Switch to DuckDuckGo Search
   February 29, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >

Toggle Join/Part | bottom
[00:06:56] *** nameless` has joined #postfix
[00:06:58] <nameless`> hi
[00:07:28] <nameless`> how do i tell the "mail" command that mails are now in ~/Maildir instead of /var/mail/user and not in mbox format but in mail dir format
[00:08:29] *** wdp has quit IRC
[00:13:38] *** WhoNeedszzz has left #postfix
[00:16:36] *** corretico has quit IRC
[00:18:08] <patdk-lap> nameless`, no idea, the *mail* command is not part of postfix
[00:28:40] *** p3rror has quit IRC
[00:35:19] *** e-anima has quit IRC
[00:39:28] *** HSorgYves has quit IRC
[00:50:05] *** mi has joined #postfix
[00:56:10] *** jra has joined #postfix
[01:02:13] *** chadmaynard has joined #postfix
[01:03:14] *** snearch has quit IRC
[01:05:18] *** Bry8Star has joined #postfix
[01:08:26] *** p3rror has joined #postfix
[01:24:47] *** Dev0n_ has quit IRC
[01:25:10] *** Dev0n_ has joined #postfix
[01:31:42] *** jra has quit IRC
[01:33:49] *** MaximusColourum has quit IRC
[01:43:42] *** penrod has quit IRC
[01:44:36] *** n0sq has joined #postfix
[01:48:21] *** penrod has joined #postfix
[01:52:50] *** phantasm66 has joined #postfix
[01:53:15] *** penrod has quit IRC
[01:53:35] *** phantasm66 has quit IRC
[01:54:26] *** snearch has joined #postfix
[01:58:42] *** penrod has joined #postfix
[02:05:39] *** penrod has quit IRC
[02:11:05] *** penrod has joined #postfix
[02:16:09] *** twb has joined #postfix
[02:25:33] *** jarr0dsz has quit IRC
[02:29:19] <todd_dsm> hey guys, I've just checked body_checks_size_limit and it's at the default value: 51200. Is this in B or KB?
[02:33:22] *** jarr0dsz has joined #postfix
[02:35:54] *** chadmaynard has quit IRC
[02:36:21] *** penrod has quit IRC
[02:41:35] *** penrod has joined #postfix
[02:57:00] *** nameless` has left #postfix
[03:01:08] *** penrod has quit IRC
[03:04:43] *** penrod has joined #postfix
[03:17:14] *** snearch has quit IRC
[03:27:03] *** seekwill has quit IRC
[03:32:10] *** BuenGenio has quit IRC
[03:42:22] *** hparker has quit IRC
[03:55:42] *** mi has quit IRC
[04:01:37] *** Jakey has joined #postfix
[04:01:42] <Jakey> hey i want to know
[04:02:01] <Jakey> why my email arrives at the destination so slow?
[04:02:10] <twb> todd_dsm: postconf manpage doesn't say?
[04:02:16] <Jakey> i set up postfix+dovecot locally
[04:02:23] <Jakey> and send it out to yahoo.com for instance
[04:02:33] <Jakey> but it takes days to arrive. why?
[04:03:39] <lunaphyte> how long does it take postfix to deliver it to yahoo?
[04:04:00] <Jakey> lunaphyte: not sure...but very long
[04:04:06] <lunaphyte> not sure?
[04:04:09] <Jakey> it doesn't says when the mail arrive
[04:04:11] <lunaphyte> why are you not sure?
[04:04:22] *** BuenGenio has joined #postfix
[04:04:30] <lunaphyte> this is an email server you operate, which runs postfix?
[04:04:33] <Jakey> because after i send the mail i have to wait like a day to see it appear on my mail box
[04:04:47] <Jakey> my yahoo mail box
[04:04:48] <lunaphyte> i didn't ask how long it takes to appear in your yahoo inbox.
[04:04:53] <lunaphyte> how long does it take postfix to deliver it to yahoo?
[04:05:03] <Jakey> lunaphyte: ?? i don't know
[04:05:15] <Jakey> lunaphyte: how do i check?
[04:05:18] <lunaphyte> well look and see. you operate the server, right?
[04:05:24] <Jakey> lunaphyte: yes
[04:05:32] <Jakey> any logs to see?
[04:05:35] <Jakey> i mean check
[04:05:42] <Jakey> its a local server
[04:05:58] <lunaphyte> !docs
[04:05:59] <knoba> lunaphyte: "docs" : Postfix documentation http://www.postfix.org/documentation.html
[04:06:26] <lunaphyte> also the channel /topic, which you should have read when you joined, has info on this sort of thing.
[04:06:37] <Jakey> what should i search for in the docs?
[04:06:43] <Jakey> where to read i meant
[04:06:59] <lunaphyte> information on logging, i would imagine.
[04:07:08] <jimpop> !tell Jakey logs
[04:07:09] <knoba> Jakey: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung
[04:08:36] <twb> !have2mung
[04:08:36] <knoba> twb: "have2mung" : if you absolutely have to mung details, such as anonymizing domains, email and IP addresses etc., try to do so in a minimal, consistent and meaningful way. Keep in mind that this is our first look at your particular configuration and or log details and we do not have the benefit you posses about your existing configuration.
[04:08:41] <twb> Oh that
[04:11:15] <Jakey> lol i don't see any of that is reveland
[04:11:20] <Jakey> revelant
[04:11:37] <jimpop> relevant
[04:11:42] <jimpop> O_o
[04:12:09] <twb> I was just curious as to what that info entry was
[04:12:18] <lunaphyte> that's ok. for now, you can just accept that it is, without understanding it
[04:12:23] <twb> And knoba didn't respond to /msg
[04:12:59] <lunaphyte> whatis #postfix logs
[04:13:07] <lunaphyte> [in /msg]
[04:13:23] <twb> lunaphyte: ah, thanks
[04:13:29] <lunaphyte> np
[04:13:57] <twb> Oh, it's a supybot, of course that makes sense
[04:19:05] <patdk-lap> hmm
[04:19:18] *** pj has quit IRC
[04:20:32] *** pj has joined #postfix
[04:25:28] *** sp00kz has quit IRC
[04:28:06] *** sp00kz has joined #postfix
[04:29:12] *** FainaUkraina has joined #postfix
[04:30:38] *** BuenGenio has quit IRC
[04:36:22] *** BuenGenio has joined #postfix
[04:37:58] *** FainaUkraina has quit IRC
[04:41:31] *** BuenGenio has quit IRC
[04:43:18] *** BuenGenio has joined #postfix
[04:43:38] *** saftsack__ has quit IRC
[04:45:20] <Jakey> okay
[04:45:27] <Jakey> i use squirrmail
[04:45:39] <Jakey> to send the email to my yahoo account
[04:45:57] <Jakey> but i run qshape and displays none
[04:46:05] <Jakey> whats wrong??????????
[04:47:57] <jimpop> Jakey: we can't debug your system from here
[04:48:05] <jimpop> we wish we could, be we cant
[04:48:38] <Jakey> okay folks its in the deferred queue
[04:48:42] <jimpop> Jakey: do you have the same problem when you send mail from the cmd prompt on your server?
[04:49:09] <Jakey> jimpop: yes. using telnet
[04:49:25] <jimpop> !yahoo
[04:49:26] <knoba> jimpop: "yahoo" : Yahoo and other providers throttle inbound connections in an attempt to reduce spam. If you're a big operator, talk to them about whitelisting. If not, just wait for the retry, your mail eventually goes through. For bulk mail issues this contact is helpful: <mail-abuse-bulk at cc dot yahoo-inc.com>
[04:50:00] <jimpop> Jakey: so email yahoo ^^ and tell them your IP and see what they say
[04:50:33] <Jakey> lol
[04:50:35] <Jakey> thanks
[04:50:37] <Jakey> now i knew
[04:51:03] <jimpop> *know
[04:51:15] <jimpop> ;-)
[04:51:26] <Jakey> :)
[04:51:39] <Jakey> anyone here work at hotmail.com yahoo.com gmail.com???
[04:51:51] <Jakey> as a mail administrator :)
[04:55:52] *** saftsack__ has joined #postfix
[04:59:23] <Jakey> but why is my mail in the deferred queue?
[04:59:46] *** FainaUkraina has joined #postfix
[04:59:48] <Jakey> i mean it sits there till it gets through right?
[05:00:04] <Tabmow> Jakey: http://www.postfix.org/QSHAPE_README.html#deferred_queue
[05:00:43] *** Gene_ has joined #postfix
[05:01:08] <Jakey> i am reading that
[05:01:21] <Jakey> but it doesn't explain anything
[05:02:35] *** BuenGenio has quit IRC
[05:04:30] *** FainaUkraina has quit IRC
[05:19:19] *** heeen has quit IRC
[05:22:09] *** FainaUkraina has joined #postfix
[05:22:31] <roe> Jakey, what do the logs say?
[05:24:27] *** Gene_ has quit IRC
[05:27:11] *** Gene_ has joined #postfix
[05:27:17] <Jakey> roe: nothing
[05:27:27] <Jakey> i show
[05:28:14] <roe> if there is nothing in your mail.log then you have larger problems
[05:29:38] <Jakey> http://pastebin.com/BC92JLnX
[05:30:14] *** FainaUkraina has quit IRC
[05:30:45] <roe> is line 19 one of your problems?
[05:30:52] *** n0sq has quit IRC
[05:31:56] <Jakey> what do you mean?
[05:32:07] <Jakey> i am trying to send to yahoo but it got deferred
[05:32:19] <roe> where is the log line of it getting deferred?
[05:32:52] <Jakey> there is no log for it
[05:33:07] <roe> then you're not sending mail to yahoo
[05:33:22] <roe> every single thing postfix does it logs
[05:33:41] <thumbs> and every single thing logged is done
[05:34:32] <roe> so if you are saying there is no log of your mail server attempting to send a message to a yahoo email address, then it never tried sending a message to a yahoo email address. It is as simple as that
[05:36:48] <thumbs> unless gremlins go into your server and deleted log entries.
[05:38:11] *** lolmatic has quit IRC
[05:38:25] <twb> Pfft, gremlins is easy. We gots bogles.
[05:41:06] *** MAAAAAD has joined #postfix
[05:44:31] *** MAAAAD has quit IRC
[06:23:59] *** chadmaynard has joined #postfix
[06:27:13] *** localhost has joined #postfix
[06:44:08] *** localhost has quit IRC
[06:58:38] *** localhost has joined #postfix
[07:12:01] *** marl_scot has quit IRC
[07:14:37] *** Mp5shooter has quit IRC
[07:17:11] *** marl_scot has joined #postfix
[07:20:31] *** Mp5shooter has joined #postfix
[07:23:52] *** wdp has joined #postfix
[07:31:00] *** ced117 has joined #postfix
[07:41:24] *** Mp5shooter has quit IRC
[07:43:37] *** Mp5shooter has joined #postfix
[07:54:37] *** FainaUkraina has joined #postfix
[07:58:01] *** Gene_ has quit IRC
[08:01:08] *** FainaUkraina has quit IRC
[08:01:17] *** d3c has joined #postfix
[08:06:17] *** d3c has quit IRC
[08:09:01] *** sep has joined #postfix
[08:25:08] *** gerhard7 has joined #postfix
[08:25:22] *** BuenGenio has joined #postfix
[08:26:18] *** twb has quit IRC
[08:37:57] *** gwdp has quit IRC
[08:38:44] *** zorg1 has joined #postfix
[08:40:49] *** theferret has joined #postfix
[08:40:59] *** theferret has left #postfix
[08:42:10] *** Motoko has quit IRC
[08:43:50] *** breaker313 has joined #postfix
[08:54:17] *** wdp has quit IRC
[08:54:29] *** wdp has joined #postfix
[09:19:38] *** tjikkun_work has joined #postfix
[09:37:30] *** d3c has joined #postfix
[09:38:15] *** jY has left #postfix
[09:45:54] *** snearch has joined #postfix
[10:10:45] *** viddy has quit IRC
[10:28:59] *** KippiX has joined #postfix
[10:35:52] *** viddy has joined #postfix
[10:37:08] *** pascal has joined #postfix
[10:39:32] *** pascal_ has joined #postfix
[10:39:57] *** pascal has quit IRC
[10:40:23] *** jarr0dsz has quit IRC
[10:41:41] *** e-anima has joined #postfix
[10:42:30] *** higuita has quit IRC
[10:42:44] *** higuita has joined #postfix
[10:47:39] *** shal3r has quit IRC
[10:47:55] *** pascal_ has quit IRC
[10:48:56] *** shal3r has joined #postfix
[10:49:23] *** danblack has quit IRC
[10:52:51] *** Chiku has joined #postfix
[10:54:08] <Chiku> hello is it possible that postfix encodes MIME B the subject ?
[11:07:11] *** jelly has quit IRC
[11:12:35] *** jelly has joined #postfix
[11:14:31] *** jelly has quit IRC
[11:14:57] *** jelly has joined #postfix
[11:20:46] *** BuenGenio has quit IRC
[11:22:03] *** conntrack is now known as eyeofra
[11:25:54] *** eyeofra is now known as conntrack
[11:33:58] *** BuenGenio has joined #postfix
[11:34:56] *** amir has quit IRC
[11:40:38] *** amir has joined #postfix
[11:44:36] *** UQlev has joined #postfix
[11:56:18] *** markdark_ has quit IRC
[11:58:41] *** HSorgYves has joined #postfix
[12:01:00] *** snearch has quit IRC
[12:03:18] *** sphenxes has quit IRC
[12:07:54] *** Otacon22 has joined #postfix
[12:08:16] <Otacon22> Hello, I've a question about postfix and DKIM
[12:08:24] <Otacon22> I get error messages like this:
[12:08:25] <Otacon22> Feb 26 15:59:15 poul dkim-filter[2195]: 6A4D970: key retrieval failed
[12:09:11] <Otacon22> and all emails with this error are deleted from the queue without being delivered
[12:09:40] <Otacon22> I also have
[12:09:40] <Otacon22> milter_default_action = accept
[12:10:58] *** Gatto has joined #postfix
[12:16:55] *** jkfod has joined #postfix
[12:21:30] *** Slidey has joined #postfix
[12:27:35] *** sphenxes has joined #postfix
[12:32:27] *** jarr0dsz has joined #postfix
[12:37:10] *** UQlev has quit IRC
[12:37:17] *** lpirl has joined #postfix
[12:44:39] <lpirl> Hello! I migrated a MTA from Debian to freeBSD and intrestingly the old configurations did not work. Mails for users (not in aliases but via passwd (PAM/Kerbers)) are not forwarded to my relayhost anymore but stored in local mailboxes...
[12:45:48] *** Gatto has quit IRC
[12:51:02] *** npmapn has joined #postfix
[12:53:57] *** Bry8Star has quit IRC
[13:07:13] *** p3rror has quit IRC
[13:12:30] *** mfridh has quit IRC
[13:18:54] *** mfridh has joined #postfix
[13:22:48] *** p3rror has joined #postfix
[13:31:31] *** penrod has quit IRC
[13:41:33] *** Section1 has joined #postfix
[13:42:25] *** jarr0dsz has quit IRC
[13:47:19] *** jkfod has quit IRC
[13:52:57] *** mBull has joined #postfix
[14:04:09] *** mfridh has quit IRC
[14:04:13] <lunaphyte_> !tell lpirl welcome
[14:04:13] <knoba> lpirl: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.
[14:08:44] *** mfridh has joined #postfix
[14:10:07] *** jarr0dsz has joined #postfix
[14:35:49] *** wsmsg has quit IRC
[14:36:13] *** wsmsg has joined #postfix
[14:41:05] *** penrod has joined #postfix
[14:50:34] *** penrod has quit IRC
[15:10:55] *** knoba has quit IRC
[15:11:02] *** knoba has joined #postfix
[15:12:21] *** youknowh1 has quit IRC
[15:13:16] *** youknowho has joined #postfix
[15:20:03] *** Steve_The_Pirate has joined #postfix
[15:25:30] *** BuenGenio has quit IRC
[15:26:22] *** mBull has quit IRC
[15:32:54] *** jkfod has joined #postfix
[15:33:37] *** overdrive3000 has joined #postfix
[15:43:53] *** phantasm66 has joined #postfix
[15:49:09] *** Steve_The_Pirate has quit IRC
[15:54:51] *** jarr0dsz has quit IRC
[15:55:38] *** KaiForce has joined #postfix
[15:59:10] *** penrod has joined #postfix
[16:00:34] <sysmonk> anyone uses puppet with freebsd ?
[16:09:04] *** UQlev has joined #postfix
[16:12:22] *** patdk-lap has quit IRC
[16:17:54] <sysmonk> i knew it's the wrong channel :P
[16:20:52] *** breaker313 has quit IRC
[16:21:41] *** MaximusColourum has joined #postfix
[16:25:12] *** patdk-lap has joined #postfix
[16:32:08] * abbe used it long time ago.
[16:32:30] *** sep has quit IRC
[16:32:48] *** milligan has quit IRC
[16:36:30] *** milligan has joined #postfix
[16:45:52] *** sep has joined #postfix
[16:47:41] *** hobbelt has joined #postfix
[16:48:55] <hobbelt> Given I own domains A.com and B.com. And A.com is pointed to my webserver and B.com elsewhere. Can i send mail from B.com from my webserver mailclient withouth"send on behalf of"?
[16:50:09] <todd_dsm> twb: infact it does not.
[16:50:23] <todd_dsm> I've just checked body_checks_size_limit and it's at the default value: 51200. Is this in B or KB?
[17:05:20] *** bezourox has quit IRC
[17:06:42] *** Chiku has left #postfix
[17:07:51] *** JPT has quit IRC
[17:10:11] <lunaphyte_> hobbelt: sure. but please don't use other people's domain names in your examples. it's inconsiderate.
[17:10:23] *** JPT has joined #postfix
[17:10:50] <hobbelt> lunaphyte_ I wont, but I have this family domain which forwards a lot of family email, and I want to switch over from gmail to my own host. And i dont want to relay everything
[17:12:44] <hobbelt> lunaphyte_ I assume i need to SPF record the domain right?
[17:12:59] <lunaphyte_> i don't really understand what you're asking
[17:13:14] <lunaphyte_> postfix doesn't have anything to do with web servers
[17:14:40] *** UQlev has quit IRC
[17:16:16] <hobbelt> im all new to it, but wouldnt running your own smtp server increase the risk the change of being flagged as spam?
[17:16:26] <lunaphyte_> yes
[17:16:37] <lunaphyte_> don't run a mail server unless your goal is to be a mail admin.
[17:17:08] <hobbelt> So how can you prevent that? And yes, i want to be the admin of my own mail
[17:18:19] <jelly> my goal is not to be mail admin, but have enough $$$
[17:18:39] <jelly> lunaphyte_: do you know ANYONE whose goal is to be a Mail Admin?
[17:19:17] *** Steve_The_Pirate has joined #postfix
[17:20:29] *** Steve_The_Pirate has quit IRC
[17:20:48] <lunaphyte_> hobbelt: you can't prevent that.
[17:21:10] <lunaphyte_> as with security, there is not such thing as prevention
[17:21:12] <lunaphyte_> *no such
[17:22:34] <lunaphyte_> all you can do is make an effort to deter it.
[17:22:50] <hobbelt> hmm
[17:22:50] <lunaphyte_> more importantly, it's not a math problem with an empirical single, magic solution.
[17:23:07] <lunaphyte_> you must become a responsible mail admin, by doing all of the various things that go along with that.
[17:23:27] <hobbelt> well, its personal mail only
[17:23:31] <hobbelt> just my account
[17:23:33] <lunaphyte_> that's immaterial
[17:23:46] <hobbelt> im using gmail atm with my own domain
[17:23:48] *** famicom has quit IRC
[17:23:51] <lunaphyte_> don't look for methods of marginalization.
[17:23:52] <hobbelt> basically just want to move gmail over to my vps
[17:23:58] <lunaphyte_> go for it
[17:24:11] <lunaphyte_> you'll learn a lot, and it might be fun, and it will be frustrating.
[17:24:38] <hobbelt> I noticed, first gotto find out what i actually need and how SMTP servers work
[17:24:52] <lunaphyte_> sounds like a good plan.
[17:24:59] *** kyconquers has quit IRC
[17:25:43] *** kyconquers has joined #postfix
[17:25:59] *** ciel_ has quit IRC
[17:26:12] *** neuonyx has joined #postfix
[17:26:20] *** Riviera has joined #postfix
[17:26:22] *** neuonyx has joined #postfix
[17:27:25] <lunaphyte_> the ratio is compound. 5% of your effort will go into initial startup, and 95% will go into continuous maintenance that must be done.
[17:28:41] <lunaphyte_> some people convince themselves that "it was easy to set up and it just runs after that". those people are the ones who end up with irresponsibly managed mail servers, and are inevitably ostracized by the email community and blacklisted.
[17:28:54] <hobbelt> yeah gotto keep updating
[17:28:59] <hobbelt> and check logs
[17:29:21] <lunaphyte_> and - of the initial 5%, 97% is reading, learning, comprehension, extrapolation, thinking, etc., while 3% is *actual* "work".
[17:29:26] <hobbelt> i might use sendgrid as smtp server, guess that will make it a bit easier to prevent blacklisting
[17:29:54] <hobbelt> on the other hand.. its a company once again
[17:40:04] *** tjikkun_work has quit IRC
[17:48:59] *** mi has joined #postfix
[17:49:48] *** ced117 has quit IRC
[17:52:56] *** Ramattack has joined #postfix
[17:59:42] *** hparker has joined #postfix
[17:59:42] *** hparker has joined #postfix
[18:00:56] *** snearch has joined #postfix
[18:13:22] *** Creamz has quit IRC
[18:14:40] *** master_of_master has quit IRC
[18:15:43] *** master_of_master has joined #postfix
[18:20:08] *** penrod has quit IRC
[18:20:20] *** d3c has quit IRC
[18:23:17] *** penrod has joined #postfix
[18:27:05] *** penrod has quit IRC
[18:27:38] *** wdp_ has joined #postfix
[18:32:11] *** ced117 has joined #postfix
[18:32:58] *** uqlev has joined #postfix
[18:34:05] *** rdfeghderfssaaa has joined #postfix
[18:34:24] *** rdfeghderfssaaa has left #postfix
[18:35:08] *** uqlev has quit IRC
[18:39:16] *** khem_ has left #postfix
[18:39:44] *** famicom has joined #postfix
[18:39:55] <kyconquers> I have a in ldap a few orgs which have one or more domains in there attributes, is there a way to format the ldap lookup so that if ldap returns the list the lookup returns %d?
[18:40:45] *** Ramattack has quit IRC
[18:41:58] *** HSorgYves has quit IRC
[18:45:10] <kyconquers> http://pastebin.com/fHP8Zy9G
[18:47:22] *** ciklid has joined #postfix
[18:47:26] <lunaphyte_> i don't follow
[18:48:45] *** JDI_Lloyd has joined #postfix
[18:52:53] *** jkfod has quit IRC
[18:54:00] *** jkfod has joined #postfix
[18:58:50] <JDI_Lloyd> Hi guy, having a little issue that I hope you can help with. Our mail servers has decided it doesnt want to recieve mails, nor send mails to itself... for example we send email from email at domain dot com it will send, if we send something to email at domain dot com it just bounches it back. On mail2web error displayed is - "An error was reported in response to a recipient address. The SMTP server may
[18:58:50] <JDI_Lloyd> refuse to handle mail for unknown recipients".
[18:58:52] <JDI_Lloyd> any ideas?
[18:58:57] *** jkfod has quit IRC
[18:59:48] *** jkfod has joined #postfix
[18:59:59] <JDI_Lloyd> http://pastebin.com/pA2rqrzs -- postconf -n
[19:00:21] <lunaphyte_> please don't use other people's domain names in your examples. it's inconsiderate.
[19:00:27] *** p3rror has quit IRC
[19:01:19] <thumbs> lunaphyte_: what domain is that ?
[19:02:22] <lunaphyte_> the one he refers to in his statement.
[19:02:39] <thumbs> oh, that domain.
[19:03:47] *** inf_l00p has joined #postfix
[19:04:47] *** jkfod has quit IRC
[19:06:46] *** jkfod has joined #postfix
[19:08:12] *** lpirl has left #postfix
[19:08:24] *** localhost has quit IRC
[19:12:19] <kyconquers> lunaphyte, I have a list of domains in LDAP and i want to do a domain lookup for relay_domains,
[19:12:43] <kyconquers> but relay_domains only works if only one domain is returned,
[19:13:51] *** p3rror has joined #postfix
[19:14:29] *** JDI_Lloyd has quit IRC
[19:14:47] <lunaphyte_> why are you returning a domain name at all? that's not necessary, and probably just more confusing
[19:15:42] <kyconquers> lunaphyte, how else would i set which domains to relay?
[19:16:19] <lunaphyte_> you are putting all of your domains in attributes in the o=testing,example,dc=com entry?
[19:17:17] <lunaphyte_> and why are you using the registeredaddress attribute for this? that doesn't make sense?
[19:17:20] <kyconquers> some of them, others are in the o=this,dc=example,dc=com entry
[19:17:29] <lunaphyte_> registeredaddress is for postal addresses.
[19:18:00] <kyconquers> because i need to keep track which org owns which domains
[19:18:25] <kyconquers> for both the MDA and other parts
[19:18:28] <lunaphyte_> why would that require registeredaddress be used for this?
[19:18:56] <kyconquers> but the domain could be in one of X orgs
[19:19:54] <kyconquers> registeredaddress is just the attribute that my boss said i could high-jack for domains.
[19:20:30] <lunaphyte_> that's stupid.
[19:20:35] <kyconquers> a "registeredaddress value is a domain that I have to serve
[19:20:36] <lunaphyte_> host hostobject
[19:20:43] <lunaphyte_> bah
[19:20:46] <lunaphyte_> use hostobject
[19:20:57] <kyconquers> hostobject ?
[19:21:17] <kyconquers> can you send me a link to documentation about it?
[19:21:32] <lunaphyte_> it comes with openldap
[19:21:41] <lunaphyte_> it's in the ldapns schema
[19:21:56] <kyconquers> is it an attribute ?
[19:22:31] <lunaphyte_> hostobject is an objectclass which provides the host attribute
[19:22:55] <lunaphyte_> it's much more appropriate for this than registeredaddress, and even if it weren't would make much more sense to misappropriate.
[19:23:12] <rob0> The way relay_domains works: a query is done for the domain, and anything returned for that query means a positive result. The value returned is ignored.
[19:23:32] <rob0> !database
[19:23:33] <knoba> rob0: "database" : http://www.postfix.org/DATABASE_README.html provides an overview of how Postfix lookup tables work, and the various types that are implemented.
[19:25:20] <lunaphyte_> there's also the domain objectclass, which would be a better fit as well
[19:26:37] *** wdp_ has quit IRC
[19:27:03] <lunaphyte_> create an entry which uses the hostobject object class, and use the host attribute to list your domains. then include an object class which provides the description attribute [extensibleobject would be ok for this].
[19:27:37] <lunaphyte_> use a value of 'relay' for the description attribute, and in your lookup map, use result_attribute = description
[19:27:53] <lunaphyte_> then test with postmap
[19:28:14] <kyconquers> but will that allow me to know which domains are controlled by with orgs but to also manage (create, destroy, and edit) the domains of any particular org.
[19:28:36] <lunaphyte_> when you look up a domain name, you should get a single result of 'relay' [which, as rob0 said, doesn't matter, but this way will at least provide some sort of meaning]
[19:28:48] <lunaphyte_> none of that has anything to do with this.
[19:29:30] *** Graungaard has joined #postfix
[19:29:32] <kyconquers> not which this but relate to other parts of my system in which i can't change.
[19:29:41] <kyconquers> *with
[19:29:46] *** Graungaard has quit IRC
[19:30:43] <kyconquers> using registeredaddress is the only way i have found that works for all parts of my system not just the mail part.
[19:30:59] <lunaphyte_> why would that matter?
[19:31:30] *** KaiForce has quit IRC
[19:31:45] <kyconquers> because my MTA's arn't the onlythings using ldap
[19:31:51] <lunaphyte_> so what?
[19:32:13] <lunaphyte_> none of this explains why you're hung up on registeredaddress
[19:32:19] <kyconquers> so if i change it here it will break three other parts
[19:33:00] <kyconquers> if you could find another origination attribute i'll change it
[19:33:24] <lunaphyte_> what is origination attribute?
[19:33:47] <kyconquers> * organization's attribute
[19:33:48] *** inf_l00p has quit IRC
[19:34:40] <lunaphyte_> why are we talking about organization attributes?
[19:34:46] <lunaphyte_> relay domains are domain names.
[19:35:12] <kyconquers> moving it to a separate object breaks things for another team, which will piss my boss off, and probability get me fired
[19:36:01] <kyconquers> yes but for the other parts we have to store the domain names in the organization's object
[19:37:15] <kyconquers> so is there anyway to set the lookup so, if something is returned then return %d
[19:37:20] <lunaphyte_> who said anything about moving things to a separate object?
[19:38:02] <kyconquers> a hostobject is a object, right?
[19:38:14] <lunaphyte_> let's back up.
[19:38:29] *** cvelde has joined #postfix
[19:38:30] <lunaphyte_> so apparently, you have entries in ldap for each "organization"...?
[19:38:41] <lunaphyte_> wehere all kinds of crap is kept, for who knows what - right?
[19:38:56] <lunaphyte_> including domain names that are "owned" by that organization?
[19:39:02] <thumbs> all that matter is what attributes you need to extract.
[19:39:03] *** neg40 has joined #postfix
[19:39:04] <kyconquers> yes each client has a organization
[19:39:08] <kyconquers> yes
[19:39:19] <lunaphyte_> this is very simple. you're overcompliating it.
[19:39:24] <lunaphyte_> *ovecomplicating
[19:39:26] <lunaphyte_> bah
[19:39:33] <lunaphyte_> f*ck speling
[19:39:49] <thumbs> overcomplicating things.
[19:40:09] <lunaphyte_> add the hostobject object class to the organization's entry
[19:40:12] <lunaphyte_> clear?
[19:40:40] <kyconquers> no
[19:40:44] <lunaphyte_> argh
[19:40:46] <lunaphyte_> why not?
[19:40:59] <lunaphyte_> it's a basic ldap concept
[19:41:13] <kyconquers> still trying to figure out what a host-object is
[19:41:34] <lunaphyte_> do you understand what object classes are?
[19:41:39] <kyconquers> yes
[19:41:41] <lunaphyte_> it's an object class. that's it.
[19:42:11] <lunaphyte_> when you find an attribute you want to use, you add the object class that provides the attribute to the entry you wish to add the attribute to.
[19:42:20] <lunaphyte_> this is basic stuff, dude.
[19:42:34] <kyconquers> so instead of each client's object being a organization you want me to turn them into hostobjects
[19:42:38] * thumbs doesn't talk ldap on purpose
[19:42:40] <lunaphyte_> no
[19:42:48] <lunaphyte_> why are you inventing things
[19:42:56] <lunaphyte_> i SAID ADD - not change.
[19:43:48] <kyconquers> ok i understand
[19:45:04] <lunaphyte_> in this case, since you want to keep things within this particular entry, you wouldn't use description as i suggested above, since it would generate confusion.
[19:45:23] <lunaphyte_> so you can leave that part out
[19:46:07] <neg40> Hello all, first time here. My queue has fallen down and can't get back up. Sending email works, incoming email ends up stuck in the queue. Lots of status=deferred (temporary failure) errors. Happened after a reboot. Are there any locking files or ??
[19:46:42] <kyconquers> lunaphyte, ok i think i understand it now thanks
[19:47:34] <Dominian> neg40: logs.. what is the exact error message?
[19:47:56] <lunaphyte_> kyconquers: instead, just use result_attribute = o and result_format = transport in your lookup map
[19:48:03] <lunaphyte_> kyconquers: you're welcome
[19:48:19] <kyconquers> lunaphyte, you are amazing
[19:48:27] <neg40> Feb 29 10:21:17 email postfix/pipe[26148]: E8BDB869BB0: to=<xxxxx at xxxxx dot com>, relay=dovecot, delay=26539, delays=26539/0/0/0.91, dsn=4.3.0, status=deferred (temporary failure)
[19:48:33] <neg40> and lots more just like it...
[19:48:56] *** inf_l00p has joined #postfix
[19:49:26] <patdk-lap> !munge
[19:49:26] <knoba> patdk-lap: Error: "munge" is not a valid command.
[19:49:33] <patdk-lap> man, I'm so bad at the bot
[19:49:40] <patdk-lap> !mustmunge
[19:49:41] <knoba> patdk-lap: Error: "mustmunge" is not a valid command.
[19:50:40] <neg40> @Dominian is that enough, or do you need me to pastebin something?
[19:51:20] <lunaphyte_> kyconquers: i'm waiting for the other shoe to drop :)
[19:52:41] <Dominian> neg40: So, was the server or whatever these were delivering to down for a short period?
[19:52:51] <Dominian> neg40: or do you just need to force the messages to try to resend?
[19:53:10] *** localhost has joined #postfix
[19:53:17] <Dominian> neg40: You can try: postqueue -f
[19:53:27] <Dominian> neg40: that'll force any queued messages to attempt redelivery immediately
[19:53:43] <Dominian> was the reboot to make changes to postfix or what?
[19:54:55] <neg40> @Dominian, I've done postsuper -r ALL and they won't go away. Server worked fine for months, got a weird error that a user didn't exist, rebooted the box and now incoming email is stuck in the queue (sends email fine).
[19:55:32] <neg40> I don't want to say "go away" they don't process and get delivered to my servers users...
[19:57:27] <Dominian> What other errors are there other than temp failures?
[19:57:38] <Dominian> and postsuper will just force all email to requeue
[19:57:51] <Dominian> Pick one particular ID and requeue that only.. see if it produces even more
[19:57:55] <rob0> !tell neg40 relevant_logs
[19:57:57] <knoba> neg40: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.
[19:58:14] <rob0> patdk-lap, it is "mung", an acronym
[19:58:29] <patdk-lap> mungle :)
[19:59:10] <rob0> neg40, also as per /topic include your "postconf -n" in that pastebin you are making.
[19:59:47] <neg40> will do...
[20:00:45] <kyconquers> lunaphyte, other shoe?
[20:01:33] <neg40> was hoping that there was a blahblah/etc/postfix.queuelock file I could delete and the queue would free up. ;)
[20:02:49] <rob0> Start with the goal. Also, why are you using a pipe transport? Get basic functionality working before you try to go beyond it.
[20:03:13] *** abyss has quit IRC
[20:05:43] <lunaphyte_> kyconquers: usually when i hear that sort of thing it's sarcasm ;)
[20:06:38] *** abyss has joined #postfix
[20:07:56] <neg40> I've used the iRedMail script to install postfix and the whole server for that matter.
[20:08:35] <kyconquers> lunaphyte, i've been trying to figure out how to do this for a couple of weeks now. :)
[20:08:49] <lunaphyte_> and all this time, you could have just paid me!
[20:10:15] *** d3c has joined #postfix
[20:11:48] <neg40> is /var/log/maillog one of the "Relevant logs"?
[20:11:51] <thumbs> or paid rob0 !
[20:12:12] <rob0> !logs
[20:12:13] <knoba> rob0: "logs" : postfix logs to the mail facility of syslog. Something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung
[20:12:33] <rob0> I would suggest first learning your OS well, then start with
[20:12:38] <rob0> !basic
[20:12:39] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.
[20:12:39] <thumbs> rob0: if you had a dime for every time you helped a user, you'd be rich!
[20:13:00] <rob0> I don't suppose this iredmail thing is very basic.
[20:13:09] <rob0> thumbs :)
[20:13:55] <lunaphyte_> what about whelping users?
[20:14:08] <thumbs> wagging doesn't count!
[20:14:39] <lunaphyte_> serendipity!
[20:14:51] <lunaphyte_> little puppies have wagging tails!
[20:18:31] *** cpm has joined #postfix
[20:18:31] *** cpm has joined #postfix
[20:19:06] *** d3c has quit IRC
[20:24:13] *** Dev0n_ has quit IRC
[20:28:37] *** patdk-lap has quit IRC
[20:28:38] *** Section1 has quit IRC
[20:30:33] <neg40> postconf -n is at http://pastebin.com/gfAGPivF
[20:31:11] *** krzee has quit IRC
[20:32:08] <neg40> so, anyone do remote support at a "family" rate, not a fortune 100?? Tired of banging head against a wall...
[20:35:48] *** ichdasich has quit IRC
[20:40:44] *** patdk-lap has joined #postfix
[20:44:11] <neg40> <---- continues banging head while reading !debug...
[20:46:06] *** chadmaynard has quit IRC
[20:49:18] *** sphenxes has quit IRC
[20:49:29] *** ichdasich has joined #postfix
[20:51:09] *** Norrin has joined #postfix
[20:52:41] <Norrin> on http://www.postfix.org/postconf.5.html#smtpd_tls_security_level , where it says "this MUST NOT be applied in case of a publicly-referenced SMTP server. Instead, this option should be used only on dedicated servers." -- publically referenced smtp server means what? a server listed in a mx record or a server that is meant to except mail from every end user that wishes to use it?
[20:53:12] <Norrin> s/except/accept
[20:53:26] *** Cerise has quit IRC
[20:53:31] <lunaphyte> do not require encryption on a host that receives connections from hosts you do not control in some way
[20:53:32] *** will_ has joined #postfix
[20:53:33] *** Cerise has joined #postfix
[20:53:39] <lunaphyte> this generally means the public internet
[20:54:22] <lunaphyte> which yes, typically boils down to a host that is referenced by an mx record.
[20:54:38] *** will_ has quit IRC
[20:55:07] *** will_ has joined #postfix
[20:55:27] <lunaphyte> conversely, an msa, which offers submission/587 and is also often publicly accessible, should not accept connections *without* encryption.
[20:56:12] *** Roadblock_RVA has joined #postfix
[20:58:53] <neg40> I've checked my /etc/syslog.conf and it shows "log all mail messages in one place" ~/var/log/maillog I've had it listing as many messages as possible, so the log is quite "active". How much should I add to pastbin, or is there a better command to isolate a specific message?
[21:02:42] <Norrin> lunaphyte: but how do i know who it will require the encryption from?
[21:02:45] <rob0> You would use a pager like less(1) and its search feature. No, you can't use grep to get all logs for just one message.
[21:05:00] <lunaphyte> Norrin: what do you mean?
[21:05:23] <Norrin> smtpd_tls_security_level specifies security for mtas or smtp end users, or both?
[21:06:16] <rob0> it means what the smtpd will enforce for TLS policy
[21:12:33] <Norrin> ok. got that now. couldn't distinguish between smtpd_tls_security_level and smtp_tls_security_level at first (couldn't see the character difference).
[21:13:25] <Norrin> both of those seem like they apply to communication with other MTAs.
[21:14:08] *** sphenxes has joined #postfix
[21:15:23] <Norrin> lunaphyte: rob0: thanks. i understand your statements now
[21:17:39] *** Roadblock_RVA has quit IRC
[21:19:46] <rob0> !smtp!=smtpd
[21:19:46] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)
[21:19:59] <lunaphyte> nono
[21:20:26] <lunaphyte> for an mta, you offer encryption but do not require it. for an msa you require encryption.
[21:20:39] <lunaphyte> both use smtpd_tls_security_level
[21:20:44] <lunaphyte> just different services.
[21:21:34] *** gerhard7 has quit IRC
[21:24:01] <Norrin> yeah, i picked that up
[21:24:39] <lunaphyte> ok, good
[21:25:20] <Norrin> the question i have now is, why does the rfc say encryption shouldn't be used? do all the big mta's on the net offer encryption?
[21:25:47] <Norrin> shouldn't be required*
[21:26:05] <lunaphyte> "do all the big mta's on the net"
[21:26:11] <lunaphyte> therein lies the answer.
[21:26:16] <Norrin> gmail/yahoo
[21:26:31] <lunaphyte> that's not a statement that can be empirically quantified.
[21:26:49] <Norrin> gmail/yahoo/hotmail
[21:26:52] <lunaphyte> ergo it is what it is
[21:27:24] <lunaphyte> because it's not required on the sender side, it cannot be required on the recipient side.
[21:27:28] <will_> Norrin: The RFC says it shouldn't be required because it was never required and other clients may not support it.
[21:27:44] <lunaphyte> it's not about who does or doesn't attempt starttls.
[21:27:47] <lunaphyte> that doesn't matter.
[21:28:01] <lunaphyte> many do attempt, and many don't.
[21:28:48] *** ichdasic1 has joined #postfix
[21:28:55] <Norrin> which ones don't support it?
[21:28:56] *** ichdasich has quit IRC
[21:29:07] <lunaphyte> that's not quantifiable.
[21:29:26] <lunaphyte> the ones who don't attempt starttls are the ones who don't
[21:29:52] <lunaphyte> go make a list of humans who don't speak chinese.
[21:30:29] <Norrin> well i did narrow the question to three domains. gmail, yahoo, and hotmail
[21:30:38] <lunaphyte> but why bother?
[21:30:48] <lunaphyte> if they do, they do, if they don't they don't.
[21:30:52] <lunaphyte> it doesn't change anything.
[21:31:02] <Norrin> it changes feasibility
[21:31:09] <lunaphyte> no, it doesn't.
[21:31:12] <lunaphyte> it's not feasible.
[21:31:21] <Norrin> why is it not feasible?
[21:31:39] <lunaphyte> because starttls is not required on the sender side.
[21:32:38] <Norrin> sender and receiving have to both offer certs for encryption to take place?
[21:32:44] <lunaphyte> no
[21:32:58] <lunaphyte> certs have nothing to do with it
[21:33:18] <lunaphyte> it simply isn't required. it really isn't any more complex than that.
[21:33:23] *** ssureshot has joined #postfix
[21:34:25] <Norrin> "because starttls is not required on the sender side." -- what is the signifigance of that statement?
[21:34:39] <lunaphyte> i don't understand what you're asking.
[21:34:58] <lunaphyte> when an mta delivers mail to another mta, it is not required that encryption be used.
[21:36:00] <Norrin> i read as much. required and support are two different things
[21:36:18] <lunaphyte> yes, and?
[21:37:54] *** ced117 has quit IRC
[21:39:16] <Norrin> you're saying its impossible to know which support encryption or not?
[21:40:39] <Norrin> will_: but which mta's dont support it?
[21:40:56] <Norrin> or if its easier to answer, do gmail, yahoo, hotmail support it?
[21:41:53] <will_> You can't
[21:42:08] <will_> Yes, they support TLS
[21:42:23] <will_> So you can set up your MTA to send to them using TLS if available
[21:43:06] *** neuonyx has quit IRC
[21:44:16] <Norrin> will_: and receiving from them with tls required would work as well?
[21:52:16] <Norrin> if both MTAs support encryption, what possibility is there a transmission could fail due to TLS related reasons?
[21:54:24] <Norrin> I assume none. so the question is what daemons and client don't support TLS.
[21:55:05] <will_> Norrin: You can't require Gmail to send to you encrypted
[21:55:20] *** cpm has quit IRC
[21:55:21] <will_> They may support it now, but they may change their mind
[21:55:49] <will_> You cannot require encryption from the public because there is no requirement that says you must send encrypted
[21:56:55] <lunaphyte_> there are always reasons why anything might fail
[21:58:04] <lunaphyte_> it's also not about which software out there has the capability to perform or provide starttls
[21:58:07] <will_> I fail for no particular reason!
[21:58:08] <will_> brb
[21:59:00] <Norrin> i know it isn't required. i want to know if the encryption interoperability works with gmail, yahoo, and hotmail in both directions. i know the future could change, but i'm interested in knowing the present.
[21:59:49] <Norrin> lunaphyte: it seems like you're hinting that there are some extenuating circumstances, but i fail to understand what they are
[22:02:35] <Norrin> lunaphyte: why is encryption ability not related to my question? especifically since that's exactly what my question is?
[22:02:57] <Norrin> especially*
[22:04:56] <Norrin> MAYBE what you're saying is, a client may support tls, but may not attempt it
[22:05:16] * Norrin forced to guess at what is being said here
[22:05:42] <lunaphyte_> right.
[22:06:04] <lunaphyte_> a particular piece of software formally supporting starttls means nothing.
[22:06:13] <lunaphyte_> all that matter is how it's been configured.
[22:06:20] <lunaphyte_> *matters
[22:07:47] <Norrin> by 'support' i imply configuration. if configured not to perform, it will not interoperate, ergo not supporting the usage of that feature
[22:09:42] *** cvelde has quit IRC
[22:10:25] <Norrin> if support didn't imply configuration, i could say my msa supports you using it, even though it only accepts my certificate
[22:11:01] <lunaphyte_> debating semantics isn't really worth much here. a piece of software might support use of encryption. if it does, it might be configured to support use of it when communicating with other servers.
[22:11:17] *** danblack has joined #postfix
[22:12:02] <lunaphyte_> for example, postfix of course supports encryption as a client. however, the default configuration does not attempt it.
[22:12:18] <lunaphyte_> it must be explicitly enabled by the operator.
[22:13:26] *** micah has joined #postfix
[22:14:04] <micah> what is it that determines if postfix should use the hostname for expanding an email address? in otherwords, I want to send to 'dave' and want that to go to 'dave at domain dot org' rather than to 'dave at myhostname dot domain.org'?
[22:14:52] <lunaphyte_> if configured by the operator to attempt encryption, will it work? maybe.
[22:14:59] <rob0> !myorigin
[22:14:59] <knoba> rob0: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.
[22:15:07] <rob0> !append_at_myorigin
[22:15:08] <knoba> rob0: "append_at_myorigin" : Append the string"@$myorigin" to mail addresses without domain information. WARNING: do not change this without understanding what it means, see http://www.postfix.org/postconf.5.html#append_at_myorigin
[22:15:17] <lunaphyte_> while slowly growing, the percentage of mtas which offer encryption is small.
[22:15:53] <micah> ah ok, my /etc/mailname has the FQDN and myorigin = /etc/mailname, append_at_myorigin = yes
[22:16:02] <lunaphyte_> of those, there are plenty of misconfigurations which prevent encryption from working even when offered.
[22:16:28] <micah> so i'll set myorigin to be $mydomain
[22:16:31] <will_> Still talking about this? :)
[22:16:51] <Norrin> lunaphyte: agreed, about semantics and moving forward. "small percentage" applies to servers and clients?
[22:17:13] <Norrin> both? (is what i mean)
[22:17:21] <lunaphyte_> both
[22:17:23] *** hobodave has joined #postfix
[22:17:28] <micah> hm, seems like its still appending it
[22:18:36] <Norrin> i'm hoping that a client which had tls configured would begin to use it is presented with "530 Must issue a STARTTLS command first" from the server
[22:19:06] <Norrin> to use it if* presented with. . . .
[22:19:28] <lunaphyte_> for all intents and purposes, you're unlikely to find mta software for which support for encryption as a client has been implemented yet support for encryption as a server hasn't [or vice versa of course]. accordingly, there is a natural parity between the metrics.
[22:19:50] <micah> ok, i've got these set:
[22:19:50] <micah> append_dot_mydomain = no
[22:19:50] <micah> append_at_myorigin = no
[22:19:59] <lunaphyte_> Norrin: it doesn't really work that way.
[22:20:01] <micah> mydomain = foo.org
[22:20:06] <micah> myorigin = $mydomain
[22:20:25] <micah> but when I send mail to 'dave' it gets sent to 'dave@myhostname'
[22:20:25] <lunaphyte_> typically, the transaction will fail, and it's up to the user to understand and be aware, and adjust their client config appropriately.
[22:21:01] <lunaphyte_> don't just send mail to 'dave'
[22:21:15] <lunaphyte_> use a proper email address when constructing a message.
[22:22:08] <micah> lunaphyte_: that is one solution, but I'm trying to make it work like that, which is how it used to work
[22:22:35] <rob0> dave@hal9000~$ echo open the pod bay door | mail -s "do it" hal@localhost
[22:23:40] <Norrin> wow this rfc was 13 years ago and the users are "small and slowly growing"
[22:25:35] <will_> Because there is no point
[22:25:50] <will_> Email is NOT secure
[22:26:00] <will_> THe only way to secure it is encrypting the body, not the channel
[22:26:03] <lunaphyte_> thing is, it's not a mandate.
[22:26:35] <will_> Norrin: Why are you asking? What is the issue you're trying to solve?
[22:26:54] <lunaphyte_> why would it be surprising that something new became available, but wasn't required, and interest in it grew slowly?
[22:27:24] <lunaphyte_> especially in the context of the vast majority of email admins being incompetent.
[22:28:48] <will_> I am way more worried about packet sniffers on my local network, between my edge MX to my mail store, than I am between Gmail and my MX
[22:29:40] <Norrin> will_: the internet is not fully secure, that doesn't mean all passwords should be discarded. security is layers of potential barriers. nothing fullproof. the sume of the layers of barriers does however secure against some attackers
[22:29:53] <Norrin> s/sume/sum
[22:29:56] <will_> Sure and?
[22:30:09] <will_> There was no security in the email rfc :)
[22:30:45] <will_> I don't know where you're going with this. It is what it is. People here aren't going to change that
[22:31:15] <will_> You offer TLS in both directions, and that's the best you can do
[22:31:19] <Norrin> not going anywhere. "wow" was the end of my train of thought. my next step is deciding what i should do
[22:31:41] <will_> What are your options?
[22:31:44] <danblack> you can even do tls policy maps for the directions you know exist
[22:32:30] *** Marian has joined #postfix
[22:34:44] <Norrin> will_: options: not require tls or break the rfc, monitor debug logs, and see what happens
[22:35:09] <will_> You're considering requiring TLS?
[22:35:33] <will_> Actually, re-reading your security statement above, I'm not sure I can agree with that in this context
[22:37:44] <Norrin> breaking the rfc is the only way i can think of, right now, to find out what a various clients will do when presented with the 530 message
[22:38:00] <will_> What are you doing, exactly?
[22:38:06] <will_> What "clients"?
[22:38:19] <Norrin> mtas from gmail, yahoo, hotmail primarily
[22:38:30] <will_> Don't call them "clients" :P
[22:38:47] <Norrin> that seems to be what these docs call them, when they initiate communication
[22:39:10] <will_> :)
[22:39:28] <will_> And why does it matter how Gmail breaks when they receive a 530?
[22:39:44] <will_> How does the answer to that change anything?
[22:40:12] *** mroe has joined #postfix
[22:40:29] *** ciklid has quit IRC
[22:40:51] <Norrin> is it a given that it will break?
[22:41:08] <will_> That's not the point
[22:41:14] <Norrin> it is my point
[22:41:34] <will_> What do you mean "break"?
[22:42:00] <Norrin> "And why does it matter how Gmail breaks when they receive a 530?" -- same definition as used here
[22:43:13] <will_> Which is? Meaning that you refused the connection because of no TLS, so it won't send the message to you
[22:43:21] <will_> What do you think it'll do? lol
[22:44:17] <Norrin> I'm thinking, it might respond, "STARTTLS"
[22:44:27] <will_> lol
[22:44:45] <will_> I think you should read the SMTP docs then
[22:44:52] <will_> It'll be easier than going through this exercise
[22:45:37] <micah> hm
[22:45:39] <micah> myorigin = $mydomain (probably desirable: "user@$mydomain")
[22:45:41] <micah> that should work
[22:47:01] * micah fixes
[22:49:26] <rob0> huh? no.
[22:49:33] <rob0> !myorigin
[22:49:34] <knoba> rob0: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.
[22:49:51] <rob0> The default DOMAIN NAME ...
[22:50:24] <Norrin> will_: why would it not respond "STARTTLS"?
[22:51:02] <will_> Norrin: Because you didn't tell it you supported it
[22:51:23] <Norrin> that is assumed.
[22:51:39] <Norrin> that's what the conversation has been about at least
[22:52:05] <will_> lol
[22:52:55] <Norrin> it is assume "STARTTLS" would be after "250 STARTTLS"
[23:00:11] *** krzee has joined #postfix
[23:20:46] *** krzee has quit IRC
[23:20:48] *** freezey has joined #postfix
[23:21:02] <freezey> hey i was wondering if i could mark an email as a hardbounce if the domain is invalid?
[23:21:51] <mroe> what is a hard bounce?
[23:21:59] <freezey> invalid email address
[23:22:02] <freezey> invalid hostname
[23:22:07] <mroe> you mean a reject?
[23:22:08] <freezey> when the message tries to get sent from postfix
[23:22:15] <freezey> ok yeah a reject
[23:22:26] <rob0> Postfix doesn't send, Postfix is a MTA.
[23:22:30] <mroe> a bounce and a reject have a very important distinction
[23:22:40] <rob0> describe more fully what your goal is
[23:23:30] <freezey> right now i have emails that some are soft bounces and others are hard bounces the softbounces are just mailbox might be full try again later.. and the hardbounce can be an invalid domain or something like that
[23:24:37] *** phantasm66 has quit IRC
[23:24:38] <mroe> putting aside your confusing terminology, what would you like to do?
[23:25:59] <freezey> take emails that have invalid domains and discard them
[23:26:23] <mroe> no you want to reject them
[23:26:32] <mroe> respond with a 5xx message
[23:26:47] <mroe> you never want to accept a message and then not deliver it
[23:28:05] *** npmapn has quit IRC
[23:28:20] <freezey> ok so maybe adding a invalid_hostname_reject_code would help out
[23:28:26] <rob0> !reject_unknown_recipient_domain
[23:28:27] <knoba> rob0: Error: "reject_unknown_recipient_domain" is not a valid command.
[23:29:18] <freezey> ok so then it would be the smtpd_helo_required i am guessing
[23:29:19] <rob0> Perhaps (still can only guess what the real issue is) you want to precede "permit_mynetworks" with "reject_unknown_recipient_domain"?
[23:29:20] *** Canadian1296 has joined #postfix
[23:29:26] <freezey> !smtpd_helo_required
[23:29:26] <knoba> freezey: "smtpd_helo_required" : a configuration parameter in the main.cf: Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command.
[23:29:44] <rob0> how does HELO figure into this?
[23:30:35] <freezey> i am just throwing thoughts around
[23:30:40] <freezey> trying to figure out what could and would work
[23:31:04] <Norrin> !tell freezey reject_unknown_recipient_domain
[23:31:04] <knoba> Norrin: Error: No factoid matches that key.
[23:31:08] <Norrin> !reject_unknown_recipient_domain
[23:31:08] <knoba> Norrin: Error: "reject_unknown_recipient_domain" is not a valid command.
[23:31:12] <freezey> http://www.postfix.org/postconf.5.html#reject_invalid_helo_hostname
[23:31:13] <freezey> reading from here
[23:31:19] <mroe> !mung
[23:31:19] <knoba> mroe: "mung" : Mash Until No Good : the art of obfuscating data which ultimately results in unintentional consequences such as making diagnostics impossible.
[23:31:26] <mroe> hrm, not that one
[23:31:45] <mroe> I can't find the right one
[23:32:23] <Norrin> !tell freezey smtpd_recipient_restrictions
[23:32:23] <knoba> freezey: "smtpd_recipient_restrictions" : Configuration parameter in main.cf: Access restrictions that the smtpd(8) applies in the context of the RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; See: http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
[23:33:07] * f3ew bumbles in
[23:33:25] <rob0> bumblef3ew
[23:33:50] <f3ew> heh
[23:35:22] *** wdp has quit IRC
[23:38:23] *** wdp has joined #postfix
[23:38:23] *** wdp has joined #postfix
[23:39:36] *** TomHome has joined #postfix
[23:44:57] <freezey> what about lowering the attempts of an email redelivery
[23:45:53] <rob0> might be best to not accept it in the first place, although this varies (you might get phone calls from users)
[23:46:01] <freezey> its ok with me
[23:48:50] *** snearch has quit IRC
[23:49:17] *** jpollara has joined #postfix
[23:49:23] *** jpollara is now known as lawnchair
[23:49:29] *** overdrive3000 has quit IRC
[23:57:05] *** e-anima has quit IRC
top

   February 29, 2012  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | >