August 16, 2009 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 16, 2009 [00:08:25] *** pingouin has quit IRC[00:15:26] *** denis_ has quit IRC[00:15:26] *** denis__ has quit IRC[00:17:03] *** farchanjo has joined #postfix[00:20:51] *** GoGi has joined #postfix[00:21:53] *** pingouin has joined #postfix[00:25:08] *** swarog_ is now known as swarog[00:45:36] *** uqlev has quit IRC[00:49:24] *** farchanjo is now known as archanjo[00:50:13] *** archanjo is now known as farchanjo[00:50:45] *** farchanjo is now known as archanjo[00:51:02] *** brancaleone has joined #postfix[00:51:03] *** archanjo has quit IRC[00:51:27] *** plndra is now known as plundra[00:52:43] *** archanjo has joined #postfix[00:58:53] *** archanjo is now known as farchanjo[01:01:05] *** madrescher has quit IRC[01:02:40] *** farchanjo has quit IRC[01:05:01] *** farchanjo has joined #postfix[01:17:37] *** GoGi has quit IRC[01:18:42] *** paulez has quit IRC[01:20:07] *** Zeit|awy has joined #postfix[01:20:52] *** paulez has joined #postfix[01:27:22] *** stephan48 has quit IRC[01:32:02] *** war9407 has quit IRC[01:38:46] *** GoGi has joined #postfix[01:39:07] *** LinuxCode has quit IRC[01:42:27] *** loca|host has joined #postfix[01:42:41] <loca|host> hello all[01:43:15] <loca|host> howto permit postfix to relay any mail without checking if source host is in "mynetworks"[01:43:37] <jeev> eh[01:43:42] <jeev> give me your ip then when your server is functioning[01:44:06] <loca|host> only ip ?[01:44:33] *** farchanjo has quit IRC[01:45:03] <jra> you might want to read up on "SMTP AUTH"[01:45:27] <loca|host> i aint get it authenticated SMTP[01:45:40] <loca|host> i want to open my relay to any host wanting to send an email[01:45:57] <jeev> why would you want to do that[01:46:13] <loca|host> long story :([01:46:38] <jeev> well, im sure i'll see you in the major rbl listings soon[01:48:39] <loca|host> my mobile operator provides "push mail" ONLY service, subscribers are obliged to buy a MS Exchange or Lotus shits to get the emailing service on handsets ... i aint buy that, i have an IMAP/SMTP classic solution, the operator is forbidding port 110 and 25, a clever way to block handsets and not letting them connect[01:49:33] <jeev> you odnt have ssl options ?[01:49:35] <jeev> ssltls[01:49:38] <loca|host> so i made a relay in my office frontal server, listening on a different port than 25, i'll be putting the office's host and the relay port to relay my mails from my handset[01:50:29] <loca|host> jeev, standard ports are closed by the operator, ssltls or clear, it should be on a non standard port[01:51:01] <jeev> 465-587[01:51:10] <jeev> those are closed?[01:51:49] <loca|host> yes[01:52:25] <rob0> How are you going to protect this open relay? Just hope no one finds your nonstandard port?[01:52:56] <loca|host> yeah .. that's my greatest issue rob0[01:53:30] <loca|host> but anyway, my primary objective is to get my email working on my and collegue's handsets[01:53:51] <loca|host> security is next step[01:54:12] <rob0> Once it is found, you are in a world of hurt, probably will get kicked off by your ISP, and maybe sued.[01:54:31] <jeev> i'd rahter have my testicled mauled by rabid possoms than do what you're about to do[01:54:42] <loca|host> :)[01:54:57] <loca|host> ok so what do you advise me doing ?[01:54:59] <rob0> (it's probably a ToS violation, and in many places they could sue and win.)[01:55:21] <jeev> get blackberry's[01:55:30] *** loddafnir has quit IRC[01:55:48] <rob0> I don't know what to recommend, if you can't do regular auth. Buy something else?[01:56:25] <loca|host> ohhh[01:56:35] <loca|host> jeev, we were on blackberrys[01:56:41] <loca|host> and that was a big shit[01:56:45] <jeev> how so[01:56:48] <rob0> Why can't you AUTH on a nonstandard port?\[01:56:55] <loca|host> at least for the country where i am :)[01:57:03] <loca|host> laws make blackberry unusable[01:57:15] *** GoGi has quit IRC[01:57:36] <rob0> Tunisia?[01:57:40] <loca|host> yes[01:58:29] <loca|host> 1. Its forbidden to get your email hosted outside the country, in my case, we're hosted at google corporate apps[01:59:05] <loca|host> 2. When you're with an ISP, you can only use its SMTP, no way to relay on any other SMTP inside or outside the country[01:59:35] <loca|host> 3. Forget about that RIM's VPN, no way to get a VPN and circulate data without any control[01:59:52] <loca|host> 1 + 2 + 3 = nothing works on BB[02:00:19] <loca|host> except pushing mail, and even with this, (1) is mandatory :)[02:00:29] <loca|host> even if you got a BES at your office[02:01:07] <loca|host> so we tryed the blackberry solution for 15 days and then switched to Nokia E71, the free feeling ...[02:06:54] <jeev> move![02:07:00] <rob0> haha[02:07:25] *** jra has quit IRC[02:07:25] *** jwit has quit IRC[02:07:25] *** iasmina has quit IRC[02:07:25] *** aglet has quit IRC[02:07:25] *** SkyLeach has quit IRC[02:09:45] *** Vince42 has quit IRC[02:10:36] *** jwit has joined #postfix[02:11:41] *** pingouin has quit IRC[02:13:23] *** iasmina has joined #postfix[02:13:42] *** sadf has joined #postfix[02:15:19] <loca|host> move from the country ? :D[02:19:30] *** cloxie has quit IRC[02:20:26] *** Vince42 has joined #postfix[02:25:28] *** Zeit|awy has quit IRC[02:25:31] *** Zeit|awy has joined #postfix[02:27:16] *** TeraHertz has quit IRC[02:32:31] <standon> loca|host: yes, or learn tunneling.[02:33:24] <loca|host> standon, i did the tunneling for the IMAP[02:33:34] <loca|host> i wanted to relay the smtp instead of tunneling it[02:38:09] *** pingouin has joined #postfix[02:42:16] *** Zeit|awy has quit IRC[03:00:23] *** s0ber has joined #postfix[03:09:19] *** s0ber_ has quit IRC[03:10:01] *** kerneld has joined #postfix[03:12:18] <kerneld> is it going to be bad to have a duplicate A record I use for my primary MX which doesn't have PTR record that matches? (The mailname would be forward and reverse consistant)[03:13:07] <kerneld> eg: mail1 -> 1.2.3.4, ssl -> 1.2.3.4, 1.2.3.4 -> mail1, MX 10 -> ssl[03:13:23] <kerneld> so my SSL cert will match[03:14:04] <kerneld> and be portable if I have an outage on mail1 and need to bring mail2 online with client roles (smtp auth, imap)[03:15:34] <kerneld> full pic: mail1 -> 1.2.3.4, mail2 -> 2.4.6.8, ssl -> 1.2.3.4, 1.2.3.4 -> mail1, 2.4.6.8 -> mail2, MX 10 -> ssl, MX 50 -> mail2[03:16:44] <kerneld> then I can flip to: ssl -> 2.4.6.8 , and disable MX 50 if mail1 goes down[03:17:44] * kerneld tries to avoid buying 2 SSL certs or a wildcard cert[03:20:45] *** jeeves_Moss has joined #postfix[03:20:57] <jeeves_Moss> how can I send e-mail from the CLI using MailX?[03:22:17] <kerneld> jeeves_Moss: what happens if you try to use it?[03:22:24] <kerneld> did you read the man page?[03:22:56] <jeeves_Moss> kerneld, then I enter "mailx -s <subject> <e-mail address> then hit enter, I just keep getting line feeds[03:23:38] <kerneld> <>[03:23:47] <kerneld> are special charaters[03:23:58] <kerneld> don't include them in the email addresses[03:24:19] <jeeves_Moss> kerneld, currently, I'm trying tog et a cron job to run on my laptop @ home to send me an e-mail to my cell if something happens.[03:24:28] <kerneld> in command line syntax, that mans you need to substitue for a value you choose[03:24:45] <jeeves_Moss> kerneld, (yes, I didn't include the "<>" in the actual line. I didn't want to type in sensitive info in a public place[03:25:16] <kerneld> when you finish typing the email, Ctrl-D or <Enter>.<Enter>[03:25:39] <jeeves_Moss> kerneld, I tried the <Enter><Enter> thing, and I just keep getting line feeds[03:25:43] <kerneld> or at the end: < /path/to/message.txt[03:26:03] <kerneld> How about Ctrl-D?[03:26:41] <jeeves_Moss> Ctrl-D seems to have worked. I'm just going to wait to see if it actually sends. or is there a better way to send a txt msg from the CLI?[03:27:23] <kerneld> <enter> . <enter> worked for me[03:27:35] <jeeves_Moss> kerneld, strange.[03:27:35] <kerneld> mailx is as good as any[03:27:54] <jeeves_Moss> kerneld, what would the syntax be for sending JSUT the txt msgs (not as an e-mail)[03:28:12] <kerneld> to be clear, the last line in the message entry was a line with only the '.' character[03:28:30] <jeeves_Moss> kerneld, ohhhhh, thats where the problem was[03:28:31] <kerneld> You want to send an attachment?[03:29:45] <rob0> Note, mailx(1) is a MUA, not a part of Postfix, which is a MTA.[03:30:08] <jeeves_Moss> kerneld, naaa, I just want to be able to send a text msg so I can customize the header (so, when I reply to it, it goes to my partner's phone, and not back to the PC so I don't have to copy/paste the info), and I need to be able to send just some text, no attachments[03:30:10] <kerneld> rob0: How about my MTA questions?[03:30:17] <rob0> BSD mailx does not do MIME, no file attachments.[03:30:46] <rob0> But, there's an updated "heirloom mailx", see if it's packaged for your OS.[03:31:46] <rob0> kerneld, the PTR doesn't matter for the MX (receiving mail), it only matters for sending mail.[03:32:16] <kerneld> rob0: Awesome, so provided I keep mail1 and mail2 as the mailname, everything will be peachy.[03:32:38] <rob0> If more than one IP is sending mail, you can give them both the same PTR.[03:32:57] <rob0> thus a dual-A would be fine[03:33:17] *** jeeves_Moss has quit IRC[03:33:18] <rob0> Um, that's a DNS question, not a Postfix one. :)[03:33:48] <kerneld> Well, its an SMTP policy question.[03:35:56] <kerneld> I knew that the ELOH named needed to be reverse resolvable, but wasn't sure if there were MTA's in the wild that would refuse to deliver to an MX which did not reverse resolve to the same name[03:37:14] <rob0> not that I know of, can't see any reason for / benefit from such a policy[03:37:48] <kerneld> there isn't always a reaso for some policies that people impliment :P[03:37:52] <rob0> for many years I hosted my mail (MX, not outbound of course) on a residential cable connection[03:38:52] <rob0> yeah, true, but most crackpot ideas are centered around fighting spam ... how does not sending mail you've accepted fight spam?[03:39:31] <kerneld> Yeah, not that likely, but I just wanted to make sure I wasn't doing something that would bite me.[03:40:54] <kerneld> Just re-implimented my single mail server with offsite backup storage as 2 separate VPS boxes, kerberized and slurped and cyrus replicated.[03:43:00] <kerneld> still need to manually failover for now for client access. Nice to be totaly self sufficient for a change with DNS and MX backup[03:45:19] *** blake__ is now known as blake[03:49:03] *** Zelest has quit IRC[03:51:08] *** Zelest has joined #postfix[03:51:34] *** Vince42 has quit IRC[03:53:16] *** Vince42 has joined #postfix[03:53:48] *** Vince42 has quit IRC[04:07:12] *** xpeed has joined #postfix[04:07:13] *** koobs has quit IRC[04:07:38] *** mactimes has joined #postfix[04:14:56] *** Skaag has joined #postfix[04:17:21] *** master_of_master has quit IRC[04:17:41] *** master_of_master has joined #postfix[04:19:27] *** GT500 has joined #postfix[04:19:49] *** GT500 has left #postfix[04:19:56] *** GT500 has joined #postfix[04:20:09] <GT500> Got a question for you guys.[04:20:38] <GT500> If I don't define any settings for local_recipient_maps then will anyone be able to connect to my SMTP server?[04:20:55] <GT500> I am using SASL authentication via Dovecot BTW.[04:25:07] *** tomocha6 has quit IRC[04:25:22] *** tomocha6 has joined #postfix[04:26:36] *** Skaag has quit IRC[04:26:38] *** Skaag has joined #postfix[04:29:36] <rob0> !local_recipient_maps[04:29:37] <knoba> rob0: "local_recipient_maps" : a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.[04:30:00] <rob0> Every setting has a default. Try "postconf -d local_recipient_maps".[04:30:45] <rob0> local_recipient_maps has nothing to do with whatever you're talking about.[04:32:13] *** UdontKnow is now known as UdrunkNow[04:33:26] <GT500> rob0: OK. There was an odd warning in one of the descriptions that made me think that it would allow anyone to send mail via my SMTP server.[04:34:11] <GT500> rob0: What I'm trying to do is set up Postfix to allow me to send e-mail from my work address, because I cannot connect to their SMTP server from my phone.[04:34:58] <GT500> rob0: I assume that no options for local_recipient_maps will allow me to do that?[04:35:57] <GT500> rob0: Currently it just rejects any attempt to do that because it does not recognize the recipient address.[04:36:31] <GT500> rob0: Unless, of course, I am sending mail to a user on my server's domain, which it is more than happy to allow.[04:36:59] <rob0> !basic[04:36:59] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[04:37:04] <rob0> !sasl[04:37:05] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[04:37:13] <rob0> !mynetworks[04:37:14] <knoba> rob0: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[04:37:41] <GT500> rob0: Tried adding the domain to 'mynetworks' and it didn't help.[04:39:18] *** phyrrus has joined #postfix[04:39:30] <GT500> rob0: Wait, I was mistaken, I added it to 'mydestination'.[04:39:31] <phyrrus> lol I finally founnd him![04:39:45] <GT500> rob0: Now I feel like a tard.[04:40:02] <phyrrus> anybody heard from cpbills in the past 26 hours?[04:41:18] <rob0> mynetworks is a list of networks, not a list of domains[04:41:35] <rob0> !seen cpbills[04:41:36] <knoba> rob0: I have not seen cpbills.[04:41:46] <phyrrus> cpbills is online[04:41:50] <rob0> !seen phyrrus[04:41:50] <knoba> rob0: phyrrus was last seen in #postfix 4 seconds ago: <phyrrus> cpbills is online[04:42:03] <phyrrus> but I think he leaves his connection open like on msn when he leaves work[04:43:47] <GT500> rob0: I need Postfix to relay mail for another domain as if it was setup as the SMTP server for that domain.[04:44:17] <rob0> What does "relay mail for a[...] domain" mean?[04:44:42] <rob0> as if setup as ... MX ?[04:45:03] <GT500> rob0: When I set up Postfix, it only allows mail to be sent from addresses at my domain.[04:45:12] <rob0> huh?[04:45:38] <GT500> rob0: It will reject all mail that does not come from or go to my domain.[04:46:12] <GT500> rob0: If the FROM address is a user on my server @ my domain, it will send the e-mail.[04:46:30] <rob0> yikes, that's dangerous.[04:46:31] <GT500> rob0: If the TO address is a user on my server @ my domain, it will send the e-mail.[04:47:13] <GT500> rob0: All other SMTP connections are rejected.[04:47:38] *** phyrrus has quit IRC[04:48:21] <GT500> rob0: I need to configure Postfix to not only send e-mail FROM local users @ my domain, but also from any user @ another domain.[04:48:41] <GT500> rob0: And that other domain is a specific domain.[04:50:27] <GT500> rob0: Should I just null out local_recipient_maps?[04:50:55] <GT500> rob0: And allow anyone who's username and password authenticates to be allowed to send mail?[04:51:44] *** xpeed has quit IRC[05:09:43] *** kfo_ has joined #postfix[05:12:00] <rob0> You should read !basic and understand what's going on. What you're describing is not how it works. Unless you did something strange, anyone in mynetworks can relay AS ANYONE and to anywhere.[05:12:31] <rob0> And again, local_recipient_maps is NOT relevant.[05:14:30] *** mactimes has quit IRC[05:15:33] <GT500> rob0: None of the computers sending e-mail through my SMTP server are listed in mynetworks.[05:15:51] <rob0> !welcome[05:15:52] <knoba> rob0: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[05:16:36] <GT500> rob0: It's currently rejecting e-mail that does not have my domain name in either the TO or FROM addresses.[05:19:58] *** Motoko-chan has joined #postfix[05:25:52] *** muh2000 has quit IRC[05:27:02] *** kfo has quit IRC[05:27:02] *** kfo_ is now known as kfo[05:31:33] *** muh2000 has joined #postfix[05:35:40] *** muh2000 has quit IRC[05:36:11] *** muh2000 has joined #postfix[05:40:07] *** nuonguy has quit IRC[05:48:05] *** ramoni has quit IRC[05:48:29] *** jens_ has joined #postfix[05:49:10] *** Skaag has quit IRC[05:56:23] <kerneld> GT500: Check the SASL link you were given. Postfix documentation is great[05:57:38] <kerneld> i suspect you want to look at smtpd_recipient_restrictions[06:00:01] *** githogori_ has joined #postfix[06:00:13] *** shadow98 has joined #postfix[06:00:22] <GT500> kerneld: Been pouring over that for hours.[06:00:28] <GT500> kerneld: Not getting anywhere.[06:01:29] <GT500> kerneld: I can set relay_domains, and it will relay to any domain I specify in there, but I'm not finding a way to tell it to relay to any domain.[06:02:00] <kerneld> You REALLY don't want to[06:02:01] <shadow98> ok guys i have configured my servers to replicate the mysql database and rsync /var/www....everything is working good...how do i also make sure that postfix would work if one of the servers happened to fail[06:02:16] <kerneld> unless it is in your mynetworks, or has been authenticated[06:02:22] <GT500> kerneld: I want it to send mail.[06:02:32] <kerneld> set up AUTH then[06:02:41] <kerneld> or setup mynetworks[06:03:03] <GT500> kerneld: mynetworks only holds IP addresses and subnets (or something like that).[06:03:09] <kerneld> or use your ISPs relay for your MUA[06:03:29] <GT500> kerneld: This is on a mobile phone.[06:03:37] <GT500> kerneld: I'm pretty sure there is no ISP relay.[06:03:56] <kerneld> well go and setup AUTH[06:04:28] <kerneld> Otherwise you are setting up an 'open relay'[06:04:35] <GT500> kerneld: Will that mean that Postfix is no longer using posix user accounts with Dovecot for SASL authentication?[06:04:40] <kerneld> and nobody here will help you do that[06:04:51] *** jense has quit IRC[06:05:09] <kerneld> SASL is pretty complicated, but it can auth against shadow[06:05:13] <GT500> kerneld: I want it to keep the SASL authentication, but I also want it to stop restricting what domains it will send to.[06:05:37] <kerneld> now you will need to use saslauthd most likely[06:06:50] <kerneld> there is not very much to configure, but you do need to figure out if you are running postfix chrooted or not.. There may be a way of setting up AUTh asside from SASL which is going to be easier[06:07:39] <kerneld> if you are stuggling with authenticated relay, I dread to think about setting up shadow auth with sasl from a chrooted postfix[06:08:50] <kerneld> The setting you need is smtpd_recipient_restrictions[06:09:05] <GT500> kerneld: The thing I'm struggling with is the fact that Postfix seems incapable of relaying mail unless I'm sending it as one of the users on the system.[06:09:20] <GT500> kerneld: I've been playing with that setting for an hour.[06:09:24] <kerneld> It is covered in ...[06:09:25] <kerneld> 00:01 < rob0> !sasl[06:09:25] <kerneld> 00:01 < knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[06:10:26] <GT500> kerneld: According to that, I have it set up right.[06:10:36] <kerneld> if you telnet to your SMTP port[06:10:41] <GT500> kerneld: But it's still denying to relay.[06:10:47] <kerneld> EHLO localhost[06:11:20] <kerneld> does it show 250-AUTH ...[06:11:41] <GT500> It shows: 250-AUTH PLAIN LOGIN[06:12:04] <kerneld> Is you MUA set to use autnnetication for the SMTP server?[06:12:13] <GT500> MUA?[06:12:22] <GT500> You mean Dovecot?[06:12:24] *** Skaag has joined #postfix[06:12:28] <kerneld> Have you tested in telnet that AUTH PLAIN actually works?[06:12:36] <GT500> Yes.[06:12:43] <GT500> The Postfix sends mail fine.[06:12:48] <kerneld> Now, Thunderbird, Outlook Express, ...[06:12:51] <GT500> But only under two conditions:[06:13:05] <GT500> 1) That the FROM address be a user on my server @ my domain.[06:13:18] <GT500> 2) That the TO address be a user on my server @ my domain.[06:13:38] <kerneld> If 1) is really true, that you are rooted.[06:14:03] <GT500> I am trying to get it to relay e-mail from a different domain, because my Palm cannot connect to my work's SMTP server.[06:14:26] <kerneld> spammers normally set the from address to match the domain of the server they are using[06:14:29] <GT500> I assume that by 'rooted' you mean the server is running as root?[06:15:07] <kerneld> I need to know:[06:15:34] <kerneld> 1 ) Have you tested AUTH actually works for the user account you are authenticating with[06:16:03] <kerneld> 2 ) Have you made the config change needed for smtpd_recipient_restrictions to allow authenticated users to relay?[06:16:10] <kerneld> 2 wont work without 1 working[06:16:13] <GT500> Yes and yes.[06:16:28] <GT500> Like I said, Postfix works, but only under the two conditions I listed earlier.[06:16:43] <kerneld> If you have 1 and 2 done, and have tested with a mail client other than you phone that it actually works, then the problem is with the config on your phone[06:17:00] <GT500> As long as you login by either PLAIN or LOGIN methods with a correct username and password.[06:17:18] <kerneld> What return code do you get with you do an AUTH PLAIN ?[06:17:38] <GT500> 334[06:19:24] <kerneld> You don't see another code with Authentication successful?[06:19:38] <GT500> No.[06:19:54] <kerneld> Well, then when I asked if you had tested AUTH, the correct answer is NO[06:19:59] <GT500> I was just typing in AUTH PLAIN in telnet though.[06:20:38] <kerneld> You actual need to base64 ancode "<login>\0<login>\0<password>"[06:22:52] * kerneld is off to fix spamd[06:22:59] <kerneld> laters[06:33:49] *** Skaag has quit IRC[06:41:22] *** muh2000 has quit IRC[06:43:54] *** loca|host has quit IRC[06:44:00] *** loca| has joined #postfix[06:49:34] *** Skaag has joined #postfix[06:57:28] *** Skaag_ has joined #postfix[07:01:57] *** anonymous has joined #postfix[07:03:32] *** githogori_ has quit IRC[07:06:04] *** githogori_ has joined #postfix[07:06:46] *** Skaag_ has quit IRC[07:07:18] *** Skaag has quit IRC[07:07:53] *** muh2000 has joined #postfix[07:13:09] *** GT500 has left #postfix[07:19:31] <kerneld> I wonder if he figured out how to setup AUTH[07:20:21] * kerneld is scratching head with amavis right now. Can't see why it isn't doing spam filtering.[07:29:43] <kerneld> Aug 16 00:22:03 cylon amavis[26800]: ANTI-SPAM-SA code NOT loaded[07:34:24] *** scylla has joined #postfix[07:38:48] <standon> kerneld: hi, welcome to #postfix. perhaps you were looking for #amavis?[07:42:37] *** Skaag has joined #postfix[07:46:29] <kerneld> actually, I was, but /list was showing busy[07:47:21] *** GT500 has joined #postfix[07:47:41] <GT500> OK, I figured out how to do this without all of the silliness.[07:48:55] *** scylla has quit IRC[07:49:18] <GT500> I moddified "smtpd_recipient_restrictions" by adding "check_helo_access hash:/etc/postfix/helo_access"[07:49:21] *** scylla has joined #postfix[07:49:58] <GT500> And I added what my phone sends for HELO to "helo_access" and set it for 'PERMIT'.[07:50:04] <GT500> There, problem solved.[07:50:12] <GT500> Phone can now send e-mails to any domain.[07:50:51] *** scylla has quit IRC[07:51:13] *** scylla has joined #postfix[07:51:17] *** Zeit|awy has joined #postfix[07:51:20] *** GT500 has left #postfix[07:53:07] *** shadow98 has quit IRC[07:56:54] *** phyrrus has joined #postfix[07:57:15] <phyrrus> so.. I got a great site for you all[07:57:20] <phyrrus> http://haxforums.co.cc[07:57:25] <kerneld> GT500 made a somewhat open relay - great.[07:57:58] *** phyrrus has quit IRC[07:58:00] <kerneld> I wonder if HELO localhost.localhost will work[07:58:13] *** phyrrus has joined #postfix[07:58:46] *** gerhard7 has joined #postfix[08:00:02] <phyrrus> anybody gonna comment on my site?[08:00:49] <Motoko-chan> MyBB is eh...[08:00:54] <phyrrus> hmmmmmm[08:01:06] <phyrrus> what do you want me to use?[08:01:09] <Motoko-chan> Also, too many boards for no content[08:01:14] * Motoko-chan is partial to SMF[08:01:20] <phyrrus> it is a child forum.[08:01:23] <phyrrus> smf sucks[08:01:34] <phyrrus> mybb and ipb are best[08:01:59] <Motoko-chan> Any specific complaints about SMF other than it sucking?[08:02:10] <phyrrus> Well, it is underdeveloped[08:02:27] <phyrrus> you can'd do many things in the acp as in mybb and ipb[08:02:38] <phyrrus> no private boards or board links[08:02:43] <phyrrus> I used smf before[08:02:45] <Motoko-chan> board links?[08:02:54] <phyrrus> I don't like it[08:03:24] <phyrrus> like a forum that is a link[08:03:30] <phyrrus> instead of a board[08:03:37] <phyrrus> a redirect[08:04:10] <Motoko-chan> The 2.0 edition has that option[08:04:16] * Motoko-chan is on the SMF team, actually[08:04:22] <phyrrus> well, I don't like it[08:04:33] <phyrrus> I have a large collection of plugins for mybb[08:04:37] <phyrrus> that I paid for[08:04:54] <phyrrus> and smf dosn't offer many features I like[08:05:02] <Motoko-chan> What kind of features?[08:05:15] <phyrrus> like the plugins, a good modcp[08:05:31] <Motoko-chan> Have you looked at 2.0?[08:05:34] <phyrrus> no[08:05:37] <Motoko-chan> It has a whole moderation center now.[08:05:40] <phyrrus> I don't have the time[08:05:46] <phyrrus> I will consider it[08:05:46] <Motoko-chan> Oh, okay.[08:05:52] <Motoko-chan> If you do, I'd love to hear feedback.[08:05:59] <phyrrus> I may upgrade it on my script installer for my host[08:06:09] <phyrrus> well, then join my forums[08:06:24] <Motoko-chan> I am a member of too many as it is...[08:06:29] <phyrrus> I am only here untill monday when cpbills comes back[08:08:02] <phyrrus> but anybody who is interested please join my forums[08:08:54] <phyrrus> so... who here uses linux[08:08:57] <phyrrus> if so say your distro[08:09:17] <sfire> everyone does I bet[08:09:22] <Motoko-chan> Slackware, mostly.[08:09:22] <phyrrus> lol[08:09:28] <phyrrus> I am an ubuntu guy[08:09:37] <phyrrus> but am modded completely[08:09:40] <Motoko-chan> I also run Mandriva, CentOS, and FreeBSD (not a Linux, I know).[08:09:51] <phyrrus> I count BSD linux[08:09:53] <Motoko-chan> I've also dabbled in OpenVMS and Solaris.[08:10:01] <Motoko-chan> BSD is genetic UNIX.[08:10:01] <phyrrus> nice[08:10:05] <standon> you could BSD as Linux? that's stupid.[08:10:14] <phyrrus> I count it as a linux[08:10:17] <Motoko-chan> The BSD folks would have your ass if you said BSD == Linux in front of them[08:10:29] * standon runs FreeBSD and avoids Linux, so please explain how you deduce such a stupid thing.[08:10:31] <Motoko-chan> They are quite different internally.[08:10:34] <phyrrus> hm... well I need that[08:10:47] <Motoko-chan> standon, that's sissy BSD. You should be running Open![08:10:58] <standon> Motoko-chan: old habits die hard. :P[08:11:03] <Motoko-chan> Also, OpenVMS != UNIX.[08:11:04] <phyrrus> who owns their own servers[08:11:04] <standon> and as for phyrrus ... I smell a troll[08:11:07] * standon wanders off[08:11:11] <Motoko-chan> I own two servers.[08:11:15] <phyrrus> same[08:11:16] <Motoko-chan> Actually, three.[08:11:21] <phyrrus> and 1 windows[08:11:24] <Motoko-chan> All used IBM machines.[08:11:24] <phyrrus> 2 unix[08:11:53] <Motoko-chan> I don't own, but I've worked on an RS6000[08:11:58] <Motoko-chan> Running AIX 5l[08:11:59] <phyrrus> ok[08:12:16] * Motoko-chan also owns an AlphaServer and two UltraSparc workstations[08:12:19] <phyrrus> who uses ubuntu?[08:12:19] *** Skaag has quit IRC[08:12:43] *** Skaag has joined #postfix[08:12:45] <sfire> phyrrus, I do.. but what does this have to do with #postfix?[08:13:13] <phyrrus> I dunno[08:13:17] * Motoko-chan suggests this be taken to a different channel[08:13:25] <phyrrus> ok..[08:13:29] <phyrrus> name one[08:13:35] <Motoko-chan> #linuxtalk[08:13:36] <sfire> #ubuntu-offtopic[08:13:43] <phyrrus> linuxtalk[08:17:19] <phyrrus> sfire: #linuxtalk[08:18:46] *** Zeit|awy has quit IRC[08:18:49] *** Zeit|awy has joined #postfix[08:20:15] *** scylla has quit IRC[08:20:24] *** scylla has joined #postfix[08:20:49] *** klem has quit IRC[08:27:55] *** tjz2 has quit IRC[08:36:20] *** Zeit|awy has quit IRC[08:53:42] *** jtaji has joined #postfix[09:18:34] *** _infidel has quit IRC[09:23:32] *** _infidel has joined #postfix[09:25:34] *** jtaji has quit IRC[09:25:53] *** p3rror has quit IRC[09:32:03] *** jtaji has joined #postfix[09:34:04] *** Skaag has quit IRC[09:44:55] *** stephan48 has joined #postfix[09:53:46] *** Motoko-chan has quit IRC[09:57:59] *** war9407 has joined #postfix[10:08:59] *** Skaag has joined #postfix[10:18:19] *** madrescher has joined #postfix[10:26:56] *** rcsu has joined #postfix[10:27:18] *** tjz has joined #postfix[10:38:30] *** kerneld has left #postfix[10:43:10] *** phyrrus has quit IRC[10:46:01] *** madrescher has quit IRC[10:46:58] *** madrescher has joined #postfix[10:55:04] *** tessier has quit IRC[10:56:03] *** alys has joined #postfix[10:57:20] *** madrescher has quit IRC[10:58:41] *** samix has joined #postfix[10:58:54] *** paulez has quit IRC[11:00:49] *** alys has quit IRC[11:01:23] *** sophokles has joined #postfix[11:04:02] *** paulez has joined #postfix[11:08:13] *** Markus has joined #postfix[11:21:02] *** samix_ has joined #postfix[11:25:56] *** jra has joined #postfix[11:26:09] *** Dyson has quit IRC[11:26:41] *** Dyson has joined #postfix[11:32:36] *** vys has joined #postfix[11:34:39] *** brancal has joined #postfix[11:38:05] *** samix has quit IRC[11:49:44] *** brancaleone has quit IRC[11:54:18] *** clockspider_ has quit IRC[11:58:24] *** vys has quit IRC[11:58:36] *** vys has joined #postfix[12:03:15] *** F6F has joined #postfix[12:06:43] *** loddafnir has joined #postfix[12:07:13] *** Zeit|awy has joined #postfix[12:11:43] *** Markus has quit IRC[12:18:10] *** burnersk has joined #postfix[12:21:29] *** Markus has joined #postfix[12:49:43] *** jtrm has joined #postfix[12:54:10] *** LinuxCode has joined #postfix[12:58:01] *** VaNNi has quit IRC[13:01:53] *** scylla has quit IRC[13:07:38] *** _infidel has quit IRC[13:11:32] *** gerhard7 has quit IRC[13:36:23] *** scylla has joined #postfix[13:40:13] *** clockspider has joined #postfix[13:44:27] *** tessier__ has quit IRC[13:44:35] *** tessier has joined #postfix[13:46:05] <iasmina> i added a user account[13:46:11] <iasmina> and i cant login[13:46:14] <iasmina> :|[13:47:33] <Zerberus> iasmina: auth with a MUA?[13:47:52] <iasmina> yes[13:47:57] <iasmina> the problem is[13:48:04] <iasmina> that only this account doesnt work[13:48:10] <iasmina> seems like the password is incorrect\[13:48:20] <Zerberus> iasmina: so far insufficient input to debug[13:48:33] <iasmina> the maillog doesnt say anything[13:48:56] <iasmina> i cant login to pop3 to receive and so with smtp[13:49:04] <Zerberus> sasl should log something[13:49:41] <Zerberus> check your other syslog() file[13:49:44] *** aglet has joined #postfix[13:49:44] *** SkyLeach has joined #postfix[13:49:57] <iasmina> where can i find the sasl log?[13:50:00] <iasmina> i use centos[13:50:49] <iasmina> Aug 16 14:44:55 tradeconsult sshd[998]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.81.188.12 user=web5_office[13:50:49] <iasmina> Aug 16 14:45:59 tradeconsult dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:92.81.188.12 user=web5_office[13:50:49] <iasmina> Aug 16 14:46:58 tradeconsult dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:92.81.188.12 user=web5_office[13:50:58] <iasmina> this is what i found in secure.log[13:51:03] <Zerberus> iasmina: should be logged in /var/log/messages and/or /var/log/secure[13:51:11] <Zerberus> iasmina: don't paste here![13:51:17] <iasmina> sorry[13:51:36] <Zerberus> what is the PAM backend used?[13:51:58] <iasmina> dont really know[13:52:07] <iasmina> dont fixxed[13:52:08] <Zerberus> then check it[13:52:17] <iasmina> i had to erase that account and addit again[13:52:17] <Zerberus> reset the password[13:52:19] <iasmina> now it works[13:52:28] *** gerhard7 has joined #postfix[13:52:40] <iasmina> thanks man for you consideration[13:53:46] *** hever has joined #postfix[14:04:09] *** p3rror has joined #postfix[14:15:50] *** jtrm has quit IRC[14:19:11] *** aglet has quit IRC[14:19:11] *** SkyLeach has quit IRC[14:20:42] *** swarog has quit IRC[14:22:31] *** swarog has joined #postfix[14:26:30] *** ramoni has joined #postfix[14:27:27] *** mezgani has joined #postfix[14:28:56] *** samix_ has quit IRC[14:28:59] *** p3rror has quit IRC[14:31:43] *** scylla has quit IRC[14:34:41] *** F6F has quit IRC[14:39:16] *** Zeit|awy has quit IRC[14:39:20] *** Zeit|awy has joined #postfix[14:46:33] *** Robbie__ has joined #postfix[14:57:08] *** Zeit|awy has quit IRC[14:58:42] *** Zeit|awy has joined #postfix[15:14:23] *** brancal has quit IRC[15:21:02] *** phyrrus has joined #postfix[15:22:56] *** phyrrus has quit IRC[15:29:42] *** Zeit|awy has quit IRC[15:31:03] *** dementor has joined #postfix[15:33:34] <dementor> can i make a mail serv whit out a domaine?[15:34:57] *** dementor has quit IRC[15:35:51] *** |dementor| has joined #postfix[15:35:57] <Zerberus> can I drive a car without gas?[15:36:27] <|dementor|> :)[15:37:22] <|dementor|> Zerberus: i am new whit linux and i whana make a mail serv ,so if i dont havea domaine[15:37:27] <|dementor|> i cant?[15:37:59] <Zerberus> what you can do is fetch mail from a free mail service and load it into your local MTA and use the local MTA with your MUA to send mail to through the free mail service[15:39:21] <|dementor|> :([15:40:44] <Zerberus> or you can run an MTA with a dyndns service, but that has some serious weakness[15:41:00] <Zerberus> a domain does not cost a lot nowadays[15:41:49] *** denis_ has joined #postfix[15:42:33] <|dementor|> and if i get mi domain it hard to makea mail server[15:42:59] <Zerberus> you have to read a fair amount of documentation and to understand what you read[15:43:14] <Zerberus> there is a learning curve[15:46:51] *** LinuxCode has quit IRC[15:51:17] <Ammler> how do I configure postfix to completely disable mails from outside? (only allow localhost to use postfix)[15:51:57] <Zerberus> !tell Ammler inet_interfaces[15:54:30] *** Zblakany has joined #postfix[15:55:06] *** Robbie__ has quit IRC[15:55:47] <anonymous> btw, speaking of interfaces[15:56:17] <anonymous> are there some ways to content filter only incoming mail[15:56:44] <sysmonk> Zerberus: yes you can[15:56:44] <anonymous> not using another IP for the outbound mail?[15:58:10] <Zerberus> sysmonk: you mean the Tesla car, right? ;)[15:58:23] <sysmonk> Zerberus: a lot of ways[15:58:31] <sysmonk> but he can use a mai lserver without a domain, too.[15:58:43] <Zerberus> sysmonk: your girl friend pushing it while you have the wheel?[15:58:50] <sysmonk> email@[ip] is a valid syntax,[15:59:07] <sysmonk> Zerberus: um, that's another way, too.[15:59:21] <sysmonk> but i don't have drivers license, so i'd be the one pushing :([15:59:50] <Zerberus> sysmonk: well, I had practical implementations in my mind[15:59:53] <sysmonk> but hey, atleast i get all the beer i want at the parties! :)[15:59:58] <rob0> And she's complain about you pushing her around! Don't do it!![16:00:08] <Zerberus> sysmonk: you lucky one :)[16:00:36] <rob0> Now, all you need is an invitation to a party![16:01:08] <sysmonk> lots of them here[16:02:01] <anonymous> ahem[16:02:06] *** cilly has joined #postfix[16:02:07] <sysmonk> lots of friends get married at this age, so lots of those too[16:03:25] <anonymous> any ideas on my topic? 8)[16:04:30] <Zerberus> anonymous: you can split it by instructing senders to use the submission port[16:05:11] <anonymous> well' port splitting ain't no good either, on my opinion[16:05:38] <anonymous> that'd break the default MUA's settings[16:05:50] <sysmonk> anonymous: using 25 isn't right too[16:06:02] <sysmonk> many isp's block port 25, so your users won't be able to send mail using your server[16:06:06] <sysmonk> that's what submission is for[16:06:21] <anonymous> never seen anything like this[16:06:26] <anonymous> it's ridiculous[16:06:28] <sysmonk> also, if your local user sends a mail to some other local user, is that incoming mail, or outgoing?[16:06:37] <anonymous> provider is to provide, not to filter[16:06:43] <sysmonk> anonymous: oh, then you haven't seen anything yet![16:06:43] <anonymous> i am who filters my mail[16:07:05] *** jra has quit IRC[16:07:05] *** spq` has quit IRC[16:07:13] <sysmonk> anonymous: blacklists block whole subnets because of a few percent of users from that subnet are virused and send spam[16:07:15] <Zerberus> anonymous: and why not filtering outbound mail for virus/spam?[16:07:50] <sysmonk> so, providers just block 25 and tell their users to use submission[16:07:50] *** jra has joined #postfix[16:07:50] *** spq` has joined #postfix[16:07:50] <Zerberus> you do not want to get spam/virus, so others won't as well[16:08:23] <rob0> MUAs are wrong to default to 25, actually. Many ISPs block 25.[16:08:37] <sysmonk> yup[16:08:41] <sysmonk> we're going to block 25 soon too[16:09:08] <rob0> Best thing to do is to figure out that to a MTA, *all* mail is incoming and then outgoing.[16:09:23] <sysmonk> yup[16:09:34] <anonymous> well, that's a point[16:10:05] <anonymous> so, for the scientific interest[16:10:10] <rob0> It's probably a good thing, to filter submission mail. What would you do if one of your users got a virus and started spewing?[16:10:33] <sysmonk> anonymous: maybe if russian isp's would block 25, there would be less spam from russia? :P[16:10:38] <anonymous> is there a way to bypass a filter based on sender origin and\or it's AUTH?[16:11:10] <anonymous> sysmonk 8) our spammers use foreign mtas mostly[16:11:15] <rob0> Sure. A policy service and FILTER result.[16:11:15] <anonymous> so i doubt it 8)[16:11:46] <sysmonk> rob0: or rule order in smtpd_*_restrictions[16:12:53] <anonymous> hm[16:16:27] *** sophokles has quit IRC[16:16:47] *** gerhard7 has quit IRC[16:18:13] <anonymous> policy service is one to consider[16:18:17] <anonymous> thanks rob0, sysmonk[16:18:36] *** jens_ has quit IRC[16:18:58] *** UdrunkNow is now known as root[16:19:35] <anonymous> btw, if provider blocks 25, how mtas are supposed to communicate?[16:19:54] <anonymous> or is this all about restricting only endusers access?[16:24:53] <sysmonk> endusers access[16:25:03] <sysmonk> mostly, providers can unblock 25 on request[16:27:54] *** jense has joined #postfix[16:28:15] <rob0> !port_25_block[16:28:15] <knoba> rob0: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[16:28:54] <rob0> To a firewall (as opposed to a MTA) there's a clear distinction between inbound and outbound. :)[16:29:27] <anonymous> i'd say it would play if only incoming 25 on user's networks was restricted, to prevent trojan open relays[16:29:43] *** goldie has quit IRC[16:29:47] <anonymous> but since smtps became starttls, blocking 25 is shite[16:30:26] <sysmonk> wrong, blocking outgoing 25 is to fight against outgoing spam from infected computers[16:30:47] <standon> WRONG![16:31:16] <rob0> Probably a majority of spam today comes from dynamic hosts who should have been blocked by their ISP.[16:31:51] <anonymous> but i defintely affects legitimate traffic[16:31:58] <anonymous> it's like chopping a head off to cure sneezing[16:32:09] <standon> rob0: that's usually quite easy to stop right at the gate, it's the compromised and otherwise legit services (like google.com) from whom spam comes directly that irritate me. :/[16:32:10] *** goldie has joined #postfix[16:32:14] <anonymous> i -> it[16:32:16] <Zelest> I'd say, block outgoing 25 and let each customer sign a paper that he's responsable for port 25 if he wants it opened.[16:32:19] <Zelest> simple as. :)[16:32:20] <henk> and tomorrow we disallow access to port 22 for customers. i mean, it's mostly used for brute force attacks, right?[16:32:40] <standon> anonymous: it appears you do not understand the issue or the solution.[16:33:08] <henk> the issue is that smtp sucks imho[16:33:15] <anonymous> well, what is it[16:33:20] <anonymous> except smtp itself[16:33:21] <standon> anonymous: blocking outgoing 25 and forcing traffic through sanctioned SMTP relays is SO INCREDIBLY SMART and not in any way an analogue to 'chopping off a head to cure sneezing'.[16:33:22] <rob0> Zelest, with severe penalties for violations.[16:33:43] <Zelest> rob0, public humiliation in form of a 3 hours long milk enema![16:34:07] <standon> henk: blasphemer.[16:34:12] <henk> :-p[16:34:32] <Zelest> henk, as for smtp, same goes for http and ftp imho.. all 3 lack native encryption :)[16:34:39] <anonymous> standon and divert any http to isp's proxies to inspect and so on and so on[16:35:14] <anonymous> SO INCREDIBLY SMART HELL to a user[16:35:32] <anonymous> ok, that's politics 8)[16:35:39] <rob0> Do your users enjoy being inundated in spam?[16:35:50] <rob0> They don't see the Big Picture. Do you?[16:36:01] <henk> Zelest: true, but it doesn't matter as much because they mainly transfer static stuff and not messages from other humans. and that's the part where smtp sucks: authentication and authorization afaict[16:36:18] <anonymous> no, but they don't want to reconfigure their laptop's mta every time they change hotels either[16:36:23] <Zelest> tbh[16:36:25] <rob0> Probably more than 90% of SMTP traffic is abuse.[16:36:40] <Zelest> I find blocking spam causing more problems..[16:36:55] <anonymous> so let's kill it off at all[16:36:59] <Zelest> using a real content-filter like dspam and rarely even getting any real spam makes it really hard to train and such[16:37:00] <rob0> Security and functionality are always, necessarily, tradeoffs.[16:37:41] <rob0> anonymous: go ahead, you first. I doubt I'll follow.[16:38:07] <Zelest> I write my mail address without trying to hide it at all on ANY page.. I get about 1-2 spams a month..[16:38:07] <thumbs> .[16:38:13] <henk> rob0: so basically you _expect_ to get a 'internet connection with restrictions on port 25' from your provider?[16:38:17] *** jra has quit IRC[16:38:19] <Zelest> it's easy to filter spam :)[16:38:59] <henk> rob0: what if someone else expects to get 'internet connection with restrictions on port 22' and you get one of those if you want or not? (or port 80 or 443 or whatever) would you like that?[16:39:01] <rob0> henk, no, when I buy a business-class connection I expect rDNS control and SWIP'ed netspace and no blocking of any kind.[16:39:16] <henk> rob0: i'm not talking about business[16:39:21] <rob0> I am.[16:39:23] <henk> or not-business.[16:39:54] <henk> it doesn't actually matter. you are expecting a 'private' internet connection to be restricted on port 25, is that correct?[16:41:29] <rob0> I'm not expecting to run a MTA on a residential Internet connection.[16:41:43] <henk> hm, why not?[16:41:51] <rob0> This channel is about "The Postfix MTA".[16:42:15] <rob0> Why not, because I know it's not feasible.[16:43:12] <henk> why do you think that?[16:44:38] <anonymous> <rob0> I'm not expecting to run a MTA on a residential Internet connection[16:45:07] <anonymous> ok, but it looks like you're not expecting MUAs too[16:45:26] <anonymous> and we run our postfixes for users, ain't we?[16:45:46] <rob0> Because I, like millions of other sites, block (or try to block) dynamic IP space. And regarding MUAs, I tell users to use 587.[16:46:38] <henk> rob0: just because you think that nobody should do that?[16:46:44] <rob0> I'll agree, it's sad what has become of the Internet. Blocking sucks. But it's the way it is.[16:47:11] <henk> it's your choice to block or not. you have chosen to do it.[16:47:20] <rob0> Have fun.[16:48:05] <anonymous> 8)[16:48:35] <henk> and since you do it and have the choice to, ISPs shouldn't imo.[16:49:58] *** jtaji has quit IRC[16:51:15] *** ITSME3 has quit IRC[16:53:30] *** jtaji has joined #postfix[16:54:41] *** Vog has quit IRC[16:54:59] *** gerhard7 has joined #postfix[17:11:08] <standon> rob0: since when do you waste your time with trolls?[17:11:58] <rob0> um, I was HOPING that it had blown over, and you just restarted it. :)[17:12:11] <standon> rob0: :)[17:12:34] <anonymous> since when one who disagrees with you on some subject immediately becomes a troll :/[17:13:11] <anonymous> i'm over with the blocking chat[17:13:14] <standon> anonymous: oh you again .. the guy who doesn't fully understand something but comments authoritatively on it just for kicks![17:13:22] <rob0> But I could throw on a late hit of my own, last word on the matter, I promise. At least ISPs who block 25 out are taking responsibility for the abuse from their networks. That's a good thing. Others here should learn that too.[17:14:27] <anonymous> i don't fully understand postfix and it's aspects, cause i'm a former qmail guy[17:14:40] <anonymous> it doesn't make me a noob on the mail subject[17:14:45] <standon> *sigh*[17:14:48] <standon> *ignored*[17:15:15] <anonymous> rob0, i got your point[17:15:40] <henk> rob0: may i ask in what part of the world you live? what do you think about other restrictions providers all around the world enforce?[17:16:18] <standon> rob0: danger danger. troll bait. DON'T TAKE IT! :)[17:17:11] <rob0> :)[17:17:54] <rob0> henk, I already said ... "Blocking sucks," and "last word on the matter."[17:18:54] <thumbs> listen to rob0[17:19:35] <rob0> 0x30 today, BTW! 0x20 years after Elvis died![17:19:36] <standon> no, don't listen to rob0.[17:19:44] <standon> he's a n00bster.[17:19:57] *** jtrm has joined #postfix[17:20:20] <rob0> Senior Executive N00bster, in fact.[17:23:17] <standon> oh, you must've been recently promoted. :P[17:23:46] *** |dementor| has left #postfix[17:24:46] <lunaphyte> happy birthday :)[17:26:12] <standon> lunaphyte: thanks![17:26:15] <henk> i'm sorry, i'm being so inquisitive and probably annoying. it's just that i have recently got a new job where i still have to fix a pretty complicated and strangely configured mailserver infrastructure. some of my colleagues have, in my opinion, a pretty strange view of what an isp should do regarding smtp and spam. we are still running an smtp relay for our ip ranges, which i strongly disapprove of for example. blocking port 25 is just a similar topic ...[17:26:22] <henk> ... and so far i don't consider it a good idea. i'd just like to hear others' perspectives. sorry for being a nuisance.[17:26:38] <lunaphyte> standon: :p[17:29:34] *** sypher has quit IRC[17:30:22] <lunaphyte> um, if you're an isp, running an msa for your customers is mandatory (assuming you provide email addresses).[17:34:30] *** Zblakany_ has joined #postfix[17:35:16] <rob0> lunaphyte: thanks[17:35:35] *** Zblakany has quit IRC[17:35:45] *** Zblakany_ is now known as Zblakany[17:37:07] <rob0> Okay. If I ran an ISP ...[17:37:44] <sysmonk> DeerKillerISP ?[17:38:10] <rob0> ... I don't see much point in dynamic IPs. Even dialup PPP can pretty easily, scalably, be given static IP addresses. Speakeasy in USA does that, and I think xs4all and maybe other European ISPs do too.[17:39:03] <sysmonk> we're giving "semi-dynamic" ip's. that is, they are static untill the dhcp server is rebooted/restarted :P so they kinda change once in a year/two :)[17:39:15] <rob0> I would by default block port 25 out, but as Zelest suggested, unblock it on request, with severe penalties for abuse violations.[17:39:38] * sysmonk too[17:39:58] <Zerberus> sysmonk: no, t-online business dsl lines for instance get static IPs out of the dhcp pool[17:40:00] <sysmonk> block 25, if somebody requests to open it - open it, but if i'd get spam complaints for this ip - penalties[17:40:17] <Zelest> I'd say.. demand some sort of knowledge before you even let people use the internet :([17:40:21] <rob0> dhcpd(8) should maintain IP addresses across reboots, FWIW[17:40:29] <Zelest> and ban all ISP's and networks that allow spoofed source.[17:40:30] *** root is now known as UdontKnow[17:40:31] <henk> lunaphyte: we do provide email addresses, but there are all combinations of users sending and receiving messages. some people only send via our relay (with gmx, ... addresses), others only receive their mail via us, others do both. of course is should probably provide an msa to those i provide a mailbox for. but not for anyone else imho.[17:40:34] <sysmonk> rob0: nobody says we're using dhcpd ...[17:40:50] <rob0> sysmonk, I gathered as much. :)[17:41:45] <rob0> sysmonk, just you watch out, you don't want me putting YOU out of misery, do you?[17:42:40] <rob0> In your case, it would put you out of OUR misery, but it's the same idea. :)[17:44:08] <sysmonk> ghm, i kinda didn't understand those few lines ;/ but oh anyway :)[17:44:21] <henk> rob0: 'open it by request' thought to the end basically could lead to port 25 being open to all customers (because all requested it) and you monitoring the port or at least handle all spam reports. or am i wrong somewhere?[17:44:24] <rob0> 15:37 < sysmonk> DeerKillerISP ?[17:44:36] <sysmonk> ah :))[17:45:02] <sysmonk> henk: definetly not all customers[17:45:13] <sysmonk> do you know lots of isp's who require you to auth on port 25?[17:45:35] <sysmonk> does any of the big email providers do that?[17:45:42] <sysmonk> i don't know any personally[17:46:20] <sysmonk> neither local (woops, i'm responsible for those :P ) nor global email providers[17:46:22] <henk> sysmonk: of course not all customers, but that's not the point.[17:46:42] <sysmonk> henk: really, none. i wouldn't even request opening port 25 for myself[17:46:44] <rob0> well, I don't know exactly how to handle it. I think I'd try to isolate and look at some kind of patterns. I haven't been in that role.[17:46:46] <sysmonk> i don't need it[17:47:17] <sysmonk> rob0: there's enough spam-trap reports coming to hostmaster/postmaster@ to parse them and use them for penalties :)[17:47:50] * sysmonk gets about .. uh... a few thousands/ten thousands a day[17:48:25] <rob0> Maybe set up a web form in the users' authenticated area where a user can open his/her IP to a specific mailhost.[17:48:45] <rob0> (mailhost = DNS name)[17:48:59] <rob0> same as they would enter into their MUA[17:50:19] <rob0> If they open only to one name at a time, it would be hard for a spambot to abuse, I think.[17:50:23] <sysmonk> raelly, i don't know any MTA which accepts smtp auth on 25.[17:50:41] <sysmonk> i'm not talking about some kind of small MTA run by somebody who doesn't understand what email is[17:53:17] *** jra has joined #postfix[17:55:44] <anonymous> if you have hundreds of roaming customers/sales/partners/etc and dozens of branches, you have no option but to do it, enforsing starttls...[18:00:57] <henk> what i mean is, that it's imho not the ISP's job to care about the layer 5+ traffic, at least he should not have the duty to do it.[18:01:25] <rob0> customers? Using you for submission?[18:02:09] <henk> with 'ISP' i meant 'ISP that does _not_ offer any services related to e-mail'[18:06:32] <anonymous> Not customers technically, our dealers. They are customers to us, and we keep inner mail exchange secure, which means no external MTAs with commercial mail and all encrypted connection to ours.[18:06:53] <anonymous> well, this part is not internet mail, in fact[18:09:42] <sysmonk> anonymous: starttls is done on 587 too. i only give smtp auth with starttls[18:10:02] <sysmonk> henk: would you like to be blacklisted because your neighbour IP is sending spam?[18:11:32] <anonymous> me too, but i'd have to hire a couple of guys more, just to answer the phone, if i drop incoming users' mail support on 25[18:12:06] <sysmonk> anonymous: who's fault is it that you didn't do the right thing in the beginning?[18:13:12] <anonymous> i'm the third month here on the staff, and got to deal with what is already done[18:13:38] <anonymous> of course, i will clean the mess[18:13:41] <anonymous> in time[18:16:38] <anonymous> anyway, thanks for help[18:17:01] <anonymous> looks like i've got the solution on my initial question 8)[18:17:10] * anonymous afk[18:17:26] *** beawesomeinstead has quit IRC[18:18:01] *** beawesomeinstead has joined #postfix[18:19:42] *** beawesomeinstead has quit IRC[18:19:57] *** beawesomeinstead has joined #postfix[18:21:32] *** beawesomeinstead has quit IRC[18:24:13] <henk> sysmonk: uhm, of course not, why?[18:25:20] <henk> anonymous: welcome to the club of admins fixing stuff they didn't mess up...[18:25:27] <sysmonk> dns blacklists like uceprotect block subnets when it sees spam from more than XX percent of IP's in that subnet[18:25:46] *** Skaag has quit IRC[18:26:04] <sysmonk> with 99% of people being stupid in IT stuff, there are more than 90% of virused pc's on the network, sending spam.[18:26:34] <henk> luckily no one uses one blacklist alone to decide about an email, right? ;)[18:26:46] <sysmonk> wrong :)[18:26:55] <rob0> uceprotect is not safe, but Zen is.[18:26:57] <jra> (zen)[18:27:52] * jra uses nixspam and sbl-xbl[18:28:55] <sysmonk> most people use a few blacklists, but block the mail when at least one of them matches, and not when a few of them match[18:31:07] *** beawesomeinstead has joined #postfix[18:31:53] *** cilly has quit IRC[18:32:29] <rob0> PBL is da bomb. Since it went live, Zen has been far more effective. And the cool thing, if you have a static IP and custom rDNS, you can get yourself out of PBL. (I did it twice.)[18:33:13] <henk> sysmonk: bad for them or rather their users...[18:34:01] *** Zeit|awy has joined #postfix[18:36:42] *** jtrm has quit IRC[18:38:51] *** Mark21 has joined #postfix[18:39:12] <Mark21> hello, I have some files that where blocked by amavisd and stored in a certain directory[18:39:41] <Mark21> How can I "feed" them to postfix to be delivered at the correct location?[18:41:11] <Zerberus> Mark21: amavisd-release?[18:42:18] <Mark21> Zerberus: that is not possible in my setup (certain information needs to be stored in a mysql database and the system isn't running (nor using) mysql)[18:42:40] <Mark21> when I try amavisd-release I get the following error Failure: SQL quarantine code not enabled at (eval 81) line 343[18:43:05] <Mark21> else I would use that[18:45:21] *** digitalmortician has quit IRC[18:46:18] <Zerberus> Mark21: your setup is not proper then[18:47:08] <Mark21> if I could change it I would change it (but I don't have the time to read the full documentation about it)[18:47:27] *** LinuxCode has joined #postfix[18:47:30] <Mark21> I did read (and follow) http://www200.pair.com/mecham/spam/spamfilter20090215.html[18:54:31] <rob0> Saying, "I don't have the time to read the full documentation," does not win you a lot of friends here. :) Those who might answer DID take the time. Anyway, it's an amavisd question more than a Postfix one, perhaps "man sendmail" will help on the Postfix side of it.[18:56:56] <Mark21> rob0: I will take (and have) time after my holiday[18:57:25] <Mark21> now I moved them manually to the senders inbox[18:58:13] <rob0> there, that works too[18:58:26] <rob0> sender?[18:59:00] <Mark21> now I moved them manually to the recipients inbox (my mistake)[19:00:24] <rob0> you did remember to chown/chmod as needed, right?[19:02:43] *** spq` has quit IRC[19:03:34] *** spq` has joined #postfix[19:03:42] *** madrescher has joined #postfix[19:07:41] <Mark21> yes[19:11:59] *** Zeit|awy has quit IRC[19:17:13] *** sadf has quit IRC[19:19:22] *** cloxie has joined #postfix[19:19:38] *** spq` has quit IRC[19:19:51] *** Markus has quit IRC[19:20:37] *** spq` has joined #postfix[19:20:37] *** digitalmortician has joined #postfix[19:21:03] *** spq` has quit IRC[19:21:46] *** spq` has joined #postfix[19:22:21] *** phyrrus has joined #postfix[19:24:44] <phyrrus> !seen cpbills[19:24:44] <knoba> phyrrus: I have not seen cpbills.[19:25:02] <phyrrus> oh, thanks then[19:27:09] *** PC12X has joined #postfix[19:29:01] *** PC12X has left #postfix[19:42:09] *** F6F has joined #postfix[19:42:49] *** F6F_ has joined #postfix[19:45:03] *** F6F_ has quit IRC[19:46:21] *** F6F_ has joined #postfix[19:48:27] *** rom1v has joined #postfix[19:48:28] <rom1v> hi[19:48:58] <rom1v> I have a config problem, my Maildir directory is 700 with owner rom:rom[19:49:17] <rom1v> but everytime I receive a mail, it is written into Maildir/cur with rights root:mail (600)[19:49:24] <rom1v> so I can't read it (as non-root)[19:49:39] <rom1v> and dovecot cannot read them (for imap)[19:50:03] <rob0> huh? Postfix won't deliver as root.[19:50:06] <rob0> !welcome[19:50:06] <knoba> rob0: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:50:32] <rom1v> what part should I look for a bad configuration?[19:52:45] <rom1v> my postfix devivers as root :([19:52:48] <rom1v> delivers[19:54:12] <rom1v> do you need my main.cf?[19:54:56] <rom1v> ah, maybe it's a procmail problem,?[19:55:01] <rom1v> mailbox_command = procmail -a "$EXTENSION"[19:55:59] <rob0> I "need" nothing at all. You might benefit from reading that !welcome and /topic. And it still makes no sense, how a Postfix installation could run procmail as root.[20:03:52] <rom1v> rob0, I managed to resolve the problem, I commented this line #mailbox_command = procmail -a "$EXTENSION"[20:04:03] <rom1v> and created /etc/.procmailrc[20:04:52] <rom1v> that's strange I agree, smtpd is launched as postfix[20:05:36] <rob0> local(8) delivery agent or mailbox_command is invoked as the recipient[20:05:51] <rom1v> now that works[20:06:00] <rob0> but indeed, if you don't need procmail for some reason, get rid of it.[20:06:15] <rom1v> so I just comment the line, that's it?[20:07:03] <Zerberus> an /etc/.procmailrc isn't read in - dotted procmailrc is just valid for the $HOME location[20:07:36] <rob0> !procmail[20:07:37] <knoba> rob0: "procmail" : a frequently used mail filter for e.g. distributing mails to different folders (like for mailing lists). See http://www.procmail.org/[20:07:51] <rom1v> ok thank you[20:07:53] <rob0> maybe that one needs to be updated[20:08:00] <rom1v> (this is my first time)[20:08:02] <rom1v> (for postfix)[20:08:04] <rom1v> :)[20:08:11] <rom1v> and for mail server in general[20:08:31] <Zerberus> and DROPRIVS is the procmail switch to look for[20:10:14] <rom1v> that's great[20:10:28] <rom1v> I thought it would be far more difficult than that to install a mail server[20:10:43] <rob0> Zerberus: how is procmail running as root in the first place?[20:11:20] <Zerberus> rob0: good question[20:11:31] *** phyrrus has quit IRC[20:11:46] <Zerberus> rob0: suid bit?[20:12:03] <rob0> yikes, what a lousy idea that would be![20:13:40] *** burnersk has quit IRC[20:18:29] *** rom1v has quit IRC[20:20:28] *** rom1v has joined #postfix[20:29:13] *** jra has quit IRC[20:38:57] *** Skaag has joined #postfix[20:41:07] *** Skaag has quit IRC[20:42:23] *** Skaag has joined #postfix[20:44:08] *** farchanjo has joined #postfix[20:55:01] *** vys has quit IRC[21:03:52] *** farchanjo_ has joined #postfix[21:05:51] *** tjz has quit IRC[21:05:58] *** farchanjo has quit IRC[21:06:10] *** farchanjo_ is now known as farchanjo[21:12:42] *** denis_ has quit IRC[21:24:16] *** madrescher has quit IRC[21:28:30] *** brancaleone has joined #postfix[21:34:34] *** madrescher has joined #postfix[21:42:13] *** adaptr has joined #postfix[21:47:08] *** GoGi has joined #postfix[21:56:15] *** madrescher has quit IRC[21:57:03] *** madrescher has joined #postfix[21:57:10] *** sypher has joined #postfix[22:16:28] *** stephan48 has quit IRC[22:26:32] *** Zeit|awy has joined #postfix[22:27:03] *** Skaag_ has joined #postfix[22:32:15] *** Skaag has quit IRC[22:35:43] *** Skaag has joined #postfix[22:35:52] *** gerhard7 has quit IRC[22:40:40] *** mactimes has joined #postfix[22:40:50] *** LinuxCode has quit IRC[22:41:02] *** GoGi has quit IRC[22:44:22] *** Skaag has joined #postfix[22:47:22] *** arnee has joined #postfix[22:51:00] *** clockspider has quit IRC[22:52:52] *** clockspider has joined #postfix[22:53:02] *** Skaag has joined #postfix[22:55:18] *** mactimes_ has joined #postfix[22:56:30] *** mactimes has quit IRC[22:56:44] *** mactimes_ is now known as mactimes[22:57:58] *** farchanjo has quit IRC[23:01:41] *** Skaag has joined #postfix[23:09:01] <KB1JWQ> adaptr: A pity that Reaver isn't still going on, eh?[23:09:26] <KB1JWQ> Glad that mess is oer.[23:09:29] <adaptr> not really... cloobs like that get annoying and boring fairly soon[23:10:20] *** Skaag has joined #postfix[23:12:59] <adaptr> will or sysmonk around ?[23:18:35] *** uqlev has joined #postfix[23:18:59] *** Skaag has joined #postfix[23:25:17] *** Muhis has quit IRC[23:27:38] *** Skaag has joined #postfix[23:34:04] *** al has quit IRC[23:34:19] *** al has joined #postfix[23:35:13] *** uqlev has quit IRC[23:36:17] *** Skaag has joined #postfix[23:40:32] *** mezgani has quit IRC[23:44:56] *** Skaag has joined #postfix[23:52:22] *** madrescher has quit IRC[23:53:22] *** kkaji` has joined #postfix[23:53:35] *** Skaag has joined #postfix[23:53:45] *** kkaji` has quit IRC[23:55:07] *** rcsu has quit IRC[23:55:15] *** arnee has quit IRC[23:55:38] *** madrescher has joined #postfix[23:57:36] *** kerneld has joined #postfix[23:58:27] <kerneld> How long should I leave my old MX setup as a relay for its domains before it will only see SPAM and I can shut it down?[23:59:50] *** sypher has quit IRC