September 11, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 11, 2010 [00:00:21] <adaptr> those tend to use garbled made-up character strings often as not.. EDB64D557AB[00:00:24] <Tom-B> I don't doubt for a second you're right, I'll spend some time reading the basic, standard, virtual and address class readmes on http://www.postfix.org/documentation.html methinks[00:00:41] <Tom-B> right/wrong[00:00:41] <adaptr> and then you'll spend some more time on them :)[00:00:52] <adaptr> no, right was right[00:01:04] <Tom-B> So it was[00:01:06] <Tom-B> Mighty tired ;D[00:03:42] <zoo_> 250-AUTH PLAIN LOGIN --> how do I enable also CRAM-MD5 DIGEST-MD5 NTLM and others? I am using dovecot-sasl[00:05:32] <adaptr> !sasl[00:05:32] <knoba> adaptr: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[00:05:38] *** forsberg has quit IRC[00:06:07] <Aprogas> zoo_: BOO![00:06:11] *** forsberg has joined #postfix[00:06:34] *** sep has quit IRC[00:06:41] <zoo_> Aprogas: :)[00:07:07] *** sep has joined #postfix[00:10:41] <Aprogas> sep: Is that how you intended to configure your reverse DNS?[00:12:41] *** uqlev has quit IRC[00:13:07] *** f3ew has quit IRC[00:15:43] <zoo_> c[00:18:09] <Aprogas> zoo_: This won't fix your issue, but I recommend opening the submission port on your Postfix.[00:18:32] <Aprogas> This allows you to set specific settings for submissions from MUAs such as Thunderbird, that are stricter than what you can get away with on port 25.[00:19:08] <Aprogas> If you're not going to receive any mail but just going to be an MSA, you can even close port 25. (Or even deinstall Postfix, and just use the MSA of your ISP)[00:20:05] <zoo_> thats not the poinz[00:20:17] <zoo_> i cann connect to my postfix server[00:20:33] <zoo_> i'll try manual auth now[00:21:02] *** friskd has joined #postfix[00:21:14] <Aprogas> From the verbose logs, it looks like your Thunderbird says QUIT after seeing the EHLO reply with "AUTH LOGIN PLAIN"[00:21:31] <zoo_> right[00:21:36] <zoo_> maybe it is expecting more[00:21:43] <adaptr> so configure TB to do opportunistic SASL[00:21:49] <adaptr> there's a switchy boxy[00:21:50] <zoo_> like CRAM-MD5[00:22:02] <Aprogas> adaptr: http://www.rootdir.de/dump/Clipboard02.jpg[00:22:14] <zoo_> Error 404[00:22:15] <adaptr> try again[00:22:20] <zoo_> i deleted that file[00:22:29] <Aprogas> That makes me a sad panda.[00:22:29] <zoo_> there is no switchbox anymore[00:22:37] <zoo_> maybe about:config[00:22:52] <Aprogas> http://pastebin.com/UdGtt8fP[00:23:53] <adaptr> please don't pastebin verbose logs.. my brain hurts[00:24:18] <Aprogas> In the list of crypted, kerberos/gssapi, ntml and "password, normal", I'd say the latter equals "plaintext"[00:24:30] <Aprogas> adaptr: non-verbose won't show the commands Thunderbird sends[00:24:54] <zoo_> sometimes one needs verbose logging[00:25:05] <adaptr> I don't see why we're there yet[00:25:11] <adaptr> what seems to be the problem ?[00:25:25] <Aprogas> The problem is I moved this conversation from #Dovecot to here. :)[00:25:28] <zoo_> i want to relay mail but i can't[00:25:32] <Aprogas> While really it is a Thunderbird issue. :P[00:25:37] <zoo_> maybe this is a postfix issue[00:25:45] *** cga has quit IRC[00:26:03] <Aprogas> I don't think the Dovecot-SASL library combined with Postfix supports anything but plain and login, but I'm not sure.[00:26:25] <Aprogas> I have heard of plenty cases of people using SASL fine with plaintext+TLS.[00:26:40] <Aprogas> And Postfix isn't throwing any errors, Thunderbird just sends QUIT.[00:27:58] <zoo_> http://pastebin.com/7DTWe7GK[00:30:10] <Aprogas> Why did you specify those discard EHLO keywords?[00:31:00] <Aprogas> Not sure if Thunderbird refuses to talk with mailservers that don't support DSN, but just to eliminate that isn't the issue, temporarily disable that.[00:32:30] <zoo_> i try that[00:33:28] <zoo_> no success[00:34:02] <Aprogas> Did you Postfix reload in between? Please show a new log of that session.[00:34:26] *** GoGi has joined #postfix[00:34:28] <zoo_> i even restarted[00:35:10] <Aprogas> Maybe you need about:config after all. I have mail.server.default.useSecAuth=false and mail.smtpserver.default.useSecAuth=false[00:39:20] <Aprogas> zoo_: Just for fun try using smtp.gmail.com even if you login with bogus information; see what kind of error you get.[00:39:56] *** rcsu has quit IRC[00:40:20] <bgerber> Question, I have looked through mail drop about 2500 email of 60+ k of emails and the all should go to one single user. What can I do or postfix command to have all the maildrop emails delivered to this user.[00:40:47] <zoo_> xsasl_dovecot_handle_reply: auth reply: FAIL?4[00:41:10] <bgerber> They are mistakes I made when configuring things right after my stroke.[00:41:43] *** xabbu has joined #postfix[00:41:43] <Aprogas> bgerber: I think mails in maildrop are going to be delivered to their recipient, so you don't need to do anything with them, so long as your lifetimes are high enough. I am not 100% sure about this though.[00:41:46] <bgerber> so basically I want all maildrop emails delivered to the user I created.[00:41:48] <zoo_> Aprogas: my postfix is chrooted... can that be a problem?[00:42:15] <Aprogas> bgerber: You can also use postcat on the queue-id and feed the raw message to something like Procmail, if Procmail is set up to deliver that to the right destination.[00:42:32] <bgerber> I change the days to be 2 days longer than the problem started.[00:42:34] <Aprogas> zoo_: Postfix isn't throwing any error, I think you should ask Thunderbird support how to handle this.[00:42:45] <Aprogas> zoo_: And try those useSecAuth settings in the config editor.[00:43:03] <Aprogas> bgerber: Why not make it one week longer, just to make sure. :)[00:43:04] <bgerber> procmail is setup to deliver them properly for this user.[00:43:26] <bgerber> ok I will make that change[00:44:12] <Aprogas> maildrop queue is picked up by pickup(8), fed to cleanup(8), becomes incoming queue, active queue, and then is delivered with the relevant transport.[00:44:25] <bgerber> then I just have to wait for the queues to clear. I also have a lot in the incomming postfix folder.[00:44:55] <bgerber> or queue.[00:45:08] <Aprogas> Having Postfix deliver them is easiest, since Postfix will handle deleting them after succes. If you play with postcat, you also have to delete them with postsuper -d, but that is a recipe for disaster.[00:45:57] *** jmedina has joined #postfix[00:46:03] <bgerber> Thanks, It just has been 3-4 weeks of little to no email being delivered. A large spike in incomming email I am guessing.[00:46:15] <Aprogas> bgerber: I think it will still be wise to ask all your important contacts to resend any important mails they have sent to you; and to generate any bills or other such things from your own financial tools and re-send them, with a notice explainin your email problem and that if they already paid, they can ignore the second bill.[00:46:38] <Aprogas> You might want to keep smtpd off while you process your old mail.[00:47:01] <Aprogas> You have a backup of what was in your queue, but if you accept new stuff now, and have to restore your backup, you lose those new mails.[00:47:31] <Aprogas> Hence the earlier suggestion of doing all the queue recovery stuff on a seperate machine, while putting the main server back operational again.[00:47:37] <Aprogas> Anyway, I am going to bed.[00:47:38] <bgerber> I have thought about doing that. This is now 48 hours I have had postfix down trying to get a backup.[00:47:54] <bgerber> I know my ISP has a 5 day limit.[00:48:05] <Aprogas> Sometimes making a tarball and scp[00:48:11] <Aprogas> Sometimes making a tarball and scp is faster than rsync.[00:48:45] <Aprogas> If Postfix cannot handle its queue at all, I think eventually it is going to defer new incoming messages, so that already started your ISP 5 day clock.[00:48:47] <bgerber> So I need to get the emails they are queuing as my MX to me before they expire them.[00:48:58] <zoo_> Aprogas: thx so far, good night[00:49:25] <bgerber> I am rsyncing the stuff from / that I need then going to do a format and reinstall.[00:49:34] <bgerber> Thanks and have a good night.[00:50:03] *** tharkun has quit IRC[00:52:01] *** hesco has joined #postfix[00:52:16] *** lepine has quit IRC[00:52:37] <hesco> I'm getting a header reading: dkim=permerror (mismatched key granularity). running dk-milter. The dkim docs say: "Verifiers MUST confirm that the domain specified in the "d=" tag is the same as or a parent domain of the domain part of the "i=" tag. If not, the DKIM-Signature header field MUST be ignored and the verifier should return PERMFAIL (domain mismatch).", my header reads in relevant part: d=example.com; i= at example dot com; but appar[00:52:37] <hesco> this is not close enough. Any suggestions how I can remedy this, please?[00:53:13] <hesco> I'd guess that dkim docs do not necessarily apply to dk-milter, but I understand it is derived from that.[00:53:22] <adaptr> !dk-milter[00:53:23] <knoba> adaptr: Error: "dk-milter" is not a valid command.[00:54:38] *** lepine has joined #postfix[00:54:47] *** jmedina has quit IRC[00:56:57] <hesco> !dkim[00:56:57] <knoba> hesco: "dkim" : DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. this is typically implemented in postfix by means of a milter. alternatively, existing content filters (e.g. amavis) may also have their own implementation mechanism.[01:03:25] *** dragonheart has joined #postfix[01:09:16] *** smica has quit IRC[01:12:39] *** sphenxes has quit IRC[01:14:35] *** mezgani has quit IRC[01:15:03] *** Jippi has quit IRC[01:16:52] *** mezgani has joined #postfix[01:33:40] *** brancaleone has quit IRC[01:51:48] *** Vivek has quit IRC[01:56:54] *** friskd has quit IRC[01:57:04] *** CountDown has joined #postfix[02:01:16] *** robotarmy has quit IRC[02:31:52] *** Xzisted has quit IRC[02:36:57] *** xabbu2003 has joined #postfix[02:37:01] *** xabbu2003 has quit IRC[02:44:43] *** friskd has joined #postfix[02:47:37] *** Nazdravi has joined #postfix[02:48:08] *** LowKey has quit IRC[02:53:26] *** bluethundr has quit IRC[03:14:41] *** LowKey has joined #postfix[03:15:40] *** micols has joined #postfix[03:17:35] *** CountDown has quit IRC[03:28:45] *** micols has quit IRC[03:31:21] *** sedstapler is now known as sedulous[03:39:01] *** micols has joined #postfix[03:48:19] *** Dosshell has quit IRC[03:49:33] *** robotarmy has joined #postfix[03:54:15] *** robotarmy has quit IRC[03:59:31] *** neekfenwick_ has joined #postfix[04:08:45] *** guenter_ has joined #postfix[04:12:00] *** guenter has quit IRC[04:20:21] *** CountDown has joined #postfix[04:21:21] *** loddafnir1 has quit IRC[04:30:54] *** mezgani has quit IRC[04:44:58] *** hesco has left #postfix[04:48:50] <AstralStorm> isn't DKIM kind of obsoleted by SPF, at least partially?[04:49:48] *** hicker has joined #postfix[04:49:52] <AstralStorm> assuming your server isn't subject to or is resistant against DNS poisoning[04:52:08] *** tifflor has left #postfix[04:52:41] <AstralStorm> although they complement each other nicely, from the spam point of view, SPF is stronger[04:54:45] <AstralStorm> (that's because a spammer can also have a valid DKIM key)[04:54:59] <AstralStorm> (although then you could blacklist just that)[04:56:34] *** MAAAAAD has joined #postfix[04:56:50] <hicker> I trying to send a test message to myself using Java Mail and I'm receiving a "250 Message accepted for delivery" message but I'm not receiving anything. Anyone have any idea what I can do?[04:57:03] <AstralStorm> read the log[04:57:20] <hicker> i don't think i can... it's not my server[04:57:21] <AstralStorm> might be deferred due to various errors[04:57:37] <AstralStorm> e.g. account size (quota) exceeded[04:57:49] <hicker> what kind of errors? maybe there's something else I can try[04:58:02] <AstralStorm> other than sending a mail from elsewhere, not much[04:58:26] <AstralStorm> oh, and the mail might've been greylisted, so it'll appear later[04:58:41] <AstralStorm> depending on greylisting settings[04:59:15] <hicker> strange... it's been a couple says since I first tested it... could it be longer than that?[04:59:28] <AstralStorm> highly unlikely[04:59:38] <AstralStorm> if the mail server does spam filtering, check that[05:00:24] *** MAAAAD has quit IRC[05:00:27] <hicker> would the spam filters check outgoing mail too?[05:00:43] <AstralStorm> likely not.[05:01:06] <AstralStorm> so the mail is sent via a relay?[05:01:19] <hicker> yes, i believe so[05:01:34] <AstralStorm> maybe the relay doesn't know how to deliver this mail and it gets deferred[05:01:53] <AstralStorm> DNS problems can cause this[05:02:01] <AstralStorm> as can connectivity issues[05:02:57] <hicker> it's a large university e-mail system, so I would assume everything is working properly[05:03:28] <AstralStorm> and I bet you can't take a peek into the logs[05:03:42] <hicker> i can access /var/log/syslog on the server, would it be in there?[05:03:48] <AstralStorm> maybe[05:03:53] <AstralStorm> or in /var/log/mail.log[05:04:50] <AstralStorm> have you tried sending the mail to the relay itself? (e.g. to your uni address)[05:05:03] <hicker> yes[05:05:17] <AstralStorm> worked?[05:05:47] <hicker> no, not in Java Mail, but does when I use the web-based client[05:23:59] *** CountDown has quit IRC[05:24:26] <AstralStorm> is Java Mail a sending app or the user agent? (receiving)[05:25:29] <AstralStorm> or maybe try to write down the mail flow[05:33:40] *** f3xy has quit IRC[05:37:59] *** JonnyV has joined #postfix[05:39:54] *** Motoko-chan has joined #postfix[05:41:31] *** CountDown has joined #postfix[05:47:46] *** f3xy has joined #postfix[05:57:56] *** f3xy has quit IRC[05:58:52] *** CountDown has quit IRC[06:30:44] *** verywiseman has quit IRC[06:37:27] *** rajijoom has joined #postfix[07:14:27] *** klem has quit IRC[07:15:36] *** neorise-rider has quit IRC[07:19:56] *** klem has joined #postfix[07:59:16] *** uqlev has joined #postfix[08:05:21] <hicker> AstralStorm: I found out that the sender needs to be DNS-resolvable which 'john@laptop' isn't in my case. Problem solved. Thanks for the info though[08:05:49] *** rajijoom has quit IRC[08:09:11] *** JonnyV has quit IRC[08:27:18] <zoo_> can i do SMTP AUTH without sasl, by directly querying a mysql DB?[08:29:02] <joschi> zoo_: no[08:29:26] <joschi> zoo_: postfix uses either cyrus sasl or dovecot sasl to have its authentication work done[08:31:02] <zoo_> i dont get dovecot sasl to work :([08:35:14] <zoo_> postfixadmin saves the password as MD5 hash, dovecot knows that. But is this pompatible with SMTP AUTH or do I need to go with PLAIN in the DB?[08:39:22] <joschi> zoo_: if you only have a hashed password in your database, you'll usually can only use PLAIN or LOGIN as authentication mechanisms[08:40:11] <joschi> zoo_: but postfixadmin supports hashing passwords with dovecotpw, so you could use dovecot:CRAM-MD5 in the database backend and still use CRAM-MD5 as authentication mechanism[08:40:38] <joschi> btw, for problems with dovecot sasl, #dovecot might be a better place to ask[08:41:26] <zoo_> joschi: i try using dovecotpw[08:49:01] *** Matic`Makovec has joined #postfix[08:51:11] <uqlev> zoo_, do you use virtual accounts?[08:53:48] <Dominian> !dovecot[08:53:49] <knoba> Dominian: "dovecot" : http://www.dovecot.org/ : IMAP/POP3 server software with emphasis on security; recent versions can also provide SASL AUTH for Postfix 2.3+.[08:53:51] <Dominian> !sasl[08:53:51] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[08:54:05] <Dominian> dovecot can auth with mysql[08:54:10] <Dominian> if he's using postfixadmin he's using mysql[08:54:29] <Dominian> you don't have dovecot configured properly to use mysql as an authentication backend[08:55:07] <uqlev> Dominian, whom do you speak to? you.. he..?[08:55:16] <Dominian> zoo_:[09:08:21] <joschi> zoo_: ok, you try to use dovecotpw, but what's the problem with using it?[09:10:18] <uqlev> joschi, it seems that problem because he hasn't sleep last night at all[09:11:19] <uqlev> joschi, and now he is either dead or fall asleep[09:11:50] *** JonnyV has joined #postfix[09:12:00] <joschi> let's hope it's the latter ;)[09:12:01] * zoo_ has slept[09:12:15] <zoo_> from 1am to 7am[09:12:43] <zoo_> not much, because my $CHILD was sending me SIG_WAKEUP[09:13:05] <uqlev> :)[09:14:57] <uqlev> zoo_, if you have just began with postfix start with system accounts and pam authentication it is a way more simple[09:15:40] <uqlev> zoo_, you don't need mysql, apache, php[09:16:24] <zoo_> now i get "SASL PLAIN/LOGIN authentication failed"[09:16:38] <zoo_> looks as if i am getting further[09:16:49] <uqlev> zoo_, neither postfixadmin[09:17:53] *** micols has quit IRC[09:18:22] *** micols has joined #postfix[09:18:48] <zoo_> uqlev: i need virtual domains and want a nice webinterface...[09:22:35] <uqlev> zoo_, don't forget that "nice webinterface" on a mail-server means potentially pretty nice hole which you have to watch[09:24:32] <zoo_> my password is 1234, nobody will guess that. :)[09:25:36] <uqlev> zoo_, doesn't matter you password complexity. But to run mysql, apache and php just to keep a bunch of passwords.. it should worth it[09:26:10] <zoo_> well, i need them anyway[09:28:11] *** JonnyV has quit IRC[09:42:53] *** Motoko-chan has quit IRC[09:46:06] *** [sergiu] has quit IRC[09:47:47] *** diffra has quit IRC[09:49:34] *** yosafbridge has quit IRC[09:53:30] *** rajijoom has joined #postfix[09:54:11] *** diffra has joined #postfix[09:56:22] *** yosafbridge has joined #postfix[09:58:42] *** rajijoom has quit IRC[10:05:24] *** [sergiu] has joined #postfix[10:23:27] *** neekfenwick__ has joined #postfix[10:24:51] *** makomi has joined #postfix[10:27:18] *** neekfenwick_ has quit IRC[10:34:32] <Tom-B> Aprogas I'm taking your advice and reading the docs now[10:35:51] <denysonique> Hi[10:36:36] <denysonique> testsaslauthd works fine with my credintials. When I try to login using my mail client it doesn't seem to work. Via plain telnet it doesn't work either. I get the authentication failure error.[10:36:46] <denysonique> I am using cyrus-sasl[10:37:13] <Aprogas> !tell denysonique welcome[10:37:13] <knoba> denysonique: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[10:39:19] <denysonique> postfix/smtpd[29286]: warning: cpc4-seve11-0-0-cust296.13-3.cable.virginmedia.com[82.10.93.41]: SASL LOGIN authentication failed: authentication failure[10:40:44] <denysonique> http://dpaste.com/241853/ - telnet session[10:40:45] <joschi> denysonique: post your smtpd.conf (the sasl configuration for postfix)[10:41:52] <denysonique> joschi, pwcheck_method: saslauthd[10:41:53] <denysonique> mech_list: PLAIN LOGIN[10:43:26] <joschi> and now the configuration of your saslauthd[10:44:50] *** makomi has quit IRC[10:46:18] *** makomi has joined #postfix[10:46:52] *** denysonique has quit IRC[10:48:07] *** denysonique has joined #postfix[10:48:34] *** denysonique is now known as Guest56438[10:48:45] *** sphenxes has joined #postfix[10:49:16] <Tom-B> Aprogas I'm finding alot of what's in http://www.postfix.org/BASIC_CONFIGURATION_README.html not being in my main.cf[10:49:32] <Tom-B> Is that because I am using virtual domains/users or because my main.cf is incomplete?[10:49:34] *** Guest52633 is now known as Ionic[10:50:06] <Tom-B> http://pastie.org/private/2frlaypfibdvjiscjrm3q[10:50:12] *** Guest56438 is now known as denysonique_[10:50:41] <Aprogas> Postfix uses sensible defaults, it is not necessary to declare them again in main.cf[10:52:01] <Tom-B> Do you think that it may be worth me disabling the sensible defaults so I can understand exactly what's going on?[10:55:43] *** denysoni- has joined #postfix[10:58:51] *** henriknj has joined #postfix[10:59:52] *** denysoni- has quit IRC[11:01:07] <Aprogas> Yes, run postconf | perl -e '$x = rand(); s/= .*/= $x/' >main.cf[11:01:22] <Aprogas> That will replace all your settings by random data.[11:01:37] <Aprogas> Because who wants sensible defaults? :)[11:02:31] *** robotarmy has joined #postfix[11:03:10] <Tom-B> Are bounce and 2bounce mutually exclusive?[11:03:35] <Aprogas> I don't know, I never meddled with that.[11:07:13] *** robotarmy has quit IRC[11:12:17] *** cga has joined #postfix[11:12:46] <Tom-B> Is the "myhostname" paramater to do with the helo thing you mentioned I should change?[11:12:56] *** diffra has quit IRC[11:13:22] <Aprogas> It can be.[11:13:34] <Tom-B> I am thinking:[11:13:35] <Tom-B> myhostname = $virtual_mailbox_domains[11:13:35] <Tom-B> virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf[11:13:48] <Aprogas> No. myhostname takes just one argument.[11:14:57] <Tom-B> I do not understand that statement[11:15:38] <Aprogas> Your system has only one hostname, it can receive mail for many (virtual) domains, but should have only one hostname.[11:16:14] *** yosafbridge has quit IRC[11:16:41] *** denysonique_ is now known as denysonique[11:16:50] *** denysonique has joined #postfix[11:19:32] *** makomi has quit IRC[11:21:50] <Tom-B> Which would be domain.com for example[11:21:53] <Tom-B> Which would be domain.com for example?[11:22:26] <Aprogas> I recommend giving your system a name, and use name.domain.com.[11:22:30] *** diffra has joined #postfix[11:22:43] <Tom-B> mail.domain.com then?[11:23:18] <Aprogas> That will work, but if you manage multiple systems, it might be useful to assign some naming scheme to them, so it is easier to reference them in documentation, bills, etc.[11:23:18] *** brancaleone has joined #postfix[11:23:43] <Tom-B> You're refering to mx backups?[11:24:32] *** yosafbridge has joined #postfix[11:24:43] <Tom-B> I plan on purchasing genericdomain.com and buying an SSL cert for it. So client's mailserver will be mail.genericdomain.com[11:25:12] <Aprogas> No, I'm referring that it is easier to say "Poseidon will be upgraded on 12 september" than "That mailserver third from top in the second from left 19-inch rack will be upgraded on 12 september"[11:25:27] <Tom-B> So mikes car repair isn't connecting to mail.traceysboutique.co.uk[11:26:59] *** master_of_master has quit IRC[11:28:07] <Tom-B> The myhostname parameter specifies the fully-qualified domain name of the machine running the Postfix system[11:28:11] *** master_of_master has joined #postfix[11:28:24] <Tom-B> How is Poseidon a FQDN?[11:28:29] <Tom-B> or am I taking you too literally?[11:28:49] <Aprogas> mail.domain.com is a very good name, just use that.[11:29:49] <Tom-B> Forgive me if you take this disrepectfully, but are you just saying that because you're tired of me?[11:29:55] <Aprogas> Yes.[11:30:07] <Aprogas> But also because it is true.[11:30:29] <Aprogas> Using purely functional FQDNs is fine; but my personal taste is to give names to computers.[11:30:42] <Tom-B> I can't invisage a scenario whereby I'd have 2 servers for mail.domain.com[11:31:15] <Tom-B> Of course that could change but that would be way down the line, and I'd need to be setting that new server up and I'd be here again and go "ooo best change server1's myhostname param"[11:31:21] <Aprogas> I name workstations too, and if I had a business with multiple computers I'd name all of them as well.[11:31:48] *** denysonique_ has joined #postfix[11:32:50] <Tom-B> To my mind mail.uniquedomain.whatever is unique enough[11:36:29] *** denysonique_ has quit IRC[11:41:12] *** uqlev has quit IRC[11:45:19] *** karlgus has joined #postfix[11:45:59] *** xabbu has quit IRC[11:49:06] *** henriknj has quit IRC[11:50:04] *** neekfenwick__ has quit IRC[11:54:52] *** xabbu has joined #postfix[11:57:06] *** henriknj has joined #postfix[12:07:26] *** cga has quit IRC[12:13:51] *** neekfenwick has joined #postfix[12:21:51] *** loddafnir has joined #postfix[12:22:45] *** cga has joined #postfix[12:26:57] *** TmBerg has joined #postfix[12:28:38] <zamba> Aprogas: you here? i have a question about your smtpd_recipient_restrictions[12:29:19] <zamba> Aprogas: you have quite a few rejects before you actually get to the postfwd service.. especially reject_non_fqdn_helo_hostname and reject_invalid_helo_hostname[12:29:29] <zamba> wouldn't that block potentially valid senders?[12:29:58] <Aprogas> Haven't noticed any yet.[12:31:09] <zamba> but you don't have any MUA connected to your MTA, no?[12:31:23] <zamba> because they often give helo like "host.local" or similar[12:34:17] <zamba> Aprogas: is there a way to test postfwd? instead of putting it into a live environment?[12:41:44] <Aprogas> Yes.[12:42:00] *** JonnyV has joined #postfix[12:42:23] <Aprogas> I do submit with a MUA to my MTA on port 25; postfwd can be tested with -t, or like any restriction with warn_if_reject[12:43:02] <Aprogas> I submit with a proper MUA that sends a proper HELO and uses proper domains, no need to give them a pass for those restrictions.[12:44:11] <zamba> so basically: warn_if_reject check_policy_service inet:127.0.0.1:<port>[12:45:04] <Aprogas> That might be more useful that postfwd -t, since that just returns DUNNO for everything.[12:47:53] *** karlgus has quit IRC[12:49:30] *** JonnyV_ has joined #postfix[12:52:26] *** JonnyV has quit IRC[12:57:53] *** juergen_dose has joined #postfix[13:01:41] *** makomi has joined #postfix[13:13:39] *** brahama__ has joined #postfix[13:17:08] *** JonnyV_ has quit IRC[13:18:41] *** JonnyV_ has joined #postfix[13:22:20] *** brahama__ has quit IRC[13:26:40] *** makomi has quit IRC[13:33:05] *** brahama__ has joined #postfix[13:37:17] *** JonnyV_ has quit IRC[13:38:15] *** JonnyV has joined #postfix[13:39:02] *** denysonique_ has joined #postfix[13:40:23] *** brahama__ has quit IRC[13:43:39] *** denysonique is now known as denysonique__[13:45:03] <AstralStorm> hey[13:45:07] <AstralStorm> open("public/pickup", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)[13:45:23] <AstralStorm> what does this mean? the spool is a precise copy...[13:46:08] *** denysonique_ has quit IRC[13:46:08] *** denysonique_ has joined #postfix[13:46:23] *** JonnyV has quit IRC[13:46:47] *** denysonique__ has quit IRC[13:46:51] <adaptr> !idfma[13:46:51] <knoba> adaptr: "idfma" : Insufficient Data For Meaningful Answer (perhaps look at the /topic)[13:47:02] <AstralStorm> perhaps you should ask what data you need[13:47:10] <AstralStorm> ;>[13:47:25] <AstralStorm> instead of silliness. that bit is from master process strace[13:47:32] <AstralStorm> trying to run that postfix in a chroot still[13:47:48] <AstralStorm> somehow it has a problem with its spool[13:48:25] <AstralStorm> in fact: postfix start doesn't start the server, yet it thinks it did[13:48:42] <AstralStorm> (understandably, since it doesn't check the return code)[13:49:26] *** denysonique_ is now known as denysonique[13:50:07] <AstralStorm> postfix check seems to work as well[13:50:24] <adaptr> perhaps you should supply more than a random snippet of poo when asking your question[13:50:37] <AstralStorm> ok, so you do want the whole strace, ok[13:50:51] <adaptr> how about you start by describing a problem[13:51:03] <AstralStorm> problem: postfix doesn't start in this chroot[13:51:13] <AstralStorm> nothing seems to be obviously missing[13:51:25] <adaptr> "this chroot" meaning what ?[13:51:28] <AstralStorm> .....[13:51:43] <AstralStorm> a chroot, what else do you need to know about it? a list of files or what?[13:51:59] <adaptr> if you don't understand what you're doing, how do you expect others to[13:52:10] <AstralStorm> I do understand what I'm doing precisely[13:52:14] <adaptr> good[13:52:15] <AstralStorm> I don't know what's missing or wrong there[13:52:25] <adaptr> !idfma[13:52:25] <knoba> adaptr: "idfma" : Insufficient Data For Meaningful Answer (perhaps look at the /topic)[13:52:36] <AstralStorm> tell me then, what's SUFFICIENT data[13:52:46] <AstralStorm> the config is direct copy of a working one outside the chroot[13:52:52] <AstralStorm> (with minor change to the ip address)[13:53:10] <AstralStorm> http://wklej.org/hash/7b596b4668/ - the strace[13:54:24] <adaptr> if you're trying to run postfix in a non-standard way, you need to realize that A. what you want may not be possible, and B. you'r emostly on your own unless you can explain the setup in sufficient detail to give others a chance to evaluate it[13:54:38] <AstralStorm> it is definitely possible, people do run postfix in virtual machines[13:54:41] <AstralStorm> and in chroots[13:54:47] <adaptr> if you're missing files or permissions inside a chroot, investigate[13:54:58] <AstralStorm> oh I am investigating[13:55:06] <AstralStorm> I don't know why the master process doesn't start[13:55:10] <AstralStorm> this EACCESS doesn't make sense[13:55:24] <adaptr> not a postfix problem[13:55:45] <AstralStorm> but it is my setup problem and I don't know what causes it[13:55:50] <AstralStorm> that's why I'm asking for help[13:55:51] <adaptr> nor do we[13:55:56] <adaptr> what makes you think anybody does[13:55:58] <AstralStorm> no, nor do *you*[13:56:17] <AstralStorm> someone might? there are some 222 users here[13:56:20] <adaptr> I run postfix without those problems[13:56:25] <adaptr> I suggest you do the same[13:56:35] <AstralStorm> and someone is bound to have manually chrooted it[13:56:41] <adaptr> obviously[13:56:48] <adaptr> the debian package maintainers, for one[13:56:51] <AstralStorm> and that person might know what I'm missing there[13:56:55] <adaptr> that's a Hint[13:56:59] <AstralStorm> it's something really non-obvious[13:57:09] <adaptr> AstralStorm: whatever. cut down on the noise[13:57:10] <AstralStorm> I've checked that package, everything seems to be fine, the files are all in[13:57:20] <adaptr> you're annoying the shit out of me[13:57:22] <AstralStorm> adaptr: you're causing the noise with non-helpful answer, thank you[13:57:33] <denysonique> true[13:58:02] <adaptr> !chroot[13:58:02] <knoba> adaptr: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[13:59:29] <AstralStorm> adaptr: that one is a really tiny one, but yes, I have all those files it mentions in[14:01:18] <AstralStorm> what I don't trust is the kernel on this machine, so I get to run in a "vm"[14:03:02] <AstralStorm> so in fact I'm trying to construct a minimal postfix-running system[14:04:27] <adaptr> all I see are errors[14:04:48] <adaptr> let's assume that's not supposed to happen[14:05:03] <AstralStorm> yes, that isn't supposed to happen indeed[14:05:59] <AstralStorm> those "close" silliness is just postfix dropping root[14:06:53] <AstralStorm> nscd socket doesn't exist on the main system either[14:07:50] <adaptr> mknod foo 622 && open FAIL[14:07:57] <adaptr> I would trade in my kernel and get a better one[14:08:22] <AstralStorm> hmmm, the mknod should've worked[14:08:32] <AstralStorm> in fact, it has worked, as the file exists now[14:08:45] <adaptr> and yet it cannot access it[14:08:45] <TmBerg> Does anyone in here got batv up and running? Planning on set it up.[14:08:49] <AstralStorm> but it's wrong user and mode[14:08:53] <AstralStorm> wtf?[14:09:11] <AstralStorm> time to change the filesystem I bet[14:09:15] <adaptr> that would be the only ,logical explanation, apart from an insane kernel[14:09:31] <AstralStorm> it's actually both, insane kernel *and* filesystem[14:09:41] <AstralStorm> will replace one bit of it in a second[14:17:13] *** smica has joined #postfix[14:24:24] *** aretrfre34 has joined #postfix[14:26:21] *** JonnyV has joined #postfix[14:28:47] <aretrfre34> I don't understand need of base64 hash in mail header, to ensure integrity, can anyone explain me?[14:29:04] <aretrfre34> sorry for bad english[14:29:25] *** Nazdravi has quit IRC[14:29:34] <adaptr> aretrfre34: there is no need for a base64 hash in a mail header[14:30:45] *** GieltjE has joined #postfix[14:30:46] <aretrfre34> why gmail uses it then?[14:30:52] *** makomi has joined #postfix[14:31:02] <Aprogas> Please show an example of this "base64 hash".[14:31:21] <GieltjE> I am trying to get startssl to work with postfix, but thunderbird doesnt see the correct CA, and the log says: SSL3 alert read:fatal:unknown CA, anyone can help?[14:31:31] <adaptr> GieltjE: ITYM STARTTLS[14:31:31] *** makomi has quit IRC[14:31:50] <adaptr> and thunderbird wil have to know the CA[14:31:50] *** makomi has joined #postfix[14:32:12] <Aprogas> startssl is actually the name of a CA[14:32:15] <AstralStorm> aretrfre34: some mail servers don't support 8-bit data[14:32:18] <aretrfre34> Aprogas:Content-Transfer-Encoding: base64[14:32:30] <GieltjE> adaptr, Yes starttls should work aswel, apperantly it doesn't get the CA[14:32:32] <AstralStorm> so you have to use quoted-printable or base64 in this case[14:32:41] *** JonnyV_ has joined #postfix[14:32:56] <AstralStorm> I bet gmail is playing it safe in this case instead of sending 8-bit mails[14:33:27] <Aprogas> GieltjE: Check that the CA is in cacert.pem or some certs/*.pem you point Postfix to. Also make sure chroot doesn't get in the way of reading the cert.[14:33:36] <aretrfre34> and under goes 4.1kB hash[14:33:55] <AstralStorm> aretrfre34: yes, and you get to decode its base64[14:33:59] <Aprogas> aretrfre34: It's not really a hash, just a form to encode data to become ASCII-safe.[14:34:18] <Aprogas> aretrfre34: Pretty much any mail clients should decode it without you even noticing.[14:34:21] *** brahama__ has joined #postfix[14:34:22] <AstralStorm> silly to use base64 for text of course[14:34:32] <AstralStorm> instead of, say, quoted-printable[14:34:49] <GieltjE> Aprogas, smtp_tls_CApath = /etc/apache2/ssl/mail points to all the files[14:34:55] <AstralStorm> unless it's chinese of course or something that has little ascii[14:35:04] <aretrfre34> decoding content gave garbage[14:35:11] <AstralStorm> so it's probably binary data[14:35:25] <AstralStorm> what's the Content-Type?[14:35:41] <aretrfre34> Content-Type: text/plain; charset=KOI8-R[14:35:47] *** JonnyV has quit IRC[14:35:57] <AstralStorm> so it's not garbage, just KOI8-R Korean[14:36:05] <Aprogas> Or Russian.[14:36:11] <AstralStorm> oh, or russian indeed[14:36:13] <aretrfre34> so, what usage of all that stuff?[14:36:23] <AstralStorm> hum?[14:36:24] <aretrfre34> yes russian[14:36:32] <Aprogas> Do you speak Russian? Do you have any Russian friends that would send you emails in Russian?[14:36:34] <AstralStorm> so it should be russian after decoding[14:36:42] <AstralStorm> (in KOI8-R encoding)[14:36:58] <Aprogas> You should open it in an editor that supports KOI8-R encoding an has a Cyrillic font.[14:37:10] <AstralStorm> aretrfre34: told you, some (antique) mail servers don't accept 8-bit mails[14:37:30] <AstralStorm> only ASCII, which is 7-bit[14:37:54] *** wdp_ has joined #postfix[14:37:55] <AstralStorm> so a reversible encoding is used[14:37:58] <aretrfre34> i got it, i'm asking should i use that thing base64 in my postfix mailserver, and what possible security reasons of doing that[14:38:13] <adaptr> you shouldn't do anything[14:38:14] *** JonnyV_ has quit IRC[14:38:16] <AstralStorm> postfix doesn't touch the mail data (usually)[14:38:18] <micols> I get Sep 11 14:38:39 rlogin postfix/smtp[31247]: fatal: unknown service: smtp/tcp , any idea how to fix it? - I run debian lenny , tried chmod u+rwx /var/spool/postfix -R[14:38:20] <AstralStorm> your client should encode instead[14:38:27] <micols> I cannot send any mails, they just get deferred[14:38:33] <AstralStorm> micols: you need /etc/services[14:38:35] <adaptr> micols: DO NOT touch the postfix permissions[14:39:09] <aretrfre34> what if don't send that hash, what might happen?[14:39:14] <micols> AstralStorm: smtp 25/tcp mail in my /etc/services and also in /var/spool/postfix/etc/services[14:39:20] *** GieltjE has quit IRC[14:39:25] <adaptr> aretrfre34: *gmail* sends it. what does that have to do with you[14:39:26] <AstralStorm> aretrfre34: some (antique) mail servers will drop the mails on the floor[14:39:32] <micols> both are permission 644 so should be readable[14:39:57] <AstralStorm> micols: what about the other files from that chrooting example file?[14:40:12] <AstralStorm> not that they should cause this message[14:40:20] <Aprogas> micols: please pastebin your master.cf and postconf -n[14:40:22] *** JonnyV_ has joined #postfix[14:41:24] *** wdp has quit IRC[14:42:10] *** TmBerg has left #postfix[14:44:14] *** brahama__ has quit IRC[14:44:17] *** aretrfre34 has left #postfix[14:45:11] <micols> http://81.161.188.225/pcn (textfile)[14:46:18] <micols> it started after a mailserver crash (someone took the powercord) :)[14:47:22] <micols> it says message accepted and queued with telnet to port 25 and sending mail[14:47:33] *** brahama__ has joined #postfix[14:47:35] <micols> but it just gets deferred with that "unknown error"[14:48:19] <micols> status=deferred (unknown mail transport error)[14:48:35] <micols> and nothing else in the log, not even with smtpd -v[14:48:41] *** Fudge has joined #postfix[14:48:49] <Fudge> anyone know if alpine email client can talk to exchange servers over rcp?[14:49:41] <micols> my mailqueue is rising quicker than exponentially :), almost a vertical line (on 5minute munin graph)[14:50:21] <AstralStorm> micols: "unknown mail transport error" sounds like mail looping to yourself[14:50:32] *** dragonheart has quit IRC[14:50:36] <AstralStorm> but you could post more of a log[14:50:52] <Aprogas> micols: Verify the contents of your MySQL tables.[14:51:05] *** JonnyV has joined #postfix[14:51:14] <AstralStorm> yup, and check if mysql is up[14:51:19] *** juergen_dose is now known as car[14:51:23] *** JonnyV_ has quit IRC[14:51:32] <micols> http://pastebin.com/W5yJ6L4M[14:51:38] <micols> oh yes, mysql was my first thought[14:51:50] <micols> I already verified them[14:51:51] <AstralStorm> esp. transport maps there[14:51:57] <micols> just a second , trying again[14:52:17] <micols> mysql> select * from transport;[14:52:17] <micols> Empty set (0.00 sec)[14:52:19] <micols> hm[14:53:18] <micols> domains,users,forwardings are all ok (tables), in (mail) db, but transport is empty[14:53:23] <micols> but I think it has always been so[14:54:17] <AstralStorm> this should be fine[14:54:24] <Aprogas> Check the contents of /var/spool/postfix/private[14:54:37] *** brahama__ has quit IRC[14:54:40] <AstralStorm> yes, it looks like something has replaced the socket in there[14:54:52] <AstralStorm> (or quite a few other causes)[14:55:14] <AstralStorm> maybe you've ran 2x smtp transport somehow?[14:55:17] <Aprogas> With ls -alF to make sure those aren't just empty regular files.[14:55:35] <AstralStorm> Sep 11 14:53:40 rlogin postfix/master[11374]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling[14:55:43] <AstralStorm> well, that has to be rectified first[14:55:46] <AstralStorm> :)[14:55:56] <micols> I tried restarting postfix, but all sockets have this permission srwxrw-rw- 1 postfix postdrop 0 2010-09-11 14:23 anvil[14:55:57] <Aprogas> AstralStorm: Can't that be caused by missing the private/smtp socket?[14:56:10] <AstralStorm> no, smtp should remove that wrong file and remake it[14:56:19] <AstralStorm> unless it has no access rights[14:56:28] <micols> http://pastebin.com/7tXVNKiK , i dont see the missing socket[14:56:37] <micols> smtp is there[14:56:42] <AstralStorm> it shouldn't be there[14:56:47] <Aprogas> Run "postfix check"[14:56:49] <AstralStorm> as smtp isn't running[14:56:52] <AstralStorm> yes, run that[14:56:53] *** tharkun has joined #postfix[14:57:11] <AstralStorm> maybe your smtp is segfaulting or something just as wrong?[14:58:51] <micols> then it would be in dmesg[14:59:00] <micols> segv's are usually listed there[14:59:08] <AstralStorm> yes, it would[14:59:16] <AstralStorm> now, one of your mysql refs is missing proxy:[14:59:20] <AstralStorm> is that on purpose?[14:59:31] <AstralStorm> (virtual_alias_maps)[15:00:49] <AstralStorm> because both are valid, but probably with different format[15:01:14] <micols> hm don't quite remember, i did set up the sql a few years back[15:01:23] <Aprogas> So what did "postfix check" say?[15:01:33] <micols> and it has always been running , server worked fine before hard reboot.[15:01:38] <AstralStorm> hmm, actually, that should work[15:01:50] <AstralStorm> oooh, hard reboot sounds to me like mysql table getting corrupted[15:02:26] <micols> http://pastebin.com/5fXQfphx[15:02:31] <AstralStorm> but if that's not the case, try running smtpd manually to see why it fails[15:02:32] <micols> I haven't tried repair table yet[15:02:38] <micols> but the table data shows up fine[15:02:54] <Aprogas> Sounds like "postfix check" is unhappy about many permissions.[15:03:34] *** JonnyV_ has joined #postfix[15:03:51] <micols> hm I think it might be a permission issue I just chowned to root in /etc/postfix, it was postfix owned before, but postfix check complained[15:04:01] <micols> will try a few more permission settings, clearly they're wrong now[15:04:10] <Aprogas> How about "postfix set-permissions" instead of trying things at random.[15:06:40] <micols> just get a lot of missing so files there, ldap and stuff[15:06:50] <micols> but I did run it, and still same error[15:07:09] <Aprogas> You got errors about missing .so files?[15:07:28] *** JonnyV has quit IRC[15:12:50] <micols> luckily I have backup from the same day it went down, at least of my /etc dir, think I got /var somewhere too if i'm lucky[15:15:20] <micols> heh.. I had my /etc/postfix symlinked to /srv/postfix.. which tar didn't dereference[15:16:45] *** makomi has quit IRC[15:17:05] <micols> Aprogas: yes, but they dont mean anything, only so files I don't use in my postfix install, i just checked with ldd 'smtp' and ldd 'smtpd' , I got all so's installed that I need[15:25:14] *** shoonya has joined #postfix[15:27:01] *** cga has quit IRC[15:27:49] *** brahama__ has joined #postfix[15:32:10] *** JonnyV_ has quit IRC[15:35:00] *** LouB has joined #postfix[15:35:51] <denysonique> okay this is weird. why when I have saslauthd running with -r tb will chose AUTH PLAIN to login intead of AUTH LOGIN?[15:37:54] <Tom-B> Where in the postfix documentation might I find an explanation on how to setup 25 for MX but only allow sending on 465 (depreciated I know but I have my reasons:)[15:40:02] *** JonnyV_ has joined #postfix[15:40:30] <denysonique> Tom-B, speak english[15:41:01] <denysonique> Tom-B, I think you want postfix on 25 to deliver mail for your domain and 465 as the relay for external domains?[15:42:35] <Tom-B> Yes that sounds right[15:43:22] *** brahama__ has quit IRC[15:44:42] *** brahama__ has joined #postfix[15:48:34] *** JonnyV_ has quit IRC[15:49:09] *** JonnyV_ has joined #postfix[15:51:21] <denysonique> Tom-B, http://www.postfix.org/postconf.5.html all configuration parameters[15:52:28] *** brahama__ has quit IRC[15:58:36] <Tom-B> it's kind of a needle in a hay stack =)[15:58:49] <Tom-B> Surely I need to be in master.cf no?[16:05:49] *** brahama__ has joined #postfix[16:09:22] *** JonnyV_ has quit IRC[16:10:21] *** JonnyV has joined #postfix[16:12:56] *** torralbo has joined #postfix[16:13:36] <Aprogas> Tom-B: You could apply the information relevant for the submission port to any random port, including 465.[16:13:55] *** brahama__ has quit IRC[16:15:11] <Tom-B> I don't really understand that statement[16:16:38] <Aprogas> There is documentation and examples for how to run an MSA on the submission port. It doesn't have to be on the submission port per se, you can combine that information for submission with the information about smtps, and combine them.[16:18:03] <Tom-B> Where are the docs and examples?[16:18:33] <denysonique> why after adding smtpd_recipient_restrictions = permit_sasl_authenticated to main.cf postfix stops working?[16:18:51] <denysonique> when I telnet to it there is no more ESMPT greeter[16:18:57] <denysonique> after ehlo I get no response[16:18:58] <Aprogas> denysonique: You probably didn't add it, but replaced it with just that 1 restriction.[16:19:08] <denysonique> Aprogas, thanks[16:19:12] <Aprogas> !tell Tom-B submission[16:19:12] <knoba> Tom-B: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[16:19:20] <Aprogas> !tell Tom-B master.cf[16:19:20] <knoba> Tom-B: "master.cf" : the process configuration file. Each logical line describes how a Postfix service will be run. See "man 8 pipe" for more information.[16:21:49] *** JonnyV_ has joined #postfix[16:22:05] <denysonique> Aprogas, okay how do I make postfix work back?[16:22:17] <Aprogas> !tell denysonique access[16:22:17] <knoba> denysonique: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[16:22:18] <denysonique> Aprogas, it looks like postfix won't respond to any connections[16:22:37] <Aprogas> Understand how restrictions work before using them. You made your Postfix into an open relay, and Postfix refuses to be on.[16:22:57] <Aprogas> You have five days to figure it out before you start losing mail. :)[16:24:35] <Tom-B> I do not want to use 587 fpr submission I'd like to use 465[16:24:54] <denysonique> Aprogas, imo the way this works is weird, maybe it is intended for security. At the beginning of the documentation there should be written: Read the *entire* documentation before attemting to configure postfix.[16:25:28] *** JonnyV has quit IRC[16:26:01] <Aprogas> Tom-B: The special options used for the submission services are not unique to port 587, they can be used on any port.[16:26:21] <Tom-B> What special options are where are they documented?[16:26:58] <Aprogas> In the commented example in master.cf, and in the documentation, e.g. the access readme.[16:27:01] <LouB> hey! i have a strange problem: postfix actually works fine.. i just moved to my student accommodation and i think they block smtp application level style or something.. i can telnet postfix and get a 220 but thats it.. i cant send anything, postfix doesnt respond.. any idea anyone?[16:27:13] <Tom-B> I see no commented example in master.cf[16:27:30] <Tom-B> http://pastie.org/private/ur1hiw7bn1yttnilmvpw[16:27:39] <micols> lol[16:27:50] <micols> noexec on /var :)[16:27:52] *** smica has quit IRC[16:28:00] <micols> just spent 2 hours trying to figure out why apt and postfix failed to work :)[16:28:22] <Aprogas> LouB: What is the IP-address?[16:28:50] <micols> I was sure it was my raid6 that had problems after a hard reboot, it didn't even resync afterwards[16:28:54] <Aprogas> Tom-B: Seems you already uncommented the first line of the submission service, but you left the options below it commented.[16:29:36] *** smica has joined #postfix[16:29:42] <Aprogas> Tom-B: You should read the access readme to learn how to make Postfix restrict certain things.[16:29:58] <Tom-B> I do not want to be able to submit on 25[16:30:13] <micols> Aprogas: the problem fixed itself after I removed noexec from /var ;)[16:30:32] <Tom-B> I want users to be able to connect to mail.dom.com over 465 using plain text SSL to be able to send mail and the server to be able to receive mail through an MX record[16:30:35] <Tom-B> That's it[16:30:52] <micols> Aprogas: the funny thing is that 'apt' and dpkg made dependency problems too :)[16:31:10] <micols> they looked real actually, so funny to debug with strace and all[16:32:01] <Aprogas> Tom-B: I am not going to spoonfeed the solution to you; you should be able to figure it out by reading the documentation I mentioned.[16:32:04] <Aprogas> !tell Tom-B access[16:32:04] <knoba> Tom-B: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[16:32:05] <denysonique> btw can values be coma delimited in main.cf?[16:32:51] <denysonique> smtpd_recipient_restrictions =[16:32:52] <denysonique> permit_sasl_authenticated,[16:32:52] <denysonique> permit_mynetworks,[16:32:52] <denysonique> reject_unauth_destination[16:32:54] <denysonique> like here?[16:32:56] <denysonique> etc[16:33:22] <denysonique> for me it doesnt work this way[16:34:31] <LouB> Aprogas: im sorry :/ i wont tell you.. i tried from an other connection and i am a 100% shure it works[16:34:58] <Aprogas> denysonique: You can use commas, spaces, both and possible other whitespace to seperate restrictions; the syntax you just showed looks fine.[16:35:23] <denysonique> Aprogas, it needs to be new lines plus commas?[16:35:25] <Aprogas> denysonique: So long as continued lines are intended with whitespace, and the start of the next option isn't indented.[16:35:47] <Aprogas> denysonique: I think it will work without commas, since it can also work without commas on the same line.[16:37:31] *** makomi has joined #postfix[16:38:32] *** brahama__ has joined #postfix[16:38:32] *** makomi has quit IRC[16:38:49] *** makomi has joined #postfix[16:41:52] *** JonnyV_ has quit IRC[16:42:51] *** JonnyV has joined #postfix[16:45:07] *** brahama__ has quit IRC[16:45:32] <Aprogas> LouB: Please describe in more detail from which kinds of host your Postfix does work and from which it doesn't.[16:46:41] *** JonnyV_ has joined #postfix[16:47:47] <denysonique> Aprogas, thank you[16:47:49] *** sash_ has quit IRC[16:48:12] <Aprogas> denysonique: I just confirmed on my own installation that it works without commas too.[16:48:18] *** sash_ has joined #postfix[16:48:19] *** sash_ has joined #postfix[16:50:10] *** JonnyV has quit IRC[16:50:16] <LouB> if i try to connect with thunder bird for example.. i get a timeout. the log says postfix/smtpd[22233]: connect from myip, but thats it (no sending or else) if i telnet port 25 is get 220 blabla but if i say EHLO asdf.asdf, there is on respond..the connection times out after a while.. how can i debug that/what can i do?[16:51:23] <Aprogas> !tell LouB logs[16:51:23] <knoba> LouB: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[16:51:30] <tharkun> !submission[16:51:30] <knoba> tharkun: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[16:56:19] *** brahama__ has joined #postfix[16:57:04] <Tom-B> Aprogas: what stops port 25 for submission but allows emails to come in? firewall?[16:57:36] <Aprogas> Tom-B: Postfix restrictions, explained in the access readme. Will you please just read that?[16:58:49] <Tom-B> I have read it[16:58:53] <Tom-B> http://www.postfix.org/SMTPD_ACCESS_README.html <-- correct?[16:59:01] <Tom-B> Nowhere does it say anything about ports[17:00:04] *** JonnyV_ has quit IRC[17:00:28] <Aprogas> In master.cf you can specify restrictions that only apply to the service (and thus also port) that you specify them for.[17:01:32] <Tom-B> smtpd_client_restrictions=reject for smtp then?[17:02:51] <Aprogas> That will just refuse everything.[17:03:14] *** Vivek has joined #postfix[17:03:27] *** Vivek has joined #postfix[17:04:47] <Tom-B> so I need -o smtpd_client_restrictions=somethingthatallowsMX, reject then?[17:05:47] <Aprogas> I recommend using only recipient_restrictions since helo, client and sender restrictions aren't evaluated until after RCPT anyway.[17:06:09] <Aprogas> postconf -d | grep restriction[17:06:27] <Aprogas> That will show the defaults, first make sure you understand what the default restrictions do.[17:06:43] <Tom-B> http://pastie.org/private/wgteoqy4o2wmqyodadabiq[17:06:52] <Tom-B> Okay[17:07:06] <Tom-B> I do.[17:07:23] <Aprogas> So find out what permit_mynetworks and reject_unauth_destination do, and find out what other restrictions exist that you can use.[17:09:03] <Tom-B> smtpd_recipient_restrictions is filtering who can send from my server right?[17:09:10] <Tom-B> Not who the server can send to?[17:09:28] <Tom-B> recipient sounds like the dude that is getting something[17:09:32] <thumbs> smtp != smtpd[17:09:37] <Aprogas> smtpd_ settings only apply to smtpd; who you send to is handled by smtp.[17:10:00] <Aprogas> The recipient is the "dude that is getting something", all emails have at least one recipient.[17:10:26] <Tom-B> What's the difference between smtp and smtpd ?[17:10:35] <Tom-B> I know what the d stands for?[17:10:48] <Tom-B> presumably one is the submission and one is the one waiting for email through an MX record?[17:10:49] <Aprogas> !smtp!=smtpd[17:10:49] <knoba> Aprogas: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[17:11:09] *** tharkun has quit IRC[17:11:12] <Tom-B> So smtpd receives the email?[17:11:26] <Tom-B> from the mx record?[17:11:56] <Aprogas> You should learn some DNS basics too. Wikipedia can be a good starting point.[17:12:07] *** tharkun has joined #postfix[17:12:11] <Tom-B> I understand now the email arrives at the server I think[17:12:54] *** JonnyV_ has joined #postfix[17:13:30] *** Vivek has quit IRC[17:15:54] <Tom-B> I still don't get it[17:16:19] *** brahama__ has quit IRC[17:16:23] <Tom-B> smtpd_recipient_restrictions <--- smtp_recipient_restrictions does not exist[17:16:37] <Tom-B> If the smtp sends the mail, why is it called smtpd_recipient_restrictions[17:17:01] <thumbs> Tom-B: because other smtp clients talk to your smtpd server.[17:17:14] <thumbs> Tom-B: and because you are now receiving emails.[17:18:25] *** brahama__ has joined #postfix[17:19:08] <Tom-B> So I receive mail from a client through the smtpd and then either reject it based on smtpd_recipient_restrictions, or send it on to whoever it is addressed?[17:19:21] <thumbs> Tom-B: postfix will not enforce smtp restrictions for the outgoing emails to another server. How would it know what to apply?[17:19:47] <thumbs> Tom-B: now you need to understand the difference between relaying and delivering.[17:20:52] *** JonnyV_ has quit IRC[17:20:53] <Tom-B> thumbs what I want is to be able to receive mail through port 25 from the outside world, and allow my users to send mail through my server to the outside world[17:21:07] <thumbs> Tom-B: now you need to understand the difference between relaying and delivering.[17:21:56] <thumbs> Tom-B: those are extremely important concepts. Perhaps you should read the basic docs first.[17:22:11] <Tom-B> blah blah blah blah blah[17:22:50] *** makomi has quit IRC[17:23:14] <thumbs> Tom-B: once an email is submitted to your server, you need to know what you can do with it. Once a user uses your server to send an email, you need to know if you'll relay it, or deliver it.[17:23:51] *** CountDown has joined #postfix[17:24:26] <thumbs> Tom-B: perhaps you should tell us how you see it, and we'll correct your perception.[17:24:39] <Tom-B> The basic docs do not say in plain english how postfix works when an email comes in from the outside world or when someone logs into my server so they can send an email from it[17:24:43] <Tom-B> I did[17:25:03] <thumbs> Tom-B: do you understand the difference between delivery and relaying?[17:25:08] <Aprogas> Tom-B: The architecture overview shows how an email flows through Postfix after coming in at smtpd.[17:25:26] <LouB> Aprogas: sry 4 delay.. i acctualy wanted to know, how to find out if there are any restrictions made by my provider, or if restrictions like that are even possible[17:25:29] <Aprogas> Tom-B: But you don't need to understand the full architecture yet to understand how restrictions work.[17:25:46] <thumbs> Aprogas: it helps to see the bigger picture, however.[17:26:08] <Aprogas> LouB: By doing a telnet to your port 25 from a few different locations, that are confirmed to be able to make outgoing port 25 connections. So testing from another home/consumer-grade ISP is not always a good test.[17:26:18] *** Vivek has joined #postfix[17:26:27] <Aprogas> thumbs: Sure, but at this point I think it will just overflow Tom-B with too much information.[17:26:54] <thumbs> Aprogas: perhaps you're right.[17:27:19] <thumbs> Tom-B: I didn't mean to be condescending. I was merely trying to clarify the role of postfix for you.[17:27:37] <Tom-B> Is the part of postfix that accepts emails from the outside world and part that allows people to send emails to the outside world through my server one and the same?[17:27:51] <Tom-B> or is the difference that ones the smtpd and one smtp?[17:28:10] <Tom-B> Or is the difference between relaying and delivering. ?[17:28:18] <Tom-B> I'm not taking offence[17:28:26] <Tom-B> Just noone seems to give a plain english answer to the basics[17:28:27] <Aprogas> Relaying and delivering both starts with smtpd.[17:28:33] <thumbs> Tom-B: actually, once it comes in to your smtpd, you need to decide if the email stays on your server, or goes outside to another.[17:28:43] <Aprogas> Any TCP connection to your mailserver starts at smtpd.[17:28:55] <thumbs> Tom-B: the former would mean that you own the domain, and the latter not.[17:28:58] <Tom-B> thumbs: right and it does that by asking is the email to be delivered locally right?[17:28:59] <Aprogas> smtpd is the first to choose whether the email is going to be accepted.[17:29:08] <thumbs> Tom-B: locally, or virtually, yes.[17:29:18] <Tom-B> Makes sense[17:29:19] <Aprogas> Tom-B: Did you look up reject_unauth_destination in the documentation?[17:29:39] <thumbs> Tom-B: I sense that you have a better understanding now.[17:29:52] <Tom-B> Not really because that was obvious[17:29:58] <Tom-B> And to my mind you're splitting hairs[17:30:33] <Tom-B> it was obvious that if it was addresses to someone locally it'd stay on the server, in the same way as I wouldn't post a letter to my wife[17:30:36] <Tom-B> I'd hand it to her[17:31:16] <thumbs> Tom-B: all right.[17:31:17] *** JonnyV_ has joined #postfix[17:31:19] <Tom-B> So is that the difference between relaying and delivering[17:31:19] *** xabbu has quit IRC[17:31:28] <thumbs> Tom-B: what I just explained.[17:31:40] <thumbs> Tom-B: delivering implies that you own the domain.[17:31:42] <Tom-B> You didn't explain anything mate[17:31:58] <thumbs> Tom-B: now that this is out of the way, let's go back to restrictions.[17:32:14] <Tom-B> I'm not interested in restrictions right now[17:32:27] <Tom-B> Is the part of postfix that accepts emails from the outside world and part that allows people to send emails to the outside world through my server one and the same?[17:32:41] <thumbs> Tom-B: yes. smtpd[17:32:48] <Aprogas> Delivering means your Postfix is going to accept the mail and store it in some users mailbox. Relaying means Postfix knows it is not the final destination for the mail, but it will contact another mailserver who will then also relay it or deliver it.[17:33:02] *** diffra has quit IRC[17:33:02] <LouB> Aprogas: but thats the strange thing^^ telnet to port 25 actually works so the port is not blocked.. i just cannot send anything to the server (although i receive a 220 when the connection is opened)[17:33:07] <Tom-B> Okay so working on that assumption[17:33:20] <Tom-B> No I still don't get it[17:33:21] <Aprogas> !tell LouB logs[17:33:21] <knoba> LouB: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[17:33:42] *** diffra has joined #postfix[17:33:42] <Tom-B> if they're the same thing how come anyone can send to user at domain dot com assuming it exists[17:33:51] *** MAAAAAD has quit IRC[17:33:57] <LouB> Aprogas: my logs dont tell me anything, there is no error[17:34:07] <thumbs> Tom-B: smtpd is the door, the gateway.[17:34:22] *** brahama__ has quit IRC[17:34:23] *** makomi has joined #postfix[17:34:26] <Tom-B> smtpd_client_restrictions=permit_sasl_authenticated <----- for example[17:34:46] <Aprogas> Tom-B: Because you can run multiple smtpd's on different ports. One on port 25 with restrictions that match what an MX does, and one on port 465 or 587 with restrictions that match what an MSA does.[17:34:49] <Tom-B> if they're one and the same how come the emails from outside aren't required to auth with sasl ?[17:35:17] <Aprogas> Tom-B: By specifying the restrictions to use in master.cf at the relevant service; rather than in main.cf as a global default.[17:35:50] <Tom-B> In 15 seconds you've explained more than you have in 5 hours[17:35:53] *** Vivek has quit IRC[17:35:53] *** Vivek has joined #postfix[17:35:56] <Tom-B> The basic docs did not say that[17:36:06] <Aprogas> Tom-B: I already told you about restrictions, about master.cf, about specifying custom restrictions, etc.[17:36:07] <Tom-B> if they run in parallel but are defined as the same thing then that makes sense[17:36:11] <Tom-B> cat flap vs door with a key[17:36:13] <Tom-B> Fine.[17:36:50] <thumbs> Tom-B: well, we have no way of knowing how good your understanding is, so we have to start with basics, and work from there.[17:37:08] <Tom-B> I can tell you about many many things Aprogas, but if you don't understand the terms, I gain no appreciation of what you're saying[17:37:25] <Tom-B> I can tell you about many many things Aprogas, but if you don't understand the terms, You gain no appreciation of what you're saying[17:37:51] <Tom-B> Okay so for example[17:37:51] <Tom-B> smtp inet n - - - - smtpd[17:38:17] <Tom-B> if I then start a new instance of smtp seperated by a line in master.cf[17:38:19] <Tom-B> for exampkle:[17:38:29] <Tom-B> smtp inet n - - - - smtpd[17:38:29] <Tom-B> smtp inet n - - - - smtpd[17:38:44] <Tom-B> They're both smtpd, that's 2 different instances of the smtpd ?[17:39:38] <Tom-B> Is there a doc that explains master.cf in depth?[17:39:45] <Aprogas> I recommend just limiting yourself to recipient_restrictions for now. It will make things easier.[17:40:01] <Aprogas> client, helo and sender restrictions can all be empty, and they are by default.[17:40:18] <Tom-B> Ignore the content, answer the question <3[17:40:21] <Tom-B> They're both smtpd, that's 2 different instances of the smtpd ?[17:40:43] <Aprogas> Correct, they are different instances.[17:40:45] <Tom-B> The content was an example[17:40:48] <Tom-B> Right thankyou[17:40:58] <lunaphyte> the documentation that the author includes with the software explains the software in depth.[17:41:26] <Aprogas> http://www.postfix.org/master.5.html[17:43:23] *** JonnyV_ has quit IRC[17:44:13] <Tom-B> It says that the last instance is the one that matters[17:44:22] <Tom-B> As it reads down master.cf[17:44:54] <Tom-B> So how do I disable smtp inet n - - - - smtpd whilst leaving it "alive" to get email from mx?[17:45:06] <Tom-B> is that the smtp unix n - - - - smtpd line?[17:45:17] <Tom-B> Unix being local and inet people err over the internet?[17:45:45] <lunaphyte> what does the documentation say?[17:46:47] <Tom-B> If I knew where the documentation answered that question I'd have solved it already?[17:47:18] <lunaphyte> that is nonsense.[17:47:51] <Tom-B> No it's not, you just asked me what the documentation says[17:47:57] <Tom-B> It's a needle in a haystack[17:48:34] <lunaphyte> it is what it is. you're asking to be spoonfed. we don't do that here.[17:48:55] <Aprogas> I already gave you the direct link to the documentation that explains the master.cf file format in detail. You can read that to understand what each column does and means.[17:49:11] <Tom-B> I'm not asking to be spoonfed.[17:49:37] <Tom-B> o Each logical line defines a single Postfix service.[17:49:37] <Tom-B> Each service is identified by its name and type as[17:49:37] <Tom-B> described below. When multiple lines specify the[17:49:37] <Tom-B> same service name and type, only the last one is[17:49:37] <Tom-B> remembered. Otherwise, the order of master.cf ser-[17:49:37] <Tom-B> vice definitions does not matter.[17:49:48] <lunaphyte> ffs dude, i you had bother to spend even 30 seconds reading the link Aprogas generously offered to you, you'd know the answer to you're question. needle in a haystack my ass.[17:49:55] <lunaphyte> *bothered[17:50:10] <Tom-B> Okay then where is the answer?[17:50:12] <Aprogas> Tom-B: The name of a service must be unique, but the process that it spawns does not have to be.[17:50:46] <Aprogas> Tom-B: So the service names "smtp" "smtps" and "submission" all use the process/executable/binary "smtpd" but with different settings applied via -o[17:51:10] <Tom-B> But doesn't "smtp" define it as using port 25?[17:51:23] <Tom-B> And smtps port 465[17:51:28] <Tom-B> I would have sworn you said that earlier?[17:51:32] <Tom-B> Maybe I didn't understand[17:51:39] <Aprogas> Yes, master.cf uses the service name both for looking up the port in /etc/services, and for how it calls the service in the logs.[17:52:26] <Aprogas> Actually, maybe not for how it calls the service in the logs, now you have confused me too.[17:52:47] <Tom-B> So I ask again, if the name defines the port and the last entry is the one used[17:53:15] <Tom-B> How do I have 2 smtp entries one that checks from mx and one that's fully disabled for smtp submission from a client program?[17:54:07] <Tom-B> Is it simply the difference between being private or not?[17:54:21] <Aprogas> No, the difference is in which restrictions are used.[17:55:08] <Tom-B> So I need one single smtp entry with the correct smtpd_recipient_res ?[17:55:55] <Aprogas> Correct. Although you could also put those restrictions in main.cf, because then they will be used as global defaults for any service that doesn't override that setting.[17:56:07] <Tom-B> tomayto tomato[17:56:22] <Aprogas> main.cf is more friendly with whitespace, so for a long list of restrictions it can be nicer to put it in main.cf[17:56:44] <Tom-B> When I know what restrictions are required I can make that call I guess[17:58:00] <Tom-B> lunaphyte where exactly is that answer contained in http://www.postfix.org/master.5.html[17:58:10] *** torralbo has quit IRC[17:58:15] <Tom-B> Because as far as I can see it isn't. but I don't mind admitting when I'm wrong[17:59:32] <Aprogas> The service name and service type descriptions explain which port is bound to, the "command name + arguments" description explains which process is started and with which arguments.[18:02:12] <Tom-B> Apparantly you, by your own admission just spoonfed me[18:02:18] <Tom-B> And I still didn't really understand it[18:02:30] *** LouB has quit IRC[18:02:38] <Aprogas> Yes, I did. I am the spoonfeeder. I haven't been here for very long yet, so I haven't yet turned into a tired grumpy person.[18:03:29] <Tom-B> it's when you go somewhere looking for answers and end up answering everyone elses questions that you have to worry[18:03:48] *** schnoobby has joined #postfix[18:03:50] <thumbs> Tom-B: you're answering our questions?[18:03:59] <schnoobby> !seen Signum[18:03:59] <knoba> schnoobby: Signum was last seen in #postfix 21 hours, 26 minutes, and 8 seconds ago: <Signum> Haven't tried.[18:04:15] <Tom-B> Here? of course not[18:04:40] <Tom-B> But because I know little about postfix doesn't mean I don't know a lot about other subjects =)[18:06:37] <Aprogas> Postfix knowledge is not necessary, I think we already told you about Google Apps, which can provide email services for your company for free.[18:07:07] <Aprogas> There also exist other affordable email hosting products, that take the load of learning to run a mailserver away from you.[18:08:48] <Tom-B> But where's the fun in that?[18:10:29] <Aprogas> My brain works best when I just read information, sleep a night over it, then read it again; before trying to apply it in practice.[18:11:31] <Aprogas> I estimate that if you take a similar approach, you can answer many of your own questions, without needing to ask them here. If you still cannot figure it out after sleeping over it and the second read, you are welcome to ask here.[18:12:31] *** makomi has quit IRC[18:13:03] <Tom-B> You help with half truthes and crypticism though[18:13:42] <Aprogas> Would there be any fun in me just telling you which restrictions to use?[18:13:46] <Tom-B> if you'd have said an hour ago that smtpd is a process and master.cf calls various various instances of that processes based on overides using -o we're been where we are now, but younger[18:13:49] <Tom-B> And life is far too short[18:13:59] <Tom-B> I haven't though mate for what restrictions to use[18:14:03] <Tom-B> have I?[18:14:04] <Tom-B> No.[18:14:42] <adaptr> Tom-B: if your life is to short to learn how postfix works, the logical conclusion is that you shouldn't use it[18:14:56] <adaptr> you've used that prhase before, and I stil lobject to it - it's a cop-out[18:15:16] <adaptr> !spoon[18:15:16] <knoba> adaptr: Error: "spoon" is not a valid command.[18:15:23] <adaptr> it will be[18:15:25] <Tom-B> lol[18:15:54] <Tom-B> Frankly it's not a cop out[18:16:12] <Aprogas> Tom-B: I did tell you over half an hour ago to read the master.cf documentation and example, which explains the difference between the service name and the command it runs.[18:16:15] <Aprogas> !tell adaptr holdmyhand[18:16:15] <knoba> adaptr: "holdmyhand" : A Hit by Hootie and the Blowfish[18:16:17] <Tom-B> People that do everything by the book usually don't get very far[18:16:52] <adaptr> Tom-B: your delusions are yours to enjoy, of course[18:16:59] <Tom-B> As are yours my friend[18:17:16] <adaptr> I'm not your friend by any stretch of the imagination[18:17:22] <tharkun> Tom-B: What bothers me most is that if you spent 20 minutes reading the basic documentation, you wouldn't be here at all[18:17:25] <adaptr> do you have a postfix question ?[18:17:33] <adaptr> if not, I suggest we move on[18:17:46] <Tom-B> tharkun that's simply not true[18:17:53] <Tom-B> because I read it earlier and it made no sense[18:17:53] <Aprogas> adaptr: Do you have a Postfix question? Do any of us really have a Postfix question? Are these questions Postfix questions?[18:18:15] <tharkun> adaptr: have you used the sqlite plugin for postfix yet ?[18:18:24] <Aprogas> Tom-B: If you can articulate more clearly which parts of the basic readme are unclear, I am certain Wietse is willing to make them more clear.[18:18:26] <adaptr> tharkun: *shudder* no[18:19:18] <Tom-B> Pretty much all if it[18:19:19] <tharkun> adaptr: If you feel brave enough to do it please let me know.[18:19:23] <Tom-B> But then I've used linux for a week so[18:19:50] *** karlgus has joined #postfix[18:19:58] <adaptr> tharkun: I really have preciously little use for an sqlite map. mysql is simple and works[18:20:05] <adaptr> and I don't even use that at home[18:20:25] <lunaphyte> his parents won't let him.[18:20:46] <adaptr> I'd have to major in necromancy first[18:20:49] <Tom-B> Till you said that it hadn't occured to me there may be kids here[18:21:12] <adaptr> Tom-B: you're acting like one[18:21:28] * tharkun looks for a guiny pig to test sqlite+postfix[18:22:08] <lunaphyte> it of course be no surprise that someone using linux for a week would have difficulty setting up a mail server properly. why is this the documentation's fault, or our fault?[18:22:14] <Tom-B> adaptr you came out of the wood-work to spar with me, who is the child here?[18:22:43] <lunaphyte> Tom-B: just knock it off, regardless of who may be "the child", or at fault.[18:23:04] <Tom-B> I'd have to agree with that[18:23:05] <adaptr> Tom-B: you've been harassing everybody in the chanel for an hour now, and I see no light at the end of your tunnel[18:23:26] <adaptr> please, invest a few months in getting to know a very powerful OS, and don't expect proficiency overnight[18:23:36] <adaptr> especially don't expect anybody to help you in that desire[18:24:05] <lunaphyte> this channel simply works the way it does. the regulars here like it that way. do not waste your time trying to change it. however, if you invest time and effort into this channel, and become a respected regular, perhaps you can.[18:33:21] <schnoobby> ah silence is golden[18:33:53] <Aprogas> so is your face[18:34:26] <schnoobby> how do you know that?[18:35:21] <Aprogas> I skipped to the ending where the Scooby Doo kids pull off your mask and reveal you are really King Midas.[18:37:45] <schnoobby> if that would be true I would not have to ask questions here^^[18:37:52] *** shoonya has quit IRC[18:41:14] <Aprogas> I recently discovered ^ is a legal character in email addresses, I've had much fun with that.[18:41:33] *** hicker has quit IRC[18:42:13] <Tom-B> I noticed[18:42:55] *** Dosshell has joined #postfix[18:45:53] <schnoobby> all of ! # $ % & ' * + - / = ? ^ _ ` { | } ~ are allowed. you can do ugly things with that[18:46:40] *** p3rror has joined #postfix[18:47:03] <tharkun> schnoobby: is the . also allowed ?[18:48:25] <schnoobby> i hope that was rhetorical[18:48:43] <tharkun> :)[18:49:55] <schnoobby> just posted it because i think # or $ or curly braces are much uglier than ^[18:50:15] *** brancaleone has quit IRC[18:50:33] * tharkun is a little bored setting up log programs for windows sysadmins overseeing his mail servers while on vacation[18:51:02] <thumbs> tharkun: don't trust windows sysadmins![18:54:05] <tharkun> thumbs: i don't trust myself either. I want to have a smooth vacation sans 200 panic sms because things are working either slowly or mail not getting through to clients because of their fault[18:54:36] *** hicker has joined #postfix[18:54:40] <Trengo> tharkun what you need is someone else to look after things when you're on vacation[18:54:52] <Aprogas> Isn't that what he just said?[18:56:49] <schnoobby> someone else = non-windows-admin[18:57:13] *** xabbu has joined #postfix[19:00:54] <Aprogas> oh that someone else[19:01:16] <schnoobby> i think so[19:05:16] <tharkun> From awstats site "For this reason, an "exact" log analysis is a joke with Exchange log files. " ;P[19:09:47] <schnoobby> lol[19:21:20] *** grobe0ba is now known as grobe0ba|away[19:32:50] *** grobe0ba|away is now known as grobe0ba[19:38:56] *** MAAAAD has joined #postfix[19:39:47] *** JonnyV has joined #postfix[19:40:21] *** aretrfre34 has joined #postfix[19:42:28] *** aretrfre34 has left #postfix[19:42:43] *** hicker has quit IRC[19:48:39] *** schnoobby has quit IRC[19:58:13] *** guenter_ has quit IRC[20:02:43] *** guenter has joined #postfix[20:03:35] *** robotarmy has joined #postfix[20:04:46] *** LauJensen has joined #postfix[20:04:48] <LauJensen> Hi gents,[20:05:12] <adaptr> and bots[20:05:28] <LauJensen> I have a postfix sieve running, which was supposed to move all mails having the header X-Spam-Flag "Yes" to "Junk". Nothing happens however, how can I debug?[20:05:51] <lunaphyte> there is no such thing as postfix sieve.[20:06:19] *** neekfenwick has quit IRC[20:06:40] <LauJensen> right, dovecot.sieve[20:07:13] <lunaphyte> ah, good. /join #dovecot[20:07:50] <LauJensen> thanks[20:07:59] *** robotarmy has quit IRC[20:17:20] *** sanderj has joined #postfix[20:18:49] *** Snadder has quit IRC[20:30:32] *** karlgus has quit IRC[20:36:51] * Aprogas fixed a postfwd bug[20:39:38] <Aprogas> Actually I just backported the fix from postfwd2[20:42:25] <LauJensen> #dovecot is not very helpful, anybody here got a clue on how to debug?[20:42:56] *** shoonya has joined #postfix[20:46:14] <Aprogas> Is the question about Postfix? Also http://workaround.org/getting-help-on-irc[20:47:41] <standon> Aprogas: which bug?[20:48:03] <Aprogas> Matching on multiple answers from the DNSBL. I'm mailing to the ML after I get a real-world confirmation my fix is working.[20:48:26] <Aprogas> All I did was add "last ANSWER;" to a labeled foreach loop, that was probably intended to have that anyway.[20:48:42] <rob0> !seen rob0[20:48:42] <knoba> rob0: rob0 was last seen in #postfix 2 days, 0 hours, 28 minutes, and 17 seconds ago: <rob0> Spammers are not welcome in this channel. Except seekwill of course.[20:49:03] <rob0> LauJensen: better yet, just look at the dovecot wiki for dovecot help[20:49:57] *** CountDown has quit IRC[20:55:28] *** makomi has joined #postfix[20:55:28] <LauJensen> problem is, I followed the wiki, got the error, now need help, send more money[20:56:30] *** makomi_ has joined #postfix[20:56:30] *** makomi has quit IRC[20:56:42] <rob0> Ah, that's sad then. I wouldn't have guessed that you had been to the wiki since you started off asking about "postfix sieve".[20:58:52] <LauJensen> hehe - I think thats what you call a brainfart[21:04:59] *** tharkun is now known as cygnus[21:05:07] *** cygnus is now known as tharkun[21:14:44] *** tharkun has left #postfix[21:15:57] *** `nstuff has quit IRC[21:16:05] *** `nstuff has joined #postfix[21:16:43] *** sphenxes has quit IRC[21:17:57] *** nstuff has joined #postfix[21:19:07] *** lysander has quit IRC[21:19:36] *** lysander has joined #postfix[21:20:49] *** `nstuff has quit IRC[21:23:23] *** `nstuff has joined #postfix[21:24:09] *** nstuff has quit IRC[21:34:33] *** makomi_ has quit IRC[21:35:26] *** aretrfre34 has joined #postfix[21:36:27] * shoonya is away: Gone to bed...[21:36:33] <aretrfre34> Why I'm getting this error: Mailer returned: Failed to add recipient: mymail at gmail dot com [SMTP: Invalid response code received from server (code: 554, response: 5.7.1 <mymail at gmail dot com>: Relay access denied)][21:37:43] <LauJensen> When mailbox_commandis null, what is used?[21:39:05] <aretrfre34> !all[21:39:05] <knoba> aretrfre34: Error: "all" is not a valid command.[21:39:55] *** aretrfre34 has left #postfix[21:41:53] <LauJensen> I've now set postfix to use dovecot/deliver as the mailbox_command, but it does not run as root, is there a chmod I can run on the mailboxes so that deliver can access them? They are in users homedirs[21:45:15] *** aretrfre34 has joined #postfix[21:46:35] <Aprogas> aretrfre34: Please pastebin the full bounce message.[21:49:01] <aretrfre34> Aprogas:http://pastebin.ubuntu.com/492329/[21:50:01] <aretrfre34> what does it mean?[21:51:39] <adaptr> it means that server is braindead. 554 is a perfectly valid permanent reject[21:51:47] <adaptr> if it doesn't know how to handle it, it's broken[21:53:08] <Aprogas> aretrfre34: Where exactly did you get this error? Where does Postfix come into play?[21:55:01] *** sphenxes has joined #postfix[21:55:30] <Aprogas> ![21:55:48] * Aprogas just noticed the bot was an empty-string factoid in the DB.[21:55:54] <Aprogas> s/was/has/[21:57:10] <aretrfre34> It seems that php's mail function not working if executed via browser, and ok with command line[21:57:35] <Aprogas> Are you installing a Wiki?[21:58:43] <aretrfre34> yes, postfix working properly with pipes, im trying now with php[21:59:49] <aretrfre34> actually i wanted to enable mailing in wiki at first place[21:59:50] <Aprogas> Are you going to use the mailserver just for sending mails via PHP mail() function?[22:00:07] <aretrfre34> for wiki[22:00:24] <Aprogas> A Wiki does not need Postfix, it just needs a method to send mails.[22:00:40] *** car has left #postfix[22:00:51] <Aprogas> PHP mail() has a builtin nullclient, you can set up mail() to use the MSA of your ISP, and you won't need Postfix at all.[22:02:47] <aretrfre34> how would i do that?[22:04:25] <rob0> IIUC (not a PHP whiz) the nullclient is only in PHP for Windows. For Unix, I have heard that it requires a sendmail(1) app.[22:04:37] <Aprogas> Ask your provider for their MSA (this is the same as the SMTP server your normal mail program uses). Then follow the instructions in http://www.php.net/manual/en/ref.mail.php[22:04:43] <rob0> Anyway, if you have PHP questions, this is not the place for them.[22:04:50] <Aprogas> rob0: On closer inspection you may be right; I figured if Windows can do it, so can UNIX-ish.[22:05:08] <Aprogas> aretrfre34: If the direct SMTP does not work, you still don't need Postfix.[22:05:11] <Aprogas> !tell aretrfre34 nullclient[22:05:11] <knoba> aretrfre34: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[22:05:43] <rob0> I don't know why they didn't provide that for Unix; it sure would save a lot of the most clueless questions we get here.[22:05:45] *** famicom has quit IRC[22:06:01] <standon> Aprogas: i saw your diff to the list; seems intuitive.[22:06:14] *** famicom has joined #postfix[22:07:05] <Aprogas> standon: I think the author intended it as such, why else label the foreach loop.[22:07:35] <rob0> standon: we're forking Spam-L, see http://spammers.dontlike.us[22:07:49] <rob0> cite: we're forking Spam-L, see http://spammers.dontlike.us[22:08:16] <rob0> ("We"="the former Alif-L listmoms")[22:14:11] <standon> Aprogas: agreed.[22:14:19] <standon> rob0: another fork?![22:14:27] * standon wants to be involved![22:14:37] <standon> you just reminded me to unsubscribe.[22:14:43] <standon> (to the current one)[22:15:51] *** xabbu has quit IRC[22:21:39] <standon> rob0: i tried to subscribe.[22:22:10] <Aprogas> Wow, an email that bypassed postfwd.[22:22:21] <Aprogas> And then goes on to score 48.4 in SA.[22:23:36] <Aprogas> Seems to have gone through several reinjects at me-wanadoo.net, so I'm assuming they spamscanned it too.[22:26:16] <standon> 48.4, that's awfully high.[22:26:46] <standon> Aprogas: i hope whatever rules you're using in your postfwd.conf include some iteration of http://hege.li/howto/spam/etc/postfwd/postfwd.conf.[22:26:55] <Aprogas> standon: Yes, that is what I started with.[22:27:03] <standon> Aprogas: an excellent starting point.[22:27:47] <standon> Aprogas: i find that a lot of senders purporting to be gmail.com get caught with a simple rule to see if they're not coming from a google server (or unknown, to avoid false positives in case of temporary DNS issues).[22:27:54] <Aprogas> http://pastie.org/1150185.txt?key=kjtsydm6iubz8it2d7cw is what I use now.[22:27:54] *** xabbu has joined #postfix[22:28:00] <standon> Aprogas: as with everything, YMMV boilerplates apply. :)[22:28:36] *** aretrfre34 has left #postfix[22:30:04] <standon> rob0: thanks for the look; i'm in.[22:31:18] <Aprogas> Granted without this multi-answer bug, postfwd would have caught this spam.[22:31:41] <Aprogas> smtp2a.orange.fr has been naughty.[22:35:18] *** EagleWatch has joined #postfix[22:37:18] <standon> Aprogas: for a while; they're repeat offenders.[22:40:57] <rob0> standon: thanks[22:41:22] <Aprogas> standon: I sent a small message to abuse at orange dot fr anyway, just for the fun of it.[22:41:47] <rob0> hehe orange.fr is not the best abuse desk you'd care to talk to :)[22:43:14] <Aprogas> I don't care, it was only because of a temporary misconfiguration on my end that they got through.[22:43:30] <Aprogas> This was my first spam since 3 september (when I started playing with policyd-weight and later switched to postfwd).[22:43:47] <Aprogas> I used to get about 200/300 messages per day.[22:48:25] *** p3rror has quit IRC[22:48:50] <rob0> standon: if you checked the archives, you'll see that topical discussion has not yet begun. I don't expect an immediate large exodus from Alif-L. I won't post on Alif-L, but I will probably continue lurking to the bitter end (which WILL come, I am sure.)[22:49:28] <Aprogas> Bribe an innocent bystander to "accidentily" crosspost to both lists, thereby announcing the existence of the new one to the old one.[22:49:37] <rob0> correction: I do intend to attempt to announce our fork on Alif-L. Will be interesting to see if he allows it in.[22:49:54] <rob0> hehe, yes, that is a possibility too[22:50:05] <standon> rob0: i already unsubscribed from Alif-L; i don't have time for such distractions.[22:50:22] <standon> rob0: announce the fork on postfix-users too; if you're shy, i will do it.[22:51:07] <rob0> standon, no worries, I am sure its traffic volume is way reduced. Yes, I am going to post a similar announcement to postfix-users too.[22:51:44] <standon> rob0: cool; look forward to it.[22:52:07] <standon> rob0: btw, did you chuckle a little bit when that joker Nick pwned Stan on the list? :)[22:52:31] <Aprogas> http://pastie.org/private/iz6e9pt6usybvv93izpoq testimonial of using more strict generic restrictions and using policyd-weight or postfwd[22:53:16] <Aprogas> Seems it was 25 aug I first played with that.[22:54:04] *** bgerber has quit IRC[23:06:05] *** p3rror has joined #postfix[23:10:21] *** p3rror has quit IRC[23:13:33] *** Vivek has quit IRC[23:23:57] *** guenter has quit IRC[23:24:21] *** lifeofguenter has joined #postfix[23:25:08] *** p3rror has joined #postfix[23:25:57] *** Vivek has joined #postfix[23:32:54] *** CrazyFoam has quit IRC[23:50:12] *** henriknj has quit IRC[23:50:51] *** henriknj has joined #postfix[23:52:08] *** lawnchair has quit IRC[23:53:04] *** lawnchair has joined #postfix[23:57:12] *** niki has joined #postfix[23:59:27] *** henriknj has quit IRC