September 21, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 21, 2010 [00:00:13] <Breaking_Pitt> i see it in thunderbird[00:00:17] <adaptr> (note that in no circumstance does postfix know or care what a "sent folder" is)[00:00:28] <Breaking_Pitt> i can see anything rare in mail.log[00:00:32] <adaptr> Breaking_Pitt: SMTP != IMAP. very fundamental lesson[00:00:40] <Breaking_Pitt> yes![00:00:49] <Breaking_Pitt> that's the reason[00:02:09] <Aprogas> But can't my Postfix just send my mails to Thunderbird?[00:02:25] *** nezZario has quit IRC[00:03:17] *** Shdwdrgn has joined #postfix[00:04:20] <adaptr> Aprogas: I can tell yours to do that, yes. I stare at postfix until it submits[00:05:05] <Aprogas> I'll just install the LMTP addon for Thunderbird.[00:06:17] <Shdwdrgn> I was just reading on reddit about how gmail notifies used if there is out-of-country access to their mailbox. I don't suppose there's any projects like that for postfix?[00:06:39] <Aprogas> We were just talking about SMTP != IMAP.[00:06:42] <adaptr> what does "out-of-country access " MEAN ?[00:07:05] <adaptr> it tells you if you're reading your mail while on vacation ?[00:07:16] <Shdwdrgn> a customr who normally access their account from USA, the mailbox gets opened from China, google puts up a warning flag[00:07:16] <adaptr> I can tell me that ! I am doing that![00:07:28] <adaptr> Shdwdrgn: postfix does not have mailboxes[00:07:35] <adaptr> so no, that never happens[00:08:34] <adaptr> Shdwdrgn: do not make the mistake of thinking security issues that lie elsewhere should or even could be solved technically. they shouldn't, and usually can't be.[00:08:52] <adaptr> "stolen email accounts" have nothing to do with the functionality an MTA provides[00:09:01] <Shdwdrgn> its not a solution, it's just a nice warning feature[00:09:02] *** alpine_style has joined #postfix[00:09:22] <adaptr> Shdwdrgn: no, it's nothing of the sort. it's *nothing*. postfix and mailboxes and security do not intersect[00:09:37] <tharkun> !tell Shdwdrgn dovecot[00:09:37] <knoba> Shdwdrgn: "dovecot" : http://www.dovecot.org/ : IMAP/POP3 server software with emphasis on security; recent versions can also provide SASL AUTH for Postfix 2.3+.[00:09:40] <Shdwdrgn> yeah yeah, so reading the mailbox is actually on the pop3/imap side[00:09:48] <adaptr> did you think otherwise ?[00:10:38] <Shdwdrgn> well it would be involved if someone logs into the account and sends outgoing mail[00:10:56] <adaptr> that also doesn't happen. postfix does not have "accounts"[00:11:02] <Shdwdrgn> which would be the typical use of a stlen account - to send spam[00:11:37] <adaptr> you could write a policy daemon that observes stuff like that, sure. feel free![00:11:38] <Shdwdrgn> fine, you want me to have LDAP notify the users that someone looked up their info?[00:11:57] <adaptr> Shdwdrgn: I don't see how else yuo think you are going to . it is not functionality that postfix can offer[00:12:00] <Aprogas> Run a spamfilter on your submission port, freeze accounts that spam.[00:12:03] <Shdwdrgn> jesus it was just a simple question, I didn't expect the smart-ass nit-picking[00:12:13] <adaptr> excuse you ?[00:12:36] <adaptr> exact answers too much for you?[00:13:01] <seekwill> haha[00:13:21] <Shdwdrgn> I just wanted to find out if there were any projects that might do something like this. I didn't expect to get beat down on the semantic of my question[00:13:28] <Aprogas> It is common to share user credentials between your IMAP server and SMTP submission, if you run both, so if one account is leaked, it is logical to assume the other is leaked as well.[00:13:38] <Aprogas> adaptr is our beat-downer[00:13:40] <seekwill> Shdwdrgn: What was the question?[00:13:41] <adaptr> Shdwdrgn: if nothing else, the responses should provide a hint that it was not, in fact, a simple question.[00:13:44] *** kloeri has quit IRC[00:14:01] <Shdwdrgn> I know what parts do what, I just thought postfix might be a good starting point for some kinf of monitor[00:14:19] <adaptr> write a policy daemon, you can do anything you want in a policy daemon[00:14:23] <Aprogas> That depends on what you want to monitor; I think you are still thinking in the abstract phase.[00:14:33] <seekwill> ah[00:14:37] <Aprogas> adaptr: you can't check body[00:14:39] <seekwill> Shdwdrgn: That's not an MTA thing[00:14:52] <seekwill> Shdwdrgn: And it did seem like adaptr answered correctly, the first time[00:14:53] <adaptr> Aprogas: no need for that if all they want to do is verify the client location[00:15:03] *** p3rror has quit IRC[00:15:09] <adaptr> seekwill: go back under your rock, baby boy[00:15:25] <seekwill> okie[00:15:28] <tharkun> Shdwdrgn: you can modify any logger to do just that and send you a mail warning[00:15:38] <Shdwdrgn> yeah, probably not an MTA thing unless I also wanted to monitor outgoing messages for unusual activity. Like I said, it was just a starting point[00:15:44] <tharkun> s/logger/loganalyzer[00:16:24] <alpine_style> postfix can't deliver some local mail from fetchmail, probably some really simple bobo by yourstruly - syslog and main.cf here - http://pastebin.com/wwTh8wfN[00:16:48] <adaptr> if you consider it a real security issue (because of aprogas' correct concern earlier), then yuo should probably wrap all mail access inside your own custom ...something.[00:17:25] <adaptr> (connect to localhost[64.99.64.32][00:17:30] <seekwill> Shdwdrgn: You might be able to tie in Postfix to an external data structure (like LDAP) to control mail flow. That data structure would implement security policy like what you're looking for[00:17:35] <adaptr> alpine_style: you messed up your hosts file. unmess it.[00:17:47] <Breaking_Pitt> tharkun: is there any way to see that the submission is working correctly (apart of receiving the messages ;))[00:17:48] <Shdwdrgn> it's not something I've seen come up, but the idea seems useful for at least setting a flag that an account may need to be checked[00:17:54] <adaptr> alpine_style: localhost must ALWAYS, EVER, ONLY point to 127.0.0.1[00:18:04] <seekwill> Shdwdrgn: Again, that's not a Postfix thing...[00:18:20] <Shdwdrgn> for someone just reading the mailbox, yeah I agree[00:18:21] <seekwill> Shdwdrgn: Sure, stuff like that exists at enterprise level stuff[00:18:25] <adaptr> sounds like a log trawler thing[00:18:35] <tharkun> Breaking_Pitt: submission is precisely for that to submit messages to the mta so it can take the proper steps to deliver it[00:19:02] <Aprogas> Also try to apply the solution on the correct layer; if you allow your users to have dictionary passwords and they are clueless enough to do so, you will see a fair amount of hijacked accounts.[00:19:13] <Shdwdrgn> ok, well thanks for the suggestions. I'll go abstract somewhere else now.[00:19:20] <seekwill> kthxbai[00:19:22] <adaptr> if you have anything like gmail'[00:19:24] <tharkun> Breaking_Pitt: you can use telnet to check it is working properly[00:19:26] <adaptr> s volume, yes[00:19:37] <Breaking_Pitt> telnet localhost 587[00:19:44] *** Shdwdrgn has left #postfix[00:19:49] <seekwill> If you had Gmail's volume, you might not use Postfix :)[00:20:06] <adaptr> even if only 0.001% of accounts get hacked every month, that's THOUSANDS of hacked accounts per hour.[00:20:11] <alpine_style> new pastebin with /etc/hosts added at bottom, let me know what is out of whack exactly - http://pastebin.com/qHN7vQuL[00:20:15] <adaptr> seekwill: at least you wouldn't use just one postfix...[00:20:59] <adaptr> alpine_style: somebody is faking localhost and getting through your smtpd restrictions - if you have any[00:21:21] <adaptr> it's a good practice to immediately reject such HELOs from the outside[00:21:42] <adaptr> I reject any HELO that isn't FQDN or provably faked[00:21:56] <adaptr> you can go further than that by verifying the host actually exists[00:22:04] <alpine_style> so, change line '127.0.0.1 adminder.com adminder localhost localhost.localdomain' to just '127.0.0.1 localhost'?[00:22:12] <adaptr> no, that's fine.[00:22:28] <adaptr> however, mail from outside should never be allowed to present itself as coming from localhost, now should it ?[00:22:47] <Aprogas> alpine_style: Please show more complete logs, not just one line.[00:23:02] <Aprogas> Also postconf -n is better than main.cf[00:23:02] <alpine_style> ok, sec[00:23:07] <seekwill> http://www.email-marketing-reports.com/metrics/email-statistics.htm[00:23:07] <adaptr> grep 268082B004A /var/log/syslog[00:23:20] <seekwill> Wow, yahoo, 254M users, Gmail, 91M users[00:23:27] <adaptr> hotmail ?[00:23:28] <seekwill> MSN, #1, 256M users[00:23:31] <Aprogas> grep -B 3 268082B004A /var/log/syslog to catch the connect too[00:23:31] <adaptr> heh[00:23:37] <seekwill> Funny[00:23:46] <seekwill> That is the reverse rank in how much I like their services :)[00:23:51] <adaptr> Aprogas: not interested, if this is the deliver phase of a queued message, that will tell me enough[00:24:27] <Aprogas> I just want to verify this is coming from fetchmail or something wicked.[00:24:36] <Aprogas> Oh wait, fetchmail is something wicked, nvm.[00:25:11] <adaptr> let's take that as given, the shitfest when proven wrong will be that much more merrier![00:25:26] <adaptr> never deny a man the right to dig his own hole[00:25:40] * seekwill gives adaptr a root password[00:25:52] <adaptr> noooes! the power - what shall I do ?[00:25:59] <seekwill> Dig your own hole[00:26:01] <seekwill> bye[00:26:06] <Aprogas> adaptr: upload your ssh key[00:26:14] <adaptr> hate to disappoint you but I have dozens[00:26:20] <Aprogas> So you can still login when seekwill revokes the password.[00:26:23] <seekwill> Who uses ssh? it's all about telnet[00:26:25] <adaptr> it hasn't broken irretrievably yet[00:26:31] <alpine_style> new pastebin - http://pastebin.com/FrGJzBbK[00:26:52] <alpine_style> however, fetchmail was run from CLI so you won't be seeing it in any of my syslog files[00:26:56] <adaptr> alpine_style: you didn't do what i asked[00:27:32] <alpine_style> adaptr: sorry, hold on[00:28:19] <adaptr> the first occurence will be shortly before 17:37[00:28:28] <alpine_style> adaptr: added here - http://pastebin.com/xW6jabh3[00:29:08] <alpine_style> must be a grep on what, the postfix mailid, my best guess[00:29:11] <tharkun> alpine_style: fetchmail -v should give you a nice clue on where the transaction gets broken[00:29:14] <adaptr> you have some seriously misconfigured shit going on there.[00:29:28] <adaptr> what does dig localhost say on that box ?[00:29:59] <alpine_style> bummer, I don't think dig is on it, let me try to install[00:30:04] <alpine_style> is that a bind tool?[00:30:43] <adaptr> first of all - does postfix run chrooted ? what does /var/spool/postfix/etc/hosts say ?[00:31:54] <alpine_style> same thing that /etc/hosts says which I pastebinned earlier[00:32:11] <tharkun> alpine_style: running debian ?[00:32:35] <alpine_style> yes[00:32:38] <adaptr> then I'd really be interested in how your box resolved "localhost"[00:32:52] <adaptr> because according to postfix, it has a public IP[00:34:10] <tharkun> adaptr: poisoned dns cache ??[00:34:19] <adaptr> could be...[00:34:20] <alpine_style> well, the box is on the internet with a public ip - 72.172.84.148[00:34:36] <adaptr> however, that's not the "localhost" it tries to send to[00:35:08] <adaptr> alpine_style: add "debug_peer_list = localhost" to main.cf and reload. then send one of those messages.[00:35:53] <adaptr> perhaps also pastebin the result of postcat 268082B004A[00:37:30] <alpine_style> postcat: fatal: open 268082B004A: No such file or directory[00:37:57] <adaptr> yeah, you'd want one that's still on the mailq[00:38:06] <adaptr> not sure if it takes a queue id or a filename[00:38:12] <adaptr> man postcat ;)[00:38:16] <jeremymcs> y is localhost = 64.99.64.32 ?[00:38:25] <adaptr> jeremymcs: that's what we're finding out[00:38:38] <jeremymcs> cat /etc/hosts[00:38:51] <adaptr> jeremymcs: read the backlog some.[00:38:57] <jeremymcs> im lazy[00:38:58] <jeremymcs> lol[00:39:05] <adaptr> then stop making noise[00:39:09] *** Gambaroni has quit IRC[00:40:15] <jeremymcs> what does he get when he pings localhost ?[00:40:38] <alpine_style> dig results - http://pastebin.com/dJcKY2Ws[00:41:06] <adaptr> alpine_style: try what I suggested, recreate this with a debug log[00:41:20] <jeremymcs> alpine_style, what order are your hosts set for in host.conf ?[00:41:23] <alpine_style> adaptr: working on it[00:41:36] <jeremymcs> order hosts, bind[00:42:11] <thumbs> adaptr: I am about to kill everyone around me.[00:42:19] <alpine_style> order hosts,bind[00:42:19] <alpine_style> multi on[00:42:41] <adaptr> thumbs: on IRC, or at work ?[00:42:44] <jeremymcs> mutli is usally off .. but ok[00:42:46] * tharkun hands thumbs his motherinlaw address[00:42:57] <thumbs> adaptr: both.[00:44:22] <alpine_style> just pulled again via fetchmail on the retest - fetchmail -v output here: http://pastebin.com/0LVsiTNB[00:45:01] <jeremymcs> looks good[00:45:30] <adaptr> alpine_style: show the *postfix* log[00:45:42] <adaptr> I don't care about *not-postfix[00:46:05] <Aprogas> alpine_style: Did you postcat -q ?[00:46:27] <alpine_style> np, does postfix just log to /var/log/mail.log*[00:46:31] <alpine_style> what does postcat -q do?[00:46:35] <alpine_style> and no, I didn't[00:46:35] <Aprogas> !tell alpine_style logs[00:46:36] <knoba> alpine_style: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[00:46:36] <thumbs> !logs[00:46:37] <knoba> thumbs: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[00:47:09] <Aprogas> alpine_style: man postcat explains -q better than I could[00:48:07] <tharkun> alpine_style: /var/log/[mail.log|mail.info][00:50:11] <alpine_style> ok, try here at end for mail.log - http://pastebin.com/JpQx3G9f[00:50:37] <jeremymcs> youll need to reload or restart postfix to verify it re-caches dns[00:51:03] <adaptr> alpine_style: did you edit main.cf the way I told you to ? what nameserver are you using - is it a local cache ? restart that local cache![00:51:22] <adaptr> jeremymcs: let's assume for a moment he needs to restart any local nameserver, instead[00:51:31] <jeremymcs> that too[00:51:39] <alpine_style> adaptr: i did edit main.cf and added the debug line and then restarted postfix - did I miss a step?[00:51:42] <jeremymcs> cause a normal 'dig' doesnt return response on localhost[00:51:59] <adaptr> alpine_style: no, but it obviously isn't equating the actual localhost with your "localhost"[00:52:02] <jeremymcs> dig uses dns, not hosts[00:52:17] <adaptr> alpine_style: try adding that IP to the debug list[00:52:51] *** OPSS has joined #postfix[00:53:14] <adaptr> alpine_style: it's definitely your local cache that's misconfigured. 64.99.64.32 has no PTR[00:53:31] <OPSS> Hi guys , i have this prob when i try to send an mail with postfix :[00:53:32] <OPSS> Sep 20 13:40:00 ritset postfix alias_maps = hash:/etc/aliases/qmgr[12696]: fatal: parameter maximal_queue_lifetime: bad time value o[00:53:32] <OPSS> r unit: 1d bounce_queue_lifetime = 1d[00:53:37] <tharkun> adaptr: restarting postfix with /etc/init.d/postfix restart should syncronize the chroot with the workin environment[00:53:42] <OPSS> some one has an idea?[00:53:46] *** rajijoom has quit IRC[00:53:59] <adaptr> OPSS: you've messed up your configuration in spectacular fashion[00:54:20] <adaptr> and o!=0[00:54:36] <adaptr> (which is also a very bad value to set it to)[00:54:40] <alpine_style> a couple of caveats before we proced, the email address I am pulling mail from the pop3 server is customerservice at admineremail dot com and I am trying to "grab" it with fetchmail and then drop it to a machine with a dns A of adminder.com to the customerservice user[00:54:50] <Aprogas> adaptr: that was a wrapping issue[00:55:07] <adaptr> Aprogas: then he shouldn't do that. GIGO[00:55:22] *** necrodearia has joined #postfix[00:55:30] <necrodearia> I am following http://www.gentoo.org/doc/en/virt-mail-howto.xml for setting up Postfix. After code listing 2.4, Verify postfix is delivering mail. I am not familiar with mutt or other text-based mail clients. How else can I verify mail is working?[00:55:37] <OPSS> adaptr i am giving 1d to bounce_queue_lifetime , why i have error bad value :s[00:55:39] <adaptr> alpine_style: postfix requests the PTR record for any connecting client. if 64.99.64.32 returned "localhost" then something is misconfigured or giving false responses.[00:55:50] <necrodearia> I did send a mail using mutt, however, I am uncertain how to check if it is received or even how to configure mail server in mutt. In /etc/postfix/main.cf I left home_mailbox var commented and therefore it should default to /var/spool/mail/user or /var/mail/user[00:55:59] <Aprogas> OPSS: put your postconf -n on a pastebin, also check postconf mail_version[00:56:07] <adaptr> !tell necrodearia tutorial[00:56:07] <knoba> necrodearia: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[00:56:16] <OPSS> ok[00:56:52] <Aprogas> My psychic powers tell me you indented a line that you shouldn't, causing it to resume the previous line.[00:57:12] <Aprogas> "1d bounce_queue_lifetime = 1d" is indeed not a valid time-unit.[00:57:15] * adaptr hides around the corner from Aprogas 's psychicness[00:57:45] <Aprogas> At first I didn't see this because your wrapping was already weird, so I just assumed it was a bad paste.[00:57:45] <tharkun> thumbs: did you give this guys any blue pills ?[00:58:20] <alpine_style> adaptr: why does postfix it think 64.99.64.32 is the localhost?[00:58:53] <adaptr> alpine_style: it doesn't. re-read what I said.[00:59:02] <thumbs> tharkun: no bloody idea.[00:59:27] <OPSS> Aprogas : my postconf -n here : http://pastebin.com/wRFEPvED[00:59:34] *** henriknj has joined #postfix[01:00:17] <Aprogas> I guess postconf -n doesn't include settings it cannot parse.[01:00:31] <Aprogas> OPSS: Check the whitespacing in your main.cf, especially at the start of a line.[01:00:47] <alpine_style> bizarre, there is no reverse lookup for 64.99.64.32, iptools.com gives nada[01:01:10] <jeremymcs> alpine_style, can you paste your postconf -n ?[01:01:11] <adaptr> Aprogas: why should it / HOW could it ? postconf outputs the static configuration block in memory. invalid config was never parsed into memory. don't for a second think postconf parses anything.[01:01:41] <Aprogas> adaptr: I was just observing the fact.[01:01:43] <adaptr> jeremymcs: he has, many times. how about you stop generating noise and pay attention ?[01:02:01] <jeremymcs> adaptr, i dont see his postconf -n .. only fetchmail[01:02:07] <adaptr> way before that[01:02:11] <Aprogas> alpine_style: plenty IP-addresses lack reverse DNS[01:02:27] <alpine_style> jeremymcs: sec and I'll repost[01:02:34] <adaptr> http://pastebin.com/xW6jabh3[01:02:37] <adaptr> halfway down[01:02:47] <Aprogas> OPSS: Are you sure you need to override your smtp_*_timeout's ?[01:02:55] <adaptr> Aprogas: according to counts, I think it's in the region of 80%[01:03:04] <alpine_style> postconf -n : http://pastebin.com/tej4sw0F[01:03:10] <Aprogas> OPSS: Are you sure you need a smtpd_recipient_limit = 10000 ?[01:03:29] <adaptr> yes! give me the humorous email spam![01:03:29] <Aprogas> OPSS: Are you sure your syslog_name = postfix alias_maps = hash:/etc/aliases ?[01:03:35] <adaptr> and send to to EVERYBODY[01:03:53] <Aprogas> That explains how alias_maps got involved in that weird log entry.[01:03:59] *** dragonheart has quit IRC[01:04:01] <Aprogas> This is a really funny config.[01:04:21] *** nezZario has joined #postfix[01:04:35] <OPSS> YES i am sure MAN[01:04:40] <jeremymcs> alpine_style, whats your /var/spool/postfix/etc/resolv.conf look like ?[01:04:54] <OPSS> No white spacing in postconf -n[01:04:55] <OPSS> !![01:04:55] <knoba> OPSS: Error: "!" is not a valid command.[01:05:10] <alpine_style> nameserver 72.172.84.139[01:05:10] <alpine_style> nameserver 72.172.84.140[01:05:26] <alpine_style> same in /etc/resolv.conf[01:05:27] <Aprogas> OPSS: Check main.cf, leading whitespace means continuation of previous line.[01:05:51] <adaptr> alpine_style: neither of those return a value for the PTR of 64.etc[01:06:05] <adaptr> postfix is getting them from SOMEWHERE though[01:06:40] *** nezZzZ has joined #postfix[01:07:11] <OPSS> knoba i have not '!' in my file :s[01:07:13] <jeremymcs> alpine_style, can you do a postfix reload, postsuper -r ALL; postqueue -f; tail -n 20 /var/log/mail.log ?[01:07:26] <jeremymcs> to pastebin[01:07:58] <tharkun> alpine_style: /etc/init.d/postfix restart should rebuild the chroot.[01:08:29] <alpine_style> jeremymcs: http://pastebin.com/qABwXHfa[01:08:45] <OPSS> wich line?[01:08:57] *** nezZario has quit IRC[01:09:04] <Aprogas> Wildcard A?[01:09:13] <Aprogas> http://www.pagesinventory.com/ip/64.99.64.32.html[01:09:13] <alpine_style> tharkun: ran that earlier and now just again[01:09:19] <Aprogas> Domains on this IP - count 3518[01:09:38] <adaptr> and not a single PTR[01:09:44] <Aprogas> Some domain squatter probably.[01:09:51] * adaptr air guitars Maiden[01:09:53] <Aprogas> Disregard wildcard A, that made no sense.[01:10:04] <Aprogas> Maybe if they were all .cx or .to or something[01:10:04] <adaptr> yes, but it was cute[01:10:23] <Aprogas> For a while my brain forgot that VeriSign stunt lasted only 3 days.[01:10:42] <jeremymcs> alpine_style, garvinweb.com doesnt exist[01:11:12] <jeremymcs> alpine_style, give me some more of that log .. tail -n 50[01:11:18] <adaptr> but the domain seems fixed now, it was a total name resolution fart[01:11:39] <jeremymcs> alpine_style, might i recommend using opendns as a resolver[01:11:39] <adaptr> Aprogas: a bit more than that, actually.. more like 3-6 months[01:11:40] <jeremymcs> opendns.com[01:11:55] <adaptr> jeremymcs: for gods sake don't recommend opendns - they do hijack domains[01:12:11] <OPSS> Aprogas if i want change postconf -n wich commande i will use?[01:12:12] <jeremymcs> hijack domains ?[01:12:13] <lunaphyte> christ. please do no encourage people to use that garbage.[01:12:14] <adaptr> use google if you must , but he should really set up a local cache, it's simple[01:12:45] *** Zerberus has quit IRC[01:13:00] <adaptr> unless port 53 is blocked somehow, there's really no excuse to not run a local resolver cache when you run a mailserver[01:13:18] <alpine_style> jeremymcs: with 50: http://pastebin.com/YB23YJzU[01:13:25] <Aprogas> alpine_style: what search order is in your resolv.conf ?[01:13:26] <lunaphyte> if port 53 is blocked, you're not going to be doing either.[01:13:29] <jeremymcs> adaptr, you can disable that redirect option btw[01:13:51] <lunaphyte> not good enough.[01:13:59] *** Zerberus has joined #postfix[01:14:07] <adaptr> lunaphyte: your ISP may well force you to use theirs...[01:14:09] <jeremymcs> alpine_style, looks pretty spammy to me[01:14:12] <Aprogas> localhost.com. 300 IN A 64.99.64.32[01:14:17] <alpine_style> this machine is not really a mail server, a webhost and sort of a dumb go between to push/pull very light amount of email[01:14:22] <Aprogas> myhostname = adminder.com ; mydomain defaults to com[01:14:24] <lunaphyte> that's like saying it's ok if i lie, as long as i stop if you want me to.[01:14:27] *** ahven has quit IRC[01:14:28] <adaptr> ah, nullclient time[01:14:32] <jeremymcs> Aprogas, yeah, i asked about his search order[01:14:42] *** ahven has joined #postfix[01:14:47] <Aprogas> append_dot_mydomain = no though[01:14:56] <adaptr> lunaphyte: I lie to you as long as you think I'm pretty, you know that[01:14:59] <Aprogas> I guess "com" is also in his search order.[01:15:33] <Aprogas> alpine_style: set a correct domain/search in resolv.conf, set mydomain correctly in postfix[01:15:44] <jeremymcs> alpine_style, helo=<NAYLLDX> <-- reject_invalid_hostname[01:15:57] *** Meskalyn has quit IRC[01:16:07] *** Meskalyn has joined #postfix[01:16:07] <jeremymcs> alpine_style, looks like its all working, just not allowed to relay[01:16:15] <Aprogas> Doe reject_invalid_helo_hostname include all of reject_non_fqdn_helo_hostname ?[01:16:16] <lunaphyte> adaptr: as long as you keep that dirty richard james facial hair.[01:16:33] <jeremymcs> Aprogas, not sure[01:17:16] *** tharkun has quit IRC[01:17:57] <adaptr> night all[01:18:05] <alpine_style> Aprogas: so you say change the resolver?[01:18:13] <alpine_style> adaptr: thanks, take care![01:18:43] *** MasterO has joined #postfix[01:19:25] <Aprogas> oops, 1:30, night for me too[01:24:29] *** johest|w has quit IRC[01:24:48] *** johest|w has joined #postfix[01:25:10] *** InsolentDreams_ has joined #postfix[01:25:18] *** InsolentDreams_ has quit IRC[01:28:14] *** InsolentDreams has quit IRC[01:33:48] *** Motoko-chan has quit IRC[01:34:06] *** leroux has joined #postfix[01:35:57] *** leroux has quit IRC[01:36:59] *** nezZzZ has quit IRC[01:38:37] *** henriknj has quit IRC[01:41:06] *** Zerberus has quit IRC[01:41:30] *** Zerberus has joined #postfix[01:45:51] *** MasterO has quit IRC[01:47:19] *** nezZario has joined #postfix[01:47:25] *** MasterO has joined #postfix[01:57:21] *** nezZario has quit IRC[02:12:36] *** Breaking_Pitt has quit IRC[02:13:55] *** bendechrau has joined #postfix[02:21:15] <bendechrau> Hey folks! Anyone recently started experiencing issues with connections from MS Exchange servers? Two Australian institutions are causing "timeout after DATA" entries in my log files but no other mail issues are apparent. Not quite sure where to look next.[02:23:58] <Trengo> their fault?[02:24:13] <thumbs> bendechrau: contact the admin of that server.[02:24:13] <Trengo> unless you have a very short timeout[02:24:41] <bendechrau> Not sure - hard to get in touch with someone who can help there (ANZ and Centrelink), and of course they can't reply to my emails![02:25:32] <thumbs> bendechrau: use gmail to email them.[02:25:47] <bendechrau> eep - I have to set up a new email account ;)[02:25:50] <jeremymcs> then wait for someone to start complaining inside their companies[02:26:03] <bendechrau> Thanks - just wondered if this was a known issue - recent MS Exchnage update or something[02:26:17] <jeremymcs> bendechrau, i maintain close to 200 exchange servers .. and haven't had this issue[02:26:31] <jeremymcs> so im going to go under the assumption they've modified their route/firewall rules[02:26:48] <jeremymcs> 2003,2007, and 2010 .. so[02:27:55] <bendechrau> Thanks J - strange that both ANZ and Centrelink have the same issue, and they can email each other. Let the social engineering begin to get to a syseng...[02:32:17] *** OPSS has quit IRC[02:33:36] *** aptituz has quit IRC[02:40:27] *** aptituz has joined #postfix[02:48:33] *** aptituz has quit IRC[02:53:02] *** bluethundr__ has quit IRC[02:55:27] *** aptituz has joined #postfix[02:56:27] *** MAAAAD has quit IRC[02:57:01] *** MAAAAD has joined #postfix[03:12:10] <x_or> I'm not able to send email from my linux server, and wondering how I troubleshoot where this is an issue. I'm assuming it is a postfix issue, but am not sure how to verify.[03:12:58] <x_or> Let me amend that, I can send from one domain, but when I indicate a different domain in the from field, it disappears.[03:14:12] <lunaphyte> don't tell us, show us.[03:14:32] *** nezZario has joined #postfix[03:15:04] <x_or> lunaphyte: Is that for me? If so, what do you need me to show you? I am using alpine on the system, and sending from that works if my from address is one domain on the server (vivoh.com) whereas using "from: info at subsms dot com" does not.[03:15:08] <x_or> Is that sufficient?[03:15:50] <lunaphyte> hat's indicating it's not working?[03:15:54] <lunaphyte> *what's[03:16:04] <x_or> I am not receiving the mail at my gmail account.[03:16:17] <x_or> It is not in the spam folder, so I am assuming it is not working.[03:16:27] <lunaphyte> oh. not a great assumption.[03:17:09] <lunaphyte> anyway, go ahead and read the channel /topic and provide the info as detailed there. then we can help further.[03:18:24] <x_or> Yes, I will do that, bad protocol. Apologies, and thanks for the reminder.[03:19:10] <x_or> postconf -n: http://gist.github.com/588997[03:20:35] <x_or> wiki seems to be an unregistered domain.[03:21:19] *** dddh has quit IRC[03:27:58] <x_or> lunaphyte: Any suggestions? Did I completely tick you off?[03:28:24] *** will_ has joined #postfix[03:29:33] *** nezZario has quit IRC[03:33:30] *** nezZario has joined #postfix[03:34:22] *** wdp_ has joined #postfix[03:38:24] *** wdp__ has quit IRC[03:42:25] <jeremymcs> we need some logs x_or[03:43:55] <x_or> jeremymcs: Which logs shall I post? I don't see anything in /var/log/ for postfix, is there another place to look?[03:44:07] *** xpoint has joined #postfix[03:44:10] <jeremymcs> mail.log ?[03:44:18] *** meeso has quit IRC[03:46:10] <x_or> Ok, tailing that helped, I see that it says "(User unknown in virtual alias table)" but I absolutely have that in /etc/postfix/virtual, and I just ran postmap /etc/postfix/virtual and then /etc/init.d/postfix restart. Should this not do it?[03:46:25] <x_or> "Sep 20 18:52:31 vivoh postfix/error[20331]: A85542D016A: to=<subsms at vivoh dot com>, orig_to=<r at subsms dot com>, relay=none, delay=20, delays=20/0.01/0/0.08, dsn=5.0.0, status=bounced (User unknown in virtual alias table)"[03:46:38] <x_or> I suppose I should not decode the message on my own, more bad assumptions.[03:47:56] <jeremymcs> pastebin[03:48:34] <x_or> http://pastebin.com/YgTxinPx[03:49:04] <jeremymcs> 5038881488 <-- nice #[03:49:04] <jeremymcs> ha[03:49:40] <x_or> Yeah, I like my number. :) As a programmer, all "2 to the power of something."[03:52:26] *** nezZzZ has joined #postfix[03:53:20] <jeremymcs> x_or, postmap -q subsms at vivoh dot com hash:/etc/postfix/virtual[03:53:59] <x_or> What does that do?[03:54:23] <x_or> Search for the key, I see.[03:54:30] <x_or> Nothing is returned.[03:54:32] *** nezZario has quit IRC[03:54:37] <jeremymcs> which means it cant be found ;)[03:54:51] <x_or> So, I need to add subsms at vivoh dot com. It no longer works to use just the raw user account.[03:55:06] <jeremymcs> root: user at domain dot com[03:55:07] <jeremymcs> yes[03:55:08] <x_or> Is it typical that you need to add the full domain?[03:55:10] <x_or> OK.[03:57:30] <x_or> Hmm, I added it to the file, and ran postmap /etc/postfix/virtual, but then running the command again produces no result. I must not be processing the file correctly after I do my edit.[03:58:21] <jeremymcs> postmap -n /etc/postfix/virtual[03:59:15] <jeremymcs> what does the file look like ?[03:59:51] <x_or> The file /etc/postfix/virtual has only the line " at subsms dot com subsms at vivoh dot com"[04:00:36] <jeremymcs> *@subsms > subsms at vivoh dot com ?[04:00:42] <x_or> I am obviously not doing things correctly.[04:01:06] <x_or> Yikes, has the posfix format changed? I think I must have been using a very old format.[04:01:13] <jeremymcs> what are you trying to do ?[04:01:38] <x_or> I want to send all incoming mail from @subsms.com to the user account subsms at vivoh dot com which is on that server.[04:02:04] <jeremymcs> hmm[04:04:31] <jeremymcs> so you want to catch all from subsms.com to an addy[04:04:36] <x_or> Yes.[04:06:09] <x_or> Doh, OK, finally got it working. Needed to use subsms@vivoh rather than subsms at vivoh dot com.[04:06:38] <x_or> mydestination has vivoh, not vivoh.com (as the postfix man page suggests) so I think that was the culprit.[04:07:00] <x_or> postmap -q does not seem to work for anything, however.[04:07:37] <x_or> I cannot retrieve anything for just about any combination of subsms, subsms@vivoh, or subsms at vivoh dot com. Was this supposed to work? Or, did I not communicate what I wanted to do clearly?[04:09:29] <jeremymcs> still not sure what your trying to do[04:10:20] <x_or> I was just trying to catch all emails @subsms.com into a single user account.[04:10:28] <x_or> I love spam, cannot get enough of it.[04:11:35] <jeremymcs> apparently[04:12:00] <x_or> I am actually filtering all incoming mail by a secret address, and if the from and to address don't match my database then I drop the mail.[04:13:21] *** JonnyV has quit IRC[04:15:08] <jeremymcs> umm, ok[04:15:19] <x_or> Thank you for your help with troubleshooting.[04:15:39] <will_> x_or: Sign up for some porn sites[04:16:00] <will_> Seriously. That will get you on a lot of sites. Buy one of those prepaid visa cards to keep your CC# safe[04:16:14] <will_> Not sure if you have to buy the service though[04:16:35] <jeremymcs> lol[04:17:08] <x_or> will_: Thanks, I am unable to find porn on the Internet, so I am happy to have this information. I have searched far and wide, and google gives me no results. :)[04:17:31] <will_> Hmm?[04:17:36] <will_> you want spam?[04:18:14] <x_or> I actually don't want spam, but I talked to someone recently in this channel and they suggested I am going to be getting a bunch.[04:18:23] <will_> oh heh[04:18:36] <x_or> I have gotten some strange responses when I tell people what I am trying to do.[04:18:43] <will_> Sorry, I didn't real the whole thread. I thought you were starting a honeypot or something[04:18:51] <will_> What are you trying to do?[04:18:52] <x_or> Nope, but it will probably look like it.[04:19:08] *** MasterO has quit IRC[04:19:25] <x_or> I want to accept all email addresses, and then process the ones that come in only if they have a from address that matches my database. Probably very similar to what google docs does to accept docs via email.[04:19:52] <x_or> If you have a private email address which is somewhat obscure and require a from address that is specific to that address, it would probably work.[04:20:26] <will_> A from address that matches your database? So if I sent you email, you'll drop me?[04:20:44] <will_> What about a mailing list you sign up for, that uses a VERP?[04:20:56] <will_> What if the From address is spoofed?[04:22:26] <x_or> I am not accepting email for myself here, these addresses are randomly generated and linked to a user account. They create them and then link that account to a real email address. If the from address is spoofed AND they get it to match the address I have in the database matching the secret email address, then they could affect the data. But, it is append-only, and I will have some limits there too.[04:22:46] <will_> huh?[04:22:46] <x_or> What is VERP?[04:23:06] <will_> Your idea only works if your user initiates the email.[04:23:19] <x_or> Yes, and they will be doing that.[04:23:21] <will_> What if it's reverse? Example, how could I send you an email ?[04:23:24] <will_> lol[04:23:40] <will_> How would you know the email address?[04:24:22] <will_> Example, you want to sign up for a website, and they're going to email you a confirmation email. How would you know where that is coming from?[04:24:25] <x_or> You'll send an email to register, and then I will respond indicating the secret address. As long as you don't publicize it on a mailing list or website it should be somewhat secure.[04:24:35] <will_> haha[04:24:37] <x_or> Oh, I am not using this for personal email at all.[04:24:44] <will_> What are you using this for?[04:24:54] <x_or> A service where people submit information via an email address.[04:24:59] <will_> I only assumed, because I've heard of crazy stories like this before[04:25:08] <x_or> OK.[04:25:14] <x_or> I'll admit to being crazy.[04:25:26] <will_> Ok, if there's a special niche you're going for... up to you man :)[04:25:41] <lunaphyte> why do people need to submit information, and why via email?[04:25:47] <will_> But I think you're using the wrong technology[04:26:06] *** kenyon has quit IRC[04:26:11] <will_> Email wasn't designed for what you're trying to use it for[04:26:15] <x_or> I know.[04:26:31] <will_> it would be simpler to use a web interface[04:26:43] <will_> A lot easier[04:26:45] <x_or> But, these people are using cell phones, and I can use the SMS gateways to email. Many people don't have web browsers yet on their cell phones.[04:26:52] <x_or> I agree with you, but this is the situation I am faced with.[04:27:05] <will_> hmm[04:27:05] <x_or> I enjoy the challenge.[04:27:27] <will_> That is a little different...[04:28:07] <will_> Ok, let's back up... What is the problem?[04:28:16] <will_> I know where you're coming from now[04:28:33] <will_> Because I've worked on a similar project :)[04:29:04] <lunaphyte> why can a single address not be used for this?[04:29:05] <x_or> phone cal...[04:29:22] <will_> What is "phone cal"?[04:30:46] <x_or> on a phone call[04:31:02] <will_> You should be using SMS[04:33:20] <x_or> I'd love to use SMS, but it is not free, and not sure if SMS can do attachments with something like Twilio, which is a requirement for this project.[04:34:08] <will_> Yeah, I don't think you can attach much with 160bytes[04:34:42] *** tuxcrafter has quit IRC[04:34:45] <x_or> There is MMS, but support is variable.[04:35:00] <lunaphyte> mms could arguably do attachments, depending on what exactly it is you're talking about, and i certainly wouldn't categorize email from a cell phone as being "free".[04:35:15] <lunaphyte> nonetheless, why is a single address not sufficient?[04:35:27] <x_or> Well, it is "free" to the receiver. :)[04:35:44] <lunaphyte> ok, i'll concede that.[04:36:08] *** kenyon has joined #postfix[04:36:38] <x_or> I just want to make sure that it is almost impossible for a spammer to "hack" the account. If I have this double match requirement, seems harder.[04:36:46] <x_or> I might be overthinking it, however.[04:37:16] <lunaphyte> but - you are not matching that at all within the mail server, so there is no point.[04:37:34] <will_> Can you tell us a little bit about what you're doing?[04:37:36] <x_or> I'm matching it in my web application, or might move it to a command line check before it hits my web app.[04:38:09] <x_or> I basically use .forward to dump the email to a file, then import into my web server (processing the email and attachments).[04:38:28] <will_> uhhhhhhhhhhhh[04:38:33] <lunaphyte> !tell x_or pipe[04:38:33] <knoba> x_or: "pipe" : the pipe(8) daemon processes requests from the postfix queue manager to deliver messages to external commands. this program expects to be run from the master(8) process manager[04:38:48] <will_> At least this guy is trying :D[04:39:05] <x_or> knoba: Yeah, I could do this, but harder to troubleshoot a pipe than a file.[04:39:19] <will_> In any case...[04:39:32] <will_> What are you doing?[04:40:07] <x_or> Umm, it is secret for right now. :)[04:40:38] <lunaphyte> what is this double match requirement?[04:40:50] <will_> To be honest, you should hire an email consultant and have them sign an NDA[04:40:51] <lunaphyte> the address being delivered to, and what?[04:41:20] <will_> You have great effort... but I think you don't have enough experience to deal with some of this... :)[04:41:46] <lunaphyte> each "user" of this system will be given a secret address that they will use indefinitely? the destination address is not ephemeral?[04:41:50] <x_or> When a user registers (using r at subsms dot com) they get a response from a random email like 13223423423 at subsms dot com. If they send email back to that address AND it comes from the email address of their SMS gateway (5037771477 at tmomail dot net) then I accept and put the data into the system.[04:41:55] *** tuxcrafter has joined #postfix[04:42:13] <x_or> In my web app I store the random email and the SMS gateway email.[04:42:17] *** dddh has joined #postfix[04:42:36] <lunaphyte> so you are effectively employing the destination address as a password?[04:42:44] <x_or> The email is only processed if they both match. If you send email to 13223423423 at subsms dot com and the from header is different, I drop it.[04:42:52] <will_> ok[04:43:15] <x_or> If you spoof the from address 5037771477 at tmomail dot net and it is not to 13223423423 at subsms dot com then I drop it too.[04:43:16] <will_> BTW, there are commercial products out there that can help you do that quite easily[04:43:32] <x_or> What are they? I'm interested.[04:43:40] <lunaphyte> so the user's from address is the "username" and the to address is the "password"?[04:43:42] <will_> It costs money, but it'll do what you say[04:43:51] *** Gambaroni has joined #postfix[04:43:59] <will_> In any case, ok, once you put that email address in the system, is email used anymore[04:43:59] <will_> ?[04:44:04] <x_or> lunaphyte: I don't really think of them in that way, but if that helps to understand, sure.[04:44:29] <lunaphyte> what i'm asking (as i did already above) is if these values are ephemeral...[04:44:37] <x_or> Yes, that random address is used each time the user wants to add to the data in the system.[04:44:40] <lunaphyte> rather, the to address.[04:44:57] <will_> You don't need to use a catchall[04:45:09] <x_or> OK, how should I do it?[04:45:11] <lunaphyte> so they'll always use the same to address for their life as a user, correct?[04:45:15] <will_> You would just put the recipient in a recepient database[04:45:27] <will_> Sorry, maybe lunaphyte is going that route :D[04:45:31] <lunaphyte> yes, indeed, if this data is stored, just have postfix look it up.[04:45:35] <x_or> Meaning, postfix would use postgres or mysql?[04:45:41] <lunaphyte> sure.[04:45:46] <lunaphyte> or whatever you prefer.[04:46:03] <lunaphyte> flat files, hashed ata, ldap lookups, tcp dict maps, whatever works.[04:46:08] <lunaphyte> *hashed data[04:46:11] <x_or> That would help, great. That would cut down on a bunch of processing on my side, I'd still want to process the from address, but...[04:46:25] <lunaphyte> you would still do all of the same processing.[04:46:27] <x_or> I'd prefer to use postgres or mysql since my app will already be storing and manipulating that data.[04:46:32] <lunaphyte> do not rely on the first gate.[04:46:37] <x_or> Yep, good idea.[04:46:50] <lunaphyte> security exists because of layers, not a silver bullet ;)[04:47:24] <lunaphyte> also, you'll want to rely *solely* on the envelope, never the headers.[04:47:51] <x_or> Good advice, I was not aware of the difference between the envelope and headers, will need to do some reading.[04:48:09] <x_or> Do you have a link? Does postfix provide this information for me when receiving email?[04:49:34] <will_> Can I sign up for your service? :)[04:49:40] <will_> I hope I get porn.[04:49:47] <lunaphyte> this is where pipe(8) begins to become quite useful.[04:50:07] *** xpoint has left #postfix[04:50:18] <lunaphyte> also, you might consider an application here for address extensions.[04:50:56] <lunaphyte> lastly, before i go to bed - for reference, so you understand where we come from in this channel:[04:51:07] <lunaphyte> !tell x_or mantras[04:51:07] <knoba> x_or: "mantras" : 1. do not accept mail that you do not intend to deliver. 2. do not drop mail. 3. do not use wildcards or catchalls.[04:51:57] <x_or> I like those. Thanks.[04:52:42] <x_or> Back to my work. Now I cannot get my rails application to send out email, getting this issue: "lost connection after STARTTLS from localhost[127.0.0.1]"[04:53:06] <lunaphyte> good luck, and good night.[04:53:08] *** nezZzZ has quit IRC[05:00:25] *** nezZario has joined #postfix[05:11:22] *** nezZario has quit IRC[05:30:01] *** niki has quit IRC[05:35:50] *** kevcox has joined #postfix[05:36:47] *** bendechrau has quit IRC[05:42:27] *** Motoko-chan has joined #postfix[05:43:46] *** Alagar has joined #postfix[05:45:02] *** MAAAAD has quit IRC[05:49:53] <kevcox> What is the best way to verify postfix is working as it should?[05:50:57] *** tharkun has joined #postfix[05:51:38] *** Deus_Ultima has quit IRC[05:58:34] *** MAAAAD has joined #postfix[05:59:23] <tharkun> !postscreen[05:59:23] <knoba> tharkun: "postscreen" : Server that performs triage on multiple inbound SMTP connections in parallel. More information can be found at: http://www.postfix.org/postscreen.8.html[06:01:47] *** pinoyskull has joined #postfix[06:05:34] *** jeremymcs has quit IRC[06:18:00] *** tharkun has quit IRC[06:53:46] *** JonnyV has joined #postfix[07:11:43] *** juergen_dose has joined #postfix[07:16:30] *** kevcox has left #postfix[07:28:05] *** henriknj has joined #postfix[07:32:39] *** alpine_style has quit IRC[07:41:20] *** cemc has left #postfix[07:43:48] *** henriknj_ has joined #postfix[07:43:52] *** henriknj has quit IRC[08:00:55] *** Lap_64 has joined #postfix[08:03:10] *** MAAAAD has quit IRC[08:03:44] *** MAAAAD has joined #postfix[08:06:49] *** pinoyskull has quit IRC[08:08:47] *** pinoyskull has joined #postfix[08:10:33] *** henriknj_ has quit IRC[08:10:44] *** JonnyV has quit IRC[08:11:29] *** e-jones has joined #postfix[08:13:30] *** karlgus has joined #postfix[08:21:16] *** karlgus has quit IRC[08:24:24] *** Zeit|awy_ has quit IRC[08:24:50] *** Zeit|awy has joined #postfix[08:25:11] *** karlgus has joined #postfix[08:26:24] *** gabWNT has quit IRC[08:48:15] *** gabWNT has joined #postfix[08:51:58] *** henriknj has joined #postfix[08:53:09] *** Lap_64 has quit IRC[08:59:56] <KTL> sending mail to postfix takes about 10-12 seconds, any idea?[09:00:29] <KTL> (i use mailscanner with spamassassin and clamav but i see these only appearing in the processeslist when the period is allmost over)[09:03:03] *** hever has joined #postfix[09:04:21] *** cga has joined #postfix[09:05:06] *** cilly has joined #postfix[09:05:15] *** hever has quit IRC[09:06:15] *** hever has joined #postfix[09:07:11] *** yahz has joined #postfix[09:14:26] *** Motoko-chan has quit IRC[09:17:42] *** yahz has left #postfix[09:34:52] *** denis_ has joined #postfix[09:47:17] <KTL> mmm[09:51:38] <will_> KTL: Is it really that big of a problem?[09:54:23] *** koollman has quit IRC[09:56:00] *** aptituz has quit IRC[09:56:19] *** aptituz has joined #postfix[09:57:41] <KTL> will_, well the users have to wait longer, they are used to be able to get rid of their mail immediately, and somehow the current mailclient refuses to send immediately but puts mail into a queue to be sent later (manually)[09:58:05] <KTL> there isnt much mail so it can not be congestion[10:00:00] <sysmonk> KTL: well, you'd need to read the topic and post the apropriate info[10:00:04] <sysmonk> the delay might be in any place[10:00:30] <sysmonk> i.e. client<->smtp, smtp<->mailscanner, mailscanner<->postfix, postfi<->remote server[10:00:33] <Gambaroni> How do I change what the name is sent from when I send an email?[10:01:17] <sysmonk> Gambaroni: it's a MUA option, not postfix[10:01:18] <sysmonk> !mua[10:01:18] <knoba> sysmonk: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird[10:01:57] <Gambaroni> sysmonk I thought so as well, weird, what I set in outlook isn't what is shown. Maybe need restart[10:02:10] * KTL reads topic.[10:02:13] *** bezourox has quit IRC[10:02:15] *** bezourx has joined #postfix[10:02:47] *** bezourx is now known as bezourox[10:08:48][10:09:14] <sysmonk> get a client which supports that![10:09:25] <sysmonk> unless you're talking about the email address itself[10:09:39] <Gambaroni> sysmonk I'm talking about the name the mail was sent from[10:09:49] <sysmonk> then get a MUA which does that correctly[10:10:32] <sysmonk> Gambaroni: are you using outlook express or the full-blown ms outlook 2xxx client ?[10:11:14] <Gambaroni> sysmonk outlook 2007[10:11:30] <sysmonk> it should support that afaik[10:11:39] <Gambaroni> sysmonk yeah, really[10:11:55] <sysmonk> and what are you reading the emails with?[10:12:07] <sysmonk> that is, you're sending the emails with outlook 2007, and what are you receiving the emails with ?[10:14:15] *** Breaking_Pitt has joined #postfix[10:14:21] *** Breaking_Pitt has left #postfix[10:16:36] *** juergen_dose has quit IRC[10:17:34] <Gambaroni> sysmonk the same. As well as the gmail-client[10:20:11] <sysmonk> what about if you send a mail from GMAIL to your outlook with those strange letters?[10:20:50][10:23:59] <joschi> Gambaroni: neither of these characters are allowed in the localparts of email addresses[10:24:23] <Gambaroni> joschi Not in the email addresses..[10:24:35] <joschi> Gambaroni: then what's the problem?[10:25:03] <Gambaroni> joschi You usually fill in your email adress AND the name in your mail client, right?[10:25:03] *** bianchi has quit IRC[10:25:32][10:25:44] <joschi> Gambaroni: yes. what's the problem in changing the displayname in your gmail account, send a test mail and then restore the old displayname?[10:26:38][10:28:02] *** necrodearia has quit IRC[10:30:15] *** necrodearia has joined #postfix[10:31:18] <Gambaroni> joschi tried sending to hotmail now, same problem[10:32:11] <joschi> Gambaroni: that's a problem with your MUA. postfix doesn't modify mail bodies when sending or receiving them[10:32:16] <joschi> Gambaroni: at least not by default[10:32:56] *** juergen_dose has joined #postfix[10:34:25][10:45:06] <sysmonk> joschi: might be that it's not postfix's fault but some stupid mailscanner sh*t :)[10:45:32] <Gambaroni> mailscanner?[10:45:46] <Gambaroni> Could it be dovecot you mean? :P[10:46:34] <joschi> Gambaroni: no, sysmonk means mailscanner[10:46:57] <joschi> Gambaroni: oh, just seen that the mailscanner guy was acutally KTL and not you. so nevermind[10:47:48] *** x_or1 has joined #postfix[10:48:54] *** x_or has quit IRC[10:49:17] *** henriknj has quit IRC[10:51:29] <Gambaroni> joschi damn[10:53:05] <sysmonk> hehe[10:53:15] <sysmonk> yeah, i thought about KTL too[10:53:21] <sysmonk> Gambaroni: might be dovecot too[10:53:45] <Gambaroni> sysmonk ok.[10:53:51] <sysmonk> but if you send mail <outside> (i.e. to gmail) it doesn't go through dovecot, so gmail should see the strange letters[10:54:04] <Gambaroni> Hm, weird..[10:54:12] <sysmonk> and you said it doesn't[10:54:20][10:54:42] <sysmonk> Gambaroni: i've gave you a mail address to send a mail to[10:54:50] <sysmonk> i'll see what would it show to me :)[10:57:02] <Gambaroni> sysmonk sent[10:59:59] <sysmonk> From: =?us-ascii?B?SGFrYW4=?=[11:00:09] <sysmonk> wrong encoding in outlook[11:00:19] <sysmonk> should be utf8 or whatever[11:00:52] <Gambaroni> sysmonk shouldn't it work with ISO as well?[11:01:02] <sysmonk> it's us-ascii[11:01:15] <sysmonk> i don't think that us-ascii has that magic letters you mentioned :)[11:01:24] <sysmonk> those*[11:01:44] <Gambaroni> Haha[11:01:55] <Gambaroni> How the fuck could it choose us-ascii?[11:02:10] <sysmonk> ask yourself/outlook/bill/ms/whatever[11:02:21] <sysmonk> it's really not related to postfix[11:02:37] <Gambaroni> Now it works :D[11:02:43] *** war9407 has quit IRC[11:02:57] <sysmonk> great, you owe us your life now[11:03:46] <Gambaroni> :D[11:04:57] <Gambaroni> If I have ...@mydomain ...@...com in virutal, sending an email to ...@myhostname , would it be forwarded then?[11:06:22] <sysmonk> you already owe us your life, you don't have permission to ask us any more questions.[11:11:10] <Gambaroni> :([11:13:05] *** johnjay has quit IRC[11:13:55] *** henriknj has joined #postfix[11:14:28] *** johnjay has joined #postfix[11:20:41] *** suuuper has joined #postfix[11:20:44] <suuuper> hi[11:20:53] <suuuper> i have a questio for yom[11:21:17] <suuuper> i try to create a rule with postfix smtp[11:21:45] <suuuper> that rewrite a particular recipient[11:22:02] <suuuper> in other addres that have different domain[11:22:06] <suuuper> for example[11:22:21] <suuuper> if i send email to aa at bb dot com[11:23:10] <suuuper> smtp server rewrite only envelope to address in cc at dd dot com[11:23:22] <suuuper> any ideas?[11:27:10] *** master_of_master has quit IRC[11:28:36] <sysmonk> suuuper: you'd need to generate that information in some understandable manner for anyone to be able to help you + reading the /topic about asking questions is a good start[11:28:40] *** klem has quit IRC[11:28:44] *** master_of_master has joined #postfix[11:29:17] *** klem has joined #postfix[11:31:17] *** VaNNi has quit IRC[11:32:39] *** VaNNi has joined #postfix[11:40:54] *** x_or1 has quit IRC[11:45:55] *** henriknj has quit IRC[11:46:08] *** x_or has joined #postfix[11:47:21] *** henriknj has joined #postfix[11:51:57] <f3ew> suuuper virtual_alias_maps[11:56:14] *** NotInternat has joined #postfix[11:57:07] *** Internat has quit IRC[11:57:10] *** TomHome has joined #postfix[12:15:13] *** EagleWatch has quit IRC[12:16:49] *** henriknj has quit IRC[12:19:13] *** macsim has joined #postfix[12:20:11] <macsim> hi, i just installed yaa as explain here http://www.howtoforge.com/autoresponders_for_virtual_postfix_users and I got this message on my log Warning: Your MTA does not provide Delivered-To header. Yaa will have to rely on message headers which are very easy to fake. You've been warned. I'm unable to found anything about this, someone knows what does that mean and how to fix it ?[12:20:36] *** EagleWatch has joined #postfix[12:22:26] <Aprogas> !tell macsim tutorial[12:22:26] <knoba> macsim: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[12:23:39] <macsim> ... useless answer[12:24:49] <Aprogas> !tell macsim welcome[12:24:49] <knoba> macsim: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[12:26:02] *** x_or has quit IRC[12:27:18] *** cpm has joined #postfix[12:27:19] *** cpm has joined #postfix[12:27:42] <macsim> too funny, I made it works I just got a wird log message, no serious answer about it on google, no serious answer postfix doc, impossible to found website or more information about yaa.pl I just ask for tips and you send me the topic ...[12:28:02] *** sebbow has quit IRC[12:28:17] <macsim> Aprogas, if you don't want to answer ... just don't answer[12:28:43] <Aprogas> I am trying to get you to provide more information so that I can answer.[12:28:44] *** sebbow has joined #postfix[12:29:13] <Aprogas> You didn't provide postconf -n nor logs.[12:31:32] <macsim> Aprogas, here is it : http://www.pastebin.org/1026185 but I didn't have this log message before installed yaa[12:33:08] <macsim> Aprogas, here is the log : http://www.pastebin.org/1026229[12:33:36] <macsim> Aprogas, I add yaa works[12:35:21] <Aprogas> Could you show more of the logs? Like the whole transaction from connect to disconnect of one mail that didn't work.[12:35:36] <macsim> Aprogas, sure give me a sec[12:36:24] <Aprogas> I'm pretty sure Postfix does add Delivered-To, but maybe not if you replace the LDA or VDA.[12:40:10] <macsim> Aprogas, http://pastebin.org/1026420 email passed and vacancy sent[12:40:17] *** Slidey has left #postfix[12:40:52] <macsim> Aprogas, I found in spanish website they talk about prepend_delivered_header but postfix doc said by default it's allready command, file, forward[12:43:43] <Aprogas> Can you pastebin the contents of your master.cf and transport table too?[12:44:48] <macsim> Aprogas, http://pastebin.org/1026517 <= master.cf[12:45:03] <macsim> Aprogas, about transport you want the .cf ? or the values in bdd ?[12:45:10] <Aprogas> The values.[12:45:14] <macsim> Aprogas, ok[12:46:13] <macsim> Aprogas, http://pastebin.org/1026561 <= transport table[12:48:11] <Aprogas> And you have a virtual alias that both delivers an incoming mail to its mailbox, as well as send it to the yaa pipe?[12:48:35] <macsim> Aprogas, yes[12:48:53] <macsim> Aprogas, the mail is transfort to user in vacancy[12:50:30] <Aprogas> I think you double-dupe because you do address mappings both on port 25 and on the amavis reinject.[12:51:00] <Aprogas> I think you should fix that first, to make sure that isn't causing this issue.[12:51:18] <macsim> Aprogas, you mean in master.cf ?[12:51:38] <Aprogas> I prefer disabling address mappings until after amvis.[12:52:00] *** henriknj has joined #postfix[12:52:18] <macsim> Aprogas, I don't understand what you mean[12:52:32] <sysmonk> macsim: what about adding flags=D to the yaa transport ?[12:53:13] <sysmonk> flags=DR even[12:53:20] <Aprogas> sysmonk: You don't mean to say that tutorials provide wrong information, do you? :)[12:53:53] <Aprogas> macsim: http://www.ijs.si/software/amavisd/README.postfix.html[12:54:11] <Aprogas> That explains how to do address mappings not before amavis.[12:55:45] <sysmonk> Aprogas: i'm talking about yaa, not amavis[12:56:02] <macsim> sysmonk, flags=DR fix it I add yaa_destination_recipient_limit = 1 in main.cf too[12:56:03] <Aprogas> sysmonk: I know, but I'm talking about the side-issue.[12:56:24] <sysmonk> macsim: so everything works fine now ?[12:57:01] <Aprogas> I think you're going to send double vacation replies.[12:57:05] <sysmonk> Aprogas: i didn't look at the "side-issue" at all[12:57:23] <macsim> sysmonk, no yaa doesn't sent vacancy message now but the warn message disapear in log[12:57:37] <sysmonk> Aprogas: vacation should only send one vacation for message-id+from+to, so it shouldn't send a few replies[12:58:11] *** ihtraum has joined #postfix[12:58:18] *** pinoyskull has quit IRC[12:59:16] <sysmonk> Aprogas: and the unfolding isn't a requirement - it depends on what you want to achieve[12:59:23] <Aprogas> sysmonk: He processes the virtual alias that duplicates original to original,autoreply twice, on original smtpd and on reinject on port 10025[12:59:35] <Aprogas> my languagecenter is broken today[12:59:46] <Aprogas> I cannot explain what I mean, nvm.[12:59:48] <Aprogas> It's not important.[13:00:30] <macsim> sysmonk, message disapear but yaa doesn't work now :/[13:00:51] <sysmonk> Aprogas: i get it, but what i said doesn't relate to his problem but to amavis at all[13:01:38] <sysmonk> nobdoy says you don't have to unfold alias'es before amavis. i MIGHT want to do that so that amavis could do different scans for different recipients (after the unfolding)[13:02:02] <Aprogas> My point is to not double-do it.[13:02:19] <sysmonk> yes, agree about not to double-do it[13:02:41] <Aprogas> He double-does it, so double-delivers to yaa, so double autoresponds.[13:02:53] <sysmonk> ( i didn't look that far yet, and i won't, have my $job-that-pays-me to do first )[13:11:09] *** shasta has joined #postfix[13:18:41] *** juergen_dose has left #postfix[13:28:15] *** pinoyskull has joined #postfix[13:28:39] *** cilly has quit IRC[13:29:36] *** cilly has joined #postfix[13:51:37] *** pinoyskull has quit IRC[13:51:44] <suuuper> f3ew, i try to use virtual_alias_maps[13:51:56] <suuuper> but it doesn't work[13:52:26] <suuuper> i configure my channel in master:[13:52:27] <suuuper> 125 inet n - - - - smtpd[13:52:28] <suuuper> -o smtpd_sasl_auth_enable=yes[13:52:28] <suuuper> -o smtpd_client_restrictions=[13:52:28] <suuuper> -o mynetworks=10.0.4.0/24[13:52:28] <suuuper> -o virtual_alias_maps=hash:/etc/postfix/canonical[13:52:35] <suuuper> -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject[13:52:35] <suuuper> -o smtpd_sasl_authenticated_header=yes[13:52:35] <suuuper> -o broken_sasl_auth_clients=yes[13:52:35] <suuuper> -o smtpd_sasl_security_options=noanonymous[13:52:37] <suuuper> -o smtpd_sasl_tls_security_options=noanonymous[13:53:12] <suuuper> but it doesnt' use virtual[13:53:41] <Aprogas> !paste[13:53:42] <knoba> Aprogas: "paste" : do not paste more than 3-4 lines in the channel. a pastebin is a way to share larger amounts of data with others, without flooding the channel with garbage. try http://pastebin.com or http://paste.debian.net (or use google and find your own). don't forget to tell us the url where you pasted the text[13:54:03] <suuuper> sorry[13:54:21] *** dragonheart has joined #postfix[14:01:41] *** uqlev has joined #postfix[14:14:28] *** freaky[t] has quit IRC[14:19:37] *** dragonheart has quit IRC[14:33:48] *** zoo_ has joined #postfix[14:45:58] *** denis_ has quit IRC[14:50:04] *** Muhis has quit IRC[14:54:02] *** TomHome has quit IRC[15:02:53] *** alpine_style has joined #postfix[15:09:16] *** war9407 has joined #postfix[15:31:53] *** uqlev has quit IRC[15:34:13] *** ib-mobile has quit IRC[15:39:07] *** alpine_style has quit IRC[15:43:00] *** juergen_dose has joined #postfix[15:46:51] *** zoo_ has quit IRC[15:47:38] *** _milu_ has joined #postfix[15:48:20] *** _milu_ has quit IRC[15:48:35] *** hever has quit IRC[15:49:46] *** UQlev has joined #postfix[15:57:50] *** Deus_Ultima has joined #postfix[15:58:27] *** milu has joined #postfix[15:59:52] <milu> hi, I've got postfix with amavisd-new working OK and I'd like to add to this setup spamd(from openbsd) to make some sort of spamtrapping[16:00:58] <milu> my current tries result in localhost being put in spamdb as the email originator because emails ar first going to amavisd[16:02:10] <milu> is there a way to make as a first checks of email - if the email is spamtrap and then not go through amavisd but go to spamtrapper service(in master.cf)[16:02:53] <UQlev> milu, what is your OS?[16:02:59] <milu> freebsd[16:03:32] <UQlev> milu, there is recommended change to your PF firewall[16:03:48] <milu> yes I know of it[16:03:59] <UQlev> firewall is switching mails, not spamd[16:04:09] <Dominian> eh?[16:04:11] <milu> nope[16:04:22] <Dominian> I think he's talking about the hand off from amavisd-new back into postfix.. its comng from 127.0.0.1[16:04:43] <milu> exactly[16:05:14] <Dominian> I've not used spamd.. nor heard of it other than the Spamassassin daemon[16:05:31] <milu> I know how clean spamdb works but I don't want to use it for all my incoming emails[16:05:36] <UQlev> milu, what service does listen port 25 of public interface?[16:05:53] <Dominian> milu: I'll have to read up on spamdb.. never used it[16:06:24] <Dominian> milu: spamdb some sort of localized spamassassin database?[16:06:36] <UQlev> Dominian, spamd of OpenBSD is absolutely different daemon[16:06:38] <milu> UQlev: postfix, then it goes through content_filter to amavisd and then if email is found in transport or sth it goes to spamtrap[16:06:52] <Dominian> UQlev: no shit[16:07:13] <Dominian> milu: I'm not sure how you can tie spamdb into amavisd or if its even possible[16:07:17] <milu> Dominian: no, no spamassassin it's different approach to fighting spam[16:07:55] <UQlev> milu, what is your spamtrap? I guess it is not spamd?[16:08:30] <milu> Dominian: please find some info about it f.ex. on http://www.ualberta.ca/~beck/nycbug06/spamd/index.html it's good presentation[16:09:07] <milu> UQlev: as a spamtrap I use script connected to spamtrapper service in master.cf[16:09:32] <milu> it works this way: gets IP of an email originator and adds it to database[16:09:57] <UQlev> if spamd is just next to your firewall why it receives messages with source 127.0.0.1?[16:10:37] <milu> as IP he gets after amavisd-processing then postfix gives 127.0.0.1 as an IP address[16:11:18] <Aprogas> Does spamdb support XFORWARD ?[16:11:32] <UQlev> smtp packets from not <whitelisted> IPs should go strait to spamd, not to postfix[16:12:36] <milu> Aprogas: I think, no[16:12:36] <UQlev> milu, spamd is dead-end application[16:13:09] <UQlev> milu, it doesn't let through anything[16:13:33] <milu> UQlev: I haven't connected it to my pf yet because I want to be sure that correct Ip's are redirected to spamd database[16:13:50] <milu> no it'looks that they aren't[16:13:55] <milu> now*[16:14:30] <UQlev> milu, spamd will not work without PF[16:15:06] <milu> UQlev: I'm aware of it but...[16:16:15] <milu> http://serverfault.com/questions/67507/how-do-i-spamtrap-with-postfix -> 2 step from the end says that: At this point, all clients sending mail to your spamtrap addresses should be added to spamdb and <spamd>. Nothing is yet being sent to spamd.[16:17:04] <milu> UQlev: As I'm using content filter it doesn't pass the correct IP to the service[16:17:26] <milu> UQlev: it passes the local IP[16:17:54] <UQlev> milu, the way you want to use your spamfilter is rather inefficient[16:18:11] <UQlev> you want to create/update your own blacklist[16:18:52] <UQlev> while you shold take care of white-list 1st of all[16:19:20] <milu> UQlev: sort of - managed automaticaly by spamd[16:19:25] *** n0ctum has joined #postfix[16:19:53] <UQlev> milu, because it doesn't matter how is your newcommers treated as GREY or BLACK[16:20:19] <milu> UQlev: I'll take care of the whitelist(it's mentioned in this link)[16:20:26] <UQlev> milu, they will not get through until they are added to whitelist[16:21:00] <UQlev> whatever forwarded to spamd service is got stuck[16:22:22] <milu> yes - as a complete workable solution - yes, But I have some addresses which I'd like to use as a spamtraps - these are unneeded accounts which are nothing more like spamlike addresses - they're on many spammerslists[16:24:02] <milu> Do you suggest to use spamdb preffered method - defining spamtrap addresses in spamd?[16:24:21] <UQlev> milu, most of spammers use their IP only once, they seldom repeated[16:25:10] <UQlev> your blacklist will grow enormous[16:25:35] <Aprogas> yes it will: 135349 zen.spamhaus.org (union of all results)[16:25:59] <milu> UQlev: so greylisting/greytrapping would be better approach?[16:26:34] <milu> How it'll work comparing to blacklishs from spamhaus or other servers?[16:26:39] <UQlev> milu, it depends on how many mailaccounts you host on your server[16:27:03] <milu> UQlev: about 200 but they grow[16:27:15] <Aprogas> milu: Is your point just to block spam?[16:27:36] <UQlev> milu, did you try policyd-weight?[16:28:40] <UQlev> milu, as greylisting spamd is not very efficient because spammers learned to bypass it[16:28:45] <milu> Aprogas: yes, I have swithed one more domain to the server which is getting much of the spam I think, my spam-rate on mailgraph shows that it increased triple while I've connected this domain.[16:30:08] <milu> UQlev: no, I haven't tried yet. Is it difficult to configure and maintenance it?[16:30:20] <UQlev> milu, spamd is very strong and efficient on small corporate servers with more or less static amount of users[16:30:33] <Aprogas> !tell milu cheatsheet[16:30:33] <knoba> milu: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[16:30:38] <Aprogas> A bit dated, but most of that still applies.[16:31:08] <Aprogas> Some sensible Postfix restrictions followed by policyd-weight or postfwd and possible postgrey, will catch a large amount of spam pre-DATA.[16:31:52] <UQlev> milu, policyd-weight is not more complicated than amavisd-new, I just have no idea how they work together[16:32:13] *** e-jones has quit IRC[16:33:48] *** cga has quit IRC[16:33:53] <milu> Aprogas: thx, I'll read it[16:33:58] *** hever has joined #postfix[16:34:12] <milu> UQlev: is it policyd.org or sth different?[16:35:45] <UQlev> milu, http://www.policyd-weight.org/, there is port for FreeBSD[16:39:11] *** 45PAA6V0D has joined #postfix[16:42:40] *** ceu has joined #postfix[16:43:07] <ceu> hi[16:43:08] <milu> UQlev: many thanks, I'll try it[16:43:22] <Gambaroni> Do virtual goes before real accounts?[16:46:36] <ceu> would it be possible to accept mail for relaying *only if* the final destination accepts the message?[16:51:25] *** karlgus has quit IRC[16:52:20] *** war9407 has quit IRC[17:07:00] <milu> UQlev: according to policyd-weight and amavisd - they should work without problems - one is policy check in smtpd_ definition the other is as content_filter[17:07:59] *** JonnyV has joined #postfix[17:09:08] <Aprogas> Gambaroni: not sure what you mean[17:10:01] <Gambaroni> Aprogas if there is a user that is named erik and in virtual I have erik at domain dot com erik@....com. Does it choose the one from virtual or to local account?[17:11:22] <Aprogas> !tell Gambaroni architecture[17:11:22] <knoba> Gambaroni: "architecture" : see !overview[17:11:25] <Aprogas> !tell Gambaroni overview[17:11:26] <knoba> Gambaroni: "overview" : Postfix Architecture Overview : http://www.postfix.org/OVERVIEW.html[17:12:15] <Aprogas> virtual_alias_maps is handled by cleanup, which happens before local[17:12:28] <Aprogas> So if you rewrite the address to go somewhere else, it might never end up at the local user[17:12:39] <Gambaroni> Aprogas ok, nice :)[17:15:42] <Gambaroni> Aprogas if mydestination contains $mydomain and $myhostname, then I don't need anything in virtual_alias_domains?[17:16:21] <Aprogas> I don't know what it is you want to do.[17:17:42] *** hever has quit IRC[17:17:55] <Gambaroni> Aprogas forward emails instead of deliver it local[17:18:56] <Aprogas> Are all mailaddresses in that domain forwards?[17:19:05] <Gambaroni> Aprogas if we have h at domain dot com, that one is delivered local. but a at domain dot com and b at domain dot com I want to forward to asd at dd dot com and asdsad at asd dot com[17:19:22] <Gambaroni> Aprogas For now it will be, in the future maybe not[17:20:32] <Aprogas> !tell Gambaroni address_classes[17:20:32] <knoba> Gambaroni: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[17:22:41] *** jamesmacleod has joined #postfix[17:22:43] *** Aqaz_ has joined #postfix[17:22:55] <Aqaz_> Dominian:[17:22:56] <Gambaroni> Aprogas because I get "warning: do not list domain host.domain.se in BOTH mydestination and virtual_alias_domains" now.. Why $myhostname and not $mydomain?[17:23:55] <Aprogas> No domain should be in multiple address classes.[17:24:34] <Gambaroni> Aprogas ok, so I cannot handle a at domain dot com as a local address and forward h at domain dot com?[17:25:16] <Aprogas> You can rewrite an address to a domain in another address class.[17:26:00] <Gambaroni> And that means? That I have to have the domain in multiple address classes?[17:26:08] <Aprogas> No.[17:26:16] <Gambaroni> What does it mean?[17:26:39] <Aprogas> You can rewrite foo at virtualdomain dot com to bar at localdomain dot com[17:28:00] <Gambaroni> Aprogas I have just one domain[17:28:20] <Aprogas> Make a subdomain that is the hostname of the machine.[17:29:29] <Gambaroni> I got that and that one is pointing to the same server as well[17:29:33] *** alpine_style has joined #postfix[17:29:57] <Gambaroni> Isn't it possible to catch both hostname and domain and rewrite?[17:30:12] <Aprogas> Many things are possible, so long as you do them right.[17:30:17] <Aprogas> !tell Gambaroni virtual[17:30:17] <knoba> Gambaroni: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[17:32:39] <Gambaroni> Aprogas.. Anyway. Looks like the mail isn't forwarded. In the log I got status=sent[17:32:52] <Aprogas> Then post some logs.[17:33:10] <Aprogas> btw, the alias_maps used by local can send to external addresses too[17:34:09] <Gambaroni> Aprogas that one is /etc/aliases, correct?[17:35:18] <Aprogas> It can be.[17:37:05] <Gambaroni> Aprogas http://pastebin.com/2WKjCu2w[17:38:01] <Aprogas> So what precisely is your question?[17:38:32] <Gambaroni> Aprogas Why my mail isn't sent to asd at gmail dot com :P[17:39:21] <Aprogas> It is.[17:39:23] <jamesmacleod> hey guys, I am having some trouble getting some ssl certificates set up on our postfix installation[17:39:39] <Gambaroni> Aprogas I didn't get it[17:39:48] <Aprogas> Check your spam folder and such things.[17:39:55] <jamesmacleod> I have a root 2 intermediate and a domain certificate[17:40:24] <jamesmacleod> I am guessing that the root certificate is used with the configuration smtpd_tls_CAfile[17:40:31] <Gambaroni> Aprogas I did that :P[17:40:34] <jamesmacleod> but what are the intermediates for?[17:41:07] *** Vivek has joined #postfix[17:41:08] *** Vivek has joined #postfix[17:41:27] <Aprogas> jamesmacleod: That's just how SSL certs work, certs are chained, sometimes via intermediary.[17:41:53] <Aprogas> Concatenate the intermediaries with your server cert, you don't need to include the root CA since the other side should have that already.[17:42:06] *** ceu has quit IRC[17:42:56] <jamesmacleod> so what should be the order in the server certificate file, int1 int2 then domain?[17:43:24] *** Zelest_ has joined #postfix[17:43:25] <Gambaroni> Aprogas Seems like it isn't accepted to send from asd at gmail dot com to some address that redirects it back.. From another address it works, thanks :)[17:43:53] *** Section1 has quit IRC[17:43:56] *** Zelest has quit IRC[17:44:28] *** Section1 has joined #postfix[17:45:21] *** suuuper has left #postfix[17:45:53] *** suuuper has joined #postfix[17:51:07] *** Aqaz_ has left #postfix[17:57:39] *** ed_ is now known as f3xy[18:04:39] *** Aqaz has joined #postfix[18:04:57] <Aqaz> How to configure postfix to handle spams?[18:05:33] <Aqaz> !welcome[18:05:33] <knoba> Aqaz: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[18:06:26] <lunaphyte_> what have you tried so far?[18:07:34] <Aqaz> lunaphyte_: I would like to filter spams. For that I'd be installing spamassin, clamav,amavid-new[18:07:48] <lunaphyte_> ok, go for it,.[18:08:01] *** zoo_ has joined #postfix[18:08:49] <Aqaz> lunaphyte_: But I'm not aware about postfix configuration as part of mail server installation[18:08:55] <lunaphyte_> why not?[18:08:56] <Aprogas> !tell Aqaz reject_non_fqdn_helo_hostname[18:08:56] <knoba> Aprogas: Error: No factoid matches that key.[18:09:21] <Aprogas> 40% of my spam is non-FQDN HELO.[18:09:23] <Aqaz> Aprogas: I'm sorry..[18:09:34] <Aqaz> Aprogas: Whats that?[18:09:51] <Aprogas> Aqaz: You'll need to do a bit of research on different spam-fighting techniques.[18:10:07] <Aprogas> There is no one magical cure, but there are multiple tricks that will work well in unison.[18:10:21] <Aqaz> Aprogas: I tried finding in http://en.wikipedia.org/wiki/Comparison_of_mail_servers[18:10:46] <Aqaz> Aprogas: What are you using? What is non-FQDN HELO?[18:10:54] <Aprogas> Do you know what HELO is ?[18:11:27] <Aprogas> You should get familiar with SMTP terminology. Many spam-fighting information assumes you already have that knowledge.[18:11:27] <Aqaz> Aprogas: Yes, command[18:11:45] <zoo_> i switched from qmail to postfix. everything works fine so far, except one thing: incoming mails are being sent using SMTP or ESMTP but nearly not at all using ESMTPS. I am using a self-signed ssl cert. Any hints?[18:11:47] <Aqaz> Aprogas: Yes go on I am ware that its a SMTP command...[18:12:07] <Aprogas> zoo_: postconf -n please, and relevant logs[18:12:38] <Aprogas> Aqaz: RFCs put certain restrictions on what is a valid HELO.[18:12:51] <Aprogas> Aqaz: Many spammers don't read RFCs and don't follow the restrictions.[18:13:03] *** smica has joined #postfix[18:13:09] *** Alagar has quit IRC[18:16:03] <Aqaz> Aprogas: What are you using?[18:16:11] <UQlev> zoo_, have you pastebin your config yet?[18:18:23] <zoo_> http://pastebin.com/JbK5tNjK[18:18:41] *** Matic`Makovec has joined #postfix[18:19:01] <Aprogas> Not many mailservers implement TLS, don't expect to see wide usage.[18:19:03] *** rajijoom has joined #postfix[18:19:38] <zoo_> the old qmail server also announces "250 AUTH LOGIN PLAIN CRAM-MD5"[18:19:51] <Aprogas> That is SASL, not TLS/SSL.[18:19:59] <UQlev> zoo_, I see smtp_use_tls = yes[18:20:25] <zoo_> i am talking about incoming mails... smtpd[18:20:37] <UQlev> zoo_, and your server is not usin certificates at all?[18:20:54] <zoo_> i have a self signed cert[18:20:55] <Aprogas> UQlev: I think you are confused.[18:21:08] <zoo_> as shown in pastebin[18:21:09] <Aprogas> zoo_: Which servers would you expect to see ESMTPS with?[18:21:48] <Aprogas> Try bit-bucket at aprogas dot net[18:22:48] <UQlev> zoo_, postconf -d | grep smtpd_use_tls[18:23:08] *** chaoflow has joined #postfix[18:23:39] <UQlev> zoo_, I see smtpd_tls_auth_only = yes in your config[18:23:57] *** hever has joined #postfix[18:24:04] *** juergen_dose has left #postfix[18:24:47] <chaoflow> I am using postfix chrooted on ubuntu 10.4 and want to use it with clamav-milter which is not documented. As far as I figured the trick is to get the clamav-milter socket into postfix's chrooted environment. Could you point me to some documentation for that?[18:27:02] *** x_or has joined #postfix[18:28:20] *** tharkun has joined #postfix[18:32:09] *** bluethundr__ has joined #postfix[18:34:06] *** jamesmacleod has quit IRC[18:36:45] *** Blue-E2 has joined #postfix[18:37:05] <Blue-E2> !welcome[18:37:05] <knoba> Blue-E2: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[18:38:50] *** 45PAA6V0D has quit IRC[18:38:57] *** x_or has joined #postfix[18:42:15] <Aprogas> Aqaz: lol, yes its fine if you mail your questions to my bit-bucket, but don't expect I can read them[18:42:39] <Aprogas> Aqaz: ask zamba if he still has my pastie URL[18:42:43] <Aprogas> I think I shared my config there.[18:43:35] <Aprogas> http://pastie.org/1150185.txt?key=kjtsydm6iubz8it2d7cw[18:43:43] <Aprogas> It may not necessarily apply to your situation.[18:48:22] <Aqaz> Aprogas: I thought it would be better to ask first.[18:48:35] <Aqaz> Aprogas: What is the file name? Where is it stored?[18:48:54] *** nezZario has joined #postfix[18:48:59] <Aprogas> It's multiple pieces. Once you start doing your own research into spamfiltering, you'll know where they go.[18:49:18] <Aprogas> You cannot just copypaste what I do and hope it will magically work as well for you too; your spam may be different.[18:49:44] <Aqaz> Aprogas: Nahh.. obviously not[18:49:45] <Aprogas> Use my example as a reference, but make sure you understand all things it does.[18:49:46] *** suuuper has quit IRC[18:50:15] <Aprogas> Please no query.[18:51:16] <Aqaz> Aprogas: Which command helped you see that?[18:51:35] <Aprogas> See what?[18:51:52] <Aqaz> Aprogas: pasttie as output of what?[18:51:52] <tharkun> Aprogas: Is that a postfwd.cf file or a striped down main.cf ?[18:52:09] <Aprogas> tharkun: both[18:52:10] <Aqaz> yes.. exactly?[18:52:31] <Aprogas> The comments inside the postfwd.cf break pastie's section marking[18:52:57] *** fignew has quit IRC[18:54:03] <Aprogas> http://pastie.org/private/kjtsydm6iubz8it2d7cw is weird[18:54:16] <Aprogas> I lost my cookie too, so cannot edit.[18:54:53] *** pinoyskull has joined #postfix[18:56:34] <Aqaz> Aprogas: SquirrelMail and postfix and SquidProxy. How can I block ,social-networking updates, sites and chatting?[18:57:04] <Aprogas> Unregister from them, or opt-out of their notifications.[18:57:25] <Aqaz> What about blocking sites? How?[18:58:09] *** fignew has joined #postfix[18:59:05] <Blue-E2> SM has plugins to allow for blocking individual mail or by entire domain[18:59:06] *** nezZario has quit IRC[18:59:28] <Aprogas> I'm not a big fan of blocking whole sites on the MTA-level, unless they are true spammers.[18:59:56] <Blue-E2> so use the filter-plugins in SquirrelMail[19:00:06] <Blue-E2> dont even touch your MTA[19:01:24] <Aqaz> Blue-E2: Aprogas: Alright, not on MTA-level. filter-plugins like?[19:02:43] *** Ionic has quit IRC[19:04:55] <Blue-E2> aye, check: http://squirrelmail.org/plugins.php[19:05:02] <Blue-E2> and see if any fit your need[19:06:04] *** suchu has joined #postfix[19:06:50] *** nbtstatz has joined #postfix[19:09:26] *** Aqaz has quit IRC[19:10:48] *** rajijoom has quit IRC[19:14:52] *** juergen_dose has joined #postfix[19:18:18] *** pinoyskull has quit IRC[19:19:36] *** deadpigeon has joined #postfix[19:20:46] *** deadpigeon has joined #postfix[19:21:22] *** Ionic has joined #postfix[19:21:24] *** Ionic is now known as Guest22440[19:22:30] *** suchu has quit IRC[19:23:01] *** nezZario has joined #postfix[19:23:37] *** passthru has joined #postfix[19:24:22] <passthru> hi guys. i want to know if is possible to make exceptions on Postfix by the User IP.[19:24:45] <lisa> what kinds of exceptions?[19:25:01] *** Guest22440 has quit IRC[19:25:07] <passthru> Ex.: I want all incoming messages by a determined IP (example: 1.1.1.1) can override the massage_size_limit configuration[19:25:19] <passthru> *could[19:25:19] <lisa> ah. that i don't know.[19:25:33] *** jamesmacleod has joined #postfix[19:25:37] <lisa> perhaps some other folks here will proffer an answer.[19:25:52] *** Ionic` has joined #postfix[19:26:18] <passthru> ya :)[19:26:30] *** jim_SFU has joined #postfix[19:26:55] <passthru> i think is possible if I configure a new service and for it (like another SMTPD in another port), but i don't like to have more instances of smtpd running :([19:27:14] <zoo_> UQlev: smtpd_use_tls is obsolete, that's why i let it out[19:28:03] <UQlev> zoo_, was this a problem?[19:28:27] *** KaiForce has joined #postfix[19:29:36] <UQlev> zoo_, your ehlo greetings show most of esmtp extensions but smtp-auth[19:31:41] *** nezZzZ has joined #postfix[19:33:11] *** juergen_dose has quit IRC[19:34:52] *** nezZario has quit IRC[19:39:05] *** p3rror has joined #postfix[19:41:55] *** jamesmacleod has quit IRC[19:42:42] <Aprogas> passthru: running on a different port is the best solution, you will run one postfix, but master will spawn multiple smtpds like it does anyway[19:43:55] <passthru> Aprogas, ya.. i am thinking in do it..[19:44:48] *** cga has joined #postfix[19:45:58] *** nezZzZ has quit IRC[19:46:18] *** nezZzZ has joined #postfix[19:51:25] *** nezZzZ has quit IRC[19:51:48] <seekwill> spam[19:51:59] <thumbs> spam![19:52:18] *** JoKoT3 has quit IRC[19:54:27] <Dominian> spam spam spam spam wonderful spam.. its wonderful spam![19:54:31] <Dominian> but I don't like spam![19:59:33] *** Vivek has quit IRC[20:00:17] <UQlev> what is worse than spammer? - your colleague sysadmin with poorly configured MTA which you can't block :)[20:00:59] <sysmonk> who said you can't block it?![20:01:57] <UQlev> sysmonk, if he is maintaining a part of your company's mail traffic[20:02:33] <UQlev> sysmonk, if he is dropping/hiding mail-headers[20:02:58] <sysmonk> well, in that case 1. you can tell him about it 2. as you work in the same company - you can connect and fix it 3. break the server and then suggest him that you will re-install it for him![20:03:37] *** Motoko-chan has joined #postfix[20:05:30] <UQlev> sysmonk, in theory - right. But if he stay on using exchange, and that 20% of spam in your mail box is ok ;) And he doesn't want anyone control his network - ambitions ;([20:05:52] <sysmonk> UQlev: _silently_ put a smtp proxy before his mail server[20:05:53] <sysmonk> :))))[20:07:14] <UQlev> sysmonk, I would If I could control his DNS[20:07:14] *** Alagar has joined #postfix[20:07:18] <tharkun> UQlev: If you have access to the (firewall|router) which his precious exchange server connects to, you can do wonders[20:07:42] <seekwill> I control your DNS[20:08:00] <UQlev> seekwill, can you prove it?[20:08:26] * cpm reads seekwill's email[20:08:48] <jeev> postfix is so disappointing[20:09:07] <jeev> there's nothing broken to fix[20:09:37] *** schnoobby has joined #postfix[20:09:42] <cpm> indeed.[20:09:47] <cpm> you can break it though.[20:09:49] <twobithacker> jeev: of course. post-fix. It's lready been fixed![20:09:57] <jeev> funny[20:10:09] <cpm> fiddle with the queues until the go kinda haywire, then insist it's postfix's fault.[20:10:18] <UQlev> postfix = fixpost ;)[20:10:32] <jeev> thumbs and seekwill kept breaking theirs, i had to guess their root password which was enabled to login, apparently they each set it as their nicknames.. and fixed their set up[20:10:34] <jeev> for free.[20:11:04] <Motoko-chan> Wow, you guys must be bored.[20:11:11] *** Vivek has joined #postfix[20:11:14] <jeev> Motoko-chan, not everyone here has fios.[20:11:55] <Motoko-chan> I'm not on FiOS.[20:11:58] *** Vivek has quit IRC[20:11:58] *** Vivek has joined #postfix[20:11:59] <Blue-E2> i want fios...[20:12:02] <jeev> you have fios, dont you[20:12:06] <Motoko-chan> I'm on 1.5 symmetrical.[20:12:09] <Motoko-chan> Right now.[20:12:13] <Motoko-chan> At work.[20:12:15] <jeev> sbah[20:12:17] * cpm is assmetrical[20:12:19] <Dominian> She has FIOS at home iirc[20:12:25] <jeev> hmm, she[20:12:30] <Dominian> yes, she.[20:12:32] <jeev> too bad i've got a beautiful girlfriend.[20:12:39] <Motoko-chan> cpm, you added some gibberish to "ass"[20:12:41] <Dominian> jeev: Rosey Palm doesn't count.[20:12:53] <Blue-E2> I'm married to a Junko-chan[20:12:57] <jeev> Dominian, unfortunately she's remaining a virgin. so...........................................[20:13:02] <Dominian> eh[20:13:03] <jeev> just 5-6 more years before i can get at it, it's ok[20:13:07] <jeev> the palm is enough for now[20:13:22] <cpm> Motoko-chan, thou art wise.[20:13:26] <Motoko-chan> So, she's 12 right now?[20:13:45] <jeev> 22[20:13:58] <Motoko-chan> But you said 5-6 more years, so I figured she was 12.[20:13:59] <jeev> she has to finish med school, marriage then i get the sexual satisfaction[20:14:20] <jeev> i keep telling her once she gets paid, im stopping working.. even though i do pretty well[20:14:29] * Motoko-chan goes back to actual work[20:14:34] <Blue-E2> bye[20:15:01] <jeev> bye[20:20:03] *** Ionic` is now known as Ionic[20:28:42] *** Aqaz has joined #postfix[20:28:47] <Aqaz> If spamassasin can filter spam why one need to use SquirrelMail plugins?[20:29:03] *** Blue-E2 has quit IRC[20:30:01] <roe> Aqaz, what are you talking about?[20:30:32] <Aqaz> roe: regarding spam filtering[20:30:39] <Motoko-chan> Aqaz, you'll need to be more specific.[20:30:44] <roe> a lot more specific[20:31:42] *** brianV has joined #postfix[20:32:14] <Aqaz> How spamassasin filter mails for spams. And how Squirrel-mail plugins filter mail? Which on is advisable? And why?[20:32:27] <jeev> i'd love to try user specified filters[20:33:44] <brianV> Hi all. I am getting an error every time postfix tries to start up. The error is: 'postfix/master[31689]: fatal: bind 127.0.0.1 port 25: Address already in use'. I have a postconf -n at http://pastebin.com/ja9V08Rv if it's useful. If anyone can help me figure out why this is happening, it would be much appreciated[20:34:05] <roe> Aqaz, not specific enough[20:34:20] <UQlev> brianV, have you disabled sendmail?[20:34:26] <roe> brianV, sounds like you have another mta installed/running[20:34:44] <Motoko-chan> If you're talking about the generic Filter plugin, don't use the spam filtering it offers. It really hurts the server.[20:34:50] <brianV> hmm... this is a preconfigured Dreamhost PS server, with a default server setup[20:35:06] <brianV> how would I check that? (thanks in advance for MTA-noob friendly steps :) )[20:35:07] <roe> ok, and waht mta does the 'default server setup' come with?[20:35:09] <Motoko-chan> brianV, try "netstat -nap" and see what app is using port 25.[20:35:25] <UQlev> brianV, preconfigured != duly configured[20:35:54] <brianV> UQlev: no arguments there[20:36:34] <brianV> netstat -nap shows nothing listening on :25, however, there is a line for courier in there[20:37:27] <brianV> unix 2 [ ACC ] STREAM LISTENING 28636 10173/authdaemond /var/run/courier/authdaemon/socket.tmp[20:38:32] <Aqaz> roe: Well I'm new to spamfiltering, so would you tell me as in what terms i should be describing it more?[20:39:16] <UQlev> brianV, use pastebin to show "ps ax" output[20:39:19] <roe> as this is a postfix channel some people here have absolutely no clue what 'squirrelmail filtering' is. How about a link?[20:39:23] *** jamesmacleod has joined #postfix[20:40:00] <brianV> UQlev: ps -ax output: http://pastebin.com/nHxhMmP8[20:41:26] <UQlev> brianV, are you root? show whoami[20:42:11] <brianV> UQlev: I am root. was working with sudo[20:42:19] <brianV> UQlev: as root, ps -ax shows same output[20:42:44] <roe> brianV, 'telnet localhost 25'[20:42:58] <brianV> roe: ok, done[20:43:09] <roe> output?[20:43:20] <brianV> ps28214:/var/log# telnet localhost 25[20:43:21] <brianV> Trying 127.0.0.1...[20:43:21] <brianV> Connected to localhost.[20:43:21] <brianV> Escape character is '^]'.[20:43:21] <brianV> 220 homie-vserver178.dreamhost.com ESMTP[20:43:24] *** jamesmacleod has quit IRC[20:43:26] <Dominian> !pastebin[20:43:26] <knoba> Dominian: "pastebin" : see !paste[20:43:29] <Dominian> !paste[20:43:29] <knoba> Dominian: "paste" : do not paste more than 3-4 lines in the channel. a pastebin is a way to share larger amounts of data with others, without flooding the channel with garbage. try http://pastebin.com or http://paste.debian.net (or use google and find your own). don't forget to tell us the url where you pasted the text[20:43:32] <brianV> sorry about the span, should have dropped that in pastebin[20:43:38] <Dominian> hah[20:43:43] <brianV> but man you are fast on that :)[20:44:05] <Dominian> I felt a disturbance in the force[20:44:08] <brianV> lol[20:47:04] *** jamesmacleod has joined #postfix[20:47:17] <brianV> roe: anything I should send via telnet?[20:47:31] <roe> nope[20:47:46] <roe> 220 homie-vserver178.dreamhost.com ESMTP <-- something is listenting on 25[20:48:12] <UQlev> hidden[20:48:16] <UQlev> :)[20:48:28] <UQlev> nice gift from the vendor[20:48:58] <Motoko-chan> Just type[20:49:01] <Motoko-chan> "QUIT"[20:49:05] <Motoko-chan> And it'll disconnect you.[20:49:21] <sysmonk> brianV: is that Linux or BSD or whatever?[20:49:23] <brianV> ok, so apparently ESMTP and Postfix are conflicting then?[20:49:32] <adaptr> postfix fully supports ESMTP[20:49:34] <Motoko-chan> Heck, it might be Postfix already...[20:49:38] <sysmonk> ESMTP is a generic string for extended smtp servers[20:49:40] <brianV> sysmonk: Debian 5.0.6[20:49:46] <brianV> ah[20:49:49] <Motoko-chan> That "ESMTP" is just a required part of the line on connect.[20:49:49] <sysmonk> brianV: can you pastebin netstat -nap[20:49:58] <sysmonk> ah you already did[20:50:21] * roe bets on exim[20:50:53] <brianV> full pastebin -nap >> http://pastebin.com/M0kWZpKu[20:50:55] <sysmonk> brianV: i suspect that's a "virtual" server, maybe something is running on the smtp on the host system[20:51:06] <brianV> sysmonk: yes, it's a VPS[20:51:12] <adaptr> brianV: what does netstat -plnt say[20:51:14] <brianV> sysmonk: sorry, I should have specified that earlier[20:51:33] <adaptr> sysmonk: all of that has zero impact on localhost listeners[20:51:52] <brianV> adaptr: netstat -plnt >> http://pastebin.com/YyhGQ4Kn[20:52:20] <adaptr> brianV: definitely nothing listening on port 25 then[20:52:22] <sysmonk> adaptr: woops, didn't notice that he was connecting to localhost[20:52:34] <adaptr> perhaps you've defined something twice in master.cf, brianV[20:52:41] <adaptr> pastebin it[20:52:48] <brianV> adaptr: perhaps. I've never touched that file[20:53:02] <sysmonk> adaptr: well, in that case the telnet wouldn't work / the ps would atleast show the master daemon[20:53:03] <adaptr> brianV: and inet_interfaces is set to ?[20:53:05] *** Aqaz has quit IRC[20:53:20] <brianV> inet_interfaces = 69.163.253.32,127.0.0.1[20:53:33] <adaptr> so, everything. why not just leave that be ;)[20:53:51] <adaptr> !restart[20:53:51] <knoba> adaptr: "restart" : There is no postfix restart command. There is postfix stop, postfix start, or postfix reload. Changes made to master.cf and some functional changes to main.cf will require a stop and a start in order to take effect. OR When edit thou thine master.cf, restarteth thou thine Postfix, lest ye die![20:54:23] <sysmonk> brianV: how many ip's are there on your server?[20:54:50] <sysmonk> i just tried looking at banners on 69.163.253.3x and they all show the same banner for 25[20:55:03] <brianV> sysmonk: not sure[20:55:10] <brianV> it's in Dreamhost, it's one of their PS servers[20:55:12] <sysmonk> brianV: ifconfig -a[20:55:21] <sysmonk> ant pastebin, ofcourse[20:55:45] <brianV> ifconfig -a >> http://pastebin.com/HittV8kv[20:56:35] *** hever has quit IRC[20:57:40] <UQlev> brianV, smtpscan 69.163.253.32 No exact match. Nearest matches : - Postfix 1.1.11 (1)[20:58:41] <sysmonk> so, as you only have one ip, and other ip's have the same exact banner, it might be that the host itself is running smtp server on your ip[20:58:50] <sysmonk> you should check the dreamshost faq or something[20:59:24] <brianV> I will. I am starting to get royally pissed at dreamhost. This is a 'vanilla' server with their configs as they set it up[20:59:50] <brianV> thanks for the help, all[21:00:02] *** plee has quit IRC[21:00:28] <brianV> it's much appreciated - the host has been consistently telling me that my site is the problem, not the server. I guess the fact that postfix isn't starting doesn't affect the mail at all[21:00:37] *** plee has joined #postfix[21:01:45] <adaptr> urgh. a possessed VPS. I'd rather run a server on a 56K line at home[21:02:11] <brianV> me too. Porblem is, this is for a client, and they chose poorly[21:02:25] <roe> if it is a vserver, networking can be funky[21:02:45] <UQlev> brianV, it seems hosting system already running an instance of postfix[21:02:54] <Motoko-chan> Dreamhost is kinda poor.[21:02:57] <sysmonk> UQlev: it's something that i said a 5 minutes ago :P[21:03:22] <brianV> Motoko-chan: lol, oh trust me, I am aware. I recommended against it for the client. But they chose 'cheapest' over anything else[21:03:23] <sysmonk> but it really really sucks[21:03:29] <sysmonk> i wouldn't use that kind of hosting[21:05:03] <adaptr> brianV: host it at your home and tell them it is on a public IX with fully redundant hardware backed by a SAN.[21:05:27] <brianV> lol[21:05:40] <UQlev> brianV, that servers works without smtp-auth, no tls either[21:05:57] <brianV> urk[21:06:01] <UQlev> brianV, prepare to spam hell[21:06:02] <brianV> nice[21:06:05] <sysmonk> well, i've been given a dedicated server from a hosting company for their own internal project... and that server had worse hardware than my notebook[21:06:11] <brianV> I'll pass that on to the client[21:06:13] <sysmonk> so yeah, it's better to host at home sometimes :)[21:06:29] <sysmonk> UQlev: 587 is listening too btw (nmap scan done already :P )[21:07:09] *** plee has quit IRC[21:07:09] <UQlev> sysmonk, can you emagine submission without starttls or smtp-auth?[21:07:32] <sysmonk> ew, didn't notice that[21:07:36] <sysmonk> that's ... awful ...[21:07:48] <UQlev> sysmonk, no stpds[21:11:33] <UQlev> it is amazing that 69.163.253.32 is not blacklisted yet[21:11:53] *** Aqaz has joined #postfix[21:13:35] <brianV> it's startling to me[21:13:49] <brianV> because I would assume the same is true then across Dreamhost's entire network[21:13:53] <brianV> that's a lot of open mail servers[21:14:03] <UQlev> brianV, luckily it might be broken MTA :)[21:14:11] <brianV> hope so[21:14:15] <brianV> or not[21:17:01] <Gambaroni> What does this mean: "Recipient address rejected: Greylisted for 5 minutes (in reply to RCPT TO command))"?[21:18:33] <UQlev> Gambaroni, it means greylisting works[21:19:24] *** lepine has joined #postfix[21:19:43] *** plee has joined #postfix[21:19:43] <Gambaroni> UQlev But what does it mean? :P Does it block the sender email? The receiver email?[21:19:50] *** higuita has quit IRC[21:20:05] <UQlev> !greylisting[21:20:05] <knoba> UQlev: Error: "greylisting" is not a valid command.[21:20:43] <UQlev> Gambaroni, it is temporary problem, spam protection[21:21:25] <UQlev> Gambaroni, you are not a prime sender there ;)[21:22:09] <Gambaroni> UQlev from the receivers mailserver?[21:22:31] <UQlev> yes, this is from remote server[21:22:46] <Gambaroni> UQlev so actually nothing I can do something about?[21:23:05] <UQlev> Gambaroni, just wait about 5-15 min[21:23:10] <Gambaroni> UQlev would it be delivered anyway?[21:23:21] <UQlev> hopefully[21:23:50] <Gambaroni> UQlev ok, does greylisting depend on the mailserver it is sent from? or the mail-adress?[21:24:29] <UQlev> Gambaroni, greylisting may not be applied to their white-listed senders[21:24:35] <Gambaroni> UQlev because this is gmail (to domain.com) -> my mailserver (forwarding domain.com to example.com) -> example.com mailserver (greylisting message)[21:25:46] <UQlev> Gambaroni, your server is not whitelisted on example.com, that's it[21:26:06] *** mezgani_ has joined #postfix[21:26:09] <UQlev> Gambaroni, just wait[21:26:27] <Gambaroni> UQlev I see. But will the message sent now be delivered you think? :)[21:26:54] *** Aqaz has quit IRC[21:27:05] <UQlev> Gambaroni, most probably - YES, unless other filter will prevent it[21:27:22] <Gambaroni> UQlev I see, then we'll see if I get some response. Thanks :)[21:28:03] <Gambaroni> UQlev after some time this greylisting-response would not be shown or?[21:28:36] <UQlev> Gambaroni, usually after 3-4 failed attempts it is delivered[21:28:54] <Aprogas> In my logfiles, when Postfix delivers to a remote MTA, how do I spot the difference between 1 connection for 20 deliveries, or 20 connections for 1 delivery?[21:29:14] *** p3rror has quit IRC[21:29:18] <Gambaroni> UQlev ok, thanks =)[21:31:36] *** cpm has quit IRC[21:31:44] <UQlev> Aprogas, only time interval ;)[21:36:09] *** mezgani_ has quit IRC[21:36:54] <brianV> ok, got the issue resolved[21:37:25] <brianV> according to the tech support (who demanded 'proof' that the mail system not working was their fault)[21:37:32] <brianV> 'your private server host machine started it's own postfix before your private server could do so'[21:37:54] <brianV> of course, they only looked at it once I told them to check mail.log and the mail queue themselves[21:37:55] <thumbs> brianV: what is that supposed to mean?[21:38:23] <brianV> thumbs: it's a VPS. The VPS host server started something listening on :25 before the VPS could get it's own postfix listening[21:38:47] <thumbs> brianV: how nice of them.[21:38:53] <brianV> you would think that Dreamhost, one of the larger hosts out there, wouldn't have this kind of bullcrap issue[21:39:09] <brianV> client is now talking about leaving them :)[21:42:23] *** cga has quit IRC[21:42:28] *** UQlev has quit IRC[21:44:21] *** sjrussel has joined #postfix[21:48:10] <seekwill> brianV: That doesn't sound right[21:48:22] <seekwill> On a VPS, the host machine is a completely different IP[21:48:48] <sysmonk> seekwill: but it owns the client (vps) ip[21:48:51] <sysmonk> so it _is_ possible[21:49:00] <seekwill> It is, but not with the setups I've seen[21:49:01] <sysmonk> and yes, i saw that kind of problems before[21:49:08] <brianV> seekwill: that may be true. All I know is what DH support told me. My mail is running now, so it's good for now :)[21:49:08] <seekwill> What vps software?[21:49:09] <sysmonk> i did see that kind of setups[21:49:40] <sysmonk> seekwill: different ones, jails (freebsd) and probably early stages of openvz[21:49:59] <seekwill> I've never been on a Freebsd VPS...[21:50:03] *** Xzisted has joined #postfix[21:50:12] <seekwill> eh[21:50:36] <sysmonk> well, it's debian in this case, so not a freebsd vps[21:51:06] <seekwill> I don't see how a normal out of the box system would allow that.[21:51:15] *** Lars_G has joined #postfix[21:51:23] <sysmonk> who talks about out-of-the-box?! :)[21:51:24] <seekwill> But oh well, happened[21:51:26] <seekwill> :)[21:51:30] <Lars_G> greets all.[21:51:54] <Lars_G> Question, I'm trying to setup auth with postfix on ubuntu and I'm more mixed up than hell.[21:52:15] <Lars_G> I have a postfixadmin setup, working, with courier, so either rimap or sql auths should work....[21:53:15] <jeev> ubuntuii does that to you[21:53:34] <Lars_G> now, one detail I see is, I just ran saslpluginviewer and in the auxprop list there's only sasldb[21:53:49] <Lars_G> so I guess even when I do have the libs for other methods, the other methods are not working?[21:54:19] <Lars_G> So I wont be able to use rimap, sql, or pam... I guess....[21:55:32] * Lars_G sighs and buries his face on sasl[21:57:18] <lunaphyte_> any particular reason you're using cyrus?[21:57:25] *** cilly has quit IRC[21:58:36] *** veenenen has joined #postfix[21:58:37] <Lars_G> lunaphyte_: Seems to be the only sasl distro I dont need to compile in here.[21:58:44] <Lars_G> I'd like to use distro packages if possible.[21:59:35] <Lars_G> bbl, gotta switch connections.[21:59:36] <schnoobby> Lars_G, you don't need to compile dovecot which also has sasl support[21:59:55] <veenenen> looks like joined in at the right time[21:59:58] <Lars_G> schnoobby: Yeah I'm thinking on moving from courier to dovecot anyhow.. to also be able to implement sieves[22:00:49] <schnoobby> Lars_G, follow the instructions on workaround.org and you should be just fine. nice and easy setup[22:01:15] <Lars_G> Hmmm I'll see those[22:01:42] *** uqlev has joined #postfix[22:01:48] <veenenen> I'm running into sasl issues. I transfered over my postfix main.cf from an old machine to a new one, and now my sasl server provider is throwing an error saying I'm not authenticating. I can't figure out what changed. Was something changed about how to configure a sasl connection in recent versions of postfix?[22:02:07] <schnoobby> Lars_G, the tutorials is for debian, so it should work for ubuntu as well. anyway there are a lot of tutorials for Ubuntu+Postfix+Dovecot+SASL[22:03:43] <jeev> freebsd vps is cool, www.arpnetworks.com[22:04:42] <veenenen> this sucker used to work great right out of the box http://paste.ubuntu.com/497953/[22:05:53] <veenenen> but I threw it into a ubuntu 10.10 server and I'm getting 513 errors back saying I'm not authenticating[22:06:08] <veenenen> *an[22:06:17] *** Lars_G has quit IRC[22:07:16] <uqlev> veenenen, same certificates?[22:08:48] <veenenen> yeah[22:09:10] <uqlev> veenenen, and certificate matches hostname?[22:09:14] <veenenen> is there anyway to get some more verbose logging of the mail process?[22:10:03] <uqlev> veenenen, sure. what do you use for sals? dovecot or cyrus?[22:10:20] <uqlev> veenenen, or you meaned external sasl server?[22:10:37] <veenenen> it's an external sasl server[22:11:46] <veenenen> and I keep getting back this error " 513 5.0.0 Your email system must authenticate before sending mail. (in reply to MAIL FROM command))"[22:11:55] *** Lars_G has joined #postfix[22:12:05] <Lars_G> I'll check. Thing is, there's a million tutorials.[22:13:53] <uqlev> veenenen, you have to setup cyrus sasl client[22:14:20] <schnoobby> Lars_G, take a look at those from the postfix or ubuntu-server sites[22:14:39] <schnoobby> Lars_G, they worked fine for my last test-setup[22:15:15] <Lars_G> schnoobby: I'll check those... the whole postfix-cyrus mechanism is incredibly sparse log wise, meh. thanks[22:16:00] <Lars_G> I wonder why postfix can't hook into pam directly. What's the advantage of hooking into sasl[22:17:05] <sysmonk> sasl doesn't understand what plain/login/cram-md5 or whatever is[22:17:12] <sysmonk> s/sasl/pam/[22:17:59] <veenenen> shouldn't there be an error getting thrown somewhere if it can't find a client?[22:18:13] <sysmonk> can't find a client?[22:20:19] <Lars_G> sysmonk: Ah I get that[22:21:19] <veenenen> did this conf value change "smtp_sasl_password_maps"? it's not showing up when i run postconf -n.[22:21:35] <veenenen> *configuration index[22:23:09] *** higuita has joined #postfix[22:23:13] <uqlev> veenenen, does your server require password or certificate authentication?[22:23:24] <sysmonk> no, it didn not change[22:23:32] <veenenen> password[22:23:44] <sysmonk> veenenen: and postconf -n only shows if something has changed from the default values. so if it didn't - it won't show up[22:24:13] <veenenen> It's changed to a static string that gets passed in[22:24:25] <uqlev> veenenen, you should clarify client and smarthost[22:24:38] <sysmonk> veenenen: well, it didn't, check your config file[22:24:42] <uqlev> veenenen, are both under your control?[22:24:45] *** dan__t has quit IRC[22:24:56] * Lars_G hits his head on a wall[22:25:00] <Lars_G> sometimes the choices are too many[22:25:03] <veenenen> I posted the config file above http://paste.ubuntu.com/497953/[22:25:15] <veenenen> just the client is under my control[22:26:38] <Lars_G> cyrus, dovecot, pam, sql, rimap, courier[22:26:41] * Lars_G runs screaming[22:26:44] <sysmonk> veenenen: what does 'postconf smtp_sasl_password_maps' return ?[22:26:57] <sysmonk> Lars_G: that's not all of the choices[22:27:17] <Lars_G> sysmonk: that's the worst part[22:27:26] <Lars_G> We should make a modular tutorial[22:28:01] <Lars_G> one module for mta, one for lda, one for auth, one for pop3 and imap.[22:28:15] <Lars_G> And one for transport/virtual[22:28:23] <Lars_G> so you don't have all those precooked combos.[22:28:40] <Lars_G> And before you ask me when I'm doing it... IDK.[22:29:06] <sysmonk> well, i don't use tutorials at all so i don't know why would we need that[22:29:22] <sysmonk> if somebody wants to make it work - he should learn at least a bit :)[22:29:45] <Lars_G> Btw why d'yall recommend dovecot sasl over cyrus[22:30:00] <Lars_G> hmmm...[22:30:18] <Lars_G> sysmonk: So, if they want to make it work, all the should ever consult is the source code for the programs? maybe the RFCs?[22:30:27] <Lars_G> I mean... tutorials are a way of... learning about it.[22:30:36] <sysmonk> Lars_G: man pages[22:30:44] <Lars_G> There is nothing noble about doing it the long way[22:30:47] * sysmonk uses cyrus[22:30:56] *** Deus_Ultima has quit IRC[22:31:02] <Lars_G> Oh gods I'm not starting a flamewar.[22:31:04] <sysmonk> and yes, i sometimes have to go to the source code as not everything is well documented :([22:31:18] <sysmonk> Lars_G: well, you're not[22:31:28] <sysmonk> but the fast answer would be - use what you already use[22:31:35] <sysmonk> i.e. if you have dovecot for imap/pop3 - use dovecot sasl[22:31:42] <sysmonk> if you use cyrus for imap/pop3 - use cyrus sasl[22:32:42] <uqlev> sysmonk, and if you used nothing before keep doing so ;)[22:32:46] <Lars_G> sysmonk: and if I use courier for pop3/imap? :P[22:32:47] <sysmonk> if you don't use any of theese and don't plan to - make some reading , try out both, and choose yourself[22:33:03] <sysmonk> well, if you use courier then go shoot yourself :P[22:33:20] <sysmonk> then probably you don't need a mail server :)[22:33:20] <Lars_G> Yeah I think that's my answer[22:33:37] <sysmonk> imho courier is good for a small number of mailboxes[22:33:53] <sysmonk> and for that you can use any other free service or pay a few $ per year[22:34:18] <Lars_G> Nope, paying a few $ per year is not doable :)[22:34:47] *** Toerkeium has joined #postfix[22:34:58] <Toerkeium> hello guys[22:36:28] <Toerkeium> what does it means the delay in "relay=virtual, delay=nnn" from postfix logs? I though it was the mails there was in the queue, but looks like it's not as I'm getting a delay of 255 for example, and my mailq says there is only 20 messages[22:42:12] <Aprogas> Number of seconds since the message started existing, and that attempt to deliver it.[22:43:35] <Toerkeium> oh, thanks Aprogas[22:43:41] <Toerkeium> I was totaly confused[22:44:28] <Aprogas> Not sure if 255 should happen when relay=virtual[22:44:44] <Aprogas> Delays happen mostly with remote hosts that are down, broken DNS, etc.[22:44:54] <Aprogas> But local/virtual delivery agents should generally be quick.[22:53:27] <adaptr> Toerkeium: what does postconf virtual_transport say[22:53:56] <adaptr> 255 is 4+ minutes, this sounds like some sort of processor timeout. if it were a defer requeue, it would be much longer[22:54:14] *** macsim has quit IRC[22:54:28] *** macsim_ has joined #postfix[22:54:37] *** macsim has joined #postfix[22:55:35] <macsim> hi, I use postfix-mysql I try to manage vacancy message,a[22:55:57] <macsim> doesn't anything else about from yaa exist to manage this ?[22:56:59][22:57:46] <Toerkeium> postconf virtual_transport output is: virtual_transport = virtual[22:58:46] <Toerkeium> I'm facing troubles with a postfix install, which I suspect someone is congesting the machine, but I can't catch who is (if it really is "someone")[22:59:11] <Toerkeium> commonly the delay is 1 or 2[22:59:45] <Toerkeium> but sometimes it reaches 250+, and sometimes from 250+ it goes to 1 or 2 again, but other times keeps growing up till it stops working[23:00:04] <Toerkeium> now I configured the -v in the master.cf file so I can see the logs in debug mode[23:02:48] *** KaiForce has quit IRC[23:03:05] <Toerkeium> delay time increases significant ram usage[23:06:51] *** henriknj has quit IRC[23:08:13] *** JonnyV has quit IRC[23:11:02] <Toerkeium> there was a postfix logger called something like pflog right?[23:12:57] <Aprogas> !tell Toerkeium pflogsumm[23:12:58] <knoba> Toerkeium: "pflogsumm" : a perl script to analyse your mail log file and generate nice reports. See: http://jimsun.linxnet.com/postfix_contrib.html (metalog users see the !mpflogsumm factoid)[23:13:08] <Aprogas> !mpflogsumm[23:13:09] <knoba> Aprogas: "mpflogsumm" : a pflogsumm metalog howto, See: http://linuxnet.ca/postfix/pflogsumm_metalog.html[23:13:41] *** henriknj has joined #postfix[23:14:13] <Toerkeium> thanks Aprogas and knoba :)[23:14:57] *** Ionic has quit IRC[23:15:34] <Lars_G> Ok I'm pulling my hair...[23:15:49] <Lars_G> sasl itself works... testsaslauthd returns success.....[23:16:40] <Lars_G> But, trying to auth thorough postfix returns: postfix/smtpd[21819]: warning: unknown[190.x.x.x]: SASL LOGIN authentication failed: authentication failure[23:17:52] *** Ionic has joined #postfix[23:18:11] <Lars_G> I've set /etc/postfix/sasl/smtpd.conf to two lines: pwcheck_method: saslauthd and saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux[23:18:22] <Lars_G> smtpd_sasl_path is = smtpd[23:18:41] *** schnoobby has quit IRC[23:18:46] <Lars_G> And, cyrus_sasl_config_path is = /etc/postfix/sasl[23:18:52] <Lars_G> So in theory it should work![23:22:31] * Lars_G weeps[23:22:44] <Lars_G> If I delete the saslauthd_path line in smtpd.conf, it works... wth....[23:22:53] * Lars_G hugs someone at random and weeps[23:22:58] <Lars_G> at least... it works... IT WORKS[23:23:12] <Lars_G> Though I feel dirty I had to recourse to rimap[23:28:18] *** x_or has quit IRC[23:38:05] *** henriknj has quit IRC[23:41:08] *** ib-mobile_ has joined #postfix[23:45:38] *** sjrussel has quit IRC[23:49:14] *** ib-mobile_ is now known as izzyb_[23:52:19] <veenenen> Alright, I'm down to looking at pcads at this point to make sure I know what's going on. Postfix isn't even trying to establish a encrypted connection. It's sending a HELO instead of an EHLO.[23:53:05] <veenenen> Is there anyway of figuring out why it's ignoring "smtp_sasl_auth_enable = yes"[23:53:19] <veenenen> It seems like postfix should atleast be throwing an error somewhere[23:53:22] <Aprogas> Prove it with logs and such.[23:53:39] <Aprogas> I strong doubt the postfix smtp client sends HELO unless maybe EHLO returns an error.[23:55:00] *** Zelest_ has quit IRC[23:55:05] *** Zelest has joined #postfix[23:55:13] <veenenen> http://paste.ubuntu.com/498019/[23:55:18] <veenenen> my conf[23:55:44] *** madduck_ has quit IRC[23:56:01] *** kenyon has quit IRC[23:56:07] *** kenyon has joined #postfix[23:56:10] *** jim_SFU has quit IRC[23:56:44] <veenenen> I'm not sure a good way to display the pcaps for everyone, but I can confirm that on the server that is working it's using EHLO and authenticating, and on the server that's not working with the identical config file, it's using HELO[23:57:11] *** madduck_ has joined #postfix[23:57:21] *** rhenz has quit IRC[23:57:50] <Aprogas> You use static: as sasl_password_maps[23:58:00] *** rhenz has joined #postfix[23:58:03] *** izzyb_ is now known as ib[23:58:19] <Aprogas> That makes you send that same password to all remote servers that offer AUTH.[23:58:26] <Aprogas> Are you sure? [yes/no/cancel][23:58:38] <Aprogas> oh nvm, I didn't spot your relayhost until just now[23:58:43] *** ib is now known as izzyb__[23:59:21] *** sphenxes01 has quit IRC[23:59:23] *** uqlev has quit IRC[23:59:25] <Aprogas> So you are looking at the traffic between your server and authsmtp ?[23:59:33] <veenenen> http://paste.ubuntu.com/498024/[23:59:35] <veenenen> yes[23:59:56] <veenenen> here are the two pcaps from tcpdump between the two servers