Switch to DuckDuckGo Search
   February 16, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >

Toggle Join/Part | bottom
[00:09:06] *** snearch has quit IRC
[00:11:53] <kreign> NorrinRadd, any MTA.
[00:15:34] *** krzee has quit IRC
[00:16:59] *** atossava has joined #postfix
[00:20:46] *** hobbelt has quit IRC
[00:21:56] <atossava> problem with a system that's receiving a lot of mail, lots of "deliver" processes are stuck. LDA is dovecot, user data is in mysql. http://pastebin.com/2b8YNUUe I already upped the dovecot_destination_concurrency_limit to 30
[00:22:19] <atossava> all ideas welcome. strace'ing a stuck deliver process doesn't reveal anything - it's not executing any syscalls
[00:24:09] <kreign> atossava, does it get stuck before or after dovecot deliver/lda gets the message?
[00:24:41] <atossava> kreign: how do I tell? this has been going on for a while apparently and I wasn't around to look at logs when it started.
[00:25:27] <kreign> you could try sending a test message to a mailbox and see if it's there? :P
[00:25:39] <atossava> ok now I don't know what's going on, the number of deliver processes has gone down a lot, seeing five or six at a time only.
[00:26:03] <kreign> that sounds reasonable.
[00:26:08] <kreign> atossava, how is the server IO load?
[00:26:12] <atossava> well yeah :D the thing is, finding it in the logs is a pain because it's a cluster of four servers receiving a ton of mail
[00:26:46] <atossava> top shows 0% in wait and iostat <n> shows nothing going to disk or coming from there, practically
[00:27:16] <kreign> you should consolidate logs using rsyslog or whatever you like to use and learn how to use grep, at the very least. :)
[00:27:39] <kreign> atossava, lsof | grep deliver
[00:27:40] <atossava> kreign: I have a hunch on how to use grep :D
[00:27:45] <atossava> oh. yes. obviously
[00:28:17] <kreign> was that me hitting you on the back of the head and you realizing the obvious, or you ridiculing me for making such an obvious statement? :)
[00:29:17] <atossava> kreign: lsof -c deliver shows nothing that I wasn't expecting
[00:29:51] <atossava> it's got the dovecot deliver logs open, the directory of the user that mail is being delivered to, and the dovecot index files
[00:30:24] <kreign> atossava, nothing irregular in the postfix logs?
[00:30:32] <kreign> ie you see the message getting sent off?
[00:30:36] <atossava> aside from the warnings... just tons of spam
[00:31:02] <kreign> heh
[00:31:25] *** Cain has joined #postfix
[00:31:30] <atossava> it's a group of domains that has been dead for 10 years and before that it was a freemail
[00:31:41] <kreign> atossava, so is there an actual observed problem, then?
[00:32:44] <atossava> the deliver processes were getting stuck. the test message that I just sent to myself got through in no time at all, so perhaps it was merely a question of raising the dovecot destination concurrency limit and it taking a while to take effect?
[00:33:34] <atossava> I'm still a bit puzzled about why deliver processes are accumulating cpu time rather than just finishing off pretty quickly.
[00:33:53] *** Cain has quit IRC
[00:34:56] <atossava> how large a dovecot index file would be a problem? I'm collecting spam into a single mailbox from all the traps on the domain, and the dovecot index is getting big.
[00:36:11] <atossava> http://pastebin.com/UcApQV1f
[00:36:22] <atossava> what surprises me there too is the date of last mod
[00:36:30] *** gwdp has joined #postfix
[00:39:21] <higuita> atossava: install pstack and pstack one of those process
[00:39:37] <atossava> re logs: a day's worth of maillog on a single server (there's four) is about 100M, or was yesterday. There's still an hour or two of today to go, and it's 200M already. Faster rotation / more log file granularity?
[00:39:37] <higuita> might give you a hint of what they where doing...
[00:40:08] <higuita> that or gdb um of then and do a backtrack
[00:40:56] <NorrinRadd> set default_transport to NULL if you don't want to be an open relay?
[00:41:09] <atossava> higuita: http://pastebin.com/1vcGZAJP - doesn't tell me anything
[00:41:19] <atossava> norrinradd: it's not an open relay. it intentionally collects spam
[00:41:25] * NorrinRadd not sure what an open relay is; seems preferrable not to be one though
[00:41:35] <atossava> open relays are so 1996 anyway
[00:42:16] <NorrinRadd> atossava: forwarding random mail to its destination is intentionally collecting spam?
[00:43:05] <atossava> norrinradd: the system is the MX and end destination for a group of domains that used to be a freemail back in 2001. they were disused when the original operation folded, and have been NXDOMAIN or answering 550 5.1.1 to everything for ten years.
[00:43:46] <atossava> now all of the mailboxes are enabled with the idea being that the spam collected in there is, well, pretty much guaranteed to be spam and therefore good fodder for some out there who do things with it.
[00:44:29] <atossava> obviously setting the spam mailbox "active=0" does away with the problem in a way, but the problem is I actually want to collect it. :)
[00:45:04] *** m1chael has quit IRC
[00:45:16] <NorrinRadd> atossava: no idea what you're talking about. i asked if setting default_transport to NULL is a good idea / avoids being an open relay?
[00:45:38] <seekwill> atossava: heh
[00:45:38] <atossava> norrinradd: oh. I figured you were participating in the existing conversation rather than starting a new one :D sorry. my bad
[00:46:43] <atossava> norrinradd: postfix is not an open relay by default, you have to work hard at it to make it so.
[00:46:52] <NorrinRadd> good to know
[00:48:00] <atossava> norrinradd: from my very limited reading of the postconf man page, setting default_transport to null might just make you unable to deliver any outbound mail at all?
[00:48:30] <NorrinRadd> yeah, figure i'll stop worrying about that parameter for now
[00:57:02] <higuita> atossava: the pstack shows that the process is trying to write to the "mailbox"
[00:58:03] <higuita> as you said it was a mysql, i assume you have a problem in the dovecot->mysql
[00:58:35] <higuita> if not mysql, its for sure the storage defined in dovecot
[00:58:59] *** kyconquers has quit IRC
[01:01:28] <atossava> higuita: dovecot looks up user account information in mysql - ie whether an address exists, that's all
[01:01:39] <atossava> the mailbox is a maildir file... on GFS2
[01:02:08] <higuita> then the problem is in there
[01:02:15] <atossava> quite possibly so
[01:02:33] <higuita> its looking to the index and stops there
[01:03:09] <higuita> maybe the index is locked on that node
[01:03:34] <atossava> you'd expect the index to be locked all the time - spam is coming in at a staggering rate
[01:03:53] *** kyconquers has joined #postfix
[01:03:59] <atossava> and all nodes in the GFS2 cluster are experiencing the same condition
[01:04:42] <higuita> try to spread the spam for several mailbox, to reduce the lock waiting for the delivery process
[01:05:34] <atossava> that's what I was thinking of doing next, set up a spambox for each domain separately.
[01:07:13] <higuita> if needed, use the first or last character of the username part of the email as a filter for mailboxes (ie: oliva -> o mailbox, tony -> t mailbox , etc, etc
[01:11:26] *** Blackvel has quit IRC
[01:11:40] <atossava> higuita: indeed
[01:12:23] <atossava> with separate domains, I'm going to ~~halve the load (two TLDs are almost 50/50 of the whole set and the rest are peanuts)
[01:13:27] *** nowthatsamatt has joined #postfix
[01:19:02] <higuita> 50% off on the access to the index might not be enough to give the GFS2 enough room for the delivery to process without problems, but test it
[01:19:55] *** nowthatsamatt has left #postfix
[01:22:36] *** jkfod has quit IRC
[01:23:16] *** master_of_master has quit IRC
[01:24:17] *** master_of_master has joined #postfix
[01:25:11] <atossava> I had no problems for about a week... :( :)
[01:27:50] *** MaximusColourum has quit IRC
[01:29:36] *** aindilis2 has joined #postfix
[01:31:32] <atossava> higuita, kreign: at any rate, thank you both very much, it's been very helpful.
[01:32:17] <kreign> atossava, awesome, maybe you can stick around and give me a hand figuring out dovecot's lda/postfix configuration. :P
[01:32:20] <kreign> the docs aren't clear enough for me.
[01:32:41] <seekwill> You probably didn't mean TLD...
[01:33:07] <atossava> kreign: hth if I can
[01:33:27] <atossava> seekwill: I have a bunch of domain names where the identifying part is the same in 28 TLDs. I did.
[01:33:32] <atossava> (mean TLD, that is.)
[01:34:43] <atossava> Two of those (example.XX and example.YY) make up the majority of my spamboxes. .ZZ and .WW are about 15% combined, and the rest are pretty much nonexistent.
[01:34:53] <seekwill> oh
[01:35:09] <kreign> unfortunately ij ust had an array die, so... later. :|
[01:35:47] <atossava> eww. sorry to hear that. k
[01:40:42] <kreign> atossava, what're you doing, running a spam collection/analysis site?
[01:41:45] <NorrinRadd> my postfix is denying basic connections and i don't know why
[01:41:48] <NorrinRadd> "telnet: connect to address xx.xx.xx.xx: Connection refused"
[01:42:38] <higuita> NorrinRadd: is postfix up?
[01:43:22] <higuita> if yes, does port 25 open (netstat -ln| grep :25)
[01:43:45] <NorrinRadd> yes to both of those
[01:43:57] <higuita> what is the interface that have the port 25 open? or ?
[01:44:10] <NorrinRadd> master 1172 root 110u IPv4 9840 0t0 TCP localhost:smtp (LISTEN)
[01:44:13] <NorrinRadd> so both
[01:44:21] <kreign> NorrinRadd, ipfw, iptables, or pf?
[01:44:30] <higuita> localhost is not both
[01:44:37] <higuita> localhost is
[01:44:42] <kreign> heh
[01:44:51] <NorrinRadd> kreign: no to all of those
[01:45:02] <kreign> NorrinRadd, higuita answered your question.
[01:45:18] <NorrinRadd> kreign: example.
[01:45:27] <higuita> search in your config the inet_interfaces and change to all
[01:45:29] <kreign> ...
[01:45:30] <higuita> inet_interfaces = all
[01:45:57] <higuita> or simply remove the inet_interfaces line you might have, the default is all
[01:46:21] <NorrinRadd> i don't have an inet_interfaces line
[01:46:53] <higuita> ok, pastebin the postconf -n
[01:46:56] <NorrinRadd> correction. I have these two lines:
[01:46:56] <NorrinRadd> inet_interfaces = loopback-only
[01:46:57] <NorrinRadd> inet_protocols = all
[01:47:10] <NorrinRadd> hmm
[01:47:11] <higuita> simply remove the inet_interfaces line you might have, the default is all
[01:47:26] <kreign> NorrinRadd, lsof -i tcp | grep "*:smtp"
[01:47:29] <NorrinRadd> why the hell does that say loopback-only lol
[01:47:43] <NorrinRadd> i mean, i haven't changed it. that's teh default?
[01:48:07] <kreign> heloooooo open relay tomorrow...
[01:48:15] <higuita> if that is debian (or debian based), it asked during install where to listen... or simply is the distro default
[01:49:12] <NorrinRadd> i remember the setup questions. don't know what in there could have caused it to only listen to loopback
[01:49:34] <NorrinRadd> kreign: if you search your buffer, you might see someone already said its pretty hard to configure open relay on postfix
[01:49:43] <NorrinRadd> atossava, it might have been
[01:50:08] <higuita> you anwsered that only wanted local email, didnt want to received email from the internet
[01:50:08] <NorrinRadd> higuita: thanks for the expert help
[01:50:42] <NorrinRadd> well i do know i selected internet with smarthost. didn't think that would cause this though
[01:51:27] <higuita> NorrinRadd: is hard... but newbies are so ingenious making mistaked :D
[01:52:11] *** quebre has quit IRC
[01:52:45] <NorrinRadd> wondering what else it screwed up now.
[01:53:45] <higuita> not much... check the relayhost entry, to see if that have what you want
[02:00:40] <NorrinRadd> relayhost looks correct, as long as the default transport is smtp
[02:00:47] <NorrinRadd> and smtp prot
[02:00:49] <NorrinRadd> port*
[02:00:55] *** hever has quit IRC
[02:05:32] *** n0sq has joined #postfix
[02:15:00] *** hever has joined #postfix
[02:21:20] *** seekwill has quit IRC
[02:22:52] <lunaphyte> what exactly is the problem you're trying to solve?
[02:31:05] *** BuenGenio has joined #postfix
[02:31:17] *** m1chael has joined #postfix
[02:35:59] *** nutron has quit IRC
[02:36:43] *** hever has quit IRC
[02:40:43] <jimpop> world hunger?
[02:44:39] *** nutron has joined #postfix
[02:46:30] *** josefig_ has joined #postfix
[02:48:17] <Patrickdk> jimpop, heh, how? with all these people saying americans are fat, americans will be hungry again
[02:53:38] *** josefig_ has left #postfix
[02:56:50] *** m1chael has quit IRC
[03:01:46] *** biggi_mat has joined #postfix
[03:06:57] *** biggi_mat has quit IRC
[03:08:48] <jimpop> lol
[03:29:21] *** gwdp has quit IRC
[03:30:31] *** seekwill has joined #postfix
[03:50:50] *** hever has joined #postfix
[03:52:17] *** penrod has joined #postfix
[04:08:52] *** r3zon8 has quit IRC
[04:09:17] *** m1chael has joined #postfix
[04:29:11] *** danblack has quit IRC
[04:53:15] *** danblack has joined #postfix
[05:00:32] <NorrinRadd> lunaphyte: i've been trying to setup a mail forwarder because i have port 25 blocked.
[05:01:31] <NorrinRadd> seeing that port 587 seems to be common for mail, i'm now wondering if i forgo the mail forwarder and main server listens on 587, will i receive & send mail without issues
[05:06:14] <NorrinRadd> or do most mail transports only try port 25 on the destination mx?
[05:07:56] <pj> 587 is for submission, if you want to receive email then you need to use port 25.
[05:08:02] <pj> !tell NorrinRadd submission
[05:08:02] <knoba> NorrinRadd: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf
[05:08:55] <pj> you can't use 587 for mail exchange
[05:10:23] <NorrinRadd> ok. back where i was at
[05:10:25] <thumbs> NorrinRadd: use your ISP's relayhost instead.
[05:10:38] <thumbs> NorrinRadd: why all this fuss?
[05:12:19] <NorrinRadd> thumbs: the isp relay host can be my mta? if i have to setup an mta on port 25 (not at my house) i might as well use that mta was relayhost also
[05:12:31] *** seekwill has quit IRC
[05:12:43] <jimpop> why not just use your isp provided email address?
[05:12:49] <pj> yes, you can set up your own relayhost.
[05:13:07] <thumbs> NorrinRadd: if port 25 is blocked, use a null mailer, and authenticate with your ISP's relayhost.
[05:13:16] <thumbs> NorrinRadd: you don't even need postfix
[05:13:31] <NorrinRadd> pj, i'm in the middle of that. trying to figure out the ssl auth stuff at the moment. learning about the delivery transport also
[05:13:57] <thumbs> NorrinRadd: set up postfix on a VPS, and forego all this port blocking nonsense.
[05:13:57] <pj> NorrinRadd: start with a very basic server and add one feature at a time.
[05:14:14] <NorrinRadd> thumbs: i'm already in the middle of that
[05:15:16] <pj> I don't have a problem with ISPs that block port 25. In fact I think that it helps a lot to prevent SPAM.
[05:16:06] <NorrinRadd> probably does. just makes it harder for those who want their email private
[05:16:37] <pj> NorrinRadd: you'll find that it's not a good idea to run an email server off of a home network anyways.
[05:17:03] *** MAAAAAD has quit IRC
[05:17:25] <NorrinRadd> if you mean the ip address, mine hasn't changed in 3 years. dynamic ip shouldn't be a big issue
[05:17:28] <NorrinRadd> something else?
[05:17:40] <pj> dnsrbls
[05:17:51] <thumbs> NorrinRadd: no, you don't want to run a mail server off your residential connection
[05:18:01] <NorrinRadd> thumbs: why?
[05:18:09] <pj> blocks that are assigned to residential connections are listed in blacklists.
[05:18:11] <thumbs> NorrinRadd: most mail servers will say, "screw you, we don't trust you, keep your emails"
[05:18:34] *** n0sq has quit IRC
[05:18:50] <jimpop> thumbs: i wish we could do that on #postfix
[05:18:55] *** hever has quit IRC
[05:18:58] <thumbs> NorrinRadd: you're doomed from the start
[05:19:04] <thumbs> jimpop: hah.
[05:19:08] <pj> not to mention that you often times can't set up fcrdns properly
[05:20:07] <NorrinRadd> plan to route everything through a forwarder. hoping that'll solve fcrdns issues
[05:20:20] <pj> in that case you don't need port 25 anyways.
[05:20:29] *** treshoem has left #postfix
[05:20:30] <pj> at least not for sending
[05:20:35] <NorrinRadd> and that's the 2nd reason i'm using a forwarder
[05:20:45] <thumbs> NorrinRadd: and you don't need postfix locally either :)
[05:20:50] <pj> it's your forwarder?
[05:20:56] <Dominian> kreign: its not policyd
[05:21:04] <jimpop> !tell NorrinRadd gmail
[05:21:05] <knoba> NorrinRadd: "gmail" : Google Mail issues?: http://mail.google.com/support/bin/answer.py?hl=en&answer=81126
[05:21:12] <jimpop> !tell NorrinRadd use_gmail
[05:21:12] <knoba> jimpop: Error: No factoid matches that key.
[05:21:17] <pj> heh
[05:21:31] <NorrinRadd> thumbs: but i want to mail at home. that's why i figure i need postfix at home
[05:21:41] <NorrinRadd> meaning, stored, and only stored, at home
[05:21:49] <thumbs> NorrinRadd: you can run postfix on your vps, and configure your mua to connect to it.
[05:22:05] <thumbs> NorrinRadd: still makes no sense to run postfix at home.
[05:24:26] *** danblack has quit IRC
[05:24:43] <NorrinRadd> thumbs: mua means Mail Delivery Agent?
[05:24:43] <pj> NorrinRadd: in that case you need to set up the VPS to relay inbound emails to your home server. There is no real need to relay outbound emails from home because you can just submit them directly to the VPS.
[05:25:09] *** xxzz has joined #postfix
[05:25:46] <thumbs> NorrinRadd: mail user agent
[05:25:49] <pj> do keep in mind that in any case your emails will have to at least be temporarily stored on the VPS in the queue files, there is no getting around that.
[05:26:16] <thumbs> NorrinRadd: might as well keep the mailstore on the VPS, until you download them to your desktop at home
[05:26:19] <NorrinRadd> true. but ramdisk for spool... probably about as good as i can get it
[05:26:42] <thumbs> NorrinRadd: why are you trying to solve imaginary bottlenecks?
[05:26:43] <pj> with a ramdisk for spool you risk loosing emails if the ramdisk crashes.
[05:26:53] <NorrinRadd> that's fine
[05:27:01] <NorrinRadd> thumbs: what imaginary bottleneck?
[05:27:05] *** danblack has joined #postfix
[05:27:22] <thumbs> NorrinRadd: why use a ramdisk for the spool?
[05:27:52] <NorrinRadd> because i don't want my mail on a vps. ramdisk doesn't solve that, but "probably about as good as i can get it"
[05:28:26] <jimpop> NorrinRadd: colo your own server
[05:29:08] <pj> NorrinRadd: use an encrypted filesystem, then.
[05:29:21] <NorrinRadd> why not do both lol
[05:30:01] <pj> also keep in mind that usually VPS accounts have a very limited amount of RAM. You can't afford to use very much for a ramdisk.
[05:30:19] *** MAAAAAD has joined #postfix
[05:30:25] <NorrinRadd> yeah, its only mail for me. shouldn't be an issue
[05:30:57] <pj> if the ramdisk fills up you will likely loose email, or at least be deferring it.
[05:31:45] <pj> and it will take RAM away from other tasks, things such as clamav need a pretty decent chunk of RAM.
[05:32:07] <NorrinRadd> thinking the clamav/alternatives can all run on the final destination
[05:32:25] <NorrinRadd> where ram isn't an issue
[05:32:28] <jimpop> O_o backscatter
[05:33:14] <pj> jimpop: doesn't matter with clamav, you can't really run that pre-queue anyways.
[05:33:35] <jimpop> clamav-milter
[05:33:59] <pj> hrmmmmm, ok, well it will increase your network bandwidth to do it that way, though.
[05:34:11] <jimpop> but if he/she is accepting at the vps, then fwding to home and THEN running clamav/spammassassin... he/she will be a backscatter if he/she rejects
[05:35:26] <pj> yeah, well, what I mean is it will backscatter anyways if you run clamav post-queue on the first server, such as when using amavisd-new.
[05:35:37] <jimpop> rgr that
[05:36:19] <lunaphyte> once mail is accepted by the mx, it should be delivered
[05:36:46] <pj> yes, well the only exception I make for that rule is when clamav marks an email with a virus.
[05:36:55] <lunaphyte> fair
[05:37:12] <pj> in which case I drop the email, not the best solution, but better than backscatter.
[05:37:31] <pj> if the email gets marked as spam I still deliver it ... to the user's Spam folder.
[05:37:45] * jimpop doesn't deliver what he can't accept
[05:37:47] <lunaphyte> i prefer to put it in a quarantine
[05:38:22] <pj> right, I actually do that, but considering that I have never had a single request to retrieve an email from quarantine it may as well be dropped, heh.
[05:38:29] <NorrinRadd> delivering it to a spam folder sounds like a plan to me
[05:38:43] <NorrinRadd> well i like the idea so far
[05:39:06] <pj> NorrinRadd: for that you need to use sieve, I use the dovecot delivery agent with sieve for that.
[05:39:37] *** famicom has joined #postfix
[05:44:41] <pj> NorrinRadd: but take it one step at a time, get delivery to work with the default postfix virtual delivery agent first.
[05:45:16] <NorrinRadd> pj: will do. i should remove the sasl stuff i have already
[05:45:19] <NorrinRadd> hmm: http://en.wikipedia.org/wiki/Transparent_SMTP_proxy
[05:46:26] <pj> well, here's the thing, you're looking at a rather complex setup because you're splitting your email functions across two servers. This may not be such a good idea if you're new to running an email server.
[05:46:51] <thumbs> +1
[05:47:41] <NorrinRadd> true. howto's i've seen don't fully cover what i'm doing. i'm piecing it together so far. hoping i won't hit a brickwall
[05:47:55] <pj> howtos are a bad idea anyways
[05:48:00] <pj> !tell NorrinRadd tutorial
[05:48:00] <knoba> NorrinRadd: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.
[05:48:02] <NorrinRadd> verfied the postfix to postfix talk already, without a mda setup. hoping that's a good sign
[05:48:57] <pj> you will need to keep a copy of your user data on both servers, for SASL purposes and to avoid backscatter as well.
[05:49:03] <NorrinRadd> yeah, that's what i hate about the ubuntu howto. has all this stuff and doesn't say what its doing
[05:49:51] <pj> NorrinRadd: I recommend that you start by just configuring one server to do everything, and get used to how postfix and your email works. Then go about changing to the system you really want once you've gotten the hang of it.
[05:52:02] <NorrinRadd> the postfix sections i've read have been understandable. got me this far. will see how this goes
[05:54:39] <pj> anyways, I have to run out, will bbl.
[06:12:36] *** cilly has quit IRC
[06:14:07] *** cilly has joined #postfix
[06:17:05] *** danblack has quit IRC
[06:26:01] *** m1chael has quit IRC
[06:28:04] *** danblack has joined #postfix
[06:35:35] *** m1nish has quit IRC
[06:51:32] *** krzee has joined #postfix
[06:51:32] *** krzee has joined #postfix
[06:57:23] *** Natureshadow has quit IRC
[07:09:25] *** BuenGenio has quit IRC
[07:15:34] *** Soehnke has joined #postfix
[07:29:49] *** gerhard7 has joined #postfix
[07:33:49] *** wdp has joined #postfix
[07:33:49] *** wdp has joined #postfix
[07:41:35] *** danblack has quit IRC
[07:57:39] *** RadoQ has quit IRC
[08:00:27] *** zorg1 has joined #postfix
[08:07:37] *** sphenxes has joined #postfix
[08:12:14] *** danblack has joined #postfix
[08:16:30] *** snearch has joined #postfix
[08:26:09] *** zorg1 has quit IRC
[08:27:40] *** zorg1 has joined #postfix
[08:32:25] *** snearch has quit IRC
[08:32:39] *** snearch has joined #postfix
[08:34:39] *** snearch has quit IRC
[08:34:50] *** snearch has joined #postfix
[08:37:59] *** Motoko has quit IRC
[08:47:23] *** e-ndy has joined #postfix
[09:07:02] *** e-anima has joined #postfix
[09:13:24] *** breaker313 has joined #postfix
[09:47:49] *** seekwill has joined #postfix
[09:49:01] *** Natureshadow has joined #postfix
[09:56:44] *** tjikkun_work has joined #postfix
[09:57:32] <Corey> rob0: Here's a fun one for you. http://pastebin.com/A2tiPKM6 Debsums shows everything is hunky-dory.
[10:04:07] <seekwill> It's 1AM
[10:04:45] *** jarr0dsz has joined #postfix
[10:07:36] <Corey> Yes.
[10:08:26] *** Natureshadow has quit IRC
[10:08:39] *** m1nish has joined #postfix
[10:11:05] <seekwill> Corey: What are your thoughts about Disneyland on the March 31st?
[10:12:06] <seekwill> Actually
[10:12:10] <seekwill> Let's talk tomorrow
[10:12:43] <Corey> k.
[10:12:46] <Corey> Found the issue.
[10:12:49] <Corey> Hosed loopback
[10:13:29] *** BuenGenio has joined #postfix
[10:14:49] *** 18VAARHUC has joined #postfix
[10:14:49] *** GieltjE has joined #postfix
[10:14:50] *** 18VAARHUC has quit IRC
[10:14:55] *** GieltjE has quit IRC
[10:22:21] *** Gatto has joined #postfix
[10:30:26] *** bezourox has quit IRC
[10:36:28] *** bezourox has joined #postfix
[10:43:47] *** Niemi has quit IRC
[10:46:33] *** Niemi has joined #postfix
[10:52:05] *** abramart has quit IRC
[10:52:13] *** abramart has joined #postfix
[10:54:41] *** krzee has quit IRC
[10:56:53] *** tools has left #postfix
[11:09:53] *** sinedeviance has joined #postfix
[11:17:47] *** Steve_The_Pirate has joined #postfix
[11:22:21] *** sacredchao has quit IRC
[11:22:42] *** sacredchao has joined #postfix
[11:23:22] *** xinming has joined #postfix
[11:24:34] <xinming> Just curious anyone here uses getmail with gmail, How do I fetch emails from gmail with sub folders rather than INDEX? I tried to add "[Gmail]/my_label_name" to fetch those emails, but failed, Any clue on this?
[11:24:54] *** sinedeviance has quit IRC
[11:30:20] <xinming> Just curious anyone here uses getmail with gmail, How do I fetch emails from gmail with sub folders rather than INDEX? I tried to add "[Gmail]/my_label_name" to fetch those emails, but failed, Any clue on this?
[11:30:49] <xinming> (Sorry if repeated, Since I thought that #postfix doesn't allow guest to send message to channel.)
[11:32:45] <atossava> xinming: and getmail is which part of postfix?
[11:35:06] <xinming> atossava: Nope, But I really couldn't find another professional channel to ask mail related questions. :-)
[11:35:45] <xinming> Well, Since people here suggested me getmail, and found #getmail empty
[11:48:31] <atossava> you could ask about MS Exchange too while you're at it and people here still wouldn't know
[11:50:46] *** Timmooo is now known as Timzzzz
[11:50:53] *** aindilis` has joined #postfix
[11:51:06] *** aindilis2 has quit IRC
[11:55:55] <xinming> atossava: hmm, Ok, I won't ask again.
[12:01:49] *** xinming has quit IRC
[12:03:34] *** Gatto has quit IRC
[12:07:15] *** Cristian has joined #postfix
[12:07:28] *** xinming has joined #postfix
[12:22:26] <sysmonk> atossava: i know something about exchange!!! :)
[12:22:42] <sysmonk> btw, have you guys read that bullshit from MS about how cool hotmail is and how much spam it catches?
[12:23:04] <_ruben> s/catches/sends/ ?
[12:23:10] <sysmonk> i'd like to see how much HAM it marks as spam hehe :)
[12:23:20] <_ruben> heh, that too
[12:23:20] <sysmonk> _ruben: well, they don't mention _those_ stats :)
[12:27:45] *** Zesturian has joined #postfix
[12:27:50] *** xxzz has quit IRC
[12:29:19] *** Natureshadow has joined #postfix
[12:30:32] <Zesturian> Hello.
[12:36:12] <Zesturian> We have a disposable inbox system which redirects all mail to a catchall address which then puts the mail into a db through a script, that all works perfectly however I want to bounce non existant emails back, but the bounce actually exposes the catchall, how can I modify it, so it just says that the email account no longer exists and not have the actual mail server response in that bounce email please?
[12:36:27] *** npmapn has joined #postfix
[12:42:32] <sysmonk> Zesturian: do you still want to put the email in database?
[12:42:35] <sysmonk> or just reject it?
[12:44:33] <Zesturian> sys, oh it just exits within the script so at the moment, silently rejects it
[12:45:13] <sysmonk> how do you WANT it to work
[12:45:33] <sysmonk> and i'm not sys, i'm sysmonk :)
[12:45:38] <sysmonk> learn to use your tab :P
[12:47:53] *** bezourox has quit IRC
[12:48:39] *** bezourox has joined #postfix
[12:51:04] <Zesturian> sysmonk, sorry :-p - Basically I want it to bounce and say user not known if the user doesn't exist but preferably using postfix to do so (returning the right sys code does bounce it but the bounce email exposes the catchall address)
[12:57:59] <sysmonk> you did not answer my question
[12:58:07] <sysmonk> read it again :)
[13:03:24] <Zesturian> Hmm sysmonk, not sure which bit I didn't answer, but basically it rejects it, doesn't add to db and sends the appropriate bounce (exiting with syscode 67)
[13:03:25] <_ruben> why bounce in the first place, just fix your system and just reject the mails
[13:03:44] <Zesturian> _ruben, it does bounce but we need to let the people know the email address has expired
[13:03:45] <sysmonk> Zesturian: my first question was:
[13:03:48] <sysmonk> 02-16 13:42:32 < sysmonk> Zesturian: do you still want to put the email in database?
[13:04:13] <_ruben> Zesturian: you don't want to send bounces at all, you want to reject the mail
[13:04:17] <Zesturian> sysmonk, oh right no, it just exits prior to any database table insertion, that all works perfectly.
[13:04:20] <_ruben> !backscatter
[13:04:20] <knoba> _ruben: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.
[13:04:28] <sysmonk> Zesturian: then reject it, not bounce it
[13:04:41] <sysmonk> bounces are evil, see the link :)
[13:04:56] <Zesturian> thanks sysmonk and _ruben, reading now
[13:06:03] *** jkfod has joined #postfix
[13:07:16] *** snearch has quit IRC
[13:27:12] *** jfried has quit IRC
[13:28:18] *** cite has quit IRC
[13:28:22] *** cite has joined #postfix
[13:28:26] *** youknowho has quit IRC
[13:29:03] *** jfried has joined #postfix
[13:29:03] *** youknowho has joined #postfix
[13:41:24] <Zesturian> Got it properly rejecting now thanks :)
[13:44:55] <sysmonk> congrats
[13:52:30] *** bezourox has quit IRC
[13:53:35] *** bezourox has joined #postfix
[14:12:29] *** danblack has quit IRC
[14:18:35] *** Vollstrecker_ has joined #postfix
[14:25:06] <Vollstrecker_> Hey guys, got a little problem sending mails from php-script over sendmail. I use sender_dependent_relayhost_maps to get the right route, sendmail is called without any params (at least it should be, didn't show up in the logs). first log-entry is from pickup 3B7D4F3418F: uid=33 from=<www-data>. It seems that this is preventing the right lookup of the relayhost. How can I change this?
[14:29:52] *** xinming has left #postfix
[14:31:16] <Vollstrecker_> I now put a script in between. sendmail gets called with "-t -i" so nothing that influences the sender.
[14:31:24] <patdk-wk> Vollstrecker_, properly configure your php application :)
[14:32:03] <Vollstrecker_> You mean the interpreter, or the script?
[14:32:05] * patdk-wk notes, from=<www-data> is hardly a valid email address, dunno why you expected it to work
[14:32:44] <Vollstrecker_> I don't expect it to work, I want to get rid of it. It's the uid of the user that sends the mail. From is set in the mail correctly.
[14:33:09] <Vollstrecker_> k, 33 is the uid, www-data is the username
[14:33:17] <patdk-wk> well, can't really help you, that is your php/php-application issue
[14:34:10] <Vollstrecker_> If postfix checks the envelope-from instead of From:, it's a postfix issue.
[14:34:30] <patdk-wk> now that is just plain stupid
[14:34:37] <patdk-wk> and shows you have no fucking idea how email works
[14:36:51] <rob0> patdk-wk, while there is truth in what you say, you could have said it in a more reasonable way. Thanks for cooperating. :)
[14:37:22] <rob0> Voll, "man sendmail" and adjust your sendmail command to suit.
[14:37:28] <patdk-wk> but it's like talking to a brick wall (or my wife)
[14:38:02] <rob0> IIRC the option you might want is -r
[14:38:27] <rob0> you can also tell it to take the sender from the From: header
[14:41:07] <lunaphyte_> !tell Vollstrecker_ nullclient
[14:41:08] <knoba> Vollstrecker_: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.
[14:42:25] *** Natureshadow has quit IRC
[14:42:48] <Vollstrecker_> In the manpage I don't see any option to tell him to take the sender from From:, but in ENVIRONMENT-section after NAME it tells me that this one is used only if no From: is found, so for me it reads as From: is default.
[14:43:55] <Vollstrecker_> lunaphyte_: This server is no nullclient, there is a network behind it that needs a server.
[14:44:48] <lunaphyte_> ah. a deviation from the norm.
[14:44:49] <rob0> oh hmm, you're right, should have been -t
[14:44:54] <wdp> hey
[14:44:55] <wdp> ho
[14:45:05] <rob0> this puts you in the !welcome class
[14:45:17] <rob0> !tell Vollstrecker_ welcome
[14:45:17] <knoba> Vollstrecker_: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.
[14:46:21] <Vollstrecker_> patdk-wk: your answer is just plain stupid and shows that you have no fucking idea how to help anyone.
[14:46:35] <rob0> Vollstrecker_, there is no need for that.
[14:47:09] *** snearch has joined #postfix
[14:47:18] <Vollstrecker_> There has been no need for that. I just answer. I don't like people that forgot how they started.
[14:47:39] <patdk-wk> I don't forget how I started
[14:47:51] <patdk-wk> but I never assumed postfix was broken, cause it used envolope from
[14:48:07] <patdk-wk> maybe going back to the starting point and reading rfc822 would help
[14:48:09] <patdk-wk> that is where I started
[14:48:16] <patdk-wk> and I guess that is where you should start then
[14:48:38] <Vollstrecker_> Nope, -t is recipient, I need him to forget about the local user that sent the mail and use the From: instead.
[14:48:42] *** zimmi has joined #postfix
[14:48:47] <zimmi> hi
[14:48:58] <rob0> oh yes. So I was right, it is -r
[14:49:13] <zimmi> how I can redirect mail to the local root account via SMTP and change the sender e-mail
[14:50:22] <patdk-wk> ya, looks like postfix does both -f and -r, and real sendmail uses -f
[14:50:51] <Vollstrecker_> patdk-wk: I never said it is broken, I just said that it's an issue. It does what it thinks it's right, and I need to tell him what I want him to do.
[14:51:28] <patdk-wk> <Vollstrecker_> If postfix checks the envelope-from instead of From:, it's a postfix issue.
[14:51:38] <patdk-wk> that is a totally invalid statement
[14:52:53] <Vollstrecker_> rob0: So there's no way to just tell him somewhere to use From: for relayhost lookup or something?
[14:55:05] <Vollstrecker_> Or an option to let him set envelope-from = from: by default instead of the local-username?
[14:57:50] <Vollstrecker_> I wouldn't like to add args in the script that might not be respected by other systems, and I don't want to adjust the webserver- or php-config to get that script runnning, as it's intended to work on other systems where this files might be not accessible.
[14:57:54] *** m1chael has joined #postfix
[14:58:45] <Vollstrecker_> Are aliases for recipienbts only, or could it work that way?
[14:59:08] <rob0> !rewriting
[14:59:08] <knoba> rob0: "rewriting" : See http://www.postfix.org/ADDRESS_REWRITING_README.html for a discussion of address rewriting features in Postfix.
[14:59:15] <rob0> !generic
[14:59:15] <knoba> rob0: "generic" : generic(5) table specifies an address mapping that applies when mail is delivered. This is the opposite of canonical(5) mapping, which applies when mail is received. See http://www.postfix.org/generic.5.html
[14:59:18] <zimmi> any hints?
[14:59:25] <rob0> !canonical
[14:59:25] <knoba> rob0: Error: "canonical" is not a valid command.
[15:02:05] <zimmi> rob0: are those hints for me?
[15:02:14] *** m1chael has quit IRC
[15:02:39] *** volga629 has joined #postfix
[15:04:19] <volga629> I am trying make postfix delivery only on local machine for multiply domain
[15:05:24] <volga629> I have setup virtual and with one domain it working with transport error delivery local only, but if I am add second domain it trying go out
[15:06:00] <rob0> zimmi, no, or maybe. Your question was vague.
[15:06:18] <rob0> !tell zimmi welcome
[15:06:18] <knoba> zimmi: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.
[15:06:22] <rob0> !tell zimmi goal
[15:06:22] <knoba> zimmi: "goal" : describe your goal, not what you think the solution is
[15:13:02] <volga629> http://fpaste.org/aEYF/
[15:16:29] *** Tyklol is now known as Tykling
[15:17:21] <rob0> !tell volga629 catchall
[15:17:21] <knoba> volga629: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.
[15:17:39] <rob0> see that last part ... BAD idea.
[15:21:54] <volga629> this box is non internet connection only inside
[15:24:09] <rob0> !backhole
[15:24:09] <knoba> rob0: Error: "backhole" is not a valid command.
[15:24:12] <rob0> !blackhole
[15:24:12] <knoba> rob0: "blackhole" : http://archives.neohapsis.com/archives/postfix/2010-04/0168.html
[15:26:30] *** mi has joined #postfix
[15:28:23] <zimmi> I wanna redirect all mails which come from the local system and goes to root@localhost
[15:29:01] <zimmi> and they should go via an external smtp and for that I need to rewrite the sender to a specific address
[15:34:43] <volga629> luser_relay how need specify whole doamin name
[15:34:50] <volga629> domain ?
[15:36:18] *** Vollstrecker_ has left #postfix
[15:37:11] <lunaphyte_> backhole is something different
[15:37:21] *** bezourox has quit IRC
[15:38:07] *** RadoQ has joined #postfix
[15:38:23] *** bezourox has joined #postfix
[15:49:41] *** JoKoT3 has quit IRC
[15:49:48] *** JoKoT3 has joined #postfix
[15:57:29] <zimmi> rob0: better?
[16:00:13] <volga629> thank you everybody it resolved
[16:05:28] *** zimmi has left #postfix
[16:10:37] *** snearch has quit IRC
[16:11:55] *** stope has joined #postfix
[16:17:30] *** nowthatsamatt has joined #postfix
[16:17:36] *** nowthatsamatt has left #postfix
[16:20:37] *** UQlev has joined #postfix
[16:31:15] *** Soehnke has quit IRC
[16:40:59] *** bezourox has quit IRC
[16:42:48] *** bezourox has joined #postfix
[16:44:23] <stope> I'm struggling with this error: SMTPAddressFailedException: 554 5.7.1 <jonesrtp at hotmail dot com>: Relay access denied
[16:44:30] <stope> main.cf is at: http://pastebin.com/0m8dnjJh
[16:44:56] <stope> postfix 2.7
[16:46:11] <stope> I have a web app where I'm trying to send out an email on the same server to some destination email address
[16:46:44] <lunaphyte_> just the data as directed by the channel /topic, please.
[16:47:26] *** mi has quit IRC
[16:52:04] *** UQlev has quit IRC
[16:57:53] *** e-ndy has quit IRC
[16:59:21] *** nowthatsamatt_ has joined #postfix
[16:59:36] <stope> postconf -n has been posted: http://pastebin.com/eeGawx4W
[17:00:14] *** nowthatsamatt_ is now known as nowthatsamatt
[17:01:04] <Dominian> stope: still need to see the relevant logs
[17:05:40] <lunaphyte_> logs are first.
[17:07:22] <Dominian> I don't see logs anywhere
[17:08:39] <lunaphyte_> oh, no, i was agreeing with you
[17:12:24] <Cristian> Hi guys, I've been trying for the past 2 days to set up postfix + dovecot + virtual users/domains.
[17:12:47] <Cristian> I have no problem receiving the email (using imap) but the problem is with the sending process.
[17:13:10] <Cristian> Here is the log: http://fpaste.org/GPtV/
[17:13:22] <Cristian> Should I also post the postconf -n ?
[17:13:35] <Cristian> smtpd.conf sasl config?
[17:13:50] *** mambaw has joined #postfix
[17:14:05] <Dominian> gah
[17:14:09] <Dominian> Cristian: turn off all that debugging..
[17:14:10] <Dominian> holy crap
[17:14:28] <Dominian> smtpd.conf ...?
[17:14:33] <Dominian> you said you're using dovecot right?
[17:14:37] <Cristian> Yes.
[17:14:38] <Dominian> that sounds more like courier
[17:15:17] <Cristian> No, dropped courier went to dovecot. Ok, will set a lower level of debug and repaste.
[17:16:22] <lunaphyte_> also, to be pedantic - imap is not for receiving email. smtp is for receiving email. imap is for *retrieving* email.
[17:16:39] <lunaphyte_> smtpd.conf is likely cyrus
[17:17:36] <rob0> !tell stope relay_denied
[17:17:36] <knoba> stope: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[17:17:40] <rob0> !tell stope basic
[17:17:40] <knoba> stope: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[17:18:02] <rob0> stope, ^^ #relay_from anchor in !basic
[17:20:37] <Cristian> http://fpaste.org/SaHn/ and the conf is http://fpaste.org/414v/
[17:21:37] <lunaphyte_> Cristian: turn off the debugging, and provide the data as instructed by the channel /topic
[17:22:29] <rob0> yikes. Anyway, the answer is at the end of all the useless debug junk: Password verification failed
[17:23:02] <rob0> Rather than focus on making pastebins, you should read:
[17:23:05] <rob0> !sasl
[17:23:05] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[17:23:25] <rob0> about setting up Dovecot SASL. See also the Dovecot wiki/wiki2.
[17:23:56] <Cristian> 10x rob0 will be checking wiki2 again and will repaste the logs without debugging.
[17:24:36] <rob0> The part of !sasl about setting up Dovecot SASL is relatively short and simple.
[17:27:49] *** morphje has joined #postfix
[17:32:05] *** breaker313 has quit IRC
[17:38:07] *** tjikkun_work has quit IRC
[17:39:45] <Cristian> great! thank you very much rob0 and Dominian
[17:40:12] <Cristian> It proved to be wrong permisions in dovecot config on private/auth
[17:40:44] <Cristian> One more issue, email is sent, but there is no Sent directory. And it remains to "copying mail to sent folder" or something like this.
[17:40:52] <Cristian> I guess it has something to do with namespaces.
[17:42:49] *** heeen has joined #postfix
[17:44:13] *** fubhy has joined #postfix
[17:44:21] <rob0> "Sent directory"?
[17:44:51] <Cristian> Yes, sent folder, sorry.
[17:45:08] <rob0> An IMAP "sent folder" is strictly between the MUA and the imapd.
[17:45:41] <Cristian> At least this is what Thunderbird is reporting. Copying message to Sent folder...
[17:45:42] <rob0> and the imapd is likely to call it ".Sent/" on the filesystem level.
[17:46:50] <heeen> I use postfix with dovecot for auth, I seem to be able to auth, but I get relay access denied, what gives?
[17:47:34] <rob0> !relay_denied
[17:47:34] <knoba> rob0: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).
[17:48:37] <heeen> rcpt is not in virtual_domains but I did auth
[17:48:52] <heeen> 2012-02-16 17:44:23 imap-login: Info: Login: user=<heeen at endboss dot org>, method=PLAIN, rip=, lip=, TLS
[17:49:03] <heeen> ooh
[17:49:04] <heeen> imap
[17:49:06] <heeen> ff
[17:49:13] <rob0> imap
[17:49:24] *** quebre has joined #postfix
[17:49:25] <quebre> hi
[17:49:27] <heeen> but it seemed to accept my password when sending
[17:49:35] <quebre> i'm getting this error: 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command)
[17:49:39] <quebre> how can i fix that ?
[17:49:46] <heeen> how can I turn on auth debug logging
[17:49:54] <quebre> i've set the smtpd_tls_auth_only = no
[17:50:02] <quebre> but still getting the error
[17:50:16] <heeen> smtpd_sasl_auth_enable = yes
[17:50:23] <heeen> smtpd_sasl_path = private/auth
[17:50:30] <heeen> smtpd_sasl_type = dovecot
[17:50:37] <heeen> this stuff should work, right?
[17:51:01] <heeen> quebre: smtpd_tls_security_level=may
[17:51:10] <quebre> ok let me try
[17:52:29] <quebre> hmm
[17:52:32] <quebre> seems it's working now ;)
[17:53:09] <heeen> can I test the sasl setup locally somehow? like with postmap -q
[17:53:35] <quebre> heeen: use testsaslauthd program
[17:53:36] <quebre> ;)
[17:56:09] <rob0> testsaslauthd is a Cyrus SASL thing. Probably won't interoperate with Dovecot SASL.
[17:56:32] <heeen> can I get some more log output about what it is doing
[17:56:35] <rob0> And debug logging is almost never necessary.
[17:57:12] <rob0> Perhaps the client did not attempt to AUTH.
[17:57:59] <kreign> is there any incentive to use SASL now that we've got a fairly mature SSL/TLS implementation in pretty much everything?
[17:58:10] <kreign> maybe that's me not understanding SASL's utility.
[17:58:32] <rob0> Do you know of any MUA which supports authentication via SSL certificates?
[17:58:56] <jimpop> gmail, hotmail, yahoo
[17:58:59] <jimpop> ....
[17:59:01] <jimpop> ;-)
[17:59:06] *** ZoB has quit IRC
[17:59:07] *** JPT has quit IRC
[17:59:40] *** ZoB has joined #postfix
[18:00:05] <heeen> kreign: to authenticate who may relay mail?
[18:00:59] <kreign> ah
[18:01:05] <kreign> I apparently don't understand, then. ;)
[18:01:40] <heeen> well anyone can use encryption
[18:01:44] *** JPT_ has joined #postfix
[18:01:59] <rob0> Postfix supports authentication via SSL certificates, but AFAIK no MUA does.
[18:02:23] <thumbs> client-side certificate authentication is a PITA in any context :)
[18:04:40] <sysmonk> i think i saw some MUA doing it
[18:04:45] <sysmonk> but i don't remember which one
[18:04:50] <quebre> nah, you was drunk
[18:05:07] <kreign> quebre, there's no need for drunkenness to be an exception. :)
[18:05:09] <rob0> sysmonk, drunk as a skunk
[18:05:15] <quebre> ;>
[18:05:19] *** netman86 has joined #postfix
[18:05:32] <sysmonk> rob0: what the hell? do you have a camera somewhere in my house?!
[18:05:59] <kreign> I would suggest that the number of 'alcoholics' here is somewhat higher than the general populace, nevermind the general employed populace...
[18:05:59] <rob0> you just now figured that out?
[18:06:10] <netman86> I've got a mail server that I'm getting ready to replace. Best I can tell, its a barebones fedore system running postfix and some other services. I dont see any sort of web interfaces running- so there is no webmail or web management. How do I manage users at the CLI?
[18:06:31] <kreign> netman86, heh
[18:06:37] <kreign> netman86, you've got a long uphill battle to fight
[18:06:57] <rob0> netman86, probably a case for #fedora, otherwise kreign is quite right
[18:06:57] <netman86> I've noticed. All I really need to do is get a list of mailboxes and sizes.
[18:06:58] *** JPT_ is now known as JPT
[18:06:59] <kreign> netman86, what kind of users? NIS, LDAP, system, or some other directory?
[18:07:21] <kreign> netman86, ok, what are you using for mail storage?
[18:07:27] *** volga629 has quit IRC
[18:08:11] <sysmonk> rob0: ;( can you dump me a few videos from last weekend? had a few girls staying at my place
[18:08:17] <netman86> both of the mail servers have a "/data" mount that goes to an NFS box. On there I see files like "server1.cf" and "imap.server1"
[18:08:21] <sysmonk> wouldn't mind to watch them ...
[18:08:27] <rob0> sysmonk, they were HOT
[18:08:42] <netman86> looks like the imap.server files have lists of email addresses in them...
[18:09:28] <kreign> netman86, oh ye gods, you've got a "creative" setup.
[18:09:45] <netman86> Oh, yes.
[18:09:52] <netman86> The guy who made this is one of those guys.
[18:09:56] <kreign> netman86, let me ask the question again, slightly differently: which IMAP server are you running?
[18:09:57] <rob0> there's no way to know, not really much to guess about
[18:10:19] *** steelnwool has joined #postfix
[18:10:30] <netman86> is courier-imap an appropriate answer?
[18:10:42] <kreign> yeah.
[18:10:52] <kreign> ok, so what do you want to do with the mail?
[18:10:54] <rob0> First thing you will need is a good understanding of your OS and how it does things. Next, an understanding about mail.
[18:11:03] <steelnwool> Hi, i'm getting a warning about invalid regexp in header checks file. with a regexp that i thought previously was fine.
[18:11:07] <kreign> netman86, what are you migrating to?
[18:11:20] <netman86> Well, I'm trying to decide if I want to build a new mail server and move these users mail, or just build a new one and tell everyone to move it themselves.
[18:11:25] <steelnwool> here is the regexp : /^To: .+\@(?!terida)/ REDIRECT devteam at terida dot com
[18:11:27] <netman86> We're probably moving to a Zimbra server
[18:11:36] <netman86> since I know how to build/use those.
[18:12:14] <kreign> netman86, well, you're in luck, sorta. Courier uses Maildir, which is the same format that Thunderbird uses, but also the same format that Dovecot (can) use.
[18:12:23] <netman86> if I can figure out basic user management I could almost just export a user list, reset everyones passwords, and do a pop connect from the new server to move all the mail
[18:12:32] <rob0> steelnwool, first thing is, it's dangerous and usually wrong to try to route mail by means of headers.
[18:12:45] <kreign> netman86, zimbra uses dovecot, but it defaults to a different mail store type, IIRC.
[18:12:50] <netman86> ah, I did see something about Maildir in a config. It implied the mail was stored in /home/username/Maildir
[18:13:21] <kreign> netman86, your easiest transition will be to just stick with Maildir and avoid the headache of conversion, if you've got much mail.
[18:13:31] <steelnwool> rob0: it probably is, but at the time i was trying to accomplish this, it was the only way i could find. my goal is to take any mail addresses to people that ARE NOT in terida, to go to a specific address. its a development machine and we never want mail to reach 'real people'
[18:13:38] <netman86> It's not much- I think this whole system is for under a hundred users.
[18:13:43] <rob0> Second thing is, ... oh.
[18:13:51] <netman86> the /data mount is 89 gigs, though.
[18:14:03] <netman86> I just cant figure out why.
[18:14:08] <heeen> hmm i can auth if I use openssl on the commandline and enter AUTH PLAIN etc...
[18:14:09] <rob0> Always best to start with the goal.
[18:14:10] *** Cristian has quit IRC
[18:14:28] <netman86> the goal is to throw these servers away, and still have the mail work for these users.
[18:14:36] <thumbs> GOAL!!!!
[18:14:47] <thumbs> (sorry, was watching futball)
[18:14:50] <netman86> hehe.
[18:14:55] <rob0> !tell steelnwool blackhole
[18:14:56] <knoba> steelnwool: "blackhole" : http://archives.neohapsis.com/archives/postfix/2010-04/0168.html
[18:15:08] <netman86> So basically I'm going with building a Zimbra server, setting up all the users that are set up on here onto there
[18:15:23] <netman86> and then moving their mail if its convenient
[18:15:39] <netman86> Since theres no webmail, all these users basically pop or imap in as it is
[18:15:45] <steelnwool> rob0 : at this particular instant, i'm more concerned with just fixing my regex and moving on with my day. the solution does work, even if its not ideal
[18:16:10] *** morphje has quit IRC
[18:16:38] <kreign> netman86, 'throw the servers away'?
[18:16:42] <heeen> bah
[18:16:52] <netman86> kreign- they were used in 2006.
[18:16:59] <heeen> after I do RCPT TO I get RENEGOTIATING
[18:17:01] <kreign> netman86, are you using LDAP or NIS, or are the users all local?
[18:17:16] <netman86> I wish I knew. Theres no LDAP server that I know of in this system
[18:17:17] *** sinedeviance has joined #postfix
[18:17:29] <sinedeviance> hi all
[18:17:38] <netman86> the users don't exist in /etc/passwd, so they're not system local
[18:17:53] <steelnwool> rob0 : also, i don't want to catch all. only those addressed to people that are not at my company.
[18:17:57] <netman86> there IS a sql server, but I dont know what's using it
[18:17:59] <sinedeviance> hi all
[18:18:04] *** ced117 has joined #postfix
[18:18:05] <sinedeviance> er, i already said that. whoops.
[18:18:46] <sinedeviance> okay, so i've got postfix, dovecot, sasl/TLS, all working nicely together running Maildir
[18:19:28] <sinedeviance> the problem is that i really need a webmail interface like horde or (preferably) something simple like squirrel
[18:19:36] <heeen> okay - after I am authed I still get relay access denied
[18:19:57] <heeen> is it possible to find out the reason?
[18:19:59] <sinedeviance> i have a mysql server running already. what exactly would i need to do to change to mysql? let me get my configs pastebinned for you
[18:20:24] <sinedeviance> oh, OR, is it possible to use squirrel with Maildir config?
[18:20:28] <heeen> smtpd_recipient_restrictions = permit_mynetworks reject_rbl_client dnsbl.sorbs.net reject_rbl_client bl.spamcop.net reject_rbl_client zen.spamhaus.org reject_rbl_client dnsbl-1.uceprotect.net reject_unauth_destination permit_sasl_authenticated
[18:20:43] <rob0> sinedeviance, um, how is any of that relevant? Read the documentation for your chosen webmail, install it.
[18:20:49] <heeen> does the order matter in this parameter?
[18:21:09] <netman86> so what I've learned is that the mailboxes are stored in "maildir" format on this nfs device
[18:21:15] <sinedeviance> rob0: the documentation for those doesn't cover the email server. only the webmail.
[18:21:25] <rob0> A webmail client is simply an IMAP client, it does not care about the underlying storage ... IMAP does.
[18:21:52] <sinedeviance> rob0: interesting. okay, thanks.
[18:22:00] <rob0> Most of them will use sendmail(1) submission, and that is the only involvement with the MTA.
[18:22:13] *** mambaw has quit IRC
[18:22:16] *** greg_b has joined #postfix
[18:22:22] <rob0> !tell heeen sasl
[18:22:22] <knoba> heeen: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.
[18:22:26] <rob0> !tell heeen access
[18:22:26] <knoba> heeen: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.
[18:22:38] <rob0> heeen, of course the order matters.
[18:23:05] <rob0> The SASL_README tells you exactly how to set it up.
[18:24:01] *** greg_b is now known as gregb
[18:24:10] <sinedeviance> rob0: okay, i think i'll be able to get sorted now. see, i was confused about webmail clients being 'just' imap clients and not servers themselves.
[18:24:34] <heeen> so ist it permits first, then denies?
[18:24:35] <kreign> netman86, it's pretty easy to check. /etc/nsswitch.conf should give an indication but grep ldap * in the postfix config dir should also help.
[18:25:29] <gregb> hi guys, I just have a quick question, is there any sort of documentation on setting up an invisible mail gateway/firewall (invisible is the key, I can't have it adding headers or looking like it came from the gateway)?
[18:25:42] <sinedeviance> as a side note, is there any drawback to using a Maildir setup as opposed to MBOX archives?
[18:25:49] <lunaphyte_> no
[18:26:02] <sinedeviance> okay, thanks
[18:26:04] <rob0> s/no/maybe/ :)
[18:26:08] <lunaphyte_> poo
[18:26:18] <rob0> but in most cases no
[18:26:20] <sinedeviance> rob0: so it's a item of much discussion then? :)
[18:26:24] <rob0> no
[18:26:25] <lunaphyte_> all things being equal, no.
[18:26:33] <netman86> kreign - I grepped every .cf in /etc/postfix for ldap and came up empty. the nsswitch.conf basically has "files" set for every option
[18:26:46] <rob0> Big mailboxes are probably slower in maildir
[18:27:03] <sinedeviance> rob0: please define big. we talking 250 emails or thousands?
[18:27:03] <rob0> small mailboxes, does not matter
[18:27:07] <lunaphyte_> netman86: what are you looking for?
[18:27:22] <gregb> thousands? Good lord, that's a low figure.
[18:27:24] <rob0> not possible to quantify exactly.
[18:27:24] <kreign> netman86, getent shadow or getent passwd as root will tell you the enumerated users on the -system- (not necessarily postfix/courier but on rhel based stuff it's most likely the same)
[18:27:31] <netman86> lunaphyte- Right now, I want to know how to pull a list of every user this email server accepts mail for.
[18:27:45] <lunaphyte_> did you pastebin postconf -n?
[18:27:48] <sinedeviance> gregb: okay. well this email server is for my company. it's just me and one other person right now.
[18:27:59] <gregb> too small to worry about.
[18:27:59] <sinedeviance> we were using citadel suite before but had lots of problems
[18:28:16] <kreign> netman86, you'd also look for slapd or ypbind/ypserve running somewhere to tell if ldap/nis is running
[18:28:18] <sinedeviance> i needed something faster, lighter, more secure.
[18:28:20] <gregb> when you touch hundreds of thousands, or are hosting a mailing list, or have mails that exceed gigs
[18:28:24] <gregb> then you would worry
[18:28:29] <kreign> netman86, of course, users are typically enumerated locally from /etc/passwd
[18:28:43] <sinedeviance> gregb: okay, perfect. thank you! i doubt we'll be anywhere near that in the next decade :D
[18:29:11] <rob0> kreign, if you want to cut out part of the guessing game, ask for a pastebin as per /topic :)
[18:29:17] <netman86> kreign- I did check there, and didn't see any users. This system was built to handle users with all sorts of domains, if that means anything to you
[18:29:32] <lunaphyte_> netman86: did you pastebin postconf -n?
[18:29:39] <kreign> rob0, true.
[18:29:56] <kreign> heh
[18:29:58] <netman86> lunaphyte- no, postconf doesnt appear to be a command. I'm trying to get in as root to try again.
[18:30:09] <kreign> netman86, pastebin your postconf :P
[18:30:20] <kreign> netman86, you'll have to be root.
[18:30:25] <gregb> netman, make sure path has the sbin directories in it.
[18:30:26] <rob0> usually "/usr/sbin/postconf -n" as non-root
[18:30:30] <kreign> rob0, going to bet he's using mysql at this point. ;)
[18:30:39] <lunaphyte_> um, no, you do not have to be root
[18:31:12] <kreign> erm. yeah. *hides in embarassment*
[18:31:36] <gregb> netman86 make sure /usr/sbin is in PATH; do a simple echo $PATH to verify
[18:31:54] <gregb> if not there, run export PATH=$PATH:/sbin:/usr/sbin
[18:32:10] <gregb> then try postconf
[18:32:22] <rob0> netman86, gtg, work to do, but if you want to hire someone to do this, see http://rob0.nodns4.us/
[18:32:22] <lunaphyte_> whereis postconf, locate postconf, find / -iname '*postconf*' ...
[18:33:35] <netman86> kreign / lunaphyte http://pastebin.com/PPLD1APA
[18:35:28] <gregb> Does anyone have experience setting up postfix as a mail gateway/firewall that is invisible?
[18:35:29] <lunaphyte_> so there's some data in mysql, and some data in traditional unix databases
[18:36:19] <kreign> netman86, local_recipient_maps = unix:passwd.byname $alias_maps
[18:36:38] <netman86> da?
[18:36:47] <rob0> gregb, "invisible" as you described it will not be easy. Even if you remove your own headers, the receiving end will add their own.
[18:37:11] <netman86> I dont follow what that's implying.
[18:37:12] <lunaphyte_> actually, since mydestination is empty, then only data in mysql matters
[18:37:21] <gregb> yeah, I was thinking that would be a problem, I'm sort of thinking about masking the ip to match the source ip.
[18:37:29] <lunaphyte_> netman86: you don't need to worry about it.
[18:37:32] <rob0> yikes.
[18:37:45] *** Steve_The_Pirate has quit IRC
[18:37:45] <gregb> yeah, just trying to think through the problem.
[18:37:55] <rob0> see the XCLIENT_README
[18:38:01] <gregb> I don'like doing that.
[18:38:03] <gregb> me?
[18:38:04] <netman86> So mysql has all the accounts?
[18:38:16] <kreign> netman86, it's possible that user enumeration is all in the mysql_relay_domains_maps.cf in plain text, even.
[18:38:29] <rob0> and pay attention to the problems it addresses. If those are what you are trying to solve, yes, it is for you.
[18:38:30] *** Steve_The_Pirate has joined #postfix
[18:38:31] <kreign> so you'd not necessarily have to deal with passwords.
[18:38:43] <lunaphyte_> netman86: see the tables referenced in the various mysql cf files
[18:38:46] <rob0> !xclient
[18:38:47] <knoba> rob0: Error: "xclient" is not a valid command.
[18:38:49] <kreign> rather, changing them. I don't recall which 'master' user options courier has.
[18:39:05] <netman86> they're not, but that file appears to have a SQL query.
[18:39:15] *** p3rror has quit IRC
[18:39:16] <netman86> I'll go through those.
[18:39:22] <kreign> netman86, fwiw imapsync works fairly well nowadays, as do the imap_tools, for migrations.
[18:39:31] <kreign> netman86, right, the query would enumerate users.
[18:39:54] *** DPP has left #postfix
[18:41:27] <netman86> gotcha. I'll get into the DB and look at the tables.
[18:41:44] <gregb> yeah that won't work.
[18:41:50] <rob0> !learn xclient The SMTP XCLIENT command was defined in RFC 1891. Postfix support therefor is documented here: http://www.postfix.org/XCLIENT_README.html
[18:41:50] <knoba> rob0: (learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
[18:41:57] *** nowthatsamatt has left #postfix
[18:41:57] <rob0> !learn xclient as The SMTP XCLIENT command was defined in RFC 1891. Postfix support therefor is documented here: http://www.postfix.org/XCLIENT_README.html
[18:41:58] <gregb> unles I'm missreading it.
[18:42:17] <rob0> again, gtg, bye.
[18:42:21] <gregb> It seems that the client must connect and issue the XCLIENT commands
[18:42:50] <gregb> I need the SMTP server to parse mail without the client doing anything, such as a relay, which I've already got setup.
[18:43:12] <gregb> the problem I'm having now is sender verification performed by other systems.
[18:43:33] *** bezourox has quit IRC
[18:43:43] *** hobodave has joined #postfix
[18:44:30] *** bezourox has joined #postfix
[18:48:32] *** wdp_ has joined #postfix
[18:49:06] *** m1chael has joined #postfix
[18:51:14] *** kreign has quit IRC
[18:51:45] *** biggi_mat has joined #postfix
[18:51:53] *** milligan has quit IRC
[18:53:32] *** milligan has joined #postfix
[18:54:55] *** p3rror has joined #postfix
[18:56:37] *** Steve_The_Pirate has quit IRC
[19:02:07] *** npmapn_ has joined #postfix
[19:02:28] *** fubhy- has joined #postfix
[19:02:35] *** m1chael has quit IRC
[19:02:39] *** npmapn has quit IRC
[19:03:12] *** mambaw has joined #postfix
[19:05:59] *** biggimat has joined #postfix
[19:08:57] *** biggi_mat has quit IRC
[19:09:30] *** sinedeviance has quit IRC
[19:16:30] *** fubhy is now known as fubhy|afk
[19:17:01] *** rsc has joined #postfix
[19:17:36] <rsc> Is it possible to use another HELO/EHLO for incoming connections (smtp server) and outgoing connections (smtp client) in Postfix? If so, any pointer to a configuration variable/section/directive?
[19:18:29] *** inf_l00p has quit IRC
[19:18:54] *** netman86 has quit IRC
[19:19:03] *** fubhy- has quit IRC
[19:19:05] *** fubhy|afk is now known as fubhy
[19:19:57] *** biggimat has quit IRC
[19:20:52] *** inf_l00p has joined #postfix
[19:25:13] *** inf_l00p has quit IRC
[19:25:23] *** inf_l00p has joined #postfix
[19:29:51] *** inf_l00p has quit IRC
[19:30:08] *** inf_l00p has joined #postfix
[19:31:36] *** m1chael has joined #postfix
[19:36:15] *** snearch has joined #postfix
[19:37:52] <atossava> rsc: the question makes no sense, because you don't HELO when you're accepting mail, the other party does
[19:39:12] <lunaphyte_> !tell rsc goal
[19:39:12] <knoba> rsc: "goal" : describe your goal, not what you think the solution is
[19:45:52] *** hobodave has quit IRC
[19:47:24] *** hobodave has joined #postfix
[19:47:30] *** hobodave has joined #postfix
[19:47:56] *** tilt has quit IRC
[19:49:50] *** evilbulgarian has joined #postfix
[19:50:16] <evilbulgarian> hi, im trying to set up an relay host and i have this "relayhost = [smtp-vip]"
[19:50:35] *** krzee has joined #postfix
[19:50:35] *** krzee has joined #postfix
[19:51:20] <evilbulgarian> status=deferred (Host or domain name not found. Name service error for name=smtp-vip type=A: Host not found)
[19:51:23] *** steelnwool has left #postfix
[19:51:23] <evilbulgarian> is what i get
[19:51:47] <evilbulgarian> how do i get postfix to expand smtp-vip from resolv.conf's serach suffix?
[19:55:38] *** koshie has joined #postfix
[19:56:35] *** wdp has quit IRC
[19:58:20] <rob0> !smtp_host_lookup
[19:58:20] <knoba> rob0: "smtp_host_lookup" : a configuration parameter in the main.cf: What mechanisms when the SMTP client uses to look up a host's IP address. This parameter is ignored when DNS lookups are disabled.
[19:58:23] *** todd_dsm has joined #postfix
[20:01:32] <evilbulgarian> rob0: well seems dns is default
[20:01:59] <evilbulgarian> rob0: the thing is i have this excat same config in dev and it works there so im trying to figure out teh diff
[20:03:29] *** jarr0dsz has quit IRC
[20:06:21] *** mijenix has joined #postfix
[20:06:33] *** mijenix is now known as zimmi
[20:07:38] <zimmi> to redirect alls mails from a local server to root@local to a external email address I've to add an alias for root in the alias file?
[20:07:39] *** Zesturian has quit IRC
[20:07:40] <zimmi> correct?
[20:09:04] *** m1chael has quit IRC
[20:12:52] <zimmi> or should it go to a virtual_alias_maps
[20:19:52] *** m1chael has joined #postfix
[20:19:54] *** cilly has left #postfix
[20:21:53] *** Bheam has joined #postfix
[20:21:57] <Bheam> yoooo
[20:22:46] <Bheam> what's the difference between tls and ssl
[20:22:59] <Bheam> outlook supports both, + auto and none
[20:26:21] <lunaphyte> tls and ssl are too vague and misused terms to ever say with certainty.
[20:26:34] <lunaphyte> in actual terms, there is smtps, and starttls.
[20:26:45] <lunaphyte> smtps is deprecated and should not be used. starttls has replaced it.
[20:27:18] <lunaphyte> often, when someone says ssl, they actually mean smtps, and when they say tls, they actually mean starttls.
[20:27:39] <Bheam> right
[20:29:14] <Bheam> so next question; my postfix seems flaky when it comes to supporting the "auto" setting in outlook; any ideas why? sometimes i have to force it to TLS
[20:29:36] <zimmi> TLS uses stronger encryption algorithms and has the ability to work on different ports
[20:30:20] <zimmi> different standards
[20:32:09] <Bheam> but tls uses ssl certificates no?
[20:32:49] *** krzee has quit IRC
[20:32:56] <zimmi> ssl certificates?
[20:33:03] <zimmi> never heard
[20:33:11] <zimmi> I know x509 certificates
[20:33:25] <fubhy> I have my mailserver set up properly and smtp / imap works with saslauthd propery. But every time i try to connect to my server with thunderbird with sending the password encrypted (configuration in thunderbird) the authentication fails. It works when I send it un-encrypted though.
[20:33:33] <zimmi> TLS and SSL are protocol standards
[20:33:47] <Bheam> ah right
[20:33:53] <fubhy> How would I go about making it possible to authenticate by sending the encrypted password with thunderbird?
[20:33:56] <Bheam> i figured openssl = ssl cert
[20:34:03] <zimmi> nope
[20:34:25] <zimmi> openssl is an opensource implementation of the ssl protocol standard
[20:34:52] <sp00kz> is there any documentation showing that starttls is favorable over ssl?
[20:35:03] <Bheam> obv, but what i meant is, if i generated a self signed cert with openssl, i assumed it'd be a "ssl cert"
[20:35:18] <Bheam> anyhow
[20:35:52] <Bheam> by setting smtpd_tls_auth_only, i'm not allowing anyone to connect who isn't encrypting, right?
[20:36:15] <zimmi> yeah i mean I know what you mean with ssl cert
[20:36:34] <zimmi> but technically it is a x509 self signed cert
[20:36:59] <zimmi> Bheam: yes I would say so
[20:37:13] <zimmi> at least for the authentication
[20:38:36] <Bheam> so sasl = the way postfix reads auth info from dovecot?
[20:38:48] <Bheam> just trying to get my terms straight
[20:39:17] <Bheam> smtpd_sasl_auth_enable = yes, means auth is possible, or required?
[20:41:00] <rob0> zimmi, the features you are looking at are indeed alias_maps and virtual_alias_maps, but there are a lot of gotchas regarding mail routing.
[20:41:08] <rob0> so a simple answer is not possible.
[20:41:59] <rob0> "enable" does not mean nor a requirement.
[20:42:13] <zimmi> rob0: cool you remember me from midday (at least in my timezone)
[20:42:13] <rob0> **"enable" does not mean nor imply a requirement.
[20:42:28] <lunaphyte> tls replaced ssl. both tls and ssl often use certificates. both smtps and starttls can use either tls or ssl.
[20:43:26] <zimmi> rob0: I admit that I don't know exactly what the difference is but I can read that
[20:43:44] <zimmi> rob0: and it worked when I add it to a alias_map
[20:44:31] <zimmi> rob0: but what I couldn't find is how I can rewrite the sender to another address because my relay need a certain sender address to accept the message
[20:45:07] <rob0> Generally the best thing to do is to send the mail with the proper sender address to begin with.
[20:45:15] <zimmi> rob0: I know there is a rewrite rule howto but I don't know if this rewirte is made before or after sending an email
[20:45:33] <rob0> !generic
[20:45:33] <knoba> rob0: "generic" : generic(5) table specifies an address mapping that applies when mail is delivered. This is the opposite of canonical(5) mapping, which applies when mail is received. See http://www.postfix.org/generic.5.html
[20:45:48] <zimmi> cool
[20:45:52] <zimmi> one step closer
[20:45:56] <rob0> generic: rewrite on the way out
[20:46:08] <zimmi> the goal ist to redirect all mail to root@localhost to an external email
[20:46:27] <Bheam> what kind of CA do i go to for a mail server certificate? same as for a ssl website?
[20:46:38] <zimmi> but I've to change the sender of all the mail because my relay host need a certain sender address
[20:46:41] <Bheam> so i gotta pay like 1000's a year?
[20:46:48] <rob0> if it's a cron thing, perhaps your cron software can control the sender address.
[20:47:13] <zimmi> not only cron
[20:47:22] <zimmi> everything which sends mails to root@localhost
[20:47:25] <rob0> x509 certificates are x509 certificates
[20:47:58] <rob0> Personally, for mail, I use a self-signed CA which signs the server cert.
[20:48:28] <rob0> Users are instructed on where to find the CA cert and how to install it.
[20:48:42] <zimmi> ahh there is a free root CA which you can get a sigend cert for free but I don't know if the root ca is in the most CA software included
[20:48:51] <Bheam> heh... nice having advanced users rob0
[20:48:56] <zimmi> and I can't remeber the name
[20:49:38] <zimmi> http://cert.startcom.org/
[20:50:12] <Bheam> if it's not in most root cert databases, then i might as well self sign heh
[20:50:15] <zimmi> http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
[20:50:18] <zimmi> yeah lol comodo :D
[20:50:27] <rob0> cacert.org too
[20:50:48] <zimmi> rob0: I think that was the one I ment
[20:51:11] <zimmi> Bheam: the CA thingy is fucked up
[20:51:15] <zimmi> many root CA got hacked
[20:51:22] <zimmi> only trust yourself
[20:51:26] <zimmi> go for the self signed
[20:51:31] <Bheam> heh
[20:52:11] <Bheam> i'm more on about my users not having to press "yes" on "DONT CLICK YES BECAUSE THIS CERTIFICATE CANNOT BE VERIFIED" dialogs :p
[20:52:37] <zimmi> lol
[20:52:48] <zimmi> the press yes if it is a virus
[20:53:04] <rob0> so charge them extra and set it up for them
[20:53:05] <zimmi> so forget that shit it doesn't matter or the press Yes if the fingerprint changes
[20:53:52] *** Zta has joined #postfix
[20:54:36] <patdk-wk> heh, lets install 100k certs, one per domain :)
[20:54:50] * patdk-wk wonders how large a 100k domain subject-alt cert would be
[20:55:06] <patdk-wk> but then, you wouldn't want to do that
[20:56:08] <Zta> How to update postfix aliases from /etc/aliases? newaliases?
[20:57:12] <tuxick> yes
[20:58:17] <zimmi> rob0: so I need for the rewriting a generic table
[20:58:22] <zimmi> then I'll test that tmr
[20:59:04] <Zta> Can I have multiple recipient_delimiter characters? e.g. recipient_delimiter = + _ -
[21:02:25] *** m1chae has joined #postfix
[21:03:57] <Zta> I've seen some sites that don't allow the + in foo+bar at mail dot com
[21:04:04] *** m1chael has quit IRC
[21:06:09] <Zta> So alternative delimiter character could be handy
[21:06:16] <atossava> zta: http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx is good reading
[21:06:17] <rob0> zta, no, choose one only. Right about +, it is troublesome.
[21:12:35] <Zta> atossava: It's long. Can you just give me the essence, please? A quick glimpse tells me that +, _ and - are all valid.
[21:13:24] <Zta> rob0: Okay. Maybe I should go for _ then. I may be appear as a more welcome character to email validation programmers =)
[21:14:44] *** zimmi has quit IRC
[21:16:42] *** breaker313 has joined #postfix
[21:17:18] *** Bheam has quit IRC
[21:17:37] <Zta> Sorry, I cannot type properly.
[21:17:56] *** Bheam has joined #postfix
[21:19:16] *** Bheam has quit IRC
[21:23:56] <atossava> zta: the short version is: 1) more characters are allowed than you'd think 2) most people get it wrong
[21:26:09] <rob0> I think the + problem stems from a clueless PHP library, which unfortunately is in widespread use.
[21:27:00] *** ced117 has quit IRC
[21:31:51] *** seekwill has quit IRC
[21:32:22] *** TheLittleOne has joined #postfix
[21:33:15] *** localhost has quit IRC
[21:34:32] *** localhost has joined #postfix
[21:35:00] *** breaker313 has quit IRC
[21:35:17] <TheLittleOne> hi, i've setup a postfix/dovecot TLS capable mail server, but i am having problem with sending mail from my php script (running on the same mail server) using my SMTP creeds…i can send/receive email from my virtual mails on 3rd party clients, but i can't figure out why i can't send mail from the mail server itself - any help please?
[21:35:54] <TheLittleOne> i keep getting this in the /var/log/maillog [SASL LOGIN authentication failed: Invalid authentication mechanism]
[21:37:41] <lunaphyte_> configure your php script to use the plain sasl mech
[21:38:34] <TheLittleOne> hmm
[21:38:51] <TheLittleOne> i am using https://code.google.com/a/apache-extras.org/p/phpmailer/wiki/PHPMailer?tm=6…let me see if there is a flag for that i can toggle
[21:39:01] *** phantasm66 has joined #postfix
[21:39:48] <rob0> hmmm, why is your software wanting to use LOGIN?
[21:40:12] *** seekwill has joined #postfix
[21:40:12] *** seekwill has joined #postfix
[21:40:23] <rob0> yes, PLAIN is what it should use
[21:42:34] <lunaphyte_> default is login. fail
[21:42:50] <lunaphyte_> if (empty($authtype)) {$authtype = 'LOGIN';}
[21:43:26] <rob0> heh.
[21:43:29] *** morphje has joined #postfix
[21:43:39] *** m1chae has left #postfix
[21:44:12] <rob0> Another fine example of people who don't understand mail, writing mail software.
[21:44:50] <lunaphyte_> yes. looking briefly through this, it looks Not So Good
[21:46:34] <TheLittleOne> lunaphyte_: hmm, i can't find anything in the php script with that setting…are you saying this is a client-side php issue?
[21:47:42] *** inf_l00p has quit IRC
[21:48:50] <lunaphyte_> i don't know what "client-side php" means.
[21:49:10] <lunaphyte_> it's a problem with that piece of software. it sucks.
[21:49:20] *** fubhy has left #postfix
[21:49:20] <lunaphyte_> it supports only login and ntlm. brain dead.
[21:49:46] <lunaphyte_> it's as though it was written by someone who thinks the world revolves around microsoft.
[21:49:57] <rob0> indeed, just what I was thinking
[21:50:11] <rob0> only Microsoft clients use either of those
[21:50:33] <lunaphyte_> "PHPMailer is a Full Featured Email Transfer Class for PHP"
[21:50:35] <lunaphyte_> please
[21:50:42] <lunaphyte_> full featued my ass
[21:50:58] <TheLittleOne> I don't mind migrating to another mail script, if you had one to recommend?
[21:51:03] <TheLittleOne> php-based, of course
[21:51:45] <lunaphyte_> i wish i did. honestly.
[21:51:54] <rob0> is this "mail server" doing anything other than supporting these outbound web/php mails?
[21:52:05] <rob0> if not, use a nullclient
[21:53:40] <TheLittleOne> its housing my mail boxes as well…full blown mail server for inbound/outbound traffic
[21:54:01] <lunaphyte_> actually, one such php software would be the pear mail package.
[21:54:04] <TheLittleOne> the phpmailer was working with a 3rd party smtp i had before…i just wanted to setup my own for debug purposes
[21:54:24] <TheLittleOne> yeah, i think i'll give pears mail a try
[21:54:25] <TheLittleOne> thanks
[21:55:01] *** freaky[t] has quit IRC
[21:56:38] *** morphje has quit IRC
[21:57:49] *** TheLittleOne has quit IRC
[21:58:35] *** krzee has joined #postfix
[22:00:54] *** Zta has quit IRC
[22:03:31] *** jkfod has quit IRC
[22:04:05] *** phantasm66 has quit IRC
[22:04:42] *** Tykling has quit IRC
[22:05:25] *** phantasm66 has joined #postfix
[22:05:58] *** freaky[t] has joined #postfix
[22:09:36] *** stope has quit IRC
[22:10:03] *** Tykling has joined #postfix
[22:10:35] *** wdp_ has quit IRC
[22:12:09] *** wdp has joined #postfix
[22:17:04] *** pimperle has left #postfix
[22:18:06] *** s0ber has quit IRC
[22:18:59] *** zorg1 has quit IRC
[22:19:44] *** s0ber has joined #postfix
[22:27:52] *** jkfod has joined #postfix
[22:30:01] *** jkfod has quit IRC
[22:33:56] *** biggi_mat has joined #postfix
[22:37:20] <NorrinRadd> if something gets PERMIT on the smtpd_client_restrictions line, will it be rejected if it gets REJECT on the smtpd_recipient_restrictions line?
[22:40:42] <rob0> indeed it will. A reject always rejects; a permit ONLY permits in that stage.
[22:41:36] <lunaphyte_> no real reason to have things in smtpd_client_restrictions anyway. just put everything in smtpd_recipient_restrictions
[22:41:55] <rob0> sometimes there is, but it's not common
[22:42:01] *** gerhard7 has quit IRC
[22:42:42] <NorrinRadd> thanks rob0
[22:44:55] <NorrinRadd> my situation might be one of those cases. want to whitelist myself and sasl auth'd server for clients, but only whitelist myself in recipient stage and reject all unlisted recipients otherwise
[22:45:37] <NorrinRadd> stared at this file for longer than i wish i did, in order to come up with that
[22:46:49] <NorrinRadd> if there is a reject_unauth_sasl -like directive, i could get it all on the recipient line i think
[22:46:51] *** tabakhase has quit IRC
[22:50:45] <lunaphyte_> i don't understand
[22:50:57] <lunaphyte_> "sasl auth'd server for clients" doesn't make sense to me
[22:51:37] <wdp> mhm
[22:52:02] <NorrinRadd> i mean sasl authorized mail systems
[22:52:19] <lunaphyte_> "mail systems"?
[22:52:29] *** nowthatsamatt has joined #postfix
[22:52:38] <NorrinRadd> those things that connect on port 25
[22:52:51] <lunaphyte_> smtp auth isn't really for port 25.
[22:53:09] <lunaphyte_> that's submission - port 587
[22:53:38] <NorrinRadd> well those too
[22:53:39] <lunaphyte_> the goal here is just a little confusing.
[22:53:49] <lunaphyte_> why would you need to offer smtp auth on port 25?
[22:54:10] <NorrinRadd> i only mentioned port 25 attempting to describe what a mail system is
[22:54:16] <lunaphyte_> oh, i see.
[22:54:57] <NorrinRadd> the goal is to reject mail that isn't from me or authorized mail systems (sasl authorized)
[22:55:10] <lunaphyte_> how do you define "from you"?
[22:55:17] <NorrinRadd> $mynetworks
[22:55:21] <lunaphyte_> oh.
[22:55:32] <lunaphyte_> really, you should just be authenticating, mynetworks or not.
[22:56:13] <lunaphyte_> anyway, all of that will be just fine in smtpd_recipient_restrictions.
[22:56:26] *** Southron has joined #postfix
[22:56:45] <lunaphyte_> permit_mynetworks, permit_sasl, reject
[22:56:57] *** tabakhase has joined #postfix
[22:57:17] <NorrinRadd> want reject_unlisted_recipients also
[22:57:39] *** npmapn_ has quit IRC
[22:57:57] *** sphenxes has quit IRC
[22:58:09] <lunaphyte_> you must mean reject_unlisted_recipient?
[22:58:16] <lunaphyte_> that's on by default.
[22:58:16] <NorrinRadd> yes
[22:58:20] *** tabakhase has quit IRC
[22:58:20] *** tabakhase has joined #postfix
[22:58:26] <lunaphyte_> !smtpd_reject_unlisted_recipient
[22:58:26] <knoba> lunaphyte_: "smtpd_reject_unlisted_recipient" : (#1) a configuration parameter in the main.cf: Request that the Postfix SMTP server always rejects mail for unknown recipient addresses. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. This feature is not available prior to Postfix 2.1., or (#2) (default: yes) - request that the postfix smtp server rejects mail for unknown recipient addresse
[22:59:00] <lunaphyte_> it's not neccessary to explicitely specify it in your restrictions.
[23:00:28] *** danblack has joined #postfix
[23:00:38] <NorrinRadd> i see
[23:02:46] <NorrinRadd> the reason i didn't want permit_sasl whitelisted on the recipients line is because I'm guessing the type of spam that ends up in the spam folder of gmail comes from sasl auth mail servers
[23:03:10] <lunaphyte_> i don't follow
[23:03:24] <lunaphyte_> how does gmail come into play wrt your mail server?
[23:04:47] <NorrinRadd> no spam comes from sasl authenicated mail systems?
[23:06:01] <lunaphyte_> i guess i'm not really following the essence of the sasl authenticated mail system.
[23:06:21] <lunaphyte_> what mail systems are performing smtp auth as clients against your server?
[23:07:26] <Nido> NorrinRadd: infected windows machines with outlook send sasl authenticated spam
[23:08:01] <lunaphyte_> plenty of clients which perform smtp auth send spam, but it seems that somehow you're talking about something that you don't consider a client.
[23:08:43] <rob0> If you have infected SASL clients, rate limiting and content filtering are your best options.
[23:09:41] <NorrinRadd> lunaphyte_: correct. i'm thinking mail servers will be using sasl also
[23:10:12] <lunaphyte_> i'm less tolerant. i think disabling accounts for infected smtp auth clients is your best option
[23:10:14] <NorrinRadd> might be incorrect
[23:10:21] <rob0> they can ... if they support it and are set up to auth
[23:10:22] <lunaphyte_> NorrinRadd: what mail servers?
[23:10:41] <NorrinRadd> every mail server that i'm not admin of
[23:10:47] *** nowthatsamatt has left #postfix
[23:10:49] <lunaphyte_> on the internet?
[23:10:52] <NorrinRadd> yes
[23:10:56] <lunaphyte_> uh, no.
[23:11:01] <rob0> why would they auth at your site?
[23:11:08] <rob0> HOW would they auth at your site?
[23:11:13] <lunaphyte_> no mail server on the internet is going to perform smtp auth against your server.
[23:11:30] <NorrinRadd> so my idea of sasl is incorrect
[23:11:41] <lunaphyte_> it seems so.
[23:11:45] <rob0> we don't know, what is your idea? :)
[23:11:49] <lunaphyte_> think for a moment about it
[23:12:26] <NorrinRadd> so if i do not allow non_auth sasl systems to send mail on the server, I will not receive outside mail?
[23:12:33] <atossava> bingo
[23:12:42] <lunaphyte_> wrong
[23:13:02] *** Emotelecom has quit IRC
[23:13:19] <lunaphyte_> if other internet mail servers had to perform smtp auth to deliver mail to your server, how could that work?
[23:13:27] <lunaphyte_> where would they get a username and password from?
[23:13:44] <rob0> spammers sell CDs of those :)
[23:13:48] <lunaphyte_> haha
[23:13:51] *** Emotelecom has joined #postfix
[23:13:55] <lunaphyte_> still just cds?
[23:14:07] <NorrinRadd> i was thinking sasl was a way to restrict the server from talking to other servers which were not "authentic"; meaning the real mx for that domain I suppose
[23:14:35] <lunaphyte_> no
[23:14:40] <rob0> SASL AUTH is for your users to authenticate to you.
[23:14:46] <NorrinRadd> gotcha
[23:14:57] <NorrinRadd> SPF might be what i'm looking for
[23:14:59] <lunaphyte_> sasl is for clients [e,g, thunderbird] to prove they're allowed to submit mail to an msa for further delivery
[23:15:21] <rob0> SPF is not very useful IMO.
[23:15:58] *** badaptr is now known as adaptr
[23:16:52] <rob0> I miss badaptr already.
[23:17:40] <adaptr> you - as they say - do not know what you are missing
[23:18:13] <adaptr> I see 2.9 is released unto us unworthy animals. time to bleed.
[23:18:25] *** fawkingijit has joined #postfix
[23:18:39] <rob0> yes, /me is on a 2.10 snapshot
[23:18:55] <adaptr> yes, /you would be... slacker
[23:18:57] <NorrinRadd> i'm looking into this, because i've noticed if the recipient address is valid, i can forge email from anyone to this server..
[23:19:11] <atossava> norrinradd: that is how smtp works :D
[23:19:26] <NorrinRadd> no fixes for that?
[23:19:30] *** Emotelecom has quit IRC
[23:19:37] <adaptr> NorrinRadd: well, yes. email is essentially meant as a means of communication. if you reject mail addressed to you, communication fails.
[23:19:38] <rob0> You have just now learned what spammers learned in 1992.
[23:19:58] *** rawtaz has joined #postfix
[23:20:02] <adaptr> rob0: seekwill wasn't even speaking in 1992!
[23:20:02] <atossava> norrinradd: have a look at http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/smtp-spf-is-harmful.html
[23:20:14] <rob0> DKIM signing is a good idea.
[23:20:15] <adaptr> ba0-ba-baaaaa at best
[23:20:26] <atossava> rob0: I seem to remember spam wasn't around in any meaningful amounts before 1994-1995 or so
[23:20:29] <rawtaz> hi. very very quick question: does anyone know how i can "reset" policyd so that it greylists a server that otherwise it would consider okay?
[23:20:33] <NorrinRadd> i always knew it was the cause, other than email signing, i figured that were some methods email admins had in order to fight against it
[23:20:39] <NorrinRadd> the case*
[23:20:43] <adaptr> rawtaz: a good question for the policyd authors!
[23:20:48] <rawtaz> just once, so i can "reset" it whenever i need to debug greylisting
[23:20:49] <lunaphyte_> NorrinRadd: the unfortunate bottom line is that you cannot control this.
[23:20:51] <rawtaz> adaptr: yeah indeed :P
[23:21:12] <lunaphyte_> you can only hope that others will offer mechanisms that you can leverage to reduce it
[23:21:14] <rob0> atossava, I didn't even have a computer in 1992, just picked a number out of my hat :)
[23:21:27] <rawtaz> adaptr: sorry. didnt realize they had their own channel, and the startup script is named postfix-policyd hah. thanks
[23:21:48] <adaptr> rawtaz: 'snot a postfix produce, really
[23:21:48] <atossava> rob0: serious? I figured you're one of the regulars on a mailing list I'm on and that would necessarily make you an old fart like me :D
[23:22:11] <rob0> I am an old fart, but relatively new in computers and Internet.
[23:22:13] <adaptr> rob0: Bill Gates didn't have a computer in 1992 ! he had an abacus
[23:22:34] *** phantasm66 has quit IRC
[23:22:48] <rawtaz> adaptr: roger :)
[23:22:52] <atossava> rob0: k fair enough
[23:23:23] <lunaphyte_> i had internet before i had a computer.
[23:23:38] <lunaphyte_> i used to look at web pages with a multitester
[23:23:41] <adaptr> I had porn before there was an internet!
[23:23:57] <rob0> actually I did get my first computer in '92, but it was not networked.
[23:24:06] <adaptr> if you tell that to youngsters now they sooth disbelieve you
[23:24:18] <rob0> modem (and obsession) came in '93 :)
[23:24:33] <adaptr> My First Modem was in 95,I think
[23:24:36] <adaptr> could be 96
[23:24:41] *** Toerkeium has quit IRC
[23:25:14] <NorrinRadd> got my computer in 2000
[23:25:25] <adaptr> I don't have any computers that old
[23:25:43] <adaptr> in fact, I need a new one. TWo new ones. well, maybe one new one and a small one
[23:26:02] <NorrinRadd> first i mean
[23:26:03] <lunaphyte_> we had a fun little 1200 baud apple personal modem in 1990
[23:26:22] <lunaphyte_> connected to a mac se.
[23:27:02] <lunaphyte_> there it is!
[23:27:03] <lunaphyte_> http://apple2history.org/wp-content/uploads/2010/06/Apple-Personal-Modem-3001200.jpg
[23:27:16] <adaptr> my dad brought home a 300 baud acoustic coupler in 1982. and hooked it up to a home-built 8080. and dialed in to work.
[23:27:25] <adaptr> so.. there
[23:27:26] *** wsmsg has quit IRC
[23:27:30] <rob0> ha
[23:28:01] <lunaphyte_> yeah, but i can spell my name in the snow with no hands!
[23:28:08] <adaptr> I also had some 8" floppies back then
[23:28:14] <adaptr> they were really floppy
[23:29:02] <NorrinRadd> no idea what OS was running when i was playing number munchers back in '93/'94
[23:29:32] <NorrinRadd> remember those 5.xx" floppies though
[23:29:42] <lunaphyte_> number crunchers?!
[23:29:49] <adaptr> ... I programmed pascal off 5.25" floppies.
[23:29:50] *** sebbow has quit IRC
[23:29:59] <adaptr> my XT had TWO drives!
[23:30:13] <NorrinRadd> think it was munchers...
[23:30:16] <adaptr> this would be circa 1988
[23:30:22] <lunaphyte_> oh, no - it *was* munchers, you're right
[23:30:46] <adaptr> 1..munch...0..munch..1...munch...1...
[23:30:58] <lunaphyte_> it was an apple IIe in our case.
[23:31:18] <lunaphyte_> my dad was so funny. he brought home a joystick with the computer, and a mousepad for the joystick :)
[23:32:06] <adaptr> I remember going by a mate's house around that time. they had a 2e as well, with the bard's tale on it. glorious!
[23:33:07] <lunaphyte_> moon patrol, cavern creatures.
[23:33:29] <adaptr> I even remember the squeaky speaker sound it made
[23:33:35] <adaptr> it was AWESOME
[23:47:28] *** Toerkeium has joined #postfix
[23:48:16] *** Emotelecom has joined #postfix
[23:49:15] *** fawkingijit has quit IRC

   February 16, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >