September 22, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 22, 2010 [00:00:03] <veenenen> atleast, the wireshark summary[00:00:23] *** Gambaroni has quit IRC[00:00:26] *** izzyb__ is now known as ib-mobile_[00:00:36] <Aprogas> Not sure what I'm looking at to be honest. Is the sequence inverted?[00:00:39] <veenenen> oops, grabbed different lines[00:00:47] <veenenen> one sec[00:01:03] *** smica has quit IRC[00:01:12] <Aprogas> Making the smtp client verbose might be more useful[00:03:05] <Aprogas> Maybe you should set smtp_tls_security_level = may[00:03:20] <Aprogas> or even enforce it; you're going to send a pass after all[00:03:21] <veenenen> http://paste.ubuntu.com/498026/[00:03:48] <veenenen> as you can see there's a few issues[00:04:12] <Aprogas> It's out of context, I have no baseline of what it should look like.[00:04:41] *** jim_SFU has joined #postfix[00:04:48] <Aprogas> You're just confusing me majorly.[00:04:53] <tharkun> Whenever using zen.spamhaus.org which reject_rbl should be used ? reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client or all of them ?[00:04:54] <veenenen> sorry[00:05:07] <Aprogas> tharkun: not rhsbl[00:05:23] <tharkun> Aprogas: thx[00:05:23] <Aprogas> You could run the rhsbls on dbl.spamhaus.org[00:05:40] <tharkun> ok[00:06:11] <Aprogas> veenenen: From who to who are those examples?[00:06:23] *** riversky has joined #postfix[00:06:33] <veenenen> that's going from the server to authsmtp (our third party relay)[00:06:41] <Aprogas> Which one?[00:06:44] <Aprogas> You show two blocks.[00:06:46] *** hever has joined #postfix[00:07:05] <Aprogas> Why is there a 10/8 address?[00:07:15] <Aprogas> Explain your setup if we are to make sense of stuff.[00:07:18] <veenenen> oh, the first is from a new server I'm setting up that isn't working, and the second is from our current production server that is working[00:07:32] <Aprogas> They are labeled the other way around.[00:08:06] <veenenen> the working one is on amazon ec2 and sending emails via authsmtp. the broken one is running on my local kvm and also trying to talk to authsmtp[00:08:10] <Aprogas> Just put smtp in -v and show me that.[00:08:24] <Aprogas> Does it even run Postfix ?[00:08:26] *** Section1 has quit IRC[00:08:50] *** LowKey has quit IRC[00:09:09] *** hever has quit IRC[00:09:28] <Aprogas> Show some Postfix logs on the server that isn't working.[00:10:18] <veenenen> they're both ubuntu. working is 9.04 and broken is 10.10. I'll get those logs together. one sec.[00:13:01] <veenenen> the postfix logs burried in syslog. Is there anything in paticular you'll like. http://paste.ubuntu.com/498030/[00:13:19] <veenenen> here's the error message. is there anyway to get postfix to be more verbose?[00:13:45] *** war9407 has joined #postfix[00:13:55] <Aprogas> I'm not sure what that PIX workarounds message means.[00:14:16] <Aprogas> Show your master.cf[00:15:07] <veenenen> http://paste.ubuntu.com/498033/[00:15:46] <Aprogas> disable_esmtp sounds bad[00:15:54] <Aprogas> I have no idea why postfix/smtp believes it should do that.[00:17:01] <Aprogas> postconf mail_version[00:17:04] *** LowKey has joined #postfix[00:17:32] <Aprogas> postconf smtp_pix_workaround_maps[00:17:44] <veenenen> postfix -v : http://paste.ubuntu.com/498034/[00:17:55] <Aprogas> I meant smtp -v, but that's not needed anymore[00:18:19] <Aprogas> You can paste one-line answers in here.[00:18:22] <veenenen> that's empty[00:18:37] *** dan__t has joined #postfix[00:18:42] <Aprogas> the mail_version too ?[00:19:04] <veenenen> 2.7.1[00:19:27] <Aprogas> I have no idea if that PIX workaround can be turned on automatically.[00:19:50] <Aprogas> It is definitely your issue; without ESMTP no EHLO, not AUTH, etc.[00:20:09] *** [sergiu] has quit IRC[00:20:26] *** Meskalyn has quit IRC[00:20:46] *** sphenxes has joined #postfix[00:21:08] *** sphenxes has quit IRC[00:21:21] <veenenen> alright, thanks[00:23:59] <Aprogas> JMF-black inaccuracy is climbing. :([00:25:02] <seekwill> Blacklists are wrong!!! don't use it![00:25:14] <seekwill> Thunderbird comes with antispam! Use it![00:25:37] <Aprogas> I'm a forwarder, Yahoo, GMail and Hotmail will spank me for forwarding spam to them.[00:25:56] <seekwill> dont be a forwarder[00:26:01] <seekwill> youre just spamming[00:26:08] <Aprogas> :([00:26:21] *** forsberg is now known as fOrsberg[00:26:32] <Aprogas> I feel very dirty actually, I silent-drop mail over 12.62 spamscore.[00:27:20] <seekwill> Do you use jmf?[00:27:30] <Aprogas> Yes, before Amavis.[00:27:48] *** tab__ has quit IRC[00:27:49] <Aprogas> 40% of my rejects are because of JMF-Black.[00:28:53] <seekwill> omg[00:29:31] <seekwill> I wouldn't use them[00:29:50] *** Meskalyn has joined #postfix[00:30:11] <seekwill> Haha, they're based in Gilroy![00:30:12] <Aprogas> yesterday 9768 rejects of which 4661 non_fqdn_helo, 3980 jmf-black[00:30:21] *** Motoko-chan has quit IRC[00:30:26] <Aprogas> I was so excited about JMF because they are also a whitelist and yellowlist, all in the same DNS-lookup.[00:30:45] <Aprogas> Hence why my postfwd.conf checks them before the multiple DNSBLs, because it has already been looked up in whitelist check.[00:31:34] <seekwill> This is for your personal email?[00:31:46] <Aprogas> No, for a forwarding mailserver.[00:31:57] <seekwill> Sorry, you use this service for your personal email?[00:32:33] <Aprogas> It is a mailserver with @organisation.name forwards, but no mailboxes. I have a forward on it, but that's not very important.[00:33:02] <Aprogas> intra2net reports 0.62% inaccuracy on JMF-black.[00:33:40] *** sphenxes has joined #postfix[00:34:06] <Toerkeium> guys, lets say I have one sender which is sending a lot of mails and lots of users who send emails from time to time. When this user sends a lot of mails, all other users are experiencing the delay becuase the queue is full. Is there any way to let this mass sender send his emails but give priority to all other users?[00:34:07] *** [sergiu] has joined #postfix[00:34:29] <Toerkeium> lets say, if you send more than 1000 messages, sit and wait on queue[00:34:29] <Aprogas> How many mails is that person sending that your queue is full?[00:34:54] <Aprogas> I think Postfix by default already tries to be fair and reasonable under stress.[00:35:04] *** jim_SFU has quit IRC[00:35:04] <Toerkeium> Aprogas: it's just a hipotetical case. I'm experiencing problems, but I didn't find yet the problem at all[00:35:07] <Aprogas> So before trying to fix anything, make sure it really is broken.[00:35:08] <seekwill> Postfix has only one queue, from what I recall[00:35:13] <seekwill> You have to throttle that one guy[00:35:23] <seekwill> Postfix has throttles[00:35:24] <Aprogas> Throttling on the intake would be the most sensible.[00:35:36] <Aprogas> Have the bastards keep his spam in his own queue. :)[00:35:46] <Aprogas> hmm bed time[00:35:46] <Toerkeium> sure, but not always is spam[00:36:01] <Toerkeium> some times businesses send legitimate emails[00:36:23] <Toerkeium> so, throtting is the only way[00:36:24] <Toerkeium> right?[00:36:26] <seekwill> It shouldn't be "some times"[00:36:44] <seekwill> anvil[00:36:45] <seekwill> ah[00:36:57] <seekwill> rate control[00:37:05] <seekwill> That's what you'd want[00:37:06] *** Lars_G has quit IRC[00:37:39] <Toerkeium> I'm going to check that seekwill, thank you[00:38:02] <Toerkeium> I have setup 500 max procs for smtp, so when this one sends a lot the server gets congested[00:38:03] <seekwill> np[00:38:11] <Toerkeium> I will decrease it to 200 at least[00:38:25] <seekwill> You should be a little careful with sending bulk messages over the same IP as transactional[00:38:32] <seekwill> That can damage deliverability[00:38:48] <Toerkeium> but I'm afraid that "normal" users will get the "wait..." message in their email client[00:38:55] <Toerkeium> seekwill: what do you mean?[00:38:59] *** deselby has joined #postfix[00:39:13] <seekwill> I'm assuming when that one guy sends a ton of email, it's like his newsletter or something, right?[00:39:25] <Toerkeium> yes[00:40:22] <seekwill> If people start hitting "this is spam" on that newsletter instead of doing a more sensible unsubscribe, email providers like Yahoo and Gmail will start thinking your IP address is spamming. Which lowers the rate you can send legit mail[00:40:48] <Toerkeium> seekwill: we don't have that kind of problem[00:40:53] <seekwill> Ok :)[00:41:03] <Toerkeium> we just kill spammers on the fly[00:41:15] <seekwill> No, it's not that[00:41:26] <Toerkeium> but I know what you mean[00:41:30] <seekwill> It's when people think the bulk mail is spam[00:41:44] <Toerkeium> recipients want their emails[00:41:51] <seekwill> Good![00:41:56] <seekwill> That's why they are recipients![00:42:01] <Toerkeium> it's true that sometimes people gets confused, but rate is very very slow[00:42:04] <seekwill> But when you deal with the greater public, things change[00:42:06] <Toerkeium> low[00:42:22] <Toerkeium> yes, we faced that problem with hotmail years ago[00:42:29] <seekwill> Something to be cautious of if/when you grow[00:43:08] <Toerkeium> yes, someone in here is looking at the postmaster hormail page, they show this kind of stuff[00:43:47] <seekwill> Great![00:44:18] <Toerkeium> I ran the pflogsumm to see if that was the case (mass sender) but today wasn't the issue[00:44:37] <Toerkeium> I didn't see someone sending lots of emails (1000+)[00:44:48] <Toerkeium> so, I'm a little bit screwed[00:44:57] <seekwill> You didn't?[00:45:09] <Toerkeium> not today[00:45:14] <seekwill> oh[00:45:40] <Toerkeium> it even happen in peak hours[00:46:41] <deselby> Hi. Since sep 17, postfix only delivers local mails, ('telnet localhost 25' does work) netstat -al shows postfix is listening on 25 and iptables -L shows "ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp". how can i test if netfilter is failing? I' m on rawhide with kernel 2.6.36-0.0.rc0.git1.fc15.x86_64[00:47:23] <deselby> did i overlook something?[00:47:25] <seekwill> What is your IP?[00:47:32] <seekwill> Better yet, what is your domain?[00:47:45] <deselby> MX records showing right here[00:47:49] <deselby> espiga4.com.ar[00:48:19] <seekwill> umm[00:48:43] * Toerkeium hates argentinian people[00:49:07] <seekwill> I'm not sure if you're allowed to put your domain as your MX record... but...[00:49:14] <seekwill> Yeah, I can't connect to your IP.[00:49:20] <deselby> it worked before...[00:49:22] *** macsim has quit IRC[00:49:26] <seekwill> What changed on the 17th?[00:49:36] <seekwill> I'd probably ask your upstream[00:49:41] <seekwill> Or have someone take a look at your OS[00:49:44] <deselby> nothing really, ok[00:50:15] <seekwill> Do a telnet on your IP[00:50:18] <seekwill> (from the box)[00:50:29] <seekwill> That way you're not going off of your localhost adapter[00:50:54] <deselby> ok. i' ll try nmap too[00:51:23] <seekwill> You don't really need to do that[00:51:31] <adaptr> seekwill: keep your hands off my localhost adaptr[00:51:35] <Toerkeium> deselby: that IP address is the same as the one you used before?[00:51:54] <seekwill> If you telnet to your external IP, you'll know if it's you or your upstrea[00:52:39] *** x_or has joined #postfix[00:52:51] <Toerkeium> he's using a ISP who provides most commonly services with DHCP[00:53:00] <seekwill> oh[00:53:09] <seekwill> That's probably a problem... :)[00:53:18] <Toerkeium> perhaps some fixed config in main.cf for network[00:53:19] <deselby> Toerkeium: IP changes sometimes, i'm on cable. my postfix install is just for fun, i' m the only user[00:54:11] <seekwill> Your ISP may have cut you[00:54:36] <deselby> :([00:54:38] *** Matic`Makovec has quit IRC[00:55:37] <deselby> Do you think changing the listenting port would work in the meantime?[00:55:52] <seekwill> Then no one would know how to contact you :)[00:56:05] <deselby> XD[00:56:36] <Toerkeium> ask telecentro to open the port, they should not close it, but it's usual[00:56:42] <Toerkeium> at least till you complaint[00:57:53] <deselby> thank you[00:59:03] <tharkun> deselby: your port 25 is filtered[01:00:54] <tharkun> deselby: also the ip i have is different from the one in your hostmark, are you connecting to irc from the same location ?[01:01:06] <deselby> yes :( my ISP is bad bad bad[01:01:24] <deselby> I am somewhere else[01:01:33] <tharkun> ok, lete me check port 25 on your current ip[01:01:40] *** Motoko-chan has joined #postfix[01:01:41] <seekwill> He's hacking yoU!!!![01:01:45] <deselby> i have no postfix here[01:02:11] <deselby> at least kick him oO[01:02:28] <tharkun> seekwill: i'm training to hack you whahahah[01:02:35] <seekwill> omg!!!![01:02:46] <tharkun> deselby: p25 on your hostmak is also filtered[01:02:57] <seekwill> Check mine!!![01:03:14] <deselby> i am sure i felt something... hahahaha[01:03:19] <tharkun> Oh no, you have yet to be nice with me :o[01:03:53] <seekwill> I'm never nice[01:03:57] <seekwill> Not even to thumbs[01:05:00] *** julian_tuxoid has joined #postfix[01:05:22] *** julian_tuxoid has quit IRC[01:05:49] <Toerkeium> do you think my master cf max procs config is wrong based on the stats from pflogsumm?[01:05:49] <Toerkeium> http://www.pastebin.ca/1946197[01:05:54] <thumbs> bah[01:12:20] *** alpine_style has quit IRC[01:12:54] *** deselby1 has joined #postfix[01:13:14] *** deselby has quit IRC[01:16:38] *** veenenen has left #postfix[01:23:47] *** deselby1 is now known as deselby[01:33:10] *** redfox has joined #postfix[01:34:18] <redfox> what could be the reason when postfix isnt just responding on port 25?[01:34:40] <Motoko-chan> Did you check the log?[01:34:46] <redfox> there is no log :([01:36:21] <seekwill> !nolog[01:36:21] <knoba> seekwill: Error: "nolog" is not a valid command.[01:36:23] <seekwill> darn![01:36:39] <thumbs> !nologs[01:36:39] <knoba> thumbs: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[01:36:44] <seekwill> So close![01:37:00] <redfox> !logs[01:37:00] <knoba> redfox: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[01:37:22] <thumbs> seekwill: it was expected.[01:38:10] <redfox> lol, that helped actually. thanks ;)[01:40:09] *** Motoko-chan has quit IRC[01:43:54] *** Vivek has quit IRC[01:51:45] *** x_or has quit IRC[01:52:56] *** xumpi has quit IRC[01:55:50] *** helper has joined #postfix[01:56:55] <helper> heys! anyone has use the "vacation" under "postfixadmin"? everything work fine at log: status=sent (delivered via vacation service) , but i don't get the Autoreply back[01:57:26] *** n0ctum has quit IRC[01:59:17] *** megaTherion has quit IRC[01:59:29] *** chaoflow has quit IRC[02:00:17] *** numen has quit IRC[02:00:23] *** misterJack has quit IRC[02:00:37] *** megaTherion has joined #postfix[02:00:47] *** mcp has quit IRC[02:01:08] *** bluethundr__ has quit IRC[02:01:38] *** sash_ has quit IRC[02:01:38] *** mcp has joined #postfix[02:01:39] *** intelinsider has quit IRC[02:01:46] *** sash_ has joined #postfix[02:02:25] *** magyar has quit IRC[02:02:47] *** freaky[t] has joined #postfix[02:02:55] *** [dmp] has quit IRC[02:03:00] *** [dmp] has joined #postfix[02:03:02] *** deselby has quit IRC[02:04:47] *** numen has joined #postfix[02:05:05] *** magyar has joined #postfix[02:05:54] *** chaoflow has joined #postfix[02:06:34] *** misterJack has joined #postfix[02:06:37] *** intelinsider has joined #postfix[02:10:17] *** mroe has joined #postfix[02:13:48] *** chaoflow has quit IRC[02:14:07] *** chaoflow has joined #postfix[02:14:30] *** mcp has quit IRC[02:15:09] *** mcp- has joined #postfix[02:20:05] *** mroe has quit IRC[02:23:27] *** gert has quit IRC[02:26:09] *** sash_ has quit IRC[02:26:13] *** misterJack has quit IRC[02:26:13] *** megaTherion has quit IRC[02:26:45] *** sash_ has joined #postfix[02:26:49] *** intelinsider has quit IRC[02:26:56] *** zoo_ has quit IRC[02:27:16] *** freaky[t] has quit IRC[02:27:39] *** mcp has joined #postfix[02:27:45] *** mcp- has quit IRC[02:28:21] *** freaky[t] has joined #postfix[02:30:34] *** misterJack has joined #postfix[02:31:06] *** megaTherion has joined #postfix[02:32:23] *** zoo_ has joined #postfix[02:32:57] *** intelinsider has joined #postfix[02:35:34] *** gencha has joined #postfix[02:37:36] *** Xzisted has quit IRC[02:38:31] *** kad__ has joined #postfix[02:39:31] *** Guest22218 has joined #postfix[02:39:37] *** Guest22218 is now known as roe_[02:39:43] *** roe_ has joined #postfix[02:42:23] *** helper has quit IRC[02:42:57] *** kad__ is now known as helper[02:45:32] *** tharkun has quit IRC[03:02:26] *** Alagar has quit IRC[03:15:12] *** friskd has joined #postfix[03:15:41] *** gencha has joined #postfix[03:16:21] *** lunaphyte has quit IRC[03:17:36] *** lunaphyte has joined #postfix[03:17:36] *** lunaphyte has joined #postfix[03:26:46] *** Motoko-chan has joined #postfix[03:28:20] *** riversky has quit IRC[03:34:23] *** wdp__ has joined #postfix[03:36:15] *** wdp_ has quit IRC[03:36:31] *** roe_ has quit IRC[03:51:02] *** x_or has joined #postfix[03:55:14] *** brianV has quit IRC[03:55:40] *** nbtstatz has quit IRC[04:03:00] *** Vivek has joined #postfix[04:05:01] *** roe_ has joined #postfix[04:05:05] *** roe_ is now known as mroe[04:05:12] *** mroe has joined #postfix[04:08:27] *** riversky has joined #postfix[04:14:08] *** jeremymcs has joined #postfix[04:43:53] *** Gambaroni has joined #postfix[04:58:22] *** helper has quit IRC[05:06:19] *** x_or has quit IRC[05:19:15] *** deadpigeon has quit IRC[05:40:48] *** MAAAAAD has joined #postfix[05:44:30] *** Vivek has quit IRC[05:44:44] *** MAAAAD has quit IRC[05:49:12] *** KB1JWQ has joined #postfix[05:50:40] *** KB1JWQ is now known as KB1JWQ|JstMarrie[05:51:02] *** KB1JWQ|JstMarrie is now known as KB1JWQ|Jst_Mrrie[05:51:15] *** KB1JWQ|Jst_Mrrie is now known as KB1JWQ[05:57:19] *** pinoyskull has joined #postfix[06:01:23] *** tharkun has joined #postfix[06:06:27] *** x_or has joined #postfix[06:08:20] *** saurabhb has joined #postfix[06:10:48] *** x_or has quit IRC[06:13:11] *** JonnyV has joined #postfix[06:25:21] *** bhagat has joined #postfix[06:37:48] *** tharkun has quit IRC[06:55:16] *** uqlev has joined #postfix[07:03:25] *** uqlev has quit IRC[07:03:54] *** uqlev has joined #postfix[07:06:16] *** jonez has quit IRC[07:10:07] *** will_ has quit IRC[07:11:06] *** pinoyskull has quit IRC[07:18:47] *** will_ has joined #postfix[07:19:30] *** jonez has joined #postfix[07:23:29] *** pinoyskull has joined #postfix[07:40:41] *** uqlev has quit IRC[07:44:50] *** rajijoom has joined #postfix[07:46:06] *** juergen_dose has joined #postfix[07:48:14] *** juergen_dose is now known as car[07:58:30] *** jamesmacleod has quit IRC[08:00:22] *** fOrsberg is now known as forsberg[08:16:32] *** e-jones has joined #postfix[08:19:50] *** Dingofest2 has quit IRC[08:22:51] *** karlgus has joined #postfix[08:32:44] *** hever has joined #postfix[08:33:50] *** Dingofest2 has joined #postfix[08:35:16] *** hever has quit IRC[08:36:20] *** hever has joined #postfix[08:39:12] *** jamesmacleod has joined #postfix[09:03:03] *** denis_ has joined #postfix[09:07:11] *** dddh has quit IRC[09:07:11] *** dddh has joined #postfix[09:07:15] *** dddh is now known as Zumu[09:08:08] *** Motoko-chan has quit IRC[09:11:26] *** Matic`Makovec has joined #postfix[09:15:23] *** cilly has joined #postfix[09:16:43] *** cga has joined #postfix[09:23:16] *** Zumu is now known as siamba[09:37:54] *** _bt has quit IRC[09:37:54] *** skyweb has joined #postfix[10:01:54] *** pinoyskull has quit IRC[10:03:52] *** JoKoT3 has joined #postfix[10:05:09] *** pinoyskull has joined #postfix[10:07:56] *** sphenxes has quit IRC[10:09:01] *** UQlev has joined #postfix[10:09:48] *** sphenxes has joined #postfix[10:19:11] *** UQlev has quit IRC[10:19:19] *** UQlev has joined #postfix[10:34:08] *** MAAAAAD has quit IRC[10:34:42] *** MAAAAAD has joined #postfix[10:35:27] *** swombat has joined #postfix[10:36:17] <swombat> Is there a way to tell postfix to email an admin address about any delivery failures?[10:36:26] <swombat> (this postfix is being used as an smtp)[10:37:04] <BlackBishop> I just upgraded my dovecot .. so it might be a dovecot problem but I get this in the logs:[10:37:08] <BlackBishop> 2010-09-22T11:42:36.950575+03:00 d3xt3r01 postfix/smtpd[19795]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe[10:37:11] <BlackBishop> what should I check ? :/[10:39:06] *** jeroen_h has joined #postfix[10:40:31] <jeroen_h> I am unable to find an answer to the question I received: is it possible with postfix to filter email so that certain senders (friend at example dot com), can send to *_ at example dot com, but others can not (nofriend at example dot com)[10:41:14] <jeroen_h> so a connection between sender and receiver[10:45:19] *** UQlev has quit IRC[10:52:06] *** henriknj has joined #postfix[10:53:09] *** UQlev has joined #postfix[10:55:35] <Aprogas> jeroen_h: I think with restriction classes this is possible.[10:55:56] <Aprogas> Not sure why you would want to do this though.[10:58:04] <jeroen_h> well, someone I know has a few email adresses (direction_ at example dot com, bills_ at example dot com) that he only want a few internal people to be able to send emails too[10:58:38] *** TomHome has joined #postfix[10:58:40] *** henriknj has quit IRC[10:59:58] <jeroen_h> the restriction classes seem interesting, going to read into that, thanks Aprogas[11:00:39] <Aprogas> Sender addresses are easily forged.[11:01:06] <jeroen_h> true[11:01:08] <Aprogas> But if this a boss within a corporate environment, they could just fire people that forge mail. :)[11:01:13] <jeroen_h> hehe[11:11:46] <jeroen_h> http://www.postfix.org/RESTRICTION_CLASS_README.html -> Protecting internal email distribution lists[11:11:51] <jeroen_h> exacly what I needed[11:12:07] *** hachi has joined #postfix[11:13:16] <hachi> hi all, having a really strange issue here... linux 2.6 kernel, when postdrop is executed by 'rancid' (the router config dumper)[11:14:26] <hachi> strace shows the exec happening, check the perms on postdrop and it is root:postdrop a+rx,g+s[11:14:47] <hachi> but getegid and geteuid in the process is showing that the setgid hasn't taken effect[11:14:52] <hachi> er[11:14:54] <hachi> getgid[11:15:45] <hachi> the mount isn't 'nosuid'[11:16:08] <hachi> I have absolutely no clue how to figure out why this is happening[11:17:10] <Aprogas> Is postdrop part of the pickup chain?[11:17:33] <Aprogas> I'm confused.[11:17:49] <Aprogas> Maybe try the other way around: describe the problem/goal.[11:18:13] <hachi> postdrop is hanging because it can't write to /var/spool/postfix/maildrop[11:18:39] <hachi> trying to fix this problem[11:18:59] <hachi> the sendmail wrapper seems to call postdrop[11:19:03] <Aprogas> Run "postfix check"[11:19:07] <hachi> all clean[11:19:17] <hachi> (already checked it)[11:19:18] <Aprogas> I think the sendmail wrapper should call postfix's sendmail[11:19:46] <hachi> I think the 'sendmail wrapper' I just said is actually 'postfix's sendmail' at the same time[11:20:06] <Aprogas> ldd it[11:20:18] <hachi> linked against postfix[11:20:51] <Aprogas> Do your logs contain anything useful?[11:21:00] <hachi> apart from the permission denied error, no[11:21:11] *** sphenxes01 has joined #postfix[11:21:46] <Aprogas> Which OS/distro is this?[11:21:59] <hachi> debian something.. linux 2.6[11:22:55] <hachi> the thing is, I can see the issue itself... postdrop is not getting setgid semantics when it is invoked with exec()[11:23:11] <hachi> which I don't understand how that is possible at all[11:23:44] *** macsim_ has quit IRC[11:24:07] *** master_of_master has quit IRC[11:24:43] *** henriknj has joined #postfix[11:24:47] <Aprogas> Is your kernel in some securelevel or odd initlevel?[11:25:02] *** sphenxes has quit IRC[11:25:05] *** nihe has quit IRC[11:25:15] <hachi> haven't asked it to be, no selinux, completely up[11:25:24] *** nihe has joined #postfix[11:26:03] <hachi> rebooted a few times, no change in semantics[11:26:27] *** nihe has quit IRC[11:27:01] <Aprogas> cp /usr/bin/id /tmp/id && chgrp postdrop /tmp/id && chmod g+s /tmp/id && /tmp/id[11:28:18] <hachi> egid changes correctly, and I think postdrop is able to run fine sometimes... like via cron instead[11:28:25] *** master_of_master has joined #postfix[11:28:47] <Aprogas> Manually feed some testmail into postfix's sendmail.[11:29:43] *** xumpi has joined #postfix[11:29:50] <hachi> as root is fine... hang on[11:30:10] *** nihe has joined #postfix[11:31:24] *** tjikkun has quit IRC[11:31:57] *** klem has quit IRC[11:32:28] <hachi> as the user is fine...[11:33:07] <hachi> this is getting more confusing, cause I have the trace here too saying that it doesn't work[11:33:43] <hachi> unless there's something a process can do to disable setgid on exec[11:34:28] *** tjikkun has joined #postfix[11:34:41] <Aprogas> Before you started stracing and gdb's and what not, was anything actually broken?[11:36:06] <hachi> rancid claims my router is down when I invoke it via cron, but if I run the steps rancid does to query the router they work fine[11:36:36] <hachi> but that it outside the scope of this channel of course[11:37:01] <Aprogas> I think rancid has been eating rotting fruit.[11:37:04] <hachi> I was using strace because it's the only way I can see what rancid is doing to determine that 'router is down' when it actually isn't[11:37:26] <Aprogas> If invoking sendmail as a normal user works, I'm not sure why rancid would break that.[11:37:54] <Aprogas> Running a debugger in itself might mess with setgid stuff. I'm not a coder so I don't really know how all that works.[11:38:55] <hachi> mm, yeah... I had read the ptrace errata too, but nothing in it says set[ug]id is affected, especially in spawned processes :\[11:39:12] <hachi> I'll assume your conclusion is correct and move from there[11:39:18] <hachi> hopefully that will work better :)[11:40:36] <Aprogas> Whenever a program supports it, I prefer to make it talk SMTP over TCP, rather than use sendmail/pickup.[11:45:29] *** lifeofguenter has joined #postfix[11:45:43] *** klem has joined #postfix[11:45:57] *** cafuego has quit IRC[11:51:07] *** henriknj_ has joined #postfix[11:52:08] *** henriknj has quit IRC[12:00:02] *** saurabhb has quit IRC[12:02:21] *** e-jones has quit IRC[12:04:56] *** Tex-Twil has joined #postfix[12:04:57] *** Tex-Twil has joined #postfix[12:07:20] *** e-jones has joined #postfix[12:19:28] *** skyweb has quit IRC[12:31:19] *** henriknj_ has quit IRC[12:31:20] *** Tex-Twil has quit IRC[12:33:23] *** freaky[t] has quit IRC[12:34:36] *** MAAAAAD has quit IRC[12:35:06] *** MAAAAAD has joined #postfix[12:40:06] <swombat> Is there a way to tell postfix to email an admin address about any delivery failures? (this postfix is being used as a null-client, pure smtp server)[12:42:57] <Aprogas> !tell swombat notify_classes[12:42:57] <knoba> swombat: "notify_classes" : a configuration parameter in the main.cf: The list of error classes that are reported to the postmaster. The default is to report only the most serious problems. The paranoid may wish to turn on the policy (UCE and mail relaying) and protocol error (broken mail software) reports.[12:43:34] <Aprogas> Also I'm not sure what null-client and pure SMTP server mean in the same context.[12:45:30] *** cpm has joined #postfix[12:47:02] *** Aqaz has joined #postfix[12:47:41] *** EagleWatch has quit IRC[12:49:19] *** henriknj has joined #postfix[12:50:46] <swombat> Aprogas: cheers![12:51:18] <swombat> Aprogas: i think it was called a null client... i.e. it's an smtp server that doesn't receive any email, just sends[12:52:35] <Aprogas> Yes, that's a nullclient, but I wouldn't call it a pure SMTP server, more like a pure SMTP client.[12:52:41] <Aprogas> Postfix is overkill for that role by the way.[12:52:42] <Aprogas> !nullclient[12:52:42] <knoba> Aprogas: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[12:56:38] *** Aqaz_ has joined #postfix[12:57:49] *** UQlev has quit IRC[12:58:52] *** Muhis has joined #postfix[12:59:09] *** xumpi has quit IRC[12:59:45] *** Aqaz has quit IRC[13:00:28] *** Aqaz_ has quit IRC[13:10:26] *** BlackBishop has quit IRC[13:17:52] *** BlackBishop has joined #postfix[13:19:39] *** rajijoom has quit IRC[13:21:01] *** shinao1 has joined #postfix[13:22:37] *** cilly has quit IRC[13:22:46] *** uqlev has joined #postfix[13:24:08] *** cilly has joined #postfix[13:24:26] *** swombat has left #postfix[13:38:34] *** Aqaz has joined #postfix[13:38:51] *** abbe has joined #postfix[13:38:56] <abbe> hi everyone[13:40:59] * abbe is facing an issue, where if he adds 'user@domain.tld [localhost]:8025' to his relayhost_map (sender_dependent_relayhost_maps), then all mails with envelope bounce with following error:[13:41:20] <abbe> relay=none, delay=0.03, delays=0.02/0.01/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=localhost type=AAAA: Host not found)[13:42:11] <abbe> I'm able to resolve A, and AAAA records for 'localhost.' using dig.[13:42:49] <sysmonk> why do you need to do it on ipv6 anyway? (just curious)[13:43:18] <abbe> sysmonk, I'm not doing it specifically on IPv6.[13:43:53] *** car has quit IRC[13:43:57] *** juergen_dose has joined #postfix[13:44:08] <abbe> I don't even know why it doesn't fall back to using A records, or why it's not able to resolve AAAA record, since both are present in DNS.[13:45:17] <sysmonk> inet_protocols should be set to ipv4 by default[13:45:51] <abbe> okay, in my case it's set to 'all', as my box also serves by IPv6 net.[13:45:59] <abbe> s/by/my/[13:46:05] <sysmonk> i see[13:46:16] *** bhagat has quit IRC[13:47:07] <abbe> if I remove that line from 'relayhost_map', then all mails from user at domain dot tld is relayed via default relayhost (which in my case is gmail smtp)[13:47:27] <sysmonk> abbe: well, first of all do what is told in /topic[13:47:54] <abbe> what precisely do you want me to do ? pastebin ?[13:48:14] <abbe> the same configuration runs fine on my FreeBSD box.[13:48:47] <abbe> whereas on GNU/Linux, this fails. i'm on a dualboot box. so I want to be able to send from both[13:48:48] <sysmonk> i thought topic says what to pastebin[13:49:04] <abbe> sure, let me paste it in a minute.[13:49:14] <sysmonk> abbe: heh, you should leave FreeBSD then and remove the second OS :P[13:49:57] <sysmonk> </flame> i like using freebsd </flame> :)[13:50:21] <sysmonk> doh, s/\/// :)[13:50:50] *** shinao1 has quit IRC[13:55:33] *** hever has quit IRC[13:56:53] *** shinao1 has joined #postfix[13:57:37] <abbe> sysmonk, I love both. Here is my configuration: http://hpaste.org/40029/postfix_configuration[13:58:23] <sysmonk> you haven't read the topic ...[13:59:13] <abbe> yes, i'm pasting rest of stuff.[14:00:20] <sysmonk> nope, not that part[14:00:34] <sysmonk> did the topic say 'post your main.cf' or did it say 'post your postconf -n' ?[14:01:07] <abbe> http://hpaste.org/40030/postfix_logs[14:01:35] <abbe> okay, sorry about that.[14:06:01] <abbe> any clues ?[14:06:02] <sysmonk> can you also pastebin your /etc/hosts and dig AAAA localhost[14:06:06] <abbe> sure[14:08:30] <abbe> sysmonk, http://hpaste.org/40031/hosts_and_dns[14:10:24] * abbe is running postfix-2.7.1 on arch[14:10:59] *** freaky[t] has joined #postfix[14:12:40] <abbe> on freebsd also, it's the same version.[14:12:55] <abbe> [localhost]:8025 doesn't require any authentication.[14:13:15] <sysmonk> does arch somehow chroot your postfix ?[14:13:20] <Dominian> !chroot[14:13:21] <knoba> Dominian: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[14:13:48] <sysmonk> it's not about the authentication, it's more about the resolver not knowing where localhost AAAA is[14:14:13] <abbe> as i can see it's rc.d script, it just does '/usr/sbin/postfix start' to start it.[14:14:47] <sysmonk> Dominian: from his pastebin i can't see that it would be chrooted[14:15:57] <abbe> hosts: files mdns_minimal [NOTFOUND=return] dns mdns <<< from nsswitch.conf(5)[14:16:15] *** sjrussel has joined #postfix[14:17:07] <Dominian> sysmonk: I didn' tlook at the pastebin[14:17:10] <sysmonk> abbe: try adding smtp_host_lookup = dns, native[14:17:12] <Dominian> sysmonk: Just got to work.. half asleep... didn't read up[14:17:20] <abbe> okay[14:17:27] <sysmonk> but i'm not sure why the current setup doesn't see the aaaa entry[14:17:46] <sysmonk> Dominian: yeah, i'm working from home today, sick and after a long 'maintenance' night[14:19:31] <abbe> Sep 22 17:56:05 chateau postfix/smtp[12071]: 0DF272D8FC2: to=<some.user at yahoo dot com>, relay=localhost[::1]:8025, delay=3.5, delays=0.02/0.02/2.1/1.3, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 93B941065672) <<<< :D[14:19:35] <abbe> thanks sysmonk[14:20:02] *** pinoyskull has quit IRC[14:20:05] *** CrazyFoam has quit IRC[14:20:12] *** henriknj has quit IRC[14:20:18] *** Section1 has joined #postfix[14:20:39] *** freaky[t] has quit IRC[14:20:57] <sysmonk> abbe: well, i'm curious why it didn't get the entry through a normal dns lookup[14:21:14] <sysmonk> but well, i'd need access to the box to check that, and i understand that you won't give it :)[14:21:14] *** hever has joined #postfix[14:22:10] <abbe> sysmonk, i've some time, so if you want i can put it in verbose logging or something like that or strace/truss it, if possible[14:22:57] <sysmonk> well, possible, but i don't like the long communication stuff and i'm a bit sick right now[14:23:09] <abbe> oh, okay[14:23:41] <abbe> take care, i'll try building postfix myself later, and see what might have gone wrong.[14:23:42] <sysmonk> you can try attaching strace/truss/verbose logging and pastebin it somewhere[14:23:59] <abbe> sysmonk, strace which daemon ?[14:24:11] <sysmonk> smtp[14:25:00] <sysmonk> !debugger_command[14:25:00] <abbe> okay[14:25:00] <knoba> sysmonk: "debugger_command" : a configuration parameter in the main.cf: The external command to execute when a Postfix daemon program is invoked with the -D option.[14:25:46] <abbe> debugger_command = strace -o/tmp/smtp.out ?[14:31:55] <sysmonk> and some more keys[14:32:03] <sysmonk> don't have strace anywhere on my servers[14:33:22] <abbe> http://hpaste.org/40032/smtpd_configuration[14:35:53] *** freaky[t] has joined #postfix[14:36:49] <sysmonk> abbe: well, you have to _attach_ to a running smtp and not create another smtp[14:37:28] <sysmonk> anyway, as i said, it's better for me to do it myself as it's 100 times faster :)[14:37:55] <abbe> okay[14:37:55] <sysmonk> so just ignore it, i'll try to see if i can get identical setup somewhere else, although i don't have any linux boxes at the moment[14:38:10] <abbe> FreeBSD FTW![14:38:22] <abbe> thanks[14:38:24] *** abbe has quit IRC[14:55:25] *** TomHome has quit IRC[15:01:38] *** koltroll has joined #postfix[15:02:03] <koltroll> Does postfix need sendmail? Or are they the same type of appl[15:02:32] <koltroll> If not; Is it stupied/pointless to have sendmail installed if I have postfix installed ?[15:05:46] <sysmonk> no, postfix changes sendmail[15:06:11] <sysmonk> there's no reason to have both. well, you can have both installed, but not both running at the same time[15:06:30] <koltroll> then I'll remove sendmail.[15:07:10] <koltroll> when using php's mail()-function, right now php.ini is configured with a sendmail-path /usr/sbin/sendmail. Should I just uncomment that line? Or should I change it?[15:08:12] <sysmonk> postfix should install a sendmail compatibility binary[15:08:26] <sysmonk> some distros use a wrapper that will use postfix's binary[15:08:36] <sysmonk> so, depends on the distro/os you're using[15:08:40] <koltroll> ah ok. Thanks alot for your help![15:17:58] *** uqlev has quit IRC[15:23:47] *** Trengo has quit IRC[15:34:42] *** UQlev has joined #postfix[15:35:09] *** shinao1 has quit IRC[15:36:27] *** karlgus has quit IRC[15:39:58] *** bluethundr__ has joined #postfix[15:40:31] *** henriknj has joined #postfix[15:44:31] *** forsberg is now known as fOrsberg[15:44:38] *** henriknj has quit IRC[15:47:51] <thumbs> Dominian: someone need to +q that Iraqi retard[15:48:14] *** cga has quit IRC[15:48:32] *** MariusKarthaus has joined #postfix[15:49:18] *** xumpi has joined #postfix[15:49:54] <Dominian> thumbs: yep[15:51:53] <Dominian> thumbs: funny how he shows up.. suddenly lots of people need registered and 'help'[15:52:08] *** JonnyV has quit IRC[15:52:14] <thumbs> Dominian: maybe cp in disguise[15:52:21] <Dominian> doubt it[15:54:45] *** Innocentus has joined #postfix[15:54:47] <Innocentus> hi[15:54:51] <Innocentus> anyone time for me right now?[15:55:02] <Innocentus> I have got a security-/intrusion-related question[15:55:13] <Innocentus> Who has expertise in reading / understanding logfiles?[15:57:27] <cpm> what's the real question?[15:57:48] <Innocentus> I have got a spam mail by myself[15:58:07] <Innocentus> is the mail adress faked now (what is possible) or was my mail server abused?[15:58:17] <Innocentus> I have checked the logs[15:59:13] <Innocentus> cpm: which logfiles should I check?[15:59:26] <Innocentus> cpm: I have got the ID under which the mail has been sent[15:59:33] <Innocentus> cpm: so a grep should find it?[15:59:36] <Innocentus> cpm: what would it mean?[16:01:42] <Innocentus> cpm: ?[16:02:10] <UQlev> Innocentus, have you got only 1 spam message?[16:02:16] <Innocentus> yea[16:02:18] <Innocentus> from myself[16:02:31] <Innocentus> from myalias at mydomain dot tld to myalias at mydomain dot tld[16:02:32] <Dominian> that's not an uncommon tactic[16:02:42] <Innocentus> could it be that the spammer used my smtp server[16:02:45] <UQlev> it is ok if you have no SPF record and SPF check[16:02:45] *** jim_SFU has joined #postfix[16:02:48] <Innocentus> and I got an email by random[16:02:53] <Innocentus> oh[16:02:58] <Dominian> UQlev: SPF isn't required no[16:02:59] <Innocentus> I heard from SPF[16:03:04] <Innocentus> what exactly is it?[16:03:07] <Dominian> !spf[16:03:08] <knoba> Dominian: "spf" : (#1) sender policy framework - an extension to SMTP that allows to identify and reject emails from spoofed/forged email senders. SPF is just a TXT record in your DNS zone in a special format. See: http://www.openspf.org/, or (#2) Sender Policy Framework - an extension to SMTP that allows to identify and reject emails from spoofed/forged email senders. SPF is a SPF or TXT record in your DNS zone in a special forma[16:03:43] <UQlev> Innocentus, you may use SPF record if you don't want anyone to spam in your name[16:03:47] <Innocentus> is spf recipient-sided or sender-sided?[16:03:53] <Innocentus> ok[16:03:55] <Innocentus> sound cool[16:03:58] <Innocentus> how can I register for it?[16:04:20] <Dominian> keep in midn that SPF records are only good if a receiving server actually checks SPF records[16:04:22] <UQlev> Innocentus, do you control DNS records for your domain?[16:04:26] *** rvalles has joined #postfix[16:04:28] <Dominian> it is by no means meant to be an 'end all be all' to spam.[16:04:38] <Innocentus> I can control it via administrative interface, yes[16:04:53] <Innocentus> so what to do?[16:05:05] <UQlev> Innocentus, read their site[16:05:09] <Innocentus> http://bradknowles.typepad.com/considered_harmful/2004/05/spf.html[16:05:11] <Innocentus> what does that mean?[16:05:35] <UQlev> Innocentus, some people against SPF some are supporting it[16:05:53] <Innocentus> ok[16:05:56] <Innocentus> so it is controlversal[16:06:17] <Innocentus> what is the site of spf?[16:06:19] <UQlev> Innocentus, I have been using it for 2 years and see more benefits than drawbacks[16:06:23] <Innocentus> I wasn't able to find an official one[16:06:29] <Innocentus> What are the drawbacks of it?[16:06:34] <Innocentus> I mean the practical ones[16:06:44] <UQlev> http://www.openspf.org/,[16:06:47] <lunaphyte_> um.. a google search is pretty clearly conclusive...[16:07:13] *** mod_cure has joined #postfix[16:08:04] <mod_cure> postfix has Authenticated sender: username in the header. how can i get rid of the username or replace it with something, so it doesnt show up in email headers as that might pose a security risk[16:10:00] <lunaphyte_> !tell mod_cure smtpd_sasl_authenticated_header[16:10:00] <knoba> mod_cure: "smtpd_sasl_authenticated_header" : a configuration parameter in main.cf: Report the SASL authenticated user name in the smtpd(8) Received message header (default: no). This feature is available in Postfix 2.3 and later.[16:11:28] <mod_cure> how to replace the username ?[16:11:57] *** Innocentus has left #postfix[16:11:59] <lunaphyte_> uh, what on earth would be the point of that?[16:12:05] *** Innocentus has joined #postfix[16:13:01] <mod_cure> spamassasin goes by the header Authenticated sender , which works great. but dont want to show the username account[16:13:17] <lunaphyte_> goes by how?[16:13:28] <mod_cure> i dont want to show the username account[16:13:33] <lunaphyte_> goes by how?[16:13:37] <mod_cure> nevermind[16:15:02] *** TheAvatar has quit IRC[16:15:19] *** TheAvatar has joined #postfix[16:17:11] *** Trengo has joined #postfix[16:18:19] <mod_cure> it seems it would be a security risk to show username in email header[16:21:00] <lunaphyte_> so remove that header.[16:21:19] <Innocentus> I think relaying is possible with my smtp server (postfix)[16:21:21] <Innocentus> How can I disable it?!![16:21:27] <lunaphyte_> prove it.[16:21:44] <Innocentus> I have used the abuse.net mail relay testing service[16:21:46] <mod_cure> lunaphyte, i have the header in there, so spamassassin treats authenticated users different[16:22:14] <Innocentus> So how can I disable relaying?[16:22:20] <Innocentus> nano /etc/postfix/main.cf[16:22:24] <Innocentus> what line should I change for that?[16:22:52] <f3ew> Innocentus prove that undesired relaying is possible[16:24:04] <Innocentus> Relay test result[16:24:06] <Innocentus> Hmmn, at first glance, host appeared to accept a message for relay.[16:24:09] <Innocentus> AND I RECEIVE THE MAIL[16:24:11] <Innocentus> wah[16:24:44] <f3ew> from where are you sending?[16:25:09] *** lifeofguenter has quit IRC[16:25:47] <Innocentus> http://verify.abuse.net/cgi-bin/relaytest[16:25:54] <Innocentus> I have registered to be able to test[16:26:05] <Innocentus> * http://verify.abuse.net/[16:26:10] <f3ew> logs?[16:26:12] <f3ew> !debug[16:26:12] <knoba> f3ew: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[16:26:28] <Innocentus> f3ew: ok[16:26:50] <Innocentus> f3ew: and a question: Is postfix basically able to relay mails?[16:28:05] <UQlev> Innocentus, relay mails is normal function for every MTA[16:28:36] <Innocentus> But how can I set up the MTA so that only ME is able to send a mail ?[16:29:06] <UQlev> Innocentus, smtp-auth, submission, smtpds[16:29:10] <Innocentus> yea[16:29:12] <Innocentus> auth is installed[16:29:23] <Innocentus> So postfix accepts anonymous users then?[16:29:30] <thumbs> Innocentus: leave mynetworks empty, require sasl[16:30:02] <UQlev> Innocentus, postfix will accept everyone sending to domain you host[16:30:13] *** juergen_dose has left #postfix[16:30:26] <UQlev> Innocentus, if destination address is one of yours[16:30:48] <thumbs> Innocentus: delivery != relaying[16:31:37] *** MariusKarthaus has quit IRC[16:32:29] <Innocentus> thumbs: so I want to prevent that postfix relays mails[16:32:39] <Innocentus> I am confused now[16:32:49] <Innocentus> what I want is to prevent the abuse of my mail adress[16:33:25] *** ssureshot has quit IRC[16:33:50] *** ssureshot has joined #postfix[16:34:28] <thumbs> Innocentus: for delivery, use SPAM controls.[16:34:29] *** fahadsadah has quit IRC[16:34:38] <thumbs> Innocentus: for relaying, require SASL[16:35:41] *** fahadsadah has joined #postfix[16:38:18] <Innocentus> how can I check if SASL is required?[16:38:22] <Innocentus> I mean SASL works[16:38:24] <Innocentus> I can login[16:38:33] <Innocentus> but how can I check if anonymous / no SASL login is denied?[16:38:34] <thumbs> Innocentus: pastebin postconf -n[16:38:43] <lunaphyte_> !tell Innocentus tias[16:38:43] <knoba> Innocentus: "tias" : Try It And See[16:41:24] <Innocentus> http://pastebin.com/cyvNnrdt[16:41:25] <Innocentus> ok[16:41:26] <Innocentus> take a look[16:41:47] <Innocentus> please understand, accept and tolerate that I have anonymized the mail addresses / ips[16:43:53] *** UNIX107 has joined #postfix[16:44:30] <UNIX107> Hi all world i have this error in maillog when i try to send with posfix :[16:44:36] <UNIX107> lost connection after data postfix[16:44:46] <UNIX107> some one know which is the problem?[16:44:54] <UNIX107> thanks previously[16:45:15] <Aprogas> Show precise logs please, and with their context.[16:45:53] <UNIX107> ok[16:46:11] <UNIX107> Sep 22 09:11:35 easy-golifelf postfix/smtpd[11760]: disconnect from unknown[209.162.156.12][16:47:50] *** quas has joined #postfix[16:49:17] <quas> Hey all. I need to set up an SMTP server to relay emails that is IP restricted. Google is telling me how to make an smtp server USE a relay, not CREATE one. Can anyone please help me?[16:49:43] <Aprogas> UNIX107: I meant on a pastebin, and multiple lines of log.[16:50:04] <Aprogas> !tell quas mynetworks[16:50:04] <knoba> quas: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[16:50:54] <UNIX107> Aprogas ok one minut[16:51:29] *** tharkun has joined #postfix[16:51:30] <quas> So, if I have a postfix server set up to do email already, adding the network I need (small datacenter IP block), to that will automatically allow relaying? What about the authentication I already have in place? This proprietary app is really stupid about auth...[16:51:46] *** Aqaz has quit IRC[16:52:09] <Aprogas> !tell quas sasl[16:52:09] <knoba> quas: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[16:52:29] <quas> I know about sasl...[16:52:37] <quas> I already have auth in place for my users, but this app I need the relay for is stupid, and can't auth right, so I need an IP restricted no auth relay...[16:53:28] <Aprogas> If a client already gets permission from permit_mynetworks, it doesn't need to SASL-login.[16:53:37] <Aprogas> !tell quas access[16:53:37] <knoba> quas: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[16:53:43] <quas> Ohhh, ok. Thank you![16:53:44] <Aprogas> The sequence of restrictions is important.[16:53:45] *** Aqaz has joined #postfix[16:54:07] <UNIX107> much lines of maillog here http://apache.pastebin.com/Hfdu1p8B[16:54:11] <UNIX107> :)[16:54:53] <Aprogas> UNIX107: Do you know this IP-address? Probably just some spammer.[16:55:15] *** Aqaz has quit IRC[16:55:23] <UNIX107> its IP of server ![16:55:48] <UNIX107> but i Not a right IP :p[16:55:49] <Aprogas> So your own server is connecting to you, has no valid FCRDNS, and loses connection?[16:55:55] <UNIX107> i just put exemple of IP[16:56:27] <Aprogas> That explains how the IP-address magically changed on the same smtpd.[16:56:51] <Aprogas> If this is just some random IP-address connecting to you, just ignore it.[16:57:11] <UNIX107> No Aprogas Not random IP[16:57:25] <UNIX107> my ip of server apears in maillog[16:57:37] <UNIX107> but whyy the connection lost[16:57:44] <Aprogas> Do you run any software that would try to connect to your own mailserver? Do you use a content_filter?[16:57:50] <Aprogas> Share your postconf -n too.[16:57:57] <UNIX107> OK[17:00:19] <UNIX107> here http://apache.pastebin.com/kXqPJfPe[17:02:08] <tharkun> !nullmailer[17:02:08] <knoba> tharkun: Error: "nullmailer" is not a valid command.[17:02:18] <tharkun> !nullclient[17:02:18] <knoba> tharkun: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[17:02:31] *** skyweb has joined #postfix[17:02:31] <Aprogas> Why are your SMTP client timeouts in spammer-mode?[17:02:52] <tharkun> !nullclient_software[17:02:52] <knoba> tharkun: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include esmtp, ssmtp and nullmailer. also see !msa[17:03:22] <UNIX107> spammer mode !![17:03:49] <UNIX107> i dnt understand[17:03:59] *** henriknj has joined #postfix[17:04:17] <Aprogas> 1200 process limit, high concurrency, low queue lifetimes, low timeouts, high recipient limit.[17:04:54] <UNIX107> Yess , we send a regular newsletter to our clients[17:04:59] *** e-jones has quit IRC[17:05:25] <UNIX107> w have ~ 900 000[17:05:28] <UNIX107> of clients[17:05:34] *** ralfWORK has joined #postfix[17:06:06] <Aprogas> Find out which process is connecting to your smtpd and why it drops connection after DATA.[17:07:18] *** egoleo has joined #postfix[17:07:28] <egoleo> hello i am having this issue ostfix/master[1188]: fatal: /etc/postfix/master.cf: line 76: bad hostname or network address: localhost:10025[17:07:34] <egoleo> what could be wrong plse[17:07:46] <egoleo> since the 76 line is pointing is nothing there[17:08:03] <UNIX107> Aprogas ther is no process conecting to my postfix :s[17:08:18] <Aprogas> UNIX107: Something is connecting to your postfix, the logs show it.[17:09:05] <UNIX107> yes i use an php appilication to send emails[17:09:22] <UNIX107> But why the connection LOST.?[17:09:39] <egoleo> anyone to hlep me plse[17:09:40] <Aprogas> Find out who this PHP application connects and verify it is doing it right.[17:09:54] <egoleo> i only change my hostname and now all is not working again[17:09:55] <Aprogas> egoleo: pastebin your postconf -n and master.cf[17:10:10] <Aprogas> egoleo: Also make sure that localhost resolves.[17:10:14] <UNIX107> OK i will verify now :) thanks for u disponibility Mr Aprogas[17:10:28] <egoleo> how do i make sure localhost resolves[17:10:38] <ralfWORK> I'm having a hard time understanding the reason for this error message I get when I try to send mail through postfix[17:10:51] <ralfWORK> Sep 22 11:09:04 mail1 postfix/smtpd[5919]: NOQUEUE: reject: RCPT from unknown[10.150.0.6]: 550 5.1.1 <foo at gmail dot com>: Recipient address rejected: gmail.com; from=<foo at baz dot net> to=<foo at gmail dot com> proto=ESMTP helo=<[10.150.0.6]>[17:11:07] <Aprogas> egoleo: dig localhost[17:11:15] <Aprogas> egoleo: host localhost[17:11:17] <egoleo> ok[17:11:28] <ralfWORK> I don't get any further details like 'relay access denied' or the like, so I don't know how to debug this issue[17:11:52] <Aprogas> ralfWORK: Pastebin your postconf -n[17:11:57] <ralfWORK> ok[17:12:59] *** koltroll has quit IRC[17:13:13] *** hever has quit IRC[17:13:17] <egoleo> http://dpaste.org/6fSM/[17:13:43] <egoleo> that is the results for postconf -n and dig and host[17:13:47] <ralfWORK> Aprogas: http://pastebin.com/64jTY3eQ[17:13:48] <Aprogas> egoleo: master.cf too please[17:13:56] *** fOrsberg is now known as forsberg[17:14:01] <egoleo> ok[17:14:13] <Innocentus> who could help me? :([17:14:21] <ralfWORK> as far as I can tell, SASL shouldn't even come into the picture, cause I'm mailing from mynetworks[17:15:40] <egoleo> http://dpaste.org/cuGC/[17:15:51] <egoleo> so all the outs that[17:16:07] <Aprogas> ralfWORK: Show more logs, and verify Amavis isn't throwing the reject.[17:16:40] *** x_or has joined #postfix[17:17:34] <Aprogas> egoleo: If you chage localhost to 127.0.0.1, does it work?[17:17:44] <Aprogas> I must leave soon.[17:17:55] <egoleo> where is the localhost[17:18:19] <egoleo> is in which file[17:18:45] <ralfWORK> Aprogas: sadly that's all the logs I have for that connection[17:18:51] <ralfWORK> let me check amavis[17:18:53] <Aprogas> egoleo: master.cf[17:19:08] <egoleo> ok[17:19:49] <egoleo> do u mean this line localhost:10025 inet n - n - - smtpd[17:19:54] *** EagleWatch has joined #postfix[17:20:47] *** Muhis has quit IRC[17:22:30] <Aprogas> yes[17:22:41] <egoleo> ok[17:22:51] <egoleo> changed it and i dont seems to get that error again[17:23:00] <egoleo> but now i cant login through squirrelmail[17:25:05] *** denis_ has quit IRC[17:25:07] <Aprogas> I am gone.[17:25:22] <egoleo> thnx alot man[17:29:20] <Innocentus> Hey[17:29:25] <Innocentus> Who can help mey? :/[17:32:47] <Innocentus> :([17:40:12] *** skyweb has quit IRC[17:43:52] *** Aqaz has joined #postfix[17:44:26] <tharkun> !tell Innocentus welcome[17:44:26] <knoba> Innocentus: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[17:45:36] <ralfWORK> hrm ok it seems that postfix is looknig through virtual_alias_maps to try to find this remote address[17:45:54] <ralfWORK> it's failing of course, and then it doesn't default to sending it out; it drops the mail on the floor[17:46:17] <ralfWORK> any thoughts on what setting would make it not fallback to doing a DNS lookup and sending the email out?[17:47:19] <tharkun> Actually it is looking for the MX record you can avoid it by using [domain.tld][17:48:11] <ralfWORK> well, ok, but what I'm seeing is that its doing a virtual_alias_maps lookup (which fails) but then it drops the email[17:48:23] *** Innocentus has quit IRC[17:48:37] <ralfWORK> I assume proper operation would be: if it fails virtual_alias_maps, it should go on to MX lookup etc, right?[17:54:03] <adaptr> ralfWORK: no, those actions are not related[17:54:12] <ralfWORK> hrm ok[17:54:16] *** stope has joined #postfix[17:54:27] <adaptr> all addresses in virtual_alias_maps fall in the virtual_alias address class[17:54:42] <adaptr> they will pass the reject_unauth_destination restriction[17:55:06] <ralfWORK> mkay, so then why would this fail to relay (or give any useful logs about relaying)?[17:55:11] <adaptr> if the address is not in virtual_alias_maps, what happens to the mail is whollydependent on all restrictions that apply[17:55:21] <stope> What am I missing, I get this error: 553 sorry, that address cannot accept mail from an unresolved IP address (in reply to RCPT TO command)[17:55:21] <adaptr> why should it relay[17:55:35] <adaptr> stope: show the complete log from the message[17:55:49] <Blue-E1> postmaster is the catch-all user for mail?[17:55:57] <adaptr> Blue-E1: let's hope not[17:56:13] <stope> relay=mx2.netfirms.com[67.23.128.57]:25, delay=3.4, delays=0.03/0/3.2/0.13, dsn=5.0.0, status=bounced (host mx2.netfirms.com[67.23.128.57] said: 553 sorry, that address cannot accept mail from an unresolved IP address (in reply to RCPT TO command))[17:56:18] <ralfWORK> well, because I believe I configured it to relay. The log says "Recipient address rejected: gmail.com"[17:56:23] <Blue-E1> ok, what is, or how do I create one?[17:56:28] <adaptr> stope: ask them what it means[17:56:34] <ralfWORK> which doesn't really tell me a whole hell of a lot about why this might be failing[17:56:41] <stope> netfirms?[17:56:42] <adaptr> ralfWORK: show the *complete* log from that message[17:57:15] <ralfWORK> Sep 22 11:09:04 mail1 postfix/smtpd[5919]: NOQUEUE: reject: RCPT from unknown[10.150.0.6]: 550 5.1.1 <foo at gmail dot com>: Recipient address rejected: gmail.com; from=<foo at baz dot net> to=<foo at gmail dot com> proto=ESMTP helo=<[10.150.0.6]>[17:57:37] <adaptr> !tell stope about dam[17:57:37] <knoba> adaptr: Error: No factoid matches that key.[17:57:39] <adaptr> !tell stope dam[17:57:39] <knoba> stope: "dam" : don't ask me why someone else's server isn't accepting your mail. if your hotel key card wasn't letting you into your room, would you go around asking other guests why? if you can't figure out who you should ask, then see the !duh factoid[17:57:43] <Dominian> Looks like a common case of elay_denied[17:57:49] <Dominian> er.. relay denied[17:57:51] <adaptr> !relay_denied[17:57:51] <knoba> adaptr: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[17:57:58] <adaptr> ralfWORK: read that, carefully.[17:58:11] <stope> fair enough... I'll get on the horn with them....[17:58:18] <ralfWORK> I can go down the relay rabbit hole, that's fine[17:58:41] <ralfWORK> CLIENT_IP is in mynetworks though, sadly[17:58:57] <adaptr> that factoid assumes the default smtpd restrictions are in effect[17:59:03] <Dominian> aye[17:59:05] <adaptr> if they're not, anything can happen[17:59:18] *** jamesmacleod has quit IRC[17:59:25] <ralfWORK> http://pastebin.com/64jTY3eQ[17:59:29] <ralfWORK> that's my conf[17:59:36] <stope> adaptr, I just didn't know where to start but thanks for the analogy :)[17:59:48] <stope> I thought it was just something on my side[18:00:01] <adaptr> ralfWORK: we don't want your conf. we want postconf -n[18:00:03] <ralfWORK> I assume that 'permit_mynetworks' being 1st in the restrictions is correct[18:00:08] <ralfWORK> adaptr: that's postconf -n[18:00:12] <adaptr> then say so![18:00:32] <ralfWORK> I didn't remember what the command was :P[18:01:25] <adaptr> default_transport = error[18:01:29] <adaptr> that's insanely stupid[18:01:35] <adaptr> this box will never send mail.[18:01:36] <adaptr> ever.[18:01:45] <ralfWORK> ok[18:01:59] <adaptr> don't touch transport settings unless you know what you're doing[18:02:50] <ralfWORK> mmkay[18:03:03] <adaptr> receive_override_options = no_address_mappings[18:03:10] <adaptr> guess what ? all your aliases are useless![18:03:15] <adaptr> who the F made this config ?[18:03:23] <adaptr> amazing[18:03:32] <ralfWORK> was based off a howto some 6 months ago[18:03:37] <adaptr> yeees[18:03:38] <adaptr> !tutorial[18:03:39] <knoba> adaptr: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[18:03:45] <adaptr> please, read that until the hammer hits[18:03:57] <adaptr> whoever wrote that has NO CLUE[18:07:34] <Dominian> Whoever wrote what?[18:07:44] <adaptr> that ^^ pastebin[18:07:45] <Dominian> oh the howto[18:07:47] <Dominian> yeah[18:07:52] <adaptr> read and shiver[18:08:25] <adaptr> it's a pretty secure system, with the added side effect that it won't actually send mail[18:08:40] <Dominian> heh[18:08:55] <ralfWORK> well it was just an endpoint until now, honestly[18:09:39] *** ssureshot has quit IRC[18:09:57] <Dominian> I really need to get moving on building my other smtp gateway...[18:10:00] <Dominian> I keep putting it off[18:10:38] <adaptr> you mean.. the spam errr money generator ?[18:11:33] <Dominian> heh[18:11:44] <Dominian> adaptr: 'hoping' it will generate some income.. yes[18:11:50] <Dominian> but not spam of course[18:12:14] <adaptr> I corrected myself... pinkies crossed, not really, nudge nudge[18:12:28] <Dominian> heh[18:14:22] *** egoleo has quit IRC[18:15:06] <jeev> im skurred to use imap for my friend[18:15:13] <jeev> but he keeps bitching that his email isn't in sync with all 17,000 of his computers.[18:15:27] <jeev> suggestions ?[18:15:35] <Dominian> imap[18:15:36] <Dominian> ;)[18:15:44] <jeev> fawk[18:15:58] <jeev> i'd have to convert all the computers over to imap, eh ?[18:20:39] <Dominian> either that...[18:20:43] <Dominian> Or if he wants to use POP3..[18:20:53] <Dominian> tell him to enable "leave copy of messages on server for X number of days"[18:20:55] * Dominian shrugs[18:21:13] <jeev> he wants his sent mail..[18:21:19] <jeev> shiet, fetching 16k emails[18:21:23] <jeev> from my most expensive datacenter.[18:21:34] <jeev> ah, it's headers only eh[18:21:44] <jeev> and it's only 3 months worth[18:21:51] <Dominian> tell him to use Google apps[18:22:06] <jeev> hell no[18:22:13] <Dominian> :)[18:22:19] <jeev> it's a multi milllllllllllllllllllllllllllllllllion dollar company[18:22:24] <jeev> with important shit[18:22:26] <Dominian> hehe[18:22:28] <jeev> would never put it on the cloud[18:22:29] <jeev> for sergey to read[18:22:35] <Dominian> tell them to deal with it[18:22:48] <Dominian> email isn't magical[18:22:56] * cpm seconds google apps[18:23:07] <jeev> hmm, i wonder how both of you would look under my car[18:23:08] <cpm> apply an SEP field.[18:23:13] <Dominian> cpm: I've been using it with my prsonal domain...I like it.[18:23:31] <Dominian> cpm: plus.. I'mw aiting to get a Droid.. which integrates quite nicely with it[18:23:32] <jeev> cpm, i treat my friends how i'd like to be treated[18:23:37] <cpm> Dominian, I'm ambivalent towards it, but it the right place for folks with these issues to go.[18:23:54] <jeev> Dominian, which "droid" ?[18:23:58] <jeev> the actual droid ?[18:24:03] <Dominian> cpm: yep[18:24:08] <Dominian> jeev: Droid2 is what I'm aiming for[18:24:32] <Dominian> jeev: but by the time I can afford one of those.. they'll have an even better model out[18:25:04] <jeev> Dominian, nasty phone.[18:25:09] <Dominian> nah[18:25:12] <jeev> if you're gnona stick on verizon, get the samsung one[18:25:18] <jeev> Dominian, i've had them all man[18:25:54] <Dominian> I want droid[18:25:57] <jeev> that's right, dont listen to the jeev.[18:26:00] <jeev> get the samsung fascinate[18:26:02] <jeev> it's android[18:26:07] <jeev> and it'sn ot a piece of shit like the moto droids[18:26:11] <Blue-E1> I have the t-mobile version[18:26:14] <Blue-E1> its fun[18:26:21] <Dominian> jeev: blech[18:26:25] *** UNIX107 has quit IRC[18:26:25] <Dominian> jeev: android 2.2?[18:26:39] <jeev> i think it's 2.1, maybe 2.2 but it doesn't matter, root it and do it yourself[18:26:42] <jeev> cyanogenmod is fucking awesome[18:27:37] <Dominian> we'll see[18:27:41] <Dominian> I've not seen much about the samsung[18:27:51] *** egoleo has joined #postfix[18:27:54] <Dominian> jeev: Thing is.. I want the Droid because of the integration with google apps and google voice[18:27:58] <jeev> i used it before it was released (know someone from samsung) ui've used an epic and iti's great[18:27:59] <Dominian> if the samsung doesn' thave that.. its a show stopper[18:28:07] <jeev> Dominian, android is android.[18:28:26] <Dominian> jeev: So you're saying that samsung doesn't advertise it, but it'll support google apps and google voice otu of the box?[18:28:57] <jeev> Dominian, ALL ANDROIDS DO![18:29:01] <lennard> well, some of the google stuff isnt legally available if it didn't come with your phone[18:29:15] <jeev> android doesn't discriminate.[18:29:15] <Dominian> jeev: cool.. had no idea[18:29:22] <lennard> although I don't there's any phones sold with android that don't have em[18:29:25] <jeev> oh, discriminate, a new name they can name a phone after[18:29:30] <jeev> im tired of these lame ass names they put[18:29:39] <Dominian> jeev: I haven't had an android enabled phone ever.[18:29:49] <seekwill> heh[18:29:52] <seekwill> iPhone![18:30:08] <jeev> seekwill, what? you're breaking up, can you repeat that ?[18:30:13] <Dominian> seekwill: FOOK JOO[18:30:13] <seekwill> iPhone![18:30:16] <Dominian> I don't want an Iphone[18:30:19] <Dominian> my brother has one[18:30:21] <seekwill> I want the white one[18:30:24] <Dominian> I'm not jumping on that bandwagon[18:30:24] <jeev> seekwill, i cant hear you.. it's garbled, can youmove your hand ?[18:30:25] <seekwill> With the bigger geebees[18:30:28] <Dominian> jeev: lol[18:30:43] <seekwill> and the wifies[18:30:50] <adaptr> and the tubes![18:31:09] <lennard> i don't care if this one is better! i wanna iphone![18:31:23] <jeev> well the iphone is cool in one regard, the apps and installuous, you click on an app and it takes yo to the torr3ent link to download it[18:31:24] <jeev> torrent link[18:31:25] *** fken has joined #postfix[18:31:31] *** rajijoom has joined #postfix[18:31:31] *** jamesmacleod has joined #postfix[18:31:34] <jeev> "i dont care if i wont have reception most of the time, i want it."[18:31:35] <adaptr> "you suck and your arguments have no merit." "I don't care. need iphone4"[18:31:54] <adaptr> it's one instance where the synthetic voicing adds to the entertainment value[18:31:56] <lennard> there usually arent any arguments[18:32:02] <jeev> seekwill, i completely disagree with you stating iphone is good but still, i dont think you're hitler[18:32:03] <lennard> they just wanna iphone[18:32:08] *** Aqaz has quit IRC[18:32:11] * adaptr has an iphone[18:32:14] <adaptr> and a droid[18:32:32] <jeev> cough, gay[18:32:33] <jelly> adaptr: and an adaptr between'em?[18:32:35] <lennard> I've handled iphones at times[18:32:43] <lennard> they were okay at those times[18:32:48] <adaptr> jelly: shit no! hasn't been invented yet[18:32:48] <seekwill> jeev: When did I say I wanted one?[18:32:48] <lennard> never actually used one though[18:32:53] <Dominian> jeev: what was that.. the new samsung called again?[18:32:56] <jeev> seekwill, you were yelling[18:32:59] <jeev> Dominian, are you on verizon ?[18:33:00] <seekwill> AND![18:33:03] <jeev> or wanting it on verizon ?[18:33:08] <Dominian> jeev: yes[18:33:10] <jeev> fascinate[18:33:11] <Dominian> jeev: I have verizon[18:33:12] <Dominian> thanks[18:33:19] <jeev> it's skinny, no physical keyboard though.. sorry[18:33:24] <Dominian> ahh[18:33:25] <Dominian> that's not good[18:33:29] <jeev> yea but let me tell you[18:33:30] <Dominian> that might be a show stopper...[18:33:33] <Dominian> gotta have the qwerty[18:33:34] <jeev> my friend has a droid 2, has fat fingers[18:33:38] <jeev> his texts are terrible.[18:33:42] <lennard> I think I want the desire with the hardware keyboard (Z, I think its called?)[18:33:44] <jeev> droid 1 was reallllllly bad even with my fingers[18:33:46] <Dominian> jeev: I don't have fat fingers[18:33:56] <jeev> droid 1's keys were so close[18:33:59] <adaptr> droid switches to whatever you fancy. qwerty, azerty, alpha, T9, whatever[18:34:04] <jeev> Dominian, think about it.. i think all droids are ugly and stuff[18:34:09] <jeev> and i dont like the way you hold them.[18:34:12] <jeev> but connectbot fucking rules[18:34:18] <adaptr> there's a desire with a keyboard ? I think you're talking about the HD2[18:34:22] <seekwill> The Droids are waaaaaaaaaaaaaay too big[18:34:23] *** UNIX107 has joined #postfix[18:34:31] <Dominian> jeev: does samsung offer the tethering and wifi hotspot capability?[18:34:34] <adaptr> seekwill: my Legend is just fine. smaller than an iphone[18:34:34] * seekwill uses a Blackberry Pearl[18:34:40] <jeev> if i didn't have connectbot, seekwill's request for me logging onto his server and fixing it would never formulate[18:34:47] <jeev> Dominian, verizon doesn't give a shit about that[18:34:49] <jeev> but yea it does[18:34:51] <jeev> if verizon does.[18:34:55] <jeev> if not, cyanogenmod.[18:34:56] <Dominian> jeev: I KNOW verizon doesn't give a shit[18:34:59] <Dominian> I want to make sure the PHONE offers it[18:35:04] <jeev> i meant verizon doesn't let you do it,l does it ?[18:35:06] <adaptr> seekwill: yes, I figured you for a businesstype with a ladyphone[18:35:09] <Dominian> uhhh[18:35:10] <jeev> i've seen the epic allow it, dont see why fascinat wouldn't.[18:35:11] <seekwill> Verizon could lock you out[18:35:13] <Dominian> They do on the Droid2[18:35:14] <seekwill> adaptr: :)[18:35:18] <jeev> Dominian, for a limited time.[18:35:23] <jeev> if it's allowed on droid 2, then it's allowd on facinate[18:35:24] <jeev> fascinate[18:35:26] <Dominian> fuckers[18:35:33] <jeev> they're gonna wanna charge 30-40 bux[18:35:36] <jeev> if you're in linux,adb ppp[18:35:39] <Dominian> jeev: that the galaxys[18:35:41] <jeev> and viola, with wire of course[18:35:50] <jeev> yea, galaxy s is like epic, fascinate and everything else[18:35:51] <Dominian> er.. Galaxy S?[18:35:52] <jeev> really cool actually[18:35:55] <Dominian> k[18:36:00] <Dominian> that's the only fascinate I see on their site[18:36:34] <jeev> yea it wasn't bad. it was the only shit working at camp[18:36:36] <jeev> with 1 bar lol[18:36:37] <Dominian> ahh it does offer the 3G mobile hotspot[18:36:40] <jeev> but that's just verizon[18:36:41] <adaptr> that's the newestest one[18:36:53] <seekwill> 4G![18:36:59] <seekwill> 3G is for losers[18:36:59] <Dominian> ohhh good skype mobile is offered as wel[18:37:15] <jeev> Dominian, your hopes are way too high[18:37:17] <Dominian> jeev: I might have to try this[18:37:27] <Dominian> jeev: nah[18:37:29] <Dominian> they aren't 'high'[18:37:39] <Dominian> I have other plans for the 802.11b/g shit and skype ;)[18:37:50] <jeev> well, good luck.[18:37:53] <Dominian> blech only has 2.1 android on it[18:37:56] <jeev> it's ok.[18:38:02] <jeev> droid 2 is end of life in like 9 months i think[18:38:22] <Dominian> jeev: although the fascinate is buy one get one free ;)[18:38:33] <jeev> cool, buy one and give me the other for free[18:38:36] <Dominian> ha[18:39:19] <jeev> you have two+ lines?[18:39:20] *** adaptr has quit IRC[18:39:54] *** adaptr has joined #postfix[18:39:55] *** adaptr has joined #postfix[18:40:00] <Dominian> jeev: nope[18:40:08] <Dominian> it would be new service.. merging my wife's existing phone into a plan IF we do it[18:40:11] <Dominian> I don't have the money right now[18:40:22] <Dominian> plus she likes her phone she has .. so I'd end up getting just the one phone right now[18:40:38] <Dominian> just planning[18:40:39] <jeev> ok[18:40:41] <jeev> cool[18:40:49] <jeev> check out sprint, they've got some good plans[18:41:02] <Dominian> jeev: blech they have crappy service around here[18:41:18] <jeev> ah[18:41:33] <rhenz> Is it possible to let postfix ignore "auth plain" lines?[18:41:41] <adaptr> !idfma[18:41:41] <knoba> adaptr: "idfma" : Insufficient Data For Meaningful Answer (perhaps look at the /topic)[18:42:52] <rhenz> Ive got a local postfix server without SASL and authentication etc. Everything is ok with it. But now Ive got a silly (windows) smartclient which only could talk to mailserver with auth plain. Is it possible to let postfix ignore the command "auth plain <pw>" ?[18:43:04] <adaptr> no[18:43:49] <adaptr> if the client still demands to auth when postfix doesn't advertise auth, it's not exactly a smart client. it breaks the protocols.[18:44:15] <rhenz> adaptr, yes its not a smart client but a SMART(daemon) client :)[18:45:19] <adaptr> set up a listener that does auth and allow only that IP to send mail[18:45:35] <rhenz> adaptr, ok, I also have begun to configure smtp auth with dovecat. It even works! :) But the mailserver assumes that the mail is not a local mail because of the auth[18:45:46] <seekwill> meow[18:46:06] <adaptr> pideondog![18:46:10] <adaptr> *pigeondog fail[18:46:19] <rhenz> and the mail is forwarded to the relayhost[18:46:37] * adaptr hums neck-bone humpty-tumpty collarbone.. humpty[19:01:43] *** smica has joined #postfix[19:08:58] *** rajijoom has quit IRC[19:09:24] *** kithpom has joined #postfix[19:10:02] <kithpom> hi all. Could anybody tell me what is wrong with this: /^From:.* at rotospray\ dot com.* REJECT 550 suspected spam in header_checks to block mail from any @rotospray.com senders?[19:10:52] *** Vivek has joined #postfix[19:10:53] *** Vivek has joined #postfix[19:14:02] <adaptr> kithpom: you're using header_checks to block a domain[19:14:51] * cpm would have expressed it thus: /^From:.*@rotospray.com/ REJECT message[19:15:02] <cpm> but that's kinda a long way around to block a domain.[19:15:11] *** pgib has joined #postfix[19:15:33] <adaptr> I did say that that's what 's wrong with it...[19:16:03] <cpm> well the 550 is redundant, and I've not have escaped the . in .com, but that's me.[19:16:08] <kithpom> cpm: so I'm missing a forward slash?[19:16:21] <cpm> and the / isn't terminated[19:16:25] <cpm> and,[19:16:26] <cpm> and[19:16:27] <cpm> and[19:16:28] <cpm> :)[19:17:05] * cpm regularly expresses adaptr[19:17:14] <adaptr> you don't have the vowels[19:17:24] <cpm> heh[19:17:42] <adaptr> would you like to buy a vowel ?[19:18:17] <tharkun> I have special offers for U and u today in case either is interested[19:19:09] <adaptr> that would leave you with thark'n, what kind of a name is THAT[19:19:20] *** juergen_dose has joined #postfix[19:19:38] <tharkun> b'siness is b'siness[19:20:16] <thumbs> adaptr: thark'h is an ildiran name.[19:20:39] <adaptr> zomg[19:20:50] <adaptr> I did not wish to know that. which fantasy universe is that from ?[19:21:01] <thumbs> adaptr: The saga of the seven suns[19:21:12] <adaptr> I read the first one of that! I knew I heard it before[19:21:25] <adaptr> didn't incite me to get the next volume though.. maybe when I re-read it later[19:21:41] <adaptr> I found it to be Hamilton, with less quality.[19:21:46] <adaptr> a lot less quality[19:21:47] <thumbs> adaptr: there's six volumes.[19:22:09] <adaptr> the writing style is nothing to write home about, truly[19:22:16] <adaptr> uninspiring for the most part[19:22:58] <thumbs> adaptr: I have to agree that it's not as good as say, Asimov.[19:23:30] <adaptr> not by a looong shot! :)[19:23:32] <seekwill> Spammers![19:23:37] *** UNIX107 has quit IRC[19:23:38] <adaptr> seekwill: barbarian[19:24:06] <adaptr> Asimov had the gift of minimalism that's required to involve your fantasy[19:24:24] <cpm> no, that's your fantasy, leave me out of it.[19:24:35] <thumbs> adaptr: I ran out of Asimov books to read.[19:24:44] <thumbs> adaptr: that is, I read them all twice.[19:25:28] <adaptr> yeah, it's mighty inconsiderate of him[19:25:37] <adaptr> he should have written 500 books![19:25:53] <thumbs> I need proper entertainment, dammit.[19:26:11] *** UQlev has quit IRC[19:27:01] *** kithpom has left #postfix[19:33:35] *** kithpom has joined #postfix[19:33:50] <kithpom> adaptr: do you suggest I use sender_access to block it?[19:33:58] <adaptr> yes![19:35:39] <kithpom> adaptr: just rotospray.com reject ?[19:35:55] <adaptr> for example, yes. the documentation is very complete[19:35:58] <adaptr> !access[19:35:58] <knoba> adaptr: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[19:37:59] <tharkun> thumbs: Tom Clancey has some nice books[19:40:01] <lisa> !ldap[19:40:01] <knoba> lisa: "ldap" : a lookup method that can be used by Postfix. An introduction can be found in the LDAP_README also found at http://www.postfix.org/LDAP_README.html. A worthy project dealing with LDAP and Postfix can be found at: http://jamm.sourceforge.net/howto/html/[19:41:52] *** juergen_dose has quit IRC[19:42:54] *** ssureshot has joined #postfix[19:43:11] <seekwill> Ghost Recon![19:44:00] <adaptr> isn't that a game[19:44:26] <kithpom> tharkun: I enjoyed the Jack Ryan series don't know about the rest.[19:46:28] <adaptr> weren't there like 3 different peopel who played Jack Ryan in the movie adaptations ?[19:46:48] <adaptr> Ford, Baldwin, and whatsisname[19:47:00] <seekwill> Who is Jack Ryan?[19:47:18] <adaptr> seekwill: don't you go Ayn Rand now[19:47:28] <seekwill> I might have to[19:48:15] * adaptr searches for hidden political messages and deep social insight in seekwill's words[19:48:19] <adaptr> nope, sorry[19:48:31] <seekwill> DIE![19:48:39] <tharkun> kithpom: Rainbow 6 i believe is the last on the series[19:49:33] <cpm> seekwill, pithy.[19:49:57] * tharkun pokes seekwill with a 30 ft pole[19:50:00] <kithpom> tharkun: He cut back on his writing after he inspired the 9/11 attacks...[19:50:38] <tharkun> ohh, I didn't know that, It should have been a hughe blow for him[19:51:10] *** egoleo has quit IRC[19:51:22] <kithpom> tharkun: yeah he was intereviewed shortly after and he said he wasn't going to write anymore or at least not about terrorism. I think he is writing again though.[19:52:30] <kithpom> tharkun: I saw he has a new novel coming out soon with Jack Ryan's son as one of the main characters. Continuing off the last couple.[19:52:56] <cpm> yeah, the MIC needs it's pimp.[19:54:32] <jeev> my thoughts about 9/11 are awesome and so obvious.. but it was bin laden i guess if that's what they say.[19:57:09] *** MAAAAAD has quit IRC[19:57:15] <kithpom> jeev: huh? conspiracy theorist?[19:57:40] <jeev> kithpom, is it a conspiracy theory if it's true ?[19:57:43] *** MAAAAAD has joined #postfix[19:58:06] * adaptr is a conspiracy tourist[19:58:35] <kithpom> jeev: I don't think it is a theory anymore once proven.[19:58:39] <jeev> kithpom, not just the evidence that was left behind, ie thermite, a missing airplane in the pentagon photos.. but a simple nazi quote by goering.[19:58:59] <passthru> hey ppl, i need some help[19:59:23] <passthru> i am using an authenticated postfix gateway[19:59:24] <wdp__> passthru, which sort of help?[19:59:31] <passthru> but i am getting some strange errors[19:59:33] <wdp__> passthru, social life?[19:59:34] <wdp__> :D[19:59:40] <passthru> 1st, it do not authenticate[19:59:54] <tharkun> !tell passthru welcome[19:59:54] <knoba> passthru: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:59:56] <passthru> 2nd i get some errors[20:00:07] <passthru> like, Sep 22 15:08:46 secg26 postfix/smtpd[2308]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory[20:00:28] <passthru> but the file exists and already in the right place (/etc/sasldb2)[20:00:47] <passthru> any tip ?[20:00:56] <adaptr> yes - read the topic[20:01:03] <tharkun> passthru: using debian ?[20:01:14] <passthru> centos[20:01:18] <passthru> [root@secg26 ~]# file /etc/sasldb2[20:01:18] <passthru> /etc/sasldb2: Berkeley DB (Hash, version 8, native byte-order)[20:03:40] <seekwill> Who needs 8GB of ECCRAM for a desktop anyways...[20:05:01] *** egoleo has joined #postfix[20:05:24] <roe> seekwill, you giving some away?[20:05:47] <seekwill> Maybe[20:08:27] <roe> My 64-core opteron desktop could use a bit more[20:09:08] <kithpom> seekwill: I don't know one would need ECC RAM but there are definitely users who could benefit from 8GB of RAM on a desktop[20:09:53] <roe> how many have forgotten the days of the SIMMs[20:10:00] <roe> and EDO memory[20:10:13] <roe> 8GB was larger than my hard drive back then[20:10:24] *** uqlev has joined #postfix[20:10:43] <seekwill> hehe[20:10:49] <seekwill> kithpom: But all I do is facebook![20:11:31] <kithpom> seekwill: You must do some heavy facebooking...[20:11:37] <seekwill> I have many friends[20:11:52] <seekwill> I swear, I have like over 10 friends on facebook[20:12:00] <roe> 8GB is just gluttonous[20:12:50] <kithpom> roe: I disagree. If one is using virtualization software or heavy photo/film editing or software development, 8GB could be totally warranted.[20:12:56] * tharkun wants only 1/4 of that to be happy[20:13:05] <seekwill> kithpom: ;)[20:13:07] <seekwill> vbox[20:13:26] <kithpom> tharkun: what OS?[20:13:33] *** uqlev_ has joined #postfix[20:13:35] <roe> kithpom, only because OSes and software packages have become memory whores[20:13:36] <tharkun> Linux[20:13:50] <seekwill> My home box is running 512MB off Ubuntu[20:14:02] *** uqlev_ has quit IRC[20:14:08] <tharkun> Heavy datasets is the only reason to have huge amounts of ram[20:14:12] <kithpom> roe: I suppose. However OS are much more capable these days.[20:14:19] <seekwill> "datasets"?[20:14:21] * tharkun has lots of 256 MB running clients[20:14:46] <tharkun> seekwill: ok my english spelling has deteriorated over the years[20:14:52] <seekwill> No worry[20:14:58] <seekwill> Just not sure what you mean[20:15:17] <roe> kithpom, get off my lawn![20:15:26] <kithpom> right[20:15:36] <seekwill> Gnomes?[20:15:39] <seekwill> GNOMEs?[20:15:55] <kithpom> roe: windows 7 uses a bit more memory than say win98 but I'm alot happier with it.[20:15:55] *** uqlev has quit IRC[20:16:27] <roe> really? while I haven't used windows 7 very much, I was extremely happy with win98 SE[20:16:35] <seekwill> win2k[20:16:41] <roe> also a great OS[20:16:53] <kithpom> roe: You thought you were happy. You just didn't know what true happiness was at the time.[20:16:58] <seekwill> hehe[20:17:00] <seekwill> BeOS[20:17:07] <seekwill> That was a happy OS[20:17:16] <tharkun> seekwill: i was thinking of a huge set of scattered data that you need to aply a bunch of matematical functions to get how some model can really portrait a natural phenomena[20:17:22] *** tiny has joined #postfix[20:17:26] <roe> kithpom, to be fair from what I have seen about windows 7, they just changed shit to change shit. I have no idea why they felt the need to rename all of the control panel icons[20:17:40] <seekwill> tharkun: umm... yeah[20:17:59] <roe> and they removed TELNET!!![20:17:59] <tharkun> seekwill: how do you call that ??[20:18:13] <roe> I mean really? was it taking up too much room, that tey couldn't include it?[20:18:16] <seekwill> roe: The people here replace OSX on their MBP to Win7. I haven't used it, but I heard a lot of good reviews from very smart people[20:18:19] <thumbs> roe: apparently, it still available, just not installed by default.[20:18:22] <kithpom> roe: maybe. but they also put in methods to find stuff. like the search. and I don't know that the actual programs names changed. like diskmgmt.msc is still the same...[20:18:31] <tharkun> roe: they removed any trace of compatibility so you either buy a new 7 or you get screwed[20:18:32] <seekwill> tharkun: Yeah, but it was a bit out of context :)[20:18:55] <roe> is Hyper Terminal there still?[20:19:21] <kithpom> tharkun: what do you mean?[20:20:04] <tiny> Hello. I have another subnet dedicated to VPN users. How do I enable connection to my postfix users from that subnet?[20:20:05] <roe> thumbs, great. so when I am troubleshooting some kind of network communication I want to hunt down 'somehwere' the telnet installer. 2 points for you MS[20:20:30] <tiny> getting errors: NOQUEUE: reject: RCPT from unknown[20:20:35] *** x_or1 has joined #postfix[20:20:39] <roe> tiny, no offense, but that question doesn't really mean much and it seems to betray your lack of knowledge of postfox[20:20:43] <roe> postfix[20:20:58] <roe> !tell tiny welcome[20:20:58] <knoba> tiny: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[20:21:45] <tiny> yes ... I'm not a postfix expert ... so?[20:22:27] *** phantomcircuit has joined #postfix[20:22:35] <phantomcircuit> Sep 22 03:21:26 covertinferno postfix/smtpd[26213]: NOQUEUE: reject: RCPT from unknown[10.45.134.134]: 554 5.7.1 <unknown[10.45.134.134]>: Client host rejected: Access denied; from=<phantomcircuit@laptop> to=<phantomcircuit at covertinferno dot org> proto=SMTP helo=<laptop>[20:22:44] <roe> tibyke, the topic will help you get your question answered[20:22:51] <phantomcircuit> covertinferno.org is in mydestinations, so uh wtf?[20:23:13] *** x_or has quit IRC[20:23:16] <roe> phantomcircuit, you too, take a gander at the topic[20:23:22] <tiny> heh[20:23:48] <roe> all this new fangled computer talk as made me grouchy[20:24:03] <tiny> go get some[20:24:06] <tiny> it helps[20:24:14] <roe> get some what?[20:24:24] <phantomcircuit> alright[20:24:26] <tiny> exactly[20:24:32] <phantomcircuit> http://pastebin.com/23ZpCVv6[20:24:40] *** tiny has left #postfix[20:25:10] <phantomcircuit> http://pastebin.com/0SFDjtxH[20:25:24] <phantomcircuit> so[20:25:29] <phantomcircuit> why is mah mail getting rejected?[20:26:05] <roe> looking at it now[20:27:00] <roe> !tell phantomcircuit !mydestination[20:27:01] <knoba> roe: Error: No factoid matches that key.[20:27:04] <roe> !tell phantomcircuit mydestination[20:27:04] <knoba> phantomcircuit: "mydestination" : a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents. See http://www.postfix.org/postconf.5.html#mydestination for more information.[20:27:21] <phantomcircuit> yes[20:27:42] <phantomcircuit> like i said covertinferno.org is in mydestination and phantomcircuit is a local user[20:29:36] <roe> phantomcircuit, you have it listed twice in mydestination?[20:29:48] <phantomcircuit> listed twice?[20:29:59] <roe> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, phantomcircuit.mine.nu[20:30:07] <roe> $myhostname and $mydomain[20:30:10] <roe> are both set to your domain[20:30:16] <phantomcircuit> oh and this causes a problem?[20:30:21] <roe> it shouldn't[20:30:39] <roe> but fix it[20:30:50] <rob0> phantomcircuit is not using main.cf restrictions. There is an override in master.cf with a client access(5) rejection.[20:33:25] <roe> I was curious why it was rejecting with 'client host rejected'[20:33:35] <roe> that would explain it[20:33:37] *** jamesmacleod has quit IRC[20:34:00] *** egoleo has quit IRC[20:34:02] <phantomcircuit> oh you're right[20:34:08] <phantomcircuit> interesting[20:35:06] *** daguz has left #postfix[20:38:20] *** phantomcircuit has quit IRC[20:39:07] <Tom-B> Does a FQDN need the mail.domain.com bit?[20:40:24] *** Tanguy has quit IRC[20:40:24] *** sysmonk has quit IRC[20:40:35] *** Tanguy has joined #postfix[20:40:35] *** sysmonk has joined #postfix[20:41:52] *** kithpom has left #postfix[20:45:54] *** uqlev has joined #postfix[20:46:52] *** p3rror has joined #postfix[20:48:55] *** uqlev has quit IRC[20:50:57] *** phantomcircuit has joined #postfix[20:53:29] *** uqlev has joined #postfix[20:53:42] *** Blue-E1 has quit IRC[20:54:06] *** rooky has joined #postfix[20:54:08] *** uqlev has quit IRC[20:54:20] *** rooky has quit IRC[20:55:11] <mod_cure> is there a good link that shows how to match and replace certain things in the email header ?[20:55:22] *** jelly-home has joined #postfix[20:55:45] <roe> mod_cure, you want to rewrite headers of emails?[20:56:14] <mod_cure> roe, in the header_checks file[20:56:24] <mod_cure> yes[20:56:27] <roe> why?[20:57:11] <jelly-home> Hi, if for hysterical reasons I want smtpd to add a header like X-Remote-IP: addr.of.pe.er next to Received:, what would be the doc to read?[20:57:31] <mod_cure> row, using smtpd_sasl_authenticated_header which works great. but it also display the username of the email account, i want to replace the username with something else[20:58:51] <roe> jelly-home, is that a static header?[20:59:15] <roe> mod_cure, why?[20:59:34] <mod_cure> roe, isnt it a security risk to display the username of the email account ?[20:59:45] <roe> and header_checks isn't gonna do it for you[21:00:45] <roe> altermime is something both of you should look like[21:00:48] <roe> look at*[21:00:59] <mod_cure> roe, http://wiki.zimbra.com/wiki/Spamassassin_postfix_authenticated_users[21:01:24] <mod_cure> that person uses header_checks[21:02:10] <jelly-home> roe: no, the ip address of the peer that sent us the message is embedded[21:02:22] <roe> jelly-home, ah, then I dunno[21:02:45] *** MAAAAAD has quit IRC[21:02:54] <roe> mod_cure, I see it as a security risk to change it[21:03:13] *** MAAAAAD has joined #postfix[21:03:21] <mod_cure> roe, can u explain please[21:03:44] <roe> sure, as a receiver I would want to know who actually sent it[21:03:45] <jelly-home> roe: it's the same information that gets written to Received, only different[21:04:04] <roe> mod_cure, and you are obfuscating it[21:04:38] *** macsim has joined #postfix[21:04:46] <mod_cure> roe, its just the username of the email account[21:04:53] <mod_cure> why would we want to give that out ?[21:06:28] <roe> not sure why you are afraid to[21:07:08] <mod_cure> maybe its not a bad thing[21:07:19] *** megaTherion has left #postfix[21:08:52] *** hever has joined #postfix[21:10:32] <mod_cure> roe, thanks[21:13:20] <zoo_> I was asking for incoming esmtps about 2 days ago... everything worked fine, but i did not realize it. This morning i sent a test posting on a usenet *.test group and I received a lot emails from auto-responders, most of them using esmtps :-)[21:17:01] *** cpm has quit IRC[21:22:06] <Toerkeium> rob0: can I send you a private message?[21:25:48] * jelly-home didn't know rob0 was _that_ handsome[21:27:05] <rob0> I am, and sure.[21:37:37] *** hever has quit IRC[21:38:46] *** quas has quit IRC[21:43:38] *** Gambaroni has quit IRC[22:05:52] *** istevenmon has joined #postfix[22:06:04] *** hever has joined #postfix[22:06:18] <tharkun> jelly-home: stop feeding egos please[22:06:29] *** zoo_ has quit IRC[22:06:57] <thumbs> rob0 is a sweet tart.[22:06:59] <mod_cure> :)[22:08:00] <jelly-home> hey, it's not my fault noone wants to /msg tharkun[22:08:36] *** hever has quit IRC[22:10:13] <tharkun> jelly-home: I can live with that. :D[22:12:23] <tharkun> BTW yesterday i added the following lines to my smtpd_recipient_restrictions and It stopped the server altogether reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, Does anyone spot something bad ?[22:14:14] *** TomHome has joined #postfix[22:18:22] <jelly-home> order matters, and you didn't say where exactly you added it[22:18:38] *** macsim has quit IRC[22:19:29] <tharkun> jelly-home: exactly before reject_rbl_client backscatter.spameatingmonkey.net,[22:19:34] <jelly-home> I'm not the one to answer how exactly the order is interpreted though, still parsing the manual and experimenting[22:20:58] <tharkun> jelly-home: it is a perfectly working installation and i added the spamhaus.org lines before my usual reject_rbl_client lines. I am looking for an alternative to spameatingmonkey.net[22:22:17] * jelly-home can't reconcile "perfectly working" and "stopped altogether"... oh wait[22:22:51] <tharkun> jelly-home: in economical terms, i added the previous line seteris paribus[22:23:20] <jelly-home> no no, that is _the_ solution for spam, and smtp altogether[22:25:26] <zamba> jelly-home: what is?[22:25:34] <tharkun> jelly-home: BTW if you set up a mail server with a reasonable traffic be sure to fix the logging options of postfix on debian. It does grow exponentialy[22:25:43] *** p3rror has quit IRC[22:25:55] <jelly-home> zamba: "It stopped the server altogether"[22:26:05] <zamba> jelly-home: hehe[22:26:24] <jelly-home> tharkun: I have terrorbytes of space for mail logs.[22:26:57] <jelly-home> it probably can't be worse than current qmail[22:27:31] *** cilly has quit IRC[22:27:55] <tharkun> jelly-home: it is not the log size but the time it is spent writing 4 times to disk the same log entry[22:28:45] <jelly-home> tharkun: Oh, our base images have every mail.* but mail.log disabled already if that's what you're referring to.[22:29:00] <adaptr> remote syslog ftw[22:29:19] <lunaphyte_> what are logs?[22:29:26] <jelly-home> except when the remote collector syslogd dies[22:30:32] <istevenmon> hi guys good afternoon, what could be the problem for me, when i start postfix server, it kills my firewall[22:30:40] <seekwill> heh[22:30:50] <istevenmon> is the server sending spam, or the server being attacked ?[22:30:54] <thumbs> istevenmon: define "kills your firewall"[22:30:56] <seekwill> Your firewall sucks then :)[22:31:04] <seekwill> thumbs: Stabs it with a knife![22:31:12] <thumbs> seekwill: oh, I'm good at that.[22:31:17] <seekwill> I bet[22:31:29] <thumbs> seekwill: call of duty![22:31:37] <tharkun> jelly-home: stock debian package logs on syslog, mail.log mail.info and mail.err by default unless someone allready fixed that :D[22:31:42] <istevenmon> thumbs: the firewall stops responding to any request and my lan stays without internet[22:31:56] <thumbs> istevenmon: sounds like an issue with your firewall.[22:32:09] <seekwill> thumbs: MW2[22:32:12] <thumbs> tharkun: the debian devs take YEARS to fix issues with their packages.[22:32:23] <istevenmon> thumbs: but it only happens when i start postifx, if i stop it, there is no problem at all[22:32:24] <thumbs> seekwill: of course.[22:32:32] <thumbs> istevenmon: sounds like an issue with your firewall.[22:32:44] <thumbs> seekwill: if you have it on PC, I'll kick your ass one day[22:32:54] <seekwill> I don't have a "PC"[22:33:01] <tharkun> thumbs: I wasn't talking about the debian people fixing it but the local sysadmin[22:33:04] <thumbs> seekwill: ok, wintendo machine.[22:33:10] <seekwill> Yeah, don't have one[22:33:11] <thumbs> tharkun: oh.[22:33:15] <seekwill> A virtual machine :)[22:33:24] <thumbs> seekwill: i use the work's wintendo box.[22:33:37] <seekwill> Our work computers are Macbook Pros[22:33:38] <seekwill> :([22:33:59] <jelly-home> tharkun: putting stock anything in production would be silly![22:34:19] <seekwill> I use stock jelly in production[22:34:37] <jelly-home> oh, stick a sock in it[22:34:41] <jelly-home> no wait[22:34:44] <seekwill> I do that too[22:35:20] <adaptr> seekwill: wrong way 'round, mate[22:35:35] <seekwill> oh sowwy sowwy[22:35:49] *** uqlev has joined #postfix[22:36:23] *** lepine has quit IRC[22:36:29] <istevenmon> thumbs: but what could be the issue? if the firewall dies when i start my mail server, it means its an issue of my firewall with the mail server. maybe mailserver sends too much spam and DoS the firewall?[22:36:49] <thumbs> istevenmon: then it means your firewall is poor and needs to be fixed / replaced.[22:37:30] <istevenmon> or something is wrong with my mail server that is sending way too much spam[22:37:45] <thumbs> istevenmon: incorrect.[22:37:55] <thumbs> istevenmon: you would need to prove that, first.[22:39:03] <istevenmon> i am trying to prove it is not problem with the mail server, but first i needed to know if it could be the problem. so right now i will concentrate in the firewall[22:39:18] <thumbs> istevenmon: let us know if you have a question related to postfix.[22:39:55] <istevenmon> thank you thumbs for your patience. i will be around if something happens with the mailserver :)[22:40:17] *** uqlev has quit IRC[22:40:54] <seekwill> dammit, three VMs and now I swap..[22:41:17] <seekwill> What kind of firewall?[22:41:43] <thumbs> seekwill: ipchains[22:42:00] <seekwill> Chains? dang, old much?[22:42:10] <seekwill> What's the rule?[22:42:14] <seekwill> s[22:43:26] *** tessier has joined #postfix[22:44:34] <tessier> Hello all. Anyone know how I would block mail connecting from any IP which reverses a foreign TLD country codes?[22:44:45] <seekwill> ouch[22:44:58] *** p3rror has joined #postfix[22:45:07] <tessier> s/ a / to /[22:46:01] * jelly-home sends tessier some spam from an IP without a PTR record[22:46:28] <tessier> Ah. http://anilinux.blogspot.com/2008/03/postfix-client-restrction-and-smtp.html has the recipe I need.[22:47:22] <pgib> thana, netfilter/iptables++[22:47:29] <pgib> thumbs ^[22:47:40] *** siamba is now known as dddh[22:48:34] <seekwill> tessier: You can't really do that. You can block if the IP is assigned to a foreign country though[22:48:49] <seekwill> Which is just as dumb... but[22:50:57] *** ihtraum has quit IRC[22:51:22] *** phantomcircuit has quit IRC[22:53:07] *** p3rror has quit IRC[22:55:11] *** p3rror has joined #postfix[22:58:47] *** x_or1 has quit IRC[23:01:15] *** rcsheets` has joined #postfix[23:02:00] *** s0ber has quit IRC[23:03:14] <tharkun> tessier: What you are trying to do is not even reasonable. You would keep out lots of .tld which have their servers rented in someother country, Mine included[23:03:36] <adaptr> perpetrator![23:04:00] *** henriknj has quit IRC[23:04:02] *** s0ber has joined #postfix[23:05:24] *** friskd_ has joined #postfix[23:05:55] <tessier> We are somewhat of a special situation. We do not run a general mail server.[23:06:10] <tessier> We definitely do not want and will not exerience any false positives by blocking mail from people in other countries.[23:06:13] <tessier> experience[23:06:19] <tessier> So yes, it is quite reasonable. :([23:07:17] *** sjrussel has quit IRC[23:07:17] *** friskd has quit IRC[23:07:18] *** friskd_ is now known as friskd[23:07:31] <tharkun> if it is a "pseudo-intranet" mail server you could use iptables to block everyone except your "public" officces[23:07:41] <tharkun> s/officces/offices[23:08:53] <tessier> tharkun: It isn't that either.[23:09:03] <adaptr> ...or just use the proper postfix configuration for that[23:10:38] <pgib> postfix makes me happy[23:10:44] <tessier> I am doing this for resumerabbit.com which is a resume posting service (they create accounts for you on the top 90 or whatever major job boards and automatically upload your resume etc). They give all of their clients a custom email address for this purpose due to the amount of spam such posting inevitably attracts. We only take customers in the US seeking jobs in the US. Anyone wanting to talk to our clients has to be US based and send mail from a[23:13:08] <tessier> We have nearly 100,000 email accounts and block many many millions of SYN packets from foreign IPs each day. We accept a few hundred thousand emails each day.[23:14:09] <tessier> Then we apply various of the other standard postfix smtp time checks and knock off a bunch of those. Then we apply some content checks. Then we apply bayesian filtering.[23:14:25] <jelly-home> tessier: what if a US citizen has a mail account on, say, free.fr?[23:14:27] <tessier> Anything that looks like legitmate chit chat about getting a job goes through. Viagra, etc. doesn't.[23:14:56] <tessier> jelly-home: Hasn't ever happened so far. They are told only US based jobs.[23:14:57] <seekwill> Maybe a commercial solution would be a better choice?[23:15:27] <jelly-home> tessier: oh, your first line got cut at "Anyone wanting to talk to our clients has to be US based and send mail from a[cut]"[23:15:30] <tessier> seekwill: Nope. Tried a couple. Just as much admin time. Expensive and not generally tunable to our circumstance. Our current solution is working very well.[23:15:40] <seekwill> My US company can have a mail server in a different country[23:15:46] <seekwill> tessier: ok :)[23:16:03] <tessier> jelly-home: The remainder was: Anyone wanting to talk to our clients has to be US based and send mail from a US based mail server. We already block as many foreign netblocks as we can using iptables.[23:16:26] <seekwill> heh[23:16:27] <seekwill> dang[23:17:01] <tessier> The more clever advanced fee frauds and work from home type pitches are the hardest to stop.[23:17:09] <tharkun> tessier: ok, i have a us based email server my company is in an other part of the world your filtering criteria just got screwed[23:17:21] <tharkun> ftr i am a common case outside the us[23:17:41] <tessier> tharkun: It has never come up as an issue in 8 years of business.[23:17:51] <seekwill> tessier: IP blocks are the best you can do[23:18:16] <seekwill> Well, most accurate[23:18:23] <tessier> seekwill: Yep.[23:18:29] <seekwill> What's the question now? :)[23:18:32] <tessier> I am just constantly amazed by all of the tweakables and tunables in postfix.[23:18:39] <tessier> I have no question now, I'm all set. Thanks. :)[23:19:12] <seekwill> oh ok[23:20:38] <tessier> Wow, we have accepted 380,000 emails in the last 24 hours. That is just about double from a year ago when I replaced a Barracuda spamfilter appliance with this box.[23:21:14] <seekwill> Yeah, those suck!!![23:21:48] *** p3rror has quit IRC[23:22:08] <tessier> Definitely.[23:22:40] <tessier> And the sales people totally lied to my predecessors when they bought the box. They said it would process 500,000 emails per day. Nobody asked "Process in what way?"[23:22:54] <seekwill> hahaha[23:23:07] <tessier> Perhaps they didn't lie. Perhaps the people here just didn't ask the right questions to understand what that number meant. :)[23:23:09] <seekwill> There are better commercial solutions these days[23:23:52] <jelly-home> tessier: ever tested a throttling/traffic shaping filter? I can't remember the name of one that caught my eye a few years ago[23:25:23] <Tom-B> 8D got my comodo certs sorted not as bad as I thought[23:25:39] *** pgib has quit IRC[23:32:19] *** cafuego has joined #postfix[23:32:23] <tharkun> tessier: making a profile out of your clients wouldn't hurt much. And it would indeed help you sort which mail goes through and which doesn't[23:38:59] *** x_or has joined #postfix[23:45:35] <jelly-home> tessier: ah, it was this one, http://mailchannels.com/blog/?p=109[23:49:29] *** jim_SFU has quit IRC[23:50:50] *** henriknj has joined #postfix[23:58:03] <tessier> jelly-home: I generally use the Linux kernel's tc traffic shaping for that.[23:58:13] <tessier> tharkun: What do you mean by profile?[23:58:27] *** rhenz has quit IRC[23:58:48] *** alpine_style has joined #postfix[23:58:49] <jelly-home> tessier: tc doesn't know about smtp protocol.[23:59:04] *** rhenz has joined #postfix