September 10, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 10, 2010 [00:00:16] <seekwill> I might, since I want to buy the black one anyways[00:00:22] <seekwill> So I'll hack the white one[00:00:52] <adaptr> you're going to.. BUY a different color wii ?[00:00:54] <adaptr> feck[00:01:06] <adaptr> spraypaint it, costs less than the $200 you pay for the new one[00:01:15] <seekwill> But it's not the same[00:01:21] <adaptr> of course it is the same[00:01:27] <seekwill> It's not an iPhone[00:01:32] <adaptr> a wii is a wii is a wii[00:01:42] <seekwill> I want the one with the bigger geebees[00:01:47] <seekwill> And the wifies[00:01:49] <adaptr> the whuts now ?[00:01:52] <lennard> look at is this way: seekwill is fixing the economy by consuming, you're ruining it by not consuming :P[00:01:54] <seekwill> :([00:02:21] <adaptr> lennard: I bought two nunchucks yesterday because grand slam tennis failded my old one. don't say I'm not helping![00:02:35] <lennard> fair enough :)[00:03:03] <adaptr> explanation: you have to SERVE - and the wire between them is about 2 feet to short to allow me (6'1") to do a full swing[00:03:16] *** Matic`Makovec has quit IRC[00:03:18] <adaptr> bloody japanese midgets[00:03:46] *** smica has quit IRC[00:04:43] <seekwill> haha[00:04:59] *** h`e has joined #postfix[00:05:07] <adaptr> of course, that didn't totally kill it - me hitting it on the tabletop with the butt end was what killed it[00:05:13] <seekwill> I want to run Postfix on my Wii-cluster[00:05:26] <h`e> hello guys[00:05:28] <seekwill> I hit my head with my Wii-mote once...[00:05:31] <adaptr> it's 729MHz and natively 64-bit, should be simple[00:05:49] <h`e> can somebody help me to write a rule to block url to .exe or .zip files?[00:06:03] <h`e> if it has a link for example http blah blah .zip[00:06:11] <h`e> I want to make sure postfix blocks those emails[00:06:18] <seekwill> adaptr: http://www.break.com/index/iphone-4-vs-htc-evo.html[00:06:21] <h`e> everything I tried so far, does not work[00:06:36] *** FallOnMe has joined #postfix[00:06:49] <adaptr> h`e: postfix does not block or check any of those things.[00:06:58] <adaptr> you're talking about content inspection[00:07:12] *** _spq` has joined #postfix[00:07:18] <h`e> adaptr, what are my options then?[00:07:26] <h`e> if somebody sends and email with a link[00:07:35] <h`e> http://openme.com/virus.zip[00:07:36] <AstralStorm> hmm, seems my virtual_mailbox_limit overflows some integer[00:07:39] <h`e> seroiusly it will allow to go through?[00:08:09] <AstralStorm> cannot set it to 2 GB, really? some design-fail there[00:08:50] <adaptr> h`e: postfix is not a content filter[00:09:05] <AstralStorm> h`e: you probably want amavis[00:09:30] <AstralStorm> that is a content filter and moderately easy to plug into postfix[00:09:32] <h`e> good call AstralStorm[00:09:40] <h`e> let me check.[00:09:46] <adaptr> seekwill: you fuck, that is actually funny[00:09:53] <seekwill> adaptr: :D[00:10:47] <adaptr> it comes pretty clse to reality for some people[00:11:54] *** dragonheart has joined #postfix[00:12:22] <AstralStorm> hmm, indeed, postfix can't handle limit of 2GB[00:12:34] <adaptr> !virtual_mailbox_limit[00:12:35] <AstralStorm> who the heck thought it a good idea to use a 32-bit int for this?[00:12:35] <knoba> adaptr: "virtual_mailbox_limit" : a configuration parameter in the main.cf: The maximal size in bytes of an individual mailbox or maildir file. Specify a value of zero to disable the limit.[00:13:11] <AstralStorm> and not, say, size_t[00:14:03] *** spq` has quit IRC[00:14:03] *** jelly has quit IRC[00:16:04] *** sshack has quit IRC[00:16:20] <adaptr> int var_virt_mailbox_limit;[00:16:27] <adaptr> hardcoded for your convenience :D[00:19:02] <AstralStorm> so, bug reports go where?[00:20:00] <seekwill> Did that guy with the open relay get... help?[00:24:10] *** tifflor has joined #postfix[00:30:23] *** Snadder has quit IRC[00:30:48] *** Snadder has joined #postfix[00:33:56] *** xabbu has quit IRC[00:36:52] *** hever has quit IRC[00:37:14] <tifflor> can someone help me with postfix, for some reason I get the info "mail has been delivered to .maildir" but when I check within the mailbox there is no mail from the specific sender which has been mentioned in the logfile[00:37:17] <tifflor> any idea how I can find out what's happening to the mail which should be delivered according to the logfile[00:37:54] <thumbs> tifflor: show relevant logs.[00:38:03] <thumbs> seekwill: nah, I refused.[00:38:29] <tifflor> thumbs: wait[00:39:10] <seekwill> WAIT[00:40:12] <thumbs> I'm waiting. Relax, seekwill.[00:40:31] <seekwill> Chill...[00:42:42] <h`e> wow, I can't find any guide lines on how to block an http link to a certain file extension[00:42:47] <h`e> amavis nor postfix[00:42:54] <h`e> if anybody has an idea[00:42:56] <h`e> please share.[00:43:04] <thumbs> h`e: press the enter key less often.[00:43:38] <h`e> thumbs: thanks for an advice[00:45:01] <thumbs> h`e: first, you must learn how to behave properly in the channel.[00:45:06] <tifflor> thumbs: http://pastebin.com/M9B7JMML[00:45:09] <thumbs> h`e: secondly, read this:[00:45:44] <tifflor> this is the log part I've found[00:45:46] <thumbs> tifflor: so postfix is all good. Ask #dovecot / #cyrus to see why the message disappeared.[00:47:05] <tifflor> thumbs: but courier-imap (in this case) doesn't have to do anything with .maildir, cause postfix does create the .maildir folder and the content even if the imap part doesn't exist[00:47:13] <tifflor> does it?[00:47:49] <thumbs> tifflor: the message was successfully delivered.[00:48:05] <thumbs> !tell tifflor welcome[00:48:06] <knoba> tifflor: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[00:49:50] *** TomHome has quit IRC[01:00:38] <thumbs> tifflor: postconf -n would help tremendously.[01:05:45] *** dragonheart has quit IRC[01:07:29] <tifflor> thumbs: how does that help me, I've see the config but there is not much different, I just added the tls and sasl part[01:07:52] <tifflor> no stop, not the tls/sasl part, it was this part[01:08:08] <thumbs> tifflor: we need the information. We will not help without it.[01:08:57] <h`e> thumbs: read what?[01:09:02] <thumbs> h`e: one sec.[01:09:07] <h`e> thank you.[01:09:17] <tifflor> thumbs: sorry my fault, coming right up[01:11:11] <tifflor> thumbs: http://pastebin.com/yP6vYa4P[01:11:23] <tifflor> that's my postconf -n[01:11:27] <tifflor> output[01:13:42] *** guenter_ has joined #postfix[01:15:03] *** uqlev has quit IRC[01:17:37] *** xumpi has quit IRC[01:18:41] <h`e> brb[01:18:44] *** h`e has quit IRC[01:23:39] *** h`e has joined #postfix[01:28:54] *** sphenxes has quit IRC[01:32:01] *** tharkun has quit IRC[01:37:00] *** forsberg is now known as fOrsberg[01:37:45] <AstralStorm> h`e: spamassasin can do the kind of filtering you want[01:38:54] <h`e> kk[01:39:06] <AstralStorm> or you could even filter that in postfix with content_filter option or even body_checks.[01:39:07] *** sphenxes has joined #postfix[01:39:27] <AstralStorm> !body_checks[01:39:27] <knoba> AstralStorm: "body_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection as specified in the body_checks(5) manual page.[01:40:06] <AstralStorm> you'll have to provide a fairly smart regexp there of course[01:40:12] <h`e> that does not work[01:40:17] <h`e> I tried to modify body_checks[01:40:19] <AstralStorm> why won't it work?[01:40:24] <h`e> no idea.[01:40:26] <h`e> just let's it through[01:40:33] <AstralStorm> have you looked at the message?[01:40:39] <h`e> CLEAN[01:40:42] <AstralStorm> it might use some obfuscation techniques[01:43:36] <AstralStorm> so, care to pastebin the sample message?[01:43:50] <AstralStorm> as well as your regexp[01:44:36] <h`e> h/o let me try something.[01:50:08] *** dragonheart has joined #postfix[01:51:06] <AstralStorm> hmm, funny, switching my regexes to pcre gets extra 300 msg/min[01:51:28] <AstralStorm> maybe there's an even faster regex library out there?[01:52:03] <AstralStorm> maybe tre is faster?[01:56:15] *** zeitsofa has joined #postfix[01:58:49] <zeitsofa> hello. does anybody know why post fix log's "Unknown user"? this is my configs: http://nopaste.zeitsofa.de/2a9cb516eb.html[02:02:12] <AstralStorm> zeitsofa: I can't see virtual_mailbox_domains or virtual_mailbox_maps in that config[02:02:53] <AstralStorm> or virtual_mailbox_base[02:03:44] <AstralStorm> those are rather critical[02:04:38] *** MAAAAD has quit IRC[02:05:04] *** MAAAAD has joined #postfix[02:05:46] <zeitsofa> AstralStorm: hmm ok. but there is a virtual_alias_maps it isn't the same? but both is need for the config?[02:05:57] <AstralStorm> they're very different[02:06:30] <AstralStorm> virtual_mailbox_maps says where the mails are delivered (which mboxes or maildirs)[02:07:37] <AstralStorm> virtual_alias_domains is mostly useful for forwarding[02:08:33] <AstralStorm> you probably want virtual_mailbox_domains set and virtual_mailbox_maps to specify the targets (or use another transport via virtual_transport setting)[02:08:44] <AstralStorm> !virtual_readme[02:08:45] <knoba> AstralStorm: Error: "virtual_readme" is not a valid command.[02:08:48] <AstralStorm> hm.[02:09:12] <AstralStorm> http://www.postfix.org/VIRTUAL_README.html - read this[02:09:44] <AstralStorm> oh wait, you want to deliver to system accounts?[02:10:03] <AstralStorm> because for that virtual_alias_maps and domains can be used too[02:12:09] *** pinoyskull has joined #postfix[02:13:33] <AstralStorm> does the system have the schorsch Unix user?[02:14:08] <zeitsofa> yes the user exist[02:14:28] *** JonnyV has quit IRC[02:14:38] <AstralStorm> did you run postmap on both those tables?[02:16:51] <zeitsofa> schorsch:x:1000:1000:foobar at test1 dot org mailuser,,,:/home/schorsch:/bin/fals[02:17:16] <AstralStorm> looks fine to me[02:20:52] <AstralStorm> might be that there's some silly typo you've fixed when masking your domains[02:21:37] <zeitsofa> ok i think postmap on virtual_domains was the hint[02:22:19] *** xumpi has joined #postfix[02:22:21] <AstralStorm> I wonder what reason is there to not run a fully virtual setup instead... is that server a shell?[02:22:33] <AstralStorm> *a shell server[02:23:56] <zeitsofa> its a complete dedicated server.[02:24:43] *** loddafnir has quit IRC[02:25:31] <zeitsofa> why? u mean it is better to configure postfix with mysql for user and domain for a better setup?[02:26:33] <AstralStorm> no[02:26:42] <AstralStorm> I mean with fully virtual target directories[02:26:58] <AstralStorm> no need for unix users that way[02:27:09] <AstralStorm> you don't have to use mysql for that (hash: works just as well)[02:28:31] <zeitsofa> so i didn't understand what u are mean. did u have an example for me?[02:28:50] <AstralStorm> that page has one[02:29:13] <AstralStorm> http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox - direct link[02:30:18] *** Dosshell has quit IRC[02:31:31] <zeitsofa> ah u mean without unix accounts? all the users on this system have access to more services at the host system. so i think system accounts are ok.[02:32:40] <zeitsofa> they use ftp/ssh/mysql/bnc/ and something more.[02:34:30] <AstralStorm> so it is a shell server more or less[02:36:41] <zeitsofa> ah ok if u think so - yes it is.[02:43:47] *** neekfenwick_ has joined #postfix[02:45:39] <zeitsofa> AstralStorm: thx a lot for your help :)[02:53:21] *** bluethundr has quit IRC[03:12:23] *** dxtr has quit IRC[03:21:11] *** dxtr has joined #postfix[03:23:00] *** kad_ has quit IRC[03:42:16] *** Xzisted has joined #postfix[03:57:15] *** AstralStorm has quit IRC[04:01:20] *** AstralStorm has joined #postfix[04:02:23] *** Vivek has quit IRC[04:10:37] *** p3rror has joined #postfix[04:23:08] *** pinoyskull has quit IRC[04:42:04] *** will_ has joined #postfix[05:01:07] *** MAAAAD has quit IRC[05:06:51] *** rajijoom has joined #postfix[05:13:12] *** MAAAAD has joined #postfix[05:16:22] *** xpeed has joined #postfix[05:51:12] *** p3rror has quit IRC[05:59:07] *** guenter_ has quit IRC[06:03:12] *** guenter_ has joined #postfix[06:48:14] *** Motoko-chan has joined #postfix[06:56:38] *** h`e has quit IRC[06:57:16] *** shoonya has joined #postfix[07:08:44] *** leroux has joined #postfix[07:12:06] *** Matic`Makovec has joined #postfix[07:17:20] *** klem_ has joined #postfix[07:18:03] *** klem has quit IRC[07:33:07] *** zeitsofa has left #postfix[07:45:10] *** f3xy has joined #postfix[08:00:22] *** dragonheart has quit IRC[08:00:41] *** dragonheart has joined #postfix[08:07:35] *** xpeed has quit IRC[08:22:36] *** klem has joined #postfix[08:24:38] *** klem_ has quit IRC[08:32:32] *** SuRfDeMoN has joined #postfix[08:33:17] <SuRfDeMoN> Hi, does anyone know if it is possible to configure post fix to send emails out via smtp.live.com? if so does anyone know of any tutorials for this please?[08:34:13] <will_> Most likely[08:34:37] <will_> All you need to know are the settings to relay, username, password, port number, etc.[08:35:19] *** gh0st3r has joined #postfix[08:35:59] <gh0st3r> trying to use postfix now... made a couple of changes to my main.cf and then restarted postfix now when i telnet to port 25 (localhost) and do a 'ehlo localhost' it just sits there for 2 mins and then kicks me off[08:36:24] <sysmonk> !tell gh0st3r topic[08:36:25] <knoba> gh0st3r: "topic" : The Postfix MTA || Wiki: postfixwiki.org || On using IRC: workaround.org/moin/GettingHelpOnIrc || Bot info: workaround.org/f=postfix || post postconf -n and relevant logs to a pastebin when asking questions / check your logs / know your unix basics || http://code.google.com/p/mail-trends/ || Channel log: http://echelog.matzon.dk/?postfix || http://permalink.gmane.org/gmane.mail.postfix.announce/110[08:36:28] <sysmonk> !tell gh0st3r logs[08:36:28] <knoba> gh0st3r: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[08:37:31] <SuRfDeMoN> will_: I must be doing something wrong as it says in the mail.log "Must issue a STARTTLS command first"[08:37:36] <gh0st3r> http://pastebin.com/w67nRERR[08:37:38] <gh0st3r> main.cf[08:37:59] <will_> SuRfDeMoN, Ok? Then you probably need to enable TLS?[08:42:23] <sysmonk> gh0st3r: please, read the topic again, and again, and again[08:42:34] <sysmonk> nobody asked you for main.cf[08:42:59] <will_> no one can read[08:42:59] <SuRfDeMoN> will_: yer I will try again with that cheers[08:43:41] <will_> SuRfDeMoN: Going towards a tutorial is the wrong path, as it won't really teach you anything.[08:49:04] *** Jippi_mac has joined #postfix[08:49:35] <gh0st3r> sysmonk, im hunting through logs and such to no avail... what would you like?[08:49:56] <gh0st3r> oh dw :p[08:50:01] <gh0st3r> sysmonk, just saw what you wanted :p[08:51:45] <gh0st3r> alright...[08:51:46] <gh0st3r> http://pastebin.com/84Y7K9f1[08:52:08] <gh0st3r> i connect to localhost on port 25... it dies and kicks me off or i type "ehlo localhost" and then 2 mins later it kicks me off[08:52:44] <will_> lol[08:52:50] <will_> Did you get a banner from Postfix?[08:52:52] <gh0st3r> i dont know why its hunting for this: Sep 10 10:56:30 poweredsecurity postfix/smtpd[5975]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms[08:52:58] <gh0st3r> i got a banner on the ehlo's[08:53:03] <will_> Can you copy/paste your smtp conversation?[08:53:08] <gh0st3r> yea yea[08:53:08] <gh0st3r> one sec[08:53:27] <gh0st3r> infact, i lie, no smtp banner from postfix[08:53:43] <will_> :D[08:53:56] <will_> Why did you issue the ehlo before the banner then :P[08:54:08] <gh0st3r> i dont get a banner though even if i wait[08:54:21] <gh0st3r> i didnt even think to look for the banner, once i read the "connected to" woops :p[08:55:32] <gh0st3r> ideas?[08:56:02] <gh0st3r> got it :p[08:56:03] *** cga has joined #postfix[08:56:04] <will_> Your postfix isn't really running. I forgot the exact reason.[08:56:10] <will_> err...[08:56:19] <gh0st3r> missed this line: smtpd_sasl_type = dovecot[08:56:21] <gh0st3r> all works now[08:56:21] <will_> I forgot the exact reason for the "throttling" message. But it gives you why[08:56:24] <will_> :)[08:56:30] <gh0st3r> win win win :p[08:56:47] <gh0st3r> thanks #postfix for making me think :P i know if i post on IRC i always am like "ha! i know now"[08:56:56] <will_> We teach you :D[09:01:24] *** LauJensen has joined #postfix[09:01:38] <LauJensen> Morning - Ive just installed and trained spam-assassin and it seems to be working well. I would like it to put spam mails in /Maildir/.INBOX.Spam instead of just adding data to the header. Is this possible, if so how?[09:06:04] <will_> Sieve action[09:06:13] *** juergen_dose has joined #postfix[09:07:10] *** fOrsberg is now known as forsberg[09:08:31] *** karlgus has joined #postfix[09:20:39] *** brancaleone has joined #postfix[09:21:30] *** LoRez has quit IRC[09:21:39] *** Zelest_ has joined #postfix[09:22:06] *** knoba has quit IRC[09:22:28] *** Zelest has quit IRC[09:22:35] *** SuRfDeMoN has left #postfix[09:24:02] *** knoba has joined #postfix[09:26:00] *** Dingofest2 has quit IRC[09:27:30] *** Dingofest2 has joined #postfix[09:28:50] <sysmonk> depends on what's he using, a sieve or an +Spam extension can be done[09:28:53] *** cquinn has joined #postfix[09:29:00] <cquinn> Hello.[09:31:49] <cquinn> Postfix asploded all over me, dammit.[09:33:38] <sysmonk> you shouldn't have accepted that mail bomb![09:34:51] <cquinn> sysmonk: s/accepted/sent/[09:35:32] <sysmonk> cquinn: s/asploded/exploded/? :)[09:35:58] <cquinn> Nah, that one was acceptable.[09:36:20] <sysmonk> not really[09:40:23] *** Motoko-chan has quit IRC[09:43:45] *** henriknj has joined #postfix[09:46:07] *** JoKoT3 has quit IRC[09:47:08] *** JoKoT3 has joined #postfix[09:48:38] *** selim has joined #postfix[09:49:26] *** gh0st3r has quit IRC[09:49:41] *** makomi has joined #postfix[09:50:07] <klem> hi[09:52:38] <klem> I have a specified way to route mails from ONE domain, I use pcre with header check to a master.cf entry: way1 inet .... smtp -o ....[09:52:58] <klem> the problem is that there is only ONE process launched[09:53:03] <klem> only one smtp -o ....[09:53:25] <klem> I want the same as standard smtp, ie 100/150 process possible[09:53:40] <klem> is there any option to use with smtp -o .... to do that ?[09:58:39] *** dragonheart has quit IRC[09:59:34] <Aprogas> Why don't you use transport_maps ?[09:59:50] *** juergen_dose has left #postfix[10:00:59] <LauJensen> With the sieve, is it "fileinto '.junk'" or "fileinto 'junk'" for Maildir/.Junk ?[10:01:20] *** cquinn has quit IRC[10:01:26] <Aprogas> I don't know, I guess look in the sieve docs or just try and see.[10:01:56] <LauJensen> The docs only comment on mbox[10:06:03] *** juergen_dose has joined #postfix[10:06:03] <Aprogas> I think Sieve works with optional extensions and such.[10:16:11] <klem> Aprogas, because I catch a MAIL FROM header to change the smtpoutgoing IP[10:17:18] *** henriknj has quit IRC[10:17:40] <Aprogas> I think that's called sender_dependent_relayhost_maps or something like that.[10:21:31] *** neorise-rider has quit IRC[10:25:48] *** UQlev has joined #postfix[10:26:39] <joschi> LauJensen: sieve doesn't know anything about mailbox formats. Use the name of the IMAP folder, not its representation in the filesystem[10:27:00] <LauJensen> perfect joschi, so just "Junk"[10:27:05] <joschi> LauJensen: additionally, sieve doesn't have to do anything with postfix ;)[10:27:08] *** neekfenwick_ has quit IRC[10:28:12] *** e-jones has joined #postfix[10:28:37] <LauJensen> :)[10:28:41] <joschi> LauJensen: depending on the configuration of your imap server it could also be INBOX/Junk, INBOX.Junk or generally INBOX${HIERARCHY_SEPERATOR}Junk[10:35:46] <klem> Aprogas, it's not about a relay host, but about a smtp_bind_address[10:35:53] *** Jippi_mac has quit IRC[10:36:11] *** Jippi_mac has joined #postfix[10:36:25] <klem> client1 unix - - n - 1 smtp -o smtp_bind_address=xx.xx.xx.xx -o myhostname=domain.com[10:36:28] <klem> in my master.cf[10:36:38] *** loddafnir1 has joined #postfix[10:36:44] <klem> everything is working fine, but I have only one process for client1[10:37:02] <klem> I want the same limitation as global parameters, something like 100/150 process[10:37:11] <klem> do you know what I mean ?[10:39:24] <Aprogas> Not really, can you pastebin your configuration?[10:39:52] *** neekfenwick_ has joined #postfix[10:41:43] <klem> Aprogas, look at this:[10:41:45] <klem> main.cf: header_checks = pcre:/etc/postfix/header_checks[10:41:45] <klem> header_checks: /^From:.*\b.*@DOMAIN_TO_CATCH\b/i FILTER client1:[10:41:45] <klem> master.cf: client1 unix - - n - 1 smtp -o smtp_bind_address=xx.xx.xx.xx -o myhostname=domain.com[10:42:20] <klem> any mail from DOMAIN_TO_CASH use smtp_bind_address to go out[10:42:26] <Aprogas> Right, and you want to know why only one smtp service is spawned?[10:42:47] <klem> I preffer to know how to have many process :p[10:43:09] *** FallOnMe is now known as jelly[10:43:26] <Aprogas> !tell klem master.cf[10:43:26] <knoba> klem: "master.cf" : the process configuration file. Each logical line describes how a Postfix service will be run. See "man 8 pipe" for more information.[10:43:40] <Aprogas> Hmm.. that wasn't what I was looking for.[10:43:46] *** e-jones has quit IRC[10:43:49] *** Zelest has joined #postfix[10:44:02] <klem> np[10:44:22] <Aprogas> http://www.postfix.org/master.5.html[10:44:25] <neekfenwick_> rob0: just wanted to remind you, you said yesterday you might assemble the issue i had yesterday for the mailing list[10:44:26] *** hever has joined #postfix[10:44:41] <klem> I was thinking it was a parameter to use after the smtp command[10:44:42] <Aprogas> From: in header_checks is not the same as MAIL FROM by the way.[10:44:46] <klem> something like -o option[10:44:56] <klem> yeah, you're right[10:45:08] <klem> but I didn't find any FILTER on the MAIL FROM[10:45:11] <Aprogas> master handles how many services are spawned, not the service itself.[10:45:15] <klem> I use the mail from header then[10:45:51] *** Zelest_ has quit IRC[10:46:02] <Aprogas> Sounds like you want to use a different default transport dependent on the sender.[10:46:05] <klem> ok, so how to act with the service itself ?[10:46:19] <Aprogas> Read the manpage of the master.cf format.[10:46:23] <klem> ok[10:47:04] <klem> Process limit isn't good ?[10:47:58] <Aprogas> Sounded like you wanted more than 1.[10:48:03] <klem> I think it is[10:48:06] <klem> yeah[10:48:09] <klem> stupid me[10:48:13] <klem> thanks ![10:48:24] <Aprogas> !tell klem sender_dependent_default_transport_maps[10:48:24] <knoba> klem: "sender_dependent_default_transport_maps" : A sender-dependent override for the global default_transport parameter setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting. This information is overruled with the transport(5) table. Available from postfix 2.7[10:49:22] <klem> but, is that wrong, what I did with header_check + master.cf ?[10:49:55] <Aprogas> master.cf makes sense if you want to enforce a certain bind_address only in specific cases. But header_checks seems like the wrong approach.[10:50:16] *** jduggan_ has joined #postfix[10:51:07] <klem> I have 4 domains, and want a specifi IP for each one to bind for the smtp outgoing[10:51:31] <klem> I thought I was right[10:51:52] <klem> I'm going to read the sender_dependent_default_transport_maps..[10:54:12] *** e-jones has joined #postfix[10:55:12] *** dragonheart has joined #postfix[10:57:26] *** henriknj has joined #postfix[10:57:28] *** henriknj has joined #postfix[10:59:35] *** juergen_dose has quit IRC[11:04:52] *** juergen_dose has joined #postfix[11:15:10] *** makomi has quit IRC[11:17:00] *** dxtr has quit IRC[11:19:10] *** shoonya has quit IRC[11:23:25] *** makomi has joined #postfix[11:24:15] *** Twinkletoes has joined #postfix[11:24:38] *** dxtr has joined #postfix[11:26:05] *** master_of_master has quit IRC[11:26:16] *** makomi has quit IRC[11:27:34] *** hrhrhr has quit IRC[11:27:37] *** hrhrhr has joined #postfix[11:27:48] *** master_of_master has joined #postfix[11:31:56] *** juergen_dose has left #postfix[11:42:54] *** Wilkins_ is now known as Wilkins[11:44:48] *** higuita has quit IRC[11:47:08] *** higuita has joined #postfix[11:51:27] *** karlgus has quit IRC[12:00:49] *** karlgus has joined #postfix[12:03:20] *** dragonheart has quit IRC[12:08:21] *** higuita has quit IRC[12:10:51] *** higuita has joined #postfix[12:19:15] *** julian_tuxoid has joined #postfix[12:28:47] *** hever has quit IRC[12:31:34] *** dragonheart has joined #postfix[12:34:57] *** Dosshell has joined #postfix[12:41:30] *** juergen_dose has joined #postfix[12:42:09] *** schnoobby has joined #postfix[12:42:33] <schnoobby> !seen Signum[12:42:33] <knoba> schnoobby: Signum was last seen in #postfix 4 days, 0 hours, 5 minutes, and 3 seconds ago: <Signum> And append_dot_mydomain=yes must be set (=default).[12:44:00] <superbofh> good morning :-D[12:44:09] <Aprogas> I am looking for Signum too. I think knoba needs to be fed with new main.cf descriptions. And I want to know how to !learn a string with double-quotes.[12:45:10] <sysmonk> !lean test123 a "string" with \"quotes\" '"inside'" :)[12:45:10] <knoba> sysmonk: Error: "lean" is not a valid command.[12:45:15] <sysmonk> !learn test123 a "string" with \"quotes\" '"inside'" :)[12:45:15] <knoba> sysmonk: Invalid arguments for learn.[12:45:24] <sysmonk> !learn test123 as a "string" with \"quotes\" '"inside'" :)[12:45:27] <sysmonk> !test123[12:45:31] <knoba> sysmonk: "test123" : a string with \"quotes\" '"inside'" :)[12:45:53] <sysmonk> !forget test123[12:45:54] <Aprogas> My point exactly.[12:46:16] <sysmonk> !learn test123 as a "string" with \\"quotes\\" \\\"quotes\\\" '"inside'" :)[12:46:19] <sysmonk> !test123[12:46:19] <knoba> sysmonk: "test123" : a string with \\"quotes\\" \\\"quotes\\\" '"inside'" :)[12:46:21] <sysmonk> :([12:46:31] <Aprogas> Please, I tried many of those in query already.[12:46:35] <sysmonk> !forget test123[12:46:55] <sysmonk> !learn test123 as 'this one would be fine :P "string string " "string "string"""""'[12:47:00] <sysmonk> !test123[12:47:00] <knoba> sysmonk: "test123" : 'this one would be fine :P string string string string"""""'[12:47:02] <sysmonk> :)[12:47:16] <sysmonk> blah[12:47:20] <sysmonk> !forget test123[12:47:30] <sysmonk> !knoba, help us with the strings! the G-strings![12:47:30] <knoba> sysmonk: Error: "knoba," is not a valid command.[12:47:36] <Aprogas> !learn test234 as no""space - double ""space[12:47:38] <Aprogas> !test234[12:47:38] <knoba> Aprogas: "test234" : no""space - double space[12:47:53] <Aprogas> weird huh? :)[12:47:59] <sysmonk> mhm[12:50:02] <Aprogas> !forget test234 *[12:54:21] *** Hermes has joined #postfix[12:54:35] <Hermes> hi?[12:54:46] *** candy`_ is now known as candy`[12:55:02] <Hermes> I want to choose a MTA between Postfix and Qmail. which one do you suggest?[12:55:07] <Aprogas> Exim[12:55:34] <candy`> hi[12:55:56] <Trengo> sendmail[12:56:00] *** aptituz has joined #postfix[12:56:04] <aptituz> hi[12:56:04] <candy`> popmail[12:56:23] <Hermes> postfix or qmail?[12:56:27] <candy`> qmail[12:56:28] <candy`> :)[12:56:46] <Hermes> Is it true that the core of Gmail is qmail?[12:56:53] <Aprogas> !tell Hermes poll[12:56:53] <knoba> Hermes: "poll" : please do not ask if anyone uses some program or postfix feature. Instead ask your real question.[12:57:25] <Aprogas> No idea what GMail uses internally, I suspect something custom.[12:58:07] <Hermes> Is qmail more stable than postfix?[12:58:14] <UQlev> Hermes: it was true ages ago for yahoo[12:58:24] <aptituz> considering a postfix 2.5 setup with an amavis which is fed via a pipe how can I avoid that it fills up the active queue in a high-load scenario (with the effect of a miserable throughput on the relay side)?[12:59:18] <Aprogas> aptituz: You should tune the maximum amount of Amavis-workers that may spawn, and run at least that many reinject services.[12:59:23] <UQlev> Hermes: I remember google ran something like magicsmtpd[12:59:26] <Aprogas> aptituz: I didn't fully understand your question though.[12:59:32] <sysmonk> aptituz: queue_minfree ? :)[12:59:38] <sysmonk> !queue_minfree[12:59:38] <knoba> sysmonk: "queue_minfree" : a configuration parameter in the main.cf: The minimal amount of free space in bytes in the queue file system that is needed to receive mail. This is currently used by the SMTP server to decide if it will accept any mail at all.[12:59:45] <sysmonk> but i didn't understand the question too[13:00:32] *** shoonya has joined #postfix[13:00:47] <aptituz> well, the problem is not free space, its the number of entries in the queue. with a very high load it quickly fills up to 20k leaving no room for the mails which are reinjected from amavis and need delivery to a remote side[13:01:28] <aptituz> so we have a constant rate of amavis feeding back mails into postfix but a miserable rate of relayed and therefore finished mails[13:02:15] <Hermes> UQlev: but it is not a MTA?[13:02:31] <UQlev> Hermes: it is[13:03:28] <aptituz> Aprogas: tuning the amavis workers + reinject services.. wouldn't that make my problem worse?[13:03:55] <Hermes> it is a replacement for qmail-smtpd.[13:04:08] <Aprogas> aptituz: Please describe the role of your mailserver and how it is setup in more detail.[13:05:10] <aptituz> Aprogas: okay, one moment, just looking into something[13:05:19] *** xabbu has joined #postfix[13:07:09] <Hermes> UQlev: but it is not a MTA?[13:08:47] <UQlev> Hermes: ok, it isn't[13:10:22] <aptituz> ok, so we have a multi-machine setup feeded with some thousand mails per second, feeding it to amavis and after processing relaying it to a relayhost. relaying takes no time, it happens immediately if it happens. the problem is that it does not happen properly, because the active queue is filled up with mails waiting for amavis[13:10:48] <Hermes> Can any one introduce a replacement for amavisd?[13:11:19] <Hermes> It is written in perl. I do not know perl.[13:11:45] <aptituz> currently we have 75 reinject services and 100 amavis workers[13:12:24] <Aprogas> Can your hardware handle 100 Amavis workers?[13:12:31] <aptituz> absolutely[13:13:11] <Aprogas> I still think you need at least one reinject per worker, a reinject isn't very resource intensive compared to Amavis, and it makes sure Amavis can reinject and quit whenever it is ready and doesn't need to wait.[13:13:16] *** UQlev has quit IRC[13:13:16] <aptituz> the problem isn't the throughput on amavis side. the throughput it can handle is enough for us. whats problematic is that postfix does not move the reinjected mails to the active queue fast enough, because its filled up with the next to-process mails[13:13:43] <aptituz> Aprogas: well the idea is to have spare workers in the case of respawning a worker[13:15:01] <Aprogas> I never worked with high volume mailservers, but I heard in an artificial test environment the queue manager processed 3000 msgs/s on moderate hardware.[13:15:19] <Aprogas> Can you provide some statistics on the sizes of your various queues?[13:18:08] <aptituz> eventually[13:18:39] <aptituz> one moment[13:18:52] <aptituz> Aprogas: in which queues are you interested?[13:19:21] <Aprogas> Anything that is hogged I guess.[13:20:08] <Aprogas> Per recipient statistics might be useful too; if you have to mung there, please keep some form of meaningful seperation between censored domains.[13:21:29] <aptituz> well, currently its only one recipient, but this one has no load problem[13:21:39] <aptituz> (direct delivery from amavis to it works)[13:22:56] <Aprogas> I think Postfix will limit concurrent deliveries to the same place; so even if you have enough resources, Postfix may throttle if nearly all outgoing messages are the same destination mailserver.[13:23:17] <Aprogas> You wouldn't want to surpress this behaviour without being whitelisted by that other mailserver.[13:24:19] <aptituz> http://paste.debian.net/89094/[13:25:34] *** TomHome has joined #postfix[13:26:10] <Aprogas> Is censored1.lan serviced by another mailserver? Is that mailserver under your control?[13:26:30] <aptituz> its currently handled by a smtp-sink[13:26:40] <aptituz> and yes it is under my control[13:27:15] <Aprogas> I never used smtp-sink; is that a dummy mailserver?[13:28:57] *** higuita has quit IRC[13:29:11] <Aprogas> !tell aptituz smtp_destination_concurrency_limit[13:29:11] <knoba> aptituz: "smtp_destination_concurrency_limit" : a configuration parameter in the main.cf: The maximal number of parallel deliveries to the same destination via the smtp(8) delivery agent. This limit is enforced by the queue manager.[13:29:28] <Aprogas> Again I must stress I have no personal experience with high volume, I'm just going by intuition here.[13:30:19] <Aprogas> But at max concurrent connections delivering max recipients-per-message, there is only so much mail that can go through.[13:30:48] <Aprogas> So if the other mailserver can handle receiving more, you could tell your Postfix to dump more simultaneous to that other server.[13:30:50] <aptituz> Aprogas: its taking mails and discarding them, it comes with postfix[13:31:36] <Aprogas> Default concurrency is 20, so even if you make 400 workers, only 20 will be used per destination.[13:31:49] *** higuita has joined #postfix[13:31:57] <aptituz> well, increasing default_destination_concurrencly_limit didn't help. would smtp_destination_concurrency_limit make a difference?[13:32:28] <Aprogas> No, it inherits that value by default.[13:32:41] <Aprogas> Did it not help at all, or just not enough? To how much concurrency did you go?[13:33:51] <aptituz> well, it basically does only effect the rate in the first minutes. once the active queue is full of mails waiting for reinject into amavis, it gets ugly again[13:34:02] *** Tykling has quit IRC[13:34:08] <aptituz> and we speak about a drop of the rate to 100 mails/minute over the whole system[13:34:12] *** Tykling has joined #postfix[13:34:13] <Aprogas> Now I'm confused; I thought we were talking about what happens after Amavis.[13:35:01] <aptituz> Aprogas: yeah, we are. the queue is full of mails to the amavis, but its decreasing it with a rate of 6000 mails/second while not moving the mails which should go out to the active queue, cause its full[13:35:30] <aptituz> it seems that the amavis stuff has a unhealthy priority over the smtp/relay jobs[13:35:33] <jelly> yahoo yahoo why hast you permdeferred me?[13:36:03] <Aprogas> jelly: Greylisted? I am pretty sure Yahoo has a postmaster-guide for how to behave when talking to their servers.[13:37:19] <jelly> Aprogas: they do. Not greylisted, 421 4.7.1 [TS03] All messages from 213.191.128.79 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html[13:37:19] <aptituz> we figured that if we were using postfix 2.6 it would probably a good idea to run different postfix instances for receive->amavis and amavis->postfix->relayhost[13:37:31] <aptituz> so that they don't share an active queue[13:37:40] <Aprogas> aptituz: The maximum number of Amavis workers should never be able to hog the rest of the system, because that will disrupt the whole mail queueing.[13:37:40] <jelly> Aprogas: I wonder why they don't just 5xx[13:38:53] *** Vivek has joined #postfix[13:39:09] <aptituz> Aprogas: but appearently it does[13:39:14] *** verywiseman has joined #postfix[13:39:29] <Aprogas> aptituz: Maybe you should mail your question to the mailinglist, they have more experience with high volume.[13:40:10] <Aprogas> I always understood Amavis will be the hog, not Postfix, when processing large amounts of mail. So anything Postfix does in queueing is trivialised by what Amavis is doing in scanning.[13:40:40] <aptituz> yeah and thats the point where me and a co-worker are.. eh.. screwed[13:40:41] <Aprogas> But making too many Amavis workers would disrupt Postfix queue processing too, since the CPU will be under load.[13:42:21] <sysmonk> aptituz: what if you up your qmgr_message_active_limit to 50000 or something[13:42:54] <sysmonk> and decrease the throughput of postfix->amavis[13:43:10] <Aprogas> jelly: Yahoo thinks you are spamming.[13:43:17] <sysmonk> and what about in_flow_delay[13:43:41] *** higuita has quit IRC[13:43:43] <jelly> Aprogas: unfortunately they're correct[13:43:45] <sysmonk> and those are just suggestions, i don't have time to help right now :([13:43:53] <Aprogas> jelly: So don't spam?[13:44:03] <jelly> heh[13:44:06] *** e-jones has quit IRC[13:46:00] *** higuita has joined #postfix[13:49:02] *** e-jones has joined #postfix[13:51:15] *** verywiseman has quit IRC[13:56:06] *** Hermes has quit IRC[13:59:11] *** hwk has joined #postfix[13:59:17] <hwk> how can i disable an alias?[13:59:36] <hwk> or an user? from receiving email like apache@domain[13:59:36] <hwk> ?[13:59:57] *** selim has quit IRC[14:06:02] <Aprogas> hwk: You can disable an alias by removing or commenting it.[14:06:19] *** verywiseman has joined #postfix[14:06:45] <Aprogas> You could use check_recipient_access to reject mail to a certain user.[14:07:08] <Aprogas> I think there is also a more general setting that disallows mail to any system users (e.g. uid lower than 100 or 1000).[14:07:21] *** jelly has quit IRC[14:08:29] *** henriknj has quit IRC[14:08:42] *** jelly has joined #postfix[14:09:58] *** guenter_ has quit IRC[14:10:12] *** ssureshot has joined #postfix[14:11:24] *** lawn has joined #postfix[14:11:41] *** lawnchair has quit IRC[14:14:03] *** selim has joined #postfix[14:14:36] *** shoonya has quit IRC[14:15:20] <zamba> which greylisting software do you guys use?[14:15:32] <zamba> i've been using postgrey, but considering sqlgrey instead[14:15:52] <lunaphyte_> why?[14:16:06] <zamba> i want reports[14:16:12] <zamba> my boss needs graphs :)[14:16:22] <lunaphyte_> what is preventing that?[14:16:38] <zamba> oh.. postgreyreport.. let's test that[14:17:18] <zamba> or maybe not[14:17:26] *** guenter has joined #postfix[14:17:29] <zamba> lunaphyte_: well.. sqlgrey seems to have something built in[14:17:56] <schnoobby> !mailq[14:17:56] <knoba> schnoobby: "mailq" : used to display mail currently in the postfix queues. To remove or requeue mail from the queues see the postsuper(1) command.[14:18:05] <schnoobby> !flush[14:18:05] <knoba> schnoobby: Error: You don't have the owner capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified.[14:18:08] <Aprogas> I am on postgrey currently, works fine so far, but hardly ever hits because I only apply it to hosts that fail a criterium in postfwd.[14:18:35] <zamba> Aprogas: what's postfwd?[14:18:42] <Aprogas> So most of the bad hosts are already rejected for being on too many DNSBLs, and most of the good hosts are not on DNSBLs, have proper HELO and revDNS, etc. so don't get greylisted either.[14:18:44] <lunaphyte_> !parrot[14:18:44] <knoba> lunaphyte_: "parrot" : please don't repeat what someone else has said and tack a question mark on to the end. if you don't understand something about what was said, or have a question, that's fine - just ask it. those who donate their time here aren't interested in guessing what the ? actually means, typing an explanation, and hoping that they're right.[14:18:55] <Aprogas> !tell zamba postfwd[14:18:55] <knoba> zamba: "postfwd" : http://postfwd.org/ : A Postfix policy daemon to combine complex restrictions in a ruleset. See also http://www.postfix.org/SMTPD_POLICY_README.html[14:19:06] <zamba> interesting[14:19:44] *** selim has quit IRC[14:20:58] <zamba> wow, looks quite complex[14:21:55] <Aprogas> It blocks like 99.99% of my spam before I even need to scan it with SA.[14:23:41] <zamba> but basically you have much of the same already implemented in smtpd_recipient_restrictions?[14:23:55] <zamba> it's just a way of separating the checks out in its own service?[14:24:09] <LauJensen> In terms of stopping spam postgrey must be the disappointment of the century[14:24:31] *** lawn is now known as lawnchair[14:24:34] <zamba> LauJensen: oh?[14:24:41] <zamba> LauJensen: for me it did wonders[14:24:42] <lunaphyte_> postgrey, or greylisting in general?[14:24:52] <zamba> both[14:24:54] <LauJensen> zamba: I had some helo and hostname restrictions and postgrey running, and was drowning in spam, until i plugged in SA[14:25:01] <lunaphyte_> no, i was asking LauJensen[14:25:10] *** uqlev has joined #postfix[14:25:12] <LauJensen> lunaphyte_: both[14:25:23] <zamba> greylisting worked wonders for me, at least[14:25:44] <zamba> but nowadays zen.spamhaus.org rejects most of the traffic before it even hits the greylisting service[14:26:14] *** schnoobby has quit IRC[14:26:25] *** dragonheart has quit IRC[14:26:39] <LauJensen> never heard of that before[14:26:56] <zamba> but i only have roughly 2k emails on my mta during one week[14:27:10] <zamba> so it's not an especially large volume[14:27:38] <LauJensen> I have no idea how much traffic I get, but its less than 2k I think[14:27:53] <lunaphyte_> greylisting works well for some people, and sometimes not so well for others. one single person's experience does not make greylisting the "disappointment of the century".[14:27:53] <zamba> mailgraph is nice[14:28:18] <LauJensen> lunaphyte_: Only when that one person... is me[14:28:21] <zamba> i've implemented greylisting at three locations, all with similar results.. the sheer volume of traffic decreased significally..[14:29:01] <zamba> Aprogas: tell me more why postfwd is teh thing? how does it replace smtpd_recipient_restrictions?[14:29:09] <zamba> Aprogas: can't you do exactly the same through that?[14:29:15] <Aprogas> It amends it, it doesn't replace it.[14:29:20] <LauJensen> Im kidding ofc, Im glad to hear that it works for some folk[14:29:28] <LauJensen> Dont know why my spammers persist to way until the greylisting is cleared[14:29:40] <hwk> so how i disable a system account from receiving mail?[14:30:02] <zamba> here's mine, btw: http://pastebin.com/UBFANUt0[14:30:08] <Aprogas> hwk: didn't I already answer that?[14:30:11] <hrhrhr> does anyone use spam.dnsbl.sorbs.net?[14:30:23] <Aprogas> hrhrhr: I have used safe.dnsbl.sorbs.net[14:30:38] <Aprogas> I think spam also includes recent and escalation, which are rather zealous.[14:30:48] <hrhrhr> as well as results from 2008 it seems[14:31:06] <hrhrhr> it does seem rather... aggressive[14:31:09] <zamba> Aprogas: do you mind showing me your smtpd_recipient_restrictions and your postfwd configuration file?[14:31:23] <LauJensen> zamba: reject_rbl_client, is that a plugin you installed?[14:31:43] <zamba> LauJensen: nope[14:32:45] <zamba> LauJensen: http://www.postfix.org/postconf.5.html#reject_rbl_client[14:33:45] <LauJensen> so zen.spamhaus.org does a reverse lookup for you?[14:34:22] <zamba> LauJensen: zen combines different rbl services into one[14:34:29] <zamba> LauJensen: afaik[14:34:40] <LauJensen> what happens if their server is down?[14:34:52] <zamba> just ignores the check, i believe[14:34:54] <LauJensen> k[14:35:12] <Aprogas> reject_rbl_client probably returns DUNNO if DNS fails.[14:36:40] <zamba> Aprogas: did you see my question above?[14:37:19] <Aprogas> zamba: Yes, I'll drop everything I am busy with and compile a pastebin for you right now.[14:37:46] <zamba> Aprogas: no need to get that way, a simple "no" will suffice[14:37:59] *** wdp__ has joined #postfix[14:38:10] <Aprogas> I saw your question, I just haven't put my stuff online yet.[14:38:48] <zamba> i saw one very interesting thing.. greylisting only during non-office hours..[14:39:02] <zamba> but maybe you can do that with postgrey as well..?[14:39:38] <LauJensen> Sounds nice[14:39:57] <LauJensen> funny just as we talk about it, a spam mail gets past SA[14:40:37] *** skyweb has joined #postfix[14:40:45] <zamba> LauJensen: do you take your SA for a walk now and then?[14:40:47] <zamba> LauJensen: to train it?[14:41:28] <LauJensen> Yea - Just now again[14:41:41] <zamba> LauJensen: what distro are you running? and how do you train it?[14:41:45] *** wdp_ has quit IRC[14:42:02] <LauJensen> Arch - Just run sa-learn on a folder of known good, and known evil --ham/--spam respective[14:42:03] <LauJensen> ly[14:42:13] <zamba> yeah, that's the same thing i'm doing[14:42:23] <zamba> but it's kind of manual[14:42:27] *** schnoobby has joined #postfix[14:42:46] *** henriknj has joined #postfix[14:43:03] <LauJensen> Yea, they really should release like a 300.000 sized db that ships with SA[14:43:03] <zamba> i want to give some trusted users the capability of doing spam training themselves, through their own email clients[14:43:37] <zamba> but in theory that should be possible, i guess.. just run sa-learn as a cron job every now and then.. ?[14:43:57] <zamba> on a set of folders that i've defined as spam folders[14:44:37] <Trengo> the idea is you train your DB with YOUR spam and YOUR ham[14:44:54] <Trengo> whats spam to me might be ok to you[14:45:00] <LauJensen> Trengo: Spam artists arent tht creative. there are only so many ways you can sell viagra and chinese web services[14:45:02] <zamba> Trengo: yeah, i understand that[14:45:24] <LauJensen> zamba: the problem is, it does a lot of harm is a spam mail is hiding in your ham[14:45:36] <Trengo> a customer of ours exchanges lots of email with QUOTE: in the subject. guess what that does[14:45:56] <LauJensen> Trengo: I know of a company which trades heavily in Viagra.. guess how they get their mail :)[14:46:02] <LauJensen> (its a hospital)[14:47:24] <zamba> sure, i'm not talking about a distributed spam learning service.. but a way for several users that generally have the same definitions - and uses the same spam db - to be able to train the same database[14:47:28] <zamba> and again - trusted users[14:53:20] <LauJensen> You cant trust users :)[14:54:52] <zamba> true that :)[14:59:05] <zamba> aight, been reading up on postfwd.. looks very interesting[14:59:40] *** Section1 has joined #postfix[15:00:14] *** e-jones has quit IRC[15:00:59] *** uqlev has quit IRC[15:01:07] *** e-jones has joined #postfix[15:08:51] *** JonnyV has joined #postfix[15:17:06] *** UQlev has joined #postfix[15:28:47] *** hwk has quit IRC[15:30:42] *** jim_SFU has joined #postfix[15:34:12] *** e-jones has quit IRC[15:35:05] *** niki has quit IRC[15:36:12] *** AlexC_ has joined #postfix[15:36:14] *** zooz has left #postfix[15:36:15] <AlexC_> morning[15:37:11] *** e-jones has joined #postfix[15:37:17] <AlexC_> I've got an issue with SMTPS, I have port 465 open on my firewall and SSL/TLS all setup - however a 'telnet mx1.example.com 465' shows connection refused; and I can't see any program listning on port 465. What is going on?[15:37:40] *** jim_SFU has left #postfix[15:39:19] <AlexC_> actually, my other server is doing the same - so maybe this is something normal?[15:40:55] <Aprogas> 465 is outdated, use STARTTLS on port 25 and/or 587, depending on the role(s) of your mailserver.[15:41:48] *** henriknj_ has joined #postfix[15:42:04] *** juergen_dose is now known as car[15:42:25] *** henriknj has quit IRC[15:42:44] <AlexC_> aye, just reading about this - well, the role is just a normal mail server that handles email for quite a few domain names. Which would you advise?[15:43:21] *** TomHome has quit IRC[15:43:23] <AlexC_> KMail detect feature selects TLS on port 25 for my SMTP server[15:44:02] *** NotInternat has quit IRC[15:45:49] *** henriknj_ has quit IRC[15:47:40] <AlexC_> wait, I'm a bit confused then. If I want to TLS/SSL an email server will connect on port 25, see STARTTLS and use that to establish a connection on port 25?[15:49:16] <joschi> AlexC_: the existing connection on 25/tcp will be upgraded to use TLS when STARTTLS is issued at the beginning of the smtp dialogue[15:49:21] <lisa> STARTTLS works by creating an unencrypted connection to a specific port and then issuing a STARTTLS command to negotiate an encrypted channel with the remote server[15:50:07] *** julian__ has joined #postfix[15:50:47] <AlexC_> ok, and all of this is done on port 25? I'm confused then why there is a lot of information regarding 465 and 587 - what are these used for?[15:52:18] *** henriknj has joined #postfix[15:52:25] *** henriknj has quit IRC[15:52:25] *** henriknj has joined #postfix[15:53:12] *** makomi has joined #postfix[15:53:50] *** julian_tuxoid has quit IRC[15:55:23] <Tom-B> How do I go about enabling imap/smtp for local host only?[15:55:29] <Tom-B> I am assuming it's in master.cf ?[15:55:40] <Tom-B> #smtp inet n - - - - smtpd <---- possibly, what should I set if so?[15:57:42] *** LauJensen has quit IRC[15:59:30] <AlexC_> Tom-B: Postfix does not handle IMAP[16:00:09] <AlexC_> joschi: lisa do I even need these ports open then?[16:00:26] <lisa> depends on your requirements[16:00:51] <lunaphyte_> !tell Tom-B goal[16:00:51] <knoba> Tom-B: "goal" : describe your goal, not what you think the solution is[16:01:01] *** makomi has quit IRC[16:01:02] <joschi> !tell AlexC_ submission[16:01:02] <knoba> AlexC_: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[16:01:12] <joschi> !tell AlexC_ starttls[16:01:12] <knoba> joschi: Error: No factoid matches that key.[16:01:22] <joschi> !tell AlexC_ tls[16:01:22] <knoba> AlexC_: "tls" : Short for Transport Layer Security (RFC2246). It adds an additional layer of encryption to protocols such as SMTP, POP3 or IMAP to improve security during transmission over the Internet. TLS features in Postfix are documented here: http://www.postfix.org/TLS_README.html[16:02:43] <Tom-B> Hi alex, you're not wrong sorry slight over sight on my part there[16:03:06] <Tom-B> I use SMTPS but I need to enable SMTP in postfix on local host only for squirrelmail[16:03:08] <Tom-B> Any ideas[16:06:05] <Aprogas> zamba: Are you still looking for my postfwd.conf and my restrictions?[16:07:55] *** karlgus has quit IRC[16:08:11] <zamba> Aprogas: yup[16:10:04] *** Internat has joined #postfix[16:12:51] <Aprogas> http://pastie.org/1150185.txt?key=kjtsydm6iubz8it2d7cw[16:12:58] *** brancaleone has quit IRC[16:13:09] <zamba> Aprogas: thanks :)[16:14:09] <zamba> will see if i can adapt it :)[16:14:22] <Aprogas> I based it off another example conf[16:15:02] <Aprogas> Also it still has some sort of bug in that JMF does not match properly on multiple answers.[16:16:27] *** remoteCTRL2 has joined #postfix[16:17:36] <remoteCTRL2> hi guys! i keep getting this (connect to myhost.mydomain.com[/var/run/cyrus/socket/lmtp]: No such file or directory) but the socket is there whats wrong?[16:18:34] <remoteCTRL2> srwxrwxrwx 1 root root 0 2010-09-10 16:12 /var/run/cyrus/socket/lmtp[16:18:46] <lunaphyte_> when?[16:19:05] <Aprogas> Maybe you are running certain services in chroot.[16:19:13] <remoteCTRL2> when echo hallo | mail klaus[16:19:36] <remoteCTRL2> Aprogas: i found that one in google and turned off the chroot[16:20:11] <Aprogas> Is your mailserver going to receive mail for any domains? Or is it just going to send?[16:21:47] *** skyweb has quit IRC[16:21:47] <remoteCTRL2> Aprogas: would you like to have a look at my postconf -n i just pasted it?[16:21:51] <remoteCTRL2> http://pastebin.com/0NkprMJ0[16:23:38] *** wdp__ is now known as wdp[16:23:42] *** wdp has joined #postfix[16:24:34] <remoteCTRL2> Aprogas: is that of any help?[16:24:51] <Aprogas> I hope reject_unauth_$ is a copypaste error from a wrapping editor.[16:25:24] <remoteCTRL2> Aprogas: erm... i guess? :D what's it supposed to look like?[16:26:18] <Aprogas> reject_unauth_destination most likely[16:26:26] *** rajijoom has quit IRC[16:27:02] <remoteCTRL2> Aprogas: right you are, this stoopid nano really rrunkated the copy paste-.-[16:27:23] <Aprogas> Why do you load postconf -n into nano ?[16:29:09] <remoteCTRL2> Aprogas: nah i didn't i am setting up atestserver here in order to get tiki wiki cms groupware installed so i cloned out productive server and copy pasted the config from one console tab to the (ssh-ed) other console tab[16:29:49] <remoteCTRL2> i fixed this now, unfortunately this diod not fix my issue...[16:30:36] <Aprogas> The server you are having trouble with, is it going to be receiving or just sending?[16:30:50] <remoteCTRL2> Aprogas: its supposed to do both[16:31:25] <remoteCTRL2> Aprogas: may i ask in how far that is relevant?[16:32:22] <Aprogas> If it was going to be send-only, you could use a nullclient software instead of Postfix.[16:32:38] <Aprogas> Many people come in here with trouble with Postfix, while really they just want their PHP mail() command to work.[16:33:00] <remoteCTRL2> Aprogas: well... tiki wiki cms groupware actually works with sendmail but i dont like that one very mucho...[16:33:58] <remoteCTRL2> erm... hehehe well the php mail() command is indeed the goal to have working for now, but yet still this groupware including webmail is going to need a imap/pop daemon, right?[16:34:07] <remoteCTRL2> or do you suppose it brings it's own?[16:34:41] <remoteCTRL2> btw what precisely is a nullclient software?[16:34:51] *** Rez has joined #postfix[16:34:56] *** Rez is now known as LoRez[16:35:07] <lunaphyte_> !tell remoteCTRL2 nullclient[16:35:07] <knoba> remoteCTRL2: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[16:35:17] <Aprogas> Software to send only outgoing mail via a relayhost (usually provided by ISP or e.g. GMail), without receiving mail and without managing mailboxes and all those things.[16:35:43] <remoteCTRL2> oh a smarthost so to say?[16:35:56] <remoteCTRL2> or is that even something completely different?[16:35:58] <Aprogas> Sort of. Nullclient software talks to the smarthost.[16:36:08] <lunaphyte_> well, the msa.[16:36:30] <remoteCTRL2> ah, so the smarthost is not the thing relaying to a server but the server having stuff relayed to?[16:36:42] <lunaphyte_> well, it could be both.[16:36:54] <remoteCTRL2> ok i think i am starting to get a clue[16:37:26] <remoteCTRL2> problem is i really have no idea how this tiki wiki cms groupware is precisely structured, the howto says it expects a running sendmail[16:37:44] <lunaphyte_> that would be a traditional application for a nullclient, yes.[16:37:44] <remoteCTRL2> but that cannot be the last word...[16:37:51] <Aprogas> I don't know what tiki wiki cms groupware is; does it offer mailboxes to users?[16:38:19] *** CountDown has joined #postfix[16:38:25] *** car has left #postfix[16:38:35] <remoteCTRL2> Aprogas: it has a fully functional webmail, yes but i was unable up to now to figure out wether it ships with a imap/pop service or if it uses the system's one[16:40:40] *** Vivek has quit IRC[16:40:41] *** Internat has quit IRC[16:41:30] *** lepine_ has quit IRC[16:41:35] *** bezourox has quit IRC[16:42:22] *** lepine has joined #postfix[16:42:25] *** bluethundr has joined #postfix[16:43:00] <Aprogas> IMAP servers don't receive mail, they present mailboxes to users. A webmail that directly reads the mailbox, does not need to go via an IMAP server; I don't know whether webmail software generally relies on IMAP or direct access.[16:43:12] <Aprogas> Either way Postfix is not an IMAP server, but Postfix can receive mail and store it in a mailbox.[16:43:47] *** Jippi has joined #postfix[16:44:22] <remoteCTRL2> Aprogas: hehe thanks dude but i am actually well aware of that[16:44:37] <remoteCTRL2> a few things i have understood yet but i am far from getting it all :D[16:44:42] <Aprogas> With what you were saying, it sounded as if you might be a bit confused.[16:45:05] <remoteCTRL2> hehe, i am soory for that and it probably is because i AM a little confused right now[16:45:36] <remoteCTRL2> the point is i have no idea if tiki acesses the mails on a file system level or via imap but i suppose the latter...[16:46:02] *** Jippi_mac has quit IRC[16:46:08] *** brancaleone has joined #postfix[16:46:52] <remoteCTRL2> it would at least make much more sense if it does it vie imap cos if you have no imap running you are forced to use the webmail wich would kinda defeat the purpose[16:47:50] <remoteCTRL2> gosh i am so stuck...:/[16:51:44] *** Internat has joined #postfix[16:52:57] *** p3rror has joined #postfix[16:53:48] *** n1md4 has joined #postfix[16:57:33] *** tharkun has joined #postfix[16:58:16] *** cga has quit IRC[16:58:31] * tharkun greets the floc[16:58:36] <tharkun> k[17:10:51] *** shoonya has joined #postfix[17:17:04] <zoo_> hello. my postfix complains about this: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)[17:17:25] <zoo_> i don't see a permissions problem. Any ideas?[17:17:30] *** neekfenwick_ has quit IRC[17:18:09] <n1md4> Trying to setup mail aliases. I have user at example dot com as the canonnical address, with user at example dot co.uk as the alias. Locally this works, and mail send to the .co.uk address lands in the .com mailbox. But externally, I get "Undelivered Mail Returned to Sender", here's an example:-[17:18:09] <seekwill> Is MySQL running?[17:18:13] <zoo_> yes[17:18:14] <n1md4> host mail.example.co.uk [X.X.X.X] said: 554 5.7.1 user at example dot co.uk: Relay access denied (in reply to RCPT TO command)[17:18:19] <seekwill> If so, did it place the sock in that location?[17:18:20] <zoo_> the socket is there[17:18:36] <seekwill> Can you paste the ls output to prove that?[17:18:43] <zoo_> srwxrwxrwx 1 mysql mysql 0 2010-09-10 17:22 /var/run/mysqld/mysqld.sock[17:18:53] <seekwill> You sure that's not an old message?[17:19:24] <zoo_> it's brand new, appeared just after starting postfix up, a minute ago[17:20:40] <tharkun> zoo_: is postfix chrooted ?[17:21:11] <zoo_> tharkun: how do i know that?[17:22:29] <tharkun> grep smtp /etc/postfix/master.cf[17:22:35] *** schnoobby has quit IRC[17:23:12] <tharkun> Or wherever is your master.cf file[17:23:25] *** ssureshot has quit IRC[17:24:08] <zoo_> there is "-" in chroot column[17:24:28] <tharkun> zoo_: using debian or debian derivative ?[17:24:34] <zoo_> yes, ubuntu[17:24:52] <tharkun> ok you need your socket inside the chroot that postfix is using[17:24:53] <zoo_> seems to be chrooted, right?[17:24:59] <tharkun> yes[17:25:20] <tharkun> /var/spool/postfix is your / of your postfix install, act accordingly[17:25:32] <zoo_> okay[17:25:44] <tharkun> or better yet bind mysql to localhost and connect to it[17:25:47] <zoo_> below there must be the socket, right?[17:25:54] <tharkun> yes[17:26:39] <joschi> tharkun, zoo_: localhost is a "magic hostname" for mysql and will *always* use the UNIX socket. use 127.0.0.1 if you want to use the TCP socket[17:26:45] <zoo_> is that easier than always keeping an eye on the socket?[17:27:09] <zoo_> joschi: thx, i just wanted to ask that :)[17:27:13] <tharkun> joschi: you are right, thx for the correction[17:27:33] <tharkun> zoo_: yes, it is easier binding to 127.0.0.1 ;P[17:30:39] <zoo_> great! now it works, thanks a lot so far![17:30:43] *** juergen_dose has joined #postfix[17:30:45] * zoo_ is very happy now[17:31:13] <zoo_> okay, what can I do to use the unix socket? changing the mysql configs?[17:32:15] *** shal3r has quit IRC[17:34:27] <remoteCTRL2> Aprogas: i found it![17:35:44] <Aprogas> What was the cause?[17:36:04] <remoteCTRL2> i removed the chroots in /etc/postfix /master.cf for smtp and lmtp then it worked[17:36:20] <remoteCTRL2> can you believe it? :D[17:36:56] <Aprogas> We said chroot, you said you removed that already.[17:39:25] <zoo_> I am just switching from qmail to postfix. I was using dspam all the time. What antispam messurements are you advising?[17:39:27] <remoteCTRL2> Aprogas: apologies, i misses the lmtp one[17:39:55] <Aprogas> zoo_: dspam can work with Postfix too[17:40:01] <tharkun> !cheatsheet[17:40:01] <knoba> tharkun: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[17:40:06] <zoo_> Aprogas: I know[17:40:10] <tharkun> zoo_: ^^[17:40:29] <remoteCTRL2> Aprogas: i am sorry, i really am, you know i am kinda noob, i got the basics but not much more and i am really tired already today...[17:40:55] *** Ionic has quit IRC[17:42:10] <remoteCTRL2> Aprogas: anyways thanks alot for your help, i appreciate it![17:45:50] <tharkun> Am i getting this correct, Is it possible to make a sqlite table that has the postscreen_blacklist_networks table ?[17:46:19] * tharkun is testing version 2.8 and is very happy with it :D[17:47:47] *** AlexC_ has quit IRC[17:48:03] *** JoKoT3 has quit IRC[17:55:04] *** _spq` is now known as spq`[17:55:04] *** spq` is now known as 77CAA62FZ[17:55:15] *** 77CAA62FZ is now known as spq`[17:55:22] <zoo_> !clamav[17:55:22] <knoba> zoo_: "clamav" : a free (open source) virus scanner which works great with amavis. See http://www.clamav.net/[17:58:03] *** karlgus has joined #postfix[18:00:12] *** shoonya has quit IRC[18:02:52] *** shal3r has joined #postfix[18:03:39] *** hever has joined #postfix[18:04:57] *** Justin_Hopkins_ has joined #postfix[18:05:04] *** Justin_Hopkins has quit IRC[18:05:12] *** Wilkins has quit IRC[18:05:46] *** hever has quit IRC[18:06:51] *** hever has joined #postfix[18:08:12] *** karlgus has quit IRC[18:08:50] *** jelly has quit IRC[18:08:52] *** Justin_Hopkins_ has quit IRC[18:09:47] *** karlgus has joined #postfix[18:26:27] <bgerber> How can I get the bounced or maildrop emails dumped to a file on my systetm using postfix? I had forgot to turn backupn passphrase only logging into the sytem. That is they have to provide me with there public ssh key and I add it to authorization file in each user directory or they can not get into the system.[18:27:22] <Aprogas> I don't understand your question.[18:27:30] <bgerber> Sadly they used my system to spam which I did get stopped, but with the system possibley compromized I thought I needed to do a wipe of /[18:27:47] *** jelly has joined #postfix[18:27:55] *** makomi has joined #postfix[18:27:57] <bgerber> I am rsyning all the postfix files in /var/spool/postfix.[18:28:21] <Aprogas> Do you think they got root access?[18:28:24] <bgerber> I want the messages that would bounce or go to mail drop saved to a file[18:28:37] <bgerber> There is a chance.[18:29:10] <Aprogas> I am not sure what the best tool is to parse and filter a mail queue.[18:29:27] <bgerber> So I can sort though them. I have over 275000 files[18:29:55] <Aprogas> You just want to concatenate all those files into one huge file?[18:30:01] <bgerber> If mail drop dropped the file into a file on my system instead of sending it back.[18:30:30] <bgerber> I could then take my time and get just the email messages I need.[18:31:08] <Aprogas> I recommend you first make a backup of your entire mail queue as it is, and keep that backup safe. Then start filtering out all the bogus/spam/virus messages (if you can find a distinct criterium) and just delete them outright.[18:31:13] <bgerber> I have been dropped from many of my email lists for bounced email. I have been on theses lists for 10-20 years[18:32:11] <bgerber> I stopped postfix and and backing up every thing in incoming, defer, derrered, maildrop and outgoing.[18:33:21] <bgerber> what I hope is after the new fressh install wiping / I will be able to restore spool postifx and get all the messages.[18:33:47] <Aprogas> You want to find the good messages between the bad messages, right?[18:34:03] <bgerber> The mail in my queues starts from auig 20 and goes to yesterday.[18:34:08] <bgerber> yes[18:34:35] <bgerber> before they are sent back or rejected for sitting in my queues too long.[18:34:46] <Aprogas> Do you have a way to distinguish good messages from bad messages?[18:34:52] <bgerber> I notice a lot of good emails in maildrop.[18:35:28] *** shal3r has quit IRC[18:35:33] <bgerber> searhing and manually going through them. But it would be a lot easier to use procmail after[18:36:17] <bgerber> I some how save all the messages, instead of sending them back, like postfix was doing.[18:36:56] <Aprogas> What do you mean with "sending them back" ?[18:37:07] <bgerber> 90 % of the email would be sorted by procmail to my correct folders.[18:37:56] <bgerber> the messages in maildrop and that have been marked as bounce because of sitting on my system too long and not proccessed yet.[18:38:31] <Aprogas> So you want Postfix to re-evaluate whether those messages really need to get bounced?[18:39:01] <bgerber> yes, or put them in a file for me to sort.[18:39:20] <bgerber> and run through my various filters.[18:39:40] <Aprogas> I think concatenating multiple messages into a single file is not very practical. I think each message is a seperate file in the filesystem.[18:39:42] *** xabbu has quit IRC[18:40:04] <seekwill> mbox?[18:40:24] <bgerber> well I have found that and in mbox format with a lot of the messages[18:41:01] <Aprogas> I think Procmail can eat messages from seperate files just as well; I still have trouble understanding why combining into one file is needed.[18:41:08] <bgerber> there is some very important corespondence in the maildrop directory that I need.[18:41:48] <bgerber> I do not care how many files. Just to stop the bouncing of the emails[18:41:54] *** xabbu has joined #postfix[18:42:20] <bgerber> putting them in one mbox file or many files does not matter.[18:42:25] <seekwill> Ah, heh. djb created mbox...[18:42:27] <seekwill> Figures.[18:42:54] <bgerber> I just do not want the files that are being marked as bounce bounced.[18:43:18] <seekwill> Oh, he created maildir...[18:43:22] <seekwill> So confusing.[18:43:33] <bgerber> I want them saved so I can use tools like procmail or filtering in maildir.[18:43:58] <bgerber> they are a mix and not yet really delivered.[18:44:04] <Aprogas> bgerber: I never worked on a mailserver that had a queue for longer than a few seconds, so I'm not really sure what the contents of /var/spool/postfix look like.[18:44:07] *** xabbu has quit IRC[18:44:19] <Aprogas> Do you have some filter you can use in Procmail to seperate the good and bad messages?[18:44:56] <bgerber> yes if I can stiop them from being bounced and put through my procmail filters.[18:45:17] *** hever has quit IRC[18:45:37] <Aprogas> You have stopped your Postfix right? Postfix will not process the queue if it is not running.[18:46:01] <bgerber> hence somehow causing postfix to put files in any format in one place so I can work on them and not returned. to sender.[18:47:01] *** xabbu has joined #postfix[18:47:05] <bgerber> right now they end up in maildrop. and vanish quickly.[18:47:32] <Aprogas> You mean Procmail is reinserting them into maildrop?[18:48:01] <bgerber> when postfix is running it is sticking them in maildrop[18:48:09] <bgerber> not procmail.[18:48:29] <Aprogas> How many good messages do you think are between the 275k ?[18:48:53] <bgerber> you know how if a message is not delivered it is returned. yes[18:49:00] <Aprogas> Yes, I know about bounces.[18:49:09] <bgerber> about that[18:49:14] <Aprogas> You should not use Postfix to feed into Procmail.[18:49:38] *** e-jones has quit IRC[18:49:58] <Aprogas> I think if Procmail processes a message and decides to forward it, a new message is created.[18:50:10] *** cga has joined #postfix[18:50:24] <Aprogas> So if you can make Procmail delete all the bad messages and forward all good messages to the original recipient, it will do that.[18:50:26] <bgerber> I goes through a set of stepps and then goes to procmail for each user and is parsed into their folders for the email lists.[18:51:23] <bgerber> exactly. I just have to get them out of postfix, bouncing to a place where I can do that.[18:51:41] <bgerber> not returning to sender.[18:52:01] <Aprogas> Yes, I know what you don't want to do, but I still don't understand what you do want to do.[18:52:41] <bgerber> because most of the emails have been in my queues longer than they should and are being bounced back.[18:53:41] <bgerber> rather than being processed out to the normal postix steps, after smpt completes receiving the email.[18:53:52] <Aprogas> Can you just pastebin your procmail recipe or something? Maybe I can deduct from that what you are doing.[18:54:55] <bgerber> I could be it is about 40 k long. putting messages in 200 mbox files.[18:54:55] <Aprogas> I cannot figure out whether with Procmail you are storing the mail in existing mailboxes, forwarding them to their original recipient, or just storing them all into one big mailbox.[18:55:38] <Aprogas> So you want to feed all 275k messages through Procmail, so that Procmail can process them and store them in the correct mailbox.[18:56:43] <bgerber> when I look at /var/spool/postfix/ incoming defer, deferred, and maildrop I see messages that should have been sent down to processing change for delivery, using maildir and mbox depending on the user.[18:57:32] <bgerber> but because they have been on my system so long or other reasons they are being bounced.[18:58:12] <bgerber> I want the bounce to go to me to process later rather than returned to sender.[18:58:13] <Aprogas> But apart from that the delivery of those messages would work? In that case you can just increase bounce_queue_lifetime[18:58:30] <bgerber> yes[18:58:37] <Aprogas> And maximal_queue_lifetime too.[18:59:07] <Aprogas> How many of those 275k messages are spams?[19:00:07] <bgerber> I know that at least 2000 emails a day I receive are not. They are from my many email lists. like the git or linux kernel lists[19:01:01] <bgerber> You get a lot of messages that you scan for topics of intered and I am able when time permits read all of them.[19:01:49] <Aprogas> From what I understood your mailserver was compromised and spammers left a large amount of outgoing spam into your queues.[19:02:01] <Aprogas> And you also have some valid email that you want to be delivered to local mailboxes.[19:02:14] <Aprogas> I think you should first remove the spam from your queues.[19:02:18] <bgerber> so if I some how save the messages instead of bouncing them I can reinject them and get rid of the bad email quiclky.[19:02:41] <bgerber> that is what I am guessing.[19:04:07] <bgerber> that is what I want to do by being able to take what would be bounced putting it in a file or files to send through my maildir and procmail filters.[19:04:37] <bgerber> they will dev null the spam and sort the messages.[19:04:46] *** julian__ has quit IRC[19:05:00] <bgerber> to the right folders.[19:05:00] *** JonnyV has quit IRC[19:06:03] <bgerber> so right now I do not want the maildrop messages dropped yet, but in a human readable format. like mbox.[19:06:28] *** Twinkletoes has quit IRC[19:07:33] *** neorise-rider has joined #postfix[19:07:34] <bgerber> or other emails that once I start postix again they will not be just dropped but go through the normal proccessing I have used for many years with postfix, exim and sendmail.[19:08:17] <Aprogas> And just increasing the lifetimes will not be enough to achieve this?[19:08:45] <Aprogas> If you set the lifetimes to 4 weeks, messages in your queue won't be turned into bounces, unless they really cannot get delivered.[19:08:54] <bgerber> I know I tried and lost 20,000 emails[19:09:16] <bgerber> ok[19:09:23] *** sphenxes has quit IRC[19:09:36] <Aprogas> Are all 275k emails with destination your mailserver? Or are there emails with other mailservers as their destination in between?[19:09:44] <bgerber> yes[19:09:48] <Aprogas> Which one.[19:09:55] <bgerber> my server.[19:10:21] <Aprogas> And you tried to restart Postfix with higher lifetimes, and the mails still got bounced?[19:10:53] <bgerber> yes, I did not choose more than 2 weeks.[19:11:08] <bgerber> I should have had it at 4 weeks.[19:12:06] <bgerber> so what I now want is the many email ready to be sent back when postfix is restarted.that they are saved instead of bounces.[19:12:09] *** sphenxes has joined #postfix[19:13:31] <Aprogas> Are the messages already in the bounce queue?[19:13:33] <bgerber> so I quickly stopped postfix and now have an extremely lot of maildrop messages that I really want.[19:14:01] <bgerber> and not bounced.[19:14:12] <Aprogas> maildrop is not bounce[19:14:26] <Aprogas> maildrop is mail submitted by a local process[19:15:34] <bgerber> ok, then the onces with bounces or marked as bounces. A few friends have said the email since 20 aug 10 have bounced back to them.[19:15:52] * adaptr has the hugest money[19:16:05] <bgerber> I want those email if still on my system[19:16:40] <Aprogas> bgerber: Are there any files in /var/spool/postfix/bounce ?[19:16:45] <bgerber> Some I have sent and not been received yet are bills for my services on their equipment or sales.[19:16:58] <bgerber> yes a lot.[19:17:36] <bgerber> over 40 k of messages.[19:18:31] <adaptr> and you accepted all of them ?[19:18:32] <adaptr> ouch[19:18:34] <bgerber> maildrop has about 60 k and incomming have about 175 k[19:18:41] <adaptr> you may want to stop postfix[19:18:50] <adaptr> ah, open relay :)[19:18:56] <Aprogas> bgerber: How many of the 40k messages in bounce do you suspect are good emails?[19:19:04] <bgerber> it is and has been for a few days.[19:19:07] *** karlgus has quit IRC[19:19:11] <adaptr> so it's stopped now, yes ?[19:19:20] <adaptr> killded dead, firewall raised, ports blocked[19:19:21] <bgerber> 80 %[19:19:25] <adaptr> no[19:19:32] <adaptr> you need to STOP postfix.[19:19:33] <adaptr> NOW[19:19:36] <Aprogas> He did, yesterday.[19:19:40] <bgerber> yes[19:19:44] <adaptr> then how can it be stopped 80%[19:19:55] <Aprogas> 80% of his 40k messages in bounce are good emails.[19:20:04] <adaptr> he should elarn to contextualize[19:20:10] <Aprogas> So should you.[19:20:15] <bgerber> postfix is stopped and has been for 2 days now since I have been trying to decide what to do.[19:21:22] <bgerber> I am recovering from a stroke and do not remember my 40+ years of doing this stuff.[19:21:36] <adaptr> set up a transport to a second postfix that has the proper checks in place, and push everything through that[19:21:42] <bgerber> I am really relearning what I once kwen[19:21:44] <adaptr> anything that comes through, investigate[19:22:19] *** p3rror has quit IRC[19:23:28] <bgerber> ok I will read up on that and see if I can set it up. Having a swiss cheese memory with rembering things only 20 years ago is making thing a real challenge.[19:23:43] <adaptr> sadly, this won't be able to use the most powerful antispam weapon - RBLs[19:23:56] <bgerber> still under doctors order for bed rest[19:24:04] <adaptr> but perhaps you could scan the headers and see if there are RBL IPs in there[19:24:25] <bgerber> I know and it makes me sick to think of it.[19:24:39] <bgerber> how much is going to have be be manually done.[19:24:59] <adaptr> I would at least try that - header checks for RBL IPs[19:25:15] <adaptr> it would require some scripting, but it might save you a lot of time[19:25:28] <bgerber> but first I need to extend the queue times and such[19:25:43] <Aprogas> It might be possible to just run something like spamassassin on all those emails.[19:26:00] <Aprogas> Anything in the bounce queue is already labeled as a bounce.[19:26:06] <bgerber> I used to be a good scripter. but not the best right now with my illness.[19:26:09] <Aprogas> In fact, anything in there may not contain the full original message anymore.[19:26:21] <adaptr> Aprogas: usually cut off at 50K (postfix default)[19:26:22] <Aprogas> Is it feasible for you to hire someone to recover your good emails?[19:26:35] <bgerber> that is also what I am afraid of.[19:26:40] <Aprogas> adaptr: And by the time something is moved to bounce, the original message is gone I assume.[19:26:46] <bgerber> no,[19:26:57] *** numen_ has quit IRC[19:26:59] <adaptr> Aprogas: the original message is not kept[19:27:17] <adaptr> it is copied into the DSN cut off at 50K[19:27:22] <adaptr> and thrown away[19:27:26] <bgerber> since I have been unable to work, we barely make house payment and I am not able to buy all my meds[19:28:18] *** makomi has quit IRC[19:29:24] *** numen has joined #postfix[19:29:47] <bgerber> so I really right now am unable to hire someone to assist with this mess. That is why I am backing things up and starting fresh with my ssh to passphrase only, and user added only after a check of his home directory.[19:30:39] <bgerber> hard on them but necessary given the break-in of my linux system.[19:30:58] <Aprogas> Was a dictionary attack used?[19:31:21] <Aprogas> Actually that's not very relevant at this point.[19:31:28] *** sphenxes has quit IRC[19:31:42] <Aprogas> I think you should open one of the files in the bounce queue, just to see what it looks like.[19:31:51] <bgerber> I do not know I have iptables block IP address for on day after 3 failed attemps[19:32:46] <bgerber> I have one some. most of the message is there but not all the headers and in some cases trunkacted.[19:34:31] <bgerber> In a minute or 3 minutes black list IP for a day. so if the did use a dictionary attack it had to be spread out over many days if from the same IP[19:35:23] <bgerber> 3 striles and your out of contact with my servers for 24 hours[19:36:07] <bgerber> sorry if my illness gets in the way especially with my spelling.[19:36:14] <Aprogas> SSH worms have gotten distributed for a while.[19:36:29] <Aprogas> So they are better at evading such blocks.[19:36:58] <bgerber> what do you use or recommend?[19:37:29] <Aprogas> I use randomized passwords, with at least a number, but adding a punctuation mark too is probably a good idea as well.[19:38:08] <bgerber> The have to have their ssh key on the system with a passphrase they send to me before they have access to their directory.[19:38:42] <Aprogas> Yes, moving away from passwords completely is also an option.[19:38:48] <bgerber> no passwords allowed except on the console.[19:38:59] *** mezgani has joined #postfix[19:39:26] * f3ew sympathises with bgerber[19:40:43] <bgerber> that is how the system was setup. for over a year. Sadly I had one user/s business that the machine was fried, so I allowed password, and I had the stroke and forgot that I have not put the system back to passphrase onle.[19:40:57] <bgerber> s/onle/only.[19:42:04] <f3ew> Sucky[19:42:11] <bgerber> It is now back to passphrase only, but damage has already been done. Hence the re-install and trying to save any good email.[19:42:21] *** sphenxes has joined #postfix[19:42:44] <f3ew> it might be easiest to grep for visible spammy keywords, and then feed the filenames to postsuper -d[19:43:27] <f3ew> grep -ril "spam-spoor" /var/spool/postfix | xargs -1 basename | postsuper -d -[19:43:29] <bgerber> thanks for the ideas. I am going to go change queues to 5 weeks, and do the grep stuu. till[19:43:32] <f3ew> or something like that[19:43:54] <sysmonk> it's what i usually did[19:43:55] * f3ew -> home[19:44:05] <f3ew> I hope you get better soon[19:44:14] <f3ew> Strokes are not fun[19:44:15] <sysmonk> grep for something obvious (source ip, spam words) and tehn postsuper -d[19:45:12] *** juergen_dose has left #postfix[19:45:22] <bgerber> ok I will try that everything once I have / finished being backed up. All I have left is postfix using rsync to an other drive on the system.[19:45:38] *** smica has joined #postfix[19:46:08] <bgerber> I am coping the suggestions to a file so I do not forget. thanks.[19:47:33] <Aprogas> bgerber: increasing lifetimes won't affect anything already in the bounce queue[19:49:11] <bgerber> ok, but it will not change the other stuff in the pipeline since I stopped postfix deferred has about 60 k of messages as I stopped things[19:49:49] <bgerber> so with longer queues they will be proccess and not bounced once I restart postfilx[19:51:30] <bgerber> and the messages that are being queued at my ISP for my domain once I do the reintall longer queues will keep them from being bounced/[19:52:23] <bgerber> thanks I need to leave a rest for a bit, it helps me with recovering from the stroke last week.[19:53:07] <bgerber> bye and thanks[19:53:34] <Aprogas> Your ISP won't have queued those messages for more than 5 days.[19:53:52] <Aprogas> If your mail volume is low enough, maybe using something like Google Apps is useful for you.[19:55:16] <bgerber> I usually get 50 k of messages a day including spam being block with SPF and DKIM[19:55:25] *** TheEmpath has joined #postfix[19:55:28] <TheEmpath> hi[19:56:00] <TheEmpath> telling linux to handle email is pretty much the most complicated and unintuitive thing i've ever done short of learning Bra-Ket notation[19:56:05] <bgerber> at the front so messages never make it into system if they are not from my email servers.[19:56:34] <TheEmpath> i've yum installed postfix and dovecot and adjusted the main.cf and dovecot.conf[19:56:37] <bgerber> I agree. it is almost like black magic.[19:56:41] <adaptr> TheEmpath: so you've met sendmail, then :)[19:56:53] <TheEmpath> i telnet localhost 25 and it tells me "Connection closed by foreign host"[19:57:01] <adaptr> TheEmpath: are you, in fact, using postfix ?[19:57:06] <TheEmpath> sendmail was like trying to setup Postfix but in a dead language[19:57:11] <adaptr> sounds like a firewall in the way[19:57:14] <TheEmpath> im currently using postfix[19:57:27] <adaptr> of course, you COULD also show us the logs[19:57:36] <TheEmpath> which logs?[19:57:45] <bgerber> I have dovecot insteall and configure in. I just have not finished with postgrey too.[19:57:49] *** sash_ has joined #postfix[19:57:55] <denysonique> bgerber, postgrey?[19:58:10] <adaptr> TheEmpath: oops. your chances of useful help are slinking at an alarming rate[19:58:11] <bgerber> yes[19:58:16] <adaptr> !logs[19:58:16] <knoba> adaptr: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[19:58:36] <TheEmpath> there goes that whole intuitive thing again[19:58:59] <bgerber> It slows down the incomming mail and does stop some spam fluries[19:59:03] <Aprogas> Is it not intuitive that mail logs are in /var/log/mail.log ?[19:59:36] <Aprogas> bgerber: Please look into Google Apps or similar services; they are either free or low-cost. This may for your new mail setup take some load of your shoulders.[20:00:01] <denysonique> Aprogas, where would you expect the logs to be?[20:00:07] <bgerber> ok I will look into them.[20:00:19] <bgerber> thanks[20:00:34] <bgerber> bye for a while.[20:01:03] <Aprogas> denysonique: /opt/Administrative Tools/Event Viewer.exe[20:01:15] <denysonique> LOL[20:01:27] <denysonique> Aprogas, .exe[20:01:47] <denysonique> Aprogas, is this a joke? or you are comming from a m$ bg?[20:04:06] <TheEmpath> yeah, my centos doesn't have grep[20:04:16] <denysonique> TheEmpath, use gentoo[20:04:19] <denysonique> etc[20:04:37] <TheEmpath> i dont have 17 hours to rebuilt a server[20:04:44] <adaptr> TheEmpath: that is very unlikely. throw it away, then. it's obviously braindead and useless[20:04:58] <TheEmpath> i dont have 17 hours to rebuild a server x2[20:05:12] <adaptr> TheEmpath: you don't need 17 hours to install Linux[20:05:17] <adaptr> more like 17 minutes[20:05:17] <TheEmpath> no i dont[20:05:26] <TheEmpath> bu ti iwll need 17 hours to reinstall and reconfigure everything i have running on this erver[20:05:36] <TheEmpath> all just so i can get grep[20:05:38] <TheEmpath> yeah no thats not happening[20:05:51] <adaptr> TheEmpath: you're delusional. every distro has grep[20:06:00] <TheEmpath> i'll buy you the plane ticket to fly here[20:06:03] <TheEmpath> and type grep on my keyboard[20:06:05] <TheEmpath> how about that?[20:06:12] <adaptr> don't be silly[20:06:19] <adaptr> I have no desire to fly[20:06:37] <adaptr> and you would do well to moderate your attitude some[20:06:47] <TheEmpath> as soon as you stop calling me delusional[20:06:52] *** neekfenwick_ has joined #postfix[20:09:23] <adaptr> so - you are completely incapable of installing a prebuilt package on a package-based distro, even IF grep would be lacking now, which I don't believe[20:09:38] *** TmBerg has joined #postfix[20:10:01] <TheEmpath> installing isn't the problem[20:10:09] <TheEmpath> any chimp can type yum install whatever[20:10:30] <TheEmpath> this configuration business is about as arcane as cuneiform[20:10:43] <adaptr> then I suggest you look elsewhere[20:10:59] <Dominian> eh?[20:11:03] <Dominian> Did I miss something?[20:11:44] <Aprogas> TheEmpath: The factoid mentions grep and postconf because the logdir is not the same on all systems.[20:12:08] <Aprogas> TheEmpath: In many cases it is just /var/log/mail.log or /var/log/maillog[20:14:01] <TheEmpath> every document on google about postfix is a string of non-english peoples struggling to communicate in english about one particular facet of how to configure it. i've been looking into this for hours now can i can't find a single damn page that actively explains how postfix works and how to configure it. for example, not one document on google mentions /var/log/maillog[20:14:17] <TheEmpath> and now that you have, i now have a breadcrumb on what to look for, so i thank you kindly![20:14:26] <adaptr> !basic[20:14:28] <knoba> adaptr: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[20:14:31] <adaptr> !standard[20:14:31] <knoba> adaptr: "standard" : Your question is probably answered in http://www.postfix.org/STANDARD_CONFIGURATION_README.html[20:14:49] <adaptr> the documentation for postfix is second to none in completeness[20:15:10] *** TmBerg has left #postfix[20:15:34] <Signum> ...at least if you are familiar with MTAs. :)[20:15:41] <Signum> Other people may want to go with a book.[20:15:56] *** skeeved has joined #postfix[20:16:06] <adaptr> Signum: I did say "completeness" - you think I skipped the "readability" part just for fun ?[20:16:18] <Signum> adaptr: Nope, read your mind alright. :)[20:16:18] *** f0rpaxe has quit IRC[20:16:38] <Aprogas> Signum: How much work is it to feed new main.cf descriptions into knoba? And how do I escape double-quotes in a !learn as ?[20:17:11] <Signum> Aprogas: f3ew and I once imported all directives into knoba's database. Maybe I have the script lying around.[20:17:13] *** skeeved has quit IRC[20:17:33] <Signum> Aprogas: Otherwise use the 'learn' syntax as described on http://workaround.org/f=postfix[20:17:44] <Signum> Aprogas: I'm not aware of double-quote problems though. What did you try?[20:17:50] <adaptr> he tried everything[20:17:54] <Signum> Hmmm.[20:18:53] <Aprogas> !learn test123 as no""space double ""space \"escape?\" "unescape" '"escape?"'[20:18:56] <Aprogas> !test123[20:18:56] <knoba> Aprogas: "test123" : no""space double space \"escape?\" unescape '"escape?"'[20:19:11] <Signum> Hmmm.[20:22:08] *** f0rpaxe has joined #postfix[20:22:56] *** grobe0ba|away is now known as grobe0ba[20:24:08] *** UQlev has quit IRC[20:24:46] <Aprogas> TheEmpath: The official Postfix documentation is very clearly structured. But tutorials and howtos found online are usually worthless.[20:24:56] <TheEmpath> yeah :([20:25:00] <TheEmpath> i definitely found that out[20:25:10] <TheEmpath> but Adaptr's tough love stance was successful[20:25:13] <TheEmpath> he pointed me to the logs[20:25:15] <Aprogas> Don't try to run before you can walk; start with a simple Postfix configuration and get familiar with that.[20:25:17] <TheEmpath> i read the logs and found the error[20:25:24] <TheEmpath> and i corrected hte mistake and now it all works[20:25:32] <Dominian> adaptr definitely gives tough love[20:25:36] <TheEmpath> 127.0.0.1/8 != 127.0.0.0/8[20:25:37] <Aprogas> That's why we have the logs-factoid.[20:25:37] <TheEmpath> im irish[20:25:44] <TheEmpath> tough love is how we learn[20:25:56] <Dominian> and why adaptr is single[20:26:01] <TheEmpath> :O[20:26:05] <Aprogas> I'll agree that the CIDR-notation in mynetworks is not entirely intuitive, but if the logs warn/error about that, I guess that is fine.[20:26:05] <adaptr> Dominian: you have no proof of that[20:26:07] * TheEmpath tips hat to Adaptr.[20:26:09] <Dominian> adaptr: lol[20:26:22] <adaptr> no, the correct response was "neither do you"[20:26:34] <Signum> Aprogas: Honestly I don't know why the quoting gives such trouble. It's the 'factoids' plugin of the 'supybot' IRC bot software. Sometimes it's bitchy.[20:26:49] <TheEmpath> now i just have a little problem of getting through bayesian filters, but thats another channel entirely[20:26:53] <Aprogas> Signum: I ended up working around it with single-quotes.[20:27:22] <Signum> Aprogas: ook[20:27:54] <TheEmpath> lol[20:27:58] <Aprogas> Maybe I should use double single-quotes. Or open the string with a backquote and close with a singlequote, like in a sendmail .mc file.[20:28:12] <TheEmpath> Your access to this mail system has been rejected due to the sending MTA's poor reputation :([20:28:28] <Aprogas> TheEmpath: Which server is telling you that?[20:28:31] <TheEmpath> im just a little box under the couch in my apartment trying to send emails with no domain :([20:28:45] <TheEmpath> mailtstore1.secreserver.net[20:28:48] <TheEmpath> i understand why[20:28:50] <Aprogas> Home/consumer-grade connections are preemptively blacklisted.[20:28:53] <adaptr> yeah, that's not going to work. qualify your addresses[20:29:00] <adaptr> or use a forwarder[20:29:01] <TheEmpath> yeah[20:29:11] <TheEmpath> qualify as in get a DNS?[20:29:15] <Aprogas> But usually you can request a removal from such a policy block listing.[20:29:57] <TheEmpath> cool beans[20:30:02] <TheEmpath> ill tinker with this[20:30:14] <bgerber> which queues was I to set to 4-5 weeks? Also If I do a pastie of my current config postconf -n would someone be willing to look at it and tell me what changes I may need to make?[20:30:24] <Aprogas> But then your cablemodem resets your semi-static IP-address in a power outage, and you are blacklisted again.[20:30:41] <Aprogas> bgerber: maximal_queue_lifetime I think.[20:30:42] <bgerber> using pastie.org[20:31:50] <adaptr> bgerber: you can't control the queues independently. the lifetime controls concern the deferred queue only[20:32:06] <adaptr> although there is a bounce_something as well[20:32:30] <adaptr> !bounce_queue_lifetime[20:32:30] <knoba> adaptr: "bounce_queue_lifetime" : a configuration parameter in the main.cf: The maximal time a bounce message is queued before it is considered undeliverable. By default, this is the same as the queue life time for regular mail.[20:32:33] <Aprogas> Yeah, that's how long until an undeliverable bounce is considered permanently undeliverable and dropped.[20:32:36] <bgerber> ok I want to get both[20:32:42] <Aprogas> Might as well set both.[20:32:46] *** brancaleone has quit IRC[20:33:24] <bgerber> reading docs now to set properly.[20:33:46] <zoo_> which greylisting module would you pick out of this list (postfix-gld postgrey sqlgrey)?[20:35:17] * Signum uses postgrey at home[20:35:21] *** imox1234 has joined #postfix[20:35:25] <imox1234> imox1234: hello, can somebody help me to use cyrus and postfix with mysql ?[20:35:25] <imox1234> [8:22pm] imox1234: its dont work by me[20:35:25] <imox1234> [8:23pm] imox1234: here is my pastebin from my main.cf and smtpd.conf in /etc/postfix/sasl/smtpd.conf / i use centos[20:35:26] <imox1234> [8:23pm] imox1234: http://pastebin.com/v8M7Pbp3[20:35:26] <imox1234> [8:23pm] imox1234: http://pastebin.com/Uwm2WfaJ[20:35:30] <Signum> Also tumgreyspf at work.[20:36:52] <Aprogas> Can tumgreyspf listen on TCP?[20:37:54] <Signum> Haven't tried.[20:38:39] <Aprogas> I was going to use it, but ended up going for postgrey anyway, because it could listen on TCP (and fit into my nice scheme) and because I could more easily find documentation for it online.[20:41:12] <Aprogas> I run postfwd on port 10022, postgrey on 10023, amavis on 10024 and reinject on 10025, so I can easily remember the order in which mails are passed through them.[20:41:47] * adaptr runs massmail on Aprogas 's port 10021[20:42:25] *** rcsu has joined #postfix[20:42:52] <Aprogas> Is that a spammer tool?[20:43:23] *** imox1234 has quit IRC[20:43:52] <rcsu> how do i use knoba ?[20:44:01] <Aprogas> !help[20:44:01] <knoba> Aprogas: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.[20:44:17] <Aprogas> !tell rcsu welcome[20:44:17] <knoba> rcsu: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[20:44:50] <Aprogas> !topic[20:44:50] <knoba> Aprogas: "topic" : The Postfix MTA || Wiki: postfixwiki.org || On using IRC: workaround.org/moin/GettingHelpOnIrc || Bot info: workaround.org/f=postfix || post postconf -n and relevant logs to a pastebin when asking questions / check your logs / know your unix basics || http://code.google.com/p/mail-trends/ || Channel log: http://echelog.matzon.dk/?postfix || http://permalink.gmane.org/gmane.mail.postfix.announce/110[20:45:01] <Aprogas> Topic gets truncated at http://permalink.gmane.org/gmane.mail.post here[20:45:36] <rcsu> thanks Aprogas[20:46:36] <rcsu> !smtp_send_xforward_command[20:46:36] <knoba> rcsu: "smtp_send_xforward_command" : a configuration parameter in the main.cf: Send the non-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support.[20:48:49] *** neekfenwick_ has quit IRC[20:56:14] *** Guest52633 has joined #postfix[20:58:27] *** biodegabriel has joined #postfix[20:59:42] <biodegabriel> Hey all, slightly off-topic question, but I'm totally stumped. I changed the nameservers on a domain name, and the site is now pointing to another server, BUT email isn't working. Does changing nameservers affect email too? Is it normal that it's taking longer than the website to update?[21:00:45] <bgerber> Here is my postconf -n from the machine I am worried someone may have broke it. I would like to change it to also allow TLS http://www.pastie.org/1150743[21:02:18] <bgerber> Aprogas, would it be possible for me to get a copy of your setup that I could duplicate on my system[21:02:46] <Aprogas> My setup won't really work for you.[21:02:57] <Aprogas> I run a small-scale personal mailserver.[21:03:36] <bgerber> ok. I just want to make mine more secure and use some of the features you mention.[21:03:55] *** brancaleone has joined #postfix[21:04:00] <Aprogas> I think you shouldn't focus on that for now; first salvage what you can from your existing queues.[21:06:00] <bgerber> I wish I was not so dumb as I am right now. I do want to focus on the queues but I also need to get postfix running again as my ISP wil bounce things after either too much email or 5d limit.[21:06:55] <bgerber> So I want to get everything on my system where I have control and am able to dump any spam. quickly to reduce sizes.[21:07:10] <Aprogas> You could pull the complete backup of your queue and work on that on another (possible virtual) system, while you put the real server back online.[21:07:25] <Aprogas> And then later reintroduce the mails from the queue into it, something like that.[21:08:32] <bgerber> so I want to get a good, that is what I am trying to figure out. also I want to make sure they did not mess with my setup.[21:09:04] <bgerber> That is why I did a pastie of postconf -n http://www.pastie.org/1150743[21:09:46] <bgerber> or make it better than it is right now.[21:11:01] *** higuita has quit IRC[21:12:27] <bgerber> so maildrop are mail being sent from my system. So I could probably quick with grep dump them like your example[21:12:29] <Aprogas> Your postconf -n output seems to include some settings which I think are at their defaults, so -n shouldn't have included them.[21:12:33] <Aprogas> Try "postconf mail_version"[21:13:33] *** higuita has joined #postfix[21:13:36] <bgerber> mail_version = 2.6.1[21:13:42] <adaptr> biodegabriel: did you move the zone to the new nameservers ?[21:13:55] <Aprogas> Your sender restrictions start with a table-name, but don't specify how that table should be applied. Also check the contents of /etc/postfix/access to make sure that is alright.[21:14:07] <biodegabriel> adaptr: i think i figured it out, it had to do with my main.cf file not being reloaded. thanks for the help though! :)[21:14:10] <bgerber> It will be newer on the fresh installation[21:14:23] <Aprogas> 2.6 is new enough[21:14:27] <adaptr> biodegabriel: ah, so sneakily on-topic eh ? unacceptable![21:14:37] <biodegabriel> adaptr: hahah[21:14:37] <bgerber> /etc/postfix/access is correct[21:14:48] <Aprogas> I'd also put smtpd_helo_required = yes[21:14:53] *** Vivek has joined #postfix[21:14:55] <bgerber> and also the mail list access file.[21:15:07] *** Vivek has quit IRC[21:15:07] *** Vivek has joined #postfix[21:15:26] <bgerber> ok I will add it[21:15:33] <Aprogas> Verify contents of transport, sender_canonical, relocated and any other referenced files too.[21:15:59] <bgerber> done already and they all look right.[21:16:32] *** Meskalyn-Freenod is now known as Meskalyn[21:17:07] *** todd_dsm has quit IRC[21:17:34] *** xabbu has quit IRC[21:17:54] <bgerber> thanks again for your assistance all.[21:18:05] *** xabbu has joined #postfix[21:18:38] <Aprogas> policyd-weight is an easy to set up low-maintainance tool that will catch a lot of spam, by doing all sorts of weighted scoring on dubious signs.[21:19:08] *** xabbu has quit IRC[21:21:29] <bgerber> I did have it setup at one time but, I removed it, but I do not remember why. I will try to put it back in and maybe postgrey[21:22:44] <bgerber> I also had a config with policyd-spf or something like that so I was rejection on non authorized mail servers in my domains.[21:23:23] <bgerber> thanks once more. This channel is very helpful.[21:25:30] <adaptr> catch us on a good day :)[21:25:35] <Aprogas> I find most my spam gets rejected by the non_fqdn_ and unknown_ restrictions (but dont use unknown_helo) and blacklists, postgrey hardly ever gets into play.[21:25:58] <adaptr> my helo checks kill 80% of spam[21:26:08] <bgerber> Stuart Gathum, I think his name was had a complete setup ranking of domains based on spam scores.[21:26:10] <adaptr> they just don't seem to care[21:26:38] <bgerber> thanks[21:28:05] <Aprogas> adaptr: Do you use unknown_helo or just non_fqdn and invalid ?[21:29:02] *** todd_dsm has joined #postfix[21:31:41] <adaptr> Aprogas: I block non_fqdn and log unknown and invalid, I think[21:32:13] <adaptr> blocking unknown fp's too many clueless servers[21:32:25] <adaptr> there is never an excuse for non-fqdn[21:32:54] <Aprogas> I reject non_fqdn and invalid, unknown causes postfwd to return check_postgrey[21:33:03] *** uqlev has joined #postfix[21:33:03] *** vici0us has joined #postfix[21:36:31] <adaptr> you're a mighty tuned man, Jasper[21:37:21] <Aprogas> I broke my mail delivery a few times while tuning, because I forgot to reenable soft_bounce for testing new restrictions.[21:38:17] <adaptr> I think mine's always off - I like to live dangerously, or something[21:38:21] <Aprogas> I used to always forget to turn soft_bounce off.[21:38:56] <Aprogas> One time at my previous ISP they contacted me (in their setup all mail went via them first, and then forwarded to my server), because my rejects of nonexisting users kept hogging their mailqueue.[21:39:08] <Aprogas> Turned out I had been running like that for months.[21:39:20] *** TheEmpath has left #postfix[21:41:13] *** ssureshot has joined #postfix[21:46:05] <Dominian> adaptr: when you referred to "Jasper" were you talkinga bout the ML?[21:47:40] <adaptr> no, I was referring to 'im ^^[21:47:57] * adaptr knows how to use whois! woot[21:48:02] <Dominian> heh[21:48:25] <Dominian> Someone named Jasper is pointing out documentation errors for postfix.org..[21:48:31] <Dominian> should be interesting when Victor or Wietse respond[21:49:23] <adaptr> yes, that would be 'im ^^^[21:49:27] <Aprogas> Yes, that is the result of a cut and paste error. Keep the[21:49:27] <Aprogas> typo corrections coming.[21:49:27] <Aprogas> Wietse[21:49:37] <Dominian> ahhh[21:49:41] <Aprogas> I was almost going to reply in that same thread, but then I didn't.[21:49:44] <Dominian> Yeah I was looking and couldn' treally see the typo lol[21:50:11] <Dominian> wietse already repolied?[21:50:12] <Dominian> wtf[21:50:15] <Dominian> I usually get those instantly[21:50:27] <Aprogas> That was a reply from an earlier report about some readme.[21:50:45] <Aprogas> smtpd!=smtp confusion in SASL readme[21:51:51] <Aprogas> Let me summarize chronological: I reported a tiny error before, Wietse responded keep them coming in that thread; but I didn't want to necromance that thread, so I made a new thread to report these two new errors.[21:52:11] <Aprogas> Any future tiny errors I find I could necromance in that thread, because it will be relevant to the OP.[21:52:22] <adaptr> don't you mean necrophiliate ?[21:52:39] <adaptr> anyway, why is ESMTP an error in the xforward discussion ?[21:52:58] <Tom-B> Hi I have an issue with postfix where it doesn't receive emails from external addresses, there's nothing in logs or queue, any ideas how to turn on verbose log outputs?[21:53:19] <adaptr> Tom-B: if there is nothing in your logs then generating more verbose logs just gives you more nothing[21:53:27] <adaptr> check your network, instead[21:53:38] <adaptr> and the output of postconf inet_interfaces[21:54:01] <Aprogas> adaptr: EMSTP[21:54:11] <Tom-B> I have "inet_interfaces = all[21:54:14] <adaptr> wow, srsly ?[21:54:33] <Aprogas> adaptr: yarly[21:54:46] <adaptr> I guess that net meme is correct after all.. letter transpositions inside word boundaries are irrelevant for legibility[21:55:44] <Tom-B> adaptr would you be so kind as to cast a very quick eye over my pastie master/main cf[21:57:04] <Aprogas> adaptr: I spotted it right away, maybe because I am nearsighted. I once heard a rumour nearsighted people are more prone to spotting typos.[22:00:18] <adaptr> Aprogas: also a correct mem, yes[22:00:20] <adaptr> *meme[22:00:46] <adaptr> Tom-B: is it in the format requested by the /topic?[22:01:44] *** biodegabriel has quit IRC[22:01:46] <bgerber> I have looked at maildrop and the 100+ email should have all been delivered to me because of a prb on a setup on my private OBS(OpenSUSE Build Service)[22:02:05] <Tom-B> Yes[22:02:53] <Tom-B> :)[22:02:58] <adaptr> Tom-B: no. you may not PM me.[22:03:24] <bgerber> along with some other configuration mistakes made right after my stroke trying to do things. So I really need them some how put in a mbox file instead of mail drop.[22:03:45] <bgerber> I assume postfix is putting them in maildrop[22:04:27] <Tom-B> http://pastie.org/private/vwf06qj7kthzf92vgg8vmq[22:04:29] <Aprogas> Possible procmail, while sending them to another emailaddress.[22:04:44] *** johnjay has quit IRC[22:05:16] *** johnjay has joined #postfix[22:05:30] <adaptr> Tom-B: what happens when you telnet to port 25[22:05:50] <bgerber> they are mostly to one user I use just for my private build service for vaious distrubtions.[22:07:02] <bgerber> The maildrop files contain the build failure and are not going to the user but to maildrop[22:07:19] <Tom-B> adaptr: it fails because I am using SMTPS[22:07:37] <adaptr> SMTPS[22:07:38] <adaptr> !SMTPS[22:07:38] <knoba> adaptr: "SMTPS" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[22:07:45] <adaptr> don't[22:08:05] <Tom-B> I wish to support OE and I do not believe OE supports TLS :)[22:08:18] <Tom-B> I can telnet to 465 though[22:08:26] <adaptr> I'm sorry, I went spontaneously deaf there for a minute[22:08:40] <Tom-B> :)[22:08:46] <Tom-B> There are many many people who still use OE[22:08:47] <adaptr> !outlook[22:08:47] <knoba> adaptr: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us[22:09:21] <Tom-B> There are no errors the mail sends fine[22:09:25] <adaptr> Tom-B: there are also many people who don't believe basic sanitation is doing anything for them[22:09:26] <Aprogas> The type of computer-user that wants OE, will also be plenty satisfied with GMail.[22:09:27] <Tom-B> It just never appears on the server[22:09:53] <adaptr> then it obviously does not "send fine"[22:09:55] <Tom-B> Shall we not get in to the OE bebate>?[22:10:00] <adaptr> what does the log say[22:10:05] <Tom-B> Yer but I mean the client thinks it sends fine[22:10:09] <bgerber> That is where I send them.[22:10:12] <adaptr> we don't care about clients[22:10:43] <Tom-B> There's nothing in the log[22:11:20] <Tom-B> http://pastie.org/private/vdgxfpmtrmsub3j4r0qvna main.cf[22:11:28] <Tom-B> Sorry master[22:12:33] <adaptr> Tom-B: if your logs show no traffic, postfix did not receive any mail.[22:12:47] <Dominian> !nologs[22:12:47] <knoba> Dominian: Error: "nologs" is not a valid command.[22:12:49] <adaptr> !no_logs[22:12:49] <knoba> adaptr: "no_logs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[22:12:49] <Dominian> er..[22:12:52] <Dominian> ha![22:12:55] * adaptr +1 again[22:12:57] <Dominian> !learn nologs as see no_logs[22:13:02] <Dominian> :P[22:13:05] *** ssureshot has quit IRC[22:13:06] <adaptr> that's childish[22:13:12] <adaptr> at least type it out[22:13:16] <Dominian> no[22:13:17] <Dominian> :P[22:13:24] <Dominian> !forget nologs[22:13:27] <Aprogas> !maillog[22:13:27] <knoba> Aprogas: "maillog" : see !logs[22:13:34] <Aprogas> precedent![22:13:46] <Dominian> !learn nologs as Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[22:13:51] <Aprogas> !null_client[22:13:51] <knoba> Aprogas: "null_client" : see !nullclient[22:13:57] <Dominian> heh[22:14:01] <Aprogas> !outscatter[22:14:01] <knoba> Aprogas: "outscatter" : See !backscatter[22:14:09] <Aprogas> I can go on all day. :)[22:14:19] <adaptr> Aprogas: that's a completely different word. don't stir up poo now[22:15:24] <Tom-B> My logs are not empty[22:15:43] <Tom-B> They contain information, but if I flush them and do nothing but attempt to send an email to the server they're still empty[22:16:07] <Aprogas> Postfix will log even just a TCP connection that immediately aborts.[22:16:29] <uqlev> Tom-B, it means there is no session between client and server[22:16:57] *** makomi has joined #postfix[22:17:12] <Tom-B> Okay[22:17:36] <Aprogas> echo -n | nc 127.0.0.1 465 ; tail /var/log/mail.log[22:17:42] *** makomi has quit IRC[22:17:47] <uqlev> Tom-B, when you telnet your server is there anything in logs?[22:18:00] *** makomi has joined #postfix[22:19:30] <Tom-B> http://i53.tinypic.com/3506xol.jpg <--- accurate yes?[22:20:23] <Aprogas> Assuming the hidden octet is correct, yes.[22:20:50] <Tom-B> Yer it's correct, because when I go to www I get a webpage and the IPs are all the same[22:20:53] <Tom-B> Aprogas: http://pastie.org/private/wjjrul6bjpnxsssttw7amg[22:21:43] <seekwill> Tom-B: lol... I like your pic[22:21:49] <Aprogas> "fatal" means "very important error, I refuse to work until this is fixed"[22:22:07] <uqlev> Tom-B, you should rectify your main.conf 1st[22:23:06] <Tom-B> I hate to be needy and I know noobs are frustrating but could you give me a hand? or atleast tell me what's wrong roughly?[22:23:26] <Tom-B> http://pastie.org/private/vwf06qj7kthzf92vgg8vmq main.cf[22:24:32] *** vici0us has quit IRC[22:25:27] *** makomi has quit IRC[22:27:55] <uqlev> Tom-B, specify at least one working instance of: check_relay_domains[22:28:21] <Tom-B> For the telnet log entry what file should I be looking in?[22:28:26] <Tom-B> because /var/log/mail.log is clean[22:28:30] <Tom-B> It connects sucessfully on 4654[22:28:31] <Tom-B> It connects sucessfully on 465[22:29:14] <Aprogas> Tom-B: Your smtpd_recipient_restrictions is broken, Postfix refuses to work because you configured it as open relay. You should fix this before expecting anything else to work.[22:32:50] <Tom-B> http://pastie.org/private/1wcgzfwv9ggf6qrqs5uq[22:33:18] <Tom-B> better?[22:33:52] <Aprogas> Did you postfix reload?[22:34:07] <Tom-B> Yes[22:34:21] <Tom-B> root@li195-105:~# sudo /etc/init.d/postfix restart[22:34:21] <Tom-B> * Stopping Postfix Mail Transport Agent postfix [ OK ][22:34:21] <Tom-B> * Starting Postfix Mail Transport Agent postfix [ OK ][22:34:21] <Tom-B> root@li195-105:~# echo -n | nc 127.0.0.1 465 ; tail /var/log/mail.log[22:34:42] <Tom-B> Sorry[22:35:01] <Aprogas> Maybe that tail was too quick, sometimes syslog has a slight delay.[22:35:06] <Aprogas> Turn it into a tail -f[22:35:14] <tharkun> Upgrading from 2.5 to 2.8 on a low level production server is asking for too much trouble or the usual stuff ?[22:35:33] <Tom-B> echo -n | nc 127.0.0.1 465 ; tail -f ?[22:35:47] <Aprogas> tail -f /var/log/mail.log[22:35:59] <Tom-B> echo -n | nc 127.0.0.1 465 ; tail -f /var/log/mail.log ?[22:36:10] <uqlev> Tom-B, specify at least one working instance of: check_relay_domains[22:36:11] <Aprogas> tharkun: don't experiment on production servers[22:36:21] <Aprogas> uqlev: he fixed that[22:36:38] <Tom-B> http://pastie.org/private/pkxprhk5znxwkq1xmhyhq[22:36:48] <uqlev> Aprogas, postfix still complains[22:36:59] <Aprogas> uqlev: tail lists old logs before the reload[22:37:09] <Tom-B> smtpd_recipient_restrictions = check_relay_domains ?[22:37:14] <adaptr> tharkun: I went from 2.5 to 2.7, and am now on 2.8 from-source ( cite 's debian packages)[22:37:18] <Aprogas> Tom-B: New logs look like what you'd expect. Now check with OE again.[22:37:39] <adaptr> tharkun: I recommend them, but my volume is 1 per day :)[22:37:51] <Aprogas> Tom-B: You're earlier pastebin had messed up whitespace and wrapping, uqlev copypaste broke because of that.[22:38:02] <Aprogas> Gahk! I made a you're/your mistake.[22:38:09] <adaptr> blasphemer![22:38:13] <adaptr> out![22:38:21] <Tom-B> OE still not working[22:38:22] <uqlev> relay_recipient_maps $relay_domains are those defined?[22:38:30] <tharkun> adaptr: ok so you went the bpo way, nice I'll jump to 2.7 sometime this weekend and leave 2.8 for next week after ironing everything out[22:38:35] <adaptr> Tom-B: I wouldn't worry about outhouse until you have a working mail server[22:38:44] <Aprogas> Tom-B: While OE is failing too connect, look in the Postfix logs again, and pastebin those logs. Tip: pastie allows editing existing pastes.[22:38:50] <adaptr> tharkun: bpo ?[22:39:10] <uqlev> Tom-B, relay_recipient_maps $relay_domains are those defined?[22:39:20] <Tom-B> OE throws no error messages[22:39:22] <tharkun> adaptr: backports[22:39:25] *** Matic`Makovec has quit IRC[22:39:30] <Dominian> what do the logs show Tom-B[22:39:33] <Tom-B> it looks like it's sent fine[22:39:34] <Dominian> that's what we care about[22:39:40] <Aprogas> Tom-B: Then maybe it's working now?[22:39:47] <Tom-B> mail.log yes?[22:40:08] <adaptr> tharkun: whu ?[22:40:19] <Tom-B> All I've done is copy/paste back in a saved main.cf from an hour ago when it didn't work and then re-loaded postfix and "echo -n | nc 127.0.0.1 465 ; tail -f /var/log/mail.log"'d[22:40:24] <Aprogas> Tom-B: Yes, show us the mail.log from the point where OE connects.[22:40:30] <tharkun> adaptr: nahh forget about it.[22:41:47] <Tom-B> http://pastie.org/private/ou67epk08lnvze2g7h9quq[22:42:23] <Aprogas> It's collecting mail from dovecot, not trying to send to Postfix.[22:42:50] *** xabbu has joined #postfix[22:42:54] <Aprogas> Try to send a mail from OE and show us the Postfix logs.[22:43:01] <Tom-B> You're aware the issue here is receiving mail not sending?[22:43:08] <Aprogas> No, I was not.[22:43:13] <Aprogas> Then why are you setting up smtps ?[22:43:56] <Tom-B> I can send mail fine, I just can't receive it[22:44:10] <Tom-B> I can receive mail fine from internal email addressses, but not external ones[22:44:33] <Aprogas> You closed port 25 by commenting the default smtpd in master.cf; MX must run on port 25.[22:44:52] <Aprogas> Didn't you insist on running on 465 even after you were told that port is outdated? I vaguely remember this.[22:45:07] <seekwill> lol[22:45:33] <Tom-B> TLS doesn't work with OE though and I wanted OE or newer as a baseline[22:46:26] <Aprogas> Fine, using port 465 as submission for OE might be somewhat sensible; but you must still open port 25 and accept mail for the domains you want to be MX for and store it in a mailbox.[22:47:14] <bgerber> what port should be used instead of 465?[22:47:19] *** Vivek has quit IRC[22:47:36] <adaptr> Tom-B: "or newer" - than what ? OE is 15 years old[22:47:44] <Aprogas> 25 for MX/MTA, 587 for submission/MSA.[22:48:00] <Aprogas> In all fairness Tom-B did request to just skip the OE debate.[22:48:04] <bgerber> thanks[22:48:22] <uqlev> bgerber, whatever but 25 because it is blocked by ISP[22:48:25] <Tom-B> There is no debate as far as I can see, I do work for small business and home users[22:48:29] <adaptr> Aprogas: doesn't stop me from investigating his motives :)[22:48:30] <Tom-B> And alot of people use OE[22:48:32] <Tom-B> it's just a fact[22:48:44] <Tom-B> I can roll my eyes at people using hammer to map instead of radiant, people still love hammer.[22:48:48] <Aprogas> Tom-B: Sorry, I should have said OE bebate.[22:48:50] <adaptr> there are probably a lot of people who use "alot" as a word. it isn't.[22:48:59] <Tom-B> adaptr XDD[22:49:01] <Tom-B> true.[22:49:35] <Aprogas> There are probably "te veel mensen" who use "teveel" incorrectly.[22:49:40] <Tom-B> Okay[22:49:43] <Tom-B> back on track[22:50:13] <Aprogas> There is no way around having port 25 open on an MX. DNS offers no way to specify an alternate port, and all relevant RFCs mandate port 25.[22:50:45] <bgerber> yup[22:51:25] <Tom-B> I think we're getting somewhere now <3[22:51:26] <Tom-B> http://pastie.org/private/etw8ampx7jit2bblk0h4ka[22:51:30] <Tom-B> Behold! logs[22:51:33] <Tom-B> smtp uncommented[22:51:47] *** cheasee has joined #postfix[22:51:52] <cheasee> hi[22:51:56] <Aprogas> pastie supports marking sections with "## section" for increased readability.[22:53:15] <cheasee> im googling how to bind postfix (2.5.5 in my case) to a single ip, i found some solutions for 2.2.9 to set in master.conf x.x.x.x:smtp unix - - - - - smtp but that doesnt work?[22:53:54] <Aprogas> http://www.postfix.org/documentation.html is the best souce of Postfix documentation[22:55:31] <cheasee> oh its smtp unix - - - - - smtp -o smtp_bind_address=11.22.33.44 now ... interesting[22:55:54] <adaptr> cheasee: that is for sending mail only[22:55:54] <Aprogas> Not really, unless you are only concerned about the address used for outgoing connections.[22:56:00] <Aprogas> !tell cheasee basic[22:56:00] <knoba> cheasee: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[22:56:08] <Aprogas> I believe it is in there.[22:56:22] <adaptr> cheasee cheasee.. badabadaboom[22:56:29] * adaptr mumbles something about vegetables[22:56:44] <adaptr> a prune isn't really one, is it ?[22:56:45] *** xabbu has quit IRC[22:57:00] <Aprogas> Neither is a tomato.[22:57:22] *** hparker has joined #postfix[22:57:23] <Tom-B> Any ideas guys[22:57:26] *** hparker has quit IRC[22:57:26] *** hparker has joined #postfix[22:57:30] <Aprogas> "Intelligence is knowing a tomato isn't fruit, Wisdom is knowing a tomato doesn't belong in a fruit salad"[22:57:46] <Aprogas> !tell Tom-B relay_denied[22:57:46] <knoba> Tom-B: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains[22:58:51] <Aprogas> Tom-B: Have you made yourself familiar with some of the important Postfix configuration? basic and standard readme are not optional, address class and virtual readme are mandatory too if you are setting up virtual mailboxes.[22:59:32] <cheasee> ah http://www.postfix.org/BASIC_CONFIGURATION_README.html#inet_interfaces[22:59:34] <cheasee> thanks[22:59:40] <Tom-B> I followed: http://library.linode.com/email/postfix/postfix-dovecot-mysql-ubuntu-10.04-lucid[23:00:01] <Aprogas> !tell Tom-B tutorial[23:00:01] <knoba> Tom-B: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[23:01:05] *** Vivek has joined #postfix[23:01:20] <Aprogas> hash-tables usually work fine, many people who set up SQL-tables don't really need to.[23:01:59] <adaptr> Tom-B: are your tables bigger than, say , 10000 entries ?[23:02:04] <Tom-B> No[23:02:08] <adaptr> a hash is faster[23:02:16] <Tom-B> But I did just remember I changed domain.co.uk to mail.domain.co.uk as a test[23:02:19] <Tom-B> changing it back now[23:02:37] <Aprogas> A btree or cdb might be even faster than hash, I am not certain.[23:03:04] <Tom-B> Okay changing mail.dom.co to dom.co in the database fixed that[23:03:11] <Tom-B> I can now receive email from hotmail[23:03:13] <Tom-B> Thankyou[23:03:16] <Tom-B> <3 max[23:03:17] <Aprogas> I never really got to the point where table-lookup speed really mattered, but I did get to the point where simplifying a setup by reducing excess components mattered.[23:03:37] <Aprogas> You're not done here, you should make sure you understand all settings you specified, and that your Postfix does what you want.[23:04:10] <Tom-B> I'm fully not done here[23:04:17] <Tom-B> Just wanted to make sure I said thanks occasionally[23:04:29] <Tom-B> I help n00bs out all the time and it's highly frustrating and a thanks never goes a miss.[23:04:39] <Tom-B> I still cannot receive email from OE[23:04:41] <Aprogas> I meant "here" as in "with your mailserver".[23:04:43] <Tom-B> Very weird[23:04:52] <Tom-B> I know what you meant[23:05:10] <Aprogas> Which SMTP server did you configure in OE and at which port?[23:05:15] <Tom-B> And I agree with the tutorial thing, but I can't help but feel that tutorials set you going and when something goes wrong that's when you learn[23:05:37] <Tom-B> I used mail.dom.co.uk 465 svr requires auth[23:05:52] <Aprogas> Basic and standard readme get you going, sometimes SOHO readme too. After that use the documentation relevant to the other things you want to implement.[23:05:53] <Tom-B> For example I never knew about engines till my engine went wrong :)[23:06:04] <AstralStorm> hello there, I'm trying to run my postfix in a chroot and I'm getting this:[23:06:11] <AstralStorm> postfix: fatal: file /etc/postfix/main.cf: parameter default_privs: unknown user name value: nobody[23:06:20] <AstralStorm> /etc/passwd exists and so on[23:06:40] <adaptr> !default_privs[23:06:40] <knoba> adaptr: "default_privs" : postconf(5) setting for the default rights used by local(8) delivery agent for delivery to external file or command. These rights are used when delivery is requested from a root-owned aliases(5) file, or when delivering to root. DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. See also !aliases_owner[23:06:54] <AstralStorm> adaptr: ... I know what it is, so?[23:06:59] <adaptr> the user must exist[23:07:08] <AstralStorm> it does exist (at least it should to postfix)[23:07:09] *** Vivek has quit IRC[23:07:09] *** Vivek has joined #postfix[23:07:09] *** cheasee has left #postfix[23:07:10] <Aprogas> "nobody" usually exists[23:07:28] <AstralStorm> again, it's a chroot and again, /etc/passwd contains user nobody[23:07:30] <Tom-B> Very good point[23:07:30] <Aprogas> I don't really believe in the whole Postfix-chrooted thing though, I just go without it for less trouble.[23:07:39] <Tom-B> it is indeed my SMTP server that is not sending[23:07:51] <Tom-B> I can send through no auth smtp.ntlworld.com (my ISP) over 25[23:07:53] <AstralStorm> Aprogas: I'll remind you when you happen to get rooted[23:07:55] <Tom-B> They appear fine[23:07:58] <AstralStorm> :)[23:08:07] <adaptr> AstralStorm: good luck with that[23:08:10] <Aprogas> AstralStorm: Only the master process runs as root.[23:08:21] <AstralStorm> Aprogas: yes, and that stops no one[23:08:33] <adaptr> AstralStorm: chroot is not root protection[23:08:40] <adaptr> chroto doesn't stop anybody either[23:08:46] <AstralStorm> yes, but I forgot to mention it's not an actual chroot[23:08:52] <AstralStorm> but User Mode Linux[23:09:10] <AstralStorm> any ideas?[23:09:12] <Aprogas> Oh right, you have that very wicked setup, where you refuse to run master as root, or something.[23:09:23] <AstralStorm> it runs as root, but not as the system root[23:09:26] <AstralStorm> :)[23:09:43] <AstralStorm> so, why can't it find user nobody? ideas?[23:09:52] <Aprogas> We have no prior experience with your type of setup; if you want to be a poineer, you'll have to figure it out yourself, we don't have the answers.[23:10:02] <AstralStorm> Aprogas: it's very similar to a chroot.[23:10:11] <wdp> AstralStorm, if i may suggest you something[23:10:22] <AstralStorm> sure, I welcome suggestions[23:10:31] <Aprogas> Buy a $4/month VPS, run Postfix there, make backups of what is important, if it gets rooted, close the account, buy another $4/month VPS.[23:10:33] <wdp> AstralStorm, take a look at OpenVZ. i used to use uml ago some years. You'll be very very happy with openvz.[23:10:44] <Aprogas> s/Buy/Rent/[23:10:45] <AstralStorm> Aprogas: I am, said VPS has kernel 2.6.26 with known security holes[23:10:47] <wdp> and, postfix is running fine .)[23:10:55] <AstralStorm> that's why I'm using User Mode Linux to plug this hole[23:11:34] <AstralStorm> wdp: can't run that on a VPS where I can't replace the kernel[23:11:39] <Tom-B> Guys is there a possiblity that my configs are stopping me from sending mail to myself?[23:11:46] <Aprogas> Tom-B: Yes.[23:11:59] <Tom-B> Can I borrow someones shotguna a single cartidge will suffice.[23:12:03] <wdp> AstralStorm, then get another host?[23:12:05] <AstralStorm> ok, so other ideas other than "change your setup"? e.g. on why it drops that message?[23:12:15] <AstralStorm> wdp: hah, this host is otherwise too good to change[23:12:18] <Aprogas> Tom-B: May I suggest you first spend some time reading the basic, standard, virtual and address class readmes on http://www.postfix.org/documentation.html ? And then if you still have questions, you can ask them in here.[23:12:40] <AstralStorm> anyway. ideas?[23:12:49] <wdp> AstralStorm, and the user "nobody" exists?[23:12:50] <Aprogas> AstralStorm: confirm that nobody really exists inside the "User Mode Linux"[23:13:11] <Aprogas> sudo -u nobody id ; sudo -u nobody touch test.txt[23:13:20] <wdp> sudo..[23:13:20] <Aprogas> Check if the results make sense to you.[23:13:27] <AstralStorm> oh heck, forgot to drop in shadow package into the chroot[23:13:30] <Aprogas> That is where my knowledge of "User Mode Linux" ends.[23:13:33] <adaptr> AstralStorm: have you ever BEEN hacked[23:13:36] <AstralStorm> I suppose postfix doesn't just use libs[23:13:43] <Tom-B> Okay I'll do that but can you do me one last favour can you send an email to the address so I check it's being received[23:13:45] <AstralStorm> adaptr: yes and it wasn't pretty[23:13:52] <adaptr> root cause ?[23:13:57] <AstralStorm> although not via postfix, but that was hackable[23:14:02] <AstralStorm> (as I found out)[23:14:08] <AstralStorm> root cause is 0 day security holes[23:14:11] * wdp was got never hacked :([23:14:15] <Aprogas> I was hacked because I left 65535 ports open![23:14:20] <Tom-B> XD[23:14:38] <Aprogas> And I ran an sshd with a dictionary root password on ALL of those ports![23:14:47] *** s0ber has quit IRC[23:14:51] <Aprogas> But at least it was chrooted.[23:14:58] <wdp> well yes[23:15:02] <wdp> cocacola is a bad password.[23:15:07] <wdp> icetea also.[23:15:19] <Aprogas> /exec -o pwgen -sy 20 1[23:15:24] <adaptr> icemotherfuckingteaBITCH, however, never gets guessed[23:15:40] <AstralStorm> hmm, something else is amiss:[23:15:42] <AstralStorm> whoami: cannot find name for user ID 0[23:15:43] <Aprogas> I like putting tabs or backspaces into my passwords.[23:15:44] <adaptr> not a lot of brothaz in the IT community[23:15:54] <AstralStorm> what am I missing there?[23:16:04] <wdp> AstralStorm, a good setup[23:16:06] <wdp> :p[23:16:07] <adaptr> a sane Linux distribution[23:16:12] <AstralStorm> adaptr: it's a chroot![23:16:18] <adaptr> AstralStorm: we don't care![23:16:26] <Aprogas> AstralStorm: I don't know how this "User Mode Linux" works, but I suspect you don't either, and you haven't fully set that up right yet. Your question is more "User Mode Linux"-related than Postfix-related.[23:16:29] <adaptr> postyfix exhibits none of the issues you seem to be having[23:16:39] <adaptr> our postyfix is good![23:16:42] <AstralStorm> Aprogas: I did, I'm missing something that is necessary in a chroot[23:16:50] <wdp> "we dont care" is usually the time where people need to fear getting kicked.[23:16:50] <AstralStorm> it works like your typical VM[23:16:50] *** s0ber has joined #postfix[23:16:57] <wdp> :D[23:17:01] <Aprogas> AstralStorm: I am slightly interested in the end results of your pioneering project if you end up with something that works without needing root, but not enough to really help you with it.[23:17:13] <AstralStorm> ...[23:17:13] <adaptr> I would be very, very surprised[23:17:25] <Aprogas> I use FreeBSD myself, I don't run Postfix in a chroot, but if I would, I'd run it in a jail.[23:17:29] <adaptr> ya can't switch to delivery if ya ain't GOT ROOT[23:17:38] <AstralStorm> anyone ever ran postfix in a chroot or vserver?[23:17:54] <adaptr> what's a "vserver" ? I run dozens of VMs[23:17:55] <AstralStorm> adaptr: it has root[23:18:01] <wdp> AstralStorm, yes, in a qemu vserver, in a vmware vserver, in a lot of openvz vservers (containers) even in solaris linux zones[23:18:04] <AstralStorm> adaptr: ok, in a minimal VM then, it's the same[23:18:05] <Aprogas> Debian puts many services on chroot by default, I put them all off chroot.[23:18:09] <wdp> and also in user-mode-linux[23:18:12] <AstralStorm> hmm[23:18:12] <wdp> though never in a chroot.[23:18:15] <wdp> :)[23:18:22] <AstralStorm> ok, so, what packages do I need?[23:18:29] <adaptr> AstralStorm: a "minimal VM" would stil lrun a complete Linux distribution[23:18:34] <wdp> i dont know. i just did apt-get install postfix :)[23:18:39] <AstralStorm> adaptr: a tiny minimal distribution, but yes[23:18:46] <adaptr> wdp: then you do know, because debian is chrooted[23:18:53] <wdp> adaptr, i replaced the configs[23:18:57] <wdp> (master and main.cf)[23:19:03] <Aprogas> FreeBSD jails are an extended chroot and have been around for quite some time, User Mode Linux sounds rather new. You might seriously consider investigating into jailed Postfix instead.[23:19:10] <AstralStorm> adaptr: and I'm missing something that doesn't block the boot or stop binaries from working[23:19:14] <Aprogas> I am pretty sure at least someone has run Postfix in a jail before.[23:19:14] <adaptr> wdp: doesn't change the fact that the INIT scripts perform a chroot. Fail.[23:19:16] <wdp> i had to change hundreds of paths[23:19:21] <AstralStorm> Aprogas: ... yes, it works the same[23:19:28] <wdp> hm, that might explain why the init script is failing[23:19:33] <wdp> i always have to issue "postfix start"[23:19:35] <wdp> :p[23:19:36] <AstralStorm> UML is actually fairly old, but rarely used[23:19:38] * wdp giggles[23:19:54] <Aprogas> Except FreeBSD jails have a wide selection of auxiliary tools to help you set up and populate the jail, so that it will work.[23:20:03] <Tom-B> Guys now I uncommented smtp in master.cf so I can receive email through MX, what stops people sending through 25?[23:20:11] <AstralStorm> Aprogas: any tool that will set up a truly *minimal* jail is welcome[23:20:18] <AstralStorm> most I've tried fail to jail postfix properly[23:20:25] <Aprogas> Tom-B: Did you see my suggestion?[23:20:42] <uqlev> Tom-B, ISP blocking 25 port[23:20:48] <wdp> imho chroots are giving pseudo security.[23:20:55] <wdp> a "good" hacker, will come through it.[23:20:56] <Aprogas> Tom-B: I cannot send a test email sinced you munged your server details.[23:20:58] <adaptr> AstralStorm: you need /etc/services, hosts, nsswitch, resolv, aliases, and the resolv and nss libs. also a link from /usr/lib.timezone/localtime to /etc/localtime[23:21:07] <wdp> and a bad hacker won't come into your system, if your passwords are sane.[23:21:13] <wdp> IMHO[23:21:13] <AstralStorm> adaptr: ok, that's far more useful, thanks[23:21:14] <adaptr> you need sasl libs for sasl, too[23:21:23] <Tom-B> PM Aprogas[23:21:29] <AstralStorm> I do have the libs in (with a custom script)[23:21:53] <Aprogas> Tom-B: The concept of keeping an email-address secure to protect against spam is outdated. You could just have put it out here.[23:22:04] <adaptr> AstralStorm: if you want to investigate in depth, download the debian postfix deb package and examine :)[23:22:09] <Aprogas> ^_^ at aprogas dot net[23:22:12] <Tom-B> Since I uncommented #smtp in master.cf I can send email through mail.dom.co without auth over 25 in OE[23:22:20] <Tom-B> Surely I just made my postfix an open relay?[23:22:27] <AstralStorm> adaptr: it chroots postfix? going to check that out now[23:22:38] <adaptr> AstralStorm: it does its best :)[23:23:10] <adaptr> Tom-B: that depends on wayy too many factors for you to just think so[23:23:28] <adaptr> there are at least a dozen settings involved, and severa of them are very hard to mess up - by design[23:23:38] <adaptr> !smtpd_recipient_restrictions[23:23:38] <knoba> adaptr: "smtpd_recipient_restrictions" : A configuration parameter in the main.cf: The access restrictions that the Postfix smtpd(8) applies in the context of the SMTP RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; see also !sasl if SMTP AUTH is needed.[23:23:54] <adaptr> !access[23:23:55] <knoba> adaptr: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[23:24:00] <Tom-B> But surely anyone can connect to mail.dom.co without a username or password and just send out email[23:24:02] <adaptr> Tom-B: you need to read that. srsly.[23:24:08] <adaptr> Tom-B: surely ?[23:24:14] <adaptr> and how do you know that ?[23:24:35] <Tom-B> because if I can anyone can no?[23:24:52] <adaptr> what does postconf |grep _restrictions say[23:25:00] <Aprogas> status=sent (250 2.0.0 Ok: queued as 33B3A3003E)[23:25:07] <Tom-B> grep: say: No such file or directory[23:25:11] <Tom-B> lol[23:25:12] <Tom-B> Doh[23:25:36] <Tom-B> http://pastie.org/private/f2vwk8o6r7q3nvk5mz1njq[23:25:57] <Aprogas> Install grep, textutils, or whatever that package is called on your OS.[23:26:14] <zoo_> !SMTPAUTH[23:26:14] <knoba> zoo_: "SMTPAUTH" : a feature that allows road-warriors (trusted users which are outside your network) to send mail via your mail server. The user needs to send a username and password which allows him/her to relay email. See: http://www.postfix.org/SASL_README.html[23:26:27] <adaptr> Tom-B: postfix will accept ALL mail from your local network, and TO any of your domains. it will reject everything else[23:26:41] <adaptr> this is the default[23:26:45] <adaptr> and it is sane[23:27:08] <adaptr> granted, 90% of what you will get wil be spam, but there are ways to deal with that[23:27:12] <Tom-B> over 465 it would only send using a password[23:27:19] <adaptr> so ?[23:27:27] <AstralStorm> oh the hell[23:27:32] <AstralStorm> what did I just do a second ago[23:27:41] <adaptr> you farted[23:27:56] <Tom-B> so if noone but the user knows the passwords for the account then it's not an open relay?[23:28:06] <adaptr> what passwords[23:28:11] <Tom-B> And if the password is encrypted using SSL it's secure enough?[23:28:16] <adaptr> what password[23:28:16] <AstralStorm> no, I managed to destroy my VPS[23:28:22] <Tom-B> The passwords in the mysql db[23:28:27] <Tom-B> for the users[23:28:32] <Tom-B> usera/password1[23:28:33] * AstralStorm is really annoyed[23:28:35] <Tom-B> userb/password2[23:28:39] <Tom-B> AstralStorm :[[23:28:42] <adaptr> Tom-B: you lack SIGNIFICANT fundamental email knowledge. this is not a good starting point.[23:28:44] <adaptr> !why[23:28:44] <knoba> adaptr: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[23:29:06] <AstralStorm> adaptr: confusion between VM and live system, durr[23:29:08] <Tom-B> Pffft =)[23:29:11] <adaptr> AstralStorm: good one![23:29:18] <Tom-B> The deep end is the only way to go.[23:29:23] <Tom-B> Life is far too short./[23:29:29] <AstralStorm> and the backup is too old. fortunately, no data lost, just time[23:29:41] <adaptr> Tom-B: then go off it and experiment. tell us what you found when you surface.[23:30:06] <Tom-B> =)[23:30:17] <AstralStorm> I need more -i in my rm -r[23:30:23] <AstralStorm> esp. when doing it as root[23:30:29] <Aprogas> I have an alias for that.[23:30:40] <AstralStorm> I have too, forgot to apply it to the vps[23:30:52] <AstralStorm> fortunately that one's new, so nothing much is lost[23:31:19] <Aprogas> zsh also has a way to protection you from it. I think it throws a [yna] prompt when you do anything that looks like rm * or rm -r directory/[23:32:04] <adaptr> Aprogas: that's soo not Unix![23:32:38] <Aprogas> I know, that's why I "setopt rmstarsilent" :)[23:32:48] <adaptr> destructive commands should destruct. if there is an option to make it less destructive, that should be set by the end-user. otherwise, it should hammer the lesson home HARD[23:32:53] *** higuita has quit IRC[23:33:16] <adaptr> you'll only rm -rf a 5TB video store once in your life.[23:33:22] <AstralStorm> sure it did, it will cost me an hour to restore it. hopefully only that much.[23:33:47] <Tom-B> Just wanted to say thanks again for you guys taking the time to help me[23:33:51] <Tom-B> Thanks <3[23:34:20] <Aprogas> Tom-B: You've pretty much used up your credits for now. Once you have made yourself familiar with the relevant documentation, you can ask more questions.[23:34:32] <Tom-B> lol[23:34:39] <psilo2> I've never rm -rf'd a video store, but in 2006 it rained so much that the local Blockbuster slid away[23:34:39] <Tom-B> Yer I kinda gathered that[23:34:41] <adaptr> we have credits ? where's my share ?[23:34:51] <Tom-B> The fact still stands that I do appreciate it[23:35:01] <Tom-B> A_lot[23:37:54] <Aprogas> I still haven't used SASL myself, but I've helped multiple people fix their SASL setup just by reading the documentation and telling them what it says (or pointing them to it).[23:37:56] * uqlev feeling ashamed that didn't helped to Tom-B to break his server down completely[23:38:27] <Aprogas> Tom-B: Are you familiar with Google Apps? They will run email services for your domain for free.[23:39:44] <Tom-B> it's about learning something new as much as anything chief[23:40:07] *** hparker has quit IRC[23:40:21] <Tom-B> trying to save my customers some money on their hosting bills too[23:40:52] <Tom-B> I'll get there in the end, I'm not stupid, just thoroughly ignorant, but who isn't when they try something new?[23:41:16] <Tom-B> it's the ignorance and the occasional Hallelujah that's the point imo[23:41:54] <Tom-B> Or to put it another way, it's a wise man who realises he knows fuck all =)[23:43:06] <uqlev> Tom-B, it isn't ignorance. It is impatience[23:44:04] *** henriknj has quit IRC[23:45:03] <adaptr> Tom-B: you cannot become a proficient email administrator in a week. or a month. or a year. it takes years.[23:45:52] <Aprogas> If you make studying mailservers your core activity, I think "months" is doable.[23:47:29] <Aprogas> For me understanding Postfix became much easier once I got familiar with the address classes and the architecture overview. Those help you see the big picture rather than just the seperate parts.[23:48:38] *** Section1 has quit IRC[23:50:59] <uqlev> Aprogas, learning is not linear, it is iterative. Whatever you start from you have to make many circles around[23:53:43] *** tifflor_ has joined #postfix[23:55:52] <Aprogas> Tom-B: Fix your helo name, .localdomain is going to get you blocked by some spamfilters.[23:56:22] *** CountDown has quit IRC[23:56:35] *** tifflor has quit IRC[23:56:40] *** tifflor_ is now known as tifflor[23:56:42] <Tom-B> What should it be?[23:57:21] <adaptr> !helo[23:57:21] <knoba> adaptr: "helo" : The domain name given in the HELO or EHLO command MUST be either a host name that is resolvable to an DNS Resource Record address, or an IP address literal.[23:57:37] <adaptr> and nobody recommends the latter, although it is in the RFC[23:58:27] <Aprogas> I think SA scores for IP-address literals, since that usually means some infected spambot on a home-connection.