joined #postfix[09:43:16] *** madrescher has quit IRC[09:44:32] *** acalvo has joined #postfix[09:44:42] <acalvo> Hello[09:44:55] <acalvo> I'm setting up a new mail server in my LAN.[09:45:05] <acalvo> I've working dovecot+postfix with a LDAP backend[09:45:22] <acalvo> but whenever I try to send a new mail using thru SMTP on the new server, it gets relayed to the old server[09:45:47] <acalvo> how can I avoid that every mail I send from the new server gets redirected to the old server?[09:45:48] <acalvo> thanks[09:49:08] *** brancaleone has joined #postfix[09:51:09] *** Motoko-chan has quit IRC[09:54:35] *** Robbie__ has joined #postfix[09:55:04] *** sep has joined #postfix[09:56:53] *** war9407 has joined #postfix[09:57:02] *** sepski has joined #postfix[09:58:07] *** jonez has joined #postfix[10:01:09] *** brancal has joined #postfix[10:02:54] *** brancaleone has quit IRC[10:02:58] *** denis has joined #postfix[10:03:23] *** brancal has quit IRC[10:09:56] *** Nek has joined #postfix[10:12:13] <Nek> Hi all, I'm back with my probleme: http://404past-it.fr/645[10:22:59] *** master_of_master has joined #postfix[10:25:31] *** InsolentDreams has joined #postfix[10:48:06] *** Skaag has joined #postfix[10:53:26] *** InsolentDreams has quit IRC[10:53:35] *** UQlev has joined #postfix[11:00:38] *** eyecue has quit IRC[11:00:55] *** Pinchiukas has left #postfix[11:04:08] *** felix_da_catz has quit IRC[11:07:13] *** hever has joined #postfix[11:08:04] *** clockspider_ has quit IRC[11:08:42] *** clockspider_ has joined #postfix[11:16:53] *** denis has quit IRC[11:17:11] *** brancaleone has joined #postfix[11:17:22] *** denis_ has joined #postfix[11:24:54] *** hugo has joined #postfix[11:33:40] *** eyecue has joined #postfix[11:34:46] <eyecue> ahh[11:34:48] <eyecue> tgif[11:39:02] *** ming_zym has quit IRC[11:40:51] *** nuonguy has quit IRC[11:52:29] *** xabbuh has quit IRC[11:55:02] *** ming_zym has joined #postfix[11:59:59] *** TheAvatar has quit IRC[12:01:40] *** UQlev has quit IRC[12:04:04] *** robtone__ has joined #postfix[12:04:06] *** micols has quit IRC[12:04:09] *** hap has joined #postfix[12:04:14] *** micols has joined #postfix[12:04:28] <hap> hi guys. I'm looking how to pipe emails in aliases to a maildir like directory, without a specific user.[12:04:36] <hap> can't find it, anyone can help ?[12:04:38] *** tore has quit IRC[12:04:49] *** tore has joined #postfix[12:04:50] <hap> something like alias: /my/dir/[12:08:09] *** krix has joined #postfix[12:08:21] <krix> hey[12:08:57] <hap> krix: hi[12:09:14] *** webchaos has joined #postfix[12:10:01] *** webtango has quit IRC[12:11:18] <krix> Just a quick question. I got a postfix smtp gateway working with spamfilter, etc. But i got a problem. I need to do some filtering somehow (not with procmail, no real users on this machine)[12:11:27] *** oekotaco_ has joined #postfix[12:12:00] <krix> i got a aaa at aaa dot com mail sender who sends mail for many of us (in this domain) and i want to redirect this to only 2 address bb at bb dot com cc at bb dot com[12:12:56] <krix> i checked some docs about header_checks and redirection there. I got a working solution (halfly) with some filter on aaa at aaa dot com and REDIRECT to one address, but that isn't working perfectly, because if aaa at aaa dot com send mail to ~50 recipient then the redirect address got all 50 mail instead 1[12:14:09] <krix> so in short, i want that if aaa at aaa dot com sends a mail, then redirect it to bb at bb dot com and cc at bb dot com , any idea or url or docs? :) (already read header_chekcs , address rewriting, filter readme's)[12:14:34] *** ^shark_ has left #postfix[12:16:09] *** TheAvatar has joined #postfix[12:18:03] *** robtone_ has quit IRC[12:20:31] *** knoba has quit IRC[12:20:37] *** knoba` has joined #postfix[12:22:16] *** knoba` is now known as knoba[12:22:33] *** Zborg_ has joined #postfix[12:23:22] *** GoGi has joined #postfix[12:25:41] *** war9407 has quit IRC[12:26:53] *** webchaos has quit IRC[12:27:02] <f3ew> sender_bcc_maps?[12:28:59] *** war9407 has joined #postfix[12:29:24] *** Nek has left #postfix[12:35:48] *** Zborg has quit IRC[12:43:35] *** xabbuh has joined #postfix[12:50:42] *** oekotaco_ is now known as oekotaco[12:51:18] *** Quadro has quit IRC[12:59:54] *** bluethundr_ has joined #postfix[13:00:18] *** bluethundr_ has quit IRC[13:00:43] *** gerhard7 has quit IRC[13:04:26] *** ming_zym has quit IRC[13:10:53] *** Zerberus has quit IRC[13:14:27] *** Zerberus has joined #postfix[13:15:45] *** jtrm has joined #postfix[13:17:19] *** Pazzo has joined #postfix[13:24:18] *** yajith has left #postfix[13:34:01] *** acalvo has quit IRC[13:34:09] *** krix has left #postfix[13:36:12] *** noocx has joined #postfix[13:36:14] <noocx> hi[13:36:51] *** UdontKnow is now known as root[13:38:15] *** saurabhb has quit IRC[13:40:02] <noocx> i get mail from 1 specific sender, she sends it for 20+ recipients, can you tell me how can i rewrite these mails to be delivered only for 1 recipient?[13:41:24] *** alys has joined #postfix[13:43:13] <noocx> is regexp_table good for me?[13:43:45] *** psteyn has quit IRC[13:43:54] *** alys has quit IRC[13:45:09] *** stephan48 has joined #postfix[13:45:37] *** dinopsys has joined #postfix[13:46:00] *** dinopsys is now known as Guest20470[13:46:24] *** cpm has joined #postfix[13:46:31] *** Guest20470 is now known as dinopsys[13:47:35] *** jtaji has quit IRC[13:49:04] *** Quadro has joined #postfix[13:50:48] *** Pinchiukas has joined #postfix[13:51:36] <Pinchiukas> Anyone care to explain what virtual_alias_domains does? I'm not comprehending http://www.postfix.org/postconf.5.html#virtual_alias_domains . :)[13:52:00] *** gerhard7 has joined #postfix[13:54:21] *** micols has quit IRC[13:54:55] *** micols has joined #postfix[13:55:43] *** vys has quit IRC[13:55:56] <pingouin> Pinchiukas: look at this maybe : http://workaround.org/articles/ispmail-etch/#virtual-domains-versus-local-domains[13:56:39] <Pinchiukas> Ok, will do.[13:57:04] *** LinuxCode has joined #postfix[13:57:55] <noocx> header_checks is my friend[13:57:56] <noocx> thank you[13:57:57] <noocx> bye[13:57:59] <noocx> :)[13:58:29] *** noocx has left #postfix[14:18:11] *** burnersk has joined #postfix[14:18:47] *** loddafnir has quit IRC[14:20:43] *** _xous has joined #postfix[14:24:01] *** web_knows is now known as uebi[14:28:24] *** xous has quit IRC[14:28:39] *** _infidel has joined #postfix[14:29:24] *** webtango has joined #postfix[14:32:47] *** thermoman is now known as thermoman___[14:34:55] *** Zblakany_ has joined #postfix[14:37:17] *** Muhis has joined #Postfix[14:40:40] *** xous has joined #postfix[14:45:12] *** _xous has quit IRC[14:52:38] *** Zblakany has quit IRC[14:55:08] *** root is now known as UdontKnow[14:58:10] <rob0> !virtual_alias_domains[14:58:10] <knoba> rob0: "virtual_alias_domains" : a configuration parameter in the main.cf: Optional list of names of virtual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains.[14:58:24] <rob0> !virtual[14:58:25] <knoba> rob0: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[14:58:29] *** Pazzo has quit IRC[14:58:56] <rob0> Pinchiukas: see the "virtual alias class" in that ^^ document.[15:08:49] *** Southron has joined #Postfix[15:08:55] *** jtrm has quit IRC[15:10:35] *** LinuxCode has quit IRC[15:16:41] *** Slayerduck has joined #postfix[15:22:53] *** jens__ has quit IRC[15:47:35] *** tjado has quit IRC[15:50:01] *** hever has quit IRC[15:50:29] *** hever has joined #postfix[15:51:23] <Pinchiukas> rob0: that sentence is the one which my english language parser isn't parsing. :)[15:55:51] <rob0> !tell Pinchiukas virtual[15:56:09] <rob0> ooops, no, it's the following one, not !virtual[15:56:16] <rob0> !address_class[15:56:16] <knoba> rob0: Error: "address_class" is not a valid command.[15:56:19] <rob0> !address_classes[15:56:20] <knoba> rob0: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[15:56:48] <rob0> but, !virtual is important too.[16:02:34] *** denis_ has quit IRC[16:04:01] *** denis_ has joined #postfix[16:04:35] *** denis_ has quit IRC[16:05:59] *** denis_ has joined #postfix[16:06:44] *** gerhard7 has quit IRC[16:11:57] *** samix has joined #postfix[16:19:10] *** iasmina has quit IRC[16:19:23] *** iasmina has joined #postfix[16:20:39] *** thermoman___ is now known as thermoman[16:23:11] *** dinopsys has quit IRC[16:26:54] *** Zblakany_ is now known as Zblakany[16:28:55] *** mefiX has left #postfix[16:38:06] *** cilly has quit IRC[16:38:11] *** cilly has joined #postfix[16:38:50] *** hugo has quit IRC[16:42:07] *** seekwill has joined #postfix[16:42:32] *** ctineo has joined #postfix[16:45:00] *** cilly has quit IRC[16:50:55] *** gerhard7 has joined #postfix[16:55:50] *** theblackbox has quit IRC[16:58:05] *** sophokles has quit IRC[16:59:56] *** vys has joined #postfix[17:02:37] *** Section1 has joined #postfix[17:02:54] *** loddafnir1 has joined #postfix[17:03:18] *** CrazyFoam has quit IRC[17:06:56] *** brancaleone has quit IRC[17:07:32] *** kim0 has joined #postfix[17:08:11] <kim0> Hi everyone .. can someone please help me debug an issue .. postfix is ignoring /etc/aliases .. email sent to "root" ends up being sent to "root at mycompany dot com" which is wrong![17:10:45] *** makerc has joined #postfix[17:16:07] *** Slayerduck has quit IRC[17:17:53] *** hparker has joined #postfix[17:18:02] <rob0> !tell kim0 welcome[17:19:54] <Pinchiukas> !welcome[17:19:54] <knoba> Pinchiukas: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[17:24:39] *** CrazyFoam has joined #postfix[17:26:19] *** pickcoder has joined #postfix[17:29:15] *** amrit is now known as amrit|wfh[17:30:02] *** hever has quit IRC[17:30:42] *** hever has joined #postfix[17:34:08] *** xabbuh has quit IRC[17:36:26] *** vys has quit IRC[17:36:34] *** vys has joined #postfix[17:38:39] *** Robbie__ has quit IRC[17:38:47] *** Robbie has joined #postfix[17:53:04] <scooby2> can you whitelist by domain if you wait to reject until after rcpt to?[17:53:58] <lunaphyte> sure[17:55:31] <pickcoder> great.. Athena Power put the wrong model label on this power supply carton[17:56:15] <rob0> Define "whitelist by domain", but sure, you can, if you know what you mean when you say that.[17:56:49] *** hparker has quit IRC[17:57:17] <rob0> Also, why is whitelisting needed? Usually it shouldn't be. Maybe you're using restrictions which are too aggressive for your needs?[17:57:27] *** hparker has joined #postfix[17:58:07] <scooby2> our main sysadmin is anal and requires reverse dns[17:58:15] *** p3rror has joined #postfix[17:58:21] <twobithacker> reverse DNS is a good thing[17:58:45] *** Robbie has quit IRC[17:58:57] <scooby2> way too restrictive but i'm new so I am trying to whitelist about 25 domains that cannot send us email (Including four Fortune 500 companies)[17:59:11] <scooby2> i have found ips for a couple of them[17:59:43] <scooby2> you would laugh if you knew how old this postfix is[18:00:57] *** polaru has quit IRC[18:01:29] <pickcoder> fcrDNS is becoming a standard "requirement" for mail[18:01:42] <pickcoder> even though most of the admins that run mail servers don't know[18:01:49] <pickcoder> heh[18:02:06] <pickcoder> I just dropped DNS rejections due to the number of problems we've been having this month[18:02:20] <scooby2> i agree but when it stops important email you need to either drop it or whitelist[18:02:22] <pickcoder> I don't care if they can't send mail to Yahoo[18:02:29] <rob0> I think reject_unknown_reverse_client_hostname (not available on ancient Postfix) is safe now.[18:02:40] <pickcoder> rob0: heh.. ok[18:02:47] <pickcoder> feel free to test it[18:02:48] *** sjrussel has quit IRC[18:03:12] <pickcoder> so far I've seen everything from no DNS at all to fcrDNS that spanned 4 IPs and several domains[18:03:27] <scooby2> is it check_sender_access that I want to whitelist ips?[18:03:47] <rob0> But, reject_unknown_client_hostname (require FCrDNS, known as reject_unknown_client in old versions) is still not quite safe. Eventually.[18:03:54] <rob0> 15:56 < rob0> Define "whitelist by domain", but sure, you can, if you know what you mean when you say that.[18:04:09] <rob0> You didn't really answer that.[18:04:30] <rob0> check_sender_access is not a good idea for whitelisting.[18:04:36] *** _xous has joined #postfix[18:04:47] *** burnersk has quit IRC[18:04:52] <rob0> check_client_access is probably what you want.[18:05:08] <scooby2> like all mail from allstateautoclub.com[18:05:36] <scooby2> or all mail from 96.57.78.168/29[18:05:56] <rob0> What is "mail from allstateautoclub.com"? You mean when a spammer does a run using senders at allstateautoclub dot com?[18:06:01] <rob0> there you go[18:06:32] <scooby2> well once I have maillogs on what ips they are using, I can change it from domain to ip addresses[18:06:51] <scooby2> obviously domains can be easily spoofed[18:07:04] <rob0> check_client_access *is* what you want.[18:07:29] <scooby2> that is it. thanks[18:07:44] <scooby2> my postfix is rusty after being forced to use qmail for 2 years[18:11:15] <rob0> The qmail equivalent is those cdb files. That's ONE thing that actually is possible in qmail.[18:11:34] <rob0> I think LWQ kept client access rules in /etc/tcp.smtp[18:12:24] <rob0> I've been out of qmail for ~5 years, but qmail has not changed in that time. :)[18:14:44] *** clockspider_ has quit IRC[18:15:31] *** xous has quit IRC[18:15:33] *** spectre has joined #postfix[18:15:37] <spectre> hey all[18:16:05] <spectre> i'm trying to integrate a postfix mail server (deb lenny) with a 2000 active directory environment[18:16:26] <spectre> is there a good way to do that?[18:16:34] <lunaphyte> !tell spectre ldap[18:16:42] <spectre> i'm aware of ldap[18:16:58] <spectre> but is there a GOOD way to hook the two up using ldap?[18:17:02] <rob0> You need to read the LDAP_README.[18:17:13] <spectre> is that in my postfix docs?[18:17:19] <rob0> and it will refer you to ldap_table(5)[18:17:42] <lunaphyte> what do you mean a "good" way? the good way is the way that works for you.[18:18:00] <spectre> if i create/modify/delete a user in AD will the changes reflect in my postfix system?[18:18:07] <lunaphyte> it can, sure.[18:18:15] <spectre> great![18:18:27] <spectre> is that a hack? or standard implementation stuff?[18:18:27] <lunaphyte> but if you'd read the LDAP_README, you'd probably know that.[18:18:40] <spectre> sorry, i'm a bit of a newb :p[18:18:44] <lunaphyte> dude. please don't treat the people here like encyclopedias.[18:18:48] <spectre> didn't realize it was built in[18:19:05] <rob0> LDAP in Postfix is not new. And mail administration is simple.[18:19:29] <spectre> heh[18:19:30] <spectre> ok[18:19:38] <spectre> thanks for the newb friendly service?[18:19:40] <spectre> ;o[18:19:46] <spectre> i'll read up[18:20:12] <spectre> i just wanted to ask about feasability before i made the effort[18:20:19] <spectre> thanks! :P[18:21:22] <lunaphyte> that's a fair enough question. it is indeed completely feasible, and with some effort and consideration, can actually integrate quite well.[18:22:02] <rob0> Although, we hear a lot about quirks in MS AD vs. truly standards-compliant LDAP.[18:24:45] <spectre> ah[18:25:05] <spectre> i basically just want to stop having to create/modify/delete users twice[18:25:19] <spectre> nothing more than that functionality is really needed for me[18:25:52] <spectre> my real headache is going to be the actual account migration, i think :p[18:26:17] <spectre> since the mail account names and ad names do not usually match[18:26:34] <spectre> (i've walked into a messy it system and am trying to clean it up :p)[18:26:51] <lunaphyte> yeah. depending on the particulars, it may require a bit of ingenuity. when i helped the it folks at my last job replace a subscription-ware mail firewall with postfix, it took some creativity, but in the end i was able to configure things such tat they were still able to administer virtually everything from within their little windows world.[18:26:51] *** jluedke_ has quit IRC[18:27:39] <lunaphyte> if you approach things sensibly, i doubt any migrating you might do will be at all related to postfix.[18:27:54] <lunaphyte> *that[18:28:29] <spectre> well, hmm[18:29:09] <spectre> so say i somehow map user accounts to their corresponding ad accounts and inject the mail account as their ad account email field, that'll still be daunting but do-able[18:29:28] <lunaphyte> my sense is that you're overcomplicating it.[18:30:03] <spectre> prolly :p i've never even attempted this kind of thing before[18:30:43] <lunaphyte> are you experienced with linux?[18:30:49] <spectre> yes[18:31:18] <spectre> and can work magic with bash scripts and such if need be, just unfamiliar with the conceptuals of the migration[18:31:49] <lunaphyte> yeah, you won't need to do anything of that sort.[18:32:08] <lunaphyte> are you a mail admin?[18:32:20] <spectre> well, i administer our system[18:32:38] <spectre> deb+postfix+dovecot+postgrey+rbl+clamav+sa etc[18:32:51] <spectre> did a mbox to maildir convert earlier in the year[18:33:29] <spectre> but i consider myself a newbie[18:33:41] <spectre> just because i know how much i don't know[18:35:17] <spectre> but one thing i need to tackle here is creating a central ldap setup so all our systems are in sync[18:35:49] <spectre> we use ad2000 and radius etc for certain stuff, fileserver is currently ms based and i'd like to do that too[18:36:23] <spectre> but right now our biggest issue is the lack of sync between mail and the rest of the existing ad[18:37:28] *** kim0 has quit IRC[18:38:32] <lunaphyte> well, go ahead and get started, there's plenty of good documentation to help you along.[18:39:15] <spectre> thanks for the info :)[18:42:55] *** githogori has quit IRC[18:47:30] *** InsolentDreams has joined #postfix[18:47:51] <scooby2> Anyone know which version of postfix implemented reject_rbl_client ?[18:48:37] <rob0> 1.x probably[18:48:44] <scooby2> hrm[18:50:10] <scooby2> let me paste bin these. Maybe there is a typo but I dont see the rbl's ever getting hit in the logs.[18:51:49] <scooby2> next step is upgrade postfix but I need to clean up spam first.[18:51:51] <scooby2> http://pastebin.com/d3b2bf6e3[18:53:08] *** jtrm has joined #postfix[18:53:23] *** InsolentDreams has quit IRC[18:54:23] *** vys has quit IRC[18:54:57] <rob0> A regexp recipient access file? What does that do? And a client access file named, "sender_access", huh?[18:55:44] <rob0> The recipient_access and the client.cidr files each have the potential to bypass the reject_rbl_client.[18:55:48] *** tjado has joined #postfix[18:57:58] <scooby2> I just started. Its what I inherited:/[18:58:09] <scooby2> I think its the recipient_access overriding it[18:59:24] <scooby2> they list every email in recipient_access and say OK and then at the bottom it has a REJECT for everything else at our domain[19:00:42] *** burnersk has joined #postfix[19:01:29] <seekwill> Anyone have experience running multiple postfix instances in Solaris zones?[19:02:58] <rob0> Well, don't make excuses. Read those files, find out what they do.[19:03:13] <rob0> yeah, sounds like a kludge[19:03:58] <rob0> like a lame attempt to do recipient address validation (which is a good thing, but best to do it the documented way.)[19:04:02] <rob0> !access[19:04:02] <knoba> rob0: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[19:04:28] <scooby2> i'm in the process of building two new mail servers so it will be a good chance to do things the right way[19:04:44] <rob0> regexp is a lousy choice, really.[19:05:28] <rob0> You could s/OK/DUNNO/ ... quick fix[19:05:29] <scooby2> they arent even really using regexps either[19:06:55] <rob0> or, simply take that lookup out of smtpd_recipient_restrictions and rely on the same one being done in smtpd_client_restrictions[19:08:04] <scooby2> that is probably best[19:09:32] <scooby2> thank you for the help[19:10:52] *** makerc has quit IRC[19:12:18] *** blackflag has quit IRC[19:15:40] *** cps0 has joined #postfix[19:29:19] * cpm relies on rob0[19:30:37] * rob0 is unreliable[19:31:29] <thumbs> no, seekwill is unreliable[19:33:12] * pickcoder is unreliably reliable[19:33:15] *** AbsoluteBeginner has joined #postfix[19:33:30] <seekwill> thumbs DOES NOT PLAY DTD WITH ME ANYMORE :([19:33:48] <thumbs> seekwill: too busy[19:33:55] <thumbs> seekwill: I have no time to play games[19:33:58] <seekwill> thumbs: Oh yeah, but IRC... no problem...[19:33:59] <seekwill> :([19:34:18] <thumbs> seekwill: can't play games during the day[19:34:20] <seekwill> thumbs: It's fine. I found another game[19:34:41] <seekwill> thumbs: But you're never home at night. Always out with friends, hooking up with girls at the club... :([19:34:48] <thumbs> yeah[19:34:57] <seekwill> And even a three way with FB+wife :([19:35:03] <thumbs> no.[19:35:14] <seekwill> Well, that's what they all think now :)[19:35:15] <rob0> thumbs is disagreeable[19:35:27] <thumbs> seekwill: you're just silly.[19:35:37] <seekwill> wakka wakka[19:37:14] <rob0> Fozzie Bear, the same actor as Master Yoda, is. Frank Oz. Scary? It gets worse. He's also Miss Piggy.[19:37:33] * cpm is worse than rob0[19:39:06] *** tjado has quit IRC[19:39:15] *** tjado has joined #postfix[19:40:21] <pickcoder> rob0: Mel Blanc had more personalities than that. Was he scary too?[19:40:36] <pickcoder> he was also allergic to carrots[19:43:00] <rob0> Mel Blanc's personalities were all light humor. So no, he wasn't scary, especially when he tried to be (Yosemite Sam.)[19:44:59] *** samix has quit IRC[19:49:23] *** Zordrak_ has joined #postfix[19:52:20] *** Zordrak has quit IRC[20:01:40] *** AbsoluteBeginner has quit IRC[20:08:32] *** denis_ has quit IRC[20:23:54] *** jtrm has quit IRC[20:25:54] *** vys has joined #postfix[20:29:10] *** cps0 has quit IRC[20:30:55] *** burnersk has quit IRC[20:33:26] <tjado> how i can run the postfix master process under a different user and not as root?[20:33:56] *** nuonguy has joined #postfix[20:41:42] *** jluedke has quit IRC[20:45:22] <rob0> That's not possible.[20:46:22] <tjado> oh great :D[20:47:01] * cpm runs rob0[20:47:31] <tjado> and why there is a need to run postfix under root? dont explain that with port 25... thats useless :D[20:48:30] <cpm> write Weitse and ask him[20:52:21] <tjado> cpm: okay thanks but is this a tipp or only to get me away? :P[20:53:45] <cpm> Weitse frequents the postfix mailing list, and has all the answers. If you really want to know. Ask him.[20:54:05] <tjado> cpm: okay thanks :)[20:54:45] <Zerberus> http://www.irbs.net/internet/postfix/0706/1024.html[20:54:47] <KB1JWQ> tjado: Why not run it as root, security?[20:54:57] <KB1JWQ> Remember, only the master process runs as root. :)[20:55:56] <tjado> Zerberus: thanks :)[20:56:22] <tjado> KB1JWQ: ye i know, but now i see the need for it in Zerberus link[20:56:29] <rob0> Bind port 25 is one reason, local(8) running as user is another.[20:56:38] <tjado> rob0: port 25 is no reason[20:56:50] <KB1JWQ> tjado: Riiiight.[20:57:13] <KB1JWQ> tjado: How, pray tell, would you get it to bind to a port under 1024 without root access?[20:57:45] <lunaphyte> often, programs will bind to the port and then drop privileges.[20:58:07] <tjado> KB1JWQ: RBAC[20:58:15] <rob0> There are lots of ways to approach the issue. This is how Wietse did it.[20:58:16] <tjado> as an example...[20:58:56] <KB1JWQ> tjado: Oh yes. Because THAT'S easy to port universally to all of Postfix's supported platforms.[20:59:29] *** loddafnir1 has quit IRC[20:59:35] <tjado> KB1JWQ: no, but the port shouldnt be used for a reason to run it under root.[20:59:40] <cpm> look, just ask Weitse[20:59:47] <Zerberus> lunaphyte: and how does such a programm spawn a new process binding to the low port, if the main did loose root be setuid/setgid?[20:59:48] <cpm> no reason to argue about it.[21:00:38] *** _infidel_ has joined #postfix[21:01:15] <tjado> Zerberus: why the main should lose the binding port?[21:02:11] <Zerberus> tjado: it does not loose the binding, that would be stupid - but new processes must be able to bind to that port[21:02:34] <tjado> Zerberus: how can serveral processes bind to one port?[21:03:59] <Zerberus> tjado: I am not a programmer, but apache does so, postfix does so, each applications which scales dynamically[21:05:24] <lunaphyte> Zerberus: it's not *all* aspects of privileged operation, of course. but given a reasonably recent version of linux, bind() will allow for privileged ports to be retained after setuid(). named is one example of this.[21:06:19] <tjado> Zerberus: why you ask then a programmer question? :P as far as i think the childs only process the work and havent anythink to do with the listening[21:07:00] <rob0> Um, YOU are the one asking the questions here.[21:07:16] <lunaphyte> it seems to me that it might make sense to better understand postfix, it's internals, and the rationale behind such behavior before spending time passing judgement on it.[21:09:03] <tjado> rob0: he asked a other question that hasnt anything to do with the answer of my question that is already answered....[21:10:50] *** _infidel has quit IRC[21:12:47] * cpm ducks as that one flies right over his head[21:13:12] <Zerberus> tjado: I asked because I like to understand the technical aspects; I know daemon which loose root permissions like ISC named and others which don't like apache[21:13:16] <rob0> DUCK SEASON! <BLAM>[21:13:29] * cpm runs away[21:13:58] * cpm keeps a careful eye on rob0 who is looking more and more like Dick Cheney[21:14:02] <rob0> wob0 will get that wascawy duck![21:14:26] <rob0> Cheney only shoots lawyers. He's my hero.[21:14:30] <Zerberus> if you have a gun, everything looks like a target ;)[21:14:37] <cpm> heh[21:16:00] <tjado> Zerberus: ye sry, my question wasnt one that needed to be answered ;)[21:16:57] <rob0> There have been murmurs regarding a "Postfix lite", which might be virtual-only, and would be easier to run as non-root.[21:17:28] <rob0> Be aware, though: said project has NOT been announced.[21:17:56] *** AcTiVaTe has quit IRC[21:18:32] <thumbs> rob and his rumours.[21:18:54] <rob0> I got thrown out of a boarding house for spreading roomers![21:18:57] <cpm> sheesh[21:19:45] <tjado> hm better is to pull the ethernet cable :D[21:20:20] <rob0> That will dramatically improve the security of any networked computer.[21:20:53] <lunaphyte> it's like bread and toast though.[21:20:55] <rob0> It's not a panacea, but it does eliminate a certain type of attack.[21:28:45] *** _infidel_ has quit IRC[21:31:34] *** webtango has quit IRC[21:33:04] * cpm attacks rob0[21:33:48] *** _infidel has joined #postfix[21:35:36] *** vys has quit IRC[21:39:01] <pickcoder> is the ocr filter that works with SA worth investigating?[21:39:27] <lunaphyte> you're talking about fuzzyocr?[21:42:54] *** iasmina has quit IRC[21:42:54] *** pingouin has quit IRC[21:42:54] *** klem has quit IRC[21:42:54] *** ralfgro_ has quit IRC[21:42:54] *** aglet has quit IRC[21:42:54] *** Signum has quit IRC[21:42:54] *** tris has quit IRC[21:42:55] *** cpbills has quit IRC[21:42:55] *** SteveC has quit IRC[21:42:55] *** SkyLeach has quit IRC[21:42:55] *** tibyke has quit IRC[21:42:55] *** lysander has quit IRC[21:42:55] *** cafuego has quit IRC[21:42:55] *** kenyon has quit IRC[21:42:55] *** freaky[t] has quit IRC[21:42:55] *** Meliorator has quit IRC[21:42:55] *** rob0 has quit IRC[21:43:23] *** CrazyFoam has quit IRC[21:43:27] *** jluedke has joined #postfix[21:43:55] *** lysander has joined #postfix[21:44:12] *** SteveC has joined #postfix[21:44:16] *** rob0 has joined #postfix[21:44:39] *** tris has joined #postfix[21:44:39] *** kenyon has joined #postfix[21:44:40] *** cpbills has joined #postfix[21:44:47] *** Meliorator has joined #postfix[21:44:58] *** ralfgro has joined #postfix[21:45:00] *** pingouin has joined #postfix[21:45:03] *** Signum has joined #postfix[21:45:05] *** cafuego has joined #postfix[21:47:19] * pickcoder sends a case of dusters to freenode[21:47:24] *** CrazyFoam has joined #postfix[21:48:38] *** cpm has quit IRC[21:50:25] <seekwill> pickcoder: Send the french maid uniforms too[21:56:34] *** freaky[t] has joined #postfix[22:00:29] *** jimmygoon has joined #postfix[22:01:02] *** kim0 has joined #postfix[22:03:49] *** loddafnir has joined #postfix[22:08:29] *** jimmygoon has quit IRC[22:17:21] *** jetole has quit IRC[22:17:51] *** jetole has joined #postfix[22:22:48] *** webtango has joined #postfix[22:30:51] *** jetole has quit IRC[22:31:41] *** jetole has joined #postfix[22:33:23] <tjado> Aug 14 22:30:52 blubbbbb postfix/pipe[59774]: fatal: get_service_attr: unknown group: mail[22:33:30] <tjado> the group exist[22:33:34] <tjado> has someone an idea?[22:34:55] *** Vog has joined #postfix[22:36:47] *** hever has quit IRC[22:37:06] *** hever has joined #postfix[22:38:16] <lunaphyte> !tell tjado chroot[22:39:02] <tjado> lunaphyte: i dont use chroot[22:39:25] <lunaphyte> darn. oh well. that was the only guess you get.[22:40:09] <lunaphyte> i think you received help here earlier, right? so you know the drill then?[22:41:18] <tjado> lunaphyte: i dont know what you want to say with this ;)[22:41:34] <lunaphyte> !error report[22:41:34] <knoba> lunaphyte: "error report" : show a relevant log entry and postconf -n. Do not flood the channel. Do not obfuscate.[22:46:58] <tjado> http://pastebin.com/d41cff6f2[22:46:59] <tjado> :)[22:52:34] <lunaphyte> also show master.cf[22:54:34] <tjado> lunaphyte: http://pastebin.com/d2c4c7557[22:57:07] <Verilium> Hmm, if I have different MX records for a destination host, and postfix tries the lowest MX record, can't reach it, tries the next MX record, can't reach it, it'll queue the mail up. But will the retry be done on the lowest MX record, or the next MX record?[22:57:48] <lunaphyte> it will repeat the process.[22:58:39] <Verilium> Ok, I was wondering if it would only retry on the 2nd MX record or so. Allright, thanks.[23:00:17] <lunaphyte> tjado: what does getent passwd vmail say?[23:00:51] <tjado> lunaphyte: vmail:*:150:150:Mail User:/mail/virtual:/usr/sbin/nologin[23:02:11] <lunaphyte> well, you might try adding some verbosity to the process.[23:02:26] <tjado> hm maybe traceing[23:02:28] <tjado> :P[23:07:51] <standon> Verilium: no it retries on whatever the lowest happens to be at time of retry.[23:10:39] *** deadpigeon has quit IRC[23:10:53] *** jiffe has joined #postfix[23:12:38] *** hparker has quit IRC[23:13:05] <tjado> lunaphyte: idea how to get verbosity on the pipe?[23:13:06] <jiffe> can postfix run in a clustered arrangement with shared storage?[23:13:15] <standon> jiffe: sure.[23:14:00] <jiffe> ok, I see people talking about a hot standby type setup, but not much about clustering[23:18:01] *** loddafnir has quit IRC[23:20:17] *** Southron has left #Postfix[23:21:43] * Verilium nods.[23:21:46] <Verilium> Thanks.[23:21:49] *** AbsoluteBeginner has joined #postfix[23:22:42] *** gerhard7 has quit IRC[23:23:53] <standon> Verilium: np bud. :P[23:32:10] *** stephan48 has quit IRC[23:32:30] *** micols has quit IRC[23:33:29] *** klem has joined #postfix[23:34:54] *** uebi has quit IRC[23:38:44] *** Section1 has quit IRC[23:43:24] <pickcoder> lunaphyte: yeah, fuzzy ocr[23:43:37] <pickcoder> we're getting a lot of image spam since I've yanked the DNS rejections[23:48:26] <tjado> Fatal: setgid(6) failed with euid=150(vmail), gid=150, egid=150: Operation not permitted[23:48:30] <tjado> ......[23:49:00] <tjado> i removed from the master conf the group on the dovecot line[23:51:13] <pickcoder> standon: how do you accomplish that?[23:52:25] <standon> pickcoder: accomplish *what*?[23:52:38] <pickcoder> shared storage and clustering[23:53:07] <standon> pickcoder: where did i insinuate *I* ran postfix in a shared storage and/or clustering environment?[23:53:16] <pickcoder> you answered that it was possible[23:53:23] <standon> pickcoder: yes. and?[23:53:32] <pickcoder> so I would determine from your response that you would know how to[23:53:42] <standon> poor inference on your part.[23:53:47] <pickcoder> otherwise, why would you answer yes[23:54:05] <standon> *sigh* really?[23:54:12] <pickcoder> yes[23:54:13] <standon> i know that people have landed on the moon, but i've never done it myself.[23:54:22] <standon> need i continue with this line of logic?[23:54:28] <pickcoder> you assume that people have landed on the moon, but lets not go there[23:54:36] <standon> oh my.[23:54:38] <pickcoder> :)[23:54:58] <pickcoder> I'm actually interested in clustering design[23:54:59] <standon> not another hermit who contests things like this, please.[23:55:10] <standon> pickcoder: that's cool.[23:55:19] <standon> good luck with that, i guess?[23:55:28] * standon has never had the need.[23:56:19] <pickcoder> me neither, but I have been working on a DB-based storage and clustering design[23:56:24] <pickcoder> to compete with DBMail[23:56:49] <pickcoder> and I don't think that NFS for the queue is considered "clustering"[23:56:59] <pickcoder> rather, I wouldn't trust NFS to something like that[23:58:10] * standon doesn't trust NFS except for storing homedirs for people whose data i don't care about. :P[23:58:47] <tjado> there are some nice DB cluster solutions with NFS ;)[23:58:54] <rob0> The moon landing was staged on the grassy knoll![23:58:58] <pickcoder> tjado: hopefully they are free[23:59:14] <tjado> pickcoder: hehe no ;D[23:59:14] <rob0> By Elvis impersonators![23:59:44] * pickcoder exports /dev/rob0 via NFS