Switch to DuckDuckGo Search
   February 21, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >

Toggle Join/Part | bottom
[00:00:16] <rob0> we should make him an honorary Merkan
[00:00:18] *** sphenxes has joined #postfix
[00:00:34] <jimpop> he does spell like one of us
[00:00:39] <adaptr> I would refuseded
[00:00:47] <jimpop> i wonder if his english is better than ours
[00:00:50] <adaptr> I am note worthy!
[00:00:56] <jimpop> haha
[00:00:56] <rob0> well make you an offer you can't refuse
[00:01:04] <rob0> *we'll
[00:01:24] <adaptr> don't spoil things by suddenly remebering how to spell, rob
[00:01:39] *** KaiForce has joined #postfix
[00:01:40] <adaptr> we'll make you turn in your flag
[00:01:52] <rob0> just borrowing one of your typos, I will give it bakc!
[00:01:57] *** nutron|w has quit IRC
[00:02:05] <adaptr> if you don't have a flag, we'll buy you one, then burn it, and stomp on it, and then you can give it back
[00:02:05] *** nutron has quit IRC
[00:02:14] <thumbs> please, we don't need another adaptr here.
[00:02:27] <adaptr> it's a good t'ing luny isn't here, he would 'ave some'thing to say aboot'it
[00:02:52] <adaptr> I named the cat'astrophe after him, after all
[00:02:55] *** anonymous has joined #postfix
[00:03:21] *** anonymous is now known as Guest14442
[00:04:25] <micah> heheh
[00:07:07] *** higuita has quit IRC
[00:11:37] *** wdp has quit IRC
[00:16:40] *** milligan has quit IRC
[00:26:30] <quebre> AHAHAHAHAHAHA
[00:27:14] <adaptr> somebody get him his meds
[00:27:37] *** hobodave has quit IRC
[00:28:19] <quebre> this ... postfix
[00:30:28] *** milligan has joined #postfix
[00:31:05] *** KippiX_ has joined #postfix
[00:34:34] *** KippiX has quit IRC
[00:35:23] *** MaximusColourum has quit IRC
[00:48:35] *** KaiForce has quit IRC
[00:50:06] *** v|nc3 has quit IRC
[00:52:11] *** HSorgYves has joined #postfix
[00:52:35] <HSorgYves> morning, is there a way to prevent/remove the logging of postfix connection tests through localhost? if yes, how?
[00:53:24] <adaptr> which "connection tests" would those be ?
[00:53:34] * seekwill thinks Nagios
[00:53:42] <lunaphyte> no
[00:53:45] <adaptr> ah, an early-morning WAG!
[00:53:46] <seekwill> No?
[00:53:49] <seekwill> :(
[00:53:50] <lunaphyte> postfix logs what happens to it
[00:53:54] * jimpop likes Nagios
[00:54:00] <lunaphyte> actually, so i take that back.
[00:54:04] <lunaphyte> i hate nagios.
[00:54:05] <adaptr> I'm curious what these noon-existent emails are
[00:54:09] <rob0> HSorgYves, grep -v when viewing logs
[00:54:15] <HSorgYves> monit, but i suppose thqt doesn't matter much
[00:54:31] <seekwill> I wouldn't run system monitoring on the same box that's being monitored
[00:54:37] <lunaphyte> if you don't want a particular connection to appear in your logs, then don't make the connection.
[00:54:41] <jimpop> monit is good too
[00:55:22] *** roe_ has joined #postfix
[00:55:27] <adaptr> lunaphyte: I refuse to log you, you know.
[00:55:44] <roe_> any predictions on how well a FS of maildirs will compress using tgz?
[00:55:50] *** v|nc3 has joined #postfix
[00:55:52] <roe_> (XFS filesystem)
[00:56:05] <adaptr> the filesystem is obviously irrelevant
[00:56:11] <seekwill> 29%
[00:56:14] <lunaphyte> adaptr: you couldn't log me if you wanted to
[00:56:18] <adaptr> 38.5%
[00:56:18] <seekwill> On EXT4, you can get 55%!
[00:56:30] <HSorgYves> well, i would prefer them not being written instead of not making them - which is useless in this case - or hiding them when looking at the logs... can this be done with rsyslog or do i need to switch?
[00:56:34] <lunaphyte> it depends on the content of the messages.
[00:56:47] <roe_> lunaphyte, true
[00:56:54] <lunaphyte> if it were a bunch of email messages with zip files attached, i bet it would compress like shit.
[00:56:55] <adaptr> HSorgYves: yes, you can make rsyslog not log critical messages. good luck.
[00:57:11] <HSorgYves> adaptr: how?
[00:57:15] <roe_> but if the majority were text files, it should compres pretty well?
[00:57:23] <adaptr> it will still compress the base64 attachements ;)
[00:57:36] <adaptr> but not below the size of the original zips, obviously
[00:57:41] <lunaphyte> hmm, right, that's intereting.
[00:57:44] <lunaphyte> *intereting
[00:57:47] <lunaphyte> MAH
[00:57:50] <lunaphyte> INTERESTING
[00:58:05] <adaptr> I am dis'appointed in you, luny'ophyte
[00:58:07] <lunaphyte> THIS IS ALL VERY INTERESTING
[00:58:12] <adaptr> not even one stray cat'astrophe today
[00:58:16] <seekwill> Hmm...
[00:58:24] <lunaphyte> oh, i through that key aweigh
[00:58:32] <adaptr> OBVIOUSLY
[00:58:34] <seekwill> I wonder what the disk size of a compressed base64 zip is
[00:58:47] <roe_> I have a 57G partition that I am manually backing up via tgz and I'm just curious, while I'm waiting for it to finish, how much smaller the resultant file might be
[01:00:06] <seekwill> backing up with tgz
[01:00:08] <seekwill> ?
[01:00:20] <roe_> gzipped tar?
[01:00:23] <adaptr> he means tar
[01:00:33] <adaptr> roe_: the program is "tar". tgz is not an anything.
[01:00:38] *** Bry8Star has joined #postfix
[01:00:46] <seekwill> Personally, I'd use rsync
[01:00:53] <roe_> adaptr, I was short-handing the program and compression method
[01:00:57] <adaptr> for millins of mails, definitely
[01:01:10] <adaptr> hey! who st le my !
[01:01:13] * seekwill would rsync adaptr
[01:01:19] <adaptr> you'd like that, eh ?
[01:01:25] *** jkfod has quit IRC
[01:01:28] <seekwill> I wuld
[01:06:33] *** bureq has joined #postfix
[01:09:25] <HSorgYves> so, does anyone please provide more help than "good luck"... would be really appreciated
[01:10:16] <jimpop> HSorgYves: 18:56 < adaptr> HSorgYves: yes, you can make rsyslog not log critical messages.
[01:11:38] <adaptr> I thought "good luck" was, in fact, very good advice if you intend to mess with critical system logging
[01:11:41] <rob0> hmm? I suggested parsing the log to omit what you didn't want.
[01:12:02] <rob0> That really IS the answer.
[01:12:43] <HSorgYves> hmmm, so you would continue to log them even if it is each minute?
[01:13:28] <adaptr> EVERY MINUITE!>!>? ZOMG OHNOES
[01:13:37] <adaptr> call the coast guard!
[01:13:45] <adaptr> bring out the fire department
[01:14:01] * adaptr wonders how HSorgYves would cope with 300K spam connections per day
[01:14:03] <HSorgYves> adaptr: or each 10 minutes, doesn't matter
[01:15:08] <HSorgYves> adaptr: hehehehe, that's easier
[01:15:22] <adaptr> ...you THINK ?
[01:15:30] <bureq> Hello can anyone tell me what "NOQUEUE: reject: RCPT Client host rejected: Access denied" mean? in postfix log
[01:15:49] <adaptr> !access_denied
[01:15:49] <knoba> adaptr: Error: "access_denied" is not a valid command.
[01:15:58] <adaptr> bah, rob0, look what you made me do
[01:16:02] <HSorgYves> adaptr: sometimes, but THINKing is a hard job ;-)
[01:16:35] <bureq> I'm able to send emails, but not receive :(
[01:16:45] *** rosco has quit IRC
[01:17:26] <HSorgYves> so afai understood, you would not care about those logs... thanks for your opinion
[01:17:44] <adaptr> once every 10 minutes means 144 per day. boo hoo.
[01:18:42] <adaptr> I monitor my mail server too, every 5 minutes, yielding a shocking 288 connections per day from opsview (which is nagios). I have yet to notice it between the other 350000 actual connections
[01:19:06] <adaptr> if I could make my graphs show it it would be a flat line at the bottom
[01:19:14] <adaptr> I am semi-curious what the point of this would be
[01:20:19] *** bureq has quit IRC
[01:20:34] <HSorgYves> adaptr: well they shouldn't be there that's all; its not that it's the only thing showing ;-)
[01:20:40] <rob0> bureq, one WAG per customer, and yours is this: you put "reject" in your smtpd_client_restrictions
[01:21:04] <adaptr> HSorgYves: YOU ARE MAKING CONNECTIONS. WHY should they not be in the log
[01:22:07] <HSorgYves> adaptr: because I KNOW that they are MADE, why should I LOG them?
[01:22:26] <thumbs> HSorgYves: because it's fine if they're logged.
[01:22:44] <adaptr> postfix logs them. postfix logs reality. be thankful, because it is the one solid constant in your life as mail admin.
[01:22:50] <thumbs> HSorgYves: logs grow, get rotated. Let them be.
[01:22:57] <HSorgYves> and because its easy to filter those made towards apache for example
[01:23:16] *** master_of_master has quit IRC
[01:23:30] <HSorgYves> adaptr: never thought it like that
[01:23:38] <HSorgYves> thumbs: id
[01:23:46] <thumbs> HSorgYves: what?
[01:24:45] <adaptr> he's accusing you of having an id, or perhaps trying to access your id... subliminiminally, or something
[01:24:56] <thumbs> I have an id?
[01:24:58] <adaptr> smack him one with your superego
[01:25:01] *** master_of_master has joined #postfix
[01:25:33] <HSorgYves> id meaning identical reflection
[01:25:57] <thumbs> ah, one of those new instant messaging memes.
[01:25:57] <HSorgYves> or idem if you prefer
[01:26:28] <rob0> aha, like in a bibliography!
[01:26:35] <adaptr> we don't do abbreviations well here. you may abbreviate idem with id. if you must, because the greeks did that too.
[01:26:36] <HSorgYves> but you both are right, i probably think to much about things that are not important
[01:26:57] <adaptr> and who are we to improve upon the g(r)eeks
[01:26:59] <thumbs> I'll brush up my latin.
[01:27:09] <rob0> igpay atinlay
[01:27:18] <adaptr> after all, they had the best steam engines, and handguns, and internet hubs... wait...
[01:27:18] *** v|nc3 has quit IRC
[01:28:22] <thumbs> rob0: smartass.
[01:28:41] <HSorgYves> adaptr: i know, but i thought that id. would be an international abbreviation used everywhere
[01:29:21] <adaptr> id is, except you didn't say "id." - you said "id"
[01:29:24] <seekwill> International District
[01:30:10] <HSorgYves> adaptr: my fault, i did try to push the . though
[01:30:30] <adaptr> I hope it hurt
[01:30:46] <HSorgYves> at least i didn't say .id
[01:31:00] <HSorgYves> and yes it did
[01:31:00] <seekwill> What's wrong with .id?
[01:31:30] <HSorgYves> nothing, but it has a completely different meaning but is composed of the same 3 characters
[01:31:38] <seekwill> i.d ?
[01:31:56] <seekwill> .bi
[01:32:00] <adaptr> bidi
[01:32:04] <seekwill> idbi
[01:32:15] <jimpop> i dbi
[01:32:15] <HSorgYves> ibid.
[01:32:23] <adaptr> bidibidibidi
[01:32:30] <seekwill> fail
[01:32:34] <adaptr> TAAN TAAN TAN TAN TAAN TAN TAAAN
[01:32:35] <jimpop> bail
[01:32:39] * seekwill 550 jimpop
[01:32:44] <jimpop> lol
[01:32:53] <adaptr> spock wogers in the 25th millenienium
[01:35:23] *** v|nc3 has joined #postfix
[01:46:30] <HSorgYves> i will get some sleep now, thanks
[01:47:39] *** HSorgYves has quit IRC
[01:52:58] <adaptr> I hope he dreams about extraneous connections in his logs
[01:53:59] *** taggart has joined #postfix
[01:54:43] <sahil> ha
[01:54:57] <adaptr> it's standon!
[01:55:01] <adaptr> what rock were you under
[01:55:06] <taggart> I must have been living under a rock and just now learned of reject_unlisted_recipient, how are people here using it?
[01:55:12] <sahil> what'dya mean?!
[01:55:33] <adaptr> haven't seen you in ages, except on the list, I guess
[01:55:46] <adaptr> taggart: as it was designed, probably
[01:55:54] <rob0> and not much on the list!
[01:56:01] <sahil> ah, fair enough..
[01:56:02] <adaptr> !reject_unlisted_recipient
[01:56:02] <knoba> adaptr: "reject_unlisted_recipient" : (with postfix version 2.0: check_recipient_maps) reject the request when the rcpt to address is not listed in the list of valid recipients for its domain class. see the smtpd_reject_unlisted_recipient parameter description for details. this feature is available in postfix 2.1 and later.
[01:56:08] <sahil> been lurking, just not participating.
[01:56:37] <sahil> rob0: i see you finally went public with your HOWTO. \o/
[01:56:43] <rob0> haha yes
[01:57:15] <adaptr> taggart: this defaults to on and there is usually no reason to change it
[01:57:34] <taggart> adaptr: where in the process? with reject_unauth_destination I've always had it later, but I read some people do it ahead of RBL checks?
[01:57:50] <adaptr> oh, I thought you were referring to smtpd_reject_unlisted-recipient
[01:57:58] *** Aprogas has quit IRC
[01:57:59] <adaptr> because that is global
[01:58:46] <adaptr> reject_unauth_destination + relay-recipient+maps == reject_unlisted_recipient
[01:58:49] <taggart> adaptr: well good point about smtp_ being on by default
[01:58:58] <rob0> You can use it before DNSBL & other spam checks to dispose of a lot of junk before those.
[01:59:03] <adaptr> damn, my underscores aren't, today
[01:59:45] <taggart> but if you are relying on the smtp_reject_unlisted_recipient being on by default, when does that apply?
[01:59:46] <adaptr> taggart: there is only a difference between reject_unauth_destination and reject_unlisted_recipient when A. relay-domains is not empty, and B. relay_recipient_maps IS empty
[02:00:17] <taggart> or virtual_mailbox_domains ?
[02:00:41] <adaptr> !reject_unauth_destination
[02:00:41] <knoba> adaptr: "reject_unauth_destination" : see http://www.postfix.org/postconf.5.html#reject_unauth_destination
[02:01:15] <taggart> I should explain further...
[02:01:19] <adaptr> reject_unauth_destination covers all non-internet address classes
[02:01:30] *** Aprogas has joined #postfix
[02:01:41] <rob0> um, I don't think so
[02:01:48] <taggart> right now if someone mails a non-existent user on this system, the error they get is "user not listed in virtual table"
[02:01:53] <adaptr> along with smtpd_reject_unlisted_recipient, this obviates the need to specify it explicitly
[02:02:11] <rob0> reject_unauth_destination means "domain not defined in an address class listing"
[02:02:33] <adaptr> rob0: "covers" as in "does not reject"
[02:02:37] <rob0> smtpd_reject_unlisted_recipient means "check for valid user and reject if not"
[02:02:48] <adaptr> s/user/recipient/, then yes
[02:02:54] <rob0> recipient yes
[02:02:56] <adaptr> and is the ultimate source of that ^^ message
[02:02:59] <adaptr> user not listed
[02:03:12] <taggart> I was thiking maybe reject_unlisted_recipient would somehow be faster
[02:03:19] <adaptr> so if that is on (default), then explicitly repeating it in restriciotns does nothing
[02:03:43] <adaptr> HOWEVER, restrictions being what they are, you can play silly buggers with search order
[02:04:01] <adaptr> or not so silly and maybe quite smart, it depends.
[02:04:58] <adaptr> a side chain in sender_ could do one check, and set reject_unlisted as the end condition, BEFORE it ever got to recipient_restrictions, thus skipping a possible accept on different grounds in that flow
[02:05:53] <adaptr> taggart: faster doesn't really enter into it. do your hash tables exceed 200K entries ? somebody on the list tested this and I remember they got a delay in the milliseconds
[02:06:09] <adaptr> alongside that, an extra restriction check is peanuts
[02:06:23] <taggart> hmm, it just occurred to me that on this system I couldn't do reject_unlisted_recipient any sooner than reject_unauth_destination anyway
[02:06:45] <taggart> because I have sasl users here
[02:07:13] <taggart> but my eventual goal is to turn that off
[02:07:54] <rob0> huh?
[02:08:01] <taggart> so then does reject_unlisted_recipient get me anything that reject_unauth_destination doesn't?
[02:08:19] <adaptr> taggart: the former deals with addresses. the latter deals in domains.
[02:08:28] <rob0> I answered that 00:58
[02:08:31] <adaptr> so the answer would be "yes, always"
[02:08:49] <taggart> rob0: I have users that relay via this server, so until I have accepted their mail, I can't reject stuff that's not for me
[02:09:00] <adaptr> the more relevant item is that globally, smtpd_reject_unlisted_recipients defaults to YES
[02:09:21] <rob0> but I don't understand how having SASL users ... you don't have permit_sasl_authenticated before reject_unauth_destination?
[02:09:32] <adaptr> so unless you are using the explicit restriction somewhere to do something di9fferent than would normally happen, you do not need to mention it again. it does nothing.
[02:10:00] <taggart> I have permit_sasl_auth before reject_unauth_dest
[02:10:15] <rob0> Indeed, you ought to move user submission off of port 25
[02:10:19] <taggart> adaptr: yes I know
[02:10:38] <taggart> rob0: yes, that's been the plan for a while, moving the users is the harder part :(
[02:10:55] <adaptr> move the port, and when they start shouting, tell them to use port 587
[02:11:02] <adaptr> they will switch quite quickly
[02:11:12] <taggart> BOFH style move :)
[02:11:17] <adaptr> only way
[02:11:51] <taggart> it will come to that at some point, I just haven't wanted to deal with it yet
[02:12:28] <adaptr> shirking the BOFH cloak of responsibility, eh ?
[02:13:43] <taggart> I hate help tickets :)
[02:14:03] <rob0> Anyway, what you are saying about "couldn't do reject_unlisted_recipient any sooner than reject_unauth_destination" might be true, but it's not relevant.
[02:14:13] <taggart> anyway I think I have learned that reject_unlisted_recipient gains me nothing over reject_unauth_destination
[02:14:23] <adaptr> THEY ARE NOT THE SAME
[02:14:40] <adaptr> why do you keep comparing them as if one is better than the other
[02:14:40] *** BuenGenio has joined #postfix
[02:14:44] <taggart> then I guess I still don't understand sorry :(
[02:14:56] <adaptr> [02:08] <adaptr> taggart: the former deals with addresses. the latter deals in domains.
[02:14:59] <rob0> it DOES reject unknown users explicitly, rather than at the end of smtpd_recipient_restrictions
[02:15:13] <adaptr> yes, okay, but THOSE TWO are not the same at all.
[02:15:13] <lunaphyte> funny. we were just talking about beverly hills cop earlier today
[02:15:31] <taggart> <adaptr> taggart: there is only a difference between reject_unauth_destination and reject_unlisted_recipient when A. relay-domains is not empty, and B. relay_recipient_maps IS empty
[02:15:52] <adaptr> taggart: yeah, brain fart. it happens. a lot.
[02:16:06] <adaptr> 900 configuration settings and counting
[02:16:13] <taggart> lunaphyte: my brother's name is john and he recently got a picture of him and the guy who played taggart :)
[02:16:28] <lunaphyte> haha
[02:16:41] <taggart> ok so rob0 said this
[02:16:44] <taggart> <rob0> reject_unauth_destination means "domain not defined in an address class listing"
[02:17:11] <taggart> <rob0> smtpd_reject_unlisted_recipient means "check for valid recipient and reject if not"
[02:17:19] <taggart> oh wait
[02:17:33] <adaptr> yes, the bulb, it is lightening
[02:17:43] <taggart> I'm trying :P
[02:18:57] <taggart> so what is the difference?
[02:19:01] <adaptr> by default, smtpd_reject_unlisted_recipient is TRUE, so at the end of all other restrictions, anywhere, that test is performed, and any recipient NOT listed as valid anywhere in postfix is rejected
[02:19:13] <adaptr> this is a GLOBAL SETTING, i.e. it is NOT a restriction
[02:19:38] <taggart> adaptr: yes I know the smtp_ is global and I've said so several times
[02:19:46] <taggart> don't get hung up on that
[02:19:47] <adaptr> the RESTRICTION reject_unlisted_recipient IS, and is yours to use as you see fit, in case that global test is too coarse for your needs
[02:20:01] <adaptr> you're STILL asking what the difference is. so I explain. AGAIN.
[02:20:28] <taggart> I'm not asking the difference between smtpd_reject_unlisted_recipient and reject_unlisted_recipient
[02:20:51] <taggart> I'm asking the difference between reject_unlisted_recipient and reject_unauth_destination
[02:21:05] <adaptr> THEY HAVE NO FUCKING THING TO DO WITH ONE ANOTHER. how's that for difference ?
[02:21:18] <adaptr> they are orthogonal in function
[02:21:33] <adaptr> ONE deals with recipient addresses. the other deals with entire domains
[02:21:55] <adaptr> I think this marks the fourth mention of this basic fact
[02:22:15] <taggart> well I guess I have a thick skull
[02:22:22] <adaptr> the other three being rob0 's original and my two repetitions
[02:22:44] <adaptr> that's okay, did it settle ?
[02:22:46] <taggart> I guess I have always understood reject_unauth_destination to mean "not an address on this system"
[02:22:55] <adaptr> not a domain I am responsible for
[02:23:03] <taggart> but you are saying it's _just_ not any _domain_ on this system?
[02:23:38] <taggart> "responsible" _is_ a better way of saying it, due to relaying...
[02:23:39] <adaptr> well, I wasn't, but then rob0 corrected me, and now I am slavishly following his lead, because he is teh moar leet
[02:24:06] <adaptr> it's the text in the documentation. you will find it surprisingly apt
[02:24:53] <adaptr> "under postfix control" is also used
[02:25:17] <adaptr> mail could still be postfix's responsibility yet never end up on your postfix box
[02:25:20] <rob0> slavish!
[02:25:41] <adaptr> originally meant a perso from yugoslavia
[02:25:46] <adaptr> ya noo
[02:26:15] <adaptr> oh, but not with slaves, no. never mind, moving on
[02:26:23] <rob0> Slavic, includes a wide range of eastern Europe, no?
[02:26:30] <seekwill> We should abolish slavery! Everyone is a master!
[02:26:32] *** krzee has quit IRC
[02:26:34] <adaptr> can I have my typos back please ? I prefer them to this foot in my mouth
[02:26:34] <taggart> so I guess if using "reject_unauth_destination" and someone sends a mail to a non-existent user in a domain you are responsible for, it would pass that test, then hit the end of smtpd_recipient_restrictions
[02:26:48] <adaptr> yes
[02:26:52] <adaptr> possibly
[02:26:56] <adaptr> restrictions are voodoo
[02:27:02] <adaptr> good voodoo, but still
[02:27:04] <taggart> and then, since the user doesn't exist, would be rejected
[02:27:09] * rob0 gvies tpyos to adaprt
[02:27:23] <adaptr> BECAUSE smtpd_reject_unlisted defaults to YES. if NOT, then not.
[02:27:24] <seekwill> omg I could totaly read taht!!!
[02:28:19] <adaptr> ultimately, that last test after the end of restrictions causes the message. if you put the restriction in a restriction list or class, and it is hit, then THAT causes the message.
[02:28:32] <taggart> but given the current error message I see of "user does not exist in virtual table", maybe it's trying to use virtual_mailbox_maps
[02:28:34] <taggart> ?
[02:28:41] <adaptr> no
[02:28:58] <adaptr> it merely means it's in a virtual DOMAIN, but the address does not exist
[02:29:05] <adaptr> !address_class
[02:29:05] <knoba> adaptr: Error: "address_class" is not a valid command.
[02:29:07] <adaptr> !address_classes
[02:29:07] <knoba> adaptr: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.
[02:29:10] <adaptr> I HATE YO UKNOBA
[02:29:21] <adaptr> please, that clears stuff up. lots.
[02:29:24] <adaptr> go read
[02:29:42] * taggart reads
[02:30:07] <adaptr> if you hit restriction classes, don't click the link, or we'll be here all night
[02:30:47] <adaptr> well, rob0 will be here all night. I should sleep soon
[02:32:25] <rob0> I will not!
[02:32:38] <taggart> ah restriction classes is interesting, I always wondered if you could do something like that
[02:33:43] <rob0> if you want a sadistic, extreme example:
[02:33:49] <rob0> !sqlite_howto
[02:33:50] <knoba> rob0: "sqlite_howto" : rob0 here has written a multi-address-class howto for Postfix and Dovecot using a sqlite3 data backend: http://rob0.nodns4.us/howto/
[02:34:11] <taggart> anyway I now understand that it's actually smtpd_reject_unlisted_recipient causing the reject messages I'm seeing
[02:34:23] <rob0> the database keeps a restriction class value per domain or recipient
[02:34:58] <taggart> and presumably if I set show_user_unknown_table_name it will give something more vague
[02:36:10] <rob0> and make YOUR job harder
[02:37:08] <taggart> yeah I have though of that, but I think in my case all the error messages of that type will be the same
[02:37:28] <taggart> all the users are in the same address class
[02:38:57] <taggart> right now my job is harder because users don't know "User unknown in <name of address class here> table" means
[02:39:24] <taggart> now arguably they might not know in the other case too...
[02:40:12] *** tty234 has joined #postfix
[02:40:12] <taggart> I'm debating using smtpd_reject_footer to point them somewhere, but I'm not sure that's a good idea either
[02:41:53] <taggart> rob0, adaptr: anyway thanks for the boots to the head :)
[02:43:03] <seekwill> taggart: Why wouldn't that be a good idea/
[02:43:04] <seekwill> ?
[02:45:18] <taggart> seekwill: in some cases it would be helpful, but I am also worried about help tickets filed by people wondering what their long lost friend's email address is
[02:47:18] <seekwill> You can tell them it's not something you give out
[02:47:33] <seekwill> I don't really thing people would do that
[02:47:46] <seekwill> Plus, the URL you point to could have some sort of disclaimer
[02:48:44] <taggart> yeah I suppose
[02:49:07] <seekwill> You could also just ignore those emails...
[02:49:10] *** krzee has joined #postfix
[02:49:47] <seekwill> In fact, it may actually violate privacy agreements if you gave out that sort of information.
[02:49:56] <taggart> seekwill: I could point them to postmaster@ or I could point them to the ticket system, and yeah it probably wouldn't be too many. but in most cases I won't have any more to tell them
[02:50:05] <seekwill> "Hey, I tried to email my friend thumbs, but his email thumbs@ doesn't work. Can you tell me his real address?"
[02:50:28] <taggart> yeah we certainly wouldn't give out any info even if we had any (which we try not to have in the first place)
[02:51:09] <seekwill> The benefits seem to be better
[02:51:54] <taggart> well I am trying to think of a case where the answer wouldn't just be "yeah it said the user doesn't exist, I checked and it doesn't exist"
[02:52:25] <taggart> maybe if the system was misconfigured and rejecting known good addresses someone could point it out?
[02:52:51] <seekwill> You could have monitoring systems in place for that :)
[02:52:57] <seekwill> /should/
[02:53:10] <taggart> we do
[02:53:18] <taggart> well that postfix is up
[02:53:37] <taggart> I don't have anything that sends test messages and confirms they get through, anyone doing that?
[02:53:55] <taggart> ideally timed so it can report when things are slow
[02:54:13] <seekwill> We do that all the time
[02:54:26] *** krzee has quit IRC
[02:54:49] <seekwill> We have clients that send message to somewhere like Gmail or Yahoo, then a script to pull those messages and parse it
[02:54:50] <taggart> seekwill: got a nagios plugin? :)
[02:54:54] <seekwill> I do not
[02:55:51] <taggart> http://exchange.nagios.org/directory/Plugins/Email-and-Groupware/check_email_delivery/details
[02:55:57] <taggart> ^^ maybe interesting
[02:56:19] <seekwill> Buy it!
[02:57:52] <taggart> :)
[02:59:47] *** krzee has joined #postfix
[02:59:50] <taggart> hopefully I can use that to test delivery through mailing lists too
[03:02:09] <seekwill> Hmm?
[03:02:18] <seekwill> Not really
[03:02:29] <seekwill> You should already be doing that
[03:06:06] *** Motoko has joined #postfix
[03:13:55] <tmberg> Hm.. Anyone succesfully running dk-filter and/or opendkim with unix sockets?
[03:16:56] <danblack> tmberg: yes
[03:17:42] *** co_mw_300_serius has joined #postfix
[03:17:43] *** co_mw_300_serius has left #postfix
[03:18:00] <tmberg> danblack: How? :)
[03:18:42] <tmberg> danblack: Care to share?
[03:19:09] <danblack> tmberg: I wrote a fair bit of the opendkim README on the topic. in short set umask to 002. Make sure postfix/opendkim share a group. If your running debian/ubuntu it still does chroot by default so the socket needs to be in /var/spool/postfix/{milter}
[03:19:37] <danblack> make sure opendkim can write to that directory.
[03:21:37] <danblack> or better. run selinux and run the postfix-nochroot from setools and then chroots don't apply
[03:21:48] <rob0> Dear directory, how are you? I am fine. Write back soon, Love, opendkim
[03:23:39] <danblack> obscure but funny.
[03:25:40] <tmberg> danblack: Thanks!!
[03:26:04] <danblack> on dk-filter - dont' bother. noone cares about domain keys any more.
[03:27:53] <tmberg> danblack: I know. But ive already have it setup since ages ago. So... :)
[03:28:20] <danblack> ah - job security by complicated obsolete features :-)
[03:41:30] *** MAAAAD has quit IRC
[03:41:52] *** master_of_master has quit IRC
[03:42:42] *** MAAAAD has joined #postfix
[03:43:19] *** master_of_master has joined #postfix
[03:48:45] *** phantasm66 has quit IRC
[04:14:02] <tmberg> danblack: Gah, Can i bother you in private?
[04:17:21] <danblack> tmberg: i'm pretty busy but go ahead and provide all information and expect occasional delays
[04:21:25] *** FainaUkraina has joined #postfix
[04:21:41] *** roe_ has quit IRC
[04:24:11] *** BuenGenio has quit IRC
[04:26:33] *** MaximusColourum has joined #postfix
[04:29:05] *** MaximusColourum has quit IRC
[04:35:24] *** BuenGenio has joined #postfix
[04:38:23] *** FainaUkraina has quit IRC
[04:40:32] *** Emotelecom has joined #postfix
[04:42:55] *** Guest14442 has quit IRC
[04:50:03] *** m1nish has joined #postfix
[04:57:35] *** seekwill has quit IRC
[05:12:56] * tmberg goes on without chroot... :O
[05:14:39] *** danblack has quit IRC
[05:14:55] *** FainaUkraina has joined #postfix
[05:16:49] *** BuenGenio has quit IRC
[05:22:06] *** inf_l00p has quit IRC
[05:22:13] *** inf_l00p has joined #postfix
[05:24:12] *** mroe has joined #postfix
[05:35:11] *** MaximusColourum has joined #postfix
[05:49:13] *** n0sq has quit IRC
[06:00:36] *** MAAAAAD has joined #postfix
[06:04:18] *** MAAAAD has quit IRC
[06:11:15] *** krzee has quit IRC
[06:23:27] *** MaximusColourum has quit IRC
[06:27:14] *** chadmaynard has joined #postfix
[06:49:08] *** danblack has joined #postfix
[06:55:46] *** MaximusColourum has joined #postfix
[07:02:01] *** krzee has joined #postfix
[07:12:01] *** FainaUkraina has quit IRC
[07:12:51] *** FainaUkraina has joined #postfix
[07:33:29] *** mroe has quit IRC
[07:41:03] *** gerhard7 has joined #postfix
[07:46:16] *** krzee has quit IRC
[08:05:49] *** krzee has joined #postfix
[08:21:09] *** seekwill has joined #postfix
[08:21:09] *** seekwill has joined #postfix
[08:26:43] *** v|nc3 has quit IRC
[08:33:12] *** v|nc3 has joined #postfix
[08:54:23] *** Niemi has quit IRC
[08:58:09] *** Motoko has quit IRC
[09:11:13] *** breaker313 has joined #postfix
[09:35:39] *** tjikkun_work has joined #postfix
[09:39:00] *** taggart has quit IRC
[09:41:06] *** _marix has joined #postfix
[09:41:08] *** Creamz has joined #postfix
[09:44:45] *** samlt has joined #postfix
[09:58:32] *** fawkingijit has joined #postfix
[10:02:44] *** Emotelecom has quit IRC
[10:03:18] *** HSorgYves has joined #postfix
[10:14:25] *** Gatto has joined #postfix
[10:17:35] *** HSorgYves has quit IRC
[10:34:01] *** samlt has quit IRC
[10:34:17] *** Linex_ has joined #postfix
[10:40:01] *** Gatto has quit IRC
[10:41:35] *** FainaUkraina has quit IRC
[10:45:58] *** KippiX_ has quit IRC
[10:46:13] *** KippiX has joined #postfix
[11:03:33] *** bhagat has joined #postfix
[11:05:13] *** npmapn has joined #postfix
[11:13:21] *** wdp has joined #postfix
[11:13:21] *** wdp has joined #postfix
[11:15:14] *** gerhard7 has quit IRC
[11:20:01] *** e-anima has joined #postfix
[11:31:05] *** HSorgYves has joined #postfix
[11:31:05] *** HSorgYves has joined #postfix
[11:48:31] *** HSorgYves has quit IRC
[11:52:01] *** Gatto has joined #postfix
[11:53:18] *** samlt has joined #postfix
[12:13:01] *** ptierno has joined #postfix
[12:13:49] *** scarleo has joined #postfix
[12:14:24] <scarleo> Hello, after upgrading my openSUSE server I got problem with Postfix: postfix/postdrop[9764]: warning: mail_queue_enter: create file maildrop/200875.9764: Permission denied
[12:15:09] <ptierno> sounds like permissions
[12:15:12] <ptierno> but dunno
[12:15:17] <scarleo> postfix check passes without notices, I have tried postfix set-permissions but still the same error. /var/spool/postfix/maildrop is owned by postfix:maildrop
[12:15:47] <scarleo> yes it's sme permissions that are wrong but I can't find them
[12:18:50] <scarleo> Or more correct, I can't find where
[12:21:02] *** v|nc3 has quit IRC
[12:21:30] <scarleo> mail is working though
[12:22:06] *** ptierno has quit IRC
[12:23:03] *** UQlev has joined #postfix
[12:23:47]
[12:25:21] *** xabbuh has joined #postfix
[12:27:41] *** jkfod has joined #postfix
[12:29:11] *** v|nc3 has joined #postfix
[12:35:35] <scarleo> No one?
[12:53:59] *** scarleo has quit IRC
[12:55:55] *** GieltjE has joined #postfix
[12:56:36] *** gerhard7 has joined #postfix
[12:58:09] *** Gatto has quit IRC
[12:58:29] *** HSorgYves has joined #postfix
[12:58:29] *** HSorgYves has joined #postfix
[13:11:42] *** HSorgYves has quit IRC
[13:13:25] *** jkfod has quit IRC
[13:17:55] *** bhagat has quit IRC
[13:19:39] *** UQlev has quit IRC
[13:22:43] *** HSorgYves has joined #postfix
[13:24:17] *** HSorgYves has quit IRC
[13:29:34] *** wdp_ has joined #postfix
[13:34:03] *** MaximusColourum has quit IRC
[13:43:13] *** gerhard7 has quit IRC
[13:44:35] *** tjikkun_work has quit IRC
[13:46:37] *** jkfod has joined #postfix
[13:47:10] *** GieltjE has quit IRC
[13:54:44] *** vishwa has joined #postfix
[14:02:04] *** tjikkun_work has joined #postfix
[14:16:37] *** danblack has quit IRC
[14:17:42] *** fury__ has quit IRC
[14:17:50] *** fury__ has joined #postfix
[14:33:37] *** MaximusColourum has joined #postfix
[14:35:46] <heeen> what do I use as $myhostname in /etc/amavis/conf.d/05-node_id when the server will accept mail from multiple virtual domains?
[14:36:08] <Dominian> ask amavis
[14:37:42] <wdp> where is he
[14:37:43] <wdp> scnr
[14:58:53] *** Chosi has quit IRC
[15:00:38] *** davlefou has quit IRC
[15:01:02] *** davlefou has joined #postfix
[15:02:05] *** jkfod has quit IRC
[15:05:24] *** Chosi has joined #postfix
[15:06:26] *** samlt has quit IRC
[15:17:42] *** jarr0dsz has quit IRC
[15:34:37] *** jkfod has joined #postfix
[16:09:09] *** HSorgYves has joined #postfix
[16:09:09] *** HSorgYves has joined #postfix
[16:10:02] *** samlt has joined #postfix
[16:13:04] *** npmapn has quit IRC
[16:13:05] *** v|nc3 has quit IRC
[16:15:29] *** happymeerkat has joined #postfix
[16:16:56] *** as001 has joined #postfix
[16:17:45] <as001> I have send mail from my postfix server and in mail log I can see this Recipient address rejected: Greylisted for 2 minutes, when will postfix try to send this mail again and where i can configure that time ?
[16:18:20] <as001> It was in 15:55 and now is 16:18 and it did not make another try to deliver message.
[16:21:28] *** v|nc3 has joined #postfix
[16:29:05] *** GreyFoxx has joined #postfix
[16:29:16] *** GreyFoxx has quit IRC
[16:29:17] *** GreyFoxx has joined #postfix
[16:33:56] *** jkfod has quit IRC
[16:34:44] <as001> I found out postqueue -f
[16:34:56] *** as001 has left #postfix
[16:36:32] *** jkfod has joined #postfix
[16:45:43] <samlt> hello, in the log I can see postfix master process reloading its configuration with no apparent reason:
[16:45:46] <samlt> postfix/master[1665]: reload -- version 2.8.7, configuration /etc/postfix
[16:46:03] *** SelfishMan has quit IRC
[16:46:28] <samlt> last reload are 16:09:41 16:09:42 16:10:00, it's local time it gives you an idea
[16:46:41] <samlt> Anything I should check?!
[16:48:57] *** wdp_ has quit IRC
[16:49:25] *** jkfod has quit IRC
[16:52:28] *** SelfishMan has joined #postfix
[17:00:49] *** hparker has quit IRC
[17:02:54] *** breaker313 has quit IRC
[17:04:29] <cite> !pony
[17:04:29] <knoba> cite: "pony" : http://www.brainfuel.tv/wp-content/uploads/2006/03/nopony.jpg
[17:06:46] *** hparker has joined #postfix
[17:20:19] *** samlt has quit IRC
[17:25:56] *** UQlev has joined #postfix
[17:30:29] *** tjikkun_work has quit IRC
[17:33:55] *** samlt has joined #postfix
[17:35:49] <zamba> you guys using domainkeys or senderid (spf)?
[17:37:20] *** PhantomPhreak53 has left #postfix
[17:41:26] *** wdp_ has joined #postfix
[17:41:32] *** wdp has quit IRC
[17:45:18] <tmberg> Both. :)
[17:46:12] <seekwill> zamba: It's _how_ you use it that matters
[17:49:27] *** xabbuh has quit IRC
[17:49:57] <lunaphyte_> !poll
[17:49:58] <knoba> lunaphyte_: "poll" : please do not ask if anyone uses some program or postfix feature. Instead ask your real question.
[17:50:57] <zamba> lunaphyte_: my question is because i'm considering implementing it.. is it bad to ask for experience?
[17:51:23] <lunaphyte_> but what's the question?
[17:56:20] *** samlt has quit IRC
[17:59:19] *** Jaac has quit IRC
[17:59:23] *** Jakobus has joined #postfix
[18:01:49] *** badaptr has joined #postfix
[18:01:49] *** badaptr has joined #postfix
[18:02:28] *** _TheAvatar has joined #postfix
[18:02:34] *** freaky[t] has quit IRC
[18:02:34] *** TheAvatar has quit IRC
[18:02:58] *** freaky[t] has joined #postfix
[18:02:58] *** Timmooo has quit IRC
[18:02:58] *** Bry8Star{EB has quit IRC
[18:02:58] *** heidar has quit IRC
[18:02:58] *** adaptr has quit IRC
[18:03:23] *** gencha has quit IRC
[18:03:49] *** infojunky_ has joined #postfix
[18:04:06] *** kloeri_ has joined #postfix
[18:04:43] *** heidar has joined #postfix
[18:05:29] *** kloeri has quit IRC
[18:05:29] *** infojunky has quit IRC
[18:05:30] *** pj has quit IRC
[18:05:30] *** Tormin has quit IRC
[18:05:30] *** jpr5 has quit IRC
[18:05:33] *** noca has joined #postfix
[18:05:35] *** Timmooo has joined #postfix
[18:06:26] *** araragi has joined #postfix
[18:07:07] *** magyar has quit IRC
[18:07:08] *** chrisq_ has quit IRC
[18:07:31] *** magyar has joined #postfix
[18:07:38] *** magyar has quit IRC
[18:07:38] *** magyar has joined #postfix
[18:07:52] *** chrisq has joined #postfix
[18:08:54] *** gencha has joined #postfix
[18:08:59] *** pj has joined #postfix
[18:10:28] *** youknowho has quit IRC
[18:11:08] *** youknowho has joined #postfix
[18:12:09] *** happymeerkat has quit IRC
[18:12:10] *** araragi has quit IRC
[18:12:15] *** Guest36197 has joined #postfix
[18:14:25] *** Guest36197 is now known as Bry8Star{EB
[18:14:55] *** Bry8Star{EB is now known as Guest37459
[18:15:25] *** Guest37459 is now known as Bry8Star{EB
[18:15:30] *** Tormin_ has joined #postfix
[18:15:49] *** Tormin_ is now known as Tormin
[18:18:03] *** HSorgYves has quit IRC
[18:18:16] <UQlev> zamba: spf gives minor additional protection mainly from spamming in your name and also creates some problems
[18:18:43] <zamba> UQlev: what kind of problems?
[18:19:35] <UQlev> zamba: some legit senders trying to send from domains protected by spf using local relays
[18:20:14] <UQlev> zamba: and they are very upset that their mails are rejected
[18:20:44] <zamba> UQlev: ok, so that basically means that all senders for that domain should be using only a predefined set of smtps to send their email?
[18:21:04] <UQlev> zamba: right
[18:21:28] <UQlev> zamba: it demands more dicipline
[18:22:02] <zamba> yeah, but we're using exchange internally in our organization, so that should be ok ;) *shrug*
[18:23:25] <zamba> but if i've understood this correctly.. spf is a way for the receiving smtp server to check if the sending smtp is the legit sender for a domain, right?
[18:24:10] <UQlev> zamba: I have never used domainkeys because did not need yet
[18:24:18] <zamba> so the company that owns the domain sets up some dns records indicating which smtp servers are the valid ones, and the receiving smtp then have to check this for this method to have any effect?
[18:24:24] <zamba> UQlev: oh? how is spf implemented then?
[18:25:03] <UQlev> zamba: spf and domainkeys are independent
[18:25:13] <zamba> so how does spf do this?
[18:26:18] <UQlev> zamba: I guess domainkeys was made to prevent forgery with dns records for particular domain
[18:26:44] <UQlev> zamba: but I have not seen examples of it yet
[18:29:33] <UQlev> zamba: spf works fine even without domainkeys
[18:30:09] <zamba> yeah, but how does it work?
[18:30:40] <UQlev> zamba: what?
[18:30:49] *** SelfishMan has quit IRC
[18:32:12] <zamba> how does spf do this?
[18:32:38] <zamba> "SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS)."
[18:32:44] <zamba> you say that you don't use DNS for this?
[18:33:04] <UQlev> zamba: did I?
[18:33:12] <zamba> no, you didn't :)
[18:33:15] <zamba> haha, nevermind
[18:33:24] <zamba> i misunderstood you :)
[18:34:17] <zamba> i thought i had asked a certain question and that you had answered "no" :)
[18:34:51] <UQlev> zamba: above you posted a quote how does spf work
[18:35:40] <zamba> but.. then i guess SPF only works IF the owners of the sending domain has set up the valid dns records, right?
[18:36:08] *** jkfod has joined #postfix
[18:37:12] <UQlev> right, TXT type
[18:38:18] <UQlev> zamba: but spf has 2 components: your spf record for domain and spf-filter for your postfix
[18:38:40] <UQlev> zamba: 2nd one you may use without 1st
[18:39:00] *** Alagar has joined #postfix
[18:39:13] <zamba> yeah.. because if you use the spf-filter you will be able to add additional security for receiving email, because you now have the ability to check for spf, right?
[18:39:31] <UQlev> right
[18:39:41] <zamba> ok, cool, i'm getting the hang of this :)
[18:46:15] *** m1nish has quit IRC
[18:51:06] *** jkfod has quit IRC
[18:52:25] *** jkfod has joined #postfix
[18:53:14] *** badaptr is now known as adaptr
[18:53:31] *** Motoko has joined #postfix
[18:55:42] *** hever has joined #postfix
[18:58:28] *** DrCode has joined #postfix
[18:58:32] *** d3c has joined #postfix
[18:58:43] <DrCode> hi all
[18:59:20] <d3c> I need a solution where my php apps in development won't actually send any emails to the outside world but rather keep them in the dev environment. can I somehow 'capture' all emails with postfix?
[19:02:19] *** jkfod has quit IRC
[19:03:50] <UQlev> d3c: probably you can do it using transport
[19:04:27] *** jkfod has joined #postfix
[19:05:08] <d3c> UQlev: I found this but I'm not sure how it works with completely local environments. I have no public domain or anything in dev. I need everything forwarded to a local mailbox on the dev box. http://www.rwahyudi.com/linux/postfix-for-dev-setup-%E2%80%93-catch-all-email-and-forward-it-to-a-specific-address/
[19:06:56] <UQlev> d3c: you don't need public domain to catch all and deliver locally
[19:07:34] <UQlev> d3c: you may use any fake domain
[19:09:06] *** inf_l00p has quit IRC
[19:10:06] <d3c> UQlev: alright, will look into it then. thanks :)
[19:11:00] *** matt1982 has joined #postfix
[19:11:59] *** inf_l00p has joined #postfix
[19:13:02] <DrCode> I need little help please
[19:13:27] <Dominian> !tell DrCode welcome
[19:13:27] <knoba> DrCode: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.
[19:13:32] <DrCode> I got this error: Enter message, ending with ".", smtp relayhost , any idea?
[19:13:56] <Dominian> Do what?
[19:14:02] <Dominian> That's not an error.. what are you trying to do?
[19:14:20] *** KippiX has quit IRC
[19:14:21] <Dominian> and you need to read the /topic and the welcome factoid I just had knoba tell you
[19:14:44] <UQlev> DrCode: that is how smtp works
[19:15:22] <adaptr> perhaps it's a very poor spammer, typing by hand ?
[19:15:40] * Dominian isn't going to guess until we get more information
[19:15:43] * Dominian goes back to DNSSEC/BIND
[19:16:37] *** Chosi has quit IRC
[19:16:43] *** Fleck has quit IRC
[19:17:26] <DrCode> ok
[19:18:04] <DrCode> I got some strange message: 550 Header From address MUST be drcode at testmail dot org
[19:18:22] *** samlt has joined #postfix
[19:18:38] <DrCode> and then it go to bounce
[19:18:41] <DrCode> any idea?
[19:18:43] <adaptr> DrCode: who reports that message
[19:18:50] <adaptr> show actual logs
[19:18:53] <DrCode> the smtp that I am forward
[19:18:59] <DrCode> its exim smtp
[19:19:03] <adaptr> yeah... that's meaningless
[19:19:09] <adaptr> exim ? and you're here because ?
[19:19:24] <adaptr> !dam
[19:19:24] <knoba> adaptr: "dam" : don't ask me why someone else's server isn't accepting your mail. if your hotel key card wasn't letting you into your room, would you go around asking other guests why? if you can't figure out who you should ask, then see the !duh factoid
[19:19:28] <d3c> UQlev: so for the "recipient_bcc" file, I could just use the name of the 'dev' user on my dev box? then it would get delivered to the local dev mbox ?
[19:19:35] <DrCode> I am using postfix to relay into other smtp
[19:19:45] <adaptr> DrCode: fantastic!
[19:20:07] <DrCode> but it fail here
[19:20:19] <UQlev> d3c: regret I have never did it yet
[19:20:35] <DrCode> I did all I can but still it dosn't work
[19:20:47] <adaptr> that sounds pretty depressing, DrCode
[19:21:13] <DrCode> I will be glad for help here
[19:21:39] *** Motoko has quit IRC
[19:22:00] <adaptr> did you read the /topic ?
[19:22:08] <UQlev> DrCode: pastebin relevant piece of your logfile
[19:22:25] <DrCode> where?
[19:22:37] <DrCode> what url
[19:23:08] *** Chosi has joined #postfix
[19:23:12] <UQlev> DrCode: http://dpaste.com/
[19:26:22] <DrCode> here: http://dpaste.com/706442/
[19:27:46] <Dominian> turn off all that debugging...
[19:28:34] *** Fleck has joined #postfix
[19:29:12] <DrCode> ok
[19:29:24] <UQlev> DrCode: what mail-client do you use?
[19:29:26] <DrCode> I did it to digg the problem
[19:29:31] <DrCode> sendmail
[19:30:10] <UQlev> DrCode: I mean propgram to prepare messages
[19:30:15] <DrCode> I use it from php.ini sendmail -f drcode at mymail dot org -t -i
[19:30:42] <DrCode> it come from mail() in php
[19:31:13] <UQlev> DrCode: it complains that header From mismatch your From
[19:31:44] <UQlev> DrCode: probably you should adjust settings of php-mailer
[19:32:21] <DrCode> U mean I need to move into php=mailer?
[19:33:53] <UQlev> DrCode: no, I mean format of the message prepared by any sort of php-application in use is not correct
[19:34:26] *** nowthatsamatt has joined #postfix
[19:34:58] <UQlev> DrCode: "550 Header From address MUST be drcode at mymail dot org" < this might be restriction of the relay you are using
[19:35:16] <DrCode> I see
[19:35:20] <DrCode> can I tell postfix to fix it?
[19:35:23] <DrCode> map or somthing?
[19:35:32] <DrCode> or in sendmail?
[19:36:12] <DrCode> what strange is that regular php script that I wrote work and send a mail
[19:36:52] <UQlev> DrCode: this is not postfix job
[19:37:08] <DrCode> ok
[19:37:12] <DrCode> thanx UQlev
[19:37:18] <UQlev> DrCode: preparing a message is job of MUA
[19:37:21] <DrCode> I will invstigate this code
[19:37:27] <DrCode> thank you again
[19:37:31] *** nowthatsamatt has left #postfix
[19:37:56] *** HSorgYves has joined #postfix
[19:37:59] *** biggi_mat has joined #postfix
[19:38:30] <d3c> just installed postfix on a fedora box. doesn't the 'mail' command come with postfix or did I get that wrong? if so, what package does it come with? ('mail' is not available via yum neither)
[19:40:35] <d3c> and also, did any of you guys ever experience this? I just installed postfix and started the service: http://pastebin.com/kxuVV9JF
[19:41:06] *** UQlev has quit IRC
[19:44:25] *** HSorgYves has quit IRC
[19:46:31] *** DrCode has quit IRC
[19:47:14] *** HSorgYves has joined #postfix
[19:47:14] *** HSorgYves has joined #postfix
[19:48:13] *** vishwa has quit IRC
[19:52:38] *** rosco_` has joined #postfix
[19:54:01] <rosco_`> soft_bounce = yes doesn't work on my prod server
[19:56:02] *** HSorgYves has quit IRC
[19:56:09] <Dominian> define 'doesn't work'
[19:56:38] <rosco_`> the mail is delivered,it was supposed to stay in the queue
[19:56:57] <rosco_`> I checked yesterday and it was ok
[19:56:59] <adaptr> ...whisky tango, foxtrot ?
[19:57:19] <adaptr> rosco_`: and why do you think soft_bounce would ever be invoked when mail CAN BE DELIVERED
[19:57:19] <rosco_`> 3 mins to act, what if I stop postfix ?
[19:57:26] <rosco_`> will the mail bounce back to the sender ?
[19:57:38] <adaptr> the mail already in the queue ?
[19:57:40] <rosco_`> I need a 2h maintenance
[19:57:46] <adaptr> so stop postfix
[19:57:48] <rosco_`> no, the queue is empty
[19:58:26] <Dominian> If you need a 2h maintenance.. turn off the MTA
[19:58:27] <Dominian> ..
[19:58:40] <adaptr> we'll turn YOU off
[19:58:42] <Dominian> mail servers shouldn't bounce what they can't deliver.. they should queue it up
[19:58:48] <Dominian> adaptr: I turned your MOM off
[19:58:57] <Dominian> hrm.. that didn't have the effect I was hoping for...
[19:59:03] <adaptr> I noticed. she's been dead for years
[19:59:11] <Dominian> caught me
[20:02:32] *** jkfod has quit IRC
[20:17:21] *** wdp_ has quit IRC
[20:18:55] *** Alagar has quit IRC
[20:19:10] *** Alagar1 has joined #postfix
[20:22:35] *** breaker313 has joined #postfix
[20:24:00] *** kevmo314 has joined #postfix
[20:25:32] <kevmo314> Hi, I've got /etc/postfix/virtual setup to forward [email at domain dot com] to [otheremail at gmail dot com] and in /var/log/mail.log, I see the forwarding happen: 28EBD26087A: to=<[otheremail at gmail dot com]>, orig_to=<[email at domain dot com]>, relay=gmail-smtp-in.l.google.com[209.85.225.26]:25, delay=0.87, delays=0.38/0.01/0.09/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK 1329852175 ek5si7021669icb.132)
[20:25:44] <kevmo314> But for some reason, I never get it in my gmail inbox. Is there something I missed?
[20:25:52] <lunaphyte_> i'm not sure i understand.
[20:26:01] <lunaphyte_> relay=gmail-smtp-in.l.google.com
[20:26:05] <lunaphyte_> status=sent
[20:26:23] <patdk-wk> hmm, fun :)
[20:26:24] <lunaphyte_> so as far as postfix is concerned, it's done.
[20:26:40] <patdk-wk> rob0, I'm attempting to see if I can improve my dnsblog stuff :)
[20:26:40] <kevmo314> But I never get it in gmail though. I've also tried another domain as well, no dice.
[20:26:46] <patdk-wk> hopefully have some results tomorrow
[20:26:55] <lunaphyte_> also, please don't use other people's domain names in your examples. it's inconsiderate
[20:27:05] *** Motoko has joined #postfix
[20:27:22] <lunaphyte_> kevmo314: but it says right there - "status=sent (250 2.0.0 OK"
[20:27:41] <lunaphyte_> postfix delivered it.
[20:27:41] <kevmo314> Ah, I apologize, I figured gmail was common enough.
[20:27:47] <patdk-wk> lost in the blackhole of gmail :)
[20:27:52] <lunaphyte_> common enough?
[20:27:59] *** SelfishMan has joined #postfix
[20:28:13] <lunaphyte_> oh. that's not what i was referring to.
[20:28:30] <lunaphyte_> or is that not real data either?
[20:28:43] <kevmo314> Oh, none of those emails are real.
[20:28:57] <kevmo314> With the exception of the google relay.
[20:29:01] <patdk-wk> well, this whole thing was pointless then
[20:29:11] <lunaphyte_> so you're not relaying to gmail?
[20:29:19] <kevmo314> Uhh, I am.
[20:29:28] <jimpop> prove it
[20:29:30] <kevmo314> I just changed it to "otheremail" to filter out the actual address.
[20:29:30] <lunaphyte_> so then the reference to gmail is real.
[20:29:41] <patdk-wk> !example
[20:29:41] <knoba> patdk-wk: "example" : Example.TLD has been reserved for examples in generic top-level domains (com,net,org) and many other TLDs. Please do not use real Internet names as examples.
[20:30:04] <kevmo314> Okay, sorry, I wasn't aware of that.
[20:30:17] <patdk-wk> aware? so you feel stealing is ok?
[20:30:23] <lunaphyte_> anyway, postfix delivered it, so that piece is ok.
[20:30:37] * jimpop tries to steal example.com
[20:30:51] * patdk-wk steals jimpop
[20:31:03] <jimpop> haha, jokes on you.
[20:31:16] <jimpop> in Soviet Russia example steals you
[20:31:29] <kevmo314> Is there anywhere else that could potentially go wrong after postfix delivers it? I've tried a non-gmail address as well and the same issue occurs.
[20:31:41] <lunaphyte_> kevmo314: sure, of course.
[20:32:08] <patdk-wk> after it says, status=sent
[20:32:12] <patdk-wk> there is NOTHING you can do
[20:32:25] <patdk-wk> except make it look less like spam
[20:32:27] <lunaphyte_> google probably didn't like it.
[20:32:30] <patdk-wk> add spf/dkim, ...
[20:32:46] <patdk-wk> make sure the email is valid formatted mime
[20:33:13] <kevmo314> Okay, I'll add those and see if it works.
[20:40:25] *** davlefou has quit IRC
[20:40:25] *** davlefou has joined #postfix
[20:40:25] *** v|nc3 has quit IRC
[20:45:40] *** inf_l00p has quit IRC
[20:45:54] *** kevmo314 has quit IRC
[20:46:54] <patdk-wk> oh nice
[20:47:48] *** Alagar1 has quit IRC
[20:47:58] *** v|nc3 has joined #postfix
[20:49:36] *** inf_l00p has joined #postfix
[20:51:23] *** tjikkun has quit IRC
[20:52:01] <seekwill> oh, I'm still on SDLU :)
[20:56:39] *** snearch has joined #postfix
[21:03:32] <jimpop> i can solve that problem if you wish
[21:04:02] *** krzee has quit IRC
[21:05:25] *** krzee has joined #postfix
[21:18:32] <seekwill> solve it!
[21:20:49] *** krzee has quit IRC
[21:23:55] *** krzee has joined #postfix
[21:25:45] <Dominian> I can name that tune in two notes
[21:26:29] *** krzee has quit IRC
[21:33:33] *** localhost has quit IRC
[21:34:51] *** localhost has joined #postfix
[22:04:53] *** jkfod has joined #postfix
[22:09:45] *** twobitsprite has joined #postfix
[22:10:44] <twobitsprite> so, I'm setting up some RLBs in my mail servers, and I see some places tell you to put them in smtpd_recipient_restrictions and others say to use smtpd_client_restrictions... I know in the end they both do the job, but is there a preferred place to put them?
[22:23:51] *** breaker313 has quit IRC
[22:26:00] *** danblack has joined #postfix
[22:27:29] <jimpop> twobitsprite: smtpd_client_restrictions...
[22:29:37] <adaptr> ...except that means expensive DNS lookups are done before better, faster checks
[22:29:38] <Patrickdk> hmm
[22:29:45] <Patrickdk> time to give my postfix patch a run :)
[22:29:56] <adaptr> either upgrade to postscreen, or put your DNSBLs last, in recipient
[22:30:09] <Dominian> smtpd_recipient_restrictions
[22:30:13] <Dominian> or postscreen as adaptr said
[22:30:21] <adaptr> (postscreen runs DNSBLs in parallel, too - smtpd_ doesn't)
[22:30:34] <jimpop> *if* postscreen is even an option
[22:30:34] <Patrickdk> postscreen puts them first though
[22:30:49] *** Bry8Star has quit IRC
[22:30:50] <Patrickdk> EXCEPT if you use an acl, and blacklist=drop
[22:30:51] <adaptr> if it isn't, he should ditch centos ;)
[22:30:52] * jimpop thinks too many people expect others to run latest
[22:31:09] <Patrickdk> jimpop, latest? 2.8 isn't exactly new
[22:31:13] <adaptr> at this point, basically only RHEL/centos still run very old versions
[22:31:25] <adaptr> both debian and ubuntu are on 2.8.x
[22:31:31] <jduggan> Patrickdk: what patch?
[22:31:39] <Patrickdk> I'm just patching postscreen
[22:31:44] <adaptr> DON'T DO IT!
[22:31:46] <Patrickdk> with, my patchs :)
[22:31:56] <adaptr> let you show us it ?
[22:32:05] <jduggan> what do the patches achieve
[22:32:11] <Dominian> breakage
[22:32:13] <Dominian> :P
[22:32:15] * Patrickdk notes adaptr went into yoda speak
[22:32:20] <adaptr> jimpop: of course you're right - but for a server with any kind of volume, postscreen is a MUST
[22:32:29] <adaptr> Patrickdk: lolcat, ac'ly
[22:32:30] <Patrickdk> dominian, that is what I'm testing now :)
[22:32:41] <jduggan> i have some ideas for patches, need to familiarize myself with the code base
[22:32:52] <Patrickdk> I have two things I wanted to do
[22:32:54] <jimpop> debian stable (squeeze) is postfix 2.7.1
[22:33:00] <Patrickdk> this first patch should do the first step
[22:33:01] <twobitsprite> jimpop: any particular reason?
[22:33:29] <twobitsprite> I seem to recall reading something somewhere that there was an advantage to putting them in recipient_restrictions, but I can't recall and I can't find the page aain
[22:33:30] <jimpop> debian and ubuntu consist of more than 2 distros
[22:33:43] <jimpop> *distro releases
[22:34:15] <jimpop> twobitsprite: fwiw, i put everything in smtpd_recipient_restrictions
[22:34:27] <adaptr> jimpop: oh, I thought they had caught up
[22:34:31] *** stpvoice has quit IRC
[22:34:48] <Patrickdk> adaptr, ubuntu 8.04 goes away soon, but 10.04 will be around for awhile
[22:34:50] <twobitsprite> I guess with smtpd_delay_reject they ammount to the same thing...
[22:35:05] <jduggan> Patrickdk: and the first step is?
[22:35:17] <Patrickdk> jduggan, limit rbl lookups
[22:35:19] <jimpop> twobitsprite: but, not knowing your setup, it may make sense for you to use client_restrictions
[22:35:26] <adaptr> twobitsprite: the advantage is that postfix wil llog all available information, which always happens with delay-reject in any case
[22:35:48] <adaptr> this is actually documented :)
[22:35:50] <adaptr> fancy that
[22:35:58] <twobitsprite> adaptr: that might have been what I read... if so, then yeah...
[22:36:26] <adaptr> if you have read it on www.postfix.org, then yes. if you read it elsewhere - what the hell were you thinking
[22:36:30] <adaptr> !google
[22:36:31] <knoba> adaptr: "google" : Those who use Google before reading the Postfix documentation, if fortunate, end up at http://www.postfix.org/ . If not, they end up in a jumble of bad questions, misleading or wrong answers, and outdated information.
[22:36:52] * Patrickdk read it from a dr suess book
[22:36:53] <twobitsprite> well... I'm reading the documentation now, but I don't see where it spells out the practical differences other than that one happens first and at a different point in the smtp excchange
[22:37:25] *** d3c has quit IRC
[22:37:29] <adaptr> full understanding of smtpd_mumble_restrictions will take months if not years of experience. it is by far the most complex set of postfix settings
[22:37:33] <jimpop> the docs also lead you to believe that you need more settings than you do. ;-)
[22:37:54] <Patrickdk> if postconf prints it, I need to adjust it :)
[22:40:18] *** stpvoice has joined #postfix
[22:42:21] <twobitsprite> anyways, thanks... I'll just keep my rlb's in the client_restrictions for clarity's sake since I'm delaying rejects anyways
[22:43:16] <adaptr> just take care what you put in front of them in client_. things may not work the way you initially expect...
[22:43:47] <twobitsprite> the only thing before them is permit_mynetworks
[22:44:14] <adaptr> well, that's also a client check.
[22:44:28] <twobitsprite> yep
[22:44:29] <adaptr> imagine yuo went nuts and put a sender whitelist in front
[22:44:37] <adaptr> that whitelists the *client*.
[22:44:50] <twobitsprite> I see
[22:44:55] <adaptr> the meaning of check_*_access changes depending on the restriction set
[22:57:47] *** krzee has joined #postfix
[23:03:16] *** Linex__ has joined #postfix
[23:03:19] *** danblack has quit IRC
[23:05:21] *** samlt has quit IRC
[23:05:34] *** Linex_ has quit IRC
[23:13:27] <Patrickdk> opps, small bug, causing check to always be true
[23:13:53] <Patrickdk> time for test 2 :)
[23:18:51] *** biggi_mat has quit IRC
[23:20:48] <adaptr> stop hacking the source, Luke!
[23:35:36] <Patrickdk> :)
[23:38:19] *** Diranged has joined #postfix
[23:39:01] <Diranged> ive got al ocal mail server where we want to 1) allow inbound mail to a particular domain.. 2) disable relaying to anyone else.. 3) allow relaying by clients that connect with a specific SSL keypair..
[23:39:17] <Patrickdk> and?
[23:39:26] <Diranged> aaannd … im trying to figure out how to do it :)
[23:39:28] <Diranged> any help would be appreciated
[23:39:36] <Patrickdk> we can answer questions
[23:39:42] <Patrickdk> we won't isntall your mail server for you
[23:39:48] <Diranged> :) i know.. it was vauge.. i guess i was waiting to see if anyone was around first
[23:39:57] <Patrickdk> !ask
[23:39:57] <knoba> Patrickdk: "ask" : Please regard http://workaround.org/getting-help-on-irc and don't ask to ask, just ask. (after you've read 'getting help')
[23:39:57] <Diranged> (try asking questions in the #zookeeper channel.. its like yelling at the ocean..)
[23:39:59] *** snearch has quit IRC
[23:40:25] <Diranged> so i guess first step.. is there a simple way to verify that TLS is working properly from a command line client?
[23:40:43] <Patrickdk> did you even google it?
[23:41:20] <Corey> Yeah, that's stupidly simple.
[23:41:32] <Corey> Diranged: man openssl, pay attention to s_client
[23:48:30] <Diranged> yeah it wasnt working.. but it looks like i had a problem where the smtpd daemon was chrooted and unable to reach our dkim milter socket..
[23:48:57] *** nokia3510 has quit IRC
[23:50:02] <Diranged> so it looks like its working now..
[23:50:04] *** matt1982 has quit IRC
[23:50:45] <Patrickdk> yes, it works :)
[23:54:10] *** hever has quit IRC
[23:54:21] *** cmatheson has joined #postfix
top

   February 21, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >