June 30, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 30, 2013 [00:00:19] <adaptr> no it isn't[00:00:47] <adaptr> Ye is a medieval lazy spelling of The[00:01:06] <adaptr> Shakespeare was infamous for it[00:02:17] <v0lZy> 12c. shortening of Old English ic, first person singular nominative pronoun, from Proto-Germanic *ekan (cf. Old Frisian ik, Old Norse ek, Norwegian eg, Danish jeg, Old High German ih, German ich, Gothic ik), from PIE *eg-, nominative form of the first person singular pronoun (cf. Sanskrit aham, Hittite uk, Latin ego (source of French Je), Greek ego, Russian ja, Lithuanian aš). Reduced to i by mid-12c. in northern England, it began to be cap[00:02:17] *** p3rror has joined #postfix[00:02:52] <v0lZy> ;)[00:02:55] <adaptr> v0lZy: don't do that.[00:03:00] <v0lZy> I rest my case.[00:03:39] <v0lZy> (whoever is furthere interested: http://www.etymonline.com/index.php?allowed_in_frame=0&search=I&searchmode=none[00:03:40] <v0lZy> )[00:03:50] <v0lZy> (and I'm done)[00:06:09] <v0lZy> I think im gonna call it a night[00:06:11] <v0lZy> thanks for all the help[00:06:12] <pj> It's not a "lazy" spelling, the correct spelling was originally "Ye", but (iirc) printing presses of the time didn't have the "Y", so it was replaced with "Th" and "The" became common spelling.[00:08:53] <adaptr> lead was expensive![00:10:14] <v0lZy> just a coincidence, but theres cultures that when they point to themselves, point to their eye (japanese point to their noses for example) while in the west, the pointing towards one's own eye is popular[00:11:06] <pj> so????[00:11:26] <v0lZy> Funny how it falsl together with 'I' and the symbolism of the eye being a direct path to the 'soul' ... which is ones unmistakable 'true' identity...[00:11:43] <v0lZy> falls*[00:12:14] <adaptr> and I'm done[00:12:48] <v0lZy> Im calling it quits too[00:12:51] <v0lZy> its 0:12 here[00:13:00] <v0lZy> Talk to you later, and thanks again[00:13:04] <v0lZy> good night1![00:13:15] *** v0lZy has quit IRC[00:21:33] *** master_o1_master has joined #postfix[00:24:33] *** master_of_master has quit IRC[00:26:05] *** mechanicalduck has joined #postfix[00:36:02] *** wdp has quit IRC[00:41:19] *** p3rror has quit IRC[00:42:24] *** slcres has joined #postfix[00:55:03] *** wald00 has joined #postfix[01:19:28] *** shinao1 has quit IRC[01:38:59] *** wald00 has quit IRC[01:42:33] *** OpenSys has quit IRC[01:45:16] *** donmichelangelo has quit IRC[01:45:48] *** donmichelangelo has joined #postfix[01:49:32] *** OpenSys has joined #postfix[02:30:08] *** mechanicalduck has quit IRC[02:55:39] *** Colt has joined #postfix[03:22:27] *** Bry8Star has joined #postfix[03:41:03] *** tharkun has quit IRC[03:46:47] *** tharkun has joined #postfix[03:47:10] *** Colt has quit IRC[03:52:11] *** magyar has joined #postfix[03:52:11] *** magyar has joined #postfix[04:00:38] *** tff has joined #postfix[04:01:05] *** jumperboy has quit IRC[04:01:31] *** jumperboy has joined #postfix[04:01:47] <tff> So i've successfully forwarded local email accounts to remote Gmail accounts -- but how can I configure the server so that the remote Gmail accounts can reply to emails with a sending address of the original local email address?[04:01:55] <tff> i.e., relay the email through the postfix server[04:02:02] <tff> Or what is this function called?[04:10:08] <rob0> I don't quite know what you are asking. Usually the sender address is set in the MUA.[04:10:34] <rob0> If gmail is your MUA, check with gmail support.[04:12:43] <tff> So it is not necessary to contact the server to send an email with an origin that is hosted there?[04:13:09] <tff> origin/sender address[04:13:25] <tff> (Wouldn't that mean that anyone could use the sender address if they set their MUA to do so?)[04:13:56] *** tharkun has quit IRC[04:14:05] *** tharkun has joined #postfix[04:14:15] <rob0> It generally does mean that, yes; DKIM and other sender verification schemes notwithstanding.[04:16:15] <tff> Huh, OK, thanks[04:16:25] <tff> I don't really understand mail[04:16:48] <rob0> ah, okay. Maybe the wikipedia page will give you a good overview.[04:17:12] <tff> Indeed[04:18:09] *** krisfremen has quit IRC[04:28:05] *** gu1lle_ has joined #postfix[04:31:47] *** tff has quit IRC[04:34:20] *** tharkun has quit IRC[04:34:30] *** tharkun has joined #postfix[04:48:23] *** tharkun has quit IRC[04:49:21] *** aindilis2 has joined #postfix[04:53:51] *** tharkun has joined #postfix[05:02:57] *** danblack has quit IRC[05:04:08] *** donmichelangelo has quit IRC[05:04:34] *** donmichelangelo has joined #postfix[06:00:29] *** donmichelangelo has quit IRC[06:00:56] *** donmichelangelo has joined #postfix[06:16:35] *** danblack has joined #postfix[06:51:26] *** krisfremen has joined #postfix[06:51:26] *** krisfremen has joined #postfix[08:03:45] *** danblack has quit IRC[08:12:56] *** danblack has joined #postfix[08:16:09] *** magyar has quit IRC[08:30:54] *** v0lZy has joined #postfix[08:31:04] <v0lZy> morning[08:35:30] *** causasui has quit IRC[08:35:33] *** Bronze has quit IRC[09:13:29] *** causasui has joined #postfix[09:27:36] *** tff has joined #postfix[09:28:38] <tff> I've set up several aliases to be forwarded to an external webmail system (Gmail), but I'm trying to figure out how to allow Gmail to send mail back through postfix.[09:29:05] <tff> It allows one to figure a relay SMTP server, but account credentials are necessary[09:29:22] <tff> Does this then require abandoning aliases and making proper accounts?[09:40:05] *** danblack has quit IRC[10:11:36] *** e66 has quit IRC[10:26:39] *** wdp has joined #postfix[10:33:58] *** tff has quit IRC[11:00:29] *** donmichelangelo has quit IRC[11:01:04] *** donmichelangelo has joined #postfix[11:14:02] *** mechanicalduck has joined #postfix[11:28:08] *** lunaphyte_ has quit IRC[11:28:42] *** ced117 has joined #postfix[11:39:29] *** snearch has joined #postfix[11:45:18] *** gavimobile has joined #postfix[11:50:02] <gavimobile> I would like my postfix configuration to only send mail to users. what other changes could you guys recommend to cut down on potential threats? postconf -n && postconf -Mf http://pastebin.com/RQipn5eM[11:50:21] <gavimobile> I don't need to receive ANY mail[11:50:26] <gavimobile> only send[11:57:49] *** e-ndy has quit IRC[11:58:09] <waldi> postconf -e inet_interfaces=loopback-only[12:01:49] *** Cromulent has joined #postfix[12:01:57] *** danblack has joined #postfix[12:02:39] *** Cromulent has quit IRC[12:04:06] <gavimobile> waldi anythign else?[12:14:19] *** mechanicalduck has quit IRC[12:30:12] *** koobs has quit IRC[12:30:25] *** koobs has joined #postfix[12:30:41] *** koobs has joined #postfix[12:43:57] *** lunaphyte_ has joined #postfix[12:45:21] *** koobs` has joined #postfix[12:45:41] *** koobs has quit IRC[12:46:50] *** SamGoody has joined #postfix[12:47:10] <SamGoody> Hello all[12:47:29] <SamGoody> My main.cf file seems to be ignored[12:48:03] <SamGoody> sudo postconf -d smtpd_recipient_restrictions[12:48:10] <SamGoody> smtpd_recipient_restrictions =[12:48:57] *** koobs` has quit IRC[12:49:01] *** koobs has joined #postfix[12:49:09] <SamGoody> Despite the fact that in main.cf, the last line of the file is: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination[12:49:30] <SamGoody> I cant even begin to guess how to debug[12:49:49] <SamGoody> !welcome[12:49:49] <knoba> SamGoody: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[12:59:46] <SamGoody> Can someone please confirm that me messages are not being blocked on IRC?[13:01:20] *** koobs has quit IRC[13:01:31] *** koobs has joined #postfix[13:02:41] <gavimobile> SamGoody: is somebody talking in this channel?[13:02:50] <gavimobile> I think I can hear something, but im not sure :-p[13:03:14] <gavimobile> SamGoody: hear you loud and clear[13:05:10] <SamGoody> Thank you very much[13:05:26] <SamGoody> At least I know I'm posting[13:05:47] <SamGoody> Now, anyone have any idea what to do about the fact that my main.cf file is ignored?[13:06:57] <adaptr> it is not ignored.[13:08:06] <SamGoody> sudo postconf -d smtpd_recipient_restrictions[13:08:10] <SamGoody> Shows: smtpd_recipient_restrictions =[13:08:18] <adaptr> and ?[13:08:21] <SamGoody> But in the last line of main.cf[13:08:30] <SamGoody> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination[13:08:42] <adaptr> yes, you've said that repeatedly. once suffices.[13:09:03] <SamGoody> So, being anoob, I thought that that line must be being ignored[13:09:17] <adaptr> it's telling you what you asked for[13:09:20] <adaptr> "man postconf"[13:09:52] *** tharkun has quit IRC[13:10:05] *** tharkun has joined #postfix[13:10:24] <SamGoody> According to man postconf "By default, the postconf(1) command displays the values of main.cf configuration parameters"[13:10:29] *** p3rror has joined #postfix[13:10:46] <adaptr> correct.[13:11:15] <SamGoody> Since what could cause the value output by postconf to be different than that which I see in the main.cf[13:11:31] *** OpenSys has quit IRC[13:11:33] <SamGoody> And thank you for suffering someone who is new[13:11:35] <adaptr> a number of things.[13:11:54] <adaptr> defining it more than once will only respect the last one set[13:12:20] <adaptr> and, of course, as the postconf manual shows you, there are flags to influence its output[13:12:29] <SamGoody> I ensured it is only once in main.cf, and that once is in the last line of the file[13:13:43] <SamGoody> Can you show me how I see which flags might be affecting output[13:14:07] <adaptr> "man postconf"[13:14:07] *** OpenSys has joined #postfix[13:14:32] <SamGoody> I actually read a lot of it before coming in here, but will try again.[13:17:03] <rob0> Specifically look at -d, 10:48 < SamGoody> sudo postconf -d smtpd_recipient_restrictions[13:17:21] <rob0> You used -d, did you know why and what it does?[13:17:31] <SamGoody> Thank you very much, rob0[13:18:05] <SamGoody> I thought I did,[13:18:54] <SamGoody> I thought it displayed the default settings, which meant whatever is in main.cf as opposed to being whatever might be overriding it[13:19:03] <SamGoody> But now, rereading, I think I see my err.[13:19:05] <adaptr> the manual says exactly what it does[13:19:24] <SamGoody> Can you imagine that I might have missunderstood a man page?![13:19:27] <adaptr> shows the default configuratio settings AS OPPOSED TO what is ACTUALLY in main.cf[13:19:43] <rob0> "Default" means what is set if nothing is set to change it.[13:19:51] <SamGoody> got it[13:20:39] <rob0> You must be using version 2.10, to have a default empty smtpd_recipient_restrictions.[13:20:51] <adaptr> or a very lousy distribution[13:20:54] <SamGoody> I installed using apt-get, last week[13:21:17] <adaptr> SamGoody: again, postconf will TELL you exactly.[13:21:44] <SamGoody> OK, did it without the d, and now everything shows correctly[13:21:59] <SamGoody> But unfortunately, it still doesnt send my mails.[13:22:25] <adaptr> you never said anything about not sending mails. see the !welcome factoid.[13:22:31] <SamGoody> Nonetheless, before wasting any of your time, I will spend some more time reading up, and only retrn when I feel like its not wasting your time[13:22:39] <adaptr> first, RELEVANT logs, then postconf -n[13:22:45] <rob0> good idea :) good luck[13:22:52] <SamGoody> Yes, indeed. I saw !welcome, and I wasn't complaining[13:28:56] *** p3rror has quit IRC[13:31:09] *** davlefou has joined #postfix[13:31:59] <SamGoody> OK, I'm back, I think better informed.[13:32:50] <SamGoody> The problem: When I send a test mail from localhost to gmail, it works. When I telnet in from a remote host, I get a message Relay access denied[13:33:20] <SamGoody> postconf -n:[13:33:21] <rob0> we have a factoid for that :)[13:33:22] <SamGoody> alias_database = hash:/etc/aliases[13:33:22] <SamGoody> alias_maps = hash:/etc/aliases[13:33:22] <SamGoody> append_dot_mydomain = no[13:33:23] <SamGoody> biff = no[13:33:23] <SamGoody> broken_sasl_auth_clients = yes[13:33:23] *** SamGoody has quit IRC[13:33:40] *** SamGoody has joined #postfix[13:33:47] <rob0> !tell SamGoody relay_denied[13:33:47] <knoba> SamGoody: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[13:33:54] <SamGoody> I guess I did that wrong[13:34:00] <rob0> That's also covered in:[13:34:03] <rob0> !basic[13:34:03] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[13:34:04] <SamGoody> OK, will read that. BRB[13:34:16] <rob0> and maybe also:[13:34:19] <rob0> !sasl[13:34:19] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[13:34:44] <rob0> (if requiring AUTH for relay authorization)[13:34:44] <SamGoody> Ive read both of those pages, and many more[13:34:55] <SamGoody> But will reread them[13:35:17] <rob0> again, it sounds like you have 2.10[13:35:25] <rob0> !smtpd_relay_restrictions[13:35:25] <knoba> rob0: "smtpd_relay_restrictions" : Restrictions to control relaying, implemented in Postfix 2.10. Prior to 2.10 smtpd_recipient_restrictions included this functionality. See !access and http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions[13:36:16] *** koobs has quit IRC[13:36:16] *** koobs has joined #postfix[13:40:15] <SamGoody> OK, reread them. I don't see any way to test that sasl is setup correctly. EHLO gets back a response 250-AUTH PLAIN LOGIN DIGEST-MD5, and postconf -n shows smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination[13:40:16] <SamGoody> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination[13:40:27] <SamGoody> smtpd_sasl_auth_enable = yes[13:40:32] <SamGoody> smtpd_sasl_path = private/auth[13:40:37] <SamGoody> smtpd_sasl_type = dovecot[13:40:41] <adaptr> SamGoody: don't do that.[13:40:49] <adaptr> use a pastebin FGS[13:41:01] <SamGoody> It was only those five lines[13:41:20] <SamGoody> Since I thought that was all that mattered, but will now pastbin it, thank you for correcting me[13:41:45] <adaptr> testing SASL is trivial, and documented.[13:42:13] <adaptr> see the link rob0 gave you above[13:42:20] <SamGoody> http://pastebin.com/E4vbMmrr[13:43:08] <SamGoody> On that page, the only methods that applied to dovecot sasl, has been passed successfuly[13:43:23] <SamGoody> Which is the EHLO response[13:43:43] <SamGoody> Please go easy on me, I do recognise that you are volunteering precious time[13:43:44] *** ogny has joined #postfix[13:44:09] <adaptr> you should not be offering AUTH before TLS, as this allows password sniffing[13:44:38] <adaptr> do you have TLS configured yet ?[13:44:39] <SamGoody> OK, will fix that.[13:44:50] <SamGoody> No[13:45:29] <adaptr> that would be first, then. you can't require TLS if you don't have TLS working[13:45:55] <adaptr> are you doing this on port 25 ?[13:46:01] <SamGoody> yes[13:46:23] <adaptr> well, don't. user submission belongs on submission[13:46:34] <adaptr> port 25 is for MTA-to-MTA traffic[13:47:02] <SamGoody> I was following a tutorial: http://articles.slicehost.com/2008/8/6/postfix-using-telnet-to-test-postfix[13:47:40] <SamGoody> But I have tried using a client instead of telnet (Apple Mail), with the same result[13:47:47] <SamGoody> What port should I use?[13:47:55] <adaptr> yesh[13:48:00] <adaptr> !tell SamGoody tutorial[13:48:00] <knoba> SamGoody: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[13:48:14] <adaptr> !tell SamGoody submission[13:48:14] <knoba> SamGoody: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[13:48:29] <SamGoody> With all due respect, I first read all of the said pages on the postfix site[13:48:38] <SamGoody> And I tried very hard to understand.[13:49:03] <SamGoody> Due to the fact that it didnt specify a port or method of remotely testing, I used a tutorial that made a lot of sense to me.[13:49:04] <adaptr> you won't. not within some considerable time, anyway. postfix (and email) are not simple[13:49:22] <SamGoody> I worked on this for two weeks before coming here.[13:49:47] <SamGoody> While that still makes me new and wet behind the ears, I am trying to be as respectable as I could be[13:50:02] <adaptr> nobody is saying otherwise, are they ?[13:50:25] <SamGoody> And I realize its not simple, all my respect to you guys for coding, documenting, and helping[13:50:53] <adaptr> don't forget bullying[13:51:53] <SamGoody> Alrigh, I'll try to go through that PDF and get back afterwards.[13:52:29] <adaptr> the PDF is only rationalization. there is a commented-out submission exampe in master.cf[13:52:33] <adaptr> *example[13:53:03] *** ogny has quit IRC[13:53:23] *** danblack has quit IRC[13:54:13] *** SamGoody has quit IRC[14:28:05] *** ogny has joined #postfix[14:29:21] *** mechanicalduck has joined #postfix[14:30:03] *** Bronze has joined #postfix[14:32:33] *** sniffells has quit IRC[14:46:03] *** Temikus has joined #postfix[15:01:15] *** ogny has quit IRC[15:09:13] *** Temikus has quit IRC[15:19:54] *** p3rror has joined #postfix[15:39:35] *** turkinator has joined #postfix[15:40:34] *** turkinator has quit IRC[15:58:19] *** n0sq has joined #postfix[15:59:36] *** mibofra has joined #postfix[16:04:06] *** mechanicalduck has quit IRC[16:07:48] *** mechanicalduck has joined #postfix[16:09:33] *** gavimobile has quit IRC[16:19:38] *** jarif has joined #postfix[16:21:18] *** snearch has quit IRC[16:24:32] *** n0sq has quit IRC[16:27:01] *** n0sq has joined #postfix[16:29:24] *** p3rror has quit IRC[16:29:28] *** jimpop has quit IRC[16:30:09] *** donmichelangelo has quit IRC[16:30:41] *** donmichelangelo has joined #postfix[16:34:35] *** jarif has quit IRC[16:47:47] *** mechanicalduck_ has joined #postfix[16:49:05] *** mechanicalduck has quit IRC[16:51:17] *** Colt has joined #postfix[16:58:01] *** aneks has joined #postfix[17:00:07] *** aneks has quit IRC[17:00:07] *** aneks has joined #postfix[17:00:16] <aneks> I keep getting improper command pipelining after EHLO from unknown[192.168.100.50] when I try to setup Mozilla Thunderbird to use my mail server, does anyone know what that could be?[17:04:13] *** xDamox has quit IRC[17:04:38] *** xDamox has joined #postfix[17:10:06] *** aneks has left #postfix[17:13:35] <patdk-wk_> aneks, why are you rejecting pipelining to your clients?[17:17:43] <lunaphyte> it's generally ok to allow pipelining for submission[17:18:02] <lunaphyte> you do have a proper submission set up, right? separate from your mx service?[17:45:56] *** necrogami has quit IRC[17:47:59] *** necrogami has joined #postfix[17:55:17] * v0lZy pulls on his snare[17:55:20] <v0lZy> Hi lunaphyte ! :D[18:02:48] *** mandragor has joined #postfix[18:15:46] *** mechanicalduck has joined #postfix[18:16:43] *** mandragor has quit IRC[18:17:12] *** mechanicalduck_ has quit IRC[18:24:36] *** Bronze has left #postfix[18:35:51] *** mandragor has joined #postfix[18:41:34] *** UQlev has joined #postfix[18:41:50] *** ced117 has quit IRC[18:42:43] *** jimpop has joined #postfix[18:44:36] *** ElGrotto has joined #postfix[18:45:46] *** jarif has joined #postfix[18:49:09] *** doomas has quit IRC[18:51:56] *** ced117 has joined #postfix[18:52:20] <ElGrotto> hiyas.. just making sure that latest postfix (2.10.1) not building against the latest berkeley (6.0 series) is a known issue. It's to do with a version check on line 705 of src/util/dict_db.c which checks for equality of version (rather than >=, but it doesn't know about the version 6 series of db).[18:53:13] *** mandragor has quit IRC[18:54:15] *** niki has joined #postfix[18:55:14] <ElGrotto> well, the version check is a few lines before that, 705 is hte line that bombs out :).[18:57:45] *** wdp has quit IRC[19:10:37] <adaptr> just fix it and rebuild[19:10:52] <adaptr> unless DB 6 specifically introduces incompatibilties we don't know about[19:13:25] <ElGrotto> hehe yeah that's why I was asking here; my knowledge of the internals of both postfix and db are non-existant and there is a lot of #if #else #etc in the code :)[19:13:55] <adaptr> well, the code shown should hint what is different between them[19:14:41] <adaptr> for DB versions > 4, it checks if it can open the db with 644, and fails if it can't.[19:15:00] <adaptr> I suspect this to be a shortcut, since not all map functions write to DBs.[19:15:12] <adaptr> or perhaps it is a hack to "lock" it[19:15:32] <adaptr> you should ask wietse on the mailing list for a definnitive answer[19:16:42] <ElGrotto> shortcut, hack .. hehe not promising words :-).. I'm not in a rush and I'd rather wait for a properly fixed version by someone who knows what they're doing.. the reason I message here was because there was no bug database linked from postfix.org (for me to check if it's known easily), hence irc to make sure it's known about :)[19:17:45] <adaptr> that is correct. there is none.[19:17:54] <adaptr> areport it on the mailing list[19:18:20] <adaptr> turnaround time will be 24 hours or less[19:18:35] <adaptr> maybe a bit more here since it has to be backported to all supported versions[19:21:06] <adaptr> ElGrotto: if you know how too patch, they will welcome that, but that would require you to understand and test the changes :)[19:21:16] <adaptr> if tl;dr, just report it[19:22:06] <ElGrotto> I'm neither a mail nor db expert :)[19:22:34] <adaptr> but I didn't encounter the issue, as I don't have Db 6 anywhere[19:22:44] <ElGrotto> yeah I guess it's a new release[19:23:20] <ElGrotto> I have scripts that build an LFS system by pulling the latest release versions of things down from the net[19:24:59] <adaptr> grmph. oracle stopped using the normal versioning and now names it after Oracle releases[19:25:19] <adaptr> so the latest berkeley DB is 12c. go figure.[19:26:50] *** nutron|w has quit IRC[19:46:07] *** aindilis2 has quit IRC[19:48:13] *** grknight has joined #postfix[19:50:55] *** Patrickdk has quit IRC[19:51:58] *** krisfremen has quit IRC[19:56:27] *** krisfremen has joined #postfix[19:56:27] *** krisfremen has joined #postfix[19:57:08] *** mechanicalduck has quit IRC[19:59:32] *** mechanicalduck has joined #postfix[20:05:26] *** hypnocat has joined #postfix[20:06:19] *** krisfremen has quit IRC[20:07:08] <hypnocat> i just set up postfix on a VPS which has 1 ip address... i've named the machine itself as myhost.mydomain.com, while the mx record points to the same ip via mail.mydomain.com[20:07:35] <hypnocat> now i'm not sure what domain name to ask my VPS provider to set the reverse dns to[20:07:50] <hypnocat> should it be to mydomain.com or to myhost.mydomain.com or to mail.mydomain.com ?[20:08:05] <hypnocat> does it matter?[20:08:44] <adaptr> !FCrDNS[20:08:44] <knoba> adaptr: "FCrDNS" : http://en.wikipedia.org/wiki/Forward_Confirmed_reverse_DNS : your IP address should resolve to $myhostname, which in turn should resolve back to your IP. This is very important if you want big sites to accept your mail. If you can't have it from your ISP, see !relayhost[20:09:50] <adaptr> if the MX record points to mail.example.com, and myhostname is mail.example.com, postfix will EHLo with mail.example.com, and your IP's PTR should be mail.example.com[20:10:24] *** krisfremen has joined #postfix[20:10:24] *** krisfremen has joined #postfix[20:12:41] *** Cromulent has joined #postfix[20:18:27] <hypnocat> alright[20:18:30] <hypnocat> thank you very much[20:21:30] *** pajamian has joined #postfix[20:23:50] *** pj has quit IRC[20:37:13] *** corretico has joined #postfix[20:37:55] *** wdp has joined #postfix[20:37:56] *** wdp has joined #postfix[20:44:19] *** krisfremen has quit IRC[20:44:50] *** SamGoody has joined #postfix[20:49:32] *** krisfremen has joined #postfix[20:49:32] *** krisfremen has joined #postfix[20:53:24] *** mechanicalduck_ has joined #postfix[20:53:40] *** UQlev has quit IRC[20:55:07] *** mechanicalduck has quit IRC[20:56:30] *** lietzmk__ has joined #postfix[20:58:01] *** grknight has quit IRC[20:59:24] *** grknight has joined #postfix[21:12:14] *** ced117 has quit IRC[21:12:59] *** sniffells has joined #postfix[21:21:15] *** gerhard7 has joined #postfix[21:28:19] *** mibofra has quit IRC[21:28:30] <SamGoody> hello all[21:28:38] *** heath has quit IRC[21:28:42] <lietzmk__> hello[21:29:28] <SamGoody> Got some help this morning. I had been requiring tls without it being setup correctly.[21:29:50] <SamGoody> Have now diabled TLS in the main.cf, and master.cf[21:29:56] *** heath has joined #postfix[21:30:11] <waldi> remove the options you added[21:30:23] *** v0lZy has quit IRC[21:30:31] *** niki has quit IRC[21:30:44] <SamGoody> Removed all the TLS stuff, should I remove everything else I added as well? They all look right[21:31:03] <lunaphyte> why would you remove tls? just fix it[21:31:12] <SamGoody> When I try to send over telnet, I get Client host rejected: Access denied[21:31:24] <SamGoody> I actually think everything is setup correctly[21:31:44] <SamGoody> I removed the TLS, because I figured that I should try to debug one problem at a time[21:32:04] <lunaphyte> so why exactly is it you're trying to fix?[21:32:11] <SamGoody> So I figured, I should first make sure its authenticating and sending, and then I will add the TLS[21:32:29] <lunaphyte> "its authenticating and sending"? what does that mean?[21:32:47] <SamGoody> When I try to send mail from a remote machine, using telnet, I get the above err[21:32:56] <SamGoody> The mail.log shows that the auth is ok[21:33:07] <SamGoody> auth client connected[21:33:12] <lunaphyte> pastebin your full telnet test, and pastebin the log[21:33:20] <lunaphyte> and pastebin postconf -nf; postconf -Mf[21:33:30] <SamGoody> OK, one sec[21:35:27] <SamGoody> http://pastebin.com/uG919tTB[21:36:26] <SamGoody> http://pastebin.com/KTuNLDz8[21:36:28] <SamGoody> Thanks[21:37:42] *** mibofra has joined #postfix[21:37:42] *** mibofra has joined #postfix[21:38:56] <lunaphyte> you didn't authenticate[21:39:18] *** Cromulent has quit IRC[21:40:04] <SamGoody> http://pastebin.com/yAN2238R[21:40:08] <lunaphyte> also, you should not be offering auth on port 25.[21:40:09] <SamGoody> I didn't?[21:40:35] <SamGoody> I mean, I didn't, because I dont know where to.[21:40:45] <lunaphyte> in your telnet test...[21:41:26] <lunaphyte> remove smtpd_sasl_auth_enable = yes from main.cf, and set smtpd_recipient_restrictions = reject_unauth_destination[21:41:36] <lunaphyte> and set smtpd_relay_restrictions =[21:41:38] <lunaphyte> you don't need that.[21:42:00] <lunaphyte> and remove -o smtpd_sender_restrictions=permit_sasl_authenticated form master.cf for submission. you don't need that either[21:42:11] <lunaphyte> oh, and -o smtpd_client_restrictions=permit_sasl_authenticated,reject too[21:42:16] <SamGoody> If I remove the sasl authentication, isn't that very insecure?[21:42:23] <lunaphyte> huh?[21:42:38] <lunaphyte> smtp auth is for submission only. not smtp.[21:42:45] <lunaphyte> that means 587 only, not 25.[21:43:04] <lunaphyte> smtp/25 is only for mail destined for your server coming from other mail servers.[21:43:41] <lunaphyte> there's no need to do authentication for that, and it couldn't happen anyway, because arbitrary servers delivering mail to you for your domains don't have credentials to authenticate to your system.[21:43:48] <SamGoody> Got it.[21:43:57] <SamGoody> Will do as you said, one min[21:44:18] <SamGoody> But just to understand, in my telnet test, where would I authenticate?[21:44:37] <lunaphyte> after it is offered[21:44:59] <lunaphyte> oh and you can turn off broken_sasl_auth_clients = yes too. that's dumb.[21:45:07] <lunaphyte> just don't use broken clients.[21:45:12] <SamGoody> OK, will try editing and testing again. Thank you.[21:45:29] <lunaphyte> you're welcome.[21:45:38] <lunaphyte> also foolish; mailbox_size_limit = 0. don't do that.[21:50:20] *** hikenboot has joined #postfix[21:53:44] <hikenboot> hello I am using debian 7 the latest postfix packages (specifically postfix set-permissions) is looking for dict_sdbm.so) it is supposed to be in the postfix-dev package but it doesnt appear to be however the postfix.h file is anyone able to help[21:55:05] <adaptr> for help with debian's insane packaging, ask #debian[21:55:34] <hikenboot> I asked noone knows[21:55:56] <hikenboot> can I compile the postfix dev from source?[21:56:01] <adaptr> what is the error, exactly[21:56:03] <hikenboot> if so what options are recommened[21:56:06] <jimpop> hikenboot: where do you see postfix looking for that?[21:56:07] <hikenboot> the file doesnt exist[21:56:17] <hikenboot> postfix permissions[21:56:35] <jimpop> i have 2 debian7 servers and neither have that file, nor seem to be looking for it[21:57:08] <hikenboot> dont know what to tell you , it is looking for it, definately[21:57:16] <jimpop> how do you know this?[21:57:29] <adaptr> hikenboot: what is the error you get, exactly[21:58:20] <hikenboot> because I type in postfix set-permissions and it says cannot access /usr/lib/postfix/dict_sdbm.so: no such file or directory[21:58:32] *** mechanicalduck has joined #postfix[21:58:37] <adaptr> hikenboot: what is the error you get, exactly[21:58:46] <hikenboot> thats the error[21:59:11] *** shinao1 has joined #postfix[21:59:13] <hikenboot> sorry it says chown then that[21:59:39] <jimpop> i get that error when i run that command.... i just never have/had the need to run that command.[21:59:56] * jimpop wonders how many other errors he would get for commands he never needs to run[22:00:04] <adaptr> hikenboot: it is not part of my installation.[22:00:15] <hikenboot> I seem to have a permissions issue on my installation so I thought i would take a san snapshot and try running it[22:00:37] <adaptr> what did you change from the debian installation[22:00:47] <adaptr> ah, we have a !goal[22:00:52] <adaptr> !tell hikenboot goal[22:00:52] <knoba> hikenboot: "goal" : describe your goal, not what you think the solution is[22:01:22] *** mechanicalduck_ has quit IRC[22:01:36] <hikenboot> my installation has postfix sasl clamav and a few others[22:02:24] <hikenboot> the error i am trying to fix to be exact is fatal: remove priate/scan Permission denied from postfix/master in log[22:02:37] *** mechanicalduck_ has joined #postfix[22:02:48] <hikenboot> I have a feeling this folder might be made by the antivirus[22:03:02] <adaptr> so don't reference it in master.cf[22:03:54] <adaptr> postfix assumes control over all sockets defined in master.cf[22:03:55] <hikenboot> also getting warning SASL connect to auth dovecot failed permission denied[22:04:00] <adaptr> if that is incorrect, remove it[22:04:13] <adaptr> so create it with the correct permissions[22:04:17] <adaptr> problem #2[22:04:44] <adaptr> hikenboot: where did you create the dovecot auth socket[22:04:58] <adaptr> postfix on debian is chrooted by default; this messes things up unnecessarily[22:05:57] *** mechanicalduck has quit IRC[22:06:53] <hikenboot> I cant seem to find documentation on what the permissions are supposed to be ...how about I post my configurations? It is a complicated setup and postfix is NOT my strong point...but its a required component of what I am trying to accomplish[22:07:15] <hikenboot> permissions for all the postfix files and other components[22:07:23] <adaptr> if postfix is not your strong point, why is your configuration complicated ?[22:07:31] <adaptr> I'd strongly advise against that[22:07:41] <hikenboot> because it is required that this be well secured[22:07:49] <adaptr> that makes no sense whatsoever[22:07:52] *** mechanicalduck_ is now known as mechanicalduck[22:07:56] <adaptr> postfix is very secure by default[22:08:06] <hikenboot> well I need encryption[22:08:25] *** pajamian is now known as pj[22:08:33] <adaptr> still not hearing anything complicated[22:09:16] <hikenboot> ok well glad you dont think so but for me it has been difficult...question is it documented anywhere what the permissions on the files and directories are supposed to be and group ownership?[22:10:04] <hikenboot> everything but SASL and the private /scan seems to work[22:10:57] <adaptr> you should step back a fair amount and start fresh. integrate and configure one thing at a time.[22:11:38] <adaptr> I would suggest the following as a basic usable schedule: identity, mail reception, access control, TLS, SASL, submission[22:11:45] <hikenboot> I have tried building this from scratch three times and it always comes down to these two errors[22:12:18] <rob0> The only thing in the Postfix queue_directory on which you would set permissions (chroot excepted) would be the Dovecot SASL socket. As SASL_README says, mode 660 owned by:[22:12:23] <rob0> !mail_owner[22:12:23] <knoba> rob0: "mail_owner" : a configuration parameter in the main.cf: The UNIX system account that owns the Postfix queue and most Postfix daemon processes. Specify the name of a user account that does not share a group with other accounts and that owns no other files or processes on the system. In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.[22:12:47] <adaptr> rob0: if he wants it private. otherwise, xx6 owned by whoever.[22:13:03] <adaptr> I don't recall offhand if I bother with that[22:13:14] <adaptr> but it gets complicated when you chroot, and other stuff[22:13:39] *** hypnocat has left #postfix[22:13:49] <hikenboot> not trying the chroot in the test...later I need to make it multiserver with a db back end and probabl chroot but not trying that now[22:14:20] <hikenboot> i set it to group and user postfix and 0660 for permissions[22:14:38] <adaptr> hikenboot: it is already chrooted. this is what debian does.[22:14:41] <rob0> Like a plan, that sounds.[22:14:58] <hikenboot> oh...i see[22:15:26] <adaptr> rob0: all sockets in private/ that postfix creates are 666 :)[22:18:06] *** mechanicalduck has quit IRC[22:18:12] <hikenboot> I see the line in master.cf for scan or should say lines, do i just comment that out. what does the scan do exactly is it a holding point for scanning files with clamav?[22:18:26] <adaptr> hikenboot: it is not part of postfix.[22:18:43] <adaptr> see, this is the problem if you don't understand what teh moving parts do[22:18:57] <adaptr> unless and until you do know, remove it, and don't reference it[22:21:35] <hikenboot> ok i removed it for now, that brings us to the sasl error but perhaps one causes the other and I will get lucky on this point, be back after a reboot[22:22:01] <rob0> To which line in master.cf do you refer?[22:22:08] <rob0> oh, clamav[22:22:25] *** mechanicalduck has joined #postfix[22:22:38] <adaptr> he defined it in clamav and master.cf[22:22:52] <adaptr> that was obvious the moment he reported the error[22:24:00] <adaptr> the SASL thing is more nebulous[22:29:18] <SamGoody> lunaphyte: I've updated my main.cf and master.cf as you instructed, but the errors are the same[22:29:20] <SamGoody> http://pastebin.com/7P4tw5i6[22:29:51] <SamGoody> rob0: Thank you for the kind words this morning, and for the help.[22:30:08] *** phenom has quit IRC[22:30:43] <SamGoody> And thank you adaptr. I've decided to rather disable the TSL instead of fixing it, till I get my forst message to work.[22:31:04] <adaptr> that is a solid plan[22:32:39] *** phenom has joined #postfix[22:33:11] <SamGoody> But have not gotten it to work, though at least i get a different err[22:33:43] <SamGoody> Any more help would be appreciated, I put the output and log into the pastebin link.[22:36:46] <adaptr> "output" ?[22:37:54] <adaptr> the rapist express ?[22:38:02] <SamGoody> the results of running postconf -nf and of postconf -Mf[22:38:12] <SamGoody> no, therapist express[22:38:14] <adaptr> SamGoody: you should not offer AUTH without TLS. TLS is mandatory on submission[22:38:15] <SamGoody> :)[22:38:23] <adaptr> SamGoody: welcome to the internet.[22:38:50] <SamGoody> :D I knew Id get here someday[22:39:21] <SamGoody> Alright, I was only removing the TLS until I got past the testing stage.[22:39:34] <SamGoody> But if that is not the way to do things, I will add TLS first[22:39:38] <adaptr> if you can't configure TLS, don't offer AUTH. get TLS working.[22:39:56] <adaptr> also, you've incorrectly configured submission, since it's rejecting your mail[22:40:23] <SamGoody> See, that was my issue. I cannot figure out how to correctly configure submission[22:41:31] *** mechanicalduck_ has joined #postfix[22:42:24] <adaptr> you uncomment teh example in master.cf, and set the proper restrictions. these can be limited to =permit_sasl_authenticated,reject[22:42:46] <adaptr> one would normally place them in smtpd_recipient_restrictions, and null all the other restriction sets[22:43:07] *** mechanicalduck has quit IRC[22:44:11] <adaptr> I believe this is pretty much what is in master.cf[22:44:31] *** mechanicalduck_ has quit IRC[22:44:32] <adaptr> the restrictions in main.cf are for normal port 25 MTA communication[22:45:08] *** niki has joined #postfix[22:47:54] <SamGoody> I am not sure I follow. I had changed mtpd_recipient_restrictions = reject_unauth_destination, because lunaphyte told me to. My (perhaps incorrect) understanding was that this is the restrictions set on mail coming from an MTA.[22:47:56] <SamGoody> In my case I am trying to send mail using either telnet, or a client like apple mail.[22:48:31] <adaptr> you should configure submission for clients[22:49:13] <SamGoody> Is submission for clients part of smtpd_recipient_restrictions ?[22:49:42] <SamGoody> And the new err that has just started showing in the log: error: open database /etc/postfix/virtual.db: No such file or directory, do I have to do something about that?[22:49:52] <adaptr> yes, you do.[22:50:01] <adaptr> !postmap[22:50:01] <knoba> adaptr: "postmap" : a command to 'compile' text files to hash databases. Example: a file transport will be converted to transport.db by running 'postmap transport'. Your main.cf will contain something like transport_maps = hash:/etc/postfix/transport (without the '.db')[22:50:32] <adaptr> !tell SamGoody submission[22:50:32] <knoba> SamGoody: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[22:50:40] *** biggimat has quit IRC[22:51:14] *** gerhard7 has quit IRC[22:51:25] *** e-ndy has joined #postfix[22:55:23] *** robinho86 has joined #postfix[22:56:19] <SamGoody> $ telnet example.com 587[22:56:25] <SamGoody> Does that use port 587?[22:56:54] <SamGoody> If so (which is what I have been doing) than where is my submission screwed. If not, how do I get it to go to port 587?[22:58:57] <adaptr> as I said previously, TLS and SASL AUTH are mandatory on submission.[22:59:13] <adaptr> so you need to configure those. and you cannot use telnet to test this.[22:59:18] <adaptr> !tell SamGoody telnet[22:59:18] <knoba> SamGoody: "telnet" : Have you tried to reach your mail server from outside your local network? Try telnet <server> 25 and see if you get Connected to... . See also: http://www.freebsdwiki.net/index.php/SMTP,_testing_via_Telnet[22:59:23] <adaptr> bah[22:59:30] <adaptr> !s_client[22:59:30] <knoba> adaptr: "s_client" : see !tlstest[22:59:37] <adaptr> sure, ANOTHER one[22:59:44] * adaptr loses interest[22:59:50] *** mechanicalduck has joined #postfix[23:00:10] <SamGoody> I did telnet <server> 25[23:00:24] <SamGoody> And adaptr told me off, said I should be using port 587[23:01:08] <SamGoody> Which I appreciated, since any help is appreciated, but I have no idea what to do when things dont work for me, and the people who unerstand whats going on aren't getting me a message I understand[23:02:21] <SamGoody> Its the same thing with smtpd_recipient_restrictions. According to lunaphyte this should be reject_unauth_destination, whereas I think adaptr suggests it be permit_sasl_authenticated,reject[23:02:28] <SamGoody> I've tested both, and neither works[23:02:53] <SamGoody> And while I _think_ I understand the logic in either direction, I haven't any clue what to do when it doesnt work[23:03:29] <SamGoody> I've been googling awhile before getting here, but even now, I dont know how to move forwrad[23:03:33] *** shinao1 has quit IRC[23:05:16] <Aprogas> permit_sasl_authenticated,reject makes sense on port 587, reject_unauth_destination makes sense on port 25[23:06:14] <SamGoody> Thank you Aprogas. I am trying to test over telnet. Do I do telnet <server> 587 or telnet <server> 25?[23:08:40] <SamGoody> Or, rather, how can I configure Apple mail to actually send a mail? It receieves them fine.[23:08:51] *** niki has quit IRC[23:16:47] <adaptr> SamGoody: there are fundamental networking basics that underlie all of these things. you should have a solid grasp of them before attempting to run a mail server[23:17:03] <adaptr> as you now discover, you're lacking these fundamentals[23:17:42] *** Colt has quit IRC[23:17:55] *** danblack has joined #postfix[23:18:29] <SamGoody> Oh, I knew I was lacking them before I began[23:18:51] <adaptr> it's hardly fair to expect us to educate you on these basics[23:18:53] <SamGoody> But I also know that I've got to start somewhere.[23:19:01] <SamGoody> It is entirely unfair[23:19:22] <pj> SamGoody: getting people to tell you combinations of settings and just trying them until one "works" is not the right way of configuring your mailserver.[23:19:37] <SamGoody> Agreed.[23:19:57] <pj> you need to actually read the docs, understand what those settings mean, and understand exactly what will happen when you use them, or other settings.[23:20:16] <adaptr> as we all know, the right way, and the proper way, to spell new york, is...[23:20:56] <pj> then you can decide for yourself what the best settings are to accomplish what you need.[23:21:09] <SamGoody> Which is why I didnt come in till I had at least spent considerable time trying to work it out, and had narrowed down the issues to one or two lines, and has a grasp on why each of the possible parameters would woirk[23:21:10] <SamGoody> And asked for help only on that, with the logic that once I saw it working, I would experiment , while reading more docs, till I understood it[23:21:30] <pj> well, start here...[23:21:35] <pj> !tell SamGoody postconf_5[23:21:35] <knoba> SamGoody: "postconf_5" : For documentation on all main.cf settings see the postconf(5) man page either type `man 5 postconf' into your shell or browse to http://www.postfix.org/postconf.5.html.[23:21:39] <SamGoody> I had done similarly with the ejabberd chat server, and by now - a few months later - have com,mitted code[23:21:44] <adaptr> you're going down a well-trodden path: justifying what you did[23:21:50] <adaptr> don't bother, nobody cares[23:21:55] <adaptr> just learn, and adapt[23:22:22] *** shinao1 has joined #postfix[23:22:26] <pj> just read up some more, understand what you want, and ask for help when you have trouble understanding the docs.[23:22:37] <pj> or when you want clarification, etc.[23:22:38] <SamGoody> But here, I read the docs on the conf settings, and I set it up as recommended, and it didnt work[23:22:39] <SamGoody> So, I thought it wouldn't be wrong to ask which of the parameters would make it work, so that I could play around with it from there[23:22:49] <SamGoody> OK[23:22:56] <SamGoody> Got it[23:23:15] <adaptr> don't expect to understand the finer nuances of postfix configuration inside a few months. you won't.[23:23:15] <pj> what parameter don't you understand, and why?[23:23:53] *** shinao1 has quit IRC[23:24:00] <SamGoody> I actually think I understand all the given parameters, and I even think that they are setup correctly, but its still throwing an err relay denied[23:24:13] <SamGoody> Which was when I came in asking for help.[23:24:14] <adaptr> SamGoody: the odds are hugely against it.[23:24:15] <pj> have you read this?[23:24:20] <pj> !tell SamGoody relay_denied[23:24:20] <knoba> SamGoody: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[23:24:24] <SamGoody> Yes[23:24:32] <SamGoody> And the sasl page[23:24:37] <pj> ok, have you followed the /topic and asked for help appropriately?[23:24:55] *** shinao1 has joined #postfix[23:25:04] <SamGoody> I thought so. I began by posting the mail.log, the postconf -n, and the telnet commands[23:25:17] <SamGoody> through a postbin paste[23:25:24] <pj> ok, well I didn't see that.[23:25:39] <adaptr> that's not going to be much help unless you can cogently describe the actual issue you are having[23:25:59] <thumbs> adaptr: you abuse that word quite a bit, for the record.[23:26:25] *** shinao1 has quit IRC[23:26:27] <adaptr> I do ?[23:27:08] *** shinao1 has joined #postfix[23:27:32] <adaptr> 1.[23:27:34] <adaptr> convincing or believable by virtue of forcible, clear, or incisive presentation; telling.[23:27:36] <adaptr> 2.[23:27:38] <adaptr> to the point; relevant; pertinent.[23:27:42] <adaptr> in what way do I abuse it ?[23:27:49] *** shinao1 has quit IRC[23:29:33] *** danblack has quit IRC[23:29:53] <thumbs> adaptr: oh, I don't question the accuracy of the word itself, merely the fact that the context in which you use it makes it stand out. The rest of the responses doesn't match the level of literacy implied by that word, in other words.[23:30:37] <adaptr> I can't think of a word that better describes what I mean.[23:31:17] <SamGoody> The issue is that when I try to send mail using telnet, the mails are not sent. According to the docs on the postfix site, it appears as though I should be setting smtpd_relay/client/etc to permit_sasl_authenticated, and to test submission on port 25. When I do that I get the err: Client host rejected: Access denied;[23:31:23] *** Chel has quit IRC[23:31:27] <SamGoody> http://pastebin.com/yAN2238R[23:31:28] <SamGoody> http://pastebin.com/uG919tTB[23:32:13] <SamGoody> Upon adaptr's advice, I tried setting using the port 587, that received in the similar err: Recipient address rejected: Access denied;[23:33:01] <adaptr> SamGoody: you're still playing with half a deck. FIRST, you need to get normal mail reception and delivery working. forget about TLS and SASL.[23:33:15] <adaptr> until that is solid, it's no use fussing over other stuff[23:33:23] <pj> SamGoody: I think others have already pointed out to you that submission should be on port 587, not 25.[23:33:36] <SamGoody> I wrote that.[23:33:39] <SamGoody> > Upon adaptr's advice, I tried setting using the port 587, that received in the similar err: Recipient address rejected: Access denied;[23:34:34] <pj> then show us info of you trying with port 587, not when you try with port 25.[23:34:43] <SamGoody> And adaptr, I got it.[23:34:43] <SamGoody> Will now disable auth until I get the submission in order.[23:34:58] <SamGoody> OK, http://pastebin.com/7P4tw5i6[23:35:13] <SamGoody> Wait, that was after I made the changes neophyte told me to.[23:35:52] <SamGoody> So, I will stop now. And leave you alone. I will remove the auth lines and see what happens, and only comeback when I feel like I am talking staroight[23:35:55] <SamGoody> Thank you all and have a great night[23:36:02] <pj> SamGoody: you're not trying to auth in your telnet[23:36:13] <pj> of course you will get relay_denied if you don't auth.[23:36:28] <pj> !tell SamGoody sasl_test[23:36:28] <knoba> SamGoody: "sasl_test" : http://www.postfix.org/SASL_README.html#server_test[23:36:58] <pj> SamGoody: that shows you how to auth properly when you do a telnet test ^^^^^[23:37:12] <SamGoody> I read that, it says to test sasl by the response of the EHLO[23:37:37] <pj> and it further explains how to do an auth.[23:37:49] <pj> you obviously didn't read it well enough.[23:38:11] <SamGoody> I will read it again and again then[23:38:28] *** s0ber_ has joined #postfix[23:38:34] <pj> yes, and figure out how to test auth, and how auth actually works.[23:38:52] <pj> the EHLO response simply tells you that AUTH is *available* on the server.[23:39:03] <pj> you still have to actually *do* the auth after that response.[23:40:33] <SamGoody> OK. Have you, offhand, any document which you would point to, as being accurate, describing authenticating and how it works? [besides for this][23:40:55] *** s0ber has quit IRC[23:41:42] *** s0ber_ is now known as s0ber[23:41:59] <SamGoody> Alright, have a great night. Am going to do my reading.[23:42:03] <pj> SamGoody: I just pointed you to that document, and it has specific examples and instructions on exactly how to do an auth.[23:42:03] <rob0> telnet testing is not necessary, just use a MUA[23:42:34] <SamGoody> will do.[23:42:47] <SamGoody> thanks pj, rob0, and adaptr[23:43:12] <SamGoody> and knoba[23:43:53] <pj> rob0: I tend to think that SamGoody is lacking a basic understanding of how auth works, though, that he won't get from simply using an MUA.[23:44:41] *** mibofra has quit IRC[23:44:48] <rob0> The "Access denied" errors suggest broken smtpd_re*_restrictions[23:45:25] <pj> rob0: he's getting access denied because he isn't authing.[23:45:38] <rob0> If you don't allow relaying in main.cf restrictions, it must be allowed by override in the submission service's master.cf entry.[23:45:50] <rob0> that would explain it too :)[23:47:03] <adaptr> he's also confusing port 25 and port 587, quite persistently[23:48:15] <pj> and he tends to just do what people tell him to without understanding what he's actually doing. A useful trait if someone wants him to jump off of a cliff.[23:51:20] <rob0> :) afk again[23:52:46] <tmberg> Denied![23:52:48] *** KippiX has joined #postfix