May 16, 2011 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 16, 2011 [00:01:16] *** P1ersson has quit IRC[00:06:51] *** brancaleone has joined #postfix[00:11:56] *** uqlev has quit IRC[00:12:52] *** P1ersson has joined #postfix[00:13:42] *** krzee has quit IRC[00:13:58] *** roentgen has quit IRC[00:14:27] *** krzee has joined #postfix[00:16:02] *** brancaleone has quit IRC[00:20:35] *** leprechau has quit IRC[00:21:22] *** krzee has quit IRC[00:26:42] *** leprechau has joined #postfix[00:48:04] *** TomHome has quit IRC[00:57:47] *** neuonyx has joined #postfix[01:14:00] *** e-anima has quit IRC[01:16:20] *** Hyphenex has joined #postfix[01:20:19] <Hyphenex> I'm having a bit of trouble on outgoing e-mails from some hosts in my network, their local hostname is a.lan for instance, but even though I've set the "myhostname = a.domain.net" it still appears as a.lan in e-mails before it relays (sent from the mailx command)[01:21:11] <thumbs> Hyphenex: set the from: properly from your MUA.[01:21:29] <thumbs> Hyphenex: specifically, don't use unqualified email addresses[01:21:57] <Hyphenex> thumbs: is there a way on my relay hosts if I don't want anything comming from .lan to re-write it to .domain.net?[01:22:30] <thumbs> Hyphenex: why not set the from: properly to begin with?[01:23:05] <Hyphenex> thumbs: I can, I just want to be sure that nothing ever leaves (or is possible to leave) my mail server without the correct domain[01:38:48] <Hyphenex> yep, that would do the trick, could I get postfix to re-write e-mail addresses, so when an e-mail is coming from hyphenex at a dot localdomain) replace it with the mail (hyphenex at somedomain dot net)[01:40:41] <thumbs> !tell Hyphenex rewrite[01:40:41] <knoba> Hyphenex: "rewrite" : Postfix Address Rewriting features, see http://www.postfix.org/ADDRESS_REWRITING_README.html[01:40:57] <Hyphenex> Thanks[01:51:21] <Hyphenex> yep, I don't get this line in the /etc/postfix/generic example @localdomain.local hisaccount+local at hisisp dot example. wouldn't it just be something like: " at localdomain dot local @publicdomain.net" What's with the hisaccount stuff?[01:58:14] *** Timmooo is now known as Tim|Away[01:59:26] *** neuonyx has quit IRC[02:03:07] <Hyphenex> qq![02:06:03] <lunaphyte> the right thing to do would be to simply configure your mail server to not accept messages that use invalid/bogus information in the enveloper or headers. then you will not need to worry about irresponsible mail leaving your server.[02:08:39] *** wdp_ has quit IRC[02:08:49] *** kuhkatz has quit IRC[02:13:27] *** dragonheart has joined #postfix[02:30:59] *** krzee has joined #postfix[02:30:59] *** krzee has joined #postfix[02:36:56] *** seekwill has quit IRC[02:41:34] <Hyphenex> ok, next question. When mailx sends out it's mail, where does get the domain from?[02:44:19] <rob0> !mail[02:44:19] <knoba> rob0: "mail" : mail(1) (also known as mailx(1)) is not a Postfix-provided command. For help with it, see its man page. More powerful, commonly available console- and CLI-based MUAs include mutt, alpine and nail (likewise, not supported here.)[02:44:30] <rob0> !myorigin[02:44:31] <knoba> rob0: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.[03:05:41] *** master_of_master has quit IRC[03:08:36] <lunaphyte> !mysharona[03:08:36] <knoba> lunaphyte: Error: "mysharona" is not a valid command.[03:09:46] *** master_of_master has joined #postfix[03:10:36] <standon> haha[03:10:39] *** pj has joined #postfix[03:14:29] <jimpop> lol[03:17:25] *** pj has quit IRC[03:43:10] *** loddafnir1 has quit IRC[03:50:27] <Hyphenex> yep, the myorigin is doing it's thing, so it must be MUA that's stuffing up[03:50:52] *** Muhis has quit IRC[04:03:21] <Hyphenex> ok, I still want to do this so people can use mailx on the system, but what would I put in the 'generic' file (smtp_generic_maps = regexp:/etc/postfix/generic) to replace @*prod with @mydomain.com?[04:12:19] *** io_a has quit IRC[04:12:56] <Hyphenex> Woot, needed // to say it's regex.. *sigh* :P[04:13:27] *** loddafnir has joined #postfix[05:28:58] *** Patrickdk has quit IRC[05:36:42] *** Patrickdk has joined #postfix[05:53:58] *** loddafnir has quit IRC[06:08:48] *** beginer has joined #postfix[06:09:34] *** cytrinox_ has joined #postfix[06:10:39] *** cytrinox has quit IRC[06:10:44] *** cytrinox_ is now known as cytrinox[06:22:58] *** dragonheart has quit IRC[06:23:52] *** dragonheart has joined #postfix[06:29:41] *** xpeed has quit IRC[06:48:36] *** Tim|Away is now known as Timzzzz[07:05:20] *** basho__ has joined #postfix[07:17:47] *** MACscr has joined #postfix[07:27:08] <MACscr> is there a default sender limit for (this is for outgoing mail, not receiving) for postfix by default?[07:28:34] <MACscr> i have an internal server that connects to it by the thousands per day and if there is going to be an issue, i wan to know ahead of time so there arent any queuing issues, etc. If there is a limit, can an ip be whitelisted?[07:37:48] <Hyphenex> last problem I seem to be having, the debug_peer_leve = 2 setting, would this cause any outbound e-mail to be logged to syslog as emergency?[07:53:21] *** zwamkat has joined #postfix[07:56:57] *** zwamkat has quit IRC[07:57:06] *** zwamkat has joined #postfix[08:03:18] *** zwamkat has quit IRC[08:08:09] *** gerhard7 has joined #postfix[08:08:32] <dragonheart> MACscr: postfix policyd or similar[08:09:03] *** Timzzzz is now known as Timmooo[08:09:33] <dragonheart> Hyphenex: nothing that I could imagine - mail really isn't that important :-)[08:10:20] <Hyphenex> I know. I've got syslog-ng logging in place but it appears postfix is logging everything as "emerg" level :([08:10:47] <Hyphenex> I put in a script to e-mail out emerg log events on the system, created a feedback loop to discover that one, had a good laugh :P[08:11:21] <dragonheart> i'd guess look closer at the syslog-ng config.[08:15:04] *** Alagar has quit IRC[08:16:01] *** gebi has joined #postfix[08:21:50] <Tabmow> Hyphenex: http://www.postfix.org/BASIC_CONFIGURATION_README.html#syslog_howto[08:22:03] <Hyphenex> Thanks[08:25:07] <Hyphenex> Tabmow: my log files don't show reject, warning, error, fatal or panic[08:25:40] <Hyphenex> an example of something that goes in my logfile is something like May 16 16:25:09 admin postfix/qmgr[12186]: 20CD86805D: removed[08:25:43] *** loddafnir has joined #postfix[08:45:36] *** breaker313 has joined #postfix[08:47:49] *** Timmooo is now known as Tim|Away[08:53:36] *** jujugre has joined #postfix[08:56:27] *** brancaleone has joined #postfix[09:10:35] *** zorg1 has joined #postfix[09:12:01] *** active has joined #postfix[09:12:21] *** active_si has quit IRC[09:15:32] *** e-anima has joined #postfix[09:16:18] *** weedar has joined #postfix[09:18:30] *** Patrickdk has quit IRC[09:19:21] *** kxsteve has quit IRC[09:20:03] *** thumbs has quit IRC[09:20:29] *** Patrickdk has joined #postfix[09:21:44] *** thumbs has joined #postfix[09:21:44] *** thumbs has joined #postfix[09:24:01] *** Lujeni has joined #postfix[09:31:13] *** dragonheart has quit IRC[09:31:19] *** hever has joined #postfix[09:39:10] *** krion has joined #postfix[09:39:16] *** brancaleone has quit IRC[09:42:48] *** beginer has quit IRC[09:43:14] *** failure has joined #postfix[09:47:21] *** Guip`aw has joined #postfix[09:55:57] *** Guip`aw is now known as Guip[09:58:53] *** hever has quit IRC[10:13:42] *** hever has joined #postfix[10:16:14] *** mu574n9 has joined #postfix[10:20:37] *** beginer has joined #postfix[10:20:42] *** wdp has joined #postfix[10:22:39] *** ikonia has joined #postfix[10:23:24] *** dragonheart has joined #postfix[10:25:19] *** brancaleone has joined #postfix[10:26:13] *** e-jones has joined #postfix[10:30:30] *** ikonia has quit IRC[10:30:47] *** ikonia has joined #postfix[10:36:49] *** failure has quit IRC[10:37:06] *** failure has joined #postfix[10:39:04] *** ikonia has quit IRC[10:39:26] *** tuxick has joined #postfix[10:40:35] *** ikonia has joined #postfix[10:45:15] <tuxick> got a problem figuring out how to make postfix do tls only on 587 and not 25[10:46:43] <Aprogas> You can specify parameters to services in master.cf with -o[10:46:48] *** dragonheart has quit IRC[10:46:49] <sep> why can't you have it as an option on 25 as well ? it's not like it's enforced on 25 (unless you messed up your restrictions)[10:48:20] *** JoKoT3 has joined #postfix[10:51:09] *** ikonia has quit IRC[10:51:53] *** ikonia has joined #postfix[10:54:51] <tuxick> is there no performance penalty if you allow it on 25?[10:56:39] <Aprogas> A bit on the CPU probably, but CPU is usually not the bottleneck on a mailserver. Most remote MTAs won't even try TLS though.[10:57:53] <tuxick> i mean is there a penalty if it's allowed on 25, yet not used[10:58:03] <tuxick> can't really imagine but still[11:02:58] <tuxick> right, there's one good reason to disally 25 :)[11:03:25] <tuxick> firewalling[11:04:16] <Aprogas> I don't get it.[11:04:36] <tuxick> well, while back we had an infected dozebox sending out spam[11:04:54] <tuxick> so i firewalled :25 outgoing[11:05:30] <Aprogas> Yes, it can make sense to force all local network hosts to use your mailserver, and run a spamfilter on your outgoing mail as well.[11:05:43] <tuxick> indeed[11:08:14] <Aprogas> But that's not really related to offering TLS on your incoming port 25.[11:10:01] <tuxick> i mean it'd be a bad habit, because you could end up firewalled out[11:10:28] <tuxick> for example with laptop you use on different locations[11:10:31] <Aprogas> I assume your mailserver does have permission to contact other hosts on port 25.[11:10:43] <tuxick> heh ye :)[11:11:04] <Aprogas> Offering TLS on port 25 is for other MTAs that happen to support TLS, even though they are not many.[11:11:23] <tuxick> haven't heard of any[11:11:27] <Aprogas> I don't see how firewalls and infected hosts are really related to taht.[11:11:44] <Aprogas> Fine, then don't support TLS on port 25 if you don't want to, but infected hosts is not really a reason.[11:12:07] <tuxick> firewalls are[11:12:24] <tuxick> anyway, not a big issue[11:12:52] <Aprogas> Firewalls aren't really a reason to do or do not offer TLS on port 25 either.[11:13:04] <Aprogas> Unless your firewall somehow needs to do DPI on SMTP-traffic.[11:13:42] <tuxick> just trying to avoid confusion for users[11:14:29] <tuxick> "sending mail doesn't work!!"[11:14:50] <Aprogas> Tell users to use port 587, they don't have to know anything about what you do or do not offer on port 25.[11:15:38] <Aprogas> In my opinion more mailservers should use TLS when talking to eachother; the policy of "no one else does it so why should I" is just going to perpetuate unencrypted SMTP.[11:17:27] <sep> so how can i tell my postfix to use tls on port 25 when talking to servers that supports it ?[11:18:04] <Aprogas> smtpd_tls_security_level = may for connections to your smtpd, smtp_tls_security_level = may for connections by postfix/smtp to remote MTAs[11:19:36] <sep> can this break something ? eg if some domain that uses my server use mail.domain.com as MX instead of the real hostname (that's reflected in the certificates)[11:20:25] *** kuhkatz has joined #postfix[11:20:45] <Aprogas> level = may is not strict about certificate verification[11:20:59] <Aprogas> It will probably accept an expired self-signed cert and just do opportunistic TLS.[11:21:27] <Aprogas> You need levels like verify, fingerprint or secure to be strict about certs, and this is not a good idea in the MTA-world.[11:21:29] *** Tim|Away is now known as Timzzzz[11:37:54] *** kuhkatz has quit IRC[11:37:57] *** n0sq has quit IRC[11:41:19] <breaker313> Hi *[11:41:44] <breaker313> How do I've to configure postfix so that it extracts attachements in a special folder?[11:42:45] *** slune has joined #postfix[11:42:53] <tuxick> Aprogas: indeed :)[11:42:56] <Aprogas> Postfix cannot do that itself, but Postfix can integrate with other tools that can (usually as a content_filter)[11:43:03] <Aprogas> !mimedefang[11:43:03] <knoba> Aprogas: Error: "mimedefang" is not a valid command.[11:43:14] <Aprogas> I think mimedefang is one of the tools that can do such things, but I never used it.[11:45:00] *** cpm has joined #postfix[11:51:04] *** n0sq has joined #postfix[11:54:16] <breaker313> ok, thx[12:08:54] *** TomHome has joined #postfix[12:22:50] *** kuhkatz has joined #postfix[12:26:21] *** ikonia has quit IRC[12:26:49] *** nataraj has joined #postfix[12:26:54] <nataraj> Hi[12:27:04] <nataraj> trying to cross compile for arm-linux[12:27:29] <nataraj> what do i change SYSTYPE = LINUX2 to?[12:31:52] *** nataraj has quit IRC[12:34:04] *** ikonia has joined #postfix[12:54:46] *** wdp_ has joined #postfix[12:56:56] *** turbomettwurst has joined #postfix[12:58:06] *** wdp has quit IRC[13:03:41] <overrider> i am looking to buy the "Book of Postfix" from No Starch Press released in 2005. Is that still a useful book or did too many things change in subsequent releases of postfix?[13:03:54] *** e-jones has quit IRC[13:05:15] <tuxick> lookout express claims server doesn't support ssl on 587[13:05:28] <tuxick> sane clients no problem, is this a common issue?[13:08:47] <Aprogas> Is that MUA still maintained? Does it even support TLS in STARTTLS-mode (as opposed to wrappermode) ?[13:10:01] <tuxick> it's fairly recent yes[13:10:31] <tuxick> and with sane clients i can even send mail using (start)tls on :25[13:11:01] <Aprogas> "Fairly recent" meaning the codebase from 2001, with a fairly recent security update?[13:11:57] <tuxick> forgot how to query version :)[13:12:42] <Aprogas> Last I heard MSOE only supports sslwrappermode but not starttls.[13:12:57] <Aprogas> Also clients should not be able to send through port 25.[13:13:33] <tuxick> that was the discussion few hours ago[13:13:39] <Aprogas> No, that was about other MTAs.[13:13:46] <tuxick> but it's same on 587[13:14:08] <Aprogas> 25 is for other MTAs, 587 is for clients[13:14:39] <tuxick> yes[13:15:24] <Aprogas> You can probably get away with just reject_unauth_destination on port 25 (so not even permit_mynetworks)[13:15:38] <tuxick> nevermind the 25 bit[13:15:47] <tuxick> it's lookout failing to ssl on any port[13:15:57] <Aprogas> Well, I already said MSOE doesn't support it.[13:16:12] <tuxick> users will blame me :)[13:17:14] <Aprogas> Other MUAs exist that are just as user-friendly, also webmail is a viable replacement nowadays.[13:17:32] <Aprogas> If you really must, you can run a sslwrappermode port too, use 465[13:20:49] <Aprogas> Or just get your clients to use better MUAs or webmail.[13:21:08] <tuxick> :)[13:22:25] <Aprogas> Make a collation of pictures of 9 year old children with the text "these children weren't born yet when OE 6.0 was released"[13:22:25] *** xeodox has quit IRC[13:22:35] <xv7> That should be read as "better {MUAs or webmail}", not "{better MUAs} or webmail", becauase Outlook Web is just as much a catastrophe (say, setting up forwarding possible with IE only)[13:22:53] <tuxick> gosh[13:23:03] <Aprogas> MSOE will give you headache with SASL too.[13:23:08] *** alus has joined #postfix[13:23:09] <cpm> heh[13:23:11] <cpm> yup[13:23:25] <cpm> MSOE will just give you headaches. it's not worth supporting.[13:23:33] <alus> I got a few "421 4.4.2" errors when trying to queue mail to my local postfix instance via smtp[13:24:00] <alus> is it possible that I get this error because I had an idle connection which sat for too long, and then tried to send mail?[13:24:07] <tuxick> you mean smtpd_tls_wrappermode?[13:24:08] <xv7> can I interest you in the zarafa stack :)[13:24:41] <Aprogas> !tell tuxick tls[13:24:41] <knoba> tuxick: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[13:24:59] <Aprogas> Outlook is mentioned by name in that readme.[13:25:37] <tuxick> :)[13:41:45] *** mambaw has quit IRC[13:44:53] *** Tabmow has quit IRC[13:46:00] *** e-jones has joined #postfix[13:46:35] *** e-jones has quit IRC[13:52:18] *** magyar has quit IRC[13:53:20] *** TomHome has quit IRC[13:57:24] *** Cain` has joined #postfix[13:58:58] *** Cain has quit IRC[13:58:59] *** Cain` is now known as Cain[14:05:48] *** beginer has quit IRC[14:11:27] *** mu574n9 has quit IRC[14:11:56] *** mu574n9 has joined #postfix[14:25:38] *** korozion has left #postfix[14:31:22] *** Twinkletoes has joined #postfix[14:49:51] *** hever has quit IRC[14:58:29] *** gerhard7 has quit IRC[15:16:01] *** higuita has quit IRC[15:17:26] *** hever has joined #postfix[15:26:02] *** higuita has joined #postfix[15:29:56] *** weedar has quit IRC[15:36:35] *** Gatto has joined #postfix[15:42:12] *** mu574n9 has quit IRC[15:46:53] *** krzie has joined #postfix[16:05:50] *** banym has joined #postfix[16:06:02] <banym> hi[16:08:25] <banym> i am searching a documentation about the .forward format for postfix. i want to keep one copy within my mailbox and send a copy to a backup archive. is this possible with .forward file?[16:10:30] <rob0> right. It's not real well documented, but find .forward in aliases(5) and local(8) man pages.[16:11:05] <rob0> If you're not using local(8) for delivery, forget it.[16:15:34] <Aprogas> local(8) is smart about a .forward to the same address. If you forward to yourself and an external address, you get one copy in your own mailbox and one in the external mailbox.[16:16:45] <banym> mhm do i need to use the full alias or is it the local username[16:18:11] <banym> i used for example this syntax, banym, example at test dot com and it's delivered only to external mailbox. the log for local delivery says: status=bounced (mail for www.example.com loops back to myself)[16:18:31] <Aprogas> Normally I would say use a fully-qualified address, but in local(8) it's probably fine to use just the username.[16:19:10] <Aprogas> Try with the fully-qualified address.[16:19:24] <Aprogas> Of course this only works for addresses with a domain-part in mydestination, i.e. handled by local(8)[16:19:43] *** gerhard7 has joined #postfix[16:21:30] <banym> yes i see.[16:23:01] <banym> now it works with full qualified domain name. thx for the hint.[16:23:28] *** slune has quit IRC[16:26:26] <rob0> in a .forward file you ONLY put the RHS of the alias, not an alias[16:26:35] <rob0> one RHS per line.[16:29:45] *** Section1 has joined #postfix[16:35:52] *** Belial_ has joined #postfix[16:39:41] *** hparker has joined #postfix[16:39:42] *** hparker has joined #postfix[16:43:17] *** alus has left #postfix[16:58:09] *** Tormin has quit IRC[16:59:54] *** Tormin has joined #postfix[17:12:08] *** davlefou has joined #postfix[17:15:47] *** Corey has quit IRC[17:22:56] *** Lenhix has joined #postfix[17:23:59] *** davlefou has quit IRC[17:25:37] *** davlefou has joined #postfix[17:26:04] <jiffe98> postfix doesn't have a plugin system does it? I'm looking to change the mail storage to a modified mbox[17:28:41] *** breaker313 has quit IRC[17:28:42] <rob0> You can "plug in" any kind of delivery agent you wish, assuming there is some standard way for Postfix to talk to it: stdin, LMTP, SMTP ...[17:32:46] * xv7 plugs rob0 in[17:33:39] <Aprogas> mailbox_command=/usr/bin/lpr[17:33:59] <xv7> not quite environmentally-friendly, but ok :)[17:34:25] <Aprogas> It's how many politicians, lawyers, etc. still read their email.[17:34:35] *** weedar has joined #postfix[17:34:53] <xv7> With headers? No wonder they're always so mentally challenged when making a decision on the next bill.[17:34:56] <Aprogas> Then they type a reply, print it, hand it to their secretary, who then scans or retypes it, and mails it.[17:39:55] <jelly> Aprogas: a reasonable way to implement the air gap[17:40:09] *** weedar has quit IRC[17:41:28] *** ced117 has joined #postfix[17:41:29] *** ced117 has joined #postfix[17:42:04] *** brancaleone has quit IRC[17:43:12] *** jfried has joined #postfix[17:44:04] *** KB1JWQ has joined #postfix[17:47:43] *** roentgen has joined #postfix[17:51:25] *** davlefou has quit IRC[17:51:30] *** davlefou has joined #postfix[17:52:52] *** ketema has joined #postfix[17:53:10] *** ketema has left #postfix[17:59:45] *** cilly has joined #postfix[18:07:00] *** wdp has joined #postfix[18:07:22] *** david_ has joined #postfix[18:07:26] *** davlefou has quit IRC[18:09:28] *** friartuck has quit IRC[18:14:17] *** KB1JWQ has quit IRC[18:14:32] *** KB1JWQ has joined #postfix[18:16:11] *** jujugre has left #postfix[18:17:50] *** KB1JWQ has joined #postfix[18:19:29] *** KB1JWQ is now known as Corey[18:21:51] *** turbomettwurst has quit IRC[18:25:17] *** cilly has quit IRC[18:25:55] *** david_ has quit IRC[18:26:03] *** e_ has joined #postfix[18:26:06] <e_> hi guys[18:26:31] <e_> i'm wondering if there is a way that i can have my port 25 return a custom error string if someone tries to send from my local domain. any ideas or pointers?[18:27:54] *** david_ has joined #postfix[18:30:01] *** Belial_ has quit IRC[18:30:03] *** krion has quit IRC[18:34:23] *** Belial_ has joined #postfix[18:37:29] *** mambaw has joined #postfix[18:39:39] *** e-jones has joined #postfix[18:40:04] <lunaphyte_> !tell e_ access[18:40:05] <knoba> e_: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[18:40:08] *** weedar has joined #postfix[18:42:48] <e_> ah, check_sender_access with an extra access table i guess[18:42:59] <e_> i want to force my users to use submission--[18:43:05] <lunaphyte_> yes.[18:43:09] <lunaphyte_> good for you.[18:43:35] <lunaphyte_> presumably then you are already not offering smtp auth on port 25?[18:43:49] <jeremymcs> does postsuper -r reload new DNS settings ?[18:44:18] <rob0> What DNS settings are you referring to?[18:44:22] <e_> lunaphyte: i don't yet have all people configure their clients correctly, that's why i was looking for a custom error message[18:44:27] <jeremymcs> MX record[18:44:42] <jeremymcs> i have some in queue, changed record, yet it keeps reading old[18:45:00] *** banym has quit IRC[18:45:03] <e_> stupid thunderbird automatically picks port 25..[18:45:15] <rob0> sounds like caching, and no, Postfix has no control over your resolver[18:45:18] <lunaphyte_> when messages are requeued, the currently available data will be used.[18:45:32] <jeremymcs> whats odd is its reading the relay ip from mysql[18:45:39] <jeremymcs> hmm[18:45:55] * lunaphyte_ thinks jeremymcs is just asking the question sub optimally.[18:46:02] <rob0> definitely[18:47:11] <lunaphyte_> "if i have messages stuck in the queue because of messed up dns - if i fix the dns and then re queue the messages, will the re queued messages be subject to the corrected dns data?"[18:47:36] <lunaphyte_> eh. that last part is still sub optimal.[18:48:04] <jeremymcs> well i using baruwa, and wondering why its not reading the new dns settings. so was trying to verify postfix wasn't caching anything[18:48:09] <jeremymcs> i'm*[18:48:31] * lunaphyte_ wonders what baruwa is.[18:48:41] <jeremymcs> odd i had to update the IP manually in mysql[18:48:50] <lunaphyte_> whatever it is, it probably doesn't read dns settings at all.[18:48:58] *** david_ has quit IRC[18:49:01] *** david__ has joined #postfix[18:49:05] <jeremymcs> its looking up relay ip via mysql[18:49:10] <jimpop> !tell lunaphyte_ baruwa[18:49:10] <knoba> jimpop: Error: No factoid matches that key.[18:49:29] <lunaphyte_> where do dns settings come into the mix, and why are you changing them?[18:49:46] *** Belial_ has quit IRC[18:49:48] <jeremymcs> the server im relaying to, ip changed[18:49:55] <rob0> time for:[18:49:59] <lunaphyte_> oh.[18:50:00] *** weedar has quit IRC[18:50:04] <lunaphyte_> you mean dns data.[18:50:09] <lunaphyte_> settings != data[18:50:15] <Aprogas> Flush your cache.[18:50:28] <Aprogas> Don't play with postsuper, good way to cause clogged queue.[18:50:30] <lunaphyte_> dns settings are things like the contents of /etc/resolv.conf, or perhaps the contents of a bind configuration file.[18:50:42] <jeremymcs> its been flushed, for some reason it wasnt reloading the mysql changes[18:51:17] <lunaphyte_> does does corroborate the new data is active?[18:51:21] <lunaphyte_> *does dig[18:52:54] <jeremymcs> well, its technically not a DNS issue[18:52:57] <jeremymcs> the MX record stayed the same[18:53:17] <jeremymcs> its a simple mysql query for an IP to relay for that domain[18:53:38] <lunaphyte_> you seem to be contradicting yourself.[18:54:05] <lunaphyte_> i'll finish rob0's thought[18:54:09] <lunaphyte_> !tell jeremymcs welcome[18:54:09] <knoba> jeremymcs: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[18:54:24] <jeremymcs> no, im not contradicting. .. i asked a question to verify i was correct in eliminating anything postfix[18:55:27] <jeremymcs> in the process of you answering my questions, i looked in phpmyadmin and noticed the IP had not updated like it should have. and resolved it by manually changing the IP.[18:56:17] <lunaphyte_> things in your mysql database change automatically?[18:56:28] <Aprogas> Why are you storing an IP-address instead of the hostname?[18:57:17] * jimpop notices this chan is aliased as #php[18:57:22] <jeremymcs> no one here apparently uses baruwa - http://www.baruwa.org - one of the domains im scanning for changed IPs. i updated it via the frontend, which apparently did not post to the database.[18:57:39] <rob0> lunaphyte_, thanks, phone rang just then, you were right though. :)[18:59:20] <lunaphyte_> yay![18:59:49] <lunaphyte_> i'd never heard of baruwa before just now.[19:00:24] <lunaphyte_> since it's associated with mailscanner, it's unlikely it will get much [if any] love in the postfix community.[19:01:00] *** nokia3510 has quit IRC[19:01:14] <jeremymcs> im aware of the lack of emotion towards MS, but until something else is created that doesnt alter headers .. were at the mercy of it[19:01:36] <lunaphyte_> that's kind of too bad. it looks like it might have a fairly well organized interface, gauging from the screenshots.[19:01:39] <lunaphyte_> alter headers?[19:01:41] <jeremymcs> i dont have time to dick around w/ shell scripts to manipulate multiple servers. i need a frontend[19:01:54] *** seekwill has joined #postfix[19:01:58] <thumbs> jimpop: you ever joined ##php? I hear it's nonsense in there.[19:02:00] <jimpop> or a consultant... or two[19:02:17] <jimpop> thumbs: nope. php is ebola to me[19:02:22] <thumbs> jimpop: likewise.[19:02:26] <jeremymcs> lunaphyte_: yeah baruwa has given MS a much needed facelift.[19:02:26] <lunaphyte_> i don't really get the correlation between a frontend for something and shell scripts, but ok.[19:02:46] <lunaphyte_> and i definitely don't know what altering header has to do with spam filtering.[19:02:51] <lunaphyte_> *headers[19:03:02] <lunaphyte_> [in the context of your comment, that is][19:03:14] <rob0> Why is it sad for a content filter to add a header?[19:03:15] <jeremymcs> whats the main disgust w/ MS ?[19:03:22] <lunaphyte_> !mailscanner[19:03:22] <knoba> lunaphyte_: "mailscanner" : don't you dare! mailscanner uses direct manipulation of postfix queues, employing undocumented methods, which may potentially change without warning at any point. there are much better ways for this sort of thing. consider amavisd-new instead.[19:03:47] *** tris has quit IRC[19:03:51] <jeremymcs> yeah, thats what i mean. queue manipulation[19:04:12] <lunaphyte_> what about it? it's irresponsible to do - that's for sure.[19:04:39] <lunaphyte_> [not to mention completely unnecessary - making it even worse][19:08:27] *** tris has joined #postfix[19:08:34] *** davlefou has joined #postfix[19:08:46] *** david__ has quit IRC[19:09:44] <jeremymcs> yeah, amavisd-new doesnt provide the mail layout i need. i need my clients emails to be picked up, scanned, and redelivered w/ an interface to manage the quarantine. .. the frontends i found for it were crap imo[19:11:06] <Aprogas> dspam has an interface like that[19:11:43] <Dominian> jeremymcs: Use Maia Mailguard.[19:11:51] <jeremymcs> yeah, ive used them both.[19:11:59] <Dominian> although I've never given dspam a try[19:12:05] *** cilly has joined #postfix[19:12:10] <jeremymcs> i'd also like to maintain the servers that I relay to on a per-domain basis .. baruwa gives those options[19:12:12] <Aprogas> dspam is complicated because the documentation is chaotic[19:12:25] <jeremymcs> ive used just about every combination, and this suites my needs much better.[19:12:43] <jeremymcs> dspam/maia both lack much required options[19:13:03] <Dominian> oh god[19:13:04] <Dominian> mailscanner[19:13:49] * seekwill prefers commercial AV/AS options :)[19:14:00] <Dominian> Yeah I don't have money for that ;)[19:14:14] <seekwill> Gmail![19:14:35] <lunaphyte_> yeah i don't have the stomach for that[19:14:48] <jeremymcs> gmail = illuminati[19:14:57] <lunaphyte_> indeed.[19:15:17] <lunaphyte_> i send my enemies to gmail, not my friends.[19:15:44] <Dominian> I'm actually debating moving my email back to my personal box at home.[19:16:00] <seekwill> Yahoo![19:17:27] *** thumbs has quit IRC[19:18:10] <jiffe98> whats wrong with gmail?[19:18:11] *** thumbs has joined #postfix[19:18:11] *** thumbs has joined #postfix[19:18:43] <rob0> Lots wrong with gmail.[19:19:44] <jiffe98> I've never had a problem with it[19:20:14] <lunaphyte_> ah, so turns out rob0 was wrong then.[19:20:39] <jiffe98> could be, I guess I was looking for clarification[19:20:43] <seekwill> lol[19:21:07] <lunaphyte_> oh. weird. why not just say that then?[19:21:52] *** davlefou has quit IRC[19:21:55] <jiffe98> I'm not trying to start a fight, just curious about gmail opinions[19:22:37] <seekwill> I use Gmail because I don't care about my life being indexed and sold to advertisers and I can't use any other UI[19:22:48] * seekwill <3 Gmail UI[19:23:59] <lunaphyte_> the biggest problem is that it's owned and run by the largest and most prolific aggregators of personally identifying data to have ever hit the face of the earth.[19:24:08] *** davlefou has joined #postfix[19:25:19] <rob0> Gmail is also spammer-friendly. Just about all the spammers use @gmail addresses for their public interface. Abuse@gmail is nonfunctional.[19:27:18] <robtone> atcually I found it hard to get a gmail account[19:27:38] <robtone> I wanted to setup a spam account and was asked for a phon number[19:28:26] <robtone> and somehow I didn't want to give my wifeys phone num to some sick google admin.[19:29:08] <robtone> (and neither did I have a anonymous prepaid card)[19:30:17] <seekwill> Sick google admin?[19:30:42] <rob0> hmmm, maybe I should apply at gmail, I'm as sick as they get![19:32:12] <seekwill> Try![19:32:13] <Aprogas> heh, glibc 2.13 breaks postfix[19:32:41] *** cilly has quit IRC[19:35:22] *** Lujeni has quit IRC[19:36:34] <Aprogas> Something about getrlimit() returning EPERM in certain cases.[19:37:24] *** Belial_ has joined #postfix[19:37:49] *** ScorpiusLetalis has joined #postfix[19:42:23] *** Xzisted has quit IRC[19:47:40] *** davlefou has quit IRC[19:48:40] *** davlefou has joined #postfix[19:49:54] <adaptr> gay hair error ?[19:50:24] *** Matic`Makovec has joined #postfix[19:56:34] *** Belial__ has joined #postfix[19:57:21] *** Belial_ has quit IRC[19:57:39] *** banym has joined #postfix[19:57:40] *** banym has joined #postfix[20:00:24] <MACscr> robtone: lol, you found it hard to create an account because you didnt want to give them a phone number?[20:00:36] <MACscr> how is it hard if your the unwilling participant?[20:00:48] <MACscr> *you are[20:01:19] <seekwill> He doesnt want a Gmail admin calling his wife![20:01:56] <rob0> I called robtone's wife. Her English wasn't very good, though.[20:02:01] * MACscr hands robtone a cup of paranoid[20:02:47] <rob0> She started yelling, "Scheiss! Scheiss!" and hung up.[20:03:01] <rob0> I take it that was not a good thing.[20:03:34] <adaptr> it means she wanted to play chess with you[20:06:27] *** Toerkeium has quit IRC[20:09:17] *** david_ has joined #postfix[20:09:38] *** davlefou has quit IRC[20:15:49] *** Gatto has quit IRC[20:17:28] *** cilly has joined #postfix[20:17:31] *** cilly has joined #postfix[20:18:50] *** xeodox has joined #postfix[20:19:45] *** david_ has quit IRC[20:19:49] *** david__ has joined #postfix[20:19:59] *** Ryushin has joined #postfix[20:22:51] *** Twinkletoes has quit IRC[20:26:45] *** Belial_ has joined #postfix[20:27:34] *** david__ has quit IRC[20:27:41] *** Belial__ has quit IRC[20:31:36] *** xeodox has quit IRC[20:32:51] <lunaphyte> hard to get an account without providing personally identifying information seems quite straightforward to me.[20:34:15] <seekwill> lol[20:35:26] <seekwill> How do you prevent spammers from signing up if you don't require personal information?[20:36:05] <seekwill> People want anonymity, but don't want spammers on the network too... how would you know they were spammers?[20:36:19] <seekwill> Spammers thrive on being anonymous[20:36:25] <lunaphyte> that's a logically fallacy. it presumes that requiring personal information prevents spammers from signing up, which we know from decades of having it demonstrated that it's not true.[20:36:47] <seekwill> True[20:37:19] <lunaphyte> but - to your point, is a prefect example of the google veil.[20:37:23] <lunaphyte> *perfect[20:39:10] *** xeodox has joined #postfix[20:40:13] *** Deathvalley122 has quit IRC[20:43:30] *** Deathvalley122 has joined #postfix[20:43:42] *** brancaleone has joined #postfix[20:48:11] <adaptr> that german fucktard on the list is not improving[20:57:44] *** MAAAAD has joined #postfix[20:59:20] *** Gatto has joined #postfix[21:00:16] *** e_ has left #postfix[21:00:48] *** e-jones has quit IRC[21:07:40] *** brancaleone has quit IRC[21:10:04] *** cpm has quit IRC[21:10:57] *** brancaleone has joined #postfix[21:23:22] *** ScorpiusLetalis has quit IRC[21:24:18] *** ScorpiusLetalis has joined #postfix[21:31:24] *** nokia3510 has joined #postfix[21:34:14] *** digitolx has joined #postfix[21:37:24] *** ssureshot has quit IRC[21:40:10] *** banym has quit IRC[21:40:20] *** digitolx has quit IRC[21:57:50] *** ced117 has quit IRC[22:00:36] <xv7> If no procmail rule matched, how will procmail decide where to store the mail it got on stdin?[22:05:27] <jeremymcs> What's the recommended route to hold the inbound queue for a domain; if the server will be offline for a few days.[22:06:12] <jeremymcs> say domainA.com .. The server I relay to will be down for a week.[22:06:26] <jeremymcs> How can I tell postfix to store?[22:07:20] <Section1> !bounce_queue_lifetime[22:07:20] <knoba> Section1: "bounce_queue_lifetime" : a configuration parameter in the main.cf: The maximal time a bounce message is queued before it is considered undeliverable. By default, this is the same as the queue life time for regular mail.[22:07:29] <Section1> and[22:07:35] <Section1> !maximal_queue_lifetime[22:07:35] <knoba> Section1: "maximal_queue_lifetime" : a configuration parameter in the main.cf: The maximal time a message is queued before it is sent back as undeliverable, the default value is 5 days.[22:08:39] <jeremymcs> Specific[22:08:42] <jeremymcs> To a domain ?[22:08:53] <jeremymcs> Not all domains on the box that it relays for ..[22:11:57] <Section1> ah perdomain configah specific one[22:15:16] *** mu574n9 has joined #postfix[22:15:50] <seekwill> Down for a week?[22:16:28] <robtone> rob0, you did?[22:17:17] <robtone> rob0, I ask, because it would be good guessed reaction of my wife ;)[22:17:26] <Section1> maybe you canput in HOLD[22:18:01] *** hever has quit IRC[22:19:26] <xv7> I have set delay_warning_time=48h, so that also holds messages for 2 days should the master server be unavailable[22:20:18] <xv7> well guess that's because bounce_queue_lifetime defaults to 5d[22:20:20] <Section1> jeremymcs, check access(5)[22:22:23] <jeremymcs> Yeah, one[22:22:35] <jeremymcs> Of my clients servers crashed. Hardware burnt up[22:23:17] <xv7> and it takes a week to erect a new box?[22:23:50] <seekwill> Who needs email for a week anyways[22:24:05] <xv7> precisely. There's IRC![22:24:37] <seekwill> And IM[22:27:09] <seekwill> And facebook[22:27:31] <Section1> i hate fb[22:28:11] <seekwill> Are you not popular? :([22:28:26] <Section1> i dont need it :D[22:28:56] *** mu574n9 has quit IRC[22:29:08] <thumbs> seekwill needs it[22:29:22] <seekwill> Its the only way i can pick up hot chicks[22:29:27] <thumbs> I was ihs only friend on it for a while[22:29:27] <Section1> hehe[22:30:14] *** Tuttle has joined #postfix[22:30:47] <thumbs> to this day, most of his friends on fb were faked, anyway[22:31:00] <seekwill> I made them all up[22:31:03] *** basho__ has quit IRC[22:31:13] <seekwill> Have you seen the movie Catfish?[22:31:24] <thumbs> no.[22:31:40] <seekwill> I think you should watch it[22:31:54] <thumbs> ok.[22:31:58] *** gerhard7 has quit IRC[22:32:21] <Tuttle> Hello, please help. I have these smtpd restrictions: http://dpaste.org/46ya/ Is it possible to drill a little hole in them to whitelist the specific HELO string? I can't modify HELO of a A network camera sending e-mails has HELO parameter not editable. :([22:32:42] *** krzie has quit IRC[22:33:00] <seekwill> Put your whitelist setting first[22:34:04] <Tuttle> seekwill: but wouldn't it whitelist all other restrictions too, not only the HELO related one?[22:35:00] *** geek_cl has joined #postfix[22:35:15] <robtone> hm 'permit/PERMIT' is not a well documented accept action in access(5)[22:36:02] <robtone> I assume it is 100% equal to "OK"[22:38:23] <Section1> !reject_non_fqdn_hostname[22:38:23] <knoba> Section1: Error: "reject_non_fqdn_hostname" is not a valid command.[22:38:48] <Section1> !reject_invalid_hostname[22:38:48] <knoba> Section1: Error: "reject_invalid_hostname" is not a valid command.[22:40:42] <seekwill> Tuttle: Put check_helo_access hash:/etc/postfix/helo_checks first?[22:41:30] <seekwill> But really, I'd put an IP based whitelist in there[22:41:56] <seekwill> And I think you should be putting all your permits first[22:47:43] *** mu574n9 has joined #postfix[22:48:54] *** mu574n9 has quit IRC[22:49:14] *** cilly has quit IRC[22:49:20] *** mu574n9 has joined #postfix[22:54:11] *** wdp has quit IRC[22:57:21] *** Belial_ has quit IRC[22:57:39] *** Matic`Makovec has quit IRC[22:59:40] *** roentgen has quit IRC[23:03:16] <Section1> i have this smtpd_recipient_restrictions: http://pastebin.ca/2061813 but mails with noexistent domain dont get reject...im missing something ?[23:05:46] <Tuttle> seekwill: thank you.[23:05:47] *** Tuttle has left #postfix[23:06:22] <geek_cl> Section1, prueba esto: http://fpaste.org/dGgB/[23:11:46] *** pj has joined #postfix[23:15:46] <Section1> its similar to mine geek_cl[23:15:47] <geek_cl> el orden es relevante[23:16:49] *** sbeam_ has joined #postfix[23:16:51] *** Gatto has quit IRC[23:17:05] *** codeshah has joined #postfix[23:17:12] <Section1> a ver[23:19:23] *** tris has quit IRC[23:19:30] *** tris has joined #postfix[23:24:35] <Section1> god i was using domain asdasdasdasdasdasd.com and exists....!![23:28:08] <xv7> Section1: does it? I can't get no DNS SOA RR[23:28:17] <xv7> oh I do, though it's terribly slow[23:29:43] <geek_cl> dig asdasdasdasdasdasd.com[23:31:18] <xv7> host -t ANY ..[23:31:36] <xv7> eller dig -t ANY[23:32:43] <geek_cl> xv7 http://fpaste.org/EGWJ/[23:33:02] <xv7> I know I know[23:33:15] <xv7> 23:30 < xv7> oh I do, though it's terribly slow[23:36:32] <rob0> dig(1) doesn't need the -t, just dig name.to.dig. [type] [ at ns dot host] [options][23:36:34] *** robotarmy has joined #postfix[23:38:03] *** e-anima has quit IRC[23:40:35] <xv7> it has a tendency to omit MX when not using ANY[23:41:21] *** mambaw has quit IRC[23:43:13] <Section1> oh spamcop its blocking a yahoo relay ip addr[23:43:16] <seekwill> A whois is better to do than dig, as some DNS servers return an address for invalid domains[23:43:29] <Section1> its recommend using spamcom as rbl ?[23:43:43] <Section1> spamcop*[23:44:15] <rob0> I use spamcop with a score of one, postscreen_dnsbl_threshold=3[23:44:36] <rob0> so no, I would not use it with reject_rbl_client[23:45:18] <Section1> ok, i will take out i see too its blocking a gmails relay ip[23:47:51] *** sbeam_ has quit IRC[23:48:29] *** krzee has quit IRC[23:52:01] <seekwill> backscatter[23:52:14] *** geek_cl has quit IRC[23:54:23] *** krzee has joined #postfix[23:55:30] <Aprogas> I use postfwd to create a more complicated scoring of whitelists, yellowlists and blacklists.[23:55:53] <seekwill> yellow?[23:56:09] <rob0> like a bee![23:56:21] <rob0> white yellow black[23:56:46] <rob0> bzzzzzzzz busy little bees blocking spamzzzzz[23:57:11] <Aprogas> A yellowlist contains servers like gmail, hotmail, etc. who send a mix of spam and ham, so IP-address isn't a valuable clue in determining spamminess, and further blacklists aren't checked.[23:57:44] <Aprogas> Whereas a whitelist indicates spam is unlikely, and could be used to give negative scoring.[23:58:06] <xv7> rob0: radioactive stuff is also symbolised using yellow-black[23:58:19] *** wdp has joined #postfix[23:59:06] <xv7> the Google Server Appliance too is yellow :D