June 2, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 2, 2013 [00:02:57] *** wdp has quit IRC[00:04:16] *** davlefou has quit IRC[00:09:41] *** internat has quit IRC[00:13:52] *** mibofra has quit IRC[00:16:22] *** davlefou has joined #postfix[00:25:09] *** micols_ has quit IRC[00:27:41] *** Nothing4You is now known as Nothing4Erry[00:28:10] *** Nothing4Erry is now known as Nothing4erry[00:45:07] *** KippiX has joined #postfix[00:48:57] *** trusktr has quit IRC[01:00:10] *** internat has joined #postfix[01:06:09] *** elbeardmorez has quit IRC[01:11:45] *** n0sq has quit IRC[01:14:23] *** biggi_mat has quit IRC[01:26:08] *** master_of_master has quit IRC[01:27:53] *** master_of_master has joined #postfix[01:40:44] *** lamarus has joined #postfix[01:45:39] *** lamarus has quit IRC[01:51:40] *** KippiX has quit IRC[01:59:48] *** |Trend| has quit IRC[02:20:01] *** danblack has joined #postfix[02:36:00] *** grknight has joined #postfix[02:39:22] *** thumbs has quit IRC[03:04:48] <Bry8Star> Hi, what "_service" name can be used to indicate/point toward SSL/TLS-secured smtp port 465 starttls+smtp ? ... port 25 is blocked for residential users for sending any email to non-ISP mail-servers, so need to indicate 465 for residential users clients like Thunderbird , so they can send email via mail-server . "SMTP" service name is _smtp ... what am I suppose to use to indicate STARTTLS+SMTP port 465 ? _smtp._tcp.dom1.tld. 3600 IN SRV 0[03:04:48] <Bry8Star> 0 465 mail.dom1.tld. <-- is right ?[03:08:24] <grknight> !tell Bry8Star smtps[03:08:24] <knoba> Bry8Star: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. This means that smtps should *not* be used, and that this factoid exists for historical purposes only and should not be implemented. See !submission for smtps' successor. That being said, Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[03:08:47] <grknight> !tell Bry8Star submission[03:08:47] <knoba> Bry8Star: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[03:09:03] <Bry8Star> For dns SRV , HTTP port 80 service name is _http , HTTPS port 443 service name is _https , IMAP port 143 is _imap , IMAPS port 993 is _imaps[03:10:23] <Bry8Star> Hi knoba ... MOST users use port 465 ... not 25 to send email , I know its "Deprecated" .. does not mean its not used. it is the most widely used solution for sending email.[03:10:53] <jimpop> O.o[03:11:56] <Bry8Star> Mail-server to mail-server and ISP which allows to connect to port 25 .. such use port 25 .. rest/other uses 465[03:13:04] <adaptr> no. nobody uses 465.[03:13:22] <jimpop> according to Bry8Star everyone does[03:13:24] <jimpop> :-)[03:13:37] <Bry8Star> Most ISP blocks connection to no-ISP port 25 <-- am I wrong ?[03:13:50] <adaptr> probably. what is your real question ?[03:13:54] <Bry8Star> * non-ISP[03:14:44] <Bry8Star> My question is/was ... how to indicate email-clients like Thunderbird ... use 465 for sending email, when you cant connect to 25[03:14:58] <adaptr> you should not be using 465. 2x.[03:15:19] <adaptr> and you cannot "indicate" it. you tell them.[03:16:11] <adaptr> you tell the people who use thunderbird to use port 587 for submission. in words.[03:16:12] <Bry8Star> If dns SRV is added in DNS , can I not indictae it to email-clients ? like indicting _sip ports SIP-clients , xmpp ports to XMPP-clients ?[03:16:21] <adaptr> ...yeah, you can't[03:16:32] <Bry8Star> SIP-clients , XMPP clients, etc understands dns SRV .[03:16:41] <adaptr> congratulations.[03:17:01] <adaptr> (FYI, SIP requires multiple random ports to function. SMTP does not.)[03:18:23] <danblack> there is a rfc for email configuration, i'm not sure if any clients actually recognise it. There also was a thunderbird specfic web url from memory[03:18:41] <Bry8Star> SIP uses 5060 , and SSL/TLS-secured SIP uses 5061 . xmpp uses 5222 , and TLS/SSL-secured xmpp uses 5223 .. almost all xmpp-clinets and server follows that[03:18:50] <adaptr> well, autoconfigure is somewhat standard-ish[03:19:24] * jimpop wonders what port SSH uses[03:19:29] <Bry8Star> 22[03:19:31] <adaptr> Bry8Star: offtopic, in a big way. as I said, if you want your customers to use submission, you tell them.[03:19:40] <danblack> jimpop: /etc/services tells all[03:19:52] <jimpop> indeed, but even that isn't always correct[03:20:11] <adaptr> it is as far as the IANA ports go.[03:20:18] <grknight> Bry8Star: most people use 587 when port 25 is blocked TB even tries it by default[03:20:23] <jimpop> you can run sshd on any port, irregarless of /etc/services, and you don;t need a SVR record to make it work[03:20:41] <adaptr> jimpop: you do need to know what the port is, though[03:21:01] <jimpop> yep, and you get that info from an admin via?[03:21:05] <adaptr> email![03:21:08] <jimpop> you guessed it, paper or email[03:21:10] <jimpop> :-)[03:21:42] <Bry8Star> Google uses port 587 , yahoo uses 465 , hosting companies use 465 ... if count number of users I wonder who will win[03:22:08] <jimpop> everybody knows, Google always wins[03:22:16] <Bry8Star> Hehe[03:22:38] <adaptr> Bry8Star: microsoft will win. and they use port 443.[03:23:02] <adaptr> it's all very offtopic.[03:23:30] <Bry8Star> Microsoft uses 587[03:23:51] <jimpop> yeah, but nobody uses Microsoft[03:24:00] <adaptr> Bry8Star: incorrect[03:25:17] <Bry8Star> Anyone can look for in bing/yahoo/google . .what is smtp port used by Microsoft's live, hotmail.[03:25:42] <Bry8Star> * live /hotmail /outlook[03:27:08] <adaptr> the port used by hotmail would be.. 443. since it's, you know, HTTPS.[03:27:16] <jimpop> lol[03:27:28] <Bry8Star> I know .. but they support 587[03:27:33] <Bry8Star> For smtp[03:27:41] <adaptr> and exchange now uses Outlook Anywhere, which is.. HTTPS.[03:29:06] <jimpop> technicallly hotmail supports 587 for submission, not smtp[03:31:26] <Bry8Star> so users are using STARTTLS encryption when using 587(submission) ... and users are using TLS/SSL encryption when using port 465 <-- is it right ?[03:31:55] <adaptr> all of this is documented. why all the questions that are literally on the postfix site ?[03:32:01] <adaptr> we're not encyclopedias, you know[03:32:18] <Bry8Star> Sorry. thanks for your help.[03:32:26] <adaptr> !tls[03:32:26] <knoba> adaptr: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[03:32:31] <adaptr> there, a link.[03:35:03] <Bry8Star> I will reconfigure so that , when users cannot use port 25 (as most ISP blocks it) .. then they will use port 587 . Thanks.[03:36:08] <Bry8Star> What is the _service name for port 587 ?[03:36:16] <adaptr> Bry8Star: no. users should. not. use. port 25.[03:36:27] <adaptr> submission. as documented. you're still not reading[03:37:09] *** Nothing4erry is now known as Nothing4You[03:39:03] <Bry8Star> Users cannot connect to port 25, I told you. that is why trying to setup alternative port.[03:39:11] <Bry8Star> * some users[03:39:30] <staticsafe> yes use submission, aka port 587[03:39:40] <staticsafe> !submission[03:39:40] <jimpop> Users should never be connecting to port 25, port 25 is for server to server[03:39:41] <knoba> staticsafe: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[03:39:49] <adaptr> Bry8Star: and you're not listening . users SHOULD NOT connect to port 25. EVER.[03:40:28] <Bry8Star> Thanks, adaptr .. now I get it.[03:42:36] <Bry8Star> Can I use DNS entires like this ? _submission._tcp.dom1.tld. 3600 IN SRV 0 0 587 mail.dom1.tld.[03:43:08] <staticsafe> no[03:43:18] <staticsafe> mail clients don't care about SRV records[03:43:31] <Bry8Star> Thanks again .. for being patient with me and the corrections.[03:43:45] <Bry8Star> Aha :(☹[03:44:12] <adaptr> Bry8Star: that RR is invalid in DNS.[03:46:01] <Bry8Star> I want to specify self-signed TLS/SSL cert even for submission port 587 , port 565 , etc in DNSSEC entires like : _587._tcp.mail.dom1.tld. 300 IN TLSA 2 0 0 C_A_D _25._tcp.mail.dom1.tld. 300 IN TLSA 2 0 0 C_A_D _465._tcp.mail.dom1.tld. 300 IN TLSA 2 0 0 C_A_D _993._tcp.mail.dom1.tld. 300 IN TLSA 2 0 0 C_A_D[03:46:21] <staticsafe> O_o[03:47:05] <Bry8Star> * s/565/465/[03:47:59] <Bry8Star> * s/entires/entries/[03:48:29] <adaptr> Bry8Star: um. I don't even know what you think that means. there are no certificates IN dns.[03:48:53] <adaptr> regardless, TLS certificates are unrelated to DNSSEC[03:49:08] <Bry8Star> DANE rfc6698 allows to specify self-signed cert through DNS ... DNSSEC[03:49:22] <adaptr> postfix does not implement that yet[03:49:40] * jimpop is still waiting on smtp via dns entry[03:49:57] <Bry8Star> But postfix dev is working on it right ? I see comments in DANE mailing-list.[03:51:08] <Bry8Star> I think exim supports it (partially) already.[03:52:32] <adaptr> yes, Wietse is workinng on it[03:52:39] <staticsafe> Bry8Star: as of now, you cannot use DANE[03:52:54] <Bry8Star> That is true. for postfix. :(☹[03:53:18] <Bry8Star> Please add DNSSEC support.[03:53:31] <staticsafe> also your nick sounds familiar, did I help you on the unbound list?[03:53:43] <Bry8Star> Yes, sir .. you did.[03:55:12] <staticsafe> i see[03:55:55] <staticsafe> Bry8Star: as i see it, you are going to have to tell your users to use port 587 (after you set it up of course)[03:56:09] <Bry8Star> I solved the problem (unbound). wouter's comments were helpful as well.[03:56:31] <staticsafe> \o/[03:57:12] <Bry8Star> I have already configured 465 ... but this conversation .. game me more knowledge and importance on 587 .. so I wil lsoon swicth those to 587.[03:58:56] <Bry8Star> I just want to keep DNS entry related configuration, ready for future SRV, DNSSEC, etc supports.[03:59:45] <lunaphyte> like i said before, until it's supported by applications, there is no answer.[03:59:56] <Bry8Star> Ietf and others are suggesting to place importance on dns SRV as well. as it can do more than simple MX.[04:00:02] <lunaphyte> using 465 is retarded, period.[04:00:25] <lunaphyte> you're completely ignoring standards and what has been set forth by iana.[04:00:36] <lunaphyte> 465 is for source specific multicast[04:01:00] <lunaphyte> NOT smtps[04:01:06] <staticsafe> why did people start using it for smtps?[04:01:20] <lunaphyte> because for a brief few months, if was for smtps.[04:01:22] <lunaphyte> *it was[04:01:32] <lunaphyte> iana rescinded the assignment almost 15 years ago.[04:01:35] <Bry8Star> It was once used a lot as SMTPS .. but then discouraged.[04:02:11] <Bry8Star> Anyway .. many many companies are still using it.[04:02:33] <Bry8Star> I guess, they will switch into 587 ultimately.[04:02:33] <lunaphyte> heh, no, not "anyway".[04:03:05] <lunaphyte> other ignorant people doing ignorant things is NOT a valid justification for doing them.[04:03:21] <staticsafe> indeed[04:03:33] <Bry8Star> I understand. and I agree with that.[04:04:01] <Bry8Star> I learn and I can accept it , and I have corage to tell it as well.[04:04:10] <Bry8Star> * courage[04:04:53] <lunaphyte> that's good to hear[04:05:59] <Bry8Star> Now I'm off to finding . .what can I specify as "_service" for submission port 587 , and other TLS/SSL based ports.[04:06:29] <Bry8Star> so that in future when email-clients do support, they can start using it instantly . .and can be sued for test as well.[04:06:44] <Bry8Star> * s/sued/used/[04:07:16] <Bry8Star> What is already standardized ... I want them to be already implemented.[04:07:31] <staticsafe> alas, if only the world worked that way[04:09:15] *** cpm has quit IRC[04:11:07] <lunaphyte> you cannot.[04:11:28] <lunaphyte> all you can do is guess as to what will be specified in the standard[04:11:48] <lunaphyte> likely, it will simply be the formal service name, just as it has been for everything else.[04:12:48] <Bry8Star> I also think so, it will be what it is already identified as.[04:13:13] <lunaphyte> the thing is, you are letting other things get in the way of logic.[04:13:49] <lunaphyte> you are wanting to add it now, so it can not be used, and so the possibility that you will have to change it will be introduced.[04:13:54] <lunaphyte> it just doesn't make sense.[04:14:35] <lunaphyte> why must it be added *right* now? there is no actual reason it *must* be added today, instead of in a year[04:15:15] <Bry8Star> I want to add DNSSEC, SRV etc records, so that apps /developers which/who are it testing can use it .. and including me andmy users .. using custom patch.[04:15:59] <lunaphyte> who is testing?[04:16:12] <lunaphyte> dnssec hasn't anything to do with this, btw.[04:16:27] <Bry8Star> There are many many users and groups who are testing DNSSEC, SRV entires.[04:16:32] <lunaphyte> dnssec hasn't anything to do with this, btw.[04:16:41] <Bry8Star> All type of DNSSEC , SRV entries.[04:16:47] <lunaphyte> no one is testing srv records for things like smtp or submission[04:17:09] <Bry8Star> SRV is under discussion now in DANE.[04:18:20] <Bry8Star> How do you think standards get to come first ?[04:18:41] *** SelfishMan has quit IRC[04:19:00] <Bry8Star> I know, these are not super thorough tests.[04:20:00] <Bry8Star> These PATCH are used by many to support the advanced options. but not easy. as it requires much much extra steps.[04:20:57] <Bry8Star> But not everyone will do simple thing, right. not everyone will what is now in the pkg, right. there are many kind of users.[04:24:03] <lunaphyte> you have the best answer you can get. guess and hope.[04:24:43] *** m1nish has quit IRC[04:26:30] *** angry_baby has joined #postfix[04:39:07] *** err-or_ has joined #postfix[04:42:49] *** err-or has quit IRC[04:48:59] *** danblack has quit IRC[04:49:07] <Bry8Star> Since many ISP blocks connecting with non-ISP mail server's port 25 and also block inbound 25 , ... Email-servers located inside residential ISP connections, can use what port to receive and send ?[04:50:30] <Bry8Star> * many ISP blocks non-business account-holders[04:52:06] <Bry8Star> If they configure to use , for example port 26 for this purpose, how to specify to other email-server to use port 26 for communcation ?[04:52:42] <Bry8Star> * s / if they configure / if email-server is configured/[04:53:43] <jimpop> lol, this is still going....[04:53:58] <Bry8Star> Pls help me to understand this.[04:53:58] <jimpop> !tell Bry8Star basic[04:53:59] <knoba> Bry8Star: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[04:55:38] <Bry8Star> I do not want to use ISP's mail-server in anyway.[04:56:49] <jimpop> then get a business clas of service from your ISP or any other ISP in your area.[04:56:54] <jimpop> *class[04:57:37] <Bry8Star> I did not ask for that type of solution , I know ofcourse that can be done.[04:57:59] <jimpop> well, it was free advice... you get what you pay for. ;-)[04:58:53] <Bry8Star> Dont want to use google or other relay as well.[04:59:03] <rob0> !vps[04:59:03] <knoba> rob0: "vps" : A Virtual Private Server is an affordable alternative to running a mailserver at home with a consumer-grade ISP connection. See also !port_25_block and !pbl[05:00:03] <rob0> There simply is no other option. Run your own server without a blocked port 25, or have it relay, or ... no Internet mail for you.[05:01:43] <Bry8Star> Can something be done in DNS-records to indicate to other email-servers to use port 26 instead of port 25 ?[05:01:50] <jimpop> nope[05:02:08] <jimpop> port 25 is fixed, solid, probably never to be changed[05:02:27] <rob0> By saying, "There simply is no other option," I meant no, port 25 is it.[05:02:53] <Bry8Star> Whay 'postfix' does not have an option ? to check for dns SRV record ? to see if port 25 is blocked then try port 26 specicifed in dns SRV record ?[05:03:20] <rob0> The SMTP standards do not account for this. Write a new protocol specification.[05:03:23] <Bry8Star> * why[05:03:31] <rob0> Then get everyone to adopt it.[05:03:46] <Bry8Star> Standard allows SRV, to specify alternative service ports.[05:03:56] <Bry8Star> Why postfox is not checking that SRV ?[05:03:57] <rob0> Not so. Read RFC 5321.[05:06:40] <Bry8Star> And pls see dns SRV in https://tools.ietf.org/html/rfc2782[05:06:59] <rob0> How is that relevant to SMTP?[05:07:20] <Bry8Star> [06-01 20:03:25] <Bry8Star> Standard allows SRV, to specify alternative service ports.[05:07:21] <Bry8Star> [06-01 20:03:35] <Bry8Star> Why postfox is not checking that SRV ?[05:08:04] <jimpop> Bry8Star: that non-smtp standard, "allows", but does not mandate that other standards support such a thing[05:08:18] <Bry8Star> That is true.[05:08:19] <jimpop> Bry8Star: do you have a automobile?[05:08:21] <rob0> Do you think I/we control the SMTP standards? We don't. No one person nor organization does. A major change like you are proposing would take years simply to get approved, and then much longer to be widely implemented.[05:08:49] <Bry8Star> Pls support SRV, so that users can use smtp from residential ISP accounts as well, and make life easier.[05:08:56] <jimpop> ok[05:08:59] <rob0> ok[05:09:04] <jimpop> i'll get right on it[05:09:09] <rob0> likewise[05:09:15] <jimpop> anything else we can do for you today?[05:09:31] <jimpop> :-)[05:10:23] <jimpop> to be fair, what Bry8Star wants would be cool to have. imho[05:11:13] <rob0> BTW, even when we have implemented this for you, you'll still find that most receivers are blocking residential IP netblocks, ...[05:11:16] <rob0> !pbl[05:11:16] <knoba> rob0: "pbl" : The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. It is part of Zen as well.[05:11:51] <pj> Bry8Star: if a residential connection could bypass port 25 simply with a dns tweak to another port then it would be pointless to block port 25. Even if you take years and manage to propose the standard you want nobody would want to use it for their server because it would mean that they would be opening up their server to a lot more spam.[05:12:17] <pj> no major mail provider wants to accept mail from a residential connection.[05:12:26] <Bry8Star> Responsible account-holder has thier own stake involved , os if they do not allow spam, then such ip should not get flagged.[05:12:40] <Bry8Star> * s/os/so/[05:13:01] <rob0> It might also be mentioned that port 25 blocking actually makes things easier for more people, because the vast majority of what you'd see from PBL hosts is zombie spew.[05:13:39] <pj> Bry8Star: if you want to run a mailserver from home, then you need to (1) take it up with your ISP and get them to unblock port 25 for you and (2) hit up all the pbl lists and get your IP removed from them.[05:14:07] <rob0> (1.5) have the ISP set custom rDNS also[05:14:14] <pj> right, that too[05:14:25] <rob0> PBL won't remove you with a generic-looking PTR[05:14:31] <pj> if you have a good ISP they will probably listen to you and do it.[05:14:50] <rob0> or, save some money and get a VPS[05:15:25] <pj> yeah, VPS would be the way I would go, but you have to be careful, major VPS IP blocks tend to be on PBL lists as well.[05:15:46] <rob0> yes, but no problem. You can remove yourself.[05:15:48] <pj> so you will still probably have to go to the lists and get the IP removed.[05:15:50] <pj> right[05:17:27] <Bry8Star> Ya, some ISP do allow openning up port 25 even if it is residential account. but it would be better to solve the problem from various angles, one of the first is to add support of checking dns SRV record in postfix, exim, etc .[05:18:05] <pj> Bry8Star: that's not going to happen, if I had such an option in postfix I would disable it anyways.[05:18:14] <jimpop> Bry8Star: but that would then require adoption, and implementation, but every other mailserver out there.[05:18:27] <pj> simply because I would be much more likely to get SPAM from a source like that than ham[05:19:03] <pj> Bry8Star: do you understand *why* ISPs block port 25?[05:19:20] <pj> it's not to try to prevent you from running a mailserver.[05:19:27] <Bry8Star> Once everyone update to next release which will have such SRV support, those will start to understand, and use it . ... your are right, it will not solve the problem instantly. at-least one step forward.[05:19:56] <pj> Bry8Star: no, you don't understand. Those who *do* understand would *not* use it.[05:20:21] <rob0> It is simply wrong to think you can run a mailserver on a dynamic/residential IP address.[05:20:29] <pj> Bry8Star: get that through your head, no one is going to do that, no one wants to except you.[05:20:53] <Bry8Star> By blocking port 25 .. has any SPAM ever got reduced ? never .. it has increased .. always.[05:21:03] <Bry8Star> That is not the solution.[05:21:12] <pj> Bry8Star: actually blocking port 25 reduces quite a bit of SPQM[05:21:15] <pj> *SPAM[05:21:42] <Bry8Star> Many would disagree, right . I know many wil lagree with such as yours opinion.[05:22:06] <pj> a lot of SPAM comes from zombie networks, which are comprised largely of residential computers which are hacked.[05:22:32] <pj> Bry8Star: I'm done trying to convince you, you go on your little crusade and see where it gets you.[05:24:30] <rob0> Yes. Port 2 blocking has dramatically curtailed spam, and forced it to move in ways which are easier to fight.[05:25:03] <rob0> s/2/25/[05:25:17] <Patrickdk> heh? if you block port 25, you will NEVER get spam, on a correctly configured mail server :)[05:26:02] *** n0sq has joined #postfix[05:26:48] <Patrickdk> if you block outgoing port 25, you block all spam coming from that network, except via compromised accounts[05:26:58] *** n0sq has quit IRC[05:27:16] <Patrickdk> so if it's a compromised computer it has to also have a compromised email account to work with[05:27:27] <Patrickdk> makes it simple to track, cause it limits the ip ranges a LOT[05:28:00] <Patrickdk> only your /24 mailserver range will be sending spam, and not the rest of your /16[05:28:46] <Bry8Star> It will be /is funny, that package will follow some of SMTPS, some of DNSSEC, some of TLS/SSL, etc various standardizations , but not some of SRV standards. ! :(☹[05:29:09] <Bry8Star> * s/smtps/SMTP/[05:29:16] <pj> and not all ISPs block port 25. Mine still doesn't, which is actually rather convenient for me as it makes it a bit easier for me to test mail servers if I can use port 25 from home.[05:29:18] <Patrickdk> package?[05:29:38] <Patrickdk> pj, heh, I block port 25 from myself[05:29:43] <Bry8Star> Package like : postfix, etc[05:29:43] <Patrickdk> I just test from my mailserver :)[05:29:56] <Patrickdk> what does a postfix package have to do with setting up dns?[05:30:05] <Patrickdk> how the hell would a package be able to do that?[05:31:16] * Patrickdk is very upset at the linux kernel at the moment, been dealing with building drivers on it[05:31:39] <pj> Patrickdk: what's it been doing to you?[05:31:59] <Patrickdk> the differences between each kernel from 3.2 to 3.8, are hell, every version is totally different[05:32:32] <pj> yeah, true, you don't use kmod?[05:32:34] <Patrickdk> function names changing, structure names changing, then sometimes changing back, ....[05:32:43] <Patrickdk> I was using dkms[05:33:00] <Patrickdk> doesn't help when everything in the include headers for the kernel change locations, names, ...[05:34:03] <pj> hrmmmm, haven't heard of dkms, but I know that kmod is used to help with that sort of thing, although I'm not so sure if kmod actually deals with symbol changes, I think it just tracks which symbols are used by a module to be able to use a module without re-compiling until one of those symbols changes in the kernel.[05:34:23] <Patrickdk> ya, dkms is ontop of that[05:34:36] <Patrickdk> it's a portable way of building a module over multible kernels[05:34:42] <pj> oh, ok[05:34:47] <Patrickdk> so when you isntall a new kernel, dkms will build the driver again for you[05:35:12] <pj> oh, I see, dkms will actually recompile your drivers automatically[05:35:17] <Patrickdk> yep[05:35:43] <pj> kmod tracks changes in the kernel but doesn't rebuild drivers, it simply can tell if a driver needs to be rebuilt or not for a given new kernel.[05:35:56] <staticsafe> yea seen that when installing modules on debian based systems[05:36:22] <pj> kmod is used by elrepo for el systems as well.[05:36:49] <staticsafe> on Gentoo, I build kernel, eselect it, modules-rebuild[05:37:05] <pj> well, gentoo just uses portage for that.[05:37:08] <Patrickdk> on gentoo you build everything on every machine :)[05:37:21] <staticsafe> indeed[05:37:23] <Patrickdk> seems like a perfectly good waste of kw's[05:37:36] <staticsafe> portage doesn't build the kernel btw[05:37:41] <staticsafe> you have to do that yourself[05:37:41] <pj> I know people who swear by gentoo, I'm not one of them.[05:37:49] <pj> true, I do seem to recall that.[05:37:55] <Patrickdk> I thought it was a good idea on freebsd[05:37:59] <Patrickdk> really nice and flexable[05:38:00] <staticsafe> it just gives your the sources[05:38:04] <staticsafe> you*[05:38:04] <Patrickdk> holy hell when upgrade time came[05:38:20] <pj> well, technically you don't have to build the kernel yourself, you could use one of the pre-built kernels for gentoo.[05:39:03] <staticsafe> *shrug* building the kernel isn't that hard[05:39:17] <staticsafe> genkernel is nice but I don't need it[05:39:20] <Patrickdk> building the kernel for illumos is fun :)[05:39:37] <pj> no, but it can be time-consuming if you want to pick through all the config options yourself.[05:39:46] <pj> I've done that and spent hours going through them all before.[05:39:53] <staticsafe> pj: im using an old config and just `make oldconfig`[05:40:04] <staticsafe> and choose which of the new stuff I want[05:40:07] <Patrickdk> pj, figuring out what config options are safe and compatable with each other is annoying as hell too[05:40:30] <Patrickdk> used to do it all the time on slackware[05:40:30] <pj> yeah, I realise that staticsafe.[05:40:48] <pj> everyone should build their own kernel at least once.[05:40:59] <pj> but that doesn't mean I have to do it again, lol[05:41:07] <staticsafe> indeed[05:41:26] <staticsafe> also with Gentoo, I'm compiling everything else, why not the kernel?[05:41:49] <pj> staticsafe: yes, I was simply speaking to a technicality[05:54:56] <rob0> Hello technicality, how's the wife and kids?[05:56:04] <pj> hah[06:00:28] *** grknight has quit IRC[06:03:13] <whitefang> smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, permit[06:03:33] <whitefang> if I remove the mynetworks from that is it an acceptable recipient_restrictions?[06:11:10] <rob0> Aha, so the one you were asking about earlier was a client in mynetworks. Sure, any permit_* which matches before a reject_* is what wins.[06:11:48] *** cilly has quit IRC[06:12:10] <rob0> What do you mean, "acceptable"? I wouldn't consider it acceptable to subject my users to reject_invalid_hostname (deprecated syntax, BTW) nor reject_unauth_pipelining.[06:12:35] *** UQlev has joined #postfix[06:12:50] <rob0> Perhaps also you want to define mynetworks such that your Zen-listed networks are not in it.[06:13:43] *** cilly has joined #postfix[06:14:03] <pj> you also shouldn't be mixing submission and mx on the same port[06:18:09] <rob0> that too, but it seems especially troublesome to me that Zen-listed networks would be in mynetworks.[06:18:11] <whitefang> am I mising submission and mx on the same port?[06:18:24] <rob0> you're not answering me[06:18:34] <whitefang> sorry what was the question?[06:18:46] <whitefang> i mean does that make sense.[06:19:00] <whitefang> best practices wise. i'm pretty new to configuring an MTA.[06:19:18] <pj> well, it looks like a jumble of restrictions to me that were just tossed together in any order and they're going to cause you problems because you have no idea what you're doing.[06:19:20] <rob0> so start with the problem and goal.[06:19:35] <whitefang> pj: exactly[06:20:02] *** rsc has joined #postfix[06:20:30] <whitefang> someone here gave me http://dpaste.com/1207599/ as an example[06:20:36] <whitefang> but it was rejecting valid mail.[06:21:05] <rsc> What's the buzzwords if I would like to configure that Postfix uses a relayhost for all outbound e-mail - except if the sender of an e-mail is nagios at domain dot tld (which shall be sent directly)?[06:23:28] <whitefang> smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, permit[06:23:34] <whitefang> is that better?[06:24:11] <whitefang> and it was the permit_sasl that was combining submission and mx on the same port right?[06:24:44] <rob0> !submission[06:24:44] <knoba> rob0: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[06:25:47] <whitefang> i have my submission setup in master.cf and its working well[06:26:05] <rob0> You'd want your users submitting mail on 587, and that port would simply have -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject[06:29:01] <lunaphyte> that doesn't reject valid mail[06:31:18] <lunaphyte> i'd still use a number of those restrictions for submission.[06:31:46] <lunaphyte> particularly the ones which enforce proper syntax for the envelope. there is no reason, submission or otherwise, for incomplete email addresses[06:33:33] <lunaphyte> the example i shared with you is more or less as strict as you can be. it's possible [even perhaps likely] that some of those restrictions might block mail which have certain nuances of invalidity.[06:34:29] <lunaphyte> lines 2-5 are potential candidates for this[06:34:57] <lunaphyte> use warn_if_reject, and see what works for you. the other restrictions, however, should remain.[06:40:37] *** sp00kz has quit IRC[06:47:21] *** rsc has left #postfix[06:47:26] *** sp00kz has joined #postfix[06:55:25] *** hesco has left #postfix[07:27:40] *** trusktr has joined #postfix[07:33:15] *** mpls-eric has joined #postfix[07:47:03] <mpls-eric> !welcome[07:47:03] <knoba> mpls-eric: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[07:49:27] *** Motoko has quit IRC[08:05:38] *** mpls-eric has quit IRC[08:09:40] *** Jaac has quit IRC[08:09:44] *** Jakobus has joined #postfix[08:10:05] *** yezariaely has quit IRC[08:10:05] *** tmberg has quit IRC[08:10:09] *** cnu- has quit IRC[08:10:10] *** FUF has quit IRC[08:10:15] *** x3cion has quit IRC[08:10:15] *** gturner has quit IRC[08:10:16] *** nb has quit IRC[08:10:17] *** jeev has quit IRC[08:10:17] *** mishehu has quit IRC[08:10:17] *** madduck has quit IRC[08:10:18] *** ztane has quit IRC[08:10:19] *** Tormin_ has quit IRC[08:10:20] *** lroe has quit IRC[08:10:21] *** Zethrok_ has quit IRC[08:10:21] *** Mp5shooter has quit IRC[08:10:21] *** vizz has quit IRC[08:10:22] *** _ruben has quit IRC[08:10:22] *** tris has quit IRC[08:10:45] *** _ruben has joined #postfix[08:12:30] *** yezariaely has joined #postfix[08:12:32] *** yezariaely has quit IRC[08:12:56] *** yezariaely has joined #postfix[08:12:58] *** yezariaely has quit IRC[08:13:19] *** madduck has joined #postfix[08:13:19] *** madduck has joined #postfix[08:13:27] *** yezariaely has joined #postfix[08:13:29] *** yezariaely has quit IRC[08:13:32] *** ztane has joined #postfix[08:13:33] *** vizz has joined #postfix[08:13:59] *** yezariaely has joined #postfix[08:14:00] *** tmberg has joined #postfix[08:14:01] *** yezariaely has quit IRC[08:14:29] *** yezariaely has joined #postfix[08:14:30] *** yezariaely has quit IRC[08:15:00] *** yezariaely has joined #postfix[08:15:02] *** yezariaely has quit IRC[08:15:32] *** yezariaely has joined #postfix[08:15:34] *** yezariaely has quit IRC[08:16:02] *** yezariaely has joined #postfix[08:16:04] *** yezariaely has quit IRC[08:16:33] *** yezariaely has joined #postfix[08:16:35] *** yezariaely has quit IRC[08:16:37] *** tris has joined #postfix[08:16:53] *** Tormin has joined #postfix[08:17:02] *** cnu- has joined #postfix[08:17:04] *** yezariaely has joined #postfix[08:17:06] *** yezariaely has quit IRC[08:17:35] *** yezariaely has joined #postfix[08:17:37] *** yezariaely has quit IRC[08:18:06] *** yezariaely has joined #postfix[08:18:08] *** yezariaely has quit IRC[08:18:38] *** yezariaely has joined #postfix[08:18:40] *** yezariaely has quit IRC[08:19:09] *** yezariaely has joined #postfix[08:19:11] *** yezariaely has quit IRC[08:19:12] *** Zethrok has joined #postfix[08:19:40] *** yezariaely has joined #postfix[08:19:42] *** yezariaely has quit IRC[08:20:11] *** yezariaely has joined #postfix[08:20:13] *** yezariaely has quit IRC[08:20:39] *** lroe has joined #postfix[08:20:39] *** lroe has joined #postfix[08:20:42] *** yezariaely has joined #postfix[08:20:44] *** yezariaely has quit IRC[08:21:13] *** gturner has joined #postfix[08:21:16] *** FUF has joined #postfix[08:21:16] *** nb has joined #postfix[08:21:16] *** jeev has joined #postfix[08:21:16] *** Mp5shooter has joined #postfix[08:21:17] *** yezariaely has joined #postfix[08:21:17] *** yezariaely has quit IRC[08:21:26] *** x3cion has joined #postfix[08:21:44] *** yezariaely has joined #postfix[08:21:46] *** yezariaely has quit IRC[08:22:15] *** yezariaely has joined #postfix[08:22:17] *** yezariaely has quit IRC[08:22:37] *** jeev has quit IRC[08:22:46] *** yezariaely has joined #postfix[08:22:48] *** yezariaely has quit IRC[08:23:17] *** yezariaely has joined #postfix[08:23:19] *** yezariaely has quit IRC[08:23:48] *** yezariaely has joined #postfix[08:23:50] *** yezariaely has quit IRC[08:24:19] *** yezariaely has joined #postfix[08:24:21] *** yezariaely has quit IRC[08:24:50] *** yezariaely has joined #postfix[08:24:52] *** yezariaely has quit IRC[08:25:21] *** yezariaely has joined #postfix[08:25:23] *** yezariaely has quit IRC[08:25:53] *** yezariaely has joined #postfix[08:25:55] *** yezariaely has quit IRC[08:26:23] *** yezariaely has joined #postfix[08:26:25] *** yezariaely has quit IRC[08:26:54] *** yezariaely has joined #postfix[08:26:56] *** yezariaely has quit IRC[08:27:25] *** yezariaely has joined #postfix[08:27:27] *** yezariaely has quit IRC[08:27:58] *** yezariaely has joined #postfix[08:28:00] *** yezariaely has quit IRC[08:28:28] *** yezariaely has joined #postfix[08:28:30] *** yezariaely has quit IRC[08:28:59] *** yezariaely has joined #postfix[08:29:01] *** yezariaely has quit IRC[08:29:30] *** yezariaely has joined #postfix[08:29:32] *** yezariaely has quit IRC[08:30:01] *** yezariaely has joined #postfix[08:30:04] *** yezariaely has quit IRC[08:30:34] *** yezariaely has joined #postfix[08:30:37] *** yezariaely has quit IRC[08:31:08] *** yezariaely has joined #postfix[08:31:10] *** yezariaely has quit IRC[08:31:39] *** yezariaely has joined #postfix[08:31:41] *** yezariaely has quit IRC[08:32:10] *** yezariaely has joined #postfix[08:32:12] *** yezariaely has quit IRC[08:32:41] *** yezariaely has joined #postfix[08:32:43] *** knoba has quit IRC[08:32:44] *** yezariaely has quit IRC[08:32:45] *** knoba` has joined #postfix[08:32:53] *** knoba` is now known as knoba[08:33:12] *** yezariaely has joined #postfix[08:33:14] *** yezariaely has quit IRC[08:33:43] *** yezariaely has joined #postfix[08:33:44] *** yezariaely has quit IRC[08:34:02] *** UQlev has quit IRC[08:34:15] *** yezariaely has joined #postfix[08:34:16] *** yezariaely has quit IRC[08:34:45] *** yezariaely has joined #postfix[08:34:46] *** yezariaely has quit IRC[08:35:16] *** yezariaely has joined #postfix[08:35:18] *** yezariaely has quit IRC[08:35:47] *** yezariaely has joined #postfix[08:35:48] *** yezariaely has quit IRC[08:36:20] *** yezariaely has joined #postfix[08:36:21] *** yezariaely has quit IRC[08:36:25] *** FUF has quit IRC[08:36:27] *** nb has quit IRC[08:36:28] *** Mp5shooter has quit IRC[08:36:50] *** yezariaely has joined #postfix[08:36:51] *** yezariaely has quit IRC[08:37:21] *** yezariaely has joined #postfix[08:37:22] *** yezariaely has quit IRC[08:37:52] *** yezariaely has joined #postfix[08:37:53] *** yezariaely has quit IRC[08:38:23] *** yezariaely has joined #postfix[08:38:24] *** yezariaely has quit IRC[08:38:54] *** yezariaely has joined #postfix[08:38:55] *** yezariaely has quit IRC[08:39:25] *** yezariaely has joined #postfix[08:39:26] *** yezariaely has quit IRC[08:39:55] *** yezariaely has joined #postfix[08:39:56] *** yezariaely has quit IRC[08:40:25] *** yezariaely has joined #postfix[08:40:27] *** yezariaely has quit IRC[08:40:56] *** yezariaely has joined #postfix[08:40:57] *** yezariaely has quit IRC[08:41:27] *** yezariaely has joined #postfix[08:41:28] *** yezariaely has quit IRC[08:42:00] *** yezariaely has joined #postfix[08:42:01] *** yezariaely has quit IRC[08:42:31] *** yezariaely has joined #postfix[08:42:32] *** yezariaely has quit IRC[08:43:03] *** yezariaely has joined #postfix[08:43:04] *** yezariaely has quit IRC[08:43:40] *** yezariaely has joined #postfix[08:43:41] *** yezariaely has quit IRC[08:44:11] *** yezariaely has joined #postfix[08:44:12] *** yezariaely has quit IRC[08:44:42] *** yezariaely has joined #postfix[08:44:43] *** yezariaely has quit IRC[08:45:12] *** yezariaely has joined #postfix[08:45:13] *** yezariaely has quit IRC[08:45:42] *** yezariaely has joined #postfix[08:45:43] *** yezariaely has quit IRC[08:46:11] *** yezariaely has joined #postfix[08:46:12] *** yezariaely has quit IRC[08:46:43] *** yezariaely has joined #postfix[08:46:44] *** yezariaely has quit IRC[08:47:14] *** yezariaely has joined #postfix[08:47:15] *** yezariaely has quit IRC[08:47:45] *** yezariaely has joined #postfix[08:47:46] *** yezariaely has quit IRC[08:48:17] *** yezariaely has joined #postfix[08:48:18] *** yezariaely has quit IRC[08:48:48] *** yezariaely has joined #postfix[08:48:49] *** yezariaely has quit IRC[08:49:20] *** FUF has joined #postfix[08:49:20] *** nb has joined #postfix[08:49:20] *** Mp5shooter has joined #postfix[08:49:20] *** yezariaely has joined #postfix[08:49:21] *** yezariaely has quit IRC[08:49:50] *** yezariaely has joined #postfix[08:50:17] *** trusktr has quit IRC[08:56:43] *** elbeardmorez has joined #postfix[09:01:59] *** sphenxes has joined #postfix[09:10:17] *** biggi_mat has joined #postfix[09:10:22] *** |Trend| has joined #postfix[09:13:44] *** ced117 has joined #postfix[09:45:47] *** tharkun has quit IRC[09:51:40] *** tharkun has joined #postfix[09:51:40] *** tharkun has joined #postfix[10:01:29] *** Bry8Star has quit IRC[10:01:38] *** jeev has joined #postfix[10:05:50] *** Bry8Star has joined #postfix[10:08:34] *** jeev has quit IRC[10:17:40] *** jeev has joined #postfix[10:43:43] *** wdp has joined #postfix[10:43:43] *** wdp has joined #postfix[11:04:18] *** tharkun has quit IRC[11:04:34] *** tharkun has joined #postfix[11:04:38] *** tharkun has joined #postfix[11:28:49] *** Bry8Star has quit IRC[11:36:17] *** Bry8Star has joined #postfix[11:48:46] *** ced117 has quit IRC[12:24:06] *** mibofra has joined #postfix[12:24:06] *** mibofra has joined #postfix[12:37:16] *** deXar has joined #postfix[12:44:05] *** VitaBushido has quit IRC[13:04:42] *** DigitalKiwi has quit IRC[13:25:59] *** m1nish has joined #postfix[13:33:52] *** m1nish has quit IRC[13:40:49] *** m1nish has joined #postfix[13:49:12] *** m1nish has quit IRC[14:05:49] *** m1nish has joined #postfix[14:16:50] *** Bronze has joined #postfix[14:21:12] *** ogny has quit IRC[14:32:21] *** tris has quit IRC[14:53:22] *** thumbs has joined #postfix[15:06:18] *** burl has quit IRC[15:08:18] *** UQlev has joined #postfix[15:11:27] *** cpm has joined #postfix[15:19:58] *** grknight has joined #postfix[15:26:12] *** UQlev has quit IRC[16:06:29] *** rohan23 has joined #postfix[16:21:51] *** ogny has joined #postfix[16:23:52] *** m1nish has quit IRC[16:29:02] *** grknight has quit IRC[16:29:03] *** m1nish has joined #postfix[16:53:42] *** mechanicalduck has joined #postfix[16:57:28] *** rohan23 has quit IRC[17:21:52] *** UQlev has joined #postfix[17:30:12] *** micols has joined #postfix[17:40:21] *** mechanicalduck has quit IRC[17:42:55] *** mechanicalduck has joined #postfix[17:53:03] *** Bronze has quit IRC[18:00:56] *** mechanicalduck has quit IRC[18:02:56] *** mechanicalduck has joined #postfix[18:04:45] *** ogny has quit IRC[18:07:45] *** ogny has joined #postfix[18:07:45] *** ogny has joined #postfix[18:12:33] *** milligan has joined #postfix[18:15:26] *** amboss has quit IRC[18:16:24] *** amboss has joined #postfix[18:19:01] *** joshu has joined #postfix[18:24:34] *** rvs1st has joined #postfix[18:26:38] *** ogny has quit IRC[18:31:45] <joshu> hi I want to setup postfix on a small ubuntu server which will receive incoming emails and pipe them to a ruby script. I already have an email server setup which will relay the emails to this new postfix server. so zimbra server -> new postfix ruby server[18:32:36] *** mechanicalduck has quit IRC[18:32:42] <joshu> I'm wondering what "type" of postfix server I need to setup. Is it a smarthost, satellite system?[18:33:01] <adaptr> step one: get rid of the debian stupidity and configure postfix manually.[18:33:02] *** mechanicalduck_ has joined #postfix[18:33:07] <adaptr> we don't support it[18:33:19] <adaptr> step two: documentation[18:33:21] <adaptr> !tell joshu basic[18:33:21] <knoba> joshu: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[18:33:24] <joshu> "debian stupidity"?[18:34:07] *** Hydrazine has quit IRC[18:35:02] <joshu> very helpful[18:36:24] <adaptr> postfix has no "types". it has a very complete set of configuration directives, allowing you to make it do almost anything you can think of[18:36:38] <adaptr> that is a debian affectation, and it does not help in understanding how postfix works[18:37:51] *** Hydrazine has joined #postfix[18:37:58] <joshu> ok so I'll just choose no configuration in that postfix instal prompt[18:38:15] <adaptr> that would probably be best[18:38:42] <adaptr> even if yuo do that, there are numerous debians-specific settings made in main.cf; something to be aware of[18:42:45] *** amboss has quit IRC[18:43:31] *** amboss has joined #postfix[18:47:13] *** ogny has joined #postfix[18:51:34] *** rvs1st has quit IRC[18:55:12] *** cpm has quit IRC[18:57:50] <jelly-home> numerous? There's procmail and /etc/mailname[18:58:45] <adaptr> I remember there being more[18:58:57] <jelly-home> you didn't mention master.cf, which is more problematic in that most things are chrooted[18:59:05] <jelly-home> unlike upstream[18:59:13] *** mechanicalduck_ has quit IRC[18:59:19] <adaptr> yes. I didn't think it wise to go there yet[18:59:34] <jelly-home> I remove those three and go happy on my way[18:59:56] *** alexbst has quit IRC[19:00:54] *** mechanicalduck has joined #postfix[19:02:28] *** nubianz has joined #postfix[19:15:30] *** Rez has joined #postfix[19:17:36] *** Rez is now known as LoRez[19:24:38] *** cpm has joined #postfix[19:24:39] *** cpm has joined #postfix[19:26:46] *** Hydrazine has quit IRC[19:30:12] *** mechanicalduck has quit IRC[19:32:58] *** mechanicalduck has joined #postfix[19:36:35] *** Hydrazine has joined #postfix[19:53:20] *** cpm has quit IRC[20:00:10] *** alexbst has joined #postfix[20:13:49] *** echelog has joined #postfix[20:51:44] *** JohnnyRabbittJR has quit IRC[20:51:52] *** JohnnyRabbittJR has joined #postfix[21:05:58] *** cpm has joined #postfix[21:30:21] *** angry_baby has quit IRC[21:35:32] *** zamba has quit IRC[21:37:28] *** zamba has joined #postfix[21:50:29] *** mechanicalduck has quit IRC[21:55:01] *** e-ndy has joined #postfix[22:02:51] *** trusktr has joined #postfix[22:03:48] *** lamarus has joined #postfix[22:03:55] *** lamarus has quit IRC[22:04:30] *** lamarus has joined #postfix[22:19:29] *** deXar2 has joined #postfix[22:22:00] *** deXar has quit IRC[22:31:16] *** causasui has quit IRC[22:36:02] *** lamarus has quit IRC[22:36:39] *** causasui has joined #postfix[22:36:52] <thumbs> !spamhaus[22:36:52] <knoba> thumbs: Error: "spamhaus" is not a valid command.[22:38:19] <joshu> in master.cf when defining a pipe to a ruby script is it a good idea to set these flags=Xhq ?[22:40:55] <jimpop> !zen[22:40:56] <knoba> jimpop: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL. Testing your DNSBL lookup can be done here: http://www.crynwr.com/spam/[22:41:07] <jimpop> thumbs: ^^[22:41:17] <thumbs> danke.[22:41:24] <jimpop> yw[22:47:45] *** mishehu has joined #postfix[22:50:19] *** cilly has quit IRC[22:51:49] *** cilly has joined #postfix[22:52:47] <joshu> anyone?[22:53:48] <thumbs> joshu: sorry, what problem are you trying to solve?[22:54:57] <joshu> hi thumbs I'm setting up a small postfix server that will pipe incoming mail to a ruby script. I'm just trying to figure out the postfix configuration and my first question is if I should set the pipe flags=Xhq. I've seen some examples do this online but I want to ask anyway[22:55:46] <lunaphyte> i don't understand "if i should".[22:56:12] <lunaphyte> that would be a thing that you would decide, after reading what they do.[22:56:17] <lunaphyte> have you done that?[22:56:38] <lunaphyte> what's this all for, anyway?[23:01:08] <joshu> hi lunaphyte ok so I've read what they do X marks that the script is the final delivery destination h makes everything lowercase and q quotes…its for an internal website. I need to receive emails and parse them using ruby and then do other things outside of postfix.[23:01:55] *** danlii has joined #postfix[23:04:46] <danlii> I want to reject mail to some accounts on my system, giving a 550 "Mailbox disabled", so I put those addresses in /etc/postfix/recipient_access and postmapped it, and set smtpd_recipient_restrictions = check_recipient_access /etc/postfix/recipient_access, and if I do postmap -q address at domain dot com hash:/etc/postfix/recipient_access, I get "550 Mailbox disabled for this recipient", but when I send an email to that address, the system still happily accep[23:07:54] <danlii> Ah, nevermind, I set the rule below "permit_mynetworks", that's why it didn't work.[23:07:57] *** danlii has quit IRC[23:09:21] *** UQlev has quit IRC[23:10:55] *** cilly has quit IRC[23:12:47] *** cilly has joined #postfix[23:23:12] <Mp5shooter> is there anything better and prettier than postfixadmin?[23:23:54] <adaptr> for what purpose ? making the underlying postfix configuration opaque and convoluted ?[23:23:56] <adaptr> I doubt it[23:24:08] <adaptr> Mp5shooter: we don't support postfixadmin[23:24:09] <Mp5shooter> :([23:24:31] <Mp5shooter> are you able to do the stuff that postfixadmin does on the command line?[23:24:51] <Mp5shooter> set up new virtual mailboxes, aliases etc[23:24:52] <adaptr> since all postfixadmin does is configure postfix, yes, of course[23:25:52] <Mp5shooter> mmm[23:29:00] <Mp5shooter> fun[23:29:09] <Mp5shooter> looks like all i would be doing is adding new lines to postfix mysql db[23:29:21] <thumbs> huhuh[23:32:28] *** cilly has quit IRC[23:33:46] *** cilly has joined #postfix[23:34:14] *** torment has joined #postfix[23:35:09] <torment> how to go about encrypting mail on disk per user?[23:38:25] *** cilly has quit IRC[23:50:14] *** chopx has joined #postfix[23:52:13] *** elbeardmorez has quit IRC[23:53:42] *** chopx has left #postfix[23:57:26] *** tharkun has quit IRC