June 13, 2012 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 13, 2012 [00:00:02] <donkdonk> yea, i see that[00:00:21] <donkdonk> and my failure of an app can't do that....[00:00:24] <donkdonk> awesome.[00:01:28] <pj> well, it could use sendmail, probably[00:01:40] <pj> but tbh smtp is better.[00:01:44] <donkdonk> it's my app, (aka http://www.inversepath.com/tenshi_man.html) that is sending the localhost.localdomain in the helo...[00:03:46] <donkdonk> okay[00:04:01] <donkdonk> i guess i will need to change how email works on every server...[00:29:18] *** donkdonk has left #postfix[00:50:26] *** danblack has joined #postfix[00:53:12] *** hever has joined #postfix[00:53:35] *** cps0 has joined #postfix[00:54:13] *** hever has quit IRC[00:54:18] *** shinao1 has quit IRC[01:26:58] *** jonez has quit IRC[01:31:08] *** devxdev has quit IRC[01:40:11] *** jonez has joined #postfix[01:41:02] *** Blwch has joined #postfix[01:59:20] *** cps0 has quit IRC[02:21:10] *** Guest14520 has left #postfix[02:24:46] *** iampaul83 has joined #postfix[02:25:17] <iampaul83> Is anyone here fimialr with maia mailguard i am having an issue with something[02:27:17] *** Areckx has quit IRC[02:28:09] *** Areckx has joined #postfix[02:30:54] *** thumbs has joined #postfix[03:26:27] *** mBull has quit IRC[03:27:20] <lunaphyte> iampaul83: what is your postfix question?[03:32:10] *** jkfod has quit IRC[03:32:58] *** Terminus- has joined #postfix[03:40:51] *** BuenGenio has joined #postfix[03:56:14] *** danblack has quit IRC[03:57:37] *** FainaUkraina has joined #postfix[03:58:44] *** BuenGenio has quit IRC[04:01:33] *** tjikkun_work has quit IRC[04:02:39] *** Areckx has quit IRC[04:03:39] *** Terminus- has quit IRC[04:05:44] *** elex111119 has joined #postfix[04:07:14] *** elex111118 has quit IRC[04:09:48] *** BuenGenio has joined #postfix[04:12:43] *** FainaUkraina has quit IRC[04:45:41] *** err_or has quit IRC[04:53:12] *** danblack has joined #postfix[04:57:43] *** err_or has joined #postfix[05:11:08] *** MAAAAAD has quit IRC[05:23:16] *** MAAAAAD has joined #postfix[05:25:50] *** BuenGenio has quit IRC[05:26:36] *** BuenGenio has joined #postfix[05:27:17] *** s0ber_ has joined #postfix[05:27:42] *** nokia3510 has quit IRC[05:27:42] *** Driver has quit IRC[05:28:50] *** Creamz has quit IRC[05:29:00] *** Creamz has joined #postfix[05:29:24] *** s0ber has quit IRC[05:29:28] *** nokia3510 has joined #postfix[05:29:30] *** s0ber_ is now known as s0ber[05:33:49] *** Driver has joined #postfix[05:49:29] *** elex111119 has quit IRC[05:53:25] *** Telgsta has quit IRC[05:55:29] *** FainaUkraina has joined #postfix[05:57:47] *** Tabmow has joined #postfix[05:58:02] *** Tabstar has quit IRC[05:59:04] *** Tabmow has quit IRC[06:00:17] *** elex111119 has joined #postfix[06:01:26] *** Tabmow has joined #postfix[06:02:20] *** Telgalizer has joined #postfix[06:10:29] *** irctc905 has joined #postfix[06:11:38] *** cilly has quit IRC[06:12:03] *** irctc905 has quit IRC[06:13:11] *** inf_l00p has quit IRC[06:13:19] *** inf_l00p has joined #postfix[06:13:38] *** on1ald has quit IRC[06:13:50] *** cilly has joined #postfix[06:15:17] *** elex111119 has quit IRC[06:16:54] *** lechner has joined #postfix[06:17:07] *** lechner has left #postfix[06:20:26] *** on1ald has joined #postfix[06:21:43] *** lechner has joined #postfix[06:25:00] <lechner> Can postfix be configured to use a relay host for which only mDNS resolution is available?[06:29:00] *** Motoko has joined #postfix[06:40:30] *** danblack has quit IRC[06:58:35] *** lunaphyte_ has quit IRC[07:03:15] *** Tabstar has joined #postfix[07:03:26] *** Tabstar is now known as Guest88007[07:04:51] *** nataraj has joined #postfix[07:08:57] *** mrx234 has joined #postfix[07:10:11] *** iampaul83 has quit IRC[07:20:18] *** nataraj has quit IRC[07:23:35] *** err_or has quit IRC[07:40:12] *** Areckx has joined #postfix[07:43:37] *** nuomi has joined #postfix[07:50:53] *** gerhard7 has joined #postfix[07:54:54] *** Areckx has quit IRC[08:05:26] *** magyar has quit IRC[08:07:11] *** danblack has joined #postfix[08:15:58] *** Mazon has quit IRC[08:17:33] *** Mazon has joined #postfix[08:18:24] *** magyar has joined #postfix[08:18:24] *** magyar has joined #postfix[08:26:41] *** breaker313 has joined #postfix[08:39:32] *** UQlev has joined #postfix[08:43:27] *** failure_ has quit IRC[08:43:36] *** failure has joined #postfix[09:11:43] *** zorg1 has joined #postfix[09:16:06] *** master_of_master has quit IRC[09:17:12] *** UQlev has quit IRC[09:18:11] *** master_of_master has joined #postfix[09:25:46] *** mrx234 has quit IRC[09:30:22] *** UQlev has joined #postfix[09:37:48] *** cilly has quit IRC[09:44:47] *** wdp has joined #postfix[09:44:48] *** wdp has joined #postfix[09:53:30] *** Motoko has quit IRC[10:00:42] *** danblack has quit IRC[10:05:00] *** FainaUkraina has quit IRC[10:08:17] *** danblack has joined #postfix[10:14:03] *** morse has quit IRC[10:14:53] *** sphenxes has joined #postfix[10:14:56] *** morse has joined #postfix[10:15:50] *** wdp_ has joined #postfix[10:16:08] *** wdp has quit IRC[10:19:29] *** rzimmermann has joined #postfix[10:28:02] *** nuomi has quit IRC[10:36:59] *** Steve_The_Pirate has joined #postfix[10:46:10] *** e-anima has joined #postfix[10:58:05] *** patdk-wk has quit IRC[10:59:12] *** chthonic has quit IRC[11:02:23] *** chris_ has joined #postfix[11:02:47] *** chris_ is now known as Guest73851[11:03:01] *** patdk-wk has joined #postfix[11:04:07] *** adrian15 has joined #postfix[11:04:36] *** Guest73851 has quit IRC[11:04:40] *** chris__ has joined #postfix[11:05:05] *** chthonic has joined #postfix[11:09:58] *** eanima has joined #postfix[11:17:47] <adrian15> Hi. I want to send a message to postfix mailing list. When I want to show my transport, main.cf, master.cf files... Should I do inline copying? Attach the files? What's the recommended way ? Thank you.[11:23:35] <BuenGenio> are there any decent virtual domain/mailbox/alias/autoreply managers out there apart from ISPConfig?[11:23:50] <BuenGenio> that work on top of MySQL[11:26:40] <danblack> !config[11:26:40] <knoba> danblack: (config <name> [<value>]) -- If <value> is given, sets the value of <name> to <value>. Otherwise, returns the current value of <name>. You may omit the leading "supybot." in the name if you so choose.[11:26:50] <danblack> !postconf[11:26:51] <knoba> danblack: "postconf" : the configuration management tool for postfix. See man postconf for more information.[11:28:04] <danblack> adrian15: postconf -n is good for main.cf. master.cf as is. Inline is usually best.[11:28:51] <danblack> !tell BuenGenio ask[11:28:51] <knoba> BuenGenio: "ask" : Please regard http://workaround.org/getting-help-on-irc and don't ask to ask, just ask. (after you've read 'getting help')[11:29:02] <adrian15> danblack: I suppose I have to remove comments because I get a "too long message" reject. Do you mean that instead of posting main.cf I should post the output of postconf -n ?[11:29:15] <BuenGenio> danblack, are you sure that was for me?[11:29:16] <danblack> yes[11:29:21] <BuenGenio> ?[11:29:24] <danblack> and yes[11:29:26] <BuenGenio> danblack, are you a bot?[11:29:28] *** cilly has joined #postfix[11:29:50] <BuenGenio> danblack, where did you see me say "can I ask a postfix-related question?"[11:31:10] <danblack> BuenGenio: fine. I didn't get quite the right factiod. If you have a question ask. Asking for xyz skills/experience will rarely get you help on irc. ask what you want. few people have the patience to extract it out of you[11:32:23] <BuenGenio> what is ambiguous about "I need an email control panel. Can anyone recommend anytning decent apart from ISPConfig?"[11:33:16] <adrian15> BuenGenio: Virtualmin and webmin might have some of these although I haven't actually checked them. Just check it just in case you're lucky.[11:33:28] <BuenGenio> I have[11:33:39] <BuenGenio> they are not the right tools for the job[11:33:47] <BuenGenio> lack of MySQL support being one[11:34:28] <danblack> could just use straight postfix and avoid abstractions[11:36:11] <BuenGenio> this is a customer facing control panel[11:39:23] <sep> BuenGenio, there is something called postfixadmin, but we have rolled our own[11:39:33] <BuenGenio> yeah, that's right[11:39:38] <BuenGenio> used that too[11:39:53] <BuenGenio> they both work (ISPconfig & pfadmin)[11:40:00] <sep> BuenGenio, for autoreply i have used avelsieve + squirrelmail.[11:40:22] <BuenGenio> i use dovecot[11:40:30] <sep> so that users can change their own on the same login[11:40:46] <sep> BuenGenio, yes postfix +dovecot(with sieve)[11:48:39] *** Bry8Star_ has joined #postfix[11:49:49] *** Bry8Star has quit IRC[11:50:50] *** danblack has quit IRC[11:54:32] *** wdp_ has quit IRC[11:54:32] *** jkfod has joined #postfix[12:14:00] *** breaker313 has quit IRC[12:21:46] *** UQlev has quit IRC[12:29:25] *** snearch has joined #postfix[12:30:04] *** wdp has joined #postfix[12:30:05] *** wdp has joined #postfix[12:41:59] *** weedar has quit IRC[12:42:30] *** breaker313 has joined #postfix[12:42:47] *** weedar has joined #postfix[12:52:08] *** chris__ has quit IRC[12:52:54] *** atossava has quit IRC[12:54:16] *** MondoBizzarro has joined #postfix[12:54:53] *** chris__ has joined #postfix[12:55:57] *** atossava has joined #postfix[12:57:57] <pj> BuenGenio: postfixadmin has support for what you want.[12:58:23] *** breaker313 has quit IRC[13:07:25] *** adrian15 has quit IRC[13:08:20] *** chris__ has quit IRC[13:21:12] *** adrian15 has joined #postfix[13:22:31] *** d3c has quit IRC[13:33:18] *** quadro_ has quit IRC[13:35:08] *** lunaphyte_ has joined #postfix[13:35:08] *** lunaphyte_ has joined #postfix[13:37:35] *** Quadro has joined #postfix[13:40:02] *** Belial has joined #postfix[13:40:20] *** FainaUkraina has joined #postfix[13:41:04] *** jimpop has quit IRC[13:41:59] *** jimpop has joined #postfix[13:41:59] *** jimpop has joined #postfix[13:43:08] *** BuenGenio has quit IRC[13:44:14] *** [diablo] has joined #postfix[13:44:14] *** [diablo] has joined #postfix[13:46:05] <lunaphyte_> !tell lechner smtp_host_lookup[13:46:05] <knoba> lechner: "smtp_host_lookup" : a configuration parameter in the main.cf: What mechanisms when the SMTP client uses to look up a host's IP address. This parameter is ignored when DNS lookups are disabled.[13:53:59] *** p3rror has quit IRC[13:55:28] *** jkfod has quit IRC[13:58:52] *** d3c has joined #postfix[14:02:50] *** sep has quit IRC[14:03:36] *** sep has joined #postfix[14:04:10] *** Alagar has joined #postfix[14:05:37] *** Steve_The_Pirate has quit IRC[14:07:19] *** _NiC has quit IRC[14:07:36] *** p3rror has joined #postfix[14:12:47] *** rzimmermann has quit IRC[14:14:31] *** _NiC has joined #postfix[14:18:44] *** Section1 has joined #postfix[14:22:24] *** pj has quit IRC[14:42:07] *** RadoQ has quit IRC[14:45:40] *** RadoQ has joined #postfix[14:54:42] *** tr-808 has quit IRC[14:55:13] *** tr-808 has joined #postfix[14:55:29] *** robinho86 has joined #postfix[14:57:19] *** adrian15 has quit IRC[14:58:53] *** abramart has quit IRC[14:59:09] *** cps0 has joined #postfix[14:59:53] *** NephFL has joined #postfix[15:00:19] <NephFL> Hello[15:00:59] *** tr-808 has quit IRC[15:01:22] <NephFL> !welcome[15:01:22] <knoba> NephFL: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:01:51] *** tr-808 has joined #postfix[15:02:54] *** Facefox has quit IRC[15:03:32] <NephFL> I am trying to send out a bunch of email with multiple postfix servers, but I seem to keep getting certain machines bogged. What is the best way to keep that from happening? Have servers stop accepting mail after a certain amount? Queue mail to another server after a certain amount? What do you think?[15:04:15] *** Facefox has joined #postfix[15:04:45] *** Facefox has joined #postfix[15:05:38] *** buki_ has left #postfix[15:05:50] *** Facefox has joined #postfix[15:06:19] *** Facefox has joined #postfix[15:06:43] *** tr-808 has quit IRC[15:06:55] *** buki has joined #postfix[15:07:25] *** Facefox has joined #postfix[15:07:44] *** tr-808 has joined #postfix[15:07:57] *** Facefox has joined #postfix[15:10:50] *** adrian15 has joined #postfix[15:12:38] *** tr-808 has quit IRC[15:12:51] *** koshie has quit IRC[15:13:08] *** koshie has joined #postfix[15:14:00] *** tr-808 has joined #postfix[15:14:15] <patdk-wk> NephFL, hmm, use less servers?[15:14:25] <patdk-wk> put in faster disks[15:15:40] <tuxick> define "bunch"[15:15:53] <tuxick> most spammers just use a botnet[15:15:55] <tuxick> cheaper too[15:16:06] <ikk> hehe[15:17:44] *** grefter has joined #postfix[15:18:43] <patdk-wk> I know, I know[15:18:53] <patdk-wk> only send 1 email to each relay server[15:19:07] <grefter> Found out the network guys went and change the ip of my mail server to a local, I know that i need to add the proxy ip to main.cf what i'm not sure is what to set hostname and mydomain .. would it be the hostname of the box and the domain name of the outside ip?[15:19:38] *** tr-808 has quit IRC[15:19:51] *** tr-808 has joined #postfix[15:20:24] <lunaphyte_> why wouldn't those be the same?[15:21:11] *** abramart has joined #postfix[15:21:15] <lunaphyte_> why would the computer have one internal hostname and a different external hostname?[15:21:27] <jelly> NAT![15:21:29] <grefter> it is nat[15:21:32] <grefter> heh[15:21:37] <lunaphyte_> that doesn't matter[15:21:50] <jelly> also: load balancing with one public IP[15:21:57] *** micols has quit IRC[15:21:58] <lunaphyte_> in a properly configured network, it's the same hostname in either case[15:22:14] <jelly> no, it's not[15:22:14] <lunaphyte_> he is load balancing with one public ip?[15:22:18] *** micols has joined #postfix[15:22:37] <jelly> lunaphyte_: sure, why not begin with a single server and scale later[15:23:18] <grefter> I'm not load balancing..heh, for security reason, none of the boxes have direct access to outside ip, everything is run on NAT.[15:24:29] <jelly> grefter: if a Postfix master/smtpd exploit happens, your attacker is going to gain access to the internal network.[15:24:32] <lunaphyte_> either way, the hostname of the server should be set to the server's canonical hostname, just like any other server.[15:24:38] *** tr-808 has quit IRC[15:24:49] <lunaphyte_> that doesn't have anything to do with postfix.[15:25:51] *** tr-808 has joined #postfix[15:28:34] <patdk-wk> grefter, you do know that, nat doesn't provide ANY security at all[15:28:48] <grefter> jelly: understand that, all of the servers contained on the local network are either only local access only or dev boxes located on a seperate network.[15:29:30] <grefter> patdk-wk: of course.[15:29:43] <patdk-wk> then explain, for security, we nat[15:29:56] <jelly> (so "security raisins" are a bad reason for nat usage)[15:29:57] <patdk-wk> but still, none of that matters to postfix[15:30:09] <lunaphyte_> i disagree. nat can offer some security.[15:30:13] <jelly> proxy_interfaces matters to postfix![15:30:33] <patdk-wk> lunaphyte, nat offers no security, the stateful connection tracking, that nat requires, provides the security[15:30:38] *** tr-808 has quit IRC[15:30:48] <patdk-wk> atleast when doing n:1 nat[15:31:05] <patdk-wk> doing 1:1 nat, well, that has no security, in itself[15:31:11] <lunaphyte_> there are many types of nat.[15:31:29] <lunaphyte_> even 1:1 nat could offer security.[15:31:50] *** tr-808 has joined #postfix[15:31:50] <patdk-wk> the nat doesn't provide the security, the stateful firewall does[15:32:08] <lunaphyte_> stateeful or not isn't relevant.[15:32:13] <NephFL> I am sending a subscribed email to many users usually 70-100 gb per day... I am using 5 or so servers but occaisionally I will have 30 gb dumped on one server which then takes longer to go out while another server sits idle[15:32:29] <patdk-wk> explain to me, how nat provides any security, by itself[15:32:48] <patdk-wk> all of the *nat* secuirty is benifitted from the stateful firewall, that nat is build ontop of[15:33:05] <lunaphyte_> you're splitting hairs[15:33:20] <patdk-wk> no, I'm assinging the security gains to the proper places on the stack[15:33:36] <lunaphyte_> by splitting hairs.[15:33:52] <patdk-wk> so, everyone using ipv6 is insecure? cause there is no ipv6 nat?[15:34:01] <lunaphyte_> huh?[15:34:10] <lunaphyte_> no one said you cannot have security without nat.[15:34:16] <patdk-wk> nat is obscursion, not security[15:34:51] <lunaphyte_> security is not orthogonal to obscurity.[15:35:41] <NephFL> also, my servers are already enrolled in fbls, etc with the companies that we connect to most..[15:35:56] <NephFL> but it is the spreading of the load that I am contemplating[15:35:56] *** koshie has joined #postfix[15:36:25] <NephFL> Is there a way that most people deal with this?[15:36:41] *** tr-808 has quit IRC[15:36:59] <NephFL> something like not receiving connections after the incoming queue is a certain size or something?[15:37:20] *** MondoBizzarro has quit IRC[15:37:26] *** tr-808 has joined #postfix[15:37:28] <lunaphyte_> it's not clear to me what problem you are trying to solve[15:38:22] <NephFL> the problem is that the mail is time sensitive... so, if I dump 30-50 gb of mail on one server, it may take days to go out where if it is distributed to the other servers, it can go out more quickly[15:38:49] <NephFL> the servers that initiate the mail do not take into account the servers state, they only do failover[15:39:18] *** grossing has quit IRC[15:39:48] <ikk> heh ive just set something up similar using haproxy as an inbetween - and then dynamically altering the weighting in haproxy based on the queuesize of the delivery servers[15:40:07] <ikk> so new emails always go to the server with the smallest queue[15:40:24] <NephFL> I see[15:40:55] <NephFL> So, set all of the middleware machines to a single proxy then use it to load balance the queues[15:41:04] <ikk> thats what im doing[15:41:28] <NephFL> do you see any slow down of transaction speed?[15:41:34] <ikk> nope[15:41:52] <ikk> the transition through haproxy is very quick - its a purely tcp/ip proxy[15:42:04] <NephFL> I suppose the other question would be what size chunks the middleware servers are sending per session...[15:42:23] *** tr-808 has quit IRC[15:42:25] <ikk> well yes but u can build any alogorith you want to alter the weighting[15:42:27] <grefter> so, to answer my question, I can set the $hostname to the internal dns and add the proxy_interfaces = external ip ??[15:42:51] <ikk> the weighting can be altred directly via socat to the haproxy socket so no need to reload on changes or anything[15:43:16] <ikk> all our delivery servers have there own unique ips / hostnames/reversedns[15:43:24] <ikk> dont treat them as one[15:43:31] <ikk> we treat them individually[15:43:31] <NephFL> so, what are you using to monitor queue sizes and update the proxy?[15:44:10] <NephFL> we are doing the same because the big companies throttle based on ip and reputation[15:44:13] <ikk> just simple crons that push the mailq size into a dbase - then some small php script to get the values and work out the ratio and then that updates the proxy weightings every few mins[15:44:18] *** tr-808 has joined #postfix[15:44:28] <NephFL> I see[15:44:41] <ikk> not saying its the correct way - but works for us ;)[15:44:50] *** koshie has quit IRC[15:44:59] *** koshie has joined #postfix[15:45:02] <NephFL> yeah, I don't know if there is a correct or recommended way of doing it[15:46:08] <ikk> indeed tried other methods ie just RR on dns to relevant servers - but one would always end up busier[15:46:23] <ikk> the proxy weighting seems to work out much better[15:46:38] <ikk> you can see when a burst of email comes in they all take equal shares of it etc etc[15:47:55] <NephFL> is there a way to determine by log, how many emails are being dumped on the server per connection?[15:49:04] <ikk> dont know i took care of that at the smtp authentication stage using exim which can split the emails down to single emails even if sent multiply so it only sends out emails at one a time, may not be the best solution in terms of traffic etc but needed if your doing balancing[15:49:06] <NephFL> and I imagine the haproxy will only route new connections not sever existing ones, right?[15:49:26] <ikk> as one email to 1000 recipients is not equal to 1 email with 1 recipient[15:49:31] <ikk> correct[15:49:38] <ikk> wont touch anything thats already present[15:50:02] <NephFL> Well, if the middleware has a modest chunk size already, it should be fine to sent in chunks.[15:50:13] *** tr-808 has quit IRC[15:50:32] <ikk> https://www.dropbox.com/s/lx0fi26kdje8ugb/smtp-setup.jpg is a kinda design i came up with when using exim (exim can pick random outgoign ip) but i found exim slow on delivery so we now use postfix for the delivery[15:50:56] *** tr-808 has joined #postfix[15:51:03] *** wdp has quit IRC[15:51:06] <ikk> the rotating ips was to get over issues with some isps only accepting xx amount of emails per ip per day etc[15:51:16] <ikk> but we dropped that when we changed to postfix[15:51:39] <ikk> same as the bulk sender that just goes to a seperate array of postfix servers now[15:52:05] <ikk> ie those likely to cause blacklists etc go to a different set of servers so they dont interefere with peoples normal email[15:52:29] *** wdp has joined #postfix[15:52:30] *** wdp has quit IRC[15:52:30] *** wdp has joined #postfix[15:53:00] <NephFL> yeah, we are using several servers that are only for triggered non-bulk type email for alert type emails...then a separate pool for marketing type mail[15:54:33] <NephFL> Alright, well thanks for your input[15:54:35] <ikk> yeah[15:54:41] <ikk> good luck :)[15:54:49] *** NephFL has quit IRC[15:56:33] *** tr-808 has quit IRC[15:57:05] *** tr-808 has joined #postfix[15:57:13] *** grossing has joined #postfix[16:10:29] *** UQlev has joined #postfix[16:39:37] *** lunaphyte has quit IRC[16:51:17] *** [diablo] has quit IRC[16:57:20] *** koshie has quit IRC[16:57:33] *** koshie has joined #postfix[16:59:43] *** lunaphyte has joined #postfix[17:06:56] *** Chex has joined #postfix[17:13:36] *** muh2000 has quit IRC[17:20:24] *** corretico has joined #postfix[17:22:53] *** d3c has quit IRC[17:25:01] *** adrian15 has left #postfix[17:28:57] *** BuenGenio has joined #postfix[17:29:08] <BuenGenio> Guys[17:29:16] <BuenGenio> I need to make a new SSL certificate[17:29:23] <BuenGenio> what authority do you use?[17:30:22] <UQlev> self-signed[17:30:29] <BuenGenio> no[17:31:49] <BuenGenio> Something Root but not too expensive[17:31:51] <lunaphyte_> openssl[17:31:53] <BuenGenio> no Verisign please[17:31:55] <lunaphyte_> something root?[17:31:58] <lunaphyte_> huh?[17:32:01] <BuenGenio> RCA[17:32:05] <BuenGenio> Root Certificate Authority[17:32:22] <lunaphyte_> what about "root certificate authority"?[17:32:37] <tuxick> i ended up at networksolutions.com[17:32:53] <lunaphyte_> oh, you're saying you want to go buy a certificate? why?[17:32:54] <tuxick> so far so good[17:33:19] <BuenGenio> somebody here before suggested a good authority[17:33:23] <BuenGenio> that was very inexpensive[17:33:33] <lunaphyte_> why would you need to go pay for a certificate?[17:34:05] <BuenGenio> so that users don't get scared shitless when they see the firefox/IE warning "This site is not secure"[17:34:16] <lunaphyte_> oh, this isn't for email?[17:34:21] <BuenGenio> erm[17:34:21] <BuenGenio> no[17:34:23] <BuenGenio> :)[17:34:26] <lunaphyte_> who are your users?[17:34:32] <lunaphyte_> the general public?[17:34:35] <BuenGenio> both[17:34:39] <BuenGenio> but yes[17:34:46] <BuenGenio> this is a public facing service[17:34:53] <lunaphyte_> i'd go with startcom then[17:35:04] <BuenGenio> lunaphyte_, sure? any others?[17:35:07] <BuenGenio> let me check it out[17:35:08] <lunaphyte_> no way[17:35:11] <BuenGenio> I'm good with visual memory[17:35:14] <lunaphyte_> i'm not giving anyone any money for a certificate[17:35:27] <BuenGenio> aren't their certificates only free for 1 month?[17:35:31] <BuenGenio> and then you have to renew?[17:35:31] <lunaphyte_> no[17:35:54] <lunaphyte_> what gave you that idea?[17:36:05] *** jwing has quit IRC[17:36:17] <BuenGenio> well, the last reference I got from somebody here was also free but only for 1 month at a time[17:36:31] <lunaphyte_> was it for startcom?[17:36:53] <BuenGenio> maybe[17:36:55] <BuenGenio> "free of charge or for very reasonable fees"[17:37:03] <BuenGenio> is that for wildcard certs?[17:37:07] <BuenGenio> the reasonable fees[17:37:13] <BuenGenio> ...[17:37:18] <lunaphyte_> they were either passing misinformation, or it was not for startcom.[17:37:23] <BuenGenio> ok[17:37:25] *** biggi_mat has joined #postfix[17:37:28] *** jwing has joined #postfix[17:37:38] <BuenGenio> lunaphyte_, is StartCome an RCA then?[17:37:59] <BuenGenio> s/Come/Com[17:38:01] <lunaphyte_> why are you hung up on that?[17:38:12] <BuenGenio> in my experience some users get freaked out[17:38:24] <BuenGenio> by the warning screens in IE/Mozilla, etc...[17:38:25] <lunaphyte_> how would they even know?[17:38:31] <lunaphyte_> it sounds like you're confused.[17:38:31] <BuenGenio> Authenticity cannot be verified, etc..[17:38:40] <BuenGenio> if it's a self-signed one[17:38:46] <lunaphyte_> what does that have to do with this rca acronym?[17:38:48] <BuenGenio> okay, doesn't have to be an RCA[17:38:53] <lunaphyte_> indeed[17:38:56] <BuenGenio> secondary also works, right?[17:39:03] <lunaphyte_> it's not about that.[17:39:14] <lunaphyte_> there is either a chain of trust to something already trusted, or there is not.[17:39:20] <BuenGenio> aha[17:39:21] <BuenGenio> ok[17:39:23] <BuenGenio> that's it[17:39:33] <lunaphyte_> first, second, third, whatever.[17:39:38] <BuenGenio> that's what I was trying to put into words..[17:39:40] <BuenGenio> cool[17:39:45] <BuenGenio> so StartCom is the way to go?[17:39:47] <lunaphyte_> as long as the client can construct a valid chain, that's all that matters.[17:40:01] <BuenGenio> lunaphyte_ can you elaborate on the last sentces?[17:40:06] <BuenGenio> sentence[17:40:06] <lunaphyte_> it's the way i would go, unless there were some odd nuance that were at odds with it.[17:40:12] <BuenGenio> client being the signee?[17:40:36] <BuenGenio> startssl.com[17:40:40] <BuenGenio> that's the one![17:40:48] <lunaphyte_> client being the computer program being used by the person who is scared of warning screens[17:51:29] <BuenGenio> ok[17:51:31] <BuenGenio> sure[17:51:38] <BuenGenio> StartSSL is the one I was looking for[17:51:45] <BuenGenio> thanks LunaPhyte[17:52:01] *** elex111119 has joined #postfix[17:56:11] <BuenGenio> Over Capacity[17:56:11] <BuenGenio> We are currently receiving more requests than we can handle. Please try it later again.[17:56:12] <BuenGenio> We apologize for the temporary inconvenience and thank you for your understanding.[17:56:15] <BuenGenio> anyone else????[17:56:41] <BuenGenio> or[17:56:45] <BuenGenio> ok, basically[17:56:49] <BuenGenio> we moved the server to a new IP[17:56:52] <BuenGenio> can we use the old one?[17:56:56] <BuenGenio> or is it tied to an IP?[17:57:21] <UQlev> BuenGenio: certificate is tied to hostname[17:57:26] <BuenGenio> okay[17:57:28] <BuenGenio> so can use the old one[17:57:38] <UQlev> if you adjust your dns[17:59:07] <BuenGenio> domain name changed, actually[17:59:12] <BuenGenio> it just hit me[17:59:14] <BuenGenio> uhm[17:59:25] <BuenGenio> which other CA?[17:59:28] <BuenGenio> please...[17:59:33] <BuenGenio> need this now[17:59:35] <BuenGenio> don't mind paying[17:59:42] <BuenGenio> but want to stay away from Verisign[17:59:45] <BuenGenio> and NS[18:00:07] <tharkun> BuenGenio: Have you tried duckduckgo.com?[18:00:32] <BuenGenio> no[18:01:09] *** ced117 has joined #postfix[18:01:09] *** ced117 has joined #postfix[18:01:51] <BuenGenio> is that like lmgify.com ?[18:03:44] <tharkun> nope, it is a full blown search engine. Also try CA cert i heard OFTC is using them and they are quite good at beeing a CA[18:04:45] *** janfrode has quit IRC[18:05:30] *** janfrode has joined #postfix[18:06:09] <BuenGenio> tharkun, you're being funny right?[18:06:15] <BuenGenio> what about http://www.cacert.org/[18:06:16] <BuenGenio> ?[18:06:32] <BuenGenio> i love how on http://www.cacert.org/[18:06:51] <BuenGenio> you click on If you want to have free certificates issued to you, join <a ...>the CAcert Community</a>[18:06:59] <BuenGenio> and it gives you the "This connection cannot be trusted screen"[18:07:03] <BuenGenio> so probably a no..[18:09:15] <tharkun> BuenGenio: IIRC there is a bunch of root certificates that your common windows browser uses. Pick one of them or pick all of them and investigate them systematically until you find something you like[18:11:09] *** grossing has quit IRC[18:13:18] *** grossing has joined #postfix[18:14:36] *** devxdev has joined #postfix[18:14:54] *** elex111119 has quit IRC[18:16:21] *** wdp has quit IRC[18:17:16] *** sfrancis has joined #postfix[18:28:57] *** jwing has left #postfix[18:31:04] *** jwing has joined #postfix[18:32:51] *** UQlev has quit IRC[18:35:34] *** BuenGenio has quit IRC[18:37:07] *** grossing has quit IRC[18:37:28] *** BuenGenio has joined #postfix[18:38:36] *** grossing has joined #postfix[18:38:47] *** grossing has quit IRC[18:38:47] *** grossing has joined #postfix[18:48:49] *** ChaozZBubi has joined #postfix[18:53:46] *** devxdev has quit IRC[18:54:03] *** devxdev has joined #postfix[18:56:54] *** elico has joined #postfix[18:59:32] *** elex111119 has joined #postfix[19:01:24] *** elico has quit IRC[19:02:04] *** elex111119 has quit IRC[19:02:23] *** Motoko has joined #postfix[19:02:26] *** elico has joined #postfix[19:02:33] *** mBull has joined #postfix[19:05:05] *** BuenGenio has quit IRC[19:05:24] *** BuenGenio has joined #postfix[19:06:36] *** Areckx has joined #postfix[19:07:21] *** elico has quit IRC[19:08:24] *** elico has joined #postfix[19:10:48] *** nokia3510 has quit IRC[19:12:23] *** elex111119 has joined #postfix[19:13:20] *** elico has quit IRC[19:14:42] *** elico has joined #postfix[19:14:46] <lunaphyte> cacert has noble intentions, but unfortunately, they are at odds with the greedy cert industry, and thus far have not been able to make the necessary inroads to the degree necessary for them to be truly viable.[19:16:08] *** sfrancis has quit IRC[19:17:05] *** jwing has quit IRC[19:19:27] <lunaphyte> gkg.net might be worth consideration.[19:19:37] *** elico has quit IRC[19:20:28] <lunaphyte> i don't know whose root ca they provide from, but they're at least reasonably not shitty, generally speaking, in my experience.[19:21:49] *** elico has joined #postfix[19:23:29] *** SelfishMan has quit IRC[19:24:03] *** jkfod has joined #postfix[19:24:12] *** jwing has joined #postfix[19:24:19] *** nokia3510 has joined #postfix[19:25:27] *** SelfishMan has joined #postfix[19:26:48] *** elico has quit IRC[19:27:54] *** wdp has joined #postfix[19:28:17] *** elico has joined #postfix[19:29:26] *** mroe has joined #postfix[19:29:26] *** mroe has joined #postfix[19:31:21] *** hparker has quit IRC[19:32:08] *** SelfishMan has quit IRC[19:33:12] *** elico has quit IRC[19:33:59] *** SelfishMan has joined #postfix[19:35:40] *** elico has joined #postfix[19:38:27] *** Steve_The_Pirate has joined #postfix[19:38:36] *** SelfishMan has quit IRC[19:40:08] *** hparker has joined #postfix[19:40:08] *** hparker has joined #postfix[19:40:26] *** SelfishMan has joined #postfix[19:40:35] *** elico has quit IRC[19:41:12] *** elico has joined #postfix[19:45:18] *** SelfishMan has quit IRC[19:46:07] *** elico has quit IRC[19:46:57] *** SelfishMan has joined #postfix[19:47:56] *** elico has joined #postfix[19:51:33] *** SelfishMan has quit IRC[19:52:52] *** elico has quit IRC[19:53:26] *** SelfishMan has joined #postfix[19:55:11] *** elico has joined #postfix[19:55:47] *** d3c has joined #postfix[19:57:48] *** SelfishMan has quit IRC[19:59:24] *** SelfishMan has joined #postfix[20:00:06] *** elico has quit IRC[20:01:41] *** elico has joined #postfix[20:04:30] *** SelfishMan has quit IRC[20:05:55] *** SelfishMan has joined #postfix[20:06:37] *** elico has quit IRC[20:07:20] <grefter> adscadsc[20:08:24] *** elico has joined #postfix[20:09:49] *** elex111119 has quit IRC[20:11:16] *** ced117 has quit IRC[20:13:19] *** elico has quit IRC[20:14:33] *** elico has joined #postfix[20:14:47] *** elex111119 has joined #postfix[20:19:28] *** elico has quit IRC[20:21:22] *** elico has joined #postfix[20:23:02] *** BuenGenio has quit IRC[20:23:39] *** rmayorga has quit IRC[20:24:29] *** mBull has quit IRC[20:26:17] *** elico has quit IRC[20:26:45] *** rmayorga has joined #postfix[20:26:46] *** rmayorga has joined #postfix[20:27:26] *** jkfod has quit IRC[20:28:13] *** elico has joined #postfix[20:30:43] *** jkfod has joined #postfix[20:32:24] *** breaker313 has joined #postfix[20:32:39] *** Steve_The_Pirate has quit IRC[20:33:08] *** elico has quit IRC[20:34:56] *** elico has joined #postfix[20:35:01] *** SelfishMan has quit IRC[20:36:49] *** SelfishMan has joined #postfix[20:38:29] *** jkfod has quit IRC[20:39:09] *** elico has quit IRC[20:39:34] *** jkfod has joined #postfix[20:39:49] *** elico has joined #postfix[20:42:00] *** hparker has quit IRC[20:44:44] *** elico has quit IRC[20:45:13] *** hparker has joined #postfix[20:45:13] *** hparker has joined #postfix[20:45:55] *** elico has joined #postfix[20:46:23] *** elex111119 has quit IRC[20:50:50] *** elico has quit IRC[20:52:20] *** elico has joined #postfix[20:55:07] *** Blwch has quit IRC[20:57:15] *** elico has quit IRC[20:58:16] *** elico has joined #postfix[21:03:12] *** elico has quit IRC[21:05:38] *** elico has joined #postfix[21:05:40] *** elex111119 has joined #postfix[21:07:43] *** elico has quit IRC[21:08:04] <jimpop> su -[21:08:05] *** elico has joined #postfix[21:08:08] <jimpop> adscadsc[21:08:36] *** Bry8Star_ has quit IRC[21:09:25] <Chex> changeme[21:11:53] *** Bry8Star has joined #postfix[21:13:00] *** elico has quit IRC[21:14:12] *** elico has joined #postfix[21:14:15] <jimpop> password1[21:14:27] <adaptr> trustno1[21:16:06] <Chex> iloveangie[21:20:52] *** jra has joined #postfix[21:24:27] *** jra has left #postfix[21:25:54] *** {aaron} has joined #postfix[21:26:27] <{aaron}> hi guys, i'm trying to use a regexp virtual_mailbox_map with a virtual_transport... is this possible?[21:26:45] <{aaron}> it seems mails to my virtual transport maildrop are not getting filtered by the virtual_mailbox_map regex[21:26:50] <adaptr> !tell {aaron} goal[21:26:50] <knoba> {aaron}: "goal" : describe your goal, not what you think the solution is[21:26:56] <adaptr> and fix the non-completable nick[21:27:40] *** {aaron} is now known as aaron_[21:27:44] *** aaron_ is now known as aaron__[21:28:17] <aaron__> goal is to deliver mail to a virtually hosted domain to a shell script (application). this is working. limiting valid incoming mail addresses does not appear to be happening[21:28:32] <aaron__> i'm just not sure whether virtual_transport and virtual_mailbox_maps work together[21:28:43] <adaptr> they do not[21:29:04] <adaptr> you should not touch *_transport unless you know exactly what it and you are doing[21:29:12] <aaron__> for example, I want /^F[0-9]+ at ( dot *\.)?virtdomain.com$/ handled[21:29:36] <aaron__> adaptr, ok, this means i need to know exactly what it and I am doing then, because I need to implement this[21:29:41] <adaptr> is this one domain or multiple[21:30:09] <aaron__> it is any subdomain on a top level domain[21:30:44] <adaptr> and joe at one dot example.net == joe at two dot example.net ?[21:31:10] <aaron__> i don't know how it is handled internally. the specification is to hand the incoming mail to a script which appears to be working[21:31:15] <adaptr> since this is an application backend, basically, do you need the domain part to be distinguished or not[21:31:33] <adaptr> aaron__: that won't do. if you don't know why you need to do this, how should we.[21:31:52] <adaptr> have you thoroughly studied pipe(8) and its myriad options ?[21:32:12] <aaron__> no. is that relevant?[21:32:30] <aaron__> actually i have "studied" pipe(8)[21:32:50] <adaptr> yes, it is very relevant, since that is where you determine what information the script gets[21:33:13] <adaptr> is it of significance that the script receives the recipient as parameter ? or will it just parse the message[21:33:15] <aaron__> my assumption is that virtual_mailbox_map filtering would be applied before pipe (or any other transport). maybe that is the incorrect assumption?[21:33:25] <aaron__> it will just parse the message[21:33:30] <aaron__> there are no command line arguments for now[21:33:31] <adaptr> well, first of all, virtual_mailbox_maps does not "filter" anything.[21:33:40] <adaptr> it *maps* things[21:34:06] <adaptr> specifically, it defines what the **mailbox** is that mail to each matched recipient should go to[21:34:30] <aaron__> ok. so back to my original question. what if any relationship does the mailbox in a virtual_mailbox_map have to do with the transport?[21:34:31] <adaptr> and this will only happen in the context of the provided virtual(8) delivery agent.[21:34:38] <aaron__> ok i see[21:34:44] <adaptr> if your delivery agent is not virtual(8), it never applies[21:34:47] <aaron__> so the answer is "None in the case of maildrop"[21:34:51] <aaron__> ok that's exactly what i needed to know[21:34:54] <adaptr> you're not using maildrop[21:35:03] <aaron__> sorry, "None in the case of <my arbitrary script>"[21:35:13] <aaron__> (docs tend to use the term "maildrop" for examples)[21:35:22] <adaptr> mailboxes never have any relationship to a transport. ever.[21:35:38] <aaron__> ok great. we can just implement any filterin as part of our piped command[21:36:04] <adaptr> I don't know what you mean by "filtering", but if you mean select desired recipients, then you're doing it wrong.[21:36:08] <adaptr> !tell aaron__ mantras[21:36:08] <knoba> aaron__: "mantras" : 1. do not accept mail that you do not intend to deliver. 2. do not drop mail. 3. do not use wildcards or catchalls.[21:36:10] <aaron__> the example in the docs used these options togeher so it was hard to tell[21:37:20] <adaptr> !tell aaron__ manual[21:37:21] <knoba> aaron__: "manual" : The official Postfix documentation is maintained at http://www.postfix.org/documentation.html[21:37:26] <adaptr> !tell aaron__tutorial[21:37:27] <knoba> adaptr: (tell <an alias, 2 arguments>) -- Alias for "echo $1: [Factoids whatis $2]".[21:37:30] <adaptr> !tell aaron__ tutorial[21:37:30] <knoba> aaron__: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[21:37:34] <adaptr> heh, knobafail[21:37:51] <aaron__> what would be an alternative way to not accept mail for email addresses i do not intend to deliver? in the past I've used regexp:/ virtual_alias_maps for exactly this, but this case is different[21:38:27] <aaron__> this is the example I'm referring to FWIW http://www.postfix.org/MAILDROP_README.html#direct[21:39:31] *** jkfod has quit IRC[21:39:43] <adaptr> ...that would be the MAILDROP EXAMPLE. do yo ufind it strange that it mentions maildrop ?[21:39:58] <adaptr> FYI, maildrop is not a postfix program[21:40:04] <adaptr> it's part of courier[21:40:36] <adaptr> and you're really askinng the wrong question. the question is: how do I *accept* mail to recipients I want to allow[21:40:57] <adaptr> the answer to that question is fairly simple: you provide a map of valid recipients[21:42:09] <aaron__> i see (i followed a link to the maildrop readme from "Non-Postfix mailbox store: separate domains, non-Unix accounts)[21:43:17] <aaron__> ok, the first place my intuition says to look regarding providing a map of valid recipients is virtual_alias_maps. i'll check that out first[21:44:31] <adaptr> nope, sorry, that's just the global alias table[21:44:48] <adaptr> you don't want it in this case, since it must map to valid recipients. it cannot DEFINE valid recipients[21:45:13] <adaptr> i.e. joe at example dot net -> jim at example dot org, the latter MUST exist independent of the alias maps[21:45:14] <aaron__> yeah. i see a couple of other *recipient_map options I am reading about now[21:45:19] * aaron__ nods[21:45:24] <aaron__> that's what i would expect[21:45:36] <adaptr> you could use normal local recipients, and keep the domain intact[21:45:37] *** uqlev has joined #postfix[21:45:46] <adaptr> do you have a clue why you're using virtual_* ?[21:46:54] <aaron__> because users are not defined on the local system[21:47:09] <adaptr> that's not at all the distinction[21:47:21] <adaptr> it's the basic distinction if you use all defaults, yes[21:47:27] <adaptr> your setup is not default :)[21:48:26] <adaptr> I would strongly suggest you leave virtual_* alone, you don't need it for this[21:49:27] <aaron__> description in http://www.postfix.org/VIRTUAL_README.html#local seems to match my situation but perhaps it's conflating 2 things?[21:49:31] <adaptr> all you need is to put your list of valid recipients (that need to go to your script) in a map file, and add it to local_recipient_maps[21:50:10] <adaptr> then add all the domains to mydestination, and put the same map to use as a transport_map to your script transport[21:50:38] <adaptr> you can do this because postfix doesn't care about the RHS of a list lookup[21:51:12] <adaptr> so joe -> your_pipe_transport[21:51:33] <adaptr> and re-use that same map as the input for valid recipients[21:51:49] <aaron__> i see[21:52:01] <adaptr> this will accept mail for joe at anydomain dot example.net, and send all mail for any joe@ to your script.[21:52:09] <aaron__> will mydestination handle subdomain wildcard? can't tell from docs yet[21:52:15] <adaptr> simple to set up and maintain, and does not impair the functioning of ANY OTHER POSTFIX FEATURE[21:53:57] <adaptr> and just to be clear: yes, what you asked for is totally doable using virtual domains, and in fact I can think offhand of half a dozen OTHER ways to do it.[21:54:04] <aaron__> ah perhaps i can use talbe lookup for wildcard mydestination[21:54:08] <adaptr> none of them are simpler than this one[21:54:33] <adaptr> there is an even faster way by just using the local alias table[21:54:39] <aaron__> yes, sorry, i was most familiar with simple virtual_alias_map before and I just extrapolated that knowledge in this case, which appears notn to be the best config[21:55:03] <adaptr> but that limits you to having to call the script directly, or mapping all recipients to one alias (which then calls the script)[21:55:31] <adaptr> the former invites typos, and the latter alters the recipient[21:55:38] * aaron__ nods[21:55:46] <adaptr> if you parse the message (and not the envelope), the latter may be your best solution[21:56:01] <aaron__> local alias can be mapped to script?[21:56:05] <adaptr> of course[21:56:18] <adaptr> man local[21:56:36] <adaptr> it is not a coincidence that it is one of the biggest man pages[21:57:36] <adaptr> our previous mass mailing solution (on sendmail!) did just that - pipe all mail to one script-executing alias[21:57:59] <adaptr> the reason I don't do that anymore is simply because A) I use postfix, and B) I wanted better control over the envelope[21:58:26] <adaptr> if that doesn't matter to you, just use one local alias, i.e. myscript: |/my/script[21:58:50] <adaptr> and then make a NEW alias file, include it BEFORE the aliases(5) file, and map everything to myscript[21:59:10] <adaptr> you can do it using forward files if you like[21:59:15] <adaptr> or virtual_aliases to that local alias[21:59:18] <adaptr> dozens of ways[22:00:27] <aaron__> hmm, yeah if local alias to script loses/rewrites recipient that's probably not going to work for me in this case, but it's good to know[22:00:28] <adaptr> (I use relay_domains because I need to violate the mantras)[22:00:52] <adaptr> you just said the script parses the message. you don't care about the recipient.[22:02:34] <aaron__> mail To should be sufficient, as long as this is not altered then i think your simpler approach will work[22:02:43] <aaron__> although honestly i want to test both now to make sure i understand ;)[22:03:03] <adaptr> you just said the script parses the message. you don't care about the recipient.[22:03:18] <adaptr> if that is not the case, you have not understood which part is the message[22:03:29] <adaptr> (everythign except the envelope)[22:03:58] *** happymeerkat has joined #postfix[22:04:10] *** happymeerkat has quit IRC[22:04:32] *** Section1 has quit IRC[22:07:19] *** kiri has quit IRC[22:07:55] *** elex111119 has quit IRC[22:07:59] *** kiri has joined #postfix[22:11:14] *** pj has joined #postfix[22:11:34] <lechner> lunaphyte_ and knoba: Thanks. Problem persists. What is the difference between 'smtp_host_lookup=native' and turning off internal lookups completely with 'disable_dns_lookups=yes'? The command 'getent hosts XXX.local' works, but postfix complains with "unable to look up host XXX.local: No address associated with hostname"[22:13:28] <adaptr> native means nsswitch.conf decides. both are well-documented, by the way[22:13:51] *** rpaddock has joined #postfix[22:19:19] *** ikonia has quit IRC[22:19:44] *** ikonia has joined #postfix[22:24:06] *** rpaddock has left #postfix[22:33:14] <lechner> adaptr: Thanks. I am using 2.9.1 on Ubuntu precise. The option 'smtp_host_lookup = native' does not work like that over here. MX lookup is disabled with square brackets and 'getent hosts XXX.local' resolves fine, but the error stays: "unable to look up host XXX.local: No address associated with hostname".[22:35:11] *** biggi_mat has quit IRC[22:35:22] <adaptr> What mechanisms the Postfix SMTP client uses to look up a host's IP address. This parameter is ignored when DNS lookups are disabled[22:35:27] <adaptr> read that carefully[22:36:23] <ikk> XXX.local hardly looks like a fqdn (but ive just read last few lines of conversation so ill now keep quiet)[22:42:14] *** uqlev has quit IRC[22:45:01] <lechner> adaptr: DNS lookups are enabled with 'disable_dns_lookups = no'. With 'smtp_host_lookup=native', I get resolution from '/etc/hosts' but not from mDNS/avahi, even though it is set up in /etc/nsswitch.conf' and works with 'getent hosts'. ikk: My original question from last night was about relayhost resolution using mDNS.[22:45:34] <adaptr> lechner: um, no. whatever gave you that idea[22:49:25] <rob0> hmmm, relayhost resolution using mDNS does not sound like a very good idea to me[22:49:52] <aaron__> adaptr, thanks for your help. i have configured a local transport map (postmap format) and a separate local_recipients_map (regexp)[22:50:20] <aaron__> i find that in this case, mail to users which are not matched in local_recipients_map is still getting delivered to my transport[22:50:28] <adaptr> you should not do that[22:50:33] <aaron__> i'm wondering if one supercedes the other in some fashion?[22:50:34] <aaron__> ok[22:50:57] <adaptr> 21:29:03 adaptr | you should not touch *_transport unless you know exactly what it and you are doing[22:51:41] <adaptr> the solution I gave you is independent of any other postfix feature, i.e. it does not prevent yuo from using the full functi9onality[22:51:52] <adaptr> changing local_transport most certainly does[22:52:12] <aaron__> i do not set local_transport param itself[22:52:19] <aaron__> maybe i misinterpreted your advice: "then add all the domains to mydestination, and put the same map to use as a transport_map to your script transport"[22:52:38] <adaptr> ....three separate solutions ago.[22:52:46] <adaptr> yuo should really try to understand what all of that means[22:53:09] <ikk> never ever played with mDNS so ill keep out of this - but to me if a server doesnt have a real FQDN with RDNS/PTR etc - throw the email away![22:53:24] <ikk> all mailservers nowadays should be wise enough to adhere to basic requirements[22:53:31] <ikk> including internal mailservers![22:53:41] <adaptr> ikk: it's obviously not an internet-connected server, and we don't know his use case[22:54:16] <ikk> the amount of emails we get from servers marked .local[22:54:31] <ikk> i bet you it does send external email at some point (even if only occasionally)[22:54:39] <ikk> (or should i say it will be attempting too)[22:55:19] <adaptr> WAGs have limited usefulness in problem-solving[22:55:53] *** breaker313 has quit IRC[22:55:53] <ikk> what is WAG in this context?[22:55:58] <rob0> !wag[22:55:58] <knoba> rob0: "wag" : WAG: Wild-assed guess ... rarely, if ever, of much use in debugging problems. See !welcome and /topic and !debug.[22:55:59] <patdk-wk> !WAG[22:56:00] <knoba> patdk-wk: "WAG" : WAG: Wild-assed guess ... rarely, if ever, of much use in debugging problems. See !welcome and /topic and !debug.[22:56:11] <ikk> ah :)[22:56:15] <rob0> !patdk-wk-slow[22:56:15] <knoba> rob0: Error: "patdk-wk-slow" is not a valid command.[22:56:24] <patdk-wk> it's used when rob0's crystal ball fails[22:56:32] <patdk-wk> rob0, I blame firefox[22:56:39] <patdk-wk> eating all my ram[22:57:06] <adaptr> you need an iphone, the one with the bigger geebies[22:57:18] <ikk> adaptr, i disagree with you saying its a WAG - all im saying if it was configured properly you woudnt be having this issue would u[22:57:22] * patdk-wk is waiting for an iphonex[22:57:32] <adaptr> ikk: it's spelled "you"[22:57:55] <ikk> im lazy - i typed it once in full already[22:58:00] <patdk-wk> why would you ever get email with .local tld?[22:58:11] <patdk-wk> those would be rejected outright on any of my servers[22:58:18] <ikk> patdk-wk, exactly[22:58:37] <adaptr> patdk-wk: define "email with"[22:58:40] <ikk> but people setup internal mail servers like this - then later on they do try to send external and wonder why no-one gets there email[22:58:54] <adaptr> ikk: you're grossly overgeneralizing[22:58:54] <patdk-wk> adaptr, any email that contains .local tld :)[22:58:58] <ikk> adaptr, email from a server callign itself .local[22:59:04] <patdk-wk> in the mail from, or rcpt to, lines[22:59:09] <adaptr> ikk: and this is exhibited how ?[22:59:13] *** mroe has quit IRC[22:59:21] <ikk> adaptr, ?[22:59:24] <adaptr> patdk-wk: I don't care about the mail from[22:59:28] <adaptr> that's their problem[22:59:48] <adaptr> and if they try to send to .local and I don't manage it, it will be rejected[23:00:03] <ikk> no the server wil be rejected due to no rdns adaptr[23:00:16] <adaptr> ikk: nonsense.[23:00:23] <ikk> really?[23:00:41] <patdk-wk> adaptr, dunno, .local doesn't pass the, reject_unknown_sender_domain, test[23:00:46] <ikk> you connect to any of our servers u will be rejected[23:01:10] <ikk> as xxxx.local will not be setup with rdns correctly to match forward resolving[23:01:42] <patdk-wk> that test comes later in my config[23:02:00] *** gerhard7 has quit IRC[23:02:49] <lechner> lunaphyte_ and knoba told me look into 'smpt_host_lookup'. Everyone says 'native' enables resolution through nsswitch.conf. The documentation states it too. I don't see how the discussion about the FQDN in the sender's address has anything to do with it. My relay is assigned a dynamic IP, which is not served by the local DNS. Getting to the relayhost requires using mDNS. Security concerns aside, please explain why this should not be[23:02:51] <lechner> possible.[23:03:00] <adaptr> patdk-wk: exactly[23:03:04] <jimpop> whois knoba ?[23:03:15] <adaptr> ikk: it's spelled "you"[23:03:44] <adaptr> lechner: did you set disable_dns_lookups = yes ?[23:04:04] <ikk> well im going to keep out of this - as obviously not interested in sending email seriously[23:04:42] <adaptr> please do[23:06:04] <lechner> adaptr: most recently, I set disable_dns_lookups = no to make sure the 'native' rule is not ignored. I separately set disable_dns_lookups = yes, but with the exact same result (from what I can tell).[23:06:32] <rob0> if you are ONLY sending through a relayhost, disable_dns_lookups=yes is fine[23:07:56] <adaptr> but it completely invalidates whatever is set in smtp_host_lookup[23:08:00] <adaptr> hence my question[23:08:21] <adaptr> I'm not seeing a clear problem definition[23:08:22] *** heller_barde has joined #postfix[23:09:41] <pj> has he provided the usual info?[23:09:56] <adaptr> nope[23:10:01] <pj> heh, oh well[23:10:05] <pj> !tell lechner welcome[23:10:06] <knoba> lechner: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[23:11:41] *** elex111119 has joined #postfix[23:18:32] *** cps0 has quit IRC[23:19:13] *** grefter has quit IRC[23:21:01] *** s0ber_ has joined #postfix[23:21:09] *** grefter has joined #postfix[23:22:59] *** s0ber has quit IRC[23:23:10] *** s0ber_ is now known as s0ber[23:25:18] *** grefter has quit IRC[23:30:58] <lechner> !debug[23:30:59] <knoba> lechner: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[23:31:45] <lechner> Okay, it's my first time on IRC. Turns out 'knoba' is a bot, although the nice fellow took seven hours to respond. Here is the pastebin with the usual information: http://pastebin.com/jk703mth. Thank you for the patience.[23:33:27] *** grefter has joined #postfix[23:33:30] *** Guest____ has joined #postfix[23:33:51] *** Guest____ has left #postfix[23:34:28] *** snearch has quit IRC[23:36:23] *** markit has joined #postfix[23:36:50] *** wdp has quit IRC[23:37:23] <adaptr> Jun 13 14:19:19 localhost postfix/smtp[7670]: warning: relayhost configuration problem[23:37:27] <adaptr> you need to fix that[23:37:54] <patdk-wk> probably kill relay_transport[23:38:36] <adaptr> also, smtp_host_lookup = native does not guarantee that /etc/hosts will be used. in any way.[23:38:48] <adaptr> it does guarantee that postfix will not look up DNS[23:39:02] <adaptr> which is... stupid, in 99.999% of all cases[23:40:03] <pj> dns,native might be a better way.[23:40:37] <adaptr> for example[23:41:04] <adaptr> however, that wastes an expensive lookup when you know it won't be in DNS[23:41:26] <pj> right[23:41:50] <pj> at any rate, from what I gather before his lookup needs to be done with mDNS[23:41:58] <adaptr> as for the disable_host_lookups thing, that's completely insane.[23:42:46] <pj> from what I can tell disable_host_lookups=yes does pretty much the same thing as smtp_host_lookup=native[23:43:30] *** Driver has quit IRC[23:43:44] <adaptr> ..not at all[23:44:08] <pj> well I may be missing something, what's the difference?[23:44:09] *** grossing is now known as grossing42[23:44:14] *** grossing42 is now known as grossing23[23:44:21] *** grossing23 is now known as grossing[23:45:09] <adaptr> smtp_host_lookup = native means postfix will not resolve DNS, but will consult nsswitch.conf. which may resolve DNS. or use hosts. or LDAP. or whatever.[23:45:31] <adaptr> if you set disable_dns_lookups = yes, smtp_host_lookup is IGNORED. so it WILL NOT WORK[23:47:33] <pj> if you set disable_dns_lookups=yes hosts are looked up with getaddrinfo(), which, if I'm not mistaken, uses nsswitch.conf.[23:47:37] <markit> hi, newbie here, I'm a bit disoriented... if I run qshape I've "0" in each total column, but if I run postqueue -p I've more or less 3700 lines with an id and an user that is "zimbra" (this is a zimbra install) or "root", how is that?[23:48:02] <pj> !zimbra[23:48:02] <knoba> pj: "zimbra" : Zimbra uses a prepackaged version of postfix that is configured via zimbra's console tools. Any and all hand changes made to zimbra's postfix configuration will be overwritten by the zimbra configuration. That Zimbra just happens to use postfix is inconsequential. For zimbra support, see http://www.zimbra.com[23:48:16] <pj> markit: ^^^^^^^^][23:48:46] <pj> also, I'm not aware of any "qshape" tool that comes with postfix.[23:48:47] <adaptr> pj: if that were true, the two settings would be redundant. they're not.[23:48:55] <adaptr> pj: um.[23:48:59] <pj> well, hence my confusion.[23:49:00] <adaptr> !tell pj qshape[23:49:00] <knoba> pj: "qshape" : qshape(1) - The qshape program helps the administrator understand the Postfix queue message distribution in time and by sender or recipient domain. See http://www.postfix.org/QSHAPE_README.html[23:49:02] <markit> pj: is a standard debian tool that comes with postfix[23:49:06] *** e-anima has quit IRC[23:49:13] <pj> oh, ok[23:49:30] <markit> and my problem is general about postfix queue query[23:49:31] <adaptr> markit: man postqueue, see which queue they are in[23:49:39] <adaptr> markit: shush[23:49:56] <adaptr> qshape takes ONE queue as parameter. you've chosen the wrong one[23:50:05] <markit> adaptr: ah, thanks[23:50:21] <markit> the article I've quick read confused me[23:50:28] <adaptr> !tell markit tutorial[23:50:28] <knoba> markit: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[23:53:34] <pj> I got confused because I just checked my box for qshape and it wasn't there, RedHat packages it seperately.[23:54:15] <patdk-wk> heh, I thought only debian did that, splitting postfix up into 15 different packages[23:54:33] <pj> and the stupid thing is, I built the package ;-P[23:55:15] <pj> well, RH must be better then, because RH only splits it into three packages ;-P[23:58:41] <pj> bbl