Switch to DuckDuckGo Search
   February 15, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >

Toggle Join/Part | bottom
[00:00:12] *** danblack has joined #postfix
[00:02:09] *** freaky[t] has joined #postfix
[00:06:14] *** m1chael has quit IRC
[00:16:42] *** jra has joined #postfix
[00:25:37] *** nowthatsamatt has joined #postfix
[00:27:19] *** jkfod has joined #postfix
[00:27:50] *** jkfod1 has quit IRC
[00:29:24] *** Gatto has quit IRC
[00:29:32] *** wdp__ has quit IRC
[00:30:55] <kreign> if i put something in, say, smtpd_helo_restrictions, do I have to put it in any of the other smtpd_*_restrictions or are they accumulative?
[00:34:11] <lunaphyte> just keep everything in smtpd_recipient_restrictions. leave the others empty
[00:34:24] <jra> the default is to evaluate all restriction upon the last stage, before the DATA stage
[00:34:39] <jra> so keep it all in recipient_restrictions, yes
[00:41:34] *** m1chael has joined #postfix
[00:47:59] *** pyther has quit IRC
[00:50:47] *** MaximusColourum has quit IRC
[00:53:16] *** m1chael has quit IRC
[01:04:09] <kreign> jra, lunaphyte i'm looking but it looks like some of them have options which are not listed in the man page for the others. is this true, and will it matter?
[01:04:36] <lunaphyte> huh?
[01:04:54] <lunaphyte> no, it doesn't matter
[01:04:56] <kreign> sorry let me be specific. feeling a bit under the weather.
[01:05:03] <kreign> gotcha.
[01:05:19] <kreign> so for all intents and purposes every other smtpd_*_restriction can be blank.
[01:05:26] <kreign> or undefined.
[01:06:33] <lunaphyte> left at default.
[01:06:33] <kreign> (unless I want have additional restrictions upon something else, I suppose?)
[01:06:38] <lunaphyte> no
[01:07:08] <lunaphyte> there's no reason to have anything in the others.
[01:07:32] *** jkfod has quit IRC
[01:07:41] <lunaphyte> rest assured that if yours was an edge case in which there was truly a reason to do so, you'd not be here asking about it ;)
[01:09:57] <kreign> heh
[01:10:30] <kreign> lunaphyte, thanks for all the dedication to postfix assistance, btw.
[01:10:54] <kreign> lunaphyte, reject_invalid_helo_hostname, then, can go in recipient?
[01:11:02] *** higuita has joined #postfix
[01:11:13] *** m1chael has joined #postfix
[01:12:08] <lunaphyte> correct
[01:12:13] <kreign> the way that works in my brain is that it would get through the 'helo', but I'm guessing postfix receives everything before giving a status..
[01:12:18] <lunaphyte> you're welcome :)
[01:12:29] <lunaphyte> indeed
[01:12:36] <lunaphyte> !smtpd_delay_reject
[01:12:36] <knoba> lunaphyte: "smtpd_delay_reject" : a configuration parameter in the main.cf: Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions.
[01:12:50] <seekwill> It's nice to have it get to RCPT TO, so you can have logs of the MAIL FROM and RCPT TO
[01:13:17] <seekwill> That extra information is worth the overheaad
[01:17:32] <pj> [13:07] <lunaphyte> there's no reason to have anything in the others.
[01:17:59] * thumbs trusts lunaphyte more than seekwill
[01:18:03] <pj> lunaphyte: I think that reject_unauth_pipelining needs to be in smtpd_data_restrictions
[01:18:34] <seekwill> hah
[01:21:02] <pj> and it's a good idea (imo) to set smtpd_etrn_restrictions = reject
[01:21:24] *** snearch has quit IRC
[01:21:28] <pj> other than that everything can go in smtpd_recipient_restrictions as long as it's in the correct order.
[01:22:52] *** master_of_master has quit IRC
[01:22:58] <seekwill> thumbs: It's good that you do since I don't even run Postfix!
[01:23:19] <kreign> can smtpd_reject_unlisted_sender/recipient result in valid mail getting blocked? I'm not quite sure what "unknown recipient/sender address" indicates within this scope, as described in the man page.
[01:23:52] *** m1chae has joined #postfix
[01:24:05] *** master_of_master has joined #postfix
[01:24:13] <thumbs> seekwill: I know.
[01:24:21] <thumbs> seekwill: you don't even run MySQL, either.
[01:24:31] <seekwill> I'm so worthless on IRC!
[01:25:02] <kreign> lunaphyte, I'm guessing smtpd_delay_reject is considered a good option to have?
[01:25:55] *** m1chael has quit IRC
[01:33:38] <jra> that's why it's the default
[01:34:14] *** jra has quit IRC
[01:40:58] *** sacredchao has joined #postfix
[01:41:26] <sacredchao> I am configuring postfix to work with dovecot for my first time, and I want to use an SQLite database as my backend
[01:41:52] <sacredchao> Do I need to specifically configure Postfix to use the same SQLite file as I do to Dovecot?
[01:42:14] <sacredchao> Or can I have Postfix go through Dovecot's authentication method
[01:42:26] <rob0> !sqlite_howto
[01:42:26] <knoba> rob0: "sqlite_howto" : rob0 here has written a multi-address-class howto for Postfix and Dovecot using a sqlite3 data backend: http://rob0.nodns4.us/howto/
[01:42:47] <Patrickdk> just don't update your sqlite file often :)
[01:43:05] <rob0> the schema is ugly, a major improvement/rewrite is underway.
[01:43:15] <Patrickdk> I wonder how dovecot handles sqlite
[01:43:22] <rob0> it's fine
[01:43:31] <sacredchao> Patrickdk: Why not?
[01:43:32] <Patrickdk> no crashing/restarts like postfix?
[01:43:45] <rob0> one IMPORTANT note is to upgrade to 2.9 or 2.8.8
[01:43:52] <sacredchao> I want to have maximum flexibility to add/remove users. Why do you say not to update my auth DB?
[01:44:13] <sacredchao> Ahh, I have 2.7.1
[01:44:15] *** krzee has quit IRC
[01:44:26] <rob0> 2.7 didn't even have sqlite support.
[01:44:30] <Patrickdk> hmm, 2.8.7 here still
[01:45:01] *** kli0rf has quit IRC
[01:45:22] <rob0> there was a major bug in dict_sqlite.c until 2.8.8 this month
[01:45:51] <Patrickdk> ah
[01:47:24] *** jarr0dsz has quit IRC
[01:47:29] *** jarr0dsz has joined #postfix
[01:48:15] <sacredchao> rob0: Soo, I take it I can't authenticate through dovecot, and I need to upgrade Postfix in order to use SQLite at ALL...?
[01:48:47] <Patrickdk> you MUST authenticate through dovecot
[01:48:56] <rob0> I did not say the first part. I did say the second part.
[01:49:06] <Patrickdk> but if you want to validate mail accounts, via sqlite, ...
[01:49:54] <rob0> You can use sqlite in dovecot and <some other data source> in Postfix.
[01:50:51] <sacredchao> rob0: So then I can authenticate with SQlite with dovecot right now, but I won't be able to SEND mail because postfix doesn't understand how to see the user DB in an sqlite file?
[01:51:10] <sacredchao> (at least, the version of postfix I have installed)
[01:51:13] <rob0> hm?
[01:51:19] <Patrickdk> why must postfix see the user db?
[01:51:30] <Patrickdk> do you know how to setup postfix at all?
[01:51:33] <Patrickdk> !sasl
[01:51:33] <knoba> Patrickdk: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[01:51:37] <sacredchao> Well my version of dovecot support sqlite, but my version of postfix does not
[01:51:37] <rob0> Postfix must see the list of addresses.
[01:52:01] <sacredchao> Patrickdk: maybe to send mail?
[01:52:05] <Patrickdk> rob0, it doesn't have too :) but it's good not to accept too much spam :)
[01:52:13] <rob0> Then I would suggest either upgrade the Postfix or choose another data source.
[01:52:13] <sacredchao> I was using another MTA before, this if my first time setting up postfix.
[01:52:24] *** hever has joined #postfix
[01:52:28] <Patrickdk> !tell sacredchao sasl
[01:52:28] <knoba> sacredchao: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[01:53:07] <sacredchao> rob0: I would like to ideally use the same databse backend for both my MTA and MDA
[01:53:32] <rob0> yes, my howto does that, it is a good idea.
[01:54:13] <sacredchao> So I don't need SQLite support in postfix to get a functioning setup, because I can auth via Dovecot's SASL implementation (which eventually hits my SQLite backend via Dovecot)?
[01:54:28] <Patrickdk> it SEND email, no
[01:54:37] <Patrickdk> to RECEIVE, you well better have something :)
[01:55:10] <sacredchao> Patrickdk: Beause when postfix receives, it needs to know to which user to deliver it to? And SASL can't fill this functionality
[01:55:14] <rob0> Postfix must have lists of recipients and domains.
[01:55:45] <rob0> SASL does not do that, no. It merely is the mechanism of SMTP AUTH.
[01:56:04] <sacredchao> Okay I have 2.8.7 now
[01:56:10] <sacredchao> Oh wait....
[01:56:15] <sacredchao> I need 2.8.8 ?
[01:56:17] <sacredchao> shit
[01:56:51] <rob0> http://www.postfix.org/announcements/postfix-2.8.8.html
[01:57:07] *** kli0rf has joined #postfix
[01:57:17] <rob0> if you're going to compile, I would go for 2.9.0
[01:57:19] <sacredchao> rob0: So SMTP AUTH is simply used for sending mail? That makes sense, I guess an MTA doesn't need to really AUTH anything when receiving mail. it just needs to pass it on to the MDA into the right user's account
[01:57:19] <pj> personally I'd just go to 2.9, but that's me.
[01:57:51] <rob0> pj, not just you. :)
[01:57:55] <pj> hehehe
[01:57:59] *** danblack has quit IRC
[01:58:18] <pj> I still haven't gone to 2.9 in my servers, though. The next server I set up will be 2.9, though.
[01:58:30] <pj> but then I don't need sqlite
[01:58:35] *** Marian` has quit IRC
[01:58:36] <Patrickdk> I tried 2.9 for a few min
[01:58:41] <Patrickdk> couldn't get it to compile correctly
[01:58:47] <Patrickdk> and have no time to look at it
[01:58:59] <pj> I can't imagine it would be any harder to compile than 2.8
[01:59:06] <rob0> mail_version = 2.10-20120124
[01:59:25] <pj> yep, we know you run bleeding edge rob0 ;-P
[01:59:33] <Patrickdk> something got changed heavily, and a patch wouldn't apply
[01:59:51] <Patrickdk> oh ya, I remember what it was now
[02:00:00] <Patrickdk> the evil debian, split it into modules patch
[02:00:32] <sacredchao> I have Debian and I'd rather not compile, but I guess I have to in order to get SQLite support 0_o
[02:00:40] <sacredchao> only 2.8.7 is in sid
[02:01:27] <pj> well, if what Patrickdk is saying is correct then your best option may be to go to 2.8.8
[02:02:05] <sacredchao> pj: Do you use another SQL method as backend?
[02:02:14] <pj> sacredchao: yes, I use postgresql
[02:03:01] <pj> ...which is fun because you have to rebuild the postfix rpm on CentOS 6 in order for it to work with postgresql
[02:03:15] <pj> ...but at least it doesn't require tweaking the spec file at all.
[02:05:22] <sacredchao> pj: Why does it require this? Seems like postfix doesn't support a lot of SQL auth methods until recently
[02:05:24] <kreign> would anyone be able/willing to look at this for me and tell me if I'm missing anything significant? http://pastie.org/3384610
[02:05:45] <Patrickdk> postfix doesn't support ANY sql auth
[02:06:09] <Patrickdk> it never have, and unlikely to
[02:06:55] <sacredchao> Patrickdk: But you said before that it needs SQLite support to receive mail (if that is what I am using for my userdb)
[02:07:14] <Patrickdk> yes to receive, not AUTH
[02:07:15] <pj> recieving mail != auth
[02:07:16] <sacredchao> Or I guess that has nothing to do with authentication, but more to do with where to store the messages?
[02:07:30] <Patrickdk> not even where it stores it
[02:07:36] <pj> !tell sacredchao basic
[02:07:36] <knoba> sacredchao: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[02:07:51] <pj> sacredchao: have you read this? ^^^^^^^^^^^
[02:08:18] <Patrickdk> the only way to make postfix not need anything, is if you made it verify via like lmtp
[02:08:23] <sacredchao> Okay so I need to concentrate/read on use SASL + TLS for sending mail, and SQLite for receiving
[02:08:29] <sacredchao> yeah I have but it was last week
[02:08:30] <Patrickdk> but that normally slows things down painfully
[02:09:32] <rob0> if you can build a .deb, there is no difference from 2.8.x to 2.8.8
[02:09:43] <rob0> there is little difference to 2.9.0
[02:10:24] <pj> right, except for what Patrickdk said, but he should be able to build 2.8.8
[02:10:36] *** danblack has joined #postfix
[02:10:36] <pj> that said I can't give instructions because I'm on the wrong platform.
[02:10:58] <rob0> I can't give instructions because I'm on the right platform ;)
[02:11:11] <pj> sacredchao: you need to read and understand all of the BASIC_CONFIGURATION_README.
[02:12:16] <rob0> kreign, missing logs and a problem description.
[02:12:16] <pj> a lot of the questions you are asking shows that you are missing a basic understanding of email in general and postfix specifically, so you really need to read that doc.
[02:13:00] <kreign> rob0, there are neither. I want to verify I'm doing smtpd restrictions properly.
[02:13:05] <kreign> ie the ordering.
[02:15:00] <rob0> smtpd_restriction_classes is wrong
[02:15:26] <rob0> wow, that is a lot of junk
[02:16:02] <rob0> "check_client_access hash:/etc/postfix/restricted_helo" to grab one out at random ... huh?
[02:16:12] <kreign> rob0, yeah, you should've seen it before I took a hatchet to it. :|
[02:16:32] <rob0> the filename implies it is a helo lookup, but it is check_client_access
[02:16:41] <pj> !tell kreign cheatsheet
[02:16:41] <knoba> kreign: "cheatsheet" : http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control.
[02:17:07] <kreign> thanks pj I had that link but lost it previously
[02:17:24] <pj> yw
[02:17:29] <rob0> it's quite a mess of deprecated and new syntax, also.
[02:17:49] <rob0> looks like an amalgam of howtos ...
[02:18:07] <kreign> rob0, no, old config options plus me reading the man page.
[02:18:12] <rob0> bah. I have work to do.
[02:18:17] <pj> smtpd_use_tls = yes <<<< deprecated
[02:18:17] <kreign> I don't "do" howtos (or try not to)
[02:18:27] <kreign> yeah the tls shit can be ignored, I've not looked at it yet.
[02:19:26] *** seekwill has quit IRC
[02:20:47] <kreign> rob0, aside from being ugly, is the syntax 'proper'?
[02:20:55] <kreign> for smtpd restrictions
[02:21:34] <kreign> there's quite a lot of "why the f*ck did they do this" i'm still trying to figure out before I removei t.
[02:21:38] *** nowthatsamatt has left #postfix
[02:23:36] *** Marian has joined #postfix
[02:28:04] *** jarr0dsz has quit IRC
[02:30:21] *** petergriffin has joined #postfix
[02:31:21] *** MaximusColourum has joined #postfix
[02:31:24] *** daemonik has joined #postfix
[02:32:15] <daemonik> Hi #Postfix, my SMTP smart-host has a quota limit. When I exceed it, I receive 554 errors - can Postfix simply defer these messages rather than bounce them?
[02:37:16] *** petergriffin has left #postfix
[02:44:07] *** m1chae has quit IRC
[02:48:12] *** n0sq has joined #postfix
[02:52:35] *** MaximusColourum has quit IRC
[02:53:58] *** Marian has quit IRC
[02:55:59] *** init has quit IRC
[03:02:27] *** penrod has quit IRC
[03:07:35] *** hever has quit IRC
[03:16:41] *** nowthatsamatt has joined #postfix
[03:25:05] *** danblack has quit IRC
[03:25:19] *** m1chael has joined #postfix
[03:27:36] *** krzee has joined #postfix
[03:29:35] *** m1chael has quit IRC
[03:46:59] *** nowthatsamatt has quit IRC
[03:57:36] *** daemonik has quit IRC
[03:58:55] *** qiyong has joined #postfix
[03:58:58] <qiyong> hi
[03:59:27] <qiyong> can I specify multiple addresses to always_bcc ?
[04:02:04] *** xxzz has joined #postfix
[04:28:42] *** Southron has joined #postfix
[04:30:56] *** m1nish has joined #postfix
[04:50:02] <thumbs> !always_bcc
[04:50:02] <knoba> thumbs: "always_bcc" : a configuration parameter in the main.cf: Optional address that receives a "blind carbon copy" of each message that is received by the Postfix mail system.
[04:52:54] <qiyong> the doc says it would bounce, but it doesn't, why?
[04:55:43] <lunaphyte> probably needs more air.
[04:59:35] *** p3rror has quit IRC
[05:11:47] *** danblack has joined #postfix
[05:14:27] *** MAAAAAD has joined #postfix
[05:17:55] *** MAAAAD has quit IRC
[05:33:07] *** sacredchao has quit IRC
[05:33:09] *** Guest90998 has quit IRC
[05:33:15] *** chalcedony has quit IRC
[05:33:35] *** rmayorga has quit IRC
[05:33:55] *** thoraxe has quit IRC
[05:34:10] *** _znull has quit IRC
[05:34:12] *** D-Boy has quit IRC
[05:34:26] *** rmayorga has joined #postfix
[05:34:32] *** _znull has joined #postfix
[05:34:44] *** thoraxe has joined #postfix
[05:35:00] *** D-Boy has joined #postfix
[05:35:00] *** sacredchao has joined #postfix
[05:35:17] *** chalced has joined #postfix
[05:35:43] *** abyss has quit IRC
[05:35:44] *** danblack has quit IRC
[05:48:22] *** n0sq has quit IRC
[05:49:31] *** abyss has joined #postfix
[05:49:37] *** hever has joined #postfix
[05:55:17] *** zenspider has joined #postfix
[05:59:50] *** danblack has joined #postfix
[06:01:50] *** zenspider has left #postfix
[06:12:11] *** cilly has quit IRC
[06:13:58] *** cilly has joined #postfix
[06:20:32] *** BuenGenio has quit IRC
[06:20:58] *** BuenGenio has joined #postfix
[06:38:15] *** hever has quit IRC
[06:46:55] *** morphje has joined #postfix
[06:52:25] *** xxzz has quit IRC
[06:53:36] *** qiyong has quit IRC
[07:01:22] *** Natureshadow has quit IRC
[07:08:48] *** Southron has left #postfix
[07:14:06] *** xpeed has quit IRC
[07:33:49] *** ced117 has joined #postfix
[07:56:08] *** danblack has quit IRC
[07:58:15] *** m1nish has quit IRC
[08:18:32] *** sphenxes has joined #postfix
[08:25:47] *** Motoko has quit IRC
[08:35:29] *** danblack has joined #postfix
[08:43:11] *** gerhard7 has joined #postfix
[08:46:16] *** jarr0dsz has joined #postfix
[09:08:27] *** Kako has joined #postfix
[09:10:56] *** biggi_mat has joined #postfix
[09:17:28] *** Zelest has quit IRC
[09:18:03] *** breaker313 has joined #postfix
[09:24:14] *** DogWater has quit IRC
[09:24:19] *** danblack has quit IRC
[09:35:58] *** GieltjE has joined #postfix
[09:43:19] *** fury__ has quit IRC
[09:44:19] *** fury__ has joined #postfix
[09:53:31] *** GieltjE has quit IRC
[09:57:23] *** sysmonk has quit IRC
[10:12:23] *** sysmonk has joined #postfix
[10:12:39] *** GieltjE has joined #postfix
[10:13:18] *** sysmonk has quit IRC
[10:14:06] *** sysmonk has joined #postfix
[10:15:26] *** Zelest has joined #postfix
[10:17:46] *** xxzz has joined #postfix
[10:20:13] *** voldial has joined #postfix
[10:23:39] *** e-anima has joined #postfix
[10:26:55] <voldial> When I use "mailbox_command = alternative_mda" the command is launched as the user for which the local mail is destined... if the mda script does "whoami" the answer is the user who is getting the message... but the "groups" command and the "id" command only return the user's name as the group the user is part of. I have verified this a few ways... and am scratching my head. The user is part of other groups... if I "su user" and then exe
[10:26:55] <voldial> cute "groups" or "id" all the additional groups the user is a member of are listed... but when the same script is executed by postfix... only the user's own group is listed. any ideas why "id" and "groups" give different results when postfix executes the script that contains those commands as opposed to the user executing the script from the command line?
[10:27:49] <tilt> voldial: maybe it's real vs. effective user id
[10:27:52] *** azzid has quit IRC
[10:34:39] *** Marian` has joined #postfix
[10:38:25] *** azzid has joined #postfix
[10:45:54] *** jkfod has joined #postfix
[10:48:16] *** wdp has joined #postfix
[10:48:16] *** wdp has joined #postfix
[10:55:44] *** snearch has joined #postfix
[11:02:15] *** BuenGenio has quit IRC
[11:06:19] *** rdo has joined #postfix
[11:07:14] <rdo> hi all- I'm wondering whether it's possible to configure postfix to send all mail to a mail relay *without* alias expansion taking place?
[11:16:09] <waldi> hu?
[11:16:19] <waldi> aliases are for local domains
[11:19:36] *** doomas has quit IRC
[11:19:46] *** _NiC has quit IRC
[11:19:53] *** _NiC has joined #postfix
[11:21:29] *** doomas_work has joined #postfix
[11:22:58] <voldial> tilt, I bet that is the case. thank you very much! sorry for the delay in reply.
[11:23:46] *** doomas_work is now known as doomas
[11:26:55] *** Marian` has quit IRC
[11:29:16] *** voldial has quit IRC
[11:42:07] *** spiekey has joined #postfix
[11:42:08] <spiekey> Hello!
[11:42:43] <spiekey> i am using a relayhost. How can i limit the number of simultaneous smtp connection?
[11:42:53] <spiekey> by default postfix eats the whole bandwith :-p
[11:52:55] <waldi> no. the network stack already divides the bandwidth between all streams
[11:53:06] <waldi> so, what is your real problem?
[12:01:19] <waldi> you can limit the number of connections, but this does not change the bandwidth usage
[12:01:33] *** cilly has quit IRC
[12:33:47] *** KippiX has joined #postfix
[12:47:00] *** jkfod has quit IRC
[12:49:02] *** jkfod has joined #postfix
[12:59:45] *** krzee has quit IRC
[13:00:03] *** Gatto has joined #postfix
[13:04:55] *** _bt has quit IRC
[13:04:55] *** _bt has joined #postfix
[13:12:12] *** Blackvel has joined #postfix
[13:12:36] <Blackvel> anyone with libmilter1.0.1 / milter-regex problems with newer squeeze 6.0.3 libc6? 6.0.3 runs libc 2.11.3-2. milter-regexp does not start anymore.
[13:12:51] <Blackvel> run fine on older suqeeze 6.0.2 with libc < 2.11. i didn't compile libmilter myself
[13:14:24] *** D-Boy has left #postfix
[13:14:43] *** D-Boy has joined #postfix
[13:19:26] *** BuenGenio has joined #postfix
[13:19:46] *** cilly has joined #postfix
[13:23:27] *** GieltjE has quit IRC
[13:27:02] *** FainaUkraina has joined #postfix
[13:28:21] *** BuenGenio has quit IRC
[13:30:33] *** Chinorro has joined #postfix
[13:49:19] *** FainaUkraina has quit IRC
[13:56:33] *** Nido_ is now known as Nido
[14:00:39] *** xxzz has quit IRC
[14:03:59] *** jkfod has quit IRC
[14:04:33] *** jkfod has joined #postfix
[14:10:49] *** krzee has joined #postfix
[14:11:20] *** xabbuh has joined #postfix
[14:12:45] *** m1nish has joined #postfix
[14:13:02] *** MaximusColourum has joined #postfix
[14:14:31] *** jkfod has quit IRC
[14:16:08] *** cpm has joined #postfix
[14:22:26] *** jkfod has joined #postfix
[14:27:03] *** Blackvel has quit IRC
[14:34:42] *** roe has quit IRC
[14:45:44] *** cpm has quit IRC
[14:48:35] *** quebre has joined #postfix
[14:48:41] <quebre> hello
[14:48:47] <quebre> i'm getting this error
[14:48:49] <quebre> (delivery temporarily suspended: connect to[]: Connection refused)
[14:49:02] <Dominian> Is that even a postfix error?
[14:49:19] <quebre> the point is, i don't know what port postfix is trying to reach at
[14:49:59] <quebre> it's not described in logs
[14:50:30] <quebre> i checked in master.cf
[14:50:36] <quebre> all ports defined there to be in use
[14:50:38] <quebre> are reachable
[14:50:41] <quebre> so it's confusing
[14:50:57] <quebre> why is postfix not giving exact destination like
[14:51:08] <quebre> now i dont know what it's complaining about
[14:52:09] <lunaphyte_> pastebin logs
[14:52:23] <quebre> what logs
[14:52:40] <quebre> the only error i have is delivery temporarily suspended: connect to[]: Connection refused
[14:55:51] <quebre> !debug
[14:55:51] <knoba> quebre: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://dpaste.com/
[14:56:32] <sysmonk> _logs_
[14:56:39] <sysmonk> not half of an log line
[14:57:06] <lunaphyte_> don't debate about it. just provide the data as instructed by way of the channel /topic
[14:58:42] <Dominian> postfix doesn't just hand off to something out of the blue
[14:58:50] <Dominian> You or someone else has configured sometihng to cause it to do that
[14:58:59] <Dominian> or its not postfix throwin gthe error
[14:59:02] * Dominian shrugs
[14:59:18] <sysmonk> well, the error does seem like postfix one, but he can't supply us with the logs
[15:00:27] <quebre> im trying to get more logs
[15:01:11] <sysmonk> you didn't even supply the log line with error!
[15:01:28] <sysmonk> don't pastebin the log with debug info, until you've pastebined a log without debug info
[15:01:51] <sysmonk> logs with debug info are a lot harder to read, when the problem can be found in a simple log.
[15:02:04] <Dominian> postconf -n would be useful too
[15:02:15] <sysmonk> and master.cf :P
[15:02:24] <Dominian> :)
[15:02:42] <sysmonk> and the root password too.
[15:02:45] <sysmonk> *cough*
[15:02:53] <lunaphyte_> in other words, just read the channel /topic when you join a channel, and do what it says.
[15:03:19] <sysmonk> lunaphyte_: can you add my bank account no to the topic please?
[15:03:20] <sysmonk> :))
[15:04:45] <jelly> hunter2
[15:17:58] *** Blackvel has joined #postfix
[15:18:33] <Blackvel> anyone knows how to debug libmilter api? :) can't get to run milter-regexp anymore after debian 6.03 aptitude upgrade (which upgraded libc to 2.11 as well as)
[15:34:01] <quebre> /topic
[15:38:16] <quebre> ok
[15:38:20] <quebre> http://pastebin.com/ETMDh75b
[15:41:11] <quebre> and here is postconf -n http://pastebin.com/vMJi2U3K
[15:41:57] <lunaphyte_> please don't use other people's domain names in your examples. it's inconsiderate
[15:43:01] <quebre> i don't use other people's domain names in my examples
[15:43:10] <lunaphyte_> you just did
[15:43:11] <quebre> i just made it
[15:43:14] <quebre> random names
[15:44:07] <quebre> but as i said, there is just one error
[15:44:08] <Dominian> use example.com from now on
[15:44:13] <quebre> okay
[15:44:17] <quebre> so what now
[15:44:21] <Dominian> and I don't see where postfix is trying to hand off to localhost..
[15:44:29] <Dominian> unless I'm missing something
[15:44:41] <quebre> before i had connect to[]: Connection refused error
[15:44:44] <sysmonk> oh great, he turned on debug log
[15:44:54] <quebre> but now it's Feb 15 15:35:42 web7 postfix/qmgr[23368]: B7607B211FF: to=<quebre at my1223 dot myserver.com>, relay=none, delay=0.17, delays=0.16/0/0/0, dsn=4.4.2, status=deferred (delivery temporarily suspended: conversation with[] timed out while receiving the initial server greeting)
[15:44:55] <sysmonk> just what i asked him not to do :P
[15:45:08] <quebre> no
[15:45:14] <quebre> the ssl stuff was always enabled to log
[15:46:21] <quebre> this is mystery
[15:47:28] *** hever has joined #postfix
[15:47:33] <quebre> or maybe i have too big queue ?
[15:48:00] <lunaphyte_> !smtpd_tls_loglevel
[15:48:00] <knoba> lunaphyte_: "smtpd_tls_loglevel" : enable additional postfix smtp server logging of tls activity. each logging level also includes the information that is logged at a lower logging level.
[15:48:09] <lunaphyte_> change that to at most, 1
[15:48:32] <quebre> done
[15:50:25] <quebre> and now ?
[15:50:52] <quebre> first it was connection refused, now it's timed out
[15:51:36] <lunaphyte_> pastebin logs which demonstrate what you're talking about
[15:52:18] <quebre> i pasted
[15:52:25] <quebre> or you are talking about other logs?
[15:52:25] *** jkfod has quit IRC
[15:52:30] <quebre> which is ?
[15:53:22] <quebre> if i see exact error then i can help myself, the point is i don't know where else to look except /var/log/maillog
[15:53:42] <quebre> but something timed out and i don't know what it is
[15:54:10] *** jkfod has joined #postfix
[15:54:20] <quebre> so you can point me where i could get these logs you need to help me or just tell me im on my own with this problem :p
[15:57:02] <lunaphyte_> !logs
[15:57:02] <knoba> lunaphyte_: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung
[15:57:27] *** Toerkeium has quit IRC
[15:58:21] *** RadoQ has quit IRC
[16:01:24] <quebre> it logs to /var/log/maillog
[16:03:40] *** Toerkeium has joined #postfix
[16:05:32] <lunaphyte_> sounds reasonable
[16:06:01] <quebre> yeah and i already pasted you this logs from there
[16:06:05] <quebre> and all it says is timed out
[16:08:15] <lunaphyte_> you described problems with localhost. that is what you need to pastebin
[16:08:35] <lunaphyte_> oh, wait.
[16:08:40] <lunaphyte_> my mistake.
[16:08:45] <lunaphyte_> i see the reference
[16:09:15] <quebre> yep
[16:10:30] <lunaphyte_> pastebin master.cf
[16:11:56] <quebre> http://pastebin.com/L5HB2FDv
[16:12:55] *** RadoQ has joined #postfix
[16:13:48] *** RadoQ has quit IRC
[16:14:30] *** m1chael has joined #postfix
[16:17:51] *** quebre has quit IRC
[16:18:07] <lunaphyte_> lsof -nPi | grep 10024
[16:19:18] <lunaphyte_> gah
[16:20:47] *** RadoQ has joined #postfix
[16:21:17] *** quebre has joined #postfix
[16:21:18] <quebre> sorry
[16:21:24] <quebre> crashed :P
[16:22:28] <quebre> so what now ? :(
[16:22:32] <lunaphyte_> lsof -nPi | grep 10024
[16:22:53] <lunaphyte_> also, you have a remarkable number of areas in your config that need addressing
[16:23:10] <quebre> http://pastebin.com/6E95k289
[16:23:39] <Dominian> amavis!
[16:24:23] <lunaphyte_> so remove that line form master.cf and see if it stops complaining about
[16:24:29] <quebre> ok
[16:26:00] *** p3rror has joined #postfix
[16:28:29] <quebre> yes it is delivered now
[16:28:36] <quebre> seems amavis problem
[16:33:15] *** m1chael has quit IRC
[16:33:50] *** snearch has quit IRC
[16:33:51] *** chalced is now known as chalcedony
[16:39:55] *** D-Boy is now known as Cain
[16:40:50] *** Cain is now known as D-Boy
[16:40:50] *** D-Boy is now known as Cain
[16:47:52] *** turkinator has joined #postfix
[16:49:14] <turkinator> hi all.. looks like maildir sets up in the users home dir.. is it possible to change it elsewhere?
[16:49:58] *** Kako has quit IRC
[16:57:18] *** jkfod has quit IRC
[17:10:40] *** xabbuh has quit IRC
[17:14:05] *** turkinator has quit IRC
[17:23:23] *** jkfod has joined #postfix
[17:35:13] *** breaker313 has quit IRC
[17:36:09] *** spiekey has quit IRC
[17:52:13] *** VaNNi has left #postfix
[17:56:40] *** shanky has joined #postfix
[17:57:55] *** hever has quit IRC
[17:58:23] <shanky> Hello, quick question, even with myhostname=myserver.domain.com, /var/log/maillog is using just myserver without the domain.com, I suppose is a rsyslog issue, or is there something else I could check on the postfix side?
[18:05:02] *** on1ald has quit IRC
[18:07:50] *** on1ald has joined #postfix
[18:08:56] <patdk-wk> no idea, what does the log line look like?
[18:09:14] <patdk-wk> cause postfix doesn't put the servername on loglines, but only inside messages
[18:12:04] <shanky> patdk-wk: <22>Feb 15 12:11:08 myserver postfix/qmgr[21376]:......
[18:12:12] <patdk-wk> thta is a syslog thing
[18:12:27] <shanky> patdk-wk: ok, that is why I thought, thanks!
[18:12:36] <shanky> s/why/what/g
[18:13:36] *** hever has joined #postfix
[18:13:48] *** Toerkeium has quit IRC
[18:17:42] *** KippiX has quit IRC
[18:19:25] *** shanky has left #postfix
[18:22:31] *** VaNNi has joined #postfix
[18:25:15] *** p3rror has quit IRC
[18:27:25] *** voldial has joined #postfix
[18:28:58] *** L|NUX has joined #postfix
[18:29:00] <L|NUX> hello
[18:29:22] <L|NUX> can someone tell me how can i configure postfix in a way that it will use another mail server to send outgoing emails ?
[18:29:38] <lunaphyte_> !tell L|NUX nullclient
[18:29:39] <knoba> L|NUX: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.
[18:31:00] <L|NUX> lunaphyte_: i have client who wants to send email from different server but he have dynamic ip i have configure one mail server with outgoing relay but the problem is i can not leave server as open relay
[18:33:34] *** localhost has joined #postfix
[18:36:49] <L|NUX> !relayhost
[18:36:49] <knoba> L|NUX: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.
[18:37:27] *** Steve_The_Pirate has joined #postfix
[18:38:51] *** p3rror has joined #postfix
[18:46:12] *** voldial has quit IRC
[18:47:02] <Dominian> L|NUX: If the client can utilize submission and you have submission configured, tell him to submit the email via authenticated smtp (submission) intead of you working around he's laziness
[18:54:09] *** Toerkeium has joined #postfix
[19:05:08] *** replay has joined #postfix
[19:07:03] *** Cain is now known as D-Boy
[19:10:35] *** hever has quit IRC
[19:11:18] <wdp> uh. there are a lot of hate-love-texts about using sender-verify on the www
[19:14:35] <Dominian> sender verification can get nasty
[19:16:11] <kreign> knoba, you can sorta get by that with the right rules and a dynamic dns service.
[19:16:53] <kreign> L|NUX,
[19:16:55] <kreign> that was for you.
[19:25:14] <jimpop> http://www-01.ibm.com/support/docview.wss?uid=swg21102993
[19:25:24] <jimpop> i kinda thought they would have fixed that by now
[19:26:25] *** hever has joined #postfix
[19:26:38] *** Marian` has joined #postfix
[19:30:19] *** xpeed has joined #postfix
[19:35:20] <patdk-wk> heh? aren't you, part of all?
[19:35:55] *** Marian` is now known as Marian
[19:35:58] <jimpop> that's probably exactly how they interpret that
[19:36:00] *** roentgen has joined #postfix
[19:38:46] *** sacredchao has quit IRC
[19:39:11] *** L|NUX has quit IRC
[19:39:13] *** sacredchao has joined #postfix
[19:43:15] *** localhost has quit IRC
[19:43:55] <kreign> can i have a multi-line smtpd_*_restrictions with commented lines or is that not allowed?
[19:44:30] <kreign> jimpop, I think Outlook does the same thing.
[19:44:52] <Dominian> kreign: yes
[19:44:53] <Dominian> I do it
[19:45:00] <jimpop> kreign: nope. at least not recent versions in the past 5 or so years
[19:45:05] <Dominian> where I try different things, then if they don't work or I no longer need them.. I comment it out.
[19:45:05] <kreign> cool, that makes my life easier.
[19:45:23] <Dominian> jimpop: um you can have multi line smtpd_*_restrictions with commented out options
[19:45:26] <Dominian> I do it right now.
[19:46:01] *** localhost has joined #postfix
[19:46:06] <Dominian> http://pastebin.slackadelic.com/p/lXzL2c57.html
[19:46:08] <Dominian> example ^^^
[19:47:28] <jimpop> i am specifically talking about mailing list traffic where a Lotus user receives list mail From:user at domain dot tld via Sender:list-bounces at otherdomain dot tld. When the Lotus user hits Reply-All, their client sends mail To:user at domain dot tld,list-bounces@otherdomain.tld Cc:list-bounces at otherdomain dot tld,user@domain.tld. Yep, all 4
[19:48:01] <jimpop> Dominian: that question was asked by kreign, not i. ;-)
[19:48:06] <Dominian> haha
[19:48:10] <Dominian> mybad
[19:48:14] <Dominian> jimpop: I'm sorry.. too much going on :)
[19:48:21] <Dominian> been wrestling with update-policy in bind :)
[19:48:22] <jimpop> ;-)
[20:05:13] <kreign> Dominian, how do you like the results of spameatingmonkey.net?
[20:05:26] <Dominian> so far pretty good
[20:05:31] <Dominian> no complains here
[20:05:41] <Dominian> SelfishMan can give you more details on it though ;)
[20:05:48] <Dominian> hint: he runs SEM
[20:05:53] <kreign> ah.
[20:05:54] * SelfishMan heard the operator is an ass
[20:05:59] <Dominian> lmao
[20:06:08] <kreign> SelfishMan, most operators are. :)
[20:06:17] <kreign> it's a job requirement (or should be).
[20:06:44] <SelfishMan> kreign: yeah, tends to happen after the 5000th request to be removed from the GeoBL or zomgBL
[20:07:24] <SelfishMan> You want removal from the GeoBL? sure, stop using an IP kthxbai
[20:07:51] <kreign> heh
[20:07:57] <SelfishMan> (people don't actually read policies before screaming about them)
[20:08:37] <kreign> SelfishMan, eh, the IP my main mx is on was used several years ago to send 'spam'... spamhaus still lists it.
[20:08:54] <SelfishMan> kreign: well that is just bad policy
[20:09:07] <kreign> yep.
[20:09:17] <kreign> SelfishMan, your BLs are generally conservative, then, I take it?
[20:09:27] <SelfishMan> my zomgBL zone is just a wildcard zone used for testing (lists *all* IPs) and the GeoBL is just a country lookup/blocking zone
[20:09:47] <kreign> heh
[20:09:55] <kreign> yeah, I'd love to be able to use a geo bl
[20:10:00] <kreign> take that, China!
[20:10:11] <kreign> unfortunately, i get a lot of legitimate mail from china. :|
[20:10:20] <Dominian> Just block APNIC and AFRINIC right at the firewall!
[20:10:32] <SelfishMan> kreign: um...yes and no. It really comes down to what my users want and they tend to scream when stuff is listed wrongly
[20:10:55] <SelfishMan> kreign: http://spameatingmonkey.com/geobl/
[20:10:58] <Dominian> ya know.. I don't even remember how I found outa bout SEM
[20:11:03] <kreign> SelfishMan, right.
[20:11:07] <Dominian> I think rob0 told me abou tit
[20:11:17] <kreign> SelfishMan, "less spam" and "no incorrectly blocked mail" seem to be a bit of a dichotomy. :|
[20:11:23] <SelfishMan> kreign: it actually defaults to a logging mode so you can see where your traffic comes from
[20:11:35] <Dominian> haha crap I forgot about geo :)
[20:11:37] <kreign> SelfishMan, interesting. I may try that, then.
[20:11:47] <kreign> easier than looking it up manually.
[20:11:57] <kreign> I'd love to be able to carve up postfix logs into different files
[20:12:02] <kreign> eg. based on what's blocked
[20:12:11] <Dominian> ahhh
[20:12:14] <kreign> or how the mail goes throguh...
[20:12:17] <Dominian> I don't have any of my IPs on the geo setup
[20:12:50] * Dominian changes that
[20:13:03] <kreign> IPv6 seems like a bit of a spam nightmare.
[20:15:53] *** Toerkeium has quit IRC
[20:27:04] *** wimpog has joined #postfix
[20:27:39] <wimpog> !debug
[20:27:40] <knoba> wimpog: "debug" : http://www.postfix.org/DEBUG_README.html : a good starting point for how to deal with problems and to report information to those who might help. Post your information in a pastebin such as http://pastebin.ca/ or http://dpaste.com/
[20:30:25] <kreign> !master
[20:30:25] <knoba> kreign: "master" : postfix master process. the master(8) daemon is the resident process that runs postfix daemons on demand. see man 8 master or http://www.postfix.org/master.8.html for more info. also see !master.cf
[20:30:35] <kreign> !master.cf
[20:30:35] <knoba> kreign: "master.cf" : postfix master process configuration file. each logical line describes how a postfix service will be run. see man 5 master or http://www.postfix.org/master.5.html for more information. also see !master
[20:30:39] *** seekwill has joined #postfix
[20:30:40] *** seekwill has joined #postfix
[20:30:52] *** Toerkeium has joined #postfix
[20:32:55] *** Motoko has joined #postfix
[20:34:29] <wimpog> ~kreign++
[20:35:03] <kreign> wimpog, uh, hi. what's up?
[20:35:14] <kreign> wimpog, re: ipv6?
[20:35:28] <wimpog> kreign: go ahead and insert a star trek joke of your choice
[20:35:45] <Dominian> a new frontier?
[20:36:09] <kreign> Dominian, I'm guessing you use policyd?
[20:36:14] <Dominian> kreign: no
[20:36:24] <kreign> Dominian, hmm how are you doing spf then?
[20:36:45] *** Toerkeium has quit IRC
[20:37:01] <Dominian> spf unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
[20:37:47] *** snearch has joined #postfix
[20:38:18] *** wdp_ has joined #postfix
[20:41:02] *** morphje has joined #postfix
[20:44:27] *** wimpog has left #postfix
[20:46:26] *** matt1982 has joined #postfix
[21:00:32] *** xpeed has left #postfix
[21:05:14] *** uqlev has joined #postfix
[21:06:58] *** rubin110 has joined #postfix
[21:08:01] <rubin110> I have a server where I want mail sent to a particular inbox be forwarded to an email address hosted elsewhere. The postfix instance can send email externally just fine, but I have the feeling adding in that external address to /etc/aliases isn't enough.
[21:10:03] *** Natureshadow has joined #postfix
[21:11:20] *** ced117 has quit IRC
[21:23:43] <pj> rubin110: have you tried it?
[21:25:10] *** uqlev has quit IRC
[21:27:12] <rubin110> Yes.
[21:27:15] <rubin110> Figured it out.
[21:27:29] <rubin110> Was looking elsewhere for /etc/aliases.
[21:27:39] <pj> ok
[21:33:12] *** localhost has quit IRC
[21:33:57] *** Toerkeium has joined #postfix
[21:34:28] *** localhost has joined #postfix
[21:43:43] *** Gatto has quit IRC
[21:51:31] *** Alagar has joined #postfix
[21:55:14] *** hobbelt has joined #postfix
[21:55:21] *** nowthatsamatt has joined #postfix
[21:55:27] *** nowthatsamatt has left #postfix
[21:56:21] <hobbelt> Would a 256mb RAM, 512mb SWAP VPS be sufficient for postfix + something like roundcube?
[21:56:42] <leprechau> depends on the volume
[21:56:47] <leprechau> but for just personal email sure
[21:56:49] <hobbelt> you mean HD volume?
[21:56:51] <hobbelt> Oh
[21:56:54] <hobbelt> yes, just personal
[21:57:03] <hobbelt> Want to drop google
[21:57:05] <leprechau> you could throw up postfix + nginx + php-fpm and be fine
[21:57:40] <hobbelt> but its not like on the minimum requirements edge?
[21:57:56] <leprechau> ehh you can get more horsepower for really cheap
[21:58:10] <leprechau> http://alienvps.com
[21:58:26] <leprechau> im not related to them or anything ... but I've had a few vps boxes from them
[21:58:33] <leprechau> always had good luck and you can't beat the price
[21:58:41] <hobbelt> wow.. thats cheap
[21:59:08] <hobbelt> they oversell a lot?
[21:59:14] <leprechau> I mean they might all be sitting in a closet someplace for all I know ... but they've worked for me
[21:59:21] <leprechau> I can't complain for the price
[21:59:55] <Dominian> hrm never heard of them
[22:00:00] <Dominian> Like to know where their datacenters are
[22:00:00] <hobbelt> US servers
[22:00:02] <hobbelt> not doing that
[22:00:08] *** m1chael has joined #postfix
[22:00:56] <morphje> hobbelt: 256 MB vps is currently my running machine for about 20 domains orso, including roundcube, courier and spamassasin
[22:01:00] <morphje> so yes :)
[22:01:01] <leprechau> ehh I live in the usa...so doesn't bother me
[22:01:06] <hobbelt> morphje alright, good to know ;)
[22:01:20] <Dominian> hrm
[22:01:23] <Dominian> 45 bucks for a full year?
[22:01:24] <Dominian> that's not bad
[22:01:29] <hobbelt> leprechau I do not, and if i have the choice im not hosting there
[22:01:37] <morphje> 45 buck per YEAR?!?!
[22:01:38] <leprechau> hobbelt, fair enough
[22:01:45] <leprechau> lol they have a $19/year one
[22:01:48] <hobbelt> so ill go VPS then :)
[22:01:57] <leprechau> that's pretty low end ... but that's a steal
[22:01:58] <hobbelt> just gotto find a google agenda replacement and im done
[22:01:58] <Dominian> morphje: yeah its a small vps
[22:02:05] <morphje> i can only imagine
[22:02:08] <leprechau> I have one of those that I just use to run external nagios checks and whatnot
[22:02:23] <Dominian> morphje: 1 core, 190MB RAM burst to 220MB 19GB space 190GB bandwidth cap 1 IP and 5Mbps uplink
[22:02:26] <morphje> that's about what my setup costs a week
[22:02:46] <morphje> (not fair comparing 13U to a vps, i know ;))
[22:02:58] <NorrinRadd> leprechau: what they mean by RAM + vswap is 1GB?
[22:03:24] <NorrinRadd> vswap is just swap?
[22:03:31] <NorrinRadd> what's the ram lol
[22:03:43] <leprechau> it's openvz hosting so a little different terminology
[22:03:56] <leprechau> but yes ... basically the same thing it's just ram
[22:04:01] <hobbelt> yeah im also looking into an openvz one
[22:04:35] <morphje> vswap does have a bitter aftertaste sounding type of thing since vmware introduced vmem licensing
[22:04:46] <Dominian> They have openvz, kvm, and xen
[22:05:37] <Dominian> damn a small VPS like that would be perfect ofr a DNS server
[22:05:41] * Dominian bookmarks
[22:06:04] <NorrinRadd> hobbelt: what vps do you suggest. i'd rather go non-us if i could also
[22:06:15] <morphje> but i do agree with hobbelt, i prefer non-US vps'es
[22:06:23] <NorrinRadd> that v-day sale looks sweet though. kinda commited to buying from a local guy though
[22:06:28] <hobbelt> I can get 256mb RAM, 512MB SWAP, 30GB HD, 1000GB data and 1 IP on an Ubuntu OpenVZ box for 6 euro a month
[22:06:38] <morphje> where
[22:07:07] <hobbelt> Versio
[22:07:23] <Dominian> hobbelt: nice
[22:07:43] *** Kre10s has joined #postfix
[22:07:44] <NorrinRadd> Dominian: correct to say dns is fairly allowed on residential connections though?
[22:07:59] <NorrinRadd> i was shocked to see looks like comcast doesn't block bind port
[22:08:10] <leprechau> NorrinRadd, yeah they don't
[22:08:39] <Kre10s> what is MTU?
[22:09:08] <Zelest> 1500 normally ;-)
[22:09:37] <NorrinRadd> google should answer that fairly quickly
[22:09:38] <Dominian> NorrinRadd: umm.. I'd put a DNS server on a VPS just for the static IP
[22:09:47] <Dominian> NorrinRadd: I'd not want to run my dns off of my comcast connection
[22:09:56] <Zelest> Kre10s, http://en.wikipedia.org/wiki/Maximum_transmission_unit
[22:10:03] <NorrinRadd> hobbelt: why trust anything EU more than USA though?
[22:10:09] <Zelest> Kre10s, unless it means something else.. (i can imagine "mail transfer..." something.. as well)
[22:10:34] <morphje> NorrinRadd: i can answer that, as a true dutchman, he distrusts everything that is USA ;)
[22:10:41] <hobbelt> Heh
[22:10:50] <morphje> thanks to some laws :P
[22:10:53] <hobbelt> Well, we have better laws on data access by government and such
[22:11:03] <hobbelt> especially concerning privacy
[22:11:15] <morphje> although our government is going the wrong way really really quickly
[22:11:29] <hobbelt> companies like the MPAA cant just request your personal data from google
[22:11:52] <hobbelt> agree morphje, im glad they put this local ACTA thing on hold though
[22:12:24] <Zelest> personal data? does that still exist?
[22:12:41] <hobbelt> Yes
[22:12:46] <hobbelt> Thats why im leaving google
[22:13:09] <morphje> as if it is going to do any good, just delaying the enevitable
[22:13:10] <hobbelt> I was opted out of everything, with their new privacy stuff i cant opt out anymore
[22:13:11] <Zelest> You better block things like analytics and adsense as well then.
[22:13:19] <hobbelt> Zelest i block all of them
[22:13:28] <Zelest> What search engine do you prefer then?
[22:13:32] <hobbelt> DuckDuckGo
[22:13:39] <Zelest> Ah
[22:13:48] <hobbelt> And google.. its just better
[22:13:49] <Kre10s> I'm having trouble sending (smtp) mail. I've been trying to send a 4Mbyte file to my server. I'm getting a msg in the logs " timeout after DATA (3448812 bytes) from unknown"
[22:13:52] <NorrinRadd> hobbelt: ha, "leaving google" is why i'm working on this postfix server
[22:13:56] <morphje> haha, don't mind me from laughing at that name
[22:14:26] <Zelest> hobbelt, i assume you're anti social medias as well then?
[22:14:28] <hobbelt> NorrinRadd also moving from Google? Found a proper Calendar replacement already?
[22:14:38] <hobbelt> Zelest, well, you cant really avoid facebook
[22:15:03] <hobbelt> But I dont connect / use their public login.. and they have a lot of fake information
[22:15:03] <Zelest> then the US gov already got the info it needs about you so you might as well goof around on Google. ;-)
[22:15:13] <NorrinRadd> hobbelt: i haven't. more than anything i want my mail to be of google
[22:15:20] <NorrinRadd> off*
[22:15:25] <hobbelt> yap
[22:15:30] <morphje> hobbelt: yes you can avoid facebook. i've been doing that for years now
[22:15:38] <Zelest> We have the awesome wiretap laws in Sweden where they government actively sniff anything that cross the border..
[22:15:40] <hobbelt> morphje.. social pressure they call it
[22:15:41] <Kre10s> I was lead to believe the problem to be the MTU, changed it to 1460 from 1500, but still have problems. any ideas?
[22:15:51] <Zelest> Creating huge sociographs in order to profile people.
[22:16:04] <Patrickdk> you INCREASED the mtu?
[22:16:10] <Patrickdk> that is more likely to cause issues, than fix
[22:16:11] <morphje> hobbelt: i just tell them to socially [insert not-nice sounding words] off
[22:16:20] <hobbelt> Tell your GF
[22:16:31] <morphje> she doesn't do FB either
[22:16:36] <Zelest> hobbelt, openbsd, no social medias and no google.. might work. :-P
[22:16:38] <hobbelt> But im sure im pretty alright there
[22:16:47] <Zelest> hobbelt, not that people would ignore it if they try to find "suspicious" people :P
[22:17:00] <hobbelt> I mean, on Facebook I choose what i share
[22:17:07] <hobbelt> on google mail they just profile everything
[22:17:23] <hobbelt> given that I already use my own domain wich forwards to google mail..
[22:17:25] <Zelest> erm
[22:17:26] * Patrickdk thought this was #postifx, not #fb, #xgf, #mpaa, ...
[22:17:30] <Zelest> facebook has your account..
[22:17:38] <Zelest> TONS of sites have "like" and such..
[22:17:43] <Zelest> meaning, they know exactly what you browse
[22:17:44] <thumbs> oh, drop the bloody paranoia.
[22:17:45] <Zelest> = profiling
[22:17:46] <hobbelt> So, I just block the like button
[22:17:49] <morphje> yes Patrickdk you are right ;)
[22:18:06] <Zelest> thumbs, paranoia is a gift :D
[22:18:12] <Patrickdk> lets all join #/r/
[22:18:21] <hobbelt> Well, I just dont know whats going to happen in 5 years..
[22:18:23] <NorrinRadd> Zelest: good to know about sweden
[22:18:32] <hobbelt> What if Facebook / Google teams up with healthcare providers?
[22:18:38] <Zelest> NorrinRadd, oh yeah, and Facebook is building a huge datacenter in Sweden as well.. fyi ;)
[22:18:39] <Kre10s> Patrickdk, decreased from 1500 to 1460.
[22:18:42] <NorrinRadd> so what's a good country to get a vps in than?
[22:18:59] <Zelest> hobbelt, what about it?
[22:19:05] <Patrickdk> Kre10s, you shouldn't change you mtu, it should be the same as everything else on that network
[22:19:18] <Patrickdk> you might want to use tracepath to make sure your didn't break pmtu somewhere
[22:19:47] * Patrickdk would recommend a satellite vps
[22:20:30] <NorrinRadd> still would be owned by a corp under the control of a country
[22:20:39] <Zelest> i just don't see why people are so scared about all the stuff.. as hobbelt said about facebook, same goes forthe web, I choose what to share.
[22:20:54] <hobbelt> Zelest On facebook you can
[22:20:59] <hobbelt> on Gmail you cant
[22:21:01] <Patrickdk> norrinradd, you can launch your own satellite, it's not hard
[22:21:08] *** Alagar has quit IRC
[22:21:12] <Patrickdk> just getting a good uplink to it, that is hard
[22:21:17] <hobbelt> Anyways, can you reset a VPS back to default with a click? Never had a VPS
[22:21:33] <Patrickdk> hobbelt, you have no idea if you can or not
[22:21:37] <NorrinRadd> hobbelt: probably. my first one has that option
[22:21:39] <Zelest> hobbelt, well.. mail is mail.. and a LOT of mail is plaintext and most SSL setups don't validate the certs, so a MITM is very easy..
[22:21:45] <Patrickdk> for all you know, they are using a snapshotting system underneith the vps
[22:21:50] <Zelest> hobbelt, so your ISP can profile your mail just as easy
[22:22:17] <hobbelt> well, they are not allowed to, and its not their core business
[22:22:20] <Zelest> I'm more scared of the fat geek working at my ISP sniffing my connection than any of the big corps :P
[22:22:20] <Patrickdk> never been able to mitm my mail
[22:22:27] <Patrickdk> all you need is proper s/mime or pgp
[22:22:44] <NorrinRadd> Zelest: you'd know if you validate the SSL certs you use
[22:22:56] <Patrickdk> NorrinRadd, not true
[22:23:08] <Patrickdk> atleast not if you trust any *public* ca's
[22:23:09] <Zelest> still
[22:23:16] <Zelest> they profile ALL.. they see your mail and everything.... and?
[22:23:26] <Patrickdk> many of them have already admitted they supply spoofed certs to business and isps
[22:23:27] <Zelest> what's so secret and precious?
[22:23:30] <Patrickdk> so they can look at traffic
[22:23:58] <Patrickdk> or atleast supply sub-ca certs, that they can use to create their own certs with for any domain
[22:24:19] <hobbelt> Btw, considering domains. If I own AAA.com which forwards mails to BBB.com on my VPS, will I be able to send emails on behalf of AAA.com from my VPS?
[22:24:38] <Patrickdk> hobbelt, always :)
[22:24:51] <Zelest> i'm also able to send mail from aaa.com btw :P
[22:24:55] <Patrickdk> unless who you sends it do is blocking via spf, dkim, ...
[22:25:31] <hobbelt> alright, so they will see the other domain in the via
[22:25:56] <hobbelt> so if I do not tie my AAA.com to my VPS you will always see the " at BBB dot com on behalf of.. " message?
[22:26:28] <Zelest> anyone can always specify the from address..
[22:27:53] <NorrinRadd> i'm setting up a postfix relay. i want it to relay the mail to my home. where can the relay port be specified?
[22:28:09] <Patrickdk> NorrinRadd, on the relay line :)
[22:28:19] <NorrinRadd> Patrickdk: syntax
[22:28:24] <NorrinRadd> the only example i see is: example.com smtp:[]
[22:28:33] <Patrickdk> heh?
[22:28:43] <NorrinRadd> transport:nexthop, but where to put the port?
[22:28:43] <Patrickdk> your using transport file?
[22:29:02] <Patrickdk> now you need to know what nexthop is
[22:29:02] <hobbelt> But can you SPF record a domain to a VPS which does not MX record forward to the VPS?
[22:29:12] <NorrinRadd> could do transport file or the relay line. same syntax i'm guessing. but still don't know where to put the port
[22:29:17] <Patrickdk> nexthop for smtp is in the format of address:port
[22:29:25] <Patrickdk> or using [] around address to ignore mx entries
[22:29:33] <Patrickdk> I don't get why people put [] around ip's
[22:30:07] <Zelest> IPv6?
[22:30:13] <Zelest> oh
[22:30:14] <NorrinRadd> Patrickdk: thanks. so example.com smtp:[hostname.fqdn:1081] looks correct?
[22:30:22] <Patrickdk> nope
[22:30:50] <Patrickdk> port is not part of address
[22:31:29] *** wdp_ has quit IRC
[22:31:38] <NorrinRadd> example.com smtp:[hostname.fqdn]:1081 ?
[22:31:44] <Patrickdk> yep
[22:31:55] <NorrinRadd> thanks
[22:33:44] *** rubin110 has left #postfix
[22:35:40] <NorrinRadd> Patrickdk: thanks for the cert spoofing news too. i missed that; stopped following @ioerror when he goes on his political rants.
[22:36:12] <NorrinRadd> i recall they were getting hacked, and denying anything valuable was taken
[22:36:47] <Patrickdk> http://forums.theregister.co.uk/forum/1/2012/02/09/tustwave_disavows_mitm_digital_cert/
[22:40:03] *** morphje has quit IRC
[22:40:23] <NorrinRadd> now wondering if using public key encryption rather than ssl certs for various protocols is possible
[22:40:29] <NorrinRadd> and if it fixes the problem
[22:40:46] <Patrickdk> hmm? using ssl certs is fine
[22:40:52] <Patrickdk> but ONLY truest your own ca's :)
[22:40:55] <Patrickdk> trust
[22:41:18] <lunaphyte_> certificates use public key encryption...
[22:41:19] <Patrickdk> I don't see how public key encryption would be different, that is what ssl certs are
[22:41:41] *** rubin110 has joined #postfix
[22:42:36] <rubin110> Does gmail secretly hate postfix forwards via /etc/aliases? Everything I'm forwarding through is marked as read and automatically archived in gmail.
[22:42:48] <NorrinRadd> I see. for web browsers, clients would have to add the private ca.
[22:44:46] <NorrinRadd> Patrickdk: so basically don't assume any ssl traffic is private unless the cert is from a ca you know hasn't been compromised? (ex: gmail.com)
[22:45:11] <lunaphyte_> in simplest terms - trust is not something implicit
[22:45:25] <NorrinRadd> rubin110: are you sure there isn't a filter doing that?
[22:48:44] *** Kre10s has left #postfix
[22:50:06] <rubin110> Pretty sure.
[22:50:11] <rubin110> Giving up.
[22:50:19] <rubin110> I blame google.
[22:53:08] *** gerhard7 has quit IRC
[22:57:08] *** roentgen has quit IRC
[23:00:53] *** danblack has joined #postfix
[23:07:36] *** cpm has joined #postfix
[23:07:36] *** cpm has joined #postfix
[23:10:30] *** rubin110 has left #postfix
[23:11:45] *** jkfod has quit IRC
[23:15:24] *** m1chael has quit IRC
[23:19:15] *** matt1982 has quit IRC
[23:20:41] *** jkfod has joined #postfix
[23:27:03] *** e-anima has quit IRC
[23:28:37] *** biggi_mat has quit IRC
[23:32:01] *** snearch has quit IRC
[23:32:17] *** snearch has joined #postfix
[23:41:32] <kreign> Dominian, btw looks like you use policyd to me. :)
[23:47:57] *** cpm has quit IRC
[23:51:06] *** wdp has quit IRC
[23:51:52] *** Zelest has quit IRC
[23:52:05] *** Steve_The_Pirate has quit IRC
[23:52:27] *** sphenxes has quit IRC
[23:52:56] *** jarr0dsz has quit IRC
[23:53:06] *** jarr0dsz has joined #postfix
[23:55:13] <NorrinRadd> in a mail forwarder setup, the final destination is postfix also (or any mta)?
[23:57:01] *** m1chael has joined #postfix

   February 15, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >