August 1, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
August 1, 2010 [00:06:00] *** hever has quit IRC[00:09:04] *** hever has joined #postfix[00:11:25] *** hever has quit IRC[00:18:54] *** MarkBao has joined #postfix[00:19:55] *** MarkBao has quit IRC[00:38:42] *** grobe0ba is now known as grobe0ba|away[00:43:42] <DavidWhite> Reading some of the backlog... it was recommended (to someone else) that localhost & localhost.$mydomain.tld is not removed from mydestination. This makes sense to me, as any email sent from localhost to localhost should be received by the localhost. Just 2 questions about the $mydestination variable though: can it take specific, FQDNs as well as variables and things like "localhost"? i.e. in my testing phase (which I'm in now[00:44:09] <adaptr> !mydestination[00:44:09] <knoba> adaptr: "mydestination" : a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents. See http://www.postfix.org/postconf.5.html#mydestination for more information.[00:44:42] * DavidWhite hasn't even started to "seriously" configure or test anything yet... still reading up on stuff.[00:44:54] <DavidWhite> Thanks for this... I think I've read it, but I'll read it again.[00:49:01] <lunaphyte> reading is good, but sometimes people go overboard and start trying to install and configure things in their head. there is some value in this, from the perspective of mental exercise, but if your goal is not mental exercise, then you should just start doing things. you'll certainly continue to learn, but there will be valuable context that would otherwise be missing.[00:49:23] <lunaphyte> hmm, that might make a good factoid[00:50:07] <lunaphyte> !learn jdi as just do it - reading is good, but sometimes people go overboard and start trying to install and configure things in their head. there is some value in this, from the perspective of mental exercise, but if your goal is not mental exercise, then you should just start doing things. you'll certainly continue to learn, but there will be valuable context that would otherwise be missing. also see !tias[00:54:04] <DavidWhite> Wise advice. I think the majority of the people who provide support in here would, however, be quick to point out that this (just doing it) should never be done in a production environment. I'm "sort-of" doing this in a production environment, in the sense that this is on my only production server (I don't have a dev or staging server... yet)... but I'm certainly NOT doing this on any production domains at the moment.[00:55:13] <DavidWhite> my mail is hosted elsewhere for the time being. :)[00:58:08] *** madduck has quit IRC[00:58:15] *** madduck has joined #postfix[01:00:10] <adaptr> wietse commented on this on the list a while back, and in short, you should include localhost because it is always a valid destination, and you want to catch it[01:00:52] <DavidWhite> makes sense[01:02:33] <adaptr> there are a number of instances where unqualified mail may end up being qualified with localhost (and mail user agents that are badly configured may do this as well)[01:03:43] *** cr__ has quit IRC[01:06:05] *** Matic`Makovec has quit IRC[01:11:33] *** JonnyV has joined #postfix[01:13:35] *** JonnyV_ has quit IRC[01:18:57] *** JonnyV has quit IRC[01:37:33] *** TomHome has joined #postfix[01:48:21] *** brancal has quit IRC[01:50:49] *** madduck has quit IRC[01:51:20] *** madduck has joined #postfix[01:57:51] *** Jippi_mac has quit IRC[02:17:08] *** fOrsberg is now known as forsberg[02:20:41] <bastid_raZor> what would be a good frontend command line app for postfix? i would like to ssh to the box and be able to send mail.[02:22:36] <standon> bastid_raZor: telnet[02:23:08] <cpm> bastid_raZor, postfix comes with a sendmail binary, which can be executed just like sendmail. so, mail will owrk.[02:33:28] *** dragonheart has joined #postfix[02:35:19] <bastid_raZor> i suppose i need to learn sendmail or mail. thanks[02:35:41] *** f3xy has joined #postfix[02:40:43] <cpm> bastid_raZor, what are you trying to do?[02:42:33] <bastid_raZor> i would just like to be able to send emails from command line.[02:43:00] <bastid_raZor> no attachments or anything just simple emails. subject and body. no signature or anything.[02:45:08] <cpm> bastid_raZor, man mail[02:45:24] <adaptr> or mutt[02:45:32] <adaptr> or nail[02:45:40] <thumbs> or hammer[02:46:11] <cpm> oh sure, you say that /now/[02:47:50] <bastid_raZor> heh[02:58:58] * thumbs hides from hammers[03:02:49] <bastid_raZor> very nice.. mutt does exactly what i want. thank you cpm thank you adaptr[03:29:31] <cpm> yw[03:29:41] *** cpm is now known as urban_spaceman[03:31:05] *** urban_spaceman is now known as cpm[03:31:41] *** killown has quit IRC[03:43:19] *** wdp has quit IRC[03:43:35] *** wdp_aao has quit IRC[03:55:08] *** wdp has joined #postfix[03:55:12] *** wdp_aao has joined #postfix[04:05:25] *** forsberg is now known as fOrsberg[04:13:06] *** yosafbri` has quit IRC[04:13:15] *** yosafbridge has joined #postfix[04:15:24] <arsen> well[04:15:55] <arsen> no idea what i did - but thanks for any assistance earlier - ive managed to get sasl / smtp / postfix working, and i can send /receive from both roundcube and remote clients (thunderbird.. iphone to be tested ;) )[04:17:04] <arsen> was able to test successfully with testsaslauthd, but not with a 'telnet localhost 25' : auth plain <authphrase>[04:17:16] <arsen> i think it was due to postfix not being in the sasl usergroup :/[04:17:53] *** gooph has joined #postfix[04:23:59] <arsen> smtp with iphone looks like a whole other bag xD[04:28:51] <lunaphyte> you probably didn't follow the instructions in SASL_README carefully enough[04:33:39] <arsen> Important[04:33:40] <arsen> Some distributions require the user postfix to be member of a special group e.g. sasl, otherwise it will not be able to access the saslauthd socket directory.[04:33:44] <arsen> :)[04:33:51] <thumbs> arsen: uh-oh[04:34:10] <arsen> i mean, it was a combination of things - but that was one specifically required thing that was stopping progress.[04:34:54] <arsen> more time spent playing with it means i now kinda understand how it works, and its handy to discover things like saslfinger / testsaslauthd / gen-auth etcetc[04:35:50] <arsen> i managed to establish postfix was working, and saslauthd was working, using roundcube and php mail() and then thunderbird, just took a while to figure that postfix couldnt auth via saslauthd (even though saslauthd was working when tested)[04:35:57] <arsen> anyway, problem solved - thanks for the input :)[04:36:33] <arsen> finally some progress through my to-do list heh.[04:37:07] *** Alagar has quit IRC[04:38:28] *** tjikkun has quit IRC[04:38:56] <arsen> now to see if atmail is better than roundcube :)[04:40:31] *** madduck has quit IRC[04:42:41] *** madduck has joined #postfix[05:02:33] <lisa> squirrelmail > roundcube[05:13:52] <thumbs> I like squirrelmail.[05:21:58] *** gooph has quit IRC[05:24:14] *** killown has joined #postfix[05:39:58] *** JonnyV has joined #postfix[05:45:12] *** jense has quit IRC[05:52:31] *** cpm has quit IRC[05:54:05] *** ovb has quit IRC[05:58:54] *** jense has joined #postfix[06:09:40] <DavidWhite> +1 ... I've never been impressed with roundcube[06:16:19] *** googlah has quit IRC[06:17:02] <KB1JWQ> Yes.[06:52:31] *** stealth- has quit IRC[07:23:41] *** devdas has joined #postfix[07:26:15] *** googlah has joined #postfix[07:44:26] *** henriknj has quit IRC[08:04:00] *** killown has quit IRC[08:12:12] *** bastid_raZor has quit IRC[08:30:30] *** TomHome has quit IRC[08:59:11] *** LowKey has joined #postfix[09:08:55] *** verywiseman has joined #postfix[09:18:17] *** devdas has quit IRC[09:26:13] *** dragonheart has quit IRC[09:36:05] *** Matic`Makovec has joined #postfix[09:43:28] *** fOrsberg is now known as forsberg[09:43:49] *** TomHome has joined #postfix[09:46:18] *** SplashScreen has joined #postfix[09:46:27] <SplashScreen> ping[09:54:01] *** overrider has joined #postfix[09:55:06] <overrider> I am in a maildir, and have a mail named f.e 1257825604.V56I1060fcM225146.sjail.domain:2,S ; i need to redirect this mail to a certain e-mail address; is there a way i can somehow inject this message back into my postfix queue so that it will deliver the mail to say me at domain dot com ? Thanks[09:56:03] <Aprogas> Use a mailclient to access the maildir and manually forward the email (either as attachment or inline).[10:03:10] <overrider> Ok thats one way; thanks[10:05:21] *** elsbroek has joined #postfix[10:10:29] <SplashScreen> hi Aprogas, do I have any credits left for asking questions ?[10:10:40] *** NotInternat has joined #postfix[10:11:58] <Aprogas> SplashScreen: I forgot who you are, so if you ask sensible question, probably.[10:12:11] *** marjus is now known as zamba[10:13:33] *** Internat has quit IRC[10:14:19] *** elsbroek has quit IRC[10:14:59] <SplashScreen> lol, OK. I'll give it a try. I would like to have mails going to [number]@fax being put in a file at the local mailserver. I managed to get this done for mails going to [number] at fax dot com, but fax.com is a registered domain, so I wonder whether it is possible to have things handled for a virtual ltd or a virtual host[10:15:27] *** manicman has joined #postfix[10:15:32] <Aprogas> Is fax.com owned by you?[10:15:46] <SplashScreen> nope.[10:16:04] <Aprogas> Use fax.domainlegallyownedbyyou.net instead.[10:16:22] <Aprogas> Where you replace domainlegallyownedbyyou by a domain that is legally owned by you or the company you represent.[10:16:58] <Aprogas> And if your company really cannot afford the 12 dollar per year for a domain, you could use fax.site or fax.internal[10:18:33] <SplashScreen> hmmm.... is there a list of private tlds just like RFC1918 for network addresses ?[10:18:56] <Aprogas> No, there are no official local TLD, don't use .local though, it conflicts with mdns[10:19:18] <Aprogas> Since domains are so cheap and easy to obtain (and IP-ranges are not) it was considered unneeded to reserve special TLDs.[10:19:41] <SplashScreen> it's not a matter of price.[10:20:49] <SplashScreen> can I have a virtual host and all mail going to that host being put in a file ?[10:21:03] <Aprogas> I'm not sure what you mean with a virtual host.[10:23:19] <SplashScreen> like a virtual domain - it doesn't exist either. if I would simply use an alias, the recipient would be mapped to a local user.[10:24:12] *** rajijoom has joined #postfix[10:24:22] <Aprogas> You can have a DNS-server claim to be an authorative for a domain and have your computer use that DNS-server, without that domain existing on the rest of the Internet.[10:24:25] <Aprogas> Is that what you mean?[10:24:37] <Aprogas> From the perspective of Postfix it will just be a real as a domain as any other domain.[10:24:53] <Aprogas> Whatever DNS says is real to Postfix, no virtual host/domains.[10:26:05] *** dragonheart has joined #postfix[10:29:46] <SplashScreen> can I have postfix to put mails to someuser@host to a file where someuser is variable an does not exist locally and host is fix ?[10:30:58] <Aprogas> Not sure if a virtual alias can write directly a file, but you can virtual alias to a local user and have that user write to a file.[10:31:12] <Aprogas> Via .forward or aliases file.[10:34:24] <SplashScreen> So I would create a user foo and where would I put a rule like '@domain goes to foo' ? .forward sounds odd[10:35:21] <Aprogas> I thought you already had a virtual alias going to "mail2fax"[10:36:23] <adaptr> virtual aliases are limited to addresses[10:36:57] <Aprogas> adaptr: If a virtual alias goes to a local account, will local(8) still do its full parsing of aliases etc. ?[10:39:44] <SplashScreen> Aprogas: how would the solution with mail2fax, of which you thought that I already have, would look like ?[10:41:07] <Aprogas> I thought you pastebinned your virtual alias table which had that.[10:41:17] <Aprogas> Maybe two people are asking about converting mail to fax, so I am mixing you up.[10:41:54] <Aprogas> Can't you just find a mail to fax converter that can take input from stdin and have Postfix pipe to it using a master.cf definition and transport_maps ?[10:42:05] <SplashScreen> no worries, that would be human ;-)[10:42:16] <Aprogas> Writing to a file and having that polled by some mail2fax converter seems inefficient.[10:42:31] <adaptr> Aprogas: they're completely independent. local(8) does what local(8) does[10:43:20] <Aprogas> adaptr: I keep thinking virtual(8) handles virtual aliases and thus bypasses local(8), but virtual aliases are handled by cleanup(8) and I keep forgetting.[10:43:27] <adaptr> for most cases, using a transport to hit a service is overkill, unless yo know that's whatyou need (there are some advantages)[10:43:34] *** Jippi_mac has joined #postfix[10:43:53] <SplashScreen> Aprogas: the last time we chatted you recommend (re)define transports only if absolutely necessary...[10:43:58] <adaptr> Aprogas: it doesn't matter. when rewriting switches classes, the entire class is ran[10:44:13] <adaptr> SplashScreen: set up procmail. extract message. fax. done.[10:44:30] <Aprogas> SplashScreen: Yes, transport is usually the last resort.[10:45:31] <SplashScreen> adaptr: procmail is already in use as MDA. So which route would a mail to [number]@fax go in your solution ?[10:47:29] <adaptr> to a user, who has a procmailrc, that processes the message[10:47:35] <adaptr> easy peasy[10:48:38] <adaptr> for the routing, you would use a wildcard virtual alias : @fax.your.domain faxuser@localdomain[10:48:44] *** makomi has joined #postfix[10:49:04] <adaptr> and you want to invoke procmail with the original recipient[10:49:59] <adaptr> see the docs for mailbox_command - and procmail, obviously[10:51:03] *** dragonheart has quit IRC[10:51:47] *** tjikkun has joined #postfix[10:58:58] *** Trengo has quit IRC[11:21:01] *** verywiseman has quit IRC[11:23:01] *** overrider has quit IRC[11:28:27] *** smica has joined #postfix[11:33:37] *** verywiseman has joined #postfix[11:33:55] *** pyco has quit IRC[11:33:56] *** pyco has joined #postfix[11:35:09] <manicman> hi[11:35:20] <manicman> where do i have to look for documentation on the /etc/postfix/virtual_users file?[11:37:14] *** pyco has quit IRC[11:39:14] <adaptr> !virtual_users[11:39:14] <knoba> adaptr: Error: "virtual_users" is not a valid command.[11:39:20] <adaptr> no such file[11:40:14] <Aprogas> !virtual[11:40:15] <knoba> Aprogas: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[11:42:23] *** pyco has joined #postfix[11:43:29] <zamba> if your mx goes down and you then bring up a backup mx.. what happens with the mail attempted to be delivered before i got the backup mx up?[11:43:39] <zamba> will the mx perform a new mx lookup for each delivery?[11:44:02] <zamba> or will it cache the old lookup and not get the backup mx in the mx list?[11:44:19] <mrfrenzy> you must have the backup mx listed in dns to begin with[11:44:24] <zamba> damn[11:44:25] <mrfrenzy> dns queries are cached for a long time[11:44:45] <mrfrenzy> but if the service itself was down it's no problem, it will be retried[11:44:56] <zamba> yeah, but it's been down for four days now :)[11:45:07] <mrfrenzy> both your MXs??[11:45:15] <zamba> i had no backup mx[11:45:21] <zamba> i only had the primary configured[11:45:24] <mrfrenzy> shame on you[11:45:30] <mrfrenzy> most mail has bounced by now[11:45:37] <zamba> i've been told that it's a good thing to only have one mx[11:45:38] <mrfrenzy> setup a new mx and forget about the lost mails[11:45:41] <adaptr> you say it is "down" - what does that mean[11:45:45] <zamba> adaptr: offline[11:45:52] <mrfrenzy> who would have said that it's a good thing to not have backup mx?[11:46:02] <adaptr> so make a new one, restore you rconfig from backup, and usurp the IP[11:46:13] <adaptr> mrfrenzy: us, for one.[11:46:13] <zamba> usurp?[11:46:21] <adaptr> take over, use[11:46:37] <mrfrenzy> adaptr: please motivate[11:47:59] <zamba> adaptr: it will be up again tomorrow[11:48:01] <zamba> hopefully[11:48:12] <adaptr> !restart[11:48:13] <knoba> adaptr: "restart" : There is no postfix restart command. There is postfix stop, postfix start, or postfix reload. Changes made to master.cf and some functional changes to main.cf will require a stop and a start in order to take effect. OR When edit thou thine master.cf, restarteth thou thine Postfix, lest ye die![11:51:08] <adaptr> mrfrenzy: well, for one, backup MXen are spam attractors - major spam attractors[11:51:13] <zamba> yup[11:51:34] <adaptr> note that "backup MX" != "more than one MX"[11:51:42] <mrfrenzy> hence why you run the same spamfilters one the backup mx[11:51:44] <adaptr> you canhave dozens of MXen without having a single backup MX[11:51:58] <mrfrenzy> and yes, I know about the problem with propagating the user table[11:52:01] <adaptr> mrfrenzy: then it's no longer a backup MX. it is generally accepted that a backuup MX is dumb, it only queues[11:52:03] <mrfrenzy> haven't gotten around to that yet[11:52:36] <mrfrenzy> okay, so what would you call a backup mx with spamfilters? "other primary mx"? ;)[11:52:46] *** xabbuh has joined #postfix[11:53:13] <zamba> i'd say mx with identical priority != backup mx[11:53:35] <zamba> but if you have a higher mx priority then it'd be safe to assume that it's a backup, right?[11:53:44] <mrfrenzy> well if you give it identical priority half your mails have to pass through there[11:53:50] <zamba> yup[11:53:53] <zamba> so not a backup[11:55:25] <zamba> like per definition[11:55:26] <adaptr> zamba: not "safe to say", but in practice, for legitimate mail, it will not be chosen as long as the primary MX responds[11:55:33] <zamba> yup[11:55:38] <zamba> apart from by spammers[11:55:39] <adaptr> note that it does not have to be down in order not to respond. it could be busy[11:55:47] <adaptr> zamba: re-read what I said..[11:55:55] <zamba> adaptr: i understand that[11:56:09] <zamba> "for legitimate mail"[11:56:41] <mrfrenzy> it can be busy and there can also be routing problems from the sending mailserver[11:56:51] <adaptr> spammers actually tend to prefer lower priority MXen, because they often lack uer verification[11:56:53] <mrfrenzy> my backup mx is in a different country on different networks than the primary[11:56:57] <mrfrenzy> yes[11:57:14] <adaptr> that is, if they didn't just bruteforce the IP as an MX and started using it[11:58:22] <mrfrenzy> bah, now I really have to get user verification on the backup mx[11:58:42] <mrfrenzy> I'm probably sending out a bunch of bounces cause of invalid users submitted through there[12:20:15] *** manicman has quit IRC[12:35:23] *** Yoann512 has quit IRC[12:39:16] *** Yoann512 has joined #postfix[12:43:12] *** manicman has joined #postfix[12:47:15] *** [dmp] has joined #postfix[12:52:57] *** [dmp] has joined #postfix[13:23:45] *** bastid_raZor has joined #postfix[13:42:04] *** mr_claus1 has left #postfix[13:48:37] *** hever has joined #postfix[13:59:33] *** bastid_raZor has quit IRC[14:01:40] *** bastid_raZor has joined #postfix[14:07:10] *** cr__ has joined #postfix[14:20:02] <zamba> how can i set up the primary mx for a domain so that i'll automatically accept email delivered from any of the backup mxes?[14:20:10] <zamba> without going through greylisting and so on[14:20:35] *** Yoann512 has quit IRC[14:20:52] <zamba> include the host in $mynetworks?[14:21:15] <adaptr> that's one way[14:21:24] <zamba> what's the best way?[14:21:34] <zamba> or rather, preferred way[14:22:17] <adaptr> any backup MX would only try to deliver mail that's destined for your own domains[14:22:32] <zamba> yeah, but greylisting would still happen[14:22:36] <adaptr> as long as that is accepted, you can exclude the backup host from any otehr checks[14:22:42] *** libertiy has joined #postfix[14:22:49] <zamba> and the same with spamhaus checking and so on[14:23:00] <adaptr> you don't want to accept indiscriminately - mynetworks doesn't do any other checks[14:23:19] <zamba> the backup mx has already done greylisting and spamhaus checks[14:23:21] <adaptr> if you include it in mynetworks, any subversion of the backup MX will compromise the main box as well[14:23:38] <adaptr> then just have it deliver to your mail store[14:23:47] <adaptr> there's no need to go through another MTA[14:23:59] <zamba> how do i get it to deliver to mail store?[14:24:23] <zamba> it's on a remote server?[14:24:24] <adaptr> um.. any way you want ?[14:24:37] <zamba> it has to go through the primary mx to get to the mail store[14:25:02] <adaptr> add a transport that only stores mail. remove all checks from it[14:25:36] *** cpm has joined #postfix[14:30:16] *** ovb has joined #postfix[14:34:08] *** TomHome has quit IRC[14:35:35] *** Obadiah has joined #postfix[14:48:18] *** Obadiah has quit IRC[14:50:14] *** Vivek has joined #postfix[14:56:30] *** Yoann512 has joined #postfix[15:09:06] *** mr_claus has joined #postfix[15:10:23] <mr_claus> hi, is it possible to configure postfix to remove some "received by" headers (internal) before the mail will be sent to outside and to do this only if the mail arrives on internal interface or from my_networks?[15:16:10] *** p3rror has quit IRC[15:20:14] *** manicman has quit IRC[15:20:31] *** manicman has joined #postfix[15:20:31] *** manicman has joined #postfix[15:23:01] <Aprogas> mr_claus: Yes.[15:27:36] *** Vivek has quit IRC[15:34:04] <mr_claus> Aprogas: where i can find some docs abouth rewriting the headers for that purpose?[15:34:42] <Aprogas> Are you sure that you want and need to do this?[15:34:57] *** Trengo has joined #postfix[15:35:05] <Aprogas> If something breaks in the delivery of the mail, it might get hard to trace where exactly it went wrong.[15:35:24] <mr_claus> Aprogas: hm, i don't want to show the whole world the internal structure of my network, so i only want remove the internal part[15:36:00] <Aprogas> I hope your internal network security isn't based solely on IP-addresses and hostnames being secret.[15:36:03] <Aprogas> !tell mr_claus header_checks[15:36:04] <knoba> mr_claus: "header_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.[15:36:34] *** p3rror has joined #postfix[15:36:47] <mr_claus> Aprogas: hehe, no it isn't :)[15:36:59] <mr_claus> thanks, i will take a look[15:38:52] <Aprogas> You might add some custom header, like "X-Received: internal structure hidden" in case someone other than you ever needs to analyse the message and your mail setup.[15:41:26] <mr_claus> yes, thats a good idea to add such a line[15:52:07] <manicman> does anybody knows a good link to a documentation how to setup postfix with amavis on an ipv6 only environment?[15:52:48] <Aprogas> IPv6-only mailservers don't make much sense, but if Amavis supports IPv6, it will be the same as running it with a IPv4-only or dual-stack mailserver.[15:54:49] <manicman> Aprogas: no it isnt. it just doesnt work...;)[15:55:37] <Aprogas> DNSBLs and such will probably not work, unless they list IPv6 addresses too.[15:55:47] <Aprogas> You'll have to be more specific than "doesnt work" if you want to get any help.[15:57:03] <manicman> Aprogas: sry. my mta gets blocked: http://pastie.org/1069627[15:57:38] <Aprogas> That looks like an Amavis error, not a Postfix error.[16:00:49] <manicman> Aprogas: year thats right. thats why i generally asked for a documentation[16:01:46] <manicman> Aprogas: the amavisd runs at 127.0.0.1:10024 and i dont know how to tell him to run on ::1:10024[16:02:01] <manicman> postfix is able to connect to ::1:10024 but amavis doesnt listen on that port[16:02:28] <Aprogas> If Amavis supports IPv6, you probably just have to specific the listen address(es) somewhere.[16:02:33] <Aprogas> Is your kernel compiled without IPv4 support?[16:04:43] *** pyco_ has quit IRC[16:05:02] <manicman> Aprogas: no, i but for testing purpose i want to run postfix only on ipv6[16:06:53] <Aprogas> You are asking on #Postfix how to make Amavis listen on a IPv6 socket. Not only is your question in the wrong place, it is something that could be easily found in Amavis documentation. We are happy to help you, but you must work harder than us in getting your mailserver to work.[16:06:58] *** grobe0ba|away is now known as grobe0ba[16:08:35] <manicman> Aprogas: hm. sry for that. i know where i am asking. and because i didnt find anything useful about amavis by googleling, i asked for general documentation and not for something special...[16:09:02] <Aprogas> http://www.ijs.si/software/amavisd/amavisd-new-docs.html[16:11:44] <Aprogas> http://www.postfix.org/FILTER_README.html[16:17:48] *** SplashScreen has quit IRC[16:18:46] <manicman> Aprogas: thx[16:20:47] <zamba> adaptr: what configuration options do i need to configure for that?[16:20:51] <zamba> adaptr: just storing mail, that is[16:22:03] <wdp> uhm[16:22:05] <wdp> i got a question[16:22:08] <adaptr> are you not storing mail now ?[16:22:25] <zamba> adaptr: yeah, but you said something earlier about adding a transport for just storing mail[16:22:32] <zamba> that skips all checks[16:22:34] <adaptr> I did[16:22:42] <adaptr> investigate![16:22:47] <zamba> and i'm now wondering how to set that up[16:23:23] <wdp> Here in germany the "post" is doing something called "e-post". You can write them something like a mail, and they print it out and send it as letter to the destination. However; they wrote "not even our system administratiors can read the contents of such mails. They're crypted"[16:23:27] <zamba> well.. i don't really see that as neccesary, since i can just add the ip of the backup mx in $mynetworks and it'll work[16:23:41] <adaptr> great![16:23:43] <wdp> Now i'm wondering, is it possible to crypt mails using dovecot/postfix and such tools?[16:24:05] <wdp> in a way, that downloading mails, or watching them in webmail is still working[16:24:16] <wdp> (im just curious about how they to this crypt part)[16:24:21] <wdp> s/to/do[16:24:27] <adaptr> !pgp[16:24:27] <knoba> adaptr: Error: "pgp" is not a valid command.[16:24:30] <adaptr> !gpg[16:24:31] <knoba> adaptr: Error: "gpg" is not a valid command.[16:24:33] <adaptr> bah[16:24:39] <zamba> !gnupg[16:24:39] <knoba> zamba: Error: "gnupg" is not a valid command.[16:24:53] <wdp> adaptr, for gpg the customer needs to send it as gpg[16:24:59] <wdp> and the webmail would need to know how to handle it[16:25:07] <adaptr> obviously[16:25:14] <wdp> this is not the case :)[16:25:24] <wdp> hm. or[16:25:42] <wdp> mail gets in in plain - they do gpg with their own keys/stuff, and before printing them out, they decrypt it[16:25:44] <wdp> hmm[16:25:53] <wdp> any other way to do something similar?[16:26:02] <adaptr> similar to what ?[16:27:10] *** henriknj has joined #postfix[16:27:24] *** forsberg is now known as fOrsberg[16:27:31] <mrfrenzy> wdp: it is obviously bullshit, since the printer can decrypt the mails, so can also the system administrator[16:27:33] <rob0> I wonder what is the goal of such an encryption strategy? What problem does it solve? Still, at some point and in some way, a non-PGP user has to trust a system admin.[16:28:16] <rob0> ONLY user-controlled encryption can completely protect mail content from administrators.[16:28:20] <wdp> rob0, well, they say its about the "privacy of correspondence"[16:28:36] <rob0> Because "they" are ignorant, I guess.[16:28:42] <wdp> and i'm just curious (as most of you might) because as far as i know, this is NOT possible, as long as they're using the internet.[16:29:08] <wdp> heh.[16:29:12] <adaptr> no, they're ignorant, and you're considering buying into the nonsense[16:29:48] <wdp> so its just to give a good-feelin to some customers[16:30:14] <adaptr> to idiots, perhaps[16:30:33] <rob0> You as an end user are not assured of privacy. You could lie to them and give them a similar assurance. Doesn't make it so. "Snake oil," PRZ called it.[16:33:08] <rob0> Haven't we had this discussion here before?[16:33:12] <Aprogas> What the Post meant is that in normal circumstances the decrypting, printing and putting in a sealed paper envelope, is handled automatically an no sysadmin or employee is reading your message. But it is still possible for various people assigned to that automated process to manually intervene.[16:34:31] <jense> germany suckz...[16:38:13] <wdp_aao> Aprogas, yeah, well.[16:56:29] <lunaphyte> rob0: which time?[16:57:04] *** fken has joined #postfix[17:36:07] *** master_of_master has quit IRC[17:38:07] *** master_of_master has joined #postfix[17:44:38] *** Alagar has joined #postfix[18:09:32] *** fOrsberg is now known as forsberg[18:18:37] *** cpm has quit IRC[18:21:14] *** Vivek has joined #postfix[18:36:27] *** killown has joined #postfix[18:38:17] *** geb_ has quit IRC[18:42:32] *** libertiy has quit IRC[19:04:56] *** xabbuh has quit IRC[19:32:51] *** Matic`Makovec has quit IRC[19:55:20] *** psilo2 has quit IRC[20:02:48] *** e-jones has joined #postfix[20:03:39] *** uqlev has joined #postfix[20:07:00] *** mmcr has joined #postfix[20:11:50] *** jwit has quit IRC[20:12:48] *** magyar has quit IRC[20:14:22] *** Vivek has quit IRC[20:16:08] *** e-jones has quit IRC[20:17:26] *** magyar has joined #postfix[20:17:39] *** rajijoom has quit IRC[20:19:05] *** Cain has joined #postfix[20:20:55] *** manicman has quit IRC[20:27:14] *** manicman has joined #postfix[20:28:35] *** mr_claus has quit IRC[20:43:06] *** mr_claus has joined #postfix[20:48:59] *** Vivek has joined #postfix[21:04:30] *** Vivek has quit IRC[21:04:30] *** Vivek has joined #postfix[21:05:12] *** Vivek has quit IRC[21:05:12] *** Vivek has joined #postfix[21:06:39] *** soosfarm has quit IRC[21:08:48] *** soosfarm has joined #postfix[21:17:17] *** Vivek has quit IRC[21:17:59] *** hever has quit IRC[21:19:17] *** hever has joined #postfix[21:30:14] *** Matic`Makovec has joined #postfix[21:32:41] <Aprogas> heh "faca"[21:33:00] *** vici0us has quit IRC[21:37:05] *** mmcr has quit IRC[21:37:31] *** vici0us has joined #postfix[21:41:45] *** manicman has quit IRC[21:44:52] *** fken has quit IRC[21:50:33] *** bastid_raZor has quit IRC[21:53:13] *** brancaleone has joined #postfix[22:18:53] *** brancal has joined #postfix[22:21:16] *** Matic`Makovec has quit IRC[22:21:41] *** brancaleone has quit IRC[22:29:09] *** rm has joined #postfix[22:29:20] <rm> hello[22:29:44] <rm> I am trying to set up postfix to use a relayhost with SASL auth[22:30:23] <rm> like described e.g. here - http://www.freelock.com/kb/postfix-relayhost[22:30:44] <Aprogas> !tell rm tutorial[22:30:45] <knoba> rm: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[22:30:47] <Aprogas> !tell rm sasl[22:30:48] <knoba> rm: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[22:31:16] <rm> ...but the relay host replies with 554 5.7.1 <...>: Relay access denied (in reply to RCPT TO command)[22:31:29] <rm> how do I check that SASL auth is actually used by my Postfix?[22:31:56] <Aprogas> Look at its logs or sniff the traffic.[22:32:02] <Aprogas> Do you have access to the remote server logs?[22:32:55] <rm> no[22:33:08] <rm> is there a log of raw command exchanges?[22:33:15] <Aprogas> If the logs are not useful, and the traffic is TLS, you can increase verbosity level.[22:33:21] <rm> syslog just tells the same, Relay access denied[22:33:30] <Aprogas> Not by default, but the highest debug level probably lists all such things.[22:33:51] <Aprogas> I never used SASL, so I have no baseline logs to compare against what it should like.[22:35:21] <Aprogas> What does "postconf -A" return?[22:36:06] <rm> oh, debug_peer_* is so nice to have[22:36:14] <rm> so it turns out it doesn't try to use SASL[22:37:04] <rm> postconf -A returns "cyrus"[22:37:32] <Aprogas> Does the remote server announce SASL capability? Are you trying on port 25 or 587 ?[22:39:25] <rm> how does the announce look like?[22:39:43] <Aprogas> AUTH LOGIN PLAIN or AUTH=LOGIN PLAIN or both[22:40:02] <Aprogas> I doubt Postfix will attempt SASL if the server does not announce it.[22:40:46] <rm> no, it doesn't announce it[22:40:49] *** bastid_raZor has joined #postfix[22:41:36] <rm> and port 587 gives the error "Must issue a STARTTLS command first (in reply to MAIL FROM command)"[22:42:58] <rm> hmm, strange[22:43:20] *** famicom has quit IRC[22:43:29] *** uqlev has quit IRC[22:43:54] *** famicom has joined #postfix[22:44:32] <Aprogas> Not really.[22:45:16] <Aprogas> Using TLS+SASL on submission is common, and not using SASL on port 25 (to be used for exchange between mailservers) is also common.[22:45:40] <rm> okay, I get it[22:45:45] <Aprogas> Try: openssl s_client -connect mail.isp.example:587 -starttls smtp[22:45:56] <rm> the server announces SASL only when connected to over SSL[22:46:04] <rm> Aug 2 02:49:32 natsu postfix/smtp[10179]: CLIENT wrappermode (port smtps/465) is unimplemented[22:46:12] <rm> any way to fix that?[22:46:28] <lunaphyte> stop using smtps.[22:46:29] <Aprogas> Use STARTTLS on the submission port.[22:46:45] <rm> Aprogas, how to make postfix do that?[22:47:00] <Aprogas> The SASL readme I linked you to explains how to handle SASL combined with TLS.[22:49:23] <gueux> is it possible to receive an error message when a mail has been rejected by a server that my postfix was connected to?[22:50:26] <Aprogas> gueux: I think that is default behaviour. If Postfix accepts your email for delivery but then is unable to deliver, it will bounce. If the error is temporary, it will sit in the queue and Postfix will keep trying for 5 days.[22:52:54] <rm> excellent, it worked, thank you[22:53:12] <rm> I had to add "smtp_tls_security_level = may"[22:53:16] <rm> and use the port 587[22:54:39] <gueux> Aprogas: the email is actually bounced, but I do not get any error message :-([22:54:45] <Aprogas> You might want to change the smtp_sasl_security_options because that tutorial empties them, which can cause plaintext password leak.[22:54:56] <Aprogas> gueux: The error is in the bounce.[22:55:27] <Aprogas> SASL readme contains an error. It mentions smtpd_sasl_security_options in the client section.[22:56:24] <rm> with "noplaintext", the auth fails[22:56:42] <rm> (SASL authentication failed; cannot authenticate to server....: no mechanism available)[22:57:04] <Aprogas> http://www.postfix.org/SASL_README.html#client_sasl_policy[22:57:16] <rm> guess I'll replace "may" with "encrypt"[22:57:27] <Aprogas> That section explains the trick to not require noplaintext for TLS, but still require it for unencrypted.[22:57:50] <Aprogas> Except in that section replace "smtpd" by "smtp"[23:01:42] <gueux> Aprogas: mmh, sorry but I don't find out to get a warning messgae when an email is bounced :-([23:02:07] <Aprogas> gueux: I'm not sure what you mean.[23:02:27] <Aprogas> gueux: Do you mean you also want to be notified when mails from other clients get bounced?[23:08:25] *** skopii has quit IRC[23:08:42] *** skopii has joined #postfix[23:08:51] <gueux> Aprogas: I have postfix installed on my laptop and I've changed my default setting in /etc/postfix/transport from "* smtp:[smtp1]:25" to "* smtp:[smtp2]:25" because the lab where I was blocks the port 25 except if I connect to their smtp server. the problem is that it does not accept my messages when I am in the outside: I get error messages in /var/log/mail.log but I would like to warn the sender (me) that the email has been bounced ...[23:08:57] <gueux> ... (now I have to check the log file manually).[23:09:00] <gueux> hope that helps :-)[23:10:27] <Aprogas> Why would you do such a thing?[23:10:45] <Aprogas> Do you even want to receive mail on your laptop?[23:11:18] <Aprogas> !tell gueux nullclient[23:11:18] <knoba> gueux: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[23:11:29] <Aprogas> And if you insist on using Postfix:[23:11:32] <Aprogas> !tell gueux relayhost[23:11:33] <knoba> gueux: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[23:11:34] <gueux> ? because now, when I send a email to someone, the email is lost, and I don't know it[23:11:54] <Aprogas> Probably because the bounce is also being sent via the mailserver that refuses to send it.[23:12:33] <Aprogas> Does the mailserver of your ISP allow you to login remotely using SASL? Do that so it also works if you are on another network.[23:14:42] <gueux> I've no problem with my isp... it's just that I want to be warned if I forgot to change back my configuration when I'm outside of the lab.[23:16:14] <rob0> If your relayhost accepts mail with an undeliverable envelope sender address, that mail will be lost. That's not a Postfix problem, that's a "I don't understand how email works" problem.[23:18:32] <rob0> !why[23:18:32] <knoba> rob0: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[23:24:28] *** Jippi_mac has quit IRC[23:29:30] <wdp> knoba knows everything[23:32:31] <gueux> Aprogas: ok, it seems like I wasn't very clear... here is my transport file http://pastebin.com/pdmB3HAj of course I just change the last line[23:33:20] <gueux> of course I still want postfix to deliver local mails locally[23:33:28] *** forsberg is now known as fOrsberg[23:35:05] *** makomi has quit IRC[23:37:24] <gueux> I don't see the problem very well: the postfix on my laptop (as a client) connects to smtp2.org which gives to it an error message "Helo command rejected: need fully-qualified hostname". then I don't see why postfix wouldn't be able to send back a local message "your email can't be sent".[23:37:58] <Aprogas> It will.[23:38:47] <gueux> I'm sure it does not.[23:38:54] <gueux> that's why I ask.[23:38:59] <gueux> ...[23:39:10] <Aprogas> What do your logs tell you?[23:39:13] *** bastid_raZor has quit IRC[23:40:31] <gueux> Aprogas: http://pastebin.com/VdPjKyM1[23:41:23] <Aprogas> Any logs related to Postfix being unable to deliver the bounce anywhere?[23:42:14] <gueux> no, I don't think so[23:42:28] <Aprogas> I still think your transport_maps is interfering with things, use relayhost instead.[23:43:14] <gueux> the problem is that I would like to connect to two different servers depending of the destination of the email[23:43:41] <gueux> it's just possible with transport_maps, isn't it?[23:44:16] <Aprogas> I think transport_maps can still be used to override if relayhost is being used, you just won't need these localhost and * rules in transport_maps[23:44:30] <Aprogas> I've never seen a transport_maps like that, and your Postfix is behaving strangely, so that is what I blame.[23:44:46] <gueux> ok[23:45:00] <Aprogas> If the bounce is addresses to something that falls under the * map, it will try to deliver the bounce via the bouncing mailserver.[23:45:59] <gueux> so, I can also remove the "elcaca :" and "localhost.localdomain :", right?[23:46:03] <Aprogas> Yes.[23:46:06] *** pyco has quit IRC[23:46:24] <Aprogas> I think "elcaca" would never trigger anyway, since Postfix always will make a FQDN of unqualified hostnames.[23:47:05] <Aprogas> So Postfix will rewrite your Return-Path, and the bounce will go to user at elcaca dot $myorigin instead.[23:47:54] *** Yoann512 has quit IRC[23:48:20] <Aprogas> The relayhost documentation specifically mentions transport(5) will overwrite it, but relayhost will only apply to non-local mail.[23:48:24] *** rm has left #postfix[23:48:46] <Aprogas> So you no longer have to doubly specify your local domains in both mydestination and transport_maps, just make mydestination right, and relayhost will make Postfix do something sensible.[23:50:03] <gueux> mmm... I still have the same error message in mail.log, and no email of warning :-([23:50:46] *** bastid_raZor has joined #postfix[23:51:40] <Aprogas> Bounces will go to Return-Path, which I think is set based on the "MAIL FROM" used in the initial submission of the email, and that is dependent on mailclient settings.[23:52:03] <Aprogas> If however the relayhost accepts your message, it is out of your hands what happens after that.[23:52:15] <Aprogas> But the scenario you are describing is the relayhost rejecting to accept your message.[23:52:26] <Aprogas> Anyway, I must sleep.[23:52:55] <gueux> ok, thanks[23:54:03] *** smica has quit IRC[23:54:11] *** brancal has quit IRC[23:57:13] *** bastid_raZor has quit IRC