June 3, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 3, 2013 [00:02:59] *** tharkun has joined #postfix[00:03:00] *** tharkun has joined #postfix[00:06:55] *** biggi_mat has quit IRC[00:16:13] *** mibofra has quit IRC[00:16:43] *** |Trend| has quit IRC[00:20:29] *** wdp has quit IRC[00:25:55] *** cilly has joined #postfix[00:52:25] *** trusktr has quit IRC[01:12:32] *** aarcane has quit IRC[01:20:45] *** aarcane has joined #postfix[01:22:46] *** master_o1_master has joined #postfix[01:25:54] *** master_of_master has quit IRC[01:32:55] *** ogny has quit IRC[01:37:20] *** sphenxes has quit IRC[01:49:13] *** deXar2 has quit IRC[01:52:13] *** ccxCZ has quit IRC[02:08:29] *** Bry8Star has quit IRC[02:10:58] *** Bry8Star has joined #postfix[02:14:16] *** Gotlanning has quit IRC[02:14:16] *** Skit_i_det has joined #postfix[02:15:23] *** trusktr has joined #postfix[02:18:37] *** torment has left #postfix[02:35:08] *** pj has quit IRC[02:45:45] *** pj has joined #postfix[02:47:18] *** internat has quit IRC[02:48:22] *** jeev has quit IRC[02:59:31] *** jeev has joined #postfix[03:05:54] *** AgileNetworks has joined #postfix[03:06:41] *** AgileNetworks2 has quit IRC[03:21:16] *** m0ikz has joined #postfix[03:31:11] *** jimpop has quit IRC[03:33:05] *** jimpop has joined #postfix[03:42:35] *** trusktr has quit IRC[03:52:36] *** grknight has joined #postfix[04:03:00] *** cpm has quit IRC[04:10:25] *** tharkun has quit IRC[04:15:48] *** tharkun has joined #postfix[04:15:49] *** tharkun has joined #postfix[04:35:06] *** m0ikz has quit IRC[04:35:27] *** m0ikz has joined #postfix[04:37:53] *** err-or has joined #postfix[04:41:29] *** err-or_ has quit IRC[04:46:50] *** NightTrain has quit IRC[04:49:52] *** trusktr has joined #postfix[04:54:33] <Bry8Star> https://tools.ietf.org/html/rfc6186 (Use of SRV Records for Locating Email Submission/Access Services)[04:55:57] <lunaphyte> yeah, i don't know what that's titled that way.[04:56:00] <lunaphyte> *what that's[04:56:23] <lunaphyte> that rfc covers only imap and pop3 - e.g. mail retrieval. it has nothing to do with submission.[04:56:56] <lunaphyte> it is nice to see some forward movement wrt that though.[05:06:13] <grknight> lunaphyte: section 3.1 of the RFC doesn't apply to submission (587)?[05:08:43] <lunaphyte> oh, sigh.[05:08:51] <lunaphyte> lame on my part. it absolutely does.[05:09:09] <lunaphyte> good find.[05:09:14] <lunaphyte> [the rfc, that is][05:09:20] <lunaphyte> well, and my stupidity :)[05:09:47] *** Mp5 has joined #postfix[05:10:05] *** Mp5 has quit IRC[05:14:45] *** grknight has quit IRC[05:15:56] *** Mp5 has joined #postfix[05:16:58] *** Mp5 has quit IRC[05:17:17] <pj> submission != smtp mx to mx communication[05:17:54] *** Mp5 has joined #postfix[05:20:32] *** Mp5shooter has quit IRC[05:20:32] *** Mp5 is now known as Mp5shooter[05:21:52] <Bry8Star> Can this be done in dns : mail.example.tld. 3600 IN MX 10 m1.example.tld. | mail.example.tld. 3600 IN MX 20 m2.example.tld.:26 to indicate to use port 26 ? (i do not think that is valid)[05:22:20] <pj> Bry8Star: no, MX records don't work like that.[05:22:30] <pj> it's not valid, as you say[05:25:39] <Bry8Star> so this would be valid ? : example.tld. 3600 IN MX 10 mail.example.tld. | example.tld. 3600 IN MX 20 mail2.example.tld.[05:26:01] <pj> Bry8Star: yes[05:26:48] <pj> well assuming those are separate records[05:27:00] <Bry8Star> With SRV different SMTP port can be indicated : example.tld. 3600 IN MX 10 mail.example.tld. | example.tld. 3600 IN MX 20 mail2.example.tld. | _smtp._tcp.example.tld. 3600 IN SRV 10 0 25 mail.example.tld. | _smtp._tcp.example.tld. 3600 IN SRV 20 0 26 mail2.example.tld.[05:27:51] <Bry8Star> Port 26 for mail2.[05:27:59] <pj> no MTA will recognize that.[05:28:11] <pj> we've been over this all yesterday[05:28:30] *** sp00kz has quit IRC[05:28:30] *** sp00kz has joined #postfix[05:28:54] <pj> it's a stupid idea anyways, you'd be opening yourself up to loads of spam by not taking advantage of the large portion of the internet where outbound port 25 is blocked.[05:30:03] <Bry8Star> I dont want to use relay that spies/data-colelction on me & my users traffic. I wan t to reduce cost. I can use better spam-detection in my server-side.[05:30:38] <pj> Bry8Star: it doesn't matter, no-one will recognize that.[05:38:13] <Bry8Star> Ya, that is very ture :(☹ :-(☹[05:38:20] <Bry8Star> * true[05:40:10] <pj> you've been given different options that will work yesterday, I'm not going to repeat that conversation today.[05:45:15] <Bry8Star> Thank pj .. I'm aware of much more various altrnative than told here . for this problem I'm trying to solve it the way I'm indicating.[05:46:27] <pj> that way won't work, forget about, move on.[05:47:23] <Bry8Star> Ya, that seems to be the hard fact exactly at this moment .. I'm not going to give up , easily.[05:47:34] <pj> obviously[05:49:12] <Bry8Star> Some servers do recognize other port than 25 for SMTP, but for pre-known communciation/routing between known servers.[05:49:43] <pj> that's a moot point.[05:49:44] <Bry8Star> But when others will try to send emial, then they have no way to know that , exceptional port :(☹[05:59:43] <Bry8Star> Pls comment on it ... on a vps .. I will not place any mta, msa, mua stuff .. they will still be in my server side ... my server & vps will be linked with SSH encrypted tunnel(s) ... incoming traffic on port 25 will redicted instantly via ssh-tunnel into my server side port 25. (pls assume in my server side ISP is blocking port 25 usage).[06:02:00] <Bry8Star> This above approach seems to be little bit better, than nothing (where smtp 25 is blocked), and should be secured as well .. right ?[06:02:46] <Bry8Star> * redirected instantly[06:04:49] <Bry8Star> All other related ports (_587, _993, _995) will be used from my-server side ip-adrs. only using vps ip for the smtp 25.[06:07:47] *** UQlev has joined #postfix[06:11:40] *** cilly has quit IRC[06:13:14] *** cilly has joined #postfix[06:13:38] <pj> you can use a ssh tunnel, butit's uneccessary. What you do is listen on port 587 on your server, require TLS encryption (which negates the need for SSL), and relay out to the internet on port 25. You use SASL AUTH to authenticate the other server for relaying.[06:13:45] <pj> !tell Bry8Star relayhost[06:13:45] <knoba> Bry8Star: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[06:13:52] <pj> !tell Bry8Star saslclient[06:13:52] <knoba> Bry8Star: "saslclient" : See http://www.postfix.org/SASL_README.html#client_sasl when you need client-side SASL authentication to deliver mail to another server[06:14:49] *** Bry8Star has quit IRC[06:14:55] * pj shrugs[06:26:54] *** tharkun has quit IRC[06:32:41] *** tharkun has joined #postfix[06:32:41] *** tharkun has joined #postfix[06:36:00] *** Bry8Star has joined #postfix[06:41:29] <Bry8Star> (sorry, got DC, from HH:07:34 (hh:mm:ss) to HH:36:17)[06:42:49] <Bry8Star> (bbl)[06:46:44] <pj> Bry8Star: read the channel log[07:03:31] *** ccxCZ has joined #postfix[07:08:44] *** ccxCZ has quit IRC[07:21:29] *** biggi_mat has joined #postfix[07:26:48] *** rotbeard has joined #postfix[07:35:49] *** djanos has joined #postfix[07:35:49] *** djanos_ has quit IRC[07:36:07] *** internat has joined #postfix[07:37:00] *** elbeardmorez has joined #postfix[07:41:04] *** Gotlanning has joined #postfix[07:42:10] *** UQlev has quit IRC[07:42:56] *** tharkun has quit IRC[07:43:35] *** Skit_i_det has quit IRC[07:47:29] *** twb has joined #postfix[07:48:33] *** tharkun has joined #postfix[07:48:33] *** tharkun has joined #postfix[07:48:34] <twb> A quick sanity check if I may: on a typical postfix setup, will an aliases(5) like "fred: human-resources" take priority over a ~fred/.forward like "fred at gmail dot com" ?[08:02:42] *** nihe_ has quit IRC[08:05:50] *** ccxCZ has joined #postfix[08:06:38] *** nihe has joined #postfix[08:11:49] *** ccxCZ has quit IRC[08:20:15] *** UQlev has joined #postfix[08:20:54] *** regiment has joined #postfix[08:27:20] *** cilly has quit IRC[08:35:30] *** chalcedny has joined #postfix[08:35:33] *** chalcedony has left #postfix[08:39:19] <Bry8Star> I've seen the log now, THANKS again .. Pj and knoba[08:42:39] *** ccxCZ has joined #postfix[08:48:20] *** m1nish has quit IRC[09:05:06] *** shinao1 has joined #postfix[09:07:05] *** cilly has joined #postfix[09:16:17] *** ffiore has joined #postfix[09:20:27] *** regiment has quit IRC[09:26:55] *** pajamian has joined #postfix[09:27:23] *** tjikkun_work has joined #postfix[09:28:59] *** cilly has left #postfix[09:29:18] *** pj has quit IRC[09:31:57] *** zorg1 has joined #postfix[09:38:49] *** ffiore has quit IRC[09:40:13] *** gu1lle_ has quit IRC[09:43:32] *** wdp has joined #postfix[09:52:14] *** zorg1 has quit IRC[09:52:33] *** zorg1 has joined #postfix[10:01:58] *** zorg1 has quit IRC[10:02:26] *** zorg1 has joined #postfix[10:09:46] *** on1ald has quit IRC[10:20:46] *** pj` has joined #postfix[10:23:47] *** jarif has quit IRC[10:23:53] *** pajamian has quit IRC[10:26:31] *** pj` has quit IRC[10:26:50] *** pj has joined #postfix[10:27:19] *** jarif has joined #postfix[10:30:06] *** ffiore has joined #postfix[10:32:19] *** Guest02377-50092 has joined #postfix[10:32:24] *** internat has quit IRC[10:33:13] *** trusktr has quit IRC[10:35:37] *** on1ald has joined #postfix[10:36:52] *** sphenxes has joined #postfix[10:51:12] *** qdrrmt has joined #postfix[10:56:13] *** shinao1 has quit IRC[10:56:35] *** shinao1 has joined #postfix[11:01:30] *** Eagleman7 has joined #postfix[11:01:36] *** Eagleman7 has quit IRC[11:17:33] *** twb has quit IRC[11:19:32] *** mechanicalduck_ has joined #postfix[11:21:46] *** mechanicalduck_ has quit IRC[11:24:06] *** mechanicalduck has joined #postfix[11:24:56] *** mechanicalduck has quit IRC[11:25:34] *** mechanicalduck has joined #postfix[11:28:47] *** [diablo] has joined #postfix[11:28:47] *** [diablo] has joined #postfix[11:42:40] *** JohnnyRabbittJR has left #postfix[11:44:27] *** atmark has joined #postfix[11:45:41] *** rotbeard has quit IRC[11:48:55] *** mechanicalduck has quit IRC[11:49:43] *** Skit_i_det has joined #postfix[11:51:22] *** mechanicalduck has joined #postfix[11:52:36] *** atmark has quit IRC[11:53:16] *** Gotlanning has quit IRC[11:55:17] *** DarkKnightCZ has joined #postfix[11:56:31] <DarkKnightCZ> hi, after debian package update, postfix stoped working with log "postfix/smtpd: SASL LOGIN authentication failed: no mechanism available", any ideas, how to fix this?[11:57:11] <buki> postconf -a?[11:58:04] <UQlev> DarkKnightCZ: probably dovecot configs problem[11:58:30] <buki> no idea about debian packaging, but probably missing sasl support[11:58:54] *** mechanicalduck has quit IRC[11:59:07] <buki> which you find out by running the mentioned "postconf -a"[11:59:39] <UQlev> DarkKnightCZ: make sure your dovecot started properly[11:59:39] <DarkKnightCZ> buki: yes, output is "cyrus, dovecot"[11:59:47] <DarkKnightCZ> UQlev: thanks, will look[12:00:41] <buki> ok, so support is there. then see topic and provide more info :)[12:03:28] <DarkKnightCZ> yep, just a sec :)[12:06:21] *** mechanicalduck has joined #postfix[12:07:17] <DarkKnightCZ> http://pastebin.com/R2P7BXn6[12:08:25] *** mechanicalduck has quit IRC[12:11:03] <DarkKnightCZ> oh, i probably see the error, it cannot connect to mysql[12:13:25] *** qdrrmt has quit IRC[12:13:25] *** kiri has quit IRC[12:13:43] <DarkKnightCZ> but username/password/host is working[12:14:30] *** kiri has joined #postfix[12:15:07] *** qdrrmt has joined #postfix[12:16:13] *** Guest02377-50092 has quit IRC[12:16:44] <buki> since there's no smtpd_sasl_path and smtpd_sasl_type, you're using dovecot, so it seems to be dovecot's problem[12:20:55] <DarkKnightCZ> ok, thanks for help[12:23:17] <buki> no ve skutecnosti neni zac :)[12:24:40] <DarkKnightCZ> vyborne :)[12:26:45] <DarkKnightCZ> tak ve skutecnosti tam dovecot vubec neni :)[12:29:51] <rob0> buki, where did you see "using Dovecot"? It's not in the postconf (sigh, without logs).[12:30:56] <rob0> The default for smtpd_sasl_type is "cyrus" unless overridden at compile time. I doubt Debian does this, because they seem to cluelessly cling to Cyrus SASL.[12:35:00] <buki> ah, OK.. I looked at my doveconf -d (freebsd, compiled with custom options)[12:35:04] <buki> my bad[12:36:11] <buki> but as I said, no idea about debian packaging of postfix[12:37:48] <UQlev> buki: DarkKnightCZ buki: yes, output is "cyrus, dovecot"[12:38:43] *** m0ikz has quit IRC[12:39:09] <rob0> Moot. This says what options are available, and any time that Cyrus is available for smtpd_sasl_type, so is Dovecot.[12:39:29] <UQlev> buki: this postfix compiled suport for both, now it depending on config[12:40:37] <rob0> Bottom line is: a Microsoft client is trying to use the nonstandard LOGIN mechanism. Cyrus SASL does not have that for some reason (broken in the package upgrade, Debian bug.)[12:41:38] <rob0> If DarkKnightCZ is indeed using Dovecot IMAP, the decision to use Cyrus SASL was a bad one.[12:42:13] <DarkKnightCZ> rob0: dovecot isn't installed[12:45:15] *** tharkun has quit IRC[12:51:11] *** tharkun has joined #postfix[12:51:11] *** tharkun has joined #postfix[12:55:14] *** m0ikz has joined #postfix[13:02:21] *** [diablo] has quit IRC[13:06:35] *** mishehu has left #postfix[13:06:48] *** UQlev has quit IRC[13:17:00] <joshu> hi guys I've just setup postfix and having a problem testing mail sending. I've attached my config https://gist.github.com/anonymous/e4b36c30605f4d29d4c8[13:18:22] <joshu> this postfix server should relay emails to the main email server on the local network for delivery and also receive emails from the main server for the domain fax.example.com[13:19:28] <rob0> And the testing problem is ... ?[13:20:25] *** mechanicalduck has joined #postfix[13:22:33] <joshu> hi rob0 the emails are stuck in the queue on this secondary postfix server and it says "unknown mail transport" in the gist I attached the log and it says the same thing. I have been following these instructions http://www.postfix.org/STANDARD_CONFIGURATION_README.html and I don't know what I'm doing wrong/ missing :([13:22:43] *** DarkKnightCZ has left #postfix[13:25:16] <survietamine> joshu: and you can resolve mail.differentdomain.com from your server ?[13:25:41] <joshu> hi survietamine yes I can ping it and get a response[13:26:35] <survietamine> and do you have mx on it ?[13:27:01] <survietamine> you can ping ?[13:27:14] <survietamine> no, not ping but resolve[13:27:26] <survietamine> with something like dig or host commands[13:27:50] <survietamine> you put in in /etc/hosts, or on the dns zone ?[13:29:38] <rob0> Jun 3 13:14:22 ffm postfix/qmgr[4615]: warning: private/smtp socket: malformed response[13:30:38] <joshu> survietamine yeah just tested I can dig mail.differentdomain.com fine[13:31:03] <joshu> rob0 what does that mean?[13:31:52] <rob0> Beats me. Broken install maybe? Debian problem?[13:32:05] <rob0> Try reinstalling?[13:32:31] *** mechanicalduck has quit IRC[13:33:12] <joshu> I installed on ubuntu using sudo apt-get install postfix and then in the dialog that pops up I chose "no configuration" as someone here yesterday suggested that's the way to do it[13:33:31] *** nihe has quit IRC[13:34:02] *** nihe has joined #postfix[13:34:03] <lunaphyte_> it's the only thing we'd support, yes[13:34:04] <rob0> I can tell you that smtp(8) won't work as long as it is providing malformed responses to qmgr(8).[13:35:40] <joshu> lunaphyte_ yeah so that's why I followed your advice. I just don't understand what's causing this[13:38:36] <rob0> one thing I might guess: apparmor?[13:41:03] <joshu> rob0 no apparmor on my vanilla ubuntu server install 12.04 lts[13:41:07] <joshu> just checked[13:44:00] <joshu> lunaphyte_ any ideas?[13:45:20] <lunaphyte_> where is postonf -nf; postconf -Mf ?[13:49:38] *** synapt has quit IRC[13:49:44] <joshu> lunaphyte_ https://gist.github.com/anonymous/e4b36c30605f4d29d4c8[13:49:52] <rob0> I doubt we can solve this here. Something is broken in the OS or the Postfix install.[13:49:57] <lunaphyte_> huh?[13:50:16] <lunaphyte_> oh, you're using an old version[13:51:24] <rob0> These aspects of Postfix are mature and well tested. Something is broken that you can't (or don't know to) tell us about.[13:51:49] <lunaphyte_> copy your current master.cf and main.cf files somewhere for backup. completely purge all postfix packages [apt-get --purge autoremove packagename]. then reinstall postfix.[13:52:02] <rob0> yep[13:52:26] <joshu> rob0 well I'm trying but I'm clearly not a postfix expert thus why I'm here[13:52:36] <lunaphyte_> see if it runs properly, right after installation. if so, you can then work through your two config files to implicate the culprit. if not, then you get to file a bug with whoever gave you the software[13:53:29] <joshu> lunaphyte_ "gave me the software" I'm download the ubuntu server OS from ubuntu.com and used apt-get to install postfix.[13:54:01] <lunaphyte_> i didn't ask...[13:55:20] *** Bry8Star has quit IRC[13:57:21] *** Bry8Star has joined #postfix[13:57:22] <rob0> Wietse would know what to check, if you asked on the mailing list. Maybe even try googling the list to see if something similar has come up before. Also check Ubuntu and Debian bugs.[13:58:02] <joshu> I've solved it with google[13:58:27] <buki> and?[13:58:52] <joshu> for what ever reason I had to change this: smtp inet n - - - - smtpd[13:59:03] <joshu> to this smtp inet n - n - - smtpd[13:59:29] <sep> remove the chroot ?[14:00:19] <rob0> !chroot[14:00:19] <knoba> rob0: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[14:00:22] <rob0> !debian[14:00:22] <knoba> rob0: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[14:00:44] <sep> the start stop sscripts in debian maintains the chroot so that should not be a problem. unless you are installing additional software. and you have not configured that software to link into the chroot correctly[14:00:47] <rob0> and no, that change had no effect on the error:[14:00:57] <rob0> !smtp!=smtpd[14:00:57] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[14:17:02] *** err-or has quit IRC[14:17:30] *** ffiore has quit IRC[14:17:37] *** nubianz has quit IRC[14:19:24] *** nubianz has joined #postfix[14:28:07] *** Section1 has joined #postfix[14:28:41] *** grknight has joined #postfix[14:28:54] *** cpm has joined #postfix[14:29:16] *** [diablo] has joined #postfix[14:38:07] *** err-or has joined #postfix[14:38:27] *** nubianz has quit IRC[14:44:07] *** lamarus has joined #postfix[14:44:50] *** lamarus has joined #postfix[14:50:52] *** lamarus has quit IRC[14:53:06] *** lamarus has joined #postfix[14:53:14] *** mibofra has joined #postfix[14:53:14] *** mibofra has joined #postfix[14:53:16] *** elesouef has joined #postfix[14:53:37] *** RayS has joined #postfix[14:54:09] <elesouef> Hi all. Are there any scripts that can do statistics between ipv4 and ipv6 mail traffic ?[14:55:05] *** Kennie has joined #postfix[14:55:07] <Kennie> Hi,[14:55:50] <Kennie> I've a postfix setup with smtpd_sender_restrictions, in this hash file i've my own domains to prevent spoofing, is it possible to exclude 1 IP from this filter?[14:57:46] <survietamine> you mean check_send_access[15:00:41] <rob0> smtpd_sender_restrictions implies, but does not indicate (!) that you're looking up sender addresses. Maybe you want to precede that check_sender_access lookup with a check_client_access lookup.[15:00:59] <rob0> !access[15:00:59] <knoba> rob0: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[15:05:22] *** cpm has quit IRC[15:19:08] *** cpm has joined #postfix[15:25:31] *** mechanicalduck has joined #postfix[15:31:19] *** cpm has quit IRC[15:31:52] *** qdrrmt has quit IRC[15:38:30] *** mechanicalduck has quit IRC[15:39:43] <joshu> if I want to accept dynamically formed TO addresses , e.g. <numbers> at mydomain dot com where is the correct place to define the regex: aliases, transport maps or local_recipients_map?[15:43:41] *** mechanicalduck has joined #postfix[15:44:05] <rob0> Ewww. Why do you want to do this?[15:46:10] <rob0> Also, I doubt you own mydomain.com. Don't use real names as examples.[15:46:13] <rob0> !example[15:46:13] <knoba> rob0: "example" : Example.TLD has been reserved for examples in generic top-level domains (com,net,org) and many other TLDs. Please do not use real Internet names as examples.[15:47:23] <joshu> rob0 ok so <numbers> at example dot com[15:47:29] *** err-or has quit IRC[15:47:48] <rob0> So you're not going to answer me.[15:47:48] *** err-or has joined #postfix[15:47:59] <joshu> It's a fax system[15:48:27] <rob0> ah, that wasn't so painful, was it? Here's a better solution:[15:48:34] <rob0> !recipient_delimiter[15:48:34] <knoba> rob0: "recipient_delimiter" : a configuration parameter in the main.cf: The separator between user names and address extensions (user+foo). See canonical(5), local(8), relocated(5) and virtual(5) for the effects this has on aliases, canonical, virtual, relocated and on .forward file lookups. Basically, the software tries user+foo and .forward+foo before trying user and .forward.[15:48:47] <rob0> recipient_delimiter=_ # for example[15:49:19] <rob0> and use fax_XXXXXXX at example dot com[15:49:54] <rob0> have your fax-to-mail script use the extension as the phone number[15:50:43] *** mechanicalduck_ has joined #postfix[15:50:57] <joshu> rob0 ok that's an interesting alternative to what I was using which is <number> at fax dot example.co[15:51:00] <joshu> *.com[15:52:13] <rob0> With example.com in mydestination and a local user "fax", one or more .forward files could handle this simply.[15:52:13] *** mechanicalduck has quit IRC[15:53:28] <joshu> ok if I want to use a subdomain fax.example.com where would I specify the regex?[15:53:28] *** mechanicalduck_ is now known as mechanicalduck[15:57:45] <rob0> what regex?[15:59:48] <joshu> so an email addressed like this +123456 at fax dot example.com would be piped to a script. I have the pipe setup in master.cf I just need to allow any local part of the email address to be accepted by postfix as they are not real users.[16:02:27] <pj> !tell joshu catchall[16:02:28] <knoba> joshu: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[16:02:44] <rob0> The email to fax_123456 at fax dot example.com (with "recipient_delimiter=_" and mydestination including fax.example.com) is delivered to the local user "fax".[16:02:54] <pj> joshu: this is actually a bad idea, recipient_delimiter would be much better[16:03:17] <pj> or use a pcre to limit it to just digits, at the very least.[16:04:29] <pj> also I hope you're doing some form of authentication so not just anyone can use your server as a fax gateway.[16:04:44] <pj> you'll be faxing spam all over the world, otherwise.[16:07:16] <jelly> hopefully not all over the world, just to his customers[16:08:30] <pj> well, if you're going to allow any phone number in there then it certainly won't be limited to his customers.[16:09:18] <jelly> depends on the script, innit[16:09:20] <joshu> so fax.example.com is only accessible on the LAN. Not publically[16:09:24] *** UQlev has joined #postfix[16:09:38] <rob0> If it's a small enough set of phone numbers, I'd just use ~fax/.forward_123456 for each number.[16:10:17] <pj> or put them into a database and reject anything else.[16:10:41] <pj> but even so you should still have some sort of authentication, you don't want to fax someone else's spam to your customers either.[16:10:52] <joshu> the numbers are not known in advance so creating a database of them is not an option[16:10:57] <pj> I don't think his customers would appreciate that very much.[16:11:14] <joshu> so as of right now I have it working like with these two settings[16:11:18] <joshu> local_recipient_maps = regexp:/etc/postfix/fax-regexp[16:11:19] <joshu> transport_maps = hash:/etc/postfix/transport[16:11:43] <joshu> the transport is fax.example.com myscript[16:12:01] <joshu> and fax-regexp is /^[0-9.-]+\@/ myscript[16:12:33] <rob0> yep, you like to do it the hard way.[16:13:53] <joshu> rob0 no about doing it the hard way as I don't know one way from another. I know you;ve suggested I don't use a subdomain, but I'm not sure how to do that if the main email server and this postfix server are two separate systems[16:14:39] <rob0> I suggested what?[16:15:25] <pj> I don't see anythign wrong with using a dedicated subdomain for this service.[16:15:37] <rob0> By "subdomain" do you mean the hostname "fax" as in "fax.example.com"? Where do you see me saying not to do that?[16:16:54] <rob0> 14:02 < rob0> The email to fax_123456 at fax dot example.com (with "recipient_delimiter=_" and mydestination including fax.example.com) is delivered to the local user "fax".[16:17:16] <rob0> Seems like that example says "fax.example.com".[16:18:29] <joshu> I didn't say you didn't say don't use a subdomain just that you suggested a method of not having to use one[16:19:02] <rob0> "Subdomain" is irrelevant to what I said.[16:19:49] <joshu> ok then I don't follow.[16:23:39] <pj> you don't have to use a separate subdomain, it is not really relevant to the capabilities to do what you are wanting to do, but you may want to anyways as it offers a type of separation between your regular email and your fax gateway that has nothing to do with technical capabilities.[16:25:08] <joshu> ok pj. So have a setup main.cf with regards to the handling of the local part of the email address in a suitable way as I showed above?[16:26:13] <pj> joshu: tbh, I'm not really up to following your exact setup right now, it's past 2am here and I'm just staying up to get a last minute invoice out before I head to bed.[16:26:28] <joshu> pj ok no worries[16:26:32] <pj> so I'm just tossing a few comments in ;-)[16:27:22] <rob0> I showed you the settings to make it happen in a script which is run by the local user "fax". I did not show you how to write the script, but I would suggest consulting the local(8) manual about delivery to commands.[16:27:25] *** mechanicalduck has quit IRC[16:31:56] *** mechanicalduck has joined #postfix[16:33:06] *** shinao1 has quit IRC[16:36:02] *** grknight has quit IRC[16:36:26] *** grknight has joined #postfix[16:37:40] *** m0ikz has quit IRC[16:38:06] *** m0ikz has joined #postfix[16:38:54] *** Kennie has left #postfix[16:45:16] *** shinao1 has joined #postfix[16:51:30] *** jra has joined #postfix[16:53:54] *** shinao1 has quit IRC[16:55:41] *** shinao1 has joined #postfix[16:56:09] *** shinao1 has quit IRC[16:57:08] *** jelly has quit IRC[17:01:35] *** MaximusColourum has joined #postfix[17:02:42] *** jra has quit IRC[17:08:07] *** diabel has quit IRC[17:08:20] *** diabel has joined #postfix[17:18:37] *** [diablo] has quit IRC[17:22:46] *** m0ikz has quit IRC[17:34:54] *** mechanicalduck has quit IRC[17:35:23] *** wdp has quit IRC[17:38:10] *** mechanicalduck has joined #postfix[17:46:05] *** Ahti333_ has left #postfix[17:49:20] *** kiri has quit IRC[17:57:47] *** jelly has joined #postfix[18:01:46] *** kiri has joined #postfix[18:34:30] *** lamarus has quit IRC[18:38:54] <RayS> been getting a lot of "delivery temporarily suspended: lost connection with proxymail-mta.facebook.com[66.220.144.184] while receiving the initial server greeting"[18:39:15] <RayS> anyone know of an alternative ip/host[18:39:23] <lunaphyte_> huh?[18:39:28] *** gu1lle_ has joined #postfix[18:39:48] <lunaphyte_> you can look up their mx records just the same as any of us.[18:42:48] <rob0> "Alternative" in what context? I don't know what you are asking.[18:58:54] <adaptr> rob0: black octets, pierced broadcasts and a weird taste in networks[19:00:03] <lunaphyte_> netblock suspensions?[19:00:44] <adaptr> ooh netpanty suspenders[19:02:14] *** pythonirc1011 has quit IRC[19:11:52] *** Marchal has joined #postfix[19:12:22] <Marchal> Hi all. I do not want my postfix to bounce mails sent to recipients that do not exist on my system. How can I configure that?[19:14:17] <adaptr> by not accepting the mail in the first place[19:14:22] <Aprogas> adaptr: beat me to it[19:14:43] * adaptr stands on Holland's largest mountain in WIN[19:14:43] <Marchal> I get my mail via uucp - so I have to accept everything first[19:14:51] <adaptr> that sucks[19:14:59] <staticsafe> uucp...[19:15:22] <Marchal> but I know that in my previous installation I had found a solution - just cannot find it again[19:18:01] <adaptr> UUCp is one ancient aspect of mail I am blissfully ignorant of. I can only advise you to drop it like a motherfucker. because it is.[19:18:25] <Aprogas> You can surpress bounces, but that's a rather ugly solution.[19:18:36] <Aprogas> What sort of legacy system are you working with that still uses UUCP?[19:19:11] <Marchal> the system is new, but I have been using a uucp setup since 1992 and have always been very happy with it :-)[19:19:20] <adaptr> ...[19:19:28] <adaptr> it was dumb EVEN IN 1992[19:19:35] <Marchal> adaptr: IC :-)[19:20:16] <Marchal> sorry, I am not savvy enough to defend this :-), anyway if you could poiint me a way to avoid bounces I would be happy enough :-)[19:21:02] <adaptr> UUCp was, basically, necessary for systems that had no shared-stack network connection. ethernet and SMTP (both circa 1985) made that excuse obsolete[19:21:03] *** cpm has joined #postfix[19:28:42] <Marchal> hhmm. ok.. I put local_recipient_maps =[19:29:01] <Marchal> shouldn't that avoid those bounces?[19:29:13] <Aprogas> Either that accepts all mail for domains in mydestination or none.[19:29:25] <Aprogas> I don't know from the head which.[19:29:26] <adaptr> none. it's not as forgiving as relay_recipient_maps[19:29:51] <Aprogas> But to answer your question literally, that will indeed avoid those bounces.[19:29:54] <adaptr> (you could theoretically accept all with luser_relay, but that takes a local user... which you don't have, see above :)[19:30:23] <adaptr> Marchal: VERP is usually part of the answer[19:30:28] <Aprogas> You could try breaking Postfix's bounce functionality by purposely messing badly in master.cf, if you really still prefer doing that over phasing out UUCP.[19:31:05] <Marchal> adaptr: local_recipient_maps =[19:31:13] <Marchal> does accept mails for my domain[19:31:37] <Marchal> but there seem to be some bounces still. I have not looked closely which so far...[19:31:52] <Marchal> Aprogas: messing is bad, but phasing out uucp is not an option now[19:32:08] <adaptr> !local_recipient_maps[19:32:08] <knoba> adaptr: "local_recipient_maps" : a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.[19:33:18] <Marchal> but luser sound familiar. Thatś what is in my main.cf:[19:33:27] <Marchal> main.cf:luser_relay = cnrenner at josua dot west-of-house.net[19:33:57] <adaptr> then all mail will eventually go there. unsetting local_recipient_maps causes no mail to be delivered locally, at all[19:34:46] <Marchal> # To turn off local recipient checking in the SMTP server, specify[19:34:46] <Marchal> # local_recipient_maps = (i.e. empty).[19:35:39] <adaptr> oh, so you've now caused a bounce-palooza[19:35:42] <adaptr> even better![19:35:44] <Marchal> mhm...perhaps luser_relay is enough[19:36:03] <Marchal> adaptr: Sheldon would ask you: sarcasm?[19:36:07] <adaptr> no. properly specify your valid recipients, and properly handle bounces[19:36:19] <adaptr> Marchal: sheldon can go suck something yucky[19:36:53] <patdk-wk> I can't believe someone used uucp after the year 2000[19:37:02] * Marchal is properly disencouraged and subdued[19:37:07] *** Eagleman has quit IRC[19:38:03] <rob0> Holland has a mountain?[19:38:11] <adaptr> it's 1000 feet![19:38:15] <Aprogas> It's not built yet.[19:38:31] <adaptr> you would call it a "hill". actually, we do too.[19:38:38] *** lamarus has joined #postfix[19:38:57] <Aprogas> Some sports journalist was like "let's build a mountain" and people were like "lol ok" and then the initiative slowly went cold in the media.[19:39:26] *** UQlev has quit IRC[19:40:57] <Marchal> hmmm....am I understanding this incorrectly or not at all?[19:41:08] <Marchal> # The luser_relay parameter specifies an optional destination address[19:41:10] <Marchal> # for unknown recipients.[19:41:19] <Marchal> # NOTE: if you use this feature for accounts not in the UNIX password[19:41:19] <Marchal> # file, then you must specify "local_recipient_maps =" (i.e. empty) in[19:41:20] <Marchal> # the main.cf file, otherwise the SMTP server will reject mail for[19:41:20] <Marchal> # non-UNIX accounts with "User unknown in local recipient table".[19:41:27] <Aprogas> Please don't paste the documentation.[19:41:39] <Aprogas> Just refer to the section you are confused about.[19:41:51] <rob0> !catchall[19:41:51] <knoba> rob0: "catchall" : Sending all emails for non-existing users in domain to a special account. See man 5 virtual for the @domain syntax, which applies in virtual_*_maps and relay_recipient_maps. For local(8) delivery, unset local_recipient_maps and see luser_relay. WARNING: catchalls are rarely a good idea. Spammers will abuse them.[19:41:57] <rob0> !luser_relay[19:41:57] <knoba> rob0: "luser_relay" : a configuration parameter in the main.cf: Optional catch-all destination for unknown local(8) recipients. By default, mail for unknown recipients in domains that match $mydestination, $inet_interfaces or $proxy_interfaces is returned as undeliverable.[19:42:05] <Aprogas> Gotta catch em all![19:42:09] *** kiri has quit IRC[19:42:19] <rob0> see the LOCAL_RECIPIENT_README[19:42:25] * adaptr smacks Aprogas in the face with a dumb teenage ball with ears on it[19:42:27] <adaptr> IN THE FACE[19:42:48] <rob0> or better yet, figure out a better way to do whatever it is you are trying to do :)[19:43:47] <adaptr> I thought that was obvious - I wanna punch him in the face![19:44:59] *** zonk1024 has joined #postfix[19:46:30] <Marchal> rob0: I do not quite understand how a spammer will abuse a catchall if this is just a junkyard-email account where the unwanted mails rest in peace?[19:47:02] <Aprogas> Set up a bit-bucket alias (to /dev/null) and use that as luser_relay.[19:47:18] <Marchal> Aprogas: yeah, that sounds good.[19:47:24] <Aprogas> Not really.[19:47:31] <Aprogas> But it might be the lesser evil.[19:47:36] <Marchal> Aprogas: why not good?[19:48:47] <Aprogas> It's still an ugly solution, accepting mail that you then quietly disappear.[19:49:10] <Marchal> Aprogas: ok, I see.[19:49:26] <Marchal> Thank you, I will consider that. Thank you all.[19:55:09] *** kiri has joined #postfix[20:05:26] *** m1nish has joined #postfix[20:14:29] <whitefang> http://dpaste.com/1209878/ | i'm fairly sure RBL is not working. no mention of rbl or zen in my logs at all.[20:15:23] <rob0> !zen[20:15:23] <knoba> rob0: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL. Testing your DNSBL lookup can be done here: http://www.crynwr.com/spam/[20:15:33] <rob0> Test it ^^[20:17:52] <whitefang> not working :/[20:19:38] <tmberg> Why not use: postscreen_dnsbl_sites?[20:19:55] <rob0> logs[20:20:17] <lunaphyte_> if it's not working, using postscreen_dnsbl_sites isn't going to make it work[20:21:11] <Dominian> whitefang: It's possible that the rbl isn't being fired on.[20:21:16] <Dominian> Just sayin'[20:21:39] <whitefang> http://dpaste.com/1209890/[20:22:27] <whitefang> log of my test from crynwr[20:22:57] <rob0> yup, not working. Now, from the mail host, do "dig 2.0.0.127.zen.spamhaus.org. any" and see what you get.[20:23:23] * rob0 has a WAG ... you're using a DNS forwarder[20:23:32] <whitefang> zen.spamhaus.org. 150 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1306031820 3600 600 432000 150[20:23:37] <whitefang> that's in the authority section[20:23:43] *** UQlev has joined #postfix[20:23:47] <rob0> and no TXT?[20:23:54] <staticsafe> whitefang: pastebin your /etc/resolv.conf[20:24:05] <whitefang> im using googles public dns[20:24:14] <rob0> that's the problem, then[20:24:15] <staticsafe> ^[20:24:16] <lunaphyte_> blech. why?[20:24:17] <whitefang> oh[20:24:18] <whitefang> shit[20:24:22] <whitefang> because ummmm[20:24:24] <adaptr> whitefang: they don't offer one.[20:24:32] <lunaphyte_> yet another solution looking for a problem?[20:24:41] <rob0> yet another WAG win![20:24:59] <rob0> well, sort of, you know what I meant[20:25:01] <whitefang> my vps provider doesnt have any docs on dns servers they provide[20:25:22] <adaptr> so run your own.[20:25:29] <staticsafe> whitefang: install unbound then and use a local resolver[20:25:30] <rob0> It's very simple to run your own.[20:25:40] <whitefang> so RBL breaks with googles public dns huh.[20:25:58] <adaptr> no, RBLs do not answer to queries from google's 8.8.8.8[20:26:03] <rob0> Spamhaus limits queries and usually blocks Google.[20:26:08] <adaptr> obviously. the amount of queries would be ridiculous.[20:26:17] <whitefang> i was hoping I wouldn't have to run my own bind.[20:26:21] <adaptr> you don't[20:26:25] <rob0> why? It's very simple[20:26:58] <lunaphyte_> then contact your vps provider and find out *authoritatively* if they provide caching nameservice for their customers...[20:27:25] <lunaphyte_> "doesn't have any docs" makes me think of "i spent 30 seconds but didn't immediately find anything"...[20:27:51] <whitefang> lunaphyte: i've written a KB article for them. I know what the 3 KB articles they now have are about.[20:27:56] <rob0> Install the software, any distro/OS is fine. "echo > /etc/named.conf ; named ; echo nameserver 127.0.0.1 > /etc/resolv.conf"[20:28:18] <whitefang> rob0: and this is unbound instead of bind?[20:28:18] <lunaphyte_> not having a kb article != doesn't provide caching nameservice[20:28:34] <rob0> named is BIND, not unbound[20:28:34] <whitefang> lunaphyte: right, but they don't mention it anywhere.[20:28:42] <lunaphyte_> uh...[20:28:44] <whitefang> whats the talk about unbound then?[20:28:46] <lunaphyte_> not having a kb article != doesn't provide caching nameservice[20:28:59] <adaptr> rob0: he should probably set listen-on 127.0.0.1[20:29:02] <adaptr> that's not default[20:29:17] <whitefang> lunaphyte: i realise that, but you implied I didn't look hard enough.[20:29:25] <lunaphyte_> no i didn't[20:29:27] <adaptr> whitefang: you're getting side-tracked.[20:29:31] <adaptr> stay on topic[20:29:42] <staticsafe> Unbound is a validating, recursive, and caching DNS resolver.[20:29:58] <staticsafe> no point in running BIND really if you are not doing authoritative DNS[20:30:11] <lunaphyte_> huh?[20:30:15] <lunaphyte_> that's nonsense.[20:30:28] <rob0> adaptr, "echo options '{ listen-on 127.0.0.1; };' > /etc/named.conf[20:30:31] *** [diablo] has joined #postfix[20:30:31] *** [diablo] has joined #postfix[20:30:32] <rob0> "[20:30:38] <adaptr> excellent[20:30:58] <adaptr> he'll have no logging, but meh[20:31:02] <rob0> staticsafe, what's wrong with named?[20:31:05] <adaptr> I stopped caring[20:31:09] <staticsafe> nothing[20:31:10] <lunaphyte_> he'll have basic enough logging.[20:31:11] <rob0> adaptr, default logging is to syslog[20:31:37] <adaptr> if it's local only, he barely needs logging, true[20:32:04] <whitefang> well, if my provider has ns I can use i'll just use those.[20:32:19] *** mechanicalduck has quit IRC[20:32:32] <rob0> You might encounter the same problem.[20:32:52] <whitefang> and if I do I'll run bind.[20:33:09] <lunaphyte_> [or whatever caching nameserver you happen to prefer][20:33:13] <adaptr> you could run bind now and avoid any and all problems[20:33:20] <adaptr> but I guess that's too simple[20:33:23] <rob0> Sites are limited to something like 100K queries per day. If other VPS users are querying them, you might get it to add up to 100K.[20:33:48] <rob0> (or maybe it already has and has been blocked)[20:34:13] <lunaphyte_> shut it all down!!!!![20:34:16] <adaptr> rob0: more than that, shirley. we get 100K per day easily and I've never seen any problems with zen[20:34:18] <whitefang> this provider was initially a minecraft server provider. they don't have a whole lot of vps customers.[20:34:27] <whitefang> adaptr: yeah I am seriously considering that.[20:34:52] <adaptr> "initially". ha! I bet they do slutcoin mining now, until that too dies[20:34:53] <whitefang> my named.conf defaults are already very sane as installed. defaults to only listen 127.0.0.1[20:35:36] <whitefang> adaptr: now who's getting sidetracked.[20:36:49] <adaptr> merely expressing my scepticism about a "VPS provider" who are basically gameplaying amateurs.[20:37:00] <adaptr> if they're not, call them and they can sue me ;)[20:37:46] <rob0> Many distributors do not have sane named.conf defaults. Many of them suggest the use of forwarders.[20:37:53] <whitefang> minecraft requires a ridiculous amount of I/O to run smoothly.[20:38:04] <lunaphyte_> it's ok for those providing the help to get sidetracked! :p[20:38:15] <adaptr> what kind of I/O ? disk ?[20:40:02] <lunaphyte_> ir[20:40:28] *** ogny has joined #postfix[20:40:29] <adaptr> ooh I love me some IR[20:41:19] <staticsafe> disk I/O and RAM[20:42:24] <whitefang> 1GB ram[20:42:32] <whitefang> http://svn0.us-west.freebsd.org/base/release/9.1.0/etc/namedb/named.conf[20:42:40] <whitefang> those defaults look sane to me. maybe I'm on crack though[20:42:44] <rob0> Old MacDonald had some RAM, EIE I/O.[20:43:04] <lunaphyte_> yeah, freebsd's default config is *especially* brain dead[20:43:15] <adaptr> staticsafe: "I/O" does not include memory[20:43:24] <staticsafe> i never said it did[20:43:31] <adaptr> he did[20:43:43] <adaptr> and yo uimplicitly did not contradict him[20:43:52] <adaptr> or rather you implicitly stated that RAm was I/O[20:44:11] <whitefang> this provider was also very open about the hardware they run when I asked too.[20:44:20] <staticsafe> I'm explicitly stating now that RAM is not I/O :)[20:44:26] <whitefang> that's a lot more than I can say for most providers I talked to.[20:44:27] <lunaphyte_> so is the fact that bind is included as part of base. that's equally as stupid.[20:44:45] <whitefang> lunaphyte: why is that stupid?[20:44:50] <adaptr> staticsafe: can I quote you on that ???[20:45:06] <lunaphyte_> it's completely unnecesary.[20:45:08] <staticsafe> adaptr: sure?[20:45:40] <whitefang> i disagree, if you want to install out of the box using your own named then its needed.[20:45:50] <staticsafe> er[20:46:04] <whitefang> also the base system is what is heavily audited for security vulnerabilities.[20:46:06] <lunaphyte_> uh, that doesn't make any sense.[20:46:15] <staticsafe> whitefang: i think thats openbsd[20:46:37] <whitefang> staticsafe: you're right, noone on the freebsd team cares about security.[20:46:53] <lunaphyte_> if someone "wants to install out of the box" then whatever they happen to want is "needed"...[20:47:11] <staticsafe> whitefang: no that is the openbsd motto so to say[20:47:19] *** UQlev has quit IRC[20:47:20] <lunaphyte_> given that logic, then every conceivable piece of software should already be installed.[20:47:36] <lunaphyte_> l[20:47:40] <whitefang> lunaphyte: by your logic there's no reason to include ssh in base.[20:47:49] <lunaphyte_> hardly.[20:48:06] <lunaphyte_> you need to not play the contrarian just for the bizarre sake of it...[20:48:17] <staticsafe> SSH has a usecase, I don't see why we need BIND ootb?[20:48:21] <whitefang> i could say the same to you.[20:48:23] <adaptr> lunaphyte_: slackware![20:48:42] <whitefang> i can think of all kinds of reasons you would want bind ootb[20:48:47] <lunaphyte_> uh huh.[20:49:25] <lunaphyte_> i can think of all kinds of ways you could install whatever software you wanted, whenever you wanted it.[20:49:35] <staticsafe> indeed[20:49:40] <adaptr> I can think of so many ways to do IR I/O...[20:49:48] *** kaos01 has joined #postfix[20:49:50] <whitefang> except that ports don't undergo the rigorous testing that the base system does.[20:49:50] * adaptr zones out[20:49:57] <lunaphyte_> so what?[20:50:00] <lunaphyte_> who cares?[20:50:05] <rob0> adaptr, how about EIE I/O?[20:50:05] <lunaphyte_> then don't use anything at all from ports.[20:50:09] <whitefang> i do.[20:50:15] <adaptr> rob0: loved it. chuckled.[20:50:15] *** kaos01 has left #postfix[20:50:35] <lunaphyte_> eie? people still use that?![20:50:49] <whitefang> lunaphyte: why wouldn't I?[20:50:51] <lunaphyte_> enhanced interface extension[20:51:35] <whitefang> the idea behind the base system is that if all else fails, as long as the base system is intact (which it always is unless you do something really really stupid), the system will still be working.[20:52:26] *** UQlev has joined #postfix[20:52:27] <whitefang> and now i have 127.0.0.1 as my nameserver, i rely on named to work or I'm probably screwed.[20:53:03] <staticsafe> why won't named work?[20:53:20] <lunaphyte_> this is all a non-problem.[20:54:03] <whitefang> you're right. named isn't even enabled by default. you don't even have to use the named that's part of the base system[20:54:16] <whitefang> you can install any named you like and use that instead[20:54:47] <adaptr> remember the part about teh side-tracking ?[20:54:52] <adaptr> you're doing it overtime now[20:54:59] <lunaphyte_> if i set up authentication based on ldap, and now have installed openldap on the server, now i rely on openldap to work or i'm probably screwed. should openldap be in base?[20:55:04] <adaptr> please take tis to either #bind or #yourdistrohere[20:55:42] <whitefang> lunaphyte: i can see what you're saying but I really think named is such a core service that it makes sense to have it in base.[20:55:54] <whitefang> adaptr: i dunno, seems like a friendly debate to me, noone is asking for assistance.[20:55:54] <lunaphyte_> it's not a core service.[20:56:06] <staticsafe> whitefang: thats like your opinion man.[20:56:22] *** mechanicalduck has joined #postfix[20:56:27] <adaptr> whitefang: if you've supported users here for a few years, maybe you can help decide that[20:56:38] <lunaphyte_> let's collective empirical data on the percentage of fbsd installs which use/run a caching nameserver on localhost. then we can talk.[20:57:01] <whitefang> lunaphyte: we'll just have to agree to disagree on this one.[20:57:04] <lunaphyte_> if you claim you'd be it's the majority, you're plain and simple full of crap.[20:57:17] <lunaphyte_> *you'd bet[20:57:28] <whitefang> i wouldn't claim that.[20:57:35] <lunaphyte_> hence my point.[20:57:45] <adaptr> I would! I'll claim anything for a contrary position now[20:57:49] <lunaphyte_> haha[20:58:03] <rob0> adaptr, you most certainly would NOT.[20:58:14] <staticsafe> o_o[20:58:51] <whitefang> sorry, I didn't realise a difference of opinion was frowned upon.[20:59:03] <lunaphyte_> who said that?[20:59:17] <lunaphyte_> anyway, let's get back to marginally on topic. the config fbsd ships with is crappy.[20:59:23] <whitefang> lunaphyte: i was pretty much told to shutup and let this go.[20:59:35] <adaptr> lunaphyte_: you dastard. how is that on-topic?[20:59:50] <whitefang> lunaphyte: hmmmm, i'd like to know what's crappy about it because I'm using it now. :-/[20:59:54] <lunaphyte_> adaptr: look in the interstitials.[21:00:05] <adaptr> whitefang: this is not a #postfix discussion. nobody told you to "shut up", but if you represent what I say you may find yourself shut up.[21:00:10] <lunaphyte_> whitefang: it's got all kinds of unnecesary junk[21:00:11] <adaptr> *misrepresent[21:00:13] <staticsafe> it seems rather pointless to argue what distros ship in #postfix tbh[21:00:21] <staticsafe> *shrug*[21:00:26] <whitefang> lunaphyte: that's enabled?[21:00:30] <lunaphyte_> yeah, that's a pet peeve of mine too.[21:00:31] <whitefang> there's a lot of commenting in it.[21:00:33] <rob0> Spam spam spam spam Spam spam spam spam Lovely Spam, wonderful spam[21:00:39] <lunaphyte_> whitefang: yes[21:01:03] <lunaphyte_> but let's drop it here.[21:01:35] <lunaphyte_> there are other more appropriate channels[21:02:06] <whitefang> lunaphyte: invite me to a more appropriate channel and we can continue the discussion. :)[21:02:47] <lunaphyte_> well, there's #bind, i guess. or #freebsd, but i'm not really around there any more these days.[21:03:09] <whitefang> man why would we go there, full of scrubs.[21:04:09] <whitefang> lunaphyte: in all seriousness though, none of this was meant to be an attack on your character so I appologise if it was taken as such.[21:04:18] <lunaphyte_> nope, you're good.[21:04:25] <whitefang> :)[21:04:35] <lunaphyte_> no way i'd ever make such an emotional investment in irc :)[21:04:45] <lunaphyte_> thanks for checking though[21:04:51] <whitefang> i used to a couple decades ago :P[21:05:07] <lunaphyte_> lots of people do. it's too bad for them, i guess.[21:05:07] <whitefang> anyways, back on topic, running my own named has done the trick. rbl working.[21:05:34] <adaptr> you should call them DNSBLs. some assfuck patented the term RBL, or something.[21:05:47] <lunaphyte_> yes[21:06:03] <whitefang> adaptr: i'll fuck that assfuck's ass if he tries to tell me I can't use the term RBL.[21:06:04] <adaptr> which is dumber than dumb (of the trademark bureau)[21:06:06] <lunaphyte_> dnsrs[21:06:37] <rob0> That is one of the things that should be changed in Postfix 3.0, if it ever happens: reject_dnsbl_client[21:06:45] <adaptr> "hey, trademark brownnoses, I want to trademark this product you have no clue about. it's called RNSXQTGHS"[21:07:11] <adaptr> and then sue every paper in town for running crosswords.[21:07:39] <adaptr> not being allowed to use *A WORD* is about as dumb as not being owner of my own DNA.[21:07:48] <adaptr> oh wait, that already happened.[21:09:01] <whitefang> !zen[21:09:01] <knoba> whitefang: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL. Testing your DNSBL lookup can be done here: http://www.crynwr.com/spam/[21:09:46] *** mechanicalduck_ has joined #postfix[21:13:07] *** mechanicalduck has quit IRC[21:13:25] <whitefang> is there a way to test that my submission is using a valid ssl cert? (cert is ca verified but config is so touchy with intermediates etc.)[21:13:43] <adaptr> !s_client[21:13:43] <knoba> adaptr: "s_client" : see !tlstest[21:13:49] <lunaphyte_> you went and bought a commerical cert just for submission? shame![21:14:12] <adaptr> lunaphyte_: if he already bought one for webmail/imap, why not ?[21:14:21] <whitefang> lunaphyte: nah for https too[21:14:26] <whitefang> mainly for https[21:14:26] <adaptr> I usually use the same dual-use one for all of that[21:14:38] <lunaphyte_> because i use different hostnames, and more importantly, the principle.[21:14:55] <adaptr> whitefang: is it dual-use ? did you verify that the extensions are there ? you can't "just" use any certificate.[21:15:19] <whitefang> mmm, might be a hostname problem actually, its only good for ionise.org and www.ionise.org[21:15:52] <whitefang> working fine on my nginx install.[21:16:32] <lunaphyte_> well, like adaptr said, with s_client you can see what's literally being served[21:16:45] <lunaphyte_> or gnutls-cli, or whatever program you prefer[21:17:40] <whitefang> !tlstest[21:17:40] <knoba> whitefang: "tlstest" : Starting with OpenSSL 0.9.7, you can test the server-side TLS with the following: openssl s_client -starttls smtp -connect <hostname>:587 (or :25, accordingly).[21:17:57] *** zonk1024_ has joined #postfix[21:18:10] *** zonk1024 has quit IRC[21:18:10] *** zonk1024_ is now known as zonk1024[21:21:52] *** echelog has joined #postfix[21:21:52] -sendak.freenode.net- [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp[21:22:27] *** cpm has quit IRC[21:23:31] <whitefang> http://dpaste.com/1209968/[21:29:28] <lunaphyte_> you'll want to tell s_client where the root cert store is[21:35:42] *** cpm has joined #postfix[21:40:38] *** wdp has joined #postfix[21:40:38] *** wdp has joined #postfix[21:43:48] <whitefang> lunaphyte: hmmm looks like its validated on 587 when I specify location of root CA (/etc/ssl/certs/ca.pem)[21:43:53] <Section1> !auth[21:43:53] <knoba> Section1: "auth" : see !sasl[21:43:58] <Section1> !sasl[21:43:58] <knoba> Section1: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[21:44:02] <lunaphyte_> sounds reasonable.[21:44:39] <lunaphyte_> but you can of course see that the hostname used for access does not match the certificate.[21:50:09] <whitefang> right[21:50:09] *** err-or has quit IRC[21:50:22] <whitefang> i guess I'd need a wildcard cert for that and those are expensive.[21:54:18] *** Mp5shooter has quit IRC[21:55:04] <lunaphyte_> no, you don't need a wildcard cert[21:55:15] <lunaphyte_> i'd just make my own[21:55:50] *** m1nish has quit IRC[21:55:54] *** Mp5shooter has joined #postfix[21:56:24] <pj> you just need the CN to be smtp.ionise.org, it doesn'thave to be a wildcard.[21:56:40] *** mechanicalduck_ has quit IRC[21:56:45] <lunaphyte_> the cn doesn't need to be smtp.ionise.org[21:57:29] *** mechanicalduck has joined #postfix[21:57:46] <lunaphyte_> if you can't resist the unhealthy compulsion to pay for a certificate, you can include additional hostnames in subjectaltname[21:59:04] <whitefang> ok thanks.[21:59:42] <whitefang> its not a huge priority, getting the mailservers cert to appear as valid. i've rarely found a mailserver even on large ISPs that was configured properly as far as that goes :P[21:59:44] <lunaphyte_> but rarely are submission clients not a captive audience, so a private cert is rarely not adequate.[22:00:42] *** m1nish has joined #postfix[22:01:39] *** Section1 has quit IRC[22:01:45] *** err-or has joined #postfix[22:02:56] <pj> well, the cn or subjectaltname[22:03:07] <lunaphyte_> i'm a pedantic jerk[22:04:53] <pj> most cert providers won't register the subjectaltname unless you pay extra for it, though. Usually all you can get away with is them adding example.com when you submit a crt for www.example.com[22:04:59] <pj> errr csr[22:05:12] *** kaos01 has joined #postfix[22:05:36] <lunaphyte_> yeah[22:05:44] *** kaos01 has left #postfix[22:07:40] <pj> as for paying for a cert, no you don't need one for smtp, but if you want to make things as simple as possible on stupid users who balk at scary popups, then you won't want to make them have to accept your CA, paying for a cert is the path of least resistance.[22:08:33] <lunaphyte_> i'd probably be more inclined to obtain a commercial cert for smtp than i would for submission[22:08:51] <pj> well, for IMAP, actually, and may as well use it for smtp[22:09:06] <pj> and I use the same cert for webmail as well, so I make good use of it.[22:09:08] <lunaphyte_> i prefer separate certificates for all fo that.[22:09:13] <lunaphyte_> *of[22:09:39] <pj> fair enough, I'm trying to stretch my dollar by using one cert everywhere.[22:09:51] <lunaphyte_> oh, heh. i don't pay for them :)[22:09:58] <whitefang> maybe I'll try the the free CA.[22:09:58] <lunaphyte_> err, they're not commercial, rather.[22:11:41] <pj> yeah, there is a free commercial cert that you can get, but last time I looked into it you couldn't generate your own key and pass the csr, it made you fill in a web form instead and sent you the key. The issue with that is that you're giving your key to a (decidedly untrustworthy) 3rd party.[22:12:11] <pj> rapidssl has a one month free trial cert which is good for experimenting with, though.[22:13:04] <lunaphyte_> startssl is a commercial cert providers, and offers class 1 certs for free. you can provide your own key[22:13:13] <lunaphyte_> *provider[22:13:39] <pj> lunaphyte: that's the one I was talking about, maybe they changed it since I looked into it last about a year or two ago.[22:13:53] <lunaphyte_> hmm, they have as long as i've known. many years.[22:14:06] * pj checks[22:15:50] <pj> and you actually would be supplying a csr, not a key (see, I can be pedantic as well)[22:15:59] <lunaphyte_> hah![22:16:10] * lunaphyte_ rewinds[22:16:35] <lunaphyte_> [4:13pm] lunaphyte_: startssl is a commercial cert providers, and offers class 1 certs for free. you can generate your own key[22:16:44] <lunaphyte_> you must have misread :p[22:17:39] <pj> oh, yes, I must have[22:18:27] <lunaphyte_> thank heavens this channel isn't logged[22:18:53] <pj> hah[22:19:12] <thumbs> ahem[22:19:25] <pj> anyways, I want to see what their signup process is for a free cert, so I'm running through it now.[22:23:36] <pj> anyhow, time to go get my son to school, bbl[22:32:18] <pj> lunaphyte: startssl generates the key for you.[22:32:31] <lunaphyte_> they can, yeah[22:32:36] <lunaphyte_> it's not mandated though[22:33:05] <pj> I'm running through the process, I don't see any other option ... yet[22:36:34] <pj> anyways, I'm not going to run through the rest of the process for the reason that I can't do it with my own domain and I don't want to muck around with my client's domains for this.[22:39:13] <lunaphyte_> why can't you use your own domain?[22:40:34] <rob0> Got in an argument with the domain registrant, no longer on speaking terms.[22:40:43] <lunaphyte_> haha[22:42:46] *** lamarus has left #postfix[22:53:01] *** grknight has quit IRC[23:06:46] *** Motoko has joined #postfix[23:09:41] *** UQlev has quit IRC[23:28:06] *** kli0rf has quit IRC[23:29:20] *** m1nish has quit IRC[23:32:16] *** kli0rf has joined #postfix[23:46:41] *** wdp has quit IRC[23:53:06] *** mibofra has quit IRC