September 25, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 25, 2010 [00:13:23] *** Qwert has joined #postfix[00:20:19] <jelly-hme> Tom-B: congrats, you've just reached the "/ignore" annoyance level[00:28:43] *** smica has quit IRC[00:32:27] *** jeremymcs has joined #postfix[01:02:53] *** sebuba has quit IRC[01:03:58] *** Qwert has quit IRC[01:08:20] *** Qwert has joined #postfix[01:11:38] *** p3rror has quit IRC[01:12:42] *** freaky[t] has quit IRC[01:14:43] *** freaky[t] has joined #postfix[01:26:53] *** p3rror has joined #postfix[01:29:09] *** freaky[t] has quit IRC[01:43:33] *** UncleD has quit IRC[01:49:53] *** s0ber has quit IRC[02:04:53] *** nb has quit IRC[02:07:09] *** Qwert has quit IRC[02:21:36] *** nb has joined #postfix[02:36:53] *** iiiii has joined #postfix[02:41:42] *** robotarmy has quit IRC[02:42:22] *** iiiii has quit IRC[02:52:19] <will_> spam[02:52:37] *** bluethundr_ has quit IRC[03:13:44] *** pinoyskull has joined #postfix[03:34:52] *** wdp__ has joined #postfix[03:38:51] *** wdp_ has quit IRC[03:42:21] *** todd_dsm has quit IRC[03:52:57] *** roe has quit IRC[03:55:23] *** roe_ has joined #postfix[03:55:32] *** todd_dsm has joined #postfix[03:55:49] *** s0ber has joined #postfix[03:55:49] *** roe_ is now known as Guest15522[03:56:17] *** Guest15522 is now known as roe[03:56:33] *** roe has quit IRC[03:56:33] *** roe has joined #postfix[04:01:17] *** JonnyV has joined #postfix[04:07:58] *** pinoyskull has quit IRC[04:41:39] *** sebuba has joined #postfix[04:51:42] *** tharkun has joined #postfix[04:53:31] *** klem has quit IRC[04:57:48] <tharkun> KB1JWQ: Ping me whenever you are available. I've been having some trouble and it seems you can lend me a hand[04:58:41] <thumbs> will_: don't spam[05:00:10] *** klem has joined #postfix[05:03:05] <tharkun> thumbs: i need some other channel you are logged into, Your are my test subject to understand freenode :D[05:03:39] <will_> He's in #mysql!!![05:04:09] <tharkun> i need an aditional one[05:04:16] <will_> #bash[05:04:21] <will_> #apache[05:04:22] <will_> I think...[05:04:30] <will_> Try #postfix[05:09:05] <tharkun> thumbs: thx i think i understand a few things now[05:11:22] <thumbs> tharkun: heh?[05:11:27] <thumbs> tharkun: what? why?[05:12:23] <tharkun> Freenode is very different in its administration to Oftc And i am actually learning how does freenode work[05:12:47] <tharkun> And i chose you because you where the first one that poped up :D[05:12:49] <thumbs> tharkun: and me being an op made you understand it better?[05:13:19] <tharkun> no, but joining a few channels you were in and doing a whois made things more clear[05:13:34] <tharkun> you beeing an op was irrelevant[05:14:14] <thumbs> tharkun: I'm curious on how you view freenode now[05:15:47] <tharkun> First thin i realized it is big but there are a lot of things i've yet to learn to understand a some things that are quite bizarre to say the least[05:16:06] <thumbs> such as?[05:17:39] <tharkun> There is a total intolerance to anonimyzer networks and yet getting a cloack to get some p[05:17:58] <tharkun> privacy is as easy as asking for it[05:19:00] <Dominian> eh?[05:19:03] <tharkun> Take into consideration that the last time i used a real time text interface to comunicaate it was talk. there was no irc[05:19:16] <thumbs> yes, but cloaks are only given after your account has been proven clean,[05:19:16] <Dominian> tharkun: what about freenode's operation is confusing you?[05:20:13] *** sebuba has quit IRC[05:20:39] <thumbs> tharkun: say if you registered your nickname and had it for weeks without causing trouble, you're granted the right to have a cloak[05:20:56] <tharkun> Dominian: no, it is not confusing , but to some point on the small knwoledge i have of irc there are some actions that are contradictions by themselves[05:21:16] <thumbs> tharkun: it prevents spammers from registering new nicknames and evading channel bans.[05:21:39] <KB1JWQ> Hm>[05:21:41] <Dominian> tharkun: WEll, I can help shine some light on that[05:21:44] <Dominian> tharkun: ask away[05:22:21] <thumbs> KB1JWQ: oh, that Tom-B character has been causing some fuss in here too.[05:22:58] *** ChanServ sets mode: +o KB1JWQ[05:22:58] *** KB1JWQ sets mode: +b *!*@unaffiliated/tom-b[05:22:58] *** Tom-B has left #postfix[05:22:58] *** KB1JWQ sets mode: -o KB1JWQ[05:23:09] <KB1JWQ> Yeah, that won't fly.[05:23:21] <Dominian> It'll fly, just crash and burn.[05:24:02] <thumbs> KB1JWQ: thanks[05:24:08] <tharkun> KB1JWQ: I think some repetitive portscans on my office ip is due to the fact that i've been around Freenode on the last few weeks can you lend me a cloak or something to make things a little harder for people to bug the office[05:24:10] <thumbs> tharkun: how long have you been on oftc?[05:24:24] <KB1JWQ> tharkun: Please identify to services.[05:24:29] <tharkun> thumbs: I've studied it for quite some time now[05:24:39] <Dominian> tharkun: If you mean frigg scanning, that's normal[05:24:43] <tharkun> KB1JWQ: ok, wait a sec[05:25:38] <tharkun> KB1JWQ: done[05:25:41] *** freaky[t] has joined #postfix[05:25:52] <Dominian> man mailzu-ng is still a POS[05:25:56] *** tharkun has quit IRC[05:25:56] *** tharkun has joined #postfix[05:25:58] <KB1JWQ> Done.[05:26:05] <tharkun> KB1JWQ: thx[05:26:36] <KB1JWQ> No worries.[05:28:40] <will_> KB1JWQ: Can I get a staff cloak?[05:28:43] <will_> Please!!![05:28:50] <KB1JWQ> No.[05:29:08] <will_> YO USUC KI HATEY OU![05:29:08] <thumbs> I can think of a better cloak for you, will.[05:29:33] <KB1JWQ> Yeah, errantego got a similar one. :-D[05:29:34] <tharkun> thumbs: please englighten me on the cloak[05:29:44] <thumbs> will_: dtd/amateur/wow/wannabe[05:29:51] <thumbs> tharkun: what would you like to know?[05:29:52] <will_> tharkun: My cloak ckicks ass[05:29:59] <thumbs> 23:36 -!- tharkun [~0@unaffiliated/tharkun][05:30:05] <will_> thumbs: how do you know i play wow ????[05:30:07] <thumbs> tharkun: that is how you appear to us.[05:30:10] <thumbs> will_: I know.[05:30:17] <tharkun> thumbs: thx[05:30:27] <will_> KB1JWQ: When are you coming to Seattle[05:30:34] <thumbs> tharkun: only staff and yourself can see your IP now.[05:30:41] <will_> I can see your IP[05:30:49] <will_> eye pee your telephany[05:31:23] <KB1JWQ> will_: July 4th, 2011.[05:31:33] <thumbs> tharkun: every time you reconnect to freenode, you should identify to services. Your cloak will be automatically applied.[05:31:34] <will_> woohoo![05:31:44] <will_> kab1 we could watch the fireworks off the lake![05:31:49] <KB1JWQ> For information on cloaks, see this URL: http://freenode.net/faq.shtml#cloaks[05:31:53] <tharkun> thumbs: ohh great so i need to identify first great[05:32:08] <thumbs> but yes, see the link KB1JWQ generously provided.[05:32:21] <thumbs> hey, it'll save me typing.[05:32:36] * tharkun is reading and reading fast[05:33:23] <psilo2> I finished, I win[05:33:47] <will_> thumbs loses, again[05:33:58] <thumbs> will_: it's fine.[05:34:45] *** f3ew has quit IRC[05:34:59] <will_> You're sued to it?[05:35:12] <thumbs> I'm sued to it.[05:35:52] <will_> I bet[05:36:18] * tharkun is reading now irssi's site[05:36:35] <thumbs> tharkun: good choice of client, too.[05:37:21] <will_> mirc[05:37:33] *** MAAAAAD has joined #postfix[05:37:41] <tharkun> It seems the latest versions are a little more ssl stict causing some inconveniences but they are still sortable[05:38:00] <thumbs> tharkun: you're not using ssl at the moment.[05:38:26] <tharkun> no, but i tried to use it some times and i've been having some toruble to do it[05:39:16] <thumbs> tharkun: such as?[05:39:42] <tharkun> this morning, irssi complained that ssl handshake failed[05:40:07] <thumbs> tharkun: umm, did you install the certificates locally?[05:40:31] <tharkun> no, i trusted on debian people to do that by default :D[05:40:56] *** hachi has left #postfix[05:41:00] <thumbs> tharkun: I wouldn't put too much trust in the debian devs, personally.[05:41:05] <thumbs> !debian[05:41:05] <knoba> thumbs: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[05:41:35] *** MAAAAD has quit IRC[05:43:01] <tharkun> thumbs: Debian is like a hughe drugstore, you can find almost everything, some stink some are great. You just need to filter out the really bad stuff so you can fix it and you think if you can live with the rest.[05:44:52] <tharkun> I personaly have a vps with a custom kernel and the most part of the system is debian based. I have a custom postfix install as well as a custom dovecot one. Those are the parts i care the most on that particular system[05:45:21] <thumbs> tharkun: see, the mysql, postfix, apache httpd and bind packages from debian *stink*.[05:45:30] <roe> when it comes to maintaining a production system there isn't anything better than debian[05:45:50] <roe> thumbs, you just named all of the packages that I like from debian[05:46:02] <thumbs> roe: I loathe those.[05:46:13] * roe hearts conf.ds[05:46:39] <thumbs> roe: but hey, I won't tell you how to run your server. But I won't use debian on mine.[05:47:06] <roe> that is completely unreasonable!!! You must what I want you to use[05:47:15] <tharkun> thumbs: well mysql is not my choice of sql server. The httpd server is not something i've ever used and the bind server, well i do dislike the default debian config but the compile time options are quite sane[05:47:16] * roe hangs up his sarcasm hat[05:47:36] <thumbs> tharkun: here's some background:[05:48:04] <thumbs> tharkun: I've been supporting the mysql and httpd projects for nearly a decade now, and debian caused the most user issues, by far.[05:48:58] <thumbs> tharkun: the debian devs *butchered* the packages, causing incompatibilities and issues with *stock* config files.[05:49:56] <tharkun> Understandable, their egos are way too high to understan upstream config files. I've seen that quite some times now[05:50:36] <tharkun> Ubuntu is even worse. But lets leave that for another day[05:51:01] <thumbs> tharkun: they've caused me an undescribable amount of time[05:51:26] <roe> they've saved me about s much[05:51:46] <thumbs> roe: different worlds, I presume.[05:51:57] <roe> yup[05:52:01] <tharkun> nahh just different perspectivs[05:55:14] <tharkun> Gentlemen i left the AC adaptor of this laptop at the office. I need to make an orderly shutdown or else you know what might happen. Please have a nice weekend and see you tomorrow.[05:55:50] <thumbs> likewise[05:55:56] <tharkun> It's been an honor and a pleasure to talk to you . Good night[05:56:22] * roe tips his hat[05:56:27] *** tharkun has quit IRC[05:58:51] *** f3ew has joined #postfix[06:02:31] *** lunaphyte_ has quit IRC[06:05:16] *** pj has joined #postfix[06:07:10] *** f3ew has quit IRC[06:07:38] <pj> Hi everyone, I'm trying to set up a new server and am having some difficulty with saslauthd authentication. The error I'm getting in the maillog is, "warning: SASL authentication failure: Password verification failed". Can anyone help me to figure out what the problem is?[06:09:21] <roe> anything more in auth.log?[06:09:34] <roe> and start pastebinning things[06:09:34] <pj> let me see[06:10:19] <pj> ok, this is postconf -n, btw: http://pastebin.com/LCpNX9bD[06:10:25] <pj> and looking at auth.log now[06:11:04] <pj> trying to find auth.log, one min[06:13:12] <pj> there is no auth.log[06:13:22] <roe> that is possible[06:13:45] <pj> if you tell me what to tweak, I can probably create an auth.log and see what it says.[06:14:16] <roe> does syslog log saslauthd?[06:14:28] <pj> maybe, I'll look[06:15:24] <pj> there are some saslauthd lines in /var/log/messages but don't appear to be anything helpful[06:15:44] <roe> !sasl[06:15:44] <knoba> roe: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[06:16:12] *** f3ew has joined #postfix[06:16:21] <roe> you're using saslauthd?[06:16:29] <pj> it seems to only log when it's starting[06:16:31] <pj> yes[06:16:53] <pj> Cyrus SASL[06:16:55] <roe> well read that link, you have a few problems[06:16:59] <pj> ok[06:17:42] *** f3ew has quit IRC[06:18:01] *** lunaphyte_ has joined #postfix[06:24:35] <pj> it says that the sasl config should be in /usr/lib/sasl2/ but mine is actually in /usr/lib64/sasl2/, is that a problem?[06:25:04] <roe> that is probably ok[06:26:52] <pj> also, apparently I didn't have, "smtpd_sasl_path = smtpd" in main.cf, but adding it did not help.[06:27:49] *** ServerCrash has joined #postfix[06:30:15] *** Motoko-chan has joined #postfix[06:31:19] *** ServerDown has joined #postfix[06:35:00] *** ServerCrash has quit IRC[06:38:39] *** p3rror has quit IRC[06:41:08] *** ServerDown has quit IRC[06:41:47] <pj> testsaslauthd also does not seem to work[06:57:28] <pj> ok, it is not connecting to the db. I enabled statement and connection logging for postgresql and it is not showing either a connection or the statement in the log file.[06:59:35] <pj> this is the smtpd.conf: http://pastebin.com/50ytZzwh[07:00:14] <pj> ...and how can I get some verbose logging from saslauthd?[07:22:17] <pj> ok, which mech does saslauthd need to be run with for sql authentication?[07:24:16] *** EagleWatch has joined #postfix[07:38:09] *** ServerDown has joined #postfix[07:39:05] <pj> ok, well I still can't figure out why it's not working this way, but it appears that the workaround of using the rimap mech so that the auth goes through dovecot instead works.[07:56:17] <pj> ...of course it still won't work in postfix[07:56:29] <pj> now at least I can get testsaslauthd to work.[08:00:26] <denysonique> my mail is being rejected by aol because of no reverse dns. Should I add a PTR record to my zone file of my domain or it I need to set it up using my server hosting ip configuration?[08:01:18] <pj> ptr record has to be set by the host.[08:02:02] <denysonique> pj, by the owner of the IP in the whois database right?[08:02:36] <will_> Talk to your host[08:02:41] <pj> denysonique: well, usually, but not necessarily[08:02:54] <pj> if your host provides you with a control panel to set it then you can do it there[08:02:58] <pj> otherwise send them an email[08:03:14] <pj> they will generalyl be happy to set it to whatever you want[08:03:14] <denysonique> yes I have the option. what about SPF won't that help?[08:03:21] <will_> oh my[08:03:23] <pj> denysonique: it might[08:03:35] <will_> It has nothing to do with it[08:03:41] <pj> heh, true[08:04:01] <denysonique> hmm, so setting a PTR at mydomain's.tld nameserver won't help?[08:04:02] <pj> it might help with aol rejecting the emails, though, but it is completely different from the reverse IP[08:04:18] <will_> denysonique: There is only one option, and that is to contact your host[08:04:19] <pj> the PTR just has to be set to something valid.[08:04:19] <denysonique> well yes it is different[08:04:37] <pj> it has to forward and reverse the same[08:04:56] <denysonique> pj, no. I am talking about two different ptr's[08:05:08] <denysonique> 1. set by the IP provider. 2. in the domains zone file[08:05:12] <denysonique> or nameserver[08:05:28] <pj> denysonique: you don't set a PTR record in the domain's zone file[08:05:37] <pj> if you do it is useless[08:06:23] <denysonique> pj, well in this case useless[08:06:46] <pj> it has to be in the in-addr.arpa zone file that your host maintains for that particular class of IP addresse[08:07:19] <denysonique> I am wondering why aol cant just forward confirm the dns[08:07:30] <pj> it does both[08:07:55] <pj> ok, if you do this: dig -x 1.2.3.4 (where 1.2.3.4 is your server's IP address)[08:08:09] <pj> then you get back something like mail.example.com[08:08:21] <pj> and you do: dig mail.example.com[08:08:25] <pj> you should get back 1.2.3.4[08:08:37] <pj> if they both work back and forth like that you're fine[08:11:45] <denysonique> pj, right I just was digging and came to this window back and saw your suggestion about dig[08:12:03] <denysonique> pj, okay thanks for telling me what does the rdns confirmation look like[08:12:26] <pj> yw[08:12:37] <pj> now if I can just figure out why sasl auth isn't working, heh[08:12:56] *** Rado has quit IRC[08:15:17] <denysonique> lol[08:15:30] <denysonique> sash_, against what does it authenticate?[08:16:26] <pj> it's authenticating against a postgresql db[08:16:36] <pj> and I can get testsaslauthdb to work[08:16:48] <pj> but it doesnt' work when I try to send an email through postfix[08:17:32] *** f3ew has joined #postfix[08:17:40] <denysonique> hmm, why you just don't authenticate sasl against your imap for example btw[08:17:43] <denysonique> anyway[08:17:50] <denysonique> pj, what the logs say?[08:18:04] <pj> http://pastebin.com/gcP1Kr3q[08:18:40] <pj> and it doesn't appear to be hitting saslauthd at all[08:19:01] <pj> because I'm running it in debug mode and don't see any messages from postfix trying to connect[08:20:12] <pj> it appears to be trying to connect to a berkley db database[08:23:04] <pj> hrmmmm, one min[08:25:09] <pj> ok, I commented out a line in main.cf and now I get this: http://pastebin.com/3xdDv3qD[08:26:15] <pj> I had: smtpd_sasl_path = /var/run/saslauthd[08:26:31] <pj> and commented that out[08:28:56] <pj> ok, I just enabled verbose logging for postfix, hang on[08:31:21] <denysonique> well[08:31:34] <denysonique> isn't /var/run/saslauthd the path to your saslauthd?[08:31:55] <pj> yes, that's why I put it there to begin with[08:34:28] <pj> ok, the -v didn't really help, just gives me a bunch more info about postfix, but not about the connection to the sasl server.[08:35:09] <denysonique> pj,[08:35:16] <denysonique> pj, you are using cyrus sasl?[08:35:30] <pj> yes[08:36:38] <denysonique> pj, paste your /etc/sasl2/smtpd.conf and /etc/conf.d/saslauthd. the latter may be placed elsewhere depending on your distro[08:37:04] <pj> ok, one min, jsut trying one more thing ...[08:37:38] <denysonique> and make sure saslauthd is running[08:37:50] <pj> yeah, it is, but it's in debug mode right now[08:38:06] <pj> oh ... maybe not, heh[08:38:07] <pj> lol[08:38:12] <pj> I stopped it at some point[08:38:13] <denysonique> pj, what about testsaslauthd[08:38:23] <pj> testsaslauthd works for me now.[08:38:39] <denysonique> now. ok try sending mail[08:39:08] <pj> ok, still no good ...[08:39:10] <pj> hang on ...[08:40:04] <pj> main.cf: http://pastebin.com/AU4C1daD[08:41:10] <pj> saslconfd: http://pastebin.com/J1MMUYLU[08:41:21] <pj> errr saslauthd, I mean[08:41:49] <pj> note that rimap was the only way I could get it to work for testsaslauthd[08:42:01] <denysonique> well[08:42:07] <denysonique> that is the usual way I guess[08:42:25] <pj> well, I had tried to get it to connect directly to the sql db for auth[08:42:30] <pj> and that wouldn't work at all[08:42:46] <pj> with rimap at least I got it to authenticate for testsaslauthd[08:42:48] *** rhenz has joined #postfix[08:43:28] *** jelly-home has joined #postfix[08:44:25] <pj> in main.cf I've commented out lines 61 and 64, those were different things I've tried[08:45:33] <denysonique> #smtpd_sasl_path = /var/run/saslauthd/mux this needs to be a valid path to saslauthd[08:46:00] <denysonique> just[08:46:05] <pj> soosfarm_: /usr/sbin/saslauthd[08:46:07] <pj> ?[08:46:12] <pj> gooo[08:46:14] *** jelly-hme has quit IRC[08:46:14] <denysonique> no[08:46:16] <pj> grrrrr[08:46:27] <denysonique> smtpd_sasl_path = smtpd[08:46:29] <denysonique> try it[08:46:33] <pj> ok, tried that[08:46:44] <pj> and same result as having it commented out entirely[08:47:06] <denysonique> pj, what does the log say? when you have smtpd[08:47:11] <denysonique> when trying to send[08:47:31] <pj> I'll do it again and re-paste[08:47:42] <pj> you want the full extended log (-v)?[08:48:03] <denysonique> yes[08:48:24] *** niki has joined #postfix[08:49:36] <pj> http://pastebin.com/wg7fjSLF[08:49:54] <pj> ...and yeah I know it shows a password in there, but it's just a temporary password for a testing account.[08:55:01] <denysonique> pj, check your systlog too[08:55:58] <pj> /var/log/messages?[08:59:03] <denysonique> yes[08:59:14] <pj> ok ... well, nothing in there, but now testsaslauthd is not working again[08:59:24] <denysonique> pj, are you using rimap?[08:59:28] <pj> yes[08:59:35] <denysonique> anyway[08:59:40] <denysonique> everything should be in the logs[08:59:49] <pj> yeah, should be, heh[08:59:50] <denysonique> pj, what is the testsaslauthd error?[08:59:58] <pj> Sep 25 00:06:13 mail saslauthd[4337]: do_auth : auth failure: [user=pj] [service=imap] [realm=testmail.mr-s-leather.com] [mech=rimap] [reason=remote server rejected your credentials][08:59:59] <denysonique> and what distro are you using?[09:00:04] <pj> centos 5[09:00:17] <denysonique> ok. I will avoid this one[09:00:22] <pj> meh[09:00:22] <denysonique> ;)[09:00:57] <denysonique> [reason=remote server rejected your credentials][09:00:59] <pj> I wonder if I used the dovecot sasl server instead ...[09:01:03] <denysonique> maybe you forgot your password[09:01:07] <denysonique> lol[09:01:28] <pj> nope, same password ... same exact command line (from the shell history) that worked before[09:01:48] <pj> oh, no, it's not[09:01:55] <pj> I forgot the -O PLAIN[09:02:00] <pj> errr -s PLAIN[09:02:03] <pj> with that it works[09:02:20] <pj> also works with -s LOGIN[09:02:35] <pj> so saslauthd is definately working here[09:02:58] <denysonique> try to send mail and look at the log again[09:03:06] <pj> ok ...[09:03:42] <pj> no new entries in the syslog[09:04:13] <pj> and the maillog is the same as I just showed you.[09:05:13] <pj> just checked perms on the socket seem to be fine (srwxrwxrwx)[09:05:15] <denysonique> so what happens when you send mail?[09:05:22] <denysonique> 777?[09:05:24] <denysonique> not good[09:05:38] <pj> yeah, well, it should work with those perms[09:06:09] <pj> when I try to send mail from thunderbird it repeatedly asks for my password until I hit cancel.[09:08:38] <denysonique> hmm[09:08:48] <denysonique> post your sauslauthd conf file[09:09:07] <pj> ummmm, I did a little while ago, one sec ...[09:09:27] <pj> http://pastebin.com/J1MMUYLU[09:09:53] <denysonique> okay[09:10:09] <pj> but also if that were wrong then testsaslauthd wouldn't work, right?[09:11:04] <pj> I wonder if I used dovecot sasl directly[09:11:06] <pj> ...[09:11:10] <denysonique> add -r before the -O[09:11:15] <pj> ok[09:11:24] <denysonique> and enjoy[09:11:48] *** uqlev has joined #postfix[09:11:51] <pj> hrmmmmm, I don't think that will work ...[09:12:26] <pj> the command that I'm using to test is this: testsaslauthd -f /var/run/saslauthd/mux -u pj at testmail dot mr-s-leather.com -p ####### -s PLAIN[09:12:42] <pj> oh, damn[09:12:44] <pj> you're right[09:12:46] <pj> hang on[09:13:04] <joschi> pj: if you have dovecot sasl already configured, why not use it directly?[09:13:31] <pj> joschi: well, I have dovecot IMAP configured, not dovecot SASL[09:13:54] <joschi> pj: well, dovecot imap uses dovecot sasl. it can't use anything else ;)[09:14:02] <pj> heh[09:14:03] <pj> true[09:14:28] <pj> well, tbh, because I follwed a howto doc that told me to do it this way, heh.[09:14:49] <pj> except it told me to use sql method with sasl, not rimap[09:14:56] <pj> so it sort of progressed to this[09:15:24] <pj> k, still not working[09:16:00] <pj> I'm thinking I may try the dovecot sasl next[09:16:08] <pj> ...possibly after dinner, heh[09:16:12] <denysonique> so[09:16:23] <denysonique> was the mail sent?[09:16:28] <denysonique> http://wiki.centos.org/HowTos/postfix_sasl[09:16:59] <joschi> pj: use dovecot sasl. it's much less of a pain and you need no configuration on postfix's side of things except for setting smtpd_sasl_type[09:17:28] <denysonique> the link is for dovecot[09:17:30] <joschi> pj: http://www.postfix.org/SASL_README.html#server_dovecot[09:17:32] <denysonique> sasl[09:18:11] <denysonique> joschi, 'dovecot imap uses dovecot sasl. it can't use anything else ;)'[09:18:17] <denysonique> imap doesn't use sasl[09:18:31] <joschi> denysonique: "dovecot imap"...[09:20:16] <denysonique> joschi, is that against what usually dovecot imap will authenticate?[09:20:27] <joschi> yes[09:20:33] *** rajijoom has joined #postfix[09:20:52] <denysonique> lol[09:21:39] <denysonique> so his setup was: smtp authentication against cyrus-sasl wich was authenticating against dovecot-imap which probably was authenticating against dovecot-sasl[09:23:19] <joschi> denysonique: yes. and using dovecot sasl directly is *much* less pain and will probably work instantly[09:24:14] <denysonique> ok[09:24:24] <denysonique> mail setups always have been weired[09:24:34] <joschi> only if you make them weird...[09:24:43] <denysonique> postfix + courier-imap+ sasl[09:24:44] <denysonique> ...[09:24:46] <denysonique> for example[09:24:49] <denysonique> sorry[09:24:56] <denysonique> cyrus-sasl of course[09:25:45] <denysonique> courier has its own mta too[09:26:24] <denysonique> joschi, what is your setup?[09:26:47] <joschi> denysonique: my personal setup? exim+dovecot[09:26:57] <joschi> denysonique: and using dovecot sasl from exim[09:27:44] <pj> exim? isn't that a bit counter to being in #postfix?[09:28:00] <denysonique> joschi, ok[09:28:13] <denysonique> your setup is kinda weird to[09:28:20] <joschi> pj: that's why I wrote "personal" setup[09:28:27] <pj> oh, I see[09:28:33] <denysonique> joschi, dovecot with sasl from exim[09:28:57] <joschi> pj: I'm working with Postfix on the job, so it's not contradictory being in #postfix ;)[09:29:11] <pj> hehehe[09:29:26] <denysonique> ok[09:29:33] <denysonique> what do you guys think about sendmail?[09:29:59] <joschi> denysonique: language fail. I meant to write 'exim using dovecot sasl' ;)[09:30:25] <denysonique> joschi, what imap?[09:30:33] <joschi> denysonique: still dovecot[09:30:45] <denysonique> with exim sasl[09:30:52] <denysonique> still weird setup ;)[09:31:55] <pj> it would seem to make more sense to use dovcot sasl if you're using dovecot imap ... saves from running and configuring yet another service.[09:32:12] <pj> when I set this up I did not know that dovecot offered sasl[09:32:30] <denysonique> joschi, what distro do you personally use?[09:33:20] <joschi> denysonique: gentoo. but that's getting too offtopic for #postfix now[09:33:58] <denysonique> joschi, there is not much traffic we are not interfering with other conversations[09:34:54] <denysonique> joschi, gentoo? its crazy[09:35:40] *** rhenz has quit IRC[09:36:09] <pj> I know people who swear by gentoo ... personally I think gentoo is crazy.[09:36:13] <denysonique> joschi, compiling everything from scratch[09:36:27] <denysonique> why do you need to compile if you have binaries?[09:36:53] <joschi> one word: customizability[09:36:55] <jelly-home> binaries are evul[09:37:03] <pj> well, I was going to use gentoo for my very old pentium 200mmx box once, it took about a week to install and seemed to be going well, then I messed something up and borked the entire install.[09:37:08] <denysonique> ok[09:37:16] <pj> but it would have been about the only modern distro that would run on that old box.[09:37:17] <denysonique> Gentoo rocks![09:37:30] <denysonique> pj, oh no[09:37:37] <jelly-home> denysonique: when I had qmail, I also had to compile it for customizability![09:37:38] <denysonique> pj, what speed is of that processor[09:37:50] <denysonique> jelly-home, e.g. what USE flags?[09:37:55] <pj> denysonique: 200mmx = 200MHZ[09:37:58] <jelly-home> denysonique: then I moved to postfix so I wouldn't have to.[09:38:22] <pj> I just wanted it for a cheap at-home dev server.[09:38:22] <denysonique> jelly-home, postfix is what the gentoo guide suggests[09:38:37] <pj> but then I found out I can get a cheap rackspace cloud server for $11/month[09:38:50] <pj> and the old pentium is in the scrap heap now ;-)[09:38:56] <denysonique> ;)[09:39:04] <denysonique> pj, do you have root access?[09:39:09] <denysonique> there[09:39:16] <pj> yes, it's a full vm[09:39:22] <denysonique> hmm[09:39:29] <denysonique> pj, can you show me the link to the offer?[09:39:33] <denysonique> or plan[09:40:05] <pj> 256 MB 10 GB $0.015 $10.95[09:40:15] <pj> the $10.95 is the monthly cost[09:41:26] <denysonique> AstralStorm, ↑[09:41:46] <denysonique> hmm[09:41:50] <denysonique> pj, 1,024 MB 40 GB $0.06 $43.80[09:41:52] <denysonique> thats cheep[09:42:20] <denysonique> pj, okay what about CPU?[09:42:52] <pj> CPU is pretty good, actully[09:43:01] <pj> you get four cores, and it's pretty fast, imo.[09:43:16] <pj> they would be virtual cores.[09:44:11][09:44:12] <pj> model name : Quad-Core AMD Opteron(tm) Processor 2350 HE[09:44:22] <pj> yes, but CentOS is the same[09:44:23] <denysonique> what extra support would I get if I have chosen redhat?[09:44:42] <pj> I wouldn't pay for RH[09:44:47] <pj> go with CentOS[09:44:51] <pj> it's the same.[09:45:29] <denysonique> lol, I can't use anything else than Gentoo ;)[09:45:38] <pj> then get gentoo, lol[09:46:40] <pj> I use it for dev work, for some small websites, and even as a squid proxy ;-)[09:46:56] <denysonique> pj, don't ever try gentoo. after a successfull instalation you will become addicted to it and after trying to switch to other distros you will always return to gentoo[09:46:57] <denysonique> etc[09:47:05] <pj> lol[09:47:08] <pj> I have tried gentoo[09:47:18] <denysonique> pj, but not successfully[09:47:29] <pj> well, true[09:47:40] <denysonique> btw gentoo for servers is an ideal distro. for desktops less ideal[09:47:44] <denysonique> no[09:47:48] <denysonique> I mean[09:47:56] <denysonique> Gentoo is fantastic for desktops[09:48:07] <denysonique> and more fantastic for servers[09:48:17] <pj> I like CentOS for servers ... it gets old after a while, but you can rely on seven years of support for a given version which is pretty good.[09:49:16] *** rhenz has joined #postfix[09:50:57] <denysonique> pj, you seem like a person who came familiar with gnu/linux via rhel certification programme[09:51:16] <pj> lol[09:51:54] <pj> nope, but I did learn to use linux from redhat ... way back to redhat version 4 (and no that's not RHEL4 and not Fedora Core 4)[09:52:33] <pj> I think the first serious Linux install I did was RH5.2[09:54:20] <pj> hrmmmm, should I have a smtpd_sasl_type line for cyrus sasl?[09:54:24] <Motoko-chan> I think I still have a copy of 5.2 on CD.[09:54:33] <Motoko-chan> I know I have the 6.0 box for sure.[09:54:39] <pj> hehehe[09:54:53] <pj> yeah, that was back when you could buy it in a box at compusa[09:54:56] <Motoko-chan> I use Slackware for servers where possible.[09:55:45] <pj> I've heard a lot of good things about Mandriva (now Mageia)[09:57:11] <denysonique> Motoko-chan, you usually ./configure && make && make install on slackware?[09:57:16] <denysonique> well[09:57:19] <denysonique> Mageia is the new fork[09:57:22] <denysonique> I think[09:57:28] <pj> yes[09:57:29] <Motoko-chan> Not so much anymore.[09:57:35] <Motoko-chan> It's all about the SlackBuild[09:57:38] <pj> Mandriva got bought by a russian company[09:57:47] <pj> and all the devs left and started Mageia[09:58:05] <Motoko-chan> News to me[09:58:13] * Motoko-chan uses Mandriva for desktop[09:58:25] <Motoko-chan> I thought there was just a new cash infusion.[09:58:53] <pj> http://www.mageia.org/[09:59:14] <pj> Most employees working on the distribution were laid off when Edge-IT was liquidated. We do not trust the plans of Mandriva SA anymore and we don't think the company (or any company) is a safe host for such a project.[09:59:31] <Motoko-chan> Yeah, reading it.[09:59:37] <Motoko-chan> I'll keep an eye on the project.[09:59:57] <pj> if I used Mandriva I would be switching to Mageia about now.[10:00:17] <Motoko-chan> There isn't even a build out yet.[10:00:17] <pj> Mandriva will die and become some russian OS that nobody cares about anymore.[10:00:41] <pj> well, it's all very new[10:00:50] <Motoko-chan> Obviously.[10:01:00] <pj> but Mageia is where all the old Mandriva devs are, so that's where the expert help is.[10:01:42] <pj> look at the list under "People"[10:01:47] <Motoko-chan> I have my own private repo of custom builds.[10:01:54] <Motoko-chan> I can handle myself fairly well as it is.[10:02:17] <pj> :-)[10:02:28] <denysonique> madriva was my first distro :)[10:02:32] <denysonique> then slackware[10:02:35] <denysonique> then gentoo[10:02:50] <pj> ahhhh, yep[10:02:57] * Motoko-chan keeps almost-reading denysonique as dennycrane[10:03:05] <pj> lol[10:07:14] <pj> heh, it works with dovecot sasl[10:07:36] <pj> thank you everyone for your help[10:07:45] <pj> now to remove cyrus sasl[10:08:50] <AstralStorm> Motoko-chan: then Gentoo would be an easy sell[10:08:53] <pj> heh, except ... I can't, cyrus sasl is a dependancy of postfix[10:08:56] <pj> ...go figure[10:08:58] <AstralStorm> it's like slackware, but with actual package manager[10:09:02] <Motoko-chan> Hm?[10:09:20] <Motoko-chan> Slackware has a package manager.[10:09:22] <AstralStorm> (except no binaries)[10:09:25] <AstralStorm> yes, rudimentary[10:09:27] <Motoko-chan> pj, welcome to dependency hell.[10:09:38] <Motoko-chan> It's the "benefit" of rpm and deb systems.[10:09:45] <AstralStorm> more rpm than deb[10:09:52] <AstralStorm> debs can handle dependencies fairly ok[10:10:02] <AstralStorm> but most are poorly written in this regard[10:10:06] <pj> yeah, I know, and even though I'm using postgresql mysql is still a dependancy as well[10:10:09] <pj> sheesh[10:10:19] <AstralStorm> welcome to ONE TRUE WORLD ORDER[10:10:20] <AstralStorm> ;)[10:10:25] <pj> anyways, will just turn off the service and leave it[10:10:42] <pj> [root@mail data]# chkconfig saslauthd off[10:10:44] <pj> heh[10:10:48] <Motoko-chan> I don't need Gentoo's excuse for dependency management.[10:10:58] <AstralStorm> excuse for/[10:10:59] <Motoko-chan> I can handle it myself quite fine thankyouverymuch[10:11:08] <AstralStorm> so then try init system[10:11:30] <Motoko-chan> ?[10:11:34] <AstralStorm> it's not that hugely better than Slackware or Arch, but there's still some margin[10:11:39] <pj> init system is not so bad[10:11:43] <Motoko-chan> init system?[10:11:44] <AstralStorm> but it's not great[10:11:50] <pj> it does the job[10:11:52] <AstralStorm> Motoko-chan: the part that handles your init scripts[10:11:57] <AstralStorm> does the job, slowly[10:12:05] <AstralStorm> and suppose you need dependencies... ouch[10:12:05] <Motoko-chan> I like BSD-style.[10:12:18] <AstralStorm> bsd style is good until you get to 60 scripts[10:12:22] <Motoko-chan> I can handle dependencies with ldd and slackpkg.[10:12:28] <pj> I know that gentoo switched to something else a few years ago[10:12:34] <AstralStorm> yes, which Gentoo automates using revdep-rebuild and portage[10:12:35] <pj> from sysV init[10:12:39] <AstralStorm> as I said, it's not day and night[10:12:47] <AstralStorm> it's just general all-around improvement[10:12:49] <Motoko-chan> Slackware uses sysv but BSD-style init[10:13:08] <Motoko-chan> I've tried Gentoo a few times, never got that far into it.[10:13:13] <pj> I'm not sure what's so slow about it, though.[10:13:14] <AstralStorm> hmmh.[10:13:20] <Motoko-chan> I just run my servers on Slackware and they rock.[10:13:20] <pj> I never considered it slow[10:13:26] <Motoko-chan> 3+ years uptime.[10:13:27] <AstralStorm> pj: about SysV? hundreds of bash spawns[10:13:35] <pj> ahhhhh, ok[10:13:39] <AstralStorm> Motoko-chan: a good admin can make almost anything run well[10:13:48] <Motoko-chan> AstralStorm, indeed.[10:13:52] <AstralStorm> the issue is the amount of work[10:14:03] <Motoko-chan> However, a fine tool in the hands of a good admin will make something beautiful.[10:14:04] <denysonique> lol 3 years uptime[10:14:04] <AstralStorm> and then amount of maintenance[10:14:18] <AstralStorm> Slackware is... so-so in this regard[10:14:18] <Motoko-chan> denysonique, it would have been more except for some hardware issues.[10:14:19] <denysonique> your servers must have many vulnerabilities then[10:14:30] <Motoko-chan> denysonique, layered defenses.[10:14:32] <AstralStorm> unless it's more than one server, as any sane admin would have[10:14:47] <pj> I would be worried about 3 years uptime, you use ksplice?[10:14:48] <denysonique> Motoko-chan, you never upgrade the kernel?[10:15:00] <AstralStorm> pj: no, I would use Xen + virtual machines[10:15:05] <AstralStorm> or better still, a twin server[10:15:06] <Motoko-chan> denysonique, depends on what the purpose of the box is. Those are long gone though.[10:15:15] <pj> AstralStorm: so do I, but you still need to upgrade the kernel[10:15:17] <AstralStorm> and redundant network hardware, ISPs, such things[10:15:25] <Motoko-chan> Newest ones are running RHEL in Dallas TX area.[10:15:28] <AstralStorm> pj: what part about "twin" confuses you?[10:15:32] <denysonique> old == vulnarable[10:15:39] <AstralStorm> you route to the other one and update[10:15:39] <denysonique> kernels of course[10:15:43] <Motoko-chan> Non-production doesn't get much in the way of uptime due to changes.[10:15:45] <pj> AstralStorm: ok, so you really don't have 3 years uptime on any given machine.[10:15:56] <AstralStorm> as if anyone cares about any given machine[10:16:02] <AstralStorm> what matters is the uptime of the whole system[10:16:19] <Motoko-chan> I do know one system still running a base install of Slackware 11.2 (I think it was 11.2, it's been a long time).[10:16:35] <Motoko-chan> No longer under my control, but it's a burried server in a large company.[10:16:50] <Motoko-chan> It only has one function, which is almost an embedded purpose.[10:16:54] <shasta> there was no 11.2 release, Motoko-chan :)[10:17:07] <Motoko-chan> Heavy firewalling plus TCP communication over one specific (not http) port.[10:17:07] <shasta> it was straight 11.0 -> 12.0[10:17:08] *** Matic`Makovec has joined #postfix[10:17:11] <pj> AstralStorm: when you're bragging about the uptime of your distro it generally means you are referring to uptime of a given machine, not uptime taking into account your redundant setup.[10:17:18] <Motoko-chan> It was probably 11.0 then.[10:17:29] <Motoko-chan> I'd have to dig to find the exact release.[10:17:34] <AstralStorm> pj: which is silly[10:17:43] <Motoko-chan> I'm talking about back in 2004-05 or so.[10:17:46] <AstralStorm> bragging almost always is[10:17:51] <pj> AstralStorm: I wasn't the one who was bragging about uptime[10:17:55] <AstralStorm> heheh[10:17:58] <AstralStorm> true[10:18:25] <pj> oh, that was Motoko-chan[10:18:28] <AstralStorm> ksplice is slower than manual update[10:18:32] <Motoko-chan> I know I had to make a custom kernel for that machine.[10:18:44] <AstralStorm> but if that matters, then everyone has a problem[10:19:08] <AstralStorm> what is more important is that some fun person might spread a rootkit that way[10:19:11] <AstralStorm> sooner or later it will happen[10:19:29] <pj> the only way to reliably have 3 years uptime is with ksplice[10:19:42] <AstralStorm> and it's far harder to catch than source code alteration or rooted distro package[10:19:52] <AstralStorm> pj: not necessarily[10:19:54] *** biggimat has joined #postfix[10:19:58] <AstralStorm> reliably you can have even longer[10:20:01] <AstralStorm> just not touching the kernel[10:20:02] <pj> AstralStorm: I mean on a single machine[10:20:10] <AstralStorm> securely, that's another matter[10:20:20] <pj> AstralStorm: ok, s/reliably/securely/[10:20:37] <AstralStorm> still, trusting one machine is madness[10:20:46] <AstralStorm> hardware failures happen[10:21:04] <pj> well, if you're that anal about uptime then redundancy is a much better way than using something like ksplice[10:21:45] <pj> but for my client's it's enough to just wait until the middle of the night and reboot to the new kernel.[10:22:03] <AstralStorm> exactly, that's why I can't really see any use for ksplice :)[10:22:28] <pj> I wouldn't want to trust it anyways.[10:22:39] <pj> it's more for "coolness" factor than anything else, imo[10:23:14] <AstralStorm> maybe a shell server would benefit from that[10:23:18] *** Matic`Makovec has quit IRC[10:23:31] <AstralStorm> anyone that really *really* cares about local exploits[10:23:39] <AstralStorm> (oh, don't use NFS, it's evil)[10:23:49] <AstralStorm> (and avoid cifs too)[10:23:58] *** henriknj has joined #postfix[10:24:09] <AstralStorm> kernel network filesystems are a bad idea altogether[10:24:10] <pj> I wonder how cloud services such as rackspace manage to pull off kernel upgrades[10:24:34] <pj> heh, they probably don't[10:24:41] <AstralStorm> by fixing one part of cloud after another?[10:25:06] <AstralStorm> migrate apps off the part, update, migrate back, rinse and repeat[10:25:06] <pj> I mean virtual server hosts[10:25:36] <AstralStorm> the problem of course is networking, but this can be fixed by multihoming[10:25:43] <pj> such as this: http://www.rackspacecloud.com/cloud_hosting_products/servers[10:25:53] <pj> oh, right, migrate[10:26:15] <pj> they can probably do it with a single migrate[10:26:24] <pj> and just leave the part on the new server[10:26:39] <pj> but that said, the vms would still be running the old kernel[10:26:47] <shasta> welcome to the world of virtualization :)[10:27:00] <shasta> pj, not necessarily; see what "OS virtualization" is[10:27:11] <shasta> (like, OpenVZ/Virtuozzo)[10:27:21] <pj> I've worked out how to upgrade the kernel on my client's xen server[10:27:46] <pj> but it does involve rebooting all the vms[10:28:11] <AstralStorm> pj: but vms don't care[10:28:23] <AstralStorm> I mean, the service doesn't care about single VMs[10:28:29] <AstralStorm> or their contents[10:28:32] <pj> AstralStorm: true[10:28:39] <pj> which is why I said they probably don't[10:29:00] <pj> that said the kernel for the rackspace vms is loaded from the host.[10:30:56] <pj> on the xen server I have symbolic links to the latest kernel and ram disk image. I just install a new kernel on the dom0, generate a new ramdisk from it and update the links. Then I just have to reboot the vms and they pick up the new kernel.[10:31:00] <pj> that is a bit simplified.[10:38:24] <AstralStorm> it's a wrong setup, one that uses the same kernel[10:38:33] <AstralStorm> it takes away the choice from the users[10:38:40] <pj> all the users are me[10:38:41] <AstralStorm> I've skipped one VPS already because of that[10:38:53] <AstralStorm> ahha, no problem then :P[10:38:59] <pj> ;-)[10:39:06] <pj> well technically my client, but ... yeah[10:39:11] <AstralStorm> although it's still nice to be running some locked down kernel in dom0 and others in domU[10:39:17] <AstralStorm> customized[10:39:29] <pj> basically what it is is this client currently has a full rack at one host full of old servers.[10:39:49] <pj> and we are replacing all of them with a single server that is powerful enough to handle the load of all of those old servers[10:39:51] <pj> new host[10:39:58] <pj> and a very significant cost savings.[10:40:07] <AstralStorm> apply some NIDS to be sure his antiques don't cause trouble[10:40:19] <pj> NIDS?[10:40:32] <AstralStorm> network intrusion detection system, e.g. Snort[10:41:12] <pj> ahhhhh, I may look into that, but I already have pretty good security on the new system. I'm not worried about the old servers, they're getting ripped out.[10:41:25] <AstralStorm> :)[10:41:45] <pj> new system has better firewall rules, and denyhosts (which goes a logn ways towards securing a system).[10:42:14] <pj> although IDS could go some ways as well.[10:44:22] *** niki has quit IRC[10:47:14] <AstralStorm> nah, denyhosts is crud[10:47:23] <AstralStorm> a distributed crack cuts through that easily[10:47:34] <pj> yes, true[10:47:46] <pj> it's hard to defend against a distributed crack[10:47:49] *** sherr has quit IRC[10:47:54] <AstralStorm> it is easy to do that actually[10:48:08] <AstralStorm> it's harder to defend against a *slow* distributed crack[10:48:16] <pj> this is true.[10:48:18] *** sherr has joined #postfix[10:49:01] <pj> what tools do you use to defend against a distributed attack?[10:49:07] <AstralStorm> also, what kind of system would be crackable by guessing a password only?[10:49:21] <AstralStorm> use certificates for sanity's sake[10:49:55] <pj> well, you have to guess the username and the password, obviously ... and I don't leave easily guessable usernames on the system. I have root logins turned off (use sudo to get to root)[10:50:04] <pj> and certificates, yes.[10:50:08] <AstralStorm> yes, this makes it far harder to crack[10:50:34] <AstralStorm> and certificates are resilient to most every attack, except Man-in-the-Middle if you're not smart[10:50:46] <pj> but certificates are more for convenience. I don't want to be left out in the cold if I need to access the system from a computer where I don't have my ssh cert installed.[10:50:46] <AstralStorm> (or careless)[10:50:59] <AstralStorm> certificates should be secured by a password still[10:51:15] <AstralStorm> a passwordless cert is an invitation for cracking your home computer and stealing that[10:51:32] <pj> that would reauire a very dedicated attack[10:51:56] <AstralStorm> no, a normal dedicated attack.[10:52:30] <pj> so unless you're the type of target that invites such an attack it's not that big of a deal. The vast majority of attacks are jsut scripts running on botnets and have no idea to attack your home computer first (presuming that they even can).[10:53:04] <AstralStorm> that is true, but once the majority are weeded out...[10:53:16] *** smica has joined #postfix[10:54:12] <AstralStorm> that's why a machine with the certificates has to be as secure (or more) than the one with the servers[10:54:38] <pj> true, the home computer doesn't even have any ports open to the outside.[10:54:44] <AstralStorm> suppose there's a remote <web-browser> exploit which you trigger[10:54:45] <pj> it's behind a NAT][10:55:21] <AstralStorm> an attack like this will attempt to connect somewhere out[10:55:21] <pj> yes, there is that ... I haven't heard of one that targets your ssh certs yet.[10:55:39] <AstralStorm> there were such that targetted Windows cert store and certificate files on disk[10:55:54] <AstralStorm> none known yet for Linux, but it's only a matter of time[10:55:56] <pj> yes, that would presume that my home computer runs windoze.[10:56:23] <pj> also even if they get the ssh certs they then have to know what to do with them.[10:56:48] <pj> requires someone to pour over computer records looking for hints about where those certs go, not something that can really be automated.[10:56:48] <AstralStorm> such thing is a tasty treat for any cracker[10:57:01] <AstralStorm> because you probably wouldn't expect that your keys were stolen[10:57:22] <AstralStorm> especially if the cracker is smart and uninstalls the rootkit after investigating[10:57:29] <pj> yes, true[10:57:49] <pj> I doubt they'd uninstall everything, though ... too tempting to leave a backdoor, heh[10:58:00] *** rhenz has quit IRC[10:58:24] <AstralStorm> not[10:58:27] *** Motoko-chan has quit IRC[10:58:32] <AstralStorm> more tempting to not have been found out[10:58:45] <AstralStorm> and installing some nice walled garden on your VPS[10:59:10] <pj> anyways ...[10:59:17] <pj> back to finishing up this server, heh[10:59:35] <AstralStorm> and I'm back to writing good backup software[10:59:49] <pj> lol[11:00:00] <pj> what is the backup software for?[11:00:04] <AstralStorm> specifically easy to use and automated[11:00:08] <pj> right[11:00:10] <AstralStorm> for user data and user machines[11:00:14] <pj> ok[11:00:26] <AstralStorm> using inotify :)[11:00:26] <joschi> AstralStorm: bacula?[11:00:34] <AstralStorm> bacula isn't really user-configurable[11:00:40] <AstralStorm> and it's very manual[11:00:48] <AstralStorm> I'm talking about something far more automatic[11:01:22] * pj has mainly done backup scripts for servers, heh[11:01:36] <AstralStorm> yeah, that's easy[11:01:45] <AstralStorm> doing good user software is more work :)[11:02:04] <pj> it is, but sometimes the limitations on the NAS storage you get makes it more difficult[11:02:24] <AstralStorm> nah, just a tiny bit[11:02:39] <pj> like if your host gives you a user ssh login, rsync is a good tool, but can't preserve permissions and ownership on the files[11:02:42] <AstralStorm> compare it to the effort to write a whole two-part application[11:02:48] <pj> true[11:03:00] <AstralStorm> rsync can preserve permissions :)[11:03:12] <AstralStorm> but remember, backups should be easy to restore[11:03:16] <pj> not entirely, and especially not if you don't have root on the target[11:03:23] <AstralStorm> suppose said user hoses his linux and has to access data in windows[11:04:01] <pj> rsync cannot preserve ownership without root access on the target, heh[11:04:06] <AstralStorm> true[11:04:13] <AstralStorm> but then ownership doesn't really matter, now[11:04:28] <AstralStorm> since it's still yours :)[11:04:32] <pj> it certainly does if you're backing up servers.[11:04:41] <AstralStorm> yes, or whole operating systems[11:04:44] <AstralStorm> but then tar is better[11:04:52] <pj> tar has it's issues[11:04:55] <AstralStorm> like what[11:05:02] <pj> with tar you have to transfer the entire backup ... every time[11:05:17] <AstralStorm> use delta transmission?[11:05:18] <pj> and you also can't save on space by using hard links[11:05:25] <AstralStorm> hum?[11:05:32] <AstralStorm> of course you can, tar compresses hard links well[11:05:38] <AstralStorm> :)[11:05:42] <pj> on the target[11:05:43] <pj> sheesh[11:05:48] <AstralStorm> and it can unpack them fine too[11:06:14] <pj> ok, with rsync when you want to do increments, you do cp -al on the target ...[11:06:34] <AstralStorm> with tar, you can do it incrementally too, as long as you keep the image on the local disk as well[11:06:55] <AstralStorm> do the copy of the tarball (recommended with copy-on-write)[11:06:58] <pj> well that's just it, we don't want the image on the local disk[11:07:13] <AstralStorm> update the copy, run zdelta or such ,transfer the delta, apply it to the image[11:07:15] <AstralStorm> :)[11:07:19] <pj> and also ... easier access to individual files if you don't use tar.[11:07:23] <AstralStorm> *bdelta[11:07:34] <AstralStorm> slightly easier, yes, but this rarely matters[11:07:47] <AstralStorm> you can browse the archive pretty well[11:07:49] <pj> anyways, my solution was to simply generate an extra file that contains all the ownership and permissions of the entire tree[11:08:01] <AstralStorm> xdelta or bdelta :)[11:08:10] <pj> then it's a simple matter to apply those ownerships and permissions back after the restore.[11:08:20] <AstralStorm> yes, that will work[11:08:33] <AstralStorm> but might not be the most efficient way, and especially not easy to compress the backup[11:08:46] <pj> no, the backup is not stored compressed[11:08:50] <pj> that is the only real downside[11:09:40] <AstralStorm> so in fact a tarball is just as good with a few support tools for making and sending the deltas[11:09:51] <pj> support tools ...[11:09:55] <pj> that is the other issue[11:10:06] <pj> you only have access to the tools that the host gives you on the backup server.[11:10:17] <pj> rsync is on every backup server.[11:10:17] <AstralStorm> rarely.[11:10:33] <AstralStorm> if they don't have tar and xdelta, go bug them to provide it[11:10:42] <pj> they'll have tar[11:10:44] <AstralStorm> although rsync of the tarball works almost as well ;p[11:10:49] <pj> I don't know about xdelta[11:11:11] <pj> I suppose you can also tar and pipe the output through ssh[11:11:27] <AstralStorm> uglier than rsyncing the tarball[11:11:32] <AstralStorm> and wastes bandwidth[11:11:50] <pj> compress it first, heh[11:11:55] <AstralStorm> I'd only use scp if xdelta3 is available[11:12:06] <AstralStorm> or bdelta[11:12:53] <pj> well it's an interesting concept[11:12:53] *** rhenz has joined #postfix[11:13:01] <pj> those won't be available[11:13:12] <AstralStorm> yes, but as you said, rsync will be[11:13:15] <pj> yes[11:13:28] <AstralStorm> so updating the tarball then rsyncing is as good if not better than just rsyncing[11:13:43] <AstralStorm> you can store the deltas locally for that matter[11:13:46] <pj> but then you have to store the backup locally as well as on the remote, right?[11:13:50] <AstralStorm> or just send them :)[11:13:55] <AstralStorm> yes, you should[11:14:08] <pj> yeah, heh[11:14:34] <AstralStorm> otherwise there's no way to save time in transfer like that[11:14:42] <pj> right[11:15:06] <pj> really the only downside to my system by comparison is the space used on the target[11:15:07] <AstralStorm> unfortunately rsync doesn't support a "permission file"[11:15:13] <AstralStorm> space and ^[11:15:24] <pj> no, but it's not hard to do that outside of rsync[11:16:05] <AstralStorm> unless you want to use --fake-super[11:16:54] <AstralStorm> and that's a bit... quirky[11:17:11] <pj> yeah[11:17:13] <AstralStorm> needs xattrs on the target[11:17:16] <pj> it's easy to generate the file[11:17:16] <AstralStorm> which is broken[11:17:26] <pj> and easy to restore the perms from it after.[11:17:29] <AstralStorm> it should write to an additional file[11:17:34] <AstralStorm> yes, it should be[11:17:40] <pj> hang on ...[11:17:41] <AstralStorm> unless you lose hardlinks, symlinks etc.[11:17:55] <pj> nope, rsync preserves those anyways[11:18:14] <AstralStorm> somewhat.[11:18:19] <AstralStorm> how does it store that data? ;p[11:18:31] <AstralStorm> if the remote end doesn't support them, specifically[11:18:45] <pj> oh, yes, the remote has to support them. In my case it does.[11:18:56] <pj> but if it didn't I would modify my file to hold that info as well.[11:19:07] <pj> this is how I generate the file: find "$lpath" -printf '%#m\t%u\t\t%g\t%G\t%p\n' > "$lpath$permtree" 2>/dev/null[11:19:10] <AstralStorm> see, manually manual[11:19:22] <AstralStorm> so to use rsync portably you have to code around it[11:19:28] <pj> yes, true[11:19:31] <AstralStorm> similar to tar[11:19:44] <AstralStorm> though tar's easier really, just wasting space on the client[11:19:45] <pj> but the thing is again limited to the tools you are given[11:19:54] <AstralStorm> not really[11:20:16] <AstralStorm> if you have rsync, you can pick either rsync + some fix script[11:20:27] <AstralStorm> or tar (sent by rsync)[11:20:34] <AstralStorm> or tar + xdeltas[11:20:46] <pj> I once had a host that only had rsync, cd, mkdir, etc, and ls ...[11:20:51] <pj> I don't think they even had tar[11:21:01] <AstralStorm> client you mean?[11:21:04] <AstralStorm> the server doesn't need tar[11:21:10] <pj> true[11:21:13] <pj> they didn't even have du[11:21:17] <AstralStorm> ugh[11:21:29] <pj> and I needed a way to find out how much space was used on the target[11:21:29] <AstralStorm> df should be enough though[11:21:31] <AstralStorm> and ls[11:21:41] <pj> yeah, didn't have df, and that didn't help me anyways[11:21:44] <pj> I used ls[11:21:51] <AstralStorm> moronic system, haha[11:22:08] <pj> and I wrote a perl script to parse the output of ls and add the size of all the inodes together.[11:22:15] <AstralStorm> what kind of insane person removes du and df[11:22:24] <pj> it took ages to run and wasn't pretty[11:22:27] <pj> but it worked, heh[11:22:29] <AstralStorm> especially df, since it only accesses the kernel[11:22:43] <AstralStorm> maybe that's the reason, locked down /proc[11:22:44] <pj> I don't know if they removed df, but df would not have helped.[11:22:55] <AstralStorm> heh[11:23:01] <pj> I needed to know how much space my backups took and they were not on a separate filesystem[11:23:03] <AstralStorm> enough ranting, more work :)[11:23:29] <pj> but I doubt they had df, they put me into a chroot jail and only gave the bare minimal utils[11:23:38] <pj> they would not have thought that df was needed.[11:24:02] *** ServerDown has left #postfix[11:24:09] *** AlexC_ has joined #postfix[11:24:12] <AlexC_> morning[11:24:17] *** ServerCrash has joined #postfix[11:24:21] <AstralStorm> in fact, tar has that -g option for incremental backup[11:24:26] <AstralStorm> that's per-file I think[11:24:35] <ServerCrash> hi does anyone know how to get two milters run together[11:24:38] <AlexC_> I'm looking at installing Postgrey, and wondering if people have any bad thoughts about it?[11:24:47] <ServerCrash> i have this dkim milter and senderid milter[11:24:53] <ServerCrash> at at time only one runs[11:25:05] <AstralStorm> AlexC_: it works against some spam, but spammers are getting smarter[11:25:25] <pj> is that greystoration?[11:25:27] <AlexC_> AstralStorm: some is better than nothing. But what about legit mail?[11:25:30] <ServerCrash> i have added them as smtpd_milters = inet:localhost:20209[11:25:31] <ServerCrash> smtpd_milters = inet:localhost:10034[11:25:32] <AstralStorm> pj: greylisting[11:25:41] <pj> greylisting ... I knew I got that wrong, heh[11:25:55] <AstralStorm> AlexC_: it might be delayed slightly[11:26:00] <pj> yeah, from what I gather greylisting won't stop legit emails from getting through, it will only delay them[11:26:01] <AstralStorm> depending on your mail server settings[11:26:13] <AstralStorm> usually by one resend cycle[11:26:15] <pj> usually you will get some delayed by about a 1/2 hour.[11:26:16] <AlexC_> delayed is ok, I'm just worried some legit mail wont be attempted to be sent again[11:26:17] <ServerCrash> surely i am missing the syntax fo putting to smptd milters, hence the last one is working and not both[11:26:23] <AlexC_> pj: ouch, really?[11:26:32] <AstralStorm> AlexC_: very rare[11:26:32] <ServerCrash> anyone in here knows how to put two milters together ?[11:26:34] <pj> yeah, in my experience with greystoratin.[11:26:36] <pj> errr[11:26:38] <pj> greylisting[11:26:42] *** master_of_master has quit IRC[11:26:43] <AlexC_> hum[11:26:44] <AstralStorm> 1/2 hour? not really[11:26:47] <AstralStorm> what I've seen is 15 minutes[11:26:53] <AstralStorm> and you can add a whitelist[11:27:00] <pj> AlexC_: if the emails aren't resent then the email server is not standards-compliant[11:27:04] *** rajijoom has quit IRC[11:27:22] <AstralStorm> so you can whitelist gmail, hotmail, whatever you want[11:27:27] <ServerCrash> smtpd_milters= inet:localhost:20209, inet:localhost:10034 <== is this the right method[11:27:28] <AlexC_> that's true[11:27:35] <AstralStorm> ServerCrash: that should work[11:27:45] <AlexC_> ok thanks for the info :)[11:27:45] <AstralStorm> oh wait a second[11:27:53] <pj> that said, like AstralStorm said, it won't stop all spam.[11:28:09] <AstralStorm> about the only filters that can are the learning ones[11:28:15] <AstralStorm> and that's almost all.[11:28:25] <pj> learning filters won't either, heh[11:28:27] *** master_of_master has joined #postfix[11:28:46] <pj> there really is no way to stop all spam short of turning off your email.[11:28:48] <AstralStorm> no, they do have better than 99.995% chance of working[11:28:53] <AstralStorm> :)[11:29:11] <AstralStorm> the really good ones, like crm114 that is[11:29:25] <AstralStorm> dspam bigram bayesian is a bit worse at one 9 less[11:29:37] <AlexC_> I don't care if some get through; right now I'm getting at least 1 spam email every hour or half an hour, quite annoying[11:29:43] <AstralStorm> which means in 10k spam mails, you'd get 50[11:29:47] <pj> anyways, I'm starting off with clamav + spamassassin which should be good for now.[11:29:55] <pj> I can tweak it and add more filters later, heh[11:30:03] <AstralStorm> AlexC_: you need better filtering then[11:30:24] <pj> AlexC_: just recently?[11:30:34] <pj> there has been a surge of spam recently, I think[11:30:50] * AstralStorm likes autotraining spam filters[11:31:01] <AstralStorm> you just set up a honeypot address that trains everything incoming as spam[11:31:11] <pj> ahhhh, yep[11:31:20] <AstralStorm> that is fairly effective[11:31:22] <AlexC_> AstralStorm: I did play around with helo restrictions, such as reject_non_fqdn_helo_hostname and reject_unknown_helo_hostname - but this blocked far too much[11:31:31] <AstralStorm> hm?[11:31:41] <AstralStorm> helo is wrong, yes[11:31:44] <pj> well, I start out with this and if the client complains then I can add other methods such as greylisting and autotraining.[11:32:12] <AlexC_> well my brother couldn't even send email, as his email client set a helo/ehlo string of 'foobar.local' for example, basically his internal hostname[11:32:20] <AstralStorm> what's important is that the filter must have low false positive rate[11:32:32] <AstralStorm> AlexC_: ... use more SASL then :)[11:32:33] <pj> yes[11:32:41] <AstralStorm> in other words, authentication[11:32:48] <AlexC_> AstralStorm: hum, I do[11:32:55] <AstralStorm> then you set up your restrictions wrong[11:33:06] <pj> most of the spam I see, though, is in my catchall.[11:33:09] <AstralStorm> permit_sasl_authenticated should come before it[11:33:17] <AstralStorm> before helo restrictions[11:33:43] <pj> ...and I put much heavier spam filtering on the catchall than on the other accounts.[11:33:43] <AstralStorm> permit_mydomain probably too[11:34:06] <AstralStorm> (unless you don't want mails from cron and services)[11:34:26] <AlexC_> http://paste2.org/p/1002754 - this is what I have now, http://paste2.org/p/1002757 this is what I used but blocked too much[11:34:52] <AstralStorm> ah right[11:35:02] <AstralStorm> forgot that sasl auth comes after HELO[11:35:11] <AlexC_> yeah, which is the trouble :)[11:35:13] <AstralStorm> so, really, skip those two[11:35:18] <AstralStorm> or do it like real men[11:35:25] <AstralStorm> provide an actual mail submission server[11:35:30] <AstralStorm> port 587[11:35:45] <AstralStorm> that one without helo[11:35:46] <AlexC_> I've heard of this, but no idea exactly what it is or how to set it up[11:35:48] <AstralStorm> port 25 with[11:35:53] <AstralStorm> two servers :)[11:36:11] <AlexC_> hum, fun[11:36:37] <AstralStorm> not too hard to do really[11:36:48] <AstralStorm> the 587 one might use the 25 one as a relay to cut down on config[11:37:09] <AstralStorm> (not much, but still)[11:37:16] <AlexC_> ok, I'll take a look into this[11:39:33] <AstralStorm> you have to reject everything non-SASL-authenticated there then :)[11:39:40] <AstralStorm> otherwise it's no goo[11:39:42] <AstralStorm> *no good[11:40:01] <AstralStorm> or put it completely on the local network only[11:44:25] <AstralStorm> set your local MTA to send to it of course, not to :25[11:45:10] <denysonique> <AstralStorm> forgot that sasl auth comes after HELO[11:45:11] <denysonique> lol[11:45:47] <AstralStorm> denysonique: yes, true. TLS also comes after HELO[11:48:23] <denysonique> second lol[11:49:47] <denysonique> AstralStorm, In IT good manners are always important. You need to greet everyone first.[11:50:14] <AstralStorm> not really[11:50:29] <AstralStorm> it could be like, STARTTLS then here you send your client certificate[11:50:36] <AstralStorm> but SMTP doesn't support this[11:51:16] *** forsberg is now known as fOrsberg[11:55:02] *** e-jones has joined #postfix[11:56:38] *** e-jones has quit IRC[11:56:47] *** fOrsberg is now known as forsberg[12:07:37] *** thunderstrike has joined #postfix[12:12:13] *** uqlev has quit IRC[12:24:02] *** EagleWatch has quit IRC[12:41:42] *** rajijoom has joined #postfix[12:43:07] *** Matic`Makovec has joined #postfix[12:44:30] *** CaBa has joined #postfix[12:44:31] <CaBa> hi[12:45:22] *** biggimat has quit IRC[12:50:16] *** tjikkun has quit IRC[13:02:38] *** biggi_mat has joined #postfix[13:04:37] *** Matic`Makovec has quit IRC[13:23:38] *** Qwert has joined #postfix[13:28:41] *** UQlev has joined #postfix[13:30:07] *** rajijoom has quit IRC[13:31:16] *** robotarmy has joined #postfix[13:35:37] *** robotarmy has quit IRC[13:38:20] *** thunderstrike has quit IRC[13:43:53] *** wdp__ has quit IRC[13:50:16] *** wdp has joined #postfix[13:50:16] *** wdp has joined #postfix[13:55:29] *** pallgone has joined #postfix[13:56:58] <pallgone> Hi guys, I'm following this guide: http://library.linode.com/email/postfix/postfix-courier-mysql-debian-5-lenny - but I'm still getting AUTH PLAIN LOGIN on the SMTP test, any ideas?[13:58:28] <pallgone> ah, sorry, the link to the test is: http://library.linode.com/email/postfix/postfix-courier-mysql-debian-5-lenny#testing_postfix[14:06:37] <ServerCrash> hi[14:08:00] <ServerCrash> i am using sender_dependent_default_transport_maps, can i use -o myhostname=foo.com to set hostname for a given sender[14:08:54] <ServerCrash> Zerberus, :) ^^ any idea[14:09:51] <ServerCrash> AstralStorm, do you have any experinces with sender_dependent_default_transport_maps, ?[14:09:51] *** henriknj has quit IRC[14:13:32] <AstralStorm> I did that a few times[14:13:41] <ServerCrash> great :)[14:13:42] <AstralStorm> it works with new postfix versions[14:13:48] <AstralStorm> 2.4.x and up I think[14:13:51] <ServerCrash> ya i have 2.7[14:14:25] <AstralStorm> so go read the nice documentation, it's a normal map[14:14:36] <ServerCrash> i am trying to send hostname to my ips using -o myhostname=foo.com, but all my filters and even normal smtp banner shows localhost.localdomain[14:14:42] *** Alagar has joined #postfix[14:14:46] <ServerCrash> send /set[14:14:48] <AstralStorm> use SASL then[14:14:54] <AstralStorm> and check user name[14:15:23] <AstralStorm> or you can check based on the destination address or server[14:15:24] <ServerCrash> for SMTP banner why should i need to check username ?[14:17:03] *** henriknj has joined #postfix[14:17:03] *** henriknj has joined #postfix[14:19:17] *** shoonya has joined #postfix[14:19:39] <ServerCrash> AstralStorm, http://pastebin.com/zYdxXp8a[14:21:00] <ServerCrash> how can one set hostname per ip ?[14:21:17] <AstralStorm> uhm?[14:21:17] <Aprogas> ServerCrash: please describe your goal, not just your methods[14:21:22] <AstralStorm> why would you care about the banner?[14:21:26] <AstralStorm> exactly[14:21:40] <AstralStorm> tell us what you want to achieve with the maps[14:22:02] <ServerCrash> well my mails land up in spam since my stmp banner doesnt match the reverse dns lookup[14:22:08] <ServerCrash> so i am trying to fix the banner here ..[14:22:26] <AstralStorm> set mydomain properly then[14:22:27] <ServerCrash> thats the last thing one would like to do ..fixing banners ...:([14:22:27] <adaptr> ServerCrash: nothing in the RFCs mandates that the server banner has to be anything whatsoever[14:22:29] <joschi> ServerCrash: I don't think so[14:22:53] <AstralStorm> adaptr: indeed, but some mail servers reject mails then[14:22:58] <joschi> no[14:23:00] <adaptr> AstralStorm: then those servers are broken[14:23:01] <AstralStorm> stupid configuration, but cuts down on spam[14:23:12] <adaptr> name one[14:23:13] <joschi> sorry, but I've *never* heard or experienced that anywhere[14:23:29] <AstralStorm> adaptr: let's start with wp.pl[14:23:36] <adaptr> never heard of that[14:23:49] <AstralStorm> that's one of the major mail servers in Poland[14:23:52] <adaptr> is that a mail server product?[14:23:55] <AstralStorm> one of the 4 largest[14:23:56] <adaptr> oh, so not a mail server[14:24:13] <AstralStorm> no, it's comparable to hotmail, but on smaller scale[14:24:15] <joschi> AstralStorm, ServerCrash: are you sure you really mean the SMTP banner and not something else?[14:24:18] <adaptr> tell them to fix their broken SMTPd[14:24:31] <AstralStorm> their smtpd is fine[14:24:35] <AstralStorm> the configuration is very strict[14:24:37] <adaptr> no, it isn't[14:24:43] <adaptr> it violates the RFCs[14:24:50] <AstralStorm> RFC says nothing about this really[14:24:55] <adaptr> exactly[14:25:03] <AstralStorm> it doesn't tell "you should accept the mails"[14:25:16] <AstralStorm> so it's open to interpretation[14:25:18] <adaptr> take it from me, that is more or less the function of a mail server[14:25:31] <AstralStorm> and the reverse dns check on helo removes one fake mail source[14:25:49] <ServerCrash> well my mail even got rejected by rediffmail becuase they used some company which checks ip reputations, and since we got a new server and ip was clean and had never sent mails in recent past. They blocked our ip saying it could be malicious as its not been seen as mail server[14:25:58] <AstralStorm> reverse DNS of the connection vs helo, so you can't say foobar.pl in helo and send fake emails[14:26:09] <Aprogas> ServerCrash: You are confusing smtpd_banner with smtp_helo_name[14:26:12] <ServerCrash> in recent past and has no mailing history[14:26:21] <ServerCrash> nopes Aprogas[14:26:33] <ServerCrash> i have correct helo name[14:26:41] <AstralStorm> but your reverse dns doesn't match it[14:26:42] <Aprogas> Does your HELO match your FCRDNS ?[14:26:47] <ServerCrash> yes[14:26:51] <Aprogas> Prove it.[14:27:22] <AstralStorm> run dig A yourdomain.name[14:28:16] <adaptr> AstralStorm: you really should learn the difference between the server banner and the HELO[14:28:18] <AstralStorm> Aprogas: the reverse DNS trick rejects many domains linked to dynamic IPs[14:28:23] <AstralStorm> that's why it's used in spam filtering[14:28:26] <adaptr> and it's not a "trick"[14:28:27] <AstralStorm> adaptr: he told about HELO[14:28:30] <adaptr> he did not[14:28:40] <adaptr> YOU stated absurd things about banners[14:28:50] <AstralStorm> wait[14:29:00] <AstralStorm> smtp banner which is what part?[14:29:16] <AstralStorm> it's later than HELO?[14:29:21] <Aprogas> If you want to be most assured even very strict mailservers accept you mail, make HELO match your FCRDNS. Although in most cases just having a existing HELO and a existing and valid FCRDNS is enough, they don't necessarily have to match.[14:29:30] <rob0> Sad truth is that the people who want all this non-virtual virtual mail hosting usually don't understand enough about SMTP to make it happen.[14:29:36] <ServerCrash> http://pastebin.com/zYdxXp8a[14:29:38] <Aprogas> There is smtpd_banner and smtp_helo_name[14:29:51] <AstralStorm> that, and he set any of them?[14:29:57] <AstralStorm> he didn't say anything[14:30:00] <Aprogas> smtpd_banned could be "Hello, I'm a little Postfix server, I like to deliver mail, ROFL XD"[14:30:00] <ServerCrash> this is the config, and the helo mention here matches my rdns[14:30:06] <Aprogas> s/banned/banner/[14:30:17] <rob0> And those who do know enough usually don't care about "perfect headers".[14:30:22] <adaptr> Aprogas: short and stout ?[14:30:29] <ServerCrash> why is myhostname used ?[14:30:30] <AstralStorm> rejecting due to a banner? wtf?[14:30:37] <Aprogas> adaptr: heh[14:30:38] <Aprogas> ServerCrash: 404[14:30:41] <AstralStorm> ServerCrash: why shouldn't it?[14:30:43] *** jelly-home has quit IRC[14:30:51] <AstralStorm> it's a good default[14:30:55] <Aprogas> myhostname is a template for many other settings, because in many cases it is the sensible default[14:31:08] *** pinoyskull has joined #postfix[14:31:43] <ServerCrash> Aprogas, http://pastebin.com/Hkd9qbcX[14:32:34] <Aprogas> !tell ServerCrash smtpd!=smtp[14:32:34] <knoba> ServerCrash: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters have different meanings. smtpd_ = server and smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)[14:32:34] <rob0> !smtp!=smtpd[14:32:35] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[14:32:36] <ServerCrash> This is what i received "Warning - Reverse DNS does not match SMTP Banner[14:32:37] <ServerCrash> "[14:32:38] <rob0> haha[14:32:42] <Aprogas> !tell rob0 gmta[14:32:42] <knoba> Aprogas: Error: No factoid matches that key.[14:32:54] <Aprogas> ServerCrash: Show that error in context.[14:33:24] <AstralStorm> ServerCrash: silly message that is garbage[14:33:46] <AstralStorm> RFC doesn't require the banner[14:33:53] <AstralStorm> unless they mean something entirely else[14:34:25] <AstralStorm> smtpd_helo_name you might want to set[14:34:28] <adaptr> an SMTP banner traditionally starts with $mailserver [version] - [E]SMTP ready.[14:34:40] <AstralStorm> traditionally doesn't mean "has to"[14:34:40] <adaptr> I don't see how that could ever match a DNS hostname[14:34:50] <AstralStorm> unless he has something else in there[14:34:54] <adaptr> you're missing the poit, and being contentious for no reason[14:34:57] <AstralStorm> and said spam filter has a stick up its[14:34:59] <adaptr> cut that out![14:35:02] <ServerCrash> now i tried to add that -o myhostname=domain1 but i guess i need to make it at xx.xx.xx.xx:smtp inet n - n - - smtpd -o myhostname=domain1.com[14:35:25] <rob0> !overview[14:35:25] <knoba> rob0: "overview" : Postfix Architecture Overview : http://www.postfix.org/OVERVIEW.html[14:35:29] *** tjikkun has joined #postfix[14:35:29] *** tjikkun has joined #postfix[14:35:35] <adaptr> rob0: you really think that'll help[14:35:43] <Aprogas> ServerCrash: Show the warning/error you get in its proper context. Who throws that error? What else do they say?[14:36:10] <AstralStorm> also, ServerCrash, go run tcpdump to see what is sent[14:36:15] <rob0> No. But one really does need an in-depth understanding of Postfix and SMTP to do what ServerCrash wants to do, and that would be a place to start.[14:36:49] <AstralStorm> (unless there's an option in postfix to log all output which I don't know about)[14:37:22] <ServerCrash> hold on guys, you all got a very fast fingers ...i am a bit slow in both reading and typing and can do one task at time :([14:38:16] <AstralStorm> and pastebin the nice postfix log please, with that reject[14:38:36] <AstralStorm> (and some messages up)[14:38:50] <ServerCrash> does anyone trust reporting of these guys http://www.mxtoolbox.com[14:39:26] <Aprogas> If you are slow in reading and typing, don't bring up new stuff, until you answered the old stuff.[14:39:50] <AstralStorm> MX record is not for mail sending, only receiving. If a mail server drops you because MX doesn't match your reverse DNS, they're horribly misconfigured[14:39:57] <AstralStorm> but, again, provide the log.[14:40:04] <ServerCrash> because these guys also give similar warning when i scan my server from them[14:40:20] <AstralStorm> the similar warning being what exactly?[14:40:23] *** smica has quit IRC[14:40:37] <Aprogas> ServerCrash: Just tell us your hostname and let us investigate.[14:40:40] <ServerCrash> smtp banner doesnt match rdns[14:40:53] <adaptr> fine[14:41:02] <adaptr> good luck[14:41:20] <ServerCrash> you guys can test yoru machines there too, if you smtp banner doesnt match rdns it might yap same way[14:41:31] <Aprogas> I don't know how.[14:41:35] <Aprogas> I enter my domain, I see some info.[14:41:39] <Aprogas> Tell me exactly what I need to do.[14:42:03] <ServerCrash> http://www.mxtoolbox.com/SuperTool.aspx give your domain name and click scan[14:42:09] <ServerCrash> sorry lookup[14:42:43] <AstralStorm> ...[14:42:56] <AstralStorm> again, show us the log it gives you[14:43:08] <AstralStorm> it gives line by line SMTP request[14:43:23] <Aprogas> And then?[14:43:28] <Aprogas> I set my smtpd_banner = foo[14:43:28] <AstralStorm> Session Transcript.[14:43:39] <ServerCrash> and was i right when i aksed about xx.xx.xx.xx:smtp inet n - n - - smtpd -o myhostname=domain1.com is the right way to set domainname for a given ip[14:43:55] <Aprogas> With the SMTP test, I can indeed reproduce the warning, which is a warning.[14:44:00] <Aprogas> I don't need that website for delivery, it's not important.[14:44:11] <Aprogas> How about you start telling us your goal now.[14:44:15] <AstralStorm> if any spam filter rejects based on the *banner*, they're horrible[14:44:32] <AstralStorm> and should be killed.[14:44:57] <Aprogas> ServerCrash: Is this website the only place where you have seen this warning?[14:46:14] <ServerCrash> nopes, i think i got the issue marked from rediffmail.com, which rejected the mail and gave link to some ip reputation company[14:46:26] <Aprogas> Show the log with the reject, or the bounce.[14:46:58] <adaptr> AstralStorm: nevertheless, it is what you were spouting before[14:47:03] <ServerCrash> which in turn gave reason that my ip is not known to be a sender of mails and my smtp banner doesnt match reverse dns and hence placed us under malicious[14:47:42] *** wdp has quit IRC[14:48:27] <Aprogas> "451 delivery from 82.75.91.82 is deferred,repeatedly. Send again or check at http://www.commtouch.com/Site/Resources/Check_IP_Reputation.asp" before I could HELO :)[14:48:37] <Aprogas> Let's try from my non-PBL host.[14:48:51] <ServerCrash> relay=mx.rediffmail.rediff.akadns.net[202.137.235.10]:25, delay=2301, delays=2294/0.01/7.1/0, dsn=4.0.0, status=deferred (host mx.rediffmail.rediff.akadns.net[202.137.235.10] refused to talk to me: 451 delivery from xx.xx.xx.xx is deferred,repeatedly. Send again or check at http://www.commtouch.com/Site/Resources/Check_IP_Reputation.asp[14:49:19] <ServerCrash> now do ip check on there server and the reason[14:49:24] <adaptr> sure, that has nothing to do with any banners or DNS[14:49:53] <rob0> hehe, that mxtoolbox.com thing is broken[14:49:57] <Aprogas> That happens from my home/consumer address.[14:50:22] <Aprogas> Which is listed in PBL and DUL.[14:50:27] <Aprogas> And possible other stuff.[14:51:00] <Aprogas> That mailserver returns 550 mailbox unavailable on RCPT TO:<postmaster>[14:51:38] <Aprogas> And now it just times out.[14:56:06] <ServerCrash> also which is better option to go for dkim or domainkeys ?[14:56:44] <Aprogas> Have much research have you done into that?[14:56:55] <rob0> wow, you ought to try to start out simple and build up.[14:57:09] <ServerCrash> i have dkim, but yahoo doesnt seem to care about it :(, i also got spf, sender-id, my ip is white listed yet simple "hello how are you" mails land up into spam box[14:57:09] <Aprogas> I agree with rob0.[14:57:21] <Aprogas> It's better to have no DKIM than incorrectly configured DKIM.[14:57:49] <Aprogas> As to SPF, starting with a all-neutral policy is probably most simple.[14:57:56] <ServerCrash> my dkim work it seems as yahoo shows pass and gmail shows correct domain in sighned by[14:58:03] <Aprogas> Or again just don't do SPF.[14:58:10] <Aprogas> So what is your question?[14:58:12] <rob0> Looks like a shotgun approach. You don't become a mail/SMTP professional in one day.[14:58:16] <adaptr> 220 Are you Naughty or Nice ?[14:58:23] <Aprogas> rob0: On Venus you do.[14:58:25] <adaptr> my postscreen pre-greet[14:58:36] <adaptr> it confuses the fuck out of that mxtoolbox thing[14:58:39] <ServerCrash> i was trying to understand which signing method is accepted globably dkim or domainkeys[14:58:50] <adaptr> you're all over the place[14:58:57] <Aprogas> 421 omg your banner confuses me, i dont want to deliver my spam to you, kthxbye[14:59:34] <Aprogas> Can SMTP clients even legally send reply codes?[14:59:35] <ServerCrash> adaptr, sorry, i also found mxtoolbox thing today only after getting those issue of mail delivery, i tried to check how my server looks to recieving mailservers[15:00:04] <adaptr> now would be a good time to STATE YOUR GOAL[15:00:43] <Aprogas> I think he wants to split three different customers over three different IP-addresses so that one potential spammer doesn't blacklist the rest.[15:00:52] <Aprogas> But my psychic sense is off a bit sometimes.[15:01:08] <adaptr> !postmulti[15:01:08] <knoba> adaptr: "postmulti" : http://www.postfix.org/postmulti.1.html :: Multiple instance management support in Postfix 2.6+[15:01:17] <rob0> Venereal email?[15:01:19] <adaptr> just to throw more fuel onto the fire of ignorance[15:02:09] <ServerCrash> well got that that sorted out with sender_dependent_default_transport_maps ..i love postfix :)[15:02:27] <ServerCrash> no need for me atleast to go postmulti ...this takes care of it[15:02:29] <Aprogas> ServerCrash: You confused that a bit though, passing smtpd_settings to smtp[15:02:35] <Aprogas> ServerCrash: And do you even use a milter/[15:02:50] <ServerCrash> yes, i got dkim-milter and sid-milter on it[15:03:05] <ServerCrash> dk-milter might comein next if required[15:03:49] <ServerCrash> smtpd_milters = inet:localhost:20209,inet:localhost:10034 here my lovely two milters running :)[15:04:43] <Aprogas> Houray, everything works! It is fixed.[15:05:06] <ServerCrash> though dkim-milter does occassionaly crashes or failes to load key list like "/etc/dkim-filter.conf: key load from /etc/mail/dkim/keylist failed[15:05:06] <ServerCrash> "[15:05:59] <ServerCrash> or "dkim-filter[12253]: terminated with signal 8, restarting"[15:06:25] <adaptr> yes, you're not in over your head at all[15:07:26] <ServerCrash> adaptr, ??[15:07:58] <Aprogas> Don't try to run before you can walk.[15:08:25] <AstralStorm> adaptr: nope, I was talking about HELO[15:08:29] <Aprogas> You are trying to tackle advanced issues while you miss some of the basic knowledge; this will not lead to a well-functioning mailserver.[15:08:29] <AstralStorm> not banner[15:08:32] <ServerCrash> well nopes i am still at shores, havent even dip my feet in water, so sailing arround is long go[15:09:00] <adaptr> [14:30:07] <adaptr> ServerCrash: nothing in the RFCs mandates that the server banner has to be anything whatsoever[15:09:05] <adaptr> [14:30:33] <AstralStorm> adaptr: indeed, but some mail servers reject mails then[15:09:07] <AstralStorm> correct[15:09:11] <adaptr> [14:30:53] <adaptr> name one[15:09:15] <AstralStorm> and also correct[15:09:18] <adaptr> [14:31:10] <AstralStorm> adaptr: let's start with wp.pl[15:09:20] <AstralStorm> I've made a mistake[15:09:24] <Aprogas> A server would have to callout to me to check my smtpd_banner[15:09:26] <AstralStorm> wp.pl doesn't do hat anymore[15:09:32] <AstralStorm> they used to, and fixed it[15:09:40] <AstralStorm> which is good[15:10:04] <adaptr> AstralStorm: you talk nonsense. now you're trying to talk over it. doesn't work.[15:11:01] <AstralStorm> anyway, a mail server that looks at the banner in this way *should* be kicked until dead :)[15:11:06] <AstralStorm> or fixed[15:11:24] <ServerCrash> Aprogas, its been just 2 days that i and new to all this, i might not be 100% correct, but then i am bringing in things that i get from sources, to put through eyes of gurus, obviously i am noob and can support my words with facts only, though my understanding of those facts may differ from your intelligent brains[15:11:47] <ServerCrash> that i and new / that i am new[15:11:48] <Aprogas> You should start with a simple mailserver then.[15:11:59] <adaptr> ServerCrash: why did you agree to administer this system, then[15:12:00] <AstralStorm> dkim isn't exactly simple indeed[15:12:13] <ServerCrash> this is my system :)[15:12:22] <adaptr> then you're Doing it Wrong.[15:12:40] <ServerCrash> AstralStorm, for me dkim was very simple[15:12:47] <adaptr> it doesn't work![15:12:48] <AstralStorm> except your daemon still crashes[15:12:50] <Aprogas> Set up a mailserver under some test domain, set up some mailboxes and/or forwards on it, use an emailaddress run by that mailserver for some non-criticail registration forms, contact information, etc.[15:12:54] <ServerCrash> adaptr, it works :)[15:13:05] <adaptr> ServerCrash: stop spouting bullshit please, it's not helping anybody.[15:13:12] <Aprogas> Then you can use that non-critical server to start playing and testing with new things, one by one.[15:13:18] <adaptr> I don't use and have never needed DKIM[15:13:23] <ServerCrash> atleast, yahoo and gmail acknowledges the thats, it might be bullshit though[15:13:30] <adaptr> it's only slightly less fail than SPF[15:13:31] <AstralStorm> DKIM is nice to have, though not critical[15:13:32] <Aprogas> I don't use DKIM either, haven't noticed problems.[15:13:44] <Aprogas> I do use SPF, but with ?all or ~all[15:13:55] <AstralStorm> checking DKIM is very useful though, cuts down on quite a bit of spam[15:13:58] <ServerCrash> and dkim is very easy , just 10 -12 steps and you got it going[15:14:04] <AlexC_> DKIM + SPF with -all here[15:14:29] <ServerCrash> install dkim, generate domain key pairs, setup dns spf record and configure the dkim-filter.conf and main.cf[15:14:39] <AlexC_> ServerCrash: TXT record[15:14:41] <adaptr> ServerCrash: we don't need you to tell us that, thanks[15:14:45] <ServerCrash> ya TXT record[15:14:47] <Aprogas> AlexC_: SPF is a record type[15:15:08] <AstralStorm> now, about that checking DKIM of incoming messages :)[15:15:21] <AstralStorm> never got around to actually implementing this in a large scale mail server[15:15:32] <AstralStorm> recommendations?[15:15:39] <AlexC_> Aprogas: well, never knew that :)[15:17:03] <ServerCrash> AstralStorm, it shouldnt be hard, i am very new to mail servers, last week i was playing with sendmail, didnt find it perfect solutions for my linking, postfix scared me initially , so i kept away figuring out things in sendmail, and finally found this sender_dependent_default_transport_maps and that made me dive into postfix[15:17:24] <ServerCrash> i am sure my server is not the best configured one, but it does very well what i want, without the problems[15:17:37] <AstralStorm> sender dependent transport maps used for virtual domains? the hell?[15:17:58] <ServerCrash> well it might be hell, but works for me :D[15:18:04] <AstralStorm> afair virtual domains are mostly for receiving[15:18:12] <Aprogas> Postfix scared you and sendmail didn't ?[15:18:47] <AstralStorm> now, if some hard-butted server drops mail From foo at yourvirtualdomain dot com because that doesn't match your HELO...[15:18:50] <ServerCrash> Aprogas, it did scared when i thought of creating new mail accounts with authentications[15:19:19] <ServerCrash> AstralStorm, it matches helo :) did you saw my pastebin link[15:19:26] <AstralStorm> yes, because you used the maps[15:19:30] <AstralStorm> heh[15:19:32] <ServerCrash> sender dependent transport maps gives you maping helo[15:19:33] *** hever has joined #postfix[15:19:49] <Aprogas> There is no sender_dependent_transport_maps[15:19:57] <ServerCrash> Aprogas, wake up[15:20:03] <AstralStorm> really, wake up.[15:20:04] <Aprogas> There is something similar, but it's not transport_maps[15:20:14] <ServerCrash> check out 2.7[15:20:28] *** Qwert has left #postfix[15:20:42] <ServerCrash> i dont know what you call transport maps etc etc ..but sender_dependent_transport_maps is there and i have working example :D[15:20:57] <Aprogas> I don't see it in the documentation, I see sender_dependent_default_transport_maps (which emulates default_transport not transport_maps) and sender_dependent_relayhost_maps[15:21:35] <AstralStorm> Aprogas: yes, it doesn't pick the transport map file if that's what you mean[15:21:43] <AstralStorm> it sets the default transport depending on the sender.[15:22:13] <AstralStorm> other parts might override it of course[15:22:14] <Aprogas> Exactly. But when I saw people typing sender_dependent_transport_maps, I figured maybe they thought the file works like transport_maps, which would break stuff.[15:22:24] *** hever has quit IRC[15:22:44] <ServerCrash> Aprogas, i saw it in documentation thats how i came to know about it .. New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps[15:22:44] <AstralStorm> in fact, normal transport_maps are sender-dependent[15:22:55] <AstralStorm> ... exactly, and you using this is *wrong*[15:22:59] <AstralStorm> use transport_maps[15:23:00] *** hever has joined #postfix[15:23:31] <AstralStorm> and read what default_transport is[15:23:39] <Aprogas> AstralStorm: Do you even know what ServerCrash wants to do?[15:23:49] <ServerCrash> Aprogas, some good english here " A sender-dependent override for the global default_transport parameter setting. The tables are searched by the envelope sender address and @domain.[15:23:49] <ServerCrash> A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting. This information is overruled with the transport(5) table. Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.[15:23:49] <ServerCrash> This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses. For safety reasons, this feature does not allow $number substitutions in regular expression maps. This feature is available in Postfix 2.7 and later.[15:23:51] <ServerCrash> "[15:23:56] <AstralStorm> yes, he wants to have proper HELO when sending mail from virtual domain[15:23:57] <ServerCrash> woops ..[15:24:13] <AstralStorm> (and banner too, maybe)[15:24:41] <ServerCrash> i wanted 1. proper banner, 2. proper hostname for every ip:smtp connection[15:24:59] <AstralStorm> transport_maps should suffice in this case[15:25:04] <Aprogas> AstralStorm: Are you sure?[15:25:10] <AstralStorm> yes, I am sure[15:25:59] <Aprogas> I think transport_maps is only queried with several forms of the recipient address.[15:26:34] <Aprogas> To be honest, I'm not sure what ServerCrash wants to do, since he refuses to tell.[15:27:08] *** tharkun has joined #postfix[15:27:16] <ServerCrash> well for me i could not find a method where my outgoing mail could be sent form a given ip that was maped as my domain so with virtual domains on sendmail i had the mail header which had received from domain1.com and then domain2.com blah blah ..[15:27:37] <AstralStorm> Aprogas: hmmm, I'd really have to check indeed[15:27:42] <ServerCrash> the solution was multiple instances[15:27:58] <ServerCrash> but then this binding to sender address came to my help[15:28:07] <AstralStorm> it should in fact allow a check on sender with the pcre: table[15:28:22] <AstralStorm> but well... setting default_transport should do[15:28:38] <ServerCrash> ans now all my mails coming from a particular sender domain where been pushed received and pushed out form a given ip, with proper received from header[15:28:40] <adaptr> Aprogas: transport_maps tries user+extension, user, domain, and .domain, all in that order, but only one of those can match - the first one[15:28:57] <adaptr> do not set default_transport unless you know exactly what you are doing[15:29:17] <Aprogas> adaptr: What I meant is that it checks recipient address, not sender. With "several forms" I meant it does all those you listed.[15:30:03] <Aprogas> If you want three clients to submit to one MSA (yours), and then split relaying of their mail over three specific IP-addresses, then overriding default_transport could make sense.[15:30:04] <ServerCrash> and surely i love this active ever helping community to ..thanks guys, its been your support in last 48hrs that got me up running with postfix :)[15:30:12] <adaptr> of course transport_maps doesn't check the sender. you would use sender_dependent_default_transport_maps for that[15:30:49] <ServerCrash> i even got exim installed, started configurations and i was in mess, hence ditched and got on to this lovely postfix :)[15:30:55] <Aprogas> adaptr: that settings overrides only default_transport, but doesn't specify nexthop or port (although the transport could override those if needed).[15:31:12] <Aprogas> adaptr: anyway, these are all pointless details, until ServerCrash finally reveals his true goal[15:31:38] <adaptr> we're on to exim now, I wonder if he will stop producing useless noise any time soon[15:32:16] <ServerCrash> 3 domains, 3 ips , i needed a solution where all outgoing mails represent its domain and goes through its ip, thats the goal[15:32:46] <ServerCrash> and carries no header information about other domains or ips[15:33:10] <ServerCrash> which could have played its part / role in transmitting the mails[15:33:18] <ServerCrash> from from my server[15:33:26] <Aprogas> ServerCrash: you are on the right track, but you did make some mistakes in the process, so verify everything you have done again[15:33:42] <ServerCrash> and whats that mistake ?[15:33:52] <Aprogas> !smtpd!=smtp[15:33:52] <knoba> Aprogas: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters have different meanings. smtpd_ = server and smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)[15:34:03] <Aprogas> Actually the grand mistake is you only read half of what we advise you.[15:34:20] <ServerCrash> Aprogas, gah[15:34:31] <adaptr> okay, 30% then, final offer[15:34:39] <ServerCrash> thats config for the transport that we are talking about[15:34:39] <Aprogas> Both me and rob0 mentioned smtpd!=smtp before.[15:35:03] *** ichdasich has quit IRC[15:35:06] <ServerCrash> Aprogas, may this help you http://www.kutukupret.com/2010/01/02/postfix-bind-sender-domain-to-dedicated-outgoing-ip-address/[15:35:07] <Aprogas> You are passing pointless options to smtp; smtp won't really mind, but you might expect those options to do something.[15:35:38] <adaptr> ServerCrash: WE're not in search of things above our expertise.[15:35:47] <ServerCrash> did you read about sender_dependent_default_transport_maps ? those are configs which works with it[15:36:05] <adaptr> ServerCrash: stop advising other people about things you have no clue about![15:36:08] <rob0> Aprogas: half? Perhaps you overestimate.[15:36:09] <adaptr> it's ridiculous[15:36:12] <Aprogas> Great, a server with AAAA but broken IPv6.[15:36:37] <Aprogas> ServerCrash: That howto doesn't pass smtpd_ settings to smt[15:37:08] <ServerCrash> yes , the myhostname setting is of smtpd,[15:37:12] <ServerCrash> i was trying it with smtp[15:37:19] <ServerCrash> to see if it works in this case[15:37:42] <ServerCrash> it didnt so i got back to xx.xxx.xxx.xx:smtp ........smtpd -o myhostname="foo.com"[15:37:45] <adaptr> fine - would you mind taking it elsewhere ?[15:37:50] <ServerCrash> i think you missed that part[15:38:04] <adaptr> if the documentation doesn't explicitly states that something is supported, then it's not.[15:38:15] <adaptr> I think you need to spend a few weeks actually reading the documentation[15:39:12] <ServerCrash> well documentation even didnt had clarifications on how to configure " sender_dependent_default_transport_maps" all it said was how it works[15:39:29] <ServerCrash> so probably i little bit or learning from google and you guys[15:39:42] <ServerCrash> and some hit and trials to learn based on my little brain[15:40:03] <adaptr> google is often wrong[15:40:06] <ServerCrash> adaptr, yes i agree 100% with you in regard to RTFM[15:40:15] <adaptr> don't agree with me - go do it[15:40:39] * Dominian agrees with adaptr[15:40:50] <adaptr> you too, Dominian ![15:40:54] <ServerCrash> yups so are we :), thanks will do..anyway its been great time with you guys, will catch up later..have a coffee :)[15:40:55] <rob0> RTFM has prerequisites. If you don't know the basics, TFM will only add to confusion.[15:40:59] <Aprogas> Does Google still pagerank the old Postfix docs higher than the new docs?[15:41:03] <Dominian> heh[15:41:14] <Trengo> and well it should![15:41:19] <adaptr> Aprogas: not just for postfix... happens with apache 2.0 even, while 2.2 has been the mainline for YEARS[15:41:24] <Trengo> there are more links pointing to them![15:41:28] * Trengo hides[15:41:30] <adaptr> yes, googlefail[15:42:04] <Aprogas> adaptr: I was wondering about that recently, I've been at 2.2 because I was too lazy to upgrade, recently I noticed 2.2 is still most recent stable.[15:42:19] <adaptr> what ?[15:42:25] <Aprogas> adaptr: Apache[15:42:28] <ServerCrash> ya silly google shows back bad posting done 10years ago in the top 10 results for many :p enjoy[15:42:28] <adaptr> where would you upgrade to[15:43:05] *** techexo has joined #postfix[15:47:35] *** ServerCrash has quit IRC[15:54:40] *** techexo has quit IRC[15:56:05] *** smica has joined #postfix[16:01:46] *** ichdasich has joined #postfix[16:12:58] *** stope has quit IRC[16:25:49] *** JonnyV has quit IRC[16:37:40] <adaptr> Aprogas: how about those crickets[16:38:50] <Aprogas> adaptr: Do you still want me to explain the Apache upgrade thing?[16:39:05] <adaptr> I'd love to hear where you would upgrade 2.2 to, yes :)[16:39:57] <Aprogas> The package manager of my OS doesn't cross larger versions by default. i.e. it will update 2.2.x to 2.2.y but not cross to 2.4 unless you tell it too. I just blindly assumed Apache 2.4 would be existent by now, and I had just been too lazy to read the migration/updating docs, and sticked to 2.2.[16:40:15] <Aprogas> So when I finally cut the knot and decided to upgrade it to the most recent version, I discovered 2.2 was still the most recent version.[16:40:20] <adaptr> 2.2.16 is stable[16:40:30] <adaptr> anything below 2.2.8 is old[16:40:57] <Aprogas> I am at 2.2.16 now, I was at 2.2.9 or so before.[16:41:16] <Aprogas> I did cross Postfix into 2.7[16:41:37] <adaptr> I upped it to cite's 2.8 package. you should, too[16:41:46] <Aprogas> Why?[16:42:00] <adaptr> because it's got postscreen :)[16:42:16] <adaptr> yes, I can even be a postfix nerd[16:42:24] <Aprogas> My MX runs on Debian, and I don't want to install non-apt software.[16:42:45] <Aprogas> I could put 2.8 on my backend mailserver, but all mail has been screened by then already.[16:42:49] <adaptr> I upped it to cite's 2.8 package. you should, too[16:43:02] <Aprogas> No! I refuse![16:43:08] <adaptr> you have no cause[16:43:22] <Aprogas> postfwd works fine for me for now, except it doesn't support IPv6.[16:47:19] * tharkun pokes at Aprogas to update to 2.8[16:48:12] <thumbs> tharkun: buenas dias[16:48:44] <tharkun> thumbs: buenos dias to you too :D[16:51:43] *** brancaleone has joined #postfix[16:52:56] *** UQlev has quit IRC[16:53:51] *** MAAAAAD has quit IRC[16:54:27] *** MAAAAAD has joined #postfix[16:54:56] <rob0> We upped our standards, so up yours![16:55:57] <adaptr> what standards ?[16:56:05] <adaptr> you adopted standards while I wasn't looking ?[16:56:34] <thumbs> tharkun: darn, yes, buenos.[16:57:24] <rob0> Um, that's a play on words, for those non-native English speakers here. "Up yours" is a slang epithet.[16:57:54] <adaptr> rob0: duh[16:58:39] <thumbs> rob0 is too educated for us.[16:59:03] <adaptr> yeah, he should take 'is standards an' shove 'em[16:59:10] <adaptr> up his[17:00:25] * tharkun does not want to interrupt this intimate moment[17:00:54] <adaptr> yes you want to, but you're intimidated by our standards, I understand[17:07:47] *** robotarmy has joined #postfix[17:07:57] *** JonnyV has joined #postfix[17:11:00] <Aprogas> Can postscreen basically do what a policyd can do?[17:11:46] <adaptr> it does two things: delay/block pregreet abusers, and white/blacklist based on that and on RBLs[17:12:14] <Dominian> the only thing about postscreen right now that irritates me...[17:12:22] <adaptr> but it w/blists the results of RBl lookups, making it a lot more efficient[17:12:26] <Dominian> is that it checks all RBLs and doesn't 'block' on the first positive result it gets[17:12:41] <adaptr> Dominian: not even when you have them both a *1 and the threshold at 1 ?[17:12:45] <Dominian> at least it logs CONNECT/DISCONNECT now[17:12:53] <Dominian> adaptr: hrm.. ya know.. I haven't tested that[17:13:02] * Dominian has to read up on postscreen options since the latest changes[17:13:02] *** robotarmy has quit IRC[17:13:04] <adaptr> I bet it doesn't do useless tests :P[17:13:11] <Dominian> I'm sure it doesn't[17:13:16] <Dominian> probably just some params I need to update[17:13:32] <adaptr> although postscreen parallelizes RBL lookups, so it may not have a choice[17:13:41] <Dominian> yah[17:13:41] *** JonnyV has quit IRC[17:13:51] <Dominian> in fact, I think wietse mentioned something about that on the mailing list[17:14:05] <adaptr> and it records the scores for future reference, so it kind of has to retrieve them all[17:18:08] <Dominian> yah[17:18:16] *** riversky has quit IRC[17:18:56] <Dominian> adaptr: definitely nice that you don't need the rbl lookup in smtpd_*_restrictions[17:19:49] <adaptr> yeah, and - caching :)[17:21:23] <Dominian> yah[17:26:27] *** wdp has joined #postfix[17:26:31] *** wdp has quit IRC[17:26:31] *** wdp has joined #postfix[17:31:03] *** riversky has joined #postfix[17:39:14] *** hever has quit IRC[17:41:02] *** rajijoom has joined #postfix[17:42:05] *** hever has joined #postfix[17:46:05] *** uqlev has joined #postfix[17:46:59] <Dominian> man.. I need to find someone else using mailzu or mailzu-ng[17:49:30] *** AlexC_ has quit IRC[17:51:08] *** uqlev has quit IRC[17:51:39] <jeev> i use it.[17:51:43] <jeev> but i haven't logged in in 6 months[17:53:06] <Dominian> jeev: how are you doing authentication with mailzu?[17:54:20] <Dominian> I get som eodd summary errors about DB error unknown error[17:54:21] <Dominian> damn annoying[17:54:27] <Dominian> and releasing messages gives an odd error as well[17:55:25] <jeev> oh[17:55:27] <jeev> let me check.[17:56:09] <Dominian> I can send reports all day long[17:56:30] <Dominian> wondering if I missed something somewhere...[17:56:31] <jeev> wait, how do you do auth? you can login ?[17:56:55] <Dominian> jeev: I can login to the web interface fine.. using sql.. I setup a 'basic' auth table for it to use and manually inserted some info so I could at least login as an administrator[17:57:03] <jeev> oh[17:57:07] <jeev> mine for sure uses the postfix db[17:57:12] <jeev> any user can login[17:57:20] <Dominian> riiight see...[17:57:22] *** ServerCrash has joined #postfix[17:57:22] *** ServerCrash has joined #postfix[17:57:25] <Dominian> this setup isn't going to be hosting email accounts[17:57:46] <Dominian> jeev: this will be a scan and hand off type thing[17:58:00] <Dominian> incoming mail scanned; then rerouted to the appropriate MX[17:58:20] <Dominian> we were looking at maia mailguard for this, however, their licensing is stupid.[17:58:45] <Dominian> Error connecting to :9998, $addr cannot be empty[17:59:02] <adaptr> that is stupid licensing indeed[17:59:06] *** ming_zym has joined #postfix[17:59:06] <jeev> ah yes it uses amavisd[17:59:08] <Dominian> that's the error when releasing.. and yes 9998 is accessible.. my guess is whatever is doing the $addr I need to find[17:59:12] <Dominian> jeev: yeppers[17:59:15] <jeev> $conf['db']['dbUser'] = 'amavisd';[17:59:32] <jeev> $conf['auth']['serverType'] = 'imap';[17:59:48] <jeev> what do you want me to check[18:00:22] <jeev> admins is an array[18:01:10] <Dominian> right I know that[18:01:12] <Dominian> I have all that setup[18:01:18] <jeev> $conf['amavisd']['spam_release_port'] = '9998';[18:01:23] <Dominian> hrm[18:01:25] <Dominian> k[18:01:31] <Dominian> it appears I have everything right...[18:01:34] *** [speef] has joined #postfix[18:01:52] <Dominian> jeev: thanks man[18:01:54] <jeev> but you had to set up a basic auth table[18:01:56] <jeev> in mysql ?[18:01:56] <Dominian> I'll just have to keep digging[18:02:05] <Dominian> jeev: yeah.. mailzu didn't supply any type of schema[18:02:08] <jeev> as in a manually created table in amavisd to let you login ?[18:02:12] <Dominian> right[18:02:17] <jeev> Dominian, it doesn't need schema, it logs in with uh[18:02:34] <Dominian> uhhh[18:02:40] <Dominian> it does need a table for sql to login with[18:02:41] <jeev> it logs in with imap![18:02:46] <Dominian> jeev: you can use whatever you want[18:02:52] <jeev> $conf['auth']['imap_hosts'] = array( 'localhost:993' );[18:02:56] <[speef]> for installing postfix[18:02:57] <jeev> yes, you dont want to use that ?[18:03:00] <Dominian> jeev: that's only ONE of the ways to auth[18:03:08] <Dominian> you can use ldap, sql, imap, AD[18:03:09] <jeev> i understand, so what the problem be[18:03:19] <Dominian> jeev: releasing messages.[18:03:20] <jeev> you just use sql ?[18:03:24] *** ircmasterman has joined #postfix[18:03:24] <Dominian> and some odd errors in the summarys[18:03:26] <Dominian> jeev: yep[18:03:35] <jeev> Dominian, single account or multiple accounts ?[18:03:50] <Dominian> jeev: for right now its one account for admins, but each 'domain' will have a domain admin account to manage their quarantine etc[18:03:53] *** ircmasterman has left #postfix[18:04:15] <jeev> Dominian, consider *trying* imap and seeing if it allows the release but then again you login with an admin username and it wont release.. hm[18:04:24] <jeev> wanna pastebin your config ?[18:04:47] <jeev> set up logging on sql and tail what it does when you click release[18:07:51] <jeev> ?[18:07:52] <ServerCrash> hey does anyone knows how to encode the content of outgoing mail by base64[18:08:12] <Aprogas> The MUA does that.[18:08:21] <ServerCrash> MUA ??[18:08:27] <Aprogas> !wikipedia[18:08:28] <knoba> Aprogas: Error: "wikipedia" is not a valid command.[18:08:49] <adaptr> ah, our new resident expert is still improving SMTP[18:09:09] <ServerCrash> MUA -- Make Up Artist -- Wikipedia[18:09:28] <jeev> wow[18:09:44] <ServerCrash> now whats next[18:09:47] <Aprogas> Within the 8 disambig definitions of MUA, which one is most relevent to SMTP?[18:11:23] <ServerCrash> :O[18:12:34] <ServerCrash> is there any benefit of encoding messages by base64?[18:12:49] *** shoonya has quit IRC[18:13:00] <jeev> do you know what base64 is ?[18:13:52] <ServerCrash> ya its like area 51 for mails :p[18:13:58] <jeev> no[18:14:03] <jeev> its not like area 51 for mails[18:14:14] <Aprogas> ServerCrash: You are trying to fix a problem that doesn't exist.[18:14:14] <jeev> you're thinking pgp or some shit[18:14:25] *** hever has quit IRC[18:14:33] <Aprogas> I think even Outlook will encode 8-bit mail by default.[18:14:40] <Dominian> jeev: yeah working on that now[18:14:46] <ServerCrash> nopes, i am not thinking on lines of pgp or some secret mailing[18:14:56] *** ming_zym has quit IRC[18:15:15] <jeev> how do you figure base64 is area 51 ?[18:16:44] <ServerCrash> i was going through some tips about good mailing practicies and how to over come landing up in spam, and one guy says encode it with base64, and i was wondering what difference it makes, and he suggested that thinking that mailservers will not be able scan the mail contents for words :p that could avoid them from landing in spam, and I was like how could this help from avoiding spam, if you are encoding in base64 the mail server knows in[18:16:44] <ServerCrash> and it can surely decode it for you[18:17:24] <ServerCrash> well people think area 51 is some kind of secret stuff, but its not something like that, similarly base64 also is no good :)[18:17:26] *** riversky has quit IRC[18:17:53] <Aprogas> Any half-decent spam/virus filter can handle base64.[18:18:00] <Aprogas> As well as zip, rar, arj, etc. for that matter.[18:18:05] *** Alagar has quit IRC[18:18:13] <ServerCrash> i agree to that[18:18:23] <Aprogas> Including 50 rar's put into a zip that is a base64-encoded attachment.[18:18:59] <adaptr> you can tell amavis how deep it should unpack archives[18:19:02] <adaptr> I think the default is 10[18:19:15] <ServerCrash> i then found out that few of the newsletters that always hit my mailbox are also base64 encoded[18:19:50] <ServerCrash> and some of them have double domain key signatures, one for there subdomain mail.foo.com and other for main domain foo.com though both signatures looked same[18:21:01] <ServerCrash> well i am trying to learn things, i dont know whats right or wrong at this time, but trying to make some bases to understand how things are working and what should/could be a good method[18:21:16] *** Southron has joined #postfix[18:22:52] <ServerCrash> also can anyone explain me what does this means Content-Transfer-Encoding: quoted-printable[18:23:59] <Aprogas> adaptr: Yes, but the 50 rars are parallel.[18:26:19] <ServerCrash> can someone point me on how to tune postfix for higher mail deliveries[18:26:25] <ServerCrash> or faster deliveries[18:27:30] <ServerCrash> what is the per hour speed you get in general on a quad core 4GB ram machine[18:27:46] <ServerCrash> on a gigabyte port[18:28:12] <lisa> !tuning[18:28:12] <knoba> lisa: Error: "tuning" is not a valid command.[18:28:18] *** shoonya has joined #postfix[18:28:28] <lisa> ServerCrash: http://www.postfix.org/TUNING_README.html[18:28:59] <ServerCrash> thanks lisa[18:29:03] <ServerCrash> !GUI[18:29:03] <knoba> ServerCrash: Error: "GUI" is not a valid command.[18:29:10] <ServerCrash> !gui[18:29:10] <knoba> ServerCrash: Error: "gui" is not a valid command.[18:29:26] <ServerCrash> !admin portal[18:29:26] <knoba> ServerCrash: Error: The "Admin" plugin is loaded, but there is no command named "portal" in it. Try "list Admin" to see the commands in the "Admin" plugin.[18:29:46] <ServerCrash> !list Admin[18:29:46] <knoba> ServerCrash: capability add, capability remove, channels, ignore add, ignore list, ignore remove, join, nick, and part[18:29:51] <ServerCrash> gah...[18:29:59] <ServerCrash> !sleep knoba[18:29:59] <knoba> ServerCrash: Error: "sleep" is not a valid command.[18:30:04] <ServerCrash> lolz[18:31:27] *** jense has quit IRC[18:32:47] *** riversky has joined #postfix[18:34:32] *** robotarmy has joined #postfix[18:34:57] *** JonnyV has joined #postfix[18:38:11] <Dominian> jeev: looks like the error log for mailzu is pointing out something wrong with one of the db queries[18:39:58] *** rajijoom has quit IRC[18:41:30] *** forsberg is now known as fOrsberg[18:41:30] <Dominian> and now it isn't producing the error.. interesting[18:43:18] <Dominian> jeev: http://pastebin.slackadelic.com/p/zs9OyW26.html[18:46:08] *** jense has joined #postfix[18:49:08] *** fOrsberg is now known as forsberg[19:00:07] *** forsberg is now known as fOrsberg[19:00:46] *** ServerCrash has quit IRC[19:01:47] *** shoonya has quit IRC[19:04:00] *** wdp has quit IRC[19:04:42] <jeev> hmm[19:05:12] <jeev> Dominian, lot of shit to sift through[19:05:23] *** Qwert has joined #postfix[19:05:57] <jeev> Dominian, right version of amavisd ?[19:09:52] *** santi has joined #postfix[19:10:20] <Dominian> jeev: yeah I'm working it out[19:10:26] <Dominian> it appears there some issues in some of the code[19:10:31] <Dominian> I'm slowly correcting it[19:10:50] *** Qwert has quit IRC[19:14:51] <Dominian> interesting[19:14:59] <Dominian> mailzu is trying to release the message to the outside interface of the box.. wtf[19:15:01] *** smica has quit IRC[19:15:16] *** sm has joined #postfix[19:15:28] *** Qwert has joined #postfix[19:17:29] <sm> g'day all. I am following http://www.postfix.org/SASL_README.html#client_sasl to configure my netbook to send mail via fastmail.fm. I have relayhost = [maps-proxy.messagingengine.com]:80 in main.cf. When I send, the log shows "status=deferred (Host or domain name not found. Name service error for name=maps-proxy.messagingengine.com type=A: Host found but no data record of requested type)". Any tips ?[19:18:43] <sm> (maps-proxy.messagingengine.com is their alternate smtp hostname providing service on port 80)[19:19:10] <thumbs> sm: clearly, you have a DNS issue.[19:19:34] <sm> I do, or they do ? I can look up that host fine[19:19:48] <thumbs> sm: you do.[19:20:20] <Aprogas> maps-proxy.messagingengine.com does not resolve for me either[19:20:31] <sm> hmm, you're right[19:20:57] <sm> that's a good start, thanks. Perhaps they've moved it[19:21:37] <sm> *imaps-proxy...* >:)[19:23:14] <sm> also: the howto alludes to postmap for reloading sasl_passwd changes.. I assume it's postmap -u sasl_passwd, but that segfaults on this ubuntu lucid netbook.. known bug ?[19:23:49] * thumbs blames ubuntu[19:24:13] *** higuita has joined #postfix[19:24:16] <sm> hmm, and just restarting postfix won't do. Guess removing the .db file will though[19:26:20] <sm> hmm. or not[19:29:04] <Aprogas> I don't know what -u is supposed to do[19:29:13] <Dominian> jeev: got it[19:29:37] <Aprogas> Interesting, postmap 2.5.5 does have -u, but 2.7.1 does not[19:30:36] <sm> how are you supposed to get a db file updated ? postmap's man page is unclear[19:30:52] <Aprogas> Recreate it from the source.[19:31:17] <Aprogas> I guess -u is for converting from older versions.[19:31:47] <sm> Aprogas: how :)[19:32:49] <sm> ok.. just postmap FILE[19:33:35] <Aprogas> !tell sm why[19:33:35] <knoba> sm: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[19:33:50] *** [speef] has quit IRC[19:33:52] <sm> yes, I'm sure. Thanks![19:34:47] <sm> I've done it many times over the years, but the details are always new[19:37:14] <adaptr> seriously ? have you seen a doctor about that ?[19:39:17] <tharkun> What's this german called ? YES this Alzheimer guy, What did i had to tell him ?[19:45:57] <sm> progress: my attempts now get "lost connection with imaps-proxy.messagingengine.com[66.111.4.44] while receiving the initial server greeting"[19:46:34] <sm> I think this means my mail provider is refusing to relay from this temporary ip, just like all other mail servers do[19:46:59] <sm> I was hoping that authenticating with them would change that. I wonder if that's working[19:47:35] <Dominian> thumbs: that guy is a common moron amongst multiple channels.. its not the first time I've seen him in #freenode whining[19:47:53] <thumbs> Dominian: pcard or cobb?[19:47:55] <Dominian> pcard[19:47:59] <Dominian> pcard = jl-picard[19:48:04] <thumbs> oh.[19:48:07] <Dominian> I've had to remove him from ##linux a few times iirc[19:48:39] <adaptr> has tom-b shown up in #freenode yet ? he's a perfect little whiny bitch too[19:48:52] <psilo2> Should remove Psi-Jack while you're at it[19:49:12] <rob0> sm: The initial server greeting comes before you can AUTH. No, AUTH is not working. It's probably a networking/firewall issue or a proxy that's blocking you.[19:49:15] <adaptr> lobbying for yourself ?[19:49:26] <Dominian> adaptr: he's there iirc[19:49:29] <sm> rob0: thanks[19:49:30] <Dominian> adaptr: haven't see him talk[19:49:32] <adaptr> sm: if you must know, trace the connection.[19:49:38] <adaptr> then mail them the results[19:49:42] <Dominian> psilo2: psi-jack is fine[19:49:59] <sm> ok. I'll double-check against my thunderbird auth config first, I know that works[19:50:23] <thumbs> adaptr: he's still in #h and #m, albeit muted[19:50:48] <adaptr> I know.. just wondering if he felt the need to whine about it[19:50:58] <Dominian> ahh[19:50:59] <adaptr> that type often does[19:50:59] <Dominian> not yet[19:51:21] <adaptr> I would love to be able to tattoo "ENTITLEMENT" across their faces[19:51:23] <sm> TB's Connection Security=SSL/TLS, Authentication Method=Normal password. I assume that's what I've told postfix to do[19:52:04] <adaptr> sm: if you don't know, I have no hope for you fixing the other issue... don't assume![19:52:32] <Dominian> postfix doesn't do authentication[19:52:41] <sm> By telling you my assumptions, I've inviting suggestions as to how to check them[19:52:41] <Dominian> are you using dovecot or something?[19:52:49] <Dominian> or local users... or mysql?[19:52:52] <sm> I'm following http://www.postfix.org/SASL_README.html#client_sasl[19:52:58] <Dominian> er[19:53:19] <adaptr> that has no bearing on using SASL with thunderbird[19:53:31] <Dominian> sm: postconf -a[19:53:35] * roe pops some popcorn[19:54:19] <sm> adaptr: as I said, I'm just comparing my postfix client auth config against thunderbird's, since the latter works[19:54:41] <adaptr> yes, but as I said, they have nothing in common. the postfix configuration for one has nothing to do with the other[19:55:13] <Dominian> the reason I'm confused is that link means using postfix as an sasl_client..[19:55:25] <sm> ok. I'm just wondering if my postfix config is in the right ballpark for the kind of authentication fastmail wants to do[19:55:33] <adaptr> ask them what yuo should do[19:55:44] <rob0> Is the server using SSL (smtps) or STARTTLS? I checked imaps-proxy.messagingengine.com:25 and :587, got no banner on either.[19:56:15] <sm> Dominian: yes, I'm trying to get my netbook's postfix to do client auth with my mail provider[19:56:23] <Dominian> netbook...[19:56:32] * Dominian goes back to amavisd-new and mailzu[19:57:06] <thumbs> sm: why are you using postfix at all? Tell your MUA to use your mail provider instead[19:57:58] <sm> thumbs: this seems to be a FAQ, but it's simple, I want command-line tools to be able to send mail. Eg darcs send to send patches upstream[19:58:02] <adaptr> rob0: no banner, but nmap shows 1000 open ports on that IP...[19:58:11] <roe> Dominian, that project looks interesting. Is it good?[19:58:18] <Dominian> roe: its ok[19:58:22] <thumbs> sm: ok.[19:58:25] <Dominian> roe: I had to fix some php warnings...[19:58:35] <Dominian> and there's some sql issues with releasing which I fixed[19:58:36] <roe> I really hated maia[19:58:38] <adaptr> !tell sm about nullclient[19:58:38] <knoba> adaptr: Error: No factoid matches that key.[19:58:41] <adaptr> !tell sm nullclient[19:58:42] <knoba> sm: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[19:58:46] <Dominian> tring to sort out the site and user specific quarantine summaries.[19:58:49] <adaptr> what does mailzu do ?[19:58:50] <Dominian> bbiab[19:59:00] <Dominian> adaptr: its a web front end t amavisd's quarantine[19:59:05] <adaptr> for users ?[19:59:05] <roe> adaptr, it is a web gui for amavisd-new[19:59:07] <roe> yea[19:59:07] <Dominian> allows users to have access to release spam messages[19:59:09] <adaptr> aha[19:59:15] <Dominian> however..[19:59:17] <Dominian> its mailzu-ng now[19:59:21] <adaptr> very good solution to that problem.[19:59:26] <Dominian> as mailzu the project died and fell off the face of the earth[19:59:28] <adaptr> all the other solutions suck[19:59:42] <Dominian> adaptr: mailzu is a good solution?[19:59:46] <adaptr> now to integrate it with squirrelmail or roundcube :)[19:59:53] <Dominian> yeah see[19:59:55] <roe> adaptr, +1[19:59:56] <sm> rob0: I believe SSL not STARTTLS, since the former is what I have set in thunderbird[19:59:58] <Dominian> THAT would be the shiznit[19:59:59] <adaptr> no, opffering an ienduser interface to amavis quarantine is a good solution[20:00:16] <adaptr> I know nothing about mailzu, I just asked you what it does![20:00:20] <Dominian> However, this box I'm working on is going to be a 'spam and pass it on'[20:00:24] <Dominian> hence using mailzu[20:00:31] <roe> I would much prefer a plugin to roundcube than an entirely new interface[20:00:34] <Dominian> nothing more than relay_domain and transport_maps with recipient verification[20:00:45] <Dominian> roe: trust me.. me too[20:00:47] <Dominian> ok bbiab[20:01:02] <sm> !nullclient_software[20:01:02] <knoba> sm: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include esmtp, ssmtp and nullmailer. also see !msa[20:01:20] <sm> !msa[20:01:20] <knoba> sm: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[20:02:26] <rob0> !smtps_client[20:02:27] <knoba> rob0: "smtps_client" : See !tls for a means of implementing a Postfix SMTPS client, using stunnel.[20:03:09] <rob0> Postfix has no native means of doing smtps as client, so a nullclient is likely best.[20:03:10] *** hesco has quit IRC[20:03:34] *** hesco has joined #postfix[20:04:00] *** hesco has quit IRC[20:04:23] *** hesco has joined #postfix[20:04:50] <sm> ok. I've done this before, and indeed there's a working config in the powered-down macbook in one of these boxes.. but I'll definitely check out the nullclient way[20:04:54] <sm> thanks all[20:15:15] *** pinoyskull has quit IRC[20:16:19] *** Qwert has quit IRC[20:20:32] *** aindilis2 has quit IRC[20:22:51] *** aindilis2 has joined #postfix[20:32:26] *** aindilis2 has quit IRC[20:34:23] <santi> Hello! Does anybody know a Tutorial how to remove the sentence "(Postfix, from userid 1001) "?[20:35:10] <Aprogas> Are you talking about Received-headers? Is this about mail submitted with the sendmail-binary?[20:35:22] <santi> Aprogas: Yes[20:35:26] <rob0> You could remove Postfix and replace with some other MTA.[20:35:52] <santi> rob0: But I like postfix :D[20:36:51] <Aprogas> I guess if it really bothers you, you could rewrite that header, but I strongly advise against editing your Received headers. If you mess up, debugging future problems is going to be horrible.[20:36:54] <adaptr> but not that part[20:37:15] <adaptr> more importantly, if you mess up - and you will - we're not going to help you[20:37:26] <adaptr> thereis never a reason to mess with headers[20:37:31] <rob0> You could submit mail using SMTP.[20:38:04] <santi> Aprogas: Could there be a problem if somebody knows the senders uid?[20:38:09] <Aprogas> Not really.[20:38:32] <santi> Aprogas: Then I don't do anything, thank you :)[20:40:30] <adaptr> yes, there will be sploding and hackery and zomg[20:40:43] <adaptr> no, wait - that was that other thing[20:42:00] * tharkun pokes with a 30 ft tazer at adapt[20:42:43] <adaptr> thanks, yes, that was it - NOW there will be sploding and zomg[21:12:55] <will_> What's sploding?[21:24:05] *** BlackBishop has quit IRC[21:26:14] * tharkun tazes everyone a nice weekend[21:26:20] *** tharkun has quit IRC[21:37:00] *** cga has joined #postfix[21:38:00] *** cinch has joined #postfix[21:40:28] *** wdp has joined #postfix[21:51:30] *** uqlev has joined #postfix[21:52:22] *** dogmeat has quit IRC[21:53:01] *** uqlev has quit IRC[21:53:59] * sm fails with 3 null clients, succeeds with postfix after correcting the mail provider hostname[21:55:00] *** dogmeat has joined #postfix[22:07:50] *** dogmeat has quit IRC[22:10:35] *** dogmeat has joined #postfix[22:12:16] <denysonique> How can I configure postfix to send my back the error message when an error occured when trying to deliver it. e.g. the remote smtp server refused my mail for some reason[22:13:00] <adaptr> all errors are logged[22:13:17] <adaptr> therse are not mailed anywhere, that would be stupid[22:13:19] <adaptr> *these[22:13:34] <adaptr> unless you mean you want to receive DSNs[22:13:37] <adaptr> it's unclear[22:13:54] *** cga has quit IRC[22:24:08] *** sm has quit IRC[22:26:19] <will_> I think he wants the DSN[22:34:58] *** p3rror has joined #postfix[22:36:09] <denysonique> yes DSN[22:36:16] <denysonique> exactly[22:36:34] <denysonique> ok[22:36:40] <denysonique> http://www.postfix.org/DSN_README.html I am reading this.[22:38:26] *** f3xy has quit IRC[23:04:29] <denysonique> Sep 25 21:05:34 localhost postfix/smtp[3924]: 5C45C10F9B3: host mailin-03.mx.aol.com[205.188.190.2] refused to talk to me: 421 4.7.1 : (DNS:NR) http://postmaster.info.aol.com/errors/421dnsnr.html[23:04:45] <denysonique> I would like to have these DNS mailed to the sender[23:04:51] <denysonique> DSN[23:05:38] <Aprogas> You mean you want to enable warning DSNs for deferred mail?[23:07:37] <denysonique> I would like the sender to know that his email was not successfully sent[23:09:01] <Aprogas> 4xx errors are temporary errors, Postfix will keep trying.[23:09:13] <Aprogas> After 5 days Postfix gives up, and notifies the sender.[23:09:19] <denysonique> right[23:09:23] <denysonique> thanks[23:09:24] <Aprogas> The real solution here is fixing why AOL refuses to accept your mail.[23:09:42] <Aprogas> You can use delay_warning_time to send warnings to users if their mail takes a long time to deliver.[23:10:21] <denysonique> well yes I know why;) but I was worried that no notification will be emailed to the sender[23:10:45] <Aprogas> If the sender forges their "MAIL FROM", then they won't receive the notification.[23:11:50] <denysonique> at all[23:12:05] <denysonique> okay anyway its 5 (working) days ;p[23:12:24] <Aprogas> Postfix does not take off in the weekend, it's 5 days.[23:12:53] <denysonique> mine does ;p[23:14:09] <jeremymcs> unless your relaying through a bigger ISP, your probably not going to get through to AOL[23:14:36] <denysonique> jeremymcs, ?[23:15:12] <jeremymcs> whats not to understand[23:15:17] <Aprogas> Fixing reverse DNS seems trivial.[23:15:21] <denysonique> yes[23:15:26] <denysonique> I know its rdns problem[23:15:27] <denysonique> thats it[23:15:50] <denysonique> btw how often does postfix retry to send mail?[23:15:57] <jeremymcs> you tell us[23:16:32] <denysonique> jeremymcs, I don't need to relay via an ISP. I have my own IP[23:16:47] <Aprogas> Yahoo will refuse you too, as will certain universities. Those usually seem the most strict.[23:16:48] <denysonique> well not solely my own but assigned to me[23:16:48] <jeremymcs> true, but if your IP gets bl'd .. your sol for a while[23:16:57] <Aprogas> Postfix uses a sensible retry mechanism.[23:17:12] <denysonique> well google is ok about rdns[23:17:21] <denysonique> I mean it doesn't care that much[23:17:30] <denysonique> but it would do a hostlookup[23:17:33] <Aprogas> A mailserver should have valid fcrdns.[23:17:35] <denysonique> I guess[23:18:01] <denysonique> what about SPF records would these help too? I am just wondering[23:18:02] <Aprogas> If not outrightly blocked, you will get spammy points, which can be worse, since spam is sometimes silently blocked, or moved to a folder the user never checks.[23:18:11] <Aprogas> If you understand them; if not you break stuff.[23:38:13] *** numen has quit IRC[23:43:18] *** santi has left #postfix[23:46:32] *** Tabmow has quit IRC[23:46:52] *** Tabmow has joined #postfix[23:49:05] *** brancaleone has quit IRC