May 7, 2011 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 7, 2011 [00:01:55] <tharkun> adaptr: i've found that google usually responds best when asking isues about their fubars and the same applies to yahoo i suspected that would also work with microsoft. But then i guess i was wron[00:03:08] *** GoGi2 has quit IRC[00:10:23] <tharkun> he, he according to politics as usual. The nasty info about MS has to be researched on other places.[00:17:54] *** ska has quit IRC[00:31:48] *** sandwiches has quit IRC[00:33:14] *** sandwiches has joined #postfix[00:39:04] *** Zeit|awy has quit IRC[00:39:10] *** Zeit|awy has joined #postfix[00:40:57] *** kuhkatz has quit IRC[00:44:12] *** Zeit|awy has quit IRC[00:45:16] *** GoGi2 has joined #postfix[00:45:52] *** GoGi2 is now known as Xadhoom[00:52:48] *** kuhkatz has joined #postfix[00:52:49] *** kuhkatz has joined #postfix[00:59:50] *** p3rror has quit IRC[01:12:44] *** Matic`Makovec has quit IRC[01:13:54] *** Matic`Makovec has joined #postfix[01:15:55] *** ccxCZ has quit IRC[01:17:51] *** ccxCZ has joined #postfix[01:19:15] *** ziroux_ is now known as ziroux[01:23:37] *** e-anima has quit IRC[01:23:41] <trurl> i'm testing my configuration. adding a 'reject' at the end of my smtpd_recipient_restriction-clauses seems to have no effect. is it possible to reject _all_ mail if not permitted before?[01:25:52] *** nb has joined #postfix[01:26:13] *** Broken|Arrow has quit IRC[01:28:12] *** p3rror has joined #postfix[01:28:27] *** DMMatt has joined #postfix[01:30:31] <DMMatt> Hi there. I've got a Postfix spam filtering gateway, it scans and relays mail off to an exchange server. It's all working nicely, but I'm trying to figure out how I can implement a feature where I have a table of email addresses that the gateway checks to see if its a valid "non-local" address. I know I can do this, but haven't found how to execute. Any pointers?[01:30:59] <DMMatt> I would just rather the mail filter handle rejecting mail for unknown users on the Exchange box instead of passing all E-mail to the exchange box and requiring it to reject messages for unknown users.[01:35:49] *** brancal has quit IRC[01:46:26] <lunaphyte> !tell DMMatt ldap[01:46:26] <knoba> DMMatt: "ldap" : a lookup method that can be used by Postfix. An introduction can be found in the LDAP_README also found at http://www.postfix.org/LDAP_README.html. A worthy project dealing with LDAP and Postfix can be found at: http://jamm.sourceforge.net/howto/html/[01:47:24] <lunaphyte> it shouldn't have been implemented like that to begin with. an mx should never accept mail for non existent users.[01:47:33] <lunaphyte> !tell DMMatt mantras[01:47:33] <knoba> DMMatt: "mantras" : 1. do not accept mail that you do not intend to deliver. 2. do not drop mail. 3. do not use wildcards or catchalls.[01:48:25] *** basho__ has quit IRC[01:48:42] <DMMatt> Isn't there something simpler than ldap, like just being able to have postfix check a hash file or something?[01:49:12] <DMMatt> I intend to reject mail destined for invalid mailboxes on my e-mail server. Are you saying its flawed because a relay should simply relay all email?[01:50:15] <adaptr> where would the hash file come from ?[01:51:00] <DMMatt> I would create it[01:51:33] <adaptr> !tell DMMatt access[01:51:33] <knoba> DMMatt: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[01:51:39] <DMMatt> I have 10 mailboxes on the server that I relay mail to. I'd like the gateway to reject mail if its not one of those 10 email addresses. I'd have a file with 10 email addresses. Postfix would return "unknown mailbox" if it isn't in that list[01:51:51] <DMMatt> ok ill check that out[01:51:54] <lunaphyte> uh, you do things the RIGHT way, not the "simpler" way. [not to mention that, if you were to actually consider this properly, ldap *is* simpler. ldap is the right way.[01:52:05] <adaptr> oh, you want to list valid recipients on the exchange box ?[01:52:26] <lunaphyte> who wants to go for a ride in the time machine with me?[01:52:26] <DMMatt> yup[01:52:54] <adaptr> !relay_recipient_maps[01:52:54] <knoba> adaptr: "relay_recipient_maps" : a configuration parameter in the main.cf: Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for domains that do not have a valid recipient list.[01:53:00] <DMMatt> we just get so much email destined for invalid mailboxes that I'd rather not burden the exchange server with rejecting all of that mail[01:53:19] <lunaphyte> 6 months from now - back in the channel "hey - i have an access map that i list my exchange recipients in, but every time a user is added, i have to go and manually change the map. it's a big hassle. isn't there a simpler way to do this?"[01:53:24] <adaptr> one generally tries not to burden exchange with much of anything, especially email[01:53:49] <DMMatt> valid email[01:54:19] <DMMatt> well that's why im trying to make it a bit better by putting postfix in front of it :) since decommissioning my exchange server isn't an option right now[01:54:55] <DMMatt> lunaphyte: I completely beg to differ btw. Simple is not wrong.[01:55:19] *** ska has joined #postfix[01:55:29] <DMMatt> I'm all about simplicity, and a local file listing 10 addresses sounds about right to me[01:55:30] <adaptr> DMMatt: you're apparently failing to get the message[01:55:39] <DMMatt> No I get it.[01:55:46] <DMMatt> He was just implying that I was taking the lazy approach[01:55:55] <adaptr> no he was not[01:55:56] <DMMatt> I think simple and lazy are two different things[01:56:16] <DMMatt> then yes I mis-understood[02:00:28] <DMMatt> I eat my words, LDAP looks pretty cool.[02:03:20] <standon> *sigh*[02:03:31] * standon wishes people would READ previous messages in a thread before posting on mailing lists.[02:12:33] <adaptr> whotoom izzit youreferringly are ?[02:19:29] *** DMMatt has quit IRC[02:19:44] <standon> adaptr: almost daily interaction on postfix-users, for starters.[02:20:25] <adaptr> oh, your tardiness suggesterated that it was time-piecely constriperated on the here-now[02:21:39] <rob0> standon, sorry for parroting you :)[02:21:49] <standon> adaptr: i'm having troubling parsing you today. :)[02:21:53] <standon> rob0: eh?[02:22:02] <rob0> actually I had not seen that before I posted mine which said the same thing[02:22:09] * standon is confused now[02:22:15] <standon> well, more so than usual.[02:22:37] <standon> i'm talking about the relative newcomers, who offer help without knowing WTF they're talking about.[02:22:43] <standon> Viktor bitch-slapped one of them today.[02:23:11] <rob0> oh. Yes, that was fun. adaptr can't stand that Austrian fellow.[02:23:33] <adaptr> the nazi is insufferable. and stupid.[02:23:45] <standon> i don't like smug, know-it-all douches. but it's especially annoying when they don't know it all but just *really believe* that they do.[02:23:58] <adaptr> at least fakessh's surrealism is sincere[02:24:16] <standon> fakessh is mentally handicapped.[02:24:18] <standon> i know it.[02:24:26] <standon> hello mouss[02:24:29] <standon> hello rob0[02:24:30] <standon> hello adaptr[02:24:30] <adaptr> no, he's just really, really not english[02:24:32] <standon> hello all[02:25:06] <standon> i'm not english, and english is neither my first nor second language. this is similar to many on the list -- i just can't understand why he's so horrible and commuicating in the language.[02:25:37] <standon> i really believe it's more than an english thing. his questions generally grate.[02:25:59] <rob0> indeed[02:26:26] <adaptr> it is true that between the surreal comments his questions do seem to indicate a somewhat.. alternative mindset[02:26:54] <rob0> And you use the term, "mind" rather loosely.[02:28:06] <adaptr> I do ?[02:28:54] <standon> ok time for COD[02:28:56] <standon> bbl.[02:29:56] <adaptr> cause of death ? funny name for a game[02:33:43] *** pj has joined #postfix[02:35:31] <Captain> anybody is using postfix behind haproxy with tproxy and can give some hints :/[02:36:01] <adaptr> I don't think "anybody" is listening[02:36:07] <adaptr> !tell Captain goal[02:36:07] <knoba> Captain: "goal" : describe your goal, not what you think the solution is[02:38:17] <Captain> hm.. if i use haproxy + tproxy with the source option no requests is made on the postfix backend[02:38:45] <Captain> i think the iptables rules a fine.. but anything doesnt work..[02:39:47] *** Motoko has quit IRC[02:40:28] <adaptr> ....okay, next ?[02:40:57] <Captain> thats it[02:41:06] <Captain> i dont know where the problem exists[02:41:34] <Captain> but i think its anything with tproxy or routing on the postfix machine[02:41:36] <adaptr> I haven't heard a problem yet[02:42:12] <Captain> you mean i doesnt tell you the problem?[02:43:03] *** camro|away has quit IRC[02:44:52] <adaptr> yes, I mean you did not tell us what problem you are having[02:47:18] <Captain> the problem isnt realy a postfix problem.. its more a routing/iptables problem... but maybe anybody have the same problem that the smtp-client cant connect through haproxy[02:48:26] <adaptr> ah, we have a winner[02:53:41] <adaptr> Captain: do you know how to use a packet tracer ?[02:54:25] <Captain> sure[02:54:28] <Captain> tcpdump[02:54:47] <adaptr> ]have at it, then[02:56:34] <rob0> [ok[02:57:25] <adaptr> you have an error in your syntax near "rob0"[02:57:46] <rob0> dang, that's why I can't get a job![03:05:34] *** roentgen has joined #postfix[03:08:18] *** master_of_master has quit IRC[03:09:28] *** master_of_master has joined #postfix[03:22:08] *** Matic`Makovec has quit IRC[03:23:00] *** nokia3510 has quit IRC[03:29:45] *** jimpop has quit IRC[03:43:55] *** robotarmy has joined #postfix[03:59:40] *** jimpop has joined #postfix[04:01:17] *** nokia3510 has joined #postfix[04:06:35] *** yaaar has quit IRC[04:08:16] *** yaaar has joined #postfix[04:17:00] *** Dessa has quit IRC[04:20:51] *** Dessa has joined #postfix[04:27:49] *** lunaphyt- has joined #postfix[04:30:07] *** lunaphyt- has quit IRC[05:05:54] *** kenyon has joined #postfix[05:10:02] *** MAAAAAD has joined #postfix[05:13:42] *** MAAAAD has quit IRC[05:14:08] *** kuhkatz has quit IRC[05:31:25] *** dragonheart has joined #postfix[05:39:51] *** p3rror has quit IRC[05:51:19] *** shoonya has joined #postfix[06:11:25] *** higuita has joined #postfix[06:31:02] *** cytrinox has quit IRC[06:32:23] *** cytrinox has joined #postfix[06:34:46] *** robotarmy has quit IRC[06:40:33] *** robotarmy has joined #postfix[06:49:32] *** robotarmy has quit IRC[07:04:15] *** ramoni has joined #postfix[07:04:57] *** ramoni has left #postfix[07:24:48] *** shoonya has quit IRC[07:27:23] *** robotarmy has joined #postfix[07:31:46] *** fivenine has joined #postfix[07:31:53] <fivenine> wowsizers[07:31:57] <fivenine> hi[07:36:26] *** robotarmy has quit IRC[07:46:45] *** robotarmy has joined #postfix[08:00:25] *** dns_guy has joined #postfix[08:13:17] *** uqlev has joined #postfix[08:26:29] *** robotarmy has quit IRC[08:26:48] *** robotarmy has joined #postfix[08:27:53] *** robotarmy has quit IRC[08:28:16] *** robotarmy has joined #postfix[08:29:02] *** robotarmy has quit IRC[08:29:23] *** robotarmy has joined #postfix[08:32:13] *** Motoko has joined #postfix[08:34:27] *** robotarm_ has joined #postfix[08:34:33] *** robotarmy has quit IRC[08:36:50] *** robotarm_ has quit IRC[08:37:02] *** robotarmy has joined #postfix[08:39:09] *** gerhard7 has joined #postfix[08:51:03] *** sphenxes has quit IRC[09:00:09] *** Zeit|awy has joined #postfix[09:05:35] *** sphenxes has joined #postfix[09:09:50] *** sphenxes has quit IRC[09:12:57] *** Motoko has quit IRC[09:18:35] *** sphenxes has joined #postfix[09:31:29] *** camro|away has joined #postfix[09:44:47] *** Niemi has quit IRC[10:06:27] *** roentgen has quit IRC[10:09:38] *** ced117 has joined #postfix[10:09:38] *** ced117 has joined #postfix[10:09:55] *** robotarmy has quit IRC[10:18:00] *** camro|away has quit IRC[10:18:49] *** camro|away has joined #postfix[10:48:50] *** Matic`Makovec has joined #postfix[10:51:55] *** many has quit IRC[10:52:53] *** roentgen has joined #postfix[10:59:10] *** brancaleone has joined #postfix[11:10:02] *** Internat has quit IRC[11:10:51] *** Internat has joined #postfix[11:32:43] *** basho__ has joined #postfix[11:38:07] *** n0sq has quit IRC[11:51:21] *** n0sq has joined #postfix[12:13:35] *** brancaleone has quit IRC[12:19:19] *** TomHome has joined #postfix[12:50:27] *** many has joined #postfix[12:51:59] *** Gatto has joined #postfix[12:54:49] *** wdp_ has joined #postfix[12:58:18] *** wdp has quit IRC[13:02:58] *** roentgen has quit IRC[13:25:18] *** gerhard7 has quit IRC[13:32:15] *** uqlev has quit IRC[13:33:25] *** gebi has joined #postfix[13:49:31] *** TomHome has quit IRC[13:53:39] *** dns_guy has quit IRC[14:04:24] *** kuhkatz has joined #postfix[14:35:26] *** uqlev has joined #postfix[14:51:21] *** VaNNi has quit IRC[14:51:50] *** VaNNi has joined #postfix[14:56:18] <uqlev> I am having now spam passing through with following logs: policyd-weight decided action=DUNNO NULL[14:56:37] <uqlev> does anybody have idea how to prevent it?[14:59:12] *** VaNNi has quit IRC[14:59:31] *** Cain has quit IRC[14:59:38] *** VaNNi has joined #postfix[15:02:49] *** VaNNi has quit IRC[15:03:18] *** VaNNi has joined #postfix[15:14:46] *** VaNNi has quit IRC[15:15:38] *** VaNNi has joined #postfix[15:30:05] *** gerhard7 has joined #postfix[15:40:45] *** Cain has joined #postfix[15:46:25] *** Internat has quit IRC[15:50:40] *** Internat has joined #postfix[16:05:31] *** Gatto has quit IRC[16:07:52] *** e-anima has joined #postfix[16:39:04] <adaptr> postfix stop[16:40:15] *** ska has left #postfix[17:15:19] *** e-anima has quit IRC[17:22:17] *** roentgen has joined #postfix[17:22:50] *** on1ald has joined #postfix[17:31:11] *** on1ald has quit IRC[17:35:33] <tharkun> roe: Did you fixed the loopback error you had the other day?[17:40:53] *** Xadhoom is now known as GoGi2[17:41:20] *** GoGi2 has joined #postfix[17:50:15] *** on1ald has joined #postfix[17:56:38] *** Southron has joined #postfix[17:59:10] *** carloimperia has joined #postfix[18:01:00] *** carloimperia has quit IRC[18:06:02] *** roentgen has quit IRC[19:48:26] *** nokia3510 has quit IRC[19:56:53] *** BoWozZ has joined #postfix[20:02:48] *** BoWozZ has quit IRC[20:09:03] *** _Tassadar has quit IRC[20:10:05] *** _Tassadar has joined #postfix[20:24:07] *** uqlev has quit IRC[20:24:09] *** nokia3510 has joined #postfix[20:53:13] *** robotarmy has joined #postfix[20:55:34] *** Matic`Makovec has quit IRC[21:06:07] *** e-anima has joined #postfix[21:09:14] *** pj has quit IRC[21:26:28] <fivenine> I am configuring postfix with dovecot sasl auth. I want to prevent smtp forgery. I can telnet into 25 and EHLO fraud and receive 250-AUTH LOGIN PLAIN. Although I am still able to forge a MAIL FROM? I set smtpd_sasl_security_options = noanonymous. Do I need smtpd_sender_login_maps and a corresponding hash for reject_unauthenticated_sender_login_mismatch to work?[21:27:11] <fivenine> At the same time, auth does work with my current user..[21:28:47] <lunaphyte> you've got a few issues here.[21:29:13] <lunaphyte> for starters - port 25 [smtp] is not for end users or mail clients, and you should not be offering smtp auth.[21:29:17] <lunaphyte> start with that.[21:29:25] <lunaphyte> !tell fivenine submission[21:29:25] <knoba> fivenine: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[21:29:26] *** n0sq has quit IRC[21:30:36] <lunaphyte> second - you should not be offering smtp auth without encryption. if you can see postfix offering auth when testing with telnet, then this is a failure.[21:32:26] *** kuhkatz has quit IRC[21:32:51] <lunaphyte> lastly - if you wish to assign only certain envelope senders to particular users [as defined by act of doing smtp auth], then yes, you need to provide postfix with this data [to start with], and then tell postfix to enforce this.[21:37:08] <fivenine> Great thanks. Yes I will setup tls also.[21:38:10] *** n0sq has joined #postfix[21:48:22] *** AdamDV has joined #postfix[21:55:55] *** roentgen has joined #postfix[22:13:07] *** n0sq has quit IRC[22:18:02] *** n0sq has joined #postfix[22:36:03] *** n0sq has quit IRC[22:37:08] *** n0sq has joined #postfix[22:38:11] *** camro|away has quit IRC[22:49:31] *** kxsteve has joined #postfix[22:49:31] *** kxsteve has joined #postfix[22:51:56] *** robotarmy has quit IRC[23:05:35] *** gerhard7 has quit IRC[23:12:09] *** adatta02 has joined #postfix[23:12:58] <adatta02> hey guys, I'm having issues verifying that mail is actually being delivered. the log is showing "relay=gmail-smtp-in.l.google.com[74.125.93.27]:25, delay=1.9, delays=0.14/0/0.04/1.7, dsn=2.0.0, status=sent (250 2.0.0 OK 1304802268 j18si809526qck.75)" - is that a confirmation of a succesfull delivery?[23:13:14] *** johnnynobody has joined #postfix[23:14:25] <adatta02> !welcome[23:14:26] <knoba> adatta02: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[23:15:24] *** n0sq has quit IRC[23:18:11] *** johnnynobody has quit IRC[23:20:22] *** Gatto has joined #postfix[23:21:05] *** n0sq has joined #postfix[23:24:11] <rob0> "status=" tells you the status. "250 2.0.0 OK 1304802268 j18si809526qck.75" is the actual reply from the remote server.[23:30:09] *** adatta02 has quit IRC[23:37:09] *** jiffe98 has quit IRC[23:38:16] *** jiffe98 has joined #postfix[23:43:04] *** ced117 has quit IRC