September 12, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 12, 2010 [00:00:27] <Tom-B> Is "submission" in master.cf inherantly 587 ?[00:01:20] <adaptr> it is what you tell it to be. the RFC says 587, so that may be the smart choice[00:01:27] *** LauJensen has quit IRC[00:01:54] <adaptr> since this is yor first week in Linux, chances are you have no clue what /etc/services is for.[00:02:06] <adaptr> grep submission /etc/services[00:03:02] <Tom-B> Thankyou adaptr[00:04:01] *** henriknj has joined #postfix[00:05:44] *** p3rror has quit IRC[00:18:29] *** grawity has joined #postfix[00:19:02] <grawity> How do I make Postfix smtpd trust client certificates whose CAs are in $smtpd_tls_CApath but not in $smtpd_tls_CAfile?[00:20:32] <Aprogas> pastebin postconf -n and other relevant config you have[00:25:08] <grawity> Aprogas: http://pastie.org/private/uuarqmplwxiwh2ae3m1clw[00:26:54] * adaptr pastebins /usr/share/hugeassbinaryfiles/relevant_config in base64[00:27:35] <Aprogas> What error do you get when using CApath notation? Have you tried adding a trailing slash to the path?[00:28:22] <Aprogas> Can openssl from command-line trace the CA path fully?[00:28:45] <grawity> Openssl s_client or s_server or verify?[00:29:21] <Aprogas> verify first I guess[00:29:30] <grawity> I tried changing CApath to /etc/ssl/certs/ and I still get the same error. (See the updated pastebin at same URL)[00:31:17] <grawity> openssl verify succeeds.[00:33:29] <Aprogas> Maybe the session cache gets in the way; I'm not sure what it stores exactly, but maybe an old attempt.[00:33:54] <grawity> I am testing with openssl s_client, and it doesn't reuse sessions (unless told to).[00:34:06] <Aprogas> I've never used CApath myself, only CAfile.[00:34:15] <Aprogas> What about Postfix's smtpd_tls_session_cache_database ?[00:34:26] <Aprogas> Have you tried increasing TLS loglevel to look for clues?[00:34:59] <grawity> as I just said, openssl s_client doesn't reuse sessions... so commenting out smtpd_tls_session_cache_database doesn't help, I just tried.[00:37:02] <grawity> tls_loglevel=2 doesn't help much, just "SSL_accept:SSLv3 write certificate request A" type stuff.[00:38:43] <rob0> standon: I just saw it, haha :)[00:39:27] <Aprogas> grawity: You are trying this on port 587, right?[00:39:30] <grawity> Yes.[00:40:51] <grawity> Oh, waiiiit a moment...[00:41:25] <grawity> ...if master.cf has an "-" in chroot, does it chroot to some default place?[00:41:33] <Aprogas> Yes.[00:41:39] <grawity> *headdesk*[00:41:43] <Aprogas> I was going to ask file permissions/access next.[00:41:54] <Aprogas> I just put n in the whole chroot column just to prevent such shenanigans.[00:42:10] <Aprogas> I think the default master.cf has chroot disabled, but some distros enable it.[00:42:22] <grawity> That would be Debian >_>[00:42:58] <grawity> Are there any security issues with disabling chroot for smtpd on a relatively low-traffic host?[00:43:02] <Aprogas> Slightly OT: Do you use the backports repo? I am considering using it, postfwd, SA, amavis, etc. are ancient even in volatile[00:43:27] <grawity> No, it's just squeeze here[00:43:35] <grawity> Never used backports.[00:43:42] * grawity will look up later[00:43:43] <Aprogas> squeeze is testing right?[00:43:57] <Aprogas> backports = updating stuff in stable[00:44:15] <Aprogas> If you run testing, you don't really need it.[00:44:33] <grawity> squeeze is Debian 6[00:45:03] <grawity> Which is still "testing", it seems.[00:46:13] *** EagleWatch has quit IRC[00:51:13] *** grawity has quit IRC[00:58:21] *** pyco has quit IRC[01:13:00] *** dragonheart has joined #postfix[01:22:02] <Tom-B> Guys I'm totally stumped on this one:[01:22:03] <Tom-B> localhost postfix/master[10209]: fatal: /etc/postfix/master.cf: line 37: bad transport type: smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject[01:22:27] <Aprogas> Did you forget -o ?[01:22:33] <adaptr> yes he did[01:22:41] <adaptr> and the whitespace[01:23:08] * rob0 gives Tom-B some whitespace[01:23:33] <Tom-B> I need whitespace before -o[01:23:41] <adaptr> yes you do[01:23:45] <Tom-B> I didn't forget -o[01:23:57] <adaptr> that's not what postfix says[01:24:08] <Tom-B> smtps inet n - n - - smtpd[01:24:32] <Tom-B> Why would I lie I'll learn slower?[01:24:37] <Aprogas> adaptr: service name "-o", service type "smtpd_recip..."[01:24:45] <Aprogas> adaptr: Something like that I'm guessing.[01:25:11] <Tom-B> Anyway thanks, much appreciated <3[01:25:13] <adaptr> no, the first word on the line is the transport name[01:25:28] <adaptr> which would be -o[01:25:33] <Aprogas> Yes, but Postfix complained about a bad transport type, not a bad transport name.[01:25:36] <rob0> maybe the -o was on the line aboe?[01:25:40] <adaptr> or a service name[01:25:47] <adaptr> Aprogas--[01:25:49] <Aprogas> Either way, the solution is whitespace.[01:25:57] <adaptr> the solution is always whitespace[01:26:04] *** JonnyV has quit IRC[01:26:05] <Aprogas> When in doubt, add more whitespace.[01:26:07] <Tom-B> I dunno what the debates about, but I obsolutly did have -o smtpd[01:26:13] <Tom-B> I just didn't have a space before -o[01:26:14] <rob0> Also, smtps is deprecated, why do you want it?[01:26:21] <Aprogas> rob0: For OE.[01:26:29] <adaptr> Tom-B: yes, you're oblivious, it explains everything[01:26:30] <rob0> ewww[01:26:49] <adaptr> no, wait, weren't you the "new" one[01:27:01] <adaptr> still running instead of crawling, I see[01:27:23] *** Matic`Makovec has quit IRC[01:27:26] <Tom-B> I refuse to argue with you when you've just helped me[01:27:39] <Tom-B> Which I fully appreciate[01:28:04] <rob0> Oh come on, adaptr loves to argue.[01:28:37] <adaptr> not really. I love to be right, and will argue no end to convince you[01:28:58] <adaptr> argument for its own sake holds no interest for me[01:29:34] <lunaphyte> indirectly, adaptr loves to argue.[01:29:52] <Tom-B> There is no right and wrong in the run before you can walk argument, it takes all sorts. You go slower and get hurt less or you take a couple bumps, it takes all sorts[01:30:59] *** henriknj has quit IRC[01:31:07] <adaptr> except that we get to enjoy your attempts in public in the latter case[01:31:53] <Tom-B> As I said yesterday, wisdom starts with realising you know fuck all[01:32:11] <Tom-B> I am not ashamed on not knowing what I am doing, you were not born postfix proficent[01:33:06] <Tom-B> if the difference between a debate and an argument is anger then this is a debate, but I feel it could go downhill <3[01:33:12] <Tom-B> Gonna have another stab...[01:35:23] <adaptr> no, the difference is that I have a vague clue what I am talking about. it's not an equal relationship[01:35:55] <lunaphyte> yeah, but you also stare at pigs in an effort to obtain nutrition.[01:36:33] <adaptr> not an effort, mate - they keel over inside 10 minutes on a hot day[01:43:02] *** smica has quit IRC[01:43:14] <Tom-B> How old are you adaptr?[01:43:22] <adaptr> Tom-B: 167[01:44:11] <Tom-B> That's a record ain't it?[01:44:19] <Aprogas> adaptr: I think he meant in Earth-Sun rotations, not the years on your home planet.[01:44:57] *** will_ has quit IRC[01:45:11] <adaptr> oh, then I don't know[01:46:29] <rob0> Stabbing not allowed here, Tom-B![01:46:57] <rob0> Trying to take the high road, and then wielding a knife ... wow[01:47:26] <Tom-B> Whoever next XD[01:47:28] <Tom-B> Whatever[01:48:04] *** xabbu has quit IRC[01:48:12] <Aprogas> rob0: what about fstab?[01:48:36] <rob0> chalk up one for Aprogas[01:48:59] * Aprogas &[01:50:22] <Tom-B> Gonna call it a night methinks[01:50:30] <Tom-B> Thanks for all the help today everyone[01:54:13] *** Vivek has quit IRC[01:56:34] *** eye69 has quit IRC[02:02:09] <Tom-B> Somethings really not right here[02:02:43] <Tom-B> I add smtpd_recipient_restrictions = permit_mynetworks, reject to main.cf and " -o smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" to master.cf under smtps and when I try and send an email it just times out[02:04:38] <adaptr> Tom-B: the spaces around = are not allowed in master.cr[02:04:40] <adaptr> cf[02:05:05] <lunaphyte> that's the croatian version of master.cf[02:05:44] <Tom-B> " -o smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" does the same thing[02:07:49] <adaptr> Tom-B: assume that NO spaces are allowed anywhere in master.cf[02:12:07] *** will_ has joined #postfix[02:12:12] <Tom-B> thankyou[02:14:16] <rob0> uh, except where they're mandatory ;)[02:15:06] <rob0> " -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject" is probably what you want[02:15:20] * thumbs spaces out rob0[02:15:38] <thumbs> rob0: upgrading to 13.1 took 3 hours![02:15:56] <jdoe> lol.[02:30:43] <Tom-B> Okay I'm starting to get the hang of this :)[02:31:37] <Tom-B> (where this = 0.1% of postfix)[02:34:58] *** will_ has quit IRC[02:39:31] *** will_ has joined #postfix[02:43:32] *** will_ has quit IRC[02:44:59] *** will_ has joined #postfix[02:50:43] <jeev> thumbs, stop using aol[02:51:16] <thumbs> jeev: what does my internet connection speed have to do with an upgrade?[02:51:24] <jeev> perhaps downloading it was slow[02:51:33] <thumbs> jeev: no.[02:51:38] <jeev> possibly though.[02:54:45] <thumbs> jeev: no.[02:56:21] <psilo2> could have been.[03:09:33] *** loddafnir has quit IRC[03:17:04] <Tom-B> Is check_recipient_access a valid way to only allow incoming email over 25?[03:27:48] <Tom-B> Okay I think I finally did it[03:30:30] <Tom-B> http://pastie.org/private/52g2plp8psa41wfapvw1q[03:31:17] <Tom-B> I can now receive emails from the interwebs through mx records, I cannot submit email using a client on 25, I can only send over 465 using authentication[03:32:03] *** pyther has joined #postfix[03:32:08] <pyther> Hello[03:32:23] <Tom-B> Does that look ok to you guys[03:32:26] <Tom-B> Hey pyther[03:32:26] <pyther> I'm looking for a guide that will help me setup some self signed certs for tls.[03:33:11] <dragonheart> Tom-B: you may as well enable submission as its the non-outdated version of smtps[03:33:31] <Tom-B> pyther: http://www.postfix.org/TLS_README.html for reference[03:33:47] <Tom-B> http://library.linode.com/email/postfix/postfix-dovecot-mysql-ubuntu-10.04-lucid#create_an_ssl_certificate_for_postfix[03:33:53] <pyther> Tom-B: it references the CA.pl script which appears broken on my system[03:34:11] <pyther> Tom-B: I'll try that second link[03:34:28] <Tom-B> dragonheart you meant because I'm using 465 not 587?[03:35:05] <dragonheart> Tom-B: there's probably value in enabling 587 as well. 465 is depreciated[03:35:09] <Dominian> Tom-B: FYI, permit_mynetworks should usually be the first 'restriction' in smtpd_*_restrictions[03:35:42] <Dominian> and yes.. 465 is deprecated as dragonheart pointed out[03:35:50] <Dominian> use 25 with TLS or port 587 which is preferred[03:35:52] <Dominian> for submission[03:36:06] <Tom-B> I require support for OE[03:36:23] <Dominian> Yeah.. OE is one of those stupid clients[03:36:33] <Tom-B> Dominian: re: permit_mynetworks cheers[03:36:40] <Tom-B> Does the pastie look valid?[03:36:42] <Dominian> however, I believe you can still change the port in it that it uses[03:36:46] <Dominian> Tom-B: so far.. yah[03:36:50] <Tom-B> I am a total noob, I think I mostly understand what's happening though[03:37:00] <Tom-B> Kool and the gang <3[03:37:47] *** Csow has joined #postfix[03:38:08] <dragonheart> pyther: a rough cut and paste from some notes I prepared a while ago http://pastebin.org/851701[03:38:27] <Csow> hello[03:39:25] <Csow> what is the solution to not receiving mail because of ISP possibly blocking port 25[03:39:42] <Dominian> Csow: If your iSP is blocking inbound port 25, you're out of luck.[03:39:50] <Dominian> there is no work around[03:40:35] <dragonheart> buy a decent ISP connection :-)[03:40:42] <Tom-B> rent a VPS[03:41:06] <Csow> damn that is a hard thing to swallow I had att uverse untill I moved[03:41:28] <Tom-B> have you rung your ISP and asked them nicely?[03:41:44] <Csow> not yet[03:41:48] <Tom-B> Worth a punt[03:42:07] <Csow> Will do so[03:42:57] <pyther> this is probably a bad error, correct? Sep 11 21:45:55 mongo postfix/smtpd[2970]: SSL3 alert read:fatal:unknown CA[03:43:35] <Tom-B> fatal would imply bad, yes[03:43:57] <pyther> I guess it wants a CA :([03:44:06] <pyther> stupid linode guide[03:44:25] <standon> linode is the failsauce of the internet.[03:45:00] <pyther> It really seems impossible to create a certicface that'll work with postfix[03:45:18] <pyther> I'm starting to feel that I need a degree in SSL communications to get this to work :([03:45:41] <Tom-B> It can't be that hard[03:45:57] <standon> i just followed the _postfix_ documentation to setup my certs and forgot all about it.[03:46:13] <pyther> standon: the CA.pl is highly broken on my machine[03:46:55] *** Dosshell has quit IRC[03:47:01] <Tom-B> Then it would stand to reason that's your first port of call[03:47:27] <pyther> Tom-B: it trys to use some crappy directory that doesn't exist[03:47:36] <pyther> and sadly I can't read any perl[03:47:52] <Tom-B> What's the error?[03:49:05] <pyther> let me run the command[03:50:40] <pyther> I am unable to access the ./demoCA/newcerts directory[03:50:40] <pyther> ./demoCA/newcerts: No such file or directory[03:50:47] <pyther> I'm root[03:51:05] <Tom-B> What command are you running[03:51:20] <pyther> /etc/ssl/misc/CA.pl -newca[03:52:47] <Tom-B> pastie your CA.pl[03:54:31] <pyther> Tom-B: I will if I run into problems I hit a good google result which let me complete the CA.pl command so we will see what happens[03:54:41] <Tom-B> Shouldn't CA.pl be in /usr/lib/ssl/misc ?[03:55:00] <pyther> I think it depends on how openssl was compiled[03:55:11] <Tom-B> What distro you using?[03:55:36] <pyther> archlinux[03:56:05] <Tom-B> I'm using ubuntu 10.04 LTS[03:56:58] <Tom-B> But: http://pastie.org/private/jdwtqiz5a8savboyomh8ow if that helps you[03:57:05] <Tom-B> I don't really know what I'm talking about[03:57:32] <Tom-B> But I'd be A: asking someone for an example CA.pl who has the same distro as you, or fully removing and reinstalling the parts of perl you need[03:58:14] <Tom-B> I might be able to help you tommorow, need to purchase and install a proper cert tommorow[04:04:14] <pyther> Yippy I think I got it to work[04:04:30] <pyther> I had to monkey around with the files that ca.pl was creating[04:05:14] <pyther> but it works! :D[04:05:29] <Tom-B> yay4u[04:05:32] <pyther> Now to configure authentication[04:05:36] <pyther> I hate ssl![04:05:49] <Tom-B> Some birds are going at it hammer and tongs down the road and some mush is out going "shut the fuck up I'm trying to sleep" he sounds about 70 XD[04:05:55] <Tom-B> it is 3am though[04:06:06] <Tom-B> maximum LOLZ[04:09:29] <Tom-B> HBO doesn't make entertainment that good[04:12:28] <pyther> Is it a good idea to have tls_session_cache for smtpd[04:19:26] <Tom-B> I have no idea[04:19:50] <pyther> I want to force TLS connections for anyone authenticating outside of my LAN is this possible?[04:20:38] <Tom-B> yes from what I've read that's possible[04:20:44] <Tom-B> I'm off, nn[04:20:53] <pyther> Tom-B: thanks for your help[04:24:23] <dragonheart> pyther: smtpd_tls_auth_only = yes[04:24:43] <dragonheart> though thats for everyone.[04:27:23] <pyther> dragonheart: yah it would be nice to not force tls for internal users[04:28:06] <dragonheart> are they on a different network interface?[04:28:24] <pyther> no[04:28:39] <pyther> public/private traffic all come in from the same interface[04:30:46] <dragonheart> can't think of a way. i'm not sure its going to gain you much though.[04:31:35] <pyther> What do you mean, but not forcing authentication?[04:32:36] <dragonheart> by enforcing tls for auth for everyone probably won't impact internal users too much[04:34:59] <pyther> so it would be pretty easy to setup mail apps on a linux box to use tls?[04:46:59] <dragonheart> very easy[04:48:15] *** shoonya has quit IRC[04:48:24] <pyther> ok sweet![04:48:33] <pyther> I think I got everything workindg[04:55:06] *** MAAAAAD has joined #postfix[04:57:06] *** Fudge has left #postfix[04:58:52] *** MAAAAD has quit IRC[05:06:24] *** Csow has quit IRC[05:06:50] <pyther> Is this indicating that SASL authentication isn't being used: Anonymous TLS connection established from Nokia-N900-51-1.lan[10.20.1.207]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)[05:08:05] <dragonheart> its only describing the TLS connection - there is no statement there about sasl[05:08:29] <dragonheart> the sasl info will be on a different log line[05:09:05] <pyther> Hmm it doesn't seem as if my phone is sending the sasl login info[05:10:06] <pyther> I tested it on my desktop using thunderbird and I get a line such as "client=tux.lan[10.20.1.4], sasl_method=PLAIN, sasl_username=pyther at pyther dot net"[05:12:43] <pyther> I don't get any such entry for my phone[05:16:59] <dragonheart> probably need to keep looking for phone settings[05:18:51] <pyther> I think I found the problem not sure if there is a fix[05:19:05] <pyther> I think the phone is sending the auth method as LOGIN instead of PLAIN[05:19:47] *** neekfenwick has joined #postfix[05:20:23] <pyther> but I guess the qusetion becomes how can I get postfix to accept LOGIN[05:23:42] <dragonheart> its mentioned in here http://www.postfix.org/SASL_README.html[05:24:50] <pyther> Is smtpd.conf a postfix file or a cyrus file? Since I'm using dovecot for authentication[05:25:22] <dragonheart> sounds like cyrus but I don't use it either[05:26:11] <Dominian> cyrus[05:26:19] <Dominian> postfix doesn't have an smtpd.conf[05:26:41] <pyther> Hmm so what can I do to add LOGIN for dovecot+POSTFIX[05:26:57] <dragonheart> its in the doco - mechanisms =[05:27:01] <Dominian> dovecot.conf is where you set that up[05:27:26] <pyther> Dominian: any idea what settings I might want to mess with[05:27:35] <pyther> I'm not seeing anything from my google searches[05:29:16] <dragonheart> how about a page search on pervious urls[05:29:16] <Dominian> dragonheart gave you a good pointer[05:33:34] <pyther> Yippy I got it to work[05:33:38] <pyther> thanks for all the help![05:36:11] <dragonheart> sure i'll give you a postal adress the check[05:36:27] <pyther> Haha :D[05:53:47] *** MAAAAD has joined #postfix[05:55:58] *** diffra_ has joined #postfix[05:56:00] *** MAAAAAD has quit IRC[05:57:56] *** lifeofguenter has quit IRC[06:16:05] *** diffra has quit IRC[06:16:06] *** passthru has quit IRC[06:16:06] *** founddeath has quit IRC[06:16:06] *** rcsheets has quit IRC[06:16:06] *** VaNNi has quit IRC[06:16:06] *** Meskalyn has quit IRC[06:20:45] *** aretrfre34 has joined #postfix[06:23:14] *** will_ has quit IRC[06:24:26] *** aretrfre34 has left #postfix[06:27:28] *** pyther has quit IRC[06:30:04] *** passthru has joined #postfix[06:30:04] *** founddeath has joined #postfix[06:30:09] *** VaNNi has joined #postfix[06:30:10] *** Meskalyn-Freenod has joined #postfix[06:30:49] *** will_ has joined #postfix[06:31:33] *** rajijoom has joined #postfix[06:42:24] *** Mazon_ has joined #postfix[06:43:46] *** _Zerberus has joined #postfix[06:43:56] *** aptituz_ has joined #postfix[06:44:04] *** psilo2_ has joined #postfix[06:44:10] *** Kirok_ has joined #postfix[06:44:15] *** cafuego_ has joined #postfix[06:44:15] *** kooll has joined #postfix[06:44:28] *** axisys_ has joined #postfix[06:44:44] *** alcohol_ has joined #postfix[06:48:16] *** joschi___ has joined #postfix[06:49:10] *** _ruben_ has joined #postfix[06:49:33] *** _LowKey has joined #postfix[06:50:02] *** Zborg_ has joined #postfix[06:54:47] *** aptituz has quit IRC[06:54:48] *** Zborg has quit IRC[06:54:49] *** axisys has quit IRC[06:54:50] *** cafuego has quit IRC[06:54:50] *** koollman has quit IRC[06:54:50] *** Kirok has quit IRC[06:54:50] *** _ruben has quit IRC[06:54:51] *** adaptr has quit IRC[06:54:57] *** `nstuff has quit IRC[06:55:01] *** Niz-8] has quit IRC[06:55:01] *** will_ has quit IRC[06:55:01] *** LowKey has quit IRC[06:55:02] *** VaNNi has quit IRC[06:55:03] *** Zerberus has quit IRC[06:55:04] *** `nstuff has joined #postfix[06:55:12] *** _Zerberus is now known as Zerberus[06:55:15] *** forsberg has quit IRC[06:55:15] *** Mazon has quit IRC[06:55:15] *** alcohol has quit IRC[06:55:16] *** joschi has quit IRC[06:55:16] *** Tykling has quit IRC[06:55:16] *** Mazon_ is now known as Mazon[06:55:29] *** will_ has joined #postfix[06:55:32] *** VaNNi has joined #postfix[06:55:36] *** Niz-8] has joined #postfix[06:57:28] *** forsberg has joined #postfix[06:58:10] *** Tykling has joined #postfix[07:07:38] *** rajijoom has quit IRC[07:11:30] *** Motoko-chan has joined #postfix[07:12:11] *** Tykling has quit IRC[07:12:11] *** forsberg has quit IRC[07:12:11] *** hrhrhr has quit IRC[07:12:11] *** DogWater has quit IRC[07:12:11] *** freaky[t] has quit IRC[07:12:11] *** psilo2 has quit IRC[07:12:11] *** sedulous has quit IRC[07:12:11] *** Jippi_moc has quit IRC[07:17:46] *** DogWater has joined #postfix[07:22:10] *** forsberg has joined #postfix[07:26:38] *** axisys_ has quit IRC[07:26:58] *** axisys has joined #postfix[07:29:42] *** freaky[t] has joined #postfix[07:31:46] *** will_ has quit IRC[07:33:59] *** rajijoom has joined #postfix[07:38:21] *** joschi___ is now known as joschi[07:49:41] *** rajijoom has quit IRC[07:53:24] *** psilo2_ is now known as psilo2[07:53:25] *** Internat has quit IRC[07:55:31] *** micols has quit IRC[07:58:41] *** will_ has joined #postfix[08:03:57] *** micols has joined #postfix[08:04:12] *** Matic`Makovec has joined #postfix[08:11:11] *** Internat has joined #postfix[08:31:39] *** juergen_dose has joined #postfix[08:50:21] *** BigBob85 has joined #postfix[08:52:14] <BigBob85> I got a quick question about MX records.. coudlnt find info I wanted from google, so I'll ask here, may not be correct channel, but someone should have some idea what im on about... in theory...[08:52:31] <BigBob85> is it possible to have seperate MX records to seperate email accounts accross servers?[08:52:47] <BigBob85> So if I have user1 at a dot com, user2 at a dot com and user3 at a dot com[08:53:03] <BigBob85> and the mx records are 0 mailserver1.net, 10 mailserver2.net[08:53:20] <BigBob85> and the user1 and user3 accounts exist on mailserver1.net, and user2 exsits on mailserver2.net[08:53:38] <BigBob85> so when the email for user2 is sent to mailserver1 and it does not find the user, it trys mailserver2.net[08:53:53] <BigBob85> Is that scenario possible to set up?[08:54:03] <Signum> BigBob85: No, that wouldn't work well.[08:54:27] <Signum> BigBob85: Even if you returned a temporary error (4xx) from one mail server then the original mail server might try again the same server and never get the email delivered.[08:54:58] <Signum> BigBob85: You'd need some kind of SMTP forwarder in one place to distribute the incoming email to the right servers.[08:55:26] <BigBob85> hmm.[08:55:38] <Signum> BigBob85: Or use different email domains.[08:56:26] <Signum> BigBob85: I mean you could make all servers accept email for all domains and forward the email to the right mail server.[08:56:57] <BigBob85> well the main server, which I'll call nodowntime.net (godaddy, lol :|) I dont have access to really[08:56:59] <Signum> BigBob85: You'd have to maintain an SMTP routing ("transport") table that tells each mail server (Postfix?) where to actually send the email.[08:57:17] <BigBob85> I can create duplicate email accounts on there, and if possible foward them to the email accounts no the not so allive server.[08:57:48] <BigBob85> but I dont think I can foward to user2 at 167 dot 21.32.23[08:58:00] <BigBob85> in fact that would be silly.[08:58:06] <Signum> You may want to read about "backup MX" in this context.[08:58:28] <Signum> Because it's a mail server in case the primary server goes down. It would accept the email and relay it back to the right server.[09:01:11] *** sysmonk has quit IRC[09:01:51] *** sysmonk has joined #postfix[09:08:00] *** xabbu has joined #postfix[09:10:05] <Aprogas> Domains cost like $10/year; using seperate domains for seperate user pools is the simplest solution.[09:21:35] <BigBob85> its only the one account i want localy[09:21:40] <BigBob85> the help@ one[09:21:52] <BigBob85> because the help system uses a piping method to fetch/send mails[09:22:11] <BigBob85> trying to set it up now with its alternative pop method, but it hates me.[09:23:01] *** Motoko-chan has quit IRC[09:25:59] *** sysmonk has quit IRC[09:26:37] *** sysmonk has joined #postfix[09:28:09] *** shoonya has joined #postfix[09:33:34] *** shoonya has quit IRC[09:36:59] *** sysmonk has quit IRC[09:36:59] *** sysmonk has joined #postfix[09:49:03] *** micols has quit IRC[09:49:27] *** micols has joined #postfix[10:04:16] *** war9407 has quit IRC[10:07:27] *** war9407 has joined #postfix[10:14:49] <Aprogas> You can use virtual aliases to rewrite recipients.[10:21:50] *** makomi has joined #postfix[10:27:34] *** robotarmy has joined #postfix[10:30:44] *** LauJensen has joined #postfix[10:31:00] <LauJensen> I just added an rlb zen.spamhaus.org to my main.cnf, how can I verify that it works?[10:31:15] <Aprogas> !tell LauJensen logs[10:31:15] <knoba> LauJensen: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[10:31:20] *** BigBob85 has quit IRC[10:31:28] <Aprogas> You might want to use warn_if_reject or soft_bounce at first.[10:31:40] *** EagleWatch has joined #postfix[10:31:45] <LauJensen> Where can I read about those?[10:32:04] *** robotarmy has quit IRC[10:32:26] <joschi> LauJensen: in postconf(5), like every main.cf option ;)[10:33:17] <LauJensen> What is postconf(5) ?[10:33:31] <LauJensen> wait, nevermind :)[10:33:37] <LauJensen> I ran 'man postconf 5' in a wrong terminal[10:33:57] <joschi> LauJensen: http://www.postfix.org/postconf.5.html if you want to open it in a web browser[10:35:02] <LauJensen> ok, both of those options make sense, but Im really looking to generate an email that would fail the spamhaus lookup[10:35:27] <Aprogas> They'll come in soon enough; how long have you been running a mailserver?[10:36:01] <LauJensen> About a year[10:44:49] <Aprogas> What is your IP-address? My home connection is in PBL, so I can test your reject from there.[10:45:22] <LauJensen> thanks, the server is on 109.74.203.13[10:46:21] <LauJensen> yea you got blocked[10:46:22] <Aprogas> 554 5.7.1 Service unavailable; Client host [82.75.91.82] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=82.75.91.82[10:47:03] <LauJensen> Good stuff - Its so easy its hard to trust it :)[10:51:25] *** smica has joined #postfix[10:55:22] <LauJensen> Ive so far, not allowed the server to handle outbound smtp, because I didn't want spammers to hi-jack it and use it for sending spam. What are my options for securing the outbound smtp part?[10:56:27] <Aprogas> What were you planning to do with an email that was accepted by smtpd but then refused by smtp?[10:56:44] <Aprogas> Restrictions should be on the places where mail goes into your system, not where it goes out.[10:57:03] <Aprogas> You might want to limit which users can use the sendmail-command for example.[10:57:22] <LauJensen> I just need some kind of secure validation of who's sending the email, I guess either by password or preferably by ssh key[10:57:31] *** Trengo has quit IRC[10:58:30] <Aprogas> Are your users submitting mail via a TCP connection to your mailserver, or by logging in and running sendmail (or mail, or any other form of local pickup)[10:58:57] <LauJensen> Nobody logs in, everything comes from Thunderbird clients[10:59:10] <LauJensen> All mail users have local accounts though[10:59:19] <Aprogas> !tell LauJensen sasl[10:59:19] <knoba> LauJensen: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[11:05:28] <LauJensen> ok thanks, that'll take some time to consume[11:14:59] <Tom-B> LauJensen there are millions of tutorials on how to enable SASL on your server[11:15:14] <Tom-B> I'd recommend using one and refering to the postfix docs on exactly what you're doing at each stage[11:16:13] *** _ruben_ is now known as _ruben[11:16:14] <Tom-B> Aprogas: last night I got pretty much everything working as I wanted[11:16:53] <Tom-B> users cannot submit mail on my server without authentication over 465[11:17:02] <Tom-B> But It can still receive mail from the outside[11:17:23] *** schnoobby has joined #postfix[11:17:30] <Tom-B> The only exception is if someone sent an email to an internal address by connecting to mail.dom.com without authenticating[11:17:31] <Tom-B> http://pastie.org/private/52g2plp8psa41wfapvw1q[11:17:38] <Tom-B> Is that normal?[11:18:17] <Tom-B> I assume it's to do with "permit_mynetworks" but when I removed that I couldn't receive any emails from the outside[11:20:56] <Aprogas> What precisely is your question?[11:22:57] <Tom-B> On a setup that's designed so users cannot submit mail to a server without authentication over 465 that emails to internal addresses not require authentication[11:25:08] <Tom-B> is it normal[11:26:39] *** master_of_master has quit IRC[11:27:15] <will_> yes[11:27:32] <will_> Authentication is for relaying messages to other MTAs[11:28:09] <will_> If a message is destined for itself, it doesnt need auth[11:28:17] <dragonheart> normally auth only services like smtps and submission should only be for authenticated services. putting a internal addresses are allowed means that mobile users that you setup within your network may not work when they get home.[11:28:33] *** master_of_master has joined #postfix[11:28:51] <dragonheart> nothing exceptionally wrong with it - it just may get you into a small troubles if you're not aware its there[11:29:13] <Tom-B> All my users will be remote[11:30:07] <Aprogas> Other mailservers won't need to authenticate to deliver email to a local domain, so your users won't have to either.[11:31:10] <Tom-B> ok[11:31:28] <schnoobby> !seen Signum[11:31:28] <knoba> schnoobby: Signum was last seen in #postfix 2 hours, 33 minutes, and 0 seconds ago: <Signum> Because it's a mail server in case the primary server goes down. It would accept the email and relay it back to the right server.[11:31:51] <Tom-B> Try /whois name name[11:31:54] <Tom-B> name twice for idle info[11:32:15] <Tom-B> Signum has been idle 2hrs 18mins 42secs, signed on Wed Aug 04 20:20:00[11:41:02] *** loddafnir has joined #postfix[11:41:48] *** henriknj has joined #postfix[11:43:02] *** henriknj_ has joined #postfix[11:43:18] *** brancaleone has joined #postfix[11:46:18] *** henriknj has quit IRC[11:47:52] *** neekfenwick_ has joined #postfix[11:51:25] *** neekfenwick has quit IRC[12:01:02] *** henriknj has joined #postfix[12:05:07] *** henriknj_ has quit IRC[12:09:45] *** adaptr has joined #postfix[12:10:16] *** schnoobby has quit IRC[12:27:14] *** schnoobby has joined #postfix[12:28:42] *** GoGi has quit IRC[12:28:44] *** GoGi2 has joined #postfix[12:29:26] *** GoGi2 is now known as GoGi[12:53:11] *** henriknj has quit IRC[12:59:59] *** cga has joined #postfix[13:04:07] *** Vivek has joined #postfix[13:04:07] *** Vivek has quit IRC[13:04:07] *** Vivek has joined #postfix[13:09:47] *** cafuego_ is now known as cafuego[13:09:49] *** cafuego has joined #postfix[13:15:48] *** Kirok_ is now known as Kirok[13:16:18] *** Kirok is now known as Guest47232[13:16:28] *** Guest47232 has quit IRC[13:17:07] *** Kirok_ has joined #postfix[13:23:55] *** Kirok_ is now known as Kirok[13:24:14] *** Kirok has quit IRC[13:24:14] *** Kirok has joined #postfix[13:24:19] *** Meskalyn-Freenod is now known as Meskalyn[13:27:16] *** schnoobby has quit IRC[13:34:34] *** makomi has quit IRC[13:40:39] *** TomHome has joined #postfix[13:48:45] *** dogmeat has quit IRC[13:48:48] *** TomHome has quit IRC[13:51:07] *** dogmeat has joined #postfix[14:03:10] <LauJensen> Is it possible for another domain, just to add my IP address to the MX record of that domains dns-record, and then add the domain name under 'mydomains' in postfixs main.cf, and then add a someone@thatdomain to the virtuals list, and then he could receive mails on my server?[14:05:06] *** henriknj has joined #postfix[14:11:13] *** tfiebig has joined #postfix[14:11:16] *** makomi has joined #postfix[14:11:34] *** ichdasich has quit IRC[14:11:59] *** makomi has quit IRC[14:12:20] *** makomi has joined #postfix[14:17:40] <dragonheart> LauJensen: sounds about right[14:22:26] *** Trengo has joined #postfix[14:22:40] *** micols has quit IRC[14:35:07] *** pinoyskull has joined #postfix[14:38:03] *** wdp__ has joined #postfix[14:38:17] *** smica has quit IRC[14:39:49] *** war9407 has quit IRC[14:39:56] <Aprogas> LauJensen: mydomain takes one argument, not multiple; I don't think this is the setting you are looking for.[14:40:20] <Aprogas> LauJensen: If your mailserver is where the mailbox of the user is stored, you should be the first MX.[14:42:25] *** wdp_ has quit IRC[14:46:50] *** xabbu has quit IRC[14:47:05] *** micols has joined #postfix[15:05:44] *** makomi has quit IRC[15:06:41] *** freaky[t]_ has joined #postfix[15:08:57] *** freaky[t] has quit IRC[15:11:53] *** ichdasich has joined #postfix[15:18:54] *** rajijoom has joined #postfix[15:29:49] *** tfiebig has quit IRC[15:31:08] *** Vivek has quit IRC[15:49:51] <LauJensen> Aprogas: mydomain already has 2 arguments, and it works fine for both domains[15:50:53] <Zerberus> LauJensen: unlikely - you certainly mix that with $mydestination[15:53:52] <LauJensen> hmm, sorry, it seems I misremembered virtual_alias_domains as mydomain[15:54:41] *** pyther has joined #postfix[16:08:17] *** war9407 has joined #postfix[16:12:53] *** kervel has joined #postfix[16:17:51] *** uqlev has joined #postfix[16:20:45] *** pyther has quit IRC[16:36:12] *** uqlev has quit IRC[16:42:27] *** dragonheart has quit IRC[16:46:55] *** Vivek has joined #postfix[16:46:56] *** Vivek has joined #postfix[17:23:52] *** makomi has joined #postfix[17:42:34] *** makomi has quit IRC[18:12:49] *** Moofius has joined #postfix[18:14:03] *** karlgus has joined #postfix[18:15:00] <Moofius> Hey, I want to set up postfix to relay all incoming emails * at goplay dot se to a gmail adress. I also want to be able to from gmail (it has a smtp login thingy) send from my.name at goplay dot se[18:15:22] <Moofius> It will only have one user (me)[18:15:47] <Moofius> and when I have searched I found only how to relay mail via gmail, not to set up a smtp with login server[18:15:50] *** makomi has joined #postfix[18:16:32] *** cga has quit IRC[18:16:34] *** makomi has quit IRC[18:16:51] *** JonnyV has joined #postfix[18:16:53] *** makomi has joined #postfix[18:17:47] <Aprogas> Moofius: Why not host goplay.se with Google Apps?[18:18:58] <Moofius> I need to send out registration emails, google apps has a really low limit (we are using another server now, but we are getting close to that limit too)[18:19:48] <Aprogas> Are you sure you want to use a catch-all address? It will lead to loads of spam.[18:20:16] <Moofius> we have it currently, and we get no spam[18:20:34] <Moofius> and I have it on other domains too, and no problems so far[18:20:42] <Aprogas> So what precisely is your question?[18:21:34] *** schnoobby has joined #postfix[18:21:43] <Moofius> I have never set up a smtp server, I have used other peoples servers[18:22:38] <Moofius> so I want to know how to get all the mail and send to my gmail-account and also how I can send mail that looks like it's from my server[18:23:01] <Moofius> because when people send to test at goplay dot se they don't expect a respond from my personal mail[18:23:52] <Aprogas> !tell Moofius why[18:23:56] <knoba> Moofius: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[18:25:06] <Aprogas> The From-address is usually handled by the MUA, e.g. Thunderbird.[18:25:33] *** JonnyV_ has joined #postfix[18:25:53] *** JonnyV_ has quit IRC[18:26:38] *** JonnyV_ has joined #postfix[18:27:45] *** JonnyV has quit IRC[18:27:50] *** JonnyV_ has quit IRC[18:28:28] *** JonnyV has joined #postfix[18:33:06] *** kooll is now known as koollman[18:35:59] *** rajijoom has quit IRC[18:46:59] *** ncode has joined #postfix[18:46:59] *** ncode has joined #postfix[18:49:57] <ncode> hi... someone know if is possible fallback or relay only bounces to another host?[18:54:16] <Aprogas> I don't understand the question.[18:54:52] <thumbs> Aprogas: Sunday questions.[18:57:45] <ncode> i wanna forward bounce messages to another host[18:57:54] <ncode> but only bounced messages[18:57:59] <thumbs> ncode: why?[18:58:10] <ncode> my mx has 3 layers[18:58:28] <thumbs> you have a tertiary mx record?[18:58:38] <ncode> nops[18:58:47] <ncode> igot one barreier to world[18:59:03] <ncode> and more two layer of queue[18:59:14] <ncode> if i got one bounce in the last layer[18:59:26] <ncode> i wanna forward this bounce to another host[18:59:36] <ncode> and leave only good messages on queue[19:00:01] <ncode> and make a less priority delivery queue to bounces[19:00:25] <Aprogas> Are you looking for SRS?[19:00:39] <Aprogas> !tell ncode srs[19:00:39] <knoba> ncode: "srs" : sender rewriting scheme (srs) is a technique to re-mail an email message so that eventual delivery status notifications can reach the original message sender. in this context, re-mailing is an alternative to email forwarding, which is not allowed by the sender policy framework. see http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme for more info.[19:00:59] *** JonnyV_ has joined #postfix[19:01:10] <ncode> nop[19:01:21] <ncode> i dont need to rewrite my sender[19:01:49] <Aprogas> Why does your MX have "3 layers" ?[19:01:59] <Aprogas> Could you describe that setup in more detail?[19:02:03] <ncode> yeah[19:02:48] *** JonnyV has quit IRC[19:03:08] <ncode> normaly my servers handle 4kkk messages by day[19:03:20] <thumbs> 4kkk ?[19:03:24] <ncode> yeah[19:03:28] <Aprogas> "for Ku-Klux Klan"[19:03:38] <ncode> 4000000000[19:03:39] <thumbs> you mean 4k?[19:03:42] <ncode> nops[19:04:04] <ncode> i got 450k domains in my infraestructure[19:04:12] <thumbs> be clear. Say 4 million.[19:04:16] <ncode> k[19:04:18] <Aprogas> 4 billion actually[19:04:22] <thumbs> err right.[19:04:54] <ncode> my first layer do the hard work[19:05:16] <ncode> clean virus, rbl, anti-spam and another filters[19:05:32] <ncode> try one delivery[19:05:43] <ncode> and fallback to queue server i cant by some reason[19:05:57] <ncode> sorry but i got a poor english[19:06:03] *** Vivek has quit IRC[19:06:19] <ncode> and the lastlayer got mailboxes[19:06:52] <ncode> if some user deativete one account during this steps[19:07:02] <Aprogas> Ok, so {internet} -> intake+scan -> reinject -> delivery -> {users}[19:07:06] <ncode> i got bounces messages in the seconds layer[19:07:43] <ncode> i want to forward this bounces to another server to delivery to original sender[19:07:59] <ncode> and leave only good messages on queue[19:08:14] <Aprogas> Bounces will go to the original sender, so long as you don't touch Return-Path.[19:08:22] <ncode> yeah[19:08:41] <Aprogas> Although a setup where after intake by one of your servers, a later server can refuse the message, will lead to backscatter.[19:08:43] <ncode> but if server cant delivery in first try[19:08:52] <Aprogas> !tell ncode relay_recipient_maps[19:08:52] <knoba> ncode: "relay_recipient_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that do not have a valid recipient list.[19:09:13] <Aprogas> I think on your intake servers you should maintain a list of which mailboxes are valid and which aren't, and only accept delivery for valid mailboxes.[19:09:26] <thumbs> good idea.[19:09:39] <thumbs> a mysql map would be idea.[19:09:43] <ncode> yeah i only accept valid users in my fisrt layer[19:09:46] <thumbs> ideal, rather[19:10:34] <ncode> but if one of my clientes delete one of him accounts[19:10:51] <thumbs> ncode: then update the db immediately.[19:11:05] <ncode> yeah but message is already on queue[19:12:12] <ncode> and i try to delivery bounce to sender[19:12:30] <ncode> and for any reason i cant[19:12:35] <thumbs> ncode: how often does that happen?[19:13:04] <ncode> normaly i got 50k messages on queue[19:13:18] <ncode> s/messages/bounces/[19:13:33] *** rajijoom has joined #postfix[19:17:32] <lisa> that's a lot of bounces[19:19:34] <Aprogas> How come you have 50k users who closed their mailbox in the timespan between your intake server verifying that the mailbox exists, and the next server detecting it does not exist?[19:19:42] *** Vivek has joined #postfix[19:20:18] <ncode> bounces stay in queue during 8 hours[19:20:40] <ncode> the best way i done this forward[19:21:01] <ncode> its using a template bounce[19:21:17] <ncode> and a header_check[19:21:47] <ncode> checking some strings and forwarding the message[19:22:51] <ncode> Aprogas: blcoking spammer on my infraestructure make this :([19:23:28] <ncode> deactive ~50 new users by day[19:24:07] <ncode> if i can forward this bounces[19:24:15] <ncode> i can deliverery valid bounces[19:24:34] <ncode> and make a rule to delete invalid[19:25:01] <ncode> in another server[19:26:13] <ncode> ~50 new infrastructure user == 50 domain[19:26:58] *** ncode has quit IRC[19:27:20] *** neekfenwick_ has quit IRC[19:31:13] *** JonnyV_ has quit IRC[19:31:28] *** xabbu has joined #postfix[19:41:08] *** rajijoom has quit IRC[19:42:30] <Aprogas> I wasn't paying attention because I am rediscovering Pegasus Mail.[19:45:01] *** karlgus has quit IRC[19:59:16] *** pinoyskull has quit IRC[20:18:05] *** makomi has quit IRC[20:18:49] *** smica has joined #postfix[20:19:28] *** juergen_dose has left #postfix[20:23:16] *** Vivek has quit IRC[20:46:50] <adaptr> he's a fool[20:47:08] <adaptr> any system producing 50K undeliverable bounces is horirbly misconfigured[20:51:02] *** pyco has joined #postfix[20:52:52] <Aprogas> He processes 5 billion messages per day.[20:53:12] <Aprogas> Sorry, 4 billion. 5 billion would have been silly, that sounds way too high.[20:53:39] <thumbs> for the record, I don't believe he was processing that many.[20:54:31] <Aprogas> I might believe he was processing that many, but not incoming. I also doubt his "users" had any form of contract, deal or other form of opt-in with him, if you catch my drift.[20:54:55] <adaptr> Aprogas: I wouldn't buy 4 million.[20:54:57] <thumbs> Aprogas: agreed 100%[20:55:32] *** MAAAAD has quit IRC[20:56:56] <thumbs> damn spammers. Damn seekwill.[20:57:01] <adaptr> there was some discussion on users@ last week about single-CPU bottlenecks, and it's pretty well established that the qmgr is a single-threaded process that peaks at around 1000/second. so on a single box, you're never ever going to process more than about 80M messages per day[20:57:22] *** MAAAAD has joined #postfix[20:57:23] <Aprogas> Wasn't it 3000/second?[20:57:24] <adaptr> he would need a minimum of 50 (!) servers to reach 4B[20:57:29] *** tuxcrafter has quit IRC[20:57:48] <adaptr> Aprogas: on the say-so of the cluebot asking, I tend to trust Wietses own tests a lot more[20:58:10] <adaptr> let's cal lit an even 1000 per second, you already need insane fucking SAN for that[20:59:24] *** tuxcrafter has joined #postfix[21:00:36] <Aprogas> Victor said he ran a test 2 years ago that hit 3000 msgs/s on qmgr, and that 300-400 msgs/s is realistic with no content filtering and under good conditions.[21:02:10] <adaptr> oh was that victor ? ah yes, but he also said he used NO checking, and a 4gb FC SAN as spool[21:02:22] <adaptr> you're going to need 400+MB/sec for that volume[21:02:28] <Aprogas> Yes, it was a theoretical test mostly.[21:02:55] <adaptr> so in the real world, even with serious hardware, I wouldn't take him seriously if he claimed more than 1000/sec on a single box[21:03:18] <adaptr> I have NO idea why wer'e dsicussing this, he has long gone back under his rock[21:04:24] <Aprogas> We are speculating whether ncode was pure troll, or just exagarating.[21:04:35] <Aprogas> And yes, I know I mispelt that word.[21:04:51] <adaptr> I know, so where's rob0 ? he's the expert on WAGs[21:05:38] <adaptr> I would expect him to sneak up in the middle of such a speculationfest, like Gibbs[21:06:17] <Aprogas> Being Dutch we have the right to speculate in this season, because the "speculaas" is on the shelves already again.[21:09:50] <adaptr> I saw that yesterday ![21:09:55] <adaptr> the small ones at the AH[21:09:59] <adaptr> I resisted[21:18:52] <zoo_> where is the chroot when using ubuntu? /var/spool/postfix/?[21:19:18] <thumbs> !chroot[21:19:18] <knoba> thumbs: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[21:19:24] <thumbs> !debian[21:19:24] <knoba> thumbs: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[21:19:33] <thumbs> zoo_: see those links.[21:36:11] *** JonnyV has joined #postfix[21:36:19] *** nokia3510 has quit IRC[21:39:50] *** schnoobby has quit IRC[21:43:03] *** JonnyV has quit IRC[21:44:35] *** nokia3510 has joined #postfix[21:55:11] *** JonnyV has joined #postfix[22:00:01] <zoo_> I have configured dspam to be used as content_filter, but now also my outgoing mails are processed by dspam. is there a way to only use the content_filter if the mail is incoming?[22:01:24] <Aprogas> !tell zoo_ submission[22:01:24] <knoba> zoo_: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[22:02:03] <Aprogas> That would be the easiest way; if you trust your own clients, have them use the submission port and bypass dspam, and run dspam only on the port 25 server listening to the Internet.[22:02:06] <lisa> all mail being sent to postfix is incoming, to postfix.[22:02:22] <Aprogas> lisa: Not mailer-daemon errors. :P[22:02:36] <lisa> Aprogas: is that sent /to/ postfix?[22:03:57] <zoo_> Aprogas: good idea[22:09:44] <zoo_> !msa[22:09:44] <knoba> zoo_: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[22:10:40] *** dxtr has quit IRC[22:19:57] *** makomi has joined #postfix[22:20:40] <zoo_> Aprogas: can i force my users to use the submission port and not use port 25?[22:21:16] <lisa> iptables ftw[22:21:23] *** dxtr has joined #postfix[22:22:20] <Aprogas> zoo_: You probably want to combine submission with SASL.[22:23:02] <zoo_> Aprogas: i did it. (530 5.7.0 Must issue a STARTTLS command first) :-)[22:23:09] <Aprogas> zoo_: SSL is not SASL.[22:23:40] <zoo_> sure, but i did that too[22:23:51] <Aprogas> zoo_: By default Postfix will relay mail for mynetworks, remove your users from mynetworks or change the default restrictions.[22:24:23] <Aprogas> zoo_: They could still use port 25 to deliver mail to domains serviced by your mailserver, but their only way of sending mail to the outside is by using 587 and logging in.[22:25:31] <Aprogas> !tell zoo_ access[22:25:31] <knoba> zoo_: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[22:26:01] <Aprogas> That explains how to control who is allowed to do what (connect, deliver, relay, etc.) based on all sorts of criteria.[22:30:10] <thumbs> adaptr: ping, dammit[22:32:04] <zoo_> Aprogas: thank you[22:32:38] *** makomi has quit IRC[22:33:57] *** makomi has joined #postfix[22:54:27] <zoo_> Aprogas: i got it :)[23:02:25] *** LauJensen has quit IRC[23:04:04] *** smica has quit IRC[23:04:25] *** robotarmy has joined #postfix[23:08:29] *** makomi has quit IRC[23:08:42] *** robotarmy has quit IRC[23:09:48] *** makomi has joined #postfix[23:12:06] *** makomi has quit IRC[23:13:15] *** JonnyV has quit IRC[23:27:22] *** JonnyV has joined #postfix[23:34:12] *** antixsuperstar has joined #postfix[23:34:30] <antixsuperstar> hi guys! can i set a per-recipient relayhost rule?[23:35:05] <antixsuperstar> (address_verify related?)[23:35:45] <antixsuperstar> or should i mannual add a MX record in my DNS?[23:35:52] <antixsuperstar> manually add*[23:39:51] *** Matic`Makovec has quit IRC[23:41:17] *** EagleWatch has quit IRC[23:41:39] *** antixsuperstar has quit IRC[23:44:15] *** EagleWatch has joined #postfix[23:45:11] *** JonnyV has quit IRC[23:49:37] *** JonnyV has joined #postfix[23:52:38] *** p3rror has joined #postfix[23:53:40] *** JonnyV has quit IRC