June 23, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 23, 2013 [00:00:00] <BeepDog> I assume not using the mailbox_command param?[00:00:05] <adaptr> BeepDog: read the *excellent* documentation ? :P[00:00:09] <BeepDog> hah[00:00:14] <adaptr> MUAHAHAHA[00:00:14] <BeepDog> yeah, dspams docs are terribad[00:00:19] <BeepDog> y u hate me so :P[00:00:25] <adaptr> I'll give you what I have[00:00:33] <thumbs> why do you type like this?[00:00:33] <BeepDog> if this works, you're my hero[00:00:50] <thumbs> it's spelled "you" and "why".[00:01:00] <BeepDog> thumbs: yes, I did it on purpose :P[00:01:07] *** davlefou_ has joined #postfix[00:01:08] <BeepDog> in response to the "*excellent* documentation" jab[00:01:25] <rob0_> y u du dat?[00:01:37] <BeepDog> rob0_: :D[00:01:49] <adaptr> DeliveryHost /var/spool/postfix/public/dovecot-lmtp[00:01:51] <adaptr> DeliveryIdent localhost[00:01:53] <adaptr> DeliveryProto LMTP[00:01:56] <adaptr> BeepDog: you need those in dspam.conf[00:02:09] <adaptr> you may name the socket anything you please, obviously[00:02:10] <BeepDog> k[00:02:11] <BeepDog> right[00:02:23] <BeepDog> and that socket gets named in dovecot's config, to have it listen via LMTP[00:04:10] <adaptr> correct. I can provide the LMTP server bits, but dovecot isn't hard[00:04:18] <adaptr> to listen, use this:[00:04:20] <adaptr> ServerPID /var/run/dspam.pid[00:04:22] <adaptr> ServerMode standard[00:04:24] <adaptr> ServerParameters "--deliver=innocent,spam"[00:04:26] <adaptr> ServerIdent "localhost"[00:04:28] <adaptr> ServerDomainSocketPath /var/spool/postfix/public/dspam[00:04:31] *** davlefou has quit IRC[00:04:35] <adaptr> again, socketname is whatever yuo please[00:05:12] <adaptr> it is a public socket because you may want to retrain externally. this way, the socket is also writable by a standalone "dspam" call.[00:05:24] <adaptr> (dspamc is horrible)[00:05:40] <BeepDog> if dspam didn't work so damn well, I'd drop the whole thing :)[00:06:00] <adaptr> and in postfix, just set mailbox_transport = unix:lmtp:public/dspam[00:06:04] <adaptr> BeepDog: agreed![00:06:35] <BeepDog> maybe I'll rewrite dspam into something that sucks less[00:06:39] <adaptr> BeepDog: this causes the ultimate recipients to be delivered via LMTP to dspam, which will figure out the user from the recipient localpart[00:06:41] <BeepDog> but I doubt my performance would be as well[00:06:50] <BeepDog> ah, that's perfect![00:07:27] <adaptr> BeepDog: the documentation would not be such an issue if the logging and debugging wasn't even worse.[00:07:33] <BeepDog> yeah[00:07:40] <BeepDog> I spent 3 hours debugging "Segmentation Fault"[00:07:46] <BeepDog> because I didn't have a permissions set correctly on a directory[00:07:55] <BeepDog> and dspam just shat its pants instead of reporting a useful error[00:07:57] <adaptr> BeepDog: also, whatever you use for the css store, make SURE it is 660 for the dspam user.[00:08:08] <adaptr> I struggled with that for an evening, too[00:08:09] <BeepDog> css store?[00:08:14] <BeepDog> the token database?[00:08:19] <adaptr> ..you've used dspam before ?[00:08:27] <BeepDog> yeah, been for like way to long ago[00:08:30] <adaptr> yes. there is a subdirectory per recipient.[00:08:31] <BeepDog> but maybe the term I'm missing[00:08:32] <BeepDog> aha[00:08:36] <BeepDog> the stats dir and such[00:08:40] <BeepDog> I use the SQL backend as well[00:08:43] <BeepDog> feeding to postgres[00:08:46] <adaptr> urgh[00:08:50] <BeepDog> works for me, heh[00:08:53] <adaptr> you're on your own there[00:08:54] <BeepDog> is it really that bad?[00:08:57] <BeepDog> because it works[00:09:02] <adaptr> isn't it bad enough already ?[00:09:12] <BeepDog> I cannot say that I've had any problems with it[00:09:20] <adaptr> I have looked at page and pages of dspam source code, because it's un-fucking-debuggable[00:09:24] <BeepDog> the dspam backends has been the easiest part[00:09:25] <adaptr> and it remains un-fucking-debuggable[00:09:26] <BeepDog> for me anyway[00:09:27] <BeepDog> yes[00:09:32] <BeepDog> it's terrible code[00:09:35] <adaptr> the code is a violent mess[00:09:38] <BeepDog> but amazingly good at filtering spam[00:11:07] <BeepDog> I probably need dovecot-lmtp's socket to be rw for the dspam user then[00:11:11] <BeepDog> since ... yeah that makes sense[00:11:35] <adaptr> no. it is PUBLIC. it should be 660, and both dovecot and dspam should be memebrs of that group[00:11:42] <adaptr> let me check what I have[00:11:49] <BeepDog> hm[00:11:54] <BeepDog> yeah I can do that[00:11:58] <BeepDog> just add them to the mail group and whatnot[00:12:33] <adaptr> "dpsam" is 777, root:mail[00:12:37] <adaptr> dovecot is 666, postfix:[00:12:55] <BeepDog> my dspam is 777 root:root[00:13:00] <BeepDog> rpobably because that's how it created it[00:13:07] <adaptr> dspam creates the former, there's probably little you want to change about that, again, as I said - for sane retraining, you want dspam to be able to write to it as every user[00:13:15] <BeepDog> right[00:13:28] <adaptr> the latter is set by dovecot, and it's fine, too[00:13:51] <adaptr> the only "risk" is that everybody can submit valid LMTP to both sockets[00:14:00] <adaptr> if that's a real concern, alter them to group-writable[00:14:24] <adaptr> but then you don't get per-user retrain via the socket, i.e. you can't deliver spam -> ham retrains[00:14:45] <adaptr> if you use a different method for retrain, meh[00:17:09] <BeepDog> i'm not too worried about local risk like that yeah[00:17:27] <BeepDog> temporary failure. Command output: local: fatal: execvp unix:lmtp:/var/spool/postfix/public/dspam: No such file or directory[00:17:31] <BeepDog> all right, wat da hek[00:17:36] <BeepDog> that's full of lies right there[00:17:53] <adaptr> you probably have a service "dspam"[00:18:00] <adaptr> you'd need to get rid of that[00:18:05] <BeepDog> no I'm more dumber[00:18:10] <BeepDog> mailbox_command not mailbox_transport[00:18:10] <adaptr> always possible[00:18:15] <BeepDog> herp all the derps[00:20:15] <BeepDog> local is now complaining: warning: connect #3 to subsystem private/unix: No such file or directory[00:20:22] <BeepDog> so I've probably got something done wrong[00:20:33] <BeepDog> no dspam services in master.cf[00:20:38] <BeepDog> it's basically back to the default[00:21:20] <BeepDog> yeah local is complaining now all the time... hrm[00:23:45] <adaptr> BeepDog: that should have been lmtp:unix:public/dspam[00:23:51] <adaptr> RTFM fail![00:23:57] <BeepDog> yeah I hadn't gotten there yet[00:24:07] <BeepDog> I was actually on the local8 man page[00:24:09] <adaptr> yes you did. that's the only possible reason for that error[00:24:19] <BeepDog> no I mean I hadn't rtfm'd completely[00:25:12] <adaptr> you wouldn't. that takes days.[00:25:17] <BeepDog> heh[00:25:19] <BeepDog> true story[00:26:03] <adaptr> the dspam -> dovecot part was very easy. I later decided to add -extensions for auto-sorting. that works great too.[00:26:35] <BeepDog> now I need to tweak the user stuff for dovecot[00:26:42] <BeepDog> it's giving back 550s telling me user@domain doesn't exist[00:26:49] <BeepDog> which is proper, because it should just be user[00:26:58] <BeepDog> at least it's getting through dspam now[00:27:14] *** ogny has quit IRC[00:27:14] <adaptr> (in case you're zonking out now: dspam allows me to set and recognize recipient delimiters, which postfix can optionally propagate, and dovecot can be configured to auto-sort into extension-folders)[00:27:36] <BeepDog> you mean like beepdog+something@domain ?[00:27:39] <adaptr> yep[00:27:43] <BeepDog> yeah I plan on using those as well[00:27:46] <BeepDog> because they're the bestest[00:27:53] <adaptr> except you want to use -, since web crap tends to reject the +[00:28:15] *** ogny has joined #postfix[00:28:16] <BeepDog> yeah, I've been using + for years now[00:28:20] <BeepDog> and it's been good enough, but you're right[00:28:26] <adaptr> and web crap is where they are most useful to track spamers[00:28:27] <BeepDog> those sites dont' get my email if I can avoid it heh[00:28:28] <loops> gmail uses +[00:28:54] <adaptr> well, harvesters, really, but why discriminate ? tey're all effing bastards.[00:28:58] <BeepDog> heh[00:29:39] <loops> is there a name for the bit that comes after the + when talking bout that feature?[00:29:53] <BeepDog> recipieitn delimiter[00:29:54] <adaptr> I just mentioned it several times[00:29:55] <BeepDog> I think[00:29:57] <thumbs> !recipient_delimiter[00:29:57] <knoba> thumbs: "recipient_delimiter" : a configuration parameter in the main.cf: The separator between user names and address extensions (user+foo). See canonical(5), local(8), relocated(5) and virtual(5) for the effects this has on aliases, canonical, virtual, relocated and on .forward file lookups. Basically, the software tries user+foo and .forward+foo before trying user and .forward.[00:29:58] <BeepDog> but spelling correctly[00:30:13] <loops> thxx[00:30:15] <adaptr> thumbs: I wanted HIM to figure that out![00:30:35] <thumbs> adaptr: hah. Not sorry :)[00:30:37] <loops> why does everyone on IRC wanna make things harder than they have to be :oP[00:30:48] <loops> i just popped into the convo late and am interested[00:31:03] <adaptr> loops: inside joke, just ignore[00:31:04] <BeepDog> adaptr: does your dovecot lmtp have some special config to make it properly accept local users?[00:31:09] <loops> :o)[00:31:18] <thumbs> adaptr: this is different - this is a standard parameter, not a ubuntu abomination.[00:31:25] <BeepDog> because dspam gets a 550 back and I'm not seeing a lot of docs (what the heck?) on dovecot's LMTP[00:31:29] <BeepDog> or I'm looking for the wrong words[00:32:01] <adaptr> BeepDog: you're right, dovecot docs for LMTP aren't that great either.[00:32:01] <adaptr> but they were sufficient[00:32:43] *** midnightmagic has quit IRC[00:33:16] <adaptr> have you read http://wiki2.dovecot.org/LMTP ?[00:33:23] <BeepDog> yeah[00:33:31] <BeepDog> I'm looking at it right now heh[00:33:51] <BeepDog> and I see in the logs stuff coming from dspam[00:34:05] <BeepDog> it tries to look up "dkowis at testing dot shlrm.org" when it should just be looking up "dkowis"[00:34:12] <BeepDog> and of course, the full email is an unknown user[00:34:26] *** midnightmagic has joined #postfix[00:36:31] <rob0> "dkowis" is not an email address.[00:36:41] <BeepDog> that's fine[00:36:43] <BeepDog> it shouldn't be[00:36:47] <BeepDog> all other dovecot auth stuff isn't[00:36:47] *** midnightmagic has quit IRC[00:36:50] <BeepDog> I log into the server as dkowis[00:36:56] <BeepDog> I auth at postfix as dkowis[00:36:57] <BeepDog> etc.[00:37:00] <BeepDog> and that all works just fine[00:37:07] <rob0> sure, that's a username, but not an email address[00:37:28] <BeepDog> hopefully, then you know of a way to tell dovecot to translate between the two?[00:37:28] <rob0> !append_at_myorigin[00:37:28] <knoba> rob0: "append_at_myorigin" : Append the string"@$myorigin" to mail addresses without domain information. WARNING: do not change this without understanding what it means, see http://www.postfix.org/postconf.5.html#append_at_myorigin[00:37:36] <adaptr> rob0: he's not talking about postfix at all[00:37:41] <BeepDog> yeah this is dovecot[00:37:47] <rob0> oh[00:38:01] <adaptr> what is your userdb ?[00:38:12] <rob0> I think it might be a myhostname or similar setting[00:38:12] <BeepDog> pam, since it was easier to deal with than directly to LDAP[00:38:18] <BeepDog> (ironically)[00:38:27] <adaptr> be specific[00:38:55] *** v0lZy has quit IRC[00:38:59] <BeepDog> sorry, my userdb is passwd[00:39:04] <BeepDog> userdb { driver = passwd }[00:39:10] <adaptr> so, not PAM[00:39:17] <BeepDog> passdb { driver = pam args =session=yes dovecot }[00:39:22] <BeepDog> the passdb is pam[00:41:27] *** midnightmagic has joined #postfix[00:41:38] <adaptr> so, not PAM[00:41:43] <BeepDog> correct[00:41:50] <BeepDog> which might be the problem[00:41:59] <adaptr> have you changed dovecot ?[00:42:04] <BeepDog> changed?[00:42:08] <adaptr> have you looked at the log ?[00:42:08] <BeepDog> what do you mean?[00:42:13] <BeepDog> yeah[00:42:59] <adaptr> that was not a yes/no question. engage $brain.[00:43:13] <BeepDog> yes I know[00:43:17] <BeepDog> and it has said that the user doesn't exist[00:43:25] <BeepDog> because it looks up an email address in the passwd db[00:43:27] <BeepDog> which is no good[00:43:29] <adaptr> excellent! except that's not what it actually said.[00:43:34] <adaptr> show what it ACTUALLY said.[00:43:40] <BeepDog> 2013-06-22T17:46:37.838380-05:00 testing dovecot: auth-worker(4351): passwd(dkowis at testing dot shlrm.org): unknown user[00:44:01] <BeepDog> I have a pastebin in a sec[00:44:09] <adaptr> so you know where to look![00:44:21] <BeepDog> http://pastebin.com/49rafGXJ[00:44:23] <BeepDog> maybe not?[00:44:32] <BeepDog> there must be something dumb I'm stuck on here[00:44:49] <BeepDog> in all the other situations, it looks up a username, not an email[00:45:04] <BeepDog> and there's little to no configuration for dovecot's LMTP to change how it looks things up[00:45:21] <BeepDog> so how do I convince dovecot's LMTP to look up a username, instead of an email address?[00:45:28] <BeepDog> or is that not the right way to think about this problem?[00:46:02] <adaptr> it is. its' just completely unrelated to LMTP[00:46:10] <adaptr> look closer at the log[00:46:16] <adaptr> what is complaining ?[00:46:24] <BeepDog> yep, derp[00:46:26] <BeepDog> you're right[00:46:32] <BeepDog> I need to configure the auth worker to be smarter[00:46:35] <BeepDog> not lmtp[00:46:41] <BeepDog> by specifying the username format[00:46:51] <adaptr> I have exactly one setting in 10-auth.conf: auth_username_format = %n[00:46:55] <BeepDog> thanks for being patient with me and my dumbness[00:47:04] <BeepDog> I've only been grinding away at dspam for like all day[00:47:06] <adaptr> this would never have worked, lmtp or no[00:47:15] <BeepDog> nope[00:48:08] <adaptr> you have to give dovecot props for being precise bastards just like postfix. it makes things easier[00:48:23] <adaptr> there is no better example they could have sued[00:48:25] <adaptr> *used[00:48:31] <adaptr> well, both might work[00:48:37] <BeepDog> yeah[00:48:49] <BeepDog> if I'd have had a passdb that accepted emails as the userID[00:48:53] <BeepDog> like for virtual setups or something[00:49:28] <adaptr> that's how you'd do virtual domains with this setup, you'd have to configure dspam to do user@domain, too, but it supports that I think[00:49:39] <BeepDog> yeah it does, I think[00:49:59] <BeepDog> Since I'm using the SQL backend, and I have the signature appended to the message, it's got the virtual UIDs table[00:50:11] <BeepDog> and it's using the whole email at this point, which is fine by me[00:50:27] <BeepDog> I don't really care what dspam uses to identify my person, as long as it's the same for any aliases and such[00:50:38] *** danblack has joined #postfix[00:50:40] <BeepDog> just curious, what algorithm and tokenizing methods are you using?[00:50:43] <BeepDog> for dspam that is[00:50:49] <adaptr> I really dislike the whole signature-in-email thing, but their header-signature logic is badly broken :([00:50:55] <BeepDog> yeah, heh[00:50:57] <adaptr> the ones recommended by the dspam wiki[00:51:24] <adaptr> I am my only user, so there is very little need for adaptive shit. my store is the whole store :)[00:51:33] <BeepDog> yeah me too :)[00:51:37] <adaptr> if you have $users, you probably want an adaptive key store[00:52:01] <adaptr> i.e. a determinator that looks beyond just your tokens[00:52:13] <BeepDog> assuming you share tokens amongst users[00:52:19] <adaptr> rob0: have we gone far enough off-topic yet ?![00:52:56] <adaptr> BeepDog: you really would want to, especially for 100%-ers[00:53:00] <rob0> no, let's go over there -------------->[00:53:15] <adaptr> (you know, confidence 1.000000000......0)[00:53:16] <BeepDog> I dunno, not everyone thinks the same stuff is spam[00:53:35] <BeepDog> my like 10 year old corpus was 99.9% effective[00:53:39] <rob0> hmm? There's no "think" about it in most cases.[00:53:51] <rob0> Either you signed up or you did not.[00:53:55] <BeepDog> but recently either my mailserver is dying, or the spammers have found tokens that I've marked as not spammy[00:54:03] <BeepDog> no i mean, not all spam looks the same to all people[00:54:09] <BeepDog> in the terms of tokens[00:54:10] <adaptr> dspam is smart enough, plus you can set buckets and thresholds for how many people must rate a token before it becomes communal[00:54:16] <BeepDog> ah[00:54:24] <BeepDog> interesting[00:54:29] <BeepDog> I hadn't even gotten that far into the guts heh[00:55:05] <adaptr> rob0: that's not what he means. with token bayesian bleh, each user will have X tokens that add positive, and Y tokens that subtract negative. these may well be DIFFERENT, for different users[00:55:05] <BeepDog> I'm going to give the sbph and markov combination a go this time around[00:55:29] <adaptr> the amjority of users will consider "vagina" x10 to be spam. a gynaecologist won't.[00:55:47] <BeepDog> best. example. ever.[00:56:09] <BeepDog> btw, adaptr, you're my hero I think[00:56:17] <BeepDog> because you splaind dspam in a way I could actually get working[00:56:18] <adaptr> rob0: but since it may be beneficial for a large userbase to share the more dependable tokens (ones that are postive or negative for all users), dspam has these options.[00:56:22] <BeepDog> that doesn't suck, and isn't retarded[00:56:28] <BeepDog> I will have to write up a blogoblag post[00:56:33] <BeepDog> so that others can suffer slightly less than I[00:56:35] <adaptr> BeepDog: took me more than a week, so yeah.[00:56:44] <BeepDog> I believe it[00:56:48] <BeepDog> there's some deep magic in there[00:56:53] <adaptr> and it's infinitely tunable, so have fun[00:56:56] <BeepDog> also it goes counter to *every* dspam example on the internet[00:57:15] <BeepDog> yeah, now that I've got the interconnecting parts wired up, I can fiddle with the dspam guts all I want[00:57:19] <adaptr> absolutely. granted, I knew a bit more about postfix than those tutorialusers[00:57:42] <adaptr> rob0: can we patent that ? tutoria-lusers[00:58:13] <BeepDog> I don't know infinite about postfix, but I don't consider myself a noob[00:58:17] <BeepDog> but I'm probably a noob[00:58:30] <rob0> it's a winner adaptr[00:59:07] <adaptr> BeepDog: I don't mean this setup requires deep postfix fu, but sice I knew postfix very well, I also knew very well what i wanted dpsam to do.[00:59:16] <adaptr> that is a comon problem for many beginners[00:59:17] <BeepDog> right[00:59:23] <BeepDog> I knew exactly what I wanted dspam to do[00:59:28] <BeepDog> I wanted it to be a pipe in my chain to delivery[00:59:32] <BeepDog> but I didn't know how to wire that up[00:59:40] <adaptr> I had used postfix -> content_filter -> amavisd -> LMTP - > dovecot, before[00:59:43] <BeepDog> and you provided the necessary magic sause to wire that up[00:59:47] <adaptr> so I knew that was what I wanted to replace[01:00:08] <BeepDog> I have postfix -> amavisd -> clamav -> dspam -> procmail[01:00:16] <adaptr> urgh[01:00:16] <BeepDog> and I want to get away from procmail and amavisd[01:00:19] <BeepDog> yeah it's old[01:00:23] <adaptr> indeed. sieve ftw[01:00:26] <BeepDog> yeah[01:00:45] <adaptr> go and add the recipient-delimiter stuff next, you're going to lurv it[01:00:46] <BeepDog> so now I get to redo this setup one more time, on the real box, and get it all wired into puppet[01:00:55] <BeepDog> I think I've already got all the recipieint-delimiter stuff in there[01:00:59] <BeepDog> I turned it all on already[01:01:05] <BeepDog> I'm not doing anything automatically with it[01:01:13] <BeepDog> but I wanted all the various componetns to be aware of it[01:01:20] <BeepDog> I've been using that stuff already[01:01:21] <adaptr> dovecot actually has a dedicated parameter for it: lmtp_deliver_detail_mailbox[01:01:23] <BeepDog> but with a +[01:01:27] <BeepDog> yeah I didn't turn that on[01:01:29] <BeepDog> although I could[01:01:34] <BeepDog> I was going to set up a sieve rule to do so[01:01:41] <BeepDog> in case I didn't want it to always do that for me[01:01:44] <adaptr> postfix isn't propagating them for you yet[01:02:08] <BeepDog> it should be recipient_delimiter = +[01:02:09] <adaptr> all three have support for them, so obviously all three must propagate the extension until dovecot gets it[01:02:14] <BeepDog> unless there's something else I have to do?[01:02:27] <adaptr> !propagate_unmatched_extensions[01:02:27] <knoba> adaptr: "propagate_unmatched_extensions" : a configuration parameter in the main.cf: What address lookup tables copy an address extension from the lookup key to the lookup result.[01:02:57] <adaptr> you need to set that if you want to propagate the extension beyond postfix. otherwise it just gets wrapped to user@[01:03:04] <BeepDog> interesting[01:03:23] <adaptr> it's not set to by default, since that will confuse the heck out of beginners.[01:04:20] <BeepDog> um[01:04:23] <BeepDog> I didn't need to set that[01:04:25] <BeepDog> and it works just fine[01:04:26] <adaptr> actually, it is set to virual by default, so if you're using virtual mailboxes now, it does get propagated[01:04:33] <BeepDog> and I'm not using virtual mailboxes[01:04:47] <BeepDog> I have recipient_delimiter = + in main.cf[01:05:01] <adaptr> yes, don't ever fucking think that "just fine" is ever the right answer for postfix. the rabbit hole goes so deep you're dead before you splat.[01:05:07] <adaptr> too deep for breakfast[01:05:10] <BeepDog> and I just turned on the lmtp_save_to_detail_mailbox = yes[01:05:15] <BeepDog> and it dropped it into a folder for me[01:05:37] <adaptr> trust me. rabbit hole -> too deep.[01:05:38] <thumbs> folders?[01:05:38] <BeepDog> and mail to dkowis+foo ended up in the foo folder[01:05:46] <adaptr> thumbs: IMAP folder[01:05:48] <BeepDog> mailbox? whatever the term is[01:05:50] <adaptr> absolutely correct[01:06:04] <thumbs> oh, in that sense.[01:06:07] <BeepDog> so what does the propagate_unmatched_extensions actually do?[01:06:10] <BeepDog> because I haven't set it[01:06:21] <BeepDog> and it behaves as expected (at least, as I expected it to behave)[01:06:35] <BeepDog> and dspam didn't add yet another user named "dkowis+foo" so that's proper as well[01:07:07] <adaptr> it means that unmatched extensions are propagated. don't know how else to explain that.[01:07:15] <BeepDog> [root@testing dovecot]# postconf | grep prop[01:07:15] <BeepDog> propagate_unmatched_extensions = canonical, virtual[01:07:20] <BeepDog> that's what the default is[01:07:23] <adaptr> correct[01:07:53] <adaptr> this ties in closely with how postfix uses lookup tables, which is a subject all by itself.[01:08:36] <BeepDog> I don't understand why you're saying that postfix doesn't propagate it, when I can demonstrate that it is...[01:08:40] <BeepDog> or did I miss some other point?[01:09:03] <adaptr> yes.[01:09:09] <adaptr> rabbit hole -> too effing deep.[01:09:36] <adaptr> explaining WHY what happens really happens will take several hours. AFTER you've read the entirety of the READMEs pertaining to maps, several times.[01:09:44] <BeepDog> oh blergh[01:09:49] <adaptr> this is one of the least intuitive parts[01:09:53] <BeepDog> perhaps I'll just continue to dance along in my ignorance then[01:10:06] <adaptr> if it ever stops working, we'll see you again :)[01:10:13] <BeepDog> I'm sure :)[01:10:48] <BeepDog> I think, however, now I'll take a break, make some notes about the blag post, and then go install a ceiling fan[01:10:51] <BeepDog> thank you so much for your help[01:11:03] <BeepDog> I never would've figured out the LMTP chaining for delivery[01:11:08] <adaptr> I already have a fan![01:11:11] <adaptr> it's great[01:11:28] <BeepDog> I'm trying to sell my house, so I need to finish putting up the ceiling fans in rooms without them[01:11:32] <BeepDog> so that it doesn't look odd[01:11:41] <BeepDog> according to the staging lady that told us what to do to sell our house[01:13:07] <BeepDog> maybe I should set up my spam/notspam aliases first[01:13:08] <BeepDog> just in case[01:14:27] <BeepDog> adaptr: I assume you're retraining via forwarding to an email, or are you using the (terrible) webUI?[01:16:54] <adaptr> I've tried half a dozen methods, and so far, alias retraining fails most of the time, and the only thing that seems to have any real effect is manual error corpus[01:17:04] <adaptr> that would be one of those parts that is seriously broken.[01:17:26] <BeepDog> hrm[01:17:34] <BeepDog> it used to work for me doing this: spam: "|/usr/bin/dspam --user root --class=spam --source=error"[01:17:34] <BeepDog> notspam: "|/usr/bin/dspam --user root --class=innocent --source=error"[01:17:40] <BeepDog> but that was not running dspam as a daemon[01:17:45] <BeepDog> and just running it every time by hand[01:17:47] <adaptr> I've spent about the same amount of time getting retraining to work as I invested in the ENTIRE solution.[01:17:51] <BeepDog> as part of deliver[01:17:53] <BeepDog> heh, I believe it[01:18:12] <adaptr> hence, I stopped giving a fuck, and now look at it when I can be bothered, which is every few months or so[01:18:16] <BeepDog> heh[01:18:28] <adaptr> for my money, that means it's broken as shirt.[01:18:36] <adaptr> even ithout the PC speling[01:18:51] *** digitalirony has joined #postfix[01:18:53] <digitalirony> sup;[01:19:38] <digitalirony> I just migrated a postgrey/clamav server that sits infront of the mail server. And it seems to be working for the most part, but it doesn't appear to be readint the whitelist[01:21:09] <digitalirony> I tried setting it with --options, but doesn't seem to be reading it still[01:21:40] <adaptr> since neither of those is postfix, what can we do for you ?[01:22:11] <digitalirony> iunno, I Was hoping someone in here could help, since postgrey is pretty common with postfix, and they don't have their own channel[01:22:15] <digitalirony> if not, just say so[01:25:03] <adaptr> are you using postscreen ? I find no need for gheylisting, in general.[01:25:57] <BeepDog> +1[01:28:39] <adaptr> BeepDog: if you're using strict per-user stores, you MUST retrain as that user. which is a pain. it's not smart enough to use the sender as user, although I tried that. postfix plays along nicely, dspam - again - doesn't[01:29:16] <adaptr> and as always, the logging only confuses matters. it is no help whatsoever.[01:29:41] <BeepDog> dspam should be doing switch user on parse, since I'm storing the user's ID in the signature[01:29:49] <adaptr> I am not prone to use words like "atrocious", but it applies quite well to dspam logging[01:30:01] <adaptr> BeepDog: yes, I have all that. doesn't work.[01:30:14] <BeepDog> blergh[01:30:20] <BeepDog> damn you dspam[01:30:29] <adaptr> signature in header, switch and alter user on parse, no dice. it says signature not found.[01:30:31] <BeepDog> and so I assume also it doesn't work in the webui?[01:30:36] <adaptr> I keep those things for months, too[01:30:43] <adaptr> I've never used that[01:30:59] <BeepDog> it's got a retrain button that uses the signature and the current user to do the retrain[01:31:02] <BeepDog> somehow[01:31:16] <adaptr> I will take another look at it next time I can be arsed to do a retrain session.[01:31:46] <BeepDog> system("$CONFIG{'DSPAM'} --source=error --class=" . quotemeta($retrain) . " --signature=" . quotemeta($signature) . " --user " . quotemeta("$CURRENT_USER"));[01:31:53] <adaptr> the sad part of it al lis, since I am the sole mailbox owner of this server, it doesn't really matter. I could hard-code the username EVERYWHERE. but that would defeat the purpose.[01:31:56] <BeepDog> it grabs the signature out of the data it's got and tells it to retrain[01:32:01] <BeepDog> haha[01:32:04] <BeepDog> yeah, I'm doing the same thing[01:32:56] <adaptr> in the same way that I could perfectly well keep using amavsid as content filter, and delivering to maildir directly.[01:33:06] <adaptr> but I sdon't want that - I want it to work the way I want it to work.[01:33:35] <BeepDog> blech[01:34:03] *** sleepee_ has quit IRC[01:34:58] <BeepDog> commands when run from the aliases pipe are run as nobody yeah?[01:35:02] <BeepDog> or are they run as postfix?[01:35:28] <adaptr> !mail_owner[01:35:28] <knoba> adaptr: "mail_owner" : a configuration parameter in the main.cf: The UNIX system account that owns the Postfix queue and most Postfix daemon processes. Specify the name of a user account that does not share a group with other accounts and that owns no other files or processes on the system. In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.[01:35:34] <rob0> nono[01:35:40] <BeepDog> they're not?[01:35:43] <rob0> the pipe(8) command specifies the user[01:35:51] <adaptr> he meant aliases(5)[01:35:53] <BeepDog> not a main.cf entry, but one in the aliases file[01:36:00] <BeepDog> correct[01:36:04] <rob0> oh aliases(5) is[01:36:09] <rob0> !default_privs[01:36:09] <knoba> rob0: "default_privs" : postconf(5) setting for the default rights used by local(8) delivery agent for delivery to external file or command. These rights are used when delivery is requested from a root-owned aliases(5) file, or when delivering to root. DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. See also !aliases_owner[01:36:13] <adaptr> yeah, that one.[01:36:37] <BeepDog> k[01:36:38] <BeepDog> thanks[01:37:02] *** davlefou_ has left #postfix[01:37:05] <BeepDog> is there any way to get from aliases to a different user?[01:37:08] <BeepDog> a specified user?[01:37:29] <rob0> "See also !aliases_owner"[01:38:22] <adaptr> BeepDog: if you're asking these sorts of questions, you almost always want a custom transport[01:38:29] <BeepDog> that'd work too[01:38:46] <BeepDog> if I could figure out how to do it for two email addresses on the normally served local domain[01:38:52] <BeepDog> like, dkowis@domain should go to me[01:38:59] <BeepDog> but spam@domain and notspam@domain should go to that transport[01:39:11] <BeepDog> at which point I could write a dspam pipe command in master.cf and set the user appropriately and whatnot[01:39:21] <adaptr> dspam-retrain unix - - n - - pipe user=dspam argv=dspam args= foo bar baz[01:39:28] <BeepDog> exactly[01:39:31] <adaptr> !tell BeepDog transport[01:39:32] <knoba> BeepDog: "transport" : transport(5) The optional transport(5) table specifies a mapping from email addresses to message delivery transports and next- hop destinations. Look at: http://www.postfix.org/transport.5.html[01:39:37] <BeepDog> yeah I'm looking at that[01:40:17] <adaptr> however, they must EXIST. yuo must also add those addresses to local_recipient_maps, which can be as simple as doing just that[01:40:53] <adaptr> (don't put them naively in aliases, since that will rewrite them, and they will no longer BE spam and ham)[01:41:00] <BeepDog> I see[01:41:10] <adaptr> not to mention that you 'd still have to alias them toa VALID address[01:41:17] <BeepDog> blergh[01:42:01] <BeepDog> yeah I have no clue what I'm doing in this mess[01:42:05] <BeepDog> *sigh*[01:42:09] <adaptr> much simpler to define a new map: dspam-retrain: spam dspam-retrain: \n ham dspam-retrain[01:42:26] <adaptr> and then add that map to both transport_maps and local_recipient_maps[01:42:31] <BeepDog> so that'd go in a dspam_maps postmap it[01:42:39] <adaptr> I named it.[01:42:44] <BeepDog> and then I forget how to add it to local_recipient maps?[01:42:51] <BeepDog> oh dspam-retrain[01:43:04] <adaptr> !tell BeepDog database[01:43:04] <knoba> BeepDog: "database" : http://www.postfix.org/DATABASE_README.html provides an overview of how Postfix lookup tables work, and the various types that are implemented.[01:43:17] <BeepDog> aha that looks familiar[01:43:41] <adaptr> it should. the buggers are absolutely everywhere[01:44:05] <BeepDog> I have very few of them in my postfix config right now[01:44:06] <adaptr> postconf |grep -c map[01:44:08] <adaptr> 51[01:44:51] <adaptr> I thought it would be at least 100 :([01:46:04] <adaptr> local_recipient_maps = unix:passwd:byname hash:/etc/aliases hash:/etc/postfix/dspam-retrain[01:46:17] <adaptr> that is technically a LIST, it only looks at the first value[01:46:18] <BeepDog> yeah[01:46:34] <BeepDog> it must've found spam somewhere, because it went ahead and tried to deliver it to the spam user on the system[01:46:41] <BeepDog> which failed miserably, as it should[01:46:44] <adaptr> and transport_maps = hash:/etc/postfix/transport hash:/etc/postfix/dspam-retrain[01:46:53] <BeepDog> yeh dspam is stupid now[01:46:55] <BeepDog> hrm[01:46:58] <adaptr> I can't really feed you any more spoons[01:47:03] <BeepDog> I know[01:50:34] <BeepDog> bah[01:50:45] <BeepDog> it keeps delivering it to dspam, instead of following the transport map[01:50:46] <BeepDog> wtf[01:51:16] <BeepDog> http://pastebin.com/GB786cA5[01:51:21] <BeepDog> that's not what it should be doing heh[01:54:44] <BeepDog> aha[01:54:55] <BeepDog> now i've gotten it to complain about the mailtransport being unavailable[01:54:57] <BeepDog> so that's pretty good[01:55:36] <adaptr> relevant logs of a single message, postconf -n[01:56:21] <BeepDog> single message: http://pastebin.com/HsvhjiYt[01:56:52] <adaptr> please avoid that add-ridden monstrosity[01:56:56] <adaptr> !paste[01:56:56] <knoba> adaptr: "paste" : do not paste more than 2 lines in the channel. A pastebin is a way to share larger amounts of data with others, without flooding the channel with garbage. try http://pastebin.com or http://paste.debian.net (or use google and find your own). don't forget to tell us the url where you pasted the text[01:56:59] <BeepDog> postconf -n: http://sprunge.us/ggdI[01:57:03] <adaptr> bah, that should be fixed.[01:57:12] <adaptr> yes, use sprunge[01:57:23] <BeepDog> sprunge is a bit more difficult with tail -f[01:57:24] <adaptr> logs first. always logs first[01:57:29] <adaptr> bullshit![01:57:39] <BeepDog> I already gave you logs, but you don't have adblock :P[01:57:54] <adaptr> there is no need for tail. grep <queue-ID> maillog[01:58:10] <BeepDog> http://sprunge.us/FVLb[01:58:20] <BeepDog> ah fair enough[01:58:59] <adaptr> warning: connect to transport private/dspam-retrain: No such file or directory[01:59:03] <adaptr> is it lying ?[01:59:24] *** danblack has quit IRC[01:59:33] <BeepDog> there is no dspam-retrain in there[01:59:38] <BeepDog> I'm eyeing my master.cf thing right now[01:59:52] <BeepDog> dspam-retrain unix n - n - - pipe[01:59:52] <BeepDog> flags=Rhq user=dspam[01:59:52] <BeepDog> argv=/usr/bin/dspam --client --class=$nexthop --source=error --user=dspam[02:00:28] <adaptr> can you tell me what the first "n" means ?[02:00:47] <BeepDog> oh derp[02:00:47] <BeepDog> hah[02:00:52] <BeepDog> that should be yes so it's private[02:01:52] <BeepDog> well now the socket exists[02:01:57] <BeepDog> and it silently does nothing[02:02:10] <BeepDog> of course, I'm faking a message at it, maoh nope[02:02:16] <BeepDog> 2013-06-22T19:02:06.525709-05:00 testing postfix/pipe[6185]: fatal: service dspam-retrain requires privileged operation[02:02:18] <BeepDog> that took a long time[02:02:44] <adaptr> why are you setting the user as dspam ?[02:03:08] <BeepDog> because I thought that it'd be wise to set the user as dspam, since thats the user dspam does everything as[02:03:10] <adaptr> that negates any per-user tokenization[02:03:35] <adaptr> you want the $sender[02:03:42] <BeepDog> hm[02:04:06] <adaptr> or, in other words, if you HAVE per-user tokenization, this scheme will do nothing. since tehre is no such mailbox.[02:04:38] <BeepDog> right[02:04:46] <BeepDog> this worked previously for me[02:04:52] <BeepDog> with per-user tokenization[02:04:57] <BeepDog> it would actually pick up the user out of the signature[02:05:00] <BeepDog> and it did work[02:05:10] <BeepDog> right now, I'm just trying to get back to that point, where Iknow it's actually calling the right things[02:05:11] <adaptr> I've never gotten any of that to work.[02:05:26] <adaptr> and you know how useful the logs are[02:05:30] <BeepDog> aye[02:05:48] <adaptr> the fact that retrains aren't even logged is not a good thing, either[02:06:06] <adaptr> it logs everything as I, W or S, but error corrections are simply ignored[02:07:43] <BeepDog> the web-ui knows about retrains[02:07:47] <BeepDog> so it's gotta be indicated somewhere[02:07:54] <BeepDog> even if I didn't retrain it via the webui[02:11:07] <BeepDog> even when using --user=${sender} it's still unable to figure out who the user is[02:33:46] *** cloq has quit IRC[02:49:35] *** Shadow010 has left #postfix[02:50:19] *** Blacklite has quit IRC[02:50:55] *** Blacklite has joined #postfix[02:52:48] <BeepDog> hah, I might have a really lame, but effective solution for the retraining[02:52:57] <BeepDog> that I think even works[02:53:32] <BeepDog> hrm, nope it didn't work :([02:53:34] <BeepDog> sad face[02:55:34] *** grknight has joined #postfix[03:05:46] *** danblack has joined #postfix[03:11:42] *** grknight has quit IRC[03:15:47] <BeepDog> http://dspamwiki.expass.de/DspamRetrainScript tried that basically[03:15:57] <BeepDog> with using dspam --client, since it's not standalone[03:15:59] <BeepDog> none of that works[03:16:20] <BeepDog> oh and I used ruby logic to pull out the signature[03:30:31] *** magyar has joined #postfix[03:30:31] *** magyar has joined #postfix[03:36:53] <BeepDog> adaptr: hah, I got retraining to work[03:36:57] <BeepDog> it's not the greatest but it works[03:37:10] <BeepDog> add aliases to your aliases: spam-username and notspam-username[03:37:17] <BeepDog> and then it retrains things[03:37:32] *** Colt has joined #postfix[03:37:32] <BeepDog> it still bounces because it's dumb I think[03:37:36] <BeepDog> but retraining happens[03:37:56] <BeepDog> Fatal: 550 5.1.1 <?T> User doesn't exist: ?T[03:37:58] <BeepDog> that happened[03:38:03] <BeepDog> whatever the hell that means heh[03:38:10] <BeepDog> but dspam did update it's database[03:38:14] <BeepDog> and note that something was spam[03:38:39] <BeepDog> works for notspam and for spam[03:39:27] <BeepDog> <dkowis at testing dot shlrm.org> (expanded from <notspam-dkowis at testing dot shlrm.org>):[03:39:27] <BeepDog> host testing.shlrm.org[/var/spool/postfix/public/dspam] said: 530 5.3.0[03:39:27] <BeepDog> <dkowis at testing dot shlrm.org> Fatal: 501 5.5.4 Invalid parameters (in reply to[03:39:27] <BeepDog> end of DATA command)[03:39:40] <BeepDog> it did retrain it however[03:41:22] <BeepDog> it's incrementing the stats and logging the appropriate things in the file[03:41:28] <BeepDog> I wonder why it's derping so hardcore to dovecot[03:42:05] *** cetanu has quit IRC[03:42:48] *** Colt has quit IRC[03:47:24] <BeepDog> HOLY SHIT[03:47:26] <BeepDog> I got it working[03:47:35] <BeepDog> when you forward a mail to it, it'll redeliver it back to you again[03:47:42] <BeepDog> noting that it's now spam, or that it's not[03:48:03] <BeepDog> ermagherds[03:48:07] <BeepDog> that works and it doesn't suck[03:49:42] <BeepDog> aw darn, it was working, now it's not[03:49:44] <BeepDog> le sad[03:49:51] <BeepDog> but... I think I know why[03:54:24] *** cetanu has joined #postfix[03:56:57] <BeepDog> man dspam is buggy as all shit[03:57:57] <BeepDog> adaptr: http://wiki.linuxwall.info/doku.php/en:ressources:dossiers:dspam#learning_in_forward_mode that gets me like 90% of the way there, but something doesn't quite work right[03:58:09] <BeepDog> when it talks to dovecot's LMTP end[03:58:12] <BeepDog> often resulting in bounces[03:58:14] <BeepDog> which is less than ideal[03:58:48] <BeepDog> dspam retrains, but it doesn't do something right when it tries to give it to dovecot's LMTP[04:15:44] <BeepDog> actually no it's not even that[04:15:55] <BeepDog> it's blowing up from DSPAM's LMTP server *sigh*[04:15:56] <BeepDog> jeez[04:16:29] <BeepDog> I can get it to retrain, but I'm going to get a bounce notification for each one that it retrains[04:16:38] <BeepDog> because DSPAM's lmtp server is teh gimp[04:16:40] <BeepDog> or something I think[04:26:29] *** biggimat has quit IRC[04:44:41] <BeepDog> 2013-06-22T21:44:04.261611-05:00 testing dspam[8715]: Got error 550 in response to RCPT TO: 550 5.1.1 <Ð#026> User doesn't exist: Ð#026[04:44:45] <BeepDog> dspam is doing weird things[05:01:44] *** gavimobile has quit IRC[05:03:39] *** danblack has quit IRC[05:05:28] *** jumperboy has joined #postfix[05:05:28] *** jumperboy has joined #postfix[05:05:55] *** guigouz has quit IRC[05:15:22] *** krisfremen has quit IRC[05:23:59] *** krisfremen has joined #postfix[05:23:59] *** krisfremen has joined #postfix[05:57:40] <digitalirony> ok, so, we have a barracuda spamwall as the gateway device. We have many 'remote' users. We have some spammers hitting the mailserver directly. Is there a way to tell postfix only accept 'external' email from the spamwall, and allow only our users to relay outbound through postfix?[05:59:42] <Patrickdk> hmm, sure, that is how it should always have been[05:59:49] <digitalirony> but its not[05:59:58] <Patrickdk> well, you didn't pay me to set it up[06:00:03] <digitalirony> im tired, and I Can't think, been working on this for a while[06:00:09] <digitalirony> not this issue[06:00:13] <digitalirony> but migrating the mail servers[06:00:24] <Patrickdk> all users are forced to use authenication?[06:00:28] <digitalirony> yes[06:00:36] <Patrickdk> then it is very simple[06:00:40] <digitalirony> but the server is accepting email still from 'remote mailservers' directly[06:00:43] <Patrickdk> where is postconf -n?[06:00:44] <digitalirony> I want to block that[06:01:18] <digitalirony> I want to allow it to relay for authed users[06:01:19] <Patrickdk> and I suppose also master.cf[06:01:27] <digitalirony> but not for remote servers[06:02:27] <digitalirony> blah[06:02:35] <digitalirony> ill work on it tomorrow after I have had sleep[06:36:14] *** danblack has joined #postfix[06:36:19] *** magyar has quit IRC[07:18:54] *** aarcane has joined #postfix[07:20:38] *** UQlev has joined #postfix[07:24:07] *** krislappy has joined #postfix[07:24:07] *** krislappy has joined #postfix[07:24:19] *** krisfremen has quit IRC[07:24:58] *** krislappy is now known as krisfremen[08:20:42] *** sphenxes has joined #postfix[08:24:56] *** sphenxes01 has joined #postfix[08:26:54] *** sphenxes has quit IRC[08:28:34] *** dragonheart has joined #postfix[08:29:54] *** danblack has quit IRC[08:30:10] *** gavimobile has joined #postfix[08:31:30] *** jimpop has quit IRC[08:33:10] <gavimobile> folks, im getting this msg "fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit", I do not have virtual_mailbox_limit or mailbox_size_limit in my config file. I would like to know if by setting the value to these variables, would this be the default size? im using virtual users so can I configure each users size seperately and virtual_mailbox_limit would be the default?[08:47:03] *** Motoko has quit IRC[08:51:52] *** jimpop has joined #postfix[08:55:17] <UQlev> gavimobile, postconf message_size_limit; postconf mailbox_size_limit[08:57:01] <UQlev> gavimobile, you may need maildir quota[09:09:19] <gavimobile> UQlev: I better read the docs[09:09:27] <gavimobile> UQlev: thanks[09:12:43] *** biggimat has joined #postfix[09:18:04] *** jarif has joined #postfix[09:24:39] <gavimobile> UQlev: I believe I do have a maildir quota which is why this message is strange[09:25:13] <gavimobile> virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf && virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf[09:25:23] <gavimobile> they are both connected to my mysql db[09:25:34] <gavimobile> and my 1 user that I have has a quota size of 0[09:26:11] *** pj has quit IRC[09:26:18] *** wdp has joined #postfix[09:26:18] *** wdp has joined #postfix[09:34:27] *** UQlev has quit IRC[09:46:32] *** v0lZy has joined #postfix[09:52:19] <gavimobile> setting mailbox_size_limit=0 seems to have solved my problem.[09:52:39] <gavimobile> I have another problem though, my mails are being sent with no date/time[10:12:01] *** grossing has quit IRC[10:13:42] *** grossing has joined #postfix[10:17:31] <gavimobile> is this a postfix issue, can't find anything about it onlin[10:21:15] *** pj has joined #postfix[10:35:00] *** pj has quit IRC[10:36:26] *** pj has joined #postfix[11:03:06] <gavimobile> is this a postfix issue?[11:15:32] *** roentgen has joined #postfix[11:16:38] *** grossing has quit IRC[11:19:00] <gavimobile> fixed by changing timezone in my phpfile[11:25:24] *** CybrFyre has quit IRC[11:27:52] *** CybrFyre has joined #postfix[11:29:57] *** roentgen has quit IRC[11:30:12] *** roentgen has joined #postfix[11:37:27] *** dragonheart has quit IRC[11:42:50] *** Cromulent has joined #postfix[11:44:12] *** hays_ has joined #postfix[11:44:20] *** hays has quit IRC[11:47:14] *** Eagleman has joined #postfix[11:49:31] *** hays has joined #postfix[11:49:43] *** hays_ has quit IRC[11:51:17] *** donmichelangelo has joined #postfix[11:54:00] *** jarif has quit IRC[11:59:58] *** guigouz has joined #postfix[12:00:14] *** guigouz is now known as Guest88787[12:03:28] *** Cromulent has quit IRC[12:03:37] *** roentgen has quit IRC[12:11:07] *** Bry8Star has quit IRC[12:19:25] *** Bry8Star has joined #postfix[12:40:45] <gavimobile> why am I getting this in my logs ? disconnect from unknown[127.0.0.1][12:41:29] <gavimobile> my hostname looks fine so does my /etc/hosts file[12:46:47] *** Cromulent has joined #postfix[12:47:13] *** mibofra has joined #postfix[12:47:40] *** gu1lle_ has quit IRC[12:53:49] *** gavimobile has quit IRC[12:54:30] *** Eagleman has quit IRC[12:54:54] *** gavimobile has joined #postfix[12:57:54] *** Cromulent has quit IRC[13:01:25] *** coldark has joined #postfix[13:05:22] *** mechanicalduck has joined #postfix[13:11:01] *** cboltz has joined #postfix[13:19:28] *** chris_ has joined #postfix[13:20:29] *** mechanicalduck has quit IRC[13:21:11] *** mechanicalduck has joined #postfix[13:25:23] *** mibofra has quit IRC[13:29:27] *** mibofra has joined #postfix[13:29:27] *** mibofra has joined #postfix[13:29:31] *** coldark has quit IRC[13:29:44] *** coldark has joined #postfix[13:36:34] *** grossing has joined #postfix[13:46:24] <cboltz> coldark just told me (in another channel) that he can't write in this channel (error message: "Cannot send to channel")[13:46:33] <cboltz> does someone have an idea why this could happen?[13:48:24] *** pundit has joined #postfix[13:49:23] *** pundit has left #postfix[13:50:30] <Zerberus> cboltz: he should start by registering to freenode[13:53:30] *** ogny has quit IRC[13:56:00] *** coldark has quit IRC[13:56:14] *** coldark has joined #postfix[14:01:15] <coldark> try[14:01:25] <coldark> is working :=[14:01:28] <coldark> :)[14:01:51] <coldark> Hi, Anybody can help me?, I ´ve this problem. PD: to protect the server some directions has been changed[14:01:51] <coldark> http://pastie.org/8071690[14:02:03] <coldark> This server of destination is active[14:02:03] <coldark> http://pastie.org/8071709[14:02:10] <coldark> this is postfix config[14:02:10] <coldark> http://pastie.org/8071750[14:05:17] <Zerberus> coldark: can you "telnet 173.194.66.27 25"?[14:05:32] <coldark> yes is working[14:06:34] <JPT> maybe the machine has multiple network interfaces and the smtp client binds to a different one than the default?...[14:07:08] <Zerberus> myhostname = gnupanel001.host is not valid[14:07:26] <coldark> sorry isn´t working[14:08:04] <coldark> telnet 173.194.66.27 25[14:08:04] <coldark> Trying 173.194.66.27...[14:08:04] <coldark> telnet: Unable to connect to remote host: Connection timed out[14:08:08] <Zerberus> coldark: so you cannot telnet the gmail server? then either your hoster is blocking port 25 outbound or there is anohter firewall in front[14:09:55] <coldark> but when i use traceroute and work[14:10:01] <coldark> but when i try[14:10:05] <coldark> host 173.194.66.27 127.0.0.1[14:10:05] <coldark> Using domain server:[14:10:06] <coldark> Name: 127.0.0.1[14:10:06] <coldark> Address: 127.0.0.1#53[14:10:06] <coldark> Aliases:[14:10:06] <coldark> 27.66.194.173.in-addr.arpa domain name pointer we-in-f27.1e100.net.[14:11:11] <Zerberus> coldark: what should a traceroute demonstrate? UDP != TCP/25[14:12:56] *** chris_ has quit IRC[14:14:33] <coldark> traceroute -p 25 173.194.66.27[14:14:33] <coldark> traceroute to 173.194.66.27 (173.194.66.27), 30 hops max, 60 byte packets[14:14:33] <coldark> 1 1-21.251.64.serverpronto.com (64.251.21.1) 0.622 ms 1.021 ms 1.175 ms[14:14:33] <coldark> 2 ge2-edge.mia.infolink.com (64.251.0.145) 0.383 ms 0.445 ms 0.364 ms[14:14:34] <coldark> 3 204.88.31.81 (204.88.31.81) 1.202 ms 1.020 ms 1.310 ms[14:14:34] <coldark> 4 m1070-nap-10ge-2-0-0.fplfn.net (208.67.166.66) 0.918 ms 0.909 ms 0.820 ms[14:14:34] <coldark> 5 * * *[14:14:35] <coldark> 6 * * *[14:14:35] <coldark> 7 * * *[14:14:36] <coldark> 8 * * *[14:14:36] <coldark> 9 * * *[14:14:37] <coldark> 10 * * *[14:14:37] <coldark> 11 * * *[14:14:38] <coldark> 12 * * *[14:14:41] <JPT> stooop[14:14:53] <coldark> sorry[14:15:11] <JPT> looks like your isp filters such traffic[14:15:51] <coldark> is rear because is a hosting server ISP[14:16:06] <JPT> check their terms and conditions...[14:16:36] *** mechanicalduck has quit IRC[14:18:17] <Zerberus> coldark: your traceroute with -p 25 is pointless as it uses UDP[14:19:00] *** dragonheart has joined #postfix[14:20:51] <coldark> Thanks JPT i´m talk with support and they use mail relay server pronto blocked 25 port[14:21:18] <Zerberus> exactly what I told you[14:24:07] *** dragonheart has quit IRC[14:25:58] <coldark> i right now i talk with the support of pronto and respond that they blocked the 25 port[14:33:41] *** jarif has joined #postfix[14:41:43] *** hays_ has joined #postfix[14:43:07] *** hays has quit IRC[14:56:09] *** Guest88787 has quit IRC[15:01:38] *** coldark has quit IRC[15:25:16] *** ced117 has joined #postfix[15:28:36] *** master_o1_master has quit IRC[15:29:06] *** gavimobile has joined #postfix[15:29:39] <gavimobile> hey folks, when I send a message the headers show from localhost (unknown [127.0.0.1]), what must be changed so that it won't say that[15:30:29] *** master_of_master has joined #postfix[15:31:47] <Zerberus> gavimobile: fix your /etc/hosts[15:32:38] <gavimobile> Zerberus: thanks for your response, could you have a look? http://pastebin.com/0UxseW68[15:33:08] <gavimobile> I thought it might have to do with my /etc/resolv.conf file instead[15:33:27] <Zerberus> does 127.0.0.1 resolve by DNS?[15:34:09] <gavimobile> Zerberus: how can I check please? nslookup 127.0.0.1[15:34:56] <rob0> Received: from <helo-hostname> (<fcrdns-hostname>[ip.add.re.ss])[15:35:55] *** cetanu has quit IRC[15:36:15] <gavimobile> rob0: no idea, here is my header http://pastebin.com/xK5md29t[15:37:01] <rob0> I just told you how Postfix constructs a Received: header. I don't have time to walk you through it.[15:38:18] <gavimobile> rob0: I understand, could you possibly tell me what I should be looking up in google? or a file location /variable of what needs to be edited??[15:39:13] *** aarcane has quit IRC[15:41:19] <rob0> I don't know what you're not understanding. And I strongly suspect an "XY" problem here, that is: when you get what you're trying to get, the actual problem won't be solved.[15:41:33] <rob0> !xy[15:41:33] <knoba> rob0: "xy" : (#1) The XY problem is that you want to do X, but don't know how. You think that you can solve X by doing Y, so you ask us how to do Y. We tell you that's an odd problem to want to solve. Just ask us about the real problem., or (#2) http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...[15:42:25] <gavimobile> rob0: from what I understood from you, I would like to change how postfix outputs my headers.[15:44:12] *** aarcane has joined #postfix[15:45:01] <Zerberus> gavimobile: what do you expect your received header say?[15:46:40] *** averagecase has joined #postfix[15:46:59] <rob0> (and WHY do you think you need to change it? Zerberus already answered how to fix the "unknown" part.)[15:51:13] <gavimobile> Zerberus: well instead of unknown 127.0.0.1 it would be nice if it displayed something like myhostname with my external ip[15:51:46] <gavimobile> rob0 he answered something different from what you answered. and I don't know what's wrong with my hosts file[15:52:10] <gavimobile> was hopeing someone in the channel can spot my mistake if there is one in the hosts file[15:52:30] *** grknight has joined #postfix[15:53:00] <gavimobile> the post is now expired here it is again http://pastebin.com/9x4Gu3QY[15:56:49] <Zerberus> gavimobile: a) the mail is handed over by amavisd-new to postfix over the localhost device b) why do you care for that being localhost? that's fine[15:57:45] <gavimobile> Zerberus: should look like this Received: from [54.218.8.125] (helo=mail.israelhosting.tk)[15:57:52] <gavimobile> or something like that[15:58:01] <rob0> W-H-Y[15:58:06] <gavimobile> but now that you mentioned it, ill have a look at the amavisd logs[15:58:23] <gavimobile> rob0: no reason, it just looks more astetic in MY eyes[15:58:28] <rob0> ah[16:14:46] <Patrickdk> well, if you didn't use 127.0.0.1 it wouldn't log that[16:14:51] <Patrickdk> change amavis to use your external ip[16:15:22] <Patrickdk> really don't understand why people thing exposing 127.0.0.1 is a security risk[16:16:25] <rob0> gavimobile didn't say "security risk", it was aesthetics :)[16:16:34] <Patrickdk> well, in this case[16:16:47] <Patrickdk> normally it's people not wanting infomation disclosure[16:21:27] *** grknight has quit IRC[16:29:07] *** averagecase has quit IRC[16:30:08] *** donmichelangelo has quit IRC[16:30:28] *** donmichelangelo has joined #postfix[16:31:56] *** Cromulent has joined #postfix[16:36:47] <Fonzie> Quick question, can sa-learn be used with wildcards? Like this: sa-learn --spam /var/vmail/*/*/.INBOX.Spam[16:39:50] <Zerberus> Fonzie: did you try that?[16:47:25] *** averagecase has joined #postfix[16:54:49] *** tld has quit IRC[17:03:12] <Fonzie> Zerberus: Yes, but im not sure if it really works.[17:03:25] <Fonzie> And even if its a good way to do sa learning[17:04:07] <Fonzie> I host multiple virtual domains, and i cant really find any good documentation on how to implement a learning routing across accounts.[17:04:22] <adaptr> I presume spamasassin has a mailing list[17:04:29] <adaptr> I know it has a freenode channel[17:04:35] <Fonzie> Im thinking, will user A's "mark as spam" also affect user B?[17:04:50] <adaptr> Fonzie: those were Hints[17:05:17] <Fonzie> adaptr: I see what your trying to say, but there is no activity on those small subject channels.[17:05:26] <adaptr> and ?[17:06:58] <Zerberus> Fonzie: I do not see any reason for such a manual process, sa has autolearning, which is sufficient[17:07:36] <Patrickdk> what?[17:07:48] <Patrickdk> autolearning can get you into trouble very very quickly[17:08:12] <Patrickdk> and autolearning is only as good as what it knows, oviously this is why you need to manually learn[17:09:12] *** Eagleman has joined #postfix[17:10:48] *** Cromulent has quit IRC[17:13:16] *** Olipro has quit IRC[17:21:07] *** Guest96102 has joined #postfix[17:21:54] *** Guest96102 has left #postfix[17:22:32] *** Guuest45818 has joined #postfix[17:22:35] <Guuest45818> Hi[17:23:10] *** Olipro has joined #postfix[17:23:24] <Guuest45818> I want to use postfix as backup mx. I can then also use SSL / TLS?[17:23:44] <lunaphyte> don't use a backup mx.[17:23:47] <lunaphyte> it's not 1990[17:23:53] <lunaphyte> what's the actual problem you're trying to solve?[17:24:08] <Guuest45818> :)[17:25:05] <Guuest45818> but yes the backup is running accepts no SSL connections to[17:25:21] <Patrickdk> lunaphyte you don't have your 80's hair anymore?[17:25:28] <lunaphyte> you don't need a backup mx[17:25:38] *** mechanicalduck has joined #postfix[17:26:20] <Guuest45818> lunaphyte: I have now heard many times. thank you[17:26:27] <lunaphyte> ah, good.[17:27:15] <Guuest45818> by others too. I have not tested it.[17:27:25] <tharkun> lunaphyte: Have you made an ldap package for ubuntu or debian?[17:27:43] <lunaphyte> what's an ldap package?[17:28:09] *** mechanicalduck has quit IRC[17:28:22] <tharkun> some files debianites identify because they end in .deb )[17:28:54] <lunaphyte> i know what a package is :) but what's an "ldap" package?[17:29:06] <tharkun> open-ldap[17:29:15] <lunaphyte> oh[17:29:18] <lunaphyte> openldap[17:29:20] <lunaphyte> no[17:29:35] *** mechanicalduck has joined #postfix[17:29:39] <Guuest45818> does anyone know if it goes well with SSL?[17:29:58] <lunaphyte> it doesn't go well with anything.[17:30:16] <lunaphyte> it's a spam and hacking magnet[17:30:51] <Guuest45818> lunaphyte: do you have a link that I will not use backup?[17:30:56] <Patrickdk> not even with grey poupon?[17:31:07] <tharkun> lunaphyte: so you compile from source nice.[17:31:22] <lunaphyte> no[17:31:40] <lunaphyte> i mostly use the ubuntu packages[17:31:57] *** bluenemo has joined #postfix[17:32:21] <bluenemo> hi guys, i was wondering where i can set the location for the mail dir in postfixadmin, when i use it to create a new mailbox it currently creates /var/vmail/test at foobar dot com but i want it to create /var/vmail/foobar.com/test/[17:32:42] <Patrickdk> bluenemo, ask postfixadmin?[17:32:44] <lunaphyte> you can ask for help with postfixadmin in #postfixadmin[17:32:54] <lunaphyte> that's where people who want to talk about it will be[17:33:10] <tharkun> lunaphyte: are there many differences between the ubuntu and the debian package[17:33:18] <lunaphyte> tharkun: yeah[17:33:49] <bluenemo> ah ok thank you[17:33:56] <lunaphyte> Guuest45818: i don't know what link that would be. there's nothing to link.[17:34:16] <Guuest45818> ok[17:34:33] <lunaphyte> it's just something that experienced mail admins know[17:34:47] <lunaphyte> it comes form an awareness of how email works[17:34:49] <lunaphyte> *from[17:34:58] <tharkun> lunaphyte: Thanks I'll bug you later after compiling an ubuntu package on debian :)[17:35:13] <lunaphyte> once you understand thoroughly how email works, it's clear that backup mxes are harmful, not helpful.[17:35:22] <lunaphyte> tharkun: heh :)[17:35:51] *** averagecase has quit IRC[17:38:45] *** Cromulent has joined #postfix[17:39:24] *** Guuest45818 has quit IRC[17:44:55] *** Eagleman has quit IRC[17:48:44] *** wallzero has quit IRC[17:50:03] *** wallzero has joined #postfix[18:01:56] *** Cromulent has quit IRC[18:02:54] *** akcx1 has quit IRC[18:14:52] *** UQlev has joined #postfix[18:19:47] *** akcx1 has joined #postfix[18:28:49] *** jarif has quit IRC[18:37:25] *** Cromulent has joined #postfix[18:41:29] *** wallzero has quit IRC[18:42:34] *** wallzero has joined #postfix[18:45:45] *** jarif has joined #postfix[18:45:57] *** bluenemo has quit IRC[18:48:07] *** jarif has quit IRC[18:52:55] *** Cromulent has quit IRC[19:11:06] *** Cromulent has joined #postfix[19:11:44] *** Cromulent has quit IRC[19:23:56] *** bungalo has joined #postfix[19:27:27] *** wdp_ has joined #postfix[19:29:59] *** nclx has joined #postfix[19:31:07] *** wdp has quit IRC[19:31:10] *** nclx has quit IRC[19:55:25] *** nb is now known as i[19:55:35] *** i is now known as nb[19:59:30] *** Cromulent has joined #postfix[20:04:42] *** gavimobile has left #postfix[20:20:51] *** UQlev has quit IRC[20:33:50] *** Eagleman has joined #postfix[20:51:46] *** cristian_ has left #postfix[21:00:45] *** Cromulent has quit IRC[21:04:09] *** cboltz has left #postfix[21:09:49] <adaptr> unhelpful would be a better term[21:10:24] <adaptr> if you have a separate mail store, you can certainly provide multiple frontends easily, but they should all be the same priority - it makes no sense to prefer one over the other[21:11:16] *** higuita has quit IRC[21:13:27] *** NightTrain has quit IRC[21:14:28] *** higuita has joined #postfix[21:26:56] *** Gm4n has quit IRC[21:27:33] *** Cybert1nus is now known as Cybertinus[21:29:06] *** Gm4n has joined #postfix[21:42:45] *** fasta_ is now known as fasta[21:51:26] *** mechanicalduck has quit IRC[22:05:26] *** ced117 has quit IRC[22:30:39] *** bungalo has quit IRC[22:37:58] *** mechanicalduck has joined #postfix[22:46:48] *** Borg has quit IRC[22:48:41] *** mechanicalduck has quit IRC[22:55:43] *** biggimat has quit IRC[23:12:20] *** v0lZy has quit IRC[23:15:10] *** mechanicalduck has joined #postfix[23:22:07] *** wdp_ has quit IRC[23:23:27] *** mechanicalduck_ has joined #postfix[23:25:07] *** mechanicalduck has quit IRC[23:32:34] *** Eagleman has quit IRC[23:40:28] *** hadifarnoud has joined #postfix[23:42:29] <hadifarnoud> I have spam abuse problem. my server is being used by someone to send spam. i checked for open relay. the only thing I did a few days ago was setting up squid proxy. not sure how they got access to my server[23:42:33] <hadifarnoud> can anyone help?[23:43:08] <lunaphyte> share your logs which demonstrate this[23:44:09] <hadifarnoud> https://gist.github.com/hadifarnoud/a12676ea8562dba666bd[23:44:55] *** grossing has quit IRC[23:45:26] <hadifarnoud> I also deleted all the mails in queue.[23:46:24] <lunaphyte> find another mail in the queue and pastebin the contents via postcat[23:46:47] <lunaphyte> uses the queue ids to track the mail back to where it entered your system[23:46:50] <lunaphyte> *use the[23:47:12] <hadifarnoud> lunaphyte: mailq is empty as I deleted them all[23:47:39] <lunaphyte> you said that already[23:48:10] <hadifarnoud> how can I find another mail in the queue then?[23:48:56] <lunaphyte> i'm confused[23:49:04] <lunaphyte> you think there will be no more abuse of your server?[23:50:24] <hadifarnoud> not sure when. I'll come back then[23:51:09] <lunaphyte> perform suggestion two in the meantime, yes?[23:52:13] <hadifarnoud> lunaphyte: I don't know how :([23:52:23] <lunaphyte> man grep[23:53:28] <hadifarnoud> https://gist.github.com/hadifarnoud/a12676ea8562dba666bd[23:53:32] <hadifarnoud> called trace.log[23:57:19] <hadifarnoud> lunaphyte: that doesn't tell us much, does it?[23:59:43] *** mibofra has quit IRC