May 11, 2011 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 11, 2011 [00:01:35] *** Broken|Arrow has quit IRC[00:02:55] <jimpop> on1ald: good to hear. best wishes[00:03:28] *** krzie has quit IRC[00:03:50] *** krzie has joined #postfix[00:04:57] *** Timzzzz is now known as Timmooo[00:05:29] <jimpop> on1ald: opp, sorry about that, meant that for oliau[00:14:41] *** e-anima has quit IRC[00:16:17] * adaptr wonders what the "better way" of this "seasoned mail admin" was[00:20:25] *** Broken|Arrow has joined #postfix[00:23:17] *** LinuxCode has joined #postfix[00:30:42] <seekwill> I'm a seasoned mail admin[00:30:59] <seekwill> Got a little basil, garlic salt, and red chili pepper[00:32:59] <rob0> yum[00:33:15] <rob0> yum install mail-admin[00:33:16] <thumbs> seekwill: are things OK now?[00:34:59] *** uqlev has quit IRC[00:37:01] *** Dessa has quit IRC[00:37:01] *** Dessa has joined #postfix[00:39:36] <adaptr> easy on the chili there[00:40:18] *** Lenhix has quit IRC[00:40:30] * adaptr suspects a Sinatra[00:41:06] *** Timmooo is now known as Timzzzz[00:48:45] *** brancaleone has quit IRC[00:56:38] <LinuxCode> rob0, no matches found ;-p[00:59:43] *** kxsteve has joined #postfix[00:59:43] *** kxsteve has joined #postfix[01:00:07] *** higuita has joined #postfix[01:05:49] *** TuxOtaku has quit IRC[01:11:11] *** Broken|Arrow has quit IRC[01:13:24] *** kuhkatz has quit IRC[01:17:44] *** tty234 has quit IRC[01:18:07] *** tty234 has joined #postfix[01:18:31] *** chrisq has quit IRC[01:18:36] *** chrisq has joined #postfix[01:19:58] *** Dessa has quit IRC[01:25:19] *** kuhkatz has joined #postfix[01:25:20] *** kuhkatz has joined #postfix[01:29:27] *** xeodox has joined #postfix[01:29:37] <xeodox> Can someone show me how to add this DNS SPF record?[01:30:04] <xeodox> Currently I have a postfix server, and everything is set up perfectly. I sent emails from mydomain:[01:30:04] <xeodox> v=spf1 ip4:50.56.127.519 mx a:mail.mydomain.com -all[01:30:28] <xeodox> But I also want amazonses to send emails using my domain name, so they told me to add this: include:amazonses.com[01:30:32] <xeodox> How do I add that to my spf record?[01:31:17] *** dragonheart has joined #postfix[01:31:49] <adaptr> !spf[01:31:49] <knoba> adaptr: "spf" : sender policy framework - an extension to SMTP that allows to identify and reject emails from spoofed/forged email senders. SPF is just a TXT or SPF record in your DNS zone in a special format. See: http://www.openspf.org/[01:32:12] <xeodox> I know, I've read it, but I'm afraid I'll do the syntax wrong.[01:32:28] <xeodox> I'm thinking about doing this: v=spf1 ip4:50.56.127.519 mx a:mail.mydomain.com a:amazonses.com -all[01:32:41] <xeodox> But amazon docuemntation tells me to use "include:amazonses.com"[01:33:01] *** Tykling has quit IRC[01:33:12] <jimpop> xeodox: your thinking would be correct[01:33:40] <xeodox> jimpop: Thanks. So I should just forget amazon's "include" thing...and just add the a:amazonses.com to my current record, right?[01:33:59] <jimpop> xeodox: although, if A == MX == mail.mydomain.com, you would only need one of those[01:34:55] <xeodox> ok, thanks :)[01:34:59] <jimpop> xeodox: no, you need the whole include:amazonses.com. (srry, didn't see that you had a:amazonses.com)[01:35:15] <jimpop> so, for clarity you would need:[01:35:26] <xeodox> How would my spf record look like?[01:35:41] <jimpop> v=spf1 ip4:50.56.127.519 mx a:mail.mydomain.com include:amazonses.com[01:35:57] <jimpop> assuming that include statement is what AWS recommends[01:36:14] <xeodox> ahhh gotcha. Yes, amazon tells me to use "include:amazonses.com" and did not mention anything about a:amazonses.com[01:36:25] <jimpop> opps, add " -all" to the end ;-)[01:36:37] *** Tykling has joined #postfix[01:36:41] <jimpop> v=spf1 ip4:50.56.127.519 mx a:mail.mydomain.com include:amazonses.com -all[01:36:46] <xeodox> okie[01:37:00] <xeodox> thanks[01:37:12] <jimpop> probably should add a PTR for 50.56.127.519 ;-)[01:37:30] <rob0> v=spf1 ip4:127.0.0.2 -all[01:37:41] <jimpop> hah![01:38:09] <xeodox> jimpop: I added a reverse dns to my IP. It points to mail.mydomain.com[01:38:13] <rob0> 127.0.0.2 is my IP address, and they say it's on several DNSBLs[01:38:19] <jimpop> xeodox: by the way, just be prepared for a lot of sites blocking email from AWS due to past history[01:38:24] <xeodox> (I'm guessing I don't have to do anything with amazon)[01:38:39] <xeodox> jimpop: I'm using Amazon SES , their "simple email service"[01:38:45] <xeodox> the guarantee high high deliverability rate[01:38:48] <jimpop> still.... ;-)[01:38:49] <adaptr> rob0: I'm never accepting another mail from you![01:38:51] <xeodox> haha ok[01:39:26] <xeodox> jimpop: It's better than setting up my own server (I did it, with full spf/dkim/rdns) , and hotmail keeps saying it's spam[01:40:18] <jimpop> my experience, of late, with hotmail is they >spam everything until you contact them and create their version of a FBL[01:40:45] <jimpop> https://postmaster.live.com/snds/[01:41:03] <jimpop> click "Request Access" at the top[01:41:31] <xeodox> I see.[01:41:53] <xeodox> I'll do that[01:42:47] <jimpop> just an FYI, they will want to contact a whois/postmaster/etc for the IP space... which in your case will now be AWS[01:43:20] <jimpop> could get tricky, i would luv to hear how that works out for you... cause hotmail can be a b**ch sometimes ;-)[01:43:41] <xeodox> jimpop: Well I just signed up for them. I put abuse at mydomain dot com . Since I already have postfix/dovecot installed on my server, they sent it to my mail server.[01:43:52] <xeodox> And I verfieid it[01:44:00] <xeodox> so I'm guessing Amazon will have nothing to do with it?[01:44:52] <jimpop> xeodox: if you want Hotmail to accept email from Amazon SES, then Amazon SES will have to sign the SNDS paperwork with Hotmail/Live.com[01:45:13] <jimpop> it's an electronic document that has to be "signed"[01:45:52] <jimpop> it's quite possible that Amazon and Hotmail already have an agreement in place.[01:45:53] <xeodox> this "signing process" is only for hotmail only, right? Gmail and Yahoo will let Amazon SES in without caring that (as long as SPF is solid). Right?[01:45:58] <xeodox> oh i see[01:46:23] <jimpop> gmail is generally easy until someone complains (assuming SPF is correct)[01:46:35] <jimpop> Yahoo likes DK/DKIM[01:46:42] <thumbs> jimpop: speaking of qmail...[01:46:48] <jimpop> boo[01:46:50] <jimpop> :-)[01:47:02] <thumbs> jimpop: customer's qmail shit server responds with 451 qq read error[01:47:23] <jimpop> thumbs: that's their problem :-)[01:47:27] <thumbs> so I'm stuck running that script manually for my customer until they fix their server.[01:49:32] <thumbs> I've done 40 runs so far, and getting pissed.[01:49:32] <jimpop> thumbs: might want to try (long shot) this http://blog.wordtothewise.com/2008/11/gmail-problems/[01:49:51] <jimpop> i know it's for gmail, but..... just thinking[01:51:00] <thumbs> problem is - I can't check any queue, or ssh in - it's a hosted email server.[01:51:09] <thumbs> I'll tell the customer I'm going home.[01:51:21] <jimpop> :-)[01:54:07] <standon> hotmail/yahoo are *always* bitches, just the degree varies. :)[01:54:43] <thumbs> it's a simple smarthost I use to relay email.[01:54:50] <jimpop> standon: ha![01:54:58] <thumbs> this customer box is a wintendo machine without a proper MTA[01:55:26] <jimpop> is that a cross between a Windows PC and a NES?[01:55:52] <thumbs> jimpop: yes.[01:55:57] <jimpop> nice[01:56:07] <jimpop> reminds me I need to play games more.[01:56:49] <thumbs> I'm tempted to use my own postfix box with smtp auth... but.. I would have to recompile the .net MUA that runs on that wintendo box.[01:56:53] <thumbs> someone kill me[01:57:17] * LinuxCode just hands you a hammer to smash the customers box[01:57:28] <LinuxCode> then it aint your problem anymore[01:57:30] <LinuxCode> ;-p[02:05:14] <xeodox> Does anyone know why I'm getting "signature doesn't verify" in my DKIM? It happens when my web server sends email using my mail server. But when I'm on my Macbook and connected to my mail server via dovecot and send an email, DKIM passes.[02:05:53] <adaptr> !dkim[02:05:53] <knoba> adaptr: "dkim" : DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. this is typically implemented in postfix by means of a milter. alternatively, existing content filters (e.g. amavis) may also have their own implementation mechanism.[02:08:36] <jimpop> xeodox: how does the webserver submit email to postfix?[02:09:15] <jimpop> xeodox: and how is dkim integrated w/ postfix?[02:09:30] <xeodox> jimpop: Connect to host mail.mydomain.com , ssl: false, tls: true (which is correct). port 25. user, pass[02:10:05] <xeodox> DKIM is integrated as a milter. I use opendkim. I configured opendkim.conf, /etc/default/opendkim , and postfix/main.cf[02:10:14] <xeodox> following this tutorial: http://www.pmabox.com/blog/47-sign-emails-with-opendkim-postfix-in-ubuntu-1004-64x[02:10:33] <xeodox> When i send from my macbook pro, dkim passes. But from web server, it fails. So weird[02:11:08] <seekwill> Probably your From header domain[02:11:55] <jimpop> one thing to check is (presuming dovecot connects to MSA) is your dkim config. i've only had success with dkim-milter[02:12:17] <xeodox> seekwill: You mean, when I send the email via my web server, it is: From: "My Website <hello at mydomain dot com> " ...that header is a problem?[02:12:47] <seekwill> xeodox: Compare the two domains. Are they the same?[02:13:18] <xeodox> seekwill: Yes, I'm sending from the same "from" domain. (different email and name)[02:13:40] <seekwill> Pastebin the full headers from both messages[02:13:44] <seekwill> Don't munge[02:13:46] <xeodox> okie[02:16:32] <xeodox> seekwill, jimpop, I'm PMing you the emails I sent[02:17:32] <thumbs> xeodox: you can show them to me too.[02:17:41] <xeodox> ok :)[02:18:09] <thumbs> so you mean those? http://pastebin.com/aXfS77Fb[02:18:25] <xeodox> yes[02:18:27] <thumbs> now we can all help you.[02:18:37] <thumbs> and http://pastebin.com/3HYCNJwB[02:18:46] <xeodox> okay[02:22:03] <jimpop> O.o[02:22:34] <thumbs> interesting paste.[02:25:29] *** wdp has quit IRC[02:29:38] *** koobs has joined #postfix[02:29:45] *** koobs has quit IRC[02:29:45] *** koobs has joined #postfix[02:29:48] <thumbs> bah, phone agai[02:29:55] <koobs> moin[02:30:58] <jimpop> xeodox: just for sanity, can you try the same failed test using sa-test at sendmail dot net instead of port25.com[02:31:12] <xeodox> ok 1 sec[02:31:12] *** basho__ has quit IRC[02:32:13] <xeodox> Wow, seekwill is a freaking genius. He noticed the problem![02:32:34] <rob0> freakwill seeking genius[02:32:42] <xeodox> There needs to be a "space" between Content-Type: and "text/plain"[02:33:02] <thumbs> oh yeah.[02:33:06] <jimpop> nice catch seekwill[02:33:14] <xeodox> thanks a lot guys :)[02:33:44] <xeodox> a "space" . geeeez[02:34:14] <jimpop> makes perfect sense, hindsight being what it is ;-)[02:37:18] <seekwill> It doesn't make sense, actually. http://tools.ietf.org/html/rfc5322#section-2.2 A space isn't required for a header (which I was proven wrong on before). So header:value is legal. This seems to indicate a bug in the dkim module[02:38:28] <xeodox> I'm using opendkim[02:38:35] <xeodox> which is fairly new[02:46:54] <jimpop> xeodox: you can try excluding the Content* headrs by adding an OmitHeaders line to /etc/opendkim.conf[02:47:05] <jimpop> that way if they ever change....[02:51:02] <xeodox> jimpop: Thanks for the tip. But isn't content-type headers important?[02:51:16] <jimpop> not for dkim signing[02:51:50] <jimpop> it just omits them from the signing process[02:52:23] <jimpop> that way if someone upgrades the webserver code, and the space is removed, your emails won't fail ;-)[02:52:32] <xeodox> OmitHeaders Content-Type[02:52:36] <xeodox> Like that? as a line in my opendkim.conf[02:52:43] <jimpop> checkin...[02:53:49] <jimpop> that should work. you could also do: OmitHeaders Content*[02:53:59] <jimpop> (according to the docs) ;-)[02:54:15] <xeodox> I'll do that thanks :)[03:08:10] *** master_of_master has quit IRC[03:10:03] *** master_of_master has joined #postfix[03:22:45] *** k-man has quit IRC[03:40:00] *** loddafnir has quit IRC[03:43:27] *** AdamDV has quit IRC[03:53:10] *** magyar has quit IRC[03:55:11] *** seekwill has quit IRC[04:00:53] *** ldfsilva has quit IRC[04:03:58] *** cpm has quit IRC[04:22:08] *** pj has quit IRC[04:31:25] *** fivenine has quit IRC[04:40:57] *** Dessa has joined #postfix[04:42:41] *** lunaphyte has quit IRC[04:43:03] *** lunaphyte has joined #postfix[04:46:34] *** Motoko has joined #postfix[04:48:41] <xeodox> jimpop: I'm messing with the OmitHeaders thing you told me about. Do you think this is correct? I want to omit Return-Path and Bounces-To ..... OmitHeaders Content*,Return-Path,Bounces-To[04:50:56] *** magyar has joined #postfix[04:50:56] *** magyar has joined #postfix[04:51:11] *** Tykling has quit IRC[04:52:35] <jimpop> xeodox: hmmm... i'd be careful about removing "email related" things.[04:53:02] <xeodox> jimpop: that's what Amazon suggested to ensure "maximum delivery" . Their doc says to remove those.http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/index.html?SenderID.html[04:53:04] <jimpop> from the opendkim docs i saw earlier, if you remove something that's suppose to be there, if will keep it anyway. But...[04:53:51] <jimpop> ahh, i see[04:53:59] *** lunaphyte has joined #postfix[04:54:09] <jimpop> well, they would know better than i[04:54:11] <jimpop> ;-)[04:54:33] <jimpop> so, according to the opendkim doc, you would want:[04:54:44] <jimpop> OmitHeaders Content*,Return-Path,Bounces-To[04:55:03] <jimpop> (which is what you put above now that i look) :D[04:55:26] <jimpop> it[04:55:28] <jimpop> doh[04:55:36] *** Tykling has joined #postfix[04:57:54] <xeodox> ok haha thanks, just making sure[04:59:37] *** Tykling has quit IRC[05:03:37] *** Tykling has joined #postfix[05:41:52] *** infid has quit IRC[05:42:09] *** infid has joined #postfix[06:20:01] *** zifty has joined #postfix[06:22:51] *** rlf has quit IRC[06:26:00] *** Igor__ has joined #postfix[06:26:48] *** cytrinox_ has joined #postfix[06:26:48] *** Igor__ has quit IRC[06:27:12] *** zifty has quit IRC[06:27:39] *** Igor__ has joined #postfix[06:30:01] *** Timzzzz is now known as Timmooo[06:30:07] *** cytrinox has quit IRC[06:30:07] *** cytrinox_ is now known as cytrinox[06:42:07] *** codeshah has joined #postfix[06:42:54] *** Patrickdk has quit IRC[06:49:33] *** uqlev has joined #postfix[07:35:51] *** uqlev has quit IRC[07:45:11] *** Broken|Arrow has joined #postfix[07:48:15] *** camro has joined #postfix[07:49:07] *** weta has quit IRC[07:57:22] *** zorg1 has joined #postfix[07:59:03] *** hever has joined #postfix[07:59:11] *** murtada has joined #postfix[08:01:58] *** codeshah has quit IRC[08:15:30] *** zwamkat has joined #postfix[08:16:23] *** e-jones has joined #postfix[08:17:25] *** weedar has joined #postfix[08:17:33] *** weedar has quit IRC[08:18:21] *** weedar has joined #postfix[08:19:03] *** gerhard7 has joined #postfix[08:32:54] *** active has joined #postfix[08:33:03] *** active_si has quit IRC[08:35:30] *** active_si has joined #postfix[08:36:17] *** Zeit|awy has joined #postfix[08:37:01] *** active has quit IRC[08:38:10] *** MondoBizzarro has joined #postfix[08:40:24] *** murtada has quit IRC[08:43:03] *** weta has joined #postfix[08:44:39] *** Timmooo is now known as Timzzzz[08:48:12] *** lunaphyte has quit IRC[08:48:31] *** lunaphyte has joined #postfix[08:49:16] *** eckirchn has quit IRC[08:51:22] *** jujugre has joined #postfix[08:59:32] *** gebi has joined #postfix[09:04:11] *** infid has quit IRC[09:04:26] *** koobs has quit IRC[09:05:26] *** infid has joined #postfix[09:06:38] *** freakynl has joined #postfix[09:07:09] <freakynl> Hi, kind of an odd question perhaps, I use gentoo, which uses the concept of use flags. Now postfix has a useflag called 'pam' which seemingly provides pam support.[09:07:46] <_ruben> sounds like this will be a gentoo question ;)[09:07:47] <freakynl> Reading the ebuild, the pam flag only seems to pass -lpam, which seems like an auxlibrary option me, but I haven't been able to find any info on it. Anyone know what it does?[09:07:58] <freakynl> _ruben: not really :)[09:08:29] <freakynl> although I bet you wouldn't soon see such q's with other distro's as it's all precompiled[09:08:59] <freakynl> I was hoping it would provide some kind of authentication mechanism (otherwise why would it need pam?)[09:09:33] <_ruben> the gentoo maintainer oughta know what it does :)[09:11:17] <freakynl> Yea probably :) Found a lot of aux libs in the docs, but nothing on pam[09:17:27] *** zwamkat has left #postfix[09:19:17] *** e-anima has joined #postfix[09:22:03] *** Motoko has quit IRC[09:27:50] *** plee has quit IRC[09:27:55] *** lusted_gay has quit IRC[09:28:28] *** plee has joined #postfix[09:31:02] *** TomHome has joined #postfix[09:32:26] *** dragonheart has quit IRC[09:34:39] *** brancaleone has joined #postfix[09:43:04] *** UQlev has joined #postfix[09:45:19] *** hever has quit IRC[09:46:17] *** thunderstrike has joined #postfix[09:56:15] *** eckirchn has joined #postfix[09:58:08] *** eckirchn has quit IRC[09:58:15] *** eckirchn has joined #postfix[10:03:27] *** eckirchn has quit IRC[10:03:33] *** eckirchn has joined #postfix[10:04:49] *** eckirchn has quit IRC[10:06:22] *** hever has joined #postfix[10:15:20] *** MondoBizzarro|2 has joined #postfix[10:15:54] *** Igor__ has quit IRC[10:18:56] *** MondoBizzarro has quit IRC[10:25:59] *** sejo has quit IRC[10:26:05] *** sejo has joined #postfix[10:28:15] *** brancaleone has quit IRC[10:32:43] *** ChameleonSys has quit IRC[10:34:30] *** ChameleonSys has joined #postfix[10:37:01] *** Pathin has joined #postfix[10:37:35] *** Internat has quit IRC[10:39:50] *** eckirchn has joined #postfix[10:40:28] *** Pathin has quit IRC[10:41:30] *** cilly has joined #postfix[10:45:46] *** Pathin has joined #postfix[10:46:04] *** Innocentus has joined #postfix[10:47:54] *** loddafnir1 has joined #postfix[10:48:22] *** wdp has joined #postfix[10:49:46] *** Internat has joined #postfix[11:08:38] *** thunderstrike has quit IRC[11:15:49] *** basho__ has joined #postfix[11:19:33] *** weta has quit IRC[11:26:41] *** Tykling has quit IRC[11:30:39] *** Tykling has joined #postfix[11:34:47] *** Broken|Arrow has quit IRC[11:34:49] *** Tykling has quit IRC[11:38:41] *** Tykling has joined #postfix[11:38:53] *** n0sq has quit IRC[11:44:24] *** brancaleone has joined #postfix[11:44:44] *** Tykling has quit IRC[11:45:08] *** gebi has quit IRC[11:48:40] *** Tykling has joined #postfix[11:50:12] *** Innocentus has quit IRC[11:51:14] *** n0sq has joined #postfix[12:22:42] *** Tex-Twil has joined #postfix[12:24:17] *** MondoBizzarro|2 has quit IRC[12:33:42] *** UQlev has quit IRC[12:34:08] *** Tex-Twil has left #postfix[12:43:12] *** cilly has quit IRC[12:48:12] *** eckirchn has quit IRC[12:53:55] *** cilly has joined #postfix[12:54:42] *** wdp_ has joined #postfix[12:56:49] *** wdp has quit IRC[12:57:07] *** turbomettwurst has joined #postfix[13:12:55] *** weta has joined #postfix[13:15:14] *** internat2 has joined #postfix[13:15:51] *** Internat has quit IRC[13:31:08] *** cilly has quit IRC[13:31:59] *** TomHome has quit IRC[13:37:27] *** cpm has joined #postfix[13:39:30] *** internat2 has quit IRC[13:41:05] *** JoKoT3 has quit IRC[13:45:43] *** cpm has quit IRC[13:50:10] *** Internat has joined #postfix[13:55:24] *** Internat has quit IRC[14:00:07] *** GpoMaL has quit IRC[14:01:13] *** Internat has joined #postfix[14:12:18] *** sjrussel has quit IRC[14:12:19] *** JoKoT3 has joined #postfix[14:13:39] *** cilly has joined #postfix[14:29:40] *** Guest20784 has joined #postfix[14:30:25] *** lusted_gay has joined #postfix[14:36:49] *** LinuxCode has quit IRC[14:40:43] *** Toerkeium has quit IRC[14:42:39] *** ziroux has quit IRC[14:42:39] *** ziroux has joined #postfix[14:46:21] *** kuhkatz has quit IRC[14:46:59] *** kuhkatz has joined #postfix[14:46:59] *** kuhkatz has joined #postfix[14:56:17] *** davlefou has joined #postfix[14:58:14] *** dall has joined #postfix[14:58:17] <dall> hello everybody![14:59:49] *** xeodox has quit IRC[14:59:53] *** Broken|Arrow has joined #postfix[15:00:00] *** ghghz has left #postfix[15:00:24] <dall> hey guys one information, I have set myhostiname with the FQDN of the server, Example: mail.domain.com do I also have to set an A RECORD with the IP of the server to this address(FQDN)?[15:04:01] <lunaphyte_> yes[15:05:41] <dall> shit...so i have to check How to change the FQDN[15:06:13] <lunaphyte_> i warned you yesterday about the language.[15:06:27] <thumbs> dall: watch your language.[15:06:33] <dall> because i have vw1234.my_vps_example.com I can't change the DNS to this domain[15:06:38] <dall> yes sorry[15:06:39] <dall> apologize[15:07:32] <dall> could i only change the hostname of my server OR it has to be the FQDN ?[15:07:38] *** xeodox has joined #postfix[15:08:35] <dall> lunaphyte, could only be the HOSTNAME ?[15:15:13] *** Cain` has joined #postfix[15:16:08] <dall> ??[15:17:05] *** Cain has quit IRC[15:17:06] *** Cain` is now known as Cain[15:18:03] *** victor__ has quit IRC[15:19:30] *** victor_ has joined #postfix[15:21:01] *** shoonya has joined #postfix[15:22:05] *** xeodox has quit IRC[15:23:45] *** Section1 has joined #postfix[15:29:49] <brancaleone> hello, do you know how i could silently drop mail sent to "@localhost" ? Now these mails are delivered to "root" (and others users via local aliases).[15:30:26] <brancaleone> The mail should not be bounced, and if it contains other valid recipients, thoses recipients should be processed normaly.[15:31:17] <brancaleone> something like an alias to "/dev/null" would be great, but how to match an empty user part in alias database...[15:42:31] *** ssureshot has quit IRC[15:42:31] <Aprogas> Are you literally talking about: RCPT TO:<@localhost>[15:42:40] *** weedar has quit IRC[15:42:55] *** ssureshot has joined #postfix[15:43:29] *** ssureshot has quit IRC[15:44:02] <brancaleone> Aprogas: yes, this is a bad application sending this[15:44:53] *** Broken|Arrow has quit IRC[15:45:25] *** Lenhix has joined #postfix[15:45:32] * jelly needs to chain three content_filters and is no amused[15:45:36] <brancaleone> the application send the mail to <goodrecipient at example dot com> and to <@localhost>. The problem is that the two persons who are alias for root the receive this emails too[15:45:46] *** e-jones has quit IRC[15:46:05] <Aprogas> jelly: Use ports like 10025 10026 10027 to keep it logical.[15:46:21] <Aprogas> jelly: Also you don't need to reinject to postfix between each content_filter.[15:47:17] <Aprogas> brancaleone: Mail to the empty user going to postmaster might be in some RFC, you should check that first before disabling it[15:49:22] *** Broken|Arrow has joined #postfix[15:51:48] <brancaleone> Aprogas: in fact using strict_rfc821_envelopes will make postfix to refuse this form of "rcpt to:" with "501 5.1.3 Bad recipient address syntax"[15:52:22] *** UQlev has joined #postfix[15:52:42] <brancaleone> the problem is that then the user receive an error notification, but there is noting he can do to prevent this[15:53:51] <Aprogas> I suppose you can use an access(5) table to block just that address, rather than blocking all rfc822 address-formats.[15:55:27] <Aprogas> You might need to specify it as ""@localhost[15:57:02] *** Broken|Arrow has quit IRC[16:00:23] <brancaleone> well, in fact i can do the trick when setting empty_address_recipient to some dummy recipient redirected to /dev/null[16:03:09] <Aprogas> I sent a test mail to myself at @localhost but it was rewritten as ""@localhost[16:05:57] <Aprogas> I think empty_address_recipient only refers to <> but not < at example dot net>[16:07:07] <brancaleone> no, it is working for < at example dot net> here, i've just tested it[16:12:18] *** e-jones has joined #postfix[16:12:51] *** e-jones has quit IRC[16:14:40] *** e-jones has joined #postfix[16:16:28] *** e-jones has quit IRC[16:17:29] <brancaleone> Aprogas: by the way, thanks for giving some time to my issue[16:19:02] *** weedar has joined #postfix[16:23:43] *** dall has quit IRC[16:30:59] *** hever has quit IRC[16:40:04] *** m_inet has joined #postfix[16:41:12] *** zorg1 has quit IRC[16:49:50] *** acf1210 has joined #postfix[16:50:16] *** acf1210 has left #postfix[16:51:10] *** acf1210 has joined #postfix[16:52:35] *** davlefou has quit IRC[16:53:05] *** Kartagis has left #postfix[16:53:27] *** acf1210 has left #postfix[16:59:19] *** brancaleone has quit IRC[17:01:21] *** hever has joined #postfix[17:07:10] *** cilly has quit IRC[17:10:12] *** camro has quit IRC[17:10:50] *** e-jones has joined #postfix[17:11:05] *** camro has joined #postfix[17:21:24] *** hever has quit IRC[17:29:27] *** freakynl has quit IRC[17:30:36] *** asb has quit IRC[17:30:43] *** ziroux has quit IRC[17:33:08] *** Lenhix has quit IRC[17:33:31] *** MU574N9 has joined #postfix[17:34:00] *** asb has joined #postfix[17:34:35] *** shoonya has quit IRC[17:36:35] *** jujugre has left #postfix[17:38:24] *** roentgen has joined #postfix[17:39:02] *** Guest20784 has quit IRC[17:39:24] *** GpoMaL has joined #postfix[17:45:41] *** Broken|Arrow has joined #postfix[17:50:01] *** e-jones has quit IRC[17:50:48] *** cilly has joined #postfix[17:55:13] *** MU574N9 has quit IRC[18:06:19] *** camro has quit IRC[18:13:02] *** empity has quit IRC[18:13:42] *** gebi has joined #postfix[18:22:49] *** mroe has joined #postfix[18:22:49] *** mroe has joined #postfix[18:23:58] *** mandragor has joined #postfix[18:23:59] *** weedar has quit IRC[18:24:08] *** ssureshot has joined #postfix[18:28:08] *** ssureshot has quit IRC[18:28:31] *** ssureshot has joined #postfix[18:34:10] *** turbomettwurst has quit IRC[18:39:48] *** daum has quit IRC[18:44:23] *** cpm has joined #postfix[18:44:23] *** cpm has joined #postfix[18:47:23] *** m_inet has quit IRC[18:49:28] *** _bugz_ has quit IRC[18:54:17] *** m_inet has joined #postfix[18:58:19] *** Southron has joined #postfix[19:08:02] *** tomasm- has joined #postfix[19:08:23] <tomasm-> !welcome[19:08:23] <knoba> tomasm-: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:08:54] <tomasm-> is there a way to implement wildcard hosting for my postfix server? ie everything *.foobar.com ?[19:12:03] *** cpm has quit IRC[19:13:44] *** cpm has joined #postfix[19:13:44] *** cpm has joined #postfix[19:14:08] <UQlev> tomasm-: are you going to collect all backscatters?[19:14:55] <Dominian> !catchall[19:14:55] <knoba> Dominian: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[19:16:57] <tomasm-> Dominian, no, not non-existent users in a domain.... but all hostnames under a certain domain.... it's too many to list individually[19:18:06] *** cpm has quit IRC[19:18:35] *** camro has joined #postfix[19:19:55] <UQlev> tomasm-: where do you want to list them?[19:22:18] *** daum has joined #postfix[19:25:55] *** mu574n9 has joined #postfix[19:30:35] *** kxsteve has quit IRC[19:30:53] *** kxsteve has joined #postfix[19:30:53] *** kxsteve has joined #postfix[19:37:05] *** ced117 has joined #postfix[19:37:06] *** ced117 has joined #postfix[19:45:47] *** cilly has quit IRC[19:46:40] *** Broken|Arrow has quit IRC[19:50:57] *** nimbius has joined #postfix[19:51:44] <nimbius> hi postfix, im looking at a config parameter that specifies reject_rbl_client zen.dnsbl, but zen.dnsbl is not a FQDN for any valid rbl...paradoxically enough postfix still understands how to use this dnsbl...what gives?[19:52:14] <Aprogas> What makes you conclude Postfix still understands how to resolve zen.dnsbl ?[19:55:10] *** UQlev has quit IRC[19:57:45] <nimbius> i see it actively blocking based on zen :)[19:58:00] <Aprogas> Pastebin logs showing that.[19:58:15] *** tomasm- has quit IRC[19:59:32] <nimbius> http://pastebin.com/G2jV6xaq[20:00:49] *** mandragor has quit IRC[20:00:49] *** weedar has joined #postfix[20:00:58] <Aprogas> Pastebin your postconf -n showing "zen.dnsbl" is used as the blacklist, and not just as a custom string in a custom error message.[20:01:59] <rob0> and in that, include the output of "dig 2.0.0.127.zen.dnsbl. any"[20:02:36] <rob0> maybe dreamhost paid for a zen subscription[20:02:49] <nimbius> rob0: ah...yeah they did.[20:02:55] <rob0> if so, very cool.[20:04:01] <nimbius> that explains it: never worked for a company that cared to do anything but abuse zen.[20:04:44] *** gerhard7 has quit IRC[20:04:53] <nimbius> but for some reason ping wont resolve zen.dnsbl[20:05:07] <rob0> so this was it, "2.0.0.127.zen.dnsbl." resolves for you?[20:05:15] <nimbius> absolutely.[20:05:35] <rob0> there would be no need for an A record called "zen.dnsbl."[20:06:02] <rob0> ping(1) is not a DNS client. dig(1) and host(1) are.[20:06:52] <nimbius> If no "=d.d.d.d" is specified, reject the request when the reversed client network address is listed with any A record under rbl_domain.[20:06:56] * nimbius facepalms[20:07:16] <nimbius> sorry for the bother.[20:10:06] *** nimbius has left #postfix[20:16:09] *** cpm has joined #postfix[20:16:09] *** cpm has joined #postfix[20:33:02] *** abyss has quit IRC[20:43:37] *** m_inet has quit IRC[20:44:34] *** m_inet has joined #postfix[20:52:40] *** m_inet has quit IRC[20:53:34] *** nate23 has joined #postfix[20:54:37] <nate23> if i edit the fqdn in /etc/mailname do i have to reload postfix?[20:55:21] <nate23> or wait for that cached data to refresh (a few minutes) ?[20:55:39] <_ruben> /etc/mailname isn't a standard postfix feature afaik[20:55:55] <nate23> correct... but it is "read"[20:56:33] <nate23> i don't know if it is read everytime it is referenced (in main.cf).. or if it read at startup and cached[20:56:43] <nate23> and i need to edit it locally[20:58:36] *** kxsteve has quit IRC[21:01:37] *** Matic`Makovec has joined #postfix[21:04:44] <rob0> I don't know, either. That would be a question for Debian, or just ...[21:04:47] <rob0> !tias[21:04:47] <knoba> rob0: "tias" : Try It And See[21:05:35] <nate23> can do (just figured i'd ask if anybody had any info)[21:05:40] <nate23> thank you[21:08:18] *** seekwill has joined #postfix[21:11:56] *** nate23 has left #postfix[21:14:46] <adaptr> ye-es, somebody will probably have had some of the all of the info.[21:23:14] *** VaNNi has quit IRC[21:23:54] *** gerhard7 has joined #postfix[21:34:53] *** VaNNi has joined #postfix[21:42:26] *** Matic`Makovec has quit IRC[21:48:06] *** camro has quit IRC[21:49:29] *** brancaleone has joined #postfix[21:54:34] *** twobitsprite has joined #postfix[21:56:01] *** Toerkeium has joined #postfix[22:02:43] <twobitsprite> I have a host behind a NAT, and a postfix server outside it on the internet. For some reason, when I try to send mail from the NATed host through the postfix relay (with a sendmail SMART_HOST), in the logs it lists the internal 10.1... IP address[22:03:05] <twobitsprite> does SMTP provide IP addresses other than the ones listed in the actual packet headers?[22:03:15] *** weedar has quit IRC[22:03:27] <Dominian> Do you have an example log transaction where you are seeing this?[22:03:58] <twobitsprite> May 11 15:58:01 mxrelay1 postfix/smtpd[18699]: connect from unknown[10.1.0.65][22:04:05] <Aprogas> Mailservers add Received headers before passing mail along.[22:04:23] <rob0> 10.1.0.65 is the IP address that connected to smtpd[22:04:31] <Dominian> what rob0 said[22:04:33] <seekwill> That's my server![22:04:35] <Dominian> postfix sees what is handed to it[22:04:39] <Dominian> not what's in the headers[22:04:47] <rob0> freakwill[22:04:47] <twobitsprite> rob0: that doesn't make sense, it should see the NAT'd address[22:04:57] <mroe> die NAT die![22:04:59] <Dominian> Not if your firewall sucks.[22:05:04] <Dominian> or is misconfigured[22:05:09] <seekwill> You have Sendmail installed?[22:05:18] <Dominian> I'll sendmail you![22:05:19] <seekwill> Host -> NAT/Sendmail -> Postfix?[22:05:34] * mroe whispers IPv6[22:05:46] <Dominian> I have YET to receive an email over IPv6[22:05:46] <twobitsprite> seekwill: sendmail is running on the same internal box I"m sending mail from, then it goes out the NAT to the postfix server[22:05:46] <Aprogas> twobitsprite: Your question seems to be about something beyond the scope of Postfix.[22:06:05] <mroe> Dominian: I'll send you one[22:06:16] *** Tormin has left #postfix[22:06:16] <twobitsprite> Aprogas: I know the larger question is, but I was just making sure that the log was actually reporting the actual IP address in the TCP/IP header, instead of something it's given otherwise[22:06:21] <Dominian> mroe: haha[22:06:23] <Dominian> :)[22:06:33] <Dominian> problem is that server doesn't receive mail for my main domain any longer[22:06:50] <Dominian> in fact, that really isn't an mx host anymore.. as I moved everything off fo another relay box that does scanning.. then hands off...[22:06:52] <Aprogas> twobitsprite: Run tcpdump or equivalent on both ends and check if any rewriting happens in the packets.[22:06:58] <Dominian> which.. I don't think the other admin on the box has ipv6 working completely yet[22:07:23] <seekwill> twobitsprite: I think you're reading the headers wrong. Pastebin the whole header[22:07:34] <seekwill> oh[22:07:40] <seekwill> That was a log.[22:08:05] <seekwill> Host/Sendmail 10.1.0.65-> NAT -> Internet -> Postfix?[22:08:10] <twobitsprite> yep[22:08:11] <mroe> Dominian: I don't think our colo supports ipv6 yet[22:08:20] <mroe> so I can't do anything ipv6 yet[22:08:25] * Dominian nods[22:08:29] <Dominian> use a tunnel broker[22:08:35] <seekwill> twobitsprite: That doesn't sound right[22:08:44] <twobitsprite> that's what I said :)[22:09:05] <seekwill> twobitsprite: What are the actual IP addresses[22:09:11] <seekwill> And how is everything connected?[22:09:42] <mroe> seekwill: with wires[22:09:59] <twobitsprite> no offense, but I can't give you the external IP addresses... the 10.1.0.65 is the real internal IP of the box I'm sending from... and the NAT routes over the internet/"cloud" to the postfix server[22:10:00] <seekwill> omg! cat5e wires??? copper???[22:10:14] <seekwill> Yes, IP addresses are so private... :([22:10:30] <twobitsprite> not my rules :([22:10:37] <seekwill> Who's rules?[22:10:46] <twobitsprite> my company[22:11:01] <seekwill> Use a VPN then[22:11:01] <twobitsprite> why does it matter anyways?[22:11:10] <seekwill> I'd ask you that too[22:11:13] <Dominian> SPAMMER![22:11:17] <seekwill> Shhhhh[22:11:47] <twobitsprite> the two external IPs are on different subnets... other than that it shouldn't matter what they are[22:12:08] <seekwill> ok fine[22:21:20] *** Tormin has joined #postfix[22:32:35] *** mu574n9 has quit IRC[22:32:55] *** ced117 has quit IRC[22:34:24] *** xeodox has joined #postfix[22:34:43] *** mu574n9 has joined #postfix[22:36:59] * jimpop has seen many a classified IP range. The do exist, whether it is beleived or not. ;-)[22:42:02] *** xeodox has quit IRC[22:43:35] *** xeodox has joined #postfix[22:45:24] *** m_inet has joined #postfix[22:48:35] <twobitsprite> ok, so I figured out the network weirdness... the mx1 host is on the DMZ, so our router is doing it's magic... so, two-way communication works if the connection is initiated from inside the NAT, but not the other way around... that shouldn't mess anything up with postfix should it?[22:49:14] <twobitsprite> i.e., postfix will happily talk over the established connection from the sendmail host and won't need to open connections the other way if it's just serving as an outgoing relay, right?[22:50:31] *** Broken|Arrow has joined #postfix[22:51:17] *** nokia3510 has quit IRC[22:53:58] <jimpop> twobitsprite: correct[22:56:26] *** cpm has quit IRC[22:58:17] *** m_inet has quit IRC[23:00:01] <twobitsprite> jimpop: cool, thanks[23:01:46] <twobitsprite> so... now that I have that straightened out... it still leaves me with my original problem... I have a rewrite rule set up in the generic config file...but the mail header doesn't get rewritten[23:01:57] *** gerhard7 has quit IRC[23:04:23] <twobitsprite> I have a rule "root at proddb dot domain.com support at domain dot com" but I still receive the mail as "root at proddb dot domain.com"[23:04:24] *** mroe has quit IRC[23:04:34] <twobitsprite> is there some other config I need to set up?[23:05:00] <twobitsprite> the smtp_generic_maps is set up right[23:05:41] <h16h> does any one use opendkim milter?[23:06:06] <jimpop> twobitsprite: i don't think it is possible to rewrite the From: field from in the middle (postfix) of the delivery transaction[23:06:26] <jimpop> twobitsprite: but others may know for sure. srry[23:06:41] <h16h> or a simple question..i have 2 additional outbound mail servers, these 2 additonal servers i want them to share the same public/private key so i dont have to add multiple dns records and selectors[23:06:45] <h16h> is this possible[23:07:32] <jimpop> h16h: that's probably a question better addressed on #dkim[23:07:41] <h16h> oh wow theres a dkim channel[23:07:42] <h16h> thanks[23:07:48] <h16h> or not[23:07:52] <h16h> empty lol[23:08:10] <seekwill> You can share the key[23:08:16] <seekwill> No problems with that. It's more of a "security" thing[23:08:27] <seekwill> If one server is compromised, you can just disable that one selector.[23:09:11] *** Tykling has quit IRC[23:09:34] *** acf1210 has joined #postfix[23:10:26] <h16h> seekwill: would I still generate 2 different private keys and just use the same selector?[23:10:39] <h16h> thats where im unclear..[23:10:50] <seekwill> No[23:10:57] <seekwill> You'd copy the private keys to each server[23:11:21] <h16h> okay i though ti tried this and got errors that the key was not verified or something, will try again[23:11:22] <h16h> thanks[23:12:03] <seekwill> You'll need to pastebin the whole headers for me to know what's going on.[23:12:48] <h16h> seekwill: thanks will do if i come across trouble[23:13:11] *** Tykling has joined #postfix[23:16:36] *** daum has left #postfix[23:16:37] *** sphenxes has quit IRC[23:19:25] *** Tykling has quit IRC[23:22:13] *** acf1210 has quit IRC[23:23:09] *** Tykling has joined #postfix[23:24:36] *** nokia3510 has joined #postfix[23:33:47] *** uqlev has joined #postfix[23:34:37] <h16h> unable to create listening port for dkim and ill wrap it up today with that[23:37:11] *** Matic`Makovec has joined #postfix[23:55:14] *** Broken|Arrow has quit IRC[23:59:35] *** Timzzzz is now known as Timmooo[23:59:56] <lunaphyte> postfix doesn't create a listening port for dkim.