June 5, 2012 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 5, 2012 [00:03:48] *** kiri has quit IRC[00:08:47] *** kiri has joined #postfix[00:14:26] *** Kellin has joined #postfix[00:17:57] *** danblack has joined #postfix[00:45:34] *** ki7rw has joined #postfix[01:14:37] *** scientes has quit IRC[01:18:20] *** sphenxes has quit IRC[01:27:06] *** scientes has joined #postfix[01:31:53] *** shinao1 has quit IRC[01:37:17] *** cps0 has joined #postfix[01:47:52] *** laner has quit IRC[02:04:38] *** matt1982 has quit IRC[02:19:41] <nykac> !debug[02:19:42] <knoba> nykac: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[02:22:15] *** Deathvalley122 has quit IRC[02:23:51] *** freezey has quit IRC[02:30:42] *** danblack has quit IRC[02:31:53] *** Deathvalley122 has joined #postfix[02:39:01] *** cps0 has quit IRC[02:40:09] <nykac> hello, I am having trouble with sending mail. It keeps being sent from user at hostname dot domain.com instead of user at domain dot com how can I fix this? http://dpaste.com/755351/[02:50:39] *** nuomi has joined #postfix[02:56:51] <pj> !myorigin[02:56:51] <knoba> pj: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.[02:57:03] <pj> nykac: ^^^^^^^^^[02:58:15] <rob0> see also[02:58:18] <rob0> !basic[02:58:18] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[03:11:18] *** on1ald has quit IRC[03:41:57] *** Areckx has joined #postfix[03:44:54] *** Areckx has quit IRC[03:45:32] *** Areckx has joined #postfix[03:51:50] *** chadmaynard has joined #postfix[03:53:53] *** BuenGenio has joined #postfix[03:58:48] *** on1ald has joined #postfix[04:00:49] *** nuomi has quit IRC[04:01:00] *** nuomi1 has joined #postfix[04:02:56] *** Marf has joined #postfix[04:04:28] *** nuomi1 has quit IRC[04:04:39] *** nuomi has joined #postfix[04:07:39] *** on1ald has quit IRC[04:07:42] *** nuomi1 has joined #postfix[04:11:02] *** nuomi has quit IRC[04:16:15] *** roe has quit IRC[04:16:49] *** nuomi1 has quit IRC[04:19:48] *** on1ald has joined #postfix[04:21:45] *** uqlev has joined #postfix[04:24:17] *** kaushal has joined #postfix[04:24:19] <kaushal> Hi[04:24:39] <kaushal> is there a high availability option available for postfix smtp server?[04:27:14] <jimpop> what is your definition of high availability?[04:27:22] *** elex111112 has joined #postfix[04:27:32] <pj> there are ways to do HA with postfix, yes, but yes, define HA.[04:28:32] *** elex111111 has quit IRC[04:29:41] <pj> email servers are pretty resilient anyways, even when you don't do anything extra for HA.[04:31:58] *** nuomi has joined #postfix[04:33:12] *** roe has joined #postfix[04:33:59] *** laner has joined #postfix[04:43:34] *** Marf has quit IRC[04:46:49] *** scientes has quit IRC[04:53:58] *** freezey has joined #postfix[04:59:20] *** scientes has joined #postfix[05:04:21] *** MAAAAAD has joined #postfix[05:06:36] <PatrickDK> pj, well, the only part of HA that comes into play, is what is stuck in the queue[05:07:12] <pj> PatrickDK: very true[05:07:18] *** nuomi has quit IRC[05:07:38] <pj> for that you probably want to keep your queue synced up somewhere else.[05:07:57] *** MAAAAD has quit IRC[05:08:15] <pj> well, for that type of HA I would use HA features of a VM environment, like Xen with remus[05:09:34] *** nuomi has joined #postfix[05:09:36] <pj> but that really doesn't have anything specifically to do with postfix.[05:12:44] <pj> something like remus would keep memory, disk, everything synced up in real time with a VM that is on standby on another physical server. If the server or VM dies for any reason remus would detect it and unpause the VM on the other server to pick right up where that one left off.[05:15:42] <PatrickDK> yep, and in vmware that would be FT HA[05:15:54] <pj> ahhhhh, yep[05:15:56] <PatrickDK> though the disks would be shared in that case, just memory would be synced[05:16:22] <PatrickDK> having a san disk array failure we are attempting to fix now :([05:16:33] <pj> yeah, well you can certainly share the disks with Xen as well, but you don't have to, thereby giving you another level of redundancy.[05:16:47] *** nuomi1 has joined #postfix[05:18:49] <pj> remus uses drbd for keeping the disks in sync[05:19:12] <PatrickDK> if I needed to, I would just raid1 two iscsi luns[05:19:15] *** nuomi has quit IRC[05:19:54] * pj nods[05:20:48] *** uqlev has quit IRC[05:23:00] * jimpop just makes regular backups and hopes for the best[05:23:20] <PatrickDK> backups do nothing for email[05:23:35] <PatrickDK> your worried about the last minutes of mail in the queue[05:23:41] <jimpop> i backup the email.[05:23:49] <PatrickDK> pointless to restore the email from a few days, or hours ago that was in the queue, and no loger is :)[05:24:11] <PatrickDK> well, the email itself isn't the issue, they said, HA smtp server, not HA mailstore[05:24:35] <PatrickDK> atleast my smtp servers don't touch the mailstore[05:24:36] <jimpop> i let the sending servers provide inbound HA.[05:24:53] <jimpop> once i get it, it's on disk. disk is backup up...[05:25:00] <PatrickDK> and email stuck in the queue? you just don't care about[05:25:08] <jimpop> i back the queue up too[05:25:14] <PatrickDK> every minute?[05:25:17] <jimpop> no[05:25:18] <pj> right, HA could mean a lot of different things, though, so it depends on what he really needs ... anyone else notice the original poster hasn't said a thing since asking the question?[05:25:27] <PatrickDK> :)[05:25:28] <PatrickDK> yep[05:25:43] <jimpop> i could lose files in the queue in between backups, sure.[05:25:57] <jimpop> but senders could easily resend those if needed[05:25:59] <PatrickDK> yes, why the definition of HA is required[05:26:05] <pj> unless your server fails within seconds following your backup the backup of the queue is pretty pointless.[05:26:07] <PatrickDK> some people CARE about that[05:26:16] <jimpop> true[05:26:20] <jimpop> but not I[05:26:21] <jimpop> ;-)[05:26:29] <PatrickDK> ya, most think it's not worth the effort[05:26:43] <pj> neither do I, but there are edge cases where it is.[05:26:49] <PatrickDK> gmail might care, cause I imagine theirs are larger in size, more to loose[05:26:57] <jimpop> yep[05:27:07] <jimpop> any receiver/provider should care[05:27:09] <PatrickDK> I attempt to keep my systems with <10 in the queue[05:27:11] <pj> yeah, I think gmail probably does HA failover like we were talking about.[05:27:53] *** Kellin has quit IRC[05:28:54] <pj> kaushal: we're talking about you, you could at least have the decency to participate in the conversation about your own question.[05:29:13] <roe> perhaps he is just a seeder[05:29:13] <kaushal> pj: please give ne a moment[05:29:22] <roe> for instance[05:29:26] <pj> he's alive![05:29:28] <kaushal> pj: held up in production issue[05:29:32] <pj> ok[05:29:32] <roe> Emacs or Vi?[05:29:34] <kaushal> pj: apologies[05:29:35] <jimpop> he's had 1 hour so far[05:30:04] <PatrickDK> crap, dinner got in the way, and I lost this ebay bid :([05:30:13] * kaushal brb[05:30:15] *** kaushal has quit IRC[05:30:17] <jimpop> lol[05:31:42] <pj> ever bid on five different things from one seller in order to make the combined shipping worth it and then end up loosing every auction except one crappy one you didn't really want?[05:32:15] <PatrickDK> not really[05:32:22] <PatrickDK> I normally only do buyitnow[05:32:26] <roe> that's an interesting technique[05:32:31] <roe> ...that I guess doesn't work very well[05:32:46] <PatrickDK> too many bots bidding[05:32:52] <PatrickDK> just don't get into it that much[05:32:56] <pj> happened to me once. I'm in New Zealand and so I needed intl shipping.[05:32:59] <PatrickDK> if a buyitnow isn't priced right for me, I don't bother[05:34:24] *** laner has quit IRC[05:36:46] <jimpop> if PatrickDK doesn't like my buyitnow price then I won't sell it[05:39:01] <PatrickDK> just increasing my stock of fc controllers[05:46:10] *** nykac has left #postfix[05:55:55] *** laner has joined #postfix[06:04:00] *** tharkun has quit IRC[06:08:00] *** ki7rw has quit IRC[06:20:03] *** elex111112 has quit IRC[06:26:43] *** biggi_mat has joined #postfix[06:52:06] *** freezey has quit IRC[06:52:28] *** freezey has joined #postfix[07:03:49] *** Kellin has joined #postfix[07:04:58] *** shal3r_ has joined #postfix[07:05:53] *** nuomi1 has quit IRC[07:08:02] *** nuomi has joined #postfix[07:23:06] *** leprechau has quit IRC[07:30:03] *** jkfod has joined #postfix[07:34:31] *** leprechau has joined #postfix[07:36:41] *** jwing has quit IRC[07:38:13] *** laner has quit IRC[07:40:42] *** freezey has quit IRC[07:47:32] *** trentg has quit IRC[07:48:28] *** trentg has joined #postfix[07:50:13] *** gerhard7 has joined #postfix[07:56:12] *** weedar has joined #postfix[08:02:49] *** Terminus- has joined #postfix[08:03:54] *** jwing has joined #postfix[08:06:26] <Terminus-> hello. anybody here using maildrop? i'm having problems adding a header to mail. if i pipe to 'flags=DRhu user=vmail argv=/usr/bin/maildrop' in master.cf, mail is delivered. if i pipe to 'flags=DRhu user=vmail argv=/usr/bin/maildrop -A "X-Loop: YES"', i get the error 'temporary failure. Command output: /usr/bin/maildrop: Unable to open filter file, errno=2.' if i run the same command on the CLI, mail gets delivered with the header added to it. how can i g[08:22:11] *** biggi_mat has quit IRC[08:22:27] *** biggi_mat has joined #postfix[08:22:34] *** scientes has quit IRC[08:26:06] *** mi has joined #postfix[08:34:50] *** Areckx has quit IRC[08:35:33] *** scientes has joined #postfix[08:35:39] *** mi has quit IRC[08:41:33] *** scientes has quit IRC[08:46:54] *** LoRez has quit IRC[08:57:10] *** newbie|2 has joined #postfix[09:00:32] *** Marf has joined #postfix[09:20:45] *** jkfod has quit IRC[09:21:37] *** tjikkun_work has joined #postfix[09:25:08] *** UQlev has joined #postfix[09:38:34] *** e-anima has joined #postfix[09:46:40] *** ubsrv has joined #postfix[09:48:58] *** blue-dragon has quit IRC[09:49:09] *** blue-dragon has joined #postfix[09:49:10] *** nuomi has quit IRC[09:50:37] <ubsrv> Hi there! I'm having some issues with bounced mails (550-Please turn on SMTP Authentication in your mail client, or login to the server before sending your message). I send mails normally but after a while of being 'idle' I try to send another mail and I get this error with returned mail; I've found out disconnection is automatic for security reasons, but is there any way to avoid it? Those[09:50:38] <ubsrv> returned mails are annoying :-/[09:51:02] *** nuomi has joined #postfix[09:57:21] <UQlev> ubsrv: are you sending to this server or relaying via it?[09:59:17] <ubsrv> I'm relaying via it[10:00:53] <UQlev> ubsrv: there might be rules of relaying: message rate/size etc[10:02:08] <UQlev> ubsrv: relaying service like other services has individual restriction and terms for each provider[10:03:48] <UQlev> ubsrv: I bet relaying server is not yours[10:04:36] <ubsrv> ok, let's bet :-)) that server is running currently at my home, so I'm using the same isp, and I haven't added any rules of relaying[10:06:31] <UQlev> ubsrv: then let's bet you post relevant logs from relaying server[10:08:11] *** shoonya has joined #postfix[10:10:25] <ubsrv> Jun 5 07:37:25 mail postfix/smtp[17357]: 5872F100F73: to=<prbprbprb at gmail dot com>, relay=mydomain.es[X.X.X.X]:25, delay=0.81, delays=0.1/0.09/0.46/0.17, dsn=5.0.0, status=bounced (host mydomain.es[X.X.X.X] said: 550-Please turn on SMTP Authentication in your mail client, or login to the 550-IMAP/POP3 server before sending your message. 550-Y.Y.Y.Y (mail.mydomain.es) [Y.Y.Y.Y]:62119 is 550 not[10:10:25] <ubsrv> permitted to relay through this server without authentication. (in reply to RCPT TO command))[10:10:42] <ubsrv> that's the line bouncing the mail[10:21:08] *** master_of_master has quit IRC[10:23:18] *** master_of_master has joined #postfix[10:24:45] <jimpop> ubsrv: (mail.mydomain.es) [Y.Y.Y.Y]:62119 is 550 not permitted to relay through this server without authentication.[10:24:49] <jimpop> ^^[10:24:59] <jimpop> that's your problem, and solution[10:27:29] <ubsrv> jimpop the client is using authentication, I CAN send e-mails, but after a while (1 hour or so) being idle, if I try to send another e-mail I get it bounced[10:28:13] <jimpop> how are your authenticating?[10:28:43] <andres> ubsrv: sounds like youre using some form of smtp-after-pop authentication or similar[10:29:27] <andres> ubsrv: especially if you read the second part of the error message "or login to the 550-IMAP/POP3 server before sending your message"[10:31:36] <jimpop> i bet he's pop'ing from his client and relaying thru his home server[10:31:54] <ubsrv> jimpop, STARTTLS[10:32:00] <ubsrv> I'm using IMAP[10:32:40] <ubsrv> andres, just rechecked my config and I see nothing about smtp-after-pop, so I assume that's not set[10:33:38] *** BuenGenio has quit IRC[10:33:49] <jimpop> your ISP is using smtp-after-pop, and you aren't pop'ing often enough to enable your home server to send[10:34:32] <jimpop> or pop-before-smtp[10:34:59] <ubsrv> hm, so there's nothing I can do about that, I suppose :-/[10:35:07] <andres> The same exists for imap.[10:35:24] <andres> ubsrv: you can let a script run which regularly logs into the imap server.[10:35:38] <andres> Or you could check whether it also supports real smtp auth.[10:35:47] <andres> Which the error message indicates.[10:37:00] <ubsrv> andres, but that script would be needed for each account, right?[10:37:05] *** sphenxes has joined #postfix[10:37:30] <andres> ubsrv: I have no friggin idea what youre doing, so its hard to answer that question.[10:39:21] <ubsrv> simply have a client connected to the server and let it idle and whenever I need to send an e-mail, even if it's 5 hours later, don't get that mail back :-)[10:59:47] *** jkfod has joined #postfix[11:06:45] *** tompson has joined #postfix[11:07:47] <tompson> Can someone pass me a mail to test my settings[11:07:55] <tompson> pj[11:09:42] *** newbie|2 has quit IRC[11:10:21] *** TMcTrain has joined #postfix[11:23:54] *** nuomi has quit IRC[11:26:41] <tompson> hello![11:26:44] <tompson> ]# service postfix start[11:26:45] <tompson> Starting postfix: [ OK ][11:26:45] <tompson> [root@premios-cielo ~]# postfix reload[11:26:45] <tompson> postfix/postfix-script: fatal: the Postfix mail system is not running[11:27:07] <tuxick> thank bob for clear error messages[11:29:11] <tompson> ;/[11:29:50] <tompson> tuxick[11:30:04] <tompson> var/log/maillog size=0[11:30:12] <tompson> no heve erros[11:30:14] <tompson> ;/[11:32:48] <tuxick> sounds like a severely misconfigured postfix then[11:35:12] *** gerhard7 has quit IRC[11:36:04] *** BuenGenio has joined #postfix[11:38:26] *** nuomi has joined #postfix[11:40:41] <shal3r_> Is it possible to balance load between more than one mail filter servers? Or at least configure fallback server?[11:43:04] <UQlev> shal3r_: how many accounts on a server?[11:43:17] <shal3r_> UQlev, hundreds[11:43:32] <shal3r_> hundreds of domains, thousands of accounts[11:45:38] <UQlev> shal3r_: I bet you can run several receiving servers with mail-filters collecting mails for one storage as ISP do[11:46:24] <UQlev> shal3r_: do you use public black-lists for source filtering?[11:48:01] <shal3r_> UQlev, yes, i am. Actually what i want to do is to move amavisd-new to another server, but i need to keep local backup filter[11:51:27] *** mustu has joined #postfix[11:52:08] <mustu> hi, how do we set smtp/pop3 password for a postfix user for whom system shell is disabled and passwor disn't assigned?[11:53:14] <Zerberus> mustu: read the SASL readme on how to setup SMTP AUTH[11:53:38] *** BuenGenio has quit IRC[11:57:52] *** BuenGenio has joined #postfix[12:02:06] *** mustu has quit IRC[12:09:36] *** jelly has quit IRC[12:15:01] *** gerhard7 has joined #postfix[12:21:41] *** jelly has joined #postfix[12:31:26] *** tompson has quit IRC[12:47:15] *** ondrejk has joined #postfix[12:47:47] <ondrejk> hi, how can i force postfix to send all "Undelivered Mail Returned to Sender" messages to address i specify?[12:48:10] <ondrejk> now it's sending this message to sender and i don't want it like this[12:49:15] <pj> it's supposed to send the message to sender.[12:49:33] <pj> why don't you want it to do that?[12:50:12] <ondrejk> it's automated mailing systems and these messages are spamming address we're using for different purpose[12:50:31] <ondrejk> is possible to change it?[12:51:04] <pj> explain why better[12:53:30] <ondrejk> we're sending big amounts of emails with automatic mailing system(informations about orders..), as sender address is specified address of our callcenter. And when is email returned, this message is sent to address of our callcenter. I would like to know if is possible to change it.[12:54:08] <ondrejk> girl from callcenter was complaining about too much emails like this[12:54:32] <pj> fix your program to use a different email sender.[12:54:50] <pj> errr envelope sender[12:55:41] <ondrejk> what's difference between envelope sender and email sender[12:55:52] <pj> I meant envelope sender.[12:55:54] *** BuenGenio has quit IRC[12:55:57] <ondrejk> forget that, i'll google it[12:56:01] <pj> there is no difference.[12:56:09] <ondrejk> ok :)[12:56:24] <ondrejk> thank you pj :)[12:56:47] <pj> the answer is to fix your automated software, why should postfix override the envelope sender that your software told it to use?[12:57:29] <ondrejk> that's goog point[12:57:34] <ondrejk> s/goog/good/[12:58:03] *** BuenGenio has joined #postfix[12:58:18] *** UQlev has quit IRC[13:05:53] *** BuenGenio has quit IRC[13:06:45] *** chadmaynard has quit IRC[13:07:04] *** wdp has joined #postfix[13:13:08] *** shoonya has quit IRC[13:13:55] *** Terminus- has quit IRC[13:26:00] *** KippiX has quit IRC[13:31:32] *** shinao1 has joined #postfix[13:37:35] *** KippiX has joined #postfix[13:41:22] *** wdp has quit IRC[13:45:29] *** wdp has joined #postfix[13:48:04] *** KippiX has quit IRC[13:55:00] *** KippiX has joined #postfix[13:56:53] *** Steve_The_Pirate has joined #postfix[14:05:24] *** greg has quit IRC[14:05:47] *** greg has joined #postfix[14:09:36] *** Section1 has joined #postfix[14:09:38] *** sami has joined #postfix[14:10:19] *** zorg1 has joined #postfix[14:10:45] <sami> Hi, this might be a stupid question. I've got a postfix in our DMZ which takes incoming mail and forwards it to our exchange and also acts as a smtprelay.[14:11:21] <sami> Recently i've noticed that our headers include names of the servers that are the "source" of the mail it self.[14:11:32] <sami> I'll paste a pastebin in 2 secs[14:13:56] <jwing> sami: all relays add their "received-by" headers as the email passes through them.[14:14:18] <sami> http://pastie.org/4031272[14:14:45] <sami> jwing: but sould it add the received-by from the internal sources that are mailing?[14:15:04] <sami> The ironport which we're jacked in to is dropping our mails becuase of this.[14:15:17] <jwing> Each step/server adds it.[14:16:02] <jwing> So.. mail gen'd on Host A, passing through B and then C, you end up with 3 sets of received headers/.[14:16:34] <jwing> Why is your ironport caring about received by headers? What's it looking for or at?[14:20:31] *** BuenGenio has joined #postfix[14:21:01] <sami> jwing: Sorry i was confused. Was looking at it the wrong way around.[14:21:07] <sami> But to a similar question.[14:21:40] <sami> Can i in anyway "mask" the received by chain in our relay?[14:23:59] <Dominian> why?[14:24:11] <jwing> security by obscurity? useless. You can but it's not worth it.[14:24:43] <jwing> i.e. you'd have to build an external entity that re-writes them and then plug it into postfix.[14:25:33] <jwing> meanwhile, you lose an important debugging tool by losing those entries.[14:33:02] <sami> ok..[14:33:04] <sami> Thanks[14:34:44] *** BuenGenio has quit IRC[14:34:48] *** jkfod has quit IRC[14:41:35] *** Belial has joined #postfix[14:47:38] *** Belial has quit IRC[14:47:39] *** Toerkeium has quit IRC[14:48:31] *** Belial has joined #postfix[14:52:19] *** Belial has quit IRC[14:53:02] *** robinho86 has joined #postfix[14:53:11] *** Belial has joined #postfix[14:55:05] *** Belial has quit IRC[14:55:56] *** Belial has joined #postfix[14:57:33] <TMcTrain> use postfix to deliver mails from one multimailbox input to cyrus-imap debending on LDAP. non deliverable mail get bounced and a notify is sent back (mail is removed). how is it possible to keep the mail in a dedicated mailbox and send a notification any way?[14:58:52] *** nuomi has quit IRC[15:03:45] *** morse has quit IRC[15:06:41] *** morse has joined #postfix[15:12:56] *** xabbuh has joined #postfix[15:13:38] *** Belial has quit IRC[15:14:34] *** Belial has joined #postfix[15:16:25] *** greg has quit IRC[15:16:51] *** greg has joined #postfix[15:17:07] <sami> Hi again! :). So, i've got the same postfix that forwards all incoming mail to our internal exchange and also acts as a relay. I'm now tryig to send mail from another internal server with the from address of no-reply. Is there anyway to make the postfix not to lookup the user in our exchange?[15:18:30] <patdk-wk> postfix only does what you tell it to do[15:18:37] <patdk-wk> I guess you told it to look it up[15:18:52] <patdk-wk> and no, we can't answer that question without you posting your config, atleast[15:19:54] <sami> ohh it's the virtual_alias_maps[15:21:00] *** srg has left #postfix[15:30:57] *** hjbehling has joined #postfix[15:34:23] *** ke-esc has joined #postfix[15:35:47] <ke-esc> I hope you all don't mind a couple of dumb questions- worst offender first: I'm reading a howto on setting up postfix/dovecot/virtual users, and it shows the main.cf with smtpd_recipient_restrictions=, with each option following it on a new line- however I can only get it to work if I put the options on the same line coma separated.. is there a trick I'm missing here?[15:37:42] <Dominian> something similar to this: http://pastebin.slackadelic.com/p/Pu7lF988.html[15:38:45] <Dominian> on that paste, best if you view the raw text at the bottom..> Gives you a better idea[15:38:59] <ke-esc> hmm, is it the whitespace that makes the difference then?[15:39:28] <Dominian> don't think so. i've always done my smtpd_*_restrictions list this way.. easier to read ;)[15:40:21] <ke-esc> hmm, well that did seem to do the trick :) I figured it was just something stupid.[15:40:53] <Dominian> :)[15:41:03] <ke-esc> Second question: how do I get something equiv to exims local_part_prefix, so all emails to say ken-* go to ken?[15:41:20] <Dominian> recipient_delimiter[15:41:27] <Dominian> !recipient_delimiter[15:41:27] <knoba> Dominian: "recipient_delimiter" : a configuration parameter in the main.cf: The separator between user names and address extensions (user+foo). See canonical(5), local(8), relocated(5) and virtual(5) for the effects this has on aliases, canonical, virtual, relocated and on .forward file lookups. Basically, the software tries user+foo and .forward+foo before trying user and .forward.[15:42:04] <ke-esc> ahh, fantastic. thank you so much :)[15:42:14] <Dominian> welcome[15:46:57] *** UQlev has joined #postfix[16:01:25] *** weedar has quit IRC[16:06:10] <necrogami> Morning all[16:09:30] *** MAAAAAD has quit IRC[16:13:46] *** Rez has joined #postfix[16:13:46] *** Rez is now known as LoRez[16:16:46] *** Deathvalley122 has quit IRC[16:20:15] <thumbs> necrogami: all is not in today.[16:21:25] *** xperia has joined #postfix[16:21:45] *** tr-808 has quit IRC[16:22:27] *** tr-808 has joined #postfix[16:24:11] <xperia> hi to all. i contacted a few hours ago a internet company over my postfix server email adress and since then i get my postfix server flooded[16:24:13] <xperia> with 1000 of the same reply emails sent from a probablx bad configured microsoft SMTP server.[16:24:14] <xperia> i never had this problem till today! what can i do in this situation! My Mail server is really flooded at the moment![16:25:07] <UQlev> xperia, firewall it out[16:25:15] <xperia> and yes i contacted them allready and told them to fix this problem but they are probably too dumb to do it[16:25:32] <Dominian> fireawll the exchange server[16:25:33] <thumbs> yes, firewall their IP.[16:25:53] <thumbs> their 'customers' will be forced to complain to them then :)[16:26:25] <xperia> hmmm but then i will never again get any mail from them. think somebody of the it employes sabotage the company[16:26:48] <thumbs> xperia: would you rather be flooded, or have them fix their server?[16:26:50] <Dominian> If they are unwilling to fix it, then firewall the IP[16:27:09] <TMcTrain> how do I tell postfix to accept messages for all recipients, either they do exist or not? I set local_recipient_maps = and[16:27:09] <TMcTrain> reject_unknown_sender_domain = but still the messages get bounced course the mailbox doesn't exist. I'm looking to divert the mail for non existing users into one specific mailbox.[16:27:21] <Dominian> !catchall[16:27:22] <knoba> Dominian: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[16:27:22] <xperia> i searched a little and found that it exist something like "postfix cleanup daemon" that will fix this problem on my side without to firewall them out[16:28:01] <xperia> but dont know what are the steps required to set it up hmmm[16:28:05] *** Deathvalley122 has joined #postfix[16:29:02] <xperia> anybody here how maybe has experience with "postfix cleanup daemon" ?[16:29:29] <thumbs> xperia: how will you distinguish between legit and unwanted emails?[16:29:35] <TMcTrain> Dominian: tx, after I solve this I'll have to look to implement a spamfilter :-)[16:30:07] <UQlev> xperia, did anyone here recommended cleanup?[16:30:32] <xperia> thumbs: well it send me 1000 of the same email adress every minutes. by simple remove all the duplicate emails the problem is solved[16:30:34] *** KippiX has quit IRC[16:30:43] <thumbs> xperia: not quite.[16:30:50] <thumbs> xperia: how will you distinguish between legit and unwanted emails?[16:32:20] <thumbs> xperia: how you answer that question will determine the next course of action.[16:32:45] *** KippiX has joined #postfix[16:33:51] <xperia> thumbs afaik the distinguish it easy you get normally the first email reply and if all other replys from the same email adress are the same you drop them![16:34:49] <UQlev> marvelous logic ;)[16:35:18] <xperia> you keep only the first email and drop all other that are same and sent from the same email adress! that way you can still get other emails from them[16:35:20] <xperia> and dont help sabotage a company only becouse of some bad employe![16:35:20] <thumbs> xperia: wrong answer :)[16:35:45] <thumbs> xperia: re-think your approach.[16:35:49] <patdk-wk> heh?[16:36:02] <patdk-wk> if you get dos, you still want to let them talk to you?[16:36:11] <patdk-wk> even if it was a virus?[16:36:17] *** MAAAAD has joined #postfix[16:37:28] <xperia> i dont think this is dos. they have just a bad configured smtp that send allways the same email reply.[16:37:29] <xperia> see "microsoft smtp flood" it is quite common as companys still use this SMTP Servers.[16:37:56] <thumbs> xperia: the solution is still to firewall them off until they fix their server.[16:38:38] *** elex111112 has joined #postfix[16:38:49] <xperia> thumbs okay thank you a lot for your helpfull answer. pity really that it does not exist a simple solution that at least postfix remove all that duplicate emails that were sent![16:39:22] <thumbs> xperia: postfix doesn't know what a "first email" is, for that matter.[16:39:33] <xperia> looked afaik exactly for such a solution first. firewalling them out can still be done in a few days when they are too dumb really to do her works![16:39:43] <thumbs> xperia: postfix is a MTA. It transmits emails.[16:41:05] <xperia> ahh wait a moment. and who does recieve the emails? dovecot ? damn now i am really puzzeled[16:41:18] <thumbs> xperia: you can use a spam filter to control traffic, but you can't detect a "first email".[16:41:34] <thumbs> xperia: email delivery depends on the MDA.[16:41:35] *** BarryAllen has joined #postfix[16:42:54] <thumbs> !tell xperia mda[16:42:55] <knoba> xperia: "mda" : Mail Delivery Agent: software that delivers mail messages to individual recipient mailboxes after they've been accepted by an MTA. Postfix includes local(8) and virtual(8) MDAs, or can be configured to use an external one.[16:43:21] <BarryAllen> !welcome[16:43:21] <knoba> BarryAllen: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[16:43:29] <thumbs> xperia: you must understand the difference.[16:45:21] <xperia> thumbs thanks a lot! checking just right now the configuration files. thinked till yet that all is done by postfix but i have also dovecot running i think![16:46:20] <UQlev> xperia, you may also have apache running but it is also irrelevant[16:46:48] <patdk-wk> very interesting[16:46:57] <patdk-wk> every single cast of google 'microsoft smtp flood'[16:47:10] <patdk-wk> I can't find any issues, they all look like ligit, and no floods[16:47:27] <patdk-wk> now, people diagnosing normal email behavure, as a flood, heh[16:49:18] <xperia> UQlev ahh okay thanks for the clarification![16:49:54] <xperia> patdk-wk: gimme just a minute will upload a picture of my flooded postfix mail server[16:50:14] * UQlev have never seen yet "ms smtp flood"[16:51:36] <xperia> patdk-wk: here is the picture of the mail flood => http://i46.tinypic.com/i21t9h.jpg[16:52:01] <patdk-wk> that picture means nothing[16:52:02] <xperia> got in less than 1 hour more than 2000 of the Same Email Reply[16:52:06] *** tharkun has joined #postfix[16:52:06] *** tharkun has joined #postfix[16:52:20] <patdk-wk> headers[16:52:21] <xperia> why is this a total normal behavoir ?[16:52:28] <patdk-wk> I dunno about your case[16:52:34] <patdk-wk> like I said, based on google reports[16:52:42] <patdk-wk> did you case come up in google search?[16:52:47] <Dominian> hrm.. I may have to go ahead and do level 2 validation with StartCOM so I can issue more SSL certs[16:53:06] <patdk-wk> Dominian, ya, doing that also here[16:53:29] <xperia> till yet i did not had any such mail flood problems like this[16:54:22] <xperia> my case is not on google becouse of this also! i am talking about this on the internet the first time![16:54:59] <patdk-wk> based on this:[16:55:04] <patdk-wk> <xperia> see "microsoft smtp flood" it is quite common as companys still use this SMTP Servers.[16:55:09] <patdk-wk> I can not locate a ligit case[16:55:48] <patdk-wk> like one of the first links is, someone emailing 30+ people on the cc line, isn't a mail flood[16:56:06] <patdk-wk> someone sending an email, larger than the receiver can accept, and the sender keeps retrying, is not a mail flood[16:57:47] *** srg has joined #postfix[17:01:02] <ke-esc> is there any way to tell from the logs if a message relayed over my server was sent to the destination over tls or not?[17:01:20] <patdk-wk> yep[17:03:01] *** ubsrv has quit IRC[17:03:09] <xperia> patdk-wk: its about getting 1000 of the same email from same mail sender here a google search example => http://forums.msexchange.org/m_100139500/mpage_1/key_/tm.htm#100139514[17:03:11] <xperia> i have to say however that like the person in the link i posted i use too a relay for sending of emails. maybe this is the root of problem in this case.[17:03:13] <xperia> the ms smtp server does not understand it?[17:03:43] *** Steve_The_Pirate has quit IRC[17:04:16] <TMcTrain> oh boy. the settings are very cryptic and unbelivable difficult to understand[17:05:28] <patdk-wk> that post is about exchange 2000? that hasn't been supported for some time now[17:08:24] *** mroe has joined #postfix[17:08:24] *** mroe has joined #postfix[17:09:59] *** Eleth has quit IRC[17:12:02] <xperia> patdk-wk: just wanted tell you that this mail mass flooding exist at least google show it too and other people report it also[17:12:04] <xperia> see => Mass mailing acitivity on one of our Exchange 2010 Server http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2fe3ac37-ae5e-4a6b-9884-9bb0032d7374/[17:12:16] *** freezey has joined #postfix[17:12:27] <Dominian> patdk-wk: Just have to get it into my budget.[17:13:50] <patdk-wk> xperia, yes, backscatter is annoying and the result of other misconfigured servers[17:13:59] <patdk-wk> but it still is unrelated to your case[17:15:07] <patdk-wk> in your case, it's VERY BAD SOFTWARE, that has bugs[17:15:55] <patdk-wk> have you posted logs?[17:16:07] <patdk-wk> cause I can only thing of two things that would do it[17:16:16] <patdk-wk> their user is sending craploads of emails[17:16:32] <patdk-wk> or, your server is sending a temp fail error, so it keeps sending you the message, over and over[17:17:36] <patdk-wk> but as you just ignore the channel rules, and blame microsoft[17:19:20] <xperia> okay will post the source of the mail with all header infos and that stuff ! just a moment patdk-wk thanks for the help.[17:19:22] <xperia> the thing is my mail service run now since two years and till yet i did not had any such problems with anybody and i do lot of emails.[17:19:24] <xperia> today i contacted this internet company and since her mail reply my mail server get flood with min. 2000 Mails per Hour of the same Mail Reply[17:19:38] *** shinao1 has quit IRC[17:22:22] <xperia> patdk-wk: http://moresearch.biz/mailflood.txt[17:26:55] <patdk-wk> hmm, that wasn't the requested info[17:27:03] <patdk-wk> but posting another one of those email might help[17:27:14] *** MAAAAD has quit IRC[17:27:52] *** Bry8Star has quit IRC[17:28:44] <xperia> okay wil just ope the latest. i find it strange that i get 3 times recieve status from 3 different ip adresses for only one email[17:28:46] <xperia> Received: from *** (172.16.72.134) with Microsoft SMTP Server[17:28:48] <xperia> (TLS) id 8.3.192.1; Tue, 5 Jun 2012 16:56:08 +0200[17:28:50] <xperia> Received: from *** (10.64.111.155) with Microsoft SMTP Server (TLS)[17:28:51] <xperia> id 8.3.192.1; Tue, 5 Jun 2012 16:56:11 +0200[17:28:53] <xperia> Received: from *** ([::1]) by Microsoft SMTP Server id[17:28:55] <xperia> 14.01.0339.001; Tue, 5 Jun 2012 16:56:10 +0200[17:29:11] <xperia> is that normal ?[17:29:20] <patdk-wk> just post another email[17:29:24] <patdk-wk> those don't mean crap[17:29:32] <xperia> okay will just do one minute please[17:30:46] <xperia> patdk-wk: http://moresearch.biz/mailflood2.txt[17:31:20] *** Deathvalley122 has quit IRC[17:31:22] *** BuenGenio has joined #postfix[17:31:42] <patdk-wk> different message-id and thread-index, so the users mail program is doing it[17:32:15] *** MAAAAD has joined #postfix[17:33:05] *** Deathvalley122 has joined #postfix[17:33:18] <xperia> maybe it has to do with some looping:[17:33:20] <xperia> X-MS-Exchange-Inbox-Rules-Loop: HR_IT at upc-cablecom dot ch[17:33:22] <xperia> a auto reply maybe ?[17:34:43] <xperia> should a smtp server not prevent such a flood spam mail sending afaik ?[17:35:02] <thumbs> xperia: their server should.[17:35:34] <thumbs> xperia: again, don't concern yourself with it. It's not your problem.[17:36:52] <xperia> thumbs okay.. thanks all for the clarification and help. at least the problem could be more isolated[17:37:15] <thumbs> xperia: "their" problem. You can't do anything about it.[17:37:33] <thumbs> xperia: other then blacklisting their server, of course.[17:37:45] <patdk-wk> or that user[17:37:55] <patdk-wk> in this case, it's likely blacklisting that user would be enough[17:38:06] * tharkun votes for a total ip bann on that server !!![17:38:18] * patdk-wk votes for blacklist submissions[17:38:37] <xperia> well it is the IT human resource team leader and i expect a answer from him. firewalling him is strange at the moment![17:38:59] * patdk-wk votes for boobies for all![17:39:17] <patdk-wk> been growing mine out nicely :)[17:39:40] <thumbs> patdk-wk: TMI.[17:39:56] <UQlev> xperia, dealing with HR is time wasting.[17:41:02] <xperia> well when money only flow to a few Companys only you need to deal with them when everything else fail.[17:41:04] <xperia> ofcourse i can go to work for goverment but i am not at all a big goverment fan.[17:43:46] *** tjikkun_work has quit IRC[17:44:42] <xperia> still thanks a lot to everybody. at least i know 100% that it is not my mail server problem and that something with her microsoft mail client/server configuration is wrong![17:45:01] <xperia> i can sleep better now :-)[17:47:14] *** Toerkeium has joined #postfix[17:48:36] <UQlev> xperia, unless those IT HR can find for themselves good sysadmin it means they can't distinguish labour quality[17:49:43] <UQlev> xperia, or they use criteria other than experience[17:50:34] *** BuenGenio has quit IRC[17:53:15] <xperia> yup you are right. suc critical systems need to be administrated perfect but the problem is that[17:53:17] <xperia> especially the job market is a very inperfect market. the good people you realy find at the time you need.[17:53:19] <xperia> i run myself a small bussiness and whenever i looked to employ new people the ones you needed were nowhere.[17:53:21] <xperia> most of the time you need to accept what you have or get in bussines.[17:54:42] <xperia> and then you have also to remember it is a microsoft system[17:55:34] <xperia> i dont think at all that a person will be availble who can run such systems without any problems. i am happy to have linux and postfix. give me good sleep![17:56:50] *** shoonya has joined #postfix[17:57:01] *** BuenGenio has joined #postfix[18:01:31] *** kzoo has joined #postfix[18:03:55] <kzoo> i'm running into trouble with my virtual_alias_maps, i've got a single mail account which i want to forward all mail to another smtp server using transport_maps. the issue i'm seeing is that when i add the email address into my /etc/postfix/transport and i set the destination transport to smtp:[w.x.y.z]:25 it still attempts to deliver the mail to the local virtual mailbox which the virtual alias is pointing towards.[18:04:54] <kzoo> the postfix/main.cf has the line: transport_maps = hash:/etc/postfix/transport and the key/value in the transport file matches the receiving e-mail address[18:05:24] *** BuenGenio has quit IRC[18:06:28] *** freezey has quit IRC[18:10:16] <kzoo> found my issue, virtual_alias_maps processing occurs before transport_maps processing[18:12:08] *** master_of_master has quit IRC[18:20:15] <xperia> have to code on my websites. wish you all the best. till next time! bye[18:20:26] *** xperia has quit IRC[18:24:56] *** scientes has joined #postfix[18:37:21] *** shoonya has quit IRC[18:39:19] *** UQlev has quit IRC[18:40:42] *** KarlMArX has joined #postfix[18:41:40] *** BarryAllen has quit IRC[18:41:54] *** TMcTrain has quit IRC[18:59:57] *** jkfod has joined #postfix[19:01:56] *** master_of_master has joined #postfix[19:04:26] *** khem_ has joined #postfix[19:05:19] <khem_> when I send out newsletters through a Web interface written in PHP that uses sendmail SMTP server, it takes about 10h to finish the process of sending 10k mails[19:05:33] <khem_> should postfix be any faster, and is there anything particular I can do optimize it?[19:06:21] <jwing> khem_: #sendmail is a better place to ask about optimizing sendmail[19:07:01] *** kzoo has quit IRC[19:07:17] <khem_> i talked about optimizing psotfix as my intention were to replace it with postfix and optimize it as much as possible[19:07:19] <jwing> Speed of email delivery depends upon a lot of variables including host, memory, disk, size of email, destination.... and so on[19:10:14] <jwing> e.g. if you try to send 10k emails to yahoo in one fast run, they will rate limit you and force your delivery times to take longer no matter which MTA you use.[19:10:20] <jwing> unless you are whitelisted w/ them.[19:10:46] *** mambaw has joined #postfix[19:10:50] *** shoonya has joined #postfix[19:10:54] <jwing> you need to examine your mail logs to get an idea as to what's happening.[19:11:02] <khem_> oh, yes. to not appear as spam[19:11:45] <jwing> no.. that whitelisting has nothing to do w/ spam really. It's a way to prevent DOS.[19:12:00] <jwing> i.e. they don't want their mail servers to be abused by someone slamming them w/ a lot of deliveries.[19:12:35] <khem_> alright[19:12:36] <jwing> a lot of ISPs utilize rate limiting to force you to slowly deliver your email[19:17:29] *** uqlev has joined #postfix[19:19:50] *** linguini has joined #postfix[19:19:57] *** uqlev has quit IRC[19:20:02] *** bryanculver has joined #postfix[19:23:04] <tharkun> !postmaster[19:23:09] <tharkun> !postmaster[19:23:09] <knoba> tharkun: Error: "postmaster" is not a valid command.[19:25:42] <bryanculver> I'm having an issue with mynetworks paramater. I have scoured the documentation to no avail. I have it set in main.cnf: mynetworks = hash:$config_directory/network_table[19:25:49] <bryanculver> which has a single subnet set[19:26:23] <bryanculver> postconf -n shows it being set[19:26:35] <bryanculver> but postconf -d shows the default[19:26:40] <bryanculver> 192.168.40.0/24 127.0.0.0/8 [::1]/128 [fe80:3::]/64[19:26:46] <adaptr> bater[19:26:50] <Dominian> postconf -d will always show the default[19:27:17] <adaptr> !tell bryanculver postconf[19:27:18] <knoba> bryanculver: "postconf" : the configuration management tool for postfix. See man postconf for more information.[19:27:27] <bryanculver> ah ok[19:28:17] <bryanculver> Well, none the less, I try to set it to a specific set of IPs yet it still relays outside of that range[19:28:55] <Dominian> Why are you using a hash may for mynetworks if you're only doing one subnet?[19:29:02] *** mrx234 has quit IRC[19:29:06] <adaptr> that's because you have entirely failed to understand what mynetworks does, i.e. nothing.[19:29:15] *** mrx234 has joined #postfix[19:29:53] <adaptr> !tell bryanculver welcome[19:29:53] <knoba> bryanculver: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:30:16] <Dominian> bryanculver: what is it that you are tring to accomplish anyway?[19:30:26] <Dominian> !tell bryanculver mynetworks[19:30:26] <knoba> bryanculver: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[19:30:33] <Dominian> that's all it does.[19:30:40] <Dominian> !adaptr[19:30:40] <knoba> Dominian: "adaptr" : The smiting hand (or actually, small shell script) of #postfix. Not to be trusted.[19:30:47] <Dominian> heh[19:30:52] <bryanculver> That is exactly what I want to accomplish[19:30:54] <Dominian> can't believe that factoid is still there.[19:30:56] <adaptr> Dominian: no, that's not what it does. at all.[19:31:06] <adaptr> please don't confuse the newbies ;)[19:31:08] <Dominian> adaptr: then the factoid is wrong[19:31:12] <adaptr> yes, it is.[19:31:16] <Dominian> then fix it[19:31:20] <adaptr> no[19:31:28] <Dominian> then don't tell me it's wrong.[19:31:32] <adaptr> I tell you to tell rob0 to fix it[19:31:37] <adaptr> then y9ou shut up and go away[19:31:39] <adaptr> and THEN you fix it[19:31:41] <Dominian> http://www.postfix.org/postconf.5.html#mynetworks[19:32:13] <bryanculver> Dominian: I want to accomplish exactly what mynetworks (in the description above) sets out to do[19:32:20] <adaptr> yes, the manual is confusing as well.[19:32:28] *** lumlum has joined #postfix[19:32:31] <adaptr> bryanculver: use an access check[19:32:44] <adaptr> but be warned that you're probably doing it wrong.[19:32:49] <Dominian> adaptr: interesting, mynetworks as I use it, does exactly what the webpage and factoid state[19:32:53] * Dominian shrugs[19:32:57] <bryanculver> Wonderfully helpful, you are[19:33:06] <adaptr> Dominian: I can trivially change your config so it does nothing what you expect[19:33:10] <Dominian> bryanculver: then again, I odn't utilize a hash map either[19:33:10] <adaptr> 2 lines is all it takes[19:33:17] <Dominian> adaptr: and those two lines are?[19:33:26] <bryanculver> Dominian: I have tried all different types of options to no avail[19:33:29] <Dominian> adaptr: again, this is why you don't have access to my main.cf ;)[19:33:30] <adaptr> smtpd_recipient_restrictions = reject, for one[19:33:39] <Dominian> uh huh.. and?[19:33:43] <adaptr> bye bye mynetwork relevancy[19:34:09] *** KarlMArX has left #postfix[19:34:12] <Dominian> the variable mynetworks is being used as it was intende.d. the fact you can manipulate smtpd_*_restrictions doesn't phase me.[19:34:50] <Dominian> and in some instances mynetworks is irrelevant anyway[19:34:55] <adaptr> HOWEVER. he, like every single other questioneer coming here, thinks mynetwokrs is the right place to put blanket relay permissions[19:34:55] <Dominian> but not in my instance[19:35:07] <adaptr> and they should never be blanket[19:35:14] <adaptr> which mynetworks does not explain[19:35:16] <adaptr> at all[19:35:20] <adaptr> but it should[19:35:29] <bryanculver> I like how you assume my intentions[19:35:33] <Dominian> bryanculver: What is it that you are tring to accomplish? If you want to have email clients that can use MUAs to relay through your server, you should use submission with SASL[19:35:51] <adaptr> bryanculver: modern-day fact of email life[19:36:02] <adaptr> use submission, don't allow anybody anonymous relay, ever/[19:36:02] <Dominian> I have only a very minor set of ips that are 'trusted' relay that can relay email through my server[19:36:10] <bryanculver> I full well intend on using access check, but I was going through the documentation and thought it would be a nice additional field to block bad behavior[19:36:19] <adaptr> it's the same field[19:36:47] <adaptr> the PROBLEM with blankly accepting that "mynetworks will do the thing" is that its default settings are not very security-conscious[19:37:06] <adaptr> since it is normally IN FRONT OF smtp auth submission in smtpd_recipient_restrictions[19:37:20] <adaptr> so it makes any restrictions you put on login - irrelevant[19:37:37] <adaptr> and people gnash their teeth and wail and cry for 3 weeks before figuring that out[19:38:02] * patdk-wk just doesn't use my_networks[19:38:16] <adaptr> indeedy, hence my response. just set it to localhost and forget abhou tit[19:38:21] <patdk-wk> and puts sasl_auth permit behind fqdn restrictions[19:38:25] <bryanculver> Well luckily I only spent an hour on it before I signed into IRC to be belittled[19:38:27] <patdk-wk> and some others :)[19:38:49] <patdk-wk> bryanculver, I personally hate my_networks[19:38:59] <patdk-wk> cause you don't know who is the issue and it's annoying to stop[19:39:01] <adaptr> so much so that he forgot how to spell it[19:39:05] <patdk-wk> it's just nicer to use accounts[19:39:19] * patdk-wk spanks adaptrs network[19:39:20] *** shinao1 has joined #postfix[19:39:31] <adaptr> you know that makes me broadcast, right ?[19:39:32] <patdk-wk> adaptr, I've been up for 48+ hours now[19:39:44] <patdk-wk> had a huge san outage last night, my friend wanted me to help with[19:49:57] <jiffe98> I'm trying to get postfix to work with TLS, it works with SSL but if I switch outlook to use TLS rather than SSL it just hangs trying to connect[19:51:03] *** lumlum has quit IRC[19:55:07] <adaptr> jiffe98: what does the log say[19:55:32] <adaptr> also, not all outlooken support STARTTLS (which is what you should be using)[19:56:38] *** amir has quit IRC[19:56:44] *** shoonya has quit IRC[19:57:40] <patdk-wk> or better, your not doing tls on an ssl port are you?[19:58:01] <adaptr> "what does the log say" covered that[19:58:17] <adaptr> if he's using anything recent (yeah, yeah, I know)[20:04:32] *** shinao1_ has joined #postfix[20:06:14] *** shinao1 has quit IRC[20:06:58] * patdk-wk attempts to use rob0's crystal ball[20:08:02] <jiffe98> adaptr: thats what it was tls was assuming a cleartext connection upgraded to tls via starttls, I was assuming tls was negotiated right away[20:09:18] <adaptr> nope, not nearly ever[20:09:24] <adaptr> STARTTLS is the way forward[20:12:38] *** MAAAAD has quit IRC[20:16:06] *** bryanculver has quit IRC[20:17:19] <jiffe98> anyone know an ssl proxy/balancer that supports ssl and starttls ?[20:17:40] <jiffe98> and cleartext[20:17:56] *** PatrickDK has quit IRC[20:18:09] <jiffe98> stunnel will do ssl/starttls, but in the case of a cleartext connection it forces starttls[20:18:18] *** mroe has quit IRC[20:18:25] *** mroe has joined #postfix[20:18:25] *** mroe has joined #postfix[20:18:37] <adaptr> we'd need to know the goal[20:18:54] *** shinao1_ has quit IRC[20:20:51] *** patdk-wk has quit IRC[20:24:46] *** patdk-wk has joined #postfix[20:26:08] *** PatrickDK has joined #postfix[20:30:28] *** MAAAAD has joined #postfix[20:41:53] *** amir has joined #postfix[20:43:35] *** matt1982 has joined #postfix[20:44:40] *** Steve_The_Pirate has joined #postfix[20:45:13] <jiffe98> adaptr: trying to move all ssl negotiation to the load balancers which are currently running ipvs/stunnel[20:46:08] <patdk-wk> yuk[20:46:44] <adaptr> jiffe98: if you have anythign approaching serious volume (thus justifying the expense of a loadbalancer), you buy a premade appliance that doe sthat for you[20:47:00] <adaptr> you'd be talking 100M+ daily[20:47:23] <jiffe98> adaptr: the balancer is mostly for uptime[20:48:19] <adaptr> so an HA frontend, then - not a "loadbalancer"[20:48:35] <jiffe98> true[20:52:07] *** esaym153 has joined #postfix[20:52:14] *** mambaw has quit IRC[20:52:45] *** uqlev has joined #postfix[20:52:47] <adaptr> and this isn't trivial, certainly not with off-the-shelf FLOSS[20:53:25] <adaptr> if you said, move *all* SSL traffic to a frontend, then yes. but you're talking about handing off part of TLS to a "negotiator"[20:53:33] *** ced117 has joined #postfix[20:53:40] <adaptr> both the MTA and the frontend would have to reliably support this[20:53:44] *** ced117 has quit IRC[20:53:44] *** ced117 has joined #postfix[20:54:01] *** tjikkun has quit IRC[20:55:42] *** shinao1 has joined #postfix[21:01:28] <jiffe98> adaptr: well it basically would move all tls traffic to the "negotiator"[21:02:20] <patdk-wk> it wouldn't be too painful[21:02:26] <patdk-wk> just pipe smtp to backend[21:02:32] <patdk-wk> add starttls to helo[21:02:37] <patdk-wk> and process starttls locally[21:02:52] <patdk-wk> but I think all that might be a lot of work for little gain[21:03:04] <jiffe98> patdk-wk: that works for some cases but not others, our outgoing filters don't have the ability to control ssl certs per IP[21:03:11] <patdk-wk> expecially considering how much processing power ssl takes to setup a session[21:03:18] <jiffe98> and maybe I'll just have to treat that as a special case[21:06:26] *** tjikkun has joined #postfix[21:06:26] *** tjikkun has joined #postfix[21:06:45] * patdk-wk can only think of pix/asa butchering[21:26:10] *** ced117 has quit IRC[21:29:40] *** Areckx has joined #postfix[21:34:19] *** Steve_The_Pirate has quit IRC[21:35:01] *** amir has quit IRC[21:38:30] *** cilly has joined #postfix[21:55:19] *** shinao1 has quit IRC[21:58:29] *** mroe has quit IRC[22:01:34] *** Section1 has quit IRC[22:01:58] *** xabbuh has quit IRC[22:04:33] *** biggi_mat has quit IRC[22:05:19] *** uqlev has quit IRC[22:36:57] *** gerhard7 has quit IRC[22:37:52] <tharkun> Gentlemen is there a polite way of asking an mta server what is its message_size_limit is?[22:38:02] *** nutron has joined #postfix[22:40:19] <PatrickDK> no[22:40:29] <PatrickDK> but there is a way for mtas to tell you[22:40:34] <PatrickDK> you just can't ask it :([22:43:43] <tharkun> PatrickDK: What sane mta would recieve a 10MB email and after sending an Ok signal, it would spit it back[22:43:49] <PatrickDK> oh heh[22:43:57] <PatrickDK> I have it backwards, been awhile since I saw it last[22:43:58] <PatrickDK> http://tools.ietf.org/html/rfc1653[22:44:16] <PatrickDK> you tell it the size when you do the mail from: smtp command[22:44:40] <PatrickDK> tharkun, no, I was thinking it told you, after you did a ehlo[22:46:18] <PatrickDK> heh, actually it's both ways :)[22:46:24] <PatrickDK> server can send it to the client[22:46:32] <PatrickDK> and client can send it to the server :)[22:47:57] * tharkun hates outlook[22:48:18] *** chogath has joined #postfix[22:48:34] <PatrickDK> heh, even exchange sends the SIZE command[22:49:09] *** hjbehling has quit IRC[22:49:24] <tharkun> PatrickDK: should it be on any log?[22:49:36] <PatrickDK> no[22:49:55] <PatrickDK> why would it be logged?[22:50:02] <tharkun> Why not?[22:50:53] <PatrickDK> a client won't submit an email that is too large, therefor it wouldn't be logged[22:52:32] <tharkun> bingo, if it doesn't advertise what size they recieve how can i know it is not going to work ? But then that is useless to discuss after reading this "enabling PIX workarounds: disable_esmtp delay_dotcrlf fo"[22:53:00] <PatrickDK> yuk, pix/asa[22:53:21] <PatrickDK> if they don't, then you submit the whole email[22:53:27] <PatrickDK> and it responds with a REJECT :)[22:53:46] <PatrickDK> well, normally a tempfail actually[22:53:56] <tharkun> nope, it responds with dsn=2.0.0, status=sent and then it mails it back[22:53:58] <PatrickDK> then every 15min, 30min, or whatever, you do it again[22:54:03] <PatrickDK> and burn bandwidth[22:54:09] <PatrickDK> what?[22:54:15] <PatrickDK> who are you sending it to?[22:54:25] <tharkun> Not me but a client[22:54:30] <PatrickDK> that sounds like someones misconfigured content scanner, that is rejecting it[22:54:39] <PatrickDK> so smtp server accepts, filter rejects, = bounce[22:55:23] <tharkun> Some incompetent firewall admin[22:57:31] <PatrickDK> hmm, that is pretty broken[22:57:39] <PatrickDK> more broken than any pix/asa I have seen[22:59:30] *** greg has quit IRC[22:59:54] *** greg has joined #postfix[23:00:06] *** greg has quit IRC[23:02:44] *** matt1982 has quit IRC[23:04:11] <tharkun> Exchange server with a different person in charge of the firewall. Nice combo for fubar email[23:04:29] <PatrickDK> technically that is fine, but someone screwed up[23:04:39] <PatrickDK> most likely exchange admin didn't do any outside testing :)[23:04:47] <PatrickDK> and didn't tell firewall admin about killing that[23:05:05] <PatrickDK> and firewall admin sees knob (or well, it's the default) and made sure it's enabled[23:05:13] <PatrickDK> oviously if cisco offers it, you need to use it :)[23:06:01] <tharkun> Nice to know about it. Now my email to postmaste needs to be nice and smoooooth so i don't get permanently banned on their firewall :)[23:06:11] <PatrickDK> hehe[23:06:32] <PatrickDK> smtp/dns fixup is guarrenteed to screw everyting up, please disable it[23:06:37] <PatrickDK> for your own sanity[23:07:14] <PatrickDK> the security issues these protect against where corrected half a decade ago[23:08:51] <tharkun> also on Exchange?[23:09:02] <PatrickDK> yep[23:09:20] <PatrickDK> even exchange gets security updates and service patchs[23:09:32] <PatrickDK> and 2007 isn't affected by those issues[23:09:43] <PatrickDK> I feel bad for anyone using 2003[23:09:57] <PatrickDK> 2003 might not be affected either[23:10:29] <PatrickDK> been to long for me to remember though[23:20:23] <pj> tharkun: most servers should respond with a 250-SIZE inresponse to an EHLO.[23:20:52] *** e-anima has quit IRC[23:20:57] <pj> postfix does at least[23:21:32] <tharkun> pj: exchange + pix is a no-no so far. Although the postmaster seemed quite reasonable, lets see what he does[23:21:41] <pj> ok[23:21:59] *** Inseto_Verde1 has joined #postfix[23:23:06] <pj> [08:53] <tharkun> nope, it responds with dsn=2.0.0, status=sent and then it mails it back[23:23:14] <pj> tharkun: you should submit it as aq backscatter source[23:23:42] <linguini> I have 2 machines: static_ip and dynamic_ip. Both have postfix, though dynamic_ip only has it so I can use /usr/sbin/sendmail. I want to send mail from dynamic_ip through static_ip. Should I use postfix on dynamic_ip or some other MTA such as nullmailer?[23:24:00] <tharkun> pj: I'll mention it to the postmaster. I will not point my finger to him unless he doesn't do anything about it.[23:24:15] <pj> yep, fair enough[23:24:46] <pj> !tell linguini nullmailer[23:24:47] <knoba> linguini: "nullmailer" : a nullclient program which provides a means for a computer to submit mail to an existing msa. see http://untroubled.org/nullmailer/ for more info. also see !nullclient_software, !nullclient and !msa[23:25:03] *** esaym153 has left #postfix[23:25:15] <pj> linguini: postfix does do that fine, but you will probably find it easier to use a nullmailer.[23:26:11] <pj> !tell linguini relayhost[23:26:11] <knoba> linguini: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[23:26:35] <linguini> pj: Thanks. The trouble I'm having is how to get static_ip to trust mail from dynamic_ip.[23:26:52] <tharkun> !tell linguini submission[23:26:53] <knoba> linguini: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[23:26:55] <pj> !tell linguini sasl[23:26:56] <knoba> linguini: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[23:27:23] <pj> !tell linguini saslclient[23:27:23] <knoba> linguini: "saslclient" : See http://www.postfix.org/SASL_README.html#client_sasl when you need client-side SASL authentication to deliver mail to another server[23:28:29] *** PatrickDK has quit IRC[23:28:29] *** patdk-wk has quit IRC[23:28:32] <linguini> Ah, thanks. I'll read about saslclient.[23:28:52] <pj> yw :-)[23:30:01] <tharkun> If you use a nullmailer you do not need to worry about that. But that is only if you do not plan to recieve any mail on the dyn ip[23:30:27] <pj> well, a nullmailer would have to auth as well[23:31:17] <pj> they generally have very easy config to do so, though.[23:48:29] *** wdp has quit IRC