June 17, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 17, 2013 [00:04:52] *** mechanicalduck has quit IRC[00:06:14] *** mibofra has quit IRC[00:10:37] <adaptr> has anybody else seen issues using mailgraph 1.1.4 with the latest postfix version(s) (2.10)? it doesn't register nearly any messages[00:11:11] <adaptr> I've already hacked it to include postscreen NOQUEUEs; I may start a rewrite to include all of postscreen (and specifically, dedicated DNSBL counters)[00:11:32] <adaptr> but I want to know if it's been obsoleted by other changes (as it appears to me it has)[00:12:05] *** internat has joined #postfix[00:17:32] *** Rhomber has joined #postfix[00:18:17] <Rhomber> hey everyone, I am having trouble .. I want to whitelist some internal IP's to relay.. but even though they are listed in mynetworks (cidr format) I get the following "Recipient address rejected: User unknown in virtual mailbox table"[00:18:39] *** adaptr has quit IRC[00:18:52] *** adaptr has joined #postfix[00:22:44] *** qdrrmt has quit IRC[00:23:34] <Zerberus> Rhomber: that shows that the destination address isn't to be relayed but to be delivered locally but does not exist as a virtual adress[00:25:43] <Rhomber> the sender email address doesn't exist, as it's from a cron job (i.e. user@host domain).. but the recipient does exist, and recieves mail fine[00:26:20] <Rhomber> ah[00:26:35] <Rhomber> actually, it doesn't.. the '.com' does not the '.net' for that addy[00:26:42] <Rhomber> thanks Zerberus, such a simple problem :([00:27:35] <CookieNinja> How would I configure MX records to forward all incoming mail to all servers?[00:29:02] <adaptr> ...you would not. that is neither the fucntion nor an option of MX records.[00:29:12] <adaptr> !tell CookieNinja goal[00:29:13] <knoba> CookieNinja: "goal" : describe your goal, not what you think the solution is[00:29:49] <CookieNinja> I'm trying to forward all incoming mail to both of my mail servers (mail.sf and mail.ams) instead of it going to just one of them.[00:30:02] <CookieNinja> Currently some mail goes to mail.ams and some goes to mail.sf[00:35:54] *** inthl has joined #postfix[00:36:32] <inthl> I would like to completely drop an email if the target IP or target domain is a specified one, is that possible somehow besides routing it to nirvana?[00:36:58] <adaptr> inthl: for you too: what is the goal of this ?[00:36:58] <inthl> that causes e.g. connection timeout problems or something, when the server (e.g. exactly: example.com) does not respond[00:37:11] <adaptr> inthl: all of this is configurable[00:37:17] *** qdrrmt has joined #postfix[00:37:26] <adaptr> if you're not going to deliver mail, don't accept it[00:38:09] *** danblack has joined #postfix[00:38:47] <inthl> there is a shared hosting env and some mails are being routed to nonsense addresses, besides telling every single one to re-configure their CMS or whatever not to send to e.g. examle.com or the local mailserver or anothe wildcard domain or something, that drops port 25 packages, the mailqueue always holds some mails such as these and gets bigger until these mails are being bounced[00:39:37] <inthl> there are just a few domains I am talking about, I see an easier solution in dropping these, since the hosting env always gets new users and I am sick of telling everyone[00:42:35] <adaptr> YOu control YOUR mailserver, presumably. control it![00:43:04] *** qdrrmt has quit IRC[00:43:07] <adaptr> if this is a hosting environment, you should properly validate recipients if they entre the system from the outside[00:44:04] <inthl> this is mostly about default config stuff in some CMS, some even use user at example dot com or even the local user e.g. httpd at my dot server.com and stuff to send emails to, assuming this is the administrator. So how could one simply drop these?[00:44:21] <inthl> and many people do not care about changing this[00:44:29] <inthl> or don't know about that[00:46:42] *** Ulver has joined #postfix[00:47:15] <adaptr> I still don't see the issue. if they (whoever "they" are) send mail to non-existent recipients, the messages will eventually bounce, and they (again, whoever) will be notified[00:48:08] <adaptr> if you're allowing hosted users to submit mail locally via sendmail(1) - yuck. I strongly advise you never to allow this.[00:52:58] *** slcres has joined #postfix[00:55:15] <adaptr> (sendmail-submitted email is nto subject to ANY smtpd_*_restrictions, including address validity)[00:55:43] *** qdrrmt has joined #postfix[00:59:47] *** Eagleman has quit IRC[01:10:00] *** inthl has quit IRC[01:13:39] *** lisak has quit IRC[01:26:31] *** slcres has quit IRC[01:26:50] *** slcres has joined #postfix[01:30:03] <slcres> postfix is sending and recieving correctly but not updating the spool file. main.cf has home_mailbox mail/. $MAIL is /var/spool/mail/$USER. The spool file is not being updated but the messages appear under ~/mail/new. Did I miss a configuration step?[01:30:39] <lunaphyte> spool file?[01:31:11] <adaptr> slcres: postfix delivers whererver you tell it to. in your case, that would be the maildir at ~/mail/[01:31:31] <lunaphyte> $MAIL is of zero relevance.[01:31:41] <adaptr> postfix is not responsible for setting the MAIL environment variable[01:33:11] <lunaphyte> step 1: decide where you would like postfix to deliver mail. step 2] configure postfix to deliver mail there. step 3] configure whatever you use to read/retrieve mail from there.[01:33:26] <lunaphyte> meh. inconsistent syntax[01:33:58] <slcres> So postfix will always write one file per mail under home_mailbox/new?[01:34:11] <adaptr> no[01:34:13] <lunaphyte> postfix will do whatever you tell it to.[01:35:23] <slcres> By default it is writing each message in a separate file. Are you saying that is configurable?[01:35:39] <lunaphyte> of course[01:35:58] *** tld has quit IRC[01:36:38] <slcres> How can I configure postfix to write all messages to a single file?[01:36:52] <lunaphyte> that's a bad idea[01:37:06] <lunaphyte> why would you want that? what are you *actually* trying to do?[01:37:33] <slcres> qmail uses mbox format. Does postfix support that?[01:37:53] <adaptr> ...wuty[01:38:12] <lunaphyte> huh?[01:38:16] <adaptr> slcres: no, qmail does NOT use "mbox format". it INVENTED the maildir format. and yes, postfix supports both[01:38:20] <lunaphyte> what does qmail have to do with anything?[01:38:27] <lunaphyte> !goal[01:38:27] <knoba> lunaphyte: "goal" : describe your goal, not what you think the solution is[01:38:51] <slcres> Sorry, I see how to do it now. The trailing slash indicates Maildir vs mbox format in main.cf.[01:39:24] <lunaphyte> you want maildir, not mbox[01:39:43] <lunaphyte> and i sure hope you're not somehow trying to run both postfix and qmail[01:41:46] *** fbh has quit IRC[01:42:45] *** fbh has joined #postfix[01:57:51] *** trusktr has quit IRC[02:01:23] *** Olive6767 has quit IRC[02:01:45] *** Olive6767 has joined #postfix[02:03:54] *** Cerise has quit IRC[02:03:54] *** felipe` has quit IRC[02:04:02] *** jekle has quit IRC[02:04:06] *** heath has quit IRC[02:04:19] *** heath has joined #postfix[02:04:19] *** heath has joined #postfix[02:05:01] *** Cerise has joined #postfix[02:29:26] *** krisfremen has quit IRC[02:29:40] *** krisfremen has joined #postfix[02:29:40] *** krisfremen has joined #postfix[02:37:45] *** danblack has quit IRC[02:38:04] *** danblack has joined #postfix[02:44:37] *** nutron has quit IRC[02:48:18] *** rektide has joined #postfix[02:48:44] *** rektide has left #postfix[02:48:55] *** rektide has joined #postfix[02:49:27] <rektide> first off, i use a postfix start -c /etc/crazy/postfix-special to start. second, it's main.cf specifies a queue_dir = /var/spool/postfix-crazy-special[02:49:35] <rektide> it's the only instance which runs[02:49:55] <rektide> it does not seem to create a /var/spool/postfix-crazy-special/dev directory when it launches!!!! :/[02:49:58] <rektide> i get no logging[02:53:02] <adaptr> why would *postfix* create something owned and controlled by *syslog* ?[02:53:12] *** hednod has joined #postfix[02:53:32] <adaptr> (I'm not even going to comment on your choice to create a special crazy instance when you only have one)[02:53:48] <hednod> smtp[6545]: fatal: unknown service: smtp/tcp[02:53:57] <hednod> I noticed this error popping up today[02:53:59] <adaptr> !tell hednod welcome[02:53:59] <knoba> hednod: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[02:54:17] <hednod> but i dont chroot in master.cf so I dont know where this is coming from[02:54:24] <hednod> alright fine[02:54:37] <hednod> !debug[02:54:37] <knoba> hednod: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[02:55:14] <rektide> adaptr: the system default postfix also has a /var/spool/postfix/dev/{u,}random file which got placed there[02:55:48] <rektide> adaptr: i don't care for pointing fingers, but i haven't seen postfix docs mention a single word about needing to do anything to the /var/spool/postfix directory except for giving it permissions and starting up[02:56:18] <rektide> adaptr: you seem to be telling me i need to configure syslog. ok, fine, how are the {u,}random files supposed to get in that directory?[02:56:19] <adaptr> rektide: we don't care for you pointing fingers either. in fact, I suspect support will suffer if you decided to.[02:56:25] <rektide> fuck off cuntbags[02:56:27] <rektide> i hate this channel[02:56:31] <rektide> and it's assbag "help"[02:56:37] <rektide> what a bunch of fuckers[02:56:46] *** rektide has left #postfix[02:56:53] <adaptr> ...yes[02:57:22] <hednod> Aprogas: http://dpaste.com/1246097/[02:57:30] <hednod> er... adaptr http://dpaste.com/1246097/[02:57:50] <adaptr> don't talk to *me*. what's so special about *me* ?[02:58:39] <hednod> you are the only person paying attention, thats why =p[02:58:43] *** rektide has joined #postfix[02:59:08] <rektide> finding food, hope i can grow up & mature with that. my only point is that postfix takes responsibility for creating every other element in /var/spool, if you delete it's contents.[02:59:28] <rektide> except dev/, which it doesn't, and i'm not sure how i am supposed to create it & i have found no guidance[02:59:53] <rektide> i hope that isn't overly accuastory. i'm sorry for being such an assbag myself.[03:00:05] <adaptr> rektide: your behaviour is not acceptable.[03:00:12] <rektide> your also a mean cunt you dick[03:00:16] <rektide> and acusatory and vile[03:00:19] <rektide> so whatever[03:00:27] <rektide> i know mines not, but i at least am a good person[03:00:28] <rektide> unliuke you[03:01:09] <rektide> *you're[03:01:12] <hednod> http://dpaste.com/1246097/ - can anyone help me?[03:01:13] <adaptr> hednod: the FATAL message is farily plain: postfix cannot reach the smtp transport. have you verified the socket exists ?[03:01:13] <rektide> whoops, my mistake[03:02:46] <hednod> adaptr: which socket? the plan smtp line in master.cf does not list one[03:02:49] <hednod> plain*[03:03:22] <rob0> rektide, your outburst is not acceptable. Please keep such things out of this channel. Thanks.[03:03:52] <adaptr> hednod: it does.[03:03:56] <rektide> rob0 you should really kick out like 3/4 this channel who are useless angry questinoning cunts[03:04:12] <hednod> adaptr: it's one line and there is no path to anything listed.[03:04:13] <rob0> rektide, including that comment also. Thank you.[03:04:14] <rektide> rob0 you seem to be one of the few people who genuinely seeks to help people and thank you.[03:05:15] <adaptr> hednod: what does the line say ?[03:05:26] <rektide> i'm just going to guess no one here has any idea where their /var/spool/postfix/dev came from[03:05:39] <rob0> I can suggest that you try to deal with it. I guess you're talking about adaptr, who actually does know a lot and help people also. Sticks and stones, et c.[03:06:04] <rob0> rektide, your chroot environment might have been provided by your distro:[03:06:07] <rob0> !debian[03:06:07] <knoba> rob0: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[03:06:18] <rektide> rob0: i don't know adaptr, but i feel like people get bent out of shape a lot in this channel. mention a postfix -c and people freak the hell out & insist on interrogating your motives.[03:07:04] <adaptr> you're probably suffering from something in the DSM-IV.[03:07:07] <rektide> that's fine, but my distro isn't helping me where i've gone. where does postfix detail how it's $queue_dir/dev is supposed to look?[03:07:22] <rob0> I am one also who often questions motives and goals. I find that many people have chosen the wrong tools for and/or approaches to their problem.[03:07:26] <thumbs> calling folks "cunts" isn't helpful, rektide[03:07:29] <rektide> yeah, righteous IRC dickbag exposure syndrome[03:07:38] <rob0> rektide, last warning.[03:07:56] <rob0> !tell rektide chroot[03:07:57] <knoba> rektide: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[03:08:02] <rob0> !tell rektide debian[03:08:02] <knoba> rektide: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[03:09:45] <hednod> adaptr: its the default smtp line, unchanged from the default. but i'm wondering if its not something to do with my second smtp line which has a different service name.[03:10:24] <adaptr> ...what does the line say. also, since you have more than one, are you looking at the right one[03:11:18] <rob0> fatal: unknown service: smtp/tcp <-- see also those !chroot and !debian factoids[03:11:34] <hednod> rob0: chroot is n[03:11:41] <hednod> and this is not debian or linu[03:11:42] <hednod> x[03:11:52] <rob0> It means you have broken services(5) name resolution[03:11:55] <adaptr> I'm still waiting.[03:11:55] <rob0> fix that[03:12:03] <rektide> do unix sockets have to be created by the listening process? can i create them ahead of time statically, or do i really need to use my logging daemon to create the /dev/log socket for the postfix chroot?[03:12:38] <adaptr> rektide: ask #unix, or some such. I already answered you, but you were too busy being superior.[03:12:39] <hednod> rob0: you may be onto something, but i didnt change the nss configuration on this system, hm.[03:13:30] <rektide> adaptr: i did hear you say syslog, but i already have a rsyslog entry that seems to be responsible for creating it & which was started up in the system. also neither !chroot not you mention anything about /dev/{u,}random files.[03:13:45] <rektide> nor README.Debian[03:14:21] <thumbs> first, get rid of the chroot, and make it work without.[03:14:22] <adaptr> the latter would be their responsibility[03:14:57] <hednod> rob0: the only thing i've done recently is rebuild the mysql client library to a newer version, and rebuild all the packages depending on it. That hsould not affect name service resolution though :/[03:15:03] <rob0> /usr/sbin/postconf | grep urandom[03:15:38] <adaptr> hednod: simple to check: getent services smtp[03:15:49] <rob0> hednod, anyway, I told you what the error means; go find what's broken. getent is your friend.[03:16:07] <hednod> smtp 25/tcp mail[03:16:12] <hednod> works fine[03:16:42] <rob0> ls -l /etc/services[03:17:05] <rob0> or maybe the permissions for /etc itself[03:17:13] <rob0> bingo[03:17:13] <hednod> interesting[03:17:39] <rob0> Someone tried to "secure" things without understanding what might break.[03:17:41] <hednod> i thought permissions might come into play. but the postfix permissions were right - dint think to check /etc/services.[03:18:11] <thumbs> rob0: it looks like what a debian maintainer would do! :)[03:18:38] <hednod> no i'm the only user on here and i would not f-with permissions on /etc, but i did have a umask change in my zshrc that has caused me some trouble when sudoing installs instead of becoming root first.[03:18:45] <adaptr> rob0: what is odd is that this is even relevant to the functioning of smtp(8), which doesn't CARE about the services(5) file. it's a unix socket, and the only reason for it to check /etc/services is to figure out what OUTGOING port it should use to send on. this is not needed until it actually sends something, not on startup.[03:18:50] <hednod> still.. what package would over write a base file hmmm[03:19:16] <adaptr> hednod: most OSes contain logs of that information.[03:20:00] <pj> hednod: sometimes sudo -H helps with issues like that.[03:20:34] <pj> or sudo -Hi[03:21:11] <hednod> only that file in /etc seems to have been changed, but i'll hve to do a look around the system to see. I rebuild quite a ffew packages after breaking that mysql client dep and if i forgot to check my umask before doing so - i probably trashed permissions in a few places[03:25:03] *** Bambi_BOFH has joined #postfix[03:26:27] <Bambi_BOFH> hi, `postconf -n` output does not include any information about tls - does thatmean my tls settings are not being enabled correctly?[03:26:40] <adaptr> !tell Bambi_BOFH welcome[03:26:40] <knoba> Bambi_BOFH: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[03:26:51] <adaptr> !tell Bambi_BOFH tls[03:26:51] <knoba> Bambi_BOFH: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[03:26:56] <pj> Bambi_BOFH: not necessarily, they could be enabled in master.cf[03:27:25] <pj> Bambi_BOFH: I suspect you have an actual issue with postfix, so please follow the /topic and we'll be happy to help you track it down.[03:30:19] <rob0> TLS is not enabled by default. You (or maybe your distro) have to configure it.[03:32:44] <Bambi_BOFH> its the centos build so should have tls. will stick smpe stuff in psatebin[03:33:09] <pj> Bambi_BOFH: it will have TLS, but you still need to configure it in postfix properly[03:33:13] <pj> !tell Bambi_BOFH tls[03:33:13] <knoba> Bambi_BOFH: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[03:33:24] <pj> oh, you already got that[03:36:29] <hednod> rob0: thanks btw for pointing out that the problem was far more simple than my brain wanted to admit[03:39:36] *** UQlev has joined #postfix[03:40:22] <Bambi_BOFH> http://paste.debian.net/10789/ my configuration looks like this, i included lsb output as well. i'm a bit uncomfortable with posting logs though - not my server and i expect redacting everything to 'example.com' wouold make things a bit confusing. if logs are needed then i'll have to see what i can do[03:41:39] <adaptr> is that the output fromm postconf -n, as requested ?[03:42:35] <Bambi_BOFH> line 10 through 21 is yes[03:42:59] <adaptr> have you read the TLS README ?[03:43:10] <adaptr> have you done what it says you need to do, to enable TLS ?[03:43:58] <Bambi_BOFH> i have read it, and i thought i'd done the required steps (i assume not, since you're asking though)[03:44:47] <adaptr> you said you had done nothing, previously. that is not sufficient, as has been pointed out. so first order of work is to do what the TLS README says, then test. and provide logs of said testing if it failed.[03:45:41] <Bambi_BOFH> sorry, i'm a bit confused - i said i had done nothing?[03:46:08] <adaptr> 03:26:26 Bambi_BOFH . hi, `postconf -n` output does not include any information about tls[03:46:39] <hednod> Bambi_BOFH: careful what you saw in here, they can be pretty critical if they perceive you as not having your ducks in a row before asking for help[03:46:45] <hednod> say*[03:47:17] <Bambi_BOFH> hednod: so it seems; i'll have to keep it in mind next time[03:47:47] <adaptr> hednod: was there a particular reason for that comment ?[03:48:16] <thumbs> asking folks to read and follow docs is only sensible.[03:49:14] <hednod> just coaching someone about how they approach asking for help in this channel.[03:50:55] *** pajamian has joined #postfix[03:50:59] <hednod> you know your postfix, and you know how to fix things, but your attitude is very strict. most people taht come into IRC for help need some advice and a pat on the back, not a lecture about how unprepared they are.[03:51:27] <hednod> in any case, to avoid any further bad feelings, I will take my leave. thanks for your help.[03:51:41] *** hednod has left #postfix[03:52:53] *** danblack has quit IRC[03:54:07] *** pj has quit IRC[03:59:24] *** krisfremen has quit IRC[03:59:59] *** krisfremen has joined #postfix[03:59:59] *** krisfremen has joined #postfix[04:05:13] *** UQlev has quit IRC[04:05:48] *** danblack has joined #postfix[04:07:16] *** rektide has left #postfix[04:08:22] <thumbs> you're very welcome, hednod and rektide[04:21:27] *** UQlev has joined #postfix[04:21:48] *** danblack has quit IRC[04:22:08] *** danblack has joined #postfix[04:22:41] *** Bronze has quit IRC[04:22:57] *** Bronze has joined #postfix[04:26:55] *** krisfremen has quit IRC[04:27:02] *** thoraxe has quit IRC[04:27:09] *** krisfremen has joined #postfix[04:27:09] *** krisfremen has joined #postfix[04:28:13] *** thoraxe has joined #postfix[04:28:28] *** UQlev has quit IRC[04:35:09] <Patrickdk> I can't believe you wouldn't let someone skip reading the docs[04:35:15] <Patrickdk> what has this channel come to[04:36:59] *** krisfremen has quit IRC[04:41:01] *** krisfremen has joined #postfix[04:49:01] <Bambi_BOFH> for the logs (if any are kept): problem seems to havec been that the tls part of the configuration had a whitepsace in front of everything - looked at http://www.postfix.org/postconf.5.html and confirmed thats not good. removing it makes postconf -n parse the config correctly so its on to setup debugging for me[04:49:30] *** jimpop has quit IRC[04:49:50] *** jimpop has joined #postfix[05:01:14] <lunaphyte> a pat on the back?[05:11:39] *** pajamian is now known as pj[05:15:10] <Rhomber> can the RBL white listing also be done with just the sender domain in the hashed file? like senderdomain.com OK ?[05:15:24] <pj> Bambi_BOFH: yes, whitespace at the beginning of a line has a very specific meaning in postfix.[05:16:12] <pj> Bambi_BOFH: and postfix does indeed keep excellent logs.[05:16:24] *** qdrrmt has quit IRC[05:36:49] *** Colt has joined #postfix[05:55:32] *** wald00 has joined #postfix[05:57:54] *** Colt has quit IRC[06:01:07] <Rhomber> I whitelisted the sender domain and the mail servers /24 range in "check_client_access hash:/etc/postfix/rbl_override" (after postmaping it) and it still blocked it[06:01:25] <Rhomber> and the ip that it blocked was within the /24.. so i'm a bit confused :([06:02:29] <Patrickdk> logs? config?[06:02:30] <Rhomber> my config is as follows: http://www.fpaste.org/19052/44173613/[06:02:59] <Rhomber> http://www.fpaste.org/19053/37144176/ (logs)[06:03:30] <Patrickdk> what?[06:03:41] <Patrickdk> who said you could use netblocks in that file?[06:05:45] <Rhomber> "Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details."[06:05:54] <Rhomber> but in any case, it has the sender domain listed[06:06:02] <Rhomber> which is all i really want to whitelist[06:06:08] <Patrickdk> yes, that is what check_client_access does[06:06:11] <Rhomber> i.e. any emails from that domain, sent via any server[06:06:17] <Patrickdk> but that is not what the HASH map type does[06:06:43] <Rhomber> ok, can you point me to a guide or how to just whitelist sender domains?[06:07:00] <Patrickdk> well, just pick the correct maptype for what you want to do[06:10:02] <Rhomber> i have no idea.. i just want to whitelist a sender domain[06:10:27] <Rhomber> (and not the domain of their mail server)[06:37:18] <Rhomber> Sorry to be a newb, but I deal with the mail server like once every 3 years.. it just runs lol[06:38:04] *** lunaphyte has quit IRC[06:39:52] *** lunaphyte has joined #postfix[06:53:39] *** greenman has joined #postfix[06:53:41] <greenman> Hello[06:53:54] <greenman> I've set up postfix to use SASL and TLS[06:54:01] <greenman> how do I tell it to send using TLS[06:54:14] <greenman> for example, I have a script that emails to my gmail account[06:54:23] <greenman> how do I tell it to try TLS first?[06:54:49] <danblack> !tell greenman welcome[06:54:50] <knoba> greenman: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[06:54:56] <danblack> !tell greenman tls[06:54:56] <knoba> greenman: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[06:59:10] <greenman> I'm seeing where to set things for clients connecting to the server, but not for the server connecting to other servers...[07:00:00] <danblack> !smtp!=smtpd[07:00:00] <knoba> danblack: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[07:00:11] <greenman> maybe if I set it to encrypt vs may? But it still seems like it's talking about the client...[07:01:30] <greenman> yeah, that's why I set this: smtp_tls_security_level = may[07:01:53] <greenman> but it's still using good ol' port 25 and non tls[07:02:02] <greenman> I'm thinkning I need to use encrypt, I guess..[07:02:26] <danblack> if the server is offering the starttls extension is should be used.[07:02:57] <danblack> have you set a certificate/key for the smtp_ params?[07:03:03] <greenman> And from reading that info, it looks like the setting of may = send STARTTLS[07:03:24] <danblack> (if offered as a tls extension).[07:03:27] <danblack> yes[07:03:53] <greenman> yeah, I followed this doc: https://help.ubuntu.com/community/Postfix[07:04:28] <greenman> so if I'm still getting port 25 does that mean the other side is ignoring it? (specifically, I'm dealing with google at the moment)[07:06:51] <danblack> are you expecting not port 25 for some reason?[07:06:54] <danblack> !logs[07:06:54] <knoba> danblack: "logs" : postfix logs to the mail facility of syslog. You can usually find them with ls /var/log/mail* otherwise something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung[07:07:11] <danblack> can you provide some logs ?[07:07:43] *** ffiore has joined #postfix[07:08:34] * greenman is a sysadmin. Knows a little bit about logs.[07:08:51] <greenman> Here is an example: Jun 17 00:07:21 xxxxxx postfix/smtp[6993]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out[07:09:15] <greenman> It's timing out because my ISP (comcast) is blocking 25[07:09:34] <greenman> I assumed. (probably wrongly) that TLS uses 465 by default...[07:09:56] <danblack> yep that bit is wrong.[07:10:21] <danblack> so are you configuring postfix to send everything via your google account>[07:10:23] <danblack> ?[07:10:28] <danblack> !sasl_client[07:10:28] <knoba> danblack: "sasl_client" : www.postfix.org/SASL_README.html#client_sasl[07:12:07] <danblack> if that's not working can I look at a pastbin of postconf -n[07:12:30] <greenman> As far as I know, I'm just sending... I'm not a mail guru.[07:12:58] *** ffiore has quit IRC[07:13:16] <greenman> so you relay instead of just sending?[07:13:30] <danblack> so if comcast is blocking port 25, where all outbound mail goes by default, running a mailserver is a bit hard.[07:13:39] <danblack> so you're main option now is to relay via gmail[07:14:19] <danblack> so port 25 is always used for email reception. tls gets enabled during the transaction if the sender offers it.[07:14:37] <greenman> is that allowed?[07:14:43] * greenman checks gmail's terms[07:14:53] <danblack> good idea. :-)[07:15:53] <danblack> other than that or get a business grade service that allows port 25 sending[07:16:23] <danblack> s/other than that/alternaltely, and probably properly/[07:17:41] <greenman> looks like it's okay[07:18:08] <greenman> if I had a business I would most definitely do that. :)[07:20:22] *** wald00 has quit IRC[07:21:16] <danblack> ok. read the bits of sasl client above and configure it to send through port 587 as per a usual mail client setup for gmail.[07:26:59] <greenman> hmm... this should work. Wish me luck.[07:27:09] <danblack> !luck[07:27:09] <knoba> danblack: Error: "luck" is not a valid command.[07:27:16] <danblack> oh well. good luck[07:30:42] <greenman> weird[07:31:03] <greenman> I have sasl_passwd as per the client doc, but in the logfile it's looking for sasl_passwd.db[07:31:25] <greenman> so I rename the file to .db and it's still failing (though now it looks like it has a problem with the contents...)[07:31:59] <greenman> Do I need the []'s? It made it sound like they were optional...[07:32:07] <greenman> "If you specify the "[" and "]" in the relayhost destination, then you must use the same form in the smtp_sasl_password_maps file."[07:32:49] *** gu1lle_ has quit IRC[07:35:37] *** dandkburt has joined #postfix[07:35:50] <dandkburt> looking for a mail server tech[07:37:35] <Rhomber> Patrickdk: You told me not to use a hash that way, yet I continue to find examples like this: http://wiki.centos.org/HowTos/postfix_restrictions#head-65d656a5cd611487ddf5b783b345dd32bc0c22fd[07:38:42] *** UQlev has joined #postfix[07:39:11] *** tld has joined #postfix[07:39:22] <Rhomber> I think my problem was I needed check_sender_access and not check_client_access[07:39:35] *** Olive6767 has left #postfix[07:41:07] <greenman> Okay, I figured out the sasl_passwd thing, but now I'm getting this:[07:41:08] <greenman> certificate verification failed for smtp.gmail.com[74.125.142.108]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority[07:41:26] <greenman> followed by: warning: SASL authentication failure: No worthy mechs found[07:42:29] <Rhomber> clearly your mail server lives in the gundam universe :)[07:42:42] *** UQlev has joined #postfix[07:43:28] <dandkburt> anyone here willing to assist me on setting up a mail server on Ubuntu[07:45:15] <UQlev> dandkburt, this is quite a long job[07:45:45] <dandkburt> i got most of it done[07:45:57] <dandkburt> need to see what needs to be changed[07:46:08] <dandkburt> and check my work[07:46:46] <UQlev> dandkburt, "most" you mean installed without configs, right?[07:47:11] <dandkburt> no configs are there[07:47:23] <dandkburt> its not configed right[07:47:31] <UQlev> then "most" is still to be done[07:47:34] <dandkburt> cannot pinpoint the problem[07:48:15] <danblack> greenman: all worked out? i assume setting the ca to the path with eliminate the CA warning.[07:50:41] <greenman> setting the CA to the path?[07:50:47] <UQlev> dandkburt, regret, I can not. Keep on asking.. but complete configuration of a mail-server is paid job for 20-30 hours. If you have particular question read /topic and ask[07:53:54] *** dandkburt has left #postfix[07:57:10] <danblack> UQlev: good on you for setting realistic expections. A little high for some it seems :-)[07:59:48] <greenman> so did a openssl verify on the pem that it's complaining about and I got an OK...[07:59:53] <greenman> so that's weird...[08:00:05] *** Bambi_BOFH has left #postfix[08:01:45] <pj> greenman: you pretty much always should use [] around an IPv4 and definately around an IPv6 address. [] around a hostname has a specific designation, it means that postfix should do a direct A or AAAA lookup on that name instead of performing the internediate step of checking for an MX record first.[08:02:10] <greenman> pj I have hostnames[08:03:02] <danblack> greenman: see smtp_tls_CAfile and smtp_tls_CApath (man 5 postconf)[08:03:22] <pj> greenman: then you probably want the [], if you don't have it then postfix may not do what you think it will.[08:03:34] <pj> !relayhost[08:03:34] <knoba> pj: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[08:03:48] <pj> !tell greenman postconf_5[08:03:49] <knoba> greenman: "postconf_5" : For documentation on all main.cf settings see the postconf(5) man page either type `man 5 postconf' into your shell or browse to http://www.postfix.org/postconf.5.html.[08:04:04] <pj> greenman: the difference between using [] and not is documented here ^^^^^[08:04:09] <pj> ...under relahost.[08:04:13] <pj> *relayhost[08:05:43] <greenman> ooh, I may have fixed it[08:05:48] * greenman tests[08:06:44] <greenman> pj: why would you not want to look up MX records for the name?[08:06:52] * greenman thinks you would...[08:07:01] <pj> greenman: for a relayhost you usually don't[08:07:17] <pj> you generally want postfix to connect directly to the host you specify.[08:07:37] <greenman> damn, still no luck[08:07:42] <pj> MX records are for telling postfix where to send mail destined for that particular domain.[08:07:46] <greenman> stupid equifax![08:08:18] <pj> well, they are for telling that to an MX[08:08:19] <greenman> pj: but I don't have a host to connect to. smtp.gmail.com is many, many servers[08:08:41] <pj> greenman: right, but you're not trying to send mail to foo at smtp dot gmail.com, are you?[08:08:53] <greenman> no, I'm using the maps[08:09:07] <pj> greenman: so your mail is not actually destined for smtp.gmail.com[08:09:22] <pj> you're just using that host (or one of a number of hosts) as a relay.[08:09:25] <greenman> well the mail I'm sending to test is...[08:09:38] <pj> greenman: that's ok, it was a rhetorical question[08:09:58] <greenman> oh, okay[08:11:09] *** UQlev has quit IRC[08:12:02] <pj> brb[08:12:07] *** Bronze has quit IRC[08:15:52] <greenman> so I put brackets in.[08:16:31] *** jimpop has quit IRC[08:16:47] *** jimpop has joined #postfix[08:17:56] <pj> yes, you want to. BTW, where did you see this: [17:32] <greenman> "If you specify the "[" and "]" in the relayhost destination, then you must use the same form in the smtp_sasl_password_maps file."[08:18:47] <pj> nm I see[08:21:37] <pj> greenman: you should get a better understanding of what an MX record is.[08:21:40] <pj> and what it's for.[08:21:46] <greenman> danblack: I already have smtp_tls_CAfile set: smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem[08:22:19] <pj> !tell greenman smtp!=smtpd[08:22:19] <knoba> greenman: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[08:22:22] <greenman> probably[08:23:21] <greenman> ah. BTW that whole !tell thing is kinda annoying. You could have just said, look at the (d) in smtpd and it would have reminded me of that. Thanks though![08:23:24] * greenman fixes it.[08:24:10] <pj> greenman: the factoids save me loads of typing and explaining. They are for my convenience not yours and considering that you're asking for my help you should pay attention to them.[08:24:49] <greenman> I did, the first two times. I had just forgotten about there being both instances[08:24:59] <greenman> unfortunately, I still have the problem... :([08:25:06] * greenman googles some more[08:25:16] <pj> greenman: please read the /topic and follow the directions[08:25:23] <pj> googling is a bad idea[08:25:25] <pj> !google[08:25:25] <knoba> pj: "google" : Those who use Google before reading the Postfix documentation, if fortunate, end up at http://www.postfix.org/ . If not, they end up in a jumble of bad questions, misleading or wrong answers, and outdated information.[08:25:55] <danblack> !guide[08:25:55] <knoba> danblack: Error: "guide" is not a valid command.[08:26:05] <pj> danblack you want ...[08:26:07] <pj> !tutorial[08:26:07] <knoba> pj: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[08:26:19] <pj> anyways, bbiab[08:26:28] * danblack factoid fail. can't aways guess :-)[08:27:13] *** tessier_ has quit IRC[08:27:33] *** tessier has joined #postfix[08:27:33] *** tessier has joined #postfix[08:29:10] <greenman> googling is at least 50% of how I and most of the people I work with do my/our job. Yeah, if you just blindly do stuff, you can fail, but you can also actually get information from google. Like other people having the same problem for instance.[08:29:22] <greenman> I was trying to find the answer first before bugging you guys with it.[08:33:45] <greenman> Well I'm not having any luck. :([08:33:55] <greenman> Most of what I'm finding is telling me to do what I've already done.[08:34:10] <greenman> the smtp_tls_CAfile directive[08:39:24] <danblack> are you sure you've got the right file. can you check with openssl s_client -connect gmail....:587 -CAfile..... -starttls smtp ?[08:41:11] <pj> greenman: google simply finds what information is out on the internet, and unfortunately, much of the information about postfix is mis-information. You really need to understand what your postfix is doing, how it works, and learn to read and understand the postfix docs. That is the best source of info for postfix, bar none.[08:41:46] <pj> greenman: now, please follow the /topic and we can certainly help you to find out your problem.[08:42:56] <greenman> Okay, I fixed the ca issue. Apparently you should use ca_certificates.crt instead of cacert.pem. Now I'm just misauthing somehow. I need to double check my application specific password[08:43:15] <greenman> !debug[08:43:15] <knoba> greenman: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[08:43:34] <pj> greenman: that statement shows a misunderstanding of how certificates work.[08:45:00] <greenman> pj: probably, but I've never been good with certificates. Never could wrap my head around them. I mean, I get how they work, but not the actual workings of the different files and such.[08:45:11] <greenman> But it works now.[08:45:25] <greenman> (except for auth)[08:45:36] <pj> your ca_certificates.crt is probably pem-encoded, for our intentions it's the same thing.[08:48:46] *** Bronze has joined #postfix[08:49:39] <greenman> dangit, I can't figure out how to test my auth[08:56:57] <greenman> So I'm looking at this:[08:56:58] <greenman> Assuming the server supports AUTH, we will send the actual AUTH command to try and authenticate.[08:57:01] <greenman> AUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=[08:57:04] <greenman> 235 ok, go ahead (#2.0.0)[08:57:11] <greenman> How do I tell what the string after auth plain is?[08:57:36] *** zorg1 has joined #postfix[08:58:40] <greenman> Oh, I see[09:04:58] *** diabel- has quit IRC[09:05:20] *** diabel has joined #postfix[09:06:00] <greenman> okay[09:06:35] <greenman> so I manually testing my username:pass combo on google's serves and got[09:06:36] <greenman> 235 2.7.0 Accepted[09:06:55] <greenman> so it's not not accepting my user/pass combo...[09:08:36] <greenman> warning: SASL authentication failure: No worthy mechs found[09:08:51] <greenman> BC7B2837B: SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.142.109]: no mechanism available[09:09:15] *** mechanicalduck has joined #postfix[09:14:41] <danblack> greenman: config (postconf -n) and logs in a pastebin please[09:18:07] <greenman> http://pastie.org/8050976[09:19:11] *** tjikkun_work has joined #postfix[09:20:21] <Zerberus> greenman: install the necessary sasl libraries[09:21:08] <greenman> Zerberus: from what I've read, I don't see any sasl libraries I'm missing[09:21:20] <Zerberus> greenman: and fix your $mynetworks definition. 192.0.0.0/8 is very certainly not a network you control[09:21:37] <Zerberus> greenman: then check again your packagemanager[09:23:37] <greenman> the only thing I see that might be relevant that I dont' have could be this[09:23:39] <greenman> p libgsasl7 - GNU SASL library[09:24:20] <Zerberus> greenman: if that is the only sasl package you have installed, then you are missing several[09:24:38] <greenman> Zerberus: that's the only one I dont have installed[09:25:15] <greenman> (of the ones that are relevant) There are quite a few that aren't relevant.[09:26:51] <greenman> well I added that one and same result[09:27:19] <danblack> Zerberus: its sasl client side.[09:28:09] <danblack> greenman: is the map file definately in the form [smtp.gmail.com]:587 username:password ?[09:28:41] <danblack> did you run postmap /etc/postfix/sasl_passwd after changing it?[09:30:41] <greenman> danblack: [smtp.gmail.com]:587 xxx at gmail dot com:xxxxxx[09:32:11] <greenman> oh and yes on postmap[09:37:08] <greenman> grr I keep finding people saying to install libsasl2-modules[09:37:12] <greenman> I HAVE that[09:39:36] *** RadoQ has quit IRC[09:42:25] *** morse has quit IRC[09:43:21] *** morse has joined #postfix[09:45:21] <greenman> I ran saslfinger and got no mechanisms...[09:46:15] <pj> greenman: client sasl requires that you install cyrus sasl[09:47:30] <pj> greenman: also that pastebin is missing the relevant_logs[09:48:32] <greenman> pj: sorrry, I posted earlier[09:48:34] <greenman> relay=smtp.gmail.com[74.125.142.109]:587, delay=10439, delays=10438/0.13/0.6/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.142.109]: no mechanism available[09:48:56] <pj> !tell greenman relevant_logs[09:48:56] <knoba> greenman: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[09:49:03] <pj> anyways, I haved to go, dinnertime[09:49:17] <greenman> pj, i have that[09:49:18] <greenman> i libsasl2-2 - Cyrus SASL - authentication abstraction library[09:49:29] <Zerberus> greenman: did you install the sasl packages providing PLAIN as well?[09:51:31] <greenman> Zerberus: this is what I have as options[09:51:39] <greenman> I don't see anything regarding PLAIN[09:51:40] <greenman> http://pastebin.com/jcJd0xK9[09:51:48] <greenman> the i's are things installed[09:53:24] <greenman> pj: here is something that tells you the same thing as the above log file[09:53:25] <greenman> SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.142.108]: no mechanism available[09:53:41] <greenman> not about handling a mail (that comes not long after starting the server)[09:53:54] <greenman> I would post logs, but I don't want to do that much sanitizing[09:54:45] *** UQlev has joined #postfix[09:56:49] * greenman just doesn't get any mechanisms, I guess.[10:01:35] *** wdp has joined #postfix[10:01:36] *** wdp has joined #postfix[10:03:17] *** RadoQ has joined #postfix[10:05:36] <greenman> I think I'm going to have to give up and get some sleep...[10:05:50] <greenman> I don't see what's wrong and I've looked at 4-5 ways[10:06:31] <Zerberus> greenman: everything stock packages from your distribution[10:06:32] <Zerberus> ??[10:07:54] <greenman> yeah[10:13:07] *** kli0rf has joined #postfix[10:15:16] *** Bronze has quit IRC[10:18:28] <greenman> hmm[10:18:30] <greenman> saslauthd 2.1.23[10:18:31] <greenman> authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow ldap[10:18:39] *** aarcane has quit IRC[10:18:41] <greenman> I don't see plain in there...[10:20:30] <Zerberus> because that shows the backends for saslauthd[10:24:01] <greenman> i'm grasping at straws now.[10:31:01] *** mechanicalduck has quit IRC[10:32:02] *** mechanicalduck has joined #postfix[10:36:43] *** mechanicalduck has quit IRC[10:40:13] <pj> greenman: those are backends, as Zerberus points out, not mechs.[10:40:48] <greenman> Yeah, I kinda halfway sorta see that.[10:41:01] <greenman> I just can't figure out why this isn't workign, so I have to look at everything[10:41:08] <greenman> by all accouts it should be working[10:42:17] <pj> greenman: have you read this? http://www.postfix.org/SASL_README.html#client_sasl_policy[10:45:18] <greenman> Yeah.[10:45:32] <greenman> I don't see anything in there that I haven't done. :([10:46:32] <pj> greenman: what does "postconf smtp_sasl_security_options" tell you?[10:47:56] <greenman> smtp_sasl_security_options = noplaintext, noanonymous[10:48:16] <greenman> which is weird, because there is no plain when I grepped in main.cf...[10:48:20] <pj> greenman: that's your problem[10:48:33] <pj> greenman: that's the default[10:49:26] <pj> set it explicitly, just to "noanonymous" and make sure that you have "smtp_tls_security_level = enforce"[10:52:28] <greenman> encrypt[10:52:46] <pj> oh, right[10:55:25] <greenman> it seems to be sending mail now![10:55:43] <greenman> will it gradually send everything in the queue or do I need to flush it?[10:56:16] <adaptr> !postqueue[10:56:16] <knoba> adaptr: "postqueue" : The postqueue(1) command implements the Postfix user interface for queue management. It implements operations that are traditionally available via the sendmail(1) command. See the postsuper(1) command for queue operations that require super-user privileges such as deleting a message from the queue or changing the status of a message.[10:56:43] <greenman> thanks[11:02:09] *** Fonzie has joined #postfix[11:02:27] <greenman> okay now it's time for bed. I really appreciate everyone's help. adaptr pj Zerberus and others[11:02:30] <greenman> thanks.[11:02:48] <Fonzie> Hi. Im trying to implement some certificates to use with ssl on postfix. But it seems like it doesnt support password encrypted keys. Is this really the case? :S[11:08:40] *** mibofra has joined #postfix[11:08:40] *** mibofra has joined #postfix[11:10:10] <pj> Fonzie: as far as I know. yes.[11:11:18] *** weedar has joined #postfix[11:11:31] *** greenman has left #postfix[11:11:45] *** jekle has joined #postfix[11:14:23] *** Florian` has joined #postfix[11:17:30] <Florian`> is I consider my dns setup as robust, is there a way to tell posfix not to queue mail with status "MX host not found"[11:17:36] <Florian`> s/^is/if/[11:30:37] *** [diablo] has joined #postfix[11:35:31] <adaptr> what else would you like to do with it ?[11:41:00] <Florian`> adaptr: drop them, but apparently is not configurable, for reasons I understand, most of the time you want to deliver a mail tha hasn't been sent due to network failure, but postfix cannot diff between network failures and/or timeouts, host not founds etc.[11:41:50] <adaptr> it does make a distinction. an NXDOMAIN response is handled differently from a SERVFAIL, for example[11:42:31] <adaptr> HOWEVER, if there IS an MX record for example.com, but that MX record does not point to a valid or existing A record, there is very little postfix can do about that. it's a misconfiguration on the MX side, clear and simple[11:42:42] <adaptr> the message you get is the latter[11:43:05] <adaptr> if there is NO MX record, postfix would not reject the message[11:48:53] *** weedar has quit IRC[11:52:10] <pj> !multirbl[11:52:11] <knoba> pj: "multirbl" : use http://multirbl.valli.org/ to check multiple RBLs to see if an IP address is listed on any known blacklists.[11:53:38] *** Eagleman has joined #postfix[12:13:26] *** weedar has joined #postfix[12:14:55] *** weedar has quit IRC[12:17:14] *** weedar has joined #postfix[12:20:31] *** jarif has quit IRC[12:25:59] *** Bry8Star has quit IRC[12:28:10] *** jarif has joined #postfix[12:30:51] *** mechanicalduck has joined #postfix[12:34:06] *** Blinkiz has joined #postfix[12:35:30] <Blinkiz> Hello. Am doing a migration of my mailserver (dovecot) and need to deny emails to get delivered under this time. Am migrating each email address individual so I need to give a temp error for just that email address am migrating. How can I do this in postfix?[12:35:47] *** Bry8Star has joined #postfix[12:38:15] <adaptr> Blinkiz: dovecot is not a "mail server"[12:38:35] <adaptr> is your MDA on a separate machine from postfix ?[12:39:18] <Blinkiz> The postfix am currently talking on is on the same machine[12:39:18] <UQlev> Blinkiz: shutdown postfix, migrate accounts, start postfix on a new server[12:39:41] <adaptr> UQlev: he's not migrating postfix[12:39:59] <Blinkiz> Email delivery needs to work for the other users so I can not shutdown postfix.[12:40:01] <UQlev> adaptr: I have not seen clearly he doesn't[12:40:16] <adaptr> 12:35:30 Blinkiz . Hello. Am doing a migration of my mailserver (dovecot[12:40:42] <Blinkiz> whatever guys.. Can I do I specific temp error list in postfix or not?[12:41:07] <adaptr> ARE you migrating postfix, or not ?[12:42:00] <Blinkiz> Hmm.. It is not the same installation of postfix, no.[12:42:22] <adaptr> ...so you are moving to a new postfix instance, is that what you're saying ?[12:42:37] <Blinkiz> Have postfix+dovecot on one server and postfix+dovecot on a new server. Both server will use the same backupmx server, postfix, so I may be able to do the magic there[12:42:43] <adaptr> I'd follow UQlev 's advice, in that case. how much mail can you have, that half an hour outage is unacceptable ?[12:42:52] <adaptr> Blinkiz: you don't need a "backup MX".[12:42:59] <adaptr> it's a bad idea in general[12:43:04] <Blinkiz> adaptr, no, i need it[12:43:17] <adaptr> because...[12:43:29] <Blinkiz> adaptr, it is complicated and not the current subject[12:45:20] <UQlev> Blinkiz: don't make it mor complicated than it is. Wait for evening/night when most of your users are OFF and migrate normally[12:46:28] <adaptr> Blinkiz: if it's "complicated", it's probably the wrong reason[12:46:53] <UQlev> Blinkiz: will new and old server have the same IP or the same hostname?[12:47:49] *** danblack has quit IRC[12:48:52] <Blinkiz> I do not really need backup mx (postfix) in front on this new setup, it is needed on the one we currently use.[12:49:01] <Blinkiz> Whatever, we are of topic...[12:50:01] <UQlev> Blinkiz: strictly saying your question is all of topic[12:50:20] <UQlev> Blinkiz: if you concerned about it[12:50:24] <Blinkiz> It is possible to just shutdown postfix under a couple of hours but I thought it would exist a smarter way.[12:51:21] *** nado has quit IRC[12:51:36] <adaptr> not really. the smartest way is usually the simplest one. less potential for errors[12:54:46] <UQlev> Blinkiz: do you handle virtual or unix accounts? One owner or many?[12:55:11] <Blinkiz> I have around 20 mailboxes that needs to be migrated. The biggest downtime is when I do the conversion from Maildir to mdbox+zlib. It will take ~10 minutes per account except a few that has +100 000 emails (20GB) mailboxes. I thought maybe I could give access to the smaller mailboxes and only block the bigger ones that will take probably an hour each to migrate.[12:56:32] <Blinkiz> But maybe dovecot can do some blocking here.. I do not know, that'[12:56:41] <Blinkiz> s why am here asking, postfix is in front..[12:57:02] <UQlev> Blinkiz: you can start migration any time with rsync and briefly just update it[12:57:21] <UQlev> Blinkiz: do rsync in advance[12:57:28] <Blinkiz> sync will only take a couple of seconds for all accounts including the biggest one[12:57:34] <Blinkiz> rsync[12:57:40] <adaptr> 20 mailboxes ? why bother compressing that[12:57:55] <Blinkiz> Because am I/O depended, not CPU[12:58:11] <Blinkiz> I mean, I have a lot of CPU, not I/O against disk[12:58:14] <adaptr> ...and[13:02:23] *** UQlev has quit IRC[13:05:44] <Blinkiz> Thinking about my relay_recipient_maps hash file. Maybe I can add "defer" on the email address am currently migrating?[13:06:32] <adaptr> no[13:06:48] <adaptr> acrtoins are only supported in access(5) maps[13:06:50] <adaptr> *actions[13:07:08] <Blinkiz> alright, check_recipient_access?[13:08:33] <adaptr> you'll only need one entry at a time, if you wish to migrate one mailbox at a time[13:08:46] <Blinkiz> adaptr, yeah, true[13:09:09] <adaptr> that's a lot of postmapping[13:10:20] <Blinkiz> okay, you have another solution where I simply can put one email on the line and it will be deferred? I mean, temp error.. I guess "defer" is that.[13:13:06] <Blinkiz> maybe you are thinking about "check_recipient_access static:myaddress at example dot com defer"[13:13:15] <adaptr> that's not how it works[13:13:21] <Blinkiz> well, am asking :)[13:13:55] <adaptr> if you insist on migrating each mailbox individually, then that's the way to do it. one entry in an access file, postmap it, migrate[13:13:58] <adaptr> rinse, repeate[13:14:02] <adaptr> e[13:14:04] <adaptr> bleh[13:14:21] <Blinkiz> alright, check_recipient_access, thanks![13:15:05] <adaptr> you could use a regex table, but you'd have to be careful what you match[13:15:30] <Blinkiz> okay, well, I will do it the complicated way :)[13:15:38] <Blinkiz> "check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf" or something similar[13:16:07] <adaptr> ...you use mysql for 20 mailboxes ?[13:16:14] <adaptr> TWENTY. seriously[13:17:12] <Blinkiz> It is controlled from a webgui, that is why. Am also a small mysql nerd[13:17:34] <Blinkiz> Whatever, I go the help I needed, thanks![13:17:35] *** Blinkiz has quit IRC[13:18:48] *** mandragor has joined #postfix[13:22:24] *** weedar has quit IRC[13:22:52] *** Florian` has quit IRC[13:23:14] *** Florian` has joined #postfix[13:24:07] *** mandragor has quit IRC[13:28:47] *** eye69 has joined #postfix[13:38:13] *** eye69 has quit IRC[13:38:57] *** eye69 has joined #postfix[13:43:32] *** akcx1 has joined #postfix[13:43:40] *** Fluke has joined #postfix[13:48:34] *** RSpliet has joined #postfix[13:49:46] <RSpliet> I'm trying to make SMTP preload libproxychains.so.3, because I wish to run a mailserver with an ISP that is >insert profanity here< stupid and blocks all outbound traffic on port 25[13:50:11] <adaptr> yerwhut ?[13:50:40] <adaptr> postfix has no support for loading external libraries[13:50:47] <lunaphyte_> huh?[13:50:47] <RSpliet> libproxychains would allow me to route my outgoing SMTP connections through a friends server in France[13:50:52] <pj> RSpliet: many ISPs do that, and it's not ******* stupid.[13:51:14] <pj> !tell RSpliet relayhost[13:51:14] <knoba> RSpliet: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[13:51:15] <lunaphyte_> uh, why would libproxychains be needed to do that?[13:51:32] <lunaphyte_> that's simple rudimentary stuff[13:52:12] <RSpliet> yes, but the main reason I want to configure my own mailserver is to no longer be dependent on third parties when it's not required (migrate my personal mail away from GMail)[13:52:18] <adaptr> RSpliet: if your ISP blocks 25 outbound, the odds are better than average that they have also put their IP ranges on the PBLs. you won't be able to directly deliver email anyway.[13:52:34] <lunaphyte_> huh?[13:52:42] <lunaphyte_> i don't understand "but the main reason"…[13:52:43] <pj> RSpliet: I would suggest getting a cheap VPS, then[13:52:52] <lunaphyte_> that's irrelevant[13:53:02] *** danblack has joined #postfix[13:53:05] <pj> it's a good way to run your own mail server.[13:53:12] <lunaphyte_> many isps block port 25 outbound. it's perhaps annoying, but not stupid.[13:53:29] <RSpliet> pj: ideally I would, and I probably will as soon as I have a permanent job[13:53:32] <pj> there is actually a very good reason for ISPs to do that.[13:53:40] <RSpliet> yes, I know, something with battling spam[13:53:42] <lunaphyte_> anyway, either get a vps, or configure postfix to use a relayhost[or both][13:53:53] <pj> RSpliet: so you can't afford ~$15/month?[13:54:05] <lunaphyte_> even less[13:54:10] <adaptr> pfft you can get one for $4[13:54:11] <pj> yes, some are less[13:54:11] <RSpliet> pj: with $0 income, no... ;-)[13:54:27] <pj> RSpliet: then stick with gmail[13:54:42] <lunaphyte_> postfix will happily deliver to your friend's server on port 587[13:55:03] <RSpliet> lunaphyte_: if he had postfix running I would, unfortunately...[13:55:09] <lunaphyte_> libproxychains is unnecessary[13:55:13] <wdp> mooo[13:55:17] <adaptr> if he doesn't, why is he still a friend ?[13:55:24] <wdp> haha[13:55:28] <pj> RSpliet: he doesn't have to run postfix, it could be any MTA capable of relaying mail.[13:55:35] <RSpliet> sure, but he's not running any[13:55:38] <lunaphyte_> then just make a tunnel.[13:55:58] <pj> yeah, ssh tunnel would be better, then.[13:56:00] <adaptr> and spam away[13:56:11] <lunaphyte_> [and then of course deal with all of the dnsbls that your friend's computer is on][13:56:13] <RSpliet> lunaphyte_: that is precisely what I want to use libproxychains for... to route the traffic "smtp" generates through a SOCKS proxy[13:56:22] <eye69> RSpliet: I have to relay my outgoing mail through my ISP's SMTP server since my outgoing port 25 is blocked, too. I just use "relayhost" for that.[13:56:36] <RSpliet> effectively tunneling it though SSH[13:56:38] <lunaphyte_> RSpliet: you set all of that up unrealted to postfix[13:56:46] <lunaphyte_> *unrelated[13:56:48] <adaptr> ISPs often don't allow you to use arbitrary sender domains though[13:56:49] <eye69> Keep in mind to add to your SPF config, if you're using SPF to start with.[13:56:51] <pj> RSpliet: socks != ssh[13:57:20] <pj> RSpliet: have you tried calling you ISP and asking them to unblock?[13:57:29] <RSpliet> eye69: I did, and I already tested my server whether it relays or not[13:57:49] <RSpliet> pj: I did, and the callcenter people didn't even know...[13:57:56] <eye69> My ISP requires me to login with saslclient[13:58:20] <lunaphyte_> saslclient? what is that?[13:58:20] <pj> RSpliet: you probably have to auth[13:58:29] <pj> !tell RSpliet clientsasl[13:58:30] <knoba> RSpliet: "clientsasl" : a way to have your Postfix authenticate at your relayhost. See: http://www.postfix.org/SASL_README.html#client_sasl[13:59:16] <pj> RSpliet: and as for the call center, escalate until you reach someone competent.[13:59:45] <eye69> What good (but cheap or free) SSL cert authorities are there these days?[13:59:46] <RSpliet> pj: yeah, might be worth trying, although I got the "this is not supported by us, but you can always call our expensive premium care service"[14:00:01] <pj> ahhhhh, I see, is it a static IP?[14:00:01] <lunaphyte_> eye69: what for?[14:00:05] <eye69> RSpliet: Are you running from a "home" connection?[14:00:27] <RSpliet> eye69: yes, and it's a static IP[14:00:45] <lunaphyte_> do we really need to rehash this over and over again?[14:00:46] <eye69> lunaphyte_: Misc, such as mail, http and so on...[14:00:58] <lunaphyte_> for mail, you don't need a commercial certificate[14:01:07] <pj> RSpliet: then best way is to bug your ISP, call them back and escalate. "can I speak to your manager, please?"[14:01:31] <lunaphyte_> and unless you're a commercial service, you really don't need a commercial certificate period.[14:01:33] <pj> RSpliet: alternatively use their relayhost that they likely provide free of charge.[14:01:39] <RSpliet> yep, that's a better option in my opinion[14:01:54] <lunaphyte_> get a different isp.[14:02:04] <pj> get a vps[14:02:05] <pj> heh[14:02:30] <lunaphyte_> presumably they're charging extra for your static address...[14:02:34] <RSpliet> but my question here was related to using libproxychains with SMTP. Not an ideal set-up, but possible without me spending any money in the coming few weeks[14:02:42] <lunaphyte_> you don't need libproxychains[14:02:53] <RSpliet> lunaphyte_: not my question[14:03:09] <eye69> lunaphyte_: argh...would prefer not having to manage certs myself[14:03:23] <lunaphyte_> RSpliet: that's the answer[14:03:29] <eye69> lunaphyte_: then what's a nice simple admin system for certs?[14:03:33] <lunaphyte_> eye69: what's to manage?[14:06:18] <eye69> I just want something that simplifies things a bit when it comes to creating and maintaining certs. I want it for SMTP, IMAP, HTTPS, VPN...[14:06:27] <eye69> I just suck at handling openssl[14:07:06] <lunaphyte_> avoiding learning what you shoudl be about openssl is not a healthy way to solve that problem[14:07:09] <lunaphyte_> *should[14:08:00] <pj> eye69: apache has some good docs on how to easily create certs of several different types, ib you want it automated then script it.[14:08:53] <RSpliet> lunaphyte_: I'm glad you have a healthy opinion on how a good mailserver should be configured. However, considering all the other options (relayhost, different ISP/VPN) I cannot find a better way to solve my problem currently.[14:09:22] <lunaphyte_> i have a handful of simple commands that, in conjunction with a well configured openssl.cnf, allow largely painless management for most stuff - even including generating csr with san values[14:09:33] <lunaphyte_> RSpliet: you're not listening.[14:09:34] <RSpliet> adaptr: I understand that I cannot make postfix load libraries using the LD_PRELOAD env variable, because it is stripped out... thanks, I won't try this path :)[14:10:09] <pj> RSpliet: you've been given several different ways to do it, the one way you seem to want to do it won't work.[14:10:10] <lunaphyte_> you don't need to try to wedge things like libproxychains into postfix to tunnel to some other computer.[14:10:12] <pj> it's that simple.[14:10:49] <RSpliet> pj: "I understand that I cannot make postfix load libraries using the LD_PRELOAD env variable, because it is stripped out... thanks, I won't try this path :)"[14:11:02] <lunaphyte_> [07:56am] lunaphyte_: RSpliet: you set all of that up unrelated to postfix[14:11:15] <lunaphyte_> i even fixed my typo :)[14:11:30] <pj> if you really need a tunnel then just use a ssh tunnel, but better ways are (1) convince your ISP to unblock port 25, or (2) use your ISPs submission server as a relayhost.[14:12:35] <RSpliet> lunaphyte_: ah you are reffering to this, sorry. From my understanding I cannot tunnel all outbound access to port 25 through a tunnel, but perhaps iptables has a solution for me here...?[14:12:57] <lunaphyte_> there are a myriad of possibilities.[14:12:59] <adaptr> ...who says you cannot tunnel traffic ?[14:13:02] <pj> RSpliet: sure you can[14:13:15] <adaptr> nobody here is claiming that. what we are saying is that it is the wrong way.[14:13:40] <lunaphyte_> why is it your understanding that you cannot tunnel all outbound access to port 25 through a tunnel?[14:14:27] <pj> oh, I understand what he's saying[14:15:29] <pj> RSpliet: this is why a relayhost is recommended.[14:15:39] *** danblack has quit IRC[14:16:26] <RSpliet> pj: yes, no doubt that's an easier solution in a lot of cases :)[14:18:22] <lunaphyte_> ssh will quite happily work as a socks proxy...[14:20:02] <RSpliet> lunaphyte_: it will, and there seems to be an iptables plugin (redsocks) that would let me forward outbound connections to port 25 through this tunnel. thanks[14:20:56] <pj> RSpliet: make sure that you're friends IP satisfies fcrdns, btw[14:21:00] <pj> !tell RSpliet fcrdns[14:21:01] <knoba> RSpliet: "fcrdns" : http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS : your IP address should resolve to $myhostname, which in turn should resolve back to your IP. This is very important if you want big sites to accept your mail. If you can't have it from your ISP, see !relayhost[14:21:14] <adaptr> and he should probably set his HELO/hostname to his friends'[14:21:46] <pj> your $myhostname needs to match your friends PTR record, and it should not look like a generic PTR.[14:22:17] *** Florian` has left #postfix[14:22:23] <lunaphyte_> e.g. all of the same deliverability issues will still need to be addressed :)[14:22:41] <pj> yes[14:22:53] <pj> and with your friend's IP address[14:23:16] <RSpliet> pj: thank you. I did adjust my SPF entry in DNS to include his IP, but did not consider fcrdns[14:24:07] *** Blacklite has quit IRC[14:24:10] *** Bry8Star has quit IRC[14:24:53] <lunaphyte_> reputation will also likely be an issue[14:25:07] *** Blacklite has joined #postfix[14:25:08] <pj> yes, true.[14:25:34] <lunaphyte_> especially if it's another residential connection. if it were me, i'd check that first.[14:25:59] <RSpliet> understood[14:28:22] *** grknight has joined #postfix[14:30:59] *** Bry8Star has joined #postfix[14:37:25] *** UQlev has joined #postfix[14:46:23] *** patdk-wk has joined #postfix[14:53:53] *** snearch has joined #postfix[15:07:07] *** robinho86 has joined #postfix[15:12:24] *** UQlev has quit IRC[15:22:02] *** RamchandraApte has joined #postfix[15:23:07] *** ds187 has joined #postfix[15:23:25] *** RamchandraApte has left #postfix[15:23:45] <ds187> !welcome[15:23:45] <knoba> ds187: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:27:20] <ds187> hey guys, i ran into a SPF Problem with my postfix installation. i have there several forwarding adresses, and the problem now is, that at least one of the recipients of a forwarder uses SPF and of course sees only my postfix, but not the one of the sender.[15:27:50] <adaptr> yes, this is a problem with SPF.[15:28:08] <ds187> i googled a bit and found out, that to solve the problem, i have to rewrite the envelope of an email, so that the recipient knows where the mail comes from in the first place[15:28:42] <ds187> now my question is, how do i do that......i found several solution, but i don't know wich one is best practice[15:28:45] <adaptr> if yuo mean, rewrite the original sender to lie within your own SPF domain, yes.[15:29:06] <adaptr> you probably want to use smtp_generic_maps[15:29:24] <adaptr> but read the documentation carefully, as it can rewrite all 4[15:29:32] <adaptr> !smtp_generic_maps[15:29:32] <knoba> adaptr: "smtp_generic_maps" : Optional lookup tables that perform address rewriting in the SMTP client, typically to transform a locally valid address into a globally valid address when sending mail across the Internet. This is needed when the local machine does not have its own Internet domain name, but uses something like localdomain.local instead.[15:30:03] <ds187> yes, i want to manipulate the envelope, that my smtp is there, so that the recipient thinks it originates by me[15:30:12] <ds187> sorry for my bad english :-/[15:30:23] <adaptr> well, the recipient will probably just read the From: header[15:30:36] *** RayS has joined #postfix[15:32:24] <ds187> is that smtp_generic_maps somewhat the same as "Sender Rewriting Scheme"? https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme[15:32:36] <ds187> because thats what i found using google[15:33:12] <adaptr> you would use a regex map if you want to transform incoming senders to your outgoing senders[15:34:29] <ds187> why not just tell postfix to allways change the envelop from sender.tld (whatever that is) to my-own-domain.tld[15:34:44] <ds187> would that be a problem?[15:34:47] <adaptr> because you haven't considered what "always" really means.[15:35:54] <adaptr> the best way to do this is with a second smtp(8) instance that defines its own generic_maps. then you can route mail to this second instance based on the sender (domain)[15:36:23] <ds187> everything that comes in from the internet should be rewritten (the envelope, not the from) to my domain[15:36:39] *** mactimes_ has quit IRC[15:36:39] *** mactimes_ has joined #postfix[15:36:41] *** mactimes_ is now known as mactimes[15:36:54] <ds187> why would i want to do a sender-based-routing?[15:37:05] <ds187> i think i don't get the problem here[15:37:49] *** SWAT has joined #postfix[15:38:08] <adaptr> probably not, no.[15:39:00] <ds187> :-/[15:48:04] <ds187> http://kmlinux.fjfi.cvut.cz/~vokacpet/activities/srs-milter/README[15:49:03] *** mactimes is now known as mactimes_[15:53:20] *** nado has joined #postfix[15:53:39] <nado> hi[15:53:57] <nado> im having problem for setting postfix using dovecot sasl[15:54:17] <adaptr> !tell nado sasl[15:54:17] <knoba> nado: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[15:54:19] <nado> first, in dovecot config, i have lines beginning with a "!"[15:54:43] *** mactimes_ is now known as mactimes[15:54:51] <nado> is that a comment or is that normal ?[15:54:56] <adaptr> ask #dovecot ?[15:55:03] <nado> ’k[15:56:07] *** Bronze has joined #postfix[16:07:41] *** snearch has quit IRC[16:14:18] *** Twinkletoes has joined #postfix[16:14:49] *** Bry8Star has quit IRC[16:14:56] *** magyar has joined #postfix[16:14:56] *** magyar has joined #postfix[16:15:02] *** nado_ has joined #postfix[16:16:47] *** Bry8Star has joined #postfix[16:16:54] *** nado has quit IRC[16:28:54] *** wald00 has joined #postfix[16:30:40] *** mibofra has quit IRC[16:35:21] *** mibofra has joined #postfix[16:35:22] *** mibofra has joined #postfix[16:38:29] *** UQlev has joined #postfix[16:42:52] *** [diablo] has quit IRC[16:50:59] *** nado_ has left #postfix[16:51:40] *** nado has joined #postfix[16:52:18] <nado> wondered, why is dovecot sasl prefered against cyrus sasl ? Only to avoid installing supplementary soft ?[16:52:43] <thumbs> nado: because dovecot is significantly simpler[16:53:44] <nado> really ? I saw so much docs/blogs about postfix/cyrus, i thought it wasnt[16:54:04] <nado> maybe its only because of the age ?[16:54:24] <thumbs> nado: I've used both. dovecot was significantly simpler to get to work[16:54:53] <thumbs> nado: and most regulars here have similar experiences[16:54:59] <lunaphyte_> docs/blogs? written by who?[16:55:28] <lunaphyte_> experts? or just idiots who regurgitated nonsense from elsewhere?[16:55:57] <nado> not experts[16:56:01] <nado> ive never said that[16:56:10] <thumbs> nado: that being said, I still have an instance that uses cyrus, and it works well.[16:56:15] <nado> only blogger who installed that and reported their experience[16:56:31] <lunaphyte_> that's my point[16:56:43] <thumbs> nado: I don't look forward to the day I'll have to upgrade it, however[16:56:55] <nado> also, when typing sasl errors from logs, i almost get only cyrus/postfix[16:57:02] <nado> while im looking for postfix/dovecot[16:57:28] <nado> thumbs: like an archlinux not upgraded for ages :D[16:58:02] <thumbs> nado: so you're judging the veracity and use cases of said solutions based on some random google results?[16:58:12] <nado> not at all[16:58:32] <nado> i wondered what was the situation[16:59:12] <nado> i know many docs/problems are often outdated on internet pages[16:59:57] <nado> im not a troll, just wanna know[17:02:58] *** daguz has joined #postfix[17:04:48] <patdk-wk> if cyrus just worked, there wouldn't be so many blogs about how to make it work[17:04:56] <patdk-wk> cause it's documentation would have been, good enough[17:05:16] <jelly> dovecot was surprisingly easy to get going[17:05:32] <patdk-wk> the only hard part with dovecot, is if you use a chroot postfix[17:05:43] *** dcurrey has joined #postfix[17:06:24] <jelly> good thing I don't have debian on that machine yet, ehhh[17:06:54] <nado> with chroot postfix ? Is that not the default for postfix to chroot ?[17:07:02] <thumbs> nado: no.[17:07:12] <nado> oh, no[17:07:17] <nado> misread[17:07:20] <thumbs> nado: it may be a choice that the distro maintainers made.[17:07:57] <nado> hmm, i just didnt read correctly doc about " smtpd_sasl_path = private/auth"[17:08:20] *** Twinkletoes has left #postfix[17:08:30] <nado> saying the rel path was /in case/ of chrooted still working[17:09:26] <nado> how can i see if a sasl auth problem comes from dovecot, postfix, or socket between them ?[17:09:47] *** wdp has quit IRC[17:09:59] <patdk-wk> logs, logs are good[17:10:54] *** wald00 has quit IRC[17:11:05] *** wald00 has joined #postfix[17:11:13] <nado> yes, i have smtpd : fatal: no SASL authentication mechanisms, but could it come from connection between dovecot and smtpd ?[17:11:27] <nado> or only bad conf ?[17:13:15] <patdk-wk> that is normally cause your configured to use cyrus[17:13:21] <patdk-wk> or you really really screwed up dovecot[17:14:12] <nado> second one probably ? :-°[17:14:23] <nado> ill wait on #dovecot then[17:14:27] <patdk-wk> !welcome[17:14:27] <knoba> patdk-wk: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[17:14:32] <patdk-wk> logs and config[17:17:45] <CookieNinja> Anyone know how to fix this error in arch? postfix.service start request repeated too quickly, refusing to start.[17:18:04] <patdk-wk> ya, read your logs[17:18:30] <CookieNinja> /usr/bin/postconf: error while loading shared libraries: libsasl2.so.2: cannot open shared object file: No such file or directory[17:18:31] <CookieNinja> postfix/postfix-script: fatal: cannot execute /usr/bin/postconf![17:18:33] <CookieNinja> ^^[17:18:48] <CookieNinja> What the fuck did I do?[17:18:48] <patdk-wk> where there is your answer[17:18:52] <patdk-wk> fix your shared libs[17:19:28] <nado> postocnf -n : http://bpaste.net/raw/107879/ ; log : http://bpaste.net/raw/107880/[17:20:09] <patdk-wk> ostfix/smtpd[6248]: warning: SASL: Connect to private/auth failed: No such file or directory[17:20:13] <CookieNinja> patdk-wk: Thanks.[17:20:19] <patdk-wk> why do you skip over the important errors?[17:21:01] <patdk-wk> dovecot is not located where you told postfix it is[17:22:42] <nado> oh, shit >_< i feel ashamed[17:26:16] *** UQlev has quit IRC[17:29:19] *** p3rror has joined #postfix[17:35:10] <nado> im getting a bit confused with these separations in config file[17:35:47] <nado> its easier to understand, but on the other side, its more difficult when youre a noob to know in which file must go one line from the doc[17:35:53] *** sniffells has joined #postfix[17:39:26] <patdk-wk> nado, heh? in dovecot?[17:39:36] <patdk-wk> dovecot doesn't care, it is all one huge config file to it[17:39:50] <patdk-wk> in many cases, I just make my own local.conf and place all my customizations in it[17:40:10] <nado> ok[17:40:36] <nado> i think ill remember that, its less complicated[17:45:41] *** mibofra has quit IRC[17:45:52] <nado> yes, working \o/[17:45:59] <nado> big thanks[17:46:23] <nado> im not in my best day to avoid stupid errors, so thanks for your patience too[17:46:50] *** mibofra has joined #postfix[17:46:52] *** nveselinov has joined #postfix[17:46:55] *** mibofra has quit IRC[17:46:55] *** mibofra has joined #postfix[17:49:29] <patdk-wk> how evil, someone saying thinks, and not sarcastic in this channel[17:51:41] <nado> ?[17:52:26] <thumbs> nado: sorry, we're used to folks being arrogant, and disrespectful here.[17:52:36] <thumbs> nado: you being polite and appreciative is odd :)[17:52:42] <nado> oh, got it[17:53:03] <nado> i also provide some support sometimes[17:53:10] <nado> i know how it is[17:54:00] <nado> and im usually not that bad in looking in my logs, so i feel quite dumb, its normal to say thanks[17:54:52] <thumbs> it *should* be normal, indeed.[17:55:02] <thumbs> too many folks don't appreciate the free help :([17:55:21] <nado> yup, sadly[17:55:49] *** Bry8Star has quit IRC[17:57:44] *** Bry8Star has joined #postfix[18:00:43] *** internat has quit IRC[18:02:40] *** internat has joined #postfix[18:04:45] *** zorg1 has quit IRC[18:06:35] *** UQlev has joined #postfix[18:24:01] *** weedar has joined #postfix[18:29:27] *** mandragor has joined #postfix[18:29:46] *** weedar has quit IRC[18:29:49] *** p3rror has quit IRC[18:31:29] *** Bry8Star has quit IRC[18:33:19] *** Bry8Star has joined #postfix[18:49:17] *** dcurrey has quit IRC[18:53:25] *** krisfremen has quit IRC[18:57:36] *** krisfremen has joined #postfix[18:57:36] *** krisfremen has joined #postfix[19:15:45] *** Kalavera_ has left #postfix[19:20:11] <CookieNinja> I'm trying to configure postfix to forward mail to two dovecot servers but I'm getting this error, Jun 17 17:04:41 mta postfix/smtpd[4597]: NOQUEUE: reject: RCPT from mail-ea0-f170.google.com[209.85.215.170]: 550 5.1.1 <tom at dropfuse dot com>: Recipient address rejected: User unknown in local recipient table; from=<tom.luke.mcloughlin at gmail dot com> to=<tom at dropfuse dot com> proto=ESMTP helo=<mail-ea0-f170.google.com>[19:20:31] <CookieNinja> (I don't care if anyone has my email.)[19:21:42] <adaptr> that's good. we don't care either. raw data > *[19:21:58] <adaptr> !unknown_local[19:21:59] <knoba> adaptr: "unknown_local" : User unknown in local recipient table means that the recipient domain was found in $mydestination but the username was not found in local_recipient_maps (by default: users in /etc/passwd and aliases(5) in /etc/aliases).[19:22:27] <CookieNinja> I'm using MySQL for user accounts.[19:22:42] <Aprogas> Then you're probably looking for virtual mailboxes.[19:24:25] <CookieNinja> The virtual mailboxes work perfectly fine with both my mail servers but it doesn't like my mta.[19:24:34] <adaptr> that's meaningless.[19:24:49] <CookieNinja> Basically I'm trying to setup smart hosts[19:24:53] <CookieNinja> If that helps.[19:24:56] <adaptr> the log entry you showed reports !unknown_local. if that is the problem, then you need to fix that[19:25:11] <CookieNinja> How do I fix that if I only have postfix running.[19:25:12] <adaptr> if you have zero clue (as seems increasingly likely), please start with[19:25:13] <adaptr> !basic[19:25:13] <knoba> adaptr: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[19:26:48] *** RayS has quit IRC[19:26:51] <adaptr> also, as appropriate:[19:26:53] <adaptr> !super_basic[19:26:53] <knoba> adaptr: "super_basic" : Setting up an 'Email Server' has many moving parts. If you don't understand what you are doing, start here: http://en.wikipedia.org/wiki/E-mail#Operation_overview[19:28:38] <CookieNinja> I'm pretty sure I know what email is.[19:29:07] *** RayS has joined #postfix[19:30:31] <adaptr> I find it's best not to make too many assumptions[19:31:48] *** krisfremen has quit IRC[19:35:07] *** jax has joined #postfix[19:35:09] <jax> hello[19:36:34] <jax> so my cloud provider's storage nodes failed again.. i really need a backup plan for my mail server. i only have one server acting as imap/pop/smtp/submission services. how can i start getting bigger and less error prone?[19:37:12] <adaptr> do you have a million messages per day ?[19:37:19] <nado> getting another server (vps ?) for MX 20 ?[19:37:26] <nado> rsync your mails ?[19:38:18] <jax> no, quite not a lot of mail[19:38:26] <jax> http://mail.cxg.ch/cgi-bin/mailgraph.cgi[19:38:30] <jax> beautiful outage :D[19:39:01] <jax> yeah i need another server. is there a guide to making an MX 20 and also to duplicating imap/pop3 ?[19:39:14] <jax> how do you keep mail in sync between the servers[19:39:17] <adaptr> you don't want a backup MX.[19:39:36] <adaptr> as to how to synchronize mailstores, that's not really a postfix subject[19:39:53] <jax> i just need a solution that when my cloud goes down my clients dont notice.[19:40:01] <jax> s/that/for[19:40:18] <adaptr> and your "clients" do what ? submit mail ? retrieve via IMAP ?[19:40:23] <jax> both[19:40:26] <jax> over this same box[19:40:32] <jax> submission and imap[19:41:01] <adaptr> you're looking at georedundant DC presence and loadbalancing. this kind of stuff starts at $10K.[19:41:25] <adaptr> instead, get a proper server, and run it once. perhaps backup the mailstore remotely, for insurance.[19:41:31] <jax> i do that already[19:41:41] <adaptr> nonsense.[19:41:43] <jax> rsync the mails every 2h or so[19:41:50] <jax> via a VLAN to another server[19:41:54] <adaptr> "the cloud" is not a proper server in any sense of the word.[19:41:59] <jax> but backup is not the problem, i don't have data loss[19:42:03] <adaptr> hahaha[19:42:21] <jax> come on, bare with me[19:42:26] * thumbs bares[19:42:45] <jax> i've had a proper server[19:42:51] <jax> but ran in to hardware limitations[19:42:59] *** krisfremen has joined #postfix[19:42:59] *** krisfremen has joined #postfix[19:43:03] <adaptr> utter nonsense. email takes virtually no resources[19:43:16] <jax> i wasn't only running the mailserver over it[19:43:21] <jax> disk was the problem[19:43:23] <thumbs> well, you *can* stress your I/O, if you have a single hard drive.[19:43:35] <adaptr> "a single hard drive" is not a server either.[19:43:36] <jax> our new cloud has all SSD storage[19:44:00] <adaptr> can you please stop using that word ? if it uses some form of virtualization, name it.[19:44:05] <jax> kvm[19:44:07] <jax> guest/host whatever[19:44:08] <adaptr> it's mostly irrelevant[19:44:29] *** socomm has joined #postfix[19:44:40] <socomm> What is option to disable relay on postfix host?[19:45:22] *** RayS has quit IRC[19:45:31] <jax> well, i have control over DNS and can buy another server (CLOUD or not… ;)). what are my options to at least allow my clients to still send mail when one goes down?[19:45:34] <adaptr> it's not one option, socomm[19:46:00] <adaptr> jax: zero, since MX records are not involved in that. as I already said, you need a loadbalancer for that.[19:46:48] <socomm> nvm, I found the doc page[19:47:44] <jax> can't you do load balancing with round robin dns entries?[19:47:53] <adaptr> no[19:47:54] <jax> but i guess you will still randomly hit the failed server[19:48:01] <adaptr> among other things[19:48:12] *** RayS has joined #postfix[19:48:18] <socomm> adaptr: thx[19:48:32] <jax> we use nginx for load balancing our web stuff, is there nothing similar for postfix?[19:48:46] <adaptr> you can use anything that does IP-based loadbalancing[19:48:53] <adaptr> it's not postfix-related[19:49:09] <socomm> http://blog.exceliance.fr/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/[19:49:10] <jax> hm, 2.10.0 release notes speak of an nginx proxy[19:49:28] <socomm> (._. )[19:49:43] <waldi> jax: what is the SLA you have with your provide?[19:50:09] <jax> waldi, x50 compensation[19:50:26] <waldi> 99, 99.9, 99.99?[19:51:34] <waldi> less then 1 msg/min, this is low troughput[19:51:45] <jax> we have 5minute billing cycles. if the servers are not available, they compensate per 5minutes x 50. actually 100%[19:51:59] <jax> http://www.cloudsigma.com/en/platform-details/legal?t=3[19:52:50] <jax> anyway. so you're saying i can't do anything about my situation except if i have $10K[19:53:13] *** socomm has left #postfix[19:53:17] <adaptr> I did nto say that. your words were "so my clients notice NOTHING when the server goes down"[19:53:24] <adaptr> that availability costs.[19:53:35] <jax> ok, let me rephrase..[19:53:50] <jax> can i do some work that might take 10min to switch to another working smtp somewhere else?[19:53:56] <jax> instead of waiting 4h for a disk array to rebuild[19:54:07] <adaptr> if you're sufficiently versed in networking, read the link socomm provided[19:54:14] <jax> i am[19:54:17] <jax> (reading it)[19:54:22] <adaptr> good. it's a start.[19:55:38] <waldi> availability, at least automatic, comes with a huge monitoring cost. do you get paid for a 99.9 SLA by your clients?[19:55:48] *** m1nish has joined #postfix[19:56:12] <thumbs> I use adaptr's servers to relay my spam when my main server goes down.[19:56:20] *** UQlev has quit IRC[19:57:13] <jax> waldi: no. i just don't want to be totally dependent of this provider given the current circumstances with the new hardware[19:58:02] <jax> still, for the HAProxy i would need at least 3 locations to make it work[19:58:15] <jax> one for the proxy, and then 2 independent for the smtpds[19:58:36] <waldi> so you create a new SPOF[19:58:45] <thumbs> if you want manual failover, you can just configure an identical server in hot standy mode.[19:59:08] <jax> define hot standby mode[19:59:18] <jax> waldi: true ;)[19:59:23] * patdk-wk always perfered active/active solutions, then hot standby's[19:59:39] <jax> (-_-)[19:59:43] <patdk-wk> you know if the hot-standby is out of date, having issues, quicker :)[19:59:51] <thumbs> patdk-wk: possibly, yes.[20:01:03] *** [diablo] has joined #postfix[20:03:25] *** mandragor has quit IRC[20:06:40] *** gu1lle_ has joined #postfix[20:07:38] <CookieNinja> In all seriousness, how do I keep two mail servers maildir's in sync?[20:08:15] <patdk-wk> that is a different issue[20:08:23] <patdk-wk> there are many ways[20:08:54] <CookieNinja> What would you say the best and least time consuming way is?[20:08:59] <patdk-wk> !best[20:09:00] <knoba> patdk-wk: Error: "best" is not a valid command.[20:09:04] <patdk-wk> stupid bot[20:09:15] <patdk-wk> how would I know the *best* way to do it for your goals?[20:09:19] <thumbs> !there_is_no_best[20:09:20] <knoba> thumbs: Error: "there_is_no_best" is not a valid command.[20:09:30] <CookieNinja> My goal is just to keep my maildir's in sync[20:09:37] <patdk-wk> that is not a goal[20:09:38] <CookieNinja> I don't care how I do it.[20:09:44] <jax> in real time?[20:09:45] <patdk-wk> rsync :)[20:09:54] <CookieNinja> jax: Yes.[20:09:54] <patdk-wk> drbd :)[20:09:58] <patdk-wk> dovecot :)[20:10:19] <CookieNinja> drbd looks interesting.[20:10:28] *** twobitha1ker has left #postfix[20:10:34] <patdk-wk> ocfs? gfs? nfs?[20:10:39] *** twobithacker has joined #postfix[20:10:43] <CookieNinja> Has anyone actually used something like Rackspace cloud files to store mail though?[20:11:00] <twobithacker> btsync would be an interesting way to do it[20:11:15] <CookieNinja> twobithacker: I was thinking of doing that.[20:13:28] <twobithacker> Should allow for multiple active servers, and on Linux the changes should propagate pretty quickly. The code isn't event driven on *BSD, so there would be more of a delay.[20:19:24] <CookieNinja> twobithacker: I done it and it works.[20:20:01] <CookieNinja> http://scr.tommehm.co.uk/scr/17_06_13_19_19_38.png[20:25:36] *** freezey has joined #postfix[20:28:05] *** UQlev has joined #postfix[20:30:13] <jelly-home> drbd seems like a viable venue for an active/passive setup[20:33:35] <TheAvatar> I'm using (just now) AVG as an extra scanner in Postfix. For some reason, when it detects a virus, the virus name is not shown (amavis[42651]: (42651-01) run_av (AVG Anti-Virus): /var/amavis/tmp/amavis-20130617T203147-42651-d213nRU3/parts INFECTED:" (it ends with INFECTED:) - what could be wrong?[20:33:44] <TheAvatar> I am using amavisd[20:34:13] <TheAvatar> I am using amavisd, and I tried the old avg entry I had in my config and I tried the new one provided by avg by the installer. They same to act the same with no virus name listed[20:42:55] *** jacekowski has joined #postfix[20:43:36] <jacekowski> hi people[20:44:02] <jelly-home> hello person[20:44:51] <TheAvatar> Found the solution. Just if this channel is logged. It is in amavisd.conf, I updated the AVG entry with "qr/^200/m, qr/^403/m, qr/^403[- ].*: ([^\r\n]+)/m ],". Fix is included in newer amavisd and listed here: http://lists.amavis.org/pipermail/amavis-users/2012-June/001629.html[20:44:51] <jacekowski> i've got a problem with DomainKeys, my emails to one specific domain get rejected with >: host mail.plfinternational.com[194.164.82.192] said: 550 Message does not pass DomainKeys requirements for domain jacekowski.org (in reply to end of DATA command)[20:46:43] *** m1nish has quit IRC[20:46:55] <jacekowski> according to domainkeys checker everything is OK-ish[20:46:56] <jacekowski> DomainKeys check: neutral[20:46:56] <jacekowski> DKIM check: pass[20:53:30] *** Driver has quit IRC[20:57:21] *** Bry8Star_ has joined #postfix[20:57:38] *** chris| has quit IRC[20:58:09] *** Bry8Star has quit IRC[20:58:48] *** JC_SoCal has quit IRC[20:58:49] *** cite has quit IRC[20:58:54] *** [dmp]_ has quit IRC[20:59:53] *** freaky[t] has quit IRC[21:00:04] *** [dmp] has joined #postfix[21:00:05] *** cite has joined #postfix[21:00:17] *** fbh has quit IRC[21:00:21] *** chrisq has quit IRC[21:00:40] *** chris| has joined #postfix[21:00:44] *** fbh has joined #postfix[21:00:51] *** chrisq has joined #postfix[21:01:20] *** trifler has quit IRC[21:02:29] *** sonne has quit IRC[21:02:46] *** trifler has joined #postfix[21:03:07] *** cite has quit IRC[21:03:17] *** freaky[t] has joined #postfix[21:04:44] *** cite has joined #postfix[21:08:17] *** sonne has joined #postfix[21:13:01] *** maddy_ has quit IRC[21:15:15] *** Driver has joined #postfix[21:15:28] *** maddy_ has joined #postfix[21:19:52] *** UQlev has quit IRC[21:23:00] *** UQlev has joined #postfix[21:23:10] *** nick43 has joined #postfix[21:24:24] *** Eagleman has quit IRC[21:26:33] *** jax has left #postfix[21:28:43] *** nutron has joined #postfix[21:30:49] *** Rhomber has quit IRC[21:31:08] *** Eagleman has joined #postfix[21:32:28] *** Rhomber has joined #postfix[21:38:28] *** badiane has quit IRC[21:44:39] *** MacWinner has quit IRC[21:44:56] *** UQlev has quit IRC[21:54:41] *** nick43 has quit IRC[21:58:42] *** freezey has quit IRC[22:00:38] *** sniffells has quit IRC[22:02:06] *** sniffells has joined #postfix[22:05:17] *** gavimobile has joined #postfix[22:05:42] <gavimobile> I need some help for entering the value for mynetworks[22:06:24] <nado> what do you want for your networks ?[22:07:09] <gavimobile> im using a e2c vps which im building, I have been given a static ip address. won't the usage of a cidr ip address allow more than just my static ip address? I added 127.0.0.1 as well[22:07:33] <lunaphyte_> use smtp auth, not ip addresses[22:07:51] <gavimobile> so should I just leave mynetworks commented[22:08:07] <gavimobile> and configure smtp auth[22:08:11] <lunaphyte_> yes[22:08:18] <gavimobile> lunaphyte_: thanks[22:08:22] <lunaphyte_> ideally, mynetworks is completely empty.[22:08:51] <gavimobile> lunaphyte_: ok ill leave it uncomented, but before I apply auth, I would like to test[22:09:48] <gavimobile> so for now can I put 127.0.0.0/8, xxx.xxx.xxx.xxx/? for right now and remove it later? this way I can test without auth[22:10:18] <lunaphyte_> i'm a little confused[22:10:31] <gavimobile> well you recommended that I use auth which I agree[22:10:38] <lunaphyte_> you're going to run postfix on an amazon ec2 vps?[22:10:47] <gavimobile> lunaphyte_: yup[22:11:17] <lunaphyte_> why would you put its own ip address in its config?[22:12:14] <gavimobile> lunaphyte_: so I can add myself to the list of trusted ip's[22:12:24] <gavimobile> which can relay[22:12:25] *** nveselinov has left #postfix[22:12:28] <lunaphyte_> loopback is for that[22:12:57] <gavimobile> ok, so ill just add 127.0.0.0/8 and later on remove it once I get and test auth[22:12:58] <gavimobile> ?[22:13:12] <lunaphyte_> sure[22:13:32] <gavimobile> lunaphyte_: sweet[22:13:34] <gavimobile> thanks[22:13:40] <lunaphyte_> sure thing[22:19:39] *** tjikkun has quit IRC[22:21:59] *** master_of_master has joined #postfix[22:22:52] <pj> gavimobile: /32 will specify just a single IPv4 address in CIDR notation.[22:24:14] *** tjikkun has joined #postfix[22:24:54] *** master_o1_master has quit IRC[22:29:39] *** Blacklite has quit IRC[22:30:44] *** Blacklite has joined #postfix[22:32:49] *** Bronze has quit IRC[22:34:36] *** wdp has joined #postfix[22:34:36] *** wdp has joined #postfix[22:43:15] *** xDamox has joined #postfix[22:46:39] *** badiane has joined #postfix[22:53:32] *** Eagleman has quit IRC[22:53:46] *** biggi_mat has quit IRC[22:57:25] *** sniffells has quit IRC[22:57:45] *** JC_SoCal has joined #postfix[22:58:05] *** sniffells has joined #postfix[23:00:52] *** grknight has quit IRC[23:01:56] <TheAvatar> postfix delivers to MX and A of a domain. How can I prevent it from trying to deliver to A-records? Or is that against the RFC to only deliver to MX records?[23:05:18] <lunaphyte_> you cna't unfortunately[23:05:23] <lunaphyte_> *can't[23:06:23] <TheAvatar> it seems it doesn't do that by default. ignore_mx_lookup_error = yes would cause that behaviour[23:07:36] <TheAvatar> The strange thing is, I do have mails in my queue to typo-domains, that has no MX records, that clearly has a lookup for A domain.tld, which is strange, since I use the default of that ignore_mx[23:07:41] *** snearch has joined #postfix[23:08:32] *** tmberg has quit IRC[23:09:00] *** eye69 has quit IRC[23:09:07] *** hparker has quit IRC[23:09:32] *** cnu- has quit IRC[23:09:32] *** patdk-wk has quit IRC[23:09:33] *** Patrickdk has quit IRC[23:12:12] *** nado has quit IRC[23:12:48] *** MacWinner has joined #postfix[23:13:05] *** hparker has joined #postfix[23:13:05] *** hparker has joined #postfix[23:13:25] *** Patrickdk has joined #postfix[23:14:02] *** patdk-wk has joined #postfix[23:15:28] *** Bronze has joined #postfix[23:41:54] *** echelog has joined #postfix[23:42:30] *** Toerkeium has quit IRC[23:43:33] *** Randomage has quit IRC[23:45:31] *** Randomage has joined #postfix[23:47:17] <adaptr> TheAvatar: that doesn't do what you think it does[23:47:43] <adaptr> the standards mandate that anA record is used if there is no MX record. postfix follows the standards.[23:48:55] *** cnu- has joined #postfix[23:49:33] <TheAvatar> adaptr, not according to the postfix docs[23:50:04] <TheAvatar> adaptr, Specify "ignore_mx_lookup_error = yes" to force a DNS A record lookup instead. This violates the SMTP standard and can result in mis-delivery of mail[23:50:21] <TheAvatar> however, it does seem to make the A-record lookup even though it is set to no[23:50:28] <adaptr> yes, you don't understand what that means[23:50:42] <TheAvatar> adaptr, it makes no sense at all to deliver to some semi-random A-record[23:50:54] <adaptr> ...you really don't understand what you're talking about[23:51:02] <TheAvatar> every post I can find about it says "do NOT set it to yes. It will cause mail mis-delivery"[23:51:09] <TheAvatar> how so?[23:51:19] <adaptr> I can only refer you to RFC 5321, where the behaviour is defined.[23:51:39] <adaptr> you're unwilling to have it otherwise explained[23:51:50] <TheAvatar> the first snippet is taken directly from postfix.org[23:52:48] <TheAvatar> reading a 95 pages RFC is quite a lot. Especially since my issue seems to be, that postfix does this A-lookup, which I do not want, because that is plain stupid[23:53:44] *** cnu- has quit IRC[23:53:57] <adaptr> if you're intent on raging against published and long-standing standards, I think you should know what it says.[23:53:59] *** eye69 has joined #postfix[23:54:10] <TheAvatar> adaptr, could you point me in the direction of where the RFC mentions to use the root A-record of a domain, if no MX is present? Any website and forum I ran across regarding this issue says it breaks the RFC to deliver to the A-record, and it will very likely cause mail misdelivery[23:54:11] <adaptr> it is apparent that you do not[23:54:43] <TheAvatar> it is likely the "entire internet" is wrong - it has happened before, but still[23:54:57] <TheAvatar> tell me why it makes sense to deliver email to a random A-record?[23:55:03] <adaptr> this is not productive[23:56:29] <TheAvatar> adaptr, seriously, I am asking you why that would make sense?[23:56:39] <adaptr> your reasoning is flawed[23:57:17] <TheAvatar> say, I have a web host on 1.2.3.4, I point www. and @ to 1.2.3.4. I have no MX. People try to mail me on the domain, and instead of the mails being returned as not delivered (as I would expect), my webhost snitches all my emails. I know it would require a rogue webhost, but still[23:57:46] <adaptr> if you really want to learn, you're going to have to shut up and accept how things work. I'm not interested in convincing you.[23:57:49] <TheAvatar> so the sender might send me confidential email, and they think I received it because it didn't bounce, but instead their confidential content ends up at some third party[23:58:25] *** cnu- has joined #postfix