June 27, 2012 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 27, 2012 [00:00:59] *** shinao1 has quit IRC[00:03:59] *** jkfod has joined #postfix[00:04:24] *** jkfod has quit IRC[00:07:27] *** robinho86 has left #postfix[00:09:34] *** chadmaynard has joined #postfix[00:16:31] *** Rich_Morin_ has left #postfix[00:20:25] *** amir_ has joined #postfix[00:32:31] *** uqlev has joined #postfix[00:34:08] *** amir_ has quit IRC[01:01:20] *** Steve_The_Pirate has quit IRC[01:06:59] *** shinao1 has joined #postfix[01:15:20] *** MaximusColourum has quit IRC[01:17:58] *** heller_barde has quit IRC[01:19:12] *** amir has joined #postfix[01:31:28] *** uqlev has quit IRC[01:31:55] *** shinao1 has quit IRC[02:08:36] *** lunaphyte__ has joined #postfix[02:08:40] *** lunaphyte_ has quit IRC[02:08:41] *** lunaphyte__ is now known as lunaphyte_[02:17:08] *** mroe has quit IRC[02:18:18] *** Rich_Morin_ has joined #postfix[02:30:27] <Rich_Morin_> Can someone help us set up a whitelist for outgoing email? - http://pastie.org/4157411[02:38:17] <lunaphyte> define "account"[02:40:10] <Rich_Morin_> Our OS (Mac OS X) has user accounts. We only want certain users to be able to send email.[02:40:20] <lunaphyte> oh, system users[02:40:34] <lunaphyte> how did you "send email from account ted" exactly?[02:41:16] <lunaphyte> also, if the file that contains the values is /etc/postfix/authorized, then that is what authorized_submit_users should be set to[02:42:36] <lunaphyte> lastly, if using a hash lookup map, you need to use the proper syntax for it in your source file[02:43:12] <Rich_Morin_> Actually, we've tried a number of configurations. The most helpful thing would be to have an explicit (if fictional) example to base our configuration on.[02:43:46] <lunaphyte> better would be to not introduce so many variables at once.[02:44:26] <lunaphyte> the documentation includes a nice, simple example, as you request.[02:45:59] <Rich_Morin_> We've looked in the docs quite a bit - please point out the example and we can discuss it.[02:46:09] *** amir has quit IRC[02:48:18] <lunaphyte> man 5 postconf[02:48:21] <lunaphyte> bbl[02:49:34] *** chadmaynard has quit IRC[02:56:53] <Rich_Morin_> I have simplified things, as suggested - still fails... http://pastie.org/4157411[02:58:56] <rob0> !database[02:58:56] <knoba> rob0: "database" : http://www.postfix.org/DATABASE_README.html provides an overview of how Postfix lookup tables work, and the various types that are implemented.[02:59:05] <rob0> see also hash_table(5)[03:01:43] *** amir has joined #postfix[03:02:38] *** Areckx has quit IRC[03:06:27] <Rich_Morin_> rob0: Was that in response to my query? We've already spent a while looking over the man pages, with little to show for it.[03:07:13] *** nuomi has joined #postfix[03:07:27] <Rich_Morin_> In other news, does anyone have suggestions for log file analyzers?[03:12:14] *** nb has quit IRC[03:19:50] *** amir has quit IRC[03:22:24] *** nb has joined #postfix[03:27:20] *** developish has joined #postfix[03:27:35] *** developish has left #postfix[03:28:41] *** nuomi has quit IRC[03:37:58] *** akcx has quit IRC[03:39:11] *** akcx has joined #postfix[03:40:55] *** aarcane has quit IRC[03:42:58] *** Tormin has quit IRC[03:45:24] *** nuomi1 has joined #postfix[03:45:57] *** mfridh has quit IRC[03:46:06] *** nuomi1 has quit IRC[03:49:00] *** Tormin has joined #postfix[03:53:21] *** BuenGenio has joined #postfix[03:53:47] *** Lunenburg has joined #postfix[03:54:08] <Lunenburg> !welcome[03:54:08] <knoba> Lunenburg: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[03:57:28] <Lunenburg> Hi folks. I'm trying to set up a backup MX with Postfix on Ubuntu 11.10 on Amazon EC2. I've set up the relay_domains file with a list of my domains that I should be doing backup MX for, but whenever mail comes in, it gets hung with "Mail loops back to myself". I'm wondering if this has anything to do with EC2's setup (where the public IP isn't visible within the virtual machine itself). Does anyone have any ideas abou[03:57:29] <Lunenburg> t what might be going wrong? My postconf -n is at https://gist.github.com/03f1c596d0892faf4d88 - I'm stumped.[03:58:06] *** mfridh has joined #postfix[04:01:56] *** amir has joined #postfix[04:02:25] <PatrickDK> what is in relay-domains file?[04:04:11] *** amir has quit IRC[04:04:15] <Lunenburg> A list of domains, one per line.[04:04:16] <Lunenburg> root at ennis:/etc/apparmor dot d# cat /etc/postfix/relay-domains[04:04:16] <Lunenburg> acsurf.com[04:04:17] <Lunenburg> aiduponths.com[04:04:17] <Lunenburg> alpha-eproducts.com[04:04:17] <Lunenburg> alpha-inspect.com[04:04:18] <Lunenburg> alpha-pharm.com[04:04:20] <Lunenburg> (etc)[04:04:35] <Lunenburg> But then I see this in mailq:[04:04:36] <Lunenburg> 38D9626E5 1645 Sun Jun 24 17:46:46 zbznwei at nfza dot net[04:04:36] <Lunenburg> (mail for atlanticleague.com loops back to myself)[04:04:36] <Lunenburg> jklein at atlanticleague dot com[04:04:52] <PatrickDK> well, your missng relayhost[04:05:35] <Lunenburg> For a backup MX, shouldn't it just retry the primary MX once it becomes available? I'm pretty sure when I've set up backup postfix MX's before, I haven't used relayhost.[04:05:55] *** amir has joined #postfix[04:05:57] <PatrickDK> hmm, no[04:06:07] <PatrickDK> a smtp server will try EVERY mx[04:06:18] <PatrickDK> in this case, it couldn't contact the more perfred[04:06:23] <PatrickDK> so it tried the next one, itself[04:06:51] <PatrickDK> and normally it will hold email, till an etrn command is given[04:06:57] <PatrickDK> then flushed to the relay defined[04:07:32] <Lunenburg> I wonder why it's having trouble contacting the preferred MX. It's only, and I can telnet to it on port 25 from the box.[04:08:14] <PatrickDK> normally using a backup mx is a horrible idea[04:09:54] <Lunenburg> Interesting. I've been running backup MX's for quite a while, and have only had this issue on EC2. I moved this MX pretty much verbatim from a Slicehost box, where it didn't experience these issues.[04:13:47] <Lunenburg> Anyway, I'll track that down. Thanks.[04:13:48] *** Lunenburg has quit IRC[04:21:36] *** amir has quit IRC[04:23:00] *** amir has joined #postfix[04:26:28] *** mroe has joined #postfix[04:30:06] *** chadmaynard has joined #postfix[04:33:44] *** trentg has quit IRC[04:35:37] *** trentg has joined #postfix[04:39:38] *** trentg has quit IRC[04:39:38] *** trentg has joined #postfix[05:10:44] *** Areckx has joined #postfix[05:27:14] *** mroe has quit IRC[05:31:51] *** ChaozZBubi is now known as chaozzbubi[05:48:26] *** MAAAAD has joined #postfix[05:50:53] *** trentg has left #postfix[05:51:16] *** MAAAAAD has quit IRC[06:12:36] *** cilly has quit IRC[06:13:50] *** cilly has joined #postfix[06:16:04] <codebeard> without having to use SASL, can I set it up that local users may only send from certain addresses assigned to them? kind of like smtpd_sender_login_maps but with authorized_submit_users ?[06:20:19] <cite> codebeard: You can, using restriction classes.[06:20:32] <cite> codebeard: http://www.postfix.org/RESTRICTION_CLASS_README.html[06:23:58] *** uqlev has joined #postfix[06:33:04] <roe> they are going to have to authenticate though[06:33:15] <roe> or else how are you going to know what rights they have[06:34:02] <rob0> cite, how?[06:34:17] <rob0> iow, no.[06:34:18] <cite> roe: I was under the impression that "addresses" meant "IP addresses":[06:34:27] <cite> roe: I might be wrong on that, thought.[06:34:36] <roe> I was under the impression 'addresses' meant email addresses[06:34:37] <rob0> no, he means sender addresses.[06:34:48] <roe> but who the hell knows[06:35:01] <rob0> I answered him yesterday, he's still hoping for someone who knows better than me.[06:35:54] <codebeard> :/[06:35:57] <rob0> although TBH, the question is slightly altered today.[06:35:57] <roe> no one knows better than the almighty rob0[06:36:18] <rob0> Wrong. Wietse and 2-3 others on the mailing list do.[06:36:32] <rob0> err, *3-5[06:36:42] <cite> Hr hr. The networking guys set up a PGP gateway on Monday that's finally easy to use for our users. Result: Encrypted mail traffic is up from 1% to 19%.[06:36:42] <roe> if they're not here thye don't count[06:37:32] <cite> roe: I'm pretty sure I know a lot of things better than rob0. E.g. I can twist my fingers in really weird ways.[06:37:36] <cite> :)[06:37:40] <codebeard> rob0, I looked into what you said about the header filters and stuff. I realised I couldn't use it because I need to check two headers[06:37:55] <cite> codebeard: Go write a policy demon.[06:38:03] <codebeard> a what?[06:38:14] <cite> codebeard: Forget it.[06:38:16] <codebeard> I had a bit of a look at the milter stuff[06:38:16] <cite> codebeard: Bad advice.[06:38:31] <rob0> right, as it says in that "limitations" section. Might need a content filter ... or forget about it, set a policy and get rid of users who don't adhere to it.[06:38:32] <roe> codebeard, can we have a brief explanation of the actual goal?[06:38:34] <codebeard> hoping that it wouldn't be too difficult to write what I want to do in just a few lines[06:38:37] <cite> codebeard: Those "local" users, are they local Unix users or are they in a local network?[06:38:52] <codebeard> they are local unix users[06:39:02] <codebeard> it's a shared web hosting[06:39:12] <cite> PHP?[06:39:15] <codebeard> yes[06:39:22] <rob0> Sometimes political problems are best handled with political solutions.[06:39:36] <cite> Isn't there some _php_admin stuff that you could use to limit how sendmail is called?[06:40:06] <roe> why is authing out of the question?[06:40:20] <cite> So that vhost1 can only use sendmail -f vhost1 at example dot com as a sender adress?[06:40:22] <cite> Or maybe?[06:40:28] <rob0> oh, yeah, a wrapper around sendmail which checks the From: header against the UID. That might do it.[06:40:56] <rob0> but, my answer yesterday was that it is not a Postfix implemented feature. And it still is not.[06:41:01] <cite> Or perhaps just thread your customers with mutilation if they fake sender addresses.[06:41:08] <cite> threaten*[06:41:14] <cite> threatening?[06:41:17] <codebeard> cite: hmm, you could be right -- I had a little look there but was concerned that if they end up being able to exec postdrop themselves[06:41:18] <cite> whatever. you get the idea.[06:41:27] <cite> wIt's mutilation that matters.[06:41:31] <cite> Not the threat of it.[06:41:32] <codebeard> lol[06:41:58] <rob0> Mutilating users is what gives a BOFH job satisfaction.[06:42:10] <cite> rob0: BTW, "Let's talk about profound changes" did the job as a subtitle.[06:42:19] <rob0> ah, cool[06:42:29] <rob0> did you present it yet?[06:42:30] <cite> rob0: PResentation was a huge success, been asked to give it again to two other IT execs[06:42:36] <rob0> excellent[06:43:37] <cite> rob0: It seems the idea of someone who's not senior management but nevertheless has a very specific goal of what he wants to achieve, more than 18 montsh in advance, was suprising to some members of said senior management ;-)[06:43:38] *** Tykling has quit IRC[06:43:51] <codebeard> I guess I really need to wrap postdrop though, since that's the setuid bit[06:44:14] <cite> codebeard: TBH, you are doing it wrong.[06:44:20] <cite> codebeard: Authentication is the way to go here.[06:44:36] <codebeard> I think it would actually be a nice feature. Local users are by nature already authenticated[06:45:12] <roe> cite, what did you present?[06:45:32] <codebeard> cite: authentication is great but php doesn't make that easy unfortunately[06:45:37] <roe> sure it does[06:46:02] <cite> roe: My company, though our operations department is really great, has a nasty tendency to not think about better solutions for things that have been working for 3+ years.[06:46:03] <codebeard> asking all the users to install Pear::Mail is not easy[06:46:33] <cite> roe: E.g. we've been doing deployments of our in-house developed application the same way for the last 5 years.[06:46:48] <roe> 'if it ain't broke' has it's attraction[06:46:51] <roe> its*[06:46:56] <cite> roe: It worked great in 2007, now it sucks.[06:47:21] <cite> roe: I took a lot of examples for this, proposed better solutions, did the maths, large 6 figure number, imagine the remainder.[06:53:35] <roe> you gonna see any of that?[06:54:01] <cite> Probably at the end of the year, yes.[06:54:26] <roe> nice[06:54:58] <cite> It's quite funny, actually. I was taking a lot of heat in the past for being a "heretic", trying to improve things that "worked perfectly fine".[06:55:47] <roe> I'm sure there is a witty retort involving heretic and progress[06:55:51] <roe> but I can't think of one[06:56:09] <roe> so you can use your imagination[06:56:24] <cite> Since I've "won", I wont retort ;-)[06:56:41] <roe> isn't that the best retort of them all[06:56:52] <cite> Right. It is.[06:58:33] <codebeard> cite, roe: a policy daemon looks reasonably easy to implement. thank you both for your help and suggestions[06:58:42] <cite> codebeard: But won't help you.[06:58:56] <codebeard> cite: oh, drat[06:58:57] <cite> codebeard: It doesn't have the user submitting the mail available for processing.[06:59:11] <cite> codebeard: A milter or content filter would see the whole mail.[06:59:32] <cite> codebeard: But as I said, authentication is the way to go and easy to implement.[06:59:51] <roe> as all of us said[06:59:58] <rob0> A policy daemon does not affect sendmail (postdrop) submission, smtpd only.[07:00:15] <codebeard> rob0: hmm, I see how that's a problem...[07:00:47] * codebeard considers just patching postdrop[07:02:24] <codebeard> the owner of the server wants this restriction, and I've volunteered to try to help him (it's all non-profit)[07:02:44] *** Tykling has joined #postfix[07:02:47] <codebeard> I'm not sure he's keen on the idea of users having to rewrite any of their code though (to use Pear::Mail with auth instead of php mail() )[07:03:25] <rob0> I'm not sure what if anything postdrop does with the message content. Probably nothing, is my guess.[07:03:30] *** Motoko-chan has joined #postfix[07:03:53] <rob0> Consider either giving up or checking out Exim and Sendmail MTAs.[07:04:45] <codebeard> a local user should be considered authenticated already in some sense though[07:04:47] <rob0> Being monolithic in design (one binary handles it all) it might be possible to implement this there.[07:05:18] <codebeard> the exact reason I use postfix is to get as far away from exim and sendmail as possible :P[07:05:39] <rob0> If you want this feature, get closer to them.[07:06:09] <rob0> oh, here's a thought: will be a lot of work to set up:[07:06:33] <codebeard> time I can find. will to use sendmail/exim I cannot[07:06:45] <rob0> multiple instances, with a content_filter on the instance which handles sendmail/postdrop for local users.[07:07:10] <rob0> and the content filter compares the "from uid" header with the From: header.[07:07:41] <codebeard> hmm[07:08:03] <rob0> might be doable with a milter and a single instance, too. I don't know.[07:08:17] <codebeard> it's definitely doable with a milter[07:08:19] <rob0> but: any way you go will require some coding[07:08:43] <codebeard> I was going to write it just because I thought it'd also be cool to know how to write them[07:08:48] <rob0> (except if you go with my recommendation, e.g., give up.)[07:11:59] <jimpop> nullmailer?[07:12:28] <rob0> would be easier to patch, for sure[07:12:35] *** FainaUkraina has joined #postfix[07:13:09] <jimpop> 'cause it can be config'ed to force From[07:13:22] <jimpop> but i'm not sure if there were/are other reqs[07:13:36] <rob0> and then authorized_submit_users=!static:all[07:13:50] <rob0> oh, might not even need a patch?[07:15:15] <codebeard> I don't know how well it plays with postfix -- the site says they are mutually exclusive. At the very least I run the risk of updates stepping on each other[07:15:41] <jimpop> sounds complicated[07:15:51] *** BuenGenio has quit IRC[07:16:37] <rob0> no, they are not mutually exclusive. You change the Postfix sendmail_path such that it's a different binary, and tell nullmailer to submit to localhost.[07:17:18] <rob0> oh, but indeed, it won't play nicely with automated distro updates. Neither will any other idea you have had.[07:24:08] <rob0> oh, "authorized_submit_users=" would do that too.[07:24:18] <rob0> good night[07:27:52] <codebeard> 'night[07:27:55] <codebeard> thnaks for your help[07:30:46] *** gerhard7 has joined #postfix[07:38:56] <Corey> G'night rob0[07:48:12] *** jkfod has joined #postfix[07:52:48] *** KatelyNix has joined #postfix[07:55:56] <KatelyNix> hi. i just notices in my logs occassional (no pattern I can determine) instances of these "connect from unknown[unknown]" (http://pastebin.com/raw.php?i=VUgrJWeg) messages. Not really sure what that tells me, or what to do about it. "unknown" is not particularly helpful :-/ Just starting to dig myselfm but -- any hints as to what this is about?[08:01:26] *** KatelyNix has quit IRC[08:01:46] *** Guest31355 has joined #postfix[08:12:47] *** Nako has joined #postfix[08:18:55] *** lukasg has joined #postfix[08:21:49] <pj> he didn't wait very long for an answer, heh[08:22:31] <pj> and all it would have taken was a bit of googling, was the first entry when I googled for: "connect from unknown[unknown]"[08:24:26] *** uqlev has quit IRC[08:25:23] *** mi has joined #postfix[08:25:32] *** Nako has quit IRC[09:06:49] *** echelog` has joined #postfix[09:07:17] *** e-ndy has joined #postfix[09:07:17] *** echelog` has quit IRC[09:08:01] *** echelog has joined #postfix[09:09:04] *** bisoc has joined #postfix[09:09:38] *** ikonia has joined #postfix[09:10:11] *** jkfod has joined #postfix[09:10:38] *** Motoko-chan has quit IRC[09:11:31] *** mfridh has joined #postfix[09:11:31] *** Quadro has joined #postfix[09:11:31] *** sysmonk has joined #postfix[09:11:31] *** kli0rf has joined #postfix[09:13:38] *** D-Boy has joined #postfix[09:14:53] *** mfridh has quit IRC[09:18:48] *** master_of_master has quit IRC[09:19:00] *** wdp has joined #postfix[09:19:57] *** master_of_master has joined #postfix[09:21:08] *** tris has joined #postfix[09:24:09] *** tris has quit IRC[09:27:08] *** tris has joined #postfix[09:29:35] *** Silowyi has quit IRC[09:30:10] *** happymeerkat has joined #postfix[09:34:35] *** jkfod has quit IRC[09:40:06] *** UQlev has joined #postfix[09:42:36] *** mfridh has joined #postfix[09:45:46] *** happymeerkat has quit IRC[09:48:07] *** master_of_master has quit IRC[09:48:23] *** master_of_master has joined #postfix[09:54:05] *** lukasg_ has left #postfix[10:21:56] *** e-anima has joined #postfix[10:27:38] *** ikonia has quit IRC[10:28:53] *** ikonia has joined #postfix[10:33:21] *** ikonia has quit IRC[10:35:45] *** Jakey has left #postfix[10:35:53] *** Jakey has joined #postfix[10:35:59] <Jakey> how do i tell my mailserver[10:36:14] <Jakey> like why mail can't be deliver to me[10:36:21] <Jakey> to my domain[10:39:00] <UQlev> can you tell it to yourself?[10:42:28] *** get has joined #postfix[10:42:31] <get> hi all[10:43:21] <Jakey> sorry[10:43:28] <Jakey> how can i test my mail server[10:43:36] <Jakey> if its receiveing the mail[10:43:50] <get> im receiving emails showing from "virtualdomain.tld/user@mailhost" instead of "username at virtualdomain dot tld" , i guess i messes up something...[10:43:51] <UQlev> Jakey: read maillog[10:44:27] <Jakey> UQlev: i create a user on my mail server and i send to it using yahoos account[10:44:42] <get> any suggestion for what i have to search/look for ?[10:44:52] <Jakey> i get daemon not deliver or something from yahoo[10:45:33] <UQlev> Jakey: read /var/maillog for any attempts to receive message from yahoo[10:46:03] <Jakey> UQlev: sec[10:46:20] *** falu has joined #postfix[10:46:25] <UQlev> Jakey: "or something" doesn't work here, you should paste exact error message[10:47:12] <UQlev> Jakey: there might be thousands of different "something"[10:47:23] <Jakey> UQlev:[10:47:32] <Jakey> i get that error where the mail can't be deliver[10:47:40] *** Terminus has quit IRC[10:47:40] <Jakey> like it can't find it[10:48:14] <UQlev> use dpaste.org to paste your message[10:48:19] *** GieltjE has joined #postfix[10:50:07] <Jakey> UQlev: i get nothing in maillog[10:50:44] <UQlev> Jakey: what is publick IP of your server?[10:50:53] <Jakey> why[10:51:00] <Jakey> i can't tell you that[10:51:04] <Jakey> i can ping the server[10:52:49] <UQlev> Jakey: if you are so secret try your self http://www.mxtoolbox.com/[10:53:16] <UQlev> ping is not enoug, your ISP can block smtp packets in/out[10:55:59] *** Areckx has quit IRC[11:00:30] *** ikonia has joined #postfix[11:03:46] *** madduck has quit IRC[11:05:26] *** madduck has joined #postfix[11:05:42] *** FainaUkraina has quit IRC[11:06:09] *** FainaUkraina has joined #postfix[11:08:41] *** Steve_The_Pirate has joined #postfix[11:09:54] <Jakey> thnx UQlev[11:10:26] <Jakey> UQlev: you still here[11:10:52] <UQlev> Jakey: I do not deal with secret servers and secret agents :P[11:13:01] <Jakey> lol[11:13:12] <Jakey> UQlev: i get this error[11:13:13] <Jakey> 6/27/2012 4:12:45 AM Connection attempt #1 - Timeout occurred due to inactivity. [16.22 sec][11:13:35] <Jakey> i put authentication on the server[11:13:57] <get> Jakey, pastebin your logs, it might be easier to help you[11:13:58] <Jakey> its suppose to not allow outsiders to connect[11:14:20] <Jakey> get: sec[11:14:38] <Jakey> UQlev: that was thrown from mxtoolbox[11:15:32] <UQlev> Jakey: ISP most likely blocks smtp packets for your IP[11:15:49] <UQlev> Jakey: of your firewall[11:16:00] *** rzimmermann has joined #postfix[11:16:13] <UQlev> Jakey: or your firewall[11:16:42] <Jakey> k[11:16:46] <Jakey> gonna check firewall[11:16:51] <Jakey> how do i check[11:16:53] <Jakey> anyway[11:16:54] <Jakey> lol[11:17:00] <Jakey> i can telent to the host[11:17:07] <Jakey> but it doesn't spit out the message[11:17:29] <Jakey> like the 220[11:17:32] <Jakey> messeaget[11:17:51] <UQlev> Jakey: do not spit here all your emotions and statements[11:18:20] <Jakey> its just too short for pastebin[11:22:27] *** UQlev has quit IRC[11:27:27] *** cnu- has joined #postfix[11:36:18] <Jakey> k[11:36:22] <Jakey> the port is open[11:36:26] <Jakey> i can telnet to it[11:36:39] <Jakey> does this have to depend on the configuration files[11:36:50] *** wdp has quit IRC[11:38:41] *** FainaUkraina has quit IRC[11:45:08] *** MAAAAD has quit IRC[11:45:33] <Jakey> fuck[11:49:30] <get> [11:15] - <UQlev> Jakey: do not spit here all your emotions and statements[11:49:32] <Natureshadow> Jakey: that doesn't help; and I'm not available ;)[11:49:44] *** wdp has joined #postfix[11:51:03] <get> i have different problem, maybe someone can guide me which part of config is related with:[11:51:05] <get> im receiving emails showing from "virtualdomain.tld/user@mailhost" instead of "username at virtualdomain dot tld"[11:51:45] <Jakey> dam you Natureshadow[11:58:10] *** UQlev has joined #postfix[12:08:27] *** kaos01 has joined #postfix[12:10:10] <Jakey> exit[12:11:00] <sysmonk> Jakey: if you add a slash to the begining, everyone will be more than happy![12:15:11] <kaos01> haha[12:26:51] *** roxlu has left #postfix[12:32:29] *** BuenGenio has joined #postfix[12:41:56] *** ohcibi has quit IRC[12:42:06] *** ohcibi has joined #postfix[12:44:50] *** Niemi has quit IRC[12:45:45] *** Niemi has joined #postfix[12:48:41] *** BuenGenio has quit IRC[12:57:58] *** snearch has joined #postfix[13:02:42] *** UQlev has quit IRC[13:13:09] *** BuenGenio has joined #postfix[13:19:33] *** FainaUkraina has joined #postfix[13:20:53] *** BuenGenio has quit IRC[13:23:25] *** BuenGenio\ has joined #postfix[13:25:41] *** FainaUkraina has quit IRC[13:25:44] *** BuenGenio\ has quit IRC[13:26:53] *** Bry8Star has quit IRC[13:30:15] *** Bry8Star has joined #postfix[14:04:06] *** jkfod has joined #postfix[14:05:06] *** zorg1 has joined #postfix[14:07:36] *** _TheAvatar has quit IRC[14:09:45] *** mfridh has quit IRC[14:13:12] *** cps0 has joined #postfix[14:19:49] *** snearch has quit IRC[14:22:15] *** TheAvatar has joined #postfix[14:24:43] *** mroe has joined #postfix[14:25:30] *** Section1 has joined #postfix[14:33:15] *** GieltjE has quit IRC[14:35:46] *** Questu has joined #postfix[14:36:49] *** Questu has quit IRC[14:37:07] *** iQuestion has joined #postfix[14:38:37] *** mfridh has joined #postfix[14:51:30] *** xabbuh has joined #postfix[14:55:46] *** iQuestion has quit IRC[14:56:03] *** MaximusColourum has joined #postfix[14:56:27] *** robinho86 has joined #postfix[15:04:09] *** oles has joined #postfix[15:11:35] *** gerhard7 has quit IRC[15:11:48] *** Guest31355 has quit IRC[15:19:49] *** carl- has joined #postfix[15:33:50] *** Bry8Star{EB has quit IRC[15:36:28] *** Bry8Star{EB has joined #postfix[15:42:29] *** chaozzbubi is now known as ChaozZBubi[15:49:08] <thumbs> Jakey: mind your language, and the enter key, please[15:51:17] *** get has left #postfix[16:04:29] *** gerhard7 has joined #postfix[16:12:00] *** UQlev has joined #postfix[16:14:45] *** mroe has quit IRC[16:30:08] *** colo-work has joined #postfix[16:30:11] <colo-work> hey there[16:31:04] <colo-work> question regarding "permit_mx_backup" - the docs say "Permit the request when the local mail system is backup MX for the RCPT TO domain [...]" - how does postfix verify that? just shoot a DNS query and check if the host it's running on is listed in the list of (non-primary) MX hosts?[16:31:53] <lunaphyte_> yikes.[16:31:58] <lunaphyte_> backup mxes are a bad idea[16:32:58] <lunaphyte_> but yes, it's based on dns data[16:33:47] <colo-work> lunaphyte_, do you question the concept of a backup MX in general, or just a specific implementation of the very idea?[16:34:11] *** carl- has quit IRC[16:34:13] <lunaphyte_> oh, i don't question it, no. it's a bad idea, no question.[16:34:30] <lunaphyte_> sure, it's possible there are corner cases where one might argue there is some benefit. i've yet to see one though.[16:35:07] *** mi has quit IRC[16:35:09] <rob0> they DO attract more spam; isn't that a benefit?[16:36:41] <colo-work> how would you suggest otherwise ensuring smtp service availability?[16:37:05] <lunaphyte_> that's too vague.[16:37:20] <lunaphyte_> pick a *specific* problem you are concerned might occur, and we can discuss it.[16:38:53] <lunaphyte_> if you are concerned a server might break, make is more resilient to breakage [or possibly use multiple servers]. if you are concerned a network might break, make it more resilient to breakage [or possibly use multiple networks][16:38:59] <tharkun> colo-work: what is your concern? It is quite easy to be overjealous with e-mail availability. Loosing precious resources on something not worth it.[16:41:27] <lunaphyte_> i guess it's the presence of the priority value in mx records that maybe encourages people to think they have to do things differently for email when trying to make it more resilient to problems.[16:43:30] <lunaphyte_> instead, it's just a service like any other [http, ldap, sql, etc][16:46:41] <rob0> The cool thing about your MX being down for a day or two is that remote sites (except spam zombies) keep the mail for you, and retry it. The only thing you lose is spam (and immediacy, I suppose.)[16:47:43] <rob0> If your MX can't be up continually, and if you can't recover from disaster within a couple of days, focus on improving that.[16:49:53] <tharkun> That is why you pick up maintenance windows just before people go off for the weekend. So their mail get read on time :-)[16:49:58] <lunaphyte_> of course, even if you had a backup mx, you likely lose immediacy as well, since it's unlikely the environment is configured well enough for clients to transparently retrieve delivered mail from some other computer[16:53:09] <tharkun> Now, if the problem lies on imap or pop3 then it is a totally different beast. You will have to advertise your maintenance window with a "Don't bug me I'm working as hard and fast as I can to fix this." type of message[16:54:20] *** carl- has joined #postfix[16:56:03] *** wdp has quit IRC[17:02:52] *** Silowyi has joined #postfix[17:05:43] *** gccster has joined #postfix[17:05:54] <gccster> is there still postfix-tls package?[17:06:07] <gccster> because i search it in ubuntu 12.04 and i cant find it[17:06:18] <rob0> Maybe that is a #ubuntu question?[17:06:37] <gccster> i asked none anwsers and thought maybe theres no more such package?[17:06:45] <gccster> i mean in postfix[17:06:56] <rob0> Maybe not. I don't use Ubuntu, so I have no idea.[17:07:10] <lunaphyte_> what's the actual goal? why are you looking for this package?[17:07:14] <gccster> i mean in general[17:07:29] <gccster> setting up a mail server[17:07:31] <rob0> Perhaps the #ubuntu people can point you to apt documentation on how to search the package repos.[17:07:45] <lunaphyte_> why do you think you need this specific package to install a mail server?[17:08:11] <gccster> encrypt auth[17:08:21] <gccster> maybe its already in postfix[17:08:25] <lunaphyte_> why do you think you need this specific package to encrypt auth?[17:08:48] <gccster> im migrating a server nad thats how the old one was working[17:08:55] <gccster> *and[17:09:13] <lunaphyte_> how old?[17:09:17] <rob0> I don't know how they have packaged it. You can install it and find out if it requires openssl; if so I suppose you are good.[17:09:41] <gccster> ok[17:09:45] <tharkun> gccster: IIRC postfix-tls got merged into postfix lots of years ago[17:09:52] <jwing> distro based installations are a friggen nightmare. Specially when they start "making things easier".[17:10:12] *** mroe has joined #postfix[17:10:12] *** mroe has joined #postfix[17:10:23] <tharkun> IIRC that is 2.2 version of postfix or similar[17:10:23] <rob0> I bet "postfix-tls" was the old broken Debian package of Postfix 2.1 with the TLS patch.[17:10:39] <lunaphyte_> yeah, i think so[17:10:48] <rob0> The one that they were unable to fix and Wietse was unwilling to fix.[17:10:48] <gccster> i think thats what happens[17:11:15] <rob0> Yes, many moons ago was that.[17:11:20] <tharkun> IIRC that was it. Still has open bugs for it :-)[17:12:01] <rob0> If you have a server somewhere running that, it is vulnerable.[17:13:22] <patdk-wk> if you have a server, it's vulnerable :)[17:13:28] <JPT> +1[17:15:04] *** jkfod has joined #postfix[17:31:42] *** Tormin has quit IRC[17:33:49] *** xabbuh has quit IRC[17:37:14] *** Deathvalley122 has quit IRC[17:38:00] *** Tormin has joined #postfix[17:44:10] *** UQlev has quit IRC[17:44:19] *** Deathvalley122 has joined #postfix[17:48:39] *** gccster has quit IRC[17:52:05] *** Coiby has joined #postfix[17:56:52] <Coiby> Hi, how can I avoid this problem: "statistics: max connection rate 1/60s statistics: max connection count 1 for... statistics: max message rate 1/60s... statistics: max cache size 1"? I already add these lines "smtpd_client_connection_count_limit = 100 smtpd_client_connection_rate_limit = 80 smtpd_client_message_rate_limit = 80". It seems it's not working.[18:06:10] <tharkun> man 5 postconf |less +/smtpd_client_message_rate_limit[18:08:37] *** shinao1 has joined #postfix[18:09:40] <rob0> What "problem" are you trying to avoid?[18:09:47] <Coiby> tharkun: thanks for your advice. So do suggest to make smtpd_client_message_rate_limit larger?[18:11:47] <Coiby> rob0: It seems some e-mails are not delivered to clients. In my case, one user send e-mail to the mailing list and the mailman re-send the e-mail to other users. According to the log, if "max XXXX" happens, the mailman only send e-mail to part of the users.[18:14:08] <Dominian> Do you have mailmain defined in master.cf somewhere or something?[18:14:12] <rob0> Ah. In that case you are probably misunderstanding what you are seeing; anvil(8) is not blocking that mail.[18:14:57] <Dominian> mailman_destination_recipient_limit = 1 is what I'm thinking[18:15:35] <rob0> !smtpd_client_event_limit_exceptions[18:15:35] <knoba> rob0: "smtpd_client_event_limit_exceptions" : Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions.[18:16:25] <rob0> smtpd_client_event_limit_exceptions default is mynetworks. If Mailman is in mynetworks, it's exempt.[18:16:38] *** kaos01 has quit IRC[18:17:21] <rob0> Dominian could be right too. I suggest no further guesses until a pastebin is prepared.[18:17:25] <Coiby> Dominian: Yes. Mailman is defined in master.cf.[18:17:27] <rob0> !relevant_logs[18:17:27] <knoba> rob0: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[18:18:00] * jimpop wonders why people put mailman in master.cf[18:19:56] <Coiby> rob0: anvil doesn't block the mail? Then why "max XXXX" occurs?[18:20:16] *** wdp has joined #postfix[18:20:17] *** wdp has joined #postfix[18:21:12] <rob0> It is telling you *statistics* (which is probably why it says "statistics").[18:21:29] <Coiby> jimpop: where should mailman be put?[18:22:50] <Coiby> rob: So e-mails are not logged. But they are actually delivered to the clients?[18:22:56] *** shinao1 has quit IRC[18:23:12] <Dominian> mailmain email is handled by mailman iirc[18:23:19] <Dominian> which is why you have the hand off to the mailmain script in master.cf[18:23:27] <Dominian> should be logging it somewhere, more than likely in mailman[18:24:14] <tharkun> !plogsumm[18:24:14] <knoba> tharkun: Error: "plogsumm" is not a valid command.[18:24:21] <tharkun> bah[18:24:39] <Dominian> !pflogsumm[18:24:39] <knoba> Dominian: "pflogsumm" : a perl script to analyse your mail log file and generate nice reports. See: http://jimsun.linxnet.com/postfix_contrib.html (metalog users see the !mpflogsumm factoid)[18:24:46] <tharkun> Coiby: ^^[18:25:21] * tharkun goes back to sql wrestling :([18:26:08] <Coiby> Dominian: what does "mailman_destination_recipient_limit=1" mean?[18:27:09] <Coiby> Dominian: I check mailman log. It only record the posting email.[18:28:08] <Coiby> tharkun: thanks for recommending this tool:)[18:30:05] *** falu has quit IRC[18:32:44] <jimpop> Coiby: aliases[18:37:21] <Coiby> jimpop: It reminds me there's differences between transport and aliases.[18:37:32] <jimpop> indeed[18:38:16] *** shinao1 has joined #postfix[18:38:19] <jimpop> read up on virtual alias maps/domains[18:38:26] <jimpop> !virtual_alias_maps[18:38:27] <knoba> jimpop: "virtual_alias_maps" : A configuration parameter in the main.cf: Optional lookup tables that alias specific mail addresses or domains to other local or remote addresses. The table format and lookups are documented in virtual(5).[18:38:31] <jimpop> !virtual_alias_domains[18:38:31] <knoba> jimpop: "virtual_alias_domains" : a configuration parameter in the main.cf: Optional list of names of virtual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains.[18:39:02] <jimpop> mailman auto creates alias maps in mailman/data/[18:39:49] <Coiby> jimpop: shouldn't I use transport here which is defined in master.cf?[18:40:02] <jimpop> i don't know. should you?[18:43:24] <Coiby> Coiby: I'm not sure. As far as I can understand, the postfix is let a .pl script dealing with the posts which is more like a transport than alias.[18:44:14] <thumbs> why are you talking to yourself?[18:44:27] <jimpop> lol[18:44:39] <jimpop> jimpop: jimpop: jimpop: listen to me[18:44:47] <jimpop> jimpopception[18:44:55] <thumbs> thumbs: thumbs: thumbs: suck it[18:45:08] <Coiby> jimpop: I should talk to jimpop:-D[18:46:02] <jimpop> Coiby: that mailman -> postfix script is a really old way of integrating mailman with postfix[18:46:08] *** mroe has quit IRC[18:46:18] <jimpop> the more modern way is to utilize postfix's virtual alias tables[18:46:54] <rob0> uh, I just put the list domain in mydestination and add the mailman aliases to $alias_maps[18:47:09] <rob0> a ONE-LINE howto right there[18:47:23] <jimpop> Coiby: mailman provides functionality to manage mailman/data/aliases and mailman/data/virtual_aliases files that can be read by postfix via mail.cf entries.[18:47:36] <Kellin> 'lo, the beard has spoken[18:47:49] <jimpop> which beard?[18:48:01] <rob0> And it always speaks for Simplicity.[18:48:23] <thumbs> I heard rob0 shaved[18:48:46] *** shinao1 has quit IRC[18:48:48] <rob0> sure did ... back in March or so[18:48:56] <Coiby> jimpop: Thanks. I'll try it when I try new servers. Currently, the server is running Centos5.7 which is old. I don't know mainman in the rpm source is modern enough.[18:49:34] <jimpop> Coiby: what could go wrong with running old versions of software....[18:51:12] <Coiby> jimpop: I thought "functionality to manage mailman/data/aliases and mailman/data/virtual_aliases" is provided by newer version of mailman.[18:51:34] <jimpop> current versions of mailman (since 1.3, irrc)[18:53:34] <jimpop> Coiby: read the notes/dates of the comments in your postfix-to-mailman.py script[18:53:52] <jimpop> that will give you an idea on just how old that is[18:54:52] <Coiby> jimpop: I see. postfix-to-mailman.py tells me to put maiman in master.cf.[18:55:21] <Coiby> Actually, my version of mailman is 2.1.9 O.o[18:55:30] <jimpop> is that the comment from 1999, or the comment from 2002? I forget[18:57:10] <Coiby> 2003[18:58:07] *** nephfl has joined #postfix[18:59:02] <nephfl> hello, anyone have a good solution for getting large amounts of mail through to aol? is there a best configuration document someplace?[18:59:14] <jimpop> knoba: what's 2012 minus 2003 in Internet years?[18:59:33] <patdk-wk> 3 generations[18:59:39] <jimpop> nephfl: http://postmaster.aol.com[18:59:57] <jimpop> knoba: botsnack[19:00:04] <jimpop> again?[19:00:15] <patdk-wk> !knoba[19:00:15] <knoba> patdk-wk: "knoba" : an informational bot in this channel (see http://workaround.org/f=postfix)[19:00:37] <nephfl> yeah, I've done the FBL's and their suggestions, just don't know if someone has worked out postfix specific settings[19:00:40] <tharkun> !botsnack[19:00:40] <knoba> tharkun: "botsnack" : Mmmm, tasty[19:00:49] <jimpop> ahh[19:00:58] <patdk-wk> I use no postfix specific settings for aol[19:01:04] <patdk-wk> it just streams quickly[19:01:22] <Coiby> jimpop: lol. Centos 5.7 is really annoying:P[19:01:29] <tharkun> nephfl: Depending on your geolocation you might experience some anoyances like beeing throttled[19:02:35] <nephfl> definately getting throttled...just didn't know if there is a speed aol prefers sending set to or other similar things[19:02:53] <nephfl> the aol mail (and sometimes yahoo) really back up the queues[19:05:23] *** famicom has quit IRC[19:07:36] *** elex1111110 has joined #postfix[19:09:37] *** Alagar has joined #postfix[19:10:40] *** roe_ has joined #postfix[19:10:41] *** roe_ has joined #postfix[19:13:18] *** uqlev has joined #postfix[19:15:05] *** roe_ has quit IRC[19:20:34] *** iocc has joined #postfix[19:21:12] <iocc> howcome postfix doesnt want to listen to my IPv6 anymore even that I got smtp_bind_address6 = 2a00:1a28:1152::2 ? IPv4 works fine.[19:21:39] <patdk-wk> how should we know?[19:21:45] <patdk-wk> !tell iocc welcome[19:21:45] <knoba> iocc: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:22:56] <iocc> Here is the cfg: http://links.flashdance.cx/main.cf[19:23:12] <thumbs> iocc: we don't normally need the main.cf[19:23:27] <patdk-wk> yuk[19:23:31] <patdk-wk> we didn't even ask for main.cf[19:23:43] <iocc> Well, its all there[19:23:46] <lunaphyte_> i'm not sure what's going on.[19:23:47] <jimpop> nor flashdance.... but wtf[19:23:49] <thumbs> iocc: we don't need it.[19:23:51] <patdk-wk> and completely not reable :)[19:23:58] <lunaphyte_> why are you not read the channel topic and doing as it instructs?[19:24:00] <lunaphyte_> *reading[19:26:04] *** falu has joined #postfix[19:27:04] *** matt1982 has joined #postfix[19:28:37] <iocc> Found problem myself.[19:28:38] *** iocc has left #postfix[19:29:37] <thumbs> terrific![19:30:04] <tuxick> i find problems all the time![19:30:13] *** Coiby has left #postfix[19:31:38] <tharkun> Problems end up finding me :([19:36:18] *** elex1111110 has quit IRC[19:37:18] *** shoonya has joined #postfix[19:38:33] *** falu has quit IRC[19:43:23] <tuxick> ye, it's a mutual thing![19:44:00] *** falu has joined #postfix[19:52:03] *** elex1111110 has joined #postfix[19:53:17] *** rzimmermann has quit IRC[19:54:05] *** lunaphyte has quit IRC[19:54:42] *** falu has quit IRC[19:54:45] *** lunaphyte has joined #postfix[19:55:05] *** falu has joined #postfix[19:56:36] *** amir has quit IRC[20:03:26] *** hyper_ch has joined #postfix[20:03:56] <hyper_ch> hi there, what is the best way to reject emails that have a certain subject in postfix?[20:05:46] <patdk-wk> header checks :)[20:10:04] *** shoonya has quit IRC[20:13:41] <hyper_ch> patdk-wk: would that work: /^Subject:.*offizielle sieger/ REJECT Spam not tolerated here[20:14:06] <hyper_ch> not sure about the space in the pattern[20:15:45] <patdk-wk> looks fine[20:16:00] <patdk-wk> I personally would use something to id that line[20:16:06] <patdk-wk> so you know WHAT it was rejected on[20:16:36] <hyper_ch> any smart suggestion for that?[20:16:50] <patdk-wk> number them?[20:16:51] <hyper_ch> keep an internal reference table and add a reason?[20:16:56] <hyper_ch> thx :)[20:17:04] <patdk-wk> REJECT 1001 Spam not tolerated[20:17:09] <patdk-wk> next rule, make it 1002[20:17:22] <hyper_ch> nice idea :) thx[20:18:03] *** eam has joined #postfix[20:22:27] *** chadmaynard has quit IRC[20:26:47] <eam> is there a debug_peer_level I can set which will log the DATA portion of a SMTP transaction?[20:27:37] *** snearch has joined #postfix[20:27:40] <eam> and/or also the AUTH portion?[20:28:45] <tharkun> man 5 postconf |less +/debug_peer_level[20:29:48] <tharkun> eam: What problem are you having?[20:30:14] <hyper_ch> patdk-wk: there's nothing wrong with using [] brackets in the "spam not tolerated" text --> e.g. [1001] spam not tolerated[20:30:37] <patdk-wk> no idea[20:30:54] <hyper_ch> patdk-wk: thx :)[20:41:56] <eam> tharkun: yeah, postconf(5) doesn't define the meaning of any levels other than to say 2 is default[20:42:03] <eam> at level = 99 I can see everything bug DATA[20:43:13] *** shinao1 has joined #postfix[20:43:21] <eam> tharkun: I have two near identical postfix installations, one staging and one production. I'm setting up a relay to Dyn for certain mail using sender_dependent_relayhost_maps and smtp_sasl_password_maps[20:44:19] <eam> this works great on my staging machine, but fails in production. My suspicion is that they're rejecting the mail due to something in the DATA segment (since MAIL FROM and RCPT TO look fine, and AUTH seems to succeed)[20:44:39] <eam> but because this is using TLS I can't inspect the session and I have to rely on postfix logs[20:52:43] <adaptr> which are awesome[20:53:39] <eam> well, not as awesome as they could be -- it appears I can't log this information[20:54:04] <eam> I just did some source diving and it appears debug log levels are only meaningful between 0,1,2 and 3[20:54:13] <eam> it'd be nice to mention that in the doc[20:54:29] <adaptr> the openssl bits are obviously not under postfix control[20:54:34] <hyper_ch> patdk-wk: I think I have perfected it now :)[20:54:41] <eam> adaptr: there is no problem with the tls handshake[20:55:27] <adaptr> eam: and both servers submit to your relayhost ?[20:55:34] *** heller_barde has joined #postfix[20:55:47] <eam> yes, for a particular address in sender_dependent_relayhost_maps[20:56:07] *** amir has joined #postfix[20:56:28] <adaptr> ...that's really irrelevant when you say you have issues with TLS[20:56:35] <adaptr> stick to what matters[20:57:06] *** nephfl has quit IRC[20:57:07] <adaptr> submit the data to a server you control, and see what happens. then bitch about the relay to your hoster[20:58:10] <eam> I don't have issues with TLS[20:58:19] <eam> as I said the TLS handshake is fine[20:58:26] <adaptr> ..so you havent' verified the problem without TLS[20:58:30] <eam> there is an issue with something in the SMTP transaction[20:58:47] <eam> this much is evident from the logs[20:59:24] <eam> the issue is that postfix debug levels apparently top out fairly early and cannot log the entire session[20:59:40] <eam> so I've answered my own question =/[21:00:00] <adaptr> you want to log the entire SMTP session in a debug log ?[21:00:09] <eam> yes as I mentioned above that is what I want[21:00:14] <adaptr> regardless of how many gafuckingbytes the message is[21:00:17] <adaptr> that's stupid[21:00:25] <eam> are you trolling me?[21:00:26] <adaptr> the DAT really isn't interesting[21:00:38] <adaptr> tcpdump it[21:00:42] <adaptr> if you must[21:00:44] <eam> it's TLS ...[21:00:52] <adaptr> so test it without TLS[21:00:55] *** mroe has joined #postfix[21:00:58] <eam> look, thanks for your help but it's clear you don't understand this issue[21:00:59] <adaptr> you say it has nothing to do with TLS[21:01:12] <eam> adaptr: that's correct, and I can't disable TLS on my production system[21:01:35] <adaptr> so your staging system does not exhibit a problem that you have in production ?[21:01:42] <adaptr> then the staging system is not useful[21:01:50] <eam> what I *can* do is verify a session using openssl s_client, which I've done, and which works[21:02:05] <adaptr> what "session" are you talking about ?[21:02:20] <eam> adaptr: yes, and the next step is to discover why the staging and production system differ -- which I cannot do without more verbose logging[21:02:37] <adaptr> that's obvious nonsense. you control both systems. compare the systems.[21:02:41] <eam> ...[21:02:51] <adaptr> if it's postfix configuration, those are trivial to compare[21:02:59] <adaptr> if it's not, then it's not a postfix problem[21:03:07] <eam> brilliant[21:03:19] <eam> how old are you?[21:03:21] <adaptr> by the way, have we seen configuration and logging for these systems yet ?[21:03:43] <eam> as I said the systems are ostensibly configured identically[21:03:48] <hyper_ch> one more thing: with pcre in a header_check file, I don't need to escape the @ sign, right?[21:03:50] <eam> there's an unknown variable[21:03:54] <eam> thus, deubg[21:03:57] <eam> debug, even[21:04:25] <adaptr> well, good luck with it. let me know when you've figured out how to get help[21:04:45] <eam> as I said my question has been answered -- and I hope you're no longer confused as to what I was asking[21:06:07] *** shinao1 has quit IRC[21:08:33] *** Areckx has joined #postfix[21:09:24] *** milligan has quit IRC[21:12:37] *** shinao1 has joined #postfix[21:17:47] *** milligan has joined #postfix[21:19:55] *** uqlev has quit IRC[21:22:22] <hyper_ch> hmmm, Istill seem to experience a littl problem: fatal: open ?/etc/postfix/header_checks: No such file or directory --> the header_checks file and the postmap version of it is there... and why does it have a leading "?" in the path[21:22:57] <adaptr> where is your postconf -n ?[21:24:35] <hyper_ch> adaptr: http://pastebin.com/1Tvt71WN[21:26:03] <adaptr> and ls -l /etc/postfix/header_checks says what ?[21:26:42] <hyper_ch> ls -al /etc/postfix/header_checks[21:27:29] <adaptr> does postconf -m |grep pcre yield a result ?[21:27:57] <hyper_ch> postma[21:27:59] <hyper_ch> postconf -m | grep pcre[21:28:00] <hyper_ch> pcre[21:28:07] <adaptr> (PCRE is NOT part of a standard postfix distribution; it must be built manually)[21:28:27] <adaptr> odd[21:28:42] <hyper_ch> what puts me off is the question mark at the beginning of the path[21:28:44] <adaptr> have you tried a simple hash: map to see if the problem is the parameter or the value ?[21:28:53] <adaptr> that could be due to chrooting.[21:28:57] <adaptr> disable it[21:28:59] <hyper_ch> no chrooting[21:29:09] <adaptr> then I officially give up[21:29:12] <hyper_ch> not sure what you mean with simple hash: map[21:29:35] *** biggi_mat has joined #postfix[21:30:29] <hyper_ch> adaptr: what do you mean by that?[21:31:58] <hyper_ch> adaptr: it happens when I reload the config[21:32:18] <adaptr> yes, because that is when the config..is...read.[21:32:54] <adaptr> make sure your main.cf does not contain bad crap.[21:32:59] <hyper_ch> and this is the line causing it: header_checks = pcre:/etc/postfix/header_checks[21:33:04] <adaptr> I know that[21:33:06] <hyper_ch> when I comment it out, it's fine[21:33:11] <adaptr> obviously[21:34:09] <hyper_ch> it's the file contents itself that causes the problem[21:34:32] <mroe> um, I'm pretty sure you're not supposed to postmap a pcre[21:34:59] <adaptr> doesn't matter.[21:35:12] <adaptr> if it DOES matter, we have found a Bug.[21:35:25] <adaptr> which, yay, break out the bubbly[21:35:29] <adaptr> happens about twice a year[21:35:37] <mroe> hyper_ch: try it[21:35:41] <hyper_ch> I'm close... I added some line numbering and identification that it doesn't like[21:36:08] <adaptr> ....[21:36:11] <hyper_ch> like: REJECT Spam not tolerated here - hc,1000[21:36:24] <adaptr> how about you SHOW US THE FUCKING FILE[21:36:26] <adaptr> sigh[21:36:33] <hyper_ch> when I remove the " - hc,1000" it works fine again[21:36:53] <adaptr> it seems fairly fracking obvious to me that if you decide NOT to show us shit, then you take full responsibility for its accuracy[21:38:39] <hyper_ch> so, I found it.... "/^Subject:.*offizielle sieger/ REJECT Spam not tolerated here - hc,2" --> this produces the error.... "/^Subject:.*offizielle sieger/ REJECT Spam not tolerated here - hc 2" this works... so it's the comma there that makes a difference[21:38:59] <adaptr> !pcre[21:38:59] <knoba> adaptr: "pcre" : Perl-compatible regular expressions (pcre:) support in Postfix: http://www.postfix.org/PCRE_README.html[21:39:55] *** Steve_The_Pirate has quit IRC[21:39:58] *** mroe has quit IRC[21:40:35] *** mroe has joined #postfix[21:40:35] *** mroe has joined #postfix[21:40:57] <adaptr> I would try the same in regex and see if that does work[21:41:03] <hyper_ch> I don't think I'll ever get the hang of (pc) regular expressions[21:41:05] <adaptr> if it is reproducible, please submit a bug[21:44:41] <hyper_ch> it hates me[21:44:42] <adaptr> I entered a gazillion commas and numbers in a regexp map, and that works fine[21:44:45] <adaptr> please test that[21:44:57] <adaptr> you may need to twiddle with the expression[21:45:08] <adaptr> (just match some-test-addr@foo instead)[21:45:09] <hyper_ch> trying to reproduce it[21:45:21] <adaptr> first guarantee a match by using a dedicated address[21:45:57] <adaptr> it's simple[21:46:21] <adaptr> /^to: pcre-test at example dot com/ REJECT with commas, numbers, 2, and stuff !$%&&^#[21:46:39] <adaptr> escape teh .[21:47:14] <hyper_ch> I can't reproduce it anymore[21:47:30] <adaptr> then it never happened[21:47:34] <adaptr> it's the Law[21:47:53] <hyper_ch> maybe I had some strange/invisible char in the file[21:47:59] <hyper_ch> no idea[21:48:30] <hyper_ch> anyway, added now line numbering and file indication for the reject message[21:49:22] *** snearch has quit IRC[21:51:29] *** cps0 has quit IRC[22:02:44] *** shinao1 has quit IRC[22:08:53] *** wdp has quit IRC[22:09:48] *** Section1 has quit IRC[22:16:03] *** shinao1 has joined #postfix[22:23:15] *** shinao1 has quit IRC[22:24:46] *** shinao1 has joined #postfix[22:33:37] *** carl- has quit IRC[22:45:18] *** falu has quit IRC[22:58:21] *** shinao1 has quit IRC[23:00:32] *** shinao1 has joined #postfix[23:01:14] *** uqlev has joined #postfix[23:02:09] *** shinao1 has quit IRC[23:02:47] *** ChaozZBubi is now known as chaozzbubi[23:03:16] *** shinao1 has joined #postfix[23:07:37] *** shinao1 has quit IRC[23:11:48] *** mroe has quit IRC[23:23:09] *** gerhard7 has quit IRC[23:29:40] *** Toerkeium has joined #postfix[23:39:29] *** e-anima has quit IRC[23:43:30] *** uqlev has quit IRC