September 14, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 14, 2010 [00:03:30] <hesco> I'm seeing in the logs: external host mail.example.com attempted to send as example.com.[00:03:55] <hesco> I have two mail servers, one handling all our mail and passing the yahoo bound mail off to the next server.[00:04:34] <hesco> They both need to identify as sending from our domain, but this log entry seems to suggest that postfix does not like that.[00:04:41] <hesco> Any ideas how to resolve that?[00:05:10] *** [Jasper] has quit IRC[00:05:20] *** henriknj has quit IRC[00:12:39] <hesco> apparently this is actually a dk-milter issue, not specific to postfix[00:14:46] <hesco> I'm not seeing evidence that my default_destination_rate_delay setting is being honored. Does that belong in main.cf ???[00:16:42] *** micols_ has joined #postfix[00:20:05] *** micols_ has quit IRC[00:20:06] *** micols has quit IRC[00:21:37] *** UncleD has joined #postfix[00:22:08] <UncleD> What is the easiest way to redirect e-mail sent to oldemployee to newemployee (we're using postfix & dovecot)?[00:28:22] <Rado> Alias, virtual.[00:31:34] *** Section1 has quit IRC[00:38:28] *** nb has quit IRC[00:38:39] <UncleD> Rado, any idea why "adduser" did not automatically create a mail* for my user[00:38:46] <UncleD> mail directory. Do I need to manually do that?[00:39:16] <UncleD> Or rather do that with postconf?[00:41:40] <UncleD> Radio, aliases worked btw.[00:42:08] <UncleD> Currently, I created a user on my system, and /var/spool/mail/thatuser exists. But that user cant seem to login to their e-mail with the user/pass created.[00:42:18] <UncleD> And now mail/ exists in their home directory.[00:43:03] <UncleD> Oh ya, i think its maildirmake ./Maildir[00:44:42] <uqlev> UncleD, use skel[00:45:04] <UncleD> uqlev: got a link to how?[00:45:28] <uqlev> UncleD, what OS?[00:45:32] <UncleD> Ubuntu[00:45:40] <uqlev> UncleD, man adduser[00:46:29] <uqlev> man useradd -k option[00:47:00] <UncleD> my /etc/skel doesnt have a mail folder though[00:47:14] <UncleD> oddly enough some users on my system have them, must have manually created them?[00:47:26] <uqlev> UncleD, use maildirmake to create it there once[00:47:44] <UncleD> I get: maildirmake[00:47:44] <UncleD> The program 'maildirmake' can be found in the following packages:[00:47:44] <UncleD> * courier-base[00:47:44] <UncleD> * maildrop[00:47:51] *** nb has joined #postfix[00:47:55] <UncleD> Do i need to install one of those?[00:48:15] <uqlev> UncleD, you may create it manually[00:48:36] <uqlev> usink mkdir[00:48:57] <uqlev> using[00:50:51] <UncleD> what perms does mail need?[00:51:16] <UncleD> looks like chmod 700[00:52:51] <uqlev> yes[01:06:45] *** Matic`Makovec has quit IRC[01:07:45] <UncleD> everything worked great.[01:07:51] <UncleD> I added mail/ to my /etc/skel too[01:07:55] <UncleD> that'll come in handy.[01:12:34] *** rcsheets has joined #postfix[01:16:42] *** TomHome has quit IRC[01:22:13] *** brancaleone has quit IRC[01:24:13] *** shinao1 has joined #postfix[01:24:19] *** fury__ has joined #postfix[01:26:15] *** Vivek has quit IRC[01:28:06] *** dragonheart has joined #postfix[01:28:19] <fury__> hey everybody. I have absolutely no clue why this is happening, but my mail server works over ip6, but not over ip4. I have three instances of postfix on this machine, all of them work, except this one. There are no error messages of any kind or clues in maillog. The IP address it's supposed to bind to is available and on the machine, and I can ping it. Just doesn't respond on port 25.[01:28:55] <fury__> I'd love to give more information, let me know what I should give. THe configuration was transfered directly over from the old machine - not even the ip address changed (that was moved over to the new machine). I haven't changed any configuration.[01:29:42] <fury__> so I actually don't even think it's an issue with configuration for postfix[01:30:48] *** sphenxes has joined #postfix[01:30:58] *** roe_ has joined #postfix[01:31:26] *** roe_ is now known as Guest56757[01:34:12] <Dominian> fury__: what does: postconf -n | grep inet_protocols show[01:34:24] *** sphenxes has quit IRC[01:35:48] *** sphenxes has joined #postfix[01:37:24] <fury__> inet_protocols = ipv4, ipv6[01:37:31] <fury__> this is with -c /path/to/my/config[01:39:47] *** tomocha6 has joined #postfix[01:39:50] *** uqlev has quit IRC[01:40:47] <fury__> here's full output: http://codepad.org/YR92dLMp[01:42:01] *** Guest56757 is now known as mroe[01:42:05] *** mroe is now known as roe[01:42:13] *** roe has joined #postfix[01:43:41] <Dominian> lookin' now fury__[01:44:00] <Dominian> well, it looks fine...[01:44:04] <Dominian> did anything else change ont he server lately?[01:44:47] *** sphenxes has quit IRC[01:45:40] <fury__> yeah, it's actually a migration to a new server[01:45:52] <fury__> so quite honestly, everything[01:45:58] <fury__> but this works ok for my other mail servers[01:46:36] <Dominian> hrm[01:46:46] <Dominian> you sure you got IPv6 setup properly on the new server?[01:46:55] <fury__> yeah, I mean that's the only thing that works heh[01:47:00] <Dominian> let me see if I can hit that IPv6 addy[01:47:02] *** higuita has quit IRC[01:47:03] <Dominian> ohhh?[01:47:09] <Dominian> ipv6 is the only thing that works?[01:47:11] <Dominian> o that's interesting[01:47:13] <fury__> it's ipv4 that doesn't work, yeha[01:47:25] <Dominian> check the firewall?[01:47:29] <Dominian> can you hit it from localhost?[01:47:34] <fury__> I disabled it[01:47:34] <Dominian> telnet 127.0.0.1 25 ?[01:47:40] <fury__> yeah, but that's a seperate postfix instance[01:47:51] <fury__> that particular one doesn't listen on localhost[01:47:58] <fury__> I have four - a local one, and three other ones[01:48:05] <fury__> for various reasons - but it all works fine usually[01:48:32] <Dominian> ahhhhh[01:48:41] <Dominian> and that ipv4 IP exists on one of the interfaces?[01:48:59] <Dominian> I know.. stupid question but :)[01:49:13] <seekwill> There are no stupid questions...[01:49:34] <fury__> it does yeah[01:49:38] <fury__> it's in ifconfig anyway[01:50:04] *** higuita has joined #postfix[01:53:08] <Dominian> odd[01:53:11] <Dominian> Yeah i can't telnet to it[01:53:17] <Dominian> fury__: no firewalls?[01:53:41] <fury__> nope, promise[01:53:42] <fury__> [root@europa]/usr/local/etc/postfix/leadbid # /etc/rc.d/ipfw stop[01:53:42] <fury__> net.inet.ip.fw.enable: 0 -> 0[01:53:42] <fury__> net.inet6.ip6.fw.enable: 0 -> 0[01:53:49] <fury__> for the hell of it, you can try mail.cyber-lead.com:25[01:53:50] <fury__> works fine[01:53:53] <fury__> same server[01:59:36] <fury__> this is a production email server :/[01:59:37] <fury__> really sucks[01:59:47] <fury__> I wish it were easy to just move back to the old server but I can't[02:00:10] *** joc has left #postfix[02:01:37] *** shinao1 has quit IRC[02:02:20] <Dominian> very odd..[02:02:29] <Dominian> let me test something[02:03:13] <Dominian> well they both follow the same traceroute path[02:03:24] <Dominian> was thinking maybe some odd routing issue or something[02:03:37] <Dominian> well I can ping that IP...[02:03:54] <Dominian> what about your master.cf ?[02:04:06] <Dominian> that's where you'd define extra smtpds for binding I believe.[02:04:14] <Dominian> I haven't done a multi postfix instance[02:04:30] *** n1md4_afk is now known as n1md4[02:07:16] <fury__> http://codepad.org/0mxfyAlD[02:07:30] <fury__> nevermind that it's a different IP right now, scout's honor it was correct before I was just trying to move it elsewhere[02:10:40] <Dominian> working now?[02:11:30] <Dominian> uhh hrm[02:11:36] <Dominian> ipv6 nor ipv4 is loading for me when I hit that host[02:11:43] <fury__> I was going to say..[02:11:54] <fury__> I just restarted it though[02:11:58] *** loddafnir has quit IRC[02:12:08] <fury__> its working on the new IP though[02:12:09] <Dominian> ipv4 is workin'[02:12:10] <Dominian> ipv6 isn't[02:12:25] <Dominian> 2607:f0d0:1002:76::a1f3 25 isn't workin' for me[02:12:31] <Dominian> ipv4 workin' great[02:13:17] <fury__> ugh. what ip do you get for ip4?[02:13:43] <Dominian> 173.193.54.241[02:13:55] <Dominian> mail.leadbidinc.com has address 173.193.54.241[02:13:55] <Dominian> mail.leadbidinc.com has IPv6 address 2607:f0d0:1002:76::a1f3[02:14:07] <Dominian> Did you just update them? If so, I'll have to reload my caching server hehe[02:14:25] <fury__> I did but the AAAA record didn't change[02:14:36] <fury__> that ip is the new correct one[02:14:43] <fury__> I'll take ip4 over ip6 though heh[02:14:55] <Dominian> lol[02:15:05] <Dominian> So you forgot to update the IP or?[02:15:08] <Dominian> I'm not sure what you changed! hehe[02:15:21] <fury__> I changed the (4) ip address[02:15:25] <Dominian> ahhh[02:15:28] <Dominian> that'd do it ;)[02:15:30] <fury__> they must have screwed up when they migrated my IPs[02:15:39] <Dominian> sounds like it[02:15:45] <Dominian> glad to see it was something simple[02:15:49] <fury__> I have a huge collection of IPs and didn't want to lose them, so I had them migrate them all to the new server[02:15:58] <fury__> simple?!? this is going on 5 hours of grief and ip6 isn't working now heh[02:16:05] <fury__> I really appreciate your help though :)[02:17:06] <Dominian> hehehe[02:17:11] <Dominian> Getting any errors with ipv6 bindings?[02:17:19] <Dominian> double-check the iface too to make sure it didn't lose ipv6[02:18:09] <fury__> yup working ok[02:18:15] <fury__> er I mean ip6 isn't lost[02:18:16] <fury__> and no errors[02:18:20] <Dominian> odd[02:18:32] <Dominian> can you hit the IPv6 address locally?[02:18:48] <Dominian> I can't even ping that ipv6 address[02:18:58] <fury__> well telnet -6 ::1 25 works[02:19:02] <fury__> that's odd[02:19:08] <fury__> let me try restarting routing/networking[02:19:11] <Dominian> so its listening locally...[02:19:15] <Dominian> but not externally[02:19:17] <Dominian> that's messed up[02:19:30] *** higuita has quit IRC[02:19:33] <fury__> if you had any idea what I've been dealing with today..[02:19:38] <fury__> it's not just this[02:19:41] <fury__> this new server is cursed[02:19:58] <Dominian> heh[02:20:05] <fury__> two days ago the firewall just "broke" and stopped letting any traffic in[02:20:09] <fury__> it was a few hours before I realized[02:20:14] *** Dosshell has quit IRC[02:20:19] <fury__> this is ipfw on freebsd, probably the most stable damn thing ever[02:21:40] <Dominian> huh yeah ipfw is nice[02:22:45] *** higuita has joined #postfix[02:22:55] <Dominian> I'd say its cursed... either that or freebsd doesn't like handling ipv6![02:23:08] <fury__> I've had freebsd/ipv6 for like 3 years running just fine[02:23:36] <Dominian> heh[02:24:08] <fury__> one day when we're all bored, we'll gather around a campfire and I'll tell the ridiculous still-unfolding story of py-MySQLdb, the Python database adapter that just won't authenticate to MySQL even though the username and password is correct and it works on the commandline and I'm doing absolutely nothing wrong and the exact same thing worked on the old server and everything is exactly the same compiled from the same freebsd ports tree etc etc[02:24:16] *** cps0 has joined #postfix[02:25:36] <Dominian> heh[02:28:54] <Dominian> ok I need to read to my daughter.. bbiab[02:29:11] *** nb has quit IRC[02:34:52] *** nb has joined #postfix[02:36:25] <fury__> thanks again[02:37:20] *** higuita has quit IRC[02:39:50] *** higuita has joined #postfix[02:42:05] *** n1md4 has left #postfix[02:53:17] *** bluethundr has quit IRC[02:53:47] *** pa has quit IRC[02:55:28] *** Motoko-chan has joined #postfix[02:56:23] *** lifeofguenter has joined #postfix[03:04:14] <Dominian> fury__: welcome.. get ipv6 working yet? hehe[03:05:09] <fury__> nope[03:05:26] <Dominian> well as long as ipv4 is working[03:05:30] *** lifeofguenter has quit IRC[03:05:43] *** lifeofguenter has joined #postfix[03:05:46] *** pa has joined #postfix[03:06:21] *** neekfenwick__ has joined #postfix[03:06:22] <fury__> yeah, honestly it's a long story about how I get paid at my company, but f em[03:06:28] <fury__> ip6 can wait till tomorrow[03:06:38] <fury__> as long as ip4 works I can sleep ok[03:06:55] <jeremymcs> anyone know of a way to archive all emails w/ out using the sender/recipient_bcc_maps ?[03:09:49] <dragonheart> jeremymcs: there's an always_bcc option or similar from memory[03:10:14] <jeremymcs> besides that[03:10:21] <jeremymcs> any plugin or content filter[03:10:53] <jeremymcs> i dont want to bcc anything[03:11:15] <jeremymcs> i'm almost tempted to just pass it through mailscanner w/ archiving only[03:11:29] <jeremymcs> for the simple interface[03:12:07] <jeremymcs> i cant always_bcc because i am filtering for hundreds of domains .. so i'd like to preserve & store based on each email/domain[03:12:17] <jeremymcs> not a journal inbox w/ thousands of emails[03:14:20] <dragonheart> so you want an archive per domain or address?[03:14:39] <jeremymcs> i'd like sorting and searching functions[03:15:17] <dragonheart> so a imap server with those functions?[03:15:44] <jeremymcs> i scan/filter and relay to my clients exchange servers, no virtual accounts exist on the servers[03:15:55] <jeremymcs> is no imap/pop3[03:16:03] <jeremymcs> i simply pickup, scan and deliver[03:16:09] *** crazed has left #postfix[03:16:59] <dragonheart> what i'm saying is a bcc map with to a inbox(es) that have an imap connection may suport your sort/search functionality.[03:17:23] <jeremymcs> key word .. may[03:17:43] <jeremymcs> i'm not up for opening an imap connection to 1000s of emails, just to sort for one[03:17:45] <dragonheart> may relates to my understanding of your requirements[03:17:51] <jeremymcs> i'd rather have sql injections[03:18:24] <jeremymcs> looks like mailscanner w/ archiving is the only viable solution here[03:18:25] <dragonheart> your imap can be configured for a signle address[03:18:35] <jeremymcs> exactly, but i'd be downloading thousands of emails[03:18:44] <jeremymcs> i do roughly 25k a day[03:18:45] <dragonheart> but it sounds like you've got a fixed solution in mind so i'm confused why you're even asking[03:19:04] <jeremymcs> because that requires me relaying through another machine[03:19:21] <Dominian> what?[03:19:34] <Dominian> Why would adding mailscanner archiving require you to send through another server?[03:19:55] <jeremymcs> would you run mailscanner + amavisd + maia on the same server ?[03:20:54] <jeremymcs> me either[03:21:43] <Dominian> hrm doesn't amavisd offer archiving..[03:21:55] *** ncode has joined #postfix[03:23:55] <jeremymcs> possibly, but what kind of interface does it have?[03:24:39] *** ncode has left #postfix[03:24:48] <jeremymcs> currently w/ maia .. once an email has been reported/confirmed .. it is no longer available to be resent or viewed[03:26:25] <Dominian> no idea.. never tried with maia[03:26:55] <jeremymcs> ive looked at just about every viable option, was just asking[03:27:07] <jeremymcs> to see if someone here may have a solution[03:28:06] <jeremymcs> i'd like to be able to re-queue/re-send any email that may have been deleted. its crazy to think that a content-filter hasn't been developed yet for archiving[03:28:15] <jeremymcs> especially w/ some of todays strict retention policies[03:28:48] <Dominian> archiving is archiving...[03:28:50] <Dominian> iti sn't meant for resending[03:29:05] <jeremymcs> true[03:29:08] <Dominian> most archival services store the raw text etc in a DB and give the client a way to 'search' that database[03:29:20] <Dominian> I'm sure there are options for it.. just not free ones[03:30:12] <will_> :)[03:34:13] <standon> mailzu is one of a few that allow you to resend quarantined mail. and you can quarantine *all* mail, spam and clean.[03:34:27] *** Aikar has left #postfix[03:34:59] <Dominian> mailzu is dead[03:35:02] <jeremymcs> very[03:35:04] <Dominian> it had promise[03:35:07] <Dominian> but they killed it[03:35:08] <Dominian> sadly[03:35:15] <will_> I don't like quarantining messages...[03:35:34] <Dominian> well it isn't what you like.. its what your clients like ;)[03:35:41] <jeremymcs> you must not handle ceo's who dont like their employees playing w/ email[03:35:42] <will_> If it's plain out not rejected, deliver to the intended recipient. Let them decide[03:35:52] <Dominian> standon: and maia mailguard allows you to release/resend quarantined messages[03:36:08] <will_> Well, deliver the messages to a junk folder, no problem[03:36:16] <jeremymcs> they forget to check that[03:36:18] <standon> mailzu's active development might be dead, but it and its fork are in use in several production environments.[03:36:30] <Dominian> what fork?[03:36:33] * Dominian is all ears[03:36:34] <standon> yes, that's why i said mailzu is one of *few*. i did not say it is exclusive. *sigh*[03:36:43] <jeremymcs> does anyone here have a similar setup to me?[03:36:46] <Dominian> if I can find something like maia mailguard that ues amavisd-new..[03:36:50] <standon> mailzu-ng[03:36:54] <Dominian> interesting[03:36:56] <jeremymcs> mailzu-ng is just as dead[03:36:58] <will_> jeremymcs: But no one forgets to check a quarantine?[03:37:01] <jeremymcs> ive tried it as well[03:37:09] <standon> will_: quarantining is semantics; if you quarantine everything, you are archiving. just think about it.[03:37:13] <Dominian> you have to be specific around here standon .. haven't you learned that yet![03:37:14] <jeremymcs> will_, not if you hit them with a notification every hour[03:37:26] <will_> jeremymcs: Notification that they have spam??? lol[03:37:31] <jeremymcs> yup[03:37:37] <will_> You're spamming![03:37:39] <jeremymcs> and they need to check it[03:37:42] <standon> and all of these things like mailzu/-ng, et cetera are easily modified to one's own needs.[03:37:44] <jeremymcs> im their admin :([03:37:52] <Dominian> and it does appear that mailzu-ng last commit to source was 22months ago[03:37:57] <Dominian> 21 months ago..e xcuse me[03:38:00] <Dominian> so nearly two years[03:38:10] <standon> *sig*[03:38:17] <Dominian> standon: Only if you know how to modify them :P[03:38:24] <standon> well, if you're an admin, you should. )[03:38:25] <standon> :)[03:38:35] <Dominian> which I don't normally do.. I did edit mailwatch with mailscanner to include postfixadmin authentication and creat users on the fly :P[03:38:37] <standon> unless we're only in the company of the point-n-click admin types...[03:38:51] <will_> jeremymcs: Why can't you send them a message to check their junk folder then?[03:39:03] <jeremymcs> will_, i disable junk mail[03:39:08] <jeremymcs> i redeliver to exchange servers[03:39:11] <will_> if they had one...[03:39:11] <jeremymcs> all of my clients use exchange[03:39:46] <will_> I guess..[03:39:58] <Dominian> I might look at mailzu-ng standon[03:40:39] <jeremymcs> Dominian, i had issues deploying it in my scenario[03:41:47] <Dominian> I haven't tried it for a while ;)[03:42:07] <jeremymcs> http://svn.fluxlabs.net/filedetails.php?repname=Postfix&path=%2Fdebian%2Ftrunk%2Fmain.cf[03:42:44] <jeremymcs> anyone see anything wrong w/ my smtpd_client smtpd_recipient or smtpd_sender restrictions ?[03:43:49] <Dominian> the only thing I see.... is ther ea reas on for all that?[03:43:55] <Dominian> I usually just use smtpd_recipient_restrictions[03:44:11] <Dominian> although permit_mynetworks is usually first in my list.. not third or fourth etc[03:44:31] <Dominian> and FYI, the permit isn't needed at the end.. its assumed just so you know ;)[03:44:57] <jeremymcs> true[03:46:29] <Dominian> you go ta lot of rbl lookups hehe[03:46:56] <jeremymcs> yeah, i need to put some policy weights in effect[03:47:15] <jeremymcs> i think when i was cleaning up the file, i re-arranged some[03:49:19] <jeremymcs> updated, thanks[03:52:16] <will_> So, umm... anyone looking for a job as a support engineer in the email industry? :D[03:52:41] <jeremymcs> support engineer ? .. that a big term for helpdesk ?[03:52:52] <will_> (and willing to work in Seattle, WA)[03:53:18] <jeremymcs> set me up on a cisco setup , and ill work remotely[03:53:34] <thumbs> will_: spammer![03:53:37] <Dominian> heh[03:53:38] <will_> jeremymcs: Eh... kinda. Support Engineer because you're helping out other sysadmins... In a way, technically, yes, help desk, but it's to smart people :)[03:53:41] <Dominian> I was going to say I could do that remotely[03:53:51] <will_> jeremymcs: Unfortunately we don't do that anymore :/[03:53:55] <Dominian> cause I do that remotely now[03:53:56] <will_> thumbs: :P[03:53:58] <jeremymcs> will_, their is no such thing as a smart employee[03:54:06] <jeremymcs> Dominian, me too[03:54:10] <will_> Ok :)[03:54:18] *** cps0 has quit IRC[03:54:25] <jeremymcs> their's only employees smart enough to be dangerous[03:54:31] <jeremymcs> otherwise, they'd have your position[03:54:36] <jeremymcs> keep that in mind ;)[03:54:45] <will_> BTW, I'm talking about sysadmins at some of the biggest companies in the world, not a mom & pop shop[03:55:30] *** amagee has joined #postfix[03:58:10] <jeremymcs> anyone here use ' loco ' on debian?[03:58:19] <jeremymcs> and know if an equivalent to other distros[03:59:24] <jeremymcs> i havent found anything as good .. :( very cool log colorizer[03:59:32] <jeremymcs> pretty b/a when your tailing a mail log[04:01:32] *** p3rror has quit IRC[04:01:37] <will_> thumbs: We are having trouble finding competent people willing to relocate to Seattle :([04:02:30] <Dominian> 200,000K a year and you got a deal! hehe[04:02:35] <will_> :D[04:02:46] <Dominian> I'd like to make that where I"m at now[04:02:54] <Dominian> actually I'll probably not leave my job for a long time[04:03:03] <will_> Me too[04:03:33] <Dominian> I'm comfortable where I am[04:03:40] <will_> Maybe that's not a good thing?[04:03:47] *** Dingofest2 has quit IRC[04:03:48] <Dominian> no its a good thing.. trust me ;)[04:03:52] <will_> heh[04:03:59] <will_> you need to push yourself![04:04:04] <Dominian> I do alot of sysadmin stuff... can do a lot of other things.. and I'm basically the VoIP admin for all of our enterprise customers :)[04:04:19] <Dominian> get my hands in Edgewater, Cisco, Adtran, etc[04:04:22] *** Dingofest2 has joined #postfix[04:04:24] <Dominian> so its always something different[04:04:40] <will_> I have no idea how to classify what I do, heh[04:04:53] <will_> I play all day[04:04:59] <Dominian> heh[04:05:14] <will_> But I'm not the support engineer anymore hehe[04:05:34] <Dominian> :)[04:05:42] <Dominian> I pretty much do a lot of stuff at work..[04:05:46] <standon> jeremymcs: i use multitail, and it works well with respect to coloring maillogs.[04:05:47] <Dominian> its kind of sucks as I"m the ' go to guy '[04:05:54] <Dominian> and I've only been there for 5 years hehe[04:05:59] <will_> dang[04:06:01] <will_> Long time![04:06:08] <standon> will_: ping rob0[04:06:18] <will_> rob0: I did already[04:06:28] <will_> Unless things have changed within the last year[04:06:33] <standon> will_: ah, good. just looking out for my good man.[04:06:37] <Dominian> will_: almost[04:06:53] <Dominian> will_: 5 years was the longest I've ever been at a job.. if I canmake it till next spring.. this job will be the longest I've ever had[04:06:58] <jeremymcs> standon, thanks, ill check it out[04:07:47] <Dominian> hehe rob0 would make a good email administrator :)[04:07:59] <will_> Dominian: I've only been at this place for 3+ years... not the longest, but at the office, I'm like #2 in seniority[04:08:31] <Dominian> nice[04:08:31] <will_> dang, #1 is one of the VPs...[04:09:05] <Dominian> Right now I"m working on finding out getting a POS sip phone working[04:09:22] <neekfenwick__> hi guys.. i was on last week stopping spammers using my postfix with your help.. now I still cannot send email through my VPS. I've read various docs but cannot understand the log to see which rule is causing the denial[04:09:27] <will_> I like SIP phones... Skype me![04:09:27] <neekfenwick__> http://scsys.co.uk:8002/50699[04:09:58] <lunaphyte> yech. turn off verbose.[04:10:00] <jeremymcs> neekfenwick__, process of elimination. start w/ 1 at a time till you figure it out[04:10:06] <Dominian> neekfenwick__: turn off verbose and repaste logs[04:10:13] <neekfenwick__> jeremymcs: i just spent an hour doing that :([04:10:20] <neekfenwick__> Dominian: huh, i thought verbose would _help_ :)[04:10:21] <neekfenwick__> ok[04:10:28] <Dominian> hah not really[04:10:40] <lunaphyte> it might, but we'll cross that bridge when we come to it.[04:10:54] <jeremymcs> name=reject_unauth_destination status=2[04:11:45] <neekfenwick__> http://scsys.co.uk:8002/50700[04:12:22] <neekfenwick__> is see lots of 'permit_' and 'reject_' type stuff, but i can't tell what it's reporting is "ok" and what is "causing the problem" :)[04:12:33] <Dominian> !relay_denied[04:12:33] <knoba> Dominian: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[04:12:33] <neekfenwick__> i thought it might be reject_unauth_destination.. i took it out, postfix won't start, bad config[04:12:55] <lunaphyte> should postfix be accepting mail destined for premierrange.co.uk?[04:12:56] <neekfenwick__> so i want to be able to connect _to_ postfix from pretty much anywhere ( i don't have static ip) and send _to_ almost any address[04:13:31] <Dominian> !sasl[04:13:31] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[04:13:33] <neekfenwick__> i use sasl to authenticate.. any non-authenticated attempt to send should be rejected[04:13:35] <Dominian> !submission[04:13:35] <knoba> Dominian: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[04:13:41] <jeremymcs> info at premierrange dot co.uk accepted my message[04:13:51] <neekfenwick__> yes, there's nothing wrong with info at premierrange dot co.uk[04:14:15] <neekfenwick__> but my postfix rejects my attempt to send there.. possibly because of reject_unauth_destination, i can't get my head around teh docs, though[04:14:34] <lunaphyte> but what is the answer to my question?[04:14:49] <neekfenwick__> i thought it was rhetorical. yes, it should[04:15:01] <lunaphyte> and then what should it do with the message?[04:15:10] <neekfenwick__> but i don't want to name premierrange.co.uk as an allowed recipient.. that implies i'll have to name every domain on the internet as an allowed recipient[04:15:25] <neekfenwick__> i don't know the terminology well, i would say it should relay the message to premierrange.co.uk[04:15:38] <lunaphyte> i see. so we're talking about postfix in the role of an msa.[04:15:46] <lunaphyte> in that case, Dominian was right on.[04:15:56] <will_> !msa[04:15:56] <knoba> will_: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[04:16:07] <will_> neat[04:16:11] <will_> !mta[04:16:11] <knoba> will_: "mta" : Mail Transfer Agent: software that facilitates the transfer of mail messages between hosts[04:16:18] <will_> !mua[04:16:18] <knoba> will_: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird[04:16:22] <lunaphyte> you'll want to configure postfix to accommodate smtp auth, and you'll of course want to protect that with tls.[04:16:25] <will_> !dominion[04:16:25] <knoba> will_: Error: "dominion" is not a valid command.[04:16:30] <will_> !dominian[04:16:30] <knoba> will_: "dominian" : A bot that has memorized all of knoba's factoids, and can spit them out faster than rob0[04:16:39] <neekfenwick__> damnit will_ i'm trying to read and understand[04:16:43] <will_> That sounds like fighting words.[04:16:48] <will_> neekfenwick__: sorry[04:16:51] <neekfenwick__> my head already hurts :)[04:16:52] <will_> neekfenwick__: I'm learning too[04:17:05] <neekfenwick__> i spent hours on this server last week, not having much fun[04:17:21] <will_> neekfenwick__: Maybe try outsourcing your mail services :)[04:17:32] <neekfenwick__> now i have to find "the relevant lines in master.cf"[04:17:40] <lunaphyte> huh? why?[04:17:50] <neekfenwick__> Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf[04:17:53] <will_> You know... it would be cool if we started a hashpostfix.com company...[04:18:21] <lunaphyte> you appear to have smtp auth partially configured, but you are missing some important pieces. it's all covered quite well in the documentation.[04:19:18] <Dominian> hrm the new postscreen changes are nice.. but it appears enabling the deep checks turns it into a greylist of sorts[04:19:20] <lunaphyte> well, submission is *technically* a separate concept form authentication, although form a practical perspective, they compliment each other.[04:19:36] <neekfenwick__> lunaphyte i thought the debug log bit showing "xsasl_cyrus_server_first" .. "235 2.0.0 Authentication successful" means i have authentication sorted out[04:20:01] *** pyther has left #postfix[04:20:16] <lunaphyte> i'm not looking at the verbose logs, and the subsequent snippit shows no authentication.[04:20:29] <jeremymcs> neekfenwick__, are you just trying to send email from this server to premierrange.co.uk ?[04:20:42] <neekfenwick__> yes[04:20:52] <lunaphyte> not really.[04:21:05] <jeremymcs> and your current config doesnt allow you to send to anyone correct ?[04:21:12] <lunaphyte> he's trying to relay mail to premierrange.co.uk through his server.[04:21:19] <neekfenwick__> well, ultimately, to anyone, but in this example it's disallowing premierrange.co.uk[04:21:46] <jeremymcs> open relay ?[04:21:51] <lunaphyte> show a full log session starting with the initial connect.[04:22:03] <jeremymcs> i see no virtual settings in your config[04:22:06] <lunaphyte> no, not open relay.[04:22:15] <lunaphyte> this has nothing to do with virtual.[04:22:22] <Dominian> what's the server? I'll test if its open relay ;)[04:22:26] <lunaphyte> please stop, you are generating additional confusion.[04:22:39] <neekfenwick__> i don't have many recipients i can test with .. hotmail rejects based on nickfenwick.com being blacklisted since the spammers used my server last week[04:22:54] <lunaphyte> you have all the things you need to test.[04:23:22] <neekfenwick__> lunaphyte "i'm not looking at teh verbose logs" do you mean you refuse to?[04:23:26] <lunaphyte> yes.[04:23:34] <neekfenwick__> then i don't know what you mean by "full log session"[04:23:46] <jeremymcs> neekfenwick__, smtpd_recipient_restrictions = is all reject .. no allow ?[04:23:54] <lunaphyte> ..."starting with the initial connect."...[04:24:21] <neekfenwick__> lunaphyte i think my second paste had that? http://scsys.co.uk:8002/50700[04:24:43] <lunaphyte> then you are not authenticating.[04:24:52] <lunaphyte> configure your mail client to perform authentication.[04:25:26] <neekfenwick__> jeremymcs: those recipient_restrictions directives all seem to be either reject=don't allow due to xyz or allow=only allow due to xyz .. hence my comment about now wanting to have to explicitly allow every host i send to[04:25:42] <neekfenwick__> lunaphyte i think i do .. i see sasl auth succeeded in the debug log, as i said a minute ago[04:25:47] <jeremymcs> neekfenwick__, http://svn.fluxlabs.net/filedetails.php?repname=Postfix&path=%2Fdebian%2Ftrunk%2Fmain.cf[04:25:48] <jeremymcs> look at that[04:26:00] <jeremymcs> permit or reject[04:26:27] <jeremymcs> mynetworks = 127.0.0.0/8,58.11.0.0/24 <-- 58.11= you[04:26:52] <neekfenwick__> yes, i put that 58.11.0.0 on recently, to ensure my laptop is definitely considered a safe sender[04:26:54] *** lunaphyte_ has quit IRC[04:27:06] <neekfenwick__> it's dynamic so that's not solid config, going forward[04:27:08] <jeremymcs> but yourn ot permitting[04:27:19] <jeremymcs> your not *[04:27:27] <neekfenwick__> i only really want to permit sasl auth .. i don't really want to permit mynetworks, it's not reliable[04:27:30] <lunaphyte> neekfenwick__: if you were, you would see something like sasl_method=PLAIN, sasl_username=neek[04:27:58] <neekfenwick__> lunaphyte: if you will grit your teeth and glance at the debug log, you'll see the sasl auth logging i mention[04:27:59] <jeremymcs> neekfenwick__, permit_sasl_authenticated[04:28:11] <lunaphyte> which lines?[04:28:31] *** lunaphyte_ has joined #postfix[04:29:02] <neekfenwick__> the only two lines with 'sasl' in them[04:30:00] <lunaphyte> what version of postfix is this?[04:30:05] <neekfenwick__> jeremymcs: may be onto something, i don't permit_sasl_whatever[04:30:18] <neekfenwick__> lunaphyte two lines of the verbose log i posted earlier.. http://scsys.co.uk:8002/50699[04:30:26] <lunaphyte> yes, you'll ultimately need that as well.[04:30:49] <neekfenwick__> this is one of the most unfriendly logs i've ever encountered :([04:31:12] <neekfenwick__> it doesn't seem to say why things are rejected, it just dumps lots of checks (which i can't tell if they success or not) and then logs a rejection[04:31:47] <lunaphyte> where in any pastebin are you showing the version?[04:31:55] <lunaphyte> postconf mail_version[04:32:19] <neekfenwick__> lunaphyte perhaps i'm not.. from a postconf -n last week someone (dom0?) was able to glean the version, so i thought you'd be able to figure it. it's quite old..[04:32:31] <neekfenwick__> 2.3.3[04:32:34] <lunaphyte> there are indications that it's 2.3.3[04:32:36] <neekfenwick__> centos 5.x default[04:32:45] <lunaphyte> ugh. this crap again?[04:32:55] <lunaphyte> why do people insist on using that p.o.s os?[04:32:58] <neekfenwick__> blame redhat (i would guess)[04:33:10] *** vho has quit IRC[04:33:22] <neekfenwick__> because it's stable, has good upstream support, and doesn't update too often? that seems to be what ppl think[04:33:22] <lunaphyte> indeed, and the centos authors, and the users that continue to enable them...[04:33:27] <lunaphyte> nonsense.[04:33:33] <lunaphyte> ...yet here you are...[04:33:57] <Dominian> centos is good for a lot of things[04:33:59] <neekfenwick__> so if i pull a 2.3.3 source tarball and build, the config will just work for me?[04:33:59] <Dominian> just not mail servers imho[04:34:11] <Dominian> neekfenwick__: no.. 2.3.3 is freakin' old[04:34:12] <Dominian> like..[04:34:13] <Dominian> relaly old[04:34:17] <lunaphyte> i won't go off on another useless rants, but, consider that you're asking the postfix community to support software that they've long since abondoned....[04:34:19] <lunaphyte> *rant[04:34:33] <lunaphyte> to be honest, it's a bit unfair, wouldn't you sy?[04:34:36] <lunaphyte> *say?[04:34:43] <neekfenwick__> yes, i see your point[04:35:04] <neekfenwick__> i feel the questoins i'm asking are typical of any badly configured postfix install, which any non-expert user might find themselves with[04:35:23] <lunaphyte> if centos (or redhat, or whoever) wants to continue to ship insanely old software because they've deemed it "stable", then they really should be the ones supporting it.[04:35:27] <neekfenwick__> as i said another time, i've followed quite a few "secure your postfix" tutorials and various internet posts before resorting to coming here[04:35:45] <neekfenwick__> i might go ask #centos if there is such a channel[04:35:48] <lunaphyte> indeed, they probably are, but use of such old software makes it increasingly hard to help you.[04:35:56] <lunaphyte> i'll offer you this much:[04:35:59] <neekfenwick__> but i doubt they'll support postfix in depth as i'm asking here.. well, you never know[04:36:16] <lunaphyte> if not, then that seems like a great reason to me to dump that os.[04:36:31] <will_> lunaphyte: And for the most part, they (RHEL) do[04:36:52] <will_> lunaphyte: They also do backporting for security[04:37:30] <lunaphyte> anyway, if you follow the instructions provided by the author, there is indeed not much reason why you shouldn't be able to get things working, more or less regardless of the version.[04:37:36] <neekfenwick__> so which distro would you choose from https://manage.slicehost.com/customers/new ?[04:37:49] <jeremymcs> debian[04:37:59] <neekfenwick__> i worked for 5 years with a redhat/centos based company recently, and use fedora now for that reason, so i'm just stuck in my ways[04:38:01] <rob0> will_: Did I say I wouldn't go to Seattle? I would.[04:38:01] <will_> neekfenwick__: There's nothing wrong with using CentOS :)[04:38:06] <jeremymcs> i have a centos at slicehost[04:38:20] *** higuita has quit IRC[04:38:22] *** subdriven has joined #postfix[04:38:23] <will_> rob0: i thought the last time I asked you, you weren't interested ...[04:38:26] <lunaphyte> if it were me, i'd pick ubuntu, debian, maybe even fedora.[04:38:32] <rob0> I do think neekfenwick__ has come across a bug in CentOS's Postfix.[04:38:39] <neekfenwick__> will_: perhaps, i'm just gathering opinion.. and perhaps centos isn't best for servers, as we're finding here with ancient postfix builds[04:38:55] <will_> neekfenwick__: CentOS and RHEL are great for servers.[04:38:57] <rob0> Neek, I have not had the time to work on making a post to the mailing list.[04:39:07] <neekfenwick__> rob0: ok, didn't want to bug you :)[04:39:08] <rob0> !debug[04:39:08] <knoba> rob0: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[04:39:09] <lunaphyte> well, he certainly needs permit_sasl_authenticated.[04:39:31] <neekfenwick__> lunaphyte i'm trying that.. around typing frantically here[04:39:32] <will_> neekfenwick__: Because they provide a "stable" system that won't change when you upgrade. it's a different sort of mentality.[04:39:52] <will_> And also, a possibly a differet kind of use case[04:40:06] <jeremymcs> neekfenwick__, do you have the dag repo ?[04:40:11] <subdriven> Trying to setup postfix with courier-imap-ssl, tls, mysql and the like. I've gotten the basic setup and now enabling starttls and ssl. i'm seeing in the logs that couriertls is looking for a cert that doesn't exist, but i can't find where it's being called[04:40:22] <lunaphyte> who on earth is blindly upgrading production servers anyway?[04:40:32] <rob0> will_, I'd prefer to stay here, but the writing is on the wall, and I'll go where I have to go.[04:40:39] <neekfenwick__> jeremymcs: no, i got into horrible problems with FC12, enabling dag and freshrpms and ended up with incompatible rpm sets.. so now i keep it simple. oh, do you mean centos, or fedora?[04:40:49] <jeremymcs> cent[04:40:57] *** higuita has joined #postfix[04:41:24] <neekfenwick__> jeremymcs: no.. might look into it. didn't want to pollute my VPS, haven't used dag for ages[04:41:49] <will_> lunaphyte: It's not just blindly upgrading. It's expecting the same behavior for a system for a couple of years[04:42:33] <lunaphyte> you couldn't pay me to use centos. (and i've been paid to use centos). centos is to linux like aol is to the internet.[04:42:56] <neekfenwick__> i think permit_sasl_auth fixed it.. such an obvious problem :([04:43:17] <lunaphyte> one that was clearly referenced in the very first factoid shared with you...[04:43:35] <neekfenwick__> i think you said to enable sasl, or use sasl.. i didn't 'get' it, anyway[04:43:47] <neekfenwick__> i was blinded by other hard to interpret _restrictions rules that i thought were going wrong[04:43:52] *** Gambaroni has joined #postfix[04:44:12] <lunaphyte> oops, second factoid.[04:44:44] <neekfenwick__> feel free to re-paste, i missed it[04:44:44] <lunaphyte> [04:13:31] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[04:45:36] <lunaphyte> to be clear - clearly referenced in the documented referenced by the factoid.[04:45:44] <neekfenwick__> i remember working through that page last week .. i had enabled sasl and got 'Authentication succeeded' in the log.. i thought that would be enough[04:46:25] <neekfenwick__> it does mention "mail relay authorization" but i wasn't looking in this help page when i came to try to fix my "relay denied" error[04:46:33] <neekfenwick__> lots of complicated docs :) it's not easy to take it all in[04:46:59] <lunaphyte> time for the obligitory why factoid ;)[04:47:07] <lunaphyte> *obligatory[04:47:09] <lunaphyte> !why[04:47:09] <knoba> lunaphyte: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[04:47:18] *** Zborg_ has quit IRC[04:47:38] <lunaphyte> but as i recall, that was covered in your earlier discussions with robertzero[04:47:55] *** Zborg has joined #postfix[04:48:39] <neekfenwick__> my last mail provder, tcp.co.uk, just stopped supporting my multiple mailboxes (* at neek dot tcp.co.uk) .. and refused to explain why.. so i gave up on third party mail hosting. the VPS i run with do provide a 'managed' setup with cPanel/WHM but i opted out because they're horrible. this left me with a bare bones centos box and default config, which ran fine since Jan[04:48:44] <neekfenwick__> only had trouble since last week[04:48:55] <neekfenwick__> but it was only a matter of time, it seems[04:49:29] <lunaphyte> well, if you're acting out hobbyist desires, and learning as you go, there's nothing wrong with that at all.[04:49:48] <neekfenwick__> and i'm certainly not faint of heart or just learning linux.. but as i say, i found grokking the maillog quite difficult,, but it's doing a complicated job[04:50:07] <neekfenwick__> what would have helped me was "you've done sasl auth but have not permit_sasl_auth in blah blah" .. for the postfix newbies[04:50:33] <lunaphyte> that's covered in the sasl readme.[04:51:17] <neekfenwick__> oh, that 33 page document? :) yes. my problem could have been almost anywhere, from what i could tell. i thought i had sasl sorted[04:52:29] <lunaphyte> no, you'd just follow through the section that applied to you (e.g. "Configuring SASL authentication in the Postfix SMTP server")[04:52:53] <lunaphyte> there are even handy hyperlinks to help navigate right to the appropriate sections of the doc.[04:53:01] <lunaphyte> no 33 page read necessary[04:53:25] <neekfenwick__> it's under "mail relay authorization", too.. i thought i didn't want to relay, all my problems with spammers were to do with them relaying through me.. i had a terminology problem[04:53:36] <lunaphyte> ah, that might do it.[04:53:37] <jeremymcs> useless argument[04:53:43] <neekfenwick__> though i accept "permit_sasl_authenticated" is hard to misunderstand[04:54:24] <lunaphyte> in fact you *do* want to relay. as a rule, an msa generally wants to relay. the key lies in for *whom*.[04:54:44] <lunaphyte> you want to relay, but you don't want to be an open relay.[04:54:57] <neekfenwick__> anyway, i've taken enough time perhaps.. and we all missed subdriven's question a while back, perhaps[04:55:00] <rob0> Somehow his was relaying for occasional non-authed clients in Taiwan.[04:55:12] <lunaphyte> right, i recall that original issue.[04:55:21] <lunaphyte> neekfenwick__: no, you're fine.[04:55:32] <neekfenwick__> i think they're still only being blocked due to invalid HELO[04:56:13] <lunaphyte> that part is still quite odd.[04:56:19] <neekfenwick__> when you're new to a doc, all 33 pages might be relevant, and i spend some time going off into dovecot and cyrus docs to see what they were all about .. it took a long time and many page reads[04:57:25] <neekfenwick__> it certainly gives one a better appreciation of sysadmins :) i'm still a hobbyist (though a 10+ year *nix software developer, never a sysadmin per se)[04:57:36] <subdriven> thanks neekfenwick__... for some reason couriertls is looking for /etc/ssl/certs/21113979.0 which points to -> /etc/mail/tls/sendmail-client.crt which doesn't exist[04:59:10] <subdriven> so when trying to connect I get the error in /var/log/mail.log of: imapd-ssl: couriertls: /etc/ssl/certs/21113979.0: No such file or directory[04:59:14] <lunaphyte> couriertls wouldn't have much to do with postfix.[04:59:24] <lunaphyte> neither would imapd-ss;[04:59:32] <lunaphyte> /join #courier[04:59:40] <lunaphyte> *imapd-ssl[05:00:16] <subdriven> lunaphyte: thanks. I figured I'd try for a possible misconfiguration in postfix being passed on but you're likely right. Sorry to add to the noise[05:05:33] <neekfenwick__> jeremymcs: out of interest, i just added teh rpmforge repo (seems to be the one to use from dag) and got no postfix upgrade suggested[05:05:53] <neekfenwick__> i'll just double check[05:07:18] <jeremymcs> http://dag.wieers.com/rpm/FAQ.php#B[05:08:08] <neekfenwick__> what's your point?[05:08:19] <neekfenwick__> I followed B2[05:08:22] <jeremymcs> just making sure ;)[05:08:28] <neekfenwick__> :)[05:09:00] <neekfenwick__> nah, 10,000 packages and no postfix[05:09:30] <neekfenwick__> centos is hopelessly behind teh times, it seems[05:10:16] <jeremymcs> hmm[05:10:31] <lunaphyte> that's their whole gimmick.[05:11:07] <neekfenwick__> :)[05:18:13] <neekfenwick__> out of interest, #centos have pointed out that postfix may be 2.3.3, but will have had security patches backported into it (as described rather plainly here http://www.redhat.com/security/updates/backporting/?sc_cid=3093)[05:19:00] <neekfenwick__> their point about binary compatibility with apache is well taken, though perhaps an invalid argument concerning postfix[05:20:25] <will_> Didn't I already say RHEL backported security updates?[05:21:15] <lunaphyte> yes, that's the common argument given. it's all well and good if all we're talking about is theory.[05:21:29] <neekfenwick__> will_: sorry, yeah[05:22:11] *** pinoyskull has joined #postfix[05:22:17] <neekfenwick__> lunaphyte true, i guess they err on the side of caution .. they have a large customer base and i don't know what binary compatibility issues might arise from software interfacing with postfix[05:22:51] <will_> lunaphyte: It's not theory at all.[05:22:55] <neekfenwick__> their binary compatibility was the exact reason the company i mentioned used rhel/centos for 5 years while i was there.. we built a lot of c/c++ stuff and needed a solid platform[05:23:26] <will_> As a software vendor, it's WAAAAY too complicated to test out software for every sort of iteration of libraries and 3rdparty apps[05:23:37] <neekfenwick__> i wonder how debian managed the apache upgrade mentioned on that backporting page?[05:25:00] <will_> lunaphyte: Yeah, if you're just using Postfix, I guess you do want the latest features. But if your application relies on certain behavior, you don't care that Postfix has new multi-instance capabilities. you want the security fixes and nothing else.[05:26:31] <lunaphyte> the whole thing is just silly, if for no other reason that any software worth using has any vulnerabilities patched as fast (if not faster) than a distribution vendor.[05:26:37] <will_> lunaphyte: As a software vendor, I can certify my software on RHEL 5. it's going to work if you're running 5. I can't say the same about Gentoo[05:26:50] *** Ionic is now known as Ionic`[05:26:54] <will_> No, you don't get it[05:27:15] *** Ionic` is now known as Ionic[05:27:19] <will_> The distro vendor doesn't fix the software. They back port it to the "older" version so security holes don't exist[05:27:20] <lunaphyte> that's true. i guess that matters to people who don't know what they're doing. if i want abi compatibility, i'll use fbsd.[05:27:45] <jeremymcs> gentoo ftw[05:27:50] <lunaphyte> add ports to that and now you get the best of both worlds.[05:39:06] <neekfenwick__> i must say, i don't know fbsd or ports .. but redhat do what they do, and they seem to do it well, otherwise more rhel customers would be using fbsd instead. sometimes a business model wins over technical issues, and teh two end up going hand in hand[05:42:24] <hesco> is it possible to flush a handful of messages from the deferred queue to watch how they do? Without flushing the entire queue?[05:46:26] <Motoko-chan> You should be able to requeue messages by UD.[05:46:28] <Motoko-chan> ID[05:51:10] *** MAAAAD has joined #postfix[05:54:02] *** MAAAAAD has quit IRC[05:54:27] *** Motoko-chan has quit IRC[05:55:15] <hesco> Thanks. This seems to do the trick: postqueue -p | grep vodaplex | sed "s/\ .*$//" | head -20 | postsuper -r -[05:57:05] *** saurabhb has joined #postfix[06:23:18] *** tharkun has joined #postfix[06:29:44] *** Motoko-chan has joined #postfix[06:32:33] <fury__> Dominian: I'm thinking it's a bad nic on this machine. ridiculous amount of other issues right now related to connectivity.[06:32:47] <Dominian> fury__: at least you got it narrowed down.[06:32:55] <fury__> it's got to be that[06:32:59] <fury__> datacenter is looking into it now[06:33:03] <Dominian> not sure how easy it is to swap out nics with BSD[06:33:19] <fury__> nah just a hardware swap, I'm sure softlayer has hundreds of them[06:33:24] * Dominian nods[06:34:43] <fury__> softlayer is usually so great, but I've had numerous problems with this server[06:34:52] <fury__> and you'd think it would be all brand new hardware too because it's the latest out[06:35:04] <fury__> shudder thinking how much my company is paying for that server to have a bad nic[06:35:17] <fury__> it's a quad xeon 7550, so 64 cores including hyperthreading heh[06:36:41] <will_> What kind of nic?[06:37:17] <will_> We've been seeing a ton of issues with Broadcom nics.[06:38:01] <fury__> I don't think it's a broadcom. It's in my kernel config right now which I can't look at because the server is down. FreeBSD calls it igb0 and igb1[06:40:46] *** higuita has quit IRC[06:41:10] <fury__> I think it's intel[06:41:33] <fury__> hence i(ntel) g(iga) b(it)[06:43:03] *** higuita has joined #postfix[06:53:05] *** bhagat has joined #postfix[06:59:52] *** amagee has quit IRC[07:00:39] *** sash_ has quit IRC[07:01:46] *** sash_ has joined #postfix[07:12:39] *** klem has quit IRC[07:14:06] *** loddafnir has joined #postfix[07:14:48] *** pinoyskull has quit IRC[07:17:46] *** tharkun has quit IRC[07:18:30] *** higuita has quit IRC[07:21:06] *** higuita has joined #postfix[07:30:55] *** cafuego has quit IRC[07:30:55] *** cafuego has joined #postfix[07:31:11] *** pinoyskull has joined #postfix[08:02:53] *** shinao1 has joined #postfix[08:07:13] *** shinao1 has quit IRC[08:12:48] *** benner has joined #postfix[08:17:21] *** EagleWatch has joined #postfix[08:23:28] *** e-jones has joined #postfix[08:34:05] *** juergen_dose has joined #postfix[08:34:14] *** Matic`Makovec has joined #postfix[08:34:21] *** juergen_dose is now known as car[08:58:18] *** henriknj has joined #postfix[08:58:19] *** fOrsberg is now known as forsberg[08:58:44] *** Motoko-chan has quit IRC[09:02:09] *** benner has left #postfix[09:07:07] *** denis_ has joined #postfix[09:08:49] *** Schnoobby has joined #postfix[09:11:23] *** klem has joined #postfix[09:13:43] *** Lap_64 has joined #postfix[09:25:08] *** karlgus has joined #postfix[09:25:50] *** talin has joined #postfix[09:26:20] <talin> hello. if i set "smtpd_helo_required=yes" in my main.cf, will most mail clients continue to work, or are there known problems with this one?[09:29:54] <talin> i suppose that mostly homemade, broken clients will stop working... i'm not sure how it affects Microsoft Sharepoint etc.[09:37:52] *** [Jasper] has joined #postfix[09:40:15] <sysmonk> talin: clients which go with the standards should work[09:40:18] <sysmonk> that's all[09:40:24] <sysmonk> WHICH ones of them don't work - not sure[09:40:30] <sysmonk> but most of the MUA's should work[09:41:52] *** navaki has joined #postfix[09:44:05] <navaki> Hi all,I need to know that qmail or postfix has any code or plugin for seperating attachments?thanks.[09:47:13] <Aprogas> Probably not, but you can probably use an external tool like mimedefang for that.[09:47:31] *** _LowKey has quit IRC[09:47:52] *** LowKey has joined #postfix[09:48:52] <navaki> what is mimedefang?can you more explain?[09:51:25] *** cilly has joined #postfix[09:53:42] <navaki> is there other tools for that which written with C?because mimedefng written by perl.[09:54:04] <sysmonk> what's bad with perl written one?[09:54:37] <sysmonk> or are you getting petabytes of attachments per hour and you're afraid that perl wont' do the job? :)[09:57:03] <navaki> because i am in extending postfix source code which written with C.[10:03:16] *** makomi has joined #postfix[10:06:31] <Aprogas> Postfix wasn't designed to do advanced content filtering itself.[10:07:28] <Aprogas> Perl is fine for daemons, the "Perl is always slow"-myth originated from shell-run scripts that had to load the entire perl binary every instance.[10:08:59] *** [Jasper] has quit IRC[10:09:16] *** sphenxes has joined #postfix[10:10:23] *** dragonheart has quit IRC[10:11:23] *** sphenxes has quit IRC[10:12:17] *** [Jasper] has joined #postfix[10:14:05] *** NotInternat has quit IRC[10:16:46] *** AlexC_ has joined #postfix[10:16:48] <AlexC_> morning[10:17:48] <Trengo> morning[10:18:27] *** rajijoom has joined #postfix[10:18:49] <AlexC_> what is the best way to handle hundreds of email accounts (~400)? Currently I use virtual_alias_domains & virtual_alias_maps with local system users. To me, this seems a little messy. I think I'm wanting to switch to SQL backend and keeping all email in /var/mail - but how do I handle logins?[10:19:12] <AlexC_> the method I use currently works just fine, I'm just wanting to improve it[10:19:17] <Aprogas> !tell AlexC_ virtual[10:19:17] <knoba> AlexC_: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[10:19:23] <Aprogas> Sounds like you want to set up virtual mailboxes.[10:20:33] *** pctony has left #postfix[10:20:43] <AlexC_> thanks Aprogas, reading through this now :)[10:22:53] *** UQlev has joined #postfix[10:22:59] *** navaki has quit IRC[10:30:21] *** forsberg is now known as fOrsberg[10:33:04] *** lifeofguenter has quit IRC[10:36:09] *** shal3r has quit IRC[10:49:44] *** fOrsberg is now known as forsberg[10:54:01] *** Snadder has quit IRC[10:54:24] *** Snadder has joined #postfix[10:56:07] *** henriknj has quit IRC[10:58:12] *** Internat has joined #postfix[10:58:15] <[Jasper]> Hej guys, I've been running a mail server for 3 years now....but sometimes I get a temporary lookup failure[10:58:18] <[Jasper]> like once a month[10:58:30] <[Jasper]> what could this indicate? the email address the email is going to DOES exist[10:59:58] <Aprogas> Please show the exact error.[11:00:29] <[Jasper]> ok putting it on pastebin, 1 sec[11:00:51] *** henriknj has joined #postfix[11:03:26] <[Jasper]> Aprogas: http://pastebin.com/NuUr5KTA[11:04:06] *** sphenxes has joined #postfix[11:04:29] <[Jasper]> the mail does get deliverd to maildir it appears?[11:05:08] *** sphenxes has quit IRC[11:07:50] *** shal3r has joined #postfix[11:08:23] <[Jasper]> any clues Aprogas ?[11:08:25] <Aprogas> Are you sure it is the same mail?[11:08:27] *** sphenxes has joined #postfix[11:08:34] <[Jasper]> hmm[11:09:09] <Aprogas> NOQUEUE means no queue-id was assigned, but the mail below that does have a queue-id ans also a delay=646[11:09:21] <[Jasper]> it was 3 seconds before thatmail[11:09:46] <[Jasper]> queue id seems to be given by amavis?[11:10:11] <Aprogas> These logs are not complete enough to deduct what is going on. Munging your domain info does not help either.[11:10:26] <Aprogas> Trace back to the first connect that started this mail delivery.[11:10:58] <[Jasper]> hmm[11:11:01] <[Jasper]> what log would that be in thenb?[11:11:15] <Aprogas> The same file, just some lines above.[11:11:33] <Aprogas> Mail delivery usually starts with a connect from hostname[ip.ad.dr.es][11:13:10] <[Jasper]> hmm I don't see any connects in there[11:13:20] <[Jasper]> must be another file then[11:13:51] <[Jasper]> ah wait[11:13:53] <[Jasper]> got it[11:14:40] *** vho has joined #postfix[11:14:47] <Aprogas> You should see some from an external address, and most likely also one from Amavis.[11:15:27] <talin> is there a way to control who gets to send e-mails where? i.e. "23.23.2.33 cannot send e-mail to gmail.com"[11:15:46] <[Jasper]> warning: mysql query failed: MySQL server has gone away[11:15:50] <[Jasper]> that's messed up[11:16:13] <Aprogas> !tell talin access[11:16:13] <knoba> talin: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[11:16:44] <[Jasper]> Aprogas it loks like a mysql problem[11:16:50] <[Jasper]> I use postfix in combination with mysql[11:17:25] <Aprogas> Probably some monthly maintainance script, most likely harmless.[11:17:44] <Aprogas> I guess if you proxy: your mysql: table, you'd work around that even.[11:18:21] <[Jasper]> hmm[11:18:25] <[Jasper]> but the mails don't get lost right?[11:18:30] <[Jasper]> with the temporary lookup failure?[11:18:58] <Aprogas> Correct.[11:21:40] <[Jasper]> Aprogas so what actually happens? it tries again later?[11:21:47] <[Jasper]> or just send a reply to the mail client trying to send it[11:21:55] <talin> how much time should one expect to spend maintaining a well-configured postfix server on a monthly basis? i know it depends on the number of users, but let's say 100, 1000, 10000 and 100000 users?[11:22:18] <talin> is it like a continuous job, or do you set it up and forget about it for a few weeks?[11:22:23] <Aprogas> I am pretty sure if you look at your logs more closely, you'd see a few more temporary failures, this would explain the delay=646 in delivery.[11:22:44] <[Jasper]> 3 times Aprogas[11:22:48] <[Jasper]> on the last 24 hours[11:23:11] <Aprogas> talin: If you do it right, and you don't have to do the administrative work of mananging users, it takes almost no attention.[11:24:55] *** TomHome has joined #postfix[11:26:51] *** master_of_master has quit IRC[11:28:50] *** master_of_master has joined #postfix[11:32:27] <[Jasper]> so it does little harm Aprogas I guess[11:32:48] <Aprogas> It delays your mail by a bit, and I already suggested using proxy: might alleviate that.[11:33:00] <Aprogas> If you really want to know what is causing it, you should look into your MySQL logs too.[11:33:18] <[Jasper]> around the same time then[11:34:29] <[Jasper]> hm[11:36:36] <[Jasper]> brb[11:37:07] *** [Jasper] has quit IRC[11:40:40] *** micols has joined #postfix[11:44:31] *** henriknj has quit IRC[11:49:07] *** hyper_ch has joined #postfix[11:49:25] <hyper_ch> getting a certificate error like this: Sep 14 09:06:51 cp postfix/smtp[13342]: certificate verification failed for ms-smtp2.unisg.ch[130.82.41.2]:25: untrusted issuer /C=CH/L=St. Gallen/O=University of St. Gallen/OU=Informatikbereich/CN=ms-smtp2.unisg.ch/ST=St. Gallen --> that's not a big deal, is it?[11:49:38] <Aprogas> !CApath[11:49:38] <knoba> Aprogas: Error: "CApath" is not a valid command.[11:49:40] <Aprogas> !CAfile[11:49:40] <knoba> Aprogas: Error: "CAfile" is not a valid command.[11:49:42] <Aprogas> !CA[11:49:42] <knoba> Aprogas: Error: "CA" is not a valid command.[11:51:02] *** Dosshell has joined #postfix[11:51:18] *** neekfenwick__ has quit IRC[11:52:30] <AlexC_> when using virtual; I'm confused as to who should create and own the mailboxes. I'd like mail to be in /var/mail/example.com/foo - but who should own it? I see virtual_uid_maps and virtual_gid_maps, but I'm very confused[11:53:12] <Aprogas> I recommend not using /var/mail since your OS might like to put special permissions on there.[11:53:45] <Aprogas> I'm not very good at explaining what I mean today.[11:54:10] <Aprogas> My point is your local user mailboxes and your virtual mailboxes should probably be in different directories, that will make handling permissions easier.[11:54:23] <AlexC_> ok, /var/mail/vhosts will do me just fine; though I still had the same issue with that. I'm getting: delivery failed to mailbox /var/mail/example.com/foo: unable to create lock file /var/mail/example.com/info.lock: No such file or directory[11:54:28] <Aprogas> Usually you'd create a user:group like vmail:vmail[11:54:57] *** Twinkletoes has joined #postfix[11:55:27] <AlexC_> is it a security issue if I was to use the 'postfix' user/group?[11:55:34] <Aprogas> Yes.[11:57:28] <AlexC_> ok, cool - I've created that user. So I should manually create /var/mail/vhosts and chown it to vmail:vmail and chmod 0750 ?[11:59:43] <Aprogas> I never worked with virtual mailboxes, I don't know.[11:59:59] <AlexC_> ah, ok[12:00:27] <AlexC_> thanks for the help so far[12:01:49] <jeroen_h> Is it possible to have a few email addresses of a certain format (*_ at hostname dot com) only be available for certain senders? For example boss at example dot com can send to it, but secretary can not?[12:02:07] <Aprogas> jeroen_h: I guess.[12:02:15] <Aprogas> !tell jeroen_h access[12:02:16] <knoba> jeroen_h: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[12:02:26] <Aprogas> Would probably be easily evaded though.[12:02:54] <jeroen_h> ok thanks , I'll look into that one[12:04:32] *** neekfenwick__ has joined #postfix[12:04:33] <AlexC_> hum, well I'm stumped by this. Can't see any mention in the docs regarding permissions[12:06:44] <Aprogas> Well, virtual_uid_maps is what virtual(8) will use when writing to the mailbox, so it must have permission.[12:07:00] <Aprogas> If you do that static: thing, it will always use the same user, but you can also make a file with seperate users.[12:07:09] <Aprogas> Where user in this context means local UNIX user.[12:08:08] <AlexC_> yep, I've got it to 'static:105' and 'static:110' for uid/gid respectively. Permissions are: http://paste2.org/p/987423[12:08:37] <AlexC_> but I am not getting a permission denied error. It's the 'No such file or directory' - surely I don't have to make all these directories my self?[12:08:56] <Aprogas> Are you running virtual in chroot?[12:09:36] <AlexC_> no, I've not set any chroot up for it - so unless that's default[12:10:23] <Aprogas> On some distros.[12:10:59] <AlexC_> Debian Lenny; I'm looking through 'postconf' now to see[12:13:02] <Aprogas> !debian[12:13:02] <knoba> Aprogas: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[12:13:09] <Aprogas> !master.cf[12:13:09] <knoba> Aprogas: "master.cf" : the process configuration file. Each logical line describes how a Postfix service will be run. See "man 8 pipe" for more information.[12:13:12] <Aprogas> !chroot[12:13:12] <knoba> Aprogas: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[12:24:55] <AlexC_> Aprogas: yep, virtual is not running in a chroot - though most other things are[12:27:41] <AlexC_> just a quick question; when running virtual domains with no local user accounts - how am I doing to handle authentication for them to login via IMAP for example?[12:28:16] <Aprogas> That depends on your IMAP server.[12:29:03] <AlexC_> I plan on using Dovecot, though I am open to suggestions; but I guess that is off-topic for here. But how would auth work for SMTP as well? That would be a similar situation[12:30:53] <Aprogas> How does it work for local users?[12:32:09] <AlexC_> no idea; they are local so already logged in I guess[12:32:37] <Aprogas> databases[12:33:21] <AlexC_> mmhmm, so I'd need local system users anyway to authentication them?[12:34:05] <Aprogas> No.[12:34:28] <Aprogas> There is nothing magical about /etc/passwd or its shadow variant, it's just users, hashed passwords, and possibly other fields.[12:34:40] <Aprogas> This can be in a file, in LDAP, in SQL, anything.[12:34:46] *** cpm has joined #postfix[12:35:00] <Aprogas> So long as whatever server you are using is capable of doing lookups to it.[12:35:45] <AlexC_> ok cool, I'll sort that out when I get to it - just wanted to make sure before I do this for no reason[12:36:13] *** shal3r has quit IRC[12:36:44] <AlexC_> hum, I just made the directory manually and it worked - it delivered it. That sucks; surely it should make them it's self?[12:39:24] <AlexC_> ah, how strange. Changing to Maildir fixed it[12:39:36] <AlexC_> interesting; ok - all working[12:44:41] *** ketema has joined #postfix[12:55:20] *** shal3r has joined #postfix[12:57:34] *** EagleWatch has quit IRC[12:58:41] *** pinoyskull has quit IRC[13:10:52] *** UQlev has quit IRC[13:15:56] *** car has quit IRC[13:15:58] *** johest|w has quit IRC[13:21:55] *** johest|w has joined #postfix[13:22:18] *** shal3r has quit IRC[13:22:22] *** brancaleone has joined #postfix[13:25:11] *** forsberg is now known as fOrsberg[13:39:51] *** sphenxes has quit IRC[13:40:39] *** amagee has joined #postfix[13:41:56] <amagee> hey i have a setup where i have a bunch of accounts that receive mail and store it on the server in virtual mailboxes, and also forward the mail to external addresses[13:42:34] <amagee> when i send mail to one of the addresses setup this way, the mail is forwarded to the desired address correctly, but i also receive a bounce e-mail saying that the mail couldn't be delivered[13:42:47] <amagee> so i'm assuming this is a problem with the virtual mailbox[13:43:42] <amagee> mail.info produces lines like: http://dpaste.com/243205/[13:44:40] <cpm> http://www.postfix.org/VIRTUAL_README.html[13:44:48] <amagee> but none of my config files refer to that long machine name any more (root at ec2-184-72-232-248 dot compute-1.amazonaws.com), or the root account[13:45:14] <cpm> specifically http://www.postfix.org/VIRTUAL_README.html#virtual_alias[13:45:39] <amagee> yeah that's one of the things i followed[13:45:47] <cpm> not close enough.[13:45:51] <amagee> evidently[13:45:55] <cpm> :)[13:46:02] <cpm> the mail loops back to myself is a pretty good tell[13:46:36] <cpm> "if you omit this setting" bit.[13:46:56] <amagee> i didn't omit it though[13:47:10] <cpm> so you say, I believe your logs.[13:47:10] <cpm> :)[13:47:57] <cpm> go revisit your various alias files, and be sure to run the postalias command if you've made changes.[13:48:32] <amagee> hmm.. postalias? i've only encountered postmap and 'postfix reload'[13:48:34] <amagee> that could be it[13:49:02] <Aprogas> sendmail-style aliases don't use the same format as most postmap input-files do[13:49:19] <amagee> so what should i run?[13:49:59] <Aprogas> I was stating a non sequitur mostly.[13:50:12] <amagee> yeah it went mostly over my head[13:51:26] <Aprogas> You usually wouldn't use sendmail-style aliases for your virtual alias file, but the format described in virtual(5) instead.[13:51:56] <Aprogas> So you'd use postmap, not postalias, but that doesn't change the fact you probably have something misconfigured.[13:52:02] <amagee> ok[13:52:12] <Aprogas> If you'd share your postconf -n, virtual, and other relevant configs, we can help you look for it.[13:52:15] *** ketema has left #postfix[13:52:21] <amagee> ok[13:52:44] *** bhagat has quit IRC[13:53:05] <amagee> main.cf: http://dpaste.com/243211/[13:54:22] <amagee> virtual is just a bunch of email addresses on the left, and other email addresses and mailboxes on the right[13:54:23] <amagee> so stuff like[13:54:37] <amagee> blah at mydomain dot com blah at gmail dot com,blah[13:54:51] <Aprogas> Yes, basically.[13:55:31] <amagee> can you see a misconfiguration?[13:55:34] <Aprogas> !tell amagee address_classes[13:55:34] <knoba> amagee: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[13:55:35] *** sphenxes has joined #postfix[13:56:24] <amagee> ermm[13:56:26] *** juergen_dose has joined #postfix[13:56:32] *** shal3r has joined #postfix[13:56:47] *** juergen_dose is now known as car[13:57:34] <amagee> can you be a bit more specific?[13:57:53] <Aprogas> Which address class is playfi.com?[13:58:25] <amagee> *reads*[13:58:47] <amagee> it's not local, as it doesn't deliver to traditional unix acounts[13:59:04] <Aprogas> correct.[14:00:06] *** xabbu has joined #postfix[14:00:31] <amagee> well see here's my issue[14:00:48] <amagee> i use virtual alias, since i want accounts to be aliased to remote addresses[14:01:03] <amagee> and i use virtual mailbox, since i want accounts to have their own mailboxes, which aren't traditional unix accounts[14:01:26] <Aprogas> It can be a bit confusing because both are called virtual.[14:02:16] <Aprogas> But virtual aliases get evaluated for virtual_mailbox_domains too.[14:02:31] <amagee> ok...[14:02:31] <Aprogas> In fact, I think virtual aliases get evaluated for everything, since everything goes through cleanup.[14:03:08] <amagee> ok[14:03:45] <amagee> i still have no idea what to do though[14:04:05] <Aprogas> Remove virtual_alias_domains and see what happens.[14:04:31] <Aprogas> It might not solve your routing error, but it might put you one step closer.[14:04:51] <amagee> i tried that just before but it didn't seem to change anything[14:04:52] <amagee> trying again[14:05:19] <Aprogas> You should provide more logs then.[14:05:31] <Aprogas> From start to end of one attempted delivery.[14:05:36] <amagee> ok[14:06:52] <amagee> ok here's an exceprt from mail.info: http://dpaste.com/243215/[14:09:58] <Aprogas> Who is sending mail to that @longhostname address?[14:10:23] <amagee> that's the same machine as playfi.com[14:10:54] <amagee> so i send from amagee at tpg dot com.au to andrew at playfi dot com[14:11:47] <Aprogas> grep andrew at playfi dot com virtual[14:12:08] <Aprogas> cat /etc/mailname[14:12:18] <amagee> ah, bingo[14:12:19] *** wdp_ has quit IRC[14:12:21] <amagee> i didn't know about /etc/mailname[14:12:34] <Aprogas> I think that's some Debian oddity.[14:12:39] <amagee> could be[14:13:06] <Aprogas> In my opinion you should handle mail to your canonical name better though.[14:13:13] <amagee> what do you mean[14:13:23] <Aprogas> Right now your Postfix doesn't consider it local, so it tries to route it to the Internet, to find out itself is the destination.[14:13:40] <amagee> how can i improve that[14:13:50] <Aprogas> Not sure, I am having a confused day.[14:14:03] <amagee> hehe that's ok, i think you've fixed my problem[14:14:14] <amagee> i'm not really worried about efficiency for the number of e-mails we're receiving atm[14:14:15] <Aprogas> you are sending bounces, that is a problem[14:14:26] <amagee> nah, no bounces anymore[14:14:47] <amagee> /etc/mailname fixed that[14:15:27] <Aprogas> What if someone explicitly addresses their mail to @longhostname ?[14:15:36] <amagee> then bad luck[14:15:49] <amagee> no one cares :P[14:15:58] <Aprogas> What if they do it from a forged MAIL FROM address?[14:16:35] <amagee> umm, what implications would that have[14:16:36] <Aprogas> Actually it seems now you just reply relay denied, which is better.[14:17:22] <Aprogas> I thought your machine was at first accepting mail to @longhostname and then bouncing after detecting the loop, which would lead to backscatter.[14:17:54] <Aprogas> Spammers send emails to servers that they know will bounce, and they set their envelope-from to their intended victim, so the mailserver is doing their dirty work.[14:18:39] <amagee> what is envelope-from[14:20:57] <Aprogas> The from address specified in the SMTP-envelope, as opposed to the RFC822-headers.[14:22:14] <amagee> right[14:22:35] <Aprogas> That's where bounces go.[14:22:41] *** fOrsberg is now known as forsberg[14:22:43] <Aprogas> Well, sort of.[14:22:47] <amagee> oh ok[14:22:49] <amagee> i see[14:22:50] <Aprogas> Anyway, the point is, it is easily forged.[14:22:54] <amagee> yep[14:26:48] *** Vivek has joined #postfix[14:27:11] *** Vivek has joined #postfix[14:27:30] *** siert has joined #postfix[14:28:45] <amagee> anyway, thanks a lot for your help[14:30:11] <siert> I want to redirect mail to the postmaster if the header contains 'X-y-z: bla' more then 10 times. Is that possible with header_checks and does anybody have a good example?[14:34:14] *** kuttan_1 has joined #postfix[14:35:01] *** kuttan_2 has joined #postfix[14:36:35] *** amagee has quit IRC[14:37:15] *** kuttan_1 has quit IRC[14:37:15] *** kuttan_2 has quit IRC[14:38:27] <AlexC_> which authentication methods are suggested to use? We will be allowing non-tls connections as well[14:40:37] <lunaphyte_> why?[14:40:59] *** car has left #postfix[14:41:07] <lunaphyte_> allowing authentication not protected by tls is a bad idea.[14:41:25] <AlexC_> lunaphyte_: sure, I know - but we need it for backwards compatibility[14:41:30] <Aprogas> I think there exist some mechanisms that can safely work in plaintext, but they are all a bit weird.[14:41:44] <Aprogas> Backwards compatibility with what? TLS is industry-standard for ages.[14:42:00] <lunaphyte_> backwards compatibility with what?[14:42:42] <AlexC_> for our clients, many of them conect to mail.their-domain.com - which of course we have no certificate for[14:42:57] <AlexC_> we only have certs for mx1.example.com etc[14:43:48] <Aprogas> Using "fake" certs is pretty common in the mailserver world.[14:44:07] <AlexC_> that'll pop up a message to the client though, at least with some clients[14:44:30] <Aprogas> I guess it could.[14:44:48] <AlexC_> also, many of our clients are not configured to use TLS, so massive ball-ache[14:44:48] <Aprogas> You'd be amazed at what changes people are willing to accept under the guise of security.[14:45:10] <lunaphyte_> so presumably, many client are then not configured to use authentication either?[14:45:10] <AlexC_> I dunno; our clients are dumb[14:45:11] <Aprogas> "Terrorists are looking for your passwords, don't let the terrorists win, you don't hate America do you? Use TLS now!"[14:45:20] <lunaphyte_> *clients[14:45:32] <AlexC_> lunaphyte_: yes, plain[14:45:33] <Aprogas> If any of you clients refuse, report them to the DHS for aiding terrorism.[14:45:40] <jduggan_> Aprogas: not really, all depends if youre in the SP world or the enterprise[14:45:41] <AlexC_> Aprogas: =)[14:45:53] <lunaphyte_> so then you are going to be forcing a change anyway?[14:46:07] <Aprogas> There is stuff like CRAM-MD5 and other things, I don't know much about how those work.[14:46:24] <AlexC_> lunaphyte_: I'm just looking into different options and am trying to see if such change is feasable[14:46:41] <AlexC_> but essentially you're saying - keep with plain & use TLS?[14:47:06] <lunaphyte_> any c/r sasl mechs are not secure enough to be used without encryption.[14:47:29] <lunaphyte_> sigh. that was poorly worded.[14:47:43] <lunaphyte_> no c/r sasl mechs are secure enough to be used without encryption.[14:47:47] <Aprogas> I have a poor wording day as well. Must be that photon belt again.[14:49:58] <Aprogas> As I suspected, using something like CRAM-MD5 reduces security on the other end, since the server needs the password in mostly plaintext.[14:50:46] <lunaphyte_> right.[14:51:36] *** wdp has joined #postfix[14:53:23] *** Vivek has quit IRC[14:55:07] *** klem has quit IRC[14:59:54] <thumbs> just use tls![15:00:19] <AlexC_> if I can, I shall[15:01:41] <Aprogas> Turned out that "Untrusted" TLS was just a harmless warning mostly.[15:02:21] <AlexC_> indeed, I know it's just a warning - but trust me, if I was to do the change right now on our current mail server - we'd have many many calls coming in within 10 minutes regarding it[15:02:31] *** Section1 has joined #postfix[15:02:52] *** klem has joined #postfix[15:02:56] *** klem is now known as Klem[15:03:42] <sysmonk> AlexC_: 10 minutes? you have very slow clients then[15:03:51] <sysmonk> i start getting the calls after less than a minute[15:05:08] <AlexC_> yep, slow, dumb clients is what we have[15:05:23] <roe> I make sure to forward my phone to rob0 before I do anything to my mail server[15:05:25] <sysmonk> we have the same, except not slow :)[15:06:17] *** Vivek has joined #postfix[15:07:08] *** Vivek has joined #postfix[15:12:29] *** cps0 has joined #postfix[15:13:01] *** TomHome has quit IRC[15:26:28] *** juergen_dose has joined #postfix[15:26:47] *** juergen_dose is now known as car[15:27:56] *** bluethundr has joined #postfix[15:29:02] *** leobaillard has joined #postfix[15:31:14] *** EmperorT1m has joined #postfix[15:33:18] <EmperorT1m> does the transport_maps parameter accept multiple arguments? I thought I had read somewhere that it did, but I am noticing that it doesn't seem to work. My transport_maps line is as follows: transport_maps = hash:/usr/local/etc/postfix/transport ldap:/usr/local/etc/postfix/ldap-transport.cf[15:34:37] <lunaphyte_> what's indicating to you that it's not working?[15:36:38] <leobaillard> hi there ! I don't know if you remember me, I went here a week ago because I had a virtual alias problem on my installation (with MySQL), but I had to leave early and couldn't find a solution. I'd like to solicitate your services again if you may. Here is the log output when sending a mail to an alias : http://pastebin.com/CaqdStMp . Here is my postconf -n : http://pastebin.com/XmFMHV0N .[15:41:13] <EmperorT1m> lunaphyte_: most of our lookups are handled by the ldap-transport map. The hash table specifies a couple of email addresses that do not exist in ldap. The oddballs in the hash table recently started being used and now I'm seeing "Recipient address rejected: User unknown in local recipient table" bounces.[15:41:32] <EmperorT1m> Apparently I neglected to test that when I originally configured this system[15:45:12] <Aprogas> leobaillard: Have you used postmap -q to verify the correct alias and mailbox entries exist?[15:45:33] <Aprogas> leobaillard: Why are you using mailbox.cf as alias map too?[15:46:12] <Aprogas> EmperorT1m: local_recipient_maps only applies to addresses handled by local(8)[15:46:29] <leobaillard> Aprogas: the first one is checking the alias and getting the destination, the second one get the mailbox from the rewrited address[15:46:38] <Aprogas> EmperorT1m: By default it doesn't consult your LDAP-table, but it could, if those are local recipients.[15:46:58] <Aprogas> EmperorT1m: Which sounds a bit unlikely to me, since that would mean your UNIX users exist in LDAP, not a local passwd file.[15:47:38] <Aprogas> leobaillard: I haven't seen it get used like that before.[15:47:39] <EmperorT1m> Our UNIX accounts actually are stored in ldap.[15:47:52] <Aprogas> EmperorT1m: postconf -d local_recipient_maps[15:48:00] <Aprogas> EmperorT1m: I think things will become more clear then.[15:48:25] <leobaillard> Aprogas: oh ? maybe it's my fault then, but I think I found this method in a tutorial a while ago, maybe it's outdated. How would you have it ?[15:48:38] <Aprogas> EmperorT1m: Why are you using transport_maps? Do you really need to?[15:48:46] <Aprogas> !tell leobaillard tutorial[15:48:46] <knoba> leobaillard: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[15:48:48] <Aprogas> !tell leobaillard virtual[15:48:48] <knoba> leobaillard: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[15:49:22] *** Schnoobby has quit IRC[15:53:27] *** cybor0 has joined #postfix[15:53:33] <cybor0> hello[15:54:08] <cybor0> i configure postfix with virtual mailbox everything is ok[15:54:24] <cybor0> but now account in home directory dos'nt work[15:54:42] <cybor0> how configure virtual and account in home directory together[15:55:37] <EmperorT1m> Aprogas: It's been a while since I had to touch any of my postfix configs, but I believe it is necessary. This server is, for the most part, just a relay. All email from our colo servers is relayed via that machine, a couple accounts are delivered locally, but the vast majority is relayed to another server.[15:56:18] <Aprogas> cybor0: I guess you should use virtual aliases to rewrite all mail addressed to the users that are real local UNIX users.[15:56:46] <Aprogas> cybor0: A domain can only be in one addresses class, so you need to use a seperate domain for that (e.g. the hostname of the machine, or if you must @localhost)[15:57:18] <cybor0> thenks Aprogas[15:58:00] <Aprogas> cybor0: Alternative you can use virtual_uid_maps to make the mailboxes of the existing users get owned by their own user, and then just symlink from their homedir[15:58:10] <Aprogas> cybor0: You should choose which works best for you.[15:58:50] <cybor0> Aprogas so my orgin maste domain should be in mysql database too[15:58:50] <Aprogas> EmperorT1m: For a while it seemed as if you were using transport_maps to direct certain addresses to local:[15:59:03] <Aprogas> cybor0: I'm not sure what you mean by that.[15:59:04] *** UQlev has joined #postfix[15:59:09] <Aprogas> !tell cybor0 address_classes[15:59:09] <knoba> cybor0: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[15:59:34] <Aprogas> cybor0: You should make sure to understand that, or you will get very confused when changing which email goes where.[16:03:48] <cybor0> Aprogas for example i have myorgin domain 123.pl, unix username "userros", and virtual box "test at test dot pl", in mysql database are table domain and address[16:04:24] <cybor0> Aprogas in table domain i have test.pl in address table i have test at test dot pl[16:04:39] <Aprogas> Do the local users and the virtual users have to be in the same domain?[16:05:13] *** Schnoobby has joined #postfix[16:05:45] *** talin has quit IRC[16:05:46] <cybor0> Aprogas now virtual account are ok i cant imap test at test dot pl but i can't imap userros at 123 dot pl[16:06:46] <cybor0> Aprogas and i dont't now why should i do add userros@123 to addres table im mysql and add domain 123.pl do this table too[16:07:08] <Aprogas> !tell cybor0 why[16:07:09] <knoba> cybor0: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[16:07:14] <cybor0> Aprogas 123.pl to domain ttable in mysql[16:07:38] <Aprogas> I am getting the impression you are following some tutorial, without really knowing what it does.[16:08:32] <cybor0> i do it firs time[16:09:36] *** denis_ has quit IRC[16:09:41] <Aprogas> Maybe you shouldn't start with SQL-backed virtual mailboxes, but with something simpler.[16:09:44] <Aprogas> !tell cybor0 basic[16:09:44] <knoba> cybor0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[16:12:27] <cpm> fukers! netsol is doing a wildcard A for *.co[16:12:28] <leobaillard> Aprogas: I followed the instructions in the postfix howto regarding mail forwarding. I left virtual_alias_domains empty as all the domains are already set in virtual_mailbox_domains and because postfix dosen't want it to be repeated, but I still get the "unknown user" error[16:12:44] <cpm> so my mailserver is accepting mail for delivery to domain.co mistypes.[16:12:48] <Aprogas> Isn't .co like columbia or something?[16:12:52] <cpm> Aprogas, yes[16:13:01] <Aprogas> And netsol is NIC for .co too?[16:13:02] <cpm> which is fine, except for the wildcard[16:13:20] <cpm> domain jacking AGAIN,[16:13:25] <cpm> those rat bastards.[16:13:50] <Aprogas> Why is your mailserver accepting mail for any domain.co mistype? Do you mean as outgoing?[16:14:45] <Aprogas> leobaillard: Please show your updated configuration.[16:16:09] <cpm> Aprogas, No, it turns out that some slimy bastards down in operations registered all of our domains under the .co[16:16:14] <cpm> and never bothered telling me.[16:16:16] <leobaillard> Aprogas: http://pastebin.com/LKyt5WXg[16:16:20] <cpm> so, I was out of line.[16:16:27] <cpm> it's not netsol, they are just placeholding.[16:16:32] <cpm> fukerz![16:16:35] <Aprogas> cpm: So no wildcard record? :)[16:17:07] <cpm> Aprogas, no, I was getting an A return for everthing I checked, so I 'assumed' a wildcard[16:17:30] <cpm> then I went outside the stuff we do, and they went unanswered.[16:17:42] <Aprogas> sdjhfsdiu is usually a good random string to check :)[16:18:03] <Aprogas> Even though it is not at all random but mostly determine by my keyboard layout and the shape of my hand :)[16:19:37] <Aprogas> leobaillard: do a postmap -q for the address on both your aliases.cf and your mailboxes.cf, and also for the domain-part on domains.cf[16:20:38] <EmperorT1m> Aprogas: the result of LDAP lookup implies local delivery for the handful of local accounts, smtp delivery for everything else.[16:20:53] <Aprogas> EmperorT1m: Ok.[16:20:58] * EmperorT1m tries to get in the mindset of six months ago when this was configured.[16:21:19] <Aprogas> I prefer not mixing address classes on the same domain, less headache later. :)[16:22:14] <Aprogas> But I understand that's not always possible in the real world.[16:22:54] *** cybor0 has quit IRC[16:23:08] *** cybor0 has joined #postfix[16:24:30] <leobaillard> Aprogas: you mean the alias address or the rewrited address ?[16:24:56] <EmperorT1m> Agreed, these local accounts are irritating exceptions, dropboxes that receive 10k+ automated messages per day. Our upstream mailhost doesn't much appreciate that.[16:25:10] <Aprogas> leobaillard: Start with the address that the outside world sends to. Then whatever aliases.cf returns, check that against mailboxes.cf[16:27:16] <leobaillard> Aprogas: http://pastebin.com/GqNYJERK[16:27:25] <Aprogas> lol JERK[16:27:51] <Aprogas> There pastebin URIs sometimes get a little weird.[16:27:58] <leobaillard> :)[16:28:14] <Gambaroni> Is it possible to do relayhost = 10.0.0.1 10.0.0.2?[16:28:14] <AlexC_> I'm getting "SASL PLAIN authentication failed" when trying to auth via SMTP - which is strange as it uses Dovecot SASL and I can login just fine via IMAP with these credentials[16:28:23] <Gambaroni> to use two relayhosts[16:29:01] *** thumbs has quit IRC[16:29:20] <Aprogas> leobaillard: Also do a postmap -q leoserveur.org on domains.cf[16:29:51] <leobaillard> Aprogas: it's returning it correctly[16:30:58] <Aprogas> oh lol, I'm blind[16:31:03] <Aprogas> receive_override_options = no_address_mappings[16:31:13] <Aprogas> Why did you do that?[16:35:17] <leobaillard> that *may* have had something to do with either spamassassin, amavis or pyzor/razor. I'm not sure cause at the time this file was created, I wasn't the only one working on it and I can't get in touch with the other person that was working on it... but I guess, after reading the manual, that it could prevent a lot of things if the filter is not executed or not present, right ?[16:36:12] <Aprogas> It makes sense if you run a content_filter and do the address mapping on reinject, but it doesn't make sense if address mappings never happen.[16:37:04] <f3ew> Gambaroni no[16:37:18] <f3ew> you could use a relayhost with two MX records[16:37:26] <leobaillard> yeah, I just figured... I didn't see it either... :/ So I guess that when I reinstalled the server, I forgot to reinstall those filters and that explains why it was working perfectly before with the same configuration. Thank you very much for pointing it out :)[16:39:07] <leobaillard> and.... it works :)[16:40:06] <AlexC_> I'm getting "SASL PLAIN authentication failed" when trying to auth via SMTP - which is strange as it uses Dovecot SASL and I can login just fine via IMAP with these credentials[16:40:06] <leobaillard> Aprogas: I know need your advice : do you consider pyzor/razor to be a useful stuff or should I not reinstall it ?[16:40:47] <Aprogas> leobaillard: Depends on your specific situation. I have been using them for a long time, and they worked fine. But recently I have moved my spamfiltering further forward, and that seems to be highly effective.[16:41:24] <leobaillard> okay, thanks a lot :)[16:41:37] <lunaphyte_> !ymmv[16:41:37] <knoba> lunaphyte_: Error: "ymmv" is not a valid command.[16:41:40] <lunaphyte_> !tias[16:41:40] <knoba> lunaphyte_: "tias" : Try It And See[16:42:45] <Aprogas> I'm curious to see how well Postfix restrictions + postfwd + postgrey will work in a real world situation to block spam. If it works well enough, one could forsake a spamfilter altogether to save resources.[16:43:05] <Aprogas> spamfilter as in one of those bloated regexp, bayesian, analyse tools[16:44:08] <cybor0> thenks Aprogas i understand what should i do[16:44:20] *** skeeved has joined #postfix[16:44:22] <Aprogas> cybor0: So you are going to start simple?[16:46:53] <cybor0> Aprogas rather no i don't have time fotr that i have to this very fast and i am not administrator[16:47:09] <Aprogas> !tell cybor0 googleapps[16:47:09] <knoba> cybor0: "googleapps" : Google Apps - http://www.google.com/a/ - A free service provided by Google to have your email and other services hosted by them[16:47:21] *** siert has quit IRC[16:47:38] <Aprogas> Setting up your own mailserver is not the fastest way to get your mail working.[16:47:48] <seekwill> :D[16:48:04] *** e-jones has quit IRC[16:48:18] <cybor0> Aprogas thenks but maybe i learn something new i'am programmer[16:48:48] <cybor0> Aprogas one more time thenks and have nice day[16:50:09] <seekwill> thenks Aprogas[16:52:16] *** saurabhb has quit IRC[16:54:06] *** AlexC_ has quit IRC[16:55:18] *** karlgus has quit IRC[17:12:25] *** ecrist has joined #postfix[17:13:23] <EmperorT1m> So returning to my original question. Should I be able to specify multiple arguments to transport_maps, like so: transport_maps = hash:/usr/local/etc/postfix/transport ldap:/usr/local/etc/postfix/ldap-transport.cf[17:13:34] <Aprogas> Yes.[17:13:49] <Aprogas> I think tables are checked left-to-right and the first match wins.[17:13:58] *** JoKoT3 has quit IRC[17:15:06] <EmperorT1m> hrm, because the address I am having trouble with is listed in the left-most table (the hash).. foo at bar dot com smtp:[17:18:58] *** JoKoT3 has joined #postfix[17:22:42] *** rajijoom has quit IRC[17:22:43] *** cybor0 has quit IRC[17:22:50] *** car has quit IRC[17:27:06] *** juergen_dose has joined #postfix[17:40:59] *** henriknj has joined #postfix[17:43:39] *** Alagar has joined #postfix[17:53:17] *** neekfenwick__ has quit IRC[17:56:19] *** Lap_64 has quit IRC[17:56:22] *** Schnoobby has quit IRC[17:57:40] <EmperorT1m> I turned up the verbosity on trivial-rewrite and it appears that process does find the appropriate entry in the hash table and recognizes that the transport is smtp. However, it still rejects the message. http://pastebin.org/867877[18:00:43] <Aprogas> Is bar.com also in mydestination? That might make local_recipient_maps still apply, even if transport_maps overrides the transport.[18:02:57] *** leobaillard has left #postfix[18:05:32] <EmperorT1m> it is, and that thought had crossed my mind. However, the configuration works for any email address yanked out of ldap[18:07:10] *** juergen_dose has quit IRC[18:07:17] <Aprogas> I'm not sure if passwd.byname automatically uses LDAP if your system-logins use LDAP.[18:07:26] <Aprogas> Try: postmap -q someuser unix:passwd.byname[18:08:08] <seekwill> rob0: Ping![18:14:31] *** makomi has quit IRC[18:16:27] *** Wilkins has quit IRC[18:18:20] *** smica has joined #postfix[18:20:05] *** tomocha6 has quit IRC[18:26:07] *** tomocha6 has joined #postfix[18:27:52] *** Vivek has quit IRC[18:32:33] *** _znull is now known as znull[18:32:35] *** znull has joined #postfix[18:33:32] *** deadpigeon has joined #postfix[18:40:38] *** Vivek has joined #postfix[18:44:57] *** ssureshot has joined #postfix[18:45:37] *** Jippi_mac has joined #postfix[18:48:31] *** macsim has joined #postfix[18:48:58] <macsim> hi I use postfix-mysql the line mailbox_command = procmail -a "$EXTENSION" is useless ? thanks[18:49:43] <Aprogas> That really depends on your setup.[18:50:02] <Dominian> it rings a bell...[18:50:18] <Dominian> and if you are doing true virtual mailboxes.. I don't think procmail works.. but I could be wrong.[18:50:31] <macsim> Aprogas, if I add alias root > root@mydomain it will never been use ?[18:51:13] <f3ew> macsim if the domain is in mydestination, then alias_maps will be used[18:51:46] <macsim> f3ew, oki[18:52:14] <macsim> and last question I didn't found documentation about email dir autocreation, I mean I add user in mysql I sent it the first email, how can I auto create /var/emails/domain/{USER} folder for Maildir[18:53:33] <Aprogas> MySQL is database-software, it's just one of the table-types that Postfix can use, it's not related to virtual mailboxes per se.[18:54:38] <macsim> Aprogas, I know, my problem is I add user in mysql I sent him a welcome message but how can I manage the Maildir folder creation for the account ? should I allways create /var/mail/domain/user folder by myself ?[18:56:09] <Aprogas> I'd assume mailboxes/Maildirs are automatically created when needed, so long as virtual(8) has the right permissions.[18:56:55] <macsim> Aprogas, ok all I have to do is be sure /var/mail is vmail's rights ?[18:57:00] <Dominian> the mailbox should be created upon first email receipt[18:57:32] <macsim> Dominian, I though welcome email will "force" postfix to create email home folder[18:57:46] <Dominian> postfixadmin?[18:57:53] <macsim> Dominian, no I don't use it[18:57:58] <Aprogas> macsim: Personally I wouldn't use /var/mail because that's already the place of local users to get their mail. You could make a subdirectory of /var/mail/vhosts or create /var/vmail[18:58:01] <Dominian> Then what welcome email are you talking about?[18:58:22] <Dominian> just make sure that your virtual mailbox path is owned by the virtual uid/gid that you setup etc[18:58:30] <Dominian> or autocreation won't work[18:58:32] <macsim> Aprogas, I know in fact I use /home/virtual folder with this structure /home/virtual/domain/users[18:59:08] <macsim> Dominian, oki so just be sure /home/virtual is vmail:vmail perfect thanks a lot[18:59:09] <Aprogas> I too "abuse" /home for anything that is big, because it is usually my biggest partition.[18:59:18] <Dominian> heh[18:59:38] <Aprogas> Technically www, ftp and samba are all users, so they should have a home.[18:59:40] <macsim> Aprogas, yes my FAI create a 750G RAID /home so ...[19:00:18] <macsim> Aprogas, not if you create them with --no-create-home[19:00:39] <macsim> ok thanks a lot[19:06:12] *** juergen_dose has joined #postfix[19:06:24] *** juergen_dose is now known as car[19:15:41] <rob0> seekwill seekrob0[19:15:47] *** UQlev has quit IRC[19:20:01] *** robotarmy has quit IRC[19:20:40] *** car has quit IRC[19:20:48] *** robotarmy has joined #postfix[19:21:21] *** mroe has joined #postfix[19:33:38] *** juergen_dose has joined #postfix[19:33:47] *** juergen_dose is now known as car[19:34:23] *** Motoko-chan has joined #postfix[19:47:09] *** Matic`Makovec has quit IRC[19:50:29] *** Matic`Makovec has joined #postfix[19:53:46] *** kreign has joined #postfix[19:54:31] *** Twinkletoes has quit IRC[19:55:44] <kreign> hi, I'm trying to understand the order in which a postfix main.cf is processed. I've got several hosts with multiple mynetworks_style = definitions (one with = host, and one = subnet) and I'm wondering why it may be like this.[19:57:47] <jelly> how di I setup a limit on maximum messages sent in one smtp session? Yahoo wants this to be <= 20[19:58:26] <Aprogas> kreign: You mean you have multiple mynetworks_style in the same main.cf ?[19:58:39] <kreign> Aprogas, yep.[19:58:48] <Aprogas> That doesn't sound right. Are you sure it's not master.cf ?[19:59:28] <kreign> Aprogas, mynetworks_style = host and mynetworks_style = host and mynetworks_style = subnet[19:59:33] <kreign> Aprogas, yes, 100% certain.[19:59:57] <Aprogas> You should pick at most one mynetworks_style, and I think that gets trumped anyway if you set mynetworks.[20:00:18] <kreign> yeah that's what I sort of figured.[20:00:26] <jelly> smtp(8) mentions connection caching settings, but I see no tunable to limit the total number of messages for a single session[20:00:26] <kreign> Aprogas, however, it's not behaving that way.[20:00:32] <kreign> mynetworks_style = host is set first[20:00:52] <kreign> and mynetworks is defined[20:01:01] <kreign> but I can't use the host as a smart relay.[20:01:07] <kreign> not sure where the configuration option for that may be.[20:01:20] <kreign> I'd -thought- it should be 'mynetwork'[20:02:08] <Aprogas> jelly: Do you mean for TLS?[20:02:26] <Aprogas> kreign: I'm not sure what precisely you are asking.[20:02:51] <jelly> Aprogas: no.[20:04:02] <Aprogas> Oh, that scache thing.[20:04:23] <jelly> Aprogas: Yes. I see my smtp client reach conn_use=20 (as explained in CONNECTION_CACHE_README) and I want to limit it to eg. 19[20:13:11] *** car has left #postfix[20:24:50] *** Niemi has joined #postfix[20:27:08] <kreign> Aprogas, basically it looks like there may be 3rd mechanism being employed / the mynetworks list is not getting considered when trying to use the host as a smart relay host.[20:27:37] <kreign> Aprogas, I'm wondering if there's another way to say "accept mail for this domain, whether we're the recipient or not"[20:27:49] <kreign> as I've only got a single domain I want to relay for.[20:28:03] <Aprogas> kreign: Have you changed any of the default _restrictions ?[20:29:28] <kreign> Aprogas, I have not; but I'm not intimate with postfix and I inherrited the system. (not even sure where I'd set those)[20:30:04] <Aprogas> Please pastebin your postconf -n[20:31:38] *** daguz has quit IRC[20:32:16] *** daguz has joined #postfix[20:32:44] *** daguz has quit IRC[20:33:22] *** daguz has joined #postfix[20:36:48] <kreign> Aprogas, http://pastebin.ca/1940799[20:37:45] *** ecrist has quit IRC[20:39:56] *** EmperorTom has joined #postfix[20:40:44] <Aprogas> I cannot reach pastebin.ca right now[20:41:32] *** EmperorT1m has quit IRC[20:43:40] *** thumbs has joined #postfix[20:44:25] *** EmperorTom has quit IRC[20:44:59] *** EmperorTom has joined #postfix[20:45:12] <kreign> Aprogas, have a preferred pastebin then?[20:48:44] <Aprogas> I like pastie.[20:48:57] <Aprogas> seems .ca works again[20:49:20] *** EmperorTom has quit IRC[20:49:28] <Aprogas> kreign: You are using custom restrictions.[20:49:59] *** EmperorTom has joined #postfix[20:51:53] <Aprogas> kreign: mynetworks only takes IP-address (or CIDR ranges) as arguments by the way[20:52:21] <kreign> Aprogas, huh. that's kinda interesting on account of the whole "you need DNS to make mail work"[20:52:32] <seekwill> heh[20:52:35] <kreign> Aprogas, sorry, I should've read through the cf file better.[20:53:22] <Aprogas> Access policy isn't usually based on DNS, although now with DNSSEC being more common, in theory it could be.[20:53:55] <Aprogas> IP-based or SASL-login are the most common ways of determining who can relay.[21:01:34] *** brancaleone has quit IRC[21:09:26] *** DogWater has quit IRC[21:18:33] *** f0rpaxe has quit IRC[21:27:32] *** cpm has quit IRC[21:47:32] *** brancaleone has joined #postfix[21:52:14] *** xabbu has quit IRC[22:03:05] *** undone has joined #postfix[22:03:42] *** undone has quit IRC[22:12:47] *** fahadsadah has quit IRC[22:12:50] *** micols has quit IRC[22:15:39] *** fahadsadah has joined #postfix[22:17:01] *** micols has joined #postfix[22:20:56] *** rz has joined #postfix[22:22:00] <rz> hello[22:22:54] <rz> problem: postfix doesn't answer to telnet on port 25 from an external address, but at the same time receives mail sent from the same machine (via mutt)[22:23:10] <rz> anyone has any idea what the problem could be?[22:23:15] *** nb has quit IRC[22:23:41] <Aprogas> Could be many things.[22:23:51] <Aprogas> !tell rz welcome[22:23:51] <knoba> rz: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[22:23:53] <Zerberus> rz: check that Postfix is bound to the public interface, check that port25 is not firewalled[22:24:24] *** hyper_ch has left #postfix[22:25:58] <rz> zerberus: postfix is bound to TCP *:25, iptables -L is empty[22:26:57] <adaptr> rz: mutt doesn't use SMTP to talk to postfix. pastebin the result of netstat -plnt |grep master[22:29:16] <rz> adaptr: here: http://pastebin.ca/1940868[22:31:08] *** Niemi has quit IRC[22:31:36] *** niki_ has joined #postfix[22:31:46] *** nadia has joined #postfix[22:32:14] <nadia> Hi Bonsoir ![22:32:27] <adaptr> rz: fail[22:32:36] *** cambazz has joined #postfix[22:32:44] <rz> adaptr: please enlighten me :|[22:33:11] <adaptr> that URL is fail. I cannot access it.[22:33:17] <rz> oh[22:33:21] <Aprogas> pastebin.ca is being a bit troublesome from .nl it seems[22:33:21] <cambazz> hello, all of a sudden i can not send mail. thunderbird says it could not connect to my mail host, but when I telnet mailhost 25 the port is open and postfix is running. where can i start to debug the problem[22:33:26] <rz> i'll try another[22:33:30] <Aprogas> !tell cambazz logs[22:33:30] <knoba> cambazz: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[22:33:41] <adaptr> Aprogas: it's all thumbs' fault[22:34:02] <cambazz> knoba: well logs are going to /var/log/mail.log but there 's nothing there[22:34:48] <adaptr> !no_logs[22:34:48] <knoba> adaptr: "no_logs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[22:35:23] <rz> adaptr: http://paste-bin.com/view/1c15b651[22:35:29] *** mroe has quit IRC[22:35:37] <rz> cyrmaster is cyrus imap fwiw[22:36:05] <adaptr> rz: there is a firewall in the way. something is blocking port 25[22:36:05] <cambazz> knoba: i have things in my mail.log, just nothing that points to an error[22:36:10] <Aprogas> rz: some postconf -n and logs would be useful[22:36:31] <cambazz> bye the way this was working until yesterday.[22:36:34] <cambazz> nothing was changed[22:36:35] <Aprogas> cambazz: what error does thunderbird give? is it connection to the right host? is that port open?[22:36:41] <cambazz> it has been working for 1 year[22:36:41] <adaptr> rz: ALL of postconf -n and SOME logs would be better, even[22:36:48] <nadia> someone is free and can help me to resolve my problem ? a small description : i've installed postfix with pgsql to make virtual users but i still can't send mail.. i'm gonna go crazy someobody can help ?[22:37:02] <adaptr> nadia: can you send mail without postgres ?[22:37:14] <nadia> yes i can[22:37:18] <adaptr> show us[22:38:12] <nadia> just a minute[22:38:18] <cambazz> i will be back, i think it is getting a stale host name[22:38:19] <seekwill> spam adaptr ![22:38:19] *** cambazz has quit IRC[22:40:00] <nadia> when i try to send mail using telnet to a rcpt in my virtual table i get an error message "Recipient address rejected: User unknown in local recipient table"[22:40:38] <Aprogas> !tell nadia address_classes[22:40:38] <knoba> nadia: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[22:40:42] <nadia> but i installed roundcube webmail, and i can log in a virtual user mailbox with NO problem[22:41:33] <nadia> tks knoba i'm gonna check it out[22:41:46] <Aprogas> !knoba[22:41:46] <knoba> Aprogas: "knoba" : an informational bot in this channel (see http://workaround.org/f=postfix)[22:42:43] <nadia> but do u find it logic that i can log in roundcube with a virtual account but i get the error "Recipient address rejected: User unknown in local recipient table" when i try to send a mail using telnet ?[22:43:08] <Zerberus> nadia: one has not to do with the other[22:43:12] <thumbs> nadia: we don't know what roundcube is doing on your system, nor do support it.[22:43:30] <thumbs> nadia: if you get that error with telnet, your postfix server is likely misconfigured.[22:44:22] *** nb has joined #postfix[22:44:35] <rz> postfix conf: http://paste-bin.com/view/9873b740, logs: http://paste-bin.com/view/167d9836[22:44:35] <nadia> roundcube is a simple webmail interface[22:44:57] <thumbs> nadia: regardless, this is not #roundcube[22:45:11] <Zerberus> nadia: you do not login to postfix with roundcube[22:45:20] <nadia> yep i know i'm asking about postfix[22:45:25] <nadia> just mentionned it[22:45:36] <nadia> i have no problem to ask for roundcube[22:45:42] <Zerberus> nadia: just read the doc about address_classes and understand the difference between virtual and local[22:46:30] <Zerberus> nadia: hint, you *think* you have configured a virtual domain, while postfix is *configured* to treat that domain as local[22:47:02] <Aprogas> rz: warning: do not list domain r2dev.ro in BOTH mydestination and virtual_mailbox_domains[22:47:18] <rz> aprogas: i know, never had problems with that before[22:47:35] <nadia> would u like to see my congif file ? main.cf[22:47:35] <rz> aprogas: i had some minor problems if i don't list it in both places[22:47:52] <thumbs> !tell nadia welcome[22:47:52] <knoba> nadia: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[22:47:57] <Aprogas> rz: Are you also sure you need to use canonical maps?[22:48:06] <adaptr> rz: never do that. whatever "problems" you think you had were not caused by this[22:48:14] <Aprogas> rz: It's still a misconfiguration, the minor problems you had should have been solved in a different way.[22:48:45] <nadia> ok knoba[22:48:56] <Aprogas> Also also don't seem to be using any virtual mailbox maps.[22:49:02] <Aprogas> !tell nadia knoba[22:49:02] <knoba> nadia: "knoba" : an informational bot in this channel (see http://workaround.org/f=postfix)[22:49:28] <nadia> XD[22:49:30] <rz> aprogas: probably you're right, just didn't have the time to properly sort it out and preferred to leave things in a working state[22:50:12] <adaptr> rz: if you have domains in both mydestination and virtual*, it's not IN a working state[22:51:15] <rz> adaptr: not in a *proper* working state, i agree, but it did work for quite a while[22:51:20] <Aprogas> rz: You should still fix this address class issue, even though it probably isn't the cause for port 25 being closed. To find that cause: egrep '(fatal|error)' /var/log/mail.log[22:51:37] <rz> again, i'm not disputing it's right, just didnt have the time to fix it properly and didnt cause trouble before[22:53:36] <thumbs> rz: it will cause issues, yes. Don't do that.[22:53:37] <adaptr> how would yo KNOW ?[22:54:12] <rz> aprogas: bunch of rbl lookup errors from a RBL i should probably remove, a couple of Mailbox doesnt exist, not much else at first sight[22:54:40] <nadia> \topic postfix[22:54:51] <nadia> oops[22:56:29] *** ecrist has joined #postfix[22:56:43] <rz> i suspect it's a firewall problem from upstream, as telnet also works from another (non-local) ip connected to the same switch[22:57:43] <Aprogas> rz: So telnet works from localhost, from LAN, but not from remote?[22:57:52] <nadia> somebody know about this tutorial ? i followed it step by step.. but i still can't find out what is going http://theclimber.fritalk.com/post/2009/01/27/Tutorial-:-Setup-your-mail-server-%28courier-imap-postfix-postgresql%29[22:58:36] <nadia> is it possible to show some lines of my config here ?[22:58:37] <rz> aprogas: right. receiving mails from gmail/whatever or external shell account via mutt for instance also works[22:58:50] <thumbs> !tutorial[22:58:50] <knoba> thumbs: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[22:59:48] <rz> aprogas: and of course i can't connect to the smtp server with, say, thunderbird from a desktop machine[22:59:51] <nadia> thumb: i read about postfix and tried it myself but i'm blocked so why i followed that tuto[22:59:57] <Aprogas> rz: Sorry, with all these people asking question, I forgot what your question was. I thought you couldn't connect to port 25.[23:00:06] <rz> aprogas: right[23:00:11] <nadia> but it's resolved[23:00:21] <adaptr> rz: you shouldn't be connecting from a desktop on port 25 anyhow[23:00:31] <rz> aprogas: as in 'telnet mailserver 25' doesnt work[23:00:32] <Aprogas> rz: Try: telnet nvidium.soleus.nu 25[23:00:45] <adaptr> Aprogas: why would outgoing have the same problem as incoming for him ?[23:00:56] <Aprogas> I meant from his desktop.[23:01:07] <rz> aprogas: nope[23:01:09] <Aprogas> I can connect to frijolero.r2dev.ro just fine, apparently so can gmail.[23:01:13] <Aprogas> !tell rz port_25_block[23:01:13] <knoba> rz: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[23:01:41] <Zerberus> extremely funny if "tutorials" invent options "man 5 postconf" does not know, like "smtpd_sasl2_auth_enable"[23:02:01] <Aprogas> SASLv2 has stronger ciphers![23:02:19] <adaptr> even better when they reference valid transport options but don't define the transport.. or blackhole it[23:02:36] <Aprogas> nadia: Did you fix your issue too?[23:04:45] <nadia> Aprogas : no i meant NOT resolved. sorry[23:04:51] *** nb has quit IRC[23:05:02] <Aprogas> nadia: Did you read the address class readme?[23:05:17] <rz> aprogas: thanks, i'll try to connect to some other servers with telnet 25, hopefully i'll be able to isolate the problem[23:05:33] <nadia> yep[23:06:15] <Aprogas> rz: Why do you want to connect to your own mailserver on port 25 from your home connection? If you want to submit mail, either use your ISP's MSA, or open the submission port on your own mailserver.[23:06:19] <Aprogas> !tell rz submission[23:06:19] <knoba> rz: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[23:07:14] <Aprogas> nadia: Could you give me the link to pastebin of your postconf -n, logs and other relevant info? I closed the tab.[23:08:06] *** Gambaroni has quit IRC[23:08:28] <rz> aprogas: thanks, that's something new for me[23:09:08] *** lawnchair has quit IRC[23:10:03] *** lawnchair has joined #postfix[23:12:14] <cozwei> hi. how can i set up a trusted emailserver, which doesn't need authentification for sending email?[23:12:39] <thumbs> !mynetworks[23:12:39] <knoba> thumbs: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[23:12:48] <adaptr> cozwei: incredibly easily[23:13:04] <nadia> Aprogas i can put them here ?[23:13:19] <cozwei> sounds good - i'll ry :)[23:14:00] <nadia> well here is postconf -n[23:14:18] <nadia> alias_database = hash:/etc/aliases[23:14:18] <nadia> alias_maps = hash:/etc/aliases[23:14:18] <nadia> append_dot_mydomain = no[23:14:18] <nadia> biff = no[23:14:18] <nadia> config_directory = /etc/postfix[23:14:18] <nadia> home_mailbox = mail/[23:14:18] <nadia> inet_interfaces = all[23:14:19] <nadia> inet_protocols = ipv4[23:14:19] <nadia> mailbox_size_limit = 0[23:14:19] <Aprogas> NO![23:14:20] <nadia> mydestination = localhost, mydomain.com, localhost.mydomain.com[23:14:20] <nadia> myhostname = mydomain.com[23:14:21] <Aprogas> !paste[23:14:21] <knoba> Aprogas: "paste" : do not paste more than 3-4 lines in the channel. a pastebin is a way to share larger amounts of data with others, without flooding the channel with garbage. try http://pastebin.com or http://paste.debian.net (or use google and find your own). don't forget to tell us the url where you pasted the text[23:14:21] <adaptr> fuck me[23:14:21] <nadia> mynetworks = localhost[23:14:21] <nadia> myorigin = /etc/mailname[23:14:28] <Aprogas> !tell nadia topic[23:14:28] <knoba> nadia: "topic" : The Postfix MTA || Wiki: postfixwiki.org || On using IRC: workaround.org/moin/GettingHelpOnIrc || Bot info: workaround.org/f=postfix || post postconf -n and relevant logs to a pastebin when asking questions / check your logs / know your unix basics || http://code.google.com/p/mail-trends/ || Channel log: http://echelog.matzon.dk/?postfix || http://permalink.gmane.org/gmane.mail.postfix.announce/110[23:17:33] <nadia> http://pastebin.com/8Dmxyu3r[23:17:41] <nadia> and sorry again ^^[23:19:01] *** uqlev has joined #postfix[23:19:51] <Aprogas> nadia: To which virtual user are you sending when it gets rejected?[23:20:19] <thumbs> i.e., show relevant logs.[23:20:25] <Aprogas> Yes, that.[23:20:36] <thumbs> !relevant_logs[23:20:36] <knoba> thumbs: "relevant_logs" : Relevant logs are mail.* syslog entries which show the entire handling of a single mail which illustrates the problem you are seeing. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[23:20:42] <nadia> a user in the pgsql table[23:20:49] <nadia> i will show the log[23:24:09] *** joschi___ has joined #postfix[23:24:22] *** joschi has quit IRC[23:25:40] <Aprogas> On a pastebin I hope.[23:26:24] <Aprogas> Also we are not evil hackers, you don't have to hide your domain from us, your mailserver is going to get hit thousands of spambots, worms, and other malware anyway.[23:26:29] <nadia> sur :D[23:26:32] <nadia> http://pastebin.com/ZHptUe3M[23:26:46] *** Jippi_mac has quit IRC[23:27:01] <Aprogas> Show more logs please. This is a really small selection.[23:27:21] <nadia> well[23:27:27] <Aprogas> Also this is not the same error you mentioned earlier.[23:28:15] <nadia> it's just because my frien is a paranoic[23:28:23] <nadia> i'll let them in clear now[23:28:45] *** Vivek has quit IRC[23:28:45] *** Vivek has joined #postfix[23:28:51] <Aprogas> Some pastebins allow private pastes, they aren't listed in the index, only by special URL. Some also let you auto-expire the paste, so it gets deleted.[23:28:52] <nadia> http://pastebin.com/ey1XfB9t[23:29:58] <Aprogas> So which one is "mydomain.com" ?[23:30:17] <nadia> jobicall.com[23:30:27] <seekwill> My domain is foo.com. I would appreciate it if everyone would stop sending test messages to me. THank you.[23:30:51] *** cilly has quit IRC[23:34:11] <Aprogas> nadia: A domain cannot be both a local domain and a virtual mailbox domain. Address classes readme, as well as other documentation, tries to explain this.[23:34:14] *** LoRe has joined #postfix[23:36:46] *** henriknj has quit IRC[23:37:07] <nadia> but i have another virtual user in the table with a different domain[23:37:10] <nadia> greg at example dot lan[23:37:15] <LoRe> hi, is there a way to define a address like "foo bar" at example dot com in a virtual_alias_map ?[23:37:19] <nadia> and i when i send to him[23:37:23] <nadia> i get[23:37:30] <Aprogas> !tell nadia postmapq[23:37:30] <knoba> nadia: "postmapq" : You can check your lookups with the postmap command. Example: if you defined transport_maps = mysql:/etc/postfix/transport.cf you may check this mapping by running postmap -q example.com mysql:/etc/postfix/transport.cf and see if it works.[23:37:45] <Aprogas> Confirm with postmap -q that example.lan is really in the virtual mailbox table.[23:38:14] <Aprogas> LoRe: Have you tried just specifying it like that?[23:38:42] *** Nombrandue has quit IRC[23:39:18] *** cps0 has quit IRC[23:39:24] *** Nombrandue has joined #postfix[23:40:34] <nadia> i get no return when i run it so does it mean that evrything is ok ?[23:40:56] <Aprogas> How exactly did you run it? It is okay to paste a one-line command on here.[23:41:05] <nadia> postmap -q example.lan pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf[23:41:09] *** smica has quit IRC[23:42:42] <LoRe> Aprogas: yes, postmap -q '"foo bar" at example dot com"' hash:virtual returns with exit code 1[23:43:44] <Aprogas> LoRe: Looks like one double-quote too many, also postmap -q isn't always an accurate test.[23:44:14] <nadia> but maybe i have to mention that with greg at example dot lan the log shows a different error[23:44:25] <LoRe> yes, that was a mistake while typing that into irc :)[23:44:28] <Aprogas> nadia: Yes, Relay access dnied, right?[23:45:05] <nadia> here the log line[23:45:06] <nadia> http://pastebin.com/sBhxTuzA[23:45:11] <LoRe> in aliases i get it to work, but that one is colon separated, virtual is space separated, for whatever reason[23:45:34] <Aprogas> LoRe: "The table format does not understand quoting conventions."[23:46:05] <nadia> Aprogas[23:46:07] <nadia> yes[23:46:17] <nadia> Relay access denied[23:46:36] <Aprogas> nadia: I think example.lan isn't in your list of virtual mailbox domains.[23:46:54] <Aprogas> nadia: Or perhaps your list of virtual mailbox domains isn't working at all.[23:46:57] <Aprogas> !tell nadia virtual[23:46:57] <knoba> nadia: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[23:47:07] <Aprogas> You should make sure you did everything right.[23:48:36] *** brancaleone has quit IRC[23:48:42] <nadia> i've putted it in the domain column in the mapped table[23:48:58] <Aprogas> LoRe: That notation of emailaddress is very rare, are you sure you need it?[23:49:58] <LoRe> a wan't some strange address i can publish on the net, in the hope spam bots fail in detecting it :)[23:50:09] <Aprogas> ^_^ at example dot com[23:50:21] <Aprogas> /L.*e/ at example dot com[23:51:02] <LoRe> i'll try that, thanks[23:51:11] <Aprogas> The concept of "secret email-address to escape spam" doesn't work anymore in my opinion.[23:51:41] <LoRe> less spam is enough :)[23:51:46] <Aprogas> Reject non-RFC mail (e.g. non-FQDN helo,sender,rcpt), run some blacklists in a weighted scoring system like policyd-weight or postfwd[23:52:28] <Aprogas> and/or using greylisting; those are all much more effective methods.[23:52:35] <Aprogas> Trust me, I have a luser_relay :)[23:53:00] <LoRe> i'm doing that too already, it's just an experiment[23:53:41] <LoRe> nevertheless, it's a design bug, imho[23:53:45] <seekwill> spam bots fail in detecting it?[23:53:58] <nadia> Aprogas : my goal is to setup virtual users (mailboxes) not virtual domains ( idon't want to create a unix user for every account), so the question is it possible to map the virtual_mailbox_maps alone without 'virtual_mailbox_domains ' nor 'virtual_alias_maps' maybe this can resolve something ??[23:54:01] <seekwill> You're going to see more problems with poor javascript address verifiers[23:54:11] <Aprogas> seekwill: Surprising I get a lot of the same patterns.[23:54:21] <seekwill> Aprogas: huh?[23:54:33] <LoRe> i know the problems[23:54:50] <LoRe> most verifiers fail on foo+bar at example dot com[23:54:54] <seekwill> yeah[23:55:30] <Aprogas> kutowy at aprogas dot net kalyan_kutowy at aprogas dot net j.jongmansn at aprogas dot net[23:55:52] * seekwill spams Aprogas[23:56:01] <Aprogas> Oh, and lass at aprogas dot net; those are my most frequent hits right now.[23:56:25] <Aprogas> but I've been seeing that kutowy thing for a while, not sure where they got it from, but it's not random.[23:58:03] <nadia> i want to setup virtual users (mailboxes) not virtual domains ( i just don't want to create a unix user for every email account), so the question is it possible to set the 'virtual_mailbox_maps' alone without 'virtual_mailbox_domains ' nor 'virtual_alias_maps' ? someone has an idea ?[23:59:26] <Aprogas> nadia: There is an old compatibility setting that lets the same table be used for both roles, but I don't recommend using that anymore.[23:59:30] <Aprogas> !tell nadia virtual[23:59:30] <knoba> nadia: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[23:59:50] <Aprogas> I think you should read more documentation first, there is certain basic concepts you don't fully understand yet.