May 5, 2011 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 5, 2011 [00:02:27] <yaaar> hi guys. i'm really confused. i noticed recently that i was apparently having backscatter problems; you could connect to the server and rcpt to: a bunk address to generate a bounce. so...that's bad, and it was surprising because i had "smtpd_reject_unlisted_recipient = yes" (by virtue of that being the default)[00:03:05] <yaaar> so i went and added "reject_unlisted_recipient, reject_unverified_recipient," at the front end of smtpd_recipient_restrictions (before permit_mynetworks, permit_sasl_authenticated)[00:03:31] <yaaar> and that fixed the backscatter problem...but now i'm having other issues, in particular with servers employing greylisting[00:04:09] *** Matic`Makovec has quit IRC[00:04:24] <yaaar> specifically, when someone tries to send a mail from my server to a greylisting one, the target server sends back something like "450 4.1.1 <sgrobman at dbrl dot org>: Recipient address rejected: unverified address: host smtp.more.net[207.160.130.104] said: 451 4.7.1 <sgrobman at dbrl dot org>: Recipient address rejected: Policy Rejection- Please resend your message"[00:04:40] <yaaar> and instead of queuing the message to be resent, postfix just drops it[00:04:41] *** Matic`Makovec has joined #postfix[00:05:26] <yaaar> this despite the fact that i still have the default unverified_sender_reject_code = 450[00:05:32] <yaaar> err...[00:05:37] <yaaar> sorry wrong one (sender)[00:05:45] <yaaar> unverified_recipient_reject_code = 450[00:06:06] <yaaar> can anybody please explain what stupid thing i've done here?[00:06:16] <yaaar> i'm confident it's something boneheaded[00:06:18] *** roentgen has joined #postfix[00:07:32] <yaaar> also just btw, i've tried several permutations of this, like just putting reject_unlisted_recipient in and leaving out reject_unverified_recipient ...but that still allows the backscatter[00:08:13] *** dragonheart has quit IRC[00:10:43] <lunaphyte> where is the data as specified in the channel /topic?[00:10:55] <yaaar> postconf -n : http://pastebin.com/H7Kpge2S[00:11:03] <yaaar> lunaphyte: sorry workin on it just slow[00:11:41] <lunaphyte> also, you should not need reject_unlisted_recipient. that is the default[00:12:09] <yaaar> ah[00:12:21] <yaaar> http://pastebin.com/Xnbu6UhH <---some logs[00:12:22] <lunaphyte> and reject_unverified_recipient is really just an indication that other parts of your mail system are not configured as they should be.[00:13:08] <blizzow> adaptr: thanks! it was a firewall on their end. thumbs: No thanks to you.[00:13:43] <lunaphyte> yaaar: your smtpd_recipient_restrictions simply make no sense.[00:14:05] <yaaar> lunaphyte; i was afraid of that...[00:14:25] <lunaphyte> not to mention you should not be offering smtp auth on port 25.[00:14:34] <yaaar> they didn't make sense to me before i started messing with it[00:14:51] <lunaphyte> let's begin with this:[00:14:53] <yaaar> but the only change i made was moving those two reject rules to the front of the list[00:15:41] <lunaphyte> there are certain restrictions which should be enforced with NO exceptions whatsoever, for ANY reason.[00:16:48] <lunaphyte> as a starter list, these are reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain and probably reject_unauth_pipelining as well.[00:17:09] <lunaphyte> there is no reason for any host to not be in compliance with that.[00:17:18] <yaaar> k[00:17:19] <lunaphyte> so those should be first.[00:18:22] <lunaphyte> second, the only things that should be after reject_unauth_destination are rbl checks and policy server stuff.[00:19:49] <yaaar> ok, so that leaves me with something like: smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org[00:20:12] *** Matic`Makovec has quit IRC[00:20:14] <yaaar> (i understand your point about sasl on 25, but can't change that at the moment)[00:20:28] <lunaphyte> next, that permit_mynetworks and permit_sasl_authenticated does not belong there. use submission.[00:20:41] <yaaar> i know...but i can't do that right now[00:20:47] <yaaar> too many people using 25[00:20:48] <lunaphyte> as long as you know.[00:21:25] <yaaar> yeah, i hope to make that change....when i can muster the manpower to deal with the fallout[00:21:30] <lunaphyte> [and intend to address it] :)[00:21:32] *** dragonheart has joined #postfix[00:21:35] <yaaar> yeah ;-)[00:21:38] <yaaar> i promise[00:21:55] <lunaphyte> so, given that change, show some log data of a recipient being accepted who shouldn't be.[00:22:19] <yaaar> ok, just a sec[00:22:34] <lunaphyte> also, show postconf mail_version[00:23:39] *** mambaw has quit IRC[00:26:12] *** dragonheart has quit IRC[00:26:45] <yaaar> ok, here's the log of me sending to a nonexistent address and getting a bounce: http://pastebin.com/0URXrfHH[00:26:58] <yaaar> mail_version = 2.7.0[00:27:57] <yaaar> and here's the telnet session that led to those logs: http://pastebin.com/3YR5dyYu[00:28:45] *** hever has quit IRC[00:31:17] *** Toerkeium has quit IRC[00:33:34] <lunaphyte> hmm[00:34:42] <lunaphyte> i've got to run for a bit, but i would first do a quick test of my maps for virtual_alias_maps and virtual_mailbox_maps for that address with postconf -q[00:36:51] <yaaar> postconf: invalid option -- 'q'[00:37:43] *** e-anima has quit IRC[00:38:58] *** Timzzzz is now known as Timmooo[00:39:07] <jimpop> yaaar: i think lunaphyte meant postmap -q[00:39:13] <yaaar> ah[00:41:32] *** brancaleone has quit IRC[00:43:05] *** brancaleone has joined #postfix[00:43:54] <lunaphyte> oops, sorry, yeah, postmap -q[00:44:34] <yaaar> so like this? postmap -q angel01 at tranquility dot net proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf[00:44:45] <yaaar> for each of the files in those two config variables?[00:44:53] <yaaar> (no output from that)[00:45:24] <yaaar> http://pastebin.com/KCh41rwt[00:46:14] *** Timmooo is now known as Timzzzz[00:51:16] <lunaphyte> postmap -q 'mailto:angel01 at tranquility dot net' proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf[00:51:20] <lunaphyte> bah[00:51:34] <lunaphyte> stupid irc client[00:51:37] <lunaphyte> postmap -q 'angel01 at tranquility dot net' mysql:/etc/postfix/mysql_virtual_alias_maps.cf[00:52:04] <yaaar> oh, without the "proxy:" part...ok[00:52:10] <yaaar> er[00:52:12] <lunaphyte> also, postconf | grep virtual_alias_maps is useless use of grep.[00:52:15] <yaaar> wait you put it once each way[00:52:20] <lunaphyte> postconf virtual_alias_maps[00:52:23] <yaaar> oh hah[00:52:29] <yaaar> didn't know that[00:52:38] <lunaphyte> yes, the first one was in error. my irc client sucks.[00:52:43] <lunaphyte> without proxy.[00:53:01] *** bzo`away has quit IRC[00:53:05] <lunaphyte> and be sure to quote the input key as i did.[00:53:19] <yaaar> ok, lemme rerun without proxy: in there (although i should note that the command i gave above produces output if i change the address to a working one)[00:55:37] <standon> rob0: emailed whom about what link?[00:56:58] <lunaphyte> also show postconf smtpd_reject_unlisted_recipient and postconf -d smtpd_reject_unlisted_recipient[00:57:31] *** bzo`away has joined #postfix[00:57:57] <yaaar> http://pastebin.com/kGuUEQ9N[00:58:19] <yaaar> smtpd_reject_unlisted_recipient = yes[00:58:24] <yaaar> (same as default)[00:58:36] <rob0> standon, that was last night, someone on the mailing list you told to see DEBUG README[00:59:30] <yaaar> still no output from the amended postmap command. i should note that i've gone into the mysql database directly to verify that the user doesn't exist...[01:00:56] *** basho__ has quit IRC[01:03:15] <yaaar> also, this isn't limited to domains i should be handling...i can send to angel01 at example dot com and it'll defer it[01:03:41] <lunaphyte> that's ok. the postmap output is more meaningful. what exists in the database does not necessarily reflect what postfix is told, since a poorly constructed lookup could result in undesirable output.[01:03:55] <lunaphyte> oh[01:04:11] <yaaar> ah, yeah that makes sense re: maps vs. db[01:04:17] <lunaphyte> then check your domains against virtual_mailbox_domains[01:04:30] *** Lenhix has quit IRC[01:04:31] <yaaar> ?[01:04:42] <standon> rob0: ah, gotcha. the guy who wrote a poorly written summary of his non-problem and then asked for us to look into our collective crystal ballsack?[01:05:08] <lunaphyte> postmap -q 'tranquility.net' mysql:/etc/postfix/mysql_virtual_domains_maps.cf[01:05:18] <lunaphyte> postmap -q 'example.com' mysql:/etc/postfix/mysql_virtual_domains_maps.cf[01:05:20] <yaaar> postmap -q 'tranquility.net' mysql:/etc/postfix/mysql_virtual_domains_maps.cf outputs 'tranquility.net'[01:05:42] <yaaar> the second one produces no output[01:05:47] <lunaphyte> !catchall[01:05:47] <knoba> lunaphyte: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[01:05:58] <lunaphyte> mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf[01:06:35] <lunaphyte> and why are you using the same lookup for both virtual_alias_maps and virtual_mailbox_maps? that doesn't make sense.[01:07:03] <lunaphyte> oh, err, nvm.[01:07:41] <lunaphyte> bah, what is a file name like mysql_virtual_alias_domain_mailbox_maps.cf doing being used for virtual_mailbox_maps? that's just confusing.[01:09:00] *** hever has joined #postfix[01:10:10] <yaaar> i really don't know...i didn't build this thing. but i can tell you that's the only place in the config it appears, and that the query is markedly different from the other map[01:10:22] <yaaar> SELECT CONCAT(maildir,'Maildir/') AS maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'[01:10:33] *** trurl has joined #postfix[01:10:35] <trurl> hi[01:10:55] <yaaar> that's the one from the confusingly-named file. here's the one from the more reasonable file:[01:10:57] <yaaar> SELECT CONCAT(maildir,'Maildir/') AS maildir FROM mailbox WHERE (username='%s' or (local_part='%s' AND username= CONCAT('%s', ' at tranquility dot net'))) AND active = '1'[01:11:31] <rob0> standon: :)[01:13:11] *** dragonheart has joined #postfix[01:14:33] <standon> rob0: why wouldn't you respond to him on-list with reference to that document?[01:19:21] <trurl> using postfix 2.7 i'm trying to make postfix to listen only on specific interfaces. adding them to inet_interfaces results in "fatal: config variable inet_interfaces: host not found: [nnnn:nnnn:nnnn:nn::42]" - using "mail.example.com", which in /etc/hosts defaults to an ipv4 and ipv6 address of this machine results in postfix only listening on the ipv4 address. any hints?[01:24:50] <yaaar> went ahead and set virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf and virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf just to see if anything changed...but nothing did[01:25:43] *** dragonheart has quit IRC[01:26:16] *** dragonheart has joined #postfix[01:29:24] *** camro has quit IRC[01:31:23] *** karen_m has quit IRC[01:32:17] *** karen_m has joined #postfix[01:39:39] <Tabmow> trurl: http://www.postfix.org/IPV6_README.html#configuration[01:41:03] *** bzo`away has quit IRC[01:46:28] *** bzo`away has joined #postfix[01:55:38] *** adaptr has quit IRC[01:56:15] *** adaptr has joined #postfix[01:57:49] *** adaptr has quit IRC[01:58:20] *** adaptr has joined #postfix[02:04:37] *** fOrsberg has quit IRC[02:06:37] *** Internat has quit IRC[02:07:01] *** fOrsberg has joined #postfix[02:07:07] *** Kartagis has quit IRC[02:07:26] *** Kartagis has joined #postfix[02:07:29] *** Internat has joined #postfix[02:08:04] *** brancaleone has quit IRC[02:08:33] *** thumbs has quit IRC[02:08:39] *** thumbs has joined #postfix[02:13:34] <lunaphyte> yaaar: comment out both virtual_alias_maps and virtual_mailbox_maps briefly and see if the behavior persists.[02:13:48] *** Internat has quit IRC[02:14:00] *** karen_m has quit IRC[02:15:43] *** tris has quit IRC[02:15:57] *** ccxCZ has quit IRC[02:16:11] *** ccxCZ has joined #postfix[02:17:19] *** Internat has joined #postfix[02:19:18] *** tris has joined #postfix[02:23:05] * adaptr beats lunaphyte[02:23:10] <adaptr> yup, the behaviour persists[02:23:19] <adaptr> haylp![02:24:56] <cpm> reload[02:25:03] <cpm> and continue firing[02:25:19] <adaptr> how can I continue firing when I have to reload ?[02:25:27] <adaptr> your movie logic does not make sense[02:34:13] *** hparker has joined #postfix[02:34:13] *** hparker has joined #postfix[02:36:39] <cpm> you swap mags before you are empty[02:36:42] <cpm> duh[02:37:24] *** fgro_ has quit IRC[02:37:54] <adaptr> that's a cool trick. you could probably make a lot of monies as a guvmint contractor[02:38:29] <Corey> Does someone have a stock postfix config from Ubuntu 10.04 handy?[02:38:36] <Corey> Just need postconf -n output.[02:39:18] <adaptr> ITYM -d[02:39:32] <rob0> no, he means -n[02:39:36] <Corey> Disregard.[02:39:41] <Corey> I think I sorted it out with another box.[02:39:42] <adaptr> oh, with the debian fuckuppery[02:39:43] <rob0> disregarded[02:39:44] <Corey> Sorry for the trouble. :-)[02:39:47] <Corey> adaptr: Indeed.[02:39:54] <adaptr> my condoleances[02:40:14] <adaptr> I suffer from same, but at least I throw away the fuckuppery first ;)[02:41:05] <lunaphyte> if you are aware of the customizations, and are competent, then the customizations rarely matter.[02:41:20] <adaptr> true, it's like tutorials, really[02:41:25] <lunaphyte> yeah[02:41:41] <adaptr> if you know what the F you're doing, you can glean neat tricks from tutorials. if you don't, they will only confuse you[02:42:03] <lunaphyte> that's largely why it doesn't bother me to use things like postfix [or especially openldap] from the stock repos.[02:42:27] *** higuita has quit IRC[02:42:48] *** roentgen has quit IRC[02:43:28] *** roentgen has joined #postfix[02:45:22] <Corey> Oh, I'm just trying to puppetize the enterprise to retrofit Ubuntu to it.[02:45:25] *** roentgen has quit IRC[02:45:28] <Corey> I have to change a few key things, but it's fairly straightforward.[02:45:44] *** roentgen has joined #postfix[02:46:29] *** roentgen has joined #postfix[02:47:39] <hparker> Ubuntu puppets.. :P[02:59:23] *** dragonheart has quit IRC[03:05:12] *** pj has joined #postfix[03:07:05] *** master_of_master has quit IRC[03:07:05] *** sugar_skymeyer has quit IRC[03:09:04] *** sugar_skymeyer has joined #postfix[03:09:09] *** master_of_master has joined #postfix[03:12:21] *** higuita has joined #postfix[03:24:46] *** hparker has quit IRC[03:28:43] *** roentgen has quit IRC[03:32:16] <yaaar> lunaphyte: commenting out the virtual_alias_maps and virtual_mailbox_maps does not change anything; an rcpt to: any bunk address (with a good domain) still results in a bounce to the from: address...[03:32:28] <lunaphyte> show postconf -n again[03:35:50] <yaaar> http://pastebin.com/7TF0Euqw[03:38:26] *** blizzow has quit IRC[03:41:10] <lunaphyte> hmm, you've removed the virtual configs entirely, and it still accepts bogus recipients?[03:41:30] <yaaar> yeah totally[03:42:45] <lunaphyte> i'd keep working my way down to a stripped config, to incriminate the culprit.[03:43:07] <adaptr> I don't see why we have to wait that long. tag, you're it.[03:43:11] <adaptr> there, incriminated[03:44:10] <lunaphyte> 27-30 can go, along with 12[03:44:21] * lunaphyte feels like taking a long hot shower.[03:44:39] <lunaphyte> 25 could go too.[03:45:50] <yaaar> hmm. it seems that it's because of mynetworks[03:46:53] <yaaar> i made a main.cf that *only* had the mynetworks line and that still accepts bogus recipients. using an empty file gives "relay denied" instead[03:47:11] <yaaar> err...wait, i guess that's to be expected even if i gave a good address?[03:47:22] <lunaphyte> yeah, that's different[03:48:08] <yaaar> still though, seems like a default config with only mynetworks shouldn't accept mail for undeliverable addresses, right?[03:48:20] <lunaphyte> indeed[03:48:27] <lunaphyte> where did you get this copy of postfix?[03:50:24] <yaaar> stock ubuntu 10.04[03:52:28] <yaaar> is there a standard postconf -d output someplace that i can compare mine with?[03:53:32] <standon> yaaar: yes, in the source.[03:54:55] <yaaar> word[03:55:25] <standon> yes, words are written here.[03:55:33] <adaptr> picture![03:56:09] <jimpop> 1/1000th of a picture![03:56:16] <lunaphyte> sounds like a cue for some vulgar ascii art.[03:56:49] * standon misses ACiD and ASCII art.[03:59:17] <yaaar> er...unpacked the source, where shuold i be looking?[03:59:34] <lunaphyte> my wag would be postconf.c[03:59:53] <lunaphyte> having not looked at the postfix source code in god knows how long.[04:00:23] <standon> nope, wrong file.[04:00:27] <lunaphyte> bah![04:01:21] <standon> src/global/mail_params.h[04:02:07] <lunaphyte> ha, i found it, it's mail_params.h ;)[04:02:22] <standon> indeed, scroll up. :)[04:02:24] <standon> 22:02 < standon> src/global/mail_params.h[04:02:38] <lunaphyte> yes, that was the joke.[04:02:48] <standon> followed by another joke.[04:02:54] * standon is having fun with this.[04:02:55] <lunaphyte> i'd consider my answer to be indirectly correct though[04:03:07] <standon> lunaphyte: lots of answers are indirectly correct.[04:03:15] <yaaar> hrm[04:03:40] <yaaar> um, can somebody just pastebin their postconf -d so i can just run a diff?[04:03:50] <lunaphyte> cool, i'm in with the masses then.[04:03:51] <standon> lunaphyte: especially when talking about src, where things are #included all over the place. :)[04:04:02] <pj> hrmmmmm, if I give the wrong answer and it causes someone else to pipe in with the correct answer does that mean that I indirectly gave the correct answer?[04:04:05] <standon> yaaar: do you have an actual QUESTION? a PROBLEM?[04:04:19] <yaaar> i understand that you can look at each directive in that source file and match them up...but if it were in the same format it'd be a lot easier[04:04:44] <standon> yaaar: as per the docs, certain parameters are SYSTEM DEPENDANT, so just comparing postconf -d output between two different users without some additional caveats/measures is not robust.[04:04:52] <standon> yaaar: please, tell us what problem you're trying to solve.[04:05:45] <yaaar> standon: sure. my postfix server doesn't reject mail for undeliverable addresses, and i'd like to change that. i had a lengthy discussion of the problem with lunaphyte about 4 hours ago[04:06:28] <standon> yaaar: have you pastebin'd any logs?[04:08:17] <yaaar> standon: postconf -n : http://pastebin.com/cRMeMLja logs: http://pastebin.com/ZFT8U93P telnet session: http://pastebin.com/RpcREUbz[04:08:58] <yaaar> main.cf : http://pastebin.com/jc845zV1[04:09:26] *** nb_ has joined #postfix[04:10:14] <yaaar> the weird thing i just came across is that a one-line main.cf with just mynetworks in it results in the same behavior. that's why i was looking to see if my default values were weird somehow[04:10:22] <standon> yaaar: before i delve deeper, in which address class is 'tranquility.net' defined?[04:11:07] <yaaar> virtual[04:11:13] <yaaar> if i understand the question[04:11:44] <pj> virtual mailbox or virtual alias?[04:11:49] <standon> would you copy & paste the line in main.cf where that domain is defined in a particular address class?[04:12:57] <yaaar> virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf[04:13:21] <yaaar> `postmap -q 'tranquility.net' mysql:/etc/postfix/mysql_virtual_domains_maps.cf` returns 'tranquility.net'[04:13:25] *** nb has quit IRC[04:13:27] *** nb_ is now known as nb[04:14:21] *** roentgen has joined #postfix[04:14:21] <yaaar> pj: both I hope....i have aliases and mailboxes at that domain in the database, as well as an entry in the domain table...[04:14:47] <pj> yaaar: you can do aliases in virtual_mailbox_domains[04:14:50] <pj> but not the other way around.[04:15:18] <yaaar> ah[04:15:44] <pj> strange, I don't see virtual_mailbox_domains in your postconf -n output from earlier.[04:16:42] <yaaar> depends which one you were looking at...one of the pastebins is after lunaphyte asked me to comment out all the virtual stuff[04:17:01] <pj> oh, ok[04:17:05] <yaaar> the most recent one should show it[04:17:11] <pj> I'm probably looking at the wrong one, then[04:17:18] <pj> which is the right one?[04:17:19] <yaaar> postconf -n : http://pastebin.com/cRMeMLja[04:17:25] <yaaar> that's the one that's currently running[04:17:33] <pj> yep, there it is.[04:19:07] *** roentgen has quit IRC[04:20:43] *** roentgen has joined #postfix[04:21:53] *** roentgen has quit IRC[04:22:39] *** roentgen has joined #postfix[04:25:23] <yaaar> standon: hey btw attempts to send to bad addresses in the local address class work just the way you'd expect: 550 5.1.1 <angel01 at smtp dot tranquility.net>: Recipient address rejected: User unknown in local recipient table[04:25:51] *** roentgen has quit IRC[04:26:08] <pj> yaaar: what should (in theory) fix your problem is to add reject_unlisted_recipient right after reject_unauth_destination in smtpd_recipient_restrictions. What confuses me is that it should not be needed (indeed I do not have that in my own setup).[04:26:15] <pj> but you can try it if you want.[04:26:28] <standon> it's not needed.[04:26:40] <pj> standon: yes, I know, I just said that.[04:26:45] *** roentgen has joined #postfix[04:26:45] <standon> http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient[04:26:57] <standon> pj: you said it should not be needed and expressed confusion.[04:27:03] <pj> true[04:27:37] <pj> but it wont' hurt to try it, heh[04:27:41] *** roentgen has quit IRC[04:27:57] <pj> yaaar: what do you get with: postconf smtpd_reject_unlisted_recipient[04:28:12] <pj> oh and also, can you show us your master.cf file?[04:29:03] <pj> and ... I have another theory, but let's see that stuff first.[04:29:20] <yaaar> first, as everyone expected, adding reject_unlisted_recipient right after reject_unauth_destination in smtpd_recipient_restrictions did not help.[04:29:27] *** roentgen has joined #postfix[04:29:53] <yaaar> main.cf : http://pastebin.com/jc845zV1[04:29:58] <yaaar> oh woops[04:30:02] <yaaar> hangon for master[04:30:03] <pj> yaaar: master.cf[04:30:06] <pj> heh[04:30:16] <standon> yaaar: what happens when you query for that non-existent user in virtual_mailbox_maps via postmap?[04:30:38] <pj> ok, I have another theory of why this is happening, and looking at your virtual_alias_maps line seems to make me think it may be the case, but I will look at your master.cf first.[04:30:51] <yaaar> master.cf: http://pastebin.com/YfazTAHQ[04:31:08] * standon cringes at the sight of 'catchall'.[04:31:10] <pj> standon: bingo, my thoughts exactly, I'm especially wondering what happens when he queries for it in proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf[04:31:16] <pj> that looks a bit suspicious to me.[04:31:35] <yaaar> standon: i get no output from postmap -q 'angel01 at tranquility dot net' mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf[04:32:04] <yaaar> i also tried pulling the catchall out of that virtual map and it didn't change anything[04:32:24] *** hever has quit IRC[04:32:31] <standon> yaaar: what about querying, via postmap, all the mysql files you point to in virtual_alias_maps *AND* virtual_domains_maps?[04:32:42] <standon> virtual_domain_maps, rather.[04:32:45] <pj> yaaar: try it with the other entries ... yes, what standon just said.[04:33:13] <pj> *virtual_mailbox_maps[04:33:20] <standon> yes, that.[04:33:25] <pj> hehehe[04:33:44] <standon> tonight's episode of criminal minds is especially troubling, *phew*.[04:34:10] * jimpop wonders what yaaar's problem is, but is too lazy to pg up[04:34:41] <pj> jimpop: emails are not rejected to invalid recipients in virtual domains.[04:34:53] <standon> jimpop: i am sorry to have become involved while watching a TV show and writing emails; I'll probably fade out of the conversation soon. :)[04:35:00] <yaaar> postmaps for all the entries in alias and mailbox: http://pastebin.com/kGuUEQ9N[04:35:55] <jimpop> yaaar: quick question... is the incoming IP of the invalid recipient in mynetworks?[04:36:56] <pj> yaaar: can you show us the logs of the email transaction?[04:37:11] <pj> I'm curious to know also where does the email actually go if it's not rejected?[04:40:04] <jimpop> oh great, i show up and the chan goes dark[04:40:10] <pj> heh[04:40:13] <pj> fun[04:40:16] <jimpop> ha[04:40:20] <pj> you broke it jimpop[04:40:29] <jimpop> apologies all[04:43:37] <standon> jimpop: it's ok if the client IP is in mynetworks, invalid recips should still be rejected, if my reading of the code and documentation is correct.[04:44:20] <standon> yaaar: because i doubt anyone is in the mood for guess games, why don't you just turn on verbose logging on smtpd and grep your logs for 'maps_find' and see where postfix thinks it finds the address?[04:44:30] <yaaar> jimpop: i've tested from both inside mynetworks and outside. both do the same thing[04:45:15] <yaaar> standon: good idea. one sec[04:48:39] <yaaar> standon![04:48:57] <yaaar> http://pastebin.com/xjgvwrBH[04:49:06] <yaaar> i'm quite confident that means something....[04:49:13] <yaaar> but darned if i know what[04:49:16] *** Transformer has joined #postfix[04:52:42] <yaaar> OMG[04:52:51] <yaaar> oh noes[04:52:55] <yaaar> guys i'm sorry[04:52:59] <yaaar> i think i found it[04:54:11] <jimpop> ....[04:54:47] <yaaar> crikey. yep. http://pastebin.com/rnm0EAi4[04:55:15] <pj> hahaha[04:55:20] <standon> as suspected.[04:55:22] <standon> fix that.[04:55:29] <pj> I so forgot to get you to check for @...[04:55:31] <yaaar> pulled that alias from @tranquility.net -> @tranquility.net out and what do you know....now it doesn't find the whole world in the virtual map[04:55:43] <standon> *sigh*[04:55:49] * standon goes back to TV[04:56:04] <yaaar> man, like i said....really sorry about that, that was dumb as hell[04:56:38] <pj> yaaar: don't be sorry, it's usually something like that.[04:57:03] <yaaar> yeah, i guess so...[04:57:06] <jimpop> lessons learned are always better than re-installs[04:57:15] <jimpop> ;-)[04:57:19] <yaaar> anyway thanks a ton to all of you for helping me track it down![04:57:28] <pj> yw[04:58:03] <yaaar> and hey, my config is a lot cleaner today than it was yesterday, so that's good...[05:00:55] <pj> yeah, well sometimes this applies as well:[05:01:02] <pj> !tell yaaar dnr[05:01:02] <knoba> yaaar: "dnr" : Do No Resuscitate. You have inherited a configuration from a previous admin who made a mess of it. Don't try to fix up the old configuration, write a new one from scratch.[05:01:11] *** roentgen has quit IRC[05:02:08] *** roentgen has joined #postfix[05:03:34] <lunaphyte> so then why was email still getting accepted even all of the virtual stuff was removed?[05:03:43] <lunaphyte> *even when all[05:06:06] <yaaar> pj: that's good advice. interestingly, I rewrote main.cf earlier today after lunaphyte gently told me one of the variables was really dumb[05:06:19] <yaaar> looks like master.cf still needs it though[05:06:32] <yaaar> (but not tonight)[05:06:36] <pj> hehehe[05:07:21] <lunaphyte> master.cf looks pretty pedestrian to me.[05:07:47] <yaaar> oh. good.[05:08:34] <lunaphyte> but i still don't understand how, if the problem was within a virtual mysql lookup, when all virtual config items were removed, mail was still erroneously accepted...[05:08:58] *** roentgen has quit IRC[05:09:50] *** roentgen has joined #postfix[05:10:12] <yaaar> yeah i was just thinking about that[05:10:16] <yaaar> i don't get it either[05:11:19] <pj> lunaphyte: if virtual_*_maps is null then postfix will explicitly accept everything.[05:11:21] <yaaar> oh actually i think i might[05:11:32] <yaaar> May 4 20:25:54 smtp postfix/smtp[19445]: 943E03A0E3F: to=<angel01 at tranquility dot net>, relay=none, delay=12, delays=12/0/0/0, dsn=5.4.6, status=bounced (mail for tranquility.net loops back to myself)[05:11:53] * yaaar opens beer[05:12:12] <yaaar> man you guys have no idea how relieved i am to have that fixed[05:12:33] <pj> hah, yeah, that explains it.[05:12:56] *** roentgen has quit IRC[05:13:56] <lunaphyte> *all* virtual config items were removed[05:14:03] <yaaar> yeah, and worse, if i had done exactly what lunaphyte asked, it wounldn't have happened like that[05:14:21] <pj> lunaphyte: right, but what yaaar is saying makes sense. the email bounced due to a loopback.[05:14:37] <yaaar> he said to comment out virtual_alias_maps and virtual_mailbox_maps ....and i commented virtual_domain_maps too[05:14:39] <pj> if yaaar had sent it from outside the network it would have likely been rejected.[05:15:05] <yaaar> pj: it got deferred[05:15:09] <yaaar> i tried that[05:15:24] <lunaphyte> this would include virtual_mailbox_domains, meaning tranquility.net would no longer be in the virtual address class.[05:15:55] <pj> lunaphyte: right, but the email was accepted for relay because yaaar was sending from an IP in mynetworks[05:15:58] * standon pokes back in[05:16:02] <standon> we're still talking about this?![05:16:03] *** MAAAAAD has quit IRC[05:16:09] <pj> lunaphyte: then it was bounced because the MX lookup was itself[05:16:18] <pj> lunaphyte: ie , loopback[05:16:46] <lunaphyte> ah, that's the missing piece. mynetworks.[05:16:47] <yaaar> haha standon yeah but now we're to the hindsight is 20/20 part[05:16:53] <standon> heh[05:16:55] *** roentgen has joined #postfix[05:17:06] <pj> I'm not sure why sending from outside mynetworks deferred, though. yaaar what was the log for that one?[05:17:12] <yaaar> lemme see[05:18:21] <yaaar> oh. no, i'm misremembering it. the logs from those few minutes suggest it was properly rejecting from out-of-mynetworks IPs[05:18:30] <pj> yaaar: ok, cool[05:18:38] <lunaphyte> and people are dismissive when i say that mynetworks should be empty...[05:18:39] <pj> so it was doing what was expected.[05:18:43] <pj> hehehe[05:18:53] <yaaar> lunaphyte i'd give anything to be able to empty that out...[05:18:57] <pj> well, you need to at least take it into account when troubleshooting.[05:19:07] <lunaphyte> you can achieve it, for sure i've been in your shoes.[05:19:09] <yaaar> too many random devices that won't auth[05:19:12] <lunaphyte> *for sure.[05:19:13] <yaaar> copiers and such[05:19:23] <lunaphyte> that doesn't require mynetworks.[05:19:41] <lunaphyte> i have a non-auth submitters access map for exactly that sort of thing.[05:19:49] <yaaar> hmmm[05:19:53] <yaaar> yes, that does sound fancy[05:20:00] <yaaar> problem is getting from here to there[05:20:17] <yaaar> like, i break that one day and everybody calls me ;-)[05:20:24] <pj> lunaphyte: how is this practically different from mynetworks?[05:20:32] <yaaar> aha![05:20:34] <yaaar> good point[05:20:40] <yaaar> i could just have a bunch of /32 in there...[05:21:13] <lunaphyte> it's different in that mynetworks is a vestige of days gone by, and simply not perceived in the same manner.[05:21:29] <pj> uh huh[05:21:45] <yaaar> yeah, i'll grant you that there's a major psychological difference[05:21:54] <lunaphyte> it doesn't speak to the purpose of the exception[05:22:11] <pj> to me people expect to see that in mynetworks when troubleshooting. sticking it somewhere else just makes it harder to find.[05:22:34] <Corey> Yaar.[05:22:46] <yaaar> Corey:[05:23:19] <lunaphyte> it's a fair argument, but given that logic,one could also make the argument that since submission isn't the norm, it's ok to not use it.[05:23:35] <yaaar> hehe[05:23:44] <yaaar> i though submission *was* the norm now[05:23:52] <Corey> QUite, RFC 2476 saw to that.[05:23:57] <lunaphyte> many people don't know/believe that.[05:24:02] <pj> I actually think it *is* ok to not use it ... as long as you understand the implications.[05:24:26] <Corey> Well yes. :-)[05:24:27] <pj> no submission is not the norm. To this day most popular email clients default to submitting to port 25.[05:24:55] <Corey> Most people are also stupid, I mean what do you want here? :-)[05:24:57] <yaaar> yeah that's weak-sauce[05:24:58] <lunaphyte> but - that illustrates my point. the reason is it becoming the norm is because it's pushed because it's right, not because it's how things have been.[05:25:13] <pj> true[05:25:49] <yaaar> well, i tell you what....i'm about done sitting in this office. you guys rule, thanks a ton. i'm going idle till the mornin' time[05:25:50] <pj> and it would be better if it were the norm, I agree with that, but because it is not I have to be able to support submission to port 25 or I end up with 10x as many support requests from my client.[05:27:32] <lunaphyte> sure, but that's all just circumstantial debate. anything and everything is possible, and every exercise has changing thresholds and climates.[05:27:50] <pj> that said I also support submission to the submission port and encourage clients to use it.[05:29:21] <lunaphyte> my goal here is largely to make the email world a better place, so i preach idealistic notions, rather than delving into the murky waters of the laundry lists of why certain ideal behavior might not be practical.[05:29:26] *** MAAAAAD has joined #postfix[05:29:53] <pj> lunaphyte: fair enough. I tend to see things from a more practical perspective, though.[05:31:01] <pj> my clients don't want to have to jump through extra hoops to configure their email. They want to use outhouse for their email client, etc. And if I can't/won't support it they may just decide to go to someone else who will.[05:31:50] <lunaphyte> for sure. that's the reality part of things though. that implores itself, irc channel or not - and those who have the mental capacity to reconcile idyllic goals with the real world aren't likely to be the subject of a discussion of that topic in the first place - case in point - you :)[05:32:05] <pj> hehehe :-)[05:32:16] <lunaphyte> aha! i *knew* it. the almighty dollar rears its ugly head again. :)[05:32:23] <pj> yep[05:32:36] <pj> I have to earn money to feed my family, to pay the rent, etc.[05:33:08] <yaaar> not sure idyllic means that[05:33:10] <lunaphyte> and how do you sleep at night, knowing that you're enabling these non submission submitters?! ;)[05:33:35] <lunaphyte> yes - idealistic, rather[05:33:46] <yaaar> hehe grammar geeks unite[05:34:02] <pj> I sleep very well in my warm bed, with a full stomach, knowing my children are fed and I can take them to school because I actually *can* afford to pay highly inflated petrol prices.[05:34:17] <yaaar> correct[05:34:18] *** roentgen has quit IRC[05:34:55] <pj> and, not sure if you have children, but they come first.[05:35:41] <lunaphyte> darn self imposed reproductive cycle curses...[05:35:46] <pj> lol[05:36:09] *** roentgen has joined #postfix[05:36:20] <lunaphyte> the ones whose children don't come first yet who still sleep at night are the ones that concern me.[05:36:45] <pj> right[05:36:46] <pj> me too[05:37:40] <Corey> rob0![05:38:00] <rob0> Corey![05:38:04] <Corey> Oh good, you're alive.[05:38:16] <rob0> Is that good?[05:38:25] <lunaphyte> anyway, back to postfix - having a non auth submitters map [mynetworks or otherwise ;) ] is quite handy and flexible when you've got a well configured ldap directory which can leverage dns data. makes it a pretty easy and efficient thing to manage.[05:39:24] <pj> I guess, but I control every machine listed in mynetworks and implicitly trust the content coming from it.[05:39:32] <lunaphyte> i have a group in ldap which is allowed to do non auth submission, and if i can be convinced that a host should be permitted, it's a momentary adjustment.[05:39:47] *** roentgen has quit IRC[05:40:20] <pj> I guess I haven't had the need to get that complex yet.[05:40:47] <pj> mynetoworks has two entries in it for me, and one of them is localhost[05:41:30] <lunaphyte> it also gives me an opportunity to insist that smtp auth be used, which can provide for more granularity and often clearer tracking when unexpected things inevitably happen [like a host that is trusted that perhaps shouldn't have been after all][05:41:38] *** roentgen has joined #postfix[05:41:52] <pj> ahhhh, yep[05:41:59] *** roentgen has quit IRC[05:42:20] <lunaphyte> also, in the interest of full disclosure, i work with inept idiots.[05:42:26] <pj> lol[05:42:45] <lunaphyte> so it's a self preservation mechanism. :)[05:42:53] <jimpop> hahahahah[05:42:55] <pj> my idiots are not so bad, lol, but they do surprise me from time to time.[05:43:26] <lunaphyte> otherwise, left to their own devices, mail servers would effectively be reproducing as though there was somehow mating going on.[05:43:45] <pj> some times I feel like I should put a big red button labled, "blow everything up" in their admin CP that does exactly what it says.[05:43:52] *** roentgen has joined #postfix[05:44:13] *** roentgen has quit IRC[05:44:47] <lunaphyte> i still find arbitrary hosts running mail servers, with other arbitrary hosts pointed to them, with arbitrary firewall exceptions, because there is a general lack of understanding, or interest in any organization other than when it is explicitly forced by some outside stimulus.[05:44:59] <pj> wow[05:45:15] <pj> just block port 25 ... like the ISPs do, then.[05:46:14] <lunaphyte> it is, largely, but because the mess must be carefully cleaned up, the changes happen a bit slowly.[05:46:24] *** roentgen has joined #postfix[05:46:40] <lunaphyte> it's simply too much to bite off in one chunk [like you mentioned re: clients and submission].[05:46:47] <pj> right[05:47:30] <lunaphyte> but since i know in my heart it's better for everyone in the long run, some days i pull on the bandaid a little harder.[05:48:21] <lunaphyte> [hoping that it won't turn out to be more painful for me than for others that day] :)[05:48:35] <pj> lol[05:50:34] *** p3rror has quit IRC[05:51:02] <lunaphyte> speaking of warm beds...[05:51:21] <pj> have a good night[05:54:55] <lunaphyte> thanks, you too.[06:00:10] *** roentgen has quit IRC[06:01:10] *** roentgen has joined #postfix[06:18:50] *** evaryont has quit IRC[06:22:34] *** _ruben has quit IRC[06:25:40] *** bhagat has joined #postfix[06:32:56] *** cytrinox has quit IRC[06:34:25] *** cytrinox has joined #postfix[06:41:05] *** gebi has joined #postfix[06:48:54] *** cpm has quit IRC[06:49:29] *** mandragor has quit IRC[07:08:06] *** roentgen has quit IRC[07:09:04] *** roentgen has joined #postfix[07:13:18] *** _ruben has joined #postfix[07:21:09] *** roentgen has quit IRC[07:29:05] *** bhagat has quit IRC[07:35:16] *** eckirchn has quit IRC[07:36:50] *** sphenxes has joined #postfix[07:53:55] *** gerhard7 has joined #postfix[08:04:15] *** n0sq has quit IRC[08:15:21] *** dxtr has quit IRC[08:20:07] *** dxtr has joined #postfix[08:20:30] *** UQlev has joined #postfix[08:20:40] *** n0sq has joined #postfix[08:20:41] *** Kartagis has quit IRC[08:20:41] *** Kartagis has joined #postfix[08:31:49] *** fgro has joined #postfix[08:37:28] *** jujugre has joined #postfix[08:56:50] *** e-jones has joined #postfix[08:57:53] *** weedar has joined #postfix[09:01:38] *** dxtr has quit IRC[09:01:49] *** dxtr has joined #postfix[09:08:10] *** zorg1 has joined #postfix[09:10:16] *** davlefou has joined #postfix[09:11:12] *** e-anima has joined #postfix[09:12:18] *** camro|away has joined #postfix[09:13:31] *** bzo`away is now known as bezourox[09:21:36] *** abyss has quit IRC[09:33:32] *** UQlev has quit IRC[09:41:24] *** todd_dsm has quit IRC[09:47:09] *** gebi has quit IRC[09:50:11] *** david__ has joined #postfix[09:50:40] *** doomas has quit IRC[09:51:03] *** david__ has quit IRC[09:51:05] *** doomas_na has joined #postfix[09:52:12] *** doomas_na is now known as doomas[09:52:52] *** davlefou has quit IRC[09:54:29] *** hever has joined #postfix[09:55:29] *** todd_dsm has joined #postfix[09:55:31] *** davlefou has joined #postfix[10:04:59] *** JoKoT3 has joined #postfix[10:05:58] <trurl> Tabmow: thanks, i've read that before, what i didn't notice that inet_protocols = all is _not_ the default.[10:29:00] *** bhagat has joined #postfix[10:36:46] *** abyss has joined #postfix[10:39:24] <abyss> hi, i'd like to limit sending messages on postfix - for example: server WWW sending 1000 error logs from php to my MTA (postfix), i'd like to do smth like: if get 30 messages from root@ per 30 sec. then dropped all messages from root@. How i can do that?[10:40:54] <adaptr> per-user ? not natively[10:41:00] <adaptr> you could use a policy service[10:44:18] <abyss> if not per-user, so what i can limit? Per ip?[10:52:01] *** dragonheart has joined #postfix[11:00:33] *** kenyon has quit IRC[11:02:15] <abyss> or what not natively programm can do it?;)[11:02:59] <jelly> a policy daemon, postfwd is simple enough[11:05:41] *** kenyon has joined #postfix[11:06:03] <abyss> ok, thank you[11:08:27] <abyss> reciving mails needs too policy daemon?;)[11:08:56] <abyss> i'd like to do that without additional programms[11:10:03] *** fgro has quit IRC[11:10:14] <jelly> policy daemon _is_ for incoming mail[11:12:01] *** JoKoT3 has quit IRC[11:21:23] *** TomHome has joined #postfix[11:38:34] *** n0sq has quit IRC[11:46:17] *** jelly has quit IRC[11:46:49] *** jelly has joined #postfix[11:47:53] *** fgro has joined #postfix[11:50:25] *** n0sq has joined #postfix[11:58:51] *** basho__ has joined #postfix[12:01:21] *** bubu has joined #postfix[12:02:33] *** twobitha1ker has joined #postfix[12:03:23] *** bubu has quit IRC[12:03:41] *** Aprogas_ has joined #postfix[12:03:49] *** fahadsadah has quit IRC[12:03:49] *** tomo\inai has quit IRC[12:04:03] *** Aprogas has quit IRC[12:04:24] *** dim has quit IRC[12:04:24] *** many has quit IRC[12:04:24] *** twobithacker has quit IRC[12:04:24] *** micols has quit IRC[12:04:24] *** madduck has quit IRC[12:04:55] *** dim has joined #postfix[12:04:59] *** RecQuery has quit IRC[12:05:00] *** micols has joined #postfix[12:05:04] *** RecQuery has joined #postfix[12:05:04] *** RecQuery has joined #postfix[12:05:21] *** many has joined #postfix[12:05:43] *** madduck has joined #postfix[12:05:55] *** fahadsadah has joined #postfix[12:21:28] *** weedar has quit IRC[12:23:46] *** weedar has joined #postfix[12:25:45] *** wdp has joined #postfix[12:25:45] *** wdp has joined #postfix[12:27:15] *** weedar has quit IRC[12:33:35] *** bhagat has quit IRC[12:34:39] *** bhagat has joined #postfix[12:45:24] *** Aprogas_ has quit IRC[12:45:38] *** Aprogas has joined #postfix[12:48:06] *** JoKoT3 has joined #postfix[12:51:14] *** bejelith has joined #postfix[12:54:28] *** wdp_ has joined #postfix[12:57:45] *** wdp has quit IRC[13:00:37] *** JoKoT3 has quit IRC[13:10:32] *** weedar has joined #postfix[13:13:51] *** weedar has quit IRC[13:14:14] *** weedar has joined #postfix[13:29:32] *** weedar has quit IRC[13:29:51] *** weedar has joined #postfix[13:31:31] *** weedar has quit IRC[13:31:58] *** weedar has joined #postfix[13:34:41] *** Gatto has joined #postfix[13:37:31] *** weedar has quit IRC[13:38:26] *** weedar has joined #postfix[13:43:32] *** weedar has quit IRC[13:43:50] *** weedar has joined #postfix[13:51:32] *** weedar has quit IRC[13:51:52] *** weedar has joined #postfix[13:54:39] *** bhagat has quit IRC[13:55:35] *** jax has joined #postfix[13:55:38] <jax> aloha my friends[13:55:58] <jax> where can you configure how many seconds postfix waits until deferred messages are retried, and how many times he tries until it bounces?[13:56:08] <jax> s/bounces/gives up[13:58:34] <jax> !http://www.postfix.org/postconf.5.html#queue_run_delayy[13:58:34] <knoba> jax: Error: "http://www.postfix.org/postconf.5.html#queue_run_delayy" is not a valid command.[13:58:44] *** weedar has quit IRC[13:58:46] <jax> !queue_run_delay[13:58:46] <knoba> jax: "queue_run_delay" : a configuration parameter in the main.cf: The time between deferred queue scans by the queue manager.[13:59:37] <jax> !minimal_backoff_time[13:59:37] <knoba> jax: "minimal_backoff_time" : a configuration parameter in the main.cf: The minimal time between attempts to deliver a deferred message. This parameter also limits the time an unreachable destination is kept in the short-term, in-memory, destination status cache.[14:03:58] *** tomo\inai has joined #postfix[14:06:06] *** pj has quit IRC[14:07:21] *** jax has quit IRC[14:09:06] *** weedar has joined #postfix[14:16:40] *** uqlev has joined #postfix[14:17:57] *** bejelith has quit IRC[14:18:26] *** TomHome has quit IRC[14:40:31] *** dacm_work has quit IRC[14:46:35] *** weedar has quit IRC[14:48:15] *** uqlev has quit IRC[14:53:38] *** Tykling has quit IRC[14:54:31] *** dacm_work has joined #postfix[14:57:07] *** Tykling has joined #postfix[14:59:05] *** gerhard7 has quit IRC[15:01:19] *** dacm_work has quit IRC[15:09:25] *** dragonheart has quit IRC[15:11:12] *** hever has quit IRC[15:14:11] *** dacm_work has joined #postfix[15:16:28] *** jgreig has joined #postfix[15:20:12] *** Section1 has joined #postfix[15:28:24] <jgreig> hi, hope someone can point me in the right direction here. I've used sql lookups for virtual mailboxes and domains for quite a while in postfix now but have now decided to use it for transport. For some reason though for the odd email that goes through i'm getting 'unknown transport error' which seems to be as a result of: fatal: valid hostname or network address required in server description: 192.168.1.61:28,lmtp:192.168.1.61:28,lmtp:192.168.1.61:28[15:29:05] <jgreig> the domain transport lookup should be bringing backup "lmtp:192.168.1.61:28"[15:29:12] <jgreig> *back[15:31:28] *** e-jones has quit IRC[15:32:35] <lunaphyte_> !tell jgreig welcome[15:32:36] <knoba> jgreig: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:34:30] <jduggan> jgreig: firstly, get back to work you lazy slob, secondly, try wrapping the ip/port combination in [] to supress MX lookup, thirdly, have you checked with postmap -q "user at foo dot com" /etc/postfix/yourrule to check what it is returning?[15:35:18] <jgreig> for a moment there I thought you were someone helpful:)[15:35:21] <jduggan> point 2 might be moot[15:35:40] <jgreig> will give them ago, pretty sure I had tried the square brackets previously[15:37:16] <lunaphyte_> firstly is "provide the data is specified in the channel /topic"[15:37:41] <jduggan> 192.168.1.61:28,lmtp:192.168.1.61:28,lmtp:192.168.1.61:28 <- is that what your sql is returning?[15:38:11] *** hever has joined #postfix[15:38:12] <jgreig> no, checked the sql[15:38:32] <lunaphyte_> stop making us quiz you. provide the data described in the channel /topic[15:41:29] <jgreig> http://pastebin.com/wKWszLdg[15:42:35] <lunaphyte_> show more context in the logs[15:43:18] <lunaphyte_> show entire processing of one message that results in the undesired behavior.[15:44:14] <lunaphyte_> also show master.cf with comments removed.[15:46:47] *** ChameleonSys has quit IRC[15:47:06] *** ChameleonSys has joined #postfix[15:47:33] *** zealiod has joined #postfix[15:48:39] <zealiod> I've recently changed which mysql server postfix auths users from to a remote server, rather than localhost - however even though I've change all .cf files - it still polls the 127.0.0.1 database... does postfix cache anything?[15:48:58] <lunaphyte_> !tell zealiod welcome[15:48:58] <knoba> zealiod: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:49:23] *** Gatto has quit IRC[15:49:34] <zealiod> thanks, i feel i've done that[15:49:58] <lunaphyte_> cool, then you should be able to easily provide that data.[15:53:49] *** wdp_ has quit IRC[15:53:58] *** weedar has joined #postfix[15:55:43] <zealiod> http://www.nomorepasting.com/getpaste.php?pasteid=36373[15:55:56] <zealiod> this is my config[15:56:24] <lunaphyte_> i'm not sifting through all that. read the channel /topic, please.[15:57:14] <zealiod> ok, one mo[15:58:19] *** weedar has quit IRC[15:58:27] *** weedar has joined #postfix[15:58:28] <zealiod> ok, revised - http://www.nomorepasting.com/getpaste.php?pasteid=36375[15:58:37] <zealiod> I'll just post the .cf file[15:59:15] <lunaphyte_> why?[15:59:44] <zealiod> http://www.nomorepasting.com/getpaste.php?pasteid=36376[15:59:59] <lunaphyte_> oh, *that* cf file.[16:00:02] <zealiod> ok, and thats the revised file, with the changed host in[16:00:15] <zealiod> there are 4 of those, all the same host - do you want to see them all?[16:00:23] <lunaphyte_> not really.[16:00:26] <zealiod> ok[16:00:33] <lunaphyte_> just the rest of the data as per the /topic, please.[16:01:17] <zealiod> will mail.log be enough?[16:01:30] <zealiod> which other logs do you think?[16:01:48] <lunaphyte_> !logs[16:01:49] <knoba> lunaphyte_: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /etc/syslog.conf should tell you where logs are going. also see !no_logs and !have2mung[16:03:11] *** e-jones has joined #postfix[16:08:36] *** fOrsberg has quit IRC[16:09:31] *** pmatulis has joined #postfix[16:09:31] *** Tykling has quit IRC[16:10:00] *** Shuro has quit IRC[16:10:24] <pmatulis> how do i limit the destination domains my server can send to?[16:10:35] <lunaphyte_> !tell pmatulis access[16:10:35] <knoba> pmatulis: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[16:10:47] *** Shuro has joined #postfix[16:11:31] *** Blinkiz has joined #postfix[16:13:15] *** hever has quit IRC[16:13:19] <Blinkiz> Hi. Does settings in master.cf override settings in main.cf? Thinking about setting smtpd_client_event_limit_exceptions=0.0.0.0/0 on a different port like 10025.[16:13:48] <Blinkiz> Limits should still apply (that I have set up in main.cf) on port 25.[16:14:24] <sysmonk> Blinkiz: yes, they do[16:15:24] <Blinkiz> sysmonk, greejt :)[16:17:10] <lunaphyte_> uh - 0.0.0.0/0 ? why, exactly?[16:17:20] <pmatulis> lunaphyte_: that resource covers accepting mail. i asked about sending mail[16:17:38] *** fOrsberg has joined #postfix[16:18:02] <lunaphyte_> pmatulis: be more descriptive in your goal then.[16:18:39] <pmatulis> lunaphyte_: i want my internal users to be able to send only to xyz.com and abc.com say[16:18:55] <Blinkiz> lunaphyte, 0.0.0.0/0.. eeh.. well. I guess that makes the rule apply to all connecting hosts?[16:19:25] <lunaphyte_> pmatulis: so then don't *ACCEPT* mail from those users for those destinations...[16:19:36] <lunaphyte_> Blinkiz: yes, and why would you want to do this?[16:19:48] *** weedar has quit IRC[16:20:42] <pmatulis> lunaphyte_: ok, makes sense[16:20:48] <pmatulis> lunaphyte_: thx[16:20:53] <lunaphyte_> you're welcome[16:23:22] *** {_morpheus_} has joined #postfix[16:24:04] *** weedar has joined #postfix[16:24:34] *** weedar has quit IRC[16:27:01] *** pmatulis has left #postfix[16:27:07] <Blinkiz> lunaphyte, Na, it's not so important really.[16:27:31] <lunaphyte_> uh huh.[16:27:38] <Blinkiz> lunaphyte, I can probably just exclude my customer on port 25. More cool to know things how it works :)[16:32:58] *** MondoBizzarro has joined #postfix[16:35:11] *** Tykling has joined #postfix[16:49:46] *** gerhard7 has joined #postfix[16:56:03] *** brancaleone has joined #postfix[17:03:47] *** fgro has quit IRC[17:04:38] *** Gatto has joined #postfix[17:04:56] *** MondoBizzarro has quit IRC[17:05:41] *** abyss has quit IRC[17:05:46] <roe> anyone use the sanesecurity.org signatures?[17:16:04] *** brancaleone has quit IRC[17:24:09] *** doomas has quit IRC[17:25:14] *** doomas_na has joined #postfix[17:35:50] *** Gatto has quit IRC[17:39:55] *** Blinkiz has quit IRC[17:45:12] *** Wyn has joined #postfix[17:45:35] *** e-jones has quit IRC[17:45:54] <Wyn> hey, whats the easiest way on Postfix/Mailman to hold all incoming mails ? postsuper I can use to hold the que but all incoming mails should be held[17:48:02] <patdk-wk> just use the access list, and the HOLD command[17:49:34] *** Lenhix has joined #postfix[17:51:16] <Wyn> patdk-wk, thought about defer_transports = smtp would be easier ?[17:51:37] <patdk-wk> no idea[17:51:50] <patdk-wk> I always use hold in access maps, but I do it dynamically per address[17:52:10] <patdk-wk> if someone sends email too fast, they go to the HOLD, till checked they aren't a spammer[17:52:14] <Wyn> ah, im going for the lot :)[17:52:25] <Wyn> it is a mailman list being migrated[17:55:47] *** roentgen has joined #postfix[17:57:43] *** Lars_G has joined #postfix[17:57:48] <Lars_G> Greets all[17:58:09] <Lars_G> I'm getting a lot of these kind in console, but I don't see naught on the log, not even doing a postfix stop/start: mail fatal: lock file defer E083A5403DD: Resource temporarily unavailable[18:06:11] *** brancaleone has joined #postfix[18:07:49] *** jujugre has left #postfix[18:07:51] <Lars_G> Any tips or ideas are welcome :)[18:08:09] *** zorg1 has quit IRC[18:13:05] <Wyn> Lars_G, that me[18:13:35] <Wyn> Lars_G, all mail on plone01 is defered to the que, postsuper -h ALL is on, will then relase and forward it ot new server[18:13:56] <Wyn> Lars_G, please tell me you did not touch anything :) I should of warned you as well as Calvin[18:14:04] <patdk-wk> heh?[18:14:17] <Wyn> are shit, wrong channel[18:14:19] <Wyn> woops[18:14:20] <patdk-wk> we have two admins on the same server, causing each other issues? :)[18:14:26] <Wyn> thought I was on our admin channel for a sec[18:15:40] <Lars_G> Wyn: I didn't touch anything anyhow, since I don't have access to your machines or even know where they are[18:16:20] <Wyn> Lars_G, that was my fault I thought i was on my own admin channel, we have a guy with the user name LarsN[18:16:28] <Lars_G> ;)[18:16:43] <Lars_G> We Lars are few, outside of a few specific countries, but we're all special[18:16:55] *** e-jones has joined #postfix[18:17:01] <Wyn> Lars_G, in your case it cant get a lock on the mailbox so is defering, check the user is delivrable[18:17:08] <Wyn> LOL[18:17:13] <Wyn> Go scandinavia[18:17:47] <Lars_G> I'm Venezuelan[18:17:49] <Mark22> Wyn: also doing plone hosting and using postfix? ;)[18:17:51] <Lars_G> Son of Argentinians[18:18:03] <Lars_G> Descendant of Hungarians, Austrians and Vasques[18:18:12] <Wyn> Mark22, hah, you know me ?[18:18:16] <Lars_G> So, the name was kind of a serendipity[18:18:33] <Wyn> Lars_G, ah, our Lars is a scandinavian name orgonally[18:18:40] <Lars_G> It is.[18:18:50] <Lars_G> Altough I though the name is more common in Denmark[18:18:56] <Wyn> Mark22, I moving the Plone services mailman, Im head of the Admin team[18:19:14] <Lars_G> Or Dane, I forget[18:19:15] <Wyn> Denmark is part of Scandinavia[18:19:25] <Wyn> Dane/danish/Denmark[18:19:29] <Lars_G> It is, but the name's not common in all of Scandinavia[18:19:33] <Wyn> true[18:19:42] <Wyn> It is a good name though[18:19:48] <Lars_G> Oh it is[18:19:50] <Lars_G> a very good name[18:20:04] <Wyn> Mark22, oh, and we mainly handle extreme hosting, not Plone per se[18:20:44] <Mark22> Wyn: nice, we just maintain a few systems for Plone in the Netherlands. If you need something, just mention it and I can always look what we can sponsor for the Plone community[18:21:22] <Mark22> Wyn: we mainly host custom solutions based on PHP, but we also have some nice Plone sites[18:21:28] <Wyn> Mark22, thanks, ping me on #plone.org with company details and will follow up on that sometime[18:21:41] <Wyn> Mark22, Plone rocks :)[18:21:54] <Wyn> Mark22, how do you know me then ? out of intrest[18:22:02] * Wyn is really bad with names[18:22:10] <Lars_G> Wyn: Extreme hosting? like EngineYard?[18:22:24] <Lars_G> Wyn: I don't think he knows you[18:22:32] <Lars_G> Wyn: You mentioned plone and he took from there[18:22:58] <Mark22> Wyn: I didn't say I know you, maybe by name and maybe we did communicate in the past[18:23:26] <Wyn> Lars_G, like if you expect 3 or 4 million vistors in half an hour / streaming them video and pages etc sort of thing[18:23:36] <Lars_G> Wyn: btw it's refreshing to find someone who likes my name (appart from my bf and parents). I live in a southamerican country with very different naming tendencies so when I say my name people tend to go huh and their eyes glaze over[18:23:42] <Wyn> Mark22, I wondered how you got the Plone thing ?[18:23:53] <Lars_G> Wyn: Distributed a la akamai or centric?[18:23:56] <Wyn> Mark22, AH, the msg i wrote plone01[18:23:58] <Wyn> got it[18:24:06] <Wyn> Lars_G, we have our own global CDN[18:24:06] <Mark22> yes[18:24:16] <Wyn> Mark22, now i just feel silly :)[18:24:16] <Lars_G> Wyn: cachefly?[18:24:21] <Lars_G> Wyn: Or just the same idea?[18:25:00] <Wyn> Lars_G, forward/reverse proxy, video streaming, SSL termination/re-encryption, geo-location /IPSEC etc[18:25:46] <Mark22> Wyn: we mainly do hosting for people in the Netherlands at the moment, so numbers are lower (but sometimes high per server when a site is mentioned in news items/on busy websites)[18:26:06] <Wyn> Mark22, I am the leader of the Plone CMS systems administration team, we run SVN/Trac list.plone.org etc and I am a foundation member so I just asumed i knew you fronm that[18:26:17] <Lars_G> Interesting[18:26:40] *** e-jones has quit IRC[18:26:41] <Lars_G> Wyn: If you handle video streaming do you handle also voip conduits? maybe even termination?[18:26:50] *** brancaleone has quit IRC[18:26:51] <Lars_G> Wyn: What about mpls?[18:27:05] *** sysmonk has quit IRC[18:27:26] <patdk-wk> and here I was thinking of futurama lars :)[18:27:29] <Wyn> Lars_G, we handle global VOIP delivery systems for companies, both encrypted and balanced[18:28:06] *** sysmonk has joined #postfix[18:28:09] <Lars_G> patdk-wk: At least it's not Lars Ulrich, I bristle when they say "Like Lars Ulrich!"... the only time a person said "Oh like Lars Von Trier" I almost hugged her out of air[18:28:32] * patdk-wk doesn't know either[18:28:40] <Lars_G> Wyn: Interesting, we might've worked over you sometime, I used to work at an ISP and we had voip origination, and contracted with several termination companies[18:29:03] <Lars_G> Wyn: Do you have your own pipes?[18:30:13][18:30:20] <Wyn> 3x40GB fibers[18:30:25] <Wyn> damn keyboard[18:30:40] *** x3mw3rty has joined #postfix[18:30:54] <Wyn> Lars_G, our services are mainly private or security orintated however[18:31:40] * Lars_G nods[18:31:42] <Lars_G> Interesting[18:31:46] *** x3mw3rty has quit IRC[18:32:01] *** x3mw3rty has joined #postfix[18:32:08] * Wyn the Finnish rock that stuff :)[18:32:31] * Wyn the Finnish also invented IRC[18:32:38] * Wyn the Finnish scare me sometimes[18:33:25] *** zealiod has quit IRC[18:33:33] <Lars_G> Don't be scared[18:33:59] *** x3mw3rty has quit IRC[18:34:11] <Wyn> LOL[18:34:18] <Lars_G> A people who invent lutefisk are too centered on their own pain and suffering to do the world any harm[18:34:43] *** x3mw3rty has joined #postfix[18:35:11] <Wyn> Lars_G, the Finnish invented lots of things, including sauna but lutefisk is thankfully not one of them, thats the Swedish/Norwegians[18:41:19] *** Wyn is now known as Wyn|AFK[18:41:24] *** Wyn|AFK has left #postfix[18:45:16] *** dacm_work has quit IRC[18:48:18] *** bubu has joined #postfix[18:52:08] *** ced117 has joined #postfix[18:52:08] *** ced117 has joined #postfix[18:52:34] *** zealiod has joined #postfix[18:59:07] *** dacm_work has joined #postfix[19:00:27] *** mambaw has joined #postfix[19:07:28] *** mroe has joined #postfix[19:07:28] *** mroe has joined #postfix[19:09:15] *** Toerkeium has joined #postfix[19:19:54] *** Mu574N9 has joined #postfix[19:20:12] *** empity has quit IRC[19:20:23] <Mu574N9> How do I check the I.P Address from which mails have come in the mailogs ?[19:21:04] <Mu574N9> In postfix[19:24:07] <mroe> huh?[19:24:23] <mroe> the connect line will show you the host that is connecting to you[19:24:29] <mroe> is that your question?[19:26:25] *** AcTiVaTe has quit IRC[19:26:42] <adaptr> Mu574N9: have you SEEN your logs ? like, ever ?[19:27:43] <mroe> ha[19:28:10] <patdk-wk> logs?[19:28:20] <Mu574N9> Yes the client= option[19:28:28] <Mu574N9> Just figured that out.[19:28:40] <adaptr> ...or perhaps the connect from: part[19:29:06] <Mu574N9> ok[19:29:17] <Mu574N9> adaptr: Thanks for your feedbacks.[19:29:18] <adaptr> in fact, depending on how well this client is represented in DNS, the client will be in the logs 4 or 5 times[19:29:21] *** Lenhix has quit IRC[19:29:27] <Mu574N9> ok[19:29:35] <mroe> thanking adaptr?[19:29:42] *** TuxOtaku has joined #postfix[19:29:46] <TuxOtaku> quick question:[19:29:49] <adaptr> yes, look up, aerial pigs are next[19:29:49] <mroe> all he did was make fun of you for not reading[19:30:00] <TuxOtaku> Maildir over CIFS...stupid idea?[19:30:06] <adaptr> very[19:30:10] <TuxOtaku> that's what I thought[19:30:12] <adaptr> no atomic rename[19:30:12] <thumbs> yes, yes, yes and yes.[19:30:19] <adaptr> maildir requires atomic rename[19:30:21] <TuxOtaku> what about NFS?[19:30:30] <TuxOtaku> or iSCSI?[19:30:38] <adaptr> what ABOOT it!>?!?[19:30:39] <mroe> TuxOtaku: iSCSI is probably your best bet[19:30:50] <mroe> you may run into locking issues with NFS[19:30:55] <adaptr> TuxOtaku: iSCSI is nto a file system, in case you were concussed as a duckling[19:31:06] <TuxOtaku> adaptr, yes I know that[19:31:10] <adaptr> one doubts[19:31:25] <mroe> adaptr: insult him some more, he'll probably end up thanking you too[19:31:44] <adaptr> that was where I was going with that, yeah. I'm testing if its a trend[19:32:07] <TuxOtaku> and yeah I figured as much with the locking, but what if it's nfs4?[19:32:15] <adaptr> (not that I insulted him. you need to check UR dictionaries. mroe )[19:32:19] <Mu574N9> mroe: Some times that helps :)[19:32:34] <rob0> NFS could work, no locking issues with maildir[19:32:54] <TuxOtaku> rob0, what options would I have to set on the export?[19:33:10] <rob0> not ideal, but it should work[19:33:13] <TuxOtaku> no_root_squash is a given[19:33:21] <mroe> I love the word 'should'[19:33:23] <adaptr> ... root should be squashed[19:33:26] <rob0> no I don't think you want no_root_squash[19:33:37] <adaptr> TuxOtaku: you do NOT want to expose maildirs AS root[19:33:44] <TuxOtaku> rob0, if you don't though, everything gets owned by root[19:33:47] <mroe> TuxOtaku: can you give us a bit more of the story?[19:33:50] <rob0> Postfix won't deliver as root anyway[19:33:51] <adaptr> TuxOtaku: bullshiiit[19:34:07] <adaptr> reality is actually the opposite[19:34:08] <mroe> While I enjoy flailing about wildly making suggestions, with a bit more information we could be more helpful[19:34:36] <rob0> indeed, mroe is right, time for details before throwing out more guesses.[19:34:52] <adaptr> I was on a wagroll. spoilsport[19:35:02] <rob0> sorry[19:35:03] * mroe hands adaptr a duckling[19:35:08] <TuxOtaku> adaptr, don't you have a bridge to stand under or something?[19:35:23] <TuxOtaku> so okay, here's the situation:[19:35:35] <adaptr> TuxOtaku: do you have one for sale ?[19:35:45] <TuxOtaku> postfix/courier setup on a Citrix XenServer domU[19:35:54] <adaptr> yeah, preambling on a non-verbal medium. useful![19:36:04] <mroe> oy[19:36:15] <mroe> the 'for pay' version?[19:36:25] <TuxOtaku> mailstore is going to be on a remote volume on an OpenFiler SAN[19:36:32] <TuxOtaku> mroe, no, just the free version for now[19:36:41] <mroe> ah, ok.[19:36:43] <rob0> that's a Windows-based virtual machine, right?[19:36:53] <TuxOtaku> ...[19:36:55] <adaptr> ...[19:37:02] <TuxOtaku> I'm not even answering that[19:37:13] <mroe> rob0: nope[19:37:15] <adaptr> rob0: he said "xen" and "domu"[19:37:16] <rob0> Okay. I'm not googling it. Bye.[19:37:33] <TuxOtaku> anyway[19:37:48] <adaptr> rob0: or did you mean openfiler ? surely you have heard of that[19:37:58] <adaptr> Et tu, Shirley ?[19:38:02] <TuxOtaku> so /home/vmail is going to be physically located on openfiler[19:38:16] <mroe> I'd use iscsi[19:38:22] <mroe> if it is available[19:38:26] <adaptr> TuxOtaku: yes, we KNOW. you're "talking". skip the friggin non-verbal verbalisations. it's distracting, useless, and paints you a right git.[19:38:53] <mroe> less overhead[19:39:00] <mroe> will make for better performance[19:39:08] * adaptr passes a duckling overhead mroe[19:39:11] <TuxOtaku> adaptr, hi. fuck off. you're not being in any way helpful.[19:39:17] *** Captain_Haddock has quit IRC[19:39:19] <TuxOtaku> and pardon my french[19:39:25] <thumbs> TuxOtaku: mind your language here.[19:39:38] <mroe> adaptr: jokes on you! it was a goose[19:39:40] <adaptr> TuxOtaku: you need to provide useful facts.[19:39:55] <adaptr> so far, we have "durr what should I use". experiment![19:40:20] *** xai has joined #postfix[19:41:01] <TuxOtaku> adaptr, look, I already told you...I'm not rising to your bullshit. so stfu already.[19:41:27] <adaptr> TuxOtaku: you have been warned, yes ? I don't insult you, or swear at you. I ask you to do the same.[19:42:03] <adaptr> if you think this is a free ride, get off the bus NOW. you'll only be disappointed later[19:42:07] <TuxOtaku> <adaptr> TuxOtaku: bullshiiit[19:42:09] <TuxOtaku> :)[19:42:54] <mroe> Let me see if I can keep the peace. His mailstore is located on a SAN (Open Filer). It has FS-level protocols and Block-level protocols available to it. I think his first question should be: Is there a significant advantage/disadvantage in using a FS protocol (NFS/SMB/etc) vs a block-level protocol (iscsi) with regard to performance and stability. He will be using maildir as a mailbox format with _____ users.[19:43:19] <TuxOtaku> thank you[19:43:31] <mroe> And a single smtp server and a single imap/pop server[19:43:35] <TuxOtaku> yes[19:43:46] <mroe> TuxOtaku: fill in the blank[19:43:52] <adaptr> it depends. openfiler on an iphone ? or on a 12-core xeon with 24 disks[19:44:06] *** xai has quit IRC[19:44:14] <TuxOtaku> well, let's start with say, 50-75 users[19:44:29] <mroe> adaptr: FS-based protocols will put more load on the SAN?[19:44:34] <TuxOtaku> possibly slightly more. I haven't done a formal headcount[19:45:19] <adaptr> mroe: not precisely. but if the "SAN" (really NAS) server is underspecced, block-level protocols will offer even more advantages[19:45:47] <TuxOtaku> as for where openfiler is running. it's an Intel i7 960, 8GB RAM, Hardware RAID1 2TB[19:45:58] <adaptr> not that it matters, for < 100 mailboxes a single SATA disk will do fine.[19:46:00] <mroe> well right. I think that is what the discussion is. Should he use Openfiler as a SAN or as a NAS[19:46:31] <lunaphyte> !tias[19:46:31] <knoba> lunaphyte: "tias" : Try It And See[19:46:42] <mroe> and as I have said all along, if iscsi is availble to you, I would use it[19:46:48] <adaptr> although 4x 1TB in RAID-10 would have been a 5-times better storage solution[19:47:08] <adaptr> I wish 2TB drives would die already. oh wait, they do[19:47:21] <mroe> adaptr: how much better would an 8x 1TB RAID-10 have been?[19:47:27] *** hever has joined #postfix[19:47:28] <adaptr> 10 times, obviously[19:47:41] <mroe> how bout 6x 1TB (that's a curve ball)[19:47:56] <adaptr> 5 time4s plus 4 extra drives, plus 1 more for more mailbox space[19:48:04] <adaptr> so, 10 times[19:48:20] <adaptr> pfft curve ball ? you mean it's still in 3 dimensions ? amateur[19:49:11] <TuxOtaku> right well I'll stick with iscsi then. jesus. I come in here with a simple question and I get attacked by a coked up 10 year old for it.[19:49:29] <TuxOtaku> mroe, thanks for the help.[19:49:35] <TuxOtaku> adaptr, go back to 4chan.[19:49:38] *** TuxOtaku has left #postfix[19:49:44] <adaptr> "Trolling"[19:49:51] <mroe> not even a good troller[19:50:25] *** p3rror has joined #postfix[19:52:24] *** xai has joined #postfix[19:53:47] <xai> I have a private network attached to ATT dsl, and want to setup an SMTP server running postfix so that my windows users can just point to it for outbound. So far ATT's authentication eludes me. Anyone know how this may work?[19:54:03] <mroe> !ATT[19:54:03] <knoba> mroe: Error: "ATT" is not a valid command.[19:54:08] <adaptr> !tell xai nullclient[19:54:08] <knoba> xai: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[19:54:30] <mroe> sorry that is the maximum effort I am willing to make to find out what kind of authentication ATT supports[19:55:00] <xai> adaptr, I need a non=null client, I want to send our Tbird clients to this.[19:55:03] <xai> no?[19:55:28] <xai> !nullclient_software[19:55:28] <knoba> xai: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include msmtp, esmtp, ssmtp and nullmailer. also see !msa[19:55:31] <adaptr> xai: I don't see why you need more than a nullclient[19:55:51] <mroe> whoa, what question are you asking? 'What authentication mechanisms do ATT support? or how do I configure a mail relay on my local network to relay all outgoing mail to my ISP's mailsever?[19:55:55] <mroe> mailserver*[19:56:03] *** Tykling has quit IRC[19:56:10] <adaptr> no no, I like mailsever.[19:56:25] * mroe severs adaptr's mail[19:56:29] <adaptr> and emilmassages[19:56:42] <xai> mroe: i want to setup an internal relay in our LAN, that then relays to ATT's relay.[19:56:45] <mroe> I could use a good emilmassage right now[19:56:52] <adaptr> xai: I don't see why you need more than a nullclient[19:57:05] <rob0> Emil? Or Emily?[19:57:19] <xai> adaptr, Will a nullclient allow me to send our internal mail form the pc's to it?[19:57:28] <mroe> adaptr: null-clients won't accept mail from on-network hosts[19:57:39] <lunaphyte> why do you want another stop along the way?[19:57:47] <adaptr> oh, I must have inadvertently completely ignored what he said[19:57:58] <adaptr> but yes, what the loony said[19:58:03] <lunaphyte> your internal clients can submit mail to att's msa just fine.[19:58:36] <lunaphyte> [there is a sell here that can be made - but i won't volunteer it][19:58:57] <xai> It seems that ATT, requires users to authenticate each email outbound with a value user/pass. Even those guys that don't have an att email addr.[19:59:13] <mroe> xai: not uncommon[19:59:22] <rob0> Right. Your idea might not work with AT&T.[19:59:32] <xai> mroe: any recommendations?[19:59:37] *** Tykling has joined #postfix[19:59:39] <mroe> yes[19:59:44] <mroe> !relayhost[19:59:44] <knoba> mroe: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[19:59:51] <mroe> !smtp_auth[19:59:51] <knoba> mroe: Error: "smtp_auth" is not a valid command.[20:00:03] <mroe> hrm[20:00:10] <lunaphyte> i love listening to rock music on hold.[20:00:14] <lunaphyte> no _[20:00:19] <mroe> !smtp_passwd[20:00:20] <knoba> mroe: Error: "smtp_passwd" is not a valid command.[20:00:24] <lunaphyte> !smtpauth[20:00:24] <knoba> lunaphyte: "smtpauth" : a feature that authenticates trusted users for submitting email to postfix. See !sasl.[20:00:29] <mroe> ugh[20:00:37] <mroe> thanks lunaphyte[20:00:44] <xai> mroe: yea I think my original idea was to setup a relay.[20:00:48] <lunaphyte> anyway, there's an acceptable case for setting up a local msa. i can appreciate that.[20:00:54] <lunaphyte> !tell xai msa[20:00:54] <knoba> xai: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[20:02:26] <lunaphyte> configure that to do tls and smtp auth, and then configure the msa to submit the messages to the relayhost using tls and smtp auth over submission. all covered quite extensively in the documentation the author provides for free with the software.[20:10:47] *** bubu has quit IRC[20:14:43] *** xai has quit IRC[20:19:58] *** sepski has joined #postfix[20:22:43] *** zealiod has quit IRC[20:26:16] *** weedar has joined #postfix[20:28:20] *** doomas_na has quit IRC[20:28:24] *** doomas_na has joined #postfix[20:28:57] *** weedar has quit IRC[20:31:20] *** weedar has joined #postfix[20:32:19] *** weedar has quit IRC[20:35:54] *** davlefou has quit IRC[20:36:33] *** gebi has joined #postfix[20:39:04] *** shal3r has quit IRC[20:41:16] *** shal3r has joined #postfix[20:44:58] *** x3mw3rty has quit IRC[20:51:36] <Lars_G> Btw what ever happened to spf? did it evolve? is it in use? will it be?[21:06:29] <sepski> yes it's in moderate use. i can't tell the future.[21:06:45] <Lars_G> I'll check it out[21:10:15] *** sepski has quit IRC[21:18:14] *** todd_dsm has quit IRC[21:21:03] <mroe> Lars_G: if you're going to check out SPF, I would also checkout DKIM[21:21:36] *** dacm_work has quit IRC[21:22:13] <Lars_G> I will[21:23:30] <mroe> both are only marginally effective[21:24:58] *** hever has quit IRC[21:27:28] *** Wuiqed has joined #postfix[21:33:52] *** dacm_work has joined #postfix[21:35:44] *** wdp has joined #postfix[21:38:49] *** dacm_work has quit IRC[21:42:47] *** sphenxes has quit IRC[21:43:35] *** ihtraum has joined #postfix[21:47:30] *** chgrin has joined #postfix[21:49:25] *** chgrin has left #postfix[21:50:10] *** chgrin has joined #postfix[21:51:43] *** dacm_work has joined #postfix[21:53:14] <chgrin> Hola, I setup a new postfix server and added defer_transports = smtp to main.cf, I then used postsuper -h ALL to hold the mail, I now need to tell postfix to forward all the mail for one of the domains ( at foo dot com) to the smtp server, I am not sure the best way to do this[21:53:26] <chgrin> some advice would be very much apreciated[22:03:07] *** camro|away has quit IRC[22:03:39] *** ced117 has quit IRC[22:04:20] *** mcf3782 has joined #postfix[22:04:35] *** fOrsberg has quit IRC[22:06:46] *** weedar has joined #postfix[22:06:54] *** Tykling has quit IRC[22:07:26] *** fOrsberg has joined #postfix[22:09:26] *** camro has joined #postfix[22:11:36] *** fOrsberg has quit IRC[22:12:17] <mcf3782> I'm new to Ubuntu, but have been a Linux user/admin for quite some time. A Ubuntu 10.10 box has Postfix installed. I'm getting 'connection timed out' trying to connect to the ISP's mailhost. The postfix log seems to show that when a DNS query is issued, it's getting the wrong IP address for 'mail.bellsouth.net'. If I do an nslookup mail.bellsouth.net, I get a different address.[22:12:33] <mcf3782> I can 'telnet mail.bellsouth.net smtp' and get a connection.[22:13:02] <mcf3782> I've hardcoded an IP address for mail.bellsouth.net in /etc/hosts, and set nsswitch.conf to 'hosts files'. It still seems to lookup the wrong address.[22:13:22] <lunaphyte_> !chroot[22:13:22] <knoba> lunaphyte_: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[22:13:36] <mcf3782> Any additional debug suggestions would be greatly appreciated[22:13:36] *** DMMatt has joined #postfix[22:14:02] <mcf3782> I've tried chroot in both yes and no, with the same results.[22:15:26] <DMMatt> Hi there. I'm new to Postfix for the most part, and believe I have secured it pretty well from being an open relay. Once scenario that I can't seem to figure out is that I can send mail to any address on my postfix server regardless of what spoofed FROM address I use. This would mean that anyone could spam ME through ME, right? Is this required for Postfix to deliver mail to me, or have I not tied up a loose end? I'm using SASL authentication...[22:15:43] <DMMatt> I'd expect no one to be able to relay mail through my postfix server if they aren't authenticated through SASL[22:15:57] <DMMatt> And that is working for the most part, expect the situation I described above. Any advice?[22:16:10] <Lars_G> mcf3782: you're checking the hostname resolvs correctly, but are you checking that hostname is the actual MX register you get for the domain[22:16:48] <Lars_G> DMMatt: spf might help some, but there is not MUCH you can do.[22:17:22] <DMMatt> Is that because my postfix server essentially has to allow incoming mail to itself from anyone requesting to send mail to me?[22:18:01] <Lars_G> No, it's because you're expecting source addresses to be authenticated and they're rarely so[22:18:04] <mcf3782> Lars_G: I'm not sure I understand your question.[22:18:22] <Lars_G> you can easily make postfix check at least the domain for the source address is valid.[22:18:33] <Lars_G> but from that to it being a valid address it comes from....[22:18:34] <DMMatt> Ahh I see[22:19:10] <Lars_G> DMMatt: And, if you want to limit your own domain name ussage so that only your server can send for your domain, use spf, but not all sites implement it, and if one doesn't implement it, it can receive email supposedly from your domain from anywhere[22:19:14] <Lars_G> it's how smtp work[22:19:15] <Lars_G> s[22:19:31] <DMMatt> Got it[22:20:06] <DMMatt> I was just surprised when I could do a MAIL FROM:<any at address dot com> RCPT TO:<valid at internaladdress dot com> with success.[22:20:15] <DMMatt> Of course it relay fails if RCPT TO: is not a local address[22:20:37] <Lars_G> It's how smtp works[22:20:46] <DMMatt> Good to know, glad I asked the pros[22:20:50] <Lars_G> spf tries to solve that but it's not %100 successfull, you can read on it on wikipedia.[22:20:59] <Lars_G> I'm not a pro, just a bum who toys a lot with servers ;)[22:21:07] <DMMatt> :)[22:21:59] <DMMatt> I do use smtpd_sender_restrictions to make sure that users sending mail through my server can't spoof their address, so hopefully I'm a small part of the solution[22:22:10] <DMMatt> and I do use SPF on my domains, but I haven't implemented SPF into PostFix yet[22:25:03] <mcf3782> postfix/smtp[3306]: connect to mx01.mail.bellsouth.net[205.152.58.33]:25: Connection timed out. That 205.152.58.33 address is wrong, and I can't figure out where/how postfix is getting it.[22:25:59] <mcf3782> there is no smtp server on the 205.152 address, so I understand the 'connection timed out' part. I just don't understand how postfix comes up with that address.[22:27:41] *** vici0us has quit IRC[22:28:27] *** fOrsberg has joined #postfix[22:30:17] <adaptr> dig mail.bellsouth.net mx[22:30:27] <adaptr> mx01.mail.bellsouth.net. 300 IN A 205.152.58.33[22:30:34] <adaptr> that would be how[22:30:40] <adaptr> complain to them[22:32:19] <mcf3782> OK. Makes sense. Is there a way to "fix" it from my side. Can I somehow tell postfix to get the correct data from the A record instead of the MX record?[22:32:42] <adaptr> ...that IS the correct data[22:33:08] <adaptr> this mail is addressed to foo at mail dot bellsouth.net, NOT foo at bellsouth dot net[22:33:10] <mcf3782> Complaining to bellsouth/att about anything, in my experience; is a pointless waste of time.[22:33:52] <mroe> whoa[22:33:57] <mroe> mcf3782: what is your goal?[22:34:08] <mcf3782> to deliver mail. :)[22:34:40] <mcf3782> I just want this box to be able to send mail. Right now, it can't, as all messages are queued up with 'connection timed out'[22:35:00] <adaptr> do as the topic says, and we'll see[22:35:00] <mroe> you want to use the bellsouth mailserver as a relay host?[22:35:26] *** Tykling has joined #postfix[22:35:29] *** vici0us has joined #postfix[22:36:06] <mcf3782> mroe: yes. They insist that all outbound mail from their DSL customers goes through them first. Their stated DNS name to use for mail relay is "mail.bellsouth.net".[22:36:42] <adaptr> oh, you made a stupid beginner mistake[22:36:42] <mroe> and what does mail.bellsouth.net resolve to on your mailserver?[22:36:56] <mroe> you probably need to you [][22:36:58] <adaptr> mcf3782: relayhost = [mail.bellsouth.net][22:37:04] <mroe> s/you/use/[22:37:04] <adaptr> rtfm![22:37:25] *** Cain has quit IRC[22:37:32] <mroe> I concur, it is a common beginner mistake[22:37:43] <mcf3782> adaptr I've been reading the manual for days. If I could have figured it out from that, I wouldn't be here asking for help. But thanks. :)[22:37:54] *** Cain has joined #postfix[22:37:54] *** chgrin has quit IRC[22:37:55] <adaptr> it is stated explicitly in the manual[22:37:57] *** DMMatt has quit IRC[22:38:07] <mcf3782> I will freely admit that I'm a beginner with Postfix.[22:38:15] <adaptr> and at reading documentation[22:38:38] *** hever has joined #postfix[22:41:01] *** gerhard7 has quit IRC[22:41:28] <mcf3782> I have a relay host configured.[22:41:35] <mcf3782> http://www.pastebin.ca/2054344[22:41:51] <adaptr> you're a winner[22:43:20] <mcf3782> I like winning. What do I win?[22:43:27] <adaptr> does it work ?[22:43:30] <mcf3782> no[22:43:37] <adaptr> so you did not do what I said[22:43:41] *** micols has quit IRC[22:44:18] <mcf3782> you said rtfm.[22:44:34] <rob0> 20:38 < adaptr> mcf3782: relayhost = [mail.bellsouth.net][22:44:48] <mroe> mcf3782: explain to us what the [ ] do[22:45:39] *** Captain_Haddock has joined #postfix[22:45:51] <mcf3782> So you're saying that the [ ] are required, but missing from my config?[22:46:10] <rob0> For me (outside bellsouth netspace) mail.bellsouth.net. has two MX records, which resolve to different IPs than the A records for mail.bellsouth.net.[22:46:24] <mcf3782> yep.[22:46:28] <rob0> postconf.5.html#relayhost[22:46:29] <friartuck> the square brackets prevent a dns lookup of the MX records right?[22:46:39] <rob0> friartuck wins![22:46:41] <mroe> mcf3782: I'm asking you what do those brackets do[22:46:48] * jimpop wants to win[22:46:52] <mroe> friartuck: well thanks for ruining it[22:46:54] <jimpop> *too[22:46:57] <friartuck> I have (2) working postfix servers too![22:47:01] <rob0> jimpop is the runner-up[22:47:17] * mcf3782 goes to look at the docs again.[22:47:26] <mcf3782> I'm trying to understand what I've missed.[22:47:31] <friartuck> mroe sorry, I'm noob and happy that I know something.[22:47:34] <jimpop> haha, second class citizen again. i should look into suing my parents....[22:47:56] <rob0> jimpop wins the lawsuit! Woohoo!![22:48:44] <jimpop> nice, off to daydream....[22:50:39] <mcf3782> The form [hostname] turns off MX lookups.[22:50:43] <mcf3782> ok. I found it. :)[22:50:59] *** Mu574N9 has quit IRC[22:51:29] <mcf3782> It just wasn't obvious the first few hundres times I read it.[22:52:23] *** Gatto has joined #postfix[22:53:35] *** mroe has quit IRC[22:55:14] <mcf3782> mailq[22:55:14] <mcf3782> Mail queue is empty[22:55:18] <mcf3782> Awesome. :)[22:55:31] <mcf3782> Thanks for the help, folks! :)[22:56:35] *** mroe has joined #postfix[22:56:36] *** mroe has joined #postfix[22:58:37] *** {_morpheus_} has quit IRC[23:00:27] *** Zelest_ has joined #postfix[23:00:49] *** eest has quit IRC[23:01:02] *** uqlev has joined #postfix[23:02:42] *** eest has joined #postfix[23:03:06] *** Zelest has quit IRC[23:03:55] *** Patrickdk has quit IRC[23:04:48] *** Patrickdk has joined #postfix[23:06:20] *** Patrickdk has quit IRC[23:06:37] *** Patrickdk has joined #postfix[23:06:52] *** Gatto has quit IRC[23:07:06] *** ihtraum has quit IRC[23:09:07] *** hparker has joined #postfix[23:09:08] *** hparker has joined #postfix[23:09:31] *** Timzzzz is now known as Timmooo[23:12:37] *** Zblakany has joined #postfix[23:17:51] <mcf3782> Thanks again for the help, folks. I think it's time to call it a day in my timezone.[23:18:20] *** mcf3782 has left #postfix[23:23:55] *** robotarmy has joined #postfix[23:27:50] *** mroe has quit IRC[23:36:13] *** Timmooo is now known as Timzzzz[23:37:52] *** TomHome has joined #postfix[23:45:47] *** eest has quit IRC[23:46:05] *** eest has joined #postfix[23:48:36] *** micols has joined #postfix[23:58:08] *** Section1 has quit IRC