September 9, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 9, 2010 [00:07:49] *** Vivek has quit IRC[00:07:58] *** roe has quit IRC[00:21:03] *** cga_ has quit IRC[00:21:19] *** dragonheart has joined #postfix[00:28:28] *** uqlev has quit IRC[00:30:21] *** brancaleone has quit IRC[00:33:12] *** RoAcH has quit IRC[00:39:06] *** jimpop has left #postfix[00:41:39] *** smica has quit IRC[00:44:26] *** RoAcH has joined #postfix[00:56:18] *** felipe` has joined #postfix[01:01:33] *** CountDown has quit IRC[01:05:47] *** Heldwin has quit IRC[01:16:45] *** tharkun has quit IRC[01:22:55] *** leroux has joined #postfix[01:31:25] *** swarog has quit IRC[01:38:00] *** swarog has joined #postfix[01:43:30] *** dragonheart has quit IRC[01:51:54] *** fken has quit IRC[02:00:40] *** JonnyV has quit IRC[02:18:50] *** Dosshell has quit IRC[02:27:42] *** swarog has quit IRC[02:29:28] *** swarog has joined #postfix[02:41:48] *** magyar has quit IRC[02:42:14] *** magyar has joined #postfix[02:50:55] *** RoAcH has quit IRC[02:53:27] *** bluethundr has quit IRC[02:56:53] *** swarog has quit IRC[02:57:08] *** swarog has joined #postfix[02:59:48] *** forsberg is now known as fOrsberg[03:00:06] *** felipe` has quit IRC[03:09:17] *** robotarmy has quit IRC[03:22:18] *** loddafnir has quit IRC[03:25:48] *** rooky_ has joined #postfix[03:27:18] *** rooky has quit IRC[03:27:33] *** rooky_ is now known as rooky[03:46:13] <kad_> can i using "virtual_alias_maps" to change for ex: support at mail-kad dot redirectme.net Mailbox to other Path other than " /home/vmail" virtual_mailbox_base = /home/vmail ? thx[03:46:52] <lunaphyte> virtual_alias_maps has nothing to with the filesystem.[03:46:58] <lunaphyte> *nothing to do with[03:47:32] <kad_> ah ok[03:48:08] *** neekfenwick has joined #postfix[03:49:08] <neekfenwick> hi guys.. i was on the other day.. i'm still being used as a mail relay and cannot see why, perhaps someone can add info. i'll paste my conf, and an example log and example of mail being sent through my postfix[03:49:21] <neekfenwick> http://pastebin.com/fdTYW2DC[03:50:18] <neekfenwick> ppl were good enough to show me how to trace a queue id back to the original connect.. seems to come from 96.44.178.194 .. but my config says to only accept from local networks, or if they're authenticating somehow (i have sasl and dovecot enabled) that is not logged[03:51:05] <lunaphyte> where is the proof that you are being used as an open relay?[03:51:51] <neekfenwick> as soon as i start postfix, my mail log starts filling with errors from hotmail, yahoo etc. saying my spam email is rejected, and mailq shows queued emails to many recipients that i did not create[03:52:19] <lunaphyte> that does not mean you're an open relay.[03:52:54] <neekfenwick> that HELO example in the pastebin is a tcpdump extract.. i recorded tcpdump while starting postfix, and traced the 96.44... ip to the stream in wiresharks, and copied out the tcp stream, which i think shows a mail 'from' someone 'to' many different email addresses being sent through me[03:53:23] <neekfenwick> so perhaps 'open relay' is the wrong term.. what should i call it?[03:53:41] <lunaphyte> well, it depend on what's actually happening.[03:53:45] <lunaphyte> *depends[03:53:56] <neekfenwick> this is a personal VPS, run by me for me.. noone should be sending mail through it but me[03:54:04] <neekfenwick> in case you think a busy postfix is no odd thing :)[03:55:08] <lunaphyte> asking for help with such a problem but obfuscating the only valuable data is not likely to garner much interest or sympathy here, btw.[03:55:20] <neekfenwick> sorry, what did i obfuscate?[03:55:39] <lunaphyte> presumably lines 9-21, no?[03:56:14] <neekfenwick> it's clearly stated in the postfix 'get help on irc' web page that one should obfuscate innocent parties email addresses and other sensitive data before posting to get help[03:56:16] <rob0> If you remove permit_sasl_authenticated from restrictions, does that stop the spam being accepted?[03:56:22] <neekfenwick> trust me.. they're lots of different addresses in .tw[03:56:25] <lunaphyte> oh, line 3 also. i can't imagine those are the actual addresses used...[03:56:44] <rob0> lunaphyte, I saw real logs the other night.[03:56:59] <lunaphyte> but this doesn't make sense. the log file clearly says relay access denied.[03:57:16] <neekfenwick> rob0: ok i'll try that[03:57:17] *** googlah has quit IRC[03:57:45] <rob0> Problem description is accurate, there will be scores of "relay access denied" followed by an occasional multi-recipient spam to addresses in tw.[03:58:41] <rob0> neek, also stop one of these spams and pastebin it.[03:58:44] <rob0> !postcat[03:58:45] <knoba> rob0: "postcat" : a command for printing the contents of a mail in the queue. See "man postcat".[03:59:10] <lunaphyte> well, if we're fighting intermittent behavior, then yes, trial and error, removing variables one by one (or removing them all and adding back one by one) is a sane troubleshooting approach.[03:59:12] <rob0> well, stop ALL of them, but don't delete at least one before showing it.[03:59:52] <neekfenwick> lunaphyte: it's not really intermittant.. my problem never goes away :)[04:00:03] <rob0> I think he's not getting into major RBLs because the targets seem to be all in tw.[04:00:13] *** swombat has quit IRC[04:00:16] <neekfenwick> rob0: i'm a bit confused.. i check mailq.. empty.. start postfix.. immediate logging flood about NOQUEUE's .. stop postfix.. mailq still empty[04:00:37] <neekfenwick> i guess that's 'good'.. those are rbl'd attempts that aren't being queued[04:00:59] <neekfenwick> should i run postfix for some time and watch mailq to see if anything's queued? i guess so[04:01:04] <rob0> okay, are there any postfix/smtp logs of you trying to send to .tw addresses?[04:02:27] <neekfenwick> reading this maillog makes my brain hurt. what does this mean:[04:02:44] <rob0> we need a LOGGING_README[04:02:50] <neekfenwick> Sep 9 03:04:58 vps11530 postfix/smtpd[19599]: NOQUEUE: reject: RCPT from unknown[96.44.178.194]: 554 5.7.1 <jonh20036308 at yahoo dot com.tw>: Relay access denied; from=<uylkzyfibx at yam dot com> to=<aaaaaaaa at aaaa dot aaa.tw> proto=SMTP helo=<109.75.168.182>[04:02:56] <neekfenwick> ah hell[04:03:14] <rob0> see !relay_denied, that means you DTRT[04:03:47] <rob0> BTW most of these are trivial to block ... that is an invalid HELO.[04:03:55] <rob0> !cheatsheet[04:03:55] <knoba> rob0: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[04:04:08] <neekfenwick> ok that seems good. i wish, as well as all the standard manuals, there were decent tutorials on dealing with this problem :( the 'secure your postfix' tutorials i followed didn't even mention RBL[04:04:10] <neekfenwick> ok[04:04:38] <neekfenwick> this where i get shows the manuals i _should_ have read :)[04:05:52] <rob0> I use a pcre: check_helo_access of !/[[:alpha:]]/ REJECT[04:06:02] *** jeremymcs has quit IRC[04:06:31] <rob0> that takes out all HELO ip.add.re.ss as well as the technically valid HELO [ip.add.re.ss][04:06:51] *** swombat has joined #postfix[04:06:57] <rob0> but, no legitimate MTA should ever need to use such a HELO[04:07:01] <neekfenwick> ok i just ran postfix for a while, spam arrived in mailq despite taking out the sasl_auth thing[04:12:24] <rob0> !postsuper[04:12:24] <knoba> rob0: "postsuper" : the queue supervision tool for postfix. Use it with the option "-d" to remove mails from the queue. See 'man postsuper' for more information.[04:13:16] <rob0> On hold it is safe, you won't be relaying anything[04:13:39] <neekfenwick> trying to follow docs .. is it right to specify "check_helo_access regexp:/etc/postfix/helo_access" .. and then have just your "!/[[:alpha:]]/ REJECT" in that file?[04:13:45] <rob0> you could even set "defer_transports = smtp"[04:14:05] <neekfenwick> (that's "smtpd_recipient_restrictions = ..blah..,check_helo_access regexp:/thefile"[04:14:28] <rob0> right, but I do really want to see that spam, headers anyway[04:15:08] <neekfenwick> ok i've -h held the 2 in my queue (postfix is stopped)[04:15:12] <neekfenwick> how to dump for you?[04:15:47] <rob0> This could be an actual bug, but given that 2.3 is more than a year EOL'ed, Wietse might not fix it.[04:16:19] <neekfenwick> i searched for how to upgrade my centos, but this seems to be the latest rpm they provide, even the centosplus "recompiled packages with extra goodies" repo doesn't have a newer version[04:16:23] <rob0> *year past[04:16:32] <neekfenwick> which is pretty weird, for centos, i guess it's redhat EL related[04:16:54] <rob0> Right, and if RedHat is shipping broken EOL'ed software, it's up to them to fix it.[04:17:14] <rob0> it's not weird, it is a feature[04:17:18] <neekfenwick> this is centos 5.5. installed earlier this year, it's pretty much as fresh as centos gets[04:17:20] <neekfenwick> :)[04:17:31] <neekfenwick> anyway.. what form of dump would you lieko f this queue?[04:17:41] *** |neorise-rider| has quit IRC[04:17:46] <neekfenwick> mailq doesn't tell me much, just from/to addresses[04:18:13] <rob0> 02:05 < rob0> neek, also stop one of these spams and pastebin it. 02:05 < rob0> !postcat[04:18:34] <neekfenwick> ah right. i ran postcat and it hung, probably waiting for stdin.. i'll check man..[04:19:26] <neekfenwick> oh ok, they're in /var/spool/postfix/hold[04:20:12] *** jeremymcs has joined #postfix[04:21:08] <neekfenwick> http://scsys.co.uk:8002/50361 there's one[04:22:55] <neekfenwick> http://scsys.co.uk:8002/50362 and the second of two[04:23:15] <rob0> Weird. IIRC there should be a SASL AUTH attribute and a header, if it authed.[04:23:26] <neekfenwick> this is with sasl auth taken out of the conf[04:24:39] <rob0> oh yeah[04:25:04] <neekfenwick> i think my conf was as i pasted earlier, but with the sasl auth thing you mentioned taken out. since then i've actually added more directives as per that cheatsheet, but not yet restarted postfix with those changes, so my conf is a little muddied right now.. i'll like to run again and see what happens[04:25:11] <neekfenwick> those 2 are Held, so shouldn't hurt[04:25:53] <rob0> well, I'm still wondering how/why these were accepted.[04:26:29] <neekfenwick> yeah, i would like to know too :) am happy to provide info[04:28:12] <rob0> Do you have any of the old verbose logging still? Would be cool if we could see one being accepted, but that would be a needle in a haystack of verbose garbage.[04:31:40] <neekfenwick> rob0: yes, i have a 200Mb gz of one maillog that filled my system :)[04:32:29] <neekfenwick> it's really hard to know what to cut and send you, i'd be afraid to miss something out.. it's 3.8Gb expanded :P[04:32:47] <neekfenwick> that was with smtpd -v in master.cf[04:33:39] <neekfenwick> rob0: i'll make it avail on my webserver and pm you the url, ok?[04:33:54] <rob0> sure[04:34:13] <rob0> lunaphyte: you want to try too?[04:34:26] <rob0> (he might have gone to bed)[04:34:57] <neekfenwick> you'll have to wait a bit while i re-upload it, slow connection.. meanwhile i can get on with some real work! :)[04:40:38] <neekfenwick> rob0: oh, i have a brief tcpdump of an example connection from one of these spammers, from today, if that might show you.. probably won't contain anything more than that postcat output[04:42:15] <rob0> tcpdump tells us what we already know. What we do NOT know is smtpd(8)'s reasoning in accepting the spams; smtpd -v would have that.[04:43:04] <neekfenwick> fine. might help to simply take a fresh -v dump now, rather than feck around with this 4 day old log[04:43:16] <neekfenwick> i'm being drawn back into real work.. went live with a new website on tuesday. life is hectic[04:48:29] <rob0> If you're going to try new verbose logging, you need to set defer_transports as above.[04:49:04] <rob0> !defer_transports[04:49:05] <knoba> rob0: "defer_transports" : a configuration parameter in the main.cf: The names of message delivery transports that should not be delivered to unless someone issues "sendmail -q" or equivalent. Specify zero or more names of mail delivery transports names that appear in the first field of master.cf).[04:49:22] <kad_> can i change the default permissions of mailboxes from 600 to 660?[04:52:05] *** pinoyskull has joined #postfix[04:58:43] *** MAAAAAD has joined #postfix[05:00:10] *** pinoyskull has quit IRC[05:01:55] <AstralStorm> kad_: yes[05:02:04] <AstralStorm> if you want to know how, I recommend man 5 postconf[05:02:21] <neekfenwick> rob0: so.. do you recommend "defer_transports = smtp"?[05:02:35] *** MAAAAD has quit IRC[05:03:18] <neekfenwick> these docs read like stereo instructions[05:04:10] <standon> no, they read wonderfully.[05:04:36] <neekfenwick> standon: yes, if you understand every word they use :)[05:05:15] <neekfenwick> i don't know why rob0 suggested i set defer_transports (i.e. what i'm trying to achieve) and i don't know which 'delivery transport' of the 20 or so i see in master.cf to specify[05:06:20] <neekfenwick> we're trying to get verbose logging of connection attempts to my postfix.. i don't see what defer_transports will acheive, other than perhaps stopped the delivery process at some stage, and i don't want to stop it at the wrong stage or it'll pollute the test we're trying to make[05:06:49] <AstralStorm> kad_: actually, local delivery can't do this (for some idiotic reason nobody really knows and is handwaved away by "security")[05:07:06] <standon> you don't need defer_transports for verbose logging.[05:07:25] <AstralStorm> kad_: virtual delivery agent has virtual_gid_maps[05:07:29] <neekfenwick> standon: that's what i thought, and yet rob0 said "you need to set defer_transports"... see above[05:07:39] <standon> neekfenwick: http://www.postfix.org/DEBUG_README.html#debug_peer[05:08:04] <kad_> AstralStorm, ya thx now i saw it i'll map each mail it's own gid/uid[05:08:21] <AstralStorm> you can also use static map.[05:08:27] <AstralStorm> as in static:<group>[05:08:47] <AstralStorm> not the best of ideas if the users are members of this group, though useful for some setups[05:09:09] <neekfenwick> standon: i saw that the other day.. i've commented debug_peer_list out altogether, which i think means it'll log all peers (which is what i want). the main.cf comment doesn't seem to specify what happens when nothing is specified[05:09:39] <AstralStorm> kad_: oh, and you can always use your own delivery app[05:10:50] <rob0> You know you are being used by a spammer. You need to set "defer_transports = smtp" such that no spam goes out.[05:11:19] <rob0> neekfenwick,standon: ^^[05:11:46] <neekfenwick> right, that explains the 'why' and tells me which option (smtp) is safe :) thx[05:12:04] <neekfenwick> i just restarted.. many "Helo command rejected" in log.. looks good, as per your advice rob0[05:13:18] *** pinoyskull has joined #postfix[05:14:07] <kad_> AstralStorm, like this http://pastebin.com/DKAMvNza ?[05:15:24] <AstralStorm> kad_: looks fine[05:15:37] <AstralStorm> oh, wait, there's a problem[05:15:57] <AstralStorm> $mydomain is what? something different?[05:16:23] <AstralStorm> the domains used in virtual delivery *have* to be listed in that virtual_mailbox_domains option[05:16:41] <rob0> Sadly neek, I think the check_helo_access is going to block all from this particular spammer. :([05:17:10] <Dominian> So uhhh[05:17:17] <Dominian> reading semi-backlog shows someone as an open relay?[05:17:19] *** kad__ has joined #postfix[05:17:29] <kad__> sorry dc[05:17:31] <kad__> AstralStorm, no, i remove it from : $mydestination and use at :virtual_mail_domains because i need to authenticate thru LDAP users too[05:17:42] <kad__> virtual_mailbox_domains*[05:17:44] <AstralStorm> this is correct[05:17:52] <rob0> Dominian: kind of. He rejects most of them, relay access denied, but occasionally one goes through.[05:17:56] <AstralStorm> but I'm not sure if your $mydomain is redirectme.net[05:17:57] <Dominian> ah[05:18:04] <Dominian> rob0: rbl checks?[05:18:10] * Dominian didn't read back all that far[05:18:14] <AstralStorm> rob0: 2bounce maybe?[05:18:23] <rob0> This spammer isn't in RBL.[05:18:24] <kad__> AstralStorm, i got it from "no-ip.org" just for testing before apply on real one =)[05:18:31] <kad__> AstralStorm, you know[05:18:36] <AstralStorm> no really, disabling bounces is the first thing you have to do nowadays[05:18:37] <rob0> s/RBL/Zen/[05:18:42] <AstralStorm> otherwise you will send bounce spam[05:19:09] <AstralStorm> no bounces to external addresses[05:19:41] <kad__> AstralStorm, but i receive this error: http://pastebin.com/TyDAgemL when i use the "virtual_uid" file[05:19:58] <AstralStorm> kad__: did you run postmap on it?[05:20:02] <kad__> yup[05:20:44] <Dominian> disable bounces,,, uhh why?[05:20:47] <lunaphyte> uh, please don't tell people to "disable bounces".[05:20:55] <lunaphyte> that is *not* good advice.[05:20:57] <AstralStorm> also don't forget to set virtual_mailbox_base[05:21:02] *** kad_ has quit IRC[05:21:03] <AstralStorm> lunaphyte: external bounces.[05:21:06] <AstralStorm> they're silly[05:21:08] <lunaphyte> immaterial.[05:21:09] <Dominian> eh[05:21:17] <lunaphyte> what on earth are you talking about?[05:21:21] <Dominian> postfix doesn't give two shits if itis external or internal.. its a 'bounce'[05:21:21] <AstralStorm> I can spam your nonexistent addresses with forged From to spam anyone with those[05:21:29] <lunaphyte> no you can't[05:21:30] <Dominian> AstralStorm: try it[05:21:34] <Dominian> gaurantee it won't work[05:21:36] <Dominian> :)[05:21:42] <Dominian> especially on a properly configured postfix instance[05:21:45] <AstralStorm> correct[05:21:46] <lunaphyte> you need to do some more reading on backscatter, my friend.[05:21:52] <Dominian> !backscatter[05:21:52] <knoba> Dominian: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.[05:22:08] <kad__> AstralStorm, it's set as: virtual_mailbox_base = /home/vmail[05:22:11] <AstralStorm> lunaphyte: it can be disabled, I think that's the case now[05:22:19] <AstralStorm> kad__: does that dir exist and is writable?[05:22:36] <AstralStorm> and what's your uid map[05:22:38] <lunaphyte> huh? what can be disabled/[05:22:40] <lunaphyte> ?[05:23:13] <AstralStorm> lunaphyte: see the filters there[05:23:29] <AstralStorm> they're complex, I bet the guy who asked, rob0, doesn't have them set[05:23:29] <kad__> AstralStorm, drwxrwxrwx 3 vmail vmail 4096 2010-09-09 06:21 vmail andmy uid map = support at mail-kad dot redirectme.net 1000[05:23:31] <lunaphyte> dude - *what* are you talking about?[05:23:40] <AstralStorm> lunaphyte: no, what are *you* talking about.[05:24:23] <lunaphyte> you need to spin down your propellers a bit here...[05:24:24] <AstralStorm> removing backscatter is work[05:24:44] <lunaphyte> and?[05:24:50] <AstralStorm> and I bet rob0 has done none[05:24:56] <lunaphyte> don't backscatter and you will not need to "remove" any.[05:25:02] <AstralStorm> .......[05:25:09] <AstralStorm> have you *read the doc*?[05:25:31] <lunaphyte> ffs, what in god's name are you talking about?[05:25:40] <AstralStorm> that unknown recipient code.[05:26:05] <AstralStorm> that's been done in 2.4[05:26:09] <AstralStorm> it's fairly recent[05:27:20] <AstralStorm> also he might get spammed by backscatter from other servers[05:27:27] <AstralStorm> and I think that's the issue[05:27:34] <AstralStorm> not the fact that he's sending spam to someone[05:28:03] <AstralStorm> and as you can see, getting rid of this kind of spam is... hard[05:28:55] <lunaphyte> first of all, "that unknown recipient code" is far to vague to be of any value. second, there is nothing you can do to prevent backscatter from others.[05:29:04] *** kad__ has quit IRC[05:29:16] <lunaphyte> and third of all, i don't recall anyway making claims that dealing with spam was "easy".[05:29:22] <AstralStorm> heh[05:29:39] <AstralStorm> <Dominian> postfix doesn't give two shits if itis external or internal.. its a 'bounce'[05:29:52] <AstralStorm> oh it does, internal unknown recipient could be bounced as usual[05:29:59] <lunaphyte> sigh.[05:30:40] <AstralStorm> indeed sigh[05:30:44] <AstralStorm> I was talking to the wrong person[05:30:56] <lunaphyte> let's put an end to this. as i originally requested, please do not tell people to disable bounces. if you continue to do so, you will quickly wear out your welcome in this channel.[05:31:17] <AstralStorm> oh wait, the bounces *are* disabled by default[05:31:23] <lunaphyte> wrong[05:31:25] <AstralStorm> except the relay bounces[05:31:30] <lunaphyte> wrong[05:31:32] <AstralStorm> almost every code is 550[05:31:41] <lunaphyte> unrelated.[05:34:27] <AstralStorm> maybe I forgot to qualify that "disable bounces" part[05:34:48] <AstralStorm> it was supposed to mean "disable bounces to see if they cause the spam"[05:34:53] <neekfenwick> well this is annoying.. my server is now rejecting many attempts from spammers, but I get "Server configuration error" in the log when i try to email myself from hotmail (as a 'valid' test), and postfix emails my postmaster alias with an error report[05:35:16] <AstralStorm> hmm? what have you done this time?[05:35:27] <neekfenwick> no idea, postfix doesn't tell me :)[05:35:34] <AstralStorm> no, I mean, diff on a config file?[05:35:42] <neekfenwick> comment out main.cf changes one by one, reload postfix, send test email, repeat?[05:35:43] <lunaphyte> show the log[05:35:47] <lunaphyte> , us usual.[05:35:50] <neekfenwick> ok hang on[05:35:57] <lunaphyte> *as usual[05:36:21] <AstralStorm> as for the spam, maybe you forgot to disable multirecipent bounces?[05:36:30] <AstralStorm> those are an evil way to spam people...[05:37:55] <neekfenwick> ah wait, i think i have a rogue ",cd" on the end of my smtpd_recipient_restrictions line[05:38:09] <AstralStorm> heh[05:38:09] <neekfenwick> annoying that postfix doesn't say which config line is at fault.. let me try fixing that[05:40:42] <neekfenwick> yes that was it, sorry. i'm spoiled by other software (httpd), thinking if postfix starts its config must be valid[05:41:10] <AstralStorm> there's a way to run a check before (re)starting[05:41:59] <AstralStorm> also I prefer to configure permit_auth_destinations, reject[05:44:35] <neekfenwick> um, i have reject_unauth_destination :)[05:45:17] <AstralStorm> the problem is that I can't see any other permit[05:45:33] <AstralStorm> oh, whatever, it's fine[05:45:42] <AstralStorm> unless you have any backup mx or so[05:46:42] <neekfenwick> i'm just so glad my mailq seems to be uncluttered now, mostly due to the spammer not having fqdn and being denied due to that[05:48:28] <AstralStorm> permit_mynetworks before reject_unauth_destination? could that be the issue?[05:48:47] <AstralStorm> (in case your networks are a bit broad)[05:49:06] <neekfenwick> i think mynetwork is defaulting to subnet, so should be ok, no?[05:49:17] <lunaphyte> permit_mynetworks wouldn't be of much value if it were after reject_unauth_destination.[05:49:30] <AstralStorm> hmm, indeed[05:49:30] <lunaphyte> do not rely on that behavior.[05:49:48] <AstralStorm> though mynetworks is quite silly regardless[05:50:13] <lunaphyte> leave mynetworks_style alone (e.g. omit it from main.cf), and set values explicitely.[05:50:57] <AstralStorm> = host can be good sometimes[05:51:00] <lunaphyte> you really should be requiring authentication for all mail submission anyway, and should be doing so only on port 587 anyway.[05:51:36] <lunaphyte> there should be no mynetworks or sasl on port 25 at all, for any reason.[05:51:46] <AstralStorm> yes[05:52:00] <AstralStorm> actually, sasl on 25 might be available for legacy reasons[05:52:08] <AstralStorm> but mynetworks? evil.[05:52:19] <lunaphyte> that's contradictory.[05:52:41] <AstralStorm> some silly apps still assume all SMTP is port 25[05:52:46] <lunaphyte> there is no legacy at this point. the submission protocol has ben well defined for many many years.[05:52:49] <lunaphyte> *been[05:52:56] <AstralStorm> yes, and has been ignored for many years[05:53:23] <lunaphyte> those who choose to ignore will become irrelevant.[05:53:34] <AstralStorm> yeah, in 20 years of SMTP they have not[05:53:40] <AstralStorm> so they will become irrelevant in a week[05:53:58] <lunaphyte> all we can do is try, and encourage appropriate behavior.[05:54:06] <neekfenwick> so my Thunderbird should be connecting to my server running postfix on port 587, not 25?[05:54:14] <AstralStorm> technically yes[05:54:15] <lunaphyte> indeed.[05:54:38] <neekfenwick> it happily defaults to 25 when you add a new outgoing smtp connection[05:54:49] <lunaphyte> quite unfortunate.[05:54:50] <AstralStorm> as do most mail clients. which is wrong[05:54:55] <neekfenwick> woe is us[05:57:17] <lkthomas> ha[05:57:20] <lkthomas> actually[05:57:35] <neekfenwick> perhaps it sniffed my server and my firewall blocks 587[05:58:04] <lkthomas> if we use exchange MAPI to write sync server, would it violate exchange patent ?[05:58:17] *** lifeofguenter has quit IRC[05:59:03] <AstralStorm> neekfenwick: other servers should use port 25[05:59:17] <neekfenwick> rob0: and whoever wants it: http://nickfenwick.com/maillog.abc .. it's a .gz file really[05:59:28] <AstralStorm> your senders (relay users) should use port 587[05:59:34] <neekfenwick> that's a maillog from some days ago when my server was being used to send spam[06:00:27] <AstralStorm> uhm, 240 MB? what?[06:00:34] <AstralStorm> can't you trim this to relevant parts?[06:00:52] <neekfenwick> AstralStorm: yeah i see what you mean. i bet it's a firewall thing.[06:00:53] <neekfenwick> yeah[06:01:16] <neekfenwick> well, i'm a bit tired of dealing with these logs :) ok i'll have a go.. it's bloody huge[06:01:26] <AstralStorm> just find a typical spam[06:01:33] <AstralStorm> pastebin that bit of a log[06:02:30] <AstralStorm> note that I had servers blacklisted due to virused machines in the same domain[06:02:37] <neekfenwick> my problem was that i didn't know how to recognise a 'typical spam', i kept being asked to trace it back to the initial connect, which i then couldn't find. perhaps i'll have more luck today with my new knowledge[06:02:37] <AstralStorm> RBLs are evil that way[06:02:53] <neekfenwick> yeah, i now cannot send test emails from my secured server to my hotmail, because my server is RBL'd[06:02:54] <neekfenwick> yay[06:02:55] <AstralStorm> check the source[06:03:11] <AstralStorm> RBLs are an extremely dumb idea[06:03:27] <AstralStorm> far too much trust in them[06:04:23] <rob0> heh, yup, we're a dumb bunch around here[06:04:28] <AstralStorm> it's fairly easy to DoS a server that way[06:05:12] <AstralStorm> just aim a well-crafted spam with correct forged information at the RBL of choice[06:05:24] <neekfenwick> oops, perhaps i shouldn't vi a 4gb file[06:05:40] <AstralStorm> hehe[06:06:29] <neekfenwick> what's a good way to chop a massive file from line x to line y?[06:06:43] <AstralStorm> read man cut[06:06:49] <neekfenwick> i normally load into vi/vim and use ":,$ d" type stuff[06:06:49] <neekfenwick> ok[06:06:54] <AstralStorm> or man head and man tail[06:07:04] <rob0> Holy crap, do you really think RBL operators cannot tell where spam comes from?[06:07:06] <neekfenwick> i use cut for column based .. fair enough[06:07:21] <AstralStorm> rob0: they sometimes can, sometimes not[06:07:30] <AstralStorm> ever heard of IP spoofing?[06:07:38] <rob0> AstralStorm: rubbish, you have no clue.[06:09:35] <AstralStorm> there are other attacks that are far harder to pull off against an RBL, like DNS poisoning (with a forged SPF record)[06:10:56] <AstralStorm> hopefully those RBLs do use external DNSSEC dns servers[06:11:09] <AstralStorm> (oh wait, most don't :> )[06:13:12] <lunaphyte> please, dispense with al of this buzzword nonsense.[06:13:19] *** MAAAAAD has quit IRC[06:13:41] *** MAAAAAD has joined #postfix[06:13:49] <AstralStorm> see, if an RBL doesn't validate their DNS against root servers, it's worthless[06:14:10] <lunaphyte> you are living in a dream world.[06:14:15] <AstralStorm> no shortcuts ever.[06:14:42] <lunaphyte> no shortcuts ever, says the boy who wants to disabled bounces.[06:14:45] <lunaphyte> *disable[06:14:47] <AstralStorm> it cannot attempt direct connection to the DNS server without validating its IP address from an external source[06:14:56] <AstralStorm> lunaphyte: *for testing*. I forgot to mention that[06:15:09] <rob0> The fact is, if it were so trivial to DoS a DNSBL, spammers would have done that, and they would not be in such wide use.[06:15:27] <AstralStorm> rob0: it's trivial to DoS some mail servers that way[06:15:37] <AstralStorm> but not the DNSBL itself[06:15:49] <psilo2> How do you go about spoofing any ol' IP?[06:15:49] <AstralStorm> and not the major mail servers - those are often whitelisted[06:15:58] <lunaphyte> yes, of course, that is why it happens *so* frequently.[06:16:07] <AstralStorm> psilo2: you need a rogue ISP and an entry that doesn't filter routes well[06:16:13] <AstralStorm> there are enough in the world[06:16:20] <rob0> A spam DNSBL which publishes non-spamming IP addresses is not trustworthy, and thus DoS'ed.[06:16:40] <AstralStorm> yes, unless said non-spamming IP addresses are small services[06:17:54] <rob0> CBL is the premier spam DNSBL, and I have never known it to be wrong. Collateral damage occurs when a virus is spewing on the same IP address as a legitimate mail server. Other than that, CBL blocks no mail.[06:18:06] <AstralStorm> I like the "other than that" part[06:18:20] <neekfenwick> new maillog extract: http://nickfenwick.com/maillogtmp2.gz[06:18:24] <AstralStorm> if it ever blocks valid mail, it's wrong to use as a kill-list[06:18:37] <rob0> (And that sort of collateral damage is a Good Thing, because it tells the operator to clean up their network.)[06:18:40] <AstralStorm> it is good to use as a weight in a fuzzy algorithm though[06:19:00] <AstralStorm> (like that old spamassassin)[06:19:19] <neekfenwick> 321166768088 is a queue id i picked, it shows a connect and goes on to log relay denied's[06:19:27] <rob0> A site with a virus has a duty to clean it up.[06:19:43] <AstralStorm> yeah, and an ISP has a duty to block all SMTP[06:19:45] <AstralStorm> ha, ha[06:19:49] *** ghobad has joined #postfix[06:21:06] <AstralStorm> SPF should be enough in those cases.[06:26:04] <AstralStorm> about the only thing RBLs save is some processing off the spam filters[06:28:00] <rob0> neekfenwick: 321166768088 has some relay denied, was it accepted later?[06:28:30] <rob0> looks like the same smtpd kept that queue ID for several attempts[06:29:18] <neekfenwick> rob0: yes, maybe.. but weren't you interested in why the connection was accepted to my postfix in the first place?[06:29:24] <neekfenwick> is it worth hunting later in the log?[06:29:50] <AstralStorm> hmm, interesting[06:29:55] <AstralStorm> you seem to spam hotmail[06:30:12] <neekfenwick> AstralStorm: several servers.. that's not really important[06:30:12] <AstralStorm> via bounces[06:30:37] <AstralStorm> I suppose you've fixed that to not send bounces to unauth destinations (which I think is the default)[06:30:39] <neekfenwick> though i suppose i shouldn't be the one saying what's important and what's not :)[06:30:49] <neekfenwick> i don't think i've touched bounce related config[06:31:05] <neekfenwick> the spam attempts seem to be all denied because they don't have a fqdn[06:31:16] <neekfenwick> so the attempts to enqueue are stopped at connect time[06:31:34] <neekfenwick> (obviously that's not in the log you see there, that's as of about an hour ago)[06:32:31] <rob0> I want to see why you accepted the spams. 321166768088 wasn't accepted, that I can see. It was smtpd PID 29799.[06:33:06] <neekfenwick> oh? i'm confused. if i see a queue id in my log, surely that means the message has been accepted by me?[06:33:12] <rob0> nope[06:33:22] <neekfenwick> it then sits in my mailq and will be delivered by me to hotmail, yahoo or wherever[06:34:15] <neekfenwick> these spams were never delivered to a local mailbox, 'accepted' in that sense[06:34:31] <rob0> I'm not actually sure why a queue ID was requested for that one. smtpd(8) asks qmgr(8) for a queue ID when it thinks it will accept something. I don't know how it "thinks" because most rejects are NOQUEUE.[06:34:53] <denysonique> What is the purpose of virtual_minimum_uid[06:34:55] <denysonique> ?[06:35:17] <AstralStorm> denysonique: to limit the virtual_uid_maps[06:35:56] <AstralStorm> it's an anti-stupid protection[06:36:40] <denysonique> AstralStorm, ok I don't understand. Can you show me an example please?[06:37:00] <neekfenwick> rob0: ok, all a bit over my head to be honest[06:37:11] <neekfenwick> (hence why i'm here :))[06:37:30] <AstralStorm> denysonique: if you use anything more complex than a hash: or dbm: map[06:37:36] <neekfenwick> i'm 99% happy now, in my ignorance... just trying to help you guys understand[06:37:52] <AstralStorm> neekfenwick: check if you can flush the queue, esp. the broken bounces[06:37:58] <AstralStorm> there seem to be some in there[06:38:04] <AstralStorm> not sure they're still relevant[06:38:09] <neekfenwick> AstralStorm: my queue is now happy, now that it's no longer filling up[06:38:13] <AstralStorm> mhm[06:38:26] <neekfenwick> there happen to be 2 held right now, for debug purposes, but i'll delete them pretty soon[06:38:49] <neekfenwick> otherwise, normail emails are going through it ok (i'm on various mailing lists etc)[06:39:32] <AstralStorm> denysonique: it especially makes it easy to include passwd: uid map[06:39:43] <AstralStorm> without shooting yourself in the foot too badly[06:39:49] <neekfenwick> i can't actually send email, but i'll worry about that later, i have work to do[06:39:53] <AstralStorm> it's not the best of ideas, still[06:40:12] <denysonique> AstralStorm, virtual_uid_maps - this is for the uid of the postfix process writing the mail right?[06:40:52] <AstralStorm> yes, for virtual(8)[06:41:22] <denysonique> AstralStorm, how minimum ID would protect user a - uid 2001 from user b - uid 2000? When the virtual_min_uid would be 2000?[06:41:33] <AstralStorm> it's not for that[06:42:10] <AstralStorm> it's so that some silly doesn't send mail and run a delivery as user bin or daemon[06:42:16] <rob0> neek, found one in maillog.abc, D7F396768086[06:43:08] <AstralStorm> rob0: that one got "relay access denied"[06:43:52] <denysonique> AstralStorm, Line 5: The virtual_minimum_uid specifies a lower bound on the mailbox or maildir owner's UID. This is a safety mechanism in case someone makes a mistake. It prevents mail from being written to sensitive files.[06:43:58] <denysonique> AstralStorm, okay thanks[06:44:02] <denysonique> AstralStorm, I somehow missed that line[06:44:47] <rob0> neek, Sep 5 01:16:40 vps11530 postfix/qmgr[9970]: D7F396768086: from=<jnpwftf at msn dot com>, size=1724, nrcpt=27 (queue active)[06:45:14] <rob0> um, that was smtpd pid 29749[06:45:19] <AstralStorm> oh, in the large log[06:45:27] <AstralStorm> how the heck...[06:45:41] <AstralStorm> it should've been rejected due to relay[06:48:01] <rob0> This should have been status=2: Sep 5 01:16:38 vps11530 postfix/smtpd[29749]: generic_checks: name=reject_unauth_destination status=0[06:48:32] <AstralStorm> sounds to me like overly broad mynetworks[06:50:26] <neekfenwick> rob0: i keep missing this chat cause you don't use my full name :) .. ok, so, mynetworks possibly at fault.. it's 127.0.0.0/8 .. not sure how that is overly broad :)[06:51:13] <rob0> no, this 29749 smtpd was unable to resolve reject_unauth_destination[06:51:26] <rob0> it is not permit_mynetworks[06:51:59] <AstralStorm> status=0 means it got accepted due to that[06:52:01] <rob0> I see after that D7F... one it accepted another one, as well[06:52:15] <AstralStorm> "matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains"[06:52:25] <AstralStorm> so one of those is overly broad[06:52:49] <AstralStorm> or $relay_domains of course[06:53:44] <AstralStorm> bad dns misresolving msn.com to something matching those?[06:55:48] <AstralStorm> (which then gets bounced and backscatter reaches the spam target after a while)[06:56:57] <AstralStorm> or something even more unexpected[07:01:01] <rob0> neekfenwick: I'm too tired tonight, but this needs to be posted on the mailing list for Wietse, although as noted, the 2.3.3 version is long past support. I'll try to assemble it tomorrow.[07:01:21] <neekfenwick> rob0: ok, all your help is greatly appreciated[07:01:29] <neekfenwick> beers are in the mail[07:02:24] <rob0> At this point if you read !cheatsheet and do the HELO checks I suggested ... oh, here's another one:[07:02:46] <rob0> !/\./ REJECT[07:02:47] <knoba> rob0: Error: "/\./" is not a valid command.[07:02:48] *** Motoko-chan has joined #postfix[07:03:12] <rob0> (that is the same as reject_non_fqdn_helo_hostname)[07:03:23] <neekfenwick> i've added your HELO check from earlier.. ok[07:03:30] <rob0> ... with those you should be rejecting all of these.[07:06:37] *** loddafnir has joined #postfix[07:28:04] *** navaki has joined #postfix[07:46:39] *** weedar has quit IRC[07:55:54] *** shoonya has joined #postfix[08:03:23] <navaki> Hi all,i need to know that how to store attachments in IMAP server ? because runq and sqlmail doesn't store attachments and it's not prefect for us.[08:07:49] *** earcaraxe has quit IRC[08:09:29] *** fOrsberg is now known as forsberg[08:14:23] *** karlgus has joined #postfix[08:24:41] *** juergen_dose has joined #postfix[08:24:57] *** juergen_dose is now known as car[08:39:29] *** shal3r has joined #postfix[08:40:00] *** navaki has quit IRC[08:41:29] *** navaki has joined #postfix[08:42:48] *** UQlev has joined #postfix[08:44:55] *** henriknj_ has joined #postfix[08:51:30] *** leroux has quit IRC[08:53:30] *** Motoko-chan has quit IRC[08:53:37] *** klem has quit IRC[08:55:45] *** e-jones has joined #postfix[08:56:05] *** henriknj_ has quit IRC[08:57:21] *** Wilkins has joined #postfix[09:01:13] *** navaki has quit IRC[09:03:17] *** denis_ has joined #postfix[09:07:10] *** klem has joined #postfix[09:09:14] *** cga has joined #postfix[09:09:15] *** henriknj_ has joined #postfix[09:26:23] *** henriknj_ has quit IRC[09:43:07] *** ghobad has quit IRC[09:44:16] *** arossouw has joined #postfix[09:45:02] <arossouw> from what i've seen when i have .mydomain.co.za as masqueraded_domains, emails will be accepted for lists.mydomain.co.za as well[09:45:17] *** shoonya has quit IRC[09:45:30] <arossouw> i've tried adding !lists.mydomain.co.za to masquerade_domains, but postfix is still rewriting it to mydomain.co.za[09:45:32] *** _Tassadar has quit IRC[09:47:24] *** _Tassadar has joined #postfix[09:48:35] *** brancaleone has joined #postfix[09:52:15] *** arossouw has left #postfix[09:55:20] *** ghobad has joined #postfix[09:56:13] *** LauJensen has joined #postfix[09:57:06] <LauJensen> Hey - Im using postfix with home_mailbox = Maildir/ and inside Maildir I only have three folders cur/ tmp/ and new/. I was expecting one folder for each folder in my mail account, whats going on ?[10:00:19] <UQlev> LauJensen: it's lack of reading[10:00:43] <LauJensen> The reason I ask, it that in this tutorial http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy, the author says that he trains spamassassin by pointing it to Maildir/.Junk, whats the equivalent for me?[10:01:45] <UQlev> LauJensen: http://en.wikipedia.org/wiki/Maildir[10:02:13] <UQlev> LauJensen: beside those 3 folders you may create as many other as necessary[10:02:38] *** navaki has joined #postfix[10:03:07] <UQlev> LauJensen: those 3 are just minimal set[10:03:43] <LauJensen> UQlev: sure, but Im just wondering why Im not seeing my accounts folders in there, I have several. I need to reference one of those in order to train spam assassin[10:04:24] <LauJensen> Ah, according to the wiki it seems I should have installed Maildir++ instead?[10:06:07] *** martianixor has joined #postfix[10:06:35] <bezourox> I, I create a rewhriting user rules[10:06:47] <bezourox> */etc/postfix/canonical[10:07:07] <bezourox> www-data at server dot domain me at myprovider dot com[10:07:18] <LauJensen> http://faisal.com/docs/salearn[10:07:23] <LauJensen> Ah this guide actually clears is up[10:07:25] <Aprogas> Maildir/ is your INBOX, Maildir/.Lists.postfix/ is your Lists/postfix folder.[10:07:40] <bezourox> postalias /etc/postfix/canonical[10:07:52] <bezourox> and I have this message : "postalias: warning: /etc/postfix/canonical, line 0: need name:value pair[10:07:54] <bezourox> "[10:07:58] <bezourox> any idea ?[10:07:59] <Aprogas> !tell bezourox postmap[10:08:00] <knoba> bezourox: "postmap" : a command to 'compile' text files to hash databases. Example: a file transport will be converted to transport.db by running 'postmap transport'. Your main.cf will contain something like transport_maps = hash:/etc/postfix/transport (without the '.db')[10:08:23] <Aprogas> postalias is a special flavour of postmap to handle sendmail-style aliases.[10:09:01] *** henriknj_ has joined #postfix[10:09:14] <bezourox> ok I have to check my main.cf[10:09:36] <bezourox> and I have to use the command postmap and non postalias[10:10:07] <Aprogas> You also need to check if you really need to run a mailserver. In my cases a more simple solution is enough.[10:17:50] <hrhrhr> dnsbl.sorbs.net contains all sorbs zones yeh?[10:18:35] <Aprogas> Yes, and plenty false positives.[10:18:48] <Aprogas> Only use in a weighted scoring system, not as a one-hit-wonder.[10:19:28] <hrhrhr> i got an email through that is listed there[10:19:36] *** ghobad has quit IRC[10:19:46] <hrhrhr> should have been dropped[10:19:47] *** zamba has joined #postfix[10:20:04] <Aprogas> emails are not listed on the blacklist, IP-addresses are, and for some blacklists domains.[10:20:20] <hrhrhr> lemme rephrase[10:20:29] <hrhrhr> an email came through from a /24 that is listed there[10:20:39] <jelly> sorbs' removal policy makes it nearly useless[10:20:45] <hrhrhr> the sorbs checker confirms it is listed[10:20:54] <hrhrhr> but postfix allowed it through my end, for some reason[10:21:26] <Aprogas> safe.dnsbl.sorbs.net is better, but there exist better alternatives to SORBS.[10:21:28] <hrhrhr> i realise sorbs is controversial but that's not the point im trying to make :P[10:21:42] <Aprogas> hrhrhr: Describe in more detail your configuration, and provide some logs and email headers.[10:22:06] <zamba> i'm using relay_recipient_maps on my backup mx to setup a list of valid addresses.. but how can i allow a whole domain? i know this isn't recommended, but for one of my domains it's not very feasable to maintain the relay map, since the addresses change all the time[10:23:15] *** martianixor has quit IRC[10:23:36] *** neekfenwick_ has joined #postfix[10:23:36] <Aprogas> "Specify @domain as a wild-card for domains that have no valid recipient list" >[10:23:40] <Aprogas> s/>/?/[10:25:16] <zamba> Aprogas: hm? you mean like *@domain?[10:25:26] <Aprogas> No, I mean like @domain[10:25:42] <Aprogas> http://www.postfix.org/postconf.5.html#relay_recipient_maps[10:25:59] <zamba> nah, didn't work[10:26:12] <Aprogas> !tell zamba welcome[10:26:12] <knoba> zamba: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[10:26:24] <zamba> oh, maybe it did :)[10:26:27] <zamba> i always forget postmap[10:26:29] *** denis_ has quit IRC[10:26:39] *** LauJensen has left #postfix[10:27:24] <Aprogas> Use a Makefile if you have many tables and change them often.[10:27:28] *** neekfenwick has quit IRC[10:27:59] <zamba> it worked :)[10:27:59] <zamba> thanks[10:28:15] <zamba> but how is mail bounced if the destination mx doesn't have the user in its database?[10:28:35] <Aprogas> Postfix will fail to deliver it to next-hop and must bounce.[10:30:36] <zamba> looks like the exchange server has a catch all feature enable[10:30:40] <zamba> it eats everything[10:32:05] <Aprogas> Lucky you.[10:40:23] <cga> hi all[10:40:27] *** navaki has quit IRC[10:43:03] <jelly> zamba: if it didn't, there are scripts lying around that pull a list of email addresses from AD[10:44:52] *** denis_ has joined #postfix[10:45:18] <Aprogas> You can probably also do recipient callouts and cache results, or something like that.[11:25:41] *** master_of_master has quit IRC[11:27:54] *** master_of_master has joined #postfix[11:30:32] *** nc3b has joined #postfix[11:31:28] *** brancaleone has quit IRC[11:31:34] *** superbofh has quit IRC[11:34:09] *** Twinkletoes has joined #postfix[11:34:32] *** nc3b has quit IRC[11:34:59] *** nc3b has joined #postfix[11:36:45] *** MarkB has joined #postfix[11:37:22] *** MarkB has quit IRC[11:39:10] *** bsund has quit IRC[11:41:30] <nc3b> Hello. I am trying to send an email to a gmail account, but in the logs it shows: '(connect to alt4.gmail-smtp-in.l.google.com[74.125.91.27]: Connection timed out)'[11:41:58] <nc3b> I also tried to telnet to 25 on that server and it doesn't work. What am I doing wrong ?[11:42:09] *** pinoyskull has quit IRC[11:45:48] *** henriknj_ has quit IRC[11:46:06] <Aprogas> Are you on a home/consumer-grade ISP connection?[11:47:03] <nc3b> I am[11:47:14] <Aprogas> Try: telnet nvidium.soleus.nu 25[11:48:04] <nc3b> not working :([11:48:15] <Aprogas> !tell nc3b port_25_block[11:48:16] <knoba> nc3b: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[11:50:00] <nc3b> thank you Aprogas :)[11:50:05] <nc3b> I understand now[11:54:04] *** nc3b has quit IRC[11:54:54] *** pinoyskull has joined #postfix[11:58:58] *** Dosshell has joined #postfix[12:01:56] *** makomi has joined #postfix[12:02:31] *** henriknj_ has joined #postfix[12:05:22] *** makomi has quit IRC[12:06:51] *** makomi has joined #postfix[12:13:00] *** cpm has joined #postfix[12:20:43] *** henriknj_ has quit IRC[12:22:14] *** henriknj_ has joined #postfix[12:22:57] *** makomi_ has joined #postfix[12:25:42] *** henriknj_ has quit IRC[12:25:53] *** henriknj_ has joined #postfix[12:26:12] *** makomi has quit IRC[12:27:52] *** makomi has joined #postfix[12:31:25] *** makomi_ has quit IRC[12:39:10] *** superbofh has joined #postfix[12:41:56] *** UQlev has quit IRC[13:04:58] *** denis_ has quit IRC[13:15:34] *** henriknj_ has joined #postfix[13:19:50] *** war9407 has quit IRC[13:35:00] *** makomi has quit IRC[13:35:09] *** swombat has quit IRC[13:38:55] *** xabbu has joined #postfix[13:41:57] *** founddeath has joined #postfix[13:45:10] *** passthru has joined #postfix[13:47:37] *** lifeofguenter has joined #postfix[13:50:48] *** rcsheets` has quit IRC[13:51:21] *** dragonheart has joined #postfix[13:51:23] *** henrikn__ has joined #postfix[13:53:19] *** henriknj_ has quit IRC[13:54:34] *** BlackBishop has left #postfix[14:03:07] *** swombat has joined #postfix[14:10:42] *** RamsesFSFE has joined #postfix[14:11:10] *** saurabhb has joined #postfix[14:13:41] <RamsesFSFE> rob0: I solved my postfix problem (User unknown in local recipient table). It wasn't a local problem on my server. The problem was caused by a wrong MX entry.[14:14:17] *** swombat has left #postfix[14:15:11] *** pinoyskull has quit IRC[14:15:35] <Aprogas> I think there's more to it than that. If Postfix is not responsible for a domain but you try to deliver to it, it will probably return "Relay denied" instead.[14:15:52] <Aprogas> Unless you enabled the dubious "accept domains I am MX for" setting.[14:17:34] <RamsesFSFE> Aprogas: Well, the postfix on the other server was responsible as the MX entry pointed to it. Now I changed the MX entry to my server and now I get Relay denied from the other server.[14:17:50] *** Section1 has joined #postfix[14:20:39] *** henrikn__ has quit IRC[14:22:38] <klem> hi[14:24:56] *** JoKoT3 has quit IRC[14:25:46] <Aprogas> RamsesFSFE: I missed your original question. What is your goal precisely? Do you want one of those mailservers to accept mail for that domain as local?[14:27:56] *** nc3b has joined #postfix[14:28:42] *** Tykling has quit IRC[14:29:15] *** Tykling has joined #postfix[14:29:42] *** nc3b has quit IRC[14:29:45] *** ssureshot has joined #postfix[14:31:55] <RamsesFSFE> Aprogas: I came here a few days ago because I had the problem that I got the error "User unknown in local recipient table" for mail addresses for one single domain. All other mail addresses for other domains work fine. Now I found out that it wasn't a local problem but a wrong MX entry[14:32:19] <RamsesFSFE> The wrong mailserver was used, and there, the user didn't exist.[14:32:46] <Aprogas> Oh, I understand now.[14:33:00] <Aprogas> That other mailserver had the domain in mydestination too?[14:33:16] <RamsesFSFE> obviously[14:38:02] *** wdp_ has joined #postfix[14:41:30] *** wdp has quit IRC[14:47:36] *** talin has joined #postfix[14:47:49] *** RamsesFSFE has left #postfix[14:47:54] <talin> hello. cyrus or dovecot, which involves least banging heads against the wall?[14:48:10] *** Snadder has joined #postfix[14:48:29] <Dominian> dovecot[14:52:06] <talin> Dominian: thank you[14:53:21] <Dominian> welcome[14:53:24] <Dominian> !dovecot[14:53:24] <knoba> Dominian: "dovecot" : http://www.dovecot.org/ : IMAP/POP3 server software with emphasis on security; recent versions can also provide SASL AUTH for Postfix 2.3+.[14:53:29] <Dominian> that might help a bit.. but then again maybe not[14:53:33] <Dominian> !sasl[14:53:33] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[14:53:36] <Dominian> there we go[14:53:44] <lunaphyte_> !smtpauth[14:53:45] <knoba> lunaphyte_: "smtpauth" : a feature that allows road-warriors (trusted users which are outside your network) to send mail via your mail server. The user needs to send a username and password which allows him/her to relay email. See: http://www.postfix.org/SASL_README.html[14:54:27] *** henriknj_ has joined #postfix[14:57:00] <talin> Dominian: even if i only use my postfix for sending e-mail? no receiving[14:58:56] <lunaphyte_> oh, then you don't need an mta, so no reason to use postfix.[15:00:22] <Aprogas> Dovecot does not implement client-SASL.[15:00:34] <talin> lunaphyte_: huh?[15:00:40] <lunaphyte_> hmm?[15:00:50] <talin> i mean, i have a postfix server which several people use for outgoing mail[15:00:58] *** kad_ has joined #postfix[15:01:10] <Aprogas> And you want those several people to login to your server?[15:01:30] <talin> Aprogas: i don't want to be open relay for them, since some of them are behind routers with a single IP[15:01:43] *** uqlev has joined #postfix[15:01:43] <talin> if one of them misbehaves, i have to block all of them or none[15:01:55] <talin> so i want to sent up authentication so they can't send spam through my server[15:02:23] *** makomi has joined #postfix[15:02:29] <talin> set up*[15:02:50] <Aprogas> Dovecot-SASL can handle that part.[15:02:51] <kad_> heys!! i need to ask can i under "virtual_uid_maps=hash:/etc/postfix/virtual_maps" where in the "/etc/postfix/virtual_maps" to map: user kad 1000 and all other users must be owned by uid 1001 for example ?[15:03:16] <Aprogas> kad_: what?[15:03:18] <talin> lunaphyte_: do you still think i don't need postfix? or did i misunderstand something?[15:03:58] *** jlaunay has quit IRC[15:03:58] <lunaphyte_> talin: so you are running an msa, in other words?[15:04:18] <kad_> Aprogas, virtual_uid_maps use to tell postfix that this mailbox owned by which uid and gid right ?[15:04:43] <talin> lunaphyte_: modern standard arabic? ;) i'm not sure what you mean, but these users get incoming e-mail from elsewhere[15:04:56] <lunaphyte_> !tell talin msa[15:04:56] <knoba> talin: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[15:04:57] <Aprogas> !tell talin msa[15:04:57] <knoba> talin: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[15:04:58] <Aprogas> oops[15:05:04] <talin> lunaphyte_: e.g. from mypreviousprovider.com[15:05:19] <Aprogas> kad_: Yes, that is what virtual_uid_maps seems to do.[15:05:59] <talin> yes, i suppose i am. if that's what it is called when there's no "reading/downloading" e-mail from my server[15:06:04] <lunaphyte_> for starters, if you're running an msa, then postfix *is* receiving messages. if it were not, how would a user submit a message for delivery?[15:06:23] <kad_> Aprogas, can i for ex: give "kad" mailbox to be owned by "uid 1000" and all other mailboxes to be owned by "uid 1002" ?[15:06:30] <talin> lunaphyte_: hmm, yeah, i just mean that they don't stay on the server for people to read them[15:06:30] <lunaphyte_> no, that's what it's called when you're not the final destination for any messages.[15:06:39] <Aprogas> kad_: It's just a table, seems left-hand side is mailbox (incl. domain.tld) and right-hand side the uid. You could use any table format, i.e. hash: or mysql: so long as it responds a uid to a query.[15:07:07] <talin> lunaphyte_: ah, right. i'm not final destination, just a server that a bunch of people define as their outgoing e-mail server[15:07:08] <Aprogas> kad_: You should put just "kad" on the left-hand side, qualify the mailbox, i.e. kad at yourdomain dot tld[15:07:15] <lunaphyte_> reading/downloading (e.g. retrieving) mail has nothing to do with postfix in any way, regardless of whether or not you're using it as an mta, msa, or both.[15:07:49] <lunaphyte_> anyway, if you're running only an msa, then postfix should be configured to not listen on port 25 at all.[15:07:55] <kad_> Aprogas, ya i did like this and it work, but if i put on left: @yourdomain.tld and on right: 1000 *This will allow all other mailboxes owned by uid: 1000" ?[15:08:22] <talin> lunaphyte_: hmm, how does changing the port number make a difference?[15:08:35] <lunaphyte_> huh?[15:08:51] <Aprogas> kad_: Probably. In all other tables Postfix always tries the more specific lookup first, and generic " at domain dot tld" type lookups last.[15:08:57] <lunaphyte_> port numbers are just an extension of the protocol that uses it.[15:09:16] <talin> lunaphyte_: so i should only be listening on port 25 if i am using it as a mta?[15:09:23] <lunaphyte_> exactly.[15:09:44] <lunaphyte_> more specifically, you should only be accepting smtp connections if you're using it as an mta.[15:09:58] <talin> lunaphyte_: and an mta is a final destination for mail, as well as a relay?[15:10:08] <Aprogas> Closing port 25 if you're not accepting incoming email anyway saves resources on both ends.[15:10:11] <lunaphyte_> well, both.[15:10:37] <talin> hmm, okay[15:11:00] <talin> but even if i am running a MSA, i can use dovecot such that people must authenticate when they want to send e-mail[15:11:44] <lunaphyte_> of course, naturally.[15:11:47] <Aprogas> Postfix does not implement SASL itself, but it can use the Dovecot implementation of SASL.[15:12:17] <lunaphyte_> in fact, you shouldn't accept mail submissions without authentication at all.[15:12:52] * thumbs still has an empty mynetworks[15:13:01] <lunaphyte_> bravo![15:13:20] <thumbs> I don't even trust myswlf.[15:13:21] <talin> lunaphyte_: that's what i want. the problem is that people are using the server already, so i will try to force them to authenticate, one at a time... not everyone at once[15:13:42] <lunaphyte_> one of the holy grails of an email server admin - an empty mynetworks[15:13:43] <rob0> and a check_client_access cidr: with "0.0.0.0/0 ok"[15:13:49] <talin> lunaphyte_: since i don't know how the username/password part of SASL is selected... not sure how it appears from a users' side[15:14:05] <lunaphyte_> talin: good, that's a noble goal.[15:14:16] <lunaphyte_> selected?[15:14:49] <lunaphyte_> a user provides two strings, one username, one password. postfix passes them to the sasl component. done.[15:15:09] <thumbs> I don't even trust rob0 ![15:15:27] <rob0> who does?[15:15:52] <talin> lunaphyte_: aah. well, if i just set a username/password, the phones will start ringing. so i have to think of some way for them to pick a username and password[15:15:57] <Aprogas> talin: You should enforce TLS on your submission port, to keep the user credentials safe.[15:16:23] <lunaphyte_> talin: oh, that's fine. that's just a social issue though. nothing to do with a mail server.[15:16:30] <talin> Aprogas: yeah, i suppose that would help with preventing spam as well[15:18:24] <uqlev> talin, it will prevent spam relay but not receiving spam for your domain[15:18:32] <Snadder> Does dovecot support SSL (RFC 3207) ?[15:18:41] <talin> uqlev: that's fine, since i don't receive e-mail with this server[15:18:50] <Aprogas> Snadder: Yes, but that is not a Postfix question.[15:19:25] <Snadder> Aprogas, isnt dovecot a postfix plugin.. or something?[15:19:38] <rob0> !dovecot[15:19:39] <knoba> rob0: "dovecot" : http://www.dovecot.org/ : IMAP/POP3 server software with emphasis on security; recent versions can also provide SASL AUTH for Postfix 2.3+.[15:20:46] *** JonnyV has joined #postfix[15:29:41] <Dominian> talin: one thing to keep in mind, if you are using postfix as a client to another server.. dovecot does not provide 'client-side' sasl[15:31:35] <Aprogas> Which you pretty much only need if your IP-address is blacklisted and not unlistable.[15:33:35] *** e-jones has quit IRC[15:37:30] *** eye69 has quit IRC[15:38:36] *** eye69 has joined #postfix[15:38:54] *** uqlev has quit IRC[15:41:29] <talin> Aprogas: was that for em?[15:41:32] <talin> Aprogas: me*[15:41:47] <talin> Dominian: client? hmm, i have a cpanel server that uses my postfix server as its outgoing mail server?[15:41:55] <Aprogas> talin: For 29,95 it can be yours.[15:42:12] <talin> Aprogas: is that in US dollars?[15:46:10] <talin> i'll be back tomorrow[15:46:11] *** talin has quit IRC[15:47:03] *** robotarmy has joined #postfix[15:50:59] *** JoKoT3 has joined #postfix[15:52:15] *** robotarmy has quit IRC[15:52:43] *** roe_ has joined #postfix[15:53:12] *** roe_ is now known as Guest81673[15:53:19] <Snadder> Aprogas, is that on port 993 ?[15:53:27] <lunaphyte_> dude...[15:53:40] <Dominian> where's my car?[15:53:49] <lunaphyte_> /join #dovecot[15:54:01] <Snadder> None knows there.[15:54:13] <Dominian> whats my tattoo say!? DUDE!!! Whats mine say!? AWESOME![15:54:21] <Aprogas> You mean no one is replying because your question isn't interesting. http://wiki.dovecot.org/SSL[16:04:05] <kad_> Vacation program works with "Local User", but don't work for "Virtual users" right?[16:04:29] *** brancaleone has joined #postfix[16:07:04] *** UQlev has joined #postfix[16:16:55] *** benniej has joined #postfix[16:17:19] <benniej> Hi All[16:17:45] <benniej> How can I get postfix to accept the smtp authentication if it is wrong or not?[16:18:01] <thumbs> benniej: come again?[16:18:31] <benniej> thumbs: wether the username and password is correct or not[16:19:03] <UQlev> benniej: disable authentication[16:19:18] <thumbs> benniej: the point of SASL is to reject incorrect username/password combinations.[16:19:31] <thumbs> benniej: if you don't need SASL, don't use SASL[16:21:01] <benniej> we are chaning a mailserver for a isp (250 users) and I basically want everybody to switch on authentication before we swop out the mail server to the new server that the authentication has to function properly[16:23:57] <benniej> the outgoing mail server currently does not have any user/pass on, it relies on ip address for authentication at the moment[16:25:23] <thumbs> benniej: perhaps you can use a mysql backend for sasl and always return results.[16:26:26] <benniej> thanx[16:27:02] <thumbs> benniej: I use cyrus sasl and mysql as a backend for my boxes, personally.[16:28:28] *** Guest81673 has quit IRC[16:29:17] *** jim_SFU has joined #postfix[16:29:30] <benniej> thumbs: thanx[16:31:31] *** bluethundr has joined #postfix[16:36:34] *** benniej has quit IRC[16:52:50] *** karlgus has quit IRC[16:59:26] *** dragonheart has quit IRC[17:05:48] *** rajijoom has joined #postfix[17:06:31] *** earcaraxe has joined #postfix[17:08:11] *** rajijoom has quit IRC[17:11:23] *** felipe` has joined #postfix[17:21:57] *** higuita has quit IRC[17:23:46] *** Twinkletoes has quit IRC[17:24:26] *** higuita has joined #postfix[17:31:38] *** kuttan_ has joined #postfix[17:31:54] *** kuttan_ has left #postfix[17:32:46] *** kuttan_1 has joined #postfix[17:32:55] *** xabbu has quit IRC[17:35:37] *** Vivek has joined #postfix[17:42:42] *** kuttan_1 has quit IRC[17:44:45] *** cga has quit IRC[17:52:49] *** smica has joined #postfix[17:55:35] *** robotarmy has joined #postfix[18:01:54] *** xabbu has joined #postfix[18:03:07] *** schnoobby has joined #postfix[18:11:47] *** cozwei has joined #postfix[18:11:51] *** tharkun has joined #postfix[18:12:45] *** cozwei is now known as seb__[18:13:17] *** seb__ is now known as t3cnerd[18:15:52] <t3cnerd> !welcome[18:15:52] <knoba> t3cnerd: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[18:16:19] *** neekfenwick_ has quit IRC[18:16:20] *** war9407 has joined #postfix[18:16:29] <t3cnerd> !exchange[18:16:30] <knoba> t3cnerd: Error: "exchange" is not a valid command.[18:17:20] <schnoobby> !sasl[18:17:21] <knoba> schnoobby: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[18:17:31] <schnoobby> !dovecot[18:17:32] <knoba> schnoobby: "dovecot" : http://www.dovecot.org/ : IMAP/POP3 server software with emphasis on security; recent versions can also provide SASL AUTH for Postfix 2.3+.[18:17:56] <schnoobby> !dovecot_sasl[18:17:56] <knoba> schnoobby: Error: "dovecot_sasl" is not a valid command.[18:18:07] <t3cnerd> !relay[18:18:08] <knoba> t3cnerd: Error: "relay" is not a valid command.[18:18:45] <tharkun> !bot[18:18:45] <knoba> tharkun: "bot" : The bot 'knoba' resides here to learn and tell about factoids. See http://workaround.org/f=postfix for the list of currently supported factoids.[18:18:56] <tharkun> t3cnerd: ^^[18:22:25] <thumbs> !relay_denied[18:22:26] <knoba> thumbs: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[18:26:46] <schnoobby> !help[18:26:46] <knoba> schnoobby: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.[18:26:59] <schnoobby> !see schnoobby[18:27:00] <knoba> schnoobby: Error: "see" is not a valid command.[18:27:05] <schnoobby> !seen schnoobby[18:27:05] <knoba> schnoobby: schnoobby was last seen in #postfix 5 seconds ago: <schnoobby> !see schnoobby[18:27:12] <schnoobby> !seen Signum[18:27:12] <knoba> schnoobby: Signum was last seen in #postfix 3 days, 5 hours, 49 minutes, and 39 seconds ago: <Signum> And append_dot_mydomain=yes must be set (=default).[18:34:49] *** teolicy has joined #postfix[18:37:59] <teolicy> Hi. I'd like to setup postfix on my Ubuntu server to use gmail as a smarthost. I've searched around a bit, and found the remnants of more than one writeup on this matter which was deleted by the author (?). While I did find some resources that are still readable, the fact more than one article disappeared seemed a bit disturbing. Did something change recently? Is there any problem with doing this?[18:38:57] <lunaphyte_> why do you want to do this?[18:39:36] <Dominian> teolicy: There's no issue doing it, but if you are running your own mail server.. the question is exactly as lunaphyte_ put it.. why?[18:40:48] <teolicy> I'd like it to be possible for programs on my server (and possibly soon on my whole home LAN) to send email to the Internet with minimum per-program (and per-host-on-my-lan) fuss.[18:40:55] <lunaphyte_> aha, i thought so.[18:41:02] <lunaphyte_> !tell teolicy nullclient[18:41:02] <knoba> teolicy: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[18:41:33] <Dominian> heh[18:41:37] <teolicy> Fair enough, but:[18:41:38] <Dominian> lunaphyte_: You and I were thinking the same thing[18:41:55] <teolicy> Hmm... you know what, wait a minute.[18:42:06] <teolicy> !tell teolicy !nullclient_software[18:42:06] <knoba> teolicy: Error: No factoid matches that key.[18:42:07] <teolicy> !tell teolicy nullclient_software[18:42:07] <knoba> teolicy: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include esmtp, ssmtp and nullmailer. also see !msa[18:42:18] <teolicy> !nullclient_software[18:42:18] <knoba> teolicy: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include esmtp, ssmtp and nullmailer. also see !msa[18:42:37] <teolicy> !msa[18:42:37] <knoba> teolicy: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[18:43:03] <Dominian> lets do the factoid dance[18:43:21] <Dominian> instead of 6-degrees of Kevin Bacon.. its 6-degrees of factoids...[18:43:27] <tharkun> !Dominian[18:43:27] <knoba> tharkun: "Dominian" : A bot that has memorized all of knoba's factoids, and can spit them out faster than rob0[18:43:34] <Dominian> ha[18:43:36] <Dominian> lies![18:43:49] <teolicy> Hrmf. I know this is somewhat offtopic, but would someone here happen to know if, once I configure a null client, I can easily make Ubuntu stop suggesting me to install postfix with so many packages?[18:44:07] <lunaphyte_> probably.[18:44:26] <Dominian> that I have no idea about...[18:44:28] <Dominian> I don't use Ubuntu[18:44:29] <lunaphyte_> i believe that there are nullclient packages available which will satisfy the metapackage.[18:44:33] <Dominian> yah[18:44:35] <tharkun> teolicy: actually you have to take a look at how the nullclient is registered inside the apt db[18:44:40] <Dominian> in fact I'm sure Ubuntu has ssmtp[18:44:51] <lunaphyte_> ssmtp, esmtp, nullmailer, perhaps others.[18:45:58] <teolicy> And from the way you guys are talking about it, I assume setting up a null client to relay via gmail (with the necessary authentication/encryption features) shan't be too hard. Correct?[18:46:47] <lunaphyte_> nope. sop.[18:47:24] <lunaphyte_> (nope means yes, you're correct).[18:47:57] <tharkun> teolicy: check the virtual package mail-transport-agent that is the dependency you want to cover[18:48:44] <teolicy> Fair enough, I'll look into it.[18:49:42] <teolicy> One deficiency I think I see with a null client is that it can't queue mails in case I'm offline and can't relay for hosts on my LAN using the plainest SMTP, but I think both these requirements can be left unsatisfied for the moment, they're not too important.[19:01:35] <rob0> First deficiency wrong, second deficiency right.[19:02:34] *** xabbu has quit IRC[19:03:52] <teolicy> What will ssmtp do if it's invoked when my Internet connection is offline?[19:05:16] <UQlev> teolicy: depends on senders_restrictions[19:06:50] <UQlev> teolicy: I had to say smtpd_recipient_restrictions[19:07:18] <UQlev> teolicy: if your DNS is not available[19:08:07] <teolicy> UQlev, I think you're talking about postfix (as makes sense, since this is #postfix...), but I was writing in reference to rob0's comment, and asking about ssmtp.[19:09:11] <UQlev> teolicy: sorry I confused it with smtps[19:19:57] <rob0> I'm not able to provide help for ssmtp. I did have a nullmailer many years ago, and I know it queued messages regardless of ability to send them onward.[19:20:31] <teolicy> Cheers, I'll inspect.[19:20:38] *** schnoobby has quit IRC[19:21:51] *** kad_ has quit IRC[19:22:20] *** cga has joined #postfix[19:24:24] *** karlgus has joined #postfix[19:30:38] *** neorise-rider has joined #postfix[19:32:14] *** teolicy has left #postfix[19:33:06] *** Wilkins_ has joined #postfix[19:34:32] *** kad_ has joined #postfix[19:34:48] *** gert_ has joined #postfix[19:35:00] *** liamjfoy_ has joined #postfix[19:35:33] *** Dominian_ has joined #postfix[19:37:00] *** Wilkins has quit IRC[19:37:05] *** numen_ has joined #postfix[19:37:10] *** dan__t has quit IRC[19:37:10] *** numen has quit IRC[19:37:11] *** Dominian has quit IRC[19:37:11] *** dan__t has joined #postfix[19:37:37] *** Dominian_ is now known as dominian[19:37:42] *** dominian is now known as Dominian[19:37:45] <lunaphyte> some null client software implements a simple queue. some doesn't. most likely, that is a non problem anyway. if you are looking to provide a msa for a local lan, then that's an entirely different topic than local only mail submission.[19:38:11] *** car has left #postfix[19:38:46] <t3cnerd> Hi. is it possible to use postfix as a "filter" for MS EXCHANGE? So using spam assassin black lists etc, and then delivering it to an exchange server[19:39:33] <lunaphyte> sure.[19:39:49] <lunaphyte> that's well covered in the documentation the author provides with the software.[19:41:08] <t3cnerd> exchange or postfix?[19:41:14] *** nightwalk has quit IRC[19:41:18] *** gert has quit IRC[19:41:19] *** liamjfoy has quit IRC[19:42:39] <t3cnerd> i know that there is soething like sa postfix connectzor, which uses POP for fetching mails. but that way you get a delay of 15min for delivering[19:43:14] <lunaphyte> uh, well, this is postfix. we don't support microsoft software here.[19:43:34] <t3cnerd> i know. i don't want ms support :).[19:43:36] <cpm> folks wrap postfix around exchange pretty commonly, it's one of the best way to 'protect' exchange, and protect us from exchange. Google about for some howtos. We don't do that here.[19:44:04] <lunaphyte> but - i can encourage you to think about this in terms of how *actual* email works, not in terms of nonsense microsoft exchange concepts like "connectors".[19:44:05] <t3cnerd> i want to configure my postfix to work as an relay, but filter the mails before relaying[19:44:09] <lunaphyte> do that, and you'll be fine.[19:44:15] <lunaphyte> yes, we know.[19:44:19] <lunaphyte> go read the documentation.[19:44:23] <rob0> The Postfix side is in:[19:44:29] <rob0> !address_classes[19:44:29] <knoba> rob0: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[19:44:38] <rob0> (relay domain class)[19:44:57] <rob0> and usually recipient verification, in here:[19:45:00] <rob0> !verify[19:45:01] <knoba> rob0: "verify" : Sender or recipient address verification features: http://www.postfix.org/ADDRESS_VERIFICATION_README.html[19:45:02] <cpm> http://tinyurl.com/24zeeag[19:45:13] <t3cnerd> sounds good, thank you :)[19:45:49] <rob0> The funny thing is that it's a FAQ on the mailing list, and most people who ask it seem to think they're the first one to have the idea. :)[19:50:02] <t3cnerd> no, but i'm not a postfix administrator, i just have one postfix to configure. so the first thing i try is google. if i don't find what i'm looking for, i'll get myself to IRC, and ask for help. And tell me where i can find my answers is just perfect :)[19:50:58] <t3cnerd> (you can't find what you're looking for, if you don't know what you're searching) : rely domain class[19:52:47] *** cga_ has joined #postfix[19:53:16] <tharkun> t3cnerd: i initially wanted to do that, some exchange servers are no longer inplace :)[19:53:23] *** brancaleone has quit IRC[19:53:30] <UQlev> t3cnerd: you may view at this task as get rid of Exchange completely, since postfix+ dovecot will give you better service[19:53:56] <t3cnerd> this is the actual configuration[19:54:17] *** cga has quit IRC[19:54:31] <UQlev> t3cnerd: configuration can be changed[19:54:52] <t3cnerd> UQlev: thats what I'm doing now.[19:55:13] <t3cnerd> But why do you think it's better to use dovecot instead of exchange?[19:55:37] <UQlev> t3cnerd: postfix+dovecot[19:56:14] <t3cnerd> UQlev: yes I know. Thats what we have now[19:56:35] <UQlev> t3cnerd: how many users do you have?[19:56:50] <t3cnerd> 15[19:57:24] <UQlev> t3cnerd: does it worth to run 2 mailservers for 5 users?[19:57:33] <t3cnerd> UQlev: is it possible to set an autoanswer for e.g. holidays in dovecot?[19:57:33] <UQlev> sorry 15[19:57:51] <UQlev> of course, vacation script[19:58:08] <t3cnerd> UQlev: is it possible to set this autoanswer in Outlook?[19:58:46] <thumbs> t3cnerd: ask ##windows ?[19:58:52] <UQlev> t3cnerd: I am sure via any IMAP-client[19:59:29] *** xabbu has joined #postfix[20:00:50] <UQlev> t3cnerd: but my opinion is more important to give your users worlwide access to all services rather than autoanswer that they are away[20:01:43] <UQlev> t3cnerd: I personally never used vacation autoanswer[20:01:56] <t3cnerd> UQlev: i decided to use the exchange server just because I can set it up and all the functions the users know are working. In our actual configuration for example we use a vacation script in PHP which is triggered by a cron job. and we had to correct it, because it didn't had the possibility of black lists, answered more than one time a da etc[20:02:21] <t3cnerd> oh they have world wide access by outlook web access[20:02:54] <UQlev> t3cnerd: what about submission or smtps?[20:03:02] *** Cheyenne has joined #postfix[20:03:26] <t3cnerd> they can set autofilter on the server, so if the mail client is not working, the inbox don't get filled with mailinglist stuff[20:03:31] <UQlev> t3cnerd: can they send replies from outside?[20:04:13] <t3cnerd> outlook web access is a normal web mail client. like e.g. roundcube. but you get calendar etc as well[20:05:04] <t3cnerd> Don't get me wrong. I really like postfix, thats why I want to setup 2 mailservers, not one[20:05:42] <Cheyenne> Need a quick "pointer" -- I need to set up a mail gateway system that can be pointed to by various other systems as the mail relay, and on the gateway system (running postfix), I would like to have any email for a single domain stay with SMTP, and for everything else go through another gateway hop.[20:06:38] <Cheyenne> everything I see seems to set up the gateway system to use the relay only on specific addresses.[20:06:46] *** cga_ has quit IRC[20:07:30] *** _znull has joined #postfix[20:07:31] <t3cnerd> Cheyenne: relay domain class[20:07:45] <_znull> how can I openrelay on postfix ?[20:08:02] <thumbs> _znull: why?[20:08:14] <_znull> thumbs : need to test something 5 minutes.[20:09:00] <UQlev> _znull: mynetworks: 0.0.0.0/0[20:10:06] <UQlev> _znull: or better 0.0.0.0/1 128.0.0.0/1[20:11:14] <_znull> mynetworks= 0.0.0.0/1 128.0.0.0/1 right ?[20:11:21] <UQlev> right[20:11:28] <Cheyenne> t3cnerd: So the "local domain class" would be for say dev.mycompany.com (where I want to simply use SMTP directly) and then the relay domain class would be used for everything that isn't dev.mycompany.com[20:11:29] <_znull> need ,[20:11:31] <Aprogas> Why don't just you put the IP-addresses you are testing from in mynetworks?[20:12:41] <Cheyenne> (where dev.mycompany.com is an entire subdomain) -- I'm trying to set up a gateway between the dev.mycompany.com and the mycompany.com servers[20:13:36] <t3cnerd> Cheyenne: actually I'm here with the same problem :)[20:17:02] <Cheyenne> okay -- I think we need to look at the transport stuff as well..[20:17:28] *** UQlev has quit IRC[20:19:22] <rob0> I would never answer that question. You're not helping anyone by showing them how to be an open relay, and you WILL contribute more abuse to the Internet.[20:19:53] <rob0> _znull: that is an absolutely idiotic idea.[20:20:19] <seekwill> I FOUND MY BOOK!!!!!!!![20:20:24] * seekwill dances[20:20:32] <rob0> Spammers are not welcome in this channel. Except seekwill of course.[20:20:37] <seekwill> :d[20:20:39] <seekwill> :D[20:21:28] <thumbs> seekwill: yes, I stole it for a while.[20:21:36] <seekwill> Did you mark it up?[20:21:47] <thumbs> yes[20:21:50] <seekwill> Good[20:22:46] <seekwill> The Book of Postfix :D[20:22:55] <Dominian> _znull: If you want to be an open relay.. that's your call, but you'll find no help here[20:23:58] * cpm opens rob0's relay, shoves in some thumbs[20:24:22] <seekwill> Oh... idiotic idea... I must read...[20:24:49] <Dominian> cpm: I thought that was 'exit only'...[20:24:54] <Dominian> never realized thumbs could fit that far up.[20:25:08] <seekwill> Oh... that wasn't very exciting[20:25:19] <seekwill> We should get his IP though[20:25:23] <thumbs> I feel violated.[20:25:53] *** brancaleone has joined #postfix[20:26:00] <cpm> Dominian, let's just not go there for now, okahy? >[20:26:16] *** Cheyenne has quit IRC[20:37:51] <Dominian> cpm: hehe[20:39:20] <thumbs> cpm: I'll stick rob0 on you.[20:51:25] <Dominian> on or in?[20:52:26] <seekwill> Oops, I joined the wrong channel...[20:52:28] * seekwill parts[20:52:51] *** sshack has joined #postfix[20:53:25] <sshack> Hi, Can anyone help me with relaying access n postfix?[20:53:29] <sshack> Specifically denying it.[20:54:34] <seekwill> Usually you deny all, and make exceptions.,[20:55:35] <Dominian> relaying is denied by default other than for mynetworks etc[20:55:37] <sshack> I thought it would too.[20:55:54] <sshack> But when I do mail from:<billgates at microsoft dot com> I get an okay.[20:55:57] <sshack> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenicated, permit_auth_destination, reject_unauth_destination, reject[20:56:34] <seekwill> That's a better question to ask...[20:56:42] <Dominian> sshack: How are you testing this?[20:56:42] <AstralStorm> hello[20:56:43] <sshack> mynetworks = 127.0.0.0/8 (and i'm telnetting in from outside)[20:56:52] <Dominian> if you are connecting to the local machine from the locla machine.. it will always relay[20:56:54] <sshack> Dominian: Telneting in from remote.[20:56:58] <sshack> Yeah.[20:56:59] <seekwill> heh[20:57:00] <AstralStorm> has anyone here used postal? does it need anything special in a chroot?[20:57:01] <Dominian> sshack: uhhh[20:57:09] <Dominian> sshack: well the question is this.. did you issue the rcpt to:[20:57:12] <seekwill> sshack: Continue with the rest of it[20:57:16] <Dominian> those won't fire until you try: rcpt to:[20:57:32] <AstralStorm> sshack: run an SPF check[20:57:40] <Dominian> and if its a rcpt to: to the same domian that postfix is hosting, it will allow relay to it.. since it is the 'end all be all' destination..[20:57:43] <Dominian> SPF won't matter[20:57:57] <AstralStorm> it will, because it will reject this mail due to invalid source mail server[20:58:01] <sshack> mail from:<bill at microsoft dot com>[20:58:01] <sshack> 250 2.1.0 Ok[20:58:01] <sshack> rcpt to:<larry at google dot com>[20:58:02] <sshack> 250 2.1.5 Ok[20:58:09] <seekwill> What's your IP?[20:58:28] <sshack> 68.68.97.238[20:58:41] <AstralStorm> ... no, the ip you're running this on[20:58:42] <Dominian> can you post an output of: postconf -n to a pastebin please[20:58:50] <AstralStorm> sshack: what Dominian said[20:59:07] <sshack> This is a fresh centos install following these instructions if anyone cares: http://www.linuxmail.info/mail-server-setup-centos-5/[20:59:08] <seekwill> Heh, he's open relay...[20:59:15] <Dominian> sshack: nah.. don't care.. postconf -n[20:59:17] <AstralStorm> ugh[20:59:17] <Dominian> :)[20:59:19] <sshack> seekwill: Yes I am.[20:59:43] <AstralStorm> hmm, your smtpd_recipient_restrictions should've dropped this[20:59:50] <AstralStorm> have you reloaded the configuration?[21:00:21] <Dominian> ignore the smtpd_*_restrictions for th emoment... need to see postconf -n[21:00:27] * Dominian doesn't like guessing[21:00:33] <AstralStorm> yes, more pastebin please[21:00:36] <sshack> Dominian: Getting there.[21:00:43] <Dominian> sshack: k[21:01:01] <sshack> http://pastebin.com/WFCEZAGP[21:02:31] <AstralStorm> check postconf -d[21:02:34] <AstralStorm> or set mydomain[21:02:58] <AstralStorm> might be something stupid in there[21:03:00] *** Section1 has quit IRC[21:03:10] <Dominian> eh[21:03:24] *** lifeofguenter has quit IRC[21:03:58] <sshack> AstralStorm: set mydomain = stevenshack.com still no dice.[21:03:58] <Dominian> sshack: try removing permit_auth_destination and reload postfix[21:04:22] <AstralStorm> not that it should change anything[21:04:50] <AstralStorm> except rejecting all mail that is[21:05:22] <AstralStorm> the trick might be those inet_interfaces having a very broad mask[21:05:23] <Dominian> why would that reject all mail?[21:05:31] <AstralStorm> Dominian: because of the reject right after it[21:05:36] <AstralStorm> all non-SASL mail that is[21:05:37] <sshack> mail from:<bill at microsoft dot com>[21:05:37] <sshack> 250 2.1.0 Ok[21:05:37] <sshack> rcpt to:<larry at oracle dot com>[21:05:37] <sshack> 554 5.7.1 <larry at oracle dot com>: Relay access denied[21:05:58] <sshack> AstralStorm: that's what I want. Only sasl authenticated users should be using this.[21:06:30] <Dominian> boom[21:06:35] <AstralStorm> and you want to specify every other relay mx in mynetworks? bad idea[21:06:43] <AstralStorm> unless you have none of those, of course[21:06:47] <Dominian> do what?[21:06:49] <Dominian> it won't reject all mail[21:06:59] <Dominian> his postfix installation will receive mail its final destination for just fine[21:07:03] <Dominian> http://www.postfix.org/postconf.5.html#permit_auth_destination[21:07:04] <Dominian> read[21:07:09] <Dominian> Which is why I had him remove it[21:07:14] <AstralStorm> yes, it won't, but it will reject virtual_*_domains and relay_domains[21:07:19] <AstralStorm> those are the more important two[21:07:23] <Dominian> AstralStorm: if he has none, who cares?[21:07:34] <Dominian> and according to postconf -n output.. he doesnt[21:07:34] <AstralStorm> his problem seems to be a very broad route in inet_interfaces[21:07:38] <Dominian> uhh no[21:07:43] <AstralStorm> something like /0 mask[21:07:45] <Dominian> his issue was recipient restrictions[21:07:49] <AstralStorm> hmm no?[21:07:49] <Dominian> wrong[21:07:54] <Dominian> and mynetworks is 127.0.0.1/8[21:07:55] <AstralStorm> do you know what permit_auth_destination does?[21:08:03] <Dominian> so that's the only way to effectively relay all mail now is from localhost[21:08:06] <AstralStorm> ...[21:08:08] <Dominian> AstralStorm: Yep.. read the link[21:08:08] <AstralStorm> ^[21:08:22] <AstralStorm> yes, it works for relay_domains or "final destination"[21:08:23] <AstralStorm> nothing else[21:08:29] <Dominian> AstralStorm: I run multiple postfix servers.. not one of them has permit_auth_destination in it[21:08:30] <sshack> Dominian: The only domain I'm getting email for is stevenshack.com[21:08:32] <AstralStorm> except something in his "final destination" is overly broad[21:08:37] <Dominian> sshack: You should be fine[21:08:39] <AstralStorm> I bet inet_interfaces[21:08:39] <sshack> Dominian: So I only want to send/recieve email for that domain.[21:08:43] <sshack> awesome, thanks.[21:08:53] <Dominian> sshack: Just do more testing.. we'll be here, but I'm 99.9% sure you're fine[21:09:00] <AstralStorm> sshack: check if one of your internet interfaces has a silly network mask[21:09:11] <AstralStorm> best to fix this before something else explodes[21:09:25] <Dominian> AstralStorm: if it did, it would be in postconf -n output[21:09:33] <AstralStorm> it is: inet_interfaces = all[21:09:45] <AstralStorm> more specific would be ifconfig -a[21:09:46] *** Cheyenne has joined #postfix[21:09:47] <AstralStorm> :)[21:09:57] <sshack> So why did permit_auth_dest work?[21:10:08] <Dominian> sshack: read the link I posted[21:10:11] <Dominian> !permit_auth_destination[21:10:12] <knoba> Dominian: Error: "permit_auth_destination" is not a valid command.[21:10:14] <Dominian> figures[21:10:18] <Dominian> http://www.postfix.org/postconf.5.html#permit_auth_destination[21:10:37] <AstralStorm> using inet_interfaces = all is asking for trouble sooner or later[21:10:50] <Dominian> again, how?[21:10:59] <lunaphyte_> ugh. you again?[21:11:06] <AstralStorm> see, if someone adds any dummy interface or runs openvpn[21:11:11] <AstralStorm> you *will* get problems[21:11:15] <Dominian> the default IS all[21:11:20] <AstralStorm> yes, yes it is[21:11:21] <sshack> AstralStorm: I'm the only user on this system.[21:11:30] <Dominian> sshack: Ignore him. He's completely wrong.[21:11:33] <AstralStorm> I wonder though why inet_interfaces is in auth destinations[21:11:33] <sshack> I think you're just trying to write poetry.[21:12:22] <Cheyenne> t3cnerd: I got it working. It's all in the transport stuff (well most of it :)[21:12:22] <lunaphyte_> driving a car is asking for trouble sooner or later. eating shellfish is asking for trouble sooner or later. using electricity is asking for trouble sooner or later.[21:12:22] <AstralStorm> maybe if it took only the ip addresses, it would be fine, but no, it takes whole netmasks[21:12:33] <AstralStorm> lunaphyte_: ... it's just easy to break it[21:12:38] <lunaphyte_> blah blah blah.[21:12:40] *** jduggan_ has quit IRC[21:12:46] <lunaphyte_> so is anything.[21:12:48] <AstralStorm> say, create a dummy interface with an ip of 0.0.0.0/0[21:12:54] <lunaphyte_> enough.[21:12:56] <AstralStorm> ohai, open relay ahoy[21:12:57] <lunaphyte_> knock it off.[21:13:04] <Cheyenne> t3cnerd: look at the section on "running postfix behind a firewall" -> http://www.postfix.org/STANDARD_CONFIGURATION_README.html[21:13:15] <AstralStorm> and I think something like that is the case[21:13:17] <sshack> well it passes abuse.net relay test.[21:14:07] <sshack> AstralStorm: You aren't a hypochondriac by any chance?[21:14:10] <AstralStorm> no[21:14:17] <sshack> Do you own a bomb shelter?[21:14:24] <AstralStorm> not yet :)[21:14:30] <sshack> Figures.[21:14:34] <AstralStorm> not that any is necessary[21:14:44] <AstralStorm> still, it's a dumb and unnecessary default[21:14:53] <lunaphyte_> it is not the author's obligation to write software that cannot be abused. it is the user's obligation to be competent.[21:15:07] <AstralStorm> it's the author's obligation to provide sensible defaults.[21:15:11] <Dominian> sshack: Like I said,, you should be fine now[21:15:12] *** Cheyenne has quit IRC[21:15:20] <AstralStorm> yes[21:15:22] <Dominian> sshack: just test sending to yourself from outsdie domains to make sure delivery is working[21:15:33] <AstralStorm> until you switch to a virtual domain setup.[21:15:46] <Dominian> oh? really?[21:15:49] <AstralStorm> yes really[21:15:51] * Dominian uses a virtual domain setup.. no issues here.[21:15:53] <lunaphyte_> fortunately for the rest of use, "sensible" is subjective, and we aren't subjected to your crazy sense of reailty.[21:15:55] <Dominian> try again[21:15:59] <AstralStorm> mynetworks doesn't accept this[21:16:05] <Dominian> why would it?[21:16:07] <AstralStorm> he doesn't have permit_auth_destination anymore[21:16:20] <Dominian> I use a virtual domain setup.. with no permit_auth_destination[21:16:32] <sshack> Dominian: ahh. no.[21:16:34] <AstralStorm> and you have all the domains listed in mynetworks, or?[21:16:39] <sshack> I can't email to myself.[21:16:44] <Dominian> sshack: error?[21:16:45] <AstralStorm> lulz[21:16:48] <Dominian> AstralStorm: nope[21:16:52] <Dominian> AstralStorm: why the hell would I do that?[21:16:58] <sshack> Dominian: 554 554 5.7.1 <mailto:sshack at stevenshack dot com>: Recipient address rejected: Access denied (state 14).[21:16:59] <AstralStorm> Dominian: how does this work then?[21:17:09] <AstralStorm> sshack: invalid address[21:17:17] <Dominian> sshack: can you paste the full log[21:17:29] <AstralStorm> I bet there's no mailto:sshack user there[21:17:31] <AstralStorm> :)[21:17:51] <Dominian> AstralStorm: reread what mynetworks is[21:17:54] <Dominian> !mynetworks[21:17:55] <knoba> Dominian: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[21:18:20] <AstralStorm> Dominian: I'm talking as virtual recipients[21:18:28] <sshack> Dominian: Where do you want logs from?[21:18:31] <Dominian> still mynetworks isn't needed[21:18:34] <Dominian> sshack: your maillog[21:18:36] <Dominian> !logs[21:18:37] <knoba> Dominian: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[21:18:38] <sshack> ahh okay.[21:18:52] <AstralStorm> smtpd_recipient_restrictions is my beef[21:19:20] <AstralStorm> without something relating to auth_destinations, it won't accept virtual domain targetted mails[21:19:31] <sshack> http://pastebin.com/LEG9szi7[21:19:37] <Dominian> AstralStorm: uhh sure[21:19:56] <sshack> AstralStorm: I don't bloody give a damn about virtual domains. There's only one domain this thing will ever serve.[21:20:00] <Dominian> !access_denied[21:20:00] <knoba> Dominian: Error: "access_denied" is not a valid command.[21:20:03] <Dominian> argh[21:20:04] <Dominian> !denied[21:20:05] <knoba> Dominian: Error: "denied" is not a valid command.[21:20:07] <Dominian> damn it[21:20:09] <seekwill> hehe[21:20:10] <Dominian> lunaphyte_: which factoid is that again?[21:20:12] <Dominian> :)[21:20:14] <AstralStorm> sshack: not pertaining to your case, yes[21:20:16] <Dominian> There's a factoid for that.[21:20:19] <seekwill> sshack: Calm down :)[21:20:23] <seekwill> It's just email![21:20:27] <seekwill> chill man.....[21:20:29] <lunaphyte_> !relay_denied[21:20:29] <knoba> lunaphyte_: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[21:20:32] <lunaphyte_> that one?[21:20:34] <Dominian> lunaphyte_: no[21:20:38] <Dominian> lunaphyte_: check that pastebin log[21:20:41] <lunaphyte_> oh. hmm.[21:20:41] <Dominian> its not a relay dneied[21:20:43] <sshack> seekwill: But i'm missing out on all the cheerleaders waiting for me![21:20:43] * lunaphyte_ looks[21:20:45] <Dominian> its an access denied message[21:20:50] <seekwill> sshack: Hook me up![21:21:01] <sshack> seekwill: email?[21:21:03] <AstralStorm> lunaphyte_: guess which filter permits "Postfix[21:21:05] <AstralStorm> 's domains"[21:21:07] <seekwill> sshack: yeah, email[21:21:22] <sshack> No, I mean, what's your email. I'll send them your way.[21:21:24] *** cpm has quit IRC[21:21:29] <seekwill> woohoo![21:21:31] <lunaphyte_> oh.[21:21:33] <seekwill> I don't have email :([21:21:33] <lunaphyte_> !access[21:21:34] <knoba> lunaphyte_: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[21:21:39] <lunaphyte_> ?[21:21:44] <Dominian> hrm.. could be[21:21:48] <sshack> seekwill: Shame. Maybe you should install a mail server or something.[21:21:54] <seekwill> sshack: Have a recommendation?[21:22:20] <sshack> seekwill: I hear sendmail is easy.[21:22:28] <seekwill> sshack: How about this qmail thingy?[21:22:32] <AstralStorm> my beef with that permit_auth_destination / reject_unauth_destination is that it's very broad and there are no suboptions like permit_virtual_domains[21:22:47] <sshack> seekwill: q-mail? That sounds sorta iffy. I'd rather send mail.[21:22:59] <seekwill> sshack: Good idea. At least you know what that one does[21:23:06] <seekwill> I don't want my mail stuck in some queue for ever![21:23:12] <sshack> Exactly. Nothing shifty going on there.[21:23:25] <sshack> I know. I was in a queue last week at the market, it was horrible![21:23:32] *** Vivek has quit IRC[21:23:33] <seekwill> REALLY? How long was it???[21:23:46] <sshack> long, really long.[21:23:58] <sshack> Dominian: Any ideas?[21:25:09] <adaptr> chocolate-covered covergirls[21:27:00] <sshack> Okay, I took off the last reject on my recipient restrictions.[21:27:06] <AstralStorm> sshack: you have a problem, without permit_auth_destination your restrictions line denies incoming mail[21:27:15] <sshack> It seems to reject relaying now, but will let email in.[21:27:24] <AstralStorm> with it, though, it opens a relay for some reason (probably inet_interfaces)[21:28:47] <AstralStorm> there's a way, you can always try check_address_map[21:28:52] <Dominian> sshack: the reject at the end.. yeah remove that... which you did.. good hehe[21:29:01] <Dominian> sshack: it should work fine now[21:29:03] <AstralStorm> Dominian: then he'll be an open relay![21:29:08] <Dominian> AstralStorm: stfu[21:29:11] <AstralStorm> not stfu.[21:29:14] <Dominian> You have no clue what the hell you are talking about.[21:29:30] <Dominian> you related to seanjohn by chance AstralStorm ?[21:29:31] <AstralStorm> no I do, I've read his config file :) it will do the same as permit_auth_destinations[21:29:45] <Dominian> AstralStorm: whatever you say[21:29:47] <AstralStorm> which he dropped, because it made him an open relay[21:30:05] <AstralStorm> (for "reasons unknown" which I happen to have mentioned before)[21:30:44] <seekwill> sshack: Do you like spam?[21:30:53] <sshack> seekwill: No, not really.[21:32:46] <AstralStorm> sshack: tried Dominian's "good" suggestion yet?[21:33:01] <Dominian> He already did before I even suggested it[21:33:08] <AstralStorm> and it fails or?[21:33:11] <Dominian> as I didn't read back to see he removed the reject already[21:33:34] <Dominian> the reject shouldn't be there.. it basically says 'if the above criteria isn't met, then reject everything' default at the end should be permit[21:33:41] <Dominian> which it is.. no need to add it[21:34:25] *** lifeofguenter has joined #postfix[21:34:27] <AstralStorm> so, sshack, anything not working still?[21:35:02] <sshack> Dominian: I've put him on ignore.[21:35:09] <AstralStorm> the hell?[21:35:15] * AstralStorm stops caring[21:36:04] <seekwill> Everyone... chill...[21:36:38] <Dominian> sshack: that did it I take it?[21:36:58] <sshack> Dominian: Removing the reject bit? yeah.[21:37:00] <sshack> Seems to.[21:37:07] <Dominian> sweet[21:37:09] <AstralStorm> Dominian: tell him to retest for open relay[21:37:11] <sshack> Now I need to make my pop3/imap work with my mail client...[21:37:12] <AstralStorm> just in case[21:37:45] *** lifeofguenter has quit IRC[21:37:58] <AstralStorm> oh, wait, he did[21:38:01] <AstralStorm> duh[21:38:16] <AstralStorm> I hate lag[21:38:35] <sshack> Sending email works...[21:39:01] <seekwill> sendmail![21:39:03] *** _znull has left #postfix[21:48:05] <sshack> Whee.[21:48:10] <sshack> dovecot. Yay.[21:50:24] <Dominian> sshack: yeah dovecot is pretty simple to get working[21:50:35] <sshack> Will it was working last night.[21:50:51] <sshack> now I get -ERR Unsupported authentication mechanism.[21:50:53] <Dominian> just take your time, check logs etc.[21:51:08] <Dominian> sshack: yeah you have to specifyc mechs in dovecot.conf[21:55:07] *** _znull has joined #postfix[21:55:21] <_znull> thumbs : can you take a look over http://pastebin.com/UNYYCPKL please ?[21:56:23] *** saurabhb has quit IRC[21:57:58] <sshack> Dominian: Yeah. I just don't look forward to this stuff.[21:58:34] *** uqlev has joined #postfix[22:07:49] *** xabbu has quit IRC[22:07:59] <_znull> or anyone else ? http://pastebin.com/UNYYCPKL :D thanks[22:21:43] <Tom-B> Would anyone be so kind as to give me a hand with postfix SMTP[22:21:46] <Tom-B> I get:[22:21:47] <Tom-B> This message was created automatically by mail delivery software. A message that you sent has not yet been delivered to one or more of itsrecipients after more than 24 hours on the queue on mail81.extendcp.co.uk.[22:22:01] <Tom-B> I can send emails just fine to my users[22:22:04] <Tom-B> Just not external users[22:23:10] *** xabbu has joined #postfix[22:23:11] *** karlgus has quit IRC[22:24:19] *** ssureshot has quit IRC[22:25:08] <AstralStorm> hmm, do I always have to specify a full domain name in virtual_mailbox_maps?[22:25:22] <AstralStorm> I'd like just an user name, with all virtual domains possible[22:25:56] <AstralStorm> is there something like user@* or such?[22:26:06] <AstralStorm> specifying just user doesn't work[22:26:18] <AstralStorm> (I bet it treats it as a domain)[22:28:12] *** TomHome has joined #postfix[22:34:05] *** brancaleone has quit IRC[22:41:59] <adaptr> !virtual_mailbox_maps[22:41:59] <knoba> adaptr: "virtual_mailbox_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains.[22:49:57] *** Vivek has joined #postfix[22:49:57] *** Vivek has joined #postfix[23:01:41] *** makomi has quit IRC[23:06:06] *** earcaraxe has quit IRC[23:22:34] *** jim_SFU has quit IRC[23:25:23] *** MAAAAAD has quit IRC[23:33:24] *** MAAAAD has joined #postfix[23:40:00] *** rooky has quit IRC[23:40:04] *** Matic`Makovec has joined #postfix[23:42:26] <AstralStorm> yes, unfortunately it seems to require full addresses and not just user names[23:42:33] <AstralStorm> is there some kind of wildcard?[23:43:12] <seekwill> Do you like spam?[23:43:21] <AstralStorm> ... for all $mydomains[23:43:23] <AstralStorm> not everything[23:43:38] <AstralStorm> uhm, $virtual_mailbox_domains that is[23:44:35] <thumbs> seekwill: I like spam.[23:44:53] <seekwill> thumbs: Do you eat it with rice?[23:44:55] *** henriknj_ has quit IRC[23:44:59] <thumbs> seekwill: hell no.[23:45:04] <seekwill> oh[23:45:26] <seekwill> Do as the hawaiians do[23:45:39] <thumbs> seekwill: you could have given me a longer URL[23:45:53] <seekwill> I don't know if my IRC client would allow it though[23:46:13] <AstralStorm> so, how can I do that then?[23:46:24] <AstralStorm> I'm using a hash: map[23:46:44] <seekwill> AstralStorm: A postconf might be useful[23:46:50] <AstralStorm> ...[23:47:00] <AstralStorm> no, it won't.[23:47:00] <seekwill> Ok nevermind[23:47:23] <adaptr> AstralStorm: good luck with that[23:47:32] <AstralStorm> let me repeat this more clearly: I have virtual delivery all working[23:47:44] <adaptr> AstralStorm: read the /topic, mmkay[23:47:50] <AstralStorm> but, virtual_mailbox_maps has to contain full user at domain dot blah[23:48:10] <thumbs> AstralStorm: of course it does.[23:48:17] <AstralStorm> I'd like to use a wildcard there, so that it grabs all $virtual_mailbox_domains for that user[23:48:25] <seekwill> And makes copies for each one?[23:48:27] <AstralStorm> e.g. user@* or something like that[23:48:42] <thumbs> AstralStorm: you don't want to use wildcards in that context, no.[23:48:47] <lunaphyte> he's the new seanjohn, but s far without the neverending litany of expletives.[23:48:54] *** hever has joined #postfix[23:49:02] <AstralStorm> thumbs: no, I do. user1 at foodomain dot com and user1 at foootherdomain dot com is the same user[23:49:02] <seekwill> lunaphyte: %!@^$%!@$%!@%$!%#[23:49:07] <AstralStorm> I want it to go to the same dir[23:49:15] <AstralStorm> I could of course write it twice[23:49:28] <AstralStorm> but that doesn't scale to 20 domains[23:49:44] <seekwill> I can't imagine me having 20 different domain names :)[23:50:03] <AstralStorm> poor imagination is no excuse[23:50:11] <AstralStorm> :)[23:50:35] <adaptr> AstralStorm: nor is failure to read the /topic and providing relevant info when asked[23:50:45] <seekwill> adaptr: IT WONT HELP![23:50:49] <adaptr> WE're helping YOU. you have nothing we need.[23:50:50] <AstralStorm> adaptr: I did provide all relevant info, what else do you want to know?[23:51:03] <adaptr> !goal[23:51:03] <knoba> adaptr: "goal" : describe your goal, not what you think the solution is[23:51:04] <AstralStorm> the sample virtual_mailbox_maps file?[23:52:01] <seekwill> thumbs: DtD[23:52:16] <AstralStorm> hmm, I could work-around this with some mysql/pgsql hackistry, but that sounds horrible[23:52:18] <seekwill> After DtD, I need to set up DHCP and DNS :/[23:52:25] <AstralStorm> I'd have to set up all that sql for just this[23:52:51] *** hever has quit IRC[23:52:58] <AstralStorm> so, any other map I can use that does support such a wildcard?[23:53:28] <thumbs> seekwill: on the phone with big customer.[23:53:34] <seekwill> thumbs: Liar[23:54:27] *** hever has joined #postfix[23:56:24] <adaptr> AstralStorm: yes[23:56:34] <AstralStorm> which?[23:56:40] <adaptr> seekwill: there is an "after DtD" ?[23:56:54] <adaptr> my workday usually ends right after I stop playing DtD[23:57:01] <adaptr> I even got it for the wii yesterday[23:57:12] <seekwill> They have a Wii version?!?!?[23:57:21] <adaptr> heheh yes, via homebrew[23:57:32] <seekwill> ah[23:57:35] <seekwill> I'm not hacking my Wii[23:58:15] <seekwill> "Work" and DtD mix.[23:58:22] <seekwill> I don't ever stop "work"ing[23:59:09] <adaptr> seekwill: it's hella easy. took me one evening, I now have a 400GB drive with >100 games on it. loading times are about 10x shrter, too[23:59:54] <seekwill> heh[23:59:57] <seekwill> Yeah but