June 26, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 26, 2013 [00:06:19] <Patrickdk> thumbs, no need to wait :)[00:06:31] *** sep has quit IRC[00:06:34] *** sepski has joined #postfix[00:08:16] <adaptr> eurozone fuck yeah![00:08:34] <adaptr> we all live in the wednes-des-des-day, wednes-des-des-day, wednes-des-des-day[00:08:45] * thumbs kills adaptr on a Friday[00:09:26] <adaptr> I'll mark it in my cal-aargh[00:09:45] <thumbs> adaptr: I hope you got the reference.[00:09:54] <adaptr> sorry.[00:10:17] <thumbs> adaptr: Ref: Last name, Black.[00:12:23] <Wamphyri> adaptr, quick questions, from what you had knoba post does that reffer to that every ip i plan on using and every domain i plan on sending email to needs to me listed?[00:12:37] <adaptr> thumbs: still nothing, sorry[00:12:52] <thumbs> adaptr: Ref: First name, Jessica.[00:13:03] <adaptr> nope, nothing.[00:13:13] <thumbs> adaptr: annoying song called "Friday"[00:13:24] <thumbs> adaptr: ask seekwill, it's his favourite song.[00:13:25] <adaptr> ah, that would be it, then. I avoid annoying songs[00:13:44] <adaptr> Wamphyri: which post specifically are you referring to[00:14:04] <Wamphyri> !relay_denied[00:14:04] <knoba> Wamphyri: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[00:15:44] *** jimiller has quit IRC[00:16:26] <Wamphyri> adaptr that one[00:16:38] <adaptr> okay[00:17:54] *** mibofra has quit IRC[00:18:00] *** Ahti333_ has quit IRC[00:18:59] *** ankso_ has quit IRC[00:19:10] *** Kamal_ has quit IRC[00:19:11] *** Verilium has quit IRC[00:19:12] *** alexbst has quit IRC[00:19:13] *** sp00kz has quit IRC[00:19:15] *** err-or has quit IRC[00:19:15] *** Bry8Star has quit IRC[00:19:33] <rob0> Wamphyri, what is the problem? !relay_denied refers to two basic types of problem.[00:20:05] *** ankso_ has joined #postfix[00:20:50] *** master_o1_master has joined #postfix[00:21:28] <Wamphyri> rob0 i'm getting 554 relay access denied when trying to send a email from postfix -> hotmail using outlook[00:21:44] <Wamphyri> user does auth[00:23:03] <rob0> you set up SASL AUTH but relaying is still denied?[00:23:11] <Wamphyri> yes sir[00:23:36] <Wamphyri> i have been digging around in the virtual domains and what not as well but it all links to mysql[00:23:55] <rob0> SASL_README.html#server_sasl_authz[00:23:56] <adaptr> ...signifying nothing[00:23:58] <rob0> !sasl[00:23:58] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[00:24:07] *** master_of_master has quit IRC[00:24:07] *** Blacklite has quit IRC[00:24:29] <rob0> What is your Postfix version?[00:25:13] *** danblack has joined #postfix[00:25:16] *** Ahti333 has joined #postfix[00:25:41] *** Blacklite has joined #postfix[00:26:04] <Wamphyri> mail_version = 2.7.1[00:28:54] <rob0> see the second example[00:35:58] <Wamphyri> rob0 excuse my stupidity please[00:36:12] <Wamphyri> for the testing sasl auth[00:36:29] <Wamphyri> EHLO blahblah should i use the client.example.com?[00:38:11] *** MaximusColourum has quit IRC[00:42:16] <Wamphyri> rob0 http://pastebin.ca/2408028[00:42:53] <Wamphyri> thats what shows when i run outlook[00:43:34] <Wamphyri> so outlook is authenticating from that, but if i try sending a email to hotmail via outlook i get relay errors[00:43:52] <Wamphyri> so adaptr "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination,[00:43:53] <Wamphyri> relay_domains or virtual_*_domains).[00:44:26] <danblack> Wamphyri: looks like outlook didn't auth over smtp[00:44:47] <Wamphyri> danblack theres no error's tho?[00:46:18] *** stljim has joined #postfix[00:47:07] <danblack> look at the outlook config.[00:47:37] *** Kamal_ has joined #postfix[00:47:38] <danblack> there[00:47:47] <danblack> 's no error but its not doing what you want is it?[00:47:59] *** Kamal_ is now known as Guest92115[00:47:59] <rob0> !outlook[00:48:00] <knoba> rob0: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us[00:48:30] *** internat has quit IRC[00:48:32] <rob0> One thing Outlook is known to do is to fail silently on AUTH and try to send anyway.[00:49:22] <rob0> and indeed, AUTH was not attempted.[00:50:06] <Wamphyri> wouldn't the server show it failed?[00:52:41] <rob0> if AUTH was not attempted what kind of failure should it log?[00:52:54] <Wamphyri> point being unless i'm missing something in the logs it authed using stls[00:53:19] <rob0> older outlooks don't do STARTTLS[00:53:44] <Wamphyri> 2007[00:54:05] <rob0> smtpd_tls_loglevel=1[00:54:17] <Wamphyri> into main.cf?[00:56:19] *** danblack has quit IRC[00:56:58] *** tmberg has quit IRC[01:02:33] *** Verilium has joined #postfix[01:02:33] *** alexbst has joined #postfix[01:02:33] *** sp00kz has joined #postfix[01:03:43] *** grossing has quit IRC[01:03:55] *** err-or has joined #postfix[01:05:47] *** Bry8Star has joined #postfix[01:08:29] *** danblack has joined #postfix[01:09:08] <Wamphyri> rob0 http://pastebin.ca/2408115[01:10:26] <tharkun> !relaydenied[01:10:26] <knoba> tharkun: "relaydenied" : see !relay_denied[01:10:32] <tharkun> !relay_denied[01:10:33] <knoba> tharkun: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[01:10:41] <Wamphyri> tharkun yes i know[01:10:55] *** grossing has joined #postfix[01:12:37] <Wamphyri> which is wrong? from what i can from the logs i authed just fine, no one has answered if i need to put in all the ip's i plan on using and all the domains i plan on email into the configuation as well[01:14:24] <rob0> There should have been an AUTH line logged between lines 6 and 7. AUTH was not attempted.[01:14:40] <Wamphyri> trying thunderbird[01:14:49] <rob0> tbird will work[01:15:21] <Wamphyri> while i wait, what would stop postfix from receiving email from hotmail?[01:15:52] <rob0> the "trick" usually is to enable Microsoft's silly SASL LOGIN mechanism[01:15:54] <tharkun> "Anonymous TLS connection" doesn't mean you are authenticating at all[01:16:34] <rob0> tharkun, right, but it does say that the client did STARTTLS, which was a problem in older outlook[01:17:00] <rob0> Have you considered not supporting Outlook?[01:17:27] <rob0> You'll gain much security and sleep better at night. :)[01:17:32] <Wamphyri> server is only for me so doesn't matter to me what i use[01:18:18] <rob0> See, Outlook in combination with Internet Explorer is dangerous. Click on a hostile link and you become a spam source.[01:18:52] <Wamphyri> i would be running linux on my desktop but the wife doesn't even know what linux is lol[01:20:04] <rob0> We all have our own computers in my home, and the last Windows was eradicated ~4 years ago. /dev/wife has a dual-head Linux desktop and an Android tablet.[01:20:53] <pajamian> yeah, my wife was the last holdout here as well, been years now since any of us have run windoze.[01:21:15] <rob0> Actually my kid was the last holdout, because of games.[01:21:40] <rob0> and she got malware, and I wouldn't fix it :)[01:21:49] *** cetanu has joined #postfix[01:23:02] <pajamian> hahah[01:23:17] <pajamian> my problem now is getting my wife to let me upgrade her computer[01:23:31] <Wamphyri> well i don't feel like having to teach my 3 , 7 , 8 year old the different gui yet[01:23:36] <Wamphyri> http://pastebin.ca/2408119[01:23:45] <Wamphyri> thats what i get from tbird[01:23:49] <pajamian> she's on a very old version of ubuntu and doesn't want to change anything.[01:23:57] <thumbs> a 7 year old kid will learn *anything* in a matter of days.[01:24:34] <Wamphyri> thumbs i agree, but my step daugter is dumb as a stump when it comes to reading[01:24:58] <Wamphyri> previously her grand parents and mother never "enforced reading time[01:25:46] <pajamian> Jun 25 19:21:59 velocity-line-striping postfix/smtpd[8795]: warning: TLS library problem: 8795:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1108:SSL alert number 48:[01:25:53] <pajamian> I'd say that's yur problem.[01:25:56] *** pajamian is now known as pj[01:26:04] <pj> were you getting that with outlook?[01:26:08] <Wamphyri> nope[01:26:13] <Wamphyri> never showed with outlook[01:26:38] <pj> you have two messages there, did you try sending two?[01:26:46] <Wamphyri> just one[01:27:49] <pj> well, it re-connected and tried resending then for some reason[01:27:56] <pj> and didn't have the TLS problem the second time around[01:28:41] <pj> at any rate it's relay denied the second time[01:28:48] <pj> !tell Wamphyri relay_denied[01:28:48] <knoba> Wamphyri: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[01:28:48] <Wamphyri> might have been a certificate issue that i had to download?[01:28:55] *** Guuest45818 has left #postfix[01:28:57] <Wamphyri> omg people[01:29:14] <Wamphyri> you guys saying i didn't auth[01:29:21] <Wamphyri> tbird is saying i did ffs[01:29:27] <Wamphyri> outlook is saying i did[01:29:30] <pj> where?[01:29:37] <pj> I don't see any auth line in there.[01:29:49] <Wamphyri> then why isn't it trying to authenicate?[01:29:53] <pj> you show me where in that log you think it says you authed.[01:30:10] <Wamphyri> [19:14] <rob0> tbird will work[01:30:35] <pj> tbird will work, if it's correctly configured and postfix is correctly configured.[01:30:44] <pj> what rob0 was referring to was this...[01:30:46] <pj> !outlook[01:30:46] <knoba> pj: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us[01:31:09] <Wamphyri> ok sorry[01:31:14] <jelly-home> Wamphyri: authentication for reading mail is different (and separately configured!) from authentication for sending, it's quite possible tb is not configured to do smtp auth[01:31:43] <pj> Wamphyri: what's the IP address of your server?[01:31:52] <Wamphyri> http://gyazo.com/f0160a9a9e525aa5e07c2ee0fb0518f4[01:32:28] <pj> Wamphyri: what's the IP address of your server?[01:32:29] <Wamphyri> http://pastebin.ca/2408121[01:32:35] <Wamphyri> second post[01:32:40] <Wamphyri> first is the tbird setup[01:33:08] <pj> I'm going to connect to your server and see if it's offering auth[01:33:30] <Wamphyri> ok[01:34:36] <Wamphyri> i see you connected[01:34:54] <Wamphyri> lost connection after EHLO[01:35:10] <pj> yes, I tried both plaintext and with tls, and both times it offered AUTH.,[01:35:49] <pj> !sasl_test[01:35:49] <knoba> pj: "sasl_test" : http://www.postfix.org/SASL_README.html#server_test[01:35:55] <pj> Wamphyri: ^^^^^^^[01:36:00] <pj> try that.[01:37:25] <Wamphyri> with the ehlo line do[01:37:54] <Wamphyri> might seem simple but i have tried both what it said the client etc and it failed on auth[01:38:23] <Wamphyri> i also tried using my local server name and it failed, is there a way i'm supposed to get special auth line for myself?[01:39:26] <rob0> Are you using submission or port 25?[01:39:34] <thumbs> ugh[01:39:36] <pj> oh, true, I should check submission[01:39:42] <pj> meh, I just woke up[01:39:44] <pj> one sec[01:40:32] <pj> auth is offered on submission, but only for TLS[01:40:35] <pj> this is fine.[01:41:34] <pj> Wamphyri: do the sasl test, but you need to use openssl s_client for it instead of telnet.[01:41:37] <pj> and on port 587[01:45:22] *** donmichelangelo has quit IRC[01:45:43] *** donmichelangelo has joined #postfix[01:55:31] *** tmberg has joined #postfix[02:06:28] *** hparker has quit IRC[02:08:16] *** hparker has joined #postfix[02:08:16] *** hparker has joined #postfix[02:13:01] *** stljim has quit IRC[02:39:21] *** trusktr has joined #postfix[02:45:55] *** stljim has joined #postfix[03:06:26] *** pajamian has joined #postfix[03:08:26] *** pj has quit IRC[03:21:05] *** hadifarnoud has joined #postfix[03:31:57] *** RadoQ has quit IRC[03:32:13] *** magyar has joined #postfix[03:32:13] *** magyar has joined #postfix[03:39:24] *** err-or has quit IRC[03:39:54] *** err-or has joined #postfix[03:46:01] <Wamphyri> adaptr you stil around sir?[03:51:54] <Wamphyri> anyone might be able to help me with a issue i'm having about relay_denied[04:03:12] *** nubianz has joined #postfix[04:06:24] <Patrickdk> !ask[04:06:24] <knoba> Patrickdk: "ask" : Please regard http://workaround.org/getting-help-on-irc and don't ask to ask, just ask. (after you've read 'getting help')[04:06:42] <Patrickdk> !relay_denied[04:06:42] <knoba> Patrickdk: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[04:08:09] <Wamphyri> Patrickdk, what do i put into mynetworks = to accept from all ip's?[04:08:15] <Wamphyri> i use username and password to auth[04:08:37] <Patrickdk> 127.0.0.1[04:08:56] <Patrickdk> oviously, you have no idea what mynetworks is[04:09:09] <Patrickdk> !mynetworks[04:09:09] <knoba> Patrickdk: "mynetworks" : a configuration parameter in the main.cf: The list of "trusted" SMTP clients that can relay email.[04:09:09] <Wamphyri> originally i had this mynetworks = 127.0.0.0/8 [::1]/128 and it would always relay_denied[04:09:19] *** soosfarm has quit IRC[04:09:29] <Wamphyri> i changed it to this mynetworks = 127.0.0.0/8 [::1]/128 192.168.1.112 216.8.181.179[04:09:31] *** soosfarm_ has joined #postfix[04:09:31] <Patrickdk> yes, but explain why relay_denied == mynetworks is wrong?[04:09:31] <Wamphyri> and now it works[04:09:44] <Wamphyri> problem is i also use my cell phone to gather email if i'm afh[04:09:53] <Patrickdk> yes, it works now, and anyone at those ip addresses can spam everyone in the world[04:09:59] <Patrickdk> so remove it, put it back like it was[04:10:05] <Patrickdk> and fix what is wrong[04:10:08] <Wamphyri> how if it requires a usename and password[04:10:10] <Patrickdk> mynetworks was not wrong[04:10:29] <Patrickdk> Wamphyri, where are the logs that showed you used username/password?[04:10:36] <Patrickdk> cause I seriously doubt there are any[04:11:07] <Patrickdk> you like completely missed reading the channel topic?[04:11:18] <Patrickdk> logs showing the issue, and postconf -n[04:12:11] <Wamphyri> [15:50] <Wamphyri> http://pastebin.ca/2407990[04:12:22] <Wamphyri> no i didn't[04:12:53] <Patrickdk> ok, where in that log does it say, SASL LOGIN user xxxxxx?[04:12:58] <Wamphyri> http://pastebin.ca/2408190[04:13:03] <Wamphyri> line 05[04:13:23] <Patrickdk> what logs/config pastebin is accurate?[04:13:25] <Patrickdk> your posted two?[04:13:33] <Wamphyri> second one is what i just did[04:13:44] <Patrickdk> ok, and where is the issue?[04:13:48] <Wamphyri> first was just to show that i did read the topic , but 7 hours ago[04:14:18] <Wamphyri> first log was before the modification to mynetworks[04:14:18] <Patrickdk> you said relay denied, but that pastebin has no denied[04:14:25] <Patrickdk> well, that doesn't help at all[04:14:29] <Patrickdk> fix mynetworks[04:14:33] <Wamphyri> ok wait[04:14:54] <Wamphyri> http://pastebin.ca/2407990 this is the original mynetworks with relay errors[04:15:02] <Patrickdk> I can only assume what you post is 100% completely accurate[04:15:16] <Wamphyri> this is the http://pastebin.ca/2408190 modified mynetworks that worked[04:15:22] <Wamphyri> understand?[04:15:24] <Patrickdk> that post is bad[04:15:29] <Patrickdk> it's not what is *current*[04:15:32] <Patrickdk> therefor useless[04:15:40] <Patrickdk> that post has no sasl login[04:15:46] <Patrickdk> you did sasllogin in the other post[04:15:56] <Patrickdk> so you need to fix mynetworks, and retest, and report[04:15:57] <Patrickdk> repost[04:16:04] <Wamphyri> ok[04:17:01] <Wamphyri> http://pastebin.ca/2408191[04:17:21] <Patrickdk> the sasl login vanished[04:17:47] <Patrickdk> you didn't post postconf -n[04:17:52] <Patrickdk> but it looks like the issue is in master.cf[04:17:57] <Patrickdk> but I can't fix it unless you post both[04:18:10] <Wamphyri> postconf -n[04:18:12] <Wamphyri> http://pastebin.ca/2408193[04:18:24] <Wamphyri> i was working on it :)[04:18:25] *** biggimat has joined #postfix[04:19:06] <Wamphyri> master.cf[04:19:08] <Wamphyri> http://pastebin.ca/2408194[04:19:40] <lunaphyte> postconf -nf; postconf -Mf[04:20:06] <Patrickdk> see line 15[04:20:09] <Patrickdk> in master.cf[04:20:15] <Wamphyri> yup[04:20:17] <Patrickdk> dupicate it as smtpd_recipient_restrictions[04:21:29] <lunaphyte> and turn off smtps too. that's been deprecated for *ages*[04:21:30] <Wamphyri> same for smtps?[04:21:36] <Patrickdk> if you really use smtps[04:21:58] <lunaphyte> you shouldn't be[04:22:34] <Wamphyri> Patrickdk your a saint[04:22:47] <Patrickdk> debian/ubuntu?[04:22:54] <Wamphyri> debian[04:23:18] <Patrickdk> you can probably comment out the smtpd_client lines, but that depends on whatever you ahve the mysql lookups doing in the main.cf for those[04:23:40] <Wamphyri> pretty sure i do[04:24:41] <Wamphyri> yeah i do[04:24:47] <Patrickdk> I know that[04:24:53] <Patrickdk> the question is, WHAT does it do :)[04:24:56] <Wamphyri> ok :P[04:25:07] <Wamphyri> ispconfig[04:25:10] <Patrickdk> you might, or might not want those active, depending[04:25:34] <Wamphyri> its like cpanel[04:25:48] <Patrickdk> I hope not[04:25:54] <Wamphyri> next question, it doesnt receive email[04:25:55] <Patrickdk> not many things can be as bad as cpanel[04:25:59] <Wamphyri> noo[04:26:13] <lunaphyte> ispconfig? yikes.[04:26:14] <Wamphyri> its pretty simple[04:26:18] <lunaphyte> that's not for beginners[04:27:00] <Wamphyri> ispconfig isn't for beginners? i thought it was rather easy to setup[04:27:08] <Patrickdk> your having many issues though[04:27:14] <Patrickdk> that isn't exactly, easy to setup[04:27:32] <Patrickdk> but bed is calling me[04:27:38] <Wamphyri> :( dam[04:27:39] <lunaphyte> ispconfig is for experts who are already significantly experienced with postfix, and more importantly, with running email servers in general, so that they can provide email service to people who aren't email admins.[04:28:09] <Patrickdk> and I thought ispconfig was too simple :([04:28:12] <Wamphyri> lunaphyte no one else using the server beside me[04:28:19] <lunaphyte> ispconfig isn't to be used in order to avoid learning how things work. not sure why everyone seems to think that. it's quite backwards from actual intelligent logic.[04:28:32] *** zooko has joined #postfix[04:28:50] <lunaphyte> no one else but you? then why on earth would you even be using something like ispconfig in the first place? how silly.[04:29:21] <Wamphyri> 5 different domains, how silly i am for wanting to simplify things[04:29:35] <lunaphyte> simplify? heh. that's funny.[04:29:57] <lunaphyte> adding more than is necessary to do something is the exact *opposite* of "simplify".[04:30:23] <lunaphyte> it sort of sounds like you might be thinking that 5 domains is a lot.[04:30:28] <Patrickdk> a simple multidomain management, is postfixadmin[04:31:22] <rob0> One user, and 5 domains?[04:31:26] <Wamphyri> ispconfig is simple to use on my phone[04:31:30] <Wamphyri> ssh is not[04:31:34] <lunaphyte> use on your phone?[04:31:46] <lunaphyte> why would you be using ispconfig on your phone?[04:31:52] <lunaphyte> don't you have a computer?[04:31:57] <rob0> You want !basic and .forward files[04:32:45] <rob0> maybe virtual_alias_maps also, to sort different domain stuff into different IMAP folders[04:32:46] <Wamphyri> lunaphyte i own/run a asphalt company[04:32:55] <lunaphyte> oh, neat.[04:33:12] <Wamphyri> 3 domains route to one[04:33:36] <lunaphyte> so a pretty pedestrian setup, in other words[04:33:44] <Wamphyri> so i deal with equipment biding and quotations etc[04:33:53] <Wamphyri> i'm always on the move[04:33:53] *** pajamian is now known as pj[04:33:59] <lunaphyte> how would that relate to using ispconfig on your phone?[04:34:07] <rob0> pedestrians should stay off the asphalt and use the sidewalk![04:34:09] <jelly-home> pave your way to successful postfix setup?[04:34:13] <lunaphyte> haha[04:34:16] * jelly-home got nothing[04:34:25] <Wamphyri> nice puns lol[04:34:29] <lunaphyte> no i laughed outloud :)[04:34:47] <lunaphyte> it was sort of an under your breath quite laugh, but i heard it[04:34:50] <lunaphyte> *quiet[04:34:57] <rob0> but seriously, some wisdom in that: are you sure you want to do your own email hosting?[04:35:05] <lunaphyte> indeed[04:35:06] <Patrickdk> hmm odd[04:35:19] <Wamphyri> yes i enjoy having full contol over my stuff[04:35:20] <Patrickdk> I totally don't get ispconfig postfix instructions at all, or really, there are none[04:35:30] <Wamphyri> Patrickdk there minor[04:35:45] <lunaphyte> it's just not needed[04:35:53] <lunaphyte> it's not going to solve any problems for you[04:35:57] <lunaphyte> just introduce more[04:36:13] <Patrickdk> ya, no spam filtering, no virus checking, nothing[04:36:31] <Wamphyri> yes it does[04:36:34] <pj> seriously, you're still trying to fix that problem?[04:36:57] <Wamphyri> pj no its fixed now i'm just trying to fix the receiving[04:37:01] <lunaphyte> anyway though, we should get back on topic. for help with ispconfig, you'll want to consult their community. maybe there's even an irc channel.[04:37:14] <Wamphyri> ispconfig is fine[04:37:17] <Wamphyri> its setup[04:37:20] <lunaphyte> if you're going to use ispconfig, then that's what you're using. not postfix[04:37:32] <pj> he "fixed" it by using ispconfig?[04:37:38] <pj> yeah, go away, then[04:37:39] <lunaphyte> it doesn't matter if ispconfig happens to use postfix behind the scenes.[04:37:47] <Patrickdk> no, I fixed it, but it probably broke something in ispconfig[04:38:08] <Patrickdk> but I don't know, I don't use ispconfig[04:38:09] <lunaphyte> that's all internal to ispconfig. you won't want to be poking at all of the internal bits[04:38:27] <Wamphyri> Patrickdk it didn't break anything[04:38:43] <pj> !ispconfig[04:38:43] <knoba> pj: Error: "ispconfig" is not a valid command.[04:38:46] <rob0> I "enjoy" the control too, but this is my business. When something goes wrong, it sucks, but I have to respond ASAP.[04:38:47] <Patrickdk> that depends on your definition of break[04:38:57] <Patrickdk> it probably opened something up wider than it needed to be[04:39:00] <pj> hrmmmmm, well if there were an ispconfig factoid it would probably resemble this one ...[04:39:02] <pj> !zimbra[04:39:02] <knoba> pj: "zimbra" : Zimbra uses a prepackaged version of postfix that is configured via zimbra's console tools. Any and all hand changes made to zimbra's postfix configuration will be overwritten by the zimbra configuration. That Zimbra just happens to use postfix is inconsequential. For zimbra support, see http://www.zimbra.com[04:39:23] <Wamphyri> ispconfig doesn't make changes to the cf files[04:39:33] <lunaphyte> we couldn't say for sure[04:39:37] <Patrickdk> who made those hundreds of changes to main.cf?[04:39:55] <Wamphyri> ispconfig uses mysql for the usernames etc[04:40:05] <rob0> If you're relying on this email for your business, you might want to consider getting hosted somewhere so you can concentrate on business and not have to worry about mail.[04:40:17] <rob0> just a thought ... take it or leave it[04:40:27] <pj> anyways, ispconfig is a panel, just like cpanel, just like plesk, they all have the same issue, they @#$% up your system and changes we tell you to make will get overwritten by the panel.[04:40:29] <Patrickdk> I'm way overdue for bed[04:40:39] <rob0> but mail is indeed very difficult[04:40:41] <lunaphyte> anyway, that's not an intelligent way to approach using that product. if you were to assume ispconfig didn't touch the cf files, then what happens when next week ispconfig changes in how it works and does touch the cf files.[04:40:49] <lunaphyte> cmon, you really need to think this through more logically.[04:41:14] <lunaphyte> like i said, if you use ispconfig, then *that* is what you use[04:41:16] <Wamphyri> pj i did, as well as master.cf[04:41:21] <lunaphyte> *that* is the product you are using[04:41:30] <Wamphyri> ispconfig uses mysql[04:41:40] <Wamphyri> doesn't touch cf files[04:41:43] <lunaphyte> it's ok. we don't need to know[04:41:51] <lunaphyte> it's just it's own product.[04:41:58] <lunaphyte> you can't poke at postfix independently[04:46:26] <rob0> it's just its own product.[04:46:59] <rob0> it's just lunaphyte's exces's apo'strophe's[04:47:30] <rob0> it's ju'st lunaphyte's exce's's apo'strophe's[04:48:20] <rob0> Yes. I suck.[04:48:38] <lunaphyte> where?![04:49:27] <lunaphyte> oh, darn[04:49:32] <lunaphyte> that one snuck in again[04:50:26] <lunaphyte> i think that should count for less points, because it's sharing the sentence with its cousin[04:50:59] <rob0> perhaps, but that does not mean I should not mercilessly poke fun at it.[04:53:49] <lunaphyte> :)[04:54:44] <Wamphyri> what would stop postfix from receiving?[04:55:32] <lunaphyte> you'll want to get with the ispconfig community for support with your ispconfig install[04:58:09] *** gu1lle_ has quit IRC[04:58:19] <rob0> There are exactly 13.37 gazillion things which might stop Postfix from receiving.[04:58:25] <rob0> !wag[04:58:25] <knoba> rob0: "wag" : WAG: Wild-assed guess ... rarely, if ever, of much use in debugging problems. See !welcome and /topic and !debug.[04:59:08] <rob0> but I'm off to bed (at least afk) also[04:59:14] <lunaphyte> same here[04:59:30] *** stljim has quit IRC[05:00:24] <Wamphyri> has nothing to fucking do with ispconfig[05:00:33] <Wamphyri> ispconfig didn't change the config files ffs...[05:00:49] <Wamphyri> but hey its all good[05:01:06] <Wamphyri> Patrickdk thanks again for your help[05:01:12] <Wamphyri> you as well adaptr and pj[05:04:36] *** donmichelangelo has quit IRC[05:05:34] *** donmichelangelo has joined #postfix[05:11:58] *** twb has joined #postfix[05:12:00] *** Ulver_ has joined #postfix[05:13:08] <twb> So I'm trying to clean up a mess where the last sysadmin built blacklists and whitelists from first principles, with sqlite and perl being invoked from a pipe(8) content_filter.[05:14:11] <twb> The first thing that occurs to me is that instead of having a sqlite db of (local user, whitelisted correspondent addresses) I could probably have an aliases-style file[05:14:33] <twb> Hm, maybe I should just get the o'reilly postfix book off the shelf...[05:14:55] <pj> you can have any form of database that postfix will read, sure.[05:14:59] <pj> !tell twb database[05:14:59] <knoba> twb: "database" : http://www.postfix.org/DATABASE_README.html provides an overview of how Postfix lookup tables work, and the various types that are implemented.[05:16:17] <twb> pj: currently it's not being read by postfix, it's being read by this crappy perl. But point taken[05:17:53] <pj> twb: well, I don't know much of anything about your current config, but postfix can certainly read sqlite tables directly.[05:18:06] *** Ulver_ has quit IRC[05:18:36] *** tff has joined #postfix[05:18:55] <twb> I'll pastebin my notes on what the code seems to be doing. Then I gotta go to lunch, but I'll be back soon.[05:19:55] <twb> http://paste.debian.net/12725/[05:20:34] <twb> Probably my first step should be to turn that into functional requirements and get $boss to agree on what it's actually *supposed* to do[05:25:09] <pj> are you so certain that $boss will really care that much about the details of how his email works behind the scenes? he probably just wants to send and receive email and not be inundated with spam.[05:28:36] <twb> No, this is for a prison[05:29:54] <twb> Mostly they want mail to start off by going to the intel team instead of the inmates, then as they whitelist recipients, to allow that stuff to flow normally unless it contains naughty words[05:30:51] <tff> I have a fairly basic question - if I want to use aliases(5) to recieve mail for users who do not have shell accounts, how should I configure the forwarding? The man page specifies either destination address, a local path, or redirected to a command. (In fact I don't really know what a mailbox is.. it's just a file in /var/mail? If I want to forward mail to an external server, is aliases appropriate?)[05:34:31] <pj> ahhhhh, ok[05:35:16] <pj> twb: yeah, I would say get a list of functional requirements first.[05:39:53] *** zooko has quit IRC[05:42:24] *** danblack has quit IRC[05:43:47] <twb> No worries, I'll work on that[05:44:26] <twb> tff: I'm pretty sure you can just say "fred: /var/mail/fred"[05:44:56] <twb> tff: there's two main kinds of mailbox -- an mbox, which is basically just messages catted together, and a maildir, which is one-file-per-message.[05:45:25] <twb> I'm not sure about postfix, but the general convention is "foo" means an mbox and "foo/" means a maildir.[05:46:34] <twb> Aha[05:46:35] <twb> !virtual[05:46:36] <knoba> twb: "virtual" : a way to configure additional domains and user accounts (that do not need to exist in your /etc/passwd). See: http://www.postfix.org/VIRTUAL_README.html[05:46:48] <twb> tff: try that[05:51:26] <tff> Hm, I've realized now that everyone just wants their mail forwarded to an existing, remote address[05:52:30] <twb> tff: then just "fred: fred at example dot net" or so[05:52:32] <tff> I tried setting the aliases in /etc/aliases (e.g., name name at example dot org) and running newaliases, and by the logs the server seems to have accepted the message[05:52:52] <tff> I haven't gotten the message in my external inbox though[05:53:23] <tff> Is there usually a delay? Logs would indicate a forwarding failure right?[05:54:23] <twb> Far end might be dropping it as a spoofed message[05:54:38] <twb> IIRC that happens sometimes with .forward which I think is the same semantics[05:54:51] <twb> But check your logs for successful delivery to next hop[05:55:11] <tff> Ah, yeah that success message I saw was for the next hop[05:56:35] <twb> Then you can't find the problem without looking at the next hop's logs or getting a success or a bounce from them[05:56:49] <twb> Check the sender's mailbox as well as the recipient's[05:58:10] <tff> Indeed. I tried a different email system and it worked, so it seems to be getting stopped at that particular next-hop as you suggested[05:58:30] <tff> email system, that is, domain, different from the original one[06:00:29] *** nubianz has quit IRC[06:01:19] <pj> tff: if you just want to alias extra recipients then the general way is to just add them to /etc/aliases, provided that you haven't modified this...[06:01:22] <pj> !alias_maps[06:01:22] <knoba> pj: "alias_maps" : a configuration parameter in the main.cf: The alias databases that are used for local(8) delivery. See aliases(5) for syntax details.[06:02:52] <tff> It seems to work now adding name name at external-domain dot org to /etc/aliases. Do they mean that alias_maps is for aliasing local addresses, e.g. name@local to name2@local?[06:02:53] *** Wamphyri has quit IRC[06:02:58] <tff> I'm sure that will come in handy too.[06:03:22] *** Wamphyri has joined #postfix[06:04:24] <pj> alias_maps is for local addresses, yes. it defaults to /etc/aliases.[06:06:28] <tff> Oh, so you can use /etc/aliases for both local and remote[06:06:37] <tff> Right, i remember seeing those root aliases at the top[06:07:06] *** danblack has joined #postfix[06:09:56] *** ltxda_ has quit IRC[06:10:01] *** ltxda has joined #postfix[06:10:01] *** ltxda has joined #postfix[06:10:03] *** ltxda has quit IRC[06:10:24] *** ltxda has joined #postfix[06:10:25] *** ltxda has joined #postfix[06:10:44] *** ltxda has joined #postfix[06:10:44] *** ltxda has joined #postfix[06:11:03] *** ltxda has joined #postfix[06:11:03] *** ltxda has joined #postfix[06:11:06] *** ltxda has quit IRC[06:11:24] *** ltxda has joined #postfix[06:11:24] *** ltxda has joined #postfix[06:11:26] *** ltxda has quit IRC[06:11:46] *** ltxda has joined #postfix[06:11:46] *** ltxda has joined #postfix[06:12:10] *** ltxda has joined #postfix[06:12:11] *** ltxda has joined #postfix[06:12:22] *** hadifarnoud has quit IRC[06:13:21] *** m1nish has quit IRC[06:13:48] <Wamphyri> pj, can you point me in a general direction for postfix not receiving email? doesn't even show in mail.log[06:14:13] <pj> !tell Wamphyri no_logs[06:14:13] <knoba> Wamphyri: "no_logs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[06:18:07] *** magyar has quit IRC[06:22:42] <Wamphyri> pj, you know anything about cloudflare?[06:23:53] <pj> nope[06:24:17] <Wamphyri> ok :)[06:29:19] *** twb has quit IRC[06:38:26] *** jeffrey3234 has joined #postfix[06:44:53] *** mungustas has quit IRC[06:45:04] *** batteur has quit IRC[06:51:45] *** mungustas has joined #postfix[07:08:01] *** Timmooo has quit IRC[07:08:44] *** tff has quit IRC[07:09:49] *** Chel has joined #postfix[07:12:04] <Chel> question: how to prevent mail spoofing. now everyone can send mail to my server and my users: TO: user at mydomain dot com and FROM:user2 at mydomain dot com and my users thinks, these emails are valid. how to avoid it ?[07:17:39] <Wamphyri> !deferred[07:17:40] <knoba> Wamphyri: Error: "deferred" is not a valid command.[07:17:43] <Wamphyri> hrmph[07:48:54] *** gu1lle_ has joined #postfix[07:51:11] *** zooko has joined #postfix[07:51:47] *** jefferai has quit IRC[07:52:12] *** jefferai has joined #postfix[07:53:41] *** likewhoa has quit IRC[07:55:13] *** likewhoa has joined #postfix[08:01:01] *** prooz has joined #postfix[08:08:25] <Tabmow> !tell Chel header_check[08:08:25] <knoba> Tabmow: Error: No factoid matches that key.[08:08:30] <Tabmow> !tell Chel header_checks[08:08:30] <knoba> Chel: "header_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.[08:08:59] *** mechanicalduck has joined #postfix[08:14:49] *** ced117 has joined #postfix[08:15:15] *** jarif has joined #postfix[08:15:30] *** ced117 has quit IRC[08:22:09] <Chel> thanks[08:22:41] *** rotbeard has joined #postfix[08:27:13] <pj> Chel: using header_checks like that can be problematic. Public mailing lists, for example, will send mail that legitimately has your name and email address in the From: header even though it does not appear to originate from you.[08:32:38] *** Guest92115 is now known as Kamal_[08:33:11] <Chel> so spam is powerfull. anyone can spoof my emails, if i accept all domains to connect my postfix[08:33:31] <Chel> all domains / all ip addresses[08:34:34] <Tabmow> Chel: what exactly are you trying to achieve? To make sure e-mail originating * at mydomain dot com is actually from legitimate users with * at mydomain dot com accounts?[08:37:27] *** zooko` has joined #postfix[08:39:08] *** zooko has quit IRC[08:40:15] <Chel> yes[08:44:02] *** ced117 has joined #postfix[08:44:28] *** milligan has quit IRC[08:44:52] *** milligan has joined #postfix[08:53:13] *** zorg1 has joined #postfix[09:00:24] *** danblack has quit IRC[09:05:04] *** ankso_ has left #postfix[09:05:21] *** ankso has joined #postfix[09:07:59] *** UQlev has joined #postfix[09:18:02] *** jerlique has left #postfix[09:25:58] *** p3rror has joined #postfix[09:38:48] *** Cromulent has joined #postfix[09:39:04] *** gavimobile has joined #postfix[09:40:20] <gavimobile> is there a reject option which does the opposite of permit_sasl_authenticated[09:41:43] <Zerberus> what sense would that make?[09:41:49] <Zerberus> !tell gavimobile goal[09:41:49] <knoba> gavimobile: "goal" : describe your goal, not what you think the solution is[09:41:50] <gavimobile> I want to only allow authenticated[09:42:07] <gavimobile> for smtp outbound[09:42:28] <Zerberus> permit_sasl_authenticated does exactly this, why would you want to reverse that?[09:42:30] <gavimobile> http://pastebin.com/mb8Xh0g1[09:42:46] <Zerberus> setup the submission service[09:43:26] <Zerberus> don't let your users relay through the SMTP port, use submission[09:44:22] <gavimobile> Zerberus: can you give me a link to the documentation with this subject please[09:44:31] *** danblack has joined #postfix[09:44:39] <Zerberus> gavimobile: which subject?[09:44:52] <gavimobile> how to use submission[09:45:03] <gavimobile> or how to set it up[09:45:36] <Zerberus> check your master.cf, it probably already contains commented entries[09:46:41] <gavimobile> http://pastebin.com/cqZLqrJJ[09:46:55] <gavimobile> ahh taster[09:46:56] <gavimobile> master*[09:47:42] *** d00 has joined #postfix[09:48:09] <gavimobile> http://pastebin.com/5yv6d7za[09:48:13] <gavimobile> that's my master.cf[09:50:07] *** UQlev has quit IRC[09:51:07] <Zerberus> which OS is that?[09:51:26] <gavimobile> amazon linux[09:51:27] <Zerberus> wondering why it does not have a submission service defined[09:51:45] <gavimobile> Zerberus: no, I think I modified it, im the blame[09:52:43] <gavimobile> Zerberus: master.cf.orig http://pastebin.com/jwQ4n2Sd[09:53:04] <Zerberus> there you go[09:53:42] *** wdp has joined #postfix[09:54:45] <gavimobile> ok which lines should I uncomment[09:55:02] <Zerberus> please try to understand what you are doing[09:55:02] <gavimobile> just #submission inet n - n - - smtpd[09:55:08] <gavimobile> Zerberus: oh I will[09:55:27] <Zerberus> no, the parameter lines need to be set as well[09:55:39] <gavimobile> im going to research each one you tell me from here http://www.postfix.org/postconf.5.html[09:57:09] *** Bry8Star has quit IRC[10:03:28] <gavimobile> what's so bad about port 25[10:03:57] <Zerberus> because it collides with anti-spam measures for unknown senders[10:04:01] <Zerberus> !submission[10:04:01] <knoba> Zerberus: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[10:05:30] *** Bry8Star has joined #postfix[10:06:04] <gavimobile> I think I see, now that enabling submission the system can realize if the user is authenticating or not[10:06:10] <gavimobile> on port 25 it couldn't do that[10:07:54] <gavimobile> I guess ill also do smtpd_tls_auth_only = yes[10:08:44] *** Cromulent has quit IRC[10:09:14] <gavimobile> maybe you can correct my logic. my logic was that the setup of a clients mail client should be as easy to setup as possible and it should be up to the user to choose if he wants to use tls or not. if he cares that his password gets sent in plaintext or not[10:09:58] <Zerberus> I don't share that, the user should be enforced to use encryption[10:10:18] <Zerberus> users are generally dumb and can't judge what's best for them[10:12:04] <gavimobile> I mentioned a few days ago that google uses port 465 and I believe it was you who ruled against it. in addition every mail hosting I've ever had access with except google seemed to use port 25[10:12:10] <gavimobile> why is this[10:13:20] <Zerberus> google uses 587 (submission) as well, smtps is deprecated[10:14:57] <Zerberus> port 25 for anonymous MTA traffic, port 587 for authenticating users; google does so[10:15:29] <gavimobile> I see[10:15:40] <gavimobile> does my server need port 587 for outbound as well?[10:16:07] <Zerberus> no[10:16:13] *** RadoQ has joined #postfix[10:22:47] <gavimobile> weird, my mail didn't come in yet Jun 26 11:21:54 server1 dovecot: pop3-login: Login: user=<test at testdomain dot tk>, method=PLAIN, rip=81.xxx.xxx.xxx, lip=172.31.26.73, mpid=4895, TLS[10:23:00] <gavimobile> no errors in the log[10:23:21] <gavimobile> oops[10:24:15] <gavimobile> no, that was right[10:24:44] <gavimobile> but that was a pop login, I don't see any incoming logging[10:24:51] <gavimobile> 587 tcp?[10:24:55] <gavimobile> inbound[10:27:47] <gavimobile> not a firewall issue.. disabled firewall and no mail or nothing loggin[10:27:53] <gavimobile> for incoming[10:31:03] <gavimobile> im testing with telnet[10:33:28] *** Selfarian has joined #postfix[10:35:25] <Selfarian> Hi. I added amavis-new and clamav to my configuration and tryed to send test-signatures to my account. after setting $final_spam_destiny = D_PASS; both mails (virus & spam) are in my inbox. i thought at the spam-mail has to be an ***SPAM*** Subject.[10:35:39] *** gu1lle_ has quit IRC[10:36:05] <Selfarian> .. in the past Spamassassin worked and added [SPAM <score>] to spam-mails[10:39:25] *** danblack has quit IRC[10:44:23] <gavimobile> nope my problem is not solved[10:46:30] *** ds187_ has left #postfix[10:49:17] <gavimobile> my server is not requiring auth[10:50:00] *** e66 has joined #postfix[10:50:28] *** Guest10797 has left #postfix[10:50:46] *** jelly has joined #postfix[10:50:48] <gavimobile> this is the problem... reject_unauth_destination, doesn't do anything[10:52:04] <gavimobile> how do I prevent postfix from continuing the filter process if a user is unauthorized[10:52:09] <gavimobile> unauthenticatd*[10:59:15] <Zerberus> you do it wrong, follow the /topic instructions[10:59:19] <Zerberus> but I have no time now[11:00:02] *** Womkes has quit IRC[11:00:11] *** donmichelangelo has quit IRC[11:01:01] *** donmichelangelo has joined #postfix[11:01:19] *** Womkes has joined #postfix[11:01:19] *** Womkes has joined #postfix[11:01:31] *** err-or_ has joined #postfix[11:01:49] *** err-or has quit IRC[11:06:05] <jelly> Hi. I'm having a content_filter implemented. Is there a possibility of postfix ever feeding multiple RCPT TOs to an smtp-based content_filter, and how should such a filter respond after DATA if one recipient is fine but the other should be rejected?[11:11:52] *** mcp has quit IRC[11:16:55] *** tharkun has quit IRC[11:22:49] *** tharkun has joined #postfix[11:25:39] *** sepski has quit IRC[11:25:39] *** tharkun has quit IRC[11:29:09] *** err-or_ has quit IRC[11:29:18] *** mcp has joined #postfix[11:30:59] *** tharkun has joined #postfix[11:31:31] *** mechanicalduck_ has joined #postfix[11:32:38] *** tharkun has quit IRC[11:32:58] *** mechanicalduck has quit IRC[11:38:09] *** tharkun has joined #postfix[11:38:57] *** UQlev has joined #postfix[11:40:34] *** tharkun has quit IRC[11:46:17] *** tharkun has joined #postfix[11:47:39] *** mechanicalduck_ is now known as mechanicalduck[11:50:21] *** jeffrey3234 has quit IRC[11:50:36] *** snearch has joined #postfix[11:51:15] *** jeffrey3234 has joined #postfix[11:52:42] *** tharkun has quit IRC[11:58:30] *** tharkun has joined #postfix[12:03:08] *** tharkun has quit IRC[12:05:25] *** trusktr has quit IRC[12:06:44] *** trusktr has joined #postfix[12:07:03] *** patdk-wk_ has quit IRC[12:08:42] *** tharkun has joined #postfix[12:09:40] *** mechanicalduck_ has joined #postfix[12:09:49] *** Bry8Star has quit IRC[12:10:07] *** mechanicalduck has quit IRC[12:12:33] *** tharkun has quit IRC[12:12:53] *** danblack has joined #postfix[12:13:04] <gavimobile> ok after a lot of digging I understand better what is happening. outlook's test sends to the from mail therefor reject_unauth_destination ignored if the user is unauthenticated because itself is in the list of allowed domains[12:13:44] *** Borg_ has joined #postfix[12:14:14] <Zerberus> gavimobile: you are really whitelisting sender domains?[12:14:31] <gavimobile> no[12:15:52] <gavimobile> but if the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain) than reject_unauth_destination simply continues to the next filtering process[12:16:50] <gavimobile> so outlooks test does a sendfrom and sendto me@mydomain and since im sending to someone@mydomain, so he isn't blocked because @mydomin is one of my domains[12:17:11] <gavimobile> im strictly talking about smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination[12:17:51] *** tharkun has joined #postfix[12:17:57] <gavimobile> I wanted originally to reject unauthorized destinations period, regardless of if they are matching matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains,[12:18:30] <gavimobile> I still think I would like to reject them thought because I would like it to be required to authenticate no matter who the person is[12:18:33] *** trusktr has quit IRC[12:18:35] <gavimobile> even though its pointless[12:20:17] *** patdk-wk_ has joined #postfix[12:20:33] *** e66 has quit IRC[12:20:41] <gavimobile> maybe this might be better smtpd_recipient_restrictions = permit_sasl_authenticated,permit_auth_destination,reject[12:23:23] <gavimobile> well that would be dangerous with $inet_interfaces,[12:24:06] <gavimobile> this is so confusing. why can't postifx just do if (authorized($user)){ continue; }else{ send him to hell; }[12:24:56] *** Borg_ has quit IRC[12:25:45] *** Borg_ has joined #postfix[12:26:33] *** Bry8Star has joined #postfix[12:28:10] <Zerberus> gavimobile: if the recipient domain is your domain, you can't demand authentication[12:28:46] <gavimobile> Zerberus: isn't that silly?[12:29:02] <Zerberus> don't fiddle with the smtpd_recipient_restrictions, don't set permit_sasl_authenticated that but use the submission service to demand auth and TLS[12:29:27] <Zerberus> gavimobile: silly? how do you expect mail from other MTAs if your demand AUTH on port 25?[12:30:00] <gavimobile> no, port 25 isn't working any more.. only 587[12:30:27] <gavimobile> also, do you mean not to use permit_sasl_authenticated[12:33:44] <Zerberus> activating submission does not deactivate the smtpd service[12:34:02] <gavimobile> so should I leave port 25 open[12:34:04] <Zerberus> yes, do not use permit_sasl_authenticated on port 25[12:34:25] <Zerberus> if you want to receive mail from other MTAs, definitely[12:35:02] <gavimobile> Zerberus: my server has is its own mx, does this make a difference[12:35:17] <gavimobile> my server is not a forwarding server[12:35:20] <Zerberus> a domain has an MX, not a server[12:38:59] *** rmayorga has quit IRC[12:39:56] *** d00 has quit IRC[12:40:38] <gavimobile> why wouldn't they be able to send? I only need auth for sending outoing mail from my server[12:41:09] *** rmayorga has joined #postfix[12:41:09] *** rmayorga has joined #postfix[12:41:22] <gavimobile> also permit_sasl_authenticated doesn't require[12:41:29] *** kli0rf has quit IRC[12:41:31] <gavimobile> its optional[12:41:57] *** mechanicalduck has joined #postfix[12:43:47] *** IamTrying has joined #postfix[12:43:53] *** mechanicalduck_ has quit IRC[12:44:30] <IamTrying> Is there any way? 1) Box will only send email to 2 address , all the rest mail will not be sent[12:44:49] *** mechanicalduck_ has joined #postfix[12:46:21] *** kli0rf has joined #postfix[12:46:32] *** mechanicalduck has quit IRC[12:47:57] *** d00 has joined #postfix[12:49:31] *** gavimobile has quit IRC[12:50:56] *** gavimobile1 has joined #postfix[12:52:05] *** Cromulent has joined #postfix[12:57:56] *** UQlev has quit IRC[12:59:12] *** mechanicalduck has joined #postfix[13:00:04] *** mechanicalduck_ has quit IRC[13:10:29] *** Bry8Star has quit IRC[13:13:15] *** mechanicalduck_ has joined #postfix[13:13:39] *** mechanicalduck has quit IRC[13:13:57] *** danblack has quit IRC[13:24:26] *** Bry8Star has joined #postfix[13:25:33] *** mechanicalduck_ has quit IRC[13:31:39] *** mechanicalduck has joined #postfix[13:36:09] *** RayS has quit IRC[13:43:42] *** danblack has joined #postfix[13:47:18] *** gavimobile1 has quit IRC[13:47:34] *** gavimobile has joined #postfix[13:47:44] <gavimobile> Zerberus: I took permit_sasl_authenticated out of smtpd_recipient_restrictions and in master.cf there is smtp and smtpd. which one should be uncommented to other mtas to send me mail on port 25?[13:48:26] <gavimobile> I comment smtp and uncomment smtpd[13:50:42] <lunaphyte_> why did you comment out smtp?[13:51:02] <lunaphyte_> pastebin postconf -nf; postconf -Mf[13:51:12] *** snearch has quit IRC[13:52:00] <gavimobile> lunaphyte_: ill give you a pastebin in just a minute. what I understood until now is to use port 587 submission for outgoing mail only and alow 25 for other mtas to send me mail[13:52:27] <lunaphyte_> wrong[13:52:36] <lunaphyte_> there is no such thing as "outgoing mail only"[13:52:43] <gavimobile> http://pastebin.com/Rn2575Tu[13:52:48] <lunaphyte_> all mail is received, then it is sent.[13:52:56] <gavimobile> yes, im soo confused right now[13:53:19] <lunaphyte_> you're just using confusing terminology. don't worry about if mail is "outgoing"[13:53:52] <gavimobile> this is my master.cf http://pastebin.com/Rn2575Tu[13:54:13] <lunaphyte_> port 587 [submission] is for clients [end users]. port 25 [smtp] is for other servers.[13:54:20] <gavimobile> lunaphyte_: well I must worry because not anyone should be able to use my server to send mail[13:54:38] <lunaphyte_> you're not listening to me, so i guess i won't listen to you.[13:54:53] <gavimobile> yes, im listening[13:55:01] <gavimobile> im trying to explain my point[13:55:17] <lunaphyte_> then why did you pastebin something different that what i asked for?[13:55:21] <gavimobile> but apparently its not necessary[13:55:29] <gavimobile> your right... ill listen[13:56:44] *** Selfarian has quit IRC[13:57:47] <gavimobile> lunaphyte_: here is what you asked for http://pastebin.com/XBySrbVb[13:59:00] <lunaphyte_> oh, you have an old version[13:59:11] <lunaphyte_> what is postconf mail_version?[14:00:07] <gavimobile> lunaphyte_: mail_version = 2.6.6[14:00:35] <lunaphyte_> that's too old. you need to upgrade[14:01:07] <lunaphyte_> that already old when support for it ceased, and support for it ceased 4 months ago, so now it's even older[14:01:15] <lunaphyte_> *that was already[14:01:51] <gavimobile> ok.. just a minute[14:03:52] <gavimobile> lunaphyte_: it has a lot of dependencies.. should I worry?[14:04:18] <lunaphyte_> that wouldn't be within the scope for this channel[14:04:25] <gavimobile> I understand[14:06:19] <lunaphyte_> i'm sure your os channel could help with that though[14:09:46] *** Section1 has joined #postfix[14:12:17] <gavimobile> lunaphyte_: don't be too sure[14:12:21] <gavimobile> this is amazon linux[14:12:40] <gavimobile> I can either stay with this version of postfix, use sendmail or change to another distro[14:13:03] <IamTrying> HOW - can i tell postfix please stop sending email to "root at domain dot com" ?[14:14:19] <Zerberus> IamTrying: adjust your aliases file[14:14:48] <tuxick> wth = amazon linux[14:14:53] <IamTrying> Zerberus, i have /etc/aliases file with root: wrong at wrongdomain dot com[14:15:25] <Zerberus> IamTrying: please don't use domain.com or wrongdomain.com[14:15:40] <gavimobile> this is bad[14:15:44] *** snearch has joined #postfix[14:16:16] <rob0> Perhaps it would be useful to understand that Postfix is not sending the mail, it is *routing* the mail. These might help too:[14:16:20] <rob0> !basic[14:16:20] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[14:16:26] <rob0> !myorigin[14:16:26] <knoba> rob0: "myorigin" : a configuration parameter in the main.cf: The default domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default $myhostname, which is fine for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user at that dot users.mailhost.[14:16:33] <rob0> !append_at_myorigin[14:16:33] <knoba> rob0: "append_at_myorigin" : Append the string"@$myorigin" to mail addresses without domain information. WARNING: do not change this without understanding what it means, see http://www.postfix.org/postconf.5.html#append_at_myorigin[14:20:40] <IamTrying> Zerberus, how can i stop sending email to a specific address such as "root at * dot *" ?[14:23:35] *** grknight has joined #postfix[14:31:35] <IamTrying> postmap hash:sender_access when i do it says "unable to resolve host sun-bla-bla-bla-bla"[14:33:50] <IamTrying> echo "root at validdomain dot com REJECT" > /etc/postfix/sender_access[14:34:01] <IamTrying> postmap hash:sender_access[14:34:38] <IamTrying> echo "smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access" > /etc/postfix/main.cf[14:34:44] <IamTrying> service postfix restart[14:35:21] <IamTrying> tail -f /var/log/mail.log | grep root at validdomain dot com -A 1 -B 1[14:35:35] <IamTrying> Still its showing status=sent why?[14:35:42] <pj> [00:34] <IamTrying> echo "smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access" > /etc/postfix/main.cf[14:35:49] <pj> I hope you didn't actually do that.[14:36:05] <IamTrying> pj, right. at the end of the file its added[14:36:15] <pj> IamTrying: that command won't add it to the end.[14:36:21] <IamTrying> pj, >>[14:36:55] <pj> IamTrying: see man postconf for a better way to add and change individual lines in main.cf.[14:37:05] <rob0> and in most Postfix versions that append command would cause Postfix to fail :)[14:39:15] <IamTrying> pj, but its wrong its for "SENDER" black list i need black list for "TO"[14:39:26] <pj> IamTrying: check_sender_access won't affect your ability to send mail *to* anyone.[14:39:49] <rob0> And it's not going to affect sendmail(1) submission:[14:39:50] <IamTrying> pj, that is what i am saying, so i did it wrong. how can i block *to* ?[14:39:52] <rob0> !xy[14:39:52] <knoba> rob0: "xy" : (#1) The XY problem is that you want to do X, but don't know how. You think that you can solve X by doing Y, so you ask us how to do Y. We tell you that's an odd problem to want to solve. Just ask us about the real problem., or (#2) http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...[14:40:28] <rob0> I would suggest that you scroll back to 24 minutes ago and see what I said then, but that's up to you.[14:40:44] <rob0> If you ignore me and the bot, we'll reciprocate.[14:40:44] <patdk-wk_> that is so long ago[14:42:11] <rob0> Another thing I can add before stepping out of the discussion: you might be able to solve this problem by settings in the software which IS sending the mail, e.g., crontab or whatever.[14:47:51] <IamTrying> pj, you need smtpd_sender_restrictions = check_recipient_access hash:/etc/postfix/recipients[14:48:43] <IamTrying> transport_maps = hash:/etc/postfix/transports[14:49:14] <IamTrying> /etc/postfix/transports : root at validdomain dot com error: shut up, block is block[14:50:30] <IamTrying> cat /etc/postfix/recipients[14:50:43] <IamTrying> root at validdomain dot com restrictive or permissive?[14:50:44] <pj> IamTrying: interesting you would put check_recipient_access in the sender restrictions but you put check_sender_access in the recipient restrictions.[14:51:20] <IamTrying> pj, no that check_sender_access is not going to be there i just need check_recipient_access[14:51:30] <rob0> Nothing wrong with that per se, but it won't achieve the goal.[14:51:50] <pj> right, it won't work with pickup, as rob0 has already pointed out.[14:55:02] <IamTrying> pj, its working ( rob0 ) how come?[14:56:29] *** Bry8Star has quit IRC[14:56:44] <pj> because pickup != smtpd[14:58:10] <IamTrying> pj, no its not working, i was looking the log it started again now after some time.[15:00:06] <pj> also check_recipient_access won't work under smtpd_sender_restrictions[15:01:12] *** danblack has quit IRC[15:06:46] <rob0> pj, yes it will, but obviously not for this goal.[15:07:11] <rob0> The only reason it would not is with "smtpd_delay_reject=no", a bad idea.[15:07:31] <rob0> smtpd_delay_reject default is yes[15:10:10] <pj> rob0: I was just going by my reading of the docs, I didn't think that smtpd_delay_reject had any effect on which restrictions worked in which restriction classes.[15:10:59] <IamTrying> pj, http://fpaste.org/21006/37225223/ - why its not blocking root at validdomain dot com ?[15:12:04] *** cetanu has quit IRC[15:12:23] <pj> IamTrying: rob0 asked you before to please say why you want to do this, you have not done this yet.[15:13:12] <rob0> How To Block/Reject Email "To" A Specific Address Using Postfix ... depends where that mail came from, as I alluded almost an hour ago.[15:13:33] <rob0> You cannot Block/Reject sendmail(1) submission.[15:13:57] <rob0> You can deny access to sendmail:[15:14:07] <rob0> !authorized_submit_users[15:14:07] <knoba> rob0: "authorized_submit_users" : List of users who are authorized to submit mail with the sendmail(1) command (and with the privileged postdrop(1) helper command).[15:14:46] *** timeshell has joined #postfix[15:15:13] <timeshell> Hi. I have a little issue I'm having trouble even identifying[15:15:22] *** Bry8Star has joined #postfix[15:16:28] <timeshell> I've been using postfix as my smtp for a year and a half. It's been working fine. A few days ago, postfix stopped greeting most email servers when the connect. The socket connection is working, but postfix isn't prompting with anything or responding to ehlo/helo.[15:16:50] <timeshell> There isn't anything evident in the logs for this behaviour. There have been no configuration changes.[15:16:55] <IamTrying> rob0, mails are getting sent via relayhost = 10.x.x.155 . Purpose of this embedded box is to send only to 2 email address and rest of the world it should not send any email. (its only for 1 email address dedicated company privacy)[15:17:03] <IamTrying> pj, ^[15:17:07] <timeshell> I'm not sure where to look.[15:17:39] <timeshell> Using amavisd and clamd with the config[15:19:29] <rob0> !tell IamTrying nullclient[15:19:29] <knoba> IamTrying: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[15:19:35] <rob0> !tell timeshell nologs[15:19:35] <knoba> timeshell: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[15:19:56] <rob0> If you have no logs, we won't be able to help.[15:20:06] <timeshell> Connections are coming to the server. I have already confirmed this by telneting to the port and trying a direct smtp communication[15:20:22] <timeshell> I can telnet to 25, but cannot get any response from postfix on it.[15:20:23] <rob0> and there is no banner?[15:20:26] <timeshell> no banner[15:20:35] <rob0> no logs, no luck.[15:20:41] <timeshell> There's nothing in the logs[15:20:46] <rob0> Fix that first.[15:20:47] <timeshell> That's my point.[15:21:03] <timeshell> Ok, not nothing, but nothing related to the issue.[15:21:14] <timeshell> It's like the connection never happens.[15:21:27] <rob0> Everything Postfix does is logged. Every connection is logged.[15:21:49] <timeshell> Ack. Just a sec.[15:21:57] <IamTrying> rob0, you are making it complicated. Its an embedded device where postfix is working perfectly after doing unit tests. Now only the issue is to suspend/block/blacklist 1 Email address where postfix wont send Email.[15:22:13] <lunaphyte_> no, using postfix is making it complicated[15:22:17] *** robinho86 has joined #postfix[15:22:29] <lunaphyte_> a null client is simpler[15:22:36] <IamTrying> Thats the goal rob0 (any email from that box going to root at validdomain dot com must be killed or suspended or blocked )[15:23:14] <timeshell> Any log I should be looking at other than maillog?[15:23:59] <rob0> timeshell, we don't know your OS. We don't even know what it is.[15:24:07] <timeshell> centos[15:24:41] <IamTrying> do i have to use then spamassassin, if postfix cant handle it?[15:25:28] <rob0> timeshell, I suspect faulty testing procedures. What's your IP address?[15:27:01] <timeshell> mail.nutt.ca[15:28:14] <rob0> did you see a connection from harrier.slackbuilds.org on port 25?[15:29:08] <timeshell> Not in maillog[15:29:20] <rob0> firewall/networking? Is there NAT being done? is 69.165.216.226 the right IP? I got a timeout, not a SYN/ACK.[15:29:48] *** MaximusColourum has joined #postfix[15:29:53] <timeshell> No nat. Yes, correct address. My ISP's email server is able to send to it.[15:30:14] *** leo-unglaub has joined #postfix[15:30:29] <timeshell> My IS"[15:30:45] <timeshell> My ISP's mail server is not in the allowed networks list so is not considered local...[15:30:55] <rob0> can you reach it from itself, i.e., localhost, and see that connection logged and get a banner?[15:30:59] <timeshell> yes[15:31:00] <leo-unglaub> hey guys, for 2 days now i have a load of 4 on my mail-gates because there is a huge amount of rejected emails. but the addresses make no sence[15:31:07] <IamTrying> spamassassin blacklist_to allows it, how come postfix cant do this??[15:31:24] <rob0> Your problem indeed appears to be firewall/networking.[15:31:24] <lunaphyte_> !tell leo-unglaub welcome[15:31:24] <knoba> leo-unglaub: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[15:32:12] <leo-unglaub> lunaphyte_: thanks, i know how to ask questions. just had to prepare my pastebin again ;)[15:32:14] <leo-unglaub> http://pastebin.com/ut5FcTRi[15:32:23] <timeshell> rob0 Not sure how that could be. I'm not implicitly allowing my ISP's address through. AND the socket connection does establish as you already saw[15:32:26] <leo-unglaub> my log is full of those funny addrecces[15:32:32] <leo-unglaub> they don't exist at all[15:32:37] <leo-unglaub> my postfix conf is here[15:32:48] <timeshell> AND all other traffic to that server is unaffected[15:32:59] <leo-unglaub> http://pastebin.com/VWrZjTRM[15:33:00] <timeshell> dovecot 993 works[15:33:10] <timeshell> http works[15:33:21] <timeshell> SIP works[15:33:57] <patdk-wk_> leo-unglaub, logs?[15:34:13] <lunaphyte_> i guess he didn't read the topic after all[15:34:15] <rob0> timeshell, I tried to connect to 69.165.216.226:25 from a mailhost with outbound port 25 open. There was no response, no SYN/ACK, just a timeout.[15:34:28] <leo-unglaub> patdk-wk_: tonns of it, i am uploading it right now because it's to large for pastebin[15:34:40] <patdk-wk_> how can it be too large?[15:34:44] <patdk-wk_> it should only be like 10 lines[15:34:46] <timeshell> From my telnet client on a cellular connection I get a connection.[15:35:02] <lunaphyte_> there's no way on earth anyone here is going to sift through logs that big.[15:35:11] <rob0> Your cellular ISP probably redirects port 25 to their proxy.[15:35:13] <lunaphyte_> do the work, pick out relevant lines, and pastebin[15:35:19] <timeshell> Let me check my access rules again[15:35:23] <timeshell> I don't think that's it[15:35:23] <rob0> Like I said, faulty testing.[15:35:43] <patdk-wk_> why does this look like another ispconfig server?[15:35:45] <leo-unglaub> patdk-wk_: the logs for all those floats are 300 mb :([15:35:48] <lunaphyte_> perhaps some rudimentary tests with e.g. netcat are in order here[15:35:49] <rob0> Nothing in the logs means that the connections are not arriving.[15:35:52] <timeshell> My IP camera sends to my ISP email server which then sends the mail to my email server. That still works.[15:35:57] <timeshell> I get email from my ISP[15:36:08] <timeshell> And I don't specifically allow them to connect[15:36:09] <patdk-wk_> timeshell, and that means? nothing?[15:36:24] <patdk-wk_> your isp can block all connections to port 25, and allow themselfs[15:36:47] <rob0> timeshell, believe me or not. I have identified at least a part of the problem. Good luck.[15:37:13] <timeshell> Thank you.[15:37:24] <IamTrying> rob0, should i then use SELinux ACLS?[15:40:29] *** snearch has quit IRC[15:41:18] <failure> the built in loop protect in postfix, is it triggered on lo* interface ? eg if instance X connect to Y that listens on lo1?[15:42:12] *** shortbus- has left #postfix[15:42:12] *** timeshell has quit IRC[15:43:52] *** timeshell has joined #postfix[15:44:02] *** koobs has quit IRC[15:44:23] *** koobs has joined #postfix[15:44:56] <leo-unglaub> ah, found it myself[15:45:00] <leo-unglaub> 79.157.230.174 is running amok[15:45:07] <leo-unglaub> blocked it and everything is fine now![15:45:09] <leo-unglaub> thanks[15:45:15] <rob0> IamTrying, I don't think I knew the actual problem and goal well enough to make a specific recommendation, and in any case I can't imagine recommending SELinux as a solution to anything. :)[15:45:53] <rob0> failure, back up and describe the actual problem and goal.[15:46:44] <IamTrying> rob0, i have to send email from the box to this address "rob0 at rob0 dot com" only. This box should not send anywhere in the world any email except rob0 at rob0 dot com[15:47:46] <IamTrying> rob0, now the problem is its sending email to anywhere it want such as auto generated system alert emails to: root at validdomain dot com[15:48:11] <IamTrying> rob0, the goal is now to block all email address where it send email except "rob0 at rob0 dot com"[15:48:20] <timeshell> found it. A moved fw rule.[15:48:29] <rob0> why didn't you take my suggestion about changing what (or to where) the automated system alerts send mail?[15:48:31] <timeshell> Thanks again rob0[15:48:37] <rob0> timeshell, yw[15:48:56] <IamTrying> rob0, nullclient u mean?[15:49:08] *** zooko` has quit IRC[15:49:25] <rob0> I suggested that you look at changing what (or to where) the automated system alerts send mail.[15:49:41] <IamTrying> OK[15:50:25] <rob0> and indeed, you'd be better off with a nullclient for sending mail to your single address, Ms. Rhonda Alvarez of Dickinson, Texas, USA.[15:51:14] <failure> rob0: what didnt you understand?![15:51:18] <IamTrying> OK Thank you rob0[15:51:54] <schrodinger> Would anyone mind looking at my main.cf and providing some feed back? I've no problems, just looking to improve the setup where necessary. https://konundrum.org/ordinance/main.cf[15:52:13] <rob0> failure, I don't know enough about the source code to even begin to answer such a question. But if you had chosen to discuss what it was you needed to do, I might have been able to help.[15:52:39] <gavimobile> ok, I've upgrade to a supported version of postfix 2.9. once enabling submission I can no longer receive mail[15:52:48] <gavimobile> nothing is being logged[15:52:58] <gavimobile> port 587 is open[15:53:52] *** rmayorga has quit IRC[15:53:59] <failure> rob0: ive was just fishing for someone who was aware of this. but ive rather look in the source myself[15:54:02] *** rmayorga has joined #postfix[15:54:02] *** rmayorga has joined #postfix[15:54:49] *** Bry8Star has quit IRC[16:00:08] *** donmichelangelo has quit IRC[16:00:08] *** timeshell has quit IRC[16:00:38] *** donmichelangelo has joined #postfix[16:00:52] *** Borg_ has quit IRC[16:01:52] *** timeshell has joined #postfix[16:02:06] *** timeshell has quit IRC[16:05:30] *** Borg_ has joined #postfix[16:05:50] *** rotbeard has quit IRC[16:06:15] *** ced117 has quit IRC[16:07:36] *** IamTrying has quit IRC[16:10:17] *** Bry8Star has joined #postfix[16:12:34] *** ced117 has joined #postfix[16:12:35] *** ced117 has joined #postfix[16:13:11] *** tharkun has quit IRC[16:13:11] *** tharkun has joined #postfix[16:13:43] <tharkun> !tell gavimobile nologs[16:13:43] <knoba> gavimobile: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[16:15:57] *** UQlev has joined #postfix[16:19:32] *** koobs has quit IRC[16:19:32] *** koobs has joined #postfix[16:27:28] *** Borg_ has quit IRC[16:30:06] *** donmichelangelo has quit IRC[16:31:00] *** donmichelangelo has joined #postfix[16:41:29] *** Cromulent has quit IRC[16:46:03] *** Uranio has joined #postfix[16:56:21] *** cilly has joined #postfix[16:58:21] *** cilly has left #postfix[16:59:34] *** Borg_ has joined #postfix[17:01:01] *** koobs has quit IRC[17:01:22] *** koobs has joined #postfix[17:01:47] *** koobs has quit IRC[17:01:47] *** koobs has joined #postfix[17:02:23] *** mechanicalduck has quit IRC[17:04:14] *** mechanicalduck has joined #postfix[17:05:15] *** KippiX has joined #postfix[17:05:50] *** leo-unglaub has left #postfix[17:11:35] *** snearch has joined #postfix[17:12:44] *** necrogami_ has quit IRC[17:14:58] *** necrogami has joined #postfix[17:15:53] *** d00 has quit IRC[17:18:21] *** magyar has joined #postfix[17:18:21] *** magyar has joined #postfix[17:19:51] *** wald00 has joined #postfix[17:25:12] *** mechanicalduck has quit IRC[17:26:14] *** mechanicalduck has joined #postfix[17:28:38] *** snearch has quit IRC[17:35:23] <gavimobile> it took some time but they all arrived[17:35:24] <gavimobile> thanks guys[17:45:51] <gavimobile> I would like to increase the security of my postfix server. i was recommended earlier by Zerberus earlier to allow mta traffic on 25 and port 587 for authenticating users. I needed to upgrade my postfix version and im running now 2.9. assuming what Zerberus said will improve the security of my server, could someone point me in the right direction on how this should be done? right now I can connect via outlookto my server with port 25 and[17:48:37] *** zooko has joined #postfix[17:50:55] *** mechanicalduck has quit IRC[17:51:22] *** jabot has joined #postfix[17:51:40] *** p3rror has quit IRC[17:51:46] *** HaxCore has joined #postfix[17:52:23] *** mechanicalduck has joined #postfix[17:53:32] <jelly> gavimobile: ... via outlookto my server with port 25 and [you got cut off here][17:54:39] *** jabot has quit IRC[17:57:53] *** zorg1 has quit IRC[17:57:56] <Uranio> gavimobile: I suggest fail2ban[17:59:31] <rob0> Kind of hard to recommend something, not knowing what the actual problem or threat is.[18:00:22] *** Borg_ has quit IRC[18:01:38] <gavimobile> jelly didn't understand[18:01:56] <gavimobile> Uranio: fail2ban is good but it should be used in addition to postfix[18:02:23] <Uranio> fail2ban work with a los of things[18:02:30] <gavimobile> like band aids are good for wounds but its more important to clean it first from bacteria[18:02:31] <Uranio> sasld, dovecot, postfix[18:02:41] <jelly> gavimobile: the line you wrote appears incomplete, ends at ... "right now I can connect via outlookto my server with port 25 and"[18:03:09] <gavimobile> I would like to increase the security of my postfix server. i was recommended earlier by Zerberus earlier to allow mta traffic on 25 and port 587 for authenticating users. I needed to upgrade my postfix version and im running now 2.9. assuming what Zerberus said will improve the security of my server, could someone point me in the right direction on how this should be done? right now I can connect via outlookto my server with port 25 and[18:03:16] <gavimobile> jelly did you get the whole thing?[18:03:33] <gavimobile> right now I can connect via outlookto my server with port 25 and port 587 using tls only[18:04:10] <jelly> yes, that's better[18:04:57] <jelly> gavimobile: pastebin your "postconf -n" and "postconf -Mf" output, please[18:05:39] <jelly> let's look at one issue at a time, and fixing your inbound MX traffic seems like a good start[18:05:40] *** sniffells has quit IRC[18:07:10] *** sniffells has joined #postfix[18:10:28] <Wamphyri> pj, you around?[18:11:20] <gavimobile> jelly http://pastebin.com/qrNcHq39[18:11:29] <gavimobile> I put them both in one[18:12:51] <jelly> gavimobile: you probably don't want "permit_sasl_authenticated, reject_unauth_destination" for port 25 smtpd, just for submission.[18:14:05] * patdk-wk_ wonders exactly how using 587 vs 25 for users *improve* security[18:14:18] <patdk-wk_> it simplifies things, and makes it more reliable[18:14:23] <patdk-wk_> but it doesn't improve security[18:14:48] <jelly> patdk-wk_: a simplified configuration makes an admin's job easier and less prone to mistakes.[18:15:46] *** mechanicalduck_ has joined #postfix[18:15:49] <jelly> the person configuring postfix is a possible point of failure[18:16:04] <patdk-wk_> yes, but no matter what you do, you can't fix that[18:16:12] *** jarif has quit IRC[18:16:24] <patdk-wk_> there just are not enough rob0's to go around[18:16:32] <jelly> you can mitigate possible issues.[18:16:40] *** zooko has quit IRC[18:16:40] <jelly> some of them, at least[18:17:55] *** mechanicalduck has quit IRC[18:18:52] <jelly> or you can end up with an unsupportable mess in main.cf where you use a dozen restriction classes declaring which traffic is really "mx" and which is probably "submission" because it takes time and effort to move users from a stupid mixed setup[18:19:07] <jelly> ... hypothetically speaking[18:19:13] <jelly> :-([18:19:41] <gavimobile> jelly: ok. a lot of howtos online do it here rather than on submission[18:20:01] <rob0> Perhaps a lot of howtos online are clueless and wrong.[18:20:25] <rob0> (That's certainly my experience with them.)[18:20:26] <gavimobile> also if I remove reject_unauth_destination for port 25, than people can use my mail server as on open rela[18:20:28] <gavimobile> relay*[18:20:41] <rob0> You cannot do that.[18:21:15] <gavimobile> rob0: cannot do what?[18:21:51] <rob0> You cannot remove reject_unauth_destination from smtpd_recipient_restrictions.[18:22:25] <rob0> To be precise, you can remove it, but Postfix smtpd will not run.[18:22:25] <gavimobile> rob0: yes I agree[18:22:33] <jelly> see, you can get bad help here as well, from me[18:22:40] <gavimobile> lol[18:22:55] <gavimobile> jelly: at least your tried to help. glad to know im on top of things[18:23:27] <jelly> yeah, trying to help isn't that useful if I point you to the wrong direction, like those howtos[18:23:30] <patdk-wk_> first question is, how can you relay email on port 25 when it is blocked by most everyone?[18:23:42] <gavimobile> jelly: now now, don't be so hard on your self[18:23:42] <patdk-wk_> and if you use a hotel/convention center, it is intercepted and redirected?[18:24:10] <gavimobile> reject_unauth_destination however should be added to submission, right[18:24:20] <patdk-wk_> why?[18:24:25] <jumperboy> patdk-wk_: that's why submission (587) has become so popular[18:24:31] <patdk-wk_> you could, but rather pointless[18:24:45] <patdk-wk_> jumperboy, and your point?[18:24:50] *** jarif has joined #postfix[18:25:06] <jumperboy> using 587 for submission circumvents port 25 blocks[18:25:15] <patdk-wk_> jumperboy, and your telling me this why?[18:25:37] <jumperboy> < patdk-wk_> first question is, how can you relay email on port 25 when it is blocked by most everyone?[18:25:54] <patdk-wk_> jumperboy, yes, and I answered that question[18:25:59] <patdk-wk_> so I dunno why your answering it[18:26:27] <patdk-wk_> I did not ask you that, I asked gavimobile[18:26:37] <patdk-wk_> how does he expect to relay email using port 25 from clients[18:26:40] <patdk-wk_> follow the conversation[18:27:07] <gavimobile> patdk-wk_: what was the question[18:27:12] <gavimobile> sorry, didn't know you asked me something[18:27:25] <patdk-wk_> gavimobile, first question is, how can you relay email on port 25 when it is blocked by most everyone?[18:28:19] *** mechanicalduck_ is now known as mechanicalduck[18:28:35] <gavimobile> Zerberus: was telling me to leave port 26 open for other mtas to send me mail[18:29:13] *** HaxCore has quit IRC[18:29:17] <gavimobile> i don't want to put the wrong words in his mouth but from what I understand he told me is that I leave smtp or smtpd uncommented in the masters.cf file[18:29:25] <gavimobile> doesn't this allow port 25 access?[18:29:38] <patdk-wk_> yes[18:29:50] <patdk-wk_> do you wish to receive email?[18:29:55] <patdk-wk_> email uses port 25[18:29:55] <gavimobile> patdk-wk_: yes[18:30:11] <patdk-wk_> email from mua's should not use 25 (from clients/users)[18:30:16] <gavimobile> well I thought were doing that now on port 587. but ok[18:30:35] <gavimobile> mua's?[18:30:36] *** donmichelangelo has quit IRC[18:30:39] <patdk-wk_> maybe your confusing smtp with submission[18:30:43] <gavimobile> muas == client users?[18:30:49] <patdk-wk_> !mua[18:30:49] <knoba> patdk-wk_: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird[18:30:51] <gavimobile> patdk-wk_:[18:31:05] <gavimobile> I thought smtp == port 25 and submission == 587[18:31:33] <patdk-wk_> it is[18:31:34] <gavimobile> ok outlook == mua[18:31:41] <Zerberus> gavimobile: I didn't say port 26, 25 is the standard SMTP port for MTA interactivity[18:31:43] <gavimobile> so where am I not understanding you.[18:31:48] *** donmichelangelo has joined #postfix[18:31:56] <patdk-wk_> outlook is a mua it should use 587[18:31:58] <gavimobile> Zerberus: hey[18:32:05] <patdk-wk_> postfix is an mta, it should use port 25[18:33:00] <gavimobile> ok, but outlook is just the client... postfix is actually sending the mail[18:33:11] <gavimobile> so they are both outgoing[18:33:19] <gavimobile> smtp and submission are both outgoing[18:34:29] <lunaphyte_> everything is "outgoing"[18:34:44] <lunaphyte_> that's why i said before to forget about those ambigous terms[18:34:53] <gavimobile> lunaphyte_: hey[18:35:08] <gavimobile> lunaphyte_: ok so if that's the case so what I did was correct?[18:35:18] <gavimobile> enabling submission and smtp[18:35:38] <patdk-wk_> yes, but there is no point in letting users authenicate on smtp[18:35:48] <lunaphyte_> when an mua processes a message someone has composed, it "sends" that message to the mail server [the msa]. the msa then "receives" that message. then the msa processes that message and "sends" that message to whatever mail server is next.[18:36:15] <gavimobile> patdk-wk_: so I need to take permit_sasl_authenticated out from the recipient restrictions ?[18:36:31] <patdk-wk_> yes, that would require users to use 587, so they don't have *random* issues[18:37:00] <lunaphyte_> permit_sasl_authenticated should never be in global smtpd_recipient_restrictions[18:37:12] <lunaphyte_> only in smtpd_recipient_restrictions for submission in master.cf[18:37:18] <gavimobile> lunaphyte_: wow that's a lot of wrong online howtos, removing it[18:37:47] <lunaphyte_> yes, of course it is[18:37:51] <gavimobile> removed, but help me understand why.. permid_sasl_authenticated don't require the mtu to auth[18:37:58] <lunaphyte_> howtos are written by retards[18:38:27] <thumbs> (except for signum's) :)[18:38:53] <lunaphyte_> there are a few exceptions[18:39:08] <lunaphyte_> very few[18:39:40] <gavimobile> permit_sasl_authenticated == Permit the request when the client is successfully authenticated[18:39:50] <gavimobile> this is only worth something if reject is after[18:39:57] <gavimobile> if permit is after than its useless[18:40:36] *** zooko has joined #postfix[18:41:19] <lunaphyte_> submission and smtp are the inverse of one another in terms of the approach to restrictions[18:42:03] *** mechanicalduck has quit IRC[18:42:04] <lunaphyte_> for smtp, you have a "defauly policy" of accept, and then you precede that default policy with a number of potential rejection points[18:42:27] <lunaphyte_> s/accept/permit/, as it were[18:43:01] <gavimobile> and for submission[18:43:06] <thumbs> surely, this is documented :)[18:43:11] *** mechanicalduck has joined #postfix[18:43:12] <lunaphyte_> for submission, it's the reverse. you have a "default policy" of reject, and you precede that default policy with a number of possible permitting points[18:43:57] <gavimobile> but still permit_sasl_authenticated in recipient restrictions isn't a hazzard but its helpess[18:44:04] <lunaphyte_> it's a little more nuanced that that, really, since there's really just one permit item for subsmission, and there are also a handful of rejections too, but that's the gist[18:44:18] <zooko> Hm. Maybe this is why my postfix is rejecting my submissions over tls...[18:44:20] * zooko looks[18:44:58] <gavimobile> don't mean to change the subject however should reject_unauth_destination be added to submission? by default its not there[18:45:02] <zooko> Hm, no I currently have broken it in a deeper way while trying to fix those rejections: Jun 26 20:44:00 ssangkiyeok postfix/smtpd[3686]: fatal: no SASL authentication mechanisms[18:45:02] <zooko>[18:45:21] <lunaphyte_> reject_unauth_destination does not belong with submission[18:45:47] <gavimobile> lunaphyte_: I think im starting to understand[18:46:01] <gavimobile> I said starting.. relax folks :-p[18:47:59] <gavimobile> ok, so after these changes suggested by the channel, why does postfix still allow my mtu to relay on smtp as well[18:48:15] <zooko> Could you please look at this patch to my postfix config and give me any clues as to why this results in "no SASL authentication mechanisms" ?[18:48:17] <zooko> http://sebsauvage.net/paste/?bf176a192730d0dd#vGSlcIFLZwoJXa7eG2N2hJkIAsucgVcylBbvZMMxiYs=[18:48:45] <gavimobile> or since we want to allow mta's to send me mail, port 25 must be open, but don't use port 25 from my mtu's[18:48:48] <gavimobile> is this correct?[18:49:25] <rob0> gavimobile, did you pastebin logs and configuration (postconf -n) which showed this relaying on 25?[18:50:14] <zooko> Here's what my syslog says: http://sebsauvage.net/paste/?74b68e2dfa8f81ff#ro5gv/e+47/NQNr8ThWOtrKexSdQ0pTjHg2WubU5f+M=[18:50:29] *** tld has joined #postfix[18:50:43] <gavimobile> rob0: ill have a look[18:51:17] *** KippiX has quit IRC[18:52:44] <gavimobile> rob0: I don't see anything which would show relaying on 25 for my pastebin (postconf -n) the only things which are suspicious are what the channel directed me to change[18:53:38] <rob0> If you don't show us, how could we possibly catch what you missed? I don't understand this.[18:53:45] <gavimobile> rob0: working on it http://pastebin.com/MYk8C0zs[18:53:48] <gavimobile> :-)[18:54:01] *** Borg_ has joined #postfix[18:54:15] <gavimobile> rob0: did I prevent my server from open relay on port 25[18:54:17] <rob0> There are no LOGS in that.[18:54:50] <gavimobile> you said my postconf -n shows open relay for port 25[18:55:15] <gavimobile> now I assume you want to see the actuall logging of the connection between my mtu and postfix[18:55:16] <gavimobile> just a second[18:55:19] <gavimobile> sorry for not understanding[18:55:20] <rob0> I said nothing of the sort.[18:55:44] <rob0> Don't put words in my, er, keyboard.[18:57:01] <gavimobile> lol[18:57:11] * thumbs stuffs rob0[18:57:15] <rob0> You asked "how can this still be relaying on 25?" I asked if you had pastebinned necessary information whereby we could answer that.[18:57:22] <gavimobile> this is my log output from testing my mtu on port 25 http://pastebin.com/Q7E6gpDL[18:57:42] <rob0> grrrrrrr[18:57:48] <gavimobile> still no?[18:57:56] <gavimobile> that's a LOG[18:58:14] <rob0> Who told you we needed verbose logs?[18:58:18] <rob0> !verbose[18:58:18] <knoba> rob0: "verbose" : You probably do not need verbose logging, but in rare cases the extra detail can assist in debugging. To set verbose logging add a -v after the command name (such as smtpd) in master.cf, then 'postfix reload' after that.[18:58:39] <gavimobile> oops, I forgot I changed it to 3[18:58:47] <rob0> "smtpd_tls_loglevel = 3", yikes[18:58:48] <gavimobile> changed it back to 1[18:59:11] <rob0> anyway, down at the end of all that mess, we see that no relaying took place[18:59:41] <zooko> Aha. Found something. I'll be back...[18:59:43] <rob0> relay=virtual <-- this is YOUR domain[18:59:57] <rob0> Relaying means to send ELSEWHERE[18:59:58] <gavimobile> http://pastebin.com/RJpwRQxP[19:00:22] <gavimobile> if there is no relaying, so why is 25 accessable to my mtu[19:00:41] <rob0> Also, you might as well not enable SASL AUTH except where you plan to allow relaying.[19:00:51] <rob0> MTU?[19:01:04] <gavimobile> mut?[19:01:08] <gavimobile> my mail client[19:01:13] <gavimobile> outlook[19:01:31] <rob0> MUA. How can I know? Why shouldn't it be accessible?[19:02:10] <gavimobile> so there's no security threat that I send mail on port 25?[19:02:36] <rob0> 16:59 < rob0> relay=virtual <-- this is YOUR domain 16:59 < rob0> Relaying means to send ELSEWHERE[19:03:18] *** Borg_ has quit IRC[19:03:32] <gavimobile> rob0: im trying to understand how that answered my question[19:04:28] <zooko> Okay, here is what I currently get. It looks to me like postfix is rejecting my submission without ever asking dovecot to authenticate me (since dovecot doesn't log anything about any attempt to authenticate):[19:04:29] <zooko> http://sebsauvage.net/paste/?cfe047b0bba603e4#9DY0MfU3jCb2Bf0QIi909GhAF6IJMAdN+9ZP7mjJUV4=[19:04:34] <zooko> I'll look for ways to turn up the verbosity of postfix.[19:04:55] <jelly> funny how relay=local or relay=virtual isn't about relaying at all[19:04:56] <rob0> You asked "how can this still be relaying on 25?" I am pointing out that you are NOT relaying.[19:04:59] <gavimobile> im disabling this #smtpd_sasl_auth_enable = yes[19:05:55] <gavimobile> rob0: ok let me refraise, is it a security threat that my mail client can send mail on port 25 and port 587?[19:05:57] <rob0> zooko, I just showed the "!verbose" factoid, and FWIW, I won't look at anyone's verbose logs pastes unless I ask for it.[19:06:36] <rob0> It is a security threat to be using MS Outlook.[19:06:55] <patdk-wk_> it's closed source, how can anything closed source be deemed secure?[19:07:23] <patdk-wk_> or did I miss some 3rd party audit?[19:07:25] <rob0> not just that, it has known and exploitable attack vectors[19:07:39] * zooko scans back[19:07:50] <patdk-wk_> well, that is why it still has all those exploitable attack vectors :)[19:08:11] <zooko> rob0: I see. Thanks.[19:09:03] *** mechanicalduck has quit IRC[19:11:13] *** mechanicalduck has joined #postfix[19:12:03] <zooko> rob0: very helpful! Thanks. This means that my client is unauthenticated at this point, right? Jun 26 21:09:04 ssangkiyeok postfix/submission/smtpd[994]: generic_checks: name=permit_sasl_authenticated status=0[19:12:03] <zooko>[19:12:19] <zooko> The "status=0" I'm guessing means the request is not sasl-authenticated.[19:12:51] <lunaphyte_> you don't need verbose logging to see that[19:13:08] <lunaphyte_> with regular logging, postfix will log the authentication when it happens[19:13:37] <zooko> lunaphyte_ so I can tell from the absence of some logging line saying that a user authenticated, right?[19:13:53] *** UQlev has quit IRC[19:14:14] <rob0> Absence of an AUTH line does mean that AUTH was not done, right.[19:14:30] <zooko> Ok.[19:15:26] <zooko> Yeah, and I see in these verbose logs that postfix connected to dovecot and they both sounded happy about having met one another.[19:15:50] <lunaphyte_> Jun 26 13:14:55 mymailserver postfix/smspd[xxxxx]: xxxxxxxxx: client=foo.example.com[192.0.2.1], sasl_method=PLAIN, sasl_username=jdoe[19:15:59] <rob0> !outlook[19:15:59] <knoba> rob0: "outlook" : MS Outlook has numerous problems with TLS and AUTH support. Try using a better client to troubleshoot your Postfix server's AUTH features; then once you know it works, you can go back and break it such that Outlook will work. See the following MS KB article to enable transport logging in Outlook that may be of some help in troubleshooting, http://support.microsoft.com/kb/300479/en-us[19:15:59] <jelly> is 2.11 out? I see postconf(5) web page mentioning new features[19:16:05] <zooko> So now I think my client is just failing to authenticate itself...[19:16:11] *** trusktr has joined #postfix[19:16:15] <rob0> 2.11 is in development still.[19:16:32] <lunaphyte_> zooko: test it manually with s_client[19:16:47] <Aprogas> Is it decided yet whether 2.11 will be called 2.11 ?[19:17:28] <rob0> jelly, but Wietse keeps the online pages the same as the ones in the development version. Which is a good reason why you should read your own manuals & README files rather than consulting the online ones.[19:17:49] <rob0> Aprogas, I suspect it will be 2.11, yes.[19:18:01] <rob0> (but I don't know for sure)[19:19:50] *** BuenGenio_ has joined #postfix[19:20:15] <patdk-wk_> it will go the ms route, postfix 2014 :)[19:20:29] <zooko> Aha. I had "smtpd_sasl_auth_enable" when I meant to write "smtp_sasl_auth_enable".[19:21:49] <zooko> That was it! Yay! Thanks for the help, folks.[19:23:53] <rob0> !smtp!=smtpd[19:23:53] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[19:24:14] <rob0> Sounded to me like you DID want smtpd.[19:25:44] <tharkun> Is this number on the us? 1-866-434-2226[19:26:29] <Dominian> tharkun: You mean is it based in the US?[19:26:47] <tharkun> Dominian: yes, wrong chanel though ;P[19:26:56] <Dominian> tharkun: to answer your question, it appears to be hosted in the US, yes.[19:26:57] <Dominian> :)[19:27:07] <lunaphyte_> what channel is for telephone number ownership?[19:27:18] <Aprogas> channel 42[19:27:19] <Dominian> looks like it ties to some dollar rent a car firm[19:27:21] *** Motoko has joined #postfix[19:27:37] <tharkun> Dominian: Yes, I'm trying to contact them[19:27:54] <Dominian> quick google of that number shows them on a lot of customer complaint forums[19:27:59] <rob0> 866 is toll free, you might not be able to call it[19:28:22] <tharkun> rob0: Thanks that should be the isue.[19:28:44] *** UQlev has joined #postfix[19:28:51] <rob0> but, if you're using SIP, there are toll-free gateways you can hit :)[19:29:07] <Dominian> yep[19:29:14] <lunaphyte_> i'm using gulp[19:29:28] <Dominian> Link?[19:29:59] <lunaphyte_> gannon[19:30:37] *** mechanicalduck has left #postfix[19:30:49] <tharkun> rob0: Regular office line. No SIP yet but on the process.[19:34:47] *** snearch has joined #postfix[19:35:00] *** jarif has quit IRC[19:35:12] <rob0> if you do much calling in the US/Canada, SIP/asterisk would be a good investment of time.[19:35:40] <lunaphyte_> probably even if you don't :)[19:36:04] <Dominian> Just don't put it on the public internet if you can avoid it :P[19:38:30] <lunaphyte_> i had a great call termination provider that did only wholesale business but i'd been grandfathered in from when they were just getting started. they closed up shop at the end of 2011 though :([19:38:48] <Dominian> that sucks[19:41:39] *** snearch has quit IRC[19:46:09] *** gu1lle_ has joined #postfix[19:51:37] *** ced117 has quit IRC[19:58:36] *** zooko has quit IRC[20:00:41] <gavimobile> going over my conversation before rob0 said "Also, you might as well not enable SASL AUTH except where you plan to allow relaying." so that would mean I would add "smtpd_sasl_auth_enable = yes" to submittion[20:00:56] *** jarif has joined #postfix[20:03:11] <rob0> No spaces allowed in master.cf overrides, " -o smtpd_sasl_auth_enable=yes".[20:03:53] <gavimobile> rob0 I guess that means yes[20:05:07] <gavimobile> can I add all the rest too? smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_helo_required = yes in the same format without spaces?[20:06:23] <rob0> Ask, for each one, does it make more sense being set globally (in main.cf) or per smtpd instance (in master.cf)?[20:08:02] <gavimobile> no it doesn't[20:08:15] <rob0> The enable setting is the only one that enables anything. I'd think that all the others would be better in main.cf. Also, smtpd_helo_required is not related (and ought to be set globally anyway.)[20:08:59] <gavimobile> to set something globally should be done through the master.cf or main.cf[20:09:01] <gavimobile> ?[20:10:05] <gavimobile> I wish we had templates which we could copy from[20:10:36] <rob0> Are you reading what I have written?[20:10:46] *** mibofra has joined #postfix[20:10:46] *** mibofra has joined #postfix[20:10:54] <gavimobile> yes[20:11:35] <gavimobile> that this one -o smtpd_sasl_auth_enable=yes goes in master[20:11:40] <gavimobile> and the rest go in to main[20:12:15] <gavimobile> trying to understand what you meant about helo required..[20:13:00] <gavimobile> it defaults to no[20:13:26] <gavimobile> so what do you mean by setting goballu[20:13:30] <gavimobile> globally[20:14:22] *** BuenGenio_ has quit IRC[20:14:23] *** mechanicalduck has joined #postfix[20:21:38] <gavimobile> I think global your refering to main.cf[20:30:26] *** gu1lle_ has quit IRC[20:32:59] *** gu1lle_ has joined #postfix[20:37:28] *** Cromulent has joined #postfix[20:40:21] <UQlev> gavimobile, if you set global hello required you will send nothing via submission[20:41:29] *** Blacklite has quit IRC[20:42:37] *** Blacklite has joined #postfix[20:43:10] <rob0> huh? I have had smtpd_helo_required=yes since forever. What MUAs don't send EHLO?[20:46:01] <UQlev> rob0, what do you have in master.cf for smtpd_helo_restrictions=?[20:46:17] <gavimobile> I can send with it set to yes[20:46:58] <rob0> I don't usually set smtpd_helo_restrictions, so nothing to override.[20:47:32] <UQlev> rob0, what is the reason to set smtpd_helo_required=yes then?[20:47:53] <gavimobile> so that they introduce themselves to the server[20:47:56] <UQlev> rob0, .. if you keep it empty[20:48:05] <gavimobile> spamers aren't interested[20:48:22] <rob0> I use helo-related restrictions in other stages, of course.[20:48:37] <rob0> anyway, gtg, server rebooting[20:48:56] <gavimobile> rob should I set it or not'[20:49:08] <gavimobile> in main[20:49:45] <UQlev> gavimobile, quote: "rob0> I don't usually set smtpd_helo_restrictions"[20:51:26] <gavimobile> its not hurting UQlev[20:51:36] <gavimobile> or is it?[20:51:45] <gavimobile> what can be bad about it[20:52:07] <UQlev> without smtpd_helo_restrictions it doesn't hurt spammers either[20:52:39] <UQlev> unless you use it sone other way "helo-related restrictions in other stages"[20:54:02] *** rob0 has quit IRC[20:54:03] <UQlev> ok, gtg too[20:54:13] <gavimobile> ok thanks[20:54:14] *** UQlev has quit IRC[21:02:13] *** Bry8Star has quit IRC[21:04:57] *** Bry8Star has joined #postfix[21:08:14] *** rob0 has joined #postfix[21:08:14] *** rob0 has joined #postfix[21:11:13] *** snearch has joined #postfix[21:12:33] *** Cromulent has quit IRC[21:20:55] *** rob0 has quit IRC[21:25:35] *** gu1lle_ has quit IRC[21:33:45] <gavimobile> I can't find this on the postfix website "virtual_mailbox_limit_maps" I assume its depreciated[21:33:57] <gavimobile> is the new version virtual_mailbox_limit?[21:34:01] <thumbs> !virtual_mailbox_limit_maps[21:34:01] <knoba> thumbs: "virtual_mailbox_limit_maps" : virtual_mailbox_limit_maps is a setting introduced by a third-party patch. We don't support that patch here.[21:36:02] *** jabot has joined #postfix[21:36:27] <gavimobile> knoba: I see thanks[21:36:38] <gavimobile> thanks thumbs*[21:43:57] <adaptr> I see dead bots[21:44:21] *** jarif has quit IRC[21:44:48] *** Wamphyri has quit IRC[21:44:56] *** Monkey_b has joined #postfix[21:45:08] <Monkey_b> hey guys, is there a way to force the mail queue to resend via relay?[21:45:21] <Monkey_b> i have a bunch of messages stuck that i need delivered, but have to send them relayed or they wont go through[21:45:33] <Dominian> man postsuper[21:45:36] <Dominian> !postsuper[21:45:36] <knoba> Dominian: "postsuper" : the queue supervision tool for postfix. Use it with the option "-d" to remove mails from the queue. See 'man postsuper' for more information.[21:45:40] <Monkey_b> sweet[21:45:43] <adaptr> set a relayhost and then requeue all messages[21:46:24] <adaptr> if yuo always need to use the relay, that's the end. if not, things get more interesting[21:48:03] *** Wamphyri has joined #postfix[21:49:17] <Monkey_b> well the issue is that the messages got queued without a relay (relay=none)[21:49:26] <Monkey_b> we fixed the relay afterwards[21:49:42] <Monkey_b> but when we postqueue -f to resend the deferred messages, they continue to fail because relay=none[21:50:51] <adaptr> queued messages already include their nexthop[21:50:55] <adaptr> you need to re-queue them[21:51:32] <Monkey_b> how do we requeue them? i dont have a way to resend them using the application that originally sent them, which is why im trying to fix this at the postfix level[21:51:46] <adaptr> yuo asked how to resend "via relay". i nSMTP, "relay" has a specific meaning.[21:51:46] <Monkey_b> otherwise i would just purge them and resend[21:52:00] <adaptr> did you actually mean that, or did you just use the word[21:52:26] <Monkey_b> lets see, im using postfix to send email via an smtp relay (our exchange server)[21:52:31] <Monkey_b> is that correct use of the term relay?[21:53:43] <adaptr> is relayhost= set in main.cf ?[21:53:50] <Monkey_b> yes[21:53:59] <adaptr> then yes, you are using a relay to send mail[21:54:12] <adaptr> however, it has very little to do with the relay= log message[21:54:30] <adaptr> the log message indicates a RESULT. what actually happened.[21:54:57] <adaptr> since the mail was unable to be delivered, it is deferred (hence, relay=none)[21:54:57] *** biggimat has quit IRC[21:55:01] <adaptr> this says nothing about WHY[21:56:41] <Monkey_b> oh i see[21:57:11] <Monkey_b> hmmm then i guess im really confused as to why when i postfix -f, the messages still fail to deliver, even though postfix is now technically working correctly[21:57:21] <adaptr> re-read what I said above.[21:57:55] *** Section1 has quit IRC[21:58:15] <Monkey_b> im sorry adaptr, i really appreciate your help, and im definitely reading what you're saying, but i must be misunderstanding something[21:58:28] <Monkey_b> you're telling me relay=none in the mail log means that its not being able to relay[21:58:38] <adaptr> correct.[21:58:43] <Monkey_b> and telling me that relayhost should be set in relay.conf, which it is[21:58:54] <Monkey_b> and since postfix appears to be working now for new messages[21:59:02] <adaptr> no, IF you are using a relay to send mail, THEN you need to set relayhost[21:59:03] <Monkey_b> shouldnt it also work when i postqueue -f ?[21:59:12] *** Wamphyri has quit IRC[21:59:20] <adaptr> that has nothing to do with your question, since, as I explained, you abised the terminology[21:59:25] <adaptr> *abused[21:59:50] <Monkey_b> i apologise[21:59:53] <adaptr> with regards to your question, the relayhost does not matter[22:00:11] <adaptr> IF you have corrected the delivery problem, then yuo no longer have that problem[22:00:18] <adaptr> however, as I said above:[22:00:19] <adaptr> 21:50:51 adaptr . queued messages already include their nexthop[22:00:35] <adaptr> and IT WILL NOT CHANGE.[22:00:37] <Monkey_b> i see, so its too late to do anything to get those delievered via the correct route?[22:00:41] <adaptr> so you need to RE-queue them[22:00:48] <adaptr> "man postsuper"[22:00:51] <Monkey_b> ok[22:00:53] <Monkey_b> reading it now[22:01:04] *** Wamphyri has joined #postfix[22:01:06] <Monkey_b> postman -r ALL[22:01:08] <Monkey_b> ?[22:01:38] <Dominian> postsuper[22:02:11] <adaptr> Dominian: neva![22:02:17] <thumbs> superpost[22:02:18] <adaptr> it can't be postsuper[22:02:34] <adaptr> because I JUST FUCKING SAID THAT[22:02:44] <adaptr> and nobody ever listens to a word I say, well-known fact.[22:02:55] <Dominian> I didn't scroll up[22:03:14] <adaptr> your IRC window is 5 lines high ?[22:03:20] <Dominian> cause all I ever see is "blah blah blah"[22:03:21] <thumbs> it can be.[22:03:23] <Dominian> ;)[22:03:34] <Monkey_b> dude[22:03:35] <Monkey_b> adaptr[22:03:36] <Monkey_b> i love you[22:03:41] *** jarif has joined #postfix[22:03:42] <Monkey_b> thank you so much :)[22:03:46] <adaptr> yes, they all say that in the beginning[22:03:52] <adaptr> but in the end, they al lleave me[22:04:16] *** Borg_ has joined #postfix[22:05:38] <adaptr> 22:05:30 up 115 days, 9:22, 8 users, load average: 0.03, 0.12, 0.30[22:05:57] <adaptr> new kernel, new video drivers. need to reboot. sob.[22:06:48] <Dominian> :)[22:08:16] *** Wamphyri has quit IRC[22:08:48] *** Wamphyri has joined #postfix[22:08:54] <thumbs> you'll be missed.[22:11:33] <adaptr> I know. you'll be aiming for my head.[22:11:54] <adaptr> sigh. nvidia refuses to play nice with the old kernel loaded. oh well, TTY time[22:12:34] <adaptr> perhaps I'll switch to XFCE at the same time, I am pretty darn tired of the KRUFT[22:13:13] <adaptr> gooood niiight[22:13:18] <adaptr> seeee you soooooon (or not)[22:13:21] *** Wamphyri has quit IRC[22:14:13] *** Wamphyri has joined #postfix[22:15:01] *** adaptr has quit IRC[22:18:41] *** Wamphyri has quit IRC[22:19:19] *** Wamphyri has joined #postfix[22:26:20] *** Wamphyri has quit IRC[22:27:36] *** sbaugh has joined #postfix[22:29:09] *** gu1lle_ has joined #postfix[22:31:17] <sbaugh> Somewhat basic mail question: I'm using a smarthost to send mail, and my mails weren't being marked as spam by Google last night, but now they are, with no conf changes - shouldn't using a smarthost mean my mail is totally reliable, or is there some Postfix change I should still make?[22:32:14] <Aprogas> My first guess would be running the IP-address of the smarthost through multirbl.valli.org and also checking the SPF/DKIM records (if any) of your domains.[22:33:08] <sbaugh> spf is fine (according to gmail), I didn't set up DKIM because I wasn't sure if it would work while using a smarthost?[22:36:53] <sbaugh> the smarthost is on a few blacklists, but surely that didn't change overnight (I sure hope not) and it was not being marked as spam yesterday[22:36:54] *** UQlev has joined #postfix[22:38:24] <sbaugh> so again I assume it's a conf issue... or perhaps the smarthost isn't trusting my mail as much? i have no idea what mechanism that would be, but it's just a random SMTP server my ISP provides, which I was surprised to find worked for clearing my mail as spam[22:39:21] <Aprogas> At this point it is hard to tell anything for sure.[22:39:43] <Aprogas> Look at the full headers of the mail for clues; and depending on your contract/SLA with the smarthost, contact them for assistance.[22:47:56] *** adaptr has joined #postfix[22:48:46] *** Monkey_b has quit IRC[22:56:41] *** yofun has quit IRC[22:59:22] *** danblack has joined #postfix[23:09:46] *** grknight has quit IRC[23:13:15] *** UQlev has quit IRC[23:23:17] *** rlax has joined #postfix[23:23:42] *** jabot has quit IRC[23:23:43] *** hypnocat has joined #postfix[23:23:46] *** hypnocat has left #postfix[23:23:51] *** bungalo_ has joined #postfix[23:25:07] *** bungalo has quit IRC[23:25:08] *** bungalo_ is now known as bungalo[23:30:13] *** donmichelangelo has quit IRC[23:30:38] *** donmichelangelo has joined #postfix[23:32:57] *** rob0 has joined #postfix[23:32:57] *** rob0 has joined #postfix[23:34:25] *** jarif has quit IRC[23:37:42] *** mechanicalduck has quit IRC[23:49:45] *** danblack has quit IRC