June 6, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 6, 2013 [00:11:42] *** UQlev has quit IRC[00:22:02] *** Zerberus` is now known as Zerberus[00:22:10] <whitefang> ChadLepto: haven't done anything postfix related with an SQL backend yet. I currently have a few webapps using a MySQL backend (allocPSA, drupal)[00:22:47] <tharkun> Deesl: Breath think. What you want to do has a weapon of choice act upon that. Do not act on what people tell you but what you actually need.[00:23:15] <Deesl> tharkun: thanks for the suggestion[00:25:36] *** Tabmow has quit IRC[00:25:49] <ChadLepto> whitefang, i throw everything into sql, all postfix maps, accounts, anything that fits[00:25:54] *** Tabmow has joined #postfix[00:25:57] <ChadLepto> makes it super easy to fix things[00:28:32] <rob0> Deesl, if you don't cooperate, we can't help you. See also /topic, your "postfix configuration" should have been "postconf -n" (and yikes, it looks crufty.)[00:29:03] <rob0> anyway, it's too late for me, I gtg. Bye.[00:31:12] <whitefang> ChadLepto: yeah I've seriously considered it.[00:31:18] <lunaphyte> blech.[00:31:24] <Deesl> rob0: sorry about my silence.. I was trying out a few things on my own[00:31:25] <whitefang> I'm kind of a noob when it comes to database administration though.[00:31:31] <Deesl> thanks so much and sorry for my silence[00:32:13] <lunaphyte> using sql makes sense only if you've already got an established data source that can't be abandoned due to other things.[00:32:33] <lunaphyte> ldap is more appropriate.[00:32:55] <thumbs> or if you're a DBA like me, and no nothing about ldap, and find sql easier[00:34:00] *** Eagleman7 has quit IRC[00:34:08] <deXar> Talking of ~100,000 e-mails per day (user/registration based notifications), what would you postfix-friends suggest me the mostly, when it comes to performance? Any config. tip, or such advice are welcome.[00:34:09] <lunaphyte> heh[00:34:19] <lunaphyte> well, i didn't know anything about ldap either, until i decided to learn :)[00:34:39] <thumbs> lunaphyte: sure, I could probably learn if I applied myself to it[00:34:53] <lunaphyte> i'm certain[00:36:16] *** Kalavera has joined #postfix[00:36:48] <whitefang> LDAP seems like a very useful skill to have.[00:39:31] *** Patrickdk has joined #postfix[00:39:35] <lunaphyte> it was ultimately a wake up call for me.[00:39:51] <lunaphyte> i realized that everything should be in ldap, not sql.[00:44:07] *** sphenxes has quit IRC[00:44:07] *** sphenxes01 has quit IRC[00:51:08] *** mactimes is now known as mactimes_[00:53:38] *** gu1lle_ has quit IRC[00:54:12] *** [diablo] has joined #postfix[00:54:13] *** [diablo] has joined #postfix[01:00:05] *** sphenxes has joined #postfix[01:03:47] *** danblack has joined #postfix[01:05:12] *** wdp has quit IRC[01:10:35] *** mechanicalduck has quit IRC[01:14:54] *** mechanicalduck has joined #postfix[01:16:42] *** Kalavera has left #postfix[01:20:08] *** mechanicalduck has quit IRC[01:20:46] *** sphenxes has quit IRC[01:22:22] *** mechanicalduck has joined #postfix[01:23:12] *** sphenxes has joined #postfix[01:23:21] *** master_o1_master has joined #postfix[01:26:24] *** master_of_master has quit IRC[01:26:46] *** jarif has quit IRC[01:27:30] <rob0> Deesl, no problem, you should be trying things on your own. !postmapq was a real good hint, BTW.[01:27:47] <Deesl> rob0: oh yes it was for sure...[01:31:42] *** jarif has joined #postfix[01:33:24] *** trusktr has quit IRC[01:35:18] *** sphenxes has quit IRC[01:35:20] *** mechanicalduck has quit IRC[01:37:49] *** sphenxes has joined #postfix[01:38:04] *** mechanicalduck has joined #postfix[01:39:30] *** [diablo] has quit IRC[01:39:32] *** sphenxes has quit IRC[01:46:36] *** Kellin_ has quit IRC[01:48:21] *** mechanicalduck has quit IRC[01:54:36] *** trusktr has joined #postfix[01:55:28] *** mechanicalduck has joined #postfix[02:09:32] *** HanzoHatori has joined #postfix[02:09:45] *** HanzoHatori has quit IRC[02:10:37] *** Kalavera has joined #postfix[02:10:46] <Kalavera> hola[02:11:37] *** war4head has joined #postfix[02:11:38] *** warhead has quit IRC[02:12:38] *** krisfremen has quit IRC[02:12:41] *** krislappy has joined #postfix[02:12:42] *** krislappy has joined #postfix[02:13:14] <Kalavera> hey guys I am having some issues when I try to send external email , I have tested the sasl authentication using telnet and base64 content in login and passweord but it still says Relay Access Denied[02:15:54] <Kalavera> here is a pastebin of postconf -n[02:15:55] <Kalavera> http://pastebin.com/ZGNvTJFx[02:22:39] *** Tabmow has quit IRC[02:23:24] *** mechanicalduck has quit IRC[02:26:14] *** schrodinger has quit IRC[02:26:48] *** schrodinger has joined #postfix[02:29:24] *** schrodinger has quit IRC[02:33:33] *** mechanicalduck has joined #postfix[02:38:25] *** schrodinger has joined #postfix[02:40:41] <Kalavera> ok guys fixed it with smtpd_relay_restrictions but what about smtpd_sender_restrictions? can it still be used?[02:44:21] *** Corey has quit IRC[02:47:07] *** talesofterror has joined #postfix[02:50:13] *** mechanicalduck has quit IRC[02:50:15] *** mechanicalduck_ has joined #postfix[02:50:53] *** talesofterror has left #postfix[02:52:28] *** cpm has joined #postfix[02:52:29] *** cpm has joined #postfix[03:08:29] *** Corey has joined #postfix[03:28:06] *** mechanicalduck_ has quit IRC[03:47:58] *** mechanicalduck has joined #postfix[03:52:32] *** mechanicalduck has quit IRC[03:58:29] *** cpm has quit IRC[04:05:15] *** Braden` has joined #postfix[04:05:17] <Braden`> Hello[04:07:05] <Braden`> I am trying to send mail using smtp. My server answers on port 25, I send to port 25, but get the message: An error occurred while sending mail. The mail server responded: 4.7.1 Client host rejected: cannot find your hostname, [my ip]. Please check the message recipient my@email and try again.[04:07:08] *** codepython777 has joined #postfix[04:07:33] <codepython777> is there a good mail server that runs in pure python? (I am looking to handle pretty light load of 100-1000 emails a day)[04:07:35] <Braden`> It should be authentication based, so in theory should accept all hosts[04:09:42] *** grknight has joined #postfix[04:13:11] *** krislappy is now known as krisfremen[04:20:09] <Braden`> Anyone?[04:20:37] <lunaphyte> !tell Braden` welcome[04:20:38] <knoba> Braden`: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[04:23:39] <Braden`> http://pastebin.com/tqQH8tVh[04:23:55] <Braden`> Those directories exist in /home[04:28:26] <pj> Braden`: you shouldn't be trying to submit mail to port 25[04:28:43] *** m1nish has joined #postfix[04:28:51] <pj> port 25 is for communication between one MX and another not for submission[04:28:57] <pj> !tell Braden` submission[04:28:57] <knoba> Braden`: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[04:29:38] *** Bry8Star has joined #postfix[04:35:44] *** tmberg has quit IRC[04:44:39] *** err-or_ has joined #postfix[04:45:29] *** Deesl has quit IRC[04:48:29] *** err-or has quit IRC[04:54:54] *** danblack has quit IRC[05:02:59] <Braden`> knoba: That fixed it, thank you[05:03:10] <Braden`> Is there a way to limit the submission stream to just one ip?[05:03:17] <Braden`> e.g. x.x.x.x:587 ?[05:04:02] <rob0> !tell Braden` access[05:04:02] <knoba> Braden`: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[05:04:10] <rob0> !tell Braden` check_client_access[05:04:10] <knoba> Braden`: "check_client_access" : Search the named access database for the client name, parent domains, client address, or networks obtained by stripping least significant octets. Reject if the result is REJECT or [45]XX text . Permit otherwise[05:05:05] <rob0> afk[05:08:39] <Braden`> No, I meant that the server has two IPs[05:08:47] <Braden`> It is listening on ports 587 on both IPs[05:08:54] <Braden`> Is there a way to limit it to a single IP?[05:10:00] <pj> Braden`: yes, you can control which IP the service listens to in master.cf, you can also use a firewall to limit which IPs are allowed access.[05:10:08] <pj> !master[05:10:08] <knoba> pj: "master" : postfix master process. the master(8) daemon is the resident process that runs postfix daemons on demand. see man 8 master or http://www.postfix.org/master.8.html for more info. also see !master.cf[05:10:14] <pj> !master.cf[05:10:14] <knoba> pj: "master.cf" : postfix master process configuration file. each logical line describes how a postfix service will be run. see man 5 master or http://www.postfix.org/master.5.html for more information. also see !master[05:10:18] *** Dominian has quit IRC[05:10:18] <grknight> Braden`: in master.cf, do <IP>:submission. example: 192.168.0.1:submission[05:10:39] <pj> Braden`: read the master(5) man page[05:11:49] <Braden`> Oh I see[05:11:50] <Braden`> Thank you[05:12:08] <jimpop> !version[05:12:10] <knoba> jimpop: The current (running) version of this Supybot is 0.83.4.1. The newest version available online is 0.83.4.1.[05:12:15] <jimpop> doh[05:12:30] <jimpop> what's the latest postfix version?[05:12:34] <grknight> !mail_version[05:12:34] <knoba> grknight: "mail_version" : a configuration parameter in the main.cf: The version of the mail system. Stable releases are named major.minor.patchlevel. Experimental releases also include the release date. The version string can be used in, for example, the SMTP greeting banner.[05:13:12] <grknight> jimpop: 2.10.0 atm[05:13:56] <jimpop> ty[05:14:36] <grknight> that's of stable releases. there are development snapshots of 2.11 available as well[05:15:07] * jimpop is quite surprised to see the latest debian release (wheezy) contain an almost up-2-date version (2.9.2) of postfix.[05:16:33] <grknight> jimpop: and that means they are 4 patches behind in the 2.9 feature base[05:21:13] <jimpop> wait. wheezy has postfix 2.9.6[05:22:14] <jimpop> 2.9.6-2 to be exact.[05:22:21] *** danblack has joined #postfix[05:38:30] *** elbeardmorez has quit IRC[05:43:07] *** Mp5shooter has quit IRC[05:48:11] *** tmberg has joined #postfix[05:49:08] *** Mp5shooter has joined #postfix[05:50:24] *** Ulver_ has quit IRC[05:50:36] *** Ulver has joined #postfix[05:56:16] *** codepython777 has quit IRC[06:00:15] *** m1nish has quit IRC[06:07:08] *** grknight has quit IRC[06:15:33] *** twiztar has quit IRC[06:17:21] <Braden`> Is there a way to remove access restrictions?[06:17:47] <Braden`> so that smtpd_client_restrictions will not reject based on hostname or ip?[06:17:52] <Braden`> unless it fails an dnsbl[06:18:28] <Braden`> I could specify a hashed access file, but I would prefer it to accept all ips[06:19:22] *** codepython777 has joined #postfix[06:27:33] *** mpls-eric has joined #postfix[06:37:45] *** danblack has quit IRC[06:45:33] *** Ulver has quit IRC[06:45:58] *** Ulver has joined #postfix[06:46:31] *** danblack has joined #postfix[06:47:51] *** biggi_mat has joined #postfix[06:50:05] *** mpls-eric has quit IRC[06:58:06] *** danblack has quit IRC[07:00:32] <Braden`> Anyone?[07:01:39] <Braden`> Is there a: permit * ?[07:02:38] <Braden`> nm[07:02:40] <Braden`> figured it out[07:05:36] *** rotbeard has joined #postfix[07:10:40] *** UQlev has joined #postfix[07:13:56] *** codepython777 has quit IRC[07:19:25] <pj> Braden`: what you want an open relay?[07:26:46] <Braden`> Nay. I discovered that to solve my problem I need to implement sasld[07:27:08] <Braden`> So that is what I am doing, although I am encountering some problems. I keep checking the logs and googling, so I don't think I need help just yet[07:27:16] <Braden`> I will let you know if I do though. Thanks for the reply[07:36:35] <Patrickdk> sasld? dear god I hope not :)[07:36:48] <Patrickdk> if you must use cyrus sasl, ok[07:36:56] <Patrickdk> if you want to remain sane, use dovecot[07:41:46] <pj> Braden`: dovecot sasl is much easier to work with[07:41:51] <pj> !tell Braden` sasl[07:41:51] <knoba> Braden`: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[07:50:34] *** UQlev has quit IRC[07:50:38] <Braden`> An error occurred while sending mail. The mail server responded: 5.7.1 <user@domain>: Sender address rejected: not owned by user user. Please check the message recipient user@domain and try again. <-- I am receiving this error. I am not sure how to fix it. THe solutions on google have not worked for me.[07:51:44] *** whitefang has quit IRC[07:57:27] <Braden`> Anyone?[08:02:37] *** Marchal has quit IRC[08:04:14] <Braden`> http://pastebin.com/6t6SVJYy <--- This is my main.cf file[08:05:31] <Braden`> Let me merge all of the information[08:05:32] <Braden`> http://pastebin.com/6t6SVJYy <-- Trying to configure postfix properly, but I keep receiving the error: 5.7.1 <user@domain>: Sender address rejected: not owned by user user. Please check the message recipient user@domain and try again. <-- Any help would be appreciated.[08:05:34] <Braden`> There we go[08:15:58] *** twiztar has joined #postfix[08:29:25] *** prooz_ has quit IRC[08:29:38] *** prooz has joined #postfix[08:30:42] <rtpada> user user[08:30:45] <rtpada> roger roger[08:31:31] <rtpada> !tell Braden` welcome[08:31:31] <knoba> Braden`: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[08:32:03] <Braden`> I did that[08:32:21] <Braden`> I posted my conf to a paste site and provided the link including the error I was encountering[08:32:23] *** rtpada is now known as adaptr[08:32:43] <adaptr> no, you did not do as asked in the /topic. we don't want to see main.cf[08:32:59] <adaptr> we need to see literal, verbatim log entries related to the issue, and the output of postconf -n[08:33:08] <Braden`> Gotcha[08:33:10] <Braden`> I will do that[08:33:14] <Braden`> Sorry about that[08:33:25] <adaptr> don't worry about it[08:33:38] <adaptr> about 80% get it wrong[08:35:39] <pj> !tell Braden` relevant_logs[08:35:39] <knoba> Braden`: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[08:42:39] <Braden`> http://pastebin.com/6sH7W3mg <-- There are the relevant logs and the postconf -n and the main.cf (I put it at the bottom just in case anyone needed it)[08:43:25] <Braden`> The one notable thing I see is that it can see my internal IP, which the server is not on the same network of[08:45:18] <adaptr> no. we will never need to see main.cf[08:45:50] <Braden`> ok[08:46:03] <Braden`> Well, anyways, what you need is at the top[08:46:04] <adaptr> smtpd_sender_restrictions = permit_mynetworks, reject_authenticated_sender_login_mismatch,[08:46:13] <adaptr> do you know why you are using that latter restrictions ?[08:46:16] <adaptr> *restriction[08:46:19] <Braden`> Hmm[08:46:20] *** UQlev has joined #postfix[08:46:32] <Braden`> I don't recall why I added that[08:46:41] <adaptr> remove it[08:46:48] <Braden`> I was reading the postconf manpage and saw it and the restriction seemed to make sense. I will remove it[08:46:48] <adaptr> then read what it does :)[08:48:01] <Braden`> Same error[08:48:19] <adaptr> reject_unauthenticated_sender_login_mismatch,[08:48:24] <adaptr> when you fail, you fail magnificently[08:48:46] <adaptr> you don't know what those DO. don't use them unless you understand them (that goes for every single change you make)[08:49:09] <Braden`> Agreed[08:49:30] <adaptr> smtpd_use_tls = yes[08:49:33] <adaptr> get rid of that too[08:49:44] <Braden`> I removed all instances of that. Now I am getting a 4.3.5 service configuration error. I will check the logs[08:49:45] <Braden`> Ok[08:50:53] <adaptr> it also pays to weed all duplicate defaults out of your main.cf - keeps you saner[08:51:26] <adaptr> sort < <(postconf -d; postconf -d; postconf -n) | uniq -u[08:51:34] <adaptr> the output is what SHOULD be in main.cf[08:53:02] <Braden`> It works now[08:53:03] <Braden`> Thank you[08:54:38] <Braden`> I appreciate the fact that you took the time to help me :)[08:56:42] <adaptr> that's okay[08:56:48] <adaptr> I'll go to work now[09:07:48] *** err-or_ has quit IRC[09:07:48] *** Bry8Star has quit IRC[09:38:15] <yezariaely> I have to switch mail servers. On both servers I have postfix configured for the same mailboxes and domains. DNS is updated, however this will take a while due to caches. Now I want my old postfix server to forward all emails for some domains to be forwarded/relayed to my new postfix server. How do I do this?[09:46:12] *** mcp has quit IRC[09:51:39] *** elbeardmorez has joined #postfix[10:04:48] *** wdp has joined #postfix[10:04:48] *** wdp has joined #postfix[10:09:36] *** Bry8Star has joined #postfix[10:13:20] *** trusktr has quit IRC[10:18:22] *** deXar has quit IRC[10:22:17] *** UQlev has quit IRC[10:26:49] *** level7 has joined #postfix[10:26:52] <level7> morning all[10:27:04] <level7> I have a typical issue with amavis..... maybe somebody of you can help me :)[10:27:08] <level7> )DENIED ACCESS from IP mysptpIP, policy bank ”[10:27:16] <level7> but I have added mysptpIP to the amavis.conf file, i.e. in the line " inet_acl => [qw( 127.0.0.1 [::1] mysmtpIP )]"[10:27:22] <level7> any hint?[10:29:06] <pj> level7: nope, this is #postfix, if it's a postfix issue we can help, otherwise we'll just tell you it's a problem with amavisd.[10:31:30] <jelly> level7: amavis-users mailing list looks like _the_ place to ask; http://www.ijs.si/software/amavisd/#support[10:33:47] <level7> hum.... well thank you :)[10:34:12] <level7> I thought it was something between amavis and postfix... because the result is that my emails are deferred which is quite annoying[10:34:32] <level7> so, I was wondering if the problem comes from amavis or postfix... so I Wanted to fix amavis and then see if postfix was working[10:35:54] *** TheJH has joined #postfix[10:35:55] *** TheJH is now known as Guest89690[10:39:06] <level7> so this is more postfix related: should postifx talk to amavis via the localhost or the wan IP ?[10:44:40] <jelly> level7: if all the postfix instances talking to this amavis instance are on the same machine, there no need to expose amavis[10:44:46] <jelly> is.[10:50:04] *** sphenxes has joined #postfix[10:51:11] *** p3rror has joined #postfix[10:53:33] <level7> yes it's teh same machine[10:54:07] <level7> so should I say to postfix to talk to amavis, on 127.0.0.1...any hint? :)[10:56:51] <level7> I have these two lines:[10:56:56] *** Braden` has quit IRC[10:57:01] <level7> in my postfix config file[10:57:02] <level7> content_filter = smtp-amavis:[127.0.0.1]:10024[10:57:04] <level7> and[10:57:19] <level7> smtp_bind_address=mysmtpaddress[10:57:45] <level7> the last one is correct, that is the global address to send emails to the Internet[10:58:32] <level7> but I do not see how I can say to postfix to talk to amavis via the 127.0.0.1... I assumed it was the first line but then I wonder why amavis gives me errors regarding policy[11:09:13] *** olivier_bK has joined #postfix[11:10:37] *** olivier_bK has left #postfix[11:16:24] <pj> 127.0.0.1 is generally correct[11:19:14] <level7> then I do not see why amavis has that policy thing[11:19:32] <level7> it should not get messages from postfix on the WAN IP[11:38:33] *** olivier_bK has joined #postfix[11:40:07] *** Tyklol is now known as Tykling[11:40:46] *** olivier_bK has left #postfix[11:54:32] <level7> well I changed amavis conf file (something in that file is not working as expected) and now it's delivering emails[11:54:49] <level7> but still I do not understand why postfix is talking to amavis via the WAN IP :([11:58:09] *** UQlev has joined #postfix[12:05:15] *** smue has joined #postfix[12:05:54] <Zerberus> level7: did you provide the configuration details as demanded per /topic?[12:06:31] <level7> I hope so :)[12:07:39] *** michelem has joined #postfix[12:08:12] <michelem> hello folks. A tip to prevent or curb outward spam with postfix?[12:13:15] *** mcp has joined #postfix[12:19:17] <rob0> In a nutshell: 1. Keep submission separate from MX (a different smtpd at the least); 2. Strict rate limiting (a bot can/will send mail much faster than a human!), such as !postfwd can do; 3. Content filtering focused on !uribl lookups, and I'd recommend !amavisd-new with SpamAssassin for that.[12:20:33] <rob0> Last year I gave a boring presentation at the Southeast [USA] Linux Fest on that very subject. They have the video up at youtube. I'm on my way now to repeat that boring talk this year.[12:21:04] *** heraclide has joined #postfix[12:21:14] <heraclide> hello :)[12:21:20] <rob0> (so you probably won't see much of me in here the next week or so)[12:24:14] <heraclide> I have some clients sending big newsletter which hammers the postfix server. I would like to slow them down. I tried with postfwd as policy service like in http://pastebin.com/EmXTrb7V . My concerns is about the memory and cpu consumption ?[12:25:12] <rob0> Did it cause a problem? I wouldn't expect postfwd to do so.[12:25:38] <rob0> You know that it is NOT a content filter, and it does not even see the content of the mail?[12:25:49] <rob0> !policy[12:25:49] <knoba> rob0: "policy" : Postfix smtpd(8) policy protocol, http://www.postfix.org/SMTPD_POLICY_README.html , for complex and intelligent restrictions[12:26:39] <heraclide> <rob0> Did it cause a problem? I wouldn't expect postfwd to do so. <= no, in fact, i made tests, but didn't push it to production already[12:27:36] *** smue has quit IRC[12:28:24] *** jarif has quit IRC[12:28:30] <rob0> It's just a python process, and it doesn't do much.[12:28:33] *** smue has joined #postfix[12:28:56] <heraclide> hmm ok[12:29:47] *** jarif has joined #postfix[12:32:07] *** jarif has quit IRC[12:32:53] *** jarif has joined #postfix[12:42:19] <michelem> rob0: why number 1, bounces?[12:43:21] <rob0> Vastly different content filtering and rate limiting requirements.[12:43:57] <rob0> Sometimes a legitimate mass mailer will bombard your site, and there's no point in rejecting that.[12:44:38] <rob0> When a credentialed SASL user exceeds some modest rate limits, you can be pretty sure they have malware.[12:47:11] <rob0> Then you have postfwd reject anything from that user. Or redirect to a quarantine if you feel better with that (I wouldn't. Publish your rate limit somewhere and incorporate into your ToS. If legitimate mail is blocked, they won't like it, but they were warned.)[12:48:01] <michelem> I see, just for different tunings. I have that in place already, but MX uses MTA for its own outward delivery[12:48:26] <michelem> I'm skeptical using perl stuff for controlling such simple things[12:55:48] *** kirin` has quit IRC[12:56:38] *** kirin` has joined #postfix[13:01:36] *** UQlev has quit IRC[13:35:05] *** level7 has quit IRC[13:35:40] *** level7 has joined #postfix[13:45:43] *** UQlev has joined #postfix[13:46:31] *** xcrracer has quit IRC[13:46:51] *** xcrracer has joined #postfix[13:47:10] *** cpm has joined #postfix[13:47:50] *** Bry8Star has quit IRC[13:48:07] *** terr1 has quit IRC[13:48:27] *** SuperNull has quit IRC[13:48:42] *** SelfishMan has quit IRC[13:49:04] *** terr1 has joined #postfix[13:49:23] *** SelfishMan has joined #postfix[13:50:03] *** Bry8Star has joined #postfix[13:51:51] *** Th0masR0ss has joined #postfix[13:54:11] <jelly> one commercial security vendor has their (excellent, if I may say) content_filter written in Perl[13:54:54] * jelly wishes in vain his $employer had the budget to use that solution again[14:00:03] *** sep_ has left #postfix[14:04:47] <jelly> Hi. I have to pass information about sasl_username to nexthop for a specific recipient domain, and was thinking of adding a custom header or modifying an existing one. Is there a way to do this in Postfix and what would be the simplest one? I do not hope my nexthop with unknown software will understand XCLIENT or XFORWARD.[14:05:43] <jelly> Using Postfix 2.7.1 on Debian 5, but that can be changed.[14:07:16] *** cpm has quit IRC[14:07:55] *** michelem has quit IRC[14:11:24] *** Section1 has joined #postfix[14:17:13] *** Dominian has joined #postfix[14:23:04] * jelly tries to figure out whether smtpd_sasl_authenticated_header can be applied conditionally[14:25:53] *** heraclide has left #postfix[14:33:02] *** [diablo] has joined #postfix[14:33:02] *** [diablo] has joined #postfix[14:34:41] *** codepython777 has joined #postfix[14:35:07] *** p3rror has quit IRC[14:35:25] *** grknight has joined #postfix[14:47:33] *** davyjoneslocker has joined #postfix[14:54:59] *** level7 has quit IRC[15:02:23] *** level7 has joined #postfix[15:06:44] *** Guest02377-50092 has joined #postfix[15:07:24] *** Gotlanning has joined #postfix[15:07:44] *** M|ckael has quit IRC[15:08:40] *** Dominian_ has joined #postfix[15:09:11] *** phenom has joined #postfix[15:09:38] *** Creamz_ has joined #postfix[15:09:55] *** koobs` has joined #postfix[15:10:10] *** _TheAvatar has joined #postfix[15:10:16] *** chris|| has quit IRC[15:10:27] *** internat has quit IRC[15:10:29] *** f3ew has quit IRC[15:10:31] *** Creamz has quit IRC[15:10:38] *** Skit_i_det has quit IRC[15:10:40] *** phenom__ has quit IRC[15:10:41] *** TheAvatar has quit IRC[15:10:42] *** koobs has quit IRC[15:10:46] *** chris| has joined #postfix[15:11:05] *** mcp has quit IRC[15:11:05] *** Dominian has quit IRC[15:11:08] *** f3ew has joined #postfix[15:11:20] *** lroe has quit IRC[15:11:21] *** Dominian_ is now known as Dominian[15:11:46] *** nihe has quit IRC[15:12:13] *** UQlev has quit IRC[15:13:26] *** phenom has quit IRC[15:13:35] *** emcepe has joined #postfix[15:13:35] *** phenom has joined #postfix[15:14:18] *** jarif has quit IRC[15:14:23] *** VaNNi has quit IRC[15:14:23] *** arnoldB_ has quit IRC[15:14:38] *** arnoldB has joined #postfix[15:14:48] *** jarif has joined #postfix[15:15:08] *** VaNNi has joined #postfix[15:15:40] *** chrisq_ has joined #postfix[15:15:46] *** prooz_ has joined #postfix[15:15:48] *** failure_ has joined #postfix[15:16:59] *** kisisten has joined #postfix[15:17:01] *** nihe has joined #postfix[15:18:15] *** VaNNi has quit IRC[15:18:50] *** sirecote_ has joined #postfix[15:18:50] *** VaNNi has joined #postfix[15:18:53] *** gongoputch has quit IRC[15:18:55] *** yosafbridge` has quit IRC[15:18:56] *** Cerise has quit IRC[15:18:57] *** sirecote has quit IRC[15:18:58] *** chrisq has quit IRC[15:18:59] *** failure has quit IRC[15:19:00] *** prooz has quit IRC[15:19:00] *** magyar has quit IRC[15:19:01] *** peps has quit IRC[15:19:04] *** robjh has joined #postfix[15:19:11] *** yosafbridge has joined #postfix[15:19:16] *** anonymous has quit IRC[15:19:41] *** Cerise has joined #postfix[15:20:12] *** anonymous has joined #postfix[15:21:32] *** tharkun has quit IRC[15:22:00] *** Cerise is now known as Guest48858[15:29:08] *** mechanicalduck has joined #postfix[15:30:45] *** level7 has quit IRC[15:32:33] *** shoonya has joined #postfix[15:33:02] *** shoonya has quit IRC[15:35:31] *** rotbeard has quit IRC[15:39:07] *** SuperNull has joined #postfix[15:40:17] *** krislappy has joined #postfix[15:40:17] *** krislappy has joined #postfix[15:40:18] *** Kamal_ has quit IRC[15:40:58] *** krisfremen has quit IRC[15:40:58] *** infojunky has quit IRC[15:40:59] *** infojunky has joined #postfix[15:41:24] *** Kamal_ has joined #postfix[15:41:24] *** frank____ has joined #postfix[15:41:48] *** Kamal_ is now known as Guest83370[15:43:39] *** emcepe has quit IRC[15:44:08] *** mcp has joined #postfix[15:45:25] *** SuperNull has quit IRC[15:48:21] *** sirecote_ has left #postfix[15:49:50] *** SuperNull has joined #postfix[15:51:58] *** infojunky_ has joined #postfix[15:52:06] *** Arkouro has joined #postfix[15:52:19] *** shadyabhi has quit IRC[15:52:19] *** infojunky has quit IRC[15:52:41] *** soosfarm has quit IRC[15:53:04] *** shadyabhi has joined #postfix[15:53:14] <Arkouro> !debug[15:53:14] <knoba> Arkouro: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[15:53:40] *** soosfarm has joined #postfix[15:54:57] *** Bry8Star has quit IRC[15:58:05] *** mregg has joined #postfix[15:59:35] *** mregg has left #postfix[15:59:39] *** mregg has joined #postfix[16:00:41] *** mregg has left #postfix[16:01:29] *** Bry8Star has joined #postfix[16:07:54] *** mechanicalduck has quit IRC[16:08:01] *** Dessa has quit IRC[16:08:01] *** Dessa has joined #postfix[16:08:50] <Arkouro> I installed postfix from Debian repositories and it works correctly, however I'd like to enable TLS/SSL and force it to send email with those layers enabled. I have found a variety of guides suggesting wildly different ideas. I've tried checking for TLS support in psotfix but it doesn't appear to exist or be enabled. Must I compile SASL externally before adding in anything to make TLS work?[16:08:50] <Arkouro> Thanks.[16:10:22] <lunaphyte_> no[16:10:36] <lunaphyte_> i don't understand what you're asking though.[16:11:02] <lunaphyte_> you want to use tls, but you're asking a question about sasl?[16:11:57] <Arkouro> That's where I am confused, do I need sasl for TLS to work in Postfix?[16:12:07] <lunaphyte_> um, no.[16:12:11] <lunaphyte_> that doesn't make sense.[16:12:22] <lunaphyte_> sasl is sasl. tls is tls.[16:12:49] <lunaphyte_> tls is encryption. sasl is authentication.[16:12:49] <jelly> but tls is ssl![16:13:44] <Arkouro> every guide I find while browsing is "tls and sasl", like they both have to be setup to use have fully encrypted email. Is this the case?[16:13:54] <lunaphyte_> heavens no.[16:14:08] *** pecanha has joined #postfix[16:14:09] <lunaphyte_> that's one of the multitude of reasons you don't use "guides".[16:14:36] <Arkouro> yeah, no kidding apparently[16:14:46] <lunaphyte_> also, you need to understand that you will *never* have fully encrypted email just by poking at postfix.[16:14:53] <lunaphyte_> guides and howtos are not for beginners.[16:15:47] <Arkouro> To clarify, postfix is only sending email for an application on a linux system, there is no full-fledged IMAP server or anything and it doesn't intend to receive email.[16:16:02] <lunaphyte_> oh, that's what this is all about?[16:16:08] <lunaphyte_> you don't want postfix then.[16:16:13] <Arkouro> What should I use?[16:16:31] <lunaphyte_> you don't need to install a mail server just to send mail. that would be crazy.[16:16:35] <lunaphyte_> you just need a null client.[16:17:23] <lunaphyte_> i'd recommend msmtp. it can do encryption, as you indicate you desire.[16:17:57] <Arkouro> I shall look into that, especially since I want to cut down on security risk where ever possible and that having a full mail server increases that risk, especially since I don't need it[16:18:01] <lunaphyte_> [but keep in mind my earlier comment about fully encrypted mail][16:18:10] <lunaphyte_> indeed it does.[16:18:25] <Arkouro> of course[16:18:28] <lunaphyte_> if you're of that mindset, you're already headed in the right direction.[16:19:22] <Arkouro> Yeah, I was just confused by some basic searching that had sent me in the wrong direction. Thanks for clarifying this for me.[16:19:29] <lunaphyte_> sure thing.[16:19:36] <survietamine> !nullclient[16:19:36] <knoba> survietamine: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[16:19:39] <lunaphyte_> really, you should be using both though[16:20:18] <lunaphyte_> your null client should use encryption when connecting to your msa, and your null client should authenticate against the msa so it can submit its message for processing.[16:20:20] <Arkouro> msmtp and postfix/[16:20:20] <Arkouro> ?*[16:20:27] <pecanha> Hello. I'm trying to setup dspam with postfix, and after reading postfix documentation I'm having some doubts. I'm using mysql to store virtual aliases. And I need to redirect two specific spam|ham at domain dot org aliases to a dspam-retrain script. I'm doing this using transport_maps = hash:/etc/postfix/transport. My transport file contains something like: spam at domain dot org dspam-retrain:spam. And I've setup a dspam-retrain unix - n[16:20:27] <pecanha> n - 10 pipe flags=Ru user=dspam argv=/etc/dspam/dspam-retrain $nexthop $sender $recipient ... service on master.cf refering. When I send an email to spam at domain dot org it seems that its checking virtual_alias_maps before transporting. Do I need to do something else or do I missing something to change this order?[16:20:31] <lunaphyte_> oh, no. encryption and authentication[16:21:05] <lunaphyte_> !tell pecanha welcome[16:21:05] <knoba> pecanha: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[16:21:14] <Arkouro> ah yeah, both will be in place for this system. I think confusion is going arise when having to deal with sending to an exchange server.[16:21:25] <lunaphyte_> why?[16:22:01] <Arkouro> Because, of course, nobody wants to let me know how the Exchange server is configured.[16:22:07] <lunaphyte_> oh, heh.[16:22:15] <lunaphyte_> that's just because they don't know ;)[16:22:23] <pecanha> lunaphyte_: hello, thanks.[16:22:41] <Arkouro> So it will be a bit a bit of feeling in dark to sort this out, thanks for your help though. I will tackle one thing at a time![16:22:52] <lunaphyte_> sure thing, you're welcome.[16:23:52] <survietamine> Arkouro: maybe with openchangeclient[16:26:19] <Arkouro> Interesting, an open source implementation of Exchange protocols[16:26:46] *** tharkun has joined #postfix[16:26:46] *** tharkun has joined #postfix[16:30:09] *** Uranio has joined #postfix[16:33:52] <pecanha> My issues (logs/configs) about integrating postfix/dspam: http://pastebin.com/T7jUk7ch Any help is appreciate :)[16:35:17] <pecanha> sorry, updated one: http://pastebin.com/7fpW5qm7[16:35:31] *** a_west has quit IRC[16:37:32] *** soosfarm_ has quit IRC[16:38:51] *** soosfarm_ has joined #postfix[16:38:54] <jelly> Arkouro: which ones, MAPI or ActiveSync?[16:49:32] <Arkouro> looks like MAPI just by glancing at the material, personally I am going to experiment with msmtp first and see what I come up with[16:49:50] <Arkouro> if relaying to the exchange server looks like it will be a problem, I will mess with openchangeclient[16:50:40] *** SuperNull has quit IRC[16:50:48] *** p3rror has joined #postfix[16:55:19] <pecanha> My issues (logs/configs) about integrating postfix/dspam: http://pastebin.com/7fpW5qm7 Any help is welcome![16:55:25] <pecanha> sorry[17:03:23] <jelly> Arkouro: I send mail over exchange with mutt which talks smtp, so apparently it can be configured in a sane manner[17:05:47] <Arkouro> great to hear, I got msmtp working out of the post, I tested it with a gmail account. haven't gotten so far as playing with exchange or different authentication methods[17:06:06] <Arkouro> you recommend mutt as well? that seems to be widely accepted with msmtp, based on searching around[17:06:20] <lunaphyte_> do you have a lot of computers which will be submitting mail like this one?[17:07:06] <Arkouro> No, early on it will be just 1. Later on I estimate no more than 5, 10 at the absolute max[17:07:10] <lunaphyte_> mutt is an mua.[17:07:20] <lunaphyte_> so far given your use case, it's not relevant.[17:07:33] <Arkouro> that's what I figured[17:08:44] <Arkouro> Now it looks like it will come down to the configuration of servers out of my control[17:09:22] *** Unirgy has joined #postfix[17:09:22] *** Unirgy has joined #postfix[17:09:32] *** Unirgy has left #postfix[17:09:32] *** codepython777 has quit IRC[17:10:04] <lunaphyte_> then you probably won't be using either encryption or authentication[17:10:12] *** codepython777 has joined #postfix[17:10:16] *** codepython777 has quit IRC[17:10:40] *** codepython777 has joined #postfix[17:11:01] <lunaphyte_> most exchange admins are idiots, and most exchange admins think that access control based on source address is "how you do it".[17:11:06] <lunaphyte_> it's quite sad.[17:11:25] *** codepython777 has quit IRC[17:11:27] <lunaphyte_> hopefully though, maybe your exchange admin is in the minority :)[17:12:51] <Arkouro> We shall see, I suppose :)[17:13:18] *** SuperNull has joined #postfix[17:13:18] <Arkouro> I'm optimistic right now, I think they want it to authorize with certs[17:13:18] <lunaphyte_> i can't wait to see if i'm right :)[17:13:30] <lunaphyte_> oh, that would actually be a stpe in the other direction[17:13:32] <lunaphyte_> *Step[17:13:38] *** codepython777 has joined #postfix[17:14:22] <Arkouro> I'm guessing msmtp will have access to a client cert that is sent to the server, that the server authorizes[17:14:49] *** wdp has quit IRC[17:15:17] <lunaphyte_> i've not tried pki authentication with msmtp.[17:15:42] <lunaphyte_> you've piqued my interest though[17:17:03] <lunaphyte_> ah, it would appear it does[17:17:58] <Arkouro> good thing msmtp supports it because it looks like that will be the long term configuration[17:19:18] <Arkouro> although I don't see it mentioned straight away, there might be some fancy configuration involved. I am not sure yet :P[17:29:46] *** Guest83370 is now known as Kamal_[17:38:13] *** Meliorate has joined #postfix[17:40:15] <Meliorate> hi all, i'm unable to get procmail working with spamassassin. i've tried doing it with mailbox_command and mailbox/virtual_transport methods, but i don't even see procmail called in the logs. spamassassin is working fine, it's just procmail seems to never get called :s[17:41:16] <Meliorate> i can't diagnose any issue, if there is nothing in logs >:|[17:41:23] <Meliorate> where do i start to debug?[17:46:02] <tharkun> Meliorate: hmm I don't think postfix has your answer. Maybe #procmail will do ;P[17:46:29] <Meliorate> ok, thanks[17:49:08] *** [diablo] has quit IRC[17:49:57] *** Uranio has quit IRC[17:50:12] <Meliorate> well, procmail works. it just isnt working with postfix + spamassassin[17:51:03] <Meliorate> maybe i should rephrase my question: why isn't postfix calling my mailbox_command after spamassassin?[17:53:44] <lunaphyte_> what's procmail for?[17:56:09] <patdk-wk> I like to feed it to rm[17:56:09] <Meliorate> it's an MDA[17:56:38] <lunaphyte_> feed it to rm? why?[17:56:39] <patdk-wk> why is postfix calling spamassassin?[17:56:48] <lunaphyte_> this all seems very convoluted.[17:56:57] <patdk-wk> I have never seen a postfix install come with a spamassassin configuration[17:57:15] <patdk-wk> did someone miss reading the topic?[17:57:23] <patdk-wk> !tell Meliorate welcome[17:57:23] <knoba> Meliorate: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[17:57:41] <lunaphyte_> what's the *actual* goal with all of this?[17:58:13] <patdk-wk> get my dad off viagra[17:58:17] <Meliorate> filter spam and move it to a junk directory[17:58:27] <lunaphyte_> just use sieve[17:58:32] <lunaphyte_> procmail is a dinosaur[17:59:00] *** codepython777 has quit IRC[17:59:19] <Meliorate> as is the linux kernel, yet we all still use it[17:59:40] <thumbs> Meliorate: bollocks[17:59:51] <thumbs> Meliorate: you can't compare the linux kernel with procmail[18:00:14] <lunaphyte_> i'd suggest being less obtuse, and more open to learning and progress.[18:00:17] <Meliorate> it's an example of a commonly used dinosaur[18:00:42] <lunaphyte_> no one asked for one.[18:02:19] <Meliorate> 16:58:47 lunaphyte_ i'd suggest being less obtuse, and more open to learning and progress. <- you would do well to heed your own advice[18:02:28] <lunaphyte_> please stay on topic[18:02:42] <lunaphyte_> no one here is interested in your fragile ego nonsense.[18:03:51] <Meliorate> sure, trolls arent interested in anything but satisfying their desperate feeling of inadequacy[18:05:47] <Arkouro> well, that escalated quickly[18:06:23] <lunaphyte_> yup[18:06:32] <lunaphyte_> his goals have obviously changed.[18:07:15] <Arkouro> ah yes I see that[18:07:19] <Arkouro> I'm going to play with pki authentication sometime after my test accounts are up on Exchange. Wish me luck![18:09:05] <Meliorate> my goal is consistent[18:09:29] <Meliorate> and persistent![18:12:58] *** pecanha has quit IRC[18:17:21] <Arkouro> I should get these Barracuda rules fixed too[18:18:52] *** averagecase has joined #postfix[18:19:16] *** bipolar has quit IRC[18:19:58] <staticsafe> !nullclient[18:19:58] <knoba> staticsafe: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[18:20:03] <staticsafe> !nullclient_software[18:20:03] <knoba> staticsafe: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include msmtp, esmtp, ssmtp and nullmailer. also see !msa[18:20:31] *** bipolar has joined #postfix[18:21:34] *** pecanha_ has joined #postfix[18:23:57] *** pecanha_ has left #postfix[18:24:08] *** pecanha has joined #postfix[18:24:34] <pecanha> Hello guys, I'm having issues (logs/configs) about integrating postfix/dspam: http://pastebin.com/7fpW5qm7[18:24:38] <pecanha> rob0: u there?[18:26:48] <lunaphyte_> User unknown in virtual mailbox table[18:27:41] <lunaphyte_> what is /etc/postfix/transport ?[18:28:00] <lunaphyte_> why did you create a file, put stuff in it, but then not use it?[18:28:38] <lunaphyte_> oh, you did.[18:28:39] <pecanha> lunaphyte_: I refer to it on my postfix on transport_maps = hash:/etc/postfix/transport[18:28:43] <lunaphyte_> but you didn't follow directions[18:28:49] <lunaphyte_> postconf -nf; postconf -Mf[18:28:53] <lunaphyte_> pastebin that[18:29:17] <pecanha> sorry, just a minute[18:30:20] *** davyjoneslocker has quit IRC[18:32:22] <pecanha> lunaphyte_: http://pastebin.com/Cc07k2RA[18:43:09] *** davyjoneslocker has joined #postfix[18:45:53] *** p3rror has quit IRC[18:48:11] <pecanha> lunaphyte_: I have the feeling that I'm losing something simple[18:48:19] *** codepython777 has joined #postfix[18:49:46] *** err-or has joined #postfix[18:50:02] <lunaphyte_> that config needs a lot of cleaning up[18:51:09] <pecanha> can you give me some help on that?[18:52:06] <lunaphyte_> spam at example dot org needs to be in /etc/postfix/mysql-virtual_mailboxes.cf[18:52:15] <lunaphyte_> just like all of your other addresses[18:53:05] <pecanha> hmm[18:54:03] <pecanha> I was thinking that would not be necessary[18:55:05] *** Uninstall_ has quit IRC[18:55:14] *** mcp has quit IRC[18:55:49] *** err-or has quit IRC[18:55:53] *** Uninstall has joined #postfix[18:55:53] *** Uninstall has joined #postfix[18:56:23] *** likewhoa has quit IRC[18:56:32] <pecanha> Let me try[18:57:29] *** mcp has joined #postfix[18:58:19] *** davyjoneslocker has quit IRC[18:58:22] *** Xjs|moonshine has quit IRC[18:59:13] *** davyjoneslocker has joined #postfix[18:59:15] *** mcp has quit IRC[18:59:16] <lunaphyte_> really though, you should be delivering to dovecot via lmtp, and just using relay_domains[18:59:29] *** mcp has joined #postfix[19:00:25] *** wallzero has quit IRC[19:01:26] *** wallzero has joined #postfix[19:03:39] <Th0masR0ss> Hia. I'm having trouble sending mail via postfix to gmail. It says "Connection timed out" in /var/log/mail.log[19:03:51] <patdk-wk> that is nice[19:04:45] <pecanha> lunaphyte_: it seems it worked. status=sent (delivered via dspam-retrain service)[19:04:45] *** Xjs|moonshine has joined #postfix[19:05:02] <Th0masR0ss> If anyone could help me resolve this, I'd appreciate it[19:05:10] <pecanha> lunaphyte_: it appeared other error, but is dspam related[19:09:26] <lunaphyte_> !tell Th0masR0ss welcome[19:09:26] <knoba> Th0masR0ss: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[19:09:46] <Th0masR0ss> !debug[19:09:46] <knoba> Th0masR0ss: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[19:10:25] *** chrisq_ has quit IRC[19:11:25] *** chrisq has joined #postfix[19:12:29] <Th0masR0ss> http://pastebin.com/rZwKSk0j[19:12:34] <Th0masR0ss> http://pastebin.com/F6KhSAJu[19:12:49] <Th0masR0ss> postconf -n and /var/log/mail.log respectivley[19:13:38] <adaptr> Th0masR0ss: your ISP has blocked port 25 outgoing.[19:13:44] *** Uninstall has quit IRC[19:13:44] <adaptr> i.e., you cannot send mail.[19:14:24] *** Uninstall has joined #postfix[19:14:24] *** Uninstall has joined #postfix[19:15:24] <Th0masR0ss> adaptr: how can use a different port?[19:15:41] <Th0masR0ss> i don't need to recieve mail[19:15:54] <adaptr> ...you can't. use your ISPs relay instead.[19:16:06] <adaptr> !tell Th0masR0ss nullclient[19:16:07] <knoba> Th0masR0ss: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[19:16:12] <adaptr> you also don't need postfix[19:16:32] <Th0masR0ss> !nullclient_software[19:16:33] <knoba> Th0masR0ss: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include msmtp, esmtp, ssmtp and nullmailer. also see !msa[19:17:58] *** davyjoneslocker has quit IRC[19:19:17] *** gu1lle_ has joined #postfix[19:19:58] *** mechanicalduck has joined #postfix[19:23:23] *** darkdrgn2k has joined #postfix[19:23:25] <darkdrgn2k> Hi all[19:23:40] <darkdrgn2k> is it possible to have postfix only accept relayed e-mails for a certain domain on a specific set of ips[19:23:52] <darkdrgn2k> is if random email server relays it wont accept it but if a specific one does it will[19:24:06] <lunaphyte_> you use authentication for that.[19:24:19] <darkdrgn2k> lunaphyte: SMTP servers dont authenticate..[19:24:34] <darkdrgn2k> the incomming email is from a mail server... not a mail client[19:24:53] <lunaphyte_> what is the actual problem?[19:25:01] <adaptr> why would it send these messages to your server ?[19:25:15] <darkdrgn2k> i have a mailserver on the outside..... i have a fax server on the inside[19:25:26] <darkdrgn2k> im configuing fax to email[19:25:43] <darkdrgn2k> postfix was setup with a seperate domain, but i dont want randon joe emailing out faxes...[19:25:59] <adaptr> you said FAX to email[19:26:02] <darkdrgn2k> but peopel on the main server can[19:26:05] <darkdrgn2k> sorry[19:26:06] <darkdrgn2k> email to fax[19:26:16] <adaptr> yes, you use authentication for that[19:26:39] <darkdrgn2k> how? when the email is relayed from an smtp mail server[19:26:46] <adaptr> the fax server maintains a list of valid senders. it rejects messages not from these valid senders[19:27:02] <darkdrgn2k> yes but problem is a valid sender can be spoofed[19:27:15] <adaptr> authentication on the mail server guarantees that the sender is not spoofed[19:27:31] <darkdrgn2k> yes[19:27:57] <patdk-wk> only if you add in sasl constraints[19:27:59] <darkdrgn2k> yes but what stops some one from using a differnt mail relay to send the emal[19:28:16] <patdk-wk> darkdrgn2k, dkim? spf?[19:28:20] <adaptr> darkdrgn2k: you mean your fax server will randomly accept mail ?[19:28:30] <adaptr> you limit it to ONLY the mail relay, obviously[19:28:40] <darkdrgn2k> only to a specific domain[19:28:46] <patdk-wk> oh, doing that[19:28:53] <adaptr> ...no, only FROM a specific MACHINE.[19:29:09] *** Uranio has joined #postfix[19:29:24] *** codepython777 has quit IRC[19:29:26] <darkdrgn2k> any way to do a "specific machine" for a specific domain?[19:29:37] <adaptr> you do not NEED that. you control the mail relay[19:29:50] <darkdrgn2k> ie fax.domain.com must coem from X but everythignelse.domain.com can come from anywhere[19:29:52] <adaptr> but yes, that is possible with restriction classes[19:30:16] <adaptr> no, te fax server will ONLY receive MAIL from that one machine. there is no "everything else"[19:30:41] <darkdrgn2k> what if it doubles as a genereal email server too for a differnt ip[19:31:06] <adaptr> then you lied.[19:31:11] * patdk-wk wants to see it do a belly dance[19:31:36] <darkdrgn2k> well now tha ti think about it i wont be receceived any other domains emails so i dont care.. LOL[19:32:19] <darkdrgn2k> so just allow relay from ip address x y and z and im done[19:32:28] *** Th0masR0ss has left #postfix[19:32:53] *** maxmahem has quit IRC[19:33:15] *** davyjoneslocker has joined #postfix[19:39:01] *** sonne has quit IRC[19:39:02] *** jefferai has quit IRC[19:39:02] *** freaky[t] has quit IRC[19:39:03] *** JC_SoCal has quit IRC[19:39:09] *** freaky[t] has joined #postfix[19:39:17] *** jefferai has joined #postfix[19:40:03] *** JC_SoCal has joined #postfix[19:40:54] *** sonne has joined #postfix[19:41:20] *** gongoputch has joined #postfix[20:00:41] *** averagecase has quit IRC[20:01:31] *** UQlev has joined #postfix[20:05:26] *** gu1lle_1 has joined #postfix[20:08:37] *** Uranio has quit IRC[20:09:31] *** gu1lle_ has quit IRC[20:11:31] *** codepython777 has joined #postfix[20:11:55] *** chalcedny has quit IRC[20:12:11] *** codepython7771 has joined #postfix[20:13:50] *** madduck has quit IRC[20:18:45] *** whitefang has joined #postfix[20:23:26] *** Lars_G has joined #postfix[20:23:33] *** codepython7771 has quit IRC[20:24:01] <Lars_G> Good evening.[20:24:20] <Lars_G> Question, is there any easy way to set the mail size limits acoording to destination?[20:25:23] * UQlev seen only server limit[20:26:08] * Lars_G nods[20:26:34] <Lars_G> Ok, upping the whole mail server message size limit to 100Mb[20:30:24] *** madduck has joined #postfix[20:35:29] *** chalcedny has joined #postfix[20:39:28] *** _TheAvatar has left #postfix[20:39:46] *** TheAvatar has joined #postfix[20:41:16] <lunaphyte_> !tell Lars_G policy[20:41:16] <knoba> Lars_G: "policy" : Postfix smtpd(8) policy protocol, http://www.postfix.org/SMTPD_POLICY_README.html , for complex and intelligent restrictions[20:41:45] *** Borg has quit IRC[20:43:20] *** pythonirc1011 has joined #postfix[20:43:32] *** pythonirc1011 has left #postfix[20:46:48] *** Borg has joined #postfix[20:47:49] <Lars_G> Thanks knoba ç[20:53:00] <Lars_G> knoba: Is policy saner than say, creating a new transport in master with a different .cf file pointed in it, and using that transport for local -> local email?[20:53:23] <lunaphyte_> i would[20:53:33] <lunaphyte_> anyway, why are you talking to the bot?[20:53:45] <Lars_G> lunaphyte_: Do the different transport?[20:53:53] <Lars_G> lunaphyte_: Because I like bots. Their cold hard skin turns me on[20:54:57] *** Motoko has joined #postfix[20:56:49] *** Guest89690 is now known as TheJH[21:00:04] *** p3rror has joined #postfix[21:02:07] <lunaphyte_> i would use a policy daemon[21:02:57] *** likewhoa has joined #postfix[21:04:36] <adaptr> !message_size_limit[21:04:37] <knoba> adaptr: "message_size_limit" : a configuration parameter in the main.cf: The maximal size in bytes of a message, including envelope information. The default is 10240000 bytes[21:04:59] <Kalavera> question: has somebody experience installing davical on gentoo ?[21:05:07] <adaptr> a policy daemon does not have access to that information unless the client sends it[21:05:15] <adaptr> Kalavera: what does that have to do with postfix ?[21:05:18] <Kalavera> oops sorry wrong channel[21:05:38] <Kalavera> adaptr: wrong channel[21:05:38] <Kalavera> adaptr: sorry[21:05:43] <adaptr> ok[21:06:56] <adaptr> Lars_G: since that limit is a property of the smtpd(8) service, additional transports won't solve anything[21:06:57] *** gu1lle_1 has quit IRC[21:07:16] <adaptr> you cannot solve it any other way than with a milter, policy, or bounce[21:07:30] <adaptr> (bounce being a reject bythe MDA, the MDA being not postfix)[21:08:04] <lunaphyte_> just run a different submission service for each setting you want![21:08:29] <adaptr> buy a million extra IPv6 addresses![21:08:37] <adaptr> one for each account[21:10:07] <lunaphyte_> perfect[21:11:02] *** gu1lle_ has joined #postfix[21:12:00] *** [diablo] has joined #postfix[21:12:01] *** [diablo] has joined #postfix[21:12:53] <Aprogas> If I had an IPv6-address for every time someone made a joke about the size of the IPv6 address pool, I'd have a small unroutable subnet.[21:14:58] <Mp5shooter> the ipv6 address pool is so big even your girlfriend can't take it all HA HA HA[21:15:50] <adaptr> Aprogas: if you had made that a haiku, you would have won all of today's internets[21:16:50] <jimpop> your mama is big, so big she in fact, she needs ipv7.[21:17:15] <adaptr> to measure ?[21:17:19] <Aprogas> Does "ipv6" count as 4 syllables?[21:17:23] <jimpop> yes[21:17:42] <adaptr> well, 4 glottal stops, anyhoo[21:17:50] <adaptr> we'll allow it[21:18:39] <Aprogas> jokes about large size / ipv6 address pool / i have small subnet[21:18:45] <Aprogas> I think it just doesn't carry the same information.[21:19:14] <adaptr> but the last part is VERY Japanese![21:19:31] <Aprogas> Because of "i have small" ?[21:19:35] <adaptr> yes[21:19:45] <jimpop> ha[21:23:10] <Mp5shooter> yes, large address pool / even bigger than v4 / called ipv6[21:24:33] <Mp5shooter> meh[21:24:34] <Mp5shooter> i tried[21:28:28] *** kaos01_ has joined #postfix[21:29:19] <jimpop> Mp5shooter: +1 ;-)[21:29:25] <Lars_G> adaptr: That... that's good and genius[21:29:26] *** kaos01_ has left #postfix[21:29:29] <Mp5shooter> ;p[21:29:36] <Lars_G> adaptr: They're 0,01 cents and address, right?[21:29:58] <adaptr> Lars_G: the downside is that you need one smtpd per account, too[21:30:03] <adaptr> but they can all be static![21:30:21] <Aprogas> I wonder if static is every going to become a marketing buzzword.[21:31:08] <lunaphyte_> "sticky" was, briefly[21:34:52] *** codepython777 has joined #postfix[21:36:17] *** mechanicalduck_ has joined #postfix[21:37:09] *** mechanicalduck has quit IRC[21:41:20] *** mechanicalduck_ is now known as mechanicalduck[21:47:01] <whitefang> damn, so much spam is getting through zen now. it never used to allow this much through.[21:48:02] <Lars_G> lunaphyte_: That's scary[21:52:47] <whitefang> anyone want to reccommend another RBL than zen?[21:53:03] <Dominian> got a few[21:53:21] <Dominian> bl.spameatingmonkey.net[21:53:27] <Dominian> bl.mailspike.net[21:53:37] <Dominian> b.barracudacentral.org[21:55:44] <whitefang> is it a bad idea to be using more than one RBL?[21:56:11] <lunaphyte_> heavens no[21:56:15] <lunaphyte_> especially with postscreen[21:56:18] <lunaphyte_> the more the beter[21:56:24] <whitefang> kk thanks.[21:56:30] <lunaphyte_> *better[21:56:33] <whitefang> i would prefer to not have to run spamassassin[21:56:57] <lunaphyte_> oh, heh.[21:57:01] <lunaphyte_> good luck with that[21:57:18] *** krislappy is now known as krisfremen[21:59:14] *** mcp has quit IRC[22:00:02] <Lars_G> lunaphyte_: Doesn't it add too much overhead to consult several rbls in a congested network?[22:01:47] <lunaphyte_> i don't understand[22:02:06] <lunaphyte_> if you have a congested network, the solution is to fix it, not avoid using it.[22:03:53] *** Section1 has quit IRC[22:03:56] <Lars_G> Well, I wont discuss that avenue here, it's OT and prone to get me banned[22:04:10] <adaptr> ...[22:05:25] <Dominian> Not sure how it would congest a network..[22:05:42] <Dominian> unless you're getting 10's of thousands of emails a second and the RBL is slamming DNS constantly[22:05:57] <adaptr> s/DNS/your local cache/[22:05:59] <Dominian> whitefang: but if you use postscreen, you can do 'scoring'[22:06:39] <darkdrgn2k> Is there anyway to append +1 if its missing to a receipent's email address?[22:07:12] *** SuperNull has left #postfix[22:07:26] <Lars_G> adaptr: I always worry a little about caching RBLs. Specially about carrying false negatives or holding positives longer than it "should". Is this something I shouldn't worry about?[22:07:57] <adaptr> yes[22:08:15] <Lars_G> ok[22:08:18] <lunaphyte_> ultimately, life has to go on :)[22:08:19] <Dominian> darkdrgn2k: huh?[22:13:24] *** darkdrgn2k has quit IRC[22:14:52] *** freezey has joined #postfix[22:27:40] *** gu1lle_ has quit IRC[22:32:05] *** gu1lle_ has joined #postfix[22:33:15] *** bundy has joined #postfix[22:37:33] *** mcp has joined #postfix[22:37:34] *** mibofra has joined #postfix[22:37:34] *** mibofra has joined #postfix[22:41:48] *** bundy has quit IRC[22:42:38] *** bundy has joined #postfix[22:45:51] *** codepython7771 has joined #postfix[22:48:34] *** arnoldB has quit IRC[22:48:37] *** codepython777 has quit IRC[22:50:44] *** pecanha has quit IRC[22:58:45] *** grknight has quit IRC[23:00:33] *** wdp has joined #postfix[23:00:33] *** wdp has joined #postfix[23:07:04] *** davyjoneslocker has quit IRC[23:07:34] *** davyjoneslocker has joined #postfix[23:08:51] *** codepython7771 has left #postfix[23:09:39] *** cpm has joined #postfix[23:11:13] *** freezey has quit IRC[23:22:07] *** cpm has quit IRC[23:23:52] *** davyjoneslocker has quit IRC[23:33:07] *** arnoldB has joined #postfix[23:34:02] *** wdp has quit IRC[23:35:59] *** mechanicalduck has quit IRC[23:37:06] *** mechanicalduck has joined #postfix[23:38:02] *** davyjoneslocker has joined #postfix[23:40:11] *** markw has joined #postfix[23:41:15] *** Arkouro has quit IRC[23:44:16] *** jones-za_ has joined #postfix[23:44:17] *** davyjoneslocker has quit IRC[23:45:57] *** koobs` has quit IRC[23:45:57] *** koobs` has joined #postfix[23:46:58] *** mibofra has quit IRC[23:52:01] *** UQlev has quit IRC[23:57:13] *** nutron has quit IRC