June 8, 2012 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 8, 2012 [00:08:21] *** tr-808 has quit IRC[00:08:32] *** tr-808 has joined #postfix[00:10:02] *** chad has quit IRC[00:14:21] *** phantasm66 has quit IRC[00:17:08] *** jiffe1 has quit IRC[00:17:27] *** jiffe1 has joined #postfix[00:21:39] *** jiffe96 has joined #postfix[00:22:00] *** jiffe1 has quit IRC[00:43:40] *** danblack has joined #postfix[00:43:52] *** danblack has quit IRC[00:43:53] *** danblack has joined #postfix[00:46:44] *** jeev is now known as thatguy-NOT[00:46:49] *** thatguy-NOT is now known as jeev[00:53:22] *** amir_ has quit IRC[00:54:01] *** Praise- has joined #postfix[00:56:22] *** Praise has quit IRC[00:57:23] *** Praise- is now known as Praise[00:57:28] *** Tabmow has quit IRC[00:59:58] *** Tabmow has joined #postfix[01:00:59] *** krzee has joined #postfix[01:01:28] *** Kre10s_ has joined #postfix[01:09:30] <Kre10s_> I am getting a pam auth error, even with the correct username/password I have specified debug in /etc/pam.d/smtp[01:09:46] <lunaphyte> !tell Kre10s_ welcome[01:09:46] <knoba> Kre10s_: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[01:10:12] <PatrickDK> odd, postfix doesn't use pam[01:10:39] <Kre10s_> Where does the debug info go? When I try testsaslauthd -u ... -p ... all I get is connect() : No such file or directory[01:11:21] <lunaphyte> beats me. i stopped using cyrus ages ago. i don't support it anymore unless it can be demonstrated that it makes sense to use it.[01:11:40] <Kre10s_> whats the best alternative?[01:13:21] <lunaphyte> dovecot[01:19:14] *** jkfod has quit IRC[01:19:58] *** romildo has joined #postfix[01:20:56] *** romildo has left #postfix[01:27:34] *** Tabmow has quit IRC[01:30:22] *** Tabmow has joined #postfix[01:37:22] *** amir has joined #postfix[01:43:47] *** Areckx has joined #postfix[01:47:07] *** sphenxes has quit IRC[01:48:45] *** higuita has quit IRC[02:02:18] *** tmberg has quit IRC[02:04:55] *** MAAAAAD has quit IRC[02:05:14] *** MAAAAAD has joined #postfix[02:08:30] *** wdp has quit IRC[02:10:31] *** tmberg has joined #postfix[02:16:10] *** danblack has quit IRC[02:20:47] <pj> Kre10s_: what doe you use for IMAP?[02:22:02] *** ki7rw has joined #postfix[02:22:35] <Kre10s_> courier[02:23:12] <Kre10s_> I'm switching to pgsql and its throwing wrenches everywhere...[02:23:31] <pj> meh, dovecot is way better, imo, but if you're using courier imap then use cyrus_sasl with the rimap method.[02:23:43] <pj> then just do your auth through courier[02:24:55] <lunaphyte> even if i used courier for imap, i'd still use dovecot for sasl[02:24:55] <pj> and you certainly shouldn't be using pam for auth if your credentials are in pgsql[02:25:01] <pj> heh[02:25:07] <pj> I just use dovecot for both.[02:26:20] <lunaphyte> yeah. i mean, you *could* - but that's really quite convoluted.[02:26:55] <pj> I don't particularily like the idea of using dovecot just for sasl, that's like buying a new corvette just so you can listen to the radio.[02:27:03] *** ki7rw has quit IRC[02:29:12] <Kre10s_> rimap... Never heard that before.[02:29:16] <lunaphyte> i disagree[02:29:34] *** heller_barde has joined #postfix[02:29:54] <pj> Kre10s_: look it up[02:30:04] <pj> anyways, I have to run out, bbl[02:31:07] <heller_barde> hi guys. is it normal for a MTA that it's possible for an unauth'd connection to send an email *from* an email on that server *to* another email on that server? and is it possible to prevent that?[02:32:27] <lunaphyte> sure, it's possible.[02:32:54] <lunaphyte> especially if you do not implement a proper submission service and try to use port 25 for everything.[02:33:21] <lunaphyte> [btw- it's not the "from" part that matters - it's only the "to"][02:33:35] <heller_barde> I am fairly new to configuring MTAs, can you explain what you mean with "proper" submission service?[02:34:05] <lunaphyte> if the mail server for example.com required authentication in order to deliver to user at example dot com, how could any other mai lservers out on the internet ever deliver mail there?[02:34:17] <lunaphyte> !tell heller_barde submission[02:34:18] <knoba> heller_barde: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[02:34:49] <lunaphyte> port 25 is for mail servers to talk to other mail servers. it's not for end users/mail clients to submit email for delivery. that's what port 587 is for - submission[02:35:09] <heller_barde> lunaphyte thank you very much[02:35:31] <lunaphyte> you're welcome.[02:36:43] <lunaphyte> once you have submission set up [you should require both encryption and authentication for *all* transactions] - you can then configure your smtp service to reject mail when the envelope sender is an address that is "local" to that server [since that would be a submission][02:38:08] *** ki7rw has joined #postfix[02:38:41] <heller_barde> hmm. okay, my situation is that this server is the only one handling mails for my domains. is it even possible to properly set it up under these conditions?[02:39:48] *** ki7rw has quit IRC[02:39:57] *** fukushim_ has quit IRC[02:40:19] *** ki7rw has joined #postfix[02:40:25] <lunaphyte> of course[02:40:49] <lunaphyte> isn't that what we are talking about?[02:41:15] <heller_barde> i was. but i am a bit insecure about my knowledge ^^[02:41:48] *** ki7rw has quit IRC[02:42:08] <lunaphyte> oh. well, once you perform the implementation, i'm sure you'll understand it better[02:42:39] <heller_barde> I followed a guide to set up postfix/dovecot with sasl/mysql,. it works now, so that's a good base, but now i am playing around with telnet and trying out different things[02:42:50] *** johnnynobody has joined #postfix[02:42:59] <heller_barde> that's why I suddenly was confused whether I did something wrong[02:43:10] <heller_barde> I'll go find out how to use port 587[02:43:41] *** johnnynobody has quit IRC[02:44:29] *** ki7rw has joined #postfix[02:46:39] <lunaphyte> you haven't done something "wrong" per se - that's how the vast majority of mail servers operate - they don't impose any such restriction on smtp traffic. it's just adding one more component/constraint.[02:46:49] <lunaphyte> [not that that's a bad thing at all][02:47:03] <heller_barde> hmm. but doesn't that really open up for spammers?[02:47:17] <lunaphyte> no[02:47:36] <heller_barde> hmm, why not?[02:47:41] <lunaphyte> why would it?[02:48:10] <lunaphyte> we're talking about a constraint on the envelope sender.[02:48:38] <heller_barde> hm...[02:48:39] <lunaphyte> since you could get email from anywhere in the world, the envelope sender is empirically unknown. you cannot constrain it.[02:48:49] <lunaphyte> one exception withstanding.[02:48:50] <heller_barde> ok true[02:49:03] <heller_barde> i have not quite thought that through, eh? ^^[02:49:10] <heller_barde> it made sense a minute ago[02:49:30] <lunaphyte> you don't know what it will be, but you *do* know what it won't be - it won't be an email address *you* are responsible for.[02:49:52] <heller_barde> it could, though[02:49:57] <lunaphyte> no[02:50:00] <heller_barde> hm?[02:50:04] <lunaphyte> that would be submission.[02:50:08] <heller_barde> ooh[02:50:14] <lunaphyte> submission uses 587.[02:50:17] <heller_barde> that's why you separate the ports[02:50:20] <heller_barde> i see[02:50:25] <lunaphyte> if it appeared via smtp, then it's on 25[02:50:27] <lunaphyte> right[02:50:41] <heller_barde> okay, so what I need to do is separate those ports[02:50:46] <lunaphyte> yes[02:50:49] <heller_barde> which are not, on my system atm it seeme[02:50:52] <heller_barde> *seems[02:51:08] <lunaphyte> the value of imposing the constraint on smtp is what is debated.[02:51:18] *** keanne has quit IRC[02:51:44] <pj> generally speaking the only reason I've seen for people to constrain the sender like you seem to want is to help prevent people from inside the organisation pretending to be someone else inside the organisation.[02:51:44] <heller_barde> and now i completely agree on what you said makes perfect sense[02:51:56] <lunaphyte> not sure what you mean not on your system.[02:52:06] <lunaphyte> it's not an object or a piece of software.[02:52:10] <pj> heller_barde: you said you followed a guide, can you please show me a link to that guide?[02:52:22] <lunaphyte> it's a configuration consideration.[02:52:38] <heller_barde> pj: sure, give me a sec, lunaphyte: i meant on my system, port 587 is actually unused[02:52:47] <pj> !tell heller_barde submission[02:52:47] <knoba> heller_barde: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[02:52:47] <jimpop> we need a factoid of a list of bad guides.[02:53:02] <lunaphyte> heller_barde: oh, yeah. by default, submission is not on.[02:53:03] <heller_barde> http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid[02:53:06] <pj> heh, I think a factiod with a list of good ones would be much easier to maintain[02:53:32] <lunaphyte> postfix is primarily an mta - this means port 25. it can also be an msa - this means port 587[02:53:35] <jimpop> true. maybe a wiki page to point out the bad ones[02:53:37] <heller_barde> pj, it is loosely based on this one, which is found on the postfix.org site: http://workaround.org/ispmail/lenny[02:53:49] <heller_barde> in retrospect, i should have directly followed that one[02:53:50] <lunaphyte> a list of good what? howtos? that's an oxymoron[02:53:50] <pj> heller_barde: that guide is crap, it's telling you to use dovecot and saslauthd[02:54:14] <pj> dovecot provides it's own sasl authentication that works with postfix, there is no reason to use cyrus_sasl if you're using dovecot.[02:54:15] <heller_barde> pj, what do you suggest? courier?[02:54:21] <heller_barde> ah[02:54:22] <heller_barde> nvm[02:54:24] <pj> !tell heller_barde sasl[02:54:24] <knoba> heller_barde: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[02:55:07] <heller_barde> pj, but can you make that work with that mysql thing?[02:55:22] <heller_barde> */thing/setup/[02:55:26] <pj> yes, of course[02:55:35] <heller_barde> pj, oh okay[02:55:38] <pj> dovecot authenticates for IMAP just fine against your mysql db.[02:55:44] <pj> it uses the same authentication for sasl[02:55:59] <lunaphyte> in fact, it uses sasl, just as postfix does.[02:56:28] <heller_barde> i'll give that a look tomorrow. I live in europe and it's now 3 oclock. I'll be back here. thank you all! lunaphyte, pj[02:56:38] <heller_barde> (3 oclock in the night)[02:56:45] <pj> yw[02:56:50] <lunaphyte> sure thing, you're welcome[02:57:18] <pj> hrmmmm, that guide is telling you to increase the message size limit.[02:57:24] <pj> without any explanation as to why[02:58:01] <lunaphyte> another worthless guide. shocking.[02:58:06] <pj> that's bad as well, there are certainly legitimate reasons to increase that limit in *some* circumstances, but a guide should not be telling people to change it for no reason as well.[02:58:20] <heller_barde> hehe, you're free to sort me out with a better guide tomorrow. i should have come here earlier, i don't know why i keep forgetting IRC :([02:58:35] <lunaphyte> there is no better guide.[02:58:41] <lunaphyte> there is the documentation for the software[02:58:47] <pj> !tell heller_barde basic[02:58:47] <knoba> heller_barde: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[02:59:03] <heller_barde> alright then.[02:59:09] <heller_barde> i am going to sleep[02:59:15] <heller_barde> see you tomorrow[02:59:27] <heller_barde> or so.[02:59:28] <pj> it's also telling people to set their virtual transport to dovecot, which is bad along the same logic as the message size.[02:59:43] *** heller_barde has left #postfix[03:09:09] *** mfridh_ has quit IRC[03:11:15] *** keanne has joined #postfix[03:22:14] *** Kre10s_ has quit IRC[03:26:08] *** torvald has joined #postfix[03:42:03] *** Terminus- has joined #postfix[03:49:12] *** johnnynobody has joined #postfix[03:49:44] *** ki7rw has quit IRC[03:55:57] *** ki7rw has joined #postfix[03:58:45] *** johnnynobody has quit IRC[04:04:27] *** gongoputch has quit IRC[04:05:23] *** gongoputch has joined #postfix[04:08:00] *** Timzzzz is now known as Timmooo[04:19:59] *** phantasm66 has joined #postfix[04:23:24] *** elex111114 has joined #postfix[04:24:05] *** elex111113 has quit IRC[04:43:48] *** phantasm66 has quit IRC[04:51:19] *** chad has joined #postfix[04:56:46] *** hesco1 has joined #postfix[05:02:20] *** hesco1 has left #postfix[05:02:34] *** hesco1 has joined #postfix[05:03:40] *** laner has joined #postfix[05:05:00] *** hesco1 has left #postfix[05:05:52] *** MAAAAD has joined #postfix[05:05:57] *** hesco1 has joined #postfix[05:06:49] <hesco1> .[05:06:54] <hesco1> I just updated and ran postmap on /etc/postfix/virtual_mailbox_aliases, forgot to restart the server, yet still saw in the logs my new alias successfully redirected to its destination. Does postfix not require a restart for virtual_alias_maps = hash:/etc/postfix/virtual_mailbox_aliases ???[05:06:57] <hesco1> .[05:08:09] *** laner has quit IRC[05:08:29] *** MAAAAAD has quit IRC[05:10:13] *** laner has joined #postfix[05:11:13] <lunaphyte> heavens no. that would be absurd.[05:12:55] <hesco1> you are saying that restarting the server to read the new aliases would be absurd, because the hashed db version is consulted each time it is needed?[05:13:12] <hesco1> not only at startup?[05:14:21] *** laner has quit IRC[05:17:48] <jimpop> postfix will pick up file changes and eventually reload them[05:18:08] <jimpop> if you want the changes immediately, then run 'postfix reload'[05:22:30] <lunaphyte> postfix picks up map changes immediately.[05:22:44] <lunaphyte> postfix picks up most other changes eventually.[05:25:37] <jimpop> did not know that about the map changes[05:31:56] *** Marf has quit IRC[05:35:28] <hesco1> sweet. I assume that by eventually you mean as the child processes die off and are replaced.[05:38:20] *** ki7rw has quit IRC[05:43:29] *** laner has joined #postfix[05:44:18] *** jetty has joined #postfix[05:45:47] *** danblack has joined #postfix[05:56:05] *** laner has quit IRC[06:12:59] *** danblack has quit IRC[06:14:07] *** jetty has quit IRC[06:14:07] *** jetty has joined #postfix[06:14:14] <jetty> hello[06:15:00] *** shoonya has joined #postfix[06:28:17] <jetty> hello[06:38:40] *** jetty has quit IRC[06:39:54] <jimpop> !tell jeev welcome[06:39:55] <knoba> jeev: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[06:46:59] <pj> hehehe[06:58:26] *** nb has quit IRC[07:08:36] *** nb has joined #postfix[07:12:26] *** uqlev has joined #postfix[07:14:29] <jimpop> doh, just realized that. sorry jeev[07:14:52] <jimpop> i block joins/etc[07:15:19] *** jetty has joined #postfix[07:18:11] <pj> I don't[07:31:46] *** gerhard7 has joined #postfix[07:43:29] *** jetty has quit IRC[07:46:46] *** Zeit|awy has joined #postfix[07:49:25] *** trentg has quit IRC[07:50:52] *** trentg has joined #postfix[07:50:52] *** uqlev has quit IRC[08:18:00] *** shoonya has quit IRC[08:22:24] *** danblack has joined #postfix[08:22:33] *** weedar has joined #postfix[08:28:47] *** feisar has quit IRC[08:38:22] *** nuomi has joined #postfix[08:54:58] *** UQlev has joined #postfix[09:01:11] *** trentg has quit IRC[09:02:22] *** trentg has joined #postfix[09:04:22] *** nuomi has quit IRC[09:05:03] *** master_of_master has quit IRC[09:05:09] *** nuomi has joined #postfix[09:08:47] *** koobs has quit IRC[09:12:27] *** master_of_master has joined #postfix[09:17:07] *** rmayorga has quit IRC[09:19:59] *** tjikkun_work has joined #postfix[09:28:13] *** rmayorga has joined #postfix[09:28:13] *** rmayorga has joined #postfix[09:31:56] *** e-anima has joined #postfix[09:34:19] *** MAAAAD has quit IRC[09:40:16] *** MAAAAD has joined #postfix[09:42:46] *** danblack has quit IRC[09:45:50] *** keanne has quit IRC[10:00:09] *** shoonya has joined #postfix[10:04:51] *** Terminus- has quit IRC[10:05:10] *** d3c has quit IRC[10:06:45] *** Terminus- has joined #postfix[10:07:59] *** d3c has joined #postfix[10:11:46] *** Terminus- has quit IRC[10:12:56] *** Terminus- has joined #postfix[10:13:39] *** Areckx has quit IRC[10:15:06] *** sphenxes has joined #postfix[10:35:49] *** danblack has joined #postfix[10:39:08] *** nuomi has quit IRC[10:41:51] *** d3c has quit IRC[10:42:06] *** d3c has joined #postfix[10:43:18] *** d3c has quit IRC[10:58:05] *** shoonya has quit IRC[10:59:37] *** Marf has joined #postfix[11:03:27] *** ikonia has quit IRC[11:04:33] *** Zeit|awy has quit IRC[11:04:35] *** shoonya has joined #postfix[11:08:12] *** wdp has joined #postfix[11:08:55] *** weedar has quit IRC[11:09:54] *** mfridh has joined #postfix[11:10:51] *** ikonia has joined #postfix[11:11:55] *** weedar has joined #postfix[11:13:49] *** mi has joined #postfix[11:20:28] *** wdp has quit IRC[11:20:35] *** ondrejk_ has joined #postfix[11:20:52] *** pyco_ has joined #postfix[11:20:55] *** wdp has joined #postfix[11:21:08] *** cite_ has joined #postfix[11:21:38] *** ssureshot has quit IRC[11:21:39] *** meisth0th has quit IRC[11:21:39] *** freaky[t] has quit IRC[11:21:39] *** pyco has quit IRC[11:21:39] *** bubu\a has quit IRC[11:21:39] *** ondrejk has quit IRC[11:21:39] *** Riviera has quit IRC[11:21:39] *** cite has quit IRC[11:21:42] *** weedar has quit IRC[11:21:49] *** freaky[t] has joined #postfix[11:22:15] *** meisth0th_ has joined #postfix[11:23:16] *** shoonya has quit IRC[11:24:51] *** prooz has quit IRC[11:24:52] *** viddy has quit IRC[11:25:08] *** meisth0th_ has left #postfix[11:25:21] *** shoonya has joined #postfix[11:25:44] *** nuomi has joined #postfix[11:26:36] *** nb has quit IRC[11:27:52] *** noop- has joined #postfix[11:29:02] *** Riviera has joined #postfix[11:29:31] *** noop has quit IRC[11:29:31] *** Tormin has quit IRC[11:30:06] *** cnu_ has quit IRC[11:30:14] *** Zeit|awy has joined #postfix[11:32:14] *** bubu\a has joined #postfix[11:34:34] *** Tormin has joined #postfix[11:36:55] *** prooz has joined #postfix[11:37:18] *** viddy has joined #postfix[11:38:29] *** cnu- has joined #postfix[11:40:38] *** nb has joined #postfix[11:43:47] *** Smiley has joined #postfix[11:43:51] <Smiley> Howdy[11:44:01] <Smiley> Is there a way to whitelist a sender address, rather than the IP of the mta?[11:46:59] *** weedar has joined #postfix[11:50:20] *** nuomi has quit IRC[11:56:23] <pj> Smiley: that's a very bad idea, it's easy to spoof sender addresses and it will open you up as a spam relay.[11:56:56] *** shoonya has quit IRC[11:58:59] <Smiley> Why would it allow us to be a relay? :/[11:59:07] <Smiley> @azvector.com OK[11:59:10] <Smiley> like this?[11:59:50] <Smiley> check_sender_access hash:/etc/postfix/sender_access,[12:00:13] *** shoonya has joined #postfix[12:00:50] <pj> because all I have to do is send some spam to your server with an envelope sender of foo at azvector dot com and it will relay it right through.[12:01:06] <Smiley> Sorry, to who?[12:01:50] <pj> well if all you're doing is checking that the sender matches @azvector.com[12:02:35] <Smiley> yup[12:02:43] <Smiley> basically azvector are a customer who are trying to email us[12:02:51] <Smiley> atm they get blacklisted. We've told them to fix it but its not going to happen[12:03:10] <Smiley> So..... we need to recieve that email. if some spam appearing to come from that comes through too, so be it.[12:03:12] <pj> why are they blacklisted?[12:03:23] <Smiley> Dunno, because they are dumb and can't run a proper mta?[12:03:39] <pj> you're the one who's blacklisting them, you should know[12:03:44] <Smiley> reject_rbl_client bl.spamcop.net[12:04:04] <Smiley> System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)[12:04:07] <Smiley> SpamCop users have reported system as a source of spam less than 10 times in the past week[12:04:08] *** nuomi has joined #postfix[12:04:10] <Smiley> they be spammin :D[12:04:16] <pj> ok, what I would do then is use a whitelist to just bypass that one rbl for them[12:04:31] <pj> don't let it bypass all your checks, just the one(s) giving your problems.[12:04:54] <Smiley> hmmmm[12:04:58] <Smiley> How :S[12:05:10] <pj> well, for that I would need to see your postconf -n[12:05:24] <Smiley> ah[12:05:31] <Smiley> put the check right before the blacklist stuff?[12:05:37] <pj> yes[12:05:45] <Smiley> Ok, thats done[12:05:47] <pj> it's all about the order you put things in[12:05:56] <Smiley> theres other checks first, invalidhostnames, and other stuff.[12:06:23] <Smiley> http://dpaste.org/8RGFO/[12:06:26] <pj> right, that way you're not giving someone who wants to spoof them as a sender a free ride past all your checks.[12:06:33] <Smiley> <nod>[12:06:52] <pj> although I would whitelist their mx by IP address instead, more reliable.[12:06:58] <Smiley> tbh if a spammer pretends to be @azvector, but the spam only hits INTERNALLY, I don't really care.[12:07:05] <Smiley> pj: tried that....[12:07:14] <pj> what's wrong with it?[12:07:19] <Smiley> their mx appears to keep changing IP and they haven't yet replied with the other blocked emails.[12:07:24] <pj> oh[12:07:35] <Smiley> i.e. after whitelisting 1 IP, we got 1 email through, then th next one bounced[12:07:50] <Smiley> I can only presume they are using some kind of server farm as a massive mta :D[12:07:59] <pj> that explains a lot, their mx is probably on a dynamic IP, and/or they're using multiple submission servers, probably some of them are configured to use their own ISPs servers for submission.[12:07:59] <Smiley> p3plsmtps2ded01-01.prod.phx3.secureserver.net. << yeah.....[12:08:34] *** sysmonk has quit IRC[12:08:49] <pj> and you really need to be able to recieve emails from these iditos?[12:08:53] <pj> *idiots[12:09:14] <Smiley> Sadly yes.[12:09:23] <Smiley> I'm IT. I have orders from above.[12:09:35] *** sysmonk has joined #postfix[12:09:35] <pj> yeah, I get it, sucks.[12:09:40] <Smiley> hehe thanks for the help.[12:10:11] <Smiley> check_sender_access - for checking email addresses; and check_client_access for IP's?[12:10:32] <Smiley> infact that sounds completely wrong...[12:11:23] <Smiley> sender_access being mail recieved; and client_access being mail sent?[12:11:58] <pj> brb[12:13:47] <Smiley> k[12:14:03] *** koobs has joined #postfix[12:15:38] <pj> well, I just use check_recipient_access for everything.[12:16:32] <pj> sorry, I mean smtp_recipient_restrictions[12:16:34] <pj> ummmm[12:16:47] <pj> you want check_sender_access[12:16:50] <Smiley> i was just looking at the man page going "wtf? he uses RCPT TO?"[12:17:03] <Smiley> pj: yah, ty that makes the most sense to me too[12:17:17] <Smiley> I've never really done any work on postfix, its always just worked afteri t was set years ago (Before I existed here)[12:17:28] <Smiley> then last few days I've been sent these emails going "fix this".[12:17:56] *** koobs has quit IRC[12:17:57] *** koobs has joined #postfix[12:18:28] <pj> well, consider that with postscreen you can put your RBLs there and give them different weight, so that spamcop can count towards rejecting, but a listing in spamcop won't in and of itself cause an email to be rejected.[12:19:31] <pj> that may be another way to go, because some RBLs are not so reliable and give false positives, but if you combine them so that a server has to be listed in two of those then you get more reliable.[12:19:45] <Smiley> yeah[12:19:49] <Smiley> I realise thats a better way of doing it[12:20:01] <Smiley> but hell, that customer isn't likely to exist very long anyway lol[12:20:50] <pj> hehehe[12:20:53] *** prooz has quit IRC[12:21:01] *** prooz has joined #postfix[12:21:14] *** xabbuh has joined #postfix[12:23:06] <Smiley> Ah well, hopefully this works, I think the customer is US based so I'll hopefully hear before the end of the day ¬_¬[12:23:30] *** npmapn has joined #postfix[12:23:46] *** viddy has quit IRC[12:24:04] *** viddy has joined #postfix[12:32:57] *** kaos01 has joined #postfix[12:33:00] *** eanima has joined #postfix[12:33:21] *** e-anima has quit IRC[12:35:17] *** shoonya has quit IRC[12:44:41] *** nuomi has quit IRC[12:55:51] *** p3rror has quit IRC[13:02:34] *** UQlev has quit IRC[13:08:43] *** KippiX has quit IRC[13:16:04] *** ssureshot has joined #postfix[14:05:51] *** viddy has quit IRC[14:07:05] *** viddy has joined #postfix[14:07:11] *** Kre10s has joined #postfix[14:07:48] <Kre10s> Alright! I finally got it working. turns out i was editing the wrong config file, and that the real one didn't even exist yet :/[14:08:08] <Smiley> Oh thts annoying :D[14:09:45] <Kre10s> Not I can send emails, and they do arive, but i have messages like Failed to append to user@host@mailhost:INBOX/Sent ... apending to local Sent folder instead... in both evolution and thunderbird Theres nothing in my error logs. what could it be?[14:09:52] <Kre10s> *now...[14:10:14] <Kre10s> lol. they arive[14:12:08] *** cite_ has quit IRC[14:12:15] *** cite has joined #postfix[14:14:50] *** danblack has quit IRC[14:26:03] *** Section1 has joined #postfix[14:26:39] *** Marf has left #postfix[14:30:10] *** Kre10s has quit IRC[14:31:18] *** d3c has joined #postfix[14:36:14] *** [diablo] has joined #postfix[14:36:14] *** [diablo] has joined #postfix[14:36:39] <[diablo]> good afternoon postfix[14:37:07] *** K0B1U5 has joined #postfix[14:37:11] <K0B1U5> hi all[14:37:39] <K0B1U5> I'm trying to setup a postfix/dovecot email on Centos[14:37:42] *** Terminus- has quit IRC[14:38:06] <K0B1U5> I can receive emails - but I'm trying to setup SSL to send them, and having absolutely no luck[14:38:30] <K0B1U5> does anyone know what port should be used, and a guide to what I need to do to get it working? :([14:39:16] <Dominian> !sasl[14:39:16] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[14:39:17][14:39:17] <Dominian> !submission[14:39:18] <knoba> Dominian: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[14:39:30] <[diablo]> what would this type of configuration be called please?[14:44:33] *** _Leyoda has joined #postfix[14:49:59] <K0B1U5> SASL, yes that's what I meant. Thanks for the link, I'll have a read![14:55:18] <K0B1U5> If I run postconf -a, dovecot appears in the list - I'm using dovecot 2, am I on the right track?[14:55:57] <K0B1U5> Sorry, after trying to get this working for so long I just need some sort of step-by-step help to progress further[14:56:34] <tuxick> like the documentation?[14:57:27] <K0B1U5> Well, even that seems a little convoluted - I'm not sure if that's the right stuff for a Centos 6/Postfix/Dovecot 2 setup[14:57:40] <tuxick> http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL[14:58:09] <K0B1U5> Thanks tuxick[14:58:18] <K0B1U5> Also, is there an easy way to test this?[14:58:39] <K0B1U5> My current testing has been trying to send emails via a mail app, but it just gets stuck until it times out[15:05:21] <tuxick> that's because you were going by trial&error ;p[15:16:49] <K0B1U5> Haha true[15:18:00] *** rmayorga has quit IRC[15:19:16] <K0B1U5> Oh one other thing, if I'm adding my email address to my mail app - what port do I want to use if I'm sending an email from a php page on my domain[15:19:20] <K0B1U5> I'm guessing 587?[15:21:52] *** rmayorga has joined #postfix[15:21:52] *** rmayorga has joined #postfix[15:22:18] <tuxick> yeah[15:24:24] <tuxick> afair 465 was legacy[15:24:53] *** chad has quit IRC[15:28:18] <K0B1U5> I followed that guide, but still no luck :([15:28:27] <K0B1U5> I'm not sure what the issue is[15:29:10] <tuxick> time to check logs then[15:29:21] *** Mazon has left #postfix[15:33:56] *** prooz has quit IRC[15:35:35] *** prooz has joined #postfix[15:35:45] <K0B1U5> Hmm quite a few erros[15:35:48] <K0B1U5> *errors[15:36:40] <K0B1U5> In var/log/maillog[15:36:42] <K0B1U5> There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/ssl/certs/mail.crt)[15:42:44] *** weedar has quit IRC[15:43:59] <patdk-wk> are we testing dovecot or postfix?[15:44:28] *** phantasm66 has joined #postfix[15:45:09] <tuxick> yes[15:45:36] * tuxick suggests first testing the dovecot bit, since that's where the certs bit is done[15:46:19] <K0B1U5> I see, the previous guides I found online did mention it - but they were all for Dovecot 1[15:46:40] <K0B1U5> wasn't sure on they work with Dovecot 2[15:46:59] <K0B1U5> so, how can test Dovecot?[15:47:16] *** Guest02377-50092 has joined #postfix[15:47:43] <tuxick> a client[15:47:45] <tuxick> of s_client[15:48:07] <tuxick> actually, just fix the errors first[15:48:19] <tuxick> since there's no point testing something that's not working anyway[15:48:25] <K0B1U5> true[15:48:42] <K0B1U5> So, the PEM certificate error - that's something with Dovecot SSL?[15:49:02] <K0B1U5> in dovecot/10-ssl.conf ?[15:49:31] *** lunaphyte__ has joined #postfix[15:50:41] *** Creamz_ has joined #postfix[15:52:21] *** internat has quit IRC[15:52:23] *** Creamz has quit IRC[15:52:23] *** lunaphyte has quit IRC[15:52:23] *** pj has quit IRC[15:52:23] *** tabakhase has quit IRC[15:52:23] *** kaos01 has quit IRC[15:52:23] *** Verilium has quit IRC[15:52:23] *** jimpop has quit IRC[15:52:23] *** lunaphyte__ is now known as lunaphyte[15:52:24] *** tr-808 has quit IRC[15:53:02] *** kaos01 has joined #postfix[15:53:04] *** buki has quit IRC[15:53:10] *** tr-808_ has joined #postfix[15:53:11] *** tr-808 has joined #postfix[15:53:16] *** Corey has quit IRC[15:53:43] *** buki has joined #postfix[15:54:04] <K0B1U5> hmm I don't have a dovecot.pem inside of /etc/ssl/certs/[15:54:46] * tuxick sighs[15:55:48] *** tabakhase has joined #postfix[15:56:23] <K0B1U5> is that.. right?[15:56:30] *** UQlev has joined #postfix[15:57:13] <tuxick> a bit hard to set up ssl without certs[15:57:17] * tuxick points at documentation[15:58:00] <tuxick> it's all in wiki2.dovecot.org[15:59:18] <K0B1U5> ah ok[15:59:21] <K0B1U5> lol thanks[15:59:36] *** prooz has quit IRC[15:59:39] *** Azzid has quit IRC[16:00:34] *** blue-dragon is now known as Blue-Dragon[16:01:06] *** pj has joined #postfix[16:02:44] <tuxick> http://www.postfix.org/SASL_README.html[16:03:09] *** mi has quit IRC[16:03:31] *** Verilium has joined #postfix[16:03:56] *** srg has joined #postfix[16:04:09] <srg> Postfix cannot execute a command via pipe (in master.cf) as root, correct?[16:04:10] *** Corey has joined #postfix[16:05:15] <K0B1U5> Ok, so I have to run the mkcert.sh - but before that configure the file dovecot-openssl.conf. Does this already exist, or is it something I need to create in a particular directory?[16:05:24] <K0B1U5> Sorry for all the questions, it's been a long few days on this[16:09:10] *** jimpop has joined #postfix[16:09:10] *** jimpop has joined #postfix[16:09:30] *** snearch has joined #postfix[16:13:41] <tuxick> duh, can't find how to make postfix show capabilities[16:13:53] *** d3c has quit IRC[16:13:59] *** GieltjE has joined #postfix[16:15:46] *** d3c has joined #postfix[16:17:02] <K0B1U5> no worries, got it now[16:19:58] *** ced117 has joined #postfix[16:20:14] *** Mazon has joined #postfix[16:22:04] <tuxick> i don't :)[16:24:11] *** jiffe96 has quit IRC[16:24:58] *** elex111114 has quit IRC[16:34:21] *** elex111114 has joined #postfix[16:36:11] *** prooz has joined #postfix[16:36:30] *** Smiley has left #postfix[16:38:31] *** monad has joined #postfix[16:41:49] <tuxick> odd, i've got a working sasl auth on one box[16:42:09] <tuxick> but on this new one simply following http://www.postfix.org/SASL_README.html not getting expected results[16:42:15] <tuxick> 250-AUTH PLAIN[16:42:30] <tuxick> it's just 4 lines in main.cf![16:45:01] *** moand has joined #postfix[16:45:46] <K0B1U5> I did add those, but still couldn't send emails via smtp[16:45:47] *** snearch has quit IRC[16:45:58] <K0B1U5> must be something I've done wrong elsewhere[16:46:16] *** snearch has joined #postfix[16:46:39] *** Mp5shooter has quit IRC[16:47:30] *** xabbuh has quit IRC[16:48:06] *** monad has quit IRC[16:48:11] *** Mp5shooter has joined #postfix[16:48:25] <lunaphyte> !tell K0B1U5 welcome[16:48:25] <knoba> K0B1U5: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[16:49:07] *** GieltjE has quit IRC[16:49:39] *** elex111114 has quit IRC[16:51:28] *** [diablo] has quit IRC[16:52:28] *** elex111114 has joined #postfix[16:54:16] <K0B1U5> thanks lunaphyte, sorry I broke any rules or anything[16:54:49] <lunaphyte> you're fine. just do as the topic instructs, and then we'll be able to help you.[17:01:45] *** p3rror has joined #postfix[17:02:13] <K0B1U5> topic[17:02:17] <K0B1U5> gH[17:02:36] <lunaphyte> isn't the topic displayed in your irc client?[17:02:46] <K0B1U5> the "/topic" command doesn't seem to work in freenode webchat[17:03:51] *** hamphster has joined #postfix[17:04:33] <lunaphyte> it's at the top of the window[17:06:06] <K0B1U5> Sorry, I don't mean to sound rude/dumb - the links at the top I have are "On using IRC", "Bot info" and "Channel log"[17:06:06] *** hamphster has quit IRC[17:06:52] *** hapmhster has joined #postfix[17:07:04] <lunaphyte> right. those are all part of the topic[17:07:05] <K0B1U5> let me try setting up my[17:07:13] <K0B1U5> other irc app[17:07:44] <lunaphyte> webchat is fine.[17:07:45] <K0B1U5> Ahh I see, my bad[17:08:03] <K0B1U5> Sorry, on other IRC channels I've used, they've been very strict about their particular riles[17:08:05] <K0B1U5> *rules[17:08:17] <K0B1U5> and I'm having a bit of a brain-dead day[17:08:25] <K0B1U5> happy friday![17:08:47] *** hapmhster has quit IRC[17:10:48] <K0B1U5> Ok, I have a Centos 6/Postfix/Dovecot setup and am trying to be able to send and receive emails. Currently receiving emails works, but sending does not. I'm trying to setup SSL, and now have the certificates setup (thanks to tuxick!) but am not exactly sure how to properly test if SMTP is working.[17:11:26] <tuxick> http://www.postfix.org/SASL_README.html :)[17:11:41] <tuxick> but i must be overlooking something too[17:11:43] <lunaphyte> right, that's all covered int he documentation[17:11:49] <lunaphyte> *in the[17:13:37] <tharkun> !tell K0B1U5 sasl_client[17:13:38] <knoba> K0B1U5: "sasl_client" : www.postfix.org/SASL_README.html#client_sasl[17:14:45] <K0B1U5> Ah I see, thanks guys - and what ports do I need to specifically test/connect to? I think that's one of my biggest confusions[17:15:00] <K0B1U5> Is it 25 or 587?[17:15:32] <lunaphyte> do you understand the difference between those two ports?[17:15:36] <lunaphyte> that is step one[17:16:37] <K0B1U5> not 100%. I assume 587 is for SSL[17:16:44] <lunaphyte> no[17:16:46] <thumbs> no.[17:16:48] <tharkun> no[17:16:51] <thumbs> !tell K0B1U5 submission[17:16:51] <knoba> K0B1U5: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[17:16:54] <K0B1U5> ha[17:17:25] <lunaphyte> encryption [wrongly referred to as "ssl"] has nothing to do with a particular port[17:18:16] <K0B1U5> I see, guess I have some reading to do[17:18:16] <thumbs> postfix can be configured to accept, require or deny encrypted connections.[17:20:20] * roe thinks lunaphyte thumbs and tharkun should form a barbershop trio[17:20:59] <thumbs> roe: hah![17:26:39] <K0B1U5> I see, ok. Thanks for that link, thumbs.[17:27:54] <thumbs> K0B1U5: those are generally referred to as "TLS"[17:28:53] <K0B1U5> I think the only other "basic" thing that I don't have 100% in my head is the mail server domain - I have created an MX record called mail.domain.com - is that all I need? Or do I need an smtp.domain.com - I see that used pretty much everywhere[17:29:19] <roe> !tell K0B1U5 superbasic[17:29:20] <knoba> roe: Error: No factoid matches that key.[17:29:26] <roe> bull[17:29:32] <roe> !superbasic[17:29:32] <knoba> roe: Error: "superbasic" is not a valid command.[17:29:36] <roe> !super_basic[17:29:36] <knoba> roe: "super_basic" : Setting up an 'Email Server' has many moving parts. If you don't understand what you are doing, start here: http://en.wikipedia.org/wiki/E-mail#Operation_overview[17:29:39] <roe> there it is[17:29:57] <roe> that page actually give a very good high-level overview of how email works[17:31:58] <tharkun> K0B1U5: you can have as many dns records ass you want. The actual must have of dns for email is[17:32:06] <tharkun> !fcrdns[17:32:06] <knoba> tharkun: "fcrdns" : http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS : your IP address should resolve to $myhostname, which in turn should resolve back to your IP. This is very important if you want big sites to accept your mail. If you can't have it from your ISP, see !relayhost[17:34:24] *** kaos01 has quit IRC[17:35:36] *** elex111115 has joined #postfix[17:36:18] *** elex111114 has quit IRC[17:37:37] <lunaphyte> also - please don't use other people's domain names in your examples it's inconsiderate.[17:40:00] <K0B1U5> Sorry about that, thanks for the links though - very helpful![17:40:58] *** elex111116 has joined #postfix[17:42:05] *** elex111115 has quit IRC[17:45:30] *** jkfod has joined #postfix[17:48:00] *** npmapn_ has joined #postfix[17:50:53] *** npmapn has quit IRC[17:51:17] <K0B1U5> I think I've messed up along the way, would it be recommended that i remove postfix/dovecot - re-install, and then follow the Postfix SASL How-To?[17:51:30] *** npmapn_ has quit IRC[17:51:44] *** npmapn has joined #postfix[17:52:38] <lunaphyte> heavens no.[17:52:47] <lunaphyte> removing/reinstalling is for windows users.[17:58:11] <K0B1U5> Haha, very true[17:58:33] <K0B1U5> But in the mix of following a guide or two, I think my conf files may be incorrect[17:58:46] <K0B1U5> at least, I'm sure that's not all that's the problem[17:59:02] <lunaphyte> that ok. dispense with the guides, and then use the documentation to correct the configs.[18:00:44] *** KaiForce has joined #postfix[18:06:08] *** elex111116 has quit IRC[18:06:20] *** tjikkun_work has quit IRC[18:06:53] *** shal3r_ has quit IRC[18:07:04] *** elex111116 has joined #postfix[18:08:54] * thumbs gives tharkun ass records[18:10:06] * tharkun Writes down 100000000 ass is not a preposition it is a noun[18:11:06] <thumbs> 11:31:58 < tharkun> K0B1U5: you can have as many dns records ass you want. The actual must have of dns for email is[18:11:31] * tharkun realized the typo a second late[18:13:10] *** srg has left #postfix[18:13:57] *** _Leyoda has quit IRC[18:19:00] *** mroe has joined #postfix[18:21:41] *** K0B1U5 has quit IRC[18:21:53] *** mroe has quit IRC[18:26:20] *** K0B1U5 has joined #postfix[18:28:42] *** mroe has joined #postfix[18:28:52] *** mroe has joined #postfix[18:32:45] *** mroe has quit IRC[18:36:47] *** moand has left #postfix[19:02:37] *** baitt has joined #postfix[19:03:26] *** baitt has left #postfix[19:12:53] *** erratic has joined #postfix[19:30:51] *** K0B1U5 has quit IRC[19:37:07] *** SelfishMan has quit IRC[19:38:30] *** SelfishMan has joined #postfix[19:44:06] *** noop- has left #postfix[19:46:11] *** UQlev has quit IRC[20:09:05] *** p3rror has quit IRC[20:13:20] *** uqlev has joined #postfix[20:13:27] *** Wozl has joined #postfix[20:13:42] *** uqlev has quit IRC[20:25:43] *** Alagar has joined #postfix[20:35:44] *** devxdev has joined #postfix[20:47:49] *** ikk has joined #postfix[20:48:13] <devxdev> !welcome[20:48:13] <knoba> devxdev: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[20:48:55] <ikk> just had someone abuse an smtp server - all our smtp servers add an header X-Authenticated-As before it gets to this postfix servers, can i make postfix reject emails that dont have this header in it?[21:08:42] *** dila has joined #postfix[21:08:48] *** Areckx has joined #postfix[21:11:55] *** dila has left #postfix[21:22:17] *** devxdev has quit IRC[21:24:40] *** K0B1U5 has joined #postfix[21:29:32] <K0B1U5> Still currently working on sending emails via Postfix/Dovecot - after reading through the Postfix HowTo's - I'm guessing they are a little out of date for the latest version of dovecot? Just as I'm receiving this message when I restart Dovecot:[21:29:33] <K0B1U5> Obsolete setting in /etc/dovecot/dovecot.conf:4: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely[21:35:38] <Zerberus> that's why you should read the original documentation of the software you run[21:38:48] *** npmapn has quit IRC[21:44:37] *** WozlII has joined #postfix[21:45:21] *** WozlII has quit IRC[21:48:31] *** Wozl has quit IRC[21:57:09] *** snearch has quit IRC[21:57:34] *** Section1 has quit IRC[22:00:55] *** K0B1U5 has quit IRC[22:03:43] *** PatrickDK has quit IRC[22:04:41] *** PatrickDK has joined #postfix[22:10:40] *** Telgalizer has quit IRC[22:14:03] *** Telgalizer has joined #postfix[22:23:18] *** uqlev has joined #postfix[22:42:56] *** p3rror has joined #postfix[22:54:36] *** KaiForce has quit IRC[23:05:21] *** d3c has quit IRC[23:16:16] *** gerhard7 has quit IRC[23:19:41] *** npmapn has joined #postfix[23:35:06] *** Areckx has quit IRC[23:35:53] *** p3rror has quit IRC[23:43:06] *** Areckx has joined #postfix[23:46:38] *** Alagar has quit IRC[23:48:33] *** uqlev has quit IRC[23:51:35] *** kaos01_ has quit IRC[23:56:27] *** npmapn has quit IRC