June 25, 2012 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 25, 2012 [00:09:28] *** weedar has quit IRC[00:11:58] *** weedar has joined #postfix[00:16:40] *** elex1111117 has quit IRC[00:23:12] *** elex111119 has joined #postfix[00:28:57] *** wdp has quit IRC[00:30:43] *** kaos01_ has quit IRC[00:50:15] *** Silowyi has joined #postfix[01:07:00] *** naquad has quit IRC[01:09:39] *** elex111119 has quit IRC[01:11:57] *** naquad has joined #postfix[01:19:11] *** biggi_mat has quit IRC[01:35:03] *** k-man has quit IRC[01:52:38] *** lucas_ has joined #postfix[01:54:36] *** lucas_ has left #postfix[02:34:57] *** codin has quit IRC[02:36:51] *** codin has joined #postfix[02:40:18] *** rmayorga has quit IRC[02:43:02] *** Telgalizer has quit IRC[02:47:11] *** rmayorga has joined #postfix[02:47:11] *** rmayorga has joined #postfix[02:47:44] *** lunaphyte_ has quit IRC[02:48:04] *** lunaphyte_ has joined #postfix[02:48:04] *** lunaphyte_ has joined #postfix[03:30:56] *** chadmaynard has joined #postfix[03:32:12] *** Suppa_Spic has quit IRC[03:42:07] *** The_Ball has quit IRC[03:48:56] *** The_Ball has joined #postfix[04:19:40] *** nuomi has joined #postfix[04:43:14] *** bvenkat has quit IRC[05:02:34] *** Telgalizer has joined #postfix[05:13:02] *** mroe has quit IRC[05:30:15] *** Areckx|Errors has joined #postfix[05:30:21] *** Areckx has quit IRC[05:30:29] *** nuomi has quit IRC[05:42:25] *** Telgalizer has quit IRC[05:42:27] *** MAAAAAD has joined #postfix[05:42:38] *** Telgalizer has joined #postfix[05:46:03] *** MAAAAD has quit IRC[05:50:51] *** nuomi has joined #postfix[06:08:38] *** shoonya has joined #postfix[06:09:58] *** cilly has quit IRC[06:13:33] *** Suppa_Spic has joined #postfix[06:13:36] *** cilly has joined #postfix[06:32:35] *** Telgalizer has quit IRC[06:47:08] *** shoonya has quit IRC[07:18:40] *** BuenGenio has quit IRC[07:29:18] *** jkfod has joined #postfix[07:31:18] *** BuenGenio has joined #postfix[07:31:36] *** k1ckn1ck has quit IRC[07:33:21] *** nowthatsamatt has joined #postfix[07:47:36] *** mah454 has joined #postfix[07:47:39] <mah454> Hello[07:47:57] <mah454> I need GUI for postfix content filtering[07:48:02] <mah454> what is your idea ?[07:50:03] <sysmonk> ms exchange[07:50:46] <doomas> vim + xterm[07:50:56] <mah454> sysmonk, what ?[07:51:14] <mah454> sysmonk, for system administrator .[07:53:12] <sysmonk> well, i think windows admins are also system administrators[07:53:23] <sysmonk> not always, but sometimes[07:53:44] <mah454> sysmonk, no no ...[07:53:51] <mah454> sysmonk, linux system administrators[07:54:05] <mah454> sysmonk, I work in linux[07:54:44] <sysmonk> oh, great, then i think i have just the answer for you[07:55:07] <sysmonk> depends on what you use on your computer, you can use Xterm, Terminal, Kterm or Putty[07:55:10] <sysmonk> that's a GUI to postfi[07:55:12] <sysmonk> postfix*[07:55:41] <mah454> sysmonk, have web interface ?[07:56:10] <sysmonk> postfix is a smtp server, it is not a http server[07:57:05] <mah454> sysmonk, I know , i need web interface or like this for config content filtering in postfix[07:57:36] *** k1ckn1ck has joined #postfix[07:57:41] <sysmonk> well, you can use shellinabox - a web based AJAX ssh terminal[07:57:50] <sysmonk> :)[07:57:59] <mah454> :D[07:58:25] *** k1ckn1ck has left #postfix[07:58:43] <mah454> crazy ! =))[08:04:16] <Suppa_Spic> I need some help :/ I'm using virtual mailboxes, but all my emails are sent as user@localhost[08:13:50] *** nowthatsamatt has left #postfix[08:22:32] *** gerhard7 has joined #postfix[08:22:53] *** pehden has left #postfix[08:28:44] *** Allex944 has joined #postfix[08:30:40] *** janos has quit IRC[08:30:58] *** janos_ has joined #postfix[08:33:25] *** Driver has quit IRC[08:35:05] <BuenGenio> what does this mean?[08:35:06] <BuenGenio> <cammy at antronexpress dot com>: host imap.antronexpress.com[61.238.47.246] said: 550[08:35:06] <BuenGenio> 5.7.1 Requested action not taken: message refused (in reply to end of DATA[08:35:06] <BuenGenio> command)[08:35:41] *** Driver has joined #postfix[08:38:22] *** wdp has joined #postfix[08:38:22] *** wdp has joined #postfix[08:41:48] *** Aurica has joined #postfix[08:45:35] *** Silowyi has quit IRC[08:45:59] *** Niemi has joined #postfix[08:47:39] *** wh1zz0 has quit IRC[08:59:18] *** OliveiraBorges has joined #postfix[08:59:53] *** Terminus- has quit IRC[09:00:15] <OliveiraBorges> any her e?[09:00:20] <OliveiraBorges> here *[09:08:17] <Natureshadow> g'morrow guys ...[09:09:33] <Natureshadow> this one is tough, I cannot really figure out how to do it ... I have a classical setup, $mynetworks can relay mail anywhere and mail from outside $mynetworks is only accepted for relay_domains or for authenticated users. Now I want to *additionally* allow client 127.1.2.3 to relay mail to exactly and no more and no less than foo at example dot com[09:09:58] <Natureshadow> right now, these are the only restrictions I have set: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject[09:10:48] <sysmonk> !restriction_classes[09:10:48] <knoba> sysmonk: "restriction_classes" : see !restriction_class[09:10:52] <sysmonk> !restriction_class[09:10:52] <knoba> sysmonk: "restriction_class" : postfix per-client/user/etc. access control http://www.postfix.org/RESTRICTION_CLASS_README.html[09:10:54] <sysmonk> Natureshadow: ^^[09:12:01] <Natureshadow> sysmonk: yeah, thy; I know about those. I can use them to allow some client to relay anywhere OR to allow all clients to relay to one address. But I cannot figure out how to combine that, so in the end I can also do client1->recipient1, client2->recipient2, ...[09:12:12] <Natureshadow> s/thy/thx/[09:12:32] <sysmonk> Natureshadow: um, probably you didn't read it then[09:12:54] *** happymeerkat has joined #postfix[09:13:07] *** happymeerkat has quit IRC[09:14:50] *** zorg1 has joined #postfix[09:15:15] <Natureshadow> sysmonk: lets look at the "Protecting internal email distribution lists" part ... in my understanding, the result of the last configuration example is: all $insiders can send mail to all $protected_destinations, not $insiders[0] can ONLY send to $protected_destinations[0] and $insiders[1] can ONLY send to $protected_destinations[1] ... or maybe I am reading it wrong?[09:15:41] <sysmonk> Natureshadow: yes, but that is ONLY an example[09:16:16] <Natureshadow> what I get from it is that if I have 100 trusted clients that can send to one of 100 recipients each, I need 100 restriction classes and 200 lookup tables ...[09:16:24] <Natureshadow> not one for all ;)[09:16:35] *** _ruben has joined #postfix[09:17:06] <sysmonk> um probably not, unless you want to have 100 clients send 100 different emails each[09:17:20] <Natureshadow> that's basically what I want[09:17:38] *** master_of_master has quit IRC[09:17:53] <Natureshadow> I want to relay mail from *exactly* one client to *exactly* one recipient, and such an 1:1 mapping for many clients[09:19:22] <Natureshadow> not exactly the numbers mentioned above, but let's say any of 100 clients can send mail to a *selection* of a few recipient addresses[09:19:42] *** master_of_master has joined #postfix[09:20:07] <Natureshadow> It is for routing monitoring mails to different locations depending on the client that sends it; monitoring mails come from outside as this is an external backup MX in case ... well, monitoring detects that the local Postfix died ;)[09:20:47] <Natureshadow> on the other hand, client IPs are hard to spoof in TCP, so maybe I'd jsut add them to $mynetworks and have them relay to wherever they feel like ,)[09:21:06] <Natureshadow> however I must admit I am curious how to do it properly[09:21:09] <sysmonk> that's probably the best[09:21:17] <sysmonk> there's the way with classess[09:21:24] <sysmonk> but you've got too many ip->email 'relations'[09:21:29] <sysmonk> other way probably could be a policy daemon[09:21:33] <Natureshadow> hmm .. I've got an[09:21:35] <Natureshadow> sry[09:21:41] *** e-anima has joined #postfix[09:21:42] <Natureshadow> I meant backspace rather than enter ;)[09:21:58] <Natureshadow> tiny little cute notebook keyboard ;)[09:22:07] <Natureshadow> hmm, a policy daemon is a good idea[09:22:09] <sysmonk> you send emails to the policy daemon and it rejects them if they shouldn't be allowed to send[09:22:22] <sysmonk> policy daemon should have enough information[09:22:29] <Natureshadow> yeah and I could use check_policy_service for that ...[09:22:40] <sysmonk> if you would need to do it based on the body/headers then no, but you only do it based on ip/from/to[09:22:40] <Natureshadow> that shouldn't be more than a few lines of python if I get it right[09:22:43] <Natureshadow> thanks for the hint ;)[09:23:19] <Natureshadow> _but_ I had another idea. can I match client addresses in pcre tables?[09:23:48] *** Allex944 has left #postfix[09:23:53] <sysmonk> sure , why not[09:24:00] *** Allex944 has joined #postfix[09:24:06] <Natureshadow> iirc pcre_table can && several rules[09:24:17] <Natureshadow> so I could match client && recipient ...[09:24:27] <sysmonk> i don't really see how[09:24:42] <sysmonk> you can match multiple clients in one rule, and multiple recipients in ANOTHER rule[09:24:45] <sysmonk> but not both[09:24:56] <Natureshadow> yeah I just figured that by reading pcre_table(5) ;)[09:25:23] <sysmonk> if it's enough for you that these 100 IP's can send to ALL theese 100 emails then it's achievable with restriction classes[09:25:29] <Natureshadow> so, birth is given to a policy daemon today ;)[09:26:00] <sysmonk> but if you need ip1 to send to email1, ip2 -> email2 and etc then probably best with policy daemon[09:26:31] <Natureshadow> well that's not such a strict requirement, but better be safe than sorry, right ;)[09:26:35] <zw> Hi. Can someone tell me if there is a sasl authenticating method for postfix that supports SHA512 ?[09:27:55] <Allex944> hi, could someone help me with FQDN? i'm a little confusing[09:28:16] <zw> Allex944: what is your question ?[09:28:18] <Natureshadow> Allex944: you indeed are. so explain yourself ;)[09:28:44] *** happymeerkat has joined #postfix[09:28:56] <Allex944> first, /etc/mailname, what is it for?[09:29:25] <Natureshadow> Allex944: postfix by default gets its $myorigin from it, so the name that is appended as domain part to outgoing mail and message ids[09:29:57] <sysmonk> Natureshadow: false :)[09:30:08] *** Areckx|Errors has quit IRC[09:30:12] <sysmonk> but good enough as an answer for Allex944 :P[09:30:15] *** tjikkun_work has joined #postfix[09:30:42] <Natureshadow> sysmonk: s/by default/on Debian/, maybe?[09:30:54] <sysmonk> yep[09:31:12] <zw> sysmonk: do you know a sasl mechanism with sha512 support in mysql ? :-)[09:32:04] <Allex944> in /etc/hosts i have 127.0.0.1 localhost mail.myhost.tld[09:32:06] <Allex944> do i need to put mail.myhost.tld to /etc/hostname as well?[09:32:10] <Allex944> in my main.cf i have myhostname = localhost, if i change it to mail.myhost.tld, my emails are not receiving.[09:32:12] <Allex944> if i look at postqueue -p, i see error messages like this:[09:32:16] <Allex944> (lost connection with xxx[ip] while performing the HELO handshake)[09:32:42] <Natureshadow> Allex944: for outgoing mail?[09:33:28] <Allex944> Natureshadow: if i send an enamil, it's returned with error message:[09:33:32] <Allex944> host [] said: 554 5.7.1 Mail (id-34054-07247) appears to be unsolicited - Forged Helo - resend with the code uvamupu4 appended to subject and ask to have your email whitelisted (the code uvamupu4 changes each 24 hours). (in reply to end of DATA command)[09:33:40] <Natureshadow> Allex944: most MTAs will only allow HELO hostnames that they can resolve through DNS[09:33:51] <Natureshadow> so make sure your $myhostname is resolvable outside your network[09:34:03] <Natureshadow> (_both_ forward and reverse)[09:34:08] <Allex944> so could you please help me out how to set my FQDN[09:34:16] <sysmonk> zw: hm[09:34:25] <sysmonk> zw: well, mechanism is not about encryption...[09:34:29] <Natureshadow> Allex944: just put in $myhostname and make it resolvable on the internet[09:34:37] <sysmonk> zw: so a sql mechanism probably should be enough ?[09:35:10] <Natureshadow> sysmonk: I was thinking he was talking challenge-response authentication, like ... CRAM-SHA512, don't know ;)[09:35:13] <sysmonk> zw: with queries like select user from users where user='a at user dot com' and pass=sha2($password, 512) ?[09:35:38] <sysmonk> zw: haven't tested, but it probably should work :)[09:36:11] <sysmonk> well, cram doesn't care about sha512 support in mysql in the first place[09:36:16] <Natureshadow> Allex944: and do not resolve your external name to 127.0.0.1[09:36:25] <sysmonk> it needs plaintext password in the database, not sha512[09:37:06] <Natureshadow> sysmonk: yes. but plaintext auth with sha512 in the database didn't make any sense to me in the question because, as you said, the backend encryption has nohing to do with the sasl mechanism ;)[09:37:51] <sysmonk> well, the question is difficult to understand so those are just guesses[09:38:07] <Natureshadow> Allex944: in a proper setup, you would have the name from /etc/hostname resolve to cour primary address and that address back to your FQDN. like in /etc/hosts: 1.2.3.4 host.fqdn.tld host[09:38:39] <Natureshadow> so host -> 1.2.3.4 -> host.fqdn.tld works[09:38:49] <sysmonk> anyway, $work[09:39:00] <Natureshadow> but that's jsut a general note; putting host.fqdn.tld in $myhostname is ok for Postfix alone[09:39:17] <Allex944> ok look: (example)[09:39:19] <Allex944> /etc/hostname - myhostname[09:39:21] <Allex944> /etc/mailname - mail.myhostname.tld[09:39:23] <Allex944> /etc/hosts:[09:39:25] <Allex944> 127.0.0.1 localhost localhost.localdomain mail.myhostname.tld[09:39:27] <Allex944> in main.cf hostname = mail.myhostname.tld[09:39:29] <Allex944> in DNS MX: mail.myhostname.tld[09:39:31] <Allex944> is this correct? :D[09:39:50] <Natureshadow> do NOT resolve mail.myhostname.tld to 127.0.0.1[09:40:00] <Natureshadow> and have an A record for mail.myhostname.tld[09:40:12] <Natureshadow> and have proper reverse lookup for the IP address it resolves to[09:42:58] <Allex944> so in my 127.0.0.1 should be only localhost?[09:43:05] <Natureshadow> yes[09:43:13] *** OliveiraBorges has quit IRC[09:43:45] <Allex944> don't i need to add my ip there? 23.34.11.44 mail.myhostname.tld?[09:43:51] <Natureshadow> and 1.2.3.4 mail.myhostname.tld myhostname, where 1.2.3.4 is your internet ip address[09:44:11] <Allex944> now i got it![09:44:15] <Allex944> :D[09:44:42] <Natureshadow> this is not relevant for your Postfix setup, but generally your system must locally resolve /etc/hostname to an IP address and that IP address back to its fqdn[09:44:45] <zw> sysmonk: true, but can postfix do sasl from itself or do I need something linge saslauthd ?[09:45:20] <Natureshadow> on the outside, for postfix, your HELO hostname ($myhostname in main.cf) must resolve to the same IP address as you connect from, AND that IP address must have a valid reverse entry[09:45:31] <Natureshadow> zw: Postfix can do SASL, but for MySQL you need saslauthd[09:45:52] <Natureshadow> when using cyrus sasl, at least; if you use dovecot sasl, dovecot does the MySQL part[09:46:15] <zw> Natureshadow: well that is the clue. I'm now doing dovecot+sasl+postfix[09:46:15] <Natureshadow> or for $any_other_sasl_implementation_but_i_dont_know_of_any_relevant, whatever their docs say ;)[09:46:21] <Allex944> do i need to restart computer after editing?[09:46:30] <Natureshadow> Allex944: no ...[09:46:38] <Natureshadow> zw: then configure dovecot to do mysql[09:46:38] <Allex944> great[09:46:46] <zw> But I want to split up my sasl users towards another box, running a dovecot there only to do the sasl authentication looked a bit odd to me :)[09:47:01] <Natureshadow> then use cyrus sasl + saslauthd there ;)[09:47:12] <zw> Nevertheless, if I need mysql auth I have to run an extra daemon anyway[09:47:14] <Natureshadow> or export dovecot auth master via IP (mind your firewall setup ;))[09:47:28] <zw> Natureshadow: Is that possible ?[09:47:34] <sysmonk> zhnsdt: it can do sasl from "itself"[09:47:56] <Natureshadow> zw: sure. but I have to roam to a location that has a wall socket AND wifi ... be back in a minute ;)[09:48:00] <sysmonk> zw: ^^ sorry[09:48:17] <zw> Natureshadow: sysmonk no problem :)[09:50:19] *** wdp has quit IRC[09:56:39] <Natureshadow> huh, i wasn't disconnected even while switching campus :o[09:57:00] <Natureshadow> sometimes, our network is spooky[09:57:40] *** rzimmermann has joined #postfix[10:02:52] *** wdp has joined #postfix[10:02:53] *** wdp has joined #postfix[10:07:37] *** wdp has quit IRC[10:07:55] *** wdp has joined #postfix[10:08:31] <Allex944> Natureshadow: i do not need to put A record if in my DNS i have: *.mydomain.tld?[10:09:01] <Natureshadow> Allex944: then in fact you _have_ an A record ...[10:09:28] <Allex944> ok[10:09:47] <Allex944> i just need to edit MX[10:11:45] *** uqlev has joined #postfix[10:12:31] <Natureshadow> Allex944: y?[10:15:37] <Allex944> Natureshadow: wow, one more question, in my MUA, ServerName: there must be my FQDN or only imap.mydomain.tld?[10:18:41] <uqlev> Allex944, whatever but must match name in SSL certificate[10:21:35] <uqlev> Allex944, amd it should be resolvable by DNS[10:22:25] <Natureshadow> Allex944: whatever points to your imap server, that's just IP, no more no less[10:27:56] <Allex944> yeah that's right, damn, why do i lame today like this :D[10:29:58] *** uqlev has quit IRC[10:32:57] <Allex944> looks like it works! thank you guys![10:34:55] *** mah454 has quit IRC[10:35:06] *** Areckx has joined #postfix[10:36:36] <Natureshadow> sysmonk: there is a policy service called postfwd that does what I asked for earlier. thanks for the policyd hint ;)[10:40:26] <sysmonk> cool, didn't know about that one[10:45:07] <zw> Natureshadow: can I use postfwd as a service to limit sasl users x amount of mails a day ?[10:45:25] <zw> I want to limit my sasl users to 200 mails a day[10:45:26] <Natureshadow> zw: as I see it, yes. you can match sasl user AND rate_limit[10:45:43] <zw> based on the rcpt or based on client ip ?[10:46:14] <Natureshadow> zw: whatever you like, postfwd can combine matches on any fields the postfix policy protocol provides.[10:46:16] <zw> client ip is no go as most of them are behind nat and use the same wan ip[10:46:30] <zw> ik lets read some postfwd docs :)[10:46:38] *** Silowyi has joined #postfix[10:46:55] <Natureshadow> zw: which are these: http://www.postfix.org/SMTPD_POLICY_README.html#protocol[10:47:49] <Natureshadow> wait, where was that rate limit thing ...[10:49:36] *** Aurica has quit IRC[10:50:02] <Natureshadow> zw: mind the gap, querying you ;)[10:50:22] <zw> ow :)[10:50:46] <Natureshadow> huh? did that work? irssi is confusing me ...[10:50:56] <zw> Natureshadow: no :) No query from you[10:55:00] *** Allex944 has left #postfix[11:03:10] *** Allex944 has joined #postfix[11:04:13] <Allex944> hi, why i try:[11:04:15] <Allex944> ehlo localhost[11:04:17] <Allex944> i get only:[11:07:01] *** Terminus has joined #postfix[11:13:08] *** MAAAAAD has quit IRC[11:13:22] <Terminus> hello. question regarding header_checks. if i have http://pastebin.com/b5jJyAvA and the the first pattern matches line 1 while the second pattern matches line 2 in the message, will line 2 still be executed or will header checks terminate after sending the message to "foo"?[11:17:25] <Natureshadow> Allex944: obviously because the ehlo command is not installed on your system[11:17:34] <Natureshadow> Allex944: maybe you meant to send that to your SMTP server?[11:18:36] <sep> I got a very non spesific access denied in my logs, normally the log say why it was rejected ; NOQUEUE: reject: RCPT from domino1.hil.no[128.39.109.20]: 554 5.7.1 <domino1.hil.no[128.39.109.20]>: Client host rejected: Access denied; the access file only contains OK entries for some devices that does not support SMTP AUTH ; the recipient was a virtualhost domain, so i expected to accept and deliver the email. conf and log entry http://paste.debian.ne[11:18:36] <sep> t/hidden/9c12b9d6/[11:18:59] <Allex944> yes thats why[11:19:16] <Allex944> ok never mind, all works[11:21:26] *** Allex944 has left #postfix[11:24:09] *** wh1zz0 has joined #postfix[11:24:37] <Natureshadow> sep: can you poste the link in one part again ;) ?[11:25:13] <sep> http://paste.debian.net/hidden/9c12b9d6/[11:25:16] <sep> sorry bout that[11:25:27] <sep> thanks for looking[11:25:57] <sep> also normally i do not want such generic rejects. if it rejects i want to know why ![11:27:12] *** MAAAAAD has joined #postfix[11:27:34] <Natureshadow> sep: fordefestival.no is your local domain?[11:27:43] <sep> virtual[11:27:52] <sep> and the user exsists[11:27:54] <Terminus> sep: maybe it's something to do with your /etc/postfix/access since it's the client being rejected?[11:28:06] <sep> and the sender sendt the mail 30 mins later and it acceepted it as expected[11:28:14] <sep> but why did it reject it the first time[11:28:53] <Natureshadow> is there a transaction log?[11:29:01] <Natureshadow> s/transaction/transcript/[11:29:03] <sep> the ip is not in the access list, the access list was not changed between the puzzeling reject and the accept, and the access line only contains OK statements[11:29:32] <sep> it's the connect from ip log entry, the reject i pasted, and the disconnect log entry[11:29:49] <Natureshadow> Well it actually is relay access denied (5.7.1)[11:30:10] <Natureshadow> My best guess is your MySQL server got the hicups and Postfix didn't find the virtual domain entry[11:30:34] <sep> http://paste.debian.net/hidden/ac04d9ca/[11:30:37] <sep> the full log[11:31:03] <Natureshadow> look for what your mysql server did before and after that[11:31:34] <Natureshadow> oh no it's Client host rejected[11:31:48] * Natureshadow should get more coffee[11:33:59] <zw> $coffee++[11:34:33] <Natureshadow> zw: are you saying you're getting me some :P ?[11:34:45] <zw> Natureshadow: depends, do you have boobs?[11:35:03] * Natureshadow checks[11:35:11] <Natureshadow> zw: sorry, don't think so ;)[11:35:12] *** Niemi has quit IRC[11:35:21] <zw> Then, no. :)[11:35:28] <Natureshadow> :'([11:36:17] *** wdp has quit IRC[11:36:55] <sep> Natureshadow, modern surgery does wonders today :)[11:36:57] *** wdp_ has joined #postfix[11:48:58] <Natureshadow> sep: if I am too lazy to walk to the coffee bar, why do you assume I might be anything close to motivated to get to _hospital_?[11:52:42] <sep> Natureshadow, to get boobies ?[11:53:37] <sep> a coffee lasts you max a few minutes.... boobies would last a lifetime.. :D[11:54:22] <Natureshadow> as in, give a man a coffee and you feed him for a few minutes; give a man boobs and zw will bring him coffee for a lifetime :P ?[11:55:15] <sep> yes !![11:56:09] <wh1zz0> heeeeeeellp![11:56:18] <wh1zz0> :(([11:56:23] <sep> well generally there is nothing i can imagine that does not get better with boob's so... I can't understand why there are not a raging market for boob implants for men,[11:57:27] <Natureshadow> wh1zz0: no boobs for you, know ... or what did you mean ;) ?[11:57:27] <Natureshadow> s/know/no/[11:57:27] <Natureshadow> wtf, language ...[11:57:35] <wh1zz0> Lol[11:57:39] <sep> wh1zz0, no i have never seen 127.0.0.1 as ip on any other interface then lo[11:58:03] <Natureshadow> sep: wh1zz0: except on venet devices in Virtuozo/OpenVZ environments[11:58:18] <Natureshadow> they have localhsot as address and an alias venet?:0 with the real address[11:58:23] <sep> then again i have never worked with venet interfaces perhaps that's normal there...[11:58:45] <wh1zz0> I already installed webmin and configured the network.. Why the hell is it still showing me localhost ip on the interface[11:59:08] <Natureshadow> wh1zz0: most likely because you installed webmin. but point me to your question again, I cannot find it in my buffer ;)[11:59:28] <wh1zz0> Natureshadow: So meaning that's the default and only setting ?[11:59:52] <Natureshadow> wh1zz0: pardon?[12:00:10] <tuxick> i thought webmin was dead[12:00:17] <tuxick> prolly wishful thinking[12:00:25] <Natureshadow> tuxick: /sign ;)[12:00:28] <sep> wh1zz0, i think your better of going to a Virtuozo/OpenVZ channel to sort out your Virtuozo/OpenVZ network issues, then return here to ask postfix questions :)[12:00:28] <wh1zz0> Using postfix, test mail to aol still remains in queue[12:00:45] <wh1zz0> test mail to live bounces[12:01:00] <Natureshadow> wh1zz0: what's that to do with interface addresses?[12:01:08] <wh1zz0> only delivers to yahoo and gmail... IP is not blacklisted.. have checked more than 5 times.. IP is clean[12:01:09] <sep> and you want mail to aol to bounce as well ?[12:01:11] <wh1zz0> Must be some config[12:01:44] <Natureshadow> wh1zz0: does your helo hostname ($myhostname) resolve, through DNS, to the same address as you connect from, and does that address have a valid reverse DNS entry?[12:01:49] <wh1zz0> Email should deliver to all domains..... Why is this happenining... :(([12:02:00] <wh1zz0> Natureshadow: Yes it does[12:02:19] <sep> wh1zz0, you have all the regular things correct ? revers dns is sane, and the result resolves? helo name is sane, and resolves ?[12:02:20] <Natureshadow> wh1zz0: then maybe we can look at the error logs / DSNs that pretty certainly tell you what's wrong ;)[12:02:34] <sep> also the bounce should tell you something of a reason.[12:02:47] <sep> and the mail stuck in queue should have a reson for the deffered status[12:02:48] <wh1zz0> One sec lemme get the error[12:04:19] <sep> wh1zz0, assuming the ip in your paste is the postfix server: Host 168.242.59.37.in-addr.arpa. not found: 3(NXDOMAIN) ; it does not have a working revers dns atlest[12:04:28] <sep> that's a instantfail on most servers[12:04:45] <sep> s/most/many/[12:05:25] <wh1zz0> sep I don't understand[12:06:57] *** mi has joined #postfix[12:07:09] <sep> wh1zz0, what part do you not understand ?[12:08:54] <sep> wh1zz0, what is the ip of your postfix server. and what is it's fully qualified domain name ?[12:10:06] <sep> wh1zz0, but a sane revers and a sane hostname are essentials for email operation. afk for lunch[12:10:18] <wh1zz0> The Ip is my server IP 37.59.242.168... and the FQDN is zebraconnect.org[12:15:35] *** jonez has quit IRC[12:16:17] *** Terminus has quit IRC[12:18:09] *** Terminus has joined #postfix[12:27:53] <sep> wh1zz0, 37.59.242.168 does not point to anything, so that's plain wrong. many mailservers will simply reject.[12:28:17] *** jonez has joined #postfix[12:28:57] <sep> zebraconnect.org points to some other ip. so that's not optimal at all it should normaly resolve to the ip of the mail server[12:29:28] <wh1zz0> Wtf.... ping zebraconnect.org[12:29:28] <wh1zz0> PING zebraconnect.org (216.21.239.197) 56(84) bytes of data.[12:29:50] <sep> but 216.21.239.197 != 37.59.242.168[12:29:51] <wh1zz0> It resolved ... something just changed[12:30:47] <sep> also you need to fix your revers dns[12:30:48] <wh1zz0> I can swear that it pinged to my ip yesterday[12:31:25] <wh1zz0> How can I get this.. It seems that the guide I followed (using webmin) is making things complicated[12:33:29] <Natureshadow> wh1zz0: first of all, drop that guide. then, drop webmin. then, try again.[12:34:28] <wh1zz0> Whew.. but seriously, I have searched for a suitable guide to do this from terminal (centos guide) but haven't seen a reliable one[12:36:54] <sep> wh1zz0, postfix is postfix no matter what distro.[12:37:02] <sep> it's just text config files[12:37:41] <sep> webmin only brings grief in my experience.[12:38:08] <Natureshadow> and breaks your config and opens up your system to attacks.[12:38:19] <wh1zz0> uhmmm... I see[12:38:22] <wh1zz0> True...[12:38:33] <wh1zz0> Especially when 10000 is open[12:38:43] <sep> also the things you have problem with (forward and revers dns) is not local to your machine, forward dns is done at your registrars dns pagem, and revers dns is done at your isp, or hosting provider[12:38:46] <wh1zz0> And people know you're using webmin[12:39:25] <sep> also i recomend your give your server a real name, and not use just the domain name.[12:39:49] <wh1zz0> Okie lemme texplain a little... I hosted my dns through webmin and set the nameservers ns1.zebraconnect.org and ns2 on my registrar panel[12:40:30] <sep> wh1zz0, so you hos your own forward dns ?[12:41:08] <wh1zz0> okie so now 3 things.. hostname -f gives me the domain.. I'll change that.. 2) i'll re-configre /etc/postfix/master.cf and main.cf 3) DNS ... but I wan't to host my DNS and not use 3rd party[12:41:31] <sep> also the reason they demand 2 nameservers is for rendundancy. something you cripple when both point to your server :)[12:42:10] <wh1zz0> uhmmm... 4)... so my major problems now are how to do 3 and 4[12:42:16] <wh1zz0> via command line[12:42:20] <sep> wh1zz0, when it comes to revers dns, you do not have a choise. that is configured by the people owning the ip (your isp or hosting provider)[12:42:58] *** Steve_The_Pirate has joined #postfix[12:42:59] <sep> forward dns is probably just bind ? that's a text file. and very easy.[12:43:38] <sep> but if your domain registrar offers a slavedns service (they copy their config from your dns master) i would use that to get redundant dns[12:46:00] *** Niemi has joined #postfix[12:46:04] <wh1zz0> sep: So are you saying that I cannot configure the reverse dns on my machine?[12:46:18] <wh1zz0> and have my own nameserver?[12:46:53] <sep> you can have your own nameserver for forward dns[12:47:25] <sep> you can not (without doing lots of hoop jumping, and beeing very friendly with your isp) host your own revers dns[12:47:41] <sep> if you have a full /24 then it's normal doing your own revers dns.[12:47:45] <sep> when you have 1... it's not normal[12:47:56] <sep> so just decide on a server name. and stick to it.[12:52:35] *** biggi_mat has joined #postfix[13:07:40] <wh1zz0> okie... will use a server name[13:07:52] <wh1zz0> I was googling a bit..[13:07:55] *** shal3r has joined #postfix[13:08:11] <wh1zz0> I'm still puzzled as to what you mean when you say forward dns in relation to reverse dns[13:10:58] <wh1zz0> sep: I was of the opinion that I can have my own nameservers configured on the machine and have them like ns1 and ns2 e.t.c (this configuration via command line is what I don't know)... So are you saying that I am supposed to use my dedicated server provider's ns on my registrar panel?[13:12:35] <sep> wh1zz0, forward dns = someone type in www.freenode.net, forward dns resolve this to 140.211.167.100 ; this is done by a nameserver often your own. or your domain registrar.[13:13:50] <sep> wh1zz0, revers dns: you send mail to someone. they know your ip, and they try to find the name. using revers dns 37.59.242.168 -> ; this is also done using nameservers, but it's the isp's nameserver, and not your domain registrars name servers.[13:13:56] <wh1zz0> sep: Where does ISP come in? I bought a dedicated server and also bought a domain.. trying to configure the mail..installed postfix but DNS not configured properly.. From your explanation this improper config is what is causing mails to bounce[13:14:15] <sep> if you get many ip's from your isp. you can get your block delegated to your own nameserver, but that's uncommon for just 1 ip[13:14:45] <sep> you rent a dedicated server? then normally the people you rent the server from, are your server's isp.[13:15:10] <sep> so they might have a webpage where you can enter the wanted revers dns. or you just talk to the people there.[13:15:33] <wh1zz0> Owh okie yeah... cool... Just didn't call them ISP.. usually called them hosting providers[13:17:35] <wh1zz0> So reverse DNS is like a whois[13:18:17] <sep> wh1zz0, reversdns is like dns, only revers[13:18:40] <wh1zz0> Usually on shared hosting... When I buy a host.. I simply just use the ns server on the domain registrar and then it propagates[13:19:22] <wh1zz0> but this is my own dedicated hosting with my own IP.. are you saying that I am supposed to obtain the ISP nameservers and use on my registrar?\[13:21:30] <Natureshadow> I have a setup here that resolve virtual aliases to lcoal mailboxes (foo at example dot com -> foo@$myhostname). Now I want to send all mail for all aliases resolved to foo to another smtp server. I am doing this with transport_maps, but then postfix uses the foo@$myhostname address as envelope recipient. Can I somehow make it use the original address as recipient?[13:22:11] <sep> wh1zz0, the normal way for this when you have only 1 ip. is you pick up the phone, and call the people that own your ip (isp or hosting provider), and you say hey, you know this server i am renting from you guyes. i need to set a revers dns name on it's ip. the ip is .. 37.59.242.168, and i would like to resolve it to wh1zz0-uber-server.zebraconnect.org.[13:22:16] <sep> and they fix that for you.[13:23:00] <sep> Natureshadow, put the transport map on the orginal recipient ?[13:23:09] <wh1zz0> sep: ooo I see[13:23:15] *** chaozzbubi is now known as ChaozZBubi[13:23:18] <Natureshadow> sep: that'd be in virtual_transport_maps then, right?[13:23:35] *** mi has quit IRC[13:25:21] <Natureshadow> sep: if I put it in virtual_aliases AND in transport_maps, it resolves the alias and then asks transport_maps[13:25:37] <Natureshadow> if I do not put it in virtual_aliases and only in transport_maps, it rejects mail because the alias is unknown[13:26:15] <sep> Natureshadow, i fear that might not be possible...[13:26:45] *** lukasg has joined #postfix[13:26:53] <wh1zz0> sep: when I do a traceroute it shows me this.. server3.ultimatehostings.com[13:27:33] <sep> just do a normal revers dns lookup with host or dig[13:27:50] <sep> eg # host 37.59.242.168[13:27:50] <sep> Host 168.242.59.37.in-addr.arpa. not found: 3(NXDOMAIN)[13:28:33] <sep> whe it's configured it should show something like $ host 8.8.8.8[13:28:33] <sep> 8.8.8.8.in-addr.arpa domain name pointer google-public-dns-a.google.com.[13:30:14] <wh1zz0> uhmm... I see[13:30:33] <wh1zz0> And there's no way for me to configure this?[13:30:57] <sep> sure there is, you configure it with a phone, or a email to your hosting providers support address.[13:31:04] <wh1zz0> Lol[13:31:10] <wh1zz0> No I mean.. On my own[13:31:30] <sep> well you can become a LIR with RIPE, (or your reginal IP registry)[13:31:41] <sep> and pay the membership fee.[13:31:53] <wh1zz0> Uhmm[13:31:56] <sep> and then you will eventually get an allocation of /20 ip's or something[13:32:20] <sep> it's a heck of a paper work where you have to predict your ip requirements 3 years into the future.[13:32:23] <_NiC> Or apply for a job at your ISP.. :)[13:32:45] <sep> then you can configure a few nameservers that you can register in ripe's whois registry[13:34:22] <wh1zz0> Lol[13:34:23] <wh1zz0> Whew[13:34:39] <wh1zz0> See how this is all turning out[13:35:01] <lukasg> hey everyone - I'd like to configure my postfix to prevent a local application that's gone wild from sending out thousands of copies of the same mail.[13:35:09] <wh1zz0> In the name of having aol and live accept my mail.. great[13:35:12] <lukasg> I found information on how to do rate limiting / staggering, but I don't want to just delay the messages, but drop them (remove them from the queue alltogether) after a certain limit is reached[13:35:36] <lukasg> Could anyone give me a quick part on the "remove from queue" part?[13:35:38] *** Ironhand has joined #postfix[13:35:41] <lukasg> *quick pointer[13:38:04] <Ironhand> hello, is there some way to set up postfix so that mail will be deferred when the system load average is above a certain value? (I'm aware this is not a very "clean" solution, it would be a temporary thing)[13:40:00] *** mi has joined #postfix[13:40:42] *** nuomi has quit IRC[13:40:45] *** nuomi1 has joined #postfix[13:40:48] *** Natureshadow has quit IRC[13:40:57] *** Natureshadow has joined #postfix[13:54:44] *** codin has quit IRC[13:54:54] <koobs> Ironhand; have you tried nice/renice ?[13:55:27] <koobs> Ironhand; im not familiar with anything that you can do with postfix natively to get that kind of funtionality. what are you trying to achieve out of interest?[13:55:30] *** codin has joined #postfix[13:57:35] <Ironhand> koobs: I'm dealing with an under-specced server running several VM's which for practical reasons cannot be upgraded on short term... it gets regular load spikes that often lead to a snowball effect causing >100 system loads, most likely due to the VM's running out of real memory and resorting to swapspace[13:58:25] *** codin has quit IRC[13:58:25] <sep> wh1zz0, it's perfectly normal that the isp maintains the revers dns nameservers. just live with it ! it's not like you change ip all the time anyway[13:58:43] <Ironhand> I've found that temporarily stopping postfix when load starts to climb prevents it from happening at all, but doing it manually isn't reliable enough and scripting stop / start feels just a bit too dodgy[13:59:30] <tuxick> better add some limits then[13:59:49] <sep> Ironhand, http://www.postfix.org/TUNING_README.html[13:59:55] <wh1zz0> sep so the reverse dns is the reason why aol and live are not accepting?[14:00:08] <sep> wh1zz0, as well as 60% of the rest of the internet[14:00:20] <wh1zz0> Uhmm[14:00:34] <sep> and it's ONE of the reasons, the other beeing your helo name. that may or may not be sane[14:00:54] <wh1zz0> What's that?[14:01:03] <sep> when those basics are in place you can look at things like spf, and dkim as additional measures[14:01:04] <wh1zz0> My host name?[14:01:42] <sep> when your mail server send mail. it connects to aol.com and say HELO my name is something.zebraconnect.com[14:01:53] <sep> aol.com will check this name for sanity.[14:02:11] <Ironhand> sep / tuxick: I've looked at that, unfortunately the load usually isn't due to postfix itself, but to other VM's eating up most of the disk I/O swapping... I'd like to make postfix just defer all mail when the load is too high and resume when it gets "normal" again, as realtime mail delivery isn't a requirement[14:02:12] *** codin has joined #postfix[14:02:36] <sep> wh1zz0, it's basicaly what you have configured the line myhostname in your main.cf[14:03:20] <jwing> wh1zz0: http://www.linuxmagic.com/best_practices/[14:05:02] <jwing> and.. here's Google's specific recommendations: http://support.google.com/mail/bin/answer.py?hl=en&answer=175365[14:05:26] <jwing> basically.. if you are going to send mail out, you need to pay attention to best practices/recommendations from other ISPs.[14:05:32] <jwing> Otherwise, you will get rejected[14:06:02] *** nuomi1 has quit IRC[14:06:08] *** nuomi has joined #postfix[14:06:28] <jwing> AOL has a recommendations page as well. http://postmaster.aol.com/Postmaster.Guidelines.php[14:06:38] *** OpenSys has quit IRC[14:07:13] <jwing> !best_practices[14:07:13] <knoba> jwing: Error: "best_practices" is not a valid command.[14:07:26] <jwing> bummer.. we should have one for that[14:09:08] <wh1zz0> jwing: gmail and yahoo accept my mails[14:09:22] *** OpenSys has joined #postfix[14:09:38] <jwing> If you are having problems sending to AOL.. read their best practices and make sure you comply[14:14:42] *** Terminus has quit IRC[14:17:55] *** mroe has joined #postfix[14:17:56] *** mroe has joined #postfix[14:21:13] *** mi has quit IRC[14:22:00] <wh1zz0> sep and jwing thanks for this .... I will tart configuring, take the above measures and see how it goes[14:23:54] *** [diablo] has joined #postfix[14:23:55] *** [diablo] has joined #postfix[14:25:19] <jwing> !best_practice[14:25:19] <knoba> jwing: Error: "best_practice" is not a valid command.[14:25:35] <jwing> Hmm.. still doesn't work.. must not like me[14:26:43] <jwing> !best_practice[14:26:43] <knoba> jwing: "best_practice" : A best practice is a method or technique that has consistently shown results superior to those achieved with other means, and that is used as a benchmark. ISP's provide recommendations and best practices for sending mail to them. AOL: http://postmaster.aol.com/Postmaster.Guidelines.php, Google: http://support.google.com/mail/bin/answer.py?hl=en&answer=175365 General: http://www.linuxmagic.com/best_practice[14:26:53] <jwing> ahh.. there we go. following right syntax helps[14:30:14] *** Section1 has joined #postfix[14:38:28] *** nuomi has quit IRC[14:41:17] *** mroe has quit IRC[14:43:03] *** Terminus has joined #postfix[14:47:04] *** [diablo] has quit IRC[14:48:29] *** MaximusColourum has joined #postfix[14:56:45] *** Quadro has quit IRC[14:59:16] *** Quadro has joined #postfix[14:59:21] *** __gilles has joined #postfix[15:00:22] *** cvelde has joined #postfix[15:04:38] *** robinho86 has joined #postfix[15:20:31] *** Allex944 has joined #postfix[15:23:44] *** mroe has joined #postfix[15:23:44] *** mroe has joined #postfix[15:35:31] *** Allex944 has left #postfix[15:36:22] *** Belial_ has joined #postfix[15:39:32] *** Aurica has joined #postfix[15:42:40] *** Silowyi has quit IRC[15:48:27] *** Silowyi has joined #postfix[15:49:35] *** znull has quit IRC[15:50:55] *** Silowyi has quit IRC[15:51:02] *** Silowyi has joined #postfix[15:51:39] *** Aurica has quit IRC[15:53:17] *** Aurica has joined #postfix[15:56:40] *** Silowyi has quit IRC[15:58:02] *** elex111119 has joined #postfix[16:07:17] *** voidy has joined #postfix[16:07:30] <voidy> greetings[16:08:29] <voidy> does message_size_limit have to be < or <= mailbox_size_limit?[16:09:50] <voidy> it does say in the docs for mailbox_size_limit : "This limit must not be smaller than the message size limit."[16:10:03] <voidy> so I think it's OK that I set it to be the same, I just wanted to make sure :)[16:11:47] *** shoonya has joined #postfix[16:21:19] *** shoonya has quit IRC[16:24:23] *** biggi_mat has quit IRC[16:27:27] <wh1zz0> sep: in /etc/postfix/main.cf ... Am I supposed to change these IPs to my IP? #mynetworks = 168.100.189.0/28, 127.0.0.0/8[16:27:35] *** BuenGenio has quit IRC[16:27:58] <wh1zz0> Or just remove the # and leave it alone like that[16:27:59] <wh1zz0> ?[16:28:14] <Dominian> Those should be your IPs[16:28:17] <Dominian> !mynetworks[16:28:17] <knoba> Dominian: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[16:28:38] <wh1zz0> Hmm.. I see.. thanks[16:32:00] *** znull has joined #postfix[16:32:32] *** mroe has quit IRC[16:32:50] *** elex111119 has quit IRC[16:49:36] *** rezmuh has joined #postfix[16:57:22] <rezmuh> Hello, I'm running postfix+virtual users+postgresql+dspam+opendkim+policyd-spf-python in Ubuntu 11.04. The server is on amazon ec2 (m1.small). my postfix has been not responding when there are relatively many requests at the same time. I've been testing with smtp-source with 10 parallels connection and 10 messages and it is taking very long. Here's my postconf-n result: http://pastebin.com/U25u0mA7. Can anyone help me out where the possible bo[16:57:22] <rezmuh> ttlenecks are?[16:58:54] <rezmuh> Btw, the command I used for smtp-source is: $ smtp-source -s 10 -l 5120 -m 10 -c -f virtual.recipient at mydomain dot com -t other.virtual.recipient at mydomain dot com -S smtp-source localhost:587[17:02:28] *** Steve_The_Pirate has quit IRC[17:06:35] *** d3c has joined #postfix[17:10:34] <patdk-wk> rezmuh, what do you expect?[17:11:37] <patdk-wk> m1.small has 1 cpu[17:11:46] <patdk-wk> your loading it down 10x[17:11:48] *** d3c has quit IRC[17:11:51] <rezmuh> is it normal to get that kind of smtp-source testing to finish at 4 minutes (and sometimes more)?[17:12:13] <patdk-wk> dspam, dkim, policyd, spf, all take time too[17:12:21] <rezmuh> hm, ic[17:12:23] <patdk-wk> hopefully your running a dns server on that server also[17:13:24] <rezmuh> no i am not. i presume running a dns server is to make dns lookup faster?[17:14:52] <rezmuh> btw, i'm currently running another smtp-source at the moment, top says:[17:14:54] <rezmuh> 22:14:11 up 2 days, 8:48, 1 user, load average: 0.17, 0.52, 0.37[17:14:59] <tharkun> How big is an ec2? how much ram and how many virtual processors[17:15:28] <rezmuh> m1.small is only 1 ECU with 1.7GB of RAM and i am using 1GB swap[17:15:43] <rezmuh> and this is running on EBS[17:16:42] <rezmuh> so yeah, the CPU constraints and the EBS are suspect but I am just not sure whether it's my config that is not good enough, or is that as much postfix can handle with the current server..[17:18:25] <tharkun> rezmuh: logs should give you a hint on how your server is performing. You might want to set up postscreen to avoid starting expensive processes.[17:18:43] <patdk-wk> if your dspam database is constantly looking for data from ebs, that will be painful[17:19:33] <rezmuh> tharkun: that's the thing.. when i run smtp-source, there are times when the counter kind of stall. During that time, there is nothing running on the log and no activity from tcpdump either[17:20:04] <tharkun> rezmuh: smtp-source also uses resources. :-)[17:20:46] <tharkun> Think of it as using mtr to spot network botlenecks. The trafic of it will cause more botlenecks :D[17:21:33] <rezmuh> patdk-wk: i tried changing the virtual_transport to dspam just to see if it made a difference but it didn't show alot of differences[17:23:09] <rezmuh> that makes sense. let me see if i run smtp-source from a different host[17:23:35] <wh1zz0> On my domain registra pagem I already set my nameservers to ns1.domain.org and ns2.domain.org and I wanna host my DNS on my dedicated box.....How do I set up nameservers e.g ns1.domain.org and ns2.domain.org on my box from command line.. Which config files??[17:24:13] <patdk-wk> this isn't #dns[17:25:08] <rezmuh> so actually the problem i have is, i have about 80 virtual users in this server. When those users try to access the mail server at the same time and some of them try to send emails.. postfix seem to not be responding.. so that smtp-source is just a way i try kind of mimic the usage..[17:25:35] <tharkun> wh1zz0: /j #dns or /j #your_dns_server_here[17:26:51] <wh1zz0> Thank you.. I initially tried #ns but no one there... in now[17:27:42] <tharkun> rezmuh: hmm My personal point of view is to get the most apropiate tool for the job. Postgres is not precisely the best db to be run on a VPS so *"I"* might change it for SQLite and I would get rid of SPF checking since there are "many" sites that have them unproperly set.[17:28:11] <tharkun> Also how do your users retrieve their mail?[17:28:34] <rezmuh> imap and webmail[17:29:03] <tharkun> so you also have an http server on the machine?[17:29:25] <rezmuh> yeah, only for hosting that one virtualhost[17:30:22] <tharkun> rezmuh: Haven't you amused the idea of hosting google on your vps? What do you expect of your system :-)[17:32:00] <rezmuh> yeah, i have moved the other domains to google.. i just can't move this one because the owner doesn't want to pay extra for google apps (since they have more than 50 emails)[17:32:16] *** tjikkun_work has quit IRC[17:33:33] <tharkun> rezmuh: You will have to optimize your most scarce resource which hapens to be cpu cycles. It is not something only relevant to postfix. If your client is cheap then he gets a cheap service.[17:33:50] *** jegade has left #postfix[17:34:37] <rezmuh> alright.. so the biggest chance of my postfix problem is on the CPU then, right? Not necessarily the config[17:34:38] <rezmuh> ?[17:35:28] *** zorg1 has quit IRC[17:35:36] <tharkun> rezmuh: That is my personal wag. You can allways optimize a single program to a certain point. yours is a bit more complex problem you need to optimize your system globaly[17:35:49] *** p3rror has joined #postfix[17:36:41] <tharkun> Also take a look at postscreen it might save you some cpu cycles. Also plan on how you use postgres on your server. You might be better off without it.[17:36:55] <tharkun> Also take a look at other webservers that use up less resources.[17:37:17] <tharkun> You might find a lot of ram and cycles twisting your httpd server config[17:37:25] <tharkun> 80 users is no big deal[17:37:32] *** nowthatsamatt has joined #postfix[17:37:33] <rezmuh> well it is already using nginx[17:37:55] <rezmuh> and since the webmail is a django app, it's using uwsgi[17:38:25] <rezmuh> right, i'll check on postscreen.. i've never really looked at that[17:38:43] <tharkun> Take a look at the postgresql usage. It doesn't play nice on vps systems[17:39:06] <tharkun> django can use sqlite as well as postfix and dovecot[17:41:04] <rezmuh> yeah, i might as well try that and see if it makes alot of difference[17:41:23] <tharkun> rezmuh: vmstat is your friend as well as free[17:41:34] <rezmuh> and i guess there is also an option of load balancing the outgoing email, right?[17:42:46] <tharkun> rezmuh: How you do your magic is your choice. That is the beauty of it :-)[17:43:40] <rezmuh> hehe.. :D[17:43:44] <rezmuh> thanks for the tips though[17:43:59] <tharkun> yw[17:44:53] *** wdp_ has quit IRC[17:45:06] *** BuenGenio has joined #postfix[17:48:00] *** nowthatsamatt has left #postfix[17:50:05] *** Rich_Morin_ has joined #postfix[17:51:54] <Rich_Morin_> Does Postfix have a setting that will make it reject and/or report outgoing mail attempts from unusual accounts (eg, the web server)?[17:52:15] *** mfridh has joined #postfix[17:56:17] <tharkun> !tell Rich_Morin_ adress_classes[17:56:18] <knoba> tharkun: Error: No factoid matches that key.[17:56:38] <tharkun> !tell Rich_Morin_ address_classes[17:56:38] <knoba> Rich_Morin_: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[17:58:52] <lunaphyte> !tell Rich_Morin_ authorized_submit_users[17:58:52] <knoba> Rich_Morin_: "authorized_submit_users" : List of users who are authorized to submit mail with the sendmail(1) command (and with the privileged postdrop(1) helper command).[18:03:41] <Rich_Morin_> Thanks; http://www.postfix.org/postconf.5.html#authorized_submit_users looks like just the ticket![18:11:34] *** ced117 has joined #postfix[18:11:34] *** ced117 has joined #postfix[18:17:50] <Rich_Morin_> Most of our role account names start with underscores (eg, _www). Can I use something like this: "authorized_submit_users = !/^_/, static:all" ?[18:20:52] <lunaphyte> itym service accounts[18:21:04] <lunaphyte> anyway, tias.[18:21:40] *** mroe has joined #postfix[18:21:40] *** mroe has joined #postfix[18:26:22] *** roe_ has joined #postfix[18:26:23] *** roe_ has joined #postfix[18:27:26] *** MaximusColourum_ has joined #postfix[18:27:47] *** mroe has quit IRC[18:28:14] *** MaximusColourum has quit IRC[18:28:15] *** MaximusColourum_ is now known as MaximusColourum[18:30:55] *** biggi_mat has joined #postfix[18:33:25] <Rich_Morin_> kthxbye[18:48:54] *** cvelde has quit IRC[18:48:56] <wh1zz0> sep thanks.. I finally got everything setup.. the only thing left/remaining is to contact my ISP and have them setup the Reverse DNS.[18:49:37] <wh1zz0> This post made me understand RDNS fully.. http://www.crucialp.com/resources/tutorials/web-hosting/how-reverse-dns-works-rdns.php[18:55:33] <lunaphyte> the biggest problem people have when trying to understand "reverse" dns is that they think they need to understand reverse dns.[18:55:52] <lunaphyte> that is to say - they think that reverse dns is somehow "different" than forward dns. it is not.[18:57:18] <tharkun> etyhpanul: erus aey[18:59:25] *** OliveiraBorges has joined #postfix[18:59:36] <OliveiraBorges> somebody help me with postfix[19:00:54] *** sh0b__ has joined #postfix[19:01:01] <tharkun> !tell OliveiraBorges welcome[19:01:01] <knoba> OliveiraBorges: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:07:49] *** nsouer has joined #postfix[19:08:03] <nsouer> !welcome[19:08:03] <knoba> nsouer: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:10:31] <OliveiraBorges> I need to send email from domain that not be the localhost.[19:15:33] *** jwing has quit IRC[19:19:34] <wh1zz0> lunaphyte: Yes well.. you are right[19:29:31] *** biggimat has joined #postfix[19:33:15] *** chadmaynard has quit IRC[19:33:21] *** biggi_mat has quit IRC[19:41:57] *** gerhard7 has quit IRC[19:45:55] *** Motoko-chan has joined #postfix[19:46:34] *** Section1 has quit IRC[19:50:09] *** Section1 has joined #postfix[19:52:01] <wh1zz0> sep lunaphyte :: I found this.. http://www.philchen.com/2007/04/04/configuring-reverse-dns ...<<< Meaning, it can be done without contacting the ISP, contrary to what sep mentioned earlier.[19:53:01] <patdk-wk> wh1zz0, heh? he doesn't even use valid ip addresses[19:53:14] <patdk-wk> and when you have your nameserver do things, yes, you can OVERRIDE anything[19:53:21] <patdk-wk> but it won't work for anyone else, than you[19:53:36] *** roe_ has quit IRC[19:54:01] <wh1zz0> What do you mean by anyone else?[19:54:11] <patdk-wk> anyone that DOESN"T use your nameserver[19:54:25] <wh1zz0> Give an example[19:54:35] <patdk-wk> anyone that isn't you[19:54:43] <patdk-wk> anyone you send email to :)[19:54:58] <wh1zz0> Whew.... so that defeats the purpose[19:55:09] <patdk-wk> that is why you have to contact your isp :)[19:55:12] <patdk-wk> or whoever gave you that ip[19:55:58] <wh1zz0> hmm.. I see a couple of good comments.. I'll give it a try and see if it works[19:56:25] <rob0> You need to make your full understanding of reverse DNS a bit more full.[19:56:33] <tharkun> !VPS[19:56:33] <knoba> tharkun: "VPS" : A Virtual Private Server is an affordable alternative to running a mailserver at home with a consumer-grade ISP connection. See also !port_25_block and !pbl[19:56:46] <tharkun> wh1zz0: ^^ eventually you will need it[19:56:49] <wh1zz0> Using my the ISP gotten from my ISP.... thing is.. why would he even put up the tutorial[19:57:19] <rob0> I suppose a lot of people have put up tutorials about things they don't understand.[19:57:20] <wh1zz0> tharkun: I have a dedicated server[19:57:33] <patdk-wk> the tutorial is fine[19:57:33] <wh1zz0> rob0: Well.. that, true[19:57:46] <patdk-wk> it talks about setting up reverse dns for stuff BEHIND your NAT[19:57:57] <wh1zz0> patdk-wk: I think he just used local ip addresses just as an example[19:57:59] <patdk-wk> stuff the internet can't access anyways, so who cares if they have internet accessable rdns[19:58:14] <patdk-wk> as an example on how to setup rdns yes[19:58:21] <patdk-wk> but no example on how to *deligate* rdns[19:58:30] <wh1zz0> Hmm[19:59:40] <tharkun> wh1zz0: You will eventually need it even for your dedicated server, because your ISP might not give you a proper dns/rdns set up.[20:00:15] <wh1zz0> Ahh[20:00:24] <wh1zz0> I'll give it a try[20:00:56] <patdk-wk> the question is, will his isp be willing to deligate it, or will he have to call and have them update it[20:01:15] <patdk-wk> this whole thing is pointless, unless they are willing to deligate it, and they normally aren't, unless you have a full /24[20:01:20] <wh1zz0> Will it not deligate automatically?[20:01:29] <wh1zz0> Since it's on the server[20:01:44] <patdk-wk> since when was anything automatic?[20:01:55] <patdk-wk> and no, that would be single point of failure[20:02:15] <wh1zz0> uhmm[20:02:28] <tharkun> Now you can check your rdns config with this dig +short $(dig +short -x your.ip.here.xx)[20:02:46] <tharkun> and your result should be the same as your initial ip[20:04:02] <wh1zz0> I think I may end up cancelling the dedi and buying from another ISP cuz the folks at my current hosting are REALLY SLOW![20:04:14] <wh1zz0> Arrrrrrrrgh[20:04:30] <wh1zz0> No response on this till now[20:04:48] <patdk-wk> they don't have a webinterface you can update the rdns yourself?[20:04:56] <patdk-wk> that is how it's normally handled[20:05:11] <wh1zz0> Nah they don't[20:06:21] <tharkun> wh1zz0: So you have a dedicated server on a proper datacenter. Set up a service ticket they should take a look at it promptly.[20:06:47] <wh1zz0> Already did that.. no response yet[20:06:53] <jimpop> wh1zz0: your IP (37.59.242.168) is from OVH ? If so, good luck...[20:07:02] <patdk-wk> they are unlikely to set rdns also, unless proper forward dns is working correctly too[20:07:26] <wh1zz0> yes my forward/standard dns is working perfectly[20:07:27] *** jwing has joined #postfix[20:07:30] <wh1zz0> I already set that up[20:07:36] *** mroe has joined #postfix[20:07:36] *** mroe has joined #postfix[20:07:46] <wh1zz0> jimpop: yeah.. wit ovh[20:07:57] <wh1zz0> jimpop: Have any experience with them?[20:08:23] <jimpop> yeah, everything I see from their netblock is spam[20:08:43] <patdk-wk> same here[20:09:46] *** rzimmermann has quit IRC[20:09:58] <wh1zz0> hmmm[20:10:09] <wh1zz0> how do you check that?[20:11:34] <tharkun> wh1zz0: out of curiosity have you checked if the ip they gave you is blacklisted?[20:11:38] *** snearch has joined #postfix[20:11:53] <wh1zz0> tharkun: Yea, that was the first think I checked[20:12:11] <wh1zz0> tharkun: It's not blacklisted. I checked spamhaus, and used mxtools[20:12:27] <wh1zz0> thing*[20:12:29] <tharkun> !dnsbl[20:12:29] <knoba> tharkun: "dnsbl" : DNS zones that can help your mail server to determine if an IP address is trusted. It's a great way to fight spam. See http://www.spamhaus.org/ZEN/ http://www.au.sorbs.net/ http://www.dnsrbl.net/ http://www.spamcop.net/ http://www.mail-abuse.org/ http://www.rfc-ignorant.org/[20:12:43] <OliveiraBorges> How do i calculate how many messages can i send per hour in my postfix[20:12:54] <jimpop> the reason it's not blacklisted is that people already block it... no need to blacklist something that is already on the radar. ;-)[20:13:06] <wh1zz0> jimpop: Huh?[20:13:16] <wh1zz0> jimpop: I;m sorry, repeat/explain that[20:13:31] <tharkun> !tell OliveiraBorges goal[20:13:31] <knoba> OliveiraBorges: "goal" : describe your goal, not what you think the solution is[20:14:09] <jimpop> wh1zz0: for the past 5 to 6 years I've seen people list all the IP ranges for OVH. Those IPs were blocked from many mailservers.[20:16:23] <OliveiraBorges> knoba: I have a server with 3MBPS. I want to send 50.000 e-mails. How long I will send them[20:17:37] <wh1zz0> OliveiraBorges: knoba is a bot[20:17:46] <wh1zz0> jimpop: Hmmm[20:18:07] <wh1zz0> jimpop: So, in other words, OVH is no good[20:18:39] <jimpop> wh1zz0: imho, yes[20:19:05] <patdk-wk> OliveiraBorges, send to who? what size?[20:19:29] <patdk-wk> normally the issue with sending emails is, people only accept them so fast from you, the less spammy they look, some will even accept faster[20:19:39] <jimpop> wh1zz0: a mailserver, inside OVH, will routinely have trouble sending email to servers outside of OVH.[20:20:47] <OliveiraBorges> patdk-wk: For my mailing list, 40k each message[20:22:20] *** hparker has quit IRC[20:22:20] <patdk-wk> I would say, it will take a few days, atleast till you do it a few times, then it should get faster as your reputation builds up[20:24:16] <wh1zz0> Okie now lemme ask this crucial question.... must the RDNS match with the Forward DNS? For example, If I have a new server which already points to a certain PTR but has no standard DNS and I configure my own standard DNS with a domain which is different from what is on the rDNS.. will I be good to go?[20:24:32] <rob0> !fcrdns[20:24:32] <knoba> rob0: "fcrdns" : http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS : your IP address should resolve to $myhostname, which in turn should resolve back to your IP. This is very important if you want big sites to accept your mail. If you can't have it from your ISP, see !relayhost[20:25:54] <wh1zz0> Hmmm[20:25:54] <OliveiraBorges> patdk-wk: Will be my first send with new server. I configured SPF, REVERS DNS, DKIM . I will got good results ?[20:26:31] <patdk-wk> I'm not going guarentee anything, depends on what else is around you, used that ip space, ...[20:26:37] <patdk-wk> and PRIVATE MESSAGES are evil[20:29:30] *** hparker has joined #postfix[20:29:30] *** hparker has joined #postfix[20:33:30] *** gerhard7 has joined #postfix[20:33:41] <OliveiraBorges> When i to send 1 milion, when providers will put my emaisl in trash ?[20:35:11] *** breaker313 has joined #postfix[20:35:28] *** happymeerkat has joined #postfix[20:41:29] *** hparker has quit IRC[20:41:55] *** mroe has quit IRC[20:48:14] <rezmuh> tharkun: you're right about my problem. Just finished migrating my db for virtual users from pgsql to sqlite. It runs *a lot* faster. thanks again.[20:49:43] *** happymeerkat has quit IRC[20:54:48] *** sh0b has joined #postfix[20:58:22] *** sh0b has quit IRC[20:58:40] *** sh0b___ has joined #postfix[20:59:22] *** cps0 has joined #postfix[21:00:41] <sh0b___> hi all[21:00:49] <sh0b___> i have a question[21:00:50] <sh0b___> if /^To:.*user at domain\ dot com/[21:00:51] <sh0b___> endif[21:01:03] * patdk-wk notes that isn't a question :)[21:01:19] <sh0b___> :P[21:01:32] <patdk-wk> !tell sh0b__ welcome[21:01:32] <knoba> sh0b__: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[21:01:33] <sh0b___> if /^To:.*user at domain\ dot com/[21:01:34] <sh0b___> endif[21:01:38] <sh0b___> this is correct ? :S[21:02:07] <sh0b___> "if /^To:.*user at domain\ dot com/"[21:02:20] <sh0b___> "/^Subject:(.*)/ REPLACE Subject: [prefix] ${1}"[21:02:28] <sh0b___> "endif"[21:02:36] <patdk-wk> it was correct, till you put that subject line in there[21:02:57] <patdk-wk> you seem to fail to understand how the header file works[21:03:03] <patdk-wk> it matchs ONE line at a time[21:03:35] <sh0b___> Yes, it is rare but does not work when I try to send to user @ domain[21:03:48] <patdk-wk> like I said, it matchs ONE line, at a time[21:03:54] <patdk-wk> not TWO, not ALL HEADERS[21:03:54] <sh0b___> amm[21:04:38] <sh0b___> and how do I get tag the mail? :|[21:04:50] <patdk-wk> it can't, it's too complex[21:04:57] <patdk-wk> have to use something else to do it[21:05:32] *** Steve_The_Pirate has joined #postfix[21:07:40] <sh0b___> that's bad, I lost much time trying to do haha thanks![21:08:34] <sh0b___> you know something I can use to do? is for an alias[21:08:50] *** sh0b__ has quit IRC[21:20:40] *** Motoko-chan has quit IRC[21:21:40] *** Chiku|dc has joined #postfix[21:21:43] <Chiku|dc> hi[21:23:05] <Chiku|dc> about transport_maps, if I have 1 hash: which domain matched and another hash %s matched. which is the order ?[21:23:34] <Chiku|dc> it looks like specific one got priority[21:24:42] <Chiku|dc> how can i override this ? the domain matches got priorities ?[21:30:14] *** rotbeard has joined #postfix[21:30:54] *** rotbeard has quit IRC[21:33:36] *** Motoko-chan has joined #postfix[21:41:58] *** wdp has joined #postfix[21:41:59] *** wdp has joined #postfix[21:50:48] *** Areckx has quit IRC[22:01:08] *** Section1 has quit IRC[22:03:28] *** ced117 has quit IRC[22:12:16] *** shinao1 has joined #postfix[22:13:18] *** shinao1 has quit IRC[22:16:11] *** mroe has joined #postfix[22:16:11] *** mroe has joined #postfix[22:22:46] *** BuenGenio has quit IRC[22:23:26] *** BuenGenio has joined #postfix[22:28:51] *** Steve_The_Pirate has quit IRC[22:32:31] *** Motoko-chan has quit IRC[22:32:39] *** wh1zz0 has quit IRC[22:32:46] *** sh0b___ has quit IRC[22:34:22] *** lukasg has quit IRC[22:35:31] *** rmayorga has quit IRC[22:39:38] *** rmayorga has joined #postfix[22:39:38] *** rmayorga has joined #postfix[22:40:00] *** breaker313 has quit IRC[22:42:40] *** p3rror has quit IRC[22:45:13] *** Motoko-chan has joined #postfix[22:50:08] *** snearch has quit IRC[22:52:13] *** wdp has quit IRC[22:52:34] *** cps0 has quit IRC[22:55:34] *** p3rror has joined #postfix[22:59:38] *** nsouer has left #postfix[23:01:40] *** tr-808 has quit IRC[23:03:49] *** gerhard7 has quit IRC[23:08:03] <adaptr> !tell Chiku|dc: transport[23:08:03] <knoba> Chiku|dc:: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[23:08:09] <adaptr> explained in detail[23:11:51] *** OliveiraBorges has quit IRC[23:12:34] *** a90342 has quit IRC[23:12:41] *** s0ber has quit IRC[23:13:40] <tmberg> !mta[23:13:40] <knoba> tmberg: "mta" : Mail Transfer Agent: software that facilitates the transfer of mail messages between hosts[23:14:16] *** s0ber has joined #postfix[23:14:19] *** tr-808 has joined #postfix[23:20:50] *** rezmuh has quit IRC[23:21:42] *** danblack has joined #postfix[23:24:31] *** biggimat has quit IRC[23:25:42] *** wh1zz0 has joined #postfix[23:26:06] *** a90342 has joined #postfix[23:29:20] *** p3rror has quit IRC[23:34:55] *** e-anima has quit IRC[23:40:32] *** Hans67521 has joined #postfix[23:41:54] *** p3rror has joined #postfix[23:45:52] *** wh1zz0 has joined #postfix[23:46:50] *** hparker has joined #postfix[23:46:50] *** hparker has joined #postfix[23:47:35] *** [diablo] has joined #postfix[23:47:36] *** [diablo] has joined #postfix[23:55:16] *** tr-808 has quit IRC[23:55:58] *** tr-808 has joined #postfix[23:56:45] *** p3rror has quit IRC