September 28, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 28, 2010 [00:02:16] *** Section1 has quit IRC[00:06:36] *** henriknj has quit IRC[00:18:28] *** tharkun has quit IRC[00:28:33] <grobe0ba> I'm continually getting a 454 4.7.0 TLS not available due to local problem from Postfix. here's the output of postfix -n: http://grobe0ba.pastebin.com/a5sEZatU[00:28:37] <grobe0ba> i have no clue why[00:29:25] <Aprogas> Please show the exact logs within their context.[00:30:07] <grobe0ba> Never mind[00:30:07] <Aprogas> I don't recommend level = encrypt on port 25 either.[00:30:09] <grobe0ba> i am retarded[00:31:42] <grobe0ba> a five second fix for a log entry i fixed[00:31:48] <grobe0ba> s/fixed/missed/[00:34:37] <seekwill> "The SMTP TLS security level for the Postfix SMTP server; " <-- the "SMTP server" is referring to the inbound connection?[00:41:56] *** e-jones has joined #postfix[00:42:18] *** e-jones has quit IRC[00:47:29] <lunaphyte> refer to the parameter's name[00:47:56] <lunaphyte> ! smtpd_tls_security_level[00:47:56] <knoba> lunaphyte: "smtpd_tls_security_level" : the smtp tls security level for the postfix smtp server; when a non-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. this parameter is ignored with smtpd_tls_wrappermode = yes . this feature is available in postfix 2.3 and later[00:48:06] <lunaphyte> !smtpd!=smtp[00:48:06] <knoba> lunaphyte: "smtpd!=smtp" : Postfix smtpd_* and smtp_* configuration parameters have different meanings. smtpd_ = server and smtp_ = client, the server-side receives mail whilst the client-side sends mail. (smtpd = server = receives mail) (smtp = client = sends mail)[00:53:23] *** felipe` has quit IRC[00:54:02] *** brancaleone has quit IRC[00:54:23] <Dominian> hrm[00:54:28] <Dominian> anyone else using amavisd-new here?[00:54:37] <Dominian> !amavisd-new[00:54:37] <thumbs> Dominian: I used it.[00:54:37] <knoba> Dominian: "amavisd-new" : amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers. See http://www.ijs.si/software/amavisd/[00:54:41] <Dominian> blah blah[00:54:54] <Dominian> thumbs: Did you have it configured to send notifications to users when spam was quarantined?[00:55:01] <thumbs> Dominian: no.[00:55:06] <Dominian> Is it possible to do that?[00:55:14] <Dominian> I'm going over the documentation and not seeng an actual... setting for it.[00:55:15] <thumbs> not sure. Let me see.[00:55:36] <Dominian> thanks[00:55:37] *** makomi has quit IRC[01:18:17] <Dominian> Think I might've found it[01:18:17] <Dominian> so I need $warn_offsite = 1[01:18:17] <Dominian> bt I don't see spam notification[01:18:17] <Dominian> don't care about viruses right now[01:18:17] *** forsberg is now known as fOrsberg[01:18:18] *** kisisten has joined #postfix[01:18:19] <Dominian> grr[01:18:19] *** magyar has quit IRC[01:18:19] *** mizerydearia has quit IRC[01:18:20] *** e-jones has joined #postfix[01:18:20] <seekwill> You want a notification for every message that goes into q?[01:18:20] <Dominian> looks like its sending notifications..[01:18:20] *** e-jones has quit IRC[01:18:20] <Dominian> seekwill: trying to[01:18:20] <Dominian> I might've gotten it[01:18:20] <Dominian> I can see its handing off[01:18:20] <Dominian> ok mailzu is pretty sweet[01:18:20] <Dominian> I like how it logs the mail id[01:18:21] <seekwill> I don't like quarantines either :)[01:18:21] <Dominian> seekwill: Well, for the target audience...[01:18:21] <Dominian> no choice ;)[01:18:21] <seekwill> heh[01:18:21] <Dominian> If I was hosting this mail...[01:18:21] <Dominian> I'd use procmail or some such to stick it into a SPAM folder[01:18:22] <seekwill> Yeah[01:18:22] <seekwill> In that use case, I guess there's no other option[01:18:22] <Dominian> aye[01:18:22] <Dominian> this is a 'scan it then hand it off' setup[01:18:22] <Dominian> no hosted accounts[01:18:22] <Dominian> basically juse relay_domains and transport_map[01:18:22] <seekwill> yeah... :/[01:18:22] *** nb has quit IRC[01:18:22] *** eye69 has quit IRC[01:18:22] *** nihe has quit IRC[01:18:22] *** AstralStorm has quit IRC[01:18:22] *** denysonique has quit IRC[01:18:22] *** shal3r has quit IRC[01:18:22] *** twobithacker has quit IRC[01:18:22] *** micols has quit IRC[01:18:22] *** vho has quit IRC[01:18:22] *** _nalle has quit IRC[01:18:22] *** rob0 has quit IRC[01:18:22] *** _marix has quit IRC[01:18:22] *** tessier has quit IRC[01:18:22] *** Niklas-_ has quit IRC[01:18:22] <seekwill> bye![01:18:23] <Dominian> it appears though that.. I can't seem to get notifications tested.. it appears they are sent but they are not turning up in my oflder here..[01:18:23] <Dominian> damn it[01:18:23] <seekwill> logs?[01:18:29] <Dominian> seekwill: logs show it being sent[01:18:34] <seekwill> Where?[01:18:43] <Dominian> testing with my home email now[01:18:48] *** szonek has quit IRC[01:18:48] <Dominian> seekwill: I think its google apps interecepting it[01:18:51] <seekwill> ah[01:18:55] <Dominian> seekwill: I'm sending it to somewhere I have full control over[01:19:03] <seekwill> Send it to me![01:19:12] <Dominian> and of course.. work is greylisting it[01:19:19] <seekwill> THATS WHY GREYLISTING SUCKS[01:19:23] <Dominian> heh eyep[01:19:24] <seekwill> :D[01:19:28] <Dominian> greylistin gis a waste of resources imho[01:19:35] <Dominian> especially now that postfix has postscreen[01:19:42] <Dominian> but I haven't used greylisting in like 2 years[01:20:18] <jeev> i blacklisted seekwill's mailserver[01:20:25] <seekwill> jeev: Good![01:20:29] <lunaphyte> ever since i started using my new postscreen, all of my email has been MUCH clearer![01:20:32] <Dominian> I think everyone does by default[01:20:35] <seekwill> jeev: You should see 90% of your spam being lowered![01:20:36] <Dominian> lunaphyte: same[01:20:39] <Dominian> lunaphyte: what snapshot you on?[01:20:44] <Dominian> I'm on 2010/09/23[01:20:47] <Dominian> er.. 20100923[01:20:51] <jeev> mail.spamandpenis.com <- seekwill's mail server[01:20:59] <Aprogas> I use greylisting, but it doesn't trigger often.[01:21:00] <Aprogas> I use it conditionally.[01:21:00] <Aprogas> Basically I greylist hosts on some of the zealous blacklists, or those that fail fcrdns or helo. But not whitelisted hosts.[01:21:02] <lunaphyte> oh, that was a display joke :) i don't use postscreen.[01:21:03] *** nb has joined #postfix[01:21:03] *** eye69 has joined #postfix[01:21:03] *** tessier has joined #postfix[01:21:03] *** nihe has joined #postfix[01:21:03] *** AstralStorm has joined #postfix[01:21:03] *** denysonique has joined #postfix[01:21:03] *** shal3r has joined #postfix[01:21:03] *** twobithacker has joined #postfix[01:21:03] *** micols has joined #postfix[01:21:03] *** vho has joined #postfix[01:21:03] *** _nalle has joined #postfix[01:21:03] *** rob0 has joined #postfix[01:21:03] *** _marix has joined #postfix[01:21:03] *** Niklas-_ has joined #postfix[01:21:04] <Aprogas> lunaphyte: I already had that effect with policyd-weight and then postfwd; but I guess postscreen does what does do better and cleaner, because it runs entirely in front.[01:21:31] <Aprogas> I had to send a "lesser gtube" to myself recently, to get a rating between 4 and 8.[01:21:50] <Aprogas> So I used "Dear Friend, larger penis impotence cure" which is 5.5 or so in SA just by text-matches.[01:23:09] <Aprogas> Now I must sleep.[01:23:33] <Dominian> damn greylisting[01:24:02] <seekwill> Dominian: Send it to me![01:24:17] <Dominian> seekwill: email?[01:24:38] <seekwill> I just got my email server up this weekend. Happy :)[01:25:59] <Dominian> seekwill: looks like something went through[01:26:11] <Dominian> *$&#)&*##(&[01:26:17] <Dominian> its been OVER 5 min utes you stupid server[01:26:29] <seekwill> Yeah, got it[01:26:36] <seekwill> Your date is really off[01:26:41] <seekwill> 10/07/2002?[01:26:43] <Dominian> seekwill: its a gtube message[01:26:45] <Dominian> :)[01:26:48] <Dominian> its off on purpose[01:26:52] <seekwill> ah[01:27:04] <Dominian> did the mail itself come through or just a notification?[01:27:13] <seekwill> The actual mail[01:27:20] <seekwill> BTW, I don't have SA enabled on this server yet[01:27:37] <Dominian> wouldn't have mattered[01:27:42] <Dominian> I piped it through my server[01:27:44] <seekwill> Just letting you know[01:28:19] <Dominian> so not notification... the actual gtube message[01:28:19] <Dominian> fuck[01:28:40] *** Rado has joined #postfix[01:29:27] <seekwill> Correctoh[01:31:32] <Dominian> well at least something works[01:31:35] <Dominian> turned off that notification[01:31:41] <Dominian> I don't want it going offsite and quarantining the message[01:31:43] <Dominian> kind of stupid[01:36:26] <Dominian> ha no releasing isn't working[01:36:29] *** sphenxes has quit IRC[01:37:40] *** Jippi_moc has quit IRC[01:38:23] *** Jippi_moc has joined #postfix[01:38:44] <seekwill> Dominian: What about a daily email reminder that says they have messages in the quarantine?[01:38:55] <seekwill> That way it doesn't generate so much extra traffic[01:39:09] <seekwill> If you have a notification for each message, why not just send the message with a subject prefix :P[01:39:29] <Dominian> I'm still tweaking[01:39:37] <Dominian> I'm fixing code in mailzu as I go[01:39:39] <seekwill> It would totally suck if I got mailbombed with 1000+ spams, and while it went to the q, I got 1000+ notif's[01:39:46] <Dominian> oh I know[01:40:03] <seekwill> That's why I don't like quarantines. No one will remember to look there[01:40:17] <Dominian> well with this setup.. they have no choice[01:40:26] <seekwill> We use Linux! We're about choice![01:40:33] <Dominian> hehe[01:40:50] *** ralfWORK has left #postfix[01:43:19] *** sphenxes has joined #postfix[01:46:55] <jeev> who calls it an 'email server' ? wow.[01:47:52] <Dominian> gonna take some time away from this[01:48:03] <Dominian> I fix one issue and now I'm getting the same stupid ass message I was before[01:48:54] *** sphenxes has quit IRC[01:49:59] *** kisisten is now known as magyar[01:55:40] <standon> releasing from mailzu works fine here.[01:56:02] <standon> it should be trivial to troll the database with some predefined frequency and send a 'digest' to users who wish to receive them.[01:56:17] <seekwill> What kind of logging capabilities does Postfix have?[01:56:31] <Dominian> standon: releasing WAS working fine..[01:56:34] <Dominian> not sure what changed[01:56:39] <seekwill> I want to at least hook it into jlog[01:56:46] <Dominian> I'll mess with it more[01:56:55] <Dominian> at this point I'm just happy I got the quarantine site reading properly[01:56:55] <magyar> hi all, is there a way to protect saslauth?[01:56:56] <standon> Dominian: good luck...[01:57:16] <Dominian> standon: releasing was working then starting etting error :9998 $addr must not be empty[01:57:19] <Dominian> IT ISN"T YOU PIECE OF CRAP[01:57:20] <Dominian> :)[01:57:34] <magyar> i had an account broken in on port 25 using saslauth[01:57:55] <seekwill> KB1JWQ: Do you use jlog.org ?[01:58:21] <seekwill> magyar: TLS?[01:58:39] <magyar> seekwill: plain outlook from the client[01:58:57] <seekwill> magyar: You'd want to encrypt auth traffic...[01:59:00] <Dominian> weak password[01:59:04] <magyar> if i force tls, outlook breaks[01:59:17] <seekwill> magyar: There are workarounds[01:59:32] <magyar> is there a way to set limits[01:59:34] <magyar> ?[02:00:19] <seekwill> You can do anything you want[02:00:29] <magyar> seekwill: workarounds?[02:00:33] <seekwill> Yes[02:00:34] <seekwill> !outlook[02:00:34] <knoba> seekwill: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us[02:00:52] <seekwill> woohoo! i r gitten smert[02:01:42] <thumbs> seekwill: I'm not gonna hold my breath[02:01:58] <seekwill> thumbs: Ok, good idea.[02:02:37] <magyar> seekwill: what about self-signed certs?[02:02:50] <seekwill> magyar: What about them?[02:02:56] <seekwill> magyar: I don't use them :)[02:03:05] <magyar> hmm[02:03:09] <seekwill> Well, except for the one that expired and I'm too lazy to renew at the moment[02:36:56] *** xpoint has left #postfix[02:51:15] <chaoflow> I host several mailing lists and many of my users use gmail accounts. Gmail blocks certain file endings completely (http://mail.google.com/support/bin/answer.py?answer=6590). Is there a milter to achieve the same or how would you reject such mails during smtp time?[02:51:49] <chaoflow> I am successfully using clamav-milter for virus scanning but could not find option in clamav yet, to block certain file types without even scanning them.[02:52:38] *** bluethundr has quit IRC[03:04:47] *** Keith-BlindUser has joined #postfix[03:06:00] <Keith-BlindUser> I'm trying to figure out something. In the Mynetworks line of my Postfix main.cf, I have 127.0.0.0/8 and in restrictions for sending to recypiants, I have: permit_mynetworks, and a few other lines. But the problem is this.[03:06:55] <Keith-BlindUser> I keep trying to send an email to someone with an hotmail.com email address, and keep getting a "relay access denied." Why am I getting that when sending emails?[03:07:00] <Dominian> chaoflow: not that I'm aware.. I'm pretty sure though that amavisd-new which ties clamav etc and spamassassin together has that ability[03:07:19] <Dominian> Keith-BlindUser: are you sending from the local server that postfix is on or are you trying to send using your MUA?[03:07:23] <Dominian> Keith-BlindUser: if its the latter:[03:07:32] <Dominian> !tell Keith-BlindUser sasl[03:07:32] <knoba> Keith-BlindUser: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[03:07:37] <Dominian> !tell Keith-BlindUser submission[03:07:37] <knoba> Keith-BlindUser: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[03:08:49] <Keith-BlindUser> I keep getting an undeliverable message saying that some message couldn't reach it's recypiant and I'm sending from my mua not the local mail server server directly.[03:09:21] <Dominian> that's why[03:09:24] <Keith-BlindUser> oops put server twice[03:09:35] <Dominian> You have mynetworks set to 127.0.0.0/8 which means 'localhost' only[03:09:43] <Keith-BlindUser> AH[03:09:44] <Dominian> you'd have to add: permit_sasl_authenticated then setup[03:09:45] <Dominian> !sasl[03:09:45] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[03:09:48] <Dominian> !submission[03:09:48] <knoba> Dominian: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[03:09:50] <Dominian> ^^^^^^[03:10:21] <Keith-BlindUser> Ah[03:10:25] <Keith-BlindUser> I see the problem now, thanks.[03:10:39] <Dominian> welcome[03:11:07] <Dominian> now you can do sasl on port 25 but its usually recommended to use port 587 aka submission for authenticated user email[03:11:22] <Dominian> and leave 25 for inter-server communications[03:16:09] <Keith-BlindUser> Is there a way to do it just by fixing anything in the mynetworks line?[03:16:39] <Keith-BlindUser> I wonder what would happen if you were to put something like: mynetworks = <serverIP> without he /8 part of it.[03:16:46] <Keith-BlindUser> the*[03:16:50] <Dominian> wouldn't matter[03:16:57] <Dominian> it would still see itself as the only valid relay[03:17:06] <Dominian> you could add your IP where you are to mynetworks[03:17:10] <Dominian> but not really a good solution[03:17:56] <Keith-BlindUser> So what your saying is that I'd have to send the emil on the local server, and that's why it's not letting my client do the emailing. On the local server where a webmail client runs it would probably let the emil get through.[03:18:06] <Keith-BlindUser> email*[03:18:57] <Dominian> yes[03:31:13] *** jonez has quit IRC[03:34:51] *** wdp_ has joined #postfix[03:38:32] *** wdp has quit IRC[03:43:13] *** friskd has quit IRC[03:56:14] *** Alagar has joined #postfix[04:13:45] *** ib-mobile has quit IRC[04:15:54] *** ib-mobile_ has joined #postfix[04:27:39] *** Vivek has joined #postfix[04:27:39] *** Vivek has joined #postfix[04:34:33] *** hparker has joined #postfix[04:34:33] *** hparker has joined #postfix[04:41:18] *** Alagar has quit IRC[04:41:46] *** Keith-BlindUser has quit IRC[04:50:19] *** ren_ has joined #postfix[04:56:56] *** jonez has joined #postfix[05:01:49] *** LinuxCode has quit IRC[05:02:12] *** ren_ has quit IRC[05:03:13] *** pickcoder has joined #postfix[05:03:21] *** hobodave has joined #postfix[05:03:25] <hobodave> hey guys[05:03:37] <Dominian> hey[05:03:51] <hobodave> I'm stumped here. My server has been spamming this message over and over again in the mail log: https://gist.github.com/6bb5ed947c91d4622dfe[05:04:21] <Dominian> who is this 172.22.44.1?[05:04:23] <hobodave> I'm not sure how to stop it. I even tried sending a message to that address from the server, and it sent successfully[05:04:36] <Dominian> That IP is trying to relay through your server[05:04:47] <Dominian> so either a) find out wha tis on that IP and fix it or b) block it outright[05:04:50] <hobodave> that's my router[05:04:55] <Dominian> hrm[05:04:57] <Dominian> hobodave: mailq[05:05:00] <Dominian> whats it show[05:05:07] <rob0> !relay_denied[05:05:07] <knoba> rob0: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[05:05:25] <hobodave> empty[05:05:28] <Dominian> hobodave: did you obfuscate the email address or is it literarlly saying example.com?[05:05:33] <hobodave> obfuscate[05:05:41] <Dominian> well that fucks it up[05:05:42] <Dominian> !mung[05:05:42] <knoba> Dominian: "mung" : Mash Until No Good : the art of obfuscating data which ultimately results in unintentional consequences such as making diagnostics impossible.[05:06:16] <hobodave> not really, it was a simple s/real/example/[05:06:25] <hobodave> mailq is empty[05:07:47] *** hparker has quit IRC[05:07:54] <pickcoder> is your router configured to send mail to that address for messages?[05:09:02] <hobodave> pickcoder: you sir are correct, I never thought of that until just a minute ago[05:09:06] <hobodave> I think I can figure it out from here[05:09:09] <hobodave> so lame[05:09:35] <hobodave> what a stupid router[05:09:40] *** tharkun has joined #postfix[05:10:01] *** Zearth has quit IRC[05:10:08] <hobodave> you'd think it would give up after attempt 7 million[05:11:02] <pickcoder> it's an ignorant smtp client with no place to store thousands of failed messages so it just blindly dumps stuff.. it's also assuming that the admin that configured it has everything setup for it to work. :)[05:11:25] <hobodave> thankfully I'm not that admin so I can blame someone :D[05:11:28] <pickcoder> snmp web cards in things like UPS racks and other monitoring devices do the same thing[05:12:23] <hobodave> thanks pickcoder, Dominian[05:12:55] <pickcoder> no prob[05:19:47] *** Vivek has quit IRC[05:23:45] *** qiyong has joined #postfix[05:24:13] *** qiyong has left #postfix[05:32:36] *** Vivek has joined #postfix[05:34:12] *** hparker has joined #postfix[05:34:24] *** MAAAAD has joined #postfix[05:37:25] *** MAAAAAD has quit IRC[05:42:26] *** Vivek has quit IRC[05:42:26] *** Vivek has joined #postfix[05:50:11] *** tharkun has quit IRC[06:03:31] *** Vivek has quit IRC[06:10:43] *** hparker has quit IRC[06:12:58] *** pickcoder has quit IRC[06:16:26] *** felipe` has joined #postfix[06:17:16] *** Cyber0id has joined #postfix[06:17:49] <Dominian> hobodave: np[06:17:55] <Dominian> man.. just saw he 'thanked' me[06:17:59] <Dominian> shows how much I'm paying attention[06:18:04] <hobodave> :P[06:18:11] <Dominian> been reading up on recipient verification :)[06:18:48] *** Cyber0id is now known as Vivek[06:18:52] *** Vivek has joined #postfix[06:23:46] *** Motoko-chan has joined #postfix[06:29:35] *** jamesmacleod has quit IRC[06:34:25] *** niki has quit IRC[07:03:42] *** Vivek has quit IRC[07:13:34] *** axisys has quit IRC[07:17:56] *** axisys has joined #postfix[07:21:47] *** jamesmacleod has joined #postfix[07:22:38] *** Qwert has joined #postfix[07:23:10] *** jamesmacleod has quit IRC[07:25:19] *** Qwert has quit IRC[07:27:02] *** Qwert has joined #postfix[07:27:12] *** hobodave has quit IRC[07:39:35] *** Qwert has quit IRC[07:49:17] *** Vivek has joined #postfix[07:50:46] *** halfsack has quit IRC[07:50:46] *** EagleWatch has joined #postfix[07:59:27] *** selven has joined #postfix[08:03:56] *** hobodave has joined #postfix[08:04:05] *** Qwert has joined #postfix[08:10:38] *** falz has quit IRC[08:10:54] *** falz has joined #postfix[08:19:16] *** fOrsberg is now known as forsberg[08:23:58] *** makomi has joined #postfix[08:26:28] *** whitefang has joined #postfix[08:26:30] *** friskd has joined #postfix[08:28:02] <whitefang> ok, i started trying to modify my main.cf and master.cf...somehow i've broken my postfix. i swear i've reverted the changes but i'm still getting the same error[08:28:13] <whitefang> reloading, set-permissions, and upgrade-configuration have not worked[08:28:16] <whitefang> Sep 28 06:34:26 ionise postfix/smtpd[53311]: warning: connect #4 to subsystem private/rewrite: Connection refused[08:28:36] *** hobodave has left #postfix[08:29:31] <adaptr> you swapped something in/out of chroot. undo[08:32:04] <whitefang> hmmm, master.cf may not have been completely reverted[08:32:20] <whitefang> but i'm positive that my main.cf has been[08:36:05] *** makomi has quit IRC[08:36:21] *** friskd has quit IRC[08:37:19] *** makomi has joined #postfix[08:38:35] <whitefang> oh weird. i had a master.cf in /usr/local/libexec and i copied that over the /usr/local/etc/postfix/master.cf[08:38:43] <whitefang> and now mail i sent a while agto is starting to come through[08:40:26] *** roe has quit IRC[08:41:20] <whitefang> ok[08:41:22] *** Qwert has quit IRC[08:42:03] *** rajijoom has joined #postfix[08:42:51] <whitefang> AHJAHAHAHAHAH...sorry for the outburst.[08:43:06] <whitefang> i had somehow changed the rewrite line to Rewrite[08:43:12] <whitefang> i blame vi[08:44:37] *** halfsack has joined #postfix[08:46:52] <sysmonk> i blame you[08:47:04] <will_> i blame thumbs[08:47:15] <sysmonk> i blame you and thumbs[08:47:18] <sysmonk> and cpm[08:47:44] *** triplc has joined #postfix[08:47:51] <triplc> hi all[08:49:48] *** hever has joined #postfix[08:50:13] <triplc> (newbie question) do i need the same key using with dkim? i've just install postfix + dovecot + webmail with SSL certificate from RapidSSL. One key for 3 services in the same server. Now I am installing DKIM-milter. I do not know whether should I use the same key for dkim service. Please advice. I try Google but cannot find the answer[08:50:43] <will_> You can... and probably should... use a different key pair[08:51:20] <triplc> will_: oh[08:51:47] <will_> Well... strike out the "should". Maybe that's just my preference[08:52:09] <sysmonk> that's my preference too[08:52:14] <will_> They aren't related, so it doesn't matter[08:52:24] <sysmonk> you can use a self-signed key for that[08:52:27] <sysmonk> that's not a problem[08:52:32] <will_> ... I was just about to say that[08:52:44] <will_> Well, it's not self-signed...[08:52:45] <triplc> it's first time using dkim. in the past, when i use different key pair for dovecot/webmail, sometime the client software complain, because it detect the same server with different key pair[08:52:45] <sysmonk> yeah right[08:53:26] <sysmonk> triplc: dovecot/webmaiol/smtps is something that clients access and they're checking the ssl (well, their MUA or browsers)[08:53:28] <triplc> (ah... in this case my postfix using rapidssl.com cert)[08:53:34] *** hever has quit IRC[08:53:39] <sysmonk> and DKIM is something that is server<->server so clients don't see it at all[08:53:51] <triplc> yeah[08:54:16] <sysmonk> for dovecot/webmail/postfix i always use the same key (well, you have to use the same domain then )[08:54:23] <adaptr> it's a wonder you have anything left to blame, sysmonk[08:54:24] <sysmonk> but for dkim - it's always a custom one[08:54:40] <sysmonk> adaptr: blah, sorry that i forgot about you[08:54:43] <sysmonk> i blame adaptr too![08:54:48] *** hever has joined #postfix[08:54:48] <adaptr> oh good[08:55:21] <sysmonk> triplc: by the way, you can use adaptr for the DKIM ssl key[08:56:02] <sysmonk> and i heard that adaptr can answer all your questions about anything - sex life, impotence, windows, even ubuntu questions![08:56:08] <sysmonk> adaptr: is that better?[08:56:30] <triplc> who is adaptr?[08:56:32] <adaptr> I don't know anything about impotence, and you can forget about Ubuntu, too[08:56:45] <adaptr> as if anybody needs handholding with kiddyOS[08:57:01] <will_> adaptr: So I got this itch...[08:57:05] <sysmonk> well, ok, you might not know about impotence, but you just LOOOOVE answering questions about Ubuntu![08:57:10] <sysmonk> will_: :)[08:57:19] <adaptr> will_: is it red ? kind of stabby or long and drooly ?[08:57:31] <will_> all[08:57:45] <sysmonk> will_: it's called an sexual organ then[08:57:48] <will_> is that bad??? am i going to die???[08:57:52] <sysmonk> yes, you are[08:57:54] <sysmonk> :)[08:57:56] <adaptr> definitely, there's no question about that[08:58:32] <adaptr> everybody with a sexual organ is going to die![08:58:48] *** The_Kaptain has joined #postfix[08:58:49] <adaptr> but especially you will_ , I would make an exception even if you didn't have one[09:00:16] *** johest|w has joined #postfix[09:01:04] *** The_Kaptain has left #postfix[09:02:02] *** marjus has joined #postfix[09:02:02] *** marjus is now known as zamba[09:04:31] *** Motoko-chan has quit IRC[09:04:46] *** triplc has quit IRC[09:05:03] *** triplc has joined #postfix[09:05:26] *** qiyong has joined #postfix[09:05:30] <qiyong> postfix/anvil[28508]: statistics: max connection rate 1/60s for[09:05:33] <qiyong> is that a warning?[09:05:52] <qiyong> cap max rate? limit max mail rate?[09:06:13] *** makomi has quit IRC[09:06:27] *** cilly has joined #postfix[09:06:34] *** halfsack has quit IRC[09:06:56] <adaptr> qiyong: does it say it is a warning ?[09:07:06] <adaptr> qiyong: man anvil[09:07:28] <qiyong> adaptr, i want want limitations[09:07:35] <qiyong> adaptr, i don't want limitations[09:07:40] <adaptr> it is part of postfix' stress handling, and will kick in when certain predetermined thresholds are reached[09:07:41] *** makomi has joined #postfix[09:07:44] <adaptr> yes, you do[09:07:50] <adaptr> you need limitations[09:07:50] * triplc wondering if adaptr is a bot[09:07:59] * adaptr kicks triplc in the nut[09:09:51] <qiyong> adaptr, i don't want limits like 1mail /60 seconds[09:10:33] <adaptr> qiyong: man anvil[09:11:14] *** whitefang has left #postfix[09:11:17] <qiyong> adaptr, already, which option i should look ?[09:12:11] <adaptr> all of it - you want to know what it does, don't you ?[09:13:25] *** zamba has quit IRC[09:13:51] *** halfsack has joined #postfix[09:28:20] <triplc> hi all[09:29:38] <triplc> is there a way to 'mark' a message that not pass dkim? i've installed dkim and it's working well now :-) thanks guys. but crrently there is no way to mark 'not-pass' email (like using spamassassin to mark junk mail)[09:38:00] *** triplc has quit IRC[09:48:21] *** feisar has joined #postfix[09:48:46] *** nb has quit IRC[09:48:46] *** eye69 has quit IRC[09:48:46] *** AstralStorm has quit IRC[09:48:46] *** denysonique has quit IRC[09:48:46] *** twobithacker has quit IRC[09:48:46] *** micols has quit IRC[09:50:02] *** micols has joined #postfix[09:50:07] *** denysonique_ has joined #postfix[09:50:12] *** eye69 has joined #postfix[09:54:52] *** twobithacker has joined #postfix[09:55:10] *** EdwardIII has joined #postfix[09:56:37] *** nb has joined #postfix[09:56:40] *** qiyong has quit IRC[09:57:02] *** sphenxes has joined #postfix[09:58:20] *** brancaleone has joined #postfix[10:08:58] *** MoreTea has joined #postfix[10:09:34] <MoreTea> !welcome[10:09:34] <knoba> MoreTea: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[10:14:41] *** henriknj has joined #postfix[10:18:33] *** Qwert_ has joined #postfix[10:28:22] *** cga has joined #postfix[10:35:22] *** Qwert_ has quit IRC[10:36:37] *** Dovid[Laptop] has joined #postfix[10:40:02] *** Dovid has quit IRC[10:40:19] *** Qwert_ has joined #postfix[10:42:55] *** UQlev has joined #postfix[11:36:09] *** Dovid[Laptop] is now known as dovid[11:36:12] *** dovid is now known as DOvid[11:36:15] *** DOvid is now known as Dovid[11:52:30] *** Twinkletoes has joined #postfix[11:55:39] *** Qwert_ has quit IRC[12:03:24] *** Vivek has quit IRC[12:03:40] *** cpm has joined #postfix[12:03:41] *** cpm has joined #postfix[12:15:05] *** wdp_ has quit IRC[12:16:58] *** wdp has joined #postfix[12:23:00] *** cilly has quit IRC[12:23:33] *** Mugen has joined #postfix[12:23:48] *** cilly has joined #postfix[12:24:24] *** e-jones has joined #postfix[12:26:47] *** selven has left #postfix[12:31:53] *** e-jones has quit IRC[12:36:00] *** shal3r has quit IRC[12:42:00] *** denis__ has joined #postfix[12:43:03] *** lost_and_unfound has joined #postfix[12:45:49] <lost_and_unfound> greetings all, I know this is not a postfix question but you might be able to nudge me in the right direction. I want to filter mail being downloaed via pop3... will it be possible to use something like getmail/fetchmail and pass it through a milter before dropping the mail back to a maildir ? thanks[12:47:56] <UQlev> lost_and_unfound, fetchmail may convey messages to smtpd daemon[12:48:23] *** denis__ has quit IRC[12:48:24] <UQlev> lost_and_unfound, getmail delivers directly to maildirs[12:48:35] <Aprogas> dspam can run as a POP3-proxy I think[12:53:01] *** JoKoT3 has quit IRC[12:59:21] <lost_and_unfound> thanks for the ideas =]\[12:59:23] *** JoKoT3 has joined #postfix[13:01:32] *** hever has quit IRC[13:03:05] *** hever has joined #postfix[13:05:14] *** denis__ has joined #postfix[13:07:37] *** UQlev has quit IRC[13:25:27] *** henriknj has quit IRC[13:26:26] *** MoreTea has left #postfix[13:34:03] <sysmonk> actually i have never seen mail being scanned during pop3 download[13:34:32] <sysmonk> one thing why that would suck is the delay (i.e. me fetching my 5 gb mailbox through pop3... )[13:36:11] *** henriknj has joined #postfix[13:36:15] *** henriknj has joined #postfix[13:37:06] <Aprogas> I think if you are going to filter mail that late, you should leave it to the MUA and their Bayesian filtering.[13:37:33] <Aprogas> Either filter at MTA-intake (and reject during original session if possible), or have the client sort it out.[13:39:55] *** Section1 has joined #postfix[13:45:25] *** daguz has joined #postfix[14:00:11] *** uqlev has joined #postfix[14:08:08] *** saurabhb has joined #postfix[14:15:36] <magyar> morning guys, is there a way to auto block this? >>http://pastebin.com/4ATTqENF[14:18:19] <lunaphyte_> yes.[14:19:05] <Aprogas> fail2ban sshguard tools like that[14:21:53] <magyar> thanks[14:24:56] *** frex has joined #postfix[14:29:19] *** Qwert has joined #postfix[14:30:09] *** sebuba has joined #postfix[14:30:20] *** sebuba has quit IRC[14:30:57] *** sebuba has joined #postfix[14:31:31] *** hever has quit IRC[14:34:49] *** dddh has quit IRC[14:48:04] *** uqlev has quit IRC[14:54:24] *** wdp_aao has joined #postfix[14:55:00] *** ^octodick^ has joined #postfix[15:10:22] *** JonnyV has joined #postfix[15:14:26] *** halfsack has quit IRC[15:15:52] *** halfsack has joined #postfix[15:18:53] *** madduck has quit IRC[15:20:02] *** madduck has joined #postfix[15:26:33] *** UQlev has joined #postfix[15:27:10] *** brancal has joined #postfix[15:30:12] *** brancaleone has quit IRC[15:32:39] *** halfsack has quit IRC[15:37:25] *** halfsack has joined #postfix[15:42:17] *** bluethundr has joined #postfix[15:42:27] *** roe_ has joined #postfix[15:42:53] *** roe_ is now known as Guest43389[15:44:42] *** lost_and_unfound has quit IRC[15:48:39] *** sebuba has quit IRC[15:51:53] *** hever has joined #postfix[15:53:30] <Mugen> so when I use thunderbird to send a mail from a local user to a yahoo email, the logs say <recipient at yahoo dot com>: Relay access denied from host.com to yahooo.com... am I misunderstanding what a relay is here or is my main.cf screwed some other way?[15:53:41] *** brancal is now known as brancaleone[15:54:33] <Aprogas> yes[15:54:59] <Dominian> !relay_denied[15:54:59] <knoba> Dominian: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[15:55:02] <Dominian> also:[15:55:03] <Dominian> !sasl[15:55:03] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[15:55:05] <Dominian> and:[15:55:08] <Dominian> !submission[15:55:08] <knoba> Dominian: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[15:56:18] <Mugen> hmmm[15:57:08] *** zamba has joined #postfix[15:57:38] <Mugen> wait... client_ip is the mail user.. how am I supposed to know that for a random user?[15:58:07] <Aprogas> You don't, that's why random users can't relay via you.[15:58:08] <zamba> i've set up a reinject service for amavis in /etc/postfix/master.cf[15:58:19] <zamba> but when i issue netstat i see that it's listening on all interfaces[15:58:24] <Aprogas> Unless you set up a means other than IP-address to determine their identity.[15:58:42] <zamba> even if i have -o smtpd_bin_address=127.0.0.1 in master.cf[15:59:29] *** halfsack has quit IRC[15:59:41] *** denis__ has quit IRC[15:59:43] <Mugen> other means, meaning TLS right?[15:59:50] <Aprogas> zamba: What strange guide are you following?[15:59:57] <zamba> dunno :)[16:00:01] <zamba> it's an old setup here[16:00:02] <Aprogas> Mugen: TLS certs are possible but rare; more likely SASL.[16:00:17] <Aprogas> zamba: Give us the info we need.[16:00:24] <Mugen> ah ok.. that's actualy running already, just not configured right i guess..[16:04:47] *** Ill is now known as Illuminatus[16:05:22] *** halfsack has joined #postfix[16:09:03] *** arossouw has joined #postfix[16:09:47] <arossouw> is it possible to to regex with ldap as transport, ie recipient_bcc_maps[16:11:04] <arossouw> i want to get the list of ldap addresses from ldap directory, then replace the domain part with example example.com[16:12:57] *** siphr has joined #postfix[16:15:17] <siphr> question: I am trying to setup my own mailserver with postfix, running on one of my home machines tracked why dyndns, messages get marked as spam when i send them out. After spending a day trying to figure out what issue might be it seems like reverse dns lookup is very important if you want to pass through spam filters, is there anyway I can fix this or does it mean that i need to get a dedicated server where i can act[16:15:34] *** Mario__ has joined #postfix[16:15:38] <arossouw> i think i'll just write program to create a hash file from ldap[16:15:48] <f3ew> siphr rDNS is set by your ISP[16:16:03] *** Qwert has quit IRC[16:16:30] <Aprogas> siphr: Running a mailserver on a home/consumer range can lead to other problems. But you don't necessarily need a dedicated server.[16:16:33] <Aprogas> !vps[16:16:33] <knoba> Aprogas: "vps" : A Virtual Private Server is an affordable alternative to running a mailserver at home with a consumer-grade ISP connection. See also !port_25_block and !pbl[16:16:58] <Mario__> Hi all, I'm following workaround tutorial, I'm changing from sarge to etch, when I try to run the python script (python dbconvert.py) I get:[16:17:12] <Mario__> Traceback (most recent call last): File "./dbconvert.py", line 21, in <module> ctx = SessionContext(create_session) NameError: name 'create_session' is not defined[16:17:19] <Aprogas> Mario__: both sarge and etch are ancient, aren't they?[16:17:30] <siphr> Aprogas: ya I am aware of some of the issues, but I still want to try it for kicks.[16:17:51] <siphr> !pdl[16:17:51] <Mario__> Aprogas: yes, but in order to switch to lenny, I gotta do sarge - etch and then etch - lenny[16:17:51] <knoba> siphr: Error: "pdl" is not a valid command.[16:17:55] <siphr> !pbl[16:17:56] <knoba> siphr: "pbl" : The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. It is part of Zen as well.[16:18:19] *** Qwert has joined #postfix[16:20:33] <arossouw> any ideas how to keep a hash table like example recipient_bcc_maps up to date, when mail users are frequently added?[16:20:49] <arossouw> thought of using crontab, but not so sure if its good idea[16:20:54] <Aprogas> arossouw: How are users added?[16:21:21] <arossouw> we use a web frontend, kolab, the users are stored in ldap directory[16:21:48] *** HarryS has joined #postfix[16:21:50] *** Qwert has quit IRC[16:22:01] <Aprogas> Is the LDAP directory always up to date? Is the LDAP server capable of handling frequent small queries?[16:22:51] <arossouw> havent tested, in such a way[16:23:01] <arossouw> think should make replica of primary ldap[16:23:07] <Aprogas> I'm not sure what you're trying to do it, but it is possible to use LDAP as a table type.[16:24:07] <arossouw> Aprogas: i want to rewrite user at mydomain dot co.za to user at otherdomain dot co.za, to recipient_bcc_maps, then add otherdomain.co.za to transport maps, which will copy mails to another server[16:24:45] <Aprogas> Sounds a bit wicked, but I think you can do things like that in the ldap.cf file you make.[16:25:43] <sysmonk> definetly possible if everything is there, in ldap[16:25:45] <arossouw> not actually rewriting, just to send emails for user at mydomain dot co.za also to user at otherdomain dot co.za[16:25:52] <sysmonk> and ldap is fine for read queries[16:26:06] <arossouw> this is for email archiving[16:26:28] <arossouw> ok, i'll play around abit[16:26:38] <sysmonk> why can't you just use always_bcc and rewrite it to user_domain at archive dot yourdomain.co.za ?[16:26:54] <sysmonk> or whatever[16:27:09] <arossouw> i do use that at the moment, but i want a per user copy on the other server[16:27:26] <sysmonk> won't that be a per-user copy ?[16:27:32] <arossouw> yes[16:27:37] <sysmonk> i mean always_bcc one[16:28:15] <arossouw> heh, i thought that only sends to one email address ie. archive at otherdomain dot co.za[16:30:02] <sysmonk> oh, yeah, right[16:30:07] <Aprogas> virtual alias @domain1.com @domain2.com, at domain3 dot com ?[16:30:13] <sysmonk> but you can use recipient_bcc_maps and sender_bcc_maps with a regexp table[16:30:16] <Aprogas> oops[16:30:20] <Aprogas> virtual alias @domain1.com @domain1.com, at domain2 dot com ?[16:30:48] <Aprogas> Is this just for incoming mail to the mailboxes of the users?[16:31:00] <arossouw> both ways[16:31:07] <arossouw> so recipient_bcc_maps and sender_bcc_maps[16:31:46] <sysmonk> arossouw: why don't you use regexp map with those two ?[16:32:03] <sysmonk> or user1 at domain1 dot com might be forwarded to user91919191 at archive dot domain.com ?[16:32:25] <arossouw> ok, no problem, i'm just concerned that the list will get out of sync, or is it a ldap regexp?[16:32:44] <arossouw> sysmonk: correct[16:32:48] <sysmonk> oh[16:33:09] <sysmonk> then regexp won't work that way, unless there's a specific pattern[16:33:26] <sysmonk> i.e. /(.*) at domain dot com/ $1 at archive dot domain.com[16:34:01] <arossouw> hmm, ok, so i just have to figure out if its possible to to regexp with ldap[16:34:21] <Aprogas> sysmonk: Quantify that left-hand with ^ and $[16:34:26] <arossouw> maybe there is a ldapfilter query that can do that[16:34:38] <sysmonk> Aprogas: that's just a quick example[16:34:40] <Aprogas> Otherwise you'll match on @domain.com.aprogas.net :)[16:35:14] <sysmonk> Aprogas: unless arossouw has that one his mydestination/virtual_mailbox_maps...[16:35:15] <sysmonk> :)[16:35:25] <arossouw> thx, for the assistance, i'll go through postfix mailing lists, see if someone has done something similar[16:36:23] <arossouw> i do have this:[16:36:25] <arossouw> #virtual_mailbox_maps = $virtual_alias_maps[16:36:26] <arossouw> local_recipient_maps = $virtual_alias_maps, $alias_maps[16:37:39] *** hever has quit IRC[16:38:24] <arossouw> i'll figure something out :-)[16:38:27] <rob0> local_recipient_maps and virtual_alias_maps have a different lookup format. Also generally a bad idea [to try] to mix up address classes like that.[16:38:31] *** higuita has joined #postfix[16:38:42] <arossouw> rob0: its kolab :-([16:38:55] <Aprogas> !wwacsmd[16:38:55] <knoba> Aprogas: Error: "wwacsmd" is not a valid command.[16:40:00] <Aprogas> !learn wwacsmd as What Would A Crack-Smoking Monkey Do? This factoid is invoked when you do something so wicked with your setup, there is no other way to describe it.[16:40:11] *** sebuba has joined #postfix[16:40:14] <Aprogas> !poke knoba[16:40:14] <knoba> Aprogas: Error: "poke" is not a valid command.[16:40:18] <Aprogas> !wwacsmd[16:40:18] <knoba> Aprogas: "wwacsmd" : What Would A Crack-Smoking Monkey Do? This factoid is invoked when you do something so wicked with your setup, there is no other way to describe it.[16:40:28] <Aprogas> :)[16:40:30] <rob0> hehe[16:40:59] <rob0> Would a Crack-Smoking Monkey eat spam?[16:41:07] <Aprogas> A spameatingmonkey would.[16:41:15] <rob0> SelfishMan: ^^ ?[16:41:34] *** HarryS has quit IRC[16:41:42] *** Mario__ has quit IRC[16:41:44] <jelly> note to self: a wildcard in transport_maps overrides $mydestination[16:42:00] <Aprogas> jelly: I doubt it.[16:42:01] *** wdp_aao has quit IRC[16:42:39] <Aprogas> jelly: Unless you mean for domains you would accept mail for otherwise anyway.[16:43:17] <jelly> Aprogas: I had to literally put $myhostname into /etc/postfix/transport before the * entry to not get "mail loops back to myself" when mails for this machine's fqdn got routed over smtp:[16:43:46] <jelly> Aprogas: yes, well isn't mydestination "domains you would accept mail for otherwise anyway"[16:43:47] <Aprogas> I thought you meant wildcard in transport_maps would also behave as if wildcard in mydestination[16:45:39] <jelly> Aprogas: http://paste.ubuntu.com/502149/, mail for <foo> or <foo at mxscanout dot iskon.hr> got routed using the *.hr entry in transport[16:46:14] <jelly> including, amusingly, results for sendmail -bv[16:47:06] *** diegows has joined #postfix[16:47:17] <diegows> is there a document about the postfix log format?[16:47:56] *** Toerkeium has joined #postfix[16:48:18] *** Illuminatus has left #postfix[16:48:18] <jelly> Aprogas: and transport file if you're interested: http://paste.ubuntu.com/502153/ (sorry, it got routed using the ".hr" entry)[16:52:39] *** dddh has joined #postfix[16:52:58] <jelly> I didn't expect messages for local(8) to use transport_maps at all[16:54:21] <diegows> a good parser to recommend?[16:54:24] <diegows> *log[16:56:38] *** JonnyV has quit IRC[17:00:46] *** tharkun has joined #postfix[17:05:43] *** hever has joined #postfix[17:10:19] *** smica has joined #postfix[17:15:44] *** JonnyV has joined #postfix[17:20:29] *** rajijoom has quit IRC[17:28:17] <Mugen> grrrr.. so fixing sasl has fixed my rejected mail problem.. but I cant use the ssl option in thunderbird, only connection security: none works...[17:29:00] *** diegows has quit IRC[17:29:19] *** diegows has joined #postfix[17:29:45] *** halfsack has quit IRC[17:32:06] *** tharkun has quit IRC[17:32:09] <feisar> Mugen: have you opened the correct port on your servers firewall?[17:33:11] *** cga has quit IRC[17:34:43] <Mugen> should be open... default debian config[17:35:15] <thumbs> Mugen: don't assume anything.[17:35:28] <feisar> by default I believe the firewall on debian os totally open[17:35:36] <Mugen> ^^[17:35:38] <Mugen> yes[17:36:13] <feisar> but thumbs is right[17:36:27] <Mugen> although that may have got me looking in the right place... inetd.conf has sendmail stuff in it..[17:36:57] <Mugen> ahh commented out.. nothing in it but ntalk..[17:37:43] <lunaphyte_> um, if smtp auth is working it is not a blocked port...[17:38:06] <feisar> wait a min... you're connecting to the server with thunderbird and want to use ssl?[17:38:24] <Mugen> yeaj[17:38:34] <lunaphyte_> !tell Mugen tls[17:38:34] <knoba> Mugen: "tls" : Short for Transport Layer Security (RFC2246). It adds an additional layer of encryption to protocols such as SMTP, POP3 or IMAP to improve security during transmission over the Internet. TLS features in Postfix are documented here: http://www.postfix.org/TLS_README.html[17:39:02] <feisar> then I believe you need to configure dovecot or something similar[17:39:10] <Mugen> i'm running dovecot[17:39:15] <lunaphyte_> uh, no.[17:39:29] <lunaphyte_> please stop guessing solutions for people. it is not helpful.[17:39:38] <feisar> unless I have missunderstood, sorry[17:39:46] <Mugen> i can pull mail using pop3/ssl .. just can't send with an encrypted connection[17:40:13] <Mugen> tellin me about tls isn't much more helpful btw :P[17:40:14] <lunaphyte_> what you need to do is read the documentation and adjust your configuration accordingly.[17:40:24] <lunaphyte_> why not?[17:40:33] *** n0ctum has joined #postfix[17:40:41] <lunaphyte_> if you already knew that, you'd be reading it, RIGHT?[17:40:48] <Mugen> well I know i need it or ssl to be running, what provides it tho?[17:40:49] <UQlev> Mugen, have you pasted your postconf -n and master.cf?[17:41:09] <lunaphyte_> and your question would be something along the lines of "i've done this as described in the documentation, but it's not working..."[17:41:31] <lunaphyte_> and you'd follow that up with the information as described in the channel /topic when asking for help, RIGHT?[17:41:36] <Mugen> documentation was yesterday[17:41:50] <lunaphyte_> documentation is throughout the *entire* process.[17:41:54] *** n0ctum has quit IRC[17:41:57] <Mugen> heh[17:41:59] <feisar> Mugen: when you say you cant send with an encrypted connection what do you mean exactly[17:42:09] <lunaphyte_> !tell Mugen welcome[17:42:09] <knoba> Mugen: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[17:42:32] *** ghoti has quit IRC[17:44:17] *** n0ctum has joined #postfix[17:44:49] *** ghoti has joined #postfix[17:50:10] <Mugen> http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-mail.html[17:50:19] <Mugen> is what I originaly was trying to do[17:51:30] <feisar> Those guides are really only much use after you have read all the documentation needed.[17:52:04] *** robotarmy has quit IRC[17:52:28] *** ghoti has quit IRC[17:52:34] *** ghoti has joined #postfix[17:52:36] <Mugen> not much use then either, I have read most the docs, just gotta keep at it I guess[17:53:01] <feisar> what is the problem you are facing at the moment>[17:53:02] <feisar> ?[17:53:40] <Mugen> sasl doesnt seem to do what its supposed to be doing, which is provide ssl or tls[17:53:45] *** robotarmy has joined #postfix[17:53:49] <Mugen> wsa trying to figure out why[17:53:59] <thumbs> Mugen: sasl does not provide encryption.[17:54:19] *** Lantizia has joined #postfix[17:54:51] <Mugen> so whats it do?[17:55:01] <feisar> http://www.postfix.org/SASL_README.html[17:55:35] <thumbs> !sasl[17:55:36] <knoba> thumbs: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[17:55:37] <Mugen> hmm yeah, i just thought it used ssl or tls[17:56:36] <feisar> ssl and tls are separate, get sasl authentication working first[17:56:49] <Mugen> yeah it is[17:56:55] <thumbs> Mugen: good.[17:57:07] <Mugen> I can send mail if I dont mind sending it plain text.. which I do..[17:57:29] <UQlev> Mugen, pastebin your postconf -n and master.cf[17:57:57] <Mugen> ok gimme a sec[17:59:40] <UQlev> Mugen, in your thunderbird smtp server setting what port and secirity settings do you use?[18:00:08] <Mugen> http://pastebin.com/hX64WNiX for the -n[18:00:23] *** hever has quit IRC[18:00:39] <Mugen> port 25 atm.. 465 when trying ssl/tls option[18:01:41] <UQlev> Mugen, plain password or secure?[18:02:06] *** tharkun has joined #postfix[18:02:53] <Mugen> plain[18:03:19] <UQlev> ok[18:03:29] <UQlev> Mugen, master.cf?[18:04:06] <Mugen> smtps is commented out[18:04:10] <Lantizia> hey can the smtpd_tld_cert_file be my SSL cert + SSL intermediate cert ?[18:04:13] <Mugen> guess that could do it eh?[18:04:47] <UQlev> Mugen, yes if you want it on 465 port uncomment[18:05:29] <UQlev> Mugen, and submission if you want 587[18:06:07] <UQlev> Mugen, on my point better have both for compatibility with all kind Outlook[18:06:49] <feisar> I see 'smtp_sasl_auth_enable = no' in Mugen's postconf, is that right?[18:07:12] <UQlev> yes, this is for outward[18:07:27] <feisar> oh right, soz[18:08:38] <Mugen> ahh double line... good catch[18:09:10] <UQlev> no[18:09:18] <UQlev> smtp and smtpd[18:09:22] <Mugen> ahh your right[18:09:59] <UQlev> postconf -n will not show double, it will override[18:10:02] <Mugen> for the master.cf http://pastebin.com/L7pzeznw[18:11:07] <UQlev> Mugen, you should uncomment under submission and smtps all lines started with -o[18:11:26] <UQlev> Mugen, those are necessary options[18:11:37] <lennard> but leave the whitespace intact[18:11:38] *** deadpigeon has joined #postfix[18:12:17] <UQlev> Mugen, yes keep ident[18:12:41] <lennard> isnt that indent?[18:12:47] <UQlev> sorry[18:13:55] <Mugen> made changes, restarted, and now failing for new reason.. tbird says timeout.. checkin logs[18:15:06] <UQlev> Mugen, better restart thunderbird as well[18:15:39] <seekwill> Reboot![18:16:25] *** makomi has quit IRC[18:16:33] <Mugen> warning: No server certs available. TLS won't be enabled[18:16:50] <Mugen> gotta love progress :)[18:16:53] <UQlev> ha[18:17:40] <UQlev> Mugen, you have none tls relevant lines in your conf[18:17:42] <Mugen> at least its trying, guess thats enough for one night, heh[18:17:53] <Mugen> yeah i gotta go learn those now, heh[18:19:34] <UQlev> Mugen, add it to your main.conf http://paste.pocoo.org/show/268588/[18:19:35] *** Dovid has quit IRC[18:19:58] <UQlev> Mugen, note places where you should keep your certificates[18:23:27] *** MasterO has joined #postfix[18:24:12] <Mugen> fails on cache database.. googling :P[18:24:32] <lunaphyte> or, just read and follow the documentation...[18:24:35] <lunaphyte> !google[18:24:36] <knoba> lunaphyte: "google" : Those who use Google before reading the Postfix documentation, if fortunate, end up at http://www.postfix.org/ . If not, they end up in a jumble of bad questions, misleading or wrong answers, and outdated information.[18:24:51] <Mugen> heh[18:26:01] <UQlev> Mugen, comment out last 2 lines I gave[18:27:21] *** Dovid has joined #postfix[18:27:52] *** siphr has quit IRC[18:30:10] <Mugen> its trying,...[18:31:20] <Mugen> hmm doesnt like my cert, must be a type[18:31:24] <Mugen> typo, even[18:31:42] <UQlev> what exact error?[18:31:59] <Mugen> file not found[18:32:16] <UQlev> check path and permissions[18:32:53] <Mugen> works :)[18:32:55] <Mugen> you rock dude[18:33:31] <UQlev> Mugen, now having your server workind you may experiment.. slightly ;)[18:34:10] <Mugen> heh yeah, gonna tar up all the related /etc directories first thing :)[18:36:27] *** siphr has joined #postfix[18:36:53] *** siphr is now known as Guest81902[18:37:32] <SelfishMan> robotarmy: A crack-smoking monkey may eat spam but a spam eating monkey won't smoke crack[18:38:16] <SelfishMan> err...rob0[18:38:16] <Dominian> heh[18:38:17] <UQlev> "smoking is hazard for your health"[18:40:46] *** UQlev has quit IRC[18:41:23] *** Guest81902 has quit IRC[18:41:43] <SelfishMan> !ipinfo 64.15.152.235[18:41:44] <knoba> SelfishMan: Error: "ipinfo" is not a valid command.[18:41:50] <SelfishMan> oops, wrong channel[18:42:25] <Dominian> hehe[18:44:20] * tharkun fixes window maping o SelfishMan using a Tazer[18:47:05] <tharkun> Is this log entry worrysome ? postfix/postscreen[26604]: close database /var/lib/postfix/ps_cache.db: No such file or directory[18:49:44] <Dominian> uhh[18:49:49] <Dominian> are you using postscreen?[18:49:53] <Dominian> If so, then yes.[18:50:01] <Dominian> that's the cache db for postscreen results. iirc[18:50:16] <tharkun> Dominian: a simple touch should solve the isue right ?[18:50:25] <Dominian> dunno its supposed to be created automatically[18:50:49] <tharkun> I updated using cite's .deb package[18:50:56] <Dominian> might restart postfix[18:51:01] <Dominian> er..[18:51:06] * Mugen cries tears of joy over his mail server with it wicked awesome max 1 concurrent connection[18:51:08] <Dominian> s/restart/stop then start/[18:51:19] *** hever has joined #postfix[18:53:03] <Dominian> I have two servers using postscreen and never had it error out on that file.[18:53:25] <tharkun> Dominian: /var/lib/postfix/verify_cache.db: No such file or directory[18:53:29] <tharkun> also[18:53:32] <Dominian> heh[18:53:39] <Dominian> yeah it should be creating those automatically on start up[18:54:18] <Dominian> the verify_cache.db is if you are doing recipient verification iirc[18:54:29] *** hever has quit IRC[18:56:00] *** hever has joined #postfix[18:56:06] <tharkun> Dominian: do you have postscreen chrooted ?[18:56:22] <Dominian> no[18:57:33] *** jfried has joined #postfix[18:58:22] <tharkun> Dominian: if i chroot postscreen it should have access within the chroot to that file, and the /etc/init.d script should have an instance to restore that specific file right ?[18:58:27] *** hever has quit IRC[19:00:55] <Dominian> umm.. well I don't think the init.d script has nothing to do with it...[19:01:04] <Dominian> I believe its postfix that creates that[19:01:55] *** hever has joined #postfix[19:02:02] <tharkun> Ok so what piece of software is responsable for creating and updating the chroot jail. If not a specific example, at leat the theoretical case ?[19:04:48] <Dominian> Not sure to be honest, I've never chrooted postfix[19:05:19] <jeev> with the ability to create virtual servers on the fly, that's what i do[19:05:24] <jeev> i dont care about chroot[19:07:16] <seekwill> :D[19:07:25] <jeev> great[19:07:28] <seekwill> Solaris Zones![19:08:05] <tharkun> jeev: when your resources are scarce, you need to develope the ability to do a lot with very little. On my average client server i have a backupcopy of the full vps, on some cases (the most interesting ) they don't have the resources to do that[19:08:07] *** Zethrok has joined #postfix[19:09:20] <korozion> bbl[19:09:21] *** korozion has left #postfix[19:11:13] <tharkun> This low volume production server runs a pentium 3 with 512 Mb ram, it also runs their dns, dhcp and it is also their firewall and gateway to the internet :D[19:12:39] <lunaphyte> tharkun: the init script.[19:13:16] <jeev> pff[19:14:16] *** aptituz has quit IRC[19:14:21] <tharkun> lunaphyte: thx i thought so.[19:15:00] <tharkun> cite: the init script on your 2.8 does not support postscreen beeing chrooted.[19:16:02] <tharkun> scrollback for the reasons i believe that happens, feel free to correct me if i am wrong[19:17:44] <Dominian> wait the init script (/etc/init.d/) is tasked with creating those files?[19:17:51] *** Zethrok has quit IRC[19:18:09] <tharkun> Acording to lunaphyte yes, and it does make sense[19:18:17] *** Zethrok has joined #postfix[19:18:55] <lunaphyte> typically, perhaps in concert (to some extent) with the packaging system (although that would be a bit shortsighted.)[19:19:34] <Mugen> im off.. thank you all for your tolerance :P[19:19:35] *** Mugen has quit IRC[19:20:18] <seekwill> Is there a list of all the postfix devs?[19:21:07] <Dominian> hrm[19:21:21] <Dominian> lunaphyte: Well, the init script I use.. has nothing do with it other than 'postfix start' and 'postfix stop'[19:21:26] <Dominian> that's about the extent of my init script[19:21:33] <Dominian> unless you mean the 'postfix' init script itself... then that makes sense[19:21:50] *** siphr_ has joined #postfix[19:28:58] <tharkun> where would i look for postfix's init script on the source tarball ?[19:31:14] *** hever has quit IRC[19:39:50] <cpm> didn't know that the postfix tarball included an init script. I don't use one. I just start postfix from rc.local[19:42:04] *** henriknj has quit IRC[19:42:44] *** halfsack has joined #postfix[19:45:49] *** uqlev has joined #postfix[19:47:12] *** sebuba has quit IRC[19:48:17] <lunaphyte_> i was referring to the various distros' init scripts.[19:50:24] *** tharkun has quit IRC[19:52:00] *** Twinkletoes has quit IRC[19:53:22] *** rajijoom has joined #postfix[19:57:21] *** tharkun has joined #postfix[19:57:25] *** henriknj has joined #postfix[19:58:51] *** rajijoom has quit IRC[20:00:26] *** siphr_ has quit IRC[20:04:19] <rob0> Does not. Our postfix(1) command is a binary, not a script. The init.d stuff is distributor-provided.[20:05:27] *** siphr has joined #postfix[20:05:53] *** siphr is now known as Guest69240[20:07:14] *** daguz has quit IRC[20:10:43] <tharkun> rob0: thx[20:10:49] <cpm> who does not?[20:12:27] *** daguz has joined #postfix[20:20:57] *** Matic`Makovec has joined #postfix[20:33:35] *** EagleWatch has quit IRC[20:35:40] *** EagleWatch has joined #postfix[20:36:22] *** daguz has quit IRC[20:38:37] *** Mario__ has joined #postfix[20:38:55] *** bianchi has quit IRC[20:39:21] <Mario__> !welcome[20:39:21] <knoba> Mario__: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[20:40:12] *** daguz has joined #postfix[20:42:24] *** Mario__ has left #postfix[21:00:34] *** jeev has quit IRC[21:09:33] *** cpm has quit IRC[21:10:56] *** Arelius has joined #postfix[21:11:27] <Arelius> What does "not enough free space in mail queue": mean. None of my partitions are near full[21:12:31] <lennard> yet it means the available space is under queue_minfree[21:14:59] <Arelius> For the spool directory?[21:15:10] *** wdp_aao has joined #postfix[21:17:36] *** Guest69240 has quit IRC[21:18:54] <Arelius> I don't have queue_minfree set, and my spool partition has over 800 mb free.[21:23:40] *** uqlev has quit IRC[21:27:14] *** niki has joined #postfix[21:30:14] <Arelius> Now I am just getting Delivery temporarily suspended[21:30:16] <Arelius> errors[21:34:10] <Aprogas> Pastebin some logs with full context.[21:34:43] *** makomi has joined #postfix[22:02:21] *** nokia3510 has quit IRC[22:06:53] *** nokia3510 has joined #postfix[22:10:54] *** jeev has joined #postfix[22:13:06] *** siphr has joined #postfix[22:13:32] *** siphr is now known as Guest79751[22:15:14] *** wdp_aao has quit IRC[22:15:58] *** yaaar has joined #postfix[22:16:00] <yaaar> howdy[22:16:14] <adaptr> yaaas?[22:16:52] <yaaar> pardon what may be a bit of an ignorant question...but if i'm setting up dovecot, do i need to comment out the maildrop line in /etc/postfix/master.cf when i add the dovecot line?[22:17:19] <adaptr> "the maildrop line" being what ?[22:17:38] <yaaar> maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}[22:18:06] <yaaar> i'm adding a line like this: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}[22:18:08] <adaptr> are you *using* that transport ?[22:20:34] <yaaar> well that's a good question. i'm setting up dovecot/saslauthd to auth with mysql, so most everything will use the virtual transport and get delivered to /home/vmail/domain.tld/user/Maildir by dovecot. My only concern in getting rid of the other line was what might happen to mail for real (non-virtual) users like say root at host dot domain.tld[22:20:57] <adaptr> thos ethings have absolutely nothing to do with one another[22:21:29] <yaaar> ok then i understand what's going on here a lot less than i thought[22:21:37] <adaptr> that's quite likely[22:21:44] <adaptr> !goal[22:21:44] <knoba> adaptr: "goal" : describe your goal, not what you think the solution is[22:23:47] <yaaar> well the goal is to have dovecot deliver the mail. i just went in to add the line and saw that other line that was shockingly similar, so i was concerned they would be in conflict[22:23:54] *** MasterO has quit IRC[22:24:06] <yaaar> but if they're unrelated, i'll just leave it alone[22:25:35] *** feisar has quit IRC[22:29:10] *** Guest79751 has quit IRC[22:29:30] *** saurabhb has quit IRC[22:30:34] <tharkun> Does the verify daemon exists only on 2.8 ?[22:31:23] *** Zeit|awy has joined #postfix[22:32:04] <tharkun> Disregard the above[22:35:30] *** siphr_ has joined #postfix[22:35:48] *** MasterO has joined #postfix[22:55:09] *** daguz has quit IRC[22:56:10] *** siphr_ has quit IRC[23:00:32] *** Zethrok has quit IRC[23:03:49] *** Southron has joined #postfix[23:10:20] *** Matic`Makovec has quit IRC[23:16:02] *** sebuba has joined #postfix[23:17:17] *** jfried has quit IRC[23:18:33] *** sebuba has quit IRC[23:34:34] *** s0ber has quit IRC[23:35:18] *** s0ber has joined #postfix[23:35:44] *** makomi has quit IRC[23:36:14] <Arelius> I don't understand how adding a service to master.cf causes mail to get delivered to that daemon.[23:38:06] <Arelius> Or rather how the queue manager knows where to queue mail.[23:43:57] *** MasterO has quit IRC[23:44:18] *** MasterO has joined #postfix[23:45:44] *** smica has quit IRC