May 25, 2011 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
May 25, 2011 [00:00:20] *** murtada has quit IRC[00:00:33] <seekwill> dscastro: Does your marketing software have instructions on how to configure it?[00:00:47] <dscastro> no...[00:00:52] <seekwill> What software is it?[00:00:56] <dscastro> oempro[00:01:30] <dscastro> the goal is i'm getting a low average[00:01:32] <seekwill> They have a support section. have you tried there?[00:01:45] <adaptr> dscastro: no, that's really not a goal[00:01:54] <dscastro> ok[00:01:55] <dscastro> mans[00:01:58] *** dscastro has left #postfix[00:01:59] <roe> that sounds more like a grade[00:02:01] <seekwill> :([00:02:22] <adaptr> the name rings a bell.. vaguely[00:02:28] <adaptr> I suspect he's an idiot[00:02:53] *** tharkun has quit IRC[00:03:06] <roe> !nickometer dscastro[00:03:06] <knoba> roe: Error: "nickometer" is not a valid command.[00:03:20] <roe> oh well, I guess he doesn't have that plugin enabled[00:05:09] <jimpop> i'm looking for ideas on how to reject emails where To: and Cc: are identical. Thoughts?[00:05:27] <seekwill> Why?[00:05:28] <roe> why?[00:05:47] <seekwill> It's not a reliable way to block spam[00:06:14] <seekwill> "omg!!! the from and to are the same!!! reject!!!"[00:06:20] <jimpop> it's not spam. it's legitmate email from Lotus Notes clients back to a mailinglist.[00:06:31] <wdp> uhm[00:06:32] <roe> seekwill: that isn't even what he's asking. the To and the CC[00:06:34] <wdp> i always send myself mails[00:06:37] <jimpop> it's a problem with Lotus notes, that Lotus refuses to fix[00:06:39] <wdp> to remind me about things[00:06:41] <wdp> arent you guys doing that? :D[00:06:47] <seekwill> roe: I know, but it's very common question people ask[00:07:11] <seekwill> jimpop: Oh[00:07:25] <seekwill> jimpop: It's duplicating messages then?[00:07:29] <roe> so you're getting double postings on your mailing-list?[00:07:40] <seekwill> roe: Stop copying me![00:07:46] <jimpop> so when the Lotus user, gets an email from the list, they reply-all and respond to:list@ and cc:list@,list-bounces@[00:07:53] <roe> haha, you're copying me, I'm just on a higher latency connection[00:07:55] <seekwill> wdp: I use my ipad to write notes to myself.....[00:08:16] <roe> I use a tatoo pen[00:08:20] <roe> tattoo*[00:08:24] <jimpop> no double postings. Mailman handles those. The problem is the Cc:list-bounces@ goes to the admins, in addition to the copy sent to list@[00:08:39] <wdp> roe, what did you wrote "try to marry someone" ?[00:08:41] <seekwill> Interesting problem[00:08:51] <jimpop> there is not mailman problem (or i would be asking there)[00:09:00] <roe> jimpop: I would probably use sieve to handle that problem[00:09:08] <roe> wdp: huh?[00:09:11] <jimpop> what i would like to do, is mitigate the Lotus problem via a postfix solution[00:09:19] <jimpop> ;-)[00:09:22] *** Matic`Makovec has quit IRC[00:09:36] <wdp> roe, writing notes with a tatoo pen. such a note would be funny.[00:09:42] <wdp> anyway, need to sleep, baba.[00:09:48] <seekwill> wdp: Stay![00:09:56] *** tharkun has joined #postfix[00:09:56] <jimpop> it's easily regexp'able, but I haven't yet found a multi-line way to do this in postfix[00:10:08] <roe> write a sieve rule that filters messages that are addressed to the list address and cc'ed to the bounces address into a folder named "Lotus_Sucks"[00:10:35] <tharkun> roe: Can you scroll back a little and tell me how long since my connection droped?[00:10:50] <adaptr> 7 minutes and 43 seconds[00:10:51] <jimpop> roe: oh, i thought the sieve suggestion was a joke. Thanks![00:11:01] <tharkun> adaptr: thanks[00:11:05] *** tharkun has quit IRC[00:11:06] <seekwill> I knew adaptr and roe were the same![00:11:13] <roe> jimpop: nope, that one was for real[00:11:22] <jimpop> indeed, thx again[00:12:32] <jimpop> hmmmm[00:12:36] <jimpop> !sieve[00:12:36] <knoba> jimpop: "sieve" : sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info[00:13:23] *** tris has quit IRC[00:14:23] *** hparker has quit IRC[00:14:37] <jimpop> http://sieve.info/servers doesn't list postfix :-([00:14:45] *** tharkun has joined #postfix[00:14:58] <adaptr> of course not[00:15:04] <roe> sieve is a filtering language implemented by the dovecot MDA, deliver, for example[00:15:14] <roe> but you could use procmail or maildrop if you would like[00:15:24] *** TomHome has quit IRC[00:15:34] <adaptr> actually, it's implemented by pigeonhole, the project that makes deliver(8)[00:15:42] <adaptr> and it's neat[00:15:47] <roe> adaptr: I'm still running 1.2[00:15:49] <ujjain> Is there a good Postfix GUI? I am looking for a relaying server that allows backlog and re-sending of e-mails.[00:15:52] <adaptr> roe: shame on you![00:15:53] <roe> pre-pigeonhole[00:15:56] <adaptr> ujjain: no.[00:15:58] <jimpop> yeah, i suppose. throwing procmail between local and mailman is sort of a duct tape solution[00:16:07] <roe> adaptr: tell the debian packager to hurry up and backport it[00:16:21] <adaptr> roe: I have an ubuntu repo for it[00:16:31] <roe> I'm a die hard[00:16:31] <adaptr> you could try using that ;)[00:19:20] <roe> I'm a bit annoyed at dovecot at the moment though, their growing pains have been especially painful[00:21:29] *** hparker has joined #postfix[00:22:15] *** uqlev has quit IRC[00:22:16] *** mitchlovin is now known as lilchairladder[00:22:19] *** wdp has quit IRC[00:22:26] *** lilchairladder is now known as lilchairladderTE[00:22:34] *** lilchairladderTE is now known as mitchlovin[00:27:35] *** roe has quit IRC[00:28:00] *** roe has joined #postfix[00:28:01] *** roe has joined #postfix[00:31:31] *** jmedina has joined #postfix[00:37:57] *** locohost has quit IRC[00:39:21] *** syborg has left #postfix[00:46:47] *** Astroman has quit IRC[00:53:05] *** gremset_ has joined #postfix[00:57:11] *** Gatto has quit IRC[00:57:17] *** gremset has quit IRC[00:59:44] *** marchelly has quit IRC[01:01:19] *** roe has quit IRC[01:02:36] *** l1nuxman has quit IRC[01:02:53] *** Ryushin has joined #postfix[01:03:41] *** gremset has joined #postfix[01:04:30] *** sphenxes has quit IRC[01:05:33] *** Lenhix has quit IRC[01:07:26] *** gremset_ has quit IRC[01:16:17] <seekwill> Show me your teeth[01:16:35] *** dragonheart has joined #postfix[01:17:25] <jimpop> :D[01:17:39] *** justdave has quit IRC[01:18:02] <seekwill> Hygiene is important[01:18:45] *** weedar has joined #postfix[01:22:36] *** justdave has joined #postfix[01:23:15] <jimpop> as are manners[01:23:43] <adaptr> manners ? did you forget where you are ?[01:26:00] <jimpop> bugger off[01:26:05] <jimpop> ;-)[01:27:07] <adaptr> phew, that was a close one[01:27:13] <adaptr> you moron[01:27:26] <jimpop> ha![01:27:59] <adaptr> BTW, and completely OT, I subscribed to the digest but I can't even decipher most of the traffic on your list. what is it ABOUT ?[01:28:24] <jimpop> mailman digests suck.[01:28:27] <jimpop> which list?[01:28:29] <adaptr> sdlu[01:28:54] <jimpop> oh, it dpends on the poster, but there is a lot of hot air sometimes[01:28:57] <jimpop> ;-)[01:29:05] <jimpop> shh, don't tell rob0 that i said that[01:29:17] <adaptr> is that one of his many aliases ?[01:29:19] *** matt1982 has quit IRC[01:29:25] <adaptr> hotairballoon0[01:29:28] <jimpop> lol[01:30:02] <jimpop> generally speaking, on sdlu, there are friends and foes. so often there is a lot of noise with no specifics[01:31:51] *** ishe has joined #postfix[01:31:59] <adaptr> hmmm that sounds an awful lot like IRC[01:37:25] *** dragonheart has quit IRC[01:39:58] *** jmedina has quit IRC[01:47:48] * standon nods[01:47:54] <standon> hence my unsub from SDLU.[01:48:02] *** ishe has left #postfix[01:48:34] <seekwill> SDLU has too many people wanting to block 150% of spam[01:49:39] <seekwill> I don't know of any [larger] organizations that would willing choose to block legitmate mail just to keep spam out[01:50:08] <adaptr> I get about 10 per week at work. you live with it, I need the 200+ other ones I get[01:51:04] <seekwill> I think I get a little bit less than that[01:51:28] <adaptr> spam or legit email ?[01:52:29] <seekwill> spam[01:52:50] <seekwill> I think... I don't have that many[01:59:54] *** seekwill has quit IRC[02:04:15] * jimpop likes spam.[02:05:17] <adaptr> I'll be sure to let Hormel know[02:05:31] <jimpop> indeed[02:06:08] *** Zblakany has quit IRC[02:06:08] * adaptr registers hormeldoesntlike.us[02:06:41] <jimpop> hormelers.dontlike.us[02:06:54] *** gremset_ has joined #postfix[02:07:30] *** gremset has quit IRC[02:11:34] *** gimpy2938 has quit IRC[02:16:45] *** dragonheart has joined #postfix[02:18:31] *** ichdasich has quit IRC[02:20:16] *** mu574n9 has quit IRC[02:21:10] *** dragonheart has quit IRC[02:22:16] *** mu574n9 has joined #postfix[02:22:44] *** mu574n9 is now known as Guest23409[02:23:44] *** Rajko has joined #postfix[02:23:52] <Rajko> hey how do i find out where the user/passwords are located in postfix[02:24:04] <Rajko> ive restored a backup from another server and now SMTP auth doesnt work[02:26:00] <rob0> Postfix doesn't store nor deal with passwords. The SASL backend does.[02:26:11] *** locohost has joined #postfix[02:30:08] *** locohost has quit IRC[02:43:59] *** asb has quit IRC[02:44:06] *** asb_ has joined #postfix[02:44:12] *** rob0 has quit IRC[02:48:12] *** ichdasich has joined #postfix[03:01:15] <lunaphyte> ask whoever set up the server.[03:08:49] *** master_of_master has quit IRC[03:10:42] *** master_of_master has joined #postfix[03:14:21] *** gremset_ has quit IRC[03:14:42] *** gremset has joined #postfix[03:15:03] *** dragonheart has joined #postfix[03:18:28] *** rob0 has joined #postfix[03:24:03] *** codeshah has joined #postfix[03:36:38] *** codeshah has quit IRC[03:37:26] *** dragonheart has quit IRC[03:41:11] <Rajko> how do i migrate /etc/sasldb2 between servers[03:41:44] *** lordsporkton has joined #postfix[03:53:54] *** Timzzzz is now known as Timmooo[04:00:19] <lunaphyte> ask your real question[04:00:42] *** Rajko has left #postfix[04:10:16] <Tabmow> where do babies come from?[04:11:05] <lordsporkton> well, when a mommy and a mailman love each other very much...[04:17:21] *** axisys has joined #postfix[04:25:27] *** hparker has quit IRC[04:25:37] *** etaylor has joined #postfix[04:26:36] <jimpop> what's love got to do with it?[04:29:56] *** Transformer has joined #postfix[04:30:03] *** Ryushin has quit IRC[04:30:14] <thumbs> jimpop: are you quoting the song I'm thinking about?[04:30:48] <jimpop> thumbs: yes, in addition to responding to lordsporkton[04:32:01] <thumbs> jimpop: most of the young folks here won't know what you're talking about, for the record.[04:32:05] *** Transformer has quit IRC[04:32:21] <lunaphyte> master blaster will.[04:32:33] <jimpop> thumbs: that's ok, as long as they get one of the implications[04:32:55] <lordsporkton> the only responses i can come up with at this point for what love has to do with it, get way too detailed and graphic, so ill leave it there[04:33:32] <jimpop> well, when a mommy and a mailman bump each other very much... <- FTFY[04:40:35] *** [dmp] has quit IRC[04:46:06] *** dragonheart has joined #postfix[04:49:22] *** kevcox has joined #postfix[04:49:46] <kevcox> I think I have a very simple issue I need a little help with....[04:50:13] <kevcox> In my mail.log I'm getting the following error: " Recipient address rejected: User unknown in local recipient table"[04:50:45] <kevcox> The server is only setup to send emails and works for most everyone except internal users on the same domain.[04:50:59] <kevcox> It is only a SMTP outbound Internet relay.[04:51:41] <jimpop> kevcox: it's rejecting something that is being sent to it[04:52:16] <kevcox> I've found where you have to define a setting within main.cf that tells it to disregard local users by setting it to nothing: local_recipient_maps[04:52:23] <kevcox> Done that already and restarted without success.[04:52:53] <kevcox> jimpop: This has been working for months and without any config changes it just stopped for only internal users.[04:53:04] <kevcox> Is there a relay max setting or something?[04:53:05] <jimpop> sounds like it's working then. it is rejecting something because you told it not to accept anything[04:53:24] <kevcox> Let me explain a little more to help...[04:54:10] <kevcox> This is for a Security Company that uses this box to deliver emails to their clients when their clients disarm, arm, etc. to deliver emails to their smart phones.[04:54:33] <kevcox> Due to relay counts I created this postfix box and it has worked great for months.[04:54:46] <kevcox> Emails still seem to be delivered to their clients but not to them.[04:55:21] <kevcox> I've not changed anything and checked the blacklist to make sure their domain was not listed.[04:55:31] <kevcox> Like I said all other clients seem to work find.[04:55:37] <kevcox> find = fine[04:55:59] <jimpop> that all sounds good, but nothing sounds specific about postfix other than "I've not changed anything"[04:56:24] <thumbs> which is meaningless[04:56:33] <jimpop> the "Recipient address rejected:" is a local (postfix) error[04:56:52] <kevcox> Sorry, I was lucky to set this bad boy up and know only a little.[04:56:58] <jimpop> and you said that you disabled local delivery. Win-Win![04:57:15] <thumbs> kevcox: that's not a public server, isn't it?[04:57:38] <kevcox> It is directly connected to the Internet with a public IP[04:58:00] <kevcox> I have authentication turned on so their client's alarm systems authenticate.[04:58:02] <thumbs> scrary.[04:58:05] <thumbs> scary, too[04:58:35] <kevcox> I have a firewall on if that makes you feel better[04:58:49] <kevcox> I changed the port to 2626[04:59:01] <kevcox> Only allows that port and SSH[04:59:10] <kevcox> Feel better?[04:59:22] <thumbs> nope. It doesn't[04:59:26] <thumbs> !tell kevcox why[04:59:26] <knoba> kevcox: "why" : are you sure that installing, configuring and maintaining a mailserver is really what you want to do here? it's not something that's for the faint of heart, and definitely not something for folks that are still just learning the basics of linux or unix. also see !nullclient[05:00:32] <kevcox> knoba: I would have loved to use the web hosting service SMTP but as you know most have relay count restrictions.[05:00:47] <kevcox> I have to learn sometime[05:00:59] <jimpop> first things first[05:01:02] *** lordsporkton has left #postfix[05:01:04] <jimpop> knoba is a bot.[05:14:26] *** codeshah has joined #postfix[05:22:06] *** murtada has joined #postfix[05:22:25] *** MAAAAD has joined #postfix[05:24:41] *** MAAAAAD has quit IRC[05:26:10] *** codeshah has quit IRC[05:36:38] *** gremset has quit IRC[05:36:55] *** gremset has joined #postfix[05:39:24] *** beginer has joined #postfix[05:41:21] *** gremset has quit IRC[05:41:37] *** gremset has joined #postfix[05:55:49] *** Guest23409 has quit IRC[06:04:36] *** Motoko has joined #postfix[06:23:58] *** samix has quit IRC[06:41:54] *** infid has left #postfix[06:45:57] *** etaylor has quit IRC[06:55:47] *** Timmooo is now known as Timzzzz[07:01:08] *** hever has joined #postfix[07:04:07] *** hever has quit IRC[07:22:17] *** gremset has quit IRC[07:23:18] *** loddafnir has joined #postfix[07:27:10] *** Dessa has quit IRC[07:31:52] *** kevcox has left #postfix[07:39:13] *** gerhard7 has joined #postfix[07:51:51] *** hever has joined #postfix[07:53:55] *** hever has quit IRC[07:55:28] *** hever has joined #postfix[08:02:31] *** jfried has joined #postfix[08:07:19] *** [dmp] has joined #postfix[08:07:19] *** [dmp] has joined #postfix[08:17:34] *** sep has quit IRC[08:18:41] *** Niemi has joined #postfix[08:21:37] *** Gatto has joined #postfix[08:30:00] *** sep has joined #postfix[08:31:08] *** ionte has quit IRC[08:31:56] *** ionte has joined #postfix[08:38:46] *** hever has quit IRC[08:40:17] *** hever has joined #postfix[08:43:47] *** hever has quit IRC[08:45:20] *** hever has joined #postfix[08:56:40] *** xro has joined #postfix[08:57:36] <xro> Hi, i case of smtps.... when i do a starttls... Are the clients still talking on port 25 or switch to 465?[08:59:12] <Aprogas> !smtps[08:59:12] <knoba> Aprogas: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. This means that smtps should *not* be used, and that this factoid exists for historical purposes only and should not be implemented. See !submission for smtps' successor. That being said, Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[08:59:15] <Aprogas> !submission[08:59:15] <knoba> Aprogas: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 2476 and 4409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[09:00:13] <xro> ok... i'll read these documents[09:00:49] <Aprogas> Actually that PDF isn't very relevant unless you are an ISP.[09:01:00] <Aprogas> Just use port 587 and offer starttls there, and forget about 465/smtps.[09:01:17] <Aprogas> You can also offer optional starttls on port 25 but not many remote MTAs will use it.[09:03:36] <cmihai> !msa[09:03:36] <knoba> cmihai: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[09:03:56] *** Motoko has quit IRC[09:05:54] *** breaker313 has joined #postfix[09:05:58] *** nokia3510 has quit IRC[09:11:40] *** e-jones has joined #postfix[09:34:55] *** basho__ has joined #postfix[09:43:20] *** kuhkatz has quit IRC[09:45:52] *** jujugre has joined #postfix[09:50:39] *** Dessa has joined #postfix[09:52:34] *** kuhkatz has joined #postfix[09:53:03] *** frubi has joined #postfix[09:53:27] <frubi> hi[09:56:03] <frubi> is there good way to temporary disable local mail delivery? the mails should stay in the incoming queue[10:00:54] *** thefish has quit IRC[10:01:01] *** sphenxes has joined #postfix[10:06:34] *** dragonheart has quit IRC[10:06:46] <Aprogas> !defer_transport[10:06:46] <knoba> Aprogas: Error: "defer_transport" is not a valid command.[10:06:53] <Aprogas> Hmm.. I forgot.[10:06:59] <Aprogas> There is a way, but I cannot recall it.[10:10:34] *** hever has quit IRC[10:11:04] *** thefish has joined #postfix[10:11:05] *** thefish has joined #postfix[10:11:26] *** jokoon has joined #postfix[10:13:38] *** e-anima has joined #postfix[10:14:44] *** brancaleone has joined #postfix[10:15:04] *** TomHome has joined #postfix[10:20:36] *** eckirchn has quit IRC[10:21:57] *** eckirchn has joined #postfix[10:23:39] *** marchelly has joined #postfix[10:28:20] *** hever has joined #postfix[10:38:29] *** Gauntlet has joined #postfix[10:38:59] *** Dessa has quit IRC[10:39:05] *** wdp has joined #postfix[10:39:05] *** wdp has joined #postfix[10:39:58] *** samix has joined #postfix[10:41:53] *** sphenxes has quit IRC[10:43:09] *** Dessa has joined #postfix[10:43:21] *** sphenxes has joined #postfix[10:43:54] *** _nalle has quit IRC[10:45:13] *** war9407 has quit IRC[10:46:10] *** empity has joined #postfix[10:46:54] *** _nalle has joined #postfix[10:48:19] *** turbomettwurst has joined #postfix[10:52:08] *** war9407 has joined #postfix[10:53:23] <kale> Aprogas: thank you for all the help yesterday[10:55:22] <kale> iearlier i had an alias so @domain got delivered to me@domain. now i've begun using ldap, and postfix get the email adresses from here. can i make a similar setup using ldap?[10:56:08] <Aprogas> Any place you can use any table, you can also use an LDAP-table.[10:56:17] <Aprogas> But not all settings take a table as argument.[10:57:34] <kale> so i need to make a list of aliases, rather than just making a wildcard?[10:59:02] *** kuhkatz has quit IRC[10:59:28] *** sphenxes has quit IRC[10:59:34] *** Dessa has quit IRC[10:59:34] *** Dessa has joined #postfix[11:02:04] *** sphenxes has joined #postfix[11:05:42] *** brancaleone has quit IRC[11:09:11] *** brancaleone has joined #postfix[11:32:30] *** sphenxes has quit IRC[11:34:09] *** sphenxes has joined #postfix[11:35:26] *** breaker313_ has joined #postfix[11:35:52] *** breaker313_ has joined #postfix[11:37:47] *** n0sq has quit IRC[11:39:02] *** breaker313 has quit IRC[11:42:28] *** hever has quit IRC[11:51:13] *** n0sq has joined #postfix[12:02:03] *** busta has joined #postfix[12:02:45] <sep> are any of you using spam control appliances ? if so witch ones and would you recomend it ?[12:03:09] <Aprogas> The most recent development would be postscreen.[12:03:26] <Aprogas> Use it with some good blacklists and some sensible restrictions.[12:04:35] *** marchelly has quit IRC[12:04:52] <sep> was more thinking of an appliance with a subscription i could put in front of my postfix'es[12:05:26] <Aprogas> I have no experience with that. I think barracudacentral runs something like that.[12:05:44] <Aprogas> Make sure you pick a sensible one, instead of one that uses buzzwords and pretends to be clever.[12:08:11] *** hever has joined #postfix[12:08:43] <sep> i dislike barracuda, i think it's overly zealous. if i have had false positives and customer complaints it's allways barracuda[12:09:56] <jokoon> hello[12:10:17] <sep> thanks for postscreen tho. am going to read about that[12:10:30] <Aprogas> postscreen does run in front of postfix[12:10:45] <jokoon> are any plugin/extension to make interaction between postfix and jabber ?[12:10:56] <jokoon> or nay other chat protocol[12:11:04] <Aprogas> I think you can catch up to 90% of spam with a sensible set of blacklists and restrictions.[12:11:51] <Aprogas> jokoon: Postfix can deliver to commands, and such a command could parse an email and feed it in a different format to sendxmmp[12:12:13] <Aprogas> But that command and sendxmmp won't really be parts of Postfix, all Postfix does it deliver things to them.[12:13:19] <jokoon> I have to make an application that does chat AND mail, but with different network and account name[12:13:55] <jokoon> rather a protocol than an application[12:14:40] <Aprogas> You'll need a way to convert email into xmmp, and a way to convert xmmp into email. Postfix is happy to deliver mail to commands using aliases or .forward, and it is happy to accept mail from commands through the sendmail binary.[12:15:02] <Aprogas> You will need a local UNIX users to run this software though, and you probably need to write it yourself, but that should be doable.[12:15:19] <Aprogas> Use a scripting language that already has modules for xmmp and rfc822.[12:16:22] *** Lujeni has quit IRC[12:16:22] <jokoon> My main concern is identities and spam, I want to make spam hard or nearly impossible[12:16:34] *** war9407 has quit IRC[12:17:41] <Aprogas> Run regular mail anti-spam (blacklists, restrictions) and perhaps rate-limit how fast the converter will put mails into XMMP.[12:17:50] <jokoon> I don't think that the mail protocol is oldish and obsolete, but I'm still wondering if spam is an unavoidable evil in message applications[12:17:53] <Aprogas> Encode jabber-identities using recipient-delimiter.[12:18:45] <Aprogas> For example with recipient_delimiter of "-" you can send to an address like converter-aprogas=jabber.org at example dot net and have the converter parse the aprogas=jabber.org part as aprogas at jabber dot org[12:19:41] <Aprogas> If you want Hotmail clients to send to the address, be careful which characters you use, Hotmail (and some other webmails) are more strict about emailaddresses than the standards.[12:24:07] *** cpm has joined #postfix[12:24:08] *** cpm has joined #postfix[12:28:51] *** busta has quit IRC[12:31:27] *** Lujeni has joined #postfix[12:31:39] *** marchelly has joined #postfix[12:36:38] *** krion has joined #postfix[12:39:55] *** gerhard7 has quit IRC[12:40:44] *** UQlev has joined #postfix[12:50:32] *** pj has quit IRC[12:54:41] *** famicom has quit IRC[12:56:23] *** murtada has quit IRC[12:59:24] *** jduggan has quit IRC[13:00:29] *** jduggan has joined #postfix[13:01:01] *** codeshah has joined #postfix[13:03:35] *** weedar has quit IRC[13:03:39] *** weedar has joined #postfix[13:04:52] *** wame has quit IRC[13:12:26] *** jokoon has quit IRC[13:14:37] *** UQlev has quit IRC[13:18:25] *** wame has joined #postfix[13:20:27] *** GpoMaL has quit IRC[13:20:47] *** GpoMaL has joined #postfix[13:24:15] *** r0han` has joined #postfix[13:24:47] <r0han`> hi[13:24:58] <r0han`> Hi all[13:31:19] <tuxick> lo[13:43:46] *** plee has quit IRC[13:44:18] *** loddafnir has quit IRC[13:44:26] *** famicom has joined #postfix[13:44:27] *** plee has joined #postfix[13:45:51] *** breaker313_ has quit IRC[13:46:01] *** breaker313 has joined #postfix[13:46:18] *** internatg2 has joined #postfix[13:47:15] *** uqlev has joined #postfix[13:48:42] *** Internat has quit IRC[13:58:56] *** Belial_ has joined #postfix[13:59:16] *** jokoon has joined #postfix[13:59:34] *** internatg2 has quit IRC[14:01:22] <sep> i use pflogsumm to get statistics summarised; are there any scripts that can generate per domain statistics and send a report to each domain's local admin ?[14:03:03] *** Internat has joined #postfix[14:06:13] *** xro has left #postfix[14:06:46] <Aprogas> Probably too specific for it to exist already.[14:06:52] *** breaker313 has quit IRC[14:07:51] <uqlev> sep, the most complicated part of this job is split general maillog into per-domain-maillogs[14:08:33] <tuxick> syslog-ng should be capable of that[14:12:22] <sep> also ofcourse when something is blocked early on a ip blacklist what domain it intended to spam is not known .. :)[14:12:46] <Aprogas> !smtpd_delay_reject[14:12:46] <knoba> Aprogas: "smtpd_delay_reject" : a configuration parameter in the main.cf: Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions.[14:13:17] <sep> counter productiv i dont want it to waste more resources then nessecary, for something as unnessecary as reporting.[14:21:57] *** Lujeni has quit IRC[14:26:47] *** beginer has quit IRC[14:38:07] *** Belial__ has joined #postfix[14:38:22] *** Belial_ has quit IRC[14:43:49] *** samix has quit IRC[14:45:22] <r0han`> hi[14:45:44] <Aprogas> lo[14:45:45] <r0han`> need help on fetchmail 6.3[14:45:55] <Aprogas> !fetchmail[14:45:55] <knoba> Aprogas: "fetchmail" : a command-line tool to fetch emails from POP3/IMAP servers and send them to a (local) mail server[14:46:07] <r0han`> :)[14:46:12] <Aprogas> Is your question about fetchmail also related to Postfix?[14:46:20] <r0han`> fetchmail and postfix[14:46:36] <r0han`> i have set message size limit as 10MB[14:47:20] <r0han`> postfix sends a bounce msg to sender and postmaster when theres a mail on server to be fetched which is more than 10MB[14:47:25] <r0han`> but the mail is not flushed[14:47:58] <r0han`> when i set -limitflush with size, postfix doesnt send the bounce msg[14:48:10] *** turbomettwurst has quit IRC[14:48:37] <r0han`> any idea[14:59:03] <patdk-wk> hmm, that is all a fetfchmail issue[14:59:12] <patdk-wk> postfix just rejects emails that are too large[14:59:25] <patdk-wk> if fetchmail flushs it or not is up to it[15:00:25] <r0han`> fetchmail doesnt flush it[15:00:45] <r0han`> postfix rejects with SMTP error 552[15:01:06] <r0han`> so a notification is sent to postmaster and sender[15:01:17] <r0han`> but the mail remains on te server being polled[15:01:27] <r0han`> and log says '.. not flushed'[15:07:04] * r0han` is away, sm0ke [log:OFF][15:07:11] <thumbs> r0han`: turn that off.[15:07:20] * r0han` has returned, bacK. (gone 16s)[15:07:24] <r0han`> turn what off?[15:07:32] <thumbs> r0han`: away triggers are not welcome here.[15:07:45] <r0han`> sorry[15:07:46] <thumbs> r0han`: turn your away notification script off.[15:07:51] <r0han`> newbie[15:07:57] <thumbs> thanks.[15:08:08] <r0han`> :)[15:09:49] <r0han`> patdk-wk:[15:10:41] <patdk-wk> r0han, like I said, not a postfix issue, unless you want to increase the max email size you want it to accept[15:11:07] <r0han`> thanks[15:11:15] *** Lujeni has joined #postfix[15:11:50] *** uqlev has quit IRC[15:12:35] *** pecanha has joined #postfix[15:12:42] *** cilly has joined #postfix[15:21:03] *** roe_ has quit IRC[15:28:00] <r0han`> need help on fetchmail[15:28:09] <r0han`> no one on #fetchmail ;([15:32:44] *** jimmyjimjim has joined #postfix[15:32:48] <jimmyjimjim> Hi all.[15:34:07] *** shoonya has joined #postfix[15:35:54] <r0han`> hi[15:35:59] <r0han`> need help on fetchmail[15:36:15] <lunaphyte_> /join #fetchmail[15:36:26] <r0han`> no one there[15:36:31] <lunaphyte_> bummer.[15:36:45] <lunaphyte_> maybe no one uses it.[15:36:54] <r0han`> [N] Cannot join channel #fetchmail (Invite only)[15:37:01] <r0han`> ##fetchmail is empty[15:37:09] <lunaphyte_> hmm. maybe the folks in #freenode can help you further.[15:37:32] <r0han`> aha. thanks. will try there[15:39:29] *** e-anima is now known as e-anima_afk[15:42:11] *** daguz has quit IRC[15:43:18] *** daguz has joined #postfix[15:43:24] *** gremset has joined #postfix[15:46:12] *** james905 has joined #postfix[15:46:14] *** sep has quit IRC[15:46:23] *** jimmyjimjim has quit IRC[15:46:50] *** sep has joined #postfix[15:47:01] <james905> We are having a major issue with our postfix system from this master.cf log does anything look out of ordinary? http://pastebin.com/JZzqN8qp - We are having issues with SMTP.[15:47:41] <petemc> might help to describe the issues[15:48:09] <patdk-wk> heh[15:48:10] *** ketema has joined #postfix[15:48:18] * patdk-wk wonders how email gets INTO that postfix config[15:48:35] <patdk-wk> or is all email locally submitted[15:48:40] <james905> locally submitted[15:48:42] <james905> well[15:48:59] <james905> it gets ported through s2smtpout.secureserver.net[15:51:02] *** ketema has left #postfix[15:51:18] *** UQlev has joined #postfix[15:55:44] <lunaphyte_> !tell james905 welcome[15:55:44] <knoba> james905: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:55:46] *** loddafnir has joined #postfix[15:57:53] *** pecanha has quit IRC[15:58:43] *** jokoon has quit IRC[15:59:26] *** r0han` has quit IRC[16:00:42] *** hever has quit IRC[16:01:05] *** Lenhix has joined #postfix[16:01:09] *** Gauntlet has quit IRC[16:07:35] <james905> fixed it, thank you all of you[16:08:23] *** ujjain is now known as number[16:17:17] *** james905 has quit IRC[16:20:49] *** tjikkun has quit IRC[16:23:07] *** wdp has quit IRC[16:28:20] *** number is now known as ujjain[16:36:57] *** hparker has joined #postfix[16:36:58] *** hparker has joined #postfix[16:40:25] *** hever has joined #postfix[16:45:17] *** Cthulhu_Dawn has joined #postfix[16:55:18] *** jimmyjimjim has joined #postfix[16:55:23] <jimmyjimjim> Hi all.[16:57:04] <jimmyjimjim> Does anyone have any experience/knowledge about getting postfix working for outgoing mail without a static IP/hostname? Our IT dept have just turned off SMTP in the upgrade to exchange 2010. I can get postfix to deliver mail within the organisation, but to googlemail I get connection refused.[16:57:58] <tuxick> fix firewall?[16:58:19] <Aprogas> !port_25_block[16:58:19] <knoba> Aprogas: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[16:58:54] <UQlev> it might be not a matter of firewall, jimmyjimjim use submission port instead of smtp[16:58:58] <jimmyjimjim> tuxick: I wish. I'm not qualified to as for something like that, apparently. Useless CS PhD. Should have done an MS training course like the IT dept.[16:59:34] <jimmyjimjim> UQlev: OK, just googling what most of that means...[16:59:58] *** weedar has quit IRC[17:00:09] <UQlev> jimmyjimjim: nobody was born here with postfix knowledge[17:00:26] <lunaphyte_> i'm confused.[17:00:28] <patdk-wk> I thought rob0 was[17:00:38] <lunaphyte_> you had mail working on the past - with no static ip address?[17:00:40] <tuxick> i thought CS PhD = MSoffice expert :)[17:00:52] <tuxick> specialized in powellpoint[17:01:03] <jimmyjimjim> UQlev: Wait, is that for incomming mail?[17:01:44] <UQlev> jimmyjimjim: for both for client-to-server and for server-to-gmail[17:02:10] <jimmyjimjim> tuxick: I know you're joking, but it still hurts. I tried to be corporate and use outlook. Misery.[17:03:47] <tuxick> jimmyjimjim: half joking, i got the impression CS studies tend to focus on MS these days :/[17:04:10] <jimmyjimjim> UQlev: UG courses do tend to, unfortunately.[17:04:45] <jimmyjimjim> lunaphyte_: Yes, while we still had an SMTP server (or service, I think it was Exchange 2007 for a while)[17:05:06] <lunaphyte_> i must be missing something here....[17:05:16] <lunaphyte_> you have ZERO email right now?[17:06:03] <jimmyjimjim> All I want is to be able to send e-mail with a local SMTP server. Wanderlust is getting the e-mail to postfix and postfix can send locally, because it's hostname is recognised. Off our network, people don't know my computer exists (IP/hostname are local) so it refuses to talk.[17:06:53] <jimmyjimjim> lunaphyte_: No, I can deliver mail to other employees because our mail server gets a valid hostname/IP - it's on the same network.[17:07:30] <patdk-wk> well, to talk to another email server, you have to use the submission port with user/pass, OR have a static ip with rdns configured, and anything else they want setup done and working[17:07:52] <lunaphyte_> sorry, i can't make sense of this.[17:08:03] <lunaphyte_> jimmyjimjim: where is your mail admin?[17:08:33] <patdk-wk> lunaphyte, it sounds like he wants to bypass the IT department for his outgoing email, and use his own[17:08:41] *** zorg1 has joined #postfix[17:08:41] <lunaphyte_> ehhh.....[17:08:49] <lunaphyte_> not so hot on helping with that exercise....[17:09:04] <patdk-wk> and IT recently updated the firewall and it stopped him :)[17:09:04] <jimmyjimjim> patdk-wk: Yes! That's how I should have put it. Sorry it took some decoding.[17:09:37] <jimmyjimjim> patdk-wk: Well, the firewall hasn't changed recently, just the need for a local SMTP server since they decided with Exchange 2010 they don't need it.[17:09:54] <lunaphyte_> but... how does email for your company work at all, if the admin of the mail server has turned off smtp. without smtp, no actual email can be received from the internet.[17:10:30] <jimmyjimjim> lunaphyte_: Incoming works, but we're no longer allowed to send via SMTP. We're expected to use Outlook.[17:10:43] <jimmyjimjim> lunaphyte_: Which is a real pain, since I'm pretty sure that needs Windows.[17:10:58] <jimmyjimjim> lunaphyte_: And if I make too much noise, they might notice my computer is a little, er, special.[17:11:08] <lunaphyte_> oh. i see. they've turned off smtp on your private network.[17:11:20] <lunaphyte_> what a bunch of imbeciles.[17:11:32] <Aprogas> SSH-tunnel to a VPS you control.[17:11:36] <lunaphyte_> here's the best advice you'll get from this channel. run, don't walk, to find a different job.[17:11:39] <jimmyjimjim> lunaphyte_: yes. They've swallowed Exchange and ActiveDirectory entirely.[17:11:42] <patdk-wk> I wonder how their other services work, hell, even IIS uses smtp[17:12:17] <jimmyjimjim> Not a clue.[17:12:55] <f3ew> Can't you submit to Exchange via SMTP?[17:12:57] <jimmyjimjim> I have managed to mount my storage, at last. Had the same difficulty 10 years ago when they decided novell netware was the way forward.[17:13:16] <jimmyjimjim> f3ew: Only if it's enabled. It's not. Microsoft refer to it as "old fashioned".[17:13:21] *** zorg1 has quit IRC[17:13:44] <lunaphyte_> so let's regroup now.[17:14:02] <lunaphyte_> now that the circumstances are clearer, what is the problem you're trying to solve?[17:14:08] <lunaphyte_> outgoing mail or incoming mail?[17:14:40] <jimmyjimjim> Outgoing. We still have IMAP, thankfully, so I can use fetchmail and procmail for incoming.[17:14:48] *** jfried has quit IRC[17:15:03] <lunaphyte_> show some logs of a problematic outgoing message.[17:15:53] <jimmyjimjim> But when I try to send to addresses whose SMTP servers are off our network, connection is refused.[17:15:56] <jimmyjimjim> http://pastebin.com/xz4HX2FX[17:16:31] <jimmyjimjim> I *think* it's because postix says helo with my host name and that can't be verified by anyone off the network.[17:17:14] <lunaphyte_> no[17:17:15] <jimmyjimjim> Basically, I think I'm screwed, but I'm just hoping there's someone who knows some arcane postix lore that will make everything better.[17:17:29] <lunaphyte_> connection refused means just that.[17:17:47] <jimmyjimjim> So it's failing before any handshakey things happen?[17:17:59] <lunaphyte_> if you call someone on the phone, and have the equivalent experience of connection refused [e.g. a busy signal, let's say] - do you ever say hello?[17:18:03] <Aprogas> Is Google your relayhost?[17:18:15] <Aprogas> lunaphyte_: In movies they do.[17:18:32] <lunaphyte_> the first question is can you connect to any public mtas from your postfix server, using telnet.[17:18:43] <patdk-wk> my kids say hello, even while it's ringing :)[17:18:44] <jimmyjimjim> Aprogas: I don't know what you're asking, but I don't think so...[17:19:24] *** mambaw has joined #postfix[17:19:53] <jimmyjimjim> lunaphyte_: will check. Can you give me a host name example? Not sure how to find one other than google.[17:20:22] <lunaphyte_> dig/[17:20:24] <lunaphyte_> bah[17:20:26] <lunaphyte_> dig.[17:20:31] <lunaphyte_> dig cnn.com mx[17:20:35] <jimmyjimjim> Yeah, I dig.[17:20:39] <jimmyjimjim> Oh, ok.[17:20:43] <jimmyjimjim> (That was a joke)[17:20:44] <lunaphyte_> dig microsoft.com mx[17:20:50] <lunaphyte_> etc, etc.[17:21:53] <jimmyjimjim> telnet mail.messaging.microsoft.com 25[17:21:56] <jimmyjimjim> Connection refused[17:22:00] <jimmyjimjim> Hmm.[17:22:24] <lunaphyte_> your it department is not letting that host make connections to the internet on dest. port 25.[17:22:33] <lunaphyte_> they own you.[17:22:42] <jimmyjimjim> Evil sons of maggots[17:22:54] <Aprogas> You can evade this though, but you need another host on the outside to cooperate.[17:23:18] <lunaphyte_> well.. possibly.[17:23:36] <jimmyjimjim> OK, different question. Can I buy smtp services that will let me keep my reply-to and such?[17:23:44] <lunaphyte_> assuming that the encompassing protocol is allowed to pass.[17:24:03] <lunaphyte_> what does "keep my reply-to and such" mean?[17:24:33] <jimmyjimjim> Well, I could use googlemail, but it re-writes the reply-to to become my gmail address, which isn't what I want for work e-mail[17:25:32] <patdk-wk> probably the cheapest solution is to get a vps[17:25:32] *** zorg1 has joined #postfix[17:26:06] <Aprogas> Not sure if GMail rewrites Reply-To as well, but they do some stuff with Return-Path, From and/or Sender in order to match their own DKIM/SPF policies.[17:26:15] <Aprogas> I forgot which ones.[17:26:50] <Aprogas> I think Outlook displays it as "Send from foo at example dot net on behalf of bar at example dot org"[17:27:51] *** cilly has quit IRC[17:27:52] <jimmyjimjim> Ah, well. I'm going to fume for a bit and complain loudly about how inefficient outlook's interface is.[17:28:20] <jimmyjimjim> We used to use pine here. Happy days.[17:28:35] *** zorg1 has quit IRC[17:28:38] <f3ew> jimmyjimjim, you can tell Google that your other address is a valid sender address in the gmail config[17:28:54] <jimmyjimjim> f3ew: Ahhh. Will definitely look into that. Thanks.[17:28:58] <jimpop> what's wrong with dumping pine and using outlook?[17:29:17] <jimpop> it is 2011 after all....[17:29:19] * f3ew washes jimpop's mouth out with soap[17:29:25] <jimpop> haha[17:29:43] <jimmyjimjim> I don't use pine now![17:29:50] <jimmyjimjim> That would be horribly retro[17:29:52] <jimmyjimjim> I use emacs[17:29:56] <jimpop> booo[17:30:38] * patdk-wk is scared of emacs[17:31:10] <jimmyjimjim> Thanks for all your help, people. I at least now know how to get postfix running, even if it wasn't able to help.[17:31:34] <jimmyjimjim> patdk-wk: I won't evangelise, but just remember: emacs loves you.[17:32:45] <jimmyjimjim> OK, I'm off to do some atual work rather than looking like I am because nobody here knows what IRC is.[17:32:47] <jimmyjimjim> Bye peeps.[17:32:50] *** jimmyjimjim has quit IRC[17:36:17] *** lunaphyte has quit IRC[17:42:08] *** gerhard7 has joined #postfix[17:42:12] *** ced117 has joined #postfix[17:42:14] *** ced117 has joined #postfix[17:51:05] *** codeshah has quit IRC[17:56:09] *** e-jones has quit IRC[17:59:11] *** tris has joined #postfix[17:59:36] *** UQlev has quit IRC[18:00:44] *** jujugre has left #postfix[18:14:25] *** seekwill has joined #postfix[18:19:02] *** seekwill is now known as will_[18:24:08] *** tharkun has quit IRC[18:24:08] *** tharkun has joined #postfix[18:32:39] *** brancaleone has quit IRC[18:36:23] *** mambaw has quit IRC[18:37:04] *** krion has quit IRC[18:40:00] *** sbeam has joined #postfix[18:55:10] *** will_ is now known as seekwill[18:56:22] *** Zeit|awy has quit IRC[19:02:34] *** fahadsadah has quit IRC[19:04:54] *** lunaphyte has joined #postfix[19:09:17] *** fahadsadah has joined #postfix[19:10:34] *** roe has joined #postfix[19:11:51] *** theyranos has joined #postfix[19:17:25] <hparker> Can someone explain "warning: when SASL type is "dovecot", SASL path "smtpd" should be a socket pathname" when I have http://paste.pocoo.org/show/395006/[19:19:31] <Aprogas> Did you follow the SASL readme?[19:19:50] *** jmedina has joined #postfix[19:19:58] <hparker> Pretty close[19:20:37] <hparker> Altered it by listing it in master.cf so it just applies to submission and smtps rather than smtp as I don't allow auth there[19:21:36] <Aprogas> Did dovecot created the socket?[19:22:17] <hparker> ls -l /var/spool/postfix/private/auth[19:22:17] <hparker> srw-rw-rw- 1 postfix postfix 0 May 3 14:16 /var/spool/postfix/private/auth[19:22:34] <Aprogas> Can you pastebin the full error from the logs within its context?[19:22:41] <hparker> That is it[19:23:07] <Aprogas> By the way, you can probably put most of the SASL settings in main.cf and limit sasl_auth_enable to master.cf[19:23:25] <Aprogas> I'd like to see the error within context, e.g. when exactly Postfix throws the error.[19:23:54] <hparker> After restart http://paste.pocoo.org/show/395013/[19:24:43] <Aprogas> That is a very limited context. Could you include the few lines above the error as well?[19:24:51] <hparker> Complete restart, missed it in the first paste http://paste.pocoo.org/show/395014/[19:25:15] <Aprogas> Please pastebin postconf -n as well.[19:26:18] <hparker> http://paste.pocoo.org/show/395016/[19:26:53] <Aprogas> You also seem to specify sasl_type in your main config without specifying the sasl_path, which is creating this warning.[19:27:11] <Aprogas> But the warning is not an error. I suspect the reason for your SASL is not working is because you put permit_sasl after reject_unauth[19:27:11] <hparker> hrrmm[19:27:55] <Aprogas> The way you set it up right now, you will also offer auth on port 25 ,and many of the master.cf settings are redundant.[19:28:35] <Aprogas> You could also just pass -o smtpd_sasl_auth_enable=no to the port 25 smtpd.[19:29:06] *** roe has quit IRC[19:32:03] *** roe has joined #postfix[19:32:14] *** roe has quit IRC[19:32:14] *** roe has joined #postfix[19:43:50] *** gremset has quit IRC[19:44:06] *** gremset has joined #postfix[19:53:35] *** wdp has joined #postfix[19:53:35] *** wdp has joined #postfix[19:54:03] <hparker> That seems a bit cleaner and easier to manage, thanks![19:54:06] *** Gatto has quit IRC[19:56:31] <Aprogas> I also recommend setting smtpd_sasl_tls_auth_only or whatever it is called.[19:57:20] <hparker> I have that in main.cf[19:57:33] <hparker> At least I do now :P[19:57:38] <Aprogas> Oh right. I missed it.[19:57:47] <hparker> And, everything working as needed, thanks![19:58:04] <hparker> There was something about tress and forest that was getting me[20:00:33] * cpm works hparker[20:00:41] <hparker> yikes![20:01:07] <hparker> Hrrmm... Not seeing any Authenticated header[20:01:57] <hparker> Maybe I cleaned up too much :P[20:03:14] <Aprogas> Also you probably don't really need smtps[20:03:23] <Aprogas> Just submission and regular port 25 smtpd.[20:03:26] <hparker> Unfortunately I do[20:03:37] <hparker> Brain dead mail apps on old phones[20:03:57] *** nokia3510 has joined #postfix[20:05:36] * cpm authenticates hparker[20:05:57] <hparker> yay![20:06:12] *** Astroman has joined #postfix[20:06:35] *** loompek has joined #postfix[20:06:38] <loompek> morning guys[20:11:17] *** brancaleone has joined #postfix[20:11:29] <hparker> Though that didn't convince postfix to do it :P[20:16:57] <hparker> heh... mynetworks must have been killing it[20:19:50] <hparker> Aprogas: Thanks for the help[20:20:10] <loompek> so i've got a tiny problem... question.. whatever... because of the ass^H^H^Hguys at the law enforcement agency our email servers should support ETSI TS 102 232-2, which is a lawful interception standrad for email communication... i have to set up a smtp server which will accept *any* email (regardless of the sender or recipient/recipients) and just save it to /dev/null[20:20:30] <loompek> what would be the simplest way of doing that[20:21:13] <Aprogas> I'm not sure I understand. Your main mailserver is required by law to become an open relay that discards all mail?[20:21:38] <seekwill> Sounds like XY[20:24:00] <seekwill> http://www.etsi.org/deliver/etsi_ts/102200_102299/10223202/02.04.01_60/ts_10223202v020401p.pdf ?[20:24:05] *** FyreFoX has quit IRC[20:24:47] *** FyreFoX has joined #postfix[20:26:47] <loompek> ya[20:26:53] <loompek> this etsi standard :S[20:26:59] <Aprogas> Maybe you misinterpreted the requirement.[20:27:09] * cpm would go find work at a gas station before he implemented that crazy stuff.[20:27:39] <rob0> What sort of law is this? Is the law funding your costs in doing this?[20:27:45] <loompek> nah.. we have another system which is intercepting email with a tap device (some sort of a port mirror)...[20:28:32] <loompek> rob0 nope... it's all internally funded :S[20:29:01] <rob0> What country is this? What law required you to do this?[20:29:06] <Aprogas> EU[20:29:10] <loompek> slovenia, eu[20:29:10] <loompek> :S[20:29:31] <seekwill> It's in the US too[20:29:37] <loompek> and... yeah.. i know.. it sucks ass :S[20:29:52] <rob0> Okay, I don't know then, but in USA, the Fifth Amendment requires the gov't to pay you for stuff like this.[20:30:05] <seekwill> What?[20:30:08] <loompek> ya... you're the lucky ones[20:30:13] <loompek> so... speaking of...[20:30:31] <Aprogas> Isn't just having logfiles enough to comply?[20:31:35] <rob0> seekwill, "Just compensation", the last clause.[20:31:43] <loompek> like i said, we already have a system that was connected to the previous mail system and is doing the email2etsi conversion (according to that etsi ts... the mail system should intercept the email on the fly and open a new li ticket or something)...[20:32:11] <loompek> and it was set up in front of the gateway (actually a couple of gateways)[20:32:15] <rob0> Yeah, like cpm said, I would have no interest in helping to implement this.[20:32:36] <loompek> rob0 i'm not hoping to implement the etsi on postfix[20:32:45] <loompek> i'm just explaining how it works[20:33:48] <seekwill> rob0: Has that been argued in court before?[20:33:51] <loompek> and i was kinda hoping to set up a plain system which would just accept *any* email and discard it[20:33:53] <seekwill> That would be quite interesting[20:34:20] <loompek> what would be the best way of doing that[20:34:34] <seekwill> loompek: Wouldn't that be similar to an always_bcc type thing?[20:34:51] <loompek> seekwill at first i thought that... but...[20:36:34] <loompek> the 'etsi compatible' system which listens to the network traffic doesn't decrypt tls encrypted traffic, so i have to set up another system which doesn't speak tls, and the guys that sold us that device will have to upgrade the software to intercept the XFORWARD statements and open new LI tickets accordingly[20:37:07] <rob0> seekwill, IANALB I'm sure it has. :) If a company is paying for my time, my time is private property belonging to that company, and they are due "Just compensation" for the expense.[20:37:21] <loompek> and the system itself grabs the MAIL FROM:<> and RCPT TO:<> statements and opens the tickets accordingly[20:37:41] <loompek> so always_bcc won't work as one of the RCPTs will be the police@foo[20:38:21] <seekwill> rob0: Couldn't an eyewitness consultant refuse to talk to a police officer, unless the police officer would pay for the consultant's time? Then there's the whole obstruction thing...[20:38:32] <rob0> yes they can and they do[20:38:38] *** Cain` has joined #postfix[20:38:44] <cpm> yes, then there is the whole obstruction thing, which is a pretty big thing[20:39:04] <cpm> best thing to do in such a case, walk away, and walk away quickly.[20:39:10] <rob0> oh, an eyewitness, I was thinking "consultant"[20:39:42] <seekwill> An eyewitness, who's also a consultant (lawyer, doctor, whatever). He's not going to make money if he's helping out the police...[20:39:42] <sjrussel> I think the answer is, it depends which judge you get.[20:39:44] <rob0> an eyewitness is a different matter, but to some extent even they are compensated[20:40:03] <cpm> you can refuse to incriminate yourself, but that's about all the refusing you can do.[20:40:04] <seekwill> Anyways...[20:40:08] *** Cain has quit IRC[20:40:09] *** Cain` is now known as Cain[20:40:12] * seekwill failed the bar four times...[20:40:24] * cpm whacks seekwill with the bar[20:40:26] <rob0> seekwill, buy another drink[20:40:38] <sjrussel> seekwill, whisky->beer, not the other way around[20:40:38] <seekwill> Sounds good[20:41:03] *** Matic`Makovec has joined #postfix[20:41:38] <loompek> well, how hard would it be to set up a box that accepts any email and discards it[20:41:47] <Aprogas> seekwill: Where did you get that direct download link?[20:42:09] * seekwill shows Aprogas his Google-fu[20:42:21] <Aprogas> Interesting since the site itself seems to require registration and payment.[20:42:55] <seekwill> Maybe this one is outdated[20:43:06] <seekwill> loompek: Use smtp-sink[20:43:23] <seekwill> loompek: It'll discard by default, but can write out to a file[20:43:45] <loompek> seekwill thanks... i'll google it right away[20:43:51] <seekwill> loompek: It comes with Postfix :)[20:44:04] *** Zeit|awy has joined #postfix[20:44:57] <rob0> I wonder if any thought has gone into the amount of breakage it causes to accept and discard any email?[20:45:01] <seekwill> Aprogas: It was literally the second link in Google[20:45:29] <seekwill> rob0: I'm assuming he's using this as a hook point in his email system[20:45:34] <rob0> hparker, put in some thought on that, please.[20:46:20] <loompek> seekwill man... that's great... it's all i need[20:46:43] *** ealfie-1493 has joined #postfix[20:46:55] <ealfie-1493> hello everyone[20:46:58] <seekwill> Good stuff[20:47:51] <hparker> rob0: On what? :P[20:48:02] <ealfie-1493> i'd want to setup restrictions on senders and destinations of locally generated mail through, picked up by the pickup daemon[20:48:27] <ealfie-1493> (sorry about my weird english)[20:49:20] <ealfie-1493> i'm confused about what is the best and practical way to do this...[20:49:21] <ealfie-1493> should i setup the pickup dameon line inside master.cf with -o content_filter=.... ?[20:49:35] <ealfie-1493> thanks everybody in advance[20:50:57] <rob0> ealfie-1493, the only control on pickup(8) is through sendmail(1), and that is:[20:51:07] <rob0> !authorized_submit_users[20:51:07] <knoba> rob0: "authorized_submit_users" : List of users who are authorized to submit mail with the sendmail(1) command (and with the privileged postdrop(1) helper command).[20:51:41] <rob0> That only controls which Unix accounts are allowed to use sendmail.[20:52:34] <rob0> There are no controls of sender nor recipient addresses.[20:54:26] <ealfie-1493> is it impossible in postfix to setup controls on senders and recipients of locally generated email?[20:56:17] <ealfie-1493> there's an apache with shared hosting on the postfix host, and i cannot for this time use suphp nor suexec, so all this outbound email is from the same unix account[20:57:24] <rob0> So why not implement your controls in the software that the httpd is running?[20:57:31] <seekwill> Disable mail() and use a PEAR module instead?[20:57:44] <ealfie-1493> so i'd want to at least restrict the senders[20:57:45] <ealfie-1493> i saw i could set php_admin_value sendmail_path "/usr/bin/sendmail -f <user@domain>" or something like that,[20:57:45] <ealfie-1493> but i'd prefer using postfix[20:58:10] <ealfie-1493> i have no control over the lots of sites there, no time to audit all these web sites[20:58:20] <seekwill> heh[20:58:21] <rob0> Once again, there is no feature to do that. Postfix is not an option.[20:58:28] <ealfie-1493> ok[20:58:46] <ealfie-1493> do you mean using some pear module to use smtp ?[20:58:57] *** gerhard7 has quit IRC[21:00:04] <seekwill> Yeah, and not only that, have to authenticate against only your server[21:00:20] <seekwill> Firewall your webserver so it can only talk to your postfix server on port 25[21:00:48] <rob0> Sounds like the real goal here might be to work around broken and/or insecure PHP software.[21:01:19] <seekwill> I think it'll be best for everyone if these types of services were better audited[21:02:20] <ealfie-1493> ok, the problem is that by now... the postfix host is the web host also, its insane[21:03:06] <ealfie-1493> anyway, it's impossible to audit the php software of 300+ users[21:03:44] <rob0> oh, my.[21:04:11] *** cpm has quit IRC[21:07:49] <seekwill> ealfie-1493: Enact the policy, and encourage people to use it. Then give them a grace period before it gets cut off.[21:08:21] <seekwill> ealfie-1493: The reason why you want to do this is if someone starts using your service as a platform to spam. It'll affect all your other users. You really need to make some sort of change.[21:14:09] <ealfie-1493> thanks seekwill[21:14:55] <ealfie-1493> by now, i set authorized_submit_users only to root (for admin and cron scripts)[21:15:08] <ealfie-1493> and will force users to use smtp[21:15:33] <ealfie-1493> then i'll start with the basic postfix smtpd policy restrictions[21:15:46] <rob0> then that gives you lots more options: policy services, content filtering, et c.[21:16:27] <ealfie-1493> yes, for today it will be enough to at least filter by sender address[21:16:27] <rob0> sendmail-submitted mail is filtered too, but only by the global content_filter.[21:16:44] <ealfie-1493> oh, that's interesting[21:17:00] <ealfie-1493> because the global content_filter could be overriden by the other daemons[21:17:03] <ealfie-1493> anyway,[21:17:23] <ealfie-1493> forcing users to use smtp or authenticated smtp feels more secure[21:25:29] *** ealfie-1493 has left #postfix[21:25:30] *** cilly has joined #postfix[21:28:28] *** pj has joined #postfix[21:32:42] *** theyranos has left #postfix[21:40:36] *** ced117 has quit IRC[21:43:21] *** cilly has quit IRC[22:12:11] *** basho__ has quit IRC[22:20:00] *** hever has quit IRC[22:23:45] *** Matic`Makovec has quit IRC[22:30:42] *** ssureshot has quit IRC[22:34:08] *** Timzzzz is now known as Timmooo[22:39:02] *** roe has quit IRC[22:39:57] *** mivok has joined #postfix[22:42:03] *** Timmooo is now known as Timzzzz[22:42:29] <mivok> Hi, is it possible in postfix to have a (virtual) alias table that would process aliases e.g. foo.bar at mail dot example.com -> foo at mail dot example.com, and then relay that mail to a final MX server (presumably using an smtp entry in $transport_maps)?[22:43:01] <mivok> This is for an incoming edge mail server that is relaying to the 'real' mail server inside the network[22:44:38] <mivok> from what I can see, if I had mail.example.com as a virtual alias domain, it can never have non-alias addresses in it, but I want a mix of aliases/real addresses.[22:45:30] <seekwill> Would you be able to use the recipient delimiter function?[22:46:12] <mivok> the aliases aren't all of the format foo+bar, so I'm pretty sure I can't.[22:51:39] *** mythicalbox has joined #postfix[22:51:56] *** mitchlovin has quit IRC[22:51:56] *** mythicalbox is now known as mitchlovin[22:57:54] *** gremset_ has joined #postfix[23:01:16] *** brancaleone has quit IRC[23:01:49] *** brancaleone has joined #postfix[23:02:02] *** Lenhix has quit IRC[23:02:08] *** gremset has quit IRC[23:03:25] *** sbeam has quit IRC[23:04:47] *** wdp has quit IRC[23:07:37] *** Pathin has joined #postfix[23:08:56] <adaptr> mivok: put mail.example.com in relay_domains and unset relay_recipient_maps. aliases go in virtual_alias_maps[23:09:12] *** Pathin has quit IRC[23:09:49] <adaptr> of course, this is Bad. postfix should know the valid backend recipients, and you should put them in relay_recipient_maps[23:09:56] <adaptr> but this is the simple solution[23:10:39] <mivok> I can put them in relay_recipient_maps if needed (including the aliases). If it's in relay_domains[23:10:47] <mivok> oops.. more coming[23:11:11] *** Pathin has joined #postfix[23:11:15] <adaptr> no, the aliases go in virtual_alias_maps[23:11:27] <adaptr> that is the ONLY place you can alias non-local addresses[23:11:34] *** hever has joined #postfix[23:11:48] *** Pathin has quit IRC[23:11:57] <mivok> and virutal_alias_maps will be looked up even if the domain isn't listed in virtual_alias_domains?[23:13:30] <adaptr> virtual_alias_maps is applied to all incoming mail. all.[23:13:39] *** Pathin has joined #postfix[23:13:55] <adaptr> any address on the LHS of virtual_alias_maps is a valid address as far as postfix is concerned. none will ever be rejected.[23:14:53] *** Pathin has quit IRC[23:15:52] *** Pathin has joined #postfix[23:16:09] <mivok> great. Also, if relay_recipient_maps pointed somewhere, and I had my virtual_alias_maps set up correctly, would relay_recipient_maps have to contain all valid addresses (including aliases), or would it just have to contain the real users on the backend?[23:16:17] *** Pathin has quit IRC[23:16:36] *** Pathin has joined #postfix[23:17:05] *** tharkun has quit IRC[23:17:14] *** tharkun has joined #postfix[23:26:04] <mivok> One of the main goals for setting up this new server is to avoid backscatter, so I'd really not like to leave the relay_recipient_maps blank, even if that means having duplicate information.[23:27:48] *** loompek has quit IRC[23:29:59] *** loompek has joined #postfix[23:30:21] *** gremset has joined #postfix[23:30:40] *** tharkun has quit IRC[23:30:40] *** tharkun has joined #postfix[23:33:46] <adaptr> mivok: valid addresses need to be deifned in at least one place[23:34:02] <adaptr> either virtual_alias_maps or relay-recipient_maps will do[23:34:12] <adaptr> as long as the result of virtual-alias_maps is valid, too[23:34:12] *** gremset_ has quit IRC[23:34:26] <tharkun> !Signum[23:34:26] <knoba> tharkun: "Signum" : author of the workaround.org ispmail tutorials, daddy of the 'knoba' bot - formerly known as 'ChrisH'[23:34:28] <mivok> perfect - that makes life easier. Thanks.[23:34:52] *** sjrussel has quit IRC[23:35:05] *** loompek has quit IRC[23:35:36] <tharkun> adaptr: Yesterday i didn't have time to thank you properly. I had to rush to the office[23:35:53] <adaptr> did I do something good ? oh goody[23:36:50] *** Guest67131 has joined #postfix[23:46:46] *** brancaleone has quit IRC[23:50:35] *** p3rror has joined #postfix[23:58:37] *** Timzzzz is now known as Timmooo[23:59:17] *** jmedina has left #postfix