September 29, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 29, 2010 [00:00:16] *** sebuba has joined #postfix[00:01:10] <adaptr> Arelius: adding a service to master.cf will not cause anything to be delivered there[00:01:57] <adaptr> the queue manager knows where to deliver mail (it doesn't queue mail, it removes it from the queue) because attaching a transport to a message is the main mail routing function of postfix.[00:02:28] <adaptr> a queue message consists of an envelope, a transport:nexthop combination, and the message data[00:03:02] <adaptr> the queue manager reads the transport and routes accordingly[00:05:40] *** Dovid has quit IRC[00:06:08] *** cilly has quit IRC[00:06:15] *** Dovid has joined #postfix[00:08:58] <Arelius> thanks, I'll look into transports[00:09:54] *** sebuba has quit IRC[00:15:54] *** siphr has joined #postfix[00:16:21] *** siphr is now known as Guest61603[00:20:04] *** lostogre has joined #postfix[00:20:42] <lostogre> can anyone tell me what this is all about? This is a new account. There is not way that the user can be over quota.[00:20:46] <lostogre> relay=/var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp], delay=0, status=deferred (host /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 452 4.2.2 Over quota (in reply to RCPT TO command))[00:21:43] <lostogre> The other thing that is strange..... I don't see where I have quotas implemented.[00:22:11] * lostogre wonders if anyone is back there......[00:23:35] <lostogre> !welcome[00:23:35] <knoba> lostogre: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[00:25:47] *** henriknj has quit IRC[00:27:16] *** Section1 has quit IRC[00:30:52] *** wdp_aao has joined #postfix[00:33:27] *** BrownNose has joined #postfix[00:37:04] <lostogre> can anyone tell me what this is all about? This is a new account. There is not way that the user can be over quota.[00:37:09] <lostogre> relay=/var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp], delay=0, status=deferred (host /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp] said: 452 4.2.2 Over quota (in reply to RCPT TO command))[00:37:14] <adaptr> lostogre: you have quotas implemented in your LMTP MDA[00:37:15] <lostogre> The other thing that is strange..... I don't see where I have quotas implemented.[00:37:17] <adaptr> this is not postfix[00:37:27] <adaptr> lostogre: and don't repeat your question[00:37:33] <lostogre> ah. how can I fix this?[00:37:39] <lostogre> sorry.[00:37:49] <adaptr> ask in $mylmtpmdahere[00:37:57] <lostogre> ok. thanks.[00:44:31] <lostogre> adaptr, I tried echoing that and it was blank.[00:50:14] <adaptr> are you serious ?[00:53:28] <seekwill> I tried it too and it didn't work[00:53:33] *** Guest61603 has quit IRC[00:55:16] <adaptr> seekwill: I know you're serious, that's what scares me[00:55:33] <seekwill> rawr[00:56:55] <lostogre> what am I missing?[00:57:12] <lostogre> Yes, I was serious.[00:58:28] *** siphr_ has joined #postfix[00:58:34] <adaptr> that's rather worrying[00:58:45] <lostogre> ok.[00:59:00] <adaptr> it means you don't read too good - what exactly did I say ?[00:59:19] *** JonnyV has quit IRC[01:00:07] <lostogre> I don't know what it is that I am missing, so if you could be straightforward with me I would appreciate it.[01:01:41] <tharkun> adaptr: your variable naming technique sucks it is indeed $my_lmtp_mda_here[01:01:54] <adaptr> tharkun: I knew you were the smart one[01:02:17] <adaptr> lostogre: it means you ask about YOUR LMTP MDA in whatever channel deals with YOUR LMTP MDA[01:02:26] <adaptr> it's not postfix[01:02:33] <seekwill> Usually that's worded: ask in #mylmtpmdahere[01:02:51] <adaptr> seekwill: if he didn't get my version, he doesn't get that one.[01:02:53] <lostogre> Now I understand. Thanks for the clarification.[01:02:59] *** lostogre has quit IRC[01:03:33] <seekwill> true[01:04:42] <adaptr> it's not a lack of clarity on my part, although I wasn't very clear to an IRC-newb, I'm sure - it was semanticfail.[01:05:49] *** lostogre has joined #postfix[01:06:07] <lostogre> adaptr, only one problem. we are using the postfix lmtp mda[01:06:26] <adaptr> lostogre: postfix does not use lmtp to deliver mail.[01:06:51] <adaptr> it uses local(8), which writes to mailboxes directly[01:07:30] <lostogre> from the postfix man page.[01:07:32] <lostogre> lmtp(8), Postfix LMTP client[01:07:37] *** MasterO has quit IRC[01:08:38] *** __machine has joined #postfix[01:09:06] <adaptr> lostogre: do you understand what an MDA is ?[01:09:54] <lostogre> I understand that you could be trying to help instead of being an eliteist snot![01:09:57] *** lostogre has quit IRC[01:10:30] <__machine> i sent out an email newsletter last night and it seems that a lot of people have received the email twice... in my case the two emails are identical (same verp etc) apparently sent 1 second apart byt delivered 10 mins apart... my newsletter system tells me the email was only sent once... but it appears twice in postfix log... ?[01:11:37] <adaptr> show us[01:15:03] <tharkun> If dnsblog does the dns lookups for postscreen, who does exactly that for a normal smtp process ?[01:15:42] <adaptr> you mean the RBL lookup ?[01:15:46] <seekwill> __machine: Same ID? I would bet your mailing list messed up[01:15:47] <tharkun> yes[01:16:03] <adaptr> smtpd, obviously. *smtpd*_foo_restrictions[01:16:26] <adaptr> it's by far the largest piece of postfix code, and does tons[01:16:57] <tharkun> yes i know, but why doesn't postscreen rely also on that piece of code ?[01:17:10] <tharkun> instead of relying on dnsblog[01:17:17] <adaptr> because it's a single smtpd process ? it can't paralellize it asynchronously[01:17:21] *** BrownNose has left #postfix[01:17:31] <adaptr> postscreen just fires off multiple dnsblogs[01:17:37] <adaptr> smtpd has no such luxury[01:18:01] <tharkun> ok i get the idea. I am still a noob on postfix[01:18:12] <adaptr> it could be argued that smtpd could use dnsblog, instead - it was never a separate process before postscreen[01:18:52] <tharkun> Would it increase the output of smtpd ?[01:19:04] *** brancaleone has quit IRC[01:19:06] *** jeev has quit IRC[01:19:06] *** jeev has joined #postfix[01:19:36] *** BrownNose has joined #postfix[01:19:45] <adaptr> would it whut ?[01:20:14] <tharkun> Would using dnsblog increase the output speed of smtpd ?[01:21:27] <adaptr> I don't understand the question[01:21:33] <adaptr> what is "output speed" ?[01:21:43] <seekwill> mail sacle[01:21:46] <seekwill> mail scale[01:21:53] <adaptr> seekwill: no! WEBSKALE![01:21:58] <seekwill> fale![01:21:59] <adaptr> everything must be webskale[01:22:37] <tharkun> If using a module that parallelizes the dns queries of smtpd will make the overall length of the smtpd process shorter so on a given amount of time the amount of procesed emails is larger.[01:23:12] <adaptr> test it ?[01:23:23] <tharkun> How ?[01:23:34] <adaptr> you can't, because smtpd doesn't use dnsblog :)[01:23:44] <adaptr> hence my not understanding the question[01:24:14] * tharkun goes for some piano wire and a hot iron to fix adaptr understanding[01:24:51] <seekwill> tharkun: Yes, having a local DNS server can help speed things along. But what problem are you trying to fix?[01:26:43] <tharkun> seekwill: actually none, i was speculating on the stated fact that dnsblog can run multiple instances in paralel as oposed to the current way smtpd behaves.[01:27:19] <seekwill> It's better to hit a bottle neck first. Speculating can lead to bad things[01:27:28] <tharkun> you are right[01:27:32] <seekwill> i.e., wasting time[01:28:54] <jdoe> I've setup some reasonably high load servers and DNS has never been the bottleneck.[01:29:27] <jdoe> if your server is exposed to the internet your biggest bottleneck is almost certainly going to be spam ;)[01:29:42] <adaptr> jdoe: not with postscreen it ain't![01:29:59] <seekwill> I don't understand postscreen. Why is it so great when it comes to antispam?[01:30:08] <tharkun> definetly not, postscreen does move the bottleneck away from that[01:30:17] <adaptr> seekwill: because it actively blacklists clients[01:30:33] <seekwill> Based on it failing... like SA?[01:30:39] <seekwill> How?[01:30:49] <jdoe> adaptr: isn't that still marked as experimental? It's a neat idea, and I'd use it for personal mail... but I don't think I'd ever set it up (at least not without most of the checks disabled) in front of anyone ELSE's mail.[01:31:35] <seekwill> adaptr: How does it work, in a nutshell[01:31:39] <tharkun> jdoe: I setted it up on a low volume, low resources server and it is working wonders[01:31:39] <adaptr> seekwill: the first stage is that it receives the SMTP connection, not smtpd. it's a *screen*. then, it performs various pregreet and RBL checks, and based on hte outcome, it can actively block those clients from connecting again.[01:32:04] <seekwill> How is that better?[01:32:22] <seekwill> That's what I read, but I don't get how it helps out "so much"[01:32:29] <adaptr> seekwill: clients that pass the tests are then whitelisted and the conneciton passed to smtpd. smtpd is an expensive process that listens up to at least RCPT TO. postscreen doesn't, it acts solely on the connection and the HELO[01:33:04] <adaptr> it's cheap to run and you can probably run it at a ratio of 10x postscreen : 1x smtpd[01:33:18] <jdoe> tharkun: I understand what it does, I just don't like a lot of the checks.[01:33:21] <seekwill> So it's a performance boost more than anything else?[01:33:42] <jdoe> tharkun: a large portion of what it does can be done (at greater expense) inside of postfix, I don't run those checks there either.[01:33:47] <adaptr> jdoe: it's in 2.8, I'm running 2.8. that's not stable yet, AFAIK, so yes.[01:33:48] <seekwill> adaptr: You know, you could just stick RBLs into a database, and have it blocked at the firewall level...[01:34:16] <jdoe> adaptr: it's a great idea, I've wanted something like that for so long.[01:34:20] <adaptr> seekwill: it is designed to offload knwon spammers from yrou expensive smtpd processes, improving the throughput of ham and freeing up resources.[01:34:20] <tharkun> jdoe: The way i see it. Postscreen makes a test on the other side of the line for RFC compliance. Leaving most spam zombies out[01:34:37] <jdoe> adaptr: what I'd really like is something like postscreen that can send rbl'd clients -> spamd (not SA, the obsd one)[01:34:41] <adaptr> jdoe: um ? 5 seconds ago you said the opposite[01:35:03] <jdoe> adaptr: I said I don't trust a lot of the tests, I like moving testing in front of postfix itself though.[01:35:22] <adaptr> I see. there are only 2 tests - how many of them don't you trust ? :)[01:35:35] <jdoe> ... only two? I'd have to look at the man page again, I could have sworn it did more than that.[01:35:51] <tharkun> jdoe: Actually All the failing machines on the various tests are also on rbl lists[01:35:53] <adaptr> it waits for PREGREET and checks RBLs.[01:36:15] <tharkun> at least on my machines[01:36:20] <adaptr> my postscreen pregreet is "are you naughty or nice?"[01:36:28] <adaptr> it felt appropriate[01:36:46] <tharkun> To be or not to be ?[01:37:14] <BrownNose> anyone have experience with postscreen on os x server[01:37:27] <BrownNose> or know how difficult it would be to get owrking[01:37:31] <jdoe> adaptr: there's more than that, it also checks pipelining, bare newlines etc.[01:37:45] <seekwill> adaptr: How is postscreen different than doing it at the firewall level?[01:37:48] <adaptr> jdoe: ah, well, I count those as minor tests.[01:37:55] <jdoe> adaptr: haha. I identify myself as a microsoft product ;)[01:38:17] <adaptr> seekwill: your firewall cannot *test* whether a client is on one of 100 million RBL hosts[01:38:21] <adaptr> it would die.[01:38:30] <jdoe> tharkun: what works on a small mail server does not always generalize.[01:38:44] <seekwill> adaptr: But postscreen can? heh. My firewall can[01:38:52] <jdoe> tharkun: you can be as much of an RFC nazi as you like with your own mail, if you're responsible for other people's and legit mail doesn't show up, they tend to complain.[01:39:01] <jdoe> tharkun: (which I believe is basically what I said above)[01:39:09] <adaptr> seekwill: postscreen takes longer and doesn't drop any connections. it behaves as a mail server should. this is not by accident.[01:39:36] <seekwill> adaptr: So it gives a 550 after the banner?[01:39:39] <jdoe> seekwill: hmm, really? what firewall does rbl checks?[01:39:51] <tharkun> jdoe: thx, i'll take into cosideration when putting postfix on a higher level of stress.[01:40:00] <adaptr> seekwill: yurp[01:40:03] <seekwill> jdoe: Don't know off the top of my head. But many of our clients have it. Doesn't seem very hard[01:40:07] <seekwill> adaptr: ah[01:40:17] <adaptr> seekwill: and THEN drops the connection ;)[01:40:29] <adaptr> it's well documented[01:40:38] <tharkun> jdoe: as for people complaining about their mail, you would have to know my father to understand the level of pressure a single person can generate.[01:40:39] <seekwill> adaptr: Ok, I can see that as a better option. Then at least someone gets a DSN that says we dont want you vs. cant connect[01:40:49] <adaptr> correct[01:40:57] <seekwill> I do think that's a better idea[01:41:08] <tharkun> jdoe: fortinet does rbl checks[01:41:16] *** MasterO has joined #postfix[01:41:19] <adaptr> static TCP reject lists are not a bad idea if you have dependable lists[01:42:04] <adaptr> however, they're rarely truly static with mail, whcih is why postscreen allows you to score RBLs - you can set your threshold at 2 and use 3 RBLs each at single weighting, so 2 out of the 3 must agree[01:42:23] <adaptr> this is policyd functionality tha wietse has moed into postscreen[01:42:27] <adaptr> *moved[01:42:28] <adaptr> bleh[01:42:32] <seekwill> jdoe: I was onsite with a client. Trying to figure out why the RBL rejections were freakishly low (~10%). Found out later that they had a firewall at the load balancer[01:42:42] <seekwill> ... that had an RBL check[01:43:54] <jdoe> tharkun: ah[01:44:17] <jdoe> seekwill: interesting.[01:45:18] <seekwill> A number of clients has also brought up that they want to but RBL checks into their firewall to protect their entire network infrastructure. Since I'm only the mail guy, I don't really care what they're using in that much detail[01:45:42] <tharkun> I have a client that uses it, it was a pain to solve since it uses their own list. At the beginning i had a lot of backscatter until i used the right combination of rbl lists to avoid it[01:46:10] <seekwill> tharkun: YES!!! fucking difficult when we're told there's no firewall, but later find out that there is!!! :headdesk:[01:46:52] <adaptr> it's a stupid solution to a mail-only problem[01:47:45] <tharkun> seekwill: From that day on, i usually perform a portscan to investigate how the "look" to the outside internet[01:48:27] <tharkun> adaptr: i second the motion. But you should see the kind of paranoic business admins i have seen.[01:48:30] <seekwill> Port scans can put you on the rbl :)[01:48:59] <tharkun> seekwill: not if i state on the first interview that :P[01:49:11] <jdoe> seekwill: that's insane.[01:49:20] <seekwill> People do insane things[01:49:25] <jdoe> seekwill: well, unless they're using generally targeted rbls, killing tor nodes, open proxies etc.[01:49:28] <jdoe> but that's still fairly insane.[01:49:28] <tharkun> jdoe: seekwill is insane, you should know htat by now[01:49:33] <seekwill> This one time I jumped out of a perfectly good airplane[01:49:54] <BrownNose> question: my server is getting slammed by spammers/. I manage to keep them blocked by maintaing a spamassassin local.cf black list. However, my server's load is extremely high. Is there a better way to block domains that is not so high-load?[01:50:17] <seekwill> BrownNose: Do you use an RBL?[01:50:20] <BrownNose> I also have a ton of white lists[01:50:20] <BrownNose> yes[01:50:24] <BrownNose> three[01:50:32] <seekwill> Is zen one of them?[01:50:35] <BrownNose> yes[01:50:40] <seekwill> Where is the bottle neck?[01:50:49] <seekwill> CPU? IO? RAM?[01:50:52] <seekwill> SA?[01:50:56] <seekwill> POSTFIX?[01:50:58] <BrownNose> scanning the incoming messages for banned domains, it seems[01:50:58] <seekwill> THUMBS?[01:51:08] <seekwill> ARE YOU RUNNING ON A 486?[01:51:16] <BrownNose> 2.53GHz core 2 4GB ram[01:51:30] <seekwill> IO?[01:51:39] <BrownNose> io?[01:51:40] <adaptr> BrownNose: messages are not scanned for "banned domains". if you are, you're Doing it Wrong.[01:51:44] <seekwill> Disk[01:51:45] *** frex has quit IRC[01:51:45] <tharkun> BrownNose: vmstat -a 5 5 should give you a clue[01:51:52] <adaptr> oh please[01:51:52] <seekwill> iostat -x 1[01:51:53] <adaptr> dstat[01:52:08] <BrownNose> adaptr: yes they are. I have domains blocked in local.cf[01:52:12] <seekwill> adaptr: You don't scan for blacklisted domains in messages?[01:52:22] <BrownNose> and ever since adding them, my server load is extremely high[01:52:39] <BrownNose> my question is[01:52:48] <BrownNose> is there a better way to blacklist domains[01:52:54] <adaptr> use an RBL[01:52:57] <adaptr> one[01:53:02] <BrownNose> I am[01:53:05] <tharkun> BrownNose: then clear them asap so your server load drops[01:53:09] <Dominian> what rbl are you using?[01:53:19] <seekwill> BrownNose: Perhaps outsource the filtering?[01:53:36] <BrownNose> zen.spamhaus.org[01:54:06] <BrownNose> So there is no other way to block per domain then through SA local.cf?[01:54:21] <BrownNose> because the RBL just does not cut it[01:54:32] <adaptr> you're Doing it Wrong.[01:54:38] <adaptr> what volume do you have ?[01:54:49] <Dominian> eh[01:54:53] <Dominian> BrownNose: postconf -n[01:54:55] <Dominian> to a pastebin[01:55:02] <adaptr> eh, no - volume first[01:55:35] <Dominian> eh yes[01:55:36] <Dominian> :P[01:55:41] <adaptr> eh FINE[01:55:44] <Dominian> could be the order of checks causing the RBL to be ineffective :P[01:55:51] <adaptr> you're sleeping on the couch tonight[01:55:52] <Dominian> either that or implemented in the wrong class[01:56:00] <Dominian> adaptr: I always sleep on the couch![01:56:02] <BrownNose> http://pastebin.com/Reh6AhqT[01:56:07] <adaptr> my point exactly[01:56:13] <tharkun> or an excesive amount of dns checks that has zen blocked that ip[01:56:15] <adaptr> you're never getting off it[01:56:19] <BrownNose> I had only one RBL at first[01:56:29] <BrownNose> but added the others later to see if they would help[01:56:30] <Dominian> ding ding[01:56:34] <Dominian> there's your problem[01:56:43] <BrownNose> but the high cpu load happened much later[01:56:52] <BrownNose> after adding manual domain blocks[01:57:11] <Dominian> BrownNose: move your rbl checks to smtpd_recipient_restrictions and reload postfix[01:57:14] <adaptr> BrownNose: you have zero HELO checks before the RBLs. HELo checks are cheap, and stop pretty much 50% of spammers[01:57:21] <Dominian> yep[01:57:39] <Dominian> not only that the smtpd_client_restrictions... well might be 'ok' but I'd suggest doing all checks in smtpd_recipient_restrictions[01:57:42] <Dominian> just my two cents[01:57:49] <tharkun> !tell BrownNose cheatsheet[01:57:50] <knoba> BrownNose: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.[01:57:57] <tharkun> works[01:57:57] <BrownNose> okay[01:58:03] <BrownNose> thanks guys![01:58:16] <BrownNose> going to take a look[01:58:21] <tharkun> BrownNose: you also get to buy the beer this friday[01:58:27] <BrownNose> :([01:58:29] <Dominian> http://pastebin.slackadelic.com/p/c4VnQa67.html[01:58:29] <seekwill> woohoo![01:58:46] <tharkun> seekwill: you get to bring the chicks[01:58:49] <BrownNose> Dominian: great, thanks[01:58:50] <Dominian> I don't even use smtpd_helo_restrictions nor smtpd_client_restrictions[01:58:57] <seekwill> tharkun: But I always do that...[01:59:11] <Dominian> BrownNose: that's an optimal order imho, but others may have different opinions.[01:59:15] <Dominian> and I'm by no means a 'master'[02:00:22] <seekwill> Dominian is God[02:00:35] <Dominian> but I'm sure that you will see a vast improvement when you make those changes to smtpd_recipient_restrictions[02:00:36] <adaptr> Dominian: reject_unknown_client_hostname, is dangerous, consider switching to _reverse_[02:00:48] <Dominian> adaptr: good catch. that's not supposed to be there[02:01:00] <adaptr> haven't I heard that one before...[02:01:30] <Dominian> :)[02:01:32] <BrownNose> Dominian: you are recommending just to add what you have sent to me, not remove anything correct?[02:01:36] <Dominian> smartass[02:01:43] <tharkun> adaptr: where do you set the number of rbl hits on postscreen, i can't find it either on man postconf (8) or man postscreen[02:01:51] <Dominian> BrownNose: frankly, not sure how useful smtpd_client_restrictions or smtpd_helo_restrictions will be for you[02:02:15] <BrownNose> So, comment them out and add your changes?[02:02:22] <BrownNose> see how it goes?[02:02:30] <tharkun> BrownNose: actually switching your rbl checks to recipient_restrictions should help you a lot[02:02:51] <Dominian> yep[02:03:03] <Dominian> BrownNose: You can just switch the rbl checks to smtpd_recipient_restrictions[02:03:24] <BrownNose> great. much appreciated. I'll try it[02:03:32] <BrownNose> just switch the RBLs[02:03:37] *** tharkun has quit IRC[02:03:40] <Dominian> BrownNose: also do as adaptr pointed out and change reject_unknown_client_hostname to reject_unknown_reverse_client_hostname[02:04:00] <BrownNose> got it[02:04:14] <Dominian> that one is a bit weaker compared to reject_unknown_client_hostname[02:04:24] <adaptr> !postscreen_dnsbl_threshold[02:04:24] <knoba> adaptr: Error: "postscreen_dnsbl_threshold" is not a valid command.[02:04:34] <adaptr> blech, laggin behind as usual[02:04:36] <Dominian> reject_unknown_client_hostname requires that the IP->name and the name->IP match[02:05:04] <Dominian> where reject_unknown_reverse_client_hostname only requires the IP to map to a name[02:05:06] <BrownNose> i see, yeah I can't have any false positives[02:05:11] <Dominian> yah[02:05:12] <BrownNose> on my production server[02:05:14] <adaptr> well, technically, it requires that the IP->name->IP yields the same IP.[02:05:19] <Dominian> adaptr: right[02:05:31] <Dominian> basically it requires forward and rDNS to match properly as it should[02:05:46] <adaptr> *reverse* requires that the IP>name>IP points to *A* IP[02:05:57] <adaptr> it still doe sthe full lookup[02:06:05] <Dominian> Reject the request when the client IP address has no address->name mapping.[02:06:09] <adaptr> even reverse requires there to be an A record[02:06:11] <Dominian> that's all reverse does[02:06:32] <BrownNose> well thanks a lot, gonna head home. ill read that article too.[02:06:33] <Dominian> This is a weaker restriction than the reject_unknown_client_hostname feature, which requires not only that the address->name and name->address mappings exist, but also that the two mappings reproduce the client IP address.[02:06:46] <Dominian> adaptr: so you were close[02:06:48] <Dominian> :P[02:06:53] *** BrownNose has quit IRC[02:07:15] <Dominian> I really need to read through postconf(5) again[02:07:31] <Dominian> since I'm lazy and don't read release notes or the changelog all that often[02:07:38] <adaptr> Dominian: no, I was exact[02:08:11] <adaptr> I memorize that shit precisely because it is so confusing[02:08:54] <adaptr> the same goes for HELO, by the way, but the RFC says you shouldn't reject on a bad HELO[02:10:56] <Dominian> hehe[02:10:58] <adaptr> I have gotten mail from an actual ISP before that HELO'd with a single hostname. I had to dig it out of my logs and alter that to warn_if_reject[02:12:26] <Dominian> !learn postscreen_dnsbl_threshold as The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score. See http://www.postfix.org/postconf.5.html#postscreen_dnsbl_threshold for more information[02:12:53] <Dominian> hrm[02:13:01] <Dominian> !forget postscreen_dnsbl_threshold[02:13:13] <Dominian> !learn postscreen_dnsbl_threshold as The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score. See http://www.postfix.org/postconf.5.html#postscreen_dnsbl_threshold for more information This feature available starting with Postfix 2.8[02:13:18] <Dominian> !postscreen_dnsbl_threshold[02:13:18] <knoba> Dominian: "postscreen_dnsbl_threshold" : The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score. See http://www.postfix.org/postconf.5.html#postscreen_dnsbl_threshold for more information This feature available starting with Postfix 2.8[02:13:29] <Dominian> there[02:13:38] <Dominian> so postfix 2.2.2.2.2.2.2.2 users aren't lookin' for it[02:17:22] *** sphenxes has quit IRC[02:18:00] *** sherr has quit IRC[02:26:38] *** sherr has joined #postfix[02:52:31] *** bluethundr has quit IRC[02:53:17] *** Matic`Makovec has joined #postfix[03:01:45] <Dominian> adaptr: you mess with ldap recipient verification much?[03:01:55] <adaptr> no, and no :)[03:01:59] <Dominian> lol[03:02:05] <Dominian> 2 strikes on one question.. damn[03:03:18] <adaptr> sry...sleep[03:04:31] <Dominian> hehe no worries night man[03:04:38] <Dominian> !ldap[03:04:39] <knoba> Dominian: "ldap" : a lookup method that can be used by Postfix. An introduction can be found in the LDAP_README also found at http://www.postfix.org/LDAP_README.html. A worthy project dealing with LDAP and Postfix can be found at: http://jamm.sourceforge.net/howto/html/[03:07:03] *** lifeofguenter has joined #postfix[03:08:10] <Dominian> ahhhh relay_recipient_maps would work for the per host ldap query for recipient verification.[03:12:35] *** lifeofguenter has quit IRC[03:17:08] *** lifeofguenter has joined #postfix[03:19:12] *** lifeofguenter has quit IRC[03:19:42] *** lifeofguenter has joined #postfix[03:20:15] *** Motoko-chan has joined #postfix[03:21:51] *** JonnyV has joined #postfix[03:22:07] *** MasterO has quit IRC[03:25:19] *** Alagar has joined #postfix[03:25:27] *** Arelius has quit IRC[03:26:05] *** lkthomas has quit IRC[03:29:37] *** lifeofguenter has quit IRC[03:31:01] *** Alagar has quit IRC[03:32:46] *** lifeofguenter has joined #postfix[03:35:02] *** wdp_ has joined #postfix[03:35:06] *** wdp_aao_ has joined #postfix[03:37:32] *** wdp has quit IRC[03:39:29] *** wdp_aao has quit IRC[03:39:36] *** uqlev has joined #postfix[03:40:28] *** tengulre has joined #postfix[03:42:49] *** lifeofguenter has quit IRC[03:43:15] *** lifeofguenter has joined #postfix[03:48:04] *** n0ctum has quit IRC[03:50:55] *** mroe has joined #postfix[03:52:50] <mroe> I have a bit of a mind share gap. I am trying to configure a shared maildir. I want help at domain dot com to be delivered to /var/mail/public/help/[03:53:08] <mroe> this isn't a user's maildir in that I don't want any credentials associated with it[03:53:18] *** lifeofguenter has quit IRC[03:54:20] <mroe> !transport[03:54:20] <knoba> mroe: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[03:54:51] <mroe> domain.com is a local domain[03:55:10] <mroe> deliver is my mda[04:09:07] *** axisys has quit IRC[04:10:43] *** axisys has joined #postfix[04:20:06] <lunaphyte> sharing of maildirs isn't of any significance to postfix[04:20:41] *** lifeofguenter has joined #postfix[04:20:58] *** lifeofguenter has quit IRC[04:21:29] <mroe> no it isn't, but I would like to deliver mail to to a non-user mailbox[04:21:44] <Dominian> so.. deliver it?[04:21:47] <mroe> how?[04:22:46] <mroe> man for all addresses are currently being delivered to the user's homedir[04:22:49] <mroe> mail*[04:24:12] <Dominian> !virtual_mailbox[04:24:12] <knoba> Dominian: Error: "virtual_mailbox" is not a valid command.[04:24:15] <Dominian> !virtual_mailbox_maps[04:24:15] <knoba> Dominian: "virtual_mailbox_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains.[04:24:21] <Dominian> hrm[04:24:29] <mroe> it is a local mailbox[04:24:36] <mroe> not virtual[04:24:38] <Dominian> located where exactly?[04:24:47] <Dominian> you said delievered to the users's homedir..[04:24:51] <Dominian> where are you wanting to deliver it?[04:24:59] <Dominian> if you are doing local delivery... something has to exist there..[04:25:24] <mroe> I want email addressed to help at domain dot com to be delivered to /var/mail/help while user at domain dot com gets delivered to ~/Maildir[04:27:43] <Dominian> er[04:27:51] <Dominian> then its a virtual mailbox[04:27:52] <Dominian> I think[04:28:01] <mroe> domain.com is a local domain.[04:28:05] <denysonique_> !topic[04:28:05] <knoba> denysonique_: "topic" : The Postfix MTA || Wiki: postfixwiki.org || On using IRC: workaround.org/moin/GettingHelpOnIrc || Bot info: workaround.org/f=postfix || post postconf -n and relevant logs to a pastebin when asking questions / check your logs / know your unix basics || http://code.google.com/p/mail-trends/ || Channel log: http://echelog.matzon.dk/?postfix || http://permalink.gmane.org/gmane.mail.postfix.announce/110[04:28:10] <Dominian> the domain is.. yes[04:28:29] <mroe> you can have a virtual mailbox in a local domain? that doesn't sound right[04:28:31] <Dominian> mroe: You are going to have to tell postfix where to deliver mail for that address.. or whatever your MDA is[04:28:38] <mroe> I agree[04:30:09] <mroe> I just don't know how to do that with a local mailbox[04:30:37] <denysonique_> mroe, http://www.postfix.org/VIRTUAL_README.html just read this[04:33:16] *** siphr_ has quit IRC[04:33:37] <mroe> denysonique_, I have read this page often. The problem is help at domain dot com is the same address class as user at domain dot com but I need to supply a different delivery location for it[04:34:01] <lunaphyte> off of the top of my head, if it were me, i'd look into either a special transport for that address, or look into using pipe(8)[04:34:17] <Dominian> !address_classes[04:34:17] <knoba> Dominian: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[04:34:33] <denysonique_> mroe, the simplest way for you would be to just link /var/mail/usermailbox to /home/user/.mail[04:34:44] <Dominian> You could possibly cause that address to fall into its own address class, thus saving it to a 'virtual' mailbox[04:35:08] <Dominian> and it is 'virtual' even with the domain being 'local' since no user will actually exist for that mailbox...[04:35:18] <mroe> denysonique_, that only gets me part of the way there, the user 'help' would need to exist somewhere or else postfix will reject it[04:36:27] <Dominian> *cough*virtual*cough*[04:36:27] <mroe> !local_recipient_maps[04:36:27] <knoba> mroe: "local_recipient_maps" : a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.[04:36:53] <Dominian> I host virtual mailboxes even when the domain matches $mydestination[04:36:57] <Dominian> :)[04:37:49] <mroe> local_recipient_maps might get me part of the way there and mailbox_transport might seal the deal[04:37:53] <mroe> !mailbox_transport[04:37:53] <knoba> mroe: "mailbox_transport" : a configuration parameter in the main.cf: Optional message delivery transport that the local(8) delivery agent should use for mailbox delivery to all local recipients, whether or not they are found in the UNIX passwd database.[04:38:12] <denysonique_> mroe, what is your setup[04:38:22] <denysonique_> you have domain.com right?[04:38:37] <mroe> domain.com is configured as a local domain[04:39:11] <denysonique_> why you can't just do this 10 /etc/postfix/vmailbox:[04:39:11] <denysonique_> 11 info at example dot com example.com/info[04:39:17] <denysonique_> for a single address[04:40:06] <mroe> what parameter does that represent?[04:40:54] <mroe> screw it, I'm just gonna create the help user[04:42:00] *** denysonique_ is now known as denysonique[04:42:02] *** denysonique has joined #postfix[04:42:14] <mroe> thanks for brainstorming with me[04:42:28] *** mroe has quit IRC[04:53:28] *** tharkun has joined #postfix[04:58:49] *** Guest43389 is now known as roe[04:58:54] *** roe has quit IRC[04:58:54] *** roe has joined #postfix[04:59:43] *** shasta has quit IRC[05:23:08] *** pickcoder has joined #postfix[05:29:20] *** uqlev has quit IRC[05:31:41] *** uqlev has joined #postfix[05:32:35] *** MAAAAAD has joined #postfix[05:36:27] *** MAAAAD has quit IRC[05:37:33] *** Southron has left #postfix[05:46:21] *** tharkun has quit IRC[05:52:30] *** emcepe has joined #postfix[05:54:28] *** ek__ has joined #postfix[05:55:43] *** Ionic` has joined #postfix[05:55:57] *** ek has quit IRC[05:56:54] *** mcp has quit IRC[05:57:15] *** JoKoT3 has quit IRC[05:57:15] *** Ionic has quit IRC[05:57:15] *** Ionic` is now known as Ionic[05:57:39] *** JoKoT3 has joined #postfix[06:11:29] *** uqlev has quit IRC[06:16:08] *** Alagar has joined #postfix[06:16:32] *** Alagar has left #postfix[06:16:40] *** Alagar has joined #postfix[06:17:59] <Alagar> any one can help me. iam planing to implement postfix is our internal mail server..[06:18:26] <Alagar> any one can give me a good documentation for the installation[06:18:49] <roe> !basic[06:18:49] <knoba> roe: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[06:20:11] *** Qwert has joined #postfix[06:20:27] *** pickcoder has quit IRC[06:43:38] *** navaki has joined #postfix[06:50:40] <navaki> Hi all,i am writing a content filter script(After Queue) for postfix to extract attachments from all email. i modify master.cf for delivery email by pipe,but this doesn't work.i tested this script before and it work well. anyone can help me?thanks.[06:55:33] <Alagar> knoba: thanks. can you help me how to configure to receive multiple domain emails from postfix[06:55:49] <Alagar> any one can help me ?[06:59:08] <navaki> any one can help me,too?[06:59:10] *** shasta has joined #postfix[07:06:58] *** Qwert has quit IRC[07:08:52] *** hooch has quit IRC[07:15:46] *** Qwert has joined #postfix[07:18:29] <will_> Alagar: I believe "my_destinations" is what you're looking for[07:18:59] <will_> navaki: I can't help. But help those who can by pasting logs and your config... /topic[07:54:06] *** tjikkun has quit IRC[08:04:05] *** rajijoom has joined #postfix[08:13:48] *** e-jones has joined #postfix[08:17:18] *** halfsack has quit IRC[08:18:52] *** rajijoom has quit IRC[08:19:11] *** lunaphyte has quit IRC[08:19:27] *** navaki has quit IRC[08:23:24] *** Qwert has left #postfix[08:32:13] *** lunaphyte has joined #postfix[08:32:13] *** lunaphyte has joined #postfix[08:37:20] *** Motoko-chan has quit IRC[08:40:47] *** Ionic has quit IRC[08:41:12] *** Ionic has joined #postfix[08:44:44] *** Matic`Makovec has quit IRC[08:53:42] *** xpoint has joined #postfix[08:54:35] *** xpoint has left #postfix[08:57:15] *** xpoint has joined #postfix[09:05:06] *** EdwardIII has quit IRC[09:06:44] *** cilly has joined #postfix[09:08:34] *** halfsack has joined #postfix[09:10:05] *** henriknj has joined #postfix[09:14:20] *** brancaleone has joined #postfix[09:19:43] *** xpoint has left #postfix[09:23:15] *** bezourox has quit IRC[09:28:00] *** will_ has quit IRC[09:29:00] *** g0rd0n has joined #postfix[09:30:59] <g0rd0n> hi there! this is kinda urgent... someone sent an email yesterday, and since then our postfix sends out a bounce message each 5 minutes to the sender telling him that the message was too large[09:33:41] <g0rd0n> how can i make it stop?[09:36:38] <KTL> grmbl my postfix behaved as open relay because the firewall which forwards external mail to it was also in in one of the "mynetworks" subnets[09:37:32] <g0rd0n> hehe[09:37:54] <g0rd0n> my postfix is spamming a sender each 5 minutes and i have no idea what ic an do about it[09:38:20] <KTL> maybe try to find some related mail in /var/spool/postfix, remove it?[09:38:27] <g0rd0n> apparently his email even got delivered (i got queeue active in the logs), but since then each 5 minutes a message is sent out to him[09:39:54] <g0rd0n> the queue is empty[09:42:18] *** bezourox has joined #postfix[09:44:12] *** JoKoT3 has quit IRC[09:49:18] *** JoKoT3 has joined #postfix[09:51:00] <g0rd0n> i don't get it, it's a permanent error and it's being sent out each 5 minutes, without any new mails coming in...[09:51:31] *** edakiri has joined #postfix[09:51:33] <g0rd0n> oh i get it now[09:51:33] <g0rd0n> lol[09:51:54] <g0rd0n> stupid fetchmail[09:52:09] *** edakiri has left #postfix[09:54:02] <g0rd0n> still odd though, the postfix server on the system running fetchmail has mailbox_size_limit = 0[10:01:16] <g0rd0n> hmmm postconf -d shows mailbox_size_limit = 10240000 no matter what is set in main.cf[10:06:38] *** UQlev has joined #postfix[10:06:48] <g0rd0n> lol, postconf -n[10:06:50] <g0rd0n> bye![10:06:52] *** g0rd0n has left #postfix[10:07:19] *** makomi has joined #postfix[10:13:12] *** TomHome has joined #postfix[10:15:41] *** mustu1 has joined #postfix[10:16:02] <mustu1> hey! is Postfix forked out from Sendmail?[10:16:15] <mustu1> Is there Sendmail code behind Postfix?[10:17:24] <UQlev> mustu1, postfix is forked from MSExchange[10:18:32] <mustu1> UQlev: can't believe[10:18:37] <UQlev> mustu1, that is why it is still used as frontend for Exchange[10:18:42] <mustu1> UQlev: any refrence?[10:19:48] <sysmonk> yes, microsoft.com used postfix a few months ago[10:24:13] <mustu1> sysmonk: any refrence plz[10:24:17] <mustu1> i cuoldn't find that[10:25:28] *** makomi has quit IRC[10:26:38] *** e-jones has quit IRC[10:26:38] <sysmonk> mustu1: we're joking around about exchange. postfix was written from scratch[10:26:49] <sysmonk> but yes, microsoft did use postfix[10:26:57] <sysmonk> i think they stopped using it about a year ago[10:27:06] <mustu1> :)[10:27:13] *** forsberg is now known as fOrsberg[10:27:21] <mustu1> i was expecting it could be a joke ...[10:27:33] <mustu1> i am reading a book on postfix[10:27:45] <mustu1> frm PACT ... title "Linux eMail"[10:27:49] <mustu1> it's about postfix..[10:28:17] <mustu1> I got a bit confused if PF have any relation with Sendmail in it's Code Base[10:28:26] *** makomi has joined #postfix[10:28:43] *** tengulre has quit IRC[10:29:13] <UQlev> mustu1, PF is firewall, do not confuse it with postfix[10:30:11] <UQlev> mustu1, your research has no practical meaning here, search google if you decided to write an article[10:30:55] <mustu1> UQlev: ahh.. it said PF for PostFix ...[10:31:17] <UQlev> never seen this appreviation applied to postfix[10:31:30] <UQlev> abbreviation[10:31:35] <mustu1> UQlev: ahh sorry[10:31:45] <mustu1> well i was reading the postfix architecture[10:32:11] <mustu1> ok just clear a noob confusion[10:32:25] <mustu1> the sendmail command in linux .. does it have any relation with the Sendmail MTA?[10:33:57] <mustu1> in the diagram[10:34:22] <mustu1> of postfix deamons .. i saw sendmail at first .. so is it really a postfix deamon[10:34:23] <mustu1> ?[10:34:47] <UQlev> I have no idea[10:35:09] <Aprogas> If you click in the overview, you go to the relevant manpage.[10:35:34] <UQlev> I guess postfix is independent from sendmail[10:35:52] <mustu1> ok[10:38:20] *** f3ew has quit IRC[10:42:49] *** f3ew has joined #postfix[10:44:30] *** EdwardIII has joined #postfix[10:49:58] *** dddh has quit IRC[10:50:26] *** dddh has joined #postfix[10:54:02] *** UQlev has quit IRC[10:54:27] *** Lantizia has quit IRC[10:57:12] *** sphenxes has joined #postfix[11:08:58] *** AlexC_ has joined #postfix[11:09:00] <AlexC_> morning[11:09:43] <AlexC_> is it possible to set different helo restrictions based upon which port? I'm wanting to setu pa submission port which is auth only, but I don't want to run 2 instances of postfix or 2 separate servers[11:11:24] <sysmonk> AlexC_: yes, master.cf has different transports defined[11:11:27] <sysmonk> and submissions is one of them[11:12:57] <AlexC_> sysmonk: ah, I see - so in master.cf I can set specific options I would in main.cf for that one?[11:13:10] <sysmonk> yes[11:13:24] <sysmonk> but beware that you can't use spaces[11:13:37] <AlexC_> that's fine, excellent - that has made things so much easier :)[11:14:00] <AlexC_> btw - in there I see 'submission' and 'smtps'; what is smtps actually there for?[11:14:29] <sysmonk> smtps = 465, submission = 587[11:14:31] <sysmonk> !submission[11:14:31] <knoba> sysmonk: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[11:14:32] <sysmonk> !smtps[11:14:32] <knoba> sysmonk: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[11:14:49] <Aprogas> You can set "submission_restrictions = spaces, whitespace, lines continuing on new lines" in main.cf, and "-o smtpd_recipient_restrictions=${submission_restrictions}" in master.cf[11:15:21] <AlexC_> ahh ok, thanks sysmonk[11:15:31] *** juergen_dose has joined #postfix[11:15:35] <AlexC_> Aprogas: interesting, ${foo} will reference anything in main.cf?[11:15:45] *** juergen_dose is now known as car[11:16:10] <sysmonk> yes[11:16:17] <Aprogas> You shouldn't collide with existing settings, but you can define new values in main.cf and use them in main.cf or master.cf[11:16:52] <AlexC_> most good[11:16:57] *** hever has joined #postfix[11:16:57] <AlexC_> thanks both :)[11:19:48] *** hever has quit IRC[11:20:53] *** hever has joined #postfix[11:21:22] *** wdp_aao_ has quit IRC[11:23:20] *** wdp_aao has joined #postfix[11:24:08] *** somebody has joined #postfix[11:25:49][11:26:02] *** somebody is now known as ggle[11:28:39] <Aprogas> GMail has a list of best practices for sending mail to their servers.[11:31:33] <ggle> I was searching for this. Do you have a Keyword for me? But its not only on google, on a mailserver (Exchange) from a buddy, too[11:33:22] <Aprogas> All the big freemails have a postmaster-section in their help.[11:34:04] <ggle> thanks[11:40:53] <KTL> the timezone from received mail is wrong ... but the times in the logs are correct, /etc/localtime is correct, /var/spool/postfix/etc/localtime is correct also ... rarara ...[11:43:35] <sysmonk> Aprogas: yeah, email postmaster at domain dot com or devnull at domain dot com if you have any problems[11:43:38] <sysmonk> ;)[11:43:44] <sysmonk> atleast it sometimes feels like that :)[11:49:01] *** fOrsberg is now known as forsberg[11:49:09] *** mustu1 has left #postfix[11:55:24] *** tjikkun has joined #postfix[11:55:24] *** tjikkun has joined #postfix[11:58:05] *** Twinkletoes has joined #postfix[11:59:27] *** makomi has quit IRC[12:02:25] *** UQlev has joined #postfix[12:02:37] *** feisar has joined #postfix[12:05:08] *** hever has quit IRC[12:17:02] *** hever has joined #postfix[12:22:18] *** navaki has joined #postfix[12:26:55] *** car has quit IRC[12:26:58] *** juergen_dose has joined #postfix[12:29:21] *** juergen_dose1 has joined #postfix[12:29:21] *** juergen_dose has quit IRC[12:36:17] *** shinao1 has joined #postfix[12:53:40] *** nokia3510 has quit IRC[13:00:11] *** JonnyV_ has joined #postfix[13:03:51] *** JonnyV has quit IRC[13:04:27] *** UQlev has quit IRC[13:08:06] *** navaki has quit IRC[13:08:58] *** henriknj has quit IRC[13:10:25] *** LowKey has quit IRC[13:11:51] *** henriknj has joined #postfix[13:16:15] *** LowKey has joined #postfix[13:16:16] *** LowKey has joined #postfix[13:18:47] *** navaki has joined #postfix[13:20:31] *** TomHome has quit IRC[13:22:49] *** halfsack has quit IRC[13:33:12] *** saurabhb has joined #postfix[13:35:53] *** tjikkun has quit IRC[13:36:13] *** halfsack has joined #postfix[13:39:54] *** cpm has joined #postfix[13:40:06] *** SWAT has joined #postfix[13:42:18] *** uqlev has joined #postfix[13:42:47] *** uqlev has quit IRC[13:52:49] *** tjikkun has joined #postfix[13:52:50] *** tjikkun has joined #postfix[13:56:36] *** navaki has quit IRC[13:57:10] <SWAT> is it possible (if yes: how) to "create" aliases for a (new) domain using a custom format (example: firstname.lastname at domain dot ext) for all existing users in an LDAP tree?[13:59:30] <Dominian> !address_extension[13:59:30] <knoba> Dominian: Error: "address_extension" is not a valid command.[13:59:32] <Dominian> bah[13:59:57] <Dominian> SWAT: in LDAP, no idea. but postfix should recognize that type of format[14:00:34] <lunaphyte_> a proper map lookup would likely yield that result.[14:02:17] *** siphr has joined #postfix[14:02:39] *** siphr is now known as Guest80335[14:05:02] <SWAT> Dominian: lunaphyte_: gracias[14:05:09] <Dominian> welcome[14:16:53] *** halfsack has quit IRC[14:30:18] *** Guest80335 has quit IRC[14:30:54] <KTL> mmm ... my postfix is behind a firewall .. nat ... i guess it wont see the ip of the sender at all?[14:31:20] <KTL> so reject rbl checks are worthless?[14:31:37] <Aprogas> That depends what the NAT rewrites.[14:31:48] *** bfremon has joined #postfix[14:32:01] <KTL> in the logs usually the firewall is given as the sender[14:32:19] <bfremon> Hi[14:32:20] <KTL> RCPT from <my natbox>[14:32:33] <koollman> KTL: that's rather ugly. And yes, that makes rbl checks useless[14:32:41] <Dominian> what type of firewall?[14:32:47] <KTL> iptables linux[14:32:50] <Dominian> ah[14:32:53] <Aprogas> The firewall rewrites on the application-layer ?[14:33:05] <Dominian> are you forwarding ports or literally doing nat redirects?[14:33:33] <KTL> iptables nat euhm ... my osi model is slightly forgotten[14:33:46] <KTL> port forwarding[14:34:00] <Aprogas> When you say sender, I think of "MAIL FROM:<sender>"[14:34:52] <KTL> anyway i have to reorder my network, the mailserver should get untouched traffic from outside[14:35:01] <KTL> and have a second network card to connect with inside.[14:35:40] <Aprogas> Like a DMZ?[14:35:45] <KTL> yeps :)[14:40:03] <bfremon> I'm using Postfix on debian stable, with the following software stack : Postfix -> Spamassin -> procmail -> mutt. Everything works fine, except that some messages are randomly borked like this message post :http://pastebin.com/d5Na2N48[14:40:38] <Aprogas> That looks like a bit of base64.[14:40:48] <lunaphyte_> !procmail[14:40:48] <knoba> lunaphyte_: "procmail" : a frequently used mail filter for e.g. distributing mails to different folders (like for mailing lists). See http://www.procmail.org/[14:41:04] <lunaphyte_> darn. i thought it was more derisive.[14:41:15] <lunaphyte_> i gave up supporting procmail long ago, like the author.[14:41:27] <Aprogas> I'm still on it because I am still on it.[14:41:55] <bfremon> I don't know what can caused this (it's not a charset problem), nor a mailer problem as I have received several borked emails with different mailers (outlook and others). Any hints ?[14:44:32] *** KaiForce has joined #postfix[14:47:00] *** nokia3510 has joined #postfix[14:47:29] *** Section1 has joined #postfix[14:51:09] *** sebuba has joined #postfix[14:51:12] *** sebuba has joined #postfix[14:55:13] *** JonnyV_ has quit IRC[14:58:33] *** Matic`Makovec has joined #postfix[15:02:07] <bfremon> aprogas : sorry for the time to answer, but effectively this is a base64 encoding problem. Now I got to figure out from where the problem comes from...[15:04:19] *** n0ctum has joined #postfix[15:05:03] *** JonnyV_ has joined #postfix[15:11:32] *** UQlev has joined #postfix[15:24:34] <KTL> i have a user whose mail mysteriously does not arrive in his maildir, procmail should put it there but instead it somehow lands in /var/mail[15:24:41] *** shasta has quit IRC[15:24:49] *** shasta has joined #postfix[15:27:21] *** brancal has joined #postfix[15:28:59] <Dominian> sounds like a procmail issue to me[15:29:24] *** brancaleone has quit IRC[15:29:28] *** brancal is now known as brancaleone[15:30:38] *** siphr has joined #postfix[15:31:12] *** siphr is now known as Guest90552[15:37:30] *** bluethundr has joined #postfix[15:37:59] *** Jippi_moc has quit IRC[15:52:44] *** UQlev has quit IRC[15:57:17] *** Matic`Makovec has quit IRC[16:03:26] *** brancal has joined #postfix[16:05:38] *** brancaleone has quit IRC[16:08:19] *** shinao1 has quit IRC[16:09:36] *** darkclaw6 has joined #postfix[16:09:38] <darkclaw6> NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 279: Unknown address family inet6 in Family=option[16:09:41] <darkclaw6> how can I get rid fo this error[16:10:59] <Dominian> That's not a postfix issue[16:17:47] *** darkclaw6 is now known as Darkclaw66[16:17:53] *** Darkclaw66 has joined #postfix[16:19:38] *** JonnyV has joined #postfix[16:19:41] *** JonnyV_ has quit IRC[16:22:55] *** Darkclaw66 has quit IRC[16:27:27] *** Illu_ has joined #postfix[16:27:28] <Illu_> hi[16:27:55] <Illu_> how can I send a .eml file from linux to smtp[16:28:24] <thumbs> Illu_: use a MUA that can understand and open .eml files.[16:29:42] <Illu_> thumbs: I'm running postfix[16:29:47] *** Cain has joined #postfix[16:29:54] <thumbs> Illu_: I ventured as much, yes.[16:30:00] <thumbs> Illu_: the answer doesn't change.[16:30:04] <Illu_> xD[16:34:08] *** stew_ has joined #postfix[16:34:34] *** stew_ is now known as Guest93684[16:34:42] *** Guest93684 is now known as shteou[16:36:26] *** hever has quit IRC[16:40:54] *** rabbit7_ has joined #postfix[16:41:16] <rabbit7_> hey, my virtual_alias mails are getting delivered locally, any idea on what im doing wrong ?[16:41:26] <thumbs> !tell rabbit7_ welcome[16:41:26] <knoba> rabbit7_: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[16:41:42] <Dominian> !virtual_mailbox_maps[16:41:42] <knoba> Dominian: "virtual_mailbox_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains.[16:44:11] <rabbit7_> http://pastebin.ca/1951125[16:46:33] *** JonnyV_ has joined #postfix[16:47:04] *** JonnyV has quit IRC[16:49:37] *** Dovid has quit IRC[16:50:35] *** rascal999 has joined #postfix[16:50:49] *** makomi has joined #postfix[16:51:31] *** makomi has quit IRC[16:51:52] *** makomi has joined #postfix[16:51:53] <rascal999> amavis was refusing connections status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused), so some emails haven't been sent to inboxes, are they pooled anywhere?[16:52:50] <roe> probably in the deferred queue[16:53:27] <rascal999> roe: how do i push them through?[16:53:37] <roe> did you fix your problem?[16:53:39] <f3ew> postfix flush[16:53:53] <f3ew> Or just wait for Postfix to get around to it (recommended)[16:54:11] <rascal999> f3ew: why do you recommend waiting?[16:54:32] <roe> less room for screwing up[16:54:41] <rascal999> roe: I've tried sending emails and i managed to receive[16:54:49] <Dominian> rascal999: type: mailq[16:55:05] <Dominian> that'll give you an idea of what is in the queue[16:55:13] <rascal999> Dominian: wooo[16:55:17] <rascal999> a lot is in the queue[16:56:35] <rascal999> how long will i have to wait for the mails to be sent?[16:57:45] <Dominian> If /12[16:57:48] <Dominian> bah![16:59:58] <rascal999> if i flush the queue and the mails aren't delivered, will they remain in the queue?[17:00:41] <Dominian> should as long as they are still temp deferred[17:01:21] <rascal999> temp deferred?[17:01:40] <Dominian> 4xx replies are temp fails and won't cause the server to drop them... will normally queue them[17:01:56] *** makomi has quit IRC[17:02:50] <rascal999> postfix flush didn't do anything[17:03:30] <Dominian> tail the maillog[17:03:41] <Dominian> I bet its doing more than you realize[17:04:50] *** Jippi_moc has joined #postfix[17:05:00] *** brancaleone has joined #postfix[17:05:21] <rascal999> Dominian: delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)[17:05:25] *** brancal has quit IRC[17:05:44] <rascal999> I assumed it wouldn't try sending it to filter now that i've disabled it in postfix config and reloaded[17:05:59] <Dominian> rascal999: you need to requeue[17:06:08] <Dominian> rascal999: man postsuper and reference the -r option[17:06:28] <Dominian> the emails in queue will still try to hit the content filter as that is where they were told to go originally.. you'll need to requeue those messages so they get the new settings[17:07:00] <rascal999> ok so[17:07:15] <rascal999> postsuper -r ALL?[17:08:36] <Dominian> yah[17:08:44] <Dominian> at least you read the man page :)[17:09:26] <Dominian> should see the queue clearing out if you watch mailq and tial the maillog[17:09:27] <Dominian> tail*[17:09:33] <rascal999> Dominian: pheeew[17:09:35] <rascal999> thanks[17:10:02] <Dominian> welcome[17:10:28] *** zuran_ has left #postfix[17:11:01] <rascal999> Dominian: i'll buy you a beer when i see you ;)[17:13:37] <Dominian> heh[17:16:16] *** AlexC_ has quit IRC[17:17:37] *** Guest90552 has quit IRC[17:19:12] *** siphr has joined #postfix[17:19:39] *** siphr is now known as Guest5287[17:21:04] *** tharkun has joined #postfix[17:21:23] *** JonnyV_ has quit IRC[17:24:34] <dagni> hello[17:24:58] <dagni> i'm wondering if there is something to do in order to speed up postfix which serve for newsletter ? ...[17:36:59] <standon> dagni: spammer, die![17:37:47] <thumbs> !mailman[17:37:48] <knoba> thumbs: "mailman" : a listserv software (http://www.list.org)[17:39:45] <Twinkletoes> If I turn off unknown local recipient rejects for an internal server I'm testing with, can I specify which local account is to receive the messages?[17:42:28] *** MasterO has joined #postfix[17:45:49] *** smica has joined #postfix[17:48:31] <rascal999> are there any good mail monitors? Anyone which can send SMS?[17:50:52] *** InsolentDreams has joined #postfix[17:51:02] *** BrownNose has joined #postfix[17:53:00] <roe> nagios[17:55:13] <jense> icinga ^^[17:56:15] <roe> sure, same difference[17:58:20] <Illu_> fuzzyocr doesn't work with maia :/[17:59:55] *** Cain has quit IRC[18:06:11] *** xpoint has joined #postfix[18:06:54] *** Thaxll has joined #postfix[18:08:52] <Twinkletoes> If I turn off unknown local recipient rejects for an internal server I'm testing with, can I specify which local account is to receive the messages?[18:10:09] <dagni> why i still get "status=bounced (User unknown in virtual alias table)" i tried everything and its still in logs !!!1 :([18:13:19] <roe> is the user in the virtual alias table?[18:13:56] <dagni> yes[18:14:05] <roe> prove it to us[18:14:11] <dagni> mail at domain1 dot com mail2 at domain2 dot com[18:14:24] <dagni> in /etc/postfix/virtual[18:14:45] <dagni> then i did postmap /etc/postfix/virtual[18:14:54] <dagni> and i still get same in eror logs[18:14:57] <roe> I am not convinced[18:15:08] <dagni> you have 3 letters in nick[18:15:18] <roe> ...yes.[18:15:29] <roe> you have 5[18:15:43] <Dominian> postconf -n[18:15:46] <Dominian> to a pastebin[18:15:49] <Dominian> as suggested in /topic[18:15:52] <roe> and the logs to a pastebin[18:15:59] <roe> I was hoping you'd get the point[18:18:14] <dagni> http://pastebin.ca/1951179 this is postconf -n[18:19:05] <Dominian> I see no mention of 'virtual' anything in that configuration[18:19:09] <Dominian> !virtual_alias[18:19:09] <knoba> Dominian: "virtual_alias" : ... Mail loops back to myself means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains[18:19:18] <roe> I concur[18:19:36] <Dominian> !virtual[18:19:37] <knoba> Dominian: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[18:19:51] <dagni> but i have virtual_maps = hash:/etc/postfix/virtual[18:19:58] <dagni> in my /etc/postfix/main.cf !![18:20:18] <roe> then you didn't restart postfix after you made the changes[18:20:47] <dagni> i did now[18:20:52] <dagni> [root@localhost log]# postconf -n|grep virt[18:20:53] <dagni> [root@localhost log]#[18:20:56] <dagni> :([18:21:04] <Dominian> postfix reload[18:21:21] <Dominian> if it doesn't show up in postconf -n postfix doesn't know about it[18:21:47] <dagni> [root@localhost log]# grep virtual_maps /etc/postfix/main.cf;postfix reload;postconf -n|grep virt[18:21:50] <Thaxll> I've a problem which is bit tricky, I need to forward mail regarding the header, if the from mail is domain1.com send it to ip#1 if domain2.com send to ip#2, the problem is those 2 ips are on the same server and then I get into a kind of infinite loop ...[18:21:50] <dagni> virtual_maps = hash:/etc/postfix/virtual[18:21:51] <dagni> this is odd[18:21:53] <dagni> postfix/postfix-script: refreshing the Postfix mail system[18:21:56] <dagni> [root@localhost log]#[18:22:05] <Dominian> how is that 'odd'[18:22:17] <Dominian> postfix doesn' tknow about changes to main.cf nor master.cf unless you tell it about them[18:22:20] *** Guest5287 has quit IRC[18:22:25] <dagni> why postconf -n doesnt print the virtual_maps option if it/s in main.cf[18:22:59] <BrownNose> hah[18:23:05] <rob0> !virtual_maps[18:23:05] <knoba> rob0: "virtual_maps" : The virtual_maps postconf(5) parameter has been deprecated since Postfix 2.0. If you're using virtual_maps, you're probably following old, outdated information. See !virtual_alias_maps and !virtual_alias_domains for the replacements. See also !google.[18:23:20] <dagni> haha[18:23:28] <dagni> !virtual_aliases_maps[18:23:28] <knoba> dagni: Error: "virtual_aliases_maps" is not a valid command.[18:23:40] <dagni> !virtual_alias_maps[18:23:40] <knoba> dagni: "virtual_alias_maps" : A configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote addresses. The table format and lookups are documented in virtual(5).[18:23:53] *** Twinkletoes has quit IRC[18:24:29] <dagni> virtual_alias_maps = hash:/etc/postfix/virtual[18:24:45] <dagni> now this is displayed by postconf -n ;)[18:25:14] <roe> so you typo'ed one of the parameters?[18:25:44] <dagni> no, i used the virtual_maps[18:25:48] <dagni> i use it on my other smtp[18:25:49] <dagni> ;)[18:25:57] <dagni> seems i have to update my soft[18:25:59] <rob0> Not a typo; postconf(1) only displays known parameters. virtual_maps is not known.[18:26:00] <dagni> here and there ;p[18:26:13] <dagni> yes since later versions[18:26:14] <dagni> ;][18:26:22] <dagni> newer ;p[18:26:32] <rob0> Later=within the last 10 years[18:27:06] <dagni> ;D[18:27:10] <dagni> well, im postfix fan for long time[18:27:48] <dagni> but the older version i use works great for me so i dont see reason to update ..[18:27:59] <dagni> good to know some options changed tho[18:29:39] <rob0> If you're using older than 2.0, your postconf output would include virtual_maps. You're using a newer version.[18:29:57] <Thaxll> How transport_maps works if it's forwarded to the same server, how do I tell postfix to send directly the mail instead of 'creating a loop' ?[18:30:00] <dagni> i use 2.6.0[18:30:01] <dagni> :)[18:30:12] <dagni> and virtual_maps works there[18:31:45] <rob0> virtual_maps can work like any non-postconf(5) setting. To this day, "postconf -d virtual_alias_maps" is "$virtual_maps". Wietse is big on backwards compatibility.[18:32:30] <dagni> ok i still see same error[18:32:49] *** Guest87619 has joined #postfix[18:34:37] <Thaxll> no one knows ? :/ i'm confused with the Postfix architecture[18:38:42] <Zerberus> Thaxll: information in "man 5 transport" are not sufficient?[18:40:24] <Thaxll> I don't think so, because transport_maps forward the mail to another smtp server, if this smtp server is on the same machine it goes to a loop, I don't know how to directly send the mail instead of re do the whole process of postfix[18:41:13] <tharkun> Thaxll: i don't have scrollback, can you repaste your problem and any updates on the solution you have tried ?[18:41:41] <Dominian> transport_maps can use any MDA really[18:41:50] <Dominian> I've used transport_maps with dovecot LDA for specific ssetups[18:41:53] <Dominian> and with mailman[18:42:17] <Thaxll> I need to route mails regarding the header, i've 2 IPs on the same machine so I used maps_transport to route mails regarding the domain, if domains1 -> smpt:192.168.0.1 if domain2 ->smtp:192.168.0.2 but those 2 IPs are on the same machine[18:43:13] <Thaxll> so when domain2 match it send it to iteself on the second IP but there it matched again the maps_transport so I guess it goes into a loop.[18:43:36] <tharkun> Thaxll: do not guess, look for the facts on the logs[18:44:00] <tharkun> bbl[18:44:03] <Thaxll> Well : mail for 192.168.0.52 loops back to myself[18:47:09] <Thaxll> lunaphyte from this chan told me the was to do it, and I think it's possible I just don't see every details to do it[18:47:16] <Thaxll> the way*[18:47:21] *** makomi has joined #postfix[18:48:42] *** makomi has quit IRC[18:48:42] *** makomi_ has joined #postfix[18:49:09] <Dominian> !loop[18:49:10] <knoba> Dominian: Error: "loop" is not a valid command.[18:49:11] <Dominian> !loops[18:49:12] <knoba> Dominian: Error: "loops" is not a valid command.[18:49:14] <Dominian> damn it[18:49:17] <Dominian> !loopback[18:49:17] <knoba> Dominian: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains[18:49:50] <Thaxll> I know why it's looping, because i'm forwarding the mail to another IPs on the same server[18:52:21] *** clyons has joined #postfix[18:53:32] *** makomi_ is now known as makomi[18:53:46] <Dominian> Thaxll: have you posted master.cf and postconf -n along with logs to a pastebin yet?[18:53:56] <Dominian> without seeing the configuration behind the errors.. going to be hard to determine[18:54:59] <Thaxll> I'm going to create a pastebin to explain the problem it's simple :)[18:55:57] <Dominian> obviously not simple.[18:56:15] <thumbs> !dominoman[18:56:15] <knoba> thumbs: "dominoman" : see !Dominian[18:56:32] <Dominian> ass[18:56:53] <thumbs> hehe[19:02:11] <rob0> Why routing based on headers? That's ugly and often the wrong thing to do.[19:02:25] <Thaxll> Ok so, some explainations : http://pastebin.com/UuiQACj5[19:03:18] <Thaxll> rob0, how would you do it?[19:03:25] <rob0> do WHAT?[19:03:34] <rob0> !goal[19:03:34] <knoba> rob0: "goal" : describe your goal, not what you think the solution is[19:03:58] <Thaxll> routing mailings regarding the header[19:04:08] <roe> it sounds like he means sender based transport, not header checking[19:04:13] <Thaxll> yes[19:04:25] <rob0> < rob0> Why routing based on headers? That's ugly and often the wrong thing to do.[19:04:55] <rob0> Oh, regarding send-based routing, my usual urge is to NOT do that at all.[19:05:02] <rob0> sender-based*[19:05:02] <Thaxll> I've not choice it's a constrain, I need to route emails regarding the from: to: or something similar...[19:05:15] <rob0> but there is:[19:05:32] <rob0> !sender_based_relayhost_maps[19:05:32] <knoba> rob0: Error: "sender_based_relayhost_maps" is not a valid command.[19:05:35] <Thaxll> As you can see i'm not a Postfix guru, so any hints are welcome :o[19:05:45] <rob0> um, something like that[19:06:02] <rob0> and numerous features added in Postfix 2.7 to improve it.[19:06:21] <roe> !sender_dependent_relayhost_maps[19:06:21] <knoba> roe: "sender_dependent_relayhost_maps" : a configuration directive in main.cf for sender based message routing. See http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps[19:06:23] <wdp_> Thaxll, apart from that, you have two other choices: pay an admin, or marry a postfix admin[19:06:31] <rob0> Back to the goal, why do you think you need this sender-based routing?[19:06:33] <wdp_> s/a/an[19:06:35] <wdp_> :>[19:06:39] <wdp_> ehlo.[19:06:42] <Thaxll> I'm an admin but obviously not for Pstfix[19:06:46] <rob0> roe, thanks.[19:08:31] <rob0> If you have all your DNS ducks in a row, including DKIM and SPF if desired, and keep the outbound stream clean, there should be no need for sender-based routing.[19:09:29] <tharkun> Thaxll: i am still puzzled on that requirement. Who asked for it, since there is no technical reason to do it. At least not from my point of view[19:11:19] <Thaxll> I'm going to eat, i'll tell you after! brb[19:11:31] *** juergen_dose1 has quit IRC[19:13:17] <rob0> It's typically an idea of spammers, and of people who don't understand email.[19:13:54] <rob0> (not accusing Thaxll nor his silly PHB of being spammers)[19:14:15] <roe> I reserve that right until a later date[19:14:24] <rob0> indeed :)[19:16:04] *** hever has joined #postfix[19:17:12] <rob0> Consider a mass-hosting service like Google Apps. They don't have those "perfect headers" that some of the silly people seem to crave. You can clearly see from the MX and headers that Google hosts the mail.[19:18:13] <wdp_> i wonder whether spam is useful for the spammers.[19:18:26] <rob0> Best thing, if you really want to keep one domain's mail completely separate from all others, is set it up on its own server and its own IP address.[19:18:29] <wdp_> i mean, if you get mails about new watches (rolex) or viagra, would you buy it?[19:18:49] <rob0> heh, they use spam filtering just like we do[19:18:57] <roe> I have a draw full of rolex watches I got from email offerings[19:19:21] <rob0> In fact I think most of them use @gmail.com addresses, leaving the garbage filtering to gmail.[19:19:35] <wdp_> my gateway recieves currently 15k mails per hour.[19:19:43] <wdp_> real mails are not even 1%[19:20:27] <rob0> wow, that's heavy. The worst I saw was about 95% spam.[19:20:37] *** cga has joined #postfix[19:20:45] <rob0> but then, that was years ago, and things only get worse.[19:20:56] <wdp_> i started with that gateway in 2008.[19:21:06] <wdp_> was like 5k mails per hour. with every year its 5k more.[19:21:17] <wdp_> so, in 5 years i need new hardware.[19:21:21] <wdp_> :)[19:22:08] <wdp_> i was thinking and trying to use spf records for checking, but spf is a bit problematic for some of my users.[19:22:19] <wdp_> however, spf was reducing spam a lot.[19:22:53] <tharkun> wdp_: spf + RBL have been good with my servers[19:23:31] <wdp_> tharkun, as long as your users/customers aren't at some university and want to relay / recieve / i dont remember mails over gmail/whatever, spf is fine[19:23:46] <wdp_> i think it was gmx.[19:24:39] *** darkphader has joined #postfix[19:25:16] <wdp_> rob0, if youre interested into it, i can send you some statistics later btw, just leave me your mail address somewhere :)[19:25:45] <wdp_> i wrote a script somewhere which is analyzing my mailserver logs and make some nice diagrams using php[19:28:47] *** daguz has joined #postfix[19:39:42] *** InsolentDreams has quit IRC[19:44:00] *** Guest87619 has quit IRC[19:53:20] <Thaxll> re ![19:53:27] <Thaxll> No it's not for spamming,[19:53:54] <Thaxll> for exemple if you have 2 domains with 2IPs on the same server you don't want to send mails from domain1 with IP2[19:54:48] <Thaxll> It seems normal that you compagny #1 has nothing to do with compagny #2[19:55:50] <Thaxll> renting 1 server and use multiple IPs on it is cheaper than renting 2, 3 ... dedicated servers ...[19:57:57] *** cilly has quit IRC[20:02:36] *** Rahul_ has joined #postfix[20:02:50] *** InsolentDreams has joined #postfix[20:03:01] <Rahul_> do anyone know how to disable NDR in Postfix[20:05:11] <Rahul_> will setting soft_bounce=yes help[20:07:49] <tharkun> Thaxll: using one ip for multiple domains is the cheapest solution in terms of money, used hardware, and admin resources[20:22:56] <Dominian> tharkun: wonder what is up with the wikia changes all of a sudden[20:23:44] <Dominian> er.[20:23:48] <Dominian> sorry misdirected[20:23:48] <thumbs> is tharkun part of wikia?[20:23:50] <Dominian> thumbs:[20:23:52] <Dominian> thumbs: no[20:23:53] <Dominian> hehe[20:23:56] <thumbs> Dominian: oh.[20:23:58] <Dominian> tab complete fail and me being in a hurry[20:24:13] <thumbs> Dominian: I sense an argument with the founders.[20:24:27] <Dominian> possibly[20:24:32] <Dominian> lets hopethey don't suddenly change their minds[20:24:38] <Dominian> and want their cloaks back hehe[20:24:42] <thumbs> Dominian: yeah.[20:24:58] <thumbs> those are harder to get back.[20:25:04] <Dominian> aye[20:25:19] <thumbs> on that note, I should really get a apache hostmask[20:25:50] <Dominian> thumbs: GC must request it ;)[20:25:51] <Dominian> hehe[20:25:59] <thumbs> Dominian: I know the rules![20:26:03] <Dominian> lol[20:26:45] <Rahul_> do anyone know how to disable NDR in Postfix[20:27:00] <Rahul_> will be a great help[20:27:01] * thumbs slaps dominoman[20:27:37] <rob0> Does anyone know a sensible reason why anyone would want to disable NDR in Postfix?[20:27:53] <thumbs> !tell rob0 why[20:27:54] <knoba> rob0: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[20:28:01] <Dominian> Rahul_: don't[20:28:05] <thumbs> rob0: (I need to steal the factoid)[20:28:15] <Dominian> There's no point in disabling NDR[20:28:24] <Dominian> at least none that I can think of[20:28:36] <Rahul_> its an critical situation we just wanted to do it for some time[20:29:40] <Rahul_> its just a part of troubleshooting[20:29:47] *** henriknj has quit IRC[20:30:08] <Dominian> how is disabling NDR a troubleshooting measure?[20:30:19] <Dominian> !rob0[20:30:19] <knoba> Dominian: "rob0" : a pathetic bot that reacts to newly joined users with reciting the !basic and !standard factoids[20:31:34] <Rahul_> we got a mail frm DC that our srvr is sending out spam mails in form of mailer-daemons[20:31:55] <Dominian> then check the queue and the logs[20:31:58] *** ssureshot has joined #postfix[20:32:06] <Dominian> if its that big of an issue, turn off the mail server and fix it ;)[20:32:09] <Rahul_> so our IT head wanted to disable it immedietly[20:32:18] <Rahul_> we cant do that[20:32:20] <Dominian> IT Head...[20:32:24] <Dominian> does he know anything about email?[20:32:28] <Dominian> specifically postfix[20:32:29] <Rahul_> he is a dumb[20:32:32] <Dominian> if not, tell him to stfu[20:32:34] <Dominian> :)[20:33:32] <rob0> Backscatter is bad. Fix the problem that causes it.[20:33:33] <Rahul_> plz hpl me guyss... else i will not be able to move foreward[20:33:47] <Dominian> !backscatter[20:33:47] <knoba> Dominian: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.[20:35:58] <Rahul_> i am rt nw not in my office so hve to give them temp soln[20:36:04] <Rahul_> solution[20:38:29] *** henriknj has joined #postfix[20:38:46] <Rahul_> tat was cool[20:40:21] <Rahul_> will setting soft_bounce=yes help[20:40:52] <Rahul_> ??[20:51:01] *** CaptObvi1usman has joined #postfix[20:52:33] *** CaptObvi1usman has quit IRC[20:55:08] *** swombat has left #postfix[20:57:34] *** makomi has quit IRC[20:58:30] *** makomi has joined #postfix[20:59:19] <Thaxll> Hmm I have another question, I know it's possible to specify the outgoing ip with smtp_bind_address but I created 2 smtpd for each IPs how those smtpd can stick to smtp processus? If you connect on IP#1 email has to be sent from IP#1 ect ...[21:00:02] *** siphr has joined #postfix[21:00:28] *** siphr is now known as Guest66325[21:00:39] <rob0> Yes, I already answered that, look at the Postfix 2.7 release notes, or just run totally separate instances.[21:01:30] <Thaxll> Ho ok, it's not possible with postfix 2.5.5 without separate instances ( /ect/postfix2/ ect .. ) ?[21:02:23] <rob0> If you're going to use multiple instances on the same host, 2.6 is a good idea.[21:03:15] <rob0> Right, it is not possible in a single instance before 2.7.[21:04:35] <thumbs> KB1JWQ: you have the patience of a saint, sometimes (see #freenode)[21:05:12] <Thaxll> I see that means i've to compile Postfix or use separate instances ( /Etc/post ect .. ) thanks rob0 ;)[21:05:14] *** hever has quit IRC[21:05:29] <sysmonk> knoba: how's the moon ? lots of honey? :)[21:05:30] <rob0> Saint Kabywonjaydubqueue[21:08:41] *** mroe has joined #postfix[21:08:50] *** uqlev has joined #postfix[21:12:35] *** Rahul_ has quit IRC[21:13:43] *** clyons has quit IRC[21:13:50] *** wdp_ is now known as wdp[21:13:56] *** wdp has quit IRC[21:13:56] *** wdp has joined #postfix[21:15:28] *** cpm has quit IRC[21:23:38] *** Matic`Makovec has joined #postfix[21:24:53] *** GuilhermeCunha has joined #postfix[21:27:16] *** clyons has joined #postfix[21:28:05] *** bfremon has quit IRC[21:31:00] *** GuilhermeCunha has quit IRC[21:35:07] *** n0ctum has quit IRC[21:35:09] <wdp> if the postfix log shows something like this:[21:35:15] <wdp> warning: numeric hostname: 190.208.84.98[21:35:19] <wdp> will it reject the mail?[21:35:51] <wdp> or: warning: non-SMTP command from unknown[89.40.48.163]: Content-Return: allowed[21:36:43] <adaptr> wdp: those are not postfix logs[21:37:03] <wdp> postfix/smtpd[11060]:[21:37:18] <wdp> looked like postfix, not?[21:37:33] <adaptr> show the actual logs, in a pastebin[21:37:46] <mroe> isn't a numeric hostname a no-no[21:37:46] <wdp> thats the log.[21:37:58] <wdp> i just stripped the date and machine name, and postfix/smtpd[number]:[21:38:21] <adaptr> that's not all of the log[21:39:05] <sysmonk> wdp: well, it's only a warning[21:39:19] <sysmonk> but, there might be a rule that will reject that kind of mails[21:39:20] <mroe> wdp, that might be the entire single line, but there are more entries related to the transaction[21:39:26] <wdp> ah.[21:39:26] <sysmonk> but that warning doesn't mean the rule exists[21:39:27] <wdp> i see now.[21:39:29] *** makomi has quit IRC[21:39:52] <wdp> the warning doesnt say whether its rejected or not.[21:39:55] <wdp> thats what i wanted to know :)[21:41:19] <mroe> wdp, and what we are getting at is it wouldn't, but the subsequent 'reject' line would tell you[21:41:31] <wdp> mroe, yeah, i found that line already.[21:50:21] *** halfsack has joined #postfix[21:55:31] *** InsolentDreams has quit IRC[22:01:48] *** ggle has quit IRC[22:02:41] *** feisar has quit IRC[22:02:43] *** InsolentDreams_ has joined #postfix[22:07:40] <tharkun> Dominian: please tell me you are not part of the on the Glee wiki that is advertised on that site :D[22:08:10] *** Guest66325 has quit IRC[22:08:53] <Dominian> uhh no[22:10:22] *** adaptr has quit IRC[22:11:47] *** saurabhb has quit IRC[22:13:16] *** adaptr has joined #postfix[22:13:16] *** adaptr has joined #postfix[22:19:31] *** adaptr has quit IRC[22:20:48] *** adaptr has joined #postfix[22:20:49] *** adaptr has joined #postfix[22:22:12] *** siphr has joined #postfix[22:22:19] *** cga has quit IRC[22:22:38] *** siphr is now known as Guest31483[22:25:16] *** subsume has joined #postfix[22:25:26] <subsume> When setting up postfix, is it ok to use the same SSL cert as I do in apache?[22:25:45] <twobithacker> yes[22:25:50] <subsume> Many many thanks.[22:25:52] *** subsume has left #postfix[22:27:35] *** makomi has joined #postfix[22:29:37] *** makomi has quit IRC[22:30:36] *** TomHome has joined #postfix[22:31:47] *** uqlev has quit IRC[22:36:42] *** Tykling has quit IRC[22:37:42] *** e-jones has joined #postfix[22:37:50] *** Tykling has joined #postfix[22:38:13] *** e-jones has quit IRC[22:40:46] *** ssureshot has quit IRC[22:41:45] *** rascal999 has quit IRC[22:50:21] *** MasterO has quit IRC[23:01:35] *** Guest31483 has quit IRC[23:07:24] *** siphr_ has joined #postfix[23:10:00] *** TomHome has quit IRC[23:13:38] *** Matic`Makovec has quit IRC[23:18:54] *** Thaxll has quit IRC[23:19:09] *** brancaleone has quit IRC[23:20:50] *** sebuba has quit IRC[23:21:36] *** siphr_ has quit IRC[23:21:44] *** lifeofguenter has joined #postfix[23:27:38] <Tykling> I am wondering if I can make the postfix smtp client do STARTTLS before attempting authentication with the remote smtp server[23:28:00] <Tykling> since I configured the postfix on the other end to only advertise AUTH after encryption is set up[23:52:14] *** smica has quit IRC[23:52:58] <lunaphyte> of course.[23:54:03] <lunaphyte> but why do you have one postfix server authenticating against another?[23:54:36] <rob0> !smtp_tls_policy_maps[23:54:36] <knoba> rob0: "smtp_tls_policy_maps" : optional lookup tables with the Postfix SMTP client TLS security policy by next-hop destination. The lookup result is a security level (none, may, encrypt, fingerprint, verify, secure), followed by an optional list of whitespace and/or comma separated name=value attributes that override related main.cf settings. Available in Postfix 2.3 and later.[23:54:39] *** nokia3510 has quit IRC[23:56:58] <Tykling> lunaphyte: one is the local MTA on my laptop which doesn't have a real hostname and I travel around with it so it doesn't have a static IP either[23:58:27] *** makomi has joined #postfix[23:59:01] <Tykling> it works after adding smtp_tls_security_level = may to the config, the smtp client issues starttls and gets to authenticate, and deliver the mail to my mailserver for further transport to the destination