July 1, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
July 1, 2013 [00:03:32] *** dym has joined #postfix[00:05:27] *** SamGoody has left #postfix[00:05:32] <dym> Hey everyone - im a bit puzzled. My Mailserver has stopped adressing the correct MX for a certain domain. The DNS Zone looks fine (for funsies i changed the dns server thats resolves) and there are no /etc/hosts entries that could say otherise. I could do with a pointer on where i may have overlooked something. http://pastebin.com/3V7fAuL5[00:07:51] <pj> dym: it should be 149, not 150. The difference is probably explained with dns propagation.[00:08:51] <lunaphyte> connect to shorkmedia.com is wrong.[00:08:58] <dym> well - why does it do that?[00:09:01] <dym> thats the question :D[00:09:08] <lunaphyte> it should be connect to mail.shorkmedia.com[00:09:11] <dym> ![00:09:16] <dym> im with you that far.[00:09:30] <lunaphyte> pastebin postconf -nf; postconf -Mf[00:09:55] <dym> doesnt like -M[00:10:12] <lunaphyte> pastebin postconf -n and master.cf with comments removed[00:10:12] <pj> dym then paste your master.cf file instead[00:12:09] <dym> http://pastebin.com/ty5d8RgP[00:12:12] <dym> (master)[00:12:19] *** mechanicalduck has quit IRC[00:12:47] <adaptr> pj: please don't say "propagation"[00:13:02] *** corretico has quit IRC[00:13:26] <lunaphyte> dym: please follow directions[00:13:32] <dym> sorry[00:13:46] *** aarcane_ has joined #postfix[00:13:49] <pj> well, I was off with that anyways, it will be config, like lunaphyte said.[00:14:20] *** root________ has joined #postfix[00:14:30] <dym> lunaphyte: http://pastebin.com/7bSBqsPJ (postconf -n)[00:15:21] <dym> pj: Well thanks anyways :)[00:15:27] *** aarcane has quit IRC[00:15:31] *** aarcane_ has quit IRC[00:15:43] *** root________ is now known as aarcane[00:16:09] *** danblack has joined #postfix[00:17:45] <pj> I'm guessing it has something to do with: disable_dns_lookups = yes[00:18:24] <pj> do you have an /etc/hosts entry for shorkmedia.com?[00:19:48] <lunaphyte> why would you disable that...?[00:20:07] <dym> omg[00:20:13] <pj> there's a good question[00:20:14] <lunaphyte> that config is in need of some serious tlc[00:20:15] <pj> heh[00:20:25] <dym> sorry to bother you with that...[00:20:33] <dym> some heads need rolling here.[00:20:41] <lunaphyte> you've got a number of other things there that should be fixed as well[00:20:55] *** master_of_master has joined #postfix[00:21:23] *** on1ald has quit IRC[00:21:33] <dym> lunaphyte: care to point them out?[00:21:55] <lunaphyte> start by removing the unnecessary duplicates.[00:21:55] <pj> dym: like globally enabling authentication for one.[00:22:01] <lunaphyte> !tell dym duplicates[00:22:01] <knoba> dym: "duplicates" : the following can be used to list redundant settings defined in main.cf: (postconf -d; postconf -n) | sort | uniq -d - also see !compare[00:22:02] <pj> and yeah, duplicates[00:22:30] <lunaphyte> second, you should not have smtp auth globally enabled, and you should not be offering it for mx service [as pj says][00:23:25] <lunaphyte> it would seem you are perhaps using some sort of "magic control panel" though for email?[00:23:32] <pj> why do you have "-o smtpd_tls_security_level=encrypt" commented out for the submission service?[00:23:46] <dym> lunaphyte: affirmative.[00:23:49] <dym> "i-mscp"[00:23:57] <lunaphyte> yeah, that's an issue then.[00:23:58] <dym> well, at least for email management.[00:24:00] <dym> :D[00:24:02] <dym> isnt it always?[00:24:16] <lunaphyte> you can't be poking around at postfix if you're using some other software.[00:24:30] <pj> right, you get this sort of issue[00:24:34] <pj> !zimbra[00:24:34] <knoba> pj: "zimbra" : Zimbra uses a prepackaged version of postfix that is configured via zimbra's console tools. Any and all hand changes made to zimbra's postfix configuration will be overwritten by the zimbra configuration. That Zimbra just happens to use postfix is inconsequential. For zimbra support, see http://www.zimbra.com[00:24:42] *** master_o1_master has quit IRC[00:24:58] <pj> it may not be zimbra, but the same issue as described there applies[00:25:48] <dym> Nah[00:25:50] <dym> It's i-mscp[00:25:54] <pj> personally I don't really care for some automated software to be mucking aobut with my postfix settings.[00:25:56] <lunaphyte> we know.[00:25:57] <dym> We run Zimbra, but not on that host.[00:26:04] <lunaphyte> you're not listening.[00:26:07] <dym> Sorry.[00:26:19] <pj> dym: re-read what I said.[00:26:55] <dym> what issue exactly? having odd settings in postfix via the panel?[00:27:04] <dym> as in the encryption disabled?[00:27:07] <dym> for example[00:27:32] <pj> I would never put up with the odd-random postfix setting change.[00:27:39] <pj> email is too important for that.[00:27:40] <lunaphyte> you'll need to do mail system configuration using the mail software you've chosen - i-mscp[00:28:01] <lunaphyte> you can't muck with postfix just because you figured out it's being used behind the scenes[00:28:28] <lunaphyte> i-mscp is its own software. it isn't a front end to postfix. postfix doesn't have front ends[00:28:32] <dym> lunaphyte: I agree.[00:28:36] <pj> and, no I didn't say encryption was disabled, I said that line was commented out. There's a difference.[00:28:53] <dym> pj: i never said you did. thats what i derived :)[00:29:17] <dym> lunaphyte: thanks for the hint. i'll make sure to pass it on.[00:29:20] <pj> dym: yes, but you derived incorrectly[00:29:29] <dym> pj: Then thank you for kindly correcting me.[00:29:51] <pj> dym: commenting out the line means that the setting will revert to the global setting in main.cf.[00:30:16] <pj> since smtpd_tls_security_level is not set in main.cf it means that it will revert to the default for that setting[00:30:34] <pj> the default for smtpd_tls_security_level is "may" which is opportunistic encryption, certainly not dieabled.[00:30:48] <dym> pj: great. thanks for the insight.[00:30:52] <pj> yw[00:31:43] <pj> the issue is, that it really should be required for submission.[00:31:56] <pj> which is why I asked if there was a specific reason why you commented that line out.[00:32:08] <dym> Right. I get the idea. Thanks.[00:33:09] *** danblack has quit IRC[00:34:08] *** on1ald has joined #postfix[00:39:21] *** e66 has joined #postfix[00:48:57] *** corretico has joined #postfix[00:50:53] *** corretico has quit IRC[00:51:27] *** corretico has joined #postfix[00:58:57] *** danblack has joined #postfix[01:00:26] *** e66 has quit IRC[01:12:41] *** wdp has quit IRC[01:19:00] *** danblack has quit IRC[01:21:20] *** danblack has joined #postfix[01:31:57] *** KippiX has quit IRC[01:34:26] *** Motoko has joined #postfix[01:42:12] *** ferai has joined #postfix[01:43:16] *** jefferai has quit IRC[01:43:37] *** Borg has quit IRC[01:44:25] *** corretico has quit IRC[01:45:15] *** donmichelangelo has quit IRC[01:46:13] *** donmichelangelo has joined #postfix[02:01:11] <hikenboot> anyone around able to help with a fatal no SASL authentication mechanism error that appears when I try to have an email client log in[02:02:41] <lunaphyte> !tell hikenboot welcome[02:02:41] <knoba> hikenboot: "welcome" : welcome to #postfix! if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic). it includes crucial instructions on how to effectively ask for help here, and what data you should include with your questions. the degree of success you'll have is directly related to how effectively you're able to follow those guidelines.[02:03:20] <hikenboot> thanks lunaphyte for the hint[02:25:00] <hikenboot> ok thanks lunaphyte: Here is my info http://pastebin.com/cBEc88eE http://pastebin.com/7UpQtMKN http://pastebin.com/Sr2Z5314 http://pastebin.com/d85eyEkx http://pastebin.com/FKfeqtDb http://pastebin.com/Ke4KaWfE[02:25:01] <hikenboot> http://pastebin.com/LTkRnN8y[02:27:14] <adaptr> jeebus[02:27:56] <adaptr> hikenboot: please prepare ONE pastebin, preferably NOT at pastebin.com, because they suck, with the requested information. please lead with the RELEVANT logs, followed by postconf -nf and then postconf -Mf[02:32:27] <hikenboot> ok sorry I will redo[02:33:31] <hikenboot> adaptr can you suggest who I use for the pastebin?[02:35:32] <adaptr> !paste[02:35:33] <knoba> adaptr: "paste" : do not paste more than 2 lines in the channel. A pastebin is a way to share larger amounts of data with others, without flooding the channel with garbage. try http://pastebin.com or http://paste.debian.net (or use google and find your own). don't forget to tell us the url where you pasted the text[02:35:42] <adaptr> ugh, still suggests it.[02:35:50] <jimpop> !debug[02:35:50] <knoba> jimpop: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[02:35:55] <jimpop> yw[02:35:59] <adaptr> hikenboot: sprunge.us is good, as are those two ^[02:36:06] <adaptr> jimpop: so change it already! :P[02:36:32] <jimpop> someone would just come along and change it back[02:38:10] <adaptr> why would someone do that ? unless someone was very silly[02:38:32] <jimpop> i'm surprised that we don't have paste.porcupine.net yet[02:38:36] <jimpop> *.org[02:38:51] <hikenboot> ok thanks i wil use past.debian.net thanks[03:04:06] <rob0> that error is covered in SASL_README[03:12:22] <hikenboot> ok rob0 i will view the read me and get back to this channel tomorrow...thanks[03:45:37] *** krisfremen has quit IRC[03:51:46] *** krisfremen has joined #postfix[03:51:46] *** krisfremen has joined #postfix[03:55:23] *** higuita has quit IRC[03:55:50] *** UQlev has joined #postfix[03:57:33] *** pajamian has joined #postfix[03:58:37] *** higuita has joined #postfix[03:58:58] *** pj has quit IRC[04:00:49] *** corretico has joined #postfix[04:02:47] *** corretico has quit IRC[04:17:44] *** pajamian is now known as pj[04:20:16] *** corretico has joined #postfix[04:21:23] *** corretico has quit IRC[04:31:15] *** magyar has joined #postfix[04:33:50] *** danblack has quit IRC[04:34:21] *** danblack has joined #postfix[04:34:26] *** UQlev has quit IRC[04:45:33] *** Colt has joined #postfix[04:58:17] <hikenboot> I managed to get the SASL readme from downloading the debian postfix source but its not all readable. is there a "compiled version" of it somewhere?[04:59:29] <grknight> hikenboot: try http://www.postfix.org/SASL_README.html ?[04:59:44] <hikenboot> thanks that saves me a week to learn how to compile it[05:00:08] <hikenboot> from what i see on a quick over view it isnt all that straight forward[05:04:06] *** donmichelangelo has quit IRC[05:04:58] *** donmichelangelo has joined #postfix[05:05:32] <lunaphyte> i don't understand.[05:05:38] <lunaphyte> have you installed the software?[05:21:35] *** dragonheart has joined #postfix[05:24:51] *** danblack has quit IRC[05:25:27] *** dragonheart is now known as danblack[05:27:02] <hikenboot> to track down what permission denied to auth/devoecot full path how do i find this information[05:27:28] <hikenboot> I believe I am using the default and the permissions are 0660[05:29:25] *** dragonheart has joined #postfix[05:29:50] <hikenboot> the readme is wrong there is several obsolete settings add auth is required to auth {} but then it says to remove the auth section...which is it?[05:30:21] *** danblack has quit IRC[05:30:32] <hikenboot> so it wants me to prefix the settings but it wants me to delete it entirely I dont get the message![05:30:53] <thumbs> you're probably not reading it properly.[05:31:13] <thumbs> why don't you show us what part of the readme you're confused about, exactly?[05:31:21] <hikenboot> ok hold on[05:32:24] <grknight> hikenboot: another resource is http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL for dovecot 2.x[05:37:06] <hikenboot> http://paste.debian.net/13536/ <---here is the two-faced error see where it says error on line 49[05:38:19] <grknight> hikenboot: yes, the SASL_README has yet to be updated for dovecot 2.x[05:39:58] <grknight> hikenboot: in addition, is /var/spool/postfix/private/auth really a directory?[05:40:01] <hikenboot> ok so your suggesting the other one you just pointed me ot[05:42:02] <hikenboot> ok should that be just a file do a touch auth and set the 0660 permissions with U: postfix G: postfix? or should i do a "postfix auth" to make it a database file?[05:42:42] <grknight> hikenboot: no, dovecot itself will create the socket at that location at startup.. it should not exist previously[05:43:02] <hikenboot> ah ok the doc wasn't too clear about that I dont think...thanks[05:43:24] <hikenboot> so I should go by the wiki2.dovecot.org/HowTo?[05:43:36] <hikenboot> or is that out of date as well?[05:43:40] <grknight> hikenboot: if you have dovecot 2.x, yes[05:43:55] <hikenboot> ok thanks i will read it now ...you have been very helpful...[05:49:47] <hikenboot> question: should service auth-worker { be included in the 10-master.conf as all or should it be separate from auth{ section or should it be part of auth section?[05:50:05] <hikenboot> s/as all /at all/[05:50:18] *** dragonheart is now known as danbaclk[05:50:23] *** danbaclk is now known as danblack[05:55:14] <hikenboot> well been a long day off to bed...will read replies in AM...thanks everyone for the help...its been appreciated[06:00:09] *** donmichelangelo has quit IRC[06:00:30] *** donmichelangelo has joined #postfix[06:08:37] *** danblack has quit IRC[06:09:05] *** danblack has joined #postfix[06:28:06] *** Chel has joined #postfix[06:49:38] *** grknight has quit IRC[07:01:13] *** Cromulent has joined #postfix[07:02:44] *** aarcane has quit IRC[07:05:35] *** aarcane has joined #postfix[07:30:19] *** biggimat has joined #postfix[08:02:39] *** magyar has quit IRC[08:18:55] *** v0lZy has joined #postfix[08:19:55] *** doomas has joined #postfix[08:20:17] *** chris| has quit IRC[08:21:53] *** Motoko has quit IRC[08:25:24] *** chris| has joined #postfix[08:31:48] *** Cromulent has quit IRC[08:53:48] *** sep has quit IRC[08:57:48] *** sep has joined #postfix[09:11:34] *** p3rror has joined #postfix[09:24:16] *** weedar has joined #postfix[09:31:16] *** zorg1 has joined #postfix[09:37:22] *** stemid has left #postfix[09:41:24] *** wdp has joined #postfix[09:41:25] *** wdp has joined #postfix[09:42:23] *** morse_ has quit IRC[09:46:06] *** weedar has quit IRC[09:46:45] *** ffiore has joined #postfix[09:47:31] *** Colt has quit IRC[09:52:42] *** exos_ has joined #postfix[10:25:14] <v0lZy> Hi[10:25:37] <v0lZy> lunaphyte, you online?[10:43:27] *** danblack has quit IRC[10:47:22] *** corretico has joined #postfix[10:56:19] *** Chel has quit IRC[10:57:41] *** mechanicalduck has joined #postfix[11:00:32] *** donmichelangelo has quit IRC[11:00:53] *** donmichelangelo has joined #postfix[11:03:06] *** freakynl has joined #postfix[11:05:02] <freakynl> Hi, I updated postfix a while ago to 2.10 and since then authenticated relay stopped functioning. I used to have smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination[11:05:47] <freakynl> I have removed the permit_sasl_authenticated from that and created a smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination - but it still gives relaying denied[11:09:36] *** marchelly has joined #postfix[11:11:28] <marchelly> Hi, I have postfix+dovecot+mysql, configured to work with virtual domains and users from DB. The problem is that postfix is still delivering mail using "local" instead of DB domain and dovecot for hostname. Is there an optin to postfix to look for everything in DB, not looking on hostname?[11:13:58] <marchelly> for example: hostname is example.com and example.com is virtual domain postfix is servicing. but postfix delivering mail using postfix/local and ignoring that transport is dovecot. but if we are changing hostname to myhost.com postfix working great for domain example.com delivering all the mail via dovecot and getting everything from mysql.[11:14:33] <sep> marchelly, domains listed in mydestination, will be delivered as local; domains listed in virtual_mailbox_domains will be delivered with virtual_transport[11:14:34] <marchelly> So I need a solution for postfix to deliver every and any email only via dovecot and only using DB[11:14:41] <sep> listing a domain in both is a configuration error[11:15:04] <marchelly> mydestination option is not exist.[11:15:37] <sep> then it is set to default[11:15:49] *** morse has joined #postfix[11:16:34] <marchelly> and default is hostname? So I have to set mydestination to some 127.0.0.1 or is there an option to disable it at all?[11:16:36] <sep> try running postconf; it will tell you all config's also default values[11:17:03] <sep> http://www.postfix.org/postconf.5.html#mydestination[11:18:42] <sep> i normally have localhost, localhost.localdomain there[11:18:59] <sep> i collect to a central account using a forwarding in /etc/aliases[11:20:17] <sep> i also tend to have fqdn's there. as in server1.servers.example.com[11:20:56] *** gu1lle_ has quit IRC[11:23:16] <marchelly> ok, got it, now hope to fix this, as setting to localhost. Actually the reason why I noticed this and do want to fix is thare all the virtual domains and maildis are located on separate mountpoint, and even setting virtual_mailbox_base = to this location postfix is still delivering mydestinations to /home/username/maildir or /var/mail.[11:23:47] <marchelly> mydestination = $myhostname, localhost.$mydomain, localhost in my configuration, here is why[11:26:24] *** p3rror has quit IRC[11:28:20] <marchelly> another problem with windows mail agent, it can't send mail using 465 port. and the problem is even when I'm setting in master.cf smtpd -v and connecting using telnet from some host and base64 login and pass everything is ok, and I see in log file connect, auth, ect. But when using windows mail I have just error in windows mail and some hieroglyphs in log file.[11:37:40] <sep> marchelly, you have selected "This server requires a secure connection (SSL)" when using port 465 in windows mail ?[11:37:50] <marchelly> yes[11:37:55] <sep> on outgoing server[11:38:04] <sep> then i do not know. works for me[11:38:42] <marchelly> okay ) would keep trying )[11:38:56] <JPT> hieroglyphs in the log file?[11:39:32] <JPT> could you pastebin them?[11:39:35] <sep> you could try to post your smtps master.cf conf in pastebin[11:39:35] <sep> also relevant logs[11:39:35] <sep> also read /topic[11:40:55] <tuxick> windows mail can't use submission/587?[11:41:11] <tuxick> afaik 465 is kinda deprecated[11:41:15] <JPT> +1[11:43:45] <marchelly> JPT, yes, like http://pastebin.com/Ppx0XCJs[11:44:02] <marchelly> let me try submission...[11:44:49] *** UQlev has joined #postfix[11:46:09] <sep> many versions of windows express and or outlook, that ar still in use, can not function with submission. so i still need 465 working. ofcourse if you controll your clients things are easier.[11:47:12] * UQlev agrees with sep[12:01:59] *** GoGi has joined #postfix[12:02:15] <GoGi> I am changing the ip address and physical machine of my mailserver[12:02:33] <GoGi> for some time there will be both IP addresses in the DNS floating around[12:03:13] <GoGi> can I configure the old mailserver to forward all mail to the new one?[12:03:26] <GoGi> (regardless of what the MX records say)[12:08:24] *** sphenxes01 has joined #postfix[12:09:03] <marchelly> GoGi, relayhost = smtp.example.com to forward all the email to other host[12:11:45] *** sphenxes has quit IRC[12:12:10] <UQlev> GoGi: better shutdown postfix on old server[12:12:56] <GoGi> why and what happens then?[12:13:19] *** NightTrain has quit IRC[12:13:44] *** batteur has joined #postfix[12:13:45] <UQlev> GoGi: mails will not be delivered on old server[12:15:51] <UQlev> GoGi: what is TTL for your MX?[12:16:03] <GoGi> 2h[12:16:17] <GoGi> but of course I could decrease that beforehand[12:16:58] <UQlev> it is OK if some mails will stay in queue for extra 2 hours they will not be lost[12:17:46] <UQlev> no need to change TTL now because it will not affect dns-caches[12:19:54] <GoGi> I see[12:20:15] *** Mjbmr has joined #postfix[12:20:59] <UQlev> GoGi: do you have many accounts?[12:21:11] <GoGi> 10 or so[12:23:06] <UQlev> GoGi: for your case it is pretty simple, once new server is ready for receiving mails (all accounts created) 1) shutdown all services on old server 2) rsync maildirs to a new server 3) replace servers[12:24:02] <UQlev> GoGi: old server you can place in your LAN for gradually migrate some other files and configs[12:24:45] <Mjbmr> Hi, I'm setting postfix MTA for only delivering virtual mails which my main domain is in virtual mail list, but I'm not receiving emails in the directory I specified in db, please see this and let me know if anything is wrong with it http://pastebin.com/raw.php?i=d2LVPjtL.[12:29:08] <Mjbmr> I'll receive my emails when I set my domain in mydestination variable.[12:29:52] <GoGi> thank you[12:30:38] <Mjbmr> here is my database structure: http://pastebin.com/raw.php?i=RwJDW9zQ if anyone interested.[12:32:51] <sep> Mjbmr, domains listed in mydestination, will be delivered as local; domains listed in virtual_mailbox_domains will be delivered with virtual_transport; having the domain in both = configuration error[12:33:25] *** danblack has joined #postfix[12:33:26] <sep> hence a bit confused about what you mean by "<Mjbmr> I'll receive my emails when I set my domain in mydestination variable."[12:33:37] <Mjbmr> sep: I don't have in both ok.[12:36:31] *** phenom has quit IRC[12:37:34] *** phenom has joined #postfix[12:38:42] *** p3rror has joined #postfix[12:40:09] *** GieltjE has joined #postfix[12:43:54] <Mjbmr> where logs store? are they disabled by default?[12:48:16] <sep> depends on your distros's configuration. in debian they are in /var/log/mail.log[12:48:33] *** mechanicalduck has quit IRC[12:48:55] <Corey> !nologs[12:48:55] <knoba> Corey: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[12:49:01] <Corey> !logs[12:49:01] <knoba> Corey: "logs" : postfix logs to the mail facility of syslog. You can usually find them with ls /var/log/mail* otherwise something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung[12:49:32] *** mechanicalduck has joined #postfix[12:49:54] <Mjbmr> nothing useful in /var/log/mail.log I don't even think they are related to postfix.[12:51:15] <Corey> Watch sendmail or exim be running. :-)[12:51:34] <Mjbmr> sendmail was running before dude[12:51:56] <Mjbmr> `postconf -h syslog_facility` is output is "mail"[12:52:54] <Mjbmr> what the bot says is not useful.[12:54:31] *** mechanicalduck has quit IRC[12:55:12] <Mjbmr> I just see something /var/spool/postfix/defer subdirs, they say postfix will append an extra slash to virtual_mailbox_base then will append maildir from db.[13:08:40] *** Chel has joined #postfix[13:13:52] <Mjbmr> can virtual_mailbox_base be blank?[13:21:36] *** UQlev has quit IRC[13:21:51] *** Mjbmr has left #postfix[13:34:00] *** mechanicalduck has joined #postfix[13:34:32] <lunaphyte_> why?[13:37:26] *** Mattz0r has joined #postfix[13:37:36] <Mattz0r> !debug[13:37:36] <knoba> Mattz0r: "debug" : http://www.postfix.org/DEBUG_README.html : a starting point for how to deal with problems and to report information to those who might help. Post information including NON-verbose logs in a pastebin such as http://pastebin.ca/ or http://dpaste.com/[13:40:54] <Mattz0r> Hey there, when trying to login to smtp I get SASL error saying no mechanisms available, postconf -n = http://dpaste.com/1277390/ saslauthd file = http://dpaste.com/1277391/ - Running debian 7, and postfix 2.9.6[13:42:54] <Mattz0r> smtpd.conf = http://dpaste.com/1277393/[13:44:06] <lunaphyte_> why are you using cyrus instead of dovecot?[13:44:31] <Mattz0r> O.o[13:44:35] <Mattz0r> wtf, I should be using dovecot :S[13:44:52] <Mattz0r> when i telnet the mail log says delivered by dovecot[13:45:36] <Mattz0r> 2:06:51 blackbox postfix/pipe[6033]: 159015C014C: to=<matt@*********>, relay=dovecot, delay=0.27, delays=0.12/0/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)[13:46:33] <v0lZy> lunaphyte_: ! :D[13:46:42] * v0lZy casts the net[13:47:12] * Mattz0r is missing something?[13:48:10] <lunaphyte_> Mattz0r: i thought you were asking about smtp auth [sasl][13:48:11] <v0lZy> noone go anywher,e ill be back in 30! :D[13:48:40] <Mattz0r> Yes?[13:49:01] <Mattz0r> I can't see any mention of cyrus anywhere?[13:49:10] <lunaphyte_> saslauthd is cyrus[13:49:45] <Mattz0r> I've always used sasl for smtp auth[13:49:50] <lunaphyte_> of course.[13:49:56] <lunaphyte_> you can't not use sasl for smtp auth[13:50:14] <Mattz0r> so.. whats cyrus got to do with dovecot?[13:50:19] <Mattz0r> :S[13:50:22] <lunaphyte_> i'm confused[13:50:27] <Mattz0r> [12:43:56] <lunaphyte_> why are you using cyrus instead of dovecot?[13:50:30] <Mattz0r> ^^[13:50:30] <lunaphyte_> you're using cyrus. i am asking why[13:50:42] <Mattz0r> erm... ?[13:50:51] <Mattz0r> I don't want an open realy?[13:50:52] <Mattz0r> relay*[13:51:05] <lunaphyte_> is there a reason you're using cyrus instead of dovecot?[13:51:11] <Mattz0r> wtf?[13:51:15] <Mattz0r> I'm using dovecot? :S[13:51:29] <lunaphyte_> then why are you using saslauthd? that's cyrus[13:51:35] <Mattz0r> :|[13:51:53] <Mattz0r> how can a pop/imap server do smtp auth?[13:52:01] <Mattz0r> O.o[13:52:12] <lunaphyte_> you need to read the documentation[13:52:21] <Mattz0r> :S[13:52:28] <lunaphyte_> read sasl_readme[13:52:33] <Mattz0r> I'm following a guide that I've always followed and it's never failed on me before :/[13:52:43] <Mattz0r> why do people have to change shit that isn't broken[13:53:00] <lunaphyte_> sorry, i don't know what you're talking about.[13:53:15] <Mattz0r> the way I have configured it now, has *always* worked in the past[13:53:19] <lunaphyte_> anyway, guides aren't supported here.[13:53:31] <lunaphyte_> they're written by people who don't know what they're talking about[13:53:37] <Mattz0r> clearly[13:53:40] <Mattz0r> o.O[13:54:30] <lunaphyte_> specifically, see the section on which sasl implementations are supported. that should give you the necessary background regarding cyrus and dovecot.[13:55:02] <lunaphyte_> from there, it should be a simple extrapolation exercise as to why there are so many "helpful" guides which blindly suggest uding vyrus[13:55:05] <lunaphyte_> meh[13:55:08] <lunaphyte_> *using cyrus[13:55:30] <tuxick> so far i've managed to avoid cyrus[13:55:31] <lunaphyte_> anyway, generally speaking, we here encourage and endorse dovecot, and not cyrus.[13:55:35] <tuxick> and that won't change :)[13:56:07] <lunaphyte_> *certainly* if you're already using dovecot for imap anyway. it's silly to then use cyrus instead of dovecot for sasl.[13:56:26] <Mattz0r> meh, it's what i've always used[13:56:31] <Mattz0r> like i said, don't fix what isn't broke[13:56:35] <tuxick> ack[13:56:38] <lunaphyte_> it's what a lot of people always used. myself included.[13:56:55] <lunaphyte_> i am willing to support cyrus, if it's being used for a god reason.[13:57:10] <lunaphyte_> *good[13:57:12] *** mibofra has joined #postfix[13:57:12] *** mibofra has joined #postfix[13:57:21] <lunaphyte_> it being always what was used is not a good reason[13:57:53] <Mattz0r> right, thats that problem fixed, now to stop debain defaulting to ipv6 for everything when I don't have an external ipv6 address![13:59:12] *** d00 has joined #postfix[14:01:51] <pj> there's a good reason to use cyrus?[14:01:53] <pj> j/k[14:07:19] *** corretico has quit IRC[14:10:13] *** Section1 has joined #postfix[14:21:39] *** v0lZy1 has joined #postfix[14:22:15] *** v0lZy has quit IRC[14:22:33] *** v0lZy1 has quit IRC[14:25:15] *** GieltjE has quit IRC[14:25:38] *** v0lZy has joined #postfix[14:25:47] <v0lZy> back![14:26:34] <v0lZy> lunaphyte_ still here?[14:27:40] <lunaphyte_> mostly :)[14:31:27] <Mattz0r> :( still trying to use ipv6, grrr[14:31:45] <Mattz0r> Jul 1 13:29:44 blackbox postfix/smtp[3779]: connect to ASPMX.L.GOOGLE.COM[2a00:1450:400c:c03::1a]:25: Network is unreachable[14:32:09] <Mattz0r> I diabled ipv6 in the kernel and rebooted![14:32:14] <Mattz0r> disabled*[14:35:54] <tuxick> net.ipv6.conf.all.disable_ipv6[14:36:58] <Mattz0r> already did[14:37:04] <Mattz0r> and rebooted[14:37:13] <Mattz0r> mind = blown[14:38:13] <danblack> did you put the net.... in a /etc/sysctl* file so it persists over reboot? or you compiled the kernel without IPv6 support?[14:38:33] <jelly> Mattz0r: if you're using the distro stock kernel, ipv6.disable=1 as boot parameter[14:39:04] <jelly> Mattz0r: see /msg dpkg noipv6[14:39:38] <Mattz0r> echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf[14:39:40] <Mattz0r> i did that[14:39:45] <Mattz0r> then rebooted[14:40:02] <jelly> and it worked? I though that was too late[14:40:08] <jelly> thought*[14:40:26] <Mattz0r> it clearly hasn't worked[14:40:40] <Mattz0r> I even set ip address manually so ifconfig doesn't even show an feXX ipv6 address[14:40:41] *** grknight has joined #postfix[14:40:57] <Mattz0r> I am le confused[14:43:02] <Mattz0r> or i'll just setup an ipv6 tunnel, problem solved[14:50:48] *** danblack has quit IRC[14:52:14] <Mattz0r> inet_protocols = ipv4 <-- that fixed it lol[14:57:05] <tuxick> haha ye[14:57:47] <Mattz0r> hmm[14:57:53] <Mattz0r> mail did not arrive the other side D:[14:58:57] <lunaphyte_> v0lZy: you can just ask here in the channel[14:59:08] <lunaphyte_> same set of information as always, see /topic[15:01:39] <Mattz0r> is spammassassin/clamAV still the best option?[15:01:46] <Mattz0r> or has that randomly changed too[15:02:34] <lunaphyte_> there has been some degree of grwoth in interest of dpsam, but i still consider amavis+friends to the the canonical implementation[15:02:43] <lunaphyte_> *growth[15:03:11] <Mattz0r> col[15:03:12] <Mattz0r> cool[15:05:58] <v0lZy> lunaphyte_: http://bpaste.net/show/jiYZK9gOmnYi7A1JuKy8/[15:06:32] *** wolfehr has joined #postfix[15:07:55] <v0lZy> Im wondering what else i need to configure in this file for the setup I have been talking about these past few days (with dovecot eventually being the LDA, all local delivery stuff disabled on postfix, everything setup as virtual users/domains.[15:08:49] <lunaphyte_> you'll want to set relay_transport[15:09:27] <v0lZy> postconf: warning: /etc/postfix/main.cf: unused parameter: relay_transpot=dovecot:test.*****.net:lmtp[15:09:33] <lunaphyte_> right ;)[15:10:13] <v0lZy> thats not the way to set it? :D[15:10:25] <lunaphyte_> !relay_transport[15:10:25] <knoba> lunaphyte_: "relay_transport" : a configuration parameter in the main.cf: The default mail delivery transport and next-hop information for domains that match the $relay_domains parameter value. This information can be overruled with the transport(5) table.[15:10:28] <lunaphyte_> !relay_transpot[15:10:28] <knoba> lunaphyte_: Error: "relay_transpot" is not a valid command.[15:10:43] <v0lZy> oh[15:10:45] <v0lZy> doh[15:11:07] <v0lZy> added the R :D[15:11:20] <v0lZy> ok... is this all I have to concern myself with in my main.cf ?[15:11:47] <v0lZy> i think i need to define virtual domains and users and stuff.[15:11:47] <lunaphyte_> well, you seem to have a number of unnecessary duplicates.[15:11:54] <v0lZy> oh?[15:11:55] <lunaphyte_> i'd get rid of those[15:11:56] <v0lZy> which ones?[15:12:00] <lunaphyte_> !tell v0lZy duplicates[15:12:00] <knoba> v0lZy: "duplicates" : the following can be used to list redundant settings defined in main.cf: (postconf -d; postconf -n) | sort | uniq -d - also see !compare[15:13:35] <v0lZy> uhm[15:13:38] <v0lZy> yeah quite a big list[15:13:42] <v0lZy> i just... delete it out?[15:14:03] <lunaphyte_> just start by commenting out the items in main.cf[15:14:30] <v0lZy> it lists things like command_directory = /usr/bin[15:14:34] <v0lZy> thats unnecessery?[15:14:35] <lunaphyte_> right[15:14:40] <lunaphyte_> yup[15:14:50] <lunaphyte_> no reason to specify things that are already set that way[15:15:48] <v0lZy> these are redundant cause they are default?[15:15:54] <lunaphyte_> yes[15:17:11] <v0lZy> but they are not commented by default[15:17:17] <v0lZy> they came uncommented[15:17:27] <lunaphyte_> that's dumb[15:17:56] *** mactimes has quit IRC[15:17:57] *** mactimes has joined #postfix[15:19:33] *** robinho86 has left #postfix[15:20:05] <v0lZy> also...[15:20:13] <v0lZy> i cant find there being mention of one[15:20:29] <lunaphyte_> hmm?[15:20:35] <v0lZy> config_directory is mentioned in the postconf -d ; postconf -n thing[15:20:39] <wolfehr> we've disabled always_bcc in our postfix config, but we're still geting bcc's[15:20:43] <v0lZy> but i dont see it as set[15:20:46] <wolfehr> any idea what else could be controlling this?[15:21:33] <lunaphyte_> v0lZy: oh, config_directory will always show up.[15:21:38] <lunaphyte_> you can ignore that[15:21:54] *** kiri has quit IRC[15:22:03] <v0lZy> ok[15:22:16] <v0lZy> i cleaned it up[15:22:29] <lunaphyte_> do a new pastebin[15:22:37] <v0lZy> its much shorter now[15:22:39] <lunaphyte_> just do postconf -nf; postconf -Mf[15:25:07] <v0lZy> http://bpaste.net/show/4gi0u525GAyNv1CJb8Cx/[15:25:28] <lunaphyte_> oh, you can use variables, btw[15:25:46] <lunaphyte_> mydomain = test.****.net[15:25:54] <lunaphyte_> myhostname = shinobi.$mydomain[15:26:17] <lunaphyte_> relay_transport = dovecot:$mydomain:lmtp[15:27:00] <lunaphyte_> honestly, you can comment out debugger_command too. it's not the default, but you'll likely never ever need it[15:27:08] <v0lZy> ok[15:27:37] <lunaphyte_> oh, and you can comment out home_mailbox too. that's for local(8), which you're not using. no need to set it[15:28:37] *** rly has joined #postfix[15:28:53] <lunaphyte_> same thing for alias_database and alias_maps[15:29:25] <lunaphyte_> that will get you to a nice simple starting config for a relay setup using dovecot as your mda.[15:29:37] <lunaphyte_> then, you just need to add a service definition to master.cf[15:29:45] <rly> How can I send e-mail in some web-application such that it either works nicely with postfix or in some other way?[15:29:55] <lunaphyte_> !tell rly nullclient[15:29:55] <knoba> rly: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[15:30:16] <v0lZy> i remove alias_database and alias_maps .. just comment them out?[15:30:20] <rly> !nullclient_software[15:30:20] <knoba> rly: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include msmtp, esmtp, ssmtp and nullmailer. also see !msa[15:30:25] <lunaphyte_> v0lZy: yup[15:30:41] <lunaphyte_> no need to set them to anything, since they're not used. the defaults are fine.[15:31:03] <lunaphyte_> if you really wanted to be "thorough", you could set them to null.[15:31:14] <lunaphyte_> that's what i do, although it's not strictly necessary[15:31:26] <rly> lunaphyte_: what kind of "API" do any of those nullclient_software entries have?[15:31:30] <v0lZy> this look ok: http://bpaste.net/show/lsPxrfn2RAf5IcNscArI/[15:31:32] <v0lZy> ?[15:31:46] <rly> lunaphyte_: I basically just need a C function to send a message.[15:32:16] <rly> lunaphyte_: so, send(char * message, char * subject, char * e_mailaddress)[15:33:22] *** kiri has joined #postfix[15:33:58] <patdk-wk_> the api is defined in the smtp rfc[15:34:19] <lunaphyte_> it just helps prevent unexpected processing of mail if for some reason local(8) were to get enabled[15:34:35] <rly> patdk-wk_: isn't sendmail only a binary?[15:34:56] <patdk-wk_> sendmail is not an api[15:35:07] <v0lZy> lunaphyte_: Is my config file ok the way it is? need anything else?[15:35:12] <v0lZy> (in main.cf i mean)[15:35:21] <rly> patdk-wk_: no, I know that, that's why I said that.[15:35:40] <rly> patdk-wk_: which rfc number is 'the smtp rfc'?[15:35:52] <lunaphyte_> main.cf looks ok[15:36:00] <patdk-wk_> !rfc[15:36:00] <knoba> patdk-wk_: Error: "rfc" is not a valid command.[15:36:02] <patdk-wk_> heh[15:36:30] *** batteur has quit IRC[15:36:57] <rly> patdk-wk_: I am confused, though. In principle all I need is a library which implements some code that sends the actual message.[15:37:06] <rly> patdk-wk_: most of these nullmailers seem to be programs, not libraries.[15:37:15] <lunaphyte_> oh, hmm.[15:37:24] <lunaphyte_> i think we had a factoid for that.[15:37:27] * lunaphyte_ thinks[15:37:34] <lunaphyte_> !api[15:37:34] <knoba> lunaphyte_: Error: "api" is not a valid command.[15:37:36] <lunaphyte_> meh[15:38:15] <lunaphyte_> aha[15:38:18] <lunaphyte_> !libsmtp[15:38:18] <knoba> lunaphyte_: "libsmtp" : a c library to send mail via smtp. see http://libsmtp.berlios.de/[15:38:46] <lunaphyte_> v0lZy: i'd say that looks pretty good.[15:38:54] <lunaphyte_> you just need the service entry in master.cf now[15:39:36] <rly> lunaphyte_: and that can connect to 587?[15:40:01] <lunaphyte_> i'd sure hope so. it's the standard, and has been so now for well over a decade.[15:41:38] <rly> lunaphyte_: but the other common approach is to simply do something like echo "my message" | msmtp when trying to send an e-mail possibly called via system()?[15:41:49] <lunaphyte_> sure, more or less.[15:43:30] <rly> lunaphyte_: Is it not packaged anywhere?[15:43:31] <v0lZy> lunaphyte_: what about the virtual_alias_maps and relay_domains[15:43:36] <rly> lunaphyte_: Debian/Ubuntu/..[15:43:45] <v0lZy> i put my domain into relay_domains... and in virtual_alias_maps ... i put email address[15:43:52] <lunaphyte_> rly: i don't know what you mean[15:43:59] <v0lZy> and in the case of virtual_alias_maps, just some BS RHS ?[15:44:14] <lunaphyte_> v0lZy: your doman goes in relay_domains. i'd start without virtual_alias_maps for now[15:44:57] <v0lZy> just leave them emptyy?[15:45:08] <rly> lunaphyte_: libesmtp-dev does exist on Debian.[15:45:16] <rly> lunaphyte_: if something is not packaged, it's often not for a reason.[15:45:42] <lunaphyte_> v0lZy: unset virtual_alias_maps[15:46:01] <lunaphyte_> rly: it's not clear to me what you're getting at[15:46:32] <rly> lunaphyte_: I am saying that it might not be wise to select a library which has memory leaks open since 2002 and something which hasn't been packaged by Debian/Ubuntu/..[15:46:47] <lunaphyte_> i'm not selecting a library...[15:46:54] <rly> lunaphyte_: I am.[15:46:57] <lunaphyte_> yes[15:47:44] <v0lZy> lunaphyte_: ok, i unset it.[15:48:09] <v0lZy> for the master.cf, i think theres a snippet on how to edit it on the dovecot page...[15:48:18] <lunaphyte_> probably[15:48:22] <v0lZy> ill check that tomorrow and see how far i get[15:48:30] <v0lZy> thanks a lot for helping me out![15:48:31] *** MaximusColourum has joined #postfix[15:48:39] <lunaphyte_> you're welcome.[15:51:56] *** corretico has joined #postfix[16:00:13] *** donmichelangelo has quit IRC[16:00:39] *** donmichelangelo has joined #postfix[16:01:34] *** Bronze has joined #postfix[16:03:09] <rly> lunaphyte_: is creating an smtp session an expensive operation like creating a database connection?[16:03:26] <lunaphyte_> that's pretty subjective.[16:03:36] <lunaphyte_> i wouldn't really consider either to be terribly expensive.[16:03:38] <rly> For databases you often reuse existing connections.[16:03:56] <lunaphyte_> you ca nreuse smtp connections too.[16:04:07] <lunaphyte_> assuming the software you're using supports it, of course[16:04:09] <lunaphyte_> *can reuse[16:04:40] *** robinho86 has joined #postfix[16:12:09] *** Phoenixz has joined #postfix[16:12:09] *** Phoenixz has joined #postfix[16:15:05] <hikenboot> can anyone tell me with sasl in 10-master.conf is the service auth-worker section supposed to be enabled?[16:15:08] *** v0lZy has quit IRC[16:16:55] *** UQlev has joined #postfix[16:17:28] <lunaphyte_> hikenboot: that's a dovecot question[16:20:58] *** corretico has quit IRC[16:23:52] <hikenboot> ok so it has nothing to do with sasl thanks i will leave it[16:25:58] *** d00 has quit IRC[16:27:32] <hikenboot> in the main.cf I am not sure if its an error but the line reads smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, <---notice the hanging comma, should it be removed?[16:28:05] <lunaphyte_> permit_sasl_authenticated doesn't belong in global smtpd_recipient_restrictions[16:28:17] <lunaphyte_> and yes, there's not much reason for a trailing comma[16:30:13] *** donmichelangelo has quit IRC[16:30:42] *** donmichelangelo has joined #postfix[16:32:54] *** exos has joined #postfix[16:35:57] *** exos_ has quit IRC[16:43:15] <hikenboot> lunaphyte_, sorry for all these questions but Two things 1) spmtd_recipient_restrictions should it be in the master.cf instead and 2) in master.cf there is an extra -O in the directions is that supposed to be there as well it appears after "submission inet n smtpd about 10 lines down in the directions"[16:43:35] *** ferai is now known as jefferai[16:43:36] <hikenboot> bb in a few[16:49:16] *** UQlev has quit IRC[16:51:22] *** Uranio has joined #postfix[16:58:27] *** kiri has quit IRC[17:03:21] *** kiri has joined #postfix[17:10:29] *** err-or has quit IRC[17:10:57] *** err-or has joined #postfix[17:26:15] *** jonez has joined #postfix[17:34:30] <rly> I have some code that works fine for port 25. How can I see whether port 25 and port 587 would accept different inputs?[17:42:58] *** Cromulent has joined #postfix[17:43:25] *** magyar has joined #postfix[17:43:26] *** magyar has joined #postfix[17:45:56] *** Cromulent has quit IRC[17:46:10] *** jelly has quit IRC[17:48:04] *** jelly has joined #postfix[17:48:45] *** kradalby has joined #postfix[17:51:39] *** kradalby_ has quit IRC[17:55:31] *** bungalo has quit IRC[18:00:10] *** robjh has quit IRC[18:00:52] *** robjh has joined #postfix[18:02:55] *** freakynl has quit IRC[18:05:40] *** p3rror has quit IRC[18:06:42] *** _andre has joined #postfix[18:06:56] <_andre> hello[18:07:34] *** UQlev has joined #postfix[18:07:35] <_andre> i'm trying to find a way to do some analysis on incoming bounces on my server[18:08:04] <_andre> for example, some user sends email to a gmail account that doesn't exist, and it bounces[18:08:18] <_andre> is there a way to send a copy of these bounces somewhere?[18:08:37] <UQlev> _andre, are there plenty such bounces?[18:09:05] <_andre> i have thousands of users, so there's quite a few[18:09:26] <UQlev> normally bounces are sent to a sender and it happens quite leldom[18:09:38] <UQlev> seldom[18:10:00] <_andre> we're a web host, there are multiple domains and i have no control of the senders[18:10:01] <UQlev> senders are to take care of bounces[18:10:52] <_andre> i'm trying to find a way to be proactive about customers sending unsolicited email[18:11:14] <_andre> eg. by using lists of addresses that no longer exist[18:11:40] <waldi> do you allow them to send bulk mailings?[18:12:08] <UQlev> waldi, it seems he allows them everything[18:12:36] <_andre> we have mail quotas, we enforce SPF/DKIM/DMARC with reject policies by default and we only allow authenticated mail[18:13:07] <_andre> but there are always customers who can cause problems, and i want to avoid that[18:13:28] <UQlev> _andre, what do you mean authenticated? do you check sender "From"?[18:13:53] <_andre> we only send sasl-authenticated messages is what i meant[18:14:43] <UQlev> _andre, you authenticate only users and they can send in the name whoever then, right?[18:15:52] *** ffiore has quit IRC[18:16:06] <hikenboot> sorry for the repeat but here goes sorry for all these questions but Two things 1) spmtd_recipient_restrictions should it be in the master.cf instead and 2) in master.cf there is an extra -O in the directions is that supposed to be there as well it appears after "submission inet n smtpd about 10 lines down in the directions"[18:16:25] <waldi> hikenboot: no[18:16:35] <UQlev> _andre, do you have in main.cf smtpd_sender_restrictions?[18:17:04] <_andre> sure, including reject_authenticated_sender_login_mismatch[18:17:46] <UQlev> _andre, do all your sites send via sendmail-interface or via smtpd?[18:17:57] <_andre> smtpd only[18:18:31] <UQlev> _andre, please pastebin "postconf smtpd_sender_restrictions"[18:19:33] <waldi> UQlev: as you can't see anything from smtpd_sender_restrictions, why?[18:20:10] <waldi> the usual tip is to only use smtpd_recipient_restrictions for <= 2.9[18:20:18] <_andre> UQlev: http://pastebin.com/CTW1Xynb[18:21:40] <UQlev> _andre, what is the service there inet:127.0.0.1:4455?[18:22:13] <_andre> it's something like policyd, it implements mail quotas[18:22:26] <_andre> but an in-house implementation[18:24:15] <UQlev> _andre, you should try use check_sender_access hash:/etc/postfix/sender_access and list all allowed domains there[18:25:55] <UQlev> _andre, http://www.postfix.org/ADDRESS_VERIFICATION_README.html[18:26:25] <waldi> UQlev: address verification is not for outgoing mails[18:30:07] *** donmichelangelo has quit IRC[18:30:42] *** donmichelangelo has joined #postfix[18:33:42] *** Uranio has quit IRC[18:35:12] *** trusktr has joined #postfix[18:40:33] <UQlev> waldi, what is for outwards mail?[18:59:20] *** zerick has joined #postfix[19:08:59] *** Mattz0r has quit IRC[19:11:52] *** gu1lle_ has joined #postfix[19:17:53] *** mechanicalduck has quit IRC[19:20:22] *** UQlev has quit IRC[19:20:54] *** cromag has quit IRC[19:22:01] *** cromag has joined #postfix[19:22:01] *** cromag has joined #postfix[19:48:09] *** Colt has joined #postfix[19:50:19] *** lunaphyte_ has quit IRC[19:50:24] *** Uranio has joined #postfix[19:54:06] *** lunaphyte_ has joined #postfix[19:56:57] *** d3c has joined #postfix[20:00:13] *** batteur has joined #postfix[20:03:53] *** ltxda has quit IRC[20:09:31] *** necrogami has quit IRC[20:11:31] *** necrogami has joined #postfix[20:11:59] *** Colt has quit IRC[20:20:11] *** reddog1 has joined #postfix[20:20:33] *** reddog1 has quit IRC[20:21:16] *** reddog1 has joined #postfix[20:21:44] *** reddog1 has quit IRC[20:22:56] *** reddog1 has joined #postfix[20:43:31] *** p3rror has joined #postfix[21:01:24] *** frnk has joined #postfix[21:04:26] <frnk> Hi there, can someone please help me: how can I make relay_domains to accept ALL domains?[21:05:05] <Dominian> ummm[21:05:09] <waldi> please explain what problem you are trying to solve[21:05:11] <Dominian> Why would you relay every domain possible?[21:05:31] <waldi> Dominian: thats called a smart-host[21:06:35] <Dominian> I know what a smart host is, but from my reading he wants to relay ALL domains..[21:06:39] <Dominian> not just act as a smart host for all[21:06:43] <frnk> Its like that: I have Postfix on a local server with IMAP and SMTP, and want my clients connect to that one. But as it has I dynamic IP I want that all outgoing traffic is relayed to another Postfix (SMTP) install on a hosted server.[21:07:00] <Dominian> that makes more sense[21:07:12] <Dominian> So you just need this machien to utilize anothe rpostfix insance as a smart host?[21:07:15] <waldi> Dominian: a smart-host by definition relays all domains[21:07:25] <Dominian> waldi: that's fine[21:08:05] <Dominian> !relayhost[21:08:05] <knoba> Dominian: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[21:10:07] <frnk> hmmm[21:10:22] <Dominian> That at least sounds like what you're wanting to me[21:11:19] <frnk> I have a relayhost entered, and it seems to work only for the domains I have in relay_domains. others get 'relay access denied'[21:12:07] <frnk> (destinations: like sending a emai to blabla at relay dot domain is ok where as blabla at norelay dot domain not)[21:13:25] <Dominian> can you provide a log and postconf -n .. per the /topic[21:13:54] <waldi> frnk: you need at either tls client auth or sasl auth[21:14:23] *** jgspratt has joined #postfix[21:14:24] *** kradalby has quit IRC[21:15:10] <jgspratt> will virtual_mailbox_domains restrict postfix to accept mail destined only to those domains listed?[21:15:37] <waldi> jgspratt: no. this is controlled by smtpd_mumble_restrictions[21:15:53] *** HaxCore has joined #postfix[21:15:56] <waldi> !reject_unauth_destination[21:15:56] <knoba> waldi: "reject_unauth_destination" : see http://www.postfix.org/postconf.5.html#reject_unauth_destination[21:17:30] <frnk> ok, now I think I got the clue:[21:18:03] *** p3rror has quit IRC[21:18:33] <frnk> I have to configure SMTP to accept NOT-authenticated connections JUST for destinations that have their endpoint at my server, but to accept authenticated connections for every destination, so clients can send mail[21:19:34] *** reddog1 has quit IRC[21:20:23] *** Cromulent has joined #postfix[21:21:29] <lunaphyte_> you need to have separate mx and submission streams.[21:21:35] *** _andre has left #postfix[21:22:50] <jgspratt> waldi: I already have this: "smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"[21:22:55] <jgspratt> wouldn't that do it?[21:23:23] <waldi> lunaphyte_: no, this is not necessary[21:23:47] <lunaphyte_> yes, it is.[21:24:30] <lunaphyte_> just set smtpd_relay_restrictions to empty.[21:24:39] <lunaphyte_> it's not needed for virtually all scenarios.[21:24:49] <lunaphyte_> it's just adding more unnecesary confusion[21:25:15] <waldi> it is not necessary[21:25:23] <waldi> it works pretty well without[21:25:45] <lunaphyte_> it's the proper way to do things.[21:26:10] *** rly has left #postfix[21:26:20] <frnk> OK THANKS!! IT WORKS. I had "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" but nothing for smtpd_relay_restrictions... so it failed[21:27:13] *** HaxCore has quit IRC[21:27:36] *** reddog1 has joined #postfix[21:28:01] *** reddog1 has quit IRC[21:28:12] <jgspratt> how can I stop spam more? I seem to be becoming an open relay. people are trying to use to to send to yahoo[21:28:38] *** reddog1 has joined #postfix[21:28:53] <waldi> disable it immediately and investigate. creating an open relay with postfix is hard but not impossible[21:29:01] *** reddog1 has quit IRC[21:29:38] *** reddog1 has joined #postfix[21:30:03] *** reddog1 has quit IRC[21:30:40] *** reddog1 has joined #postfix[21:31:04] *** reddog1 has quit IRC[21:31:56] *** reddog1 has joined #postfix[21:32:07] *** Toerkeium has joined #postfix[21:32:22] *** reddog1 has quit IRC[21:32:44] *** marchelly has quit IRC[21:33:06] *** reddog1 has joined #postfix[21:33:59] *** reddog1 has left #postfix[21:37:20] <jgspratt> ok, here is my config for postfix 2.6.6 (on Centos 6.4): http://hastebin.com/meyifayahu.hs[21:38:49] <jgspratt> I am not sure what in there is making it an open relay[21:39:13] <waldi> this paste is empty[21:39:41] <jgspratt> it shows 80 lines when I click on the link[21:40:00] <jgspratt> what URL did you end up on?[21:40:44] *** HaxCore has joined #postfix[21:41:03] <waldi> http://hastebin.com/meyifayahu.hs even the html page is mostly empty[21:41:37] <jgspratt> I think you're browser[21:41:56] <jgspratt> has an issue[21:42:00] <waldi> nope[21:42:11] <waldi> it just does not support javascript[21:43:22] <jgspratt> I also maintain my JS running manually[21:43:46] <jgspratt> I maintain my position regarding my paste, however. It is not empty.[21:44:17] <waldi> it is empty, the page does not contain any content[21:44:40] <jgspratt> It contains indirection.[21:45:20] <grknight> jgspratt: shoot self in foot: "mynetworks = 0.0.0.0/0"[21:45:23] <thumbs> http://pastie.org/private/prrn81ggblhfojpuruvja[21:45:24] <waldi> $ curl -D - -o /dev/null http://hastebin.com/meyifayahu.hs 2> /dev/null | grep Location[21:45:47] <thumbs> I've had hastebin play tricks on me in the past too.[21:46:03] <jgspratt> grknight: yes, I was wondering about that. how can I allow mail to come from anywhere on the net?[21:46:11] <jgspratt> but not relay messages to anywhere?[21:46:18] <waldi> jgspratt: read the documentation?[21:46:22] <grknight> jgspratt: that's what it does by default[21:46:50] <jgspratt> oh, really? I wasn't getting any mail through before I set 0.0.0.0/0[21:46:57] <jgspratt> Must have been unrelated[21:47:02] <grknight> jgspratt: your logs should be screaming to you about "-o reject_unauth_destination" being invalid[21:47:46] <jgspratt> perhaps they were too full with spam[21:48:47] *** batteur has quit IRC[21:49:04] <rob0> yikes, 0.0.0.0/0?[21:49:45] *** batteur has joined #postfix[21:50:04] <grknight> jgspratt: you are letting everyone use your server as a spam relay[21:50:09] *** trifler has left #postfix[21:50:20] <jgspratt> ok, I fixed that.[21:50:24] <jgspratt> sorry.[21:50:33] <jgspratt> I did have it turned off at least[21:50:42] <grknight> and now are probably blacklisted like mad[21:50:50] <lunaphyte_> hopefully, yeah.[21:50:56] <rob0> We cannot possibly begin to guess why you were not getting any mail. Are there any relevant logs pasted somewhere?[21:51:09] <lunaphyte_> otherwise i'd be disappointed that the dnsbls weren't really working.[21:51:42] <jgspratt> I think it is working properly. however, there is a backlog of mail that shows up as "deferred"[21:51:55] <jgspratt> how can I clear that stuff out so it never sends?[21:51:56] <lunaphyte_> likely mostly spam[21:52:00] <lunaphyte_> man postsuper[21:52:11] <Dominian> !postsuper[21:52:12] <knoba> Dominian: "postsuper" : the queue supervision tool for postfix. Use it with the option "-d" to remove mails from the queue. See 'man postsuper' for more information.[21:52:57] <rob0> your deferred queue will probably last as long as your DNSBL listing[s].[21:53:01] *** HaxCore has quit IRC[21:53:43] <jgspratt> cool. how can I list my queues? is there another program for that?[21:53:52] <jgspratt> I want to run postsuper -d queue_id[21:54:23] <jgspratt> or maybe I should just do -d ALL[21:54:59] <rob0> !mailq[21:54:59] <knoba> rob0: "mailq" : used to display mail currently in the postfix queues. To remove or requeue mail from the queues see the postsuper(1) command.[21:55:05] <lunaphyte_> unless you're genuinely concerned there are significantly important legitmate messages in the queue, i'd just delete all.[21:55:39] <lunaphyte_> *legitimate[21:55:47] <jgspratt> postsuper: Deleted: 16194 messages[21:55:53] *** Southron has joined #postfix[21:55:54] <lunaphyte_> hah, nice[21:56:11] <grknight> time to beg and plead to be removed from bls[21:56:35] <jgspratt> I figure this IP is toast.[21:56:52] <lunaphyte_> you can clean up an ip. it takes some time.[21:56:59] <jgspratt> do you just wait?[21:57:04] <lunaphyte_> that's part of it.[21:57:27] <lunaphyte_> but if you literally just wait, you are increasing the likelihood that it will take longer than it has to.[21:57:30] <jgspratt> ok. I have 5 /24s, so I'll wait[21:57:57] <grknight> larger mail systems may have a reputation list. may take months for those to clear if you are not proactive and get their attention[21:58:51] <jgspratt> ok, this looks better: http://hastebin.com/numatijici.xml[21:58:59] *** frnk has quit IRC[21:59:12] *** d3c has quit IRC[21:59:25] *** kradalby has joined #postfix[21:59:30] <lunaphyte_> i have a vps with an ip that was relatively abused by its former user. it took probably 6 months to get things more or less squared away wrt mail delivery. and that was with me being particularly proactive. and now ~1 year later, i still have the occasional hiccup.[21:59:52] <jgspratt> in wonder if there is a way to throttle connections better.[22:00:03] <lunaphyte_> !tell jgspratt postscreen[22:00:03] <knoba> jgspratt: "postscreen" : SMTP triage server available in Postfix 2.8, see http://www.postfix.org/POSTSCREEN_README.html and http://www.postfix.org/postscreen.8.html[22:01:01] <lunaphyte_> i'd also encourage you to consider a firewall automation mechanism.[22:01:12] <lunaphyte_> e.g. fail2ban, sshguard, etc.[22:01:41] <jgspratt> hm, well, I have 2.6.6 unfortunately[22:01:51] <lunaphyte_> oh, heh. then first you need to upgrade[22:02:20] <lunaphyte_> the last update for 2.6 was four months ago, and it was old then.[22:02:33] <lunaphyte_> now it's abandoned[22:03:05] *** Cromulent has quit IRC[22:03:05] <jgspratt> "postconf | grep smtpd_relay_restrictions" doesn't show anything[22:03:09] <jgspratt> is this a problem?[22:03:17] <lunaphyte_> smtpd_relay_restrictions is a new setting.[22:03:20] <grknight> jgspratt: that's a 2.10 feature[22:03:23] <jgspratt> oh, hah.[22:03:30] <lunaphyte_> much newer than postscreen[22:03:40] <jgspratt> gotcha[22:05:57] <lunaphyte_> and it's a feature that probably 99.9% of the postfix audience has zero use for.[22:06:23] <lunaphyte_> vs postscreen, which is at the other end of the spectrum[22:09:42] *** Uranio has quit IRC[22:09:42] *** UQlev has joined #postfix[22:11:05] *** snearch has joined #postfix[22:12:36] <jgspratt> ok[22:12:54] *** p3rror has joined #postfix[22:13:21] *** Section1 has quit IRC[22:14:52] <jgspratt> how can I do a quicker "too many errors after RCPT from unknown[117.199.198.183]" detection?[22:15:11] <adaptr> what do you consider too many errors?[22:15:21] <jgspratt> 5?[22:15:27] <jgspratt> not like 50[22:15:37] <adaptr> (soft|hard)_error_limit[22:15:41] <adaptr> read up on that[22:15:54] <jgspratt> thanks[22:16:14] <adaptr> if you're extremely paranoid (or don't like email), you can set it to 1[22:16:36] <jgspratt> oh, and then a delay[22:17:19] <waldi> adaptr: this have nothing to do with paranoid, this is just a way to get no mail at all, especially if there or things like greylisting interfering[22:19:05] <adaptr> well, what would be a reason to set it low, other than rejecting clients that behave suspiciously, for some value of suspiciously?[22:22:56] *** mactimes is now known as mactimes_[22:25:02] <jgspratt> I want to make all the spammers threads hang[22:25:24] <waldi> forget it. you want to get rid of them as fast as possible[22:25:25] <adaptr> you really don't[22:25:30] <lunaphyte_> hah. no, you don't[22:25:44] <lunaphyte_> unless you like getting ddosed[22:26:04] <lunaphyte_> block them as fast as possible, and work your way further away from postfix[22:26:17] <lunaphyte_> e.g. my suggestion to use sshguard etc[22:26:30] <lunaphyte_> even better if it's a firewall further out[22:35:50] <hikenboot> hello it looks like one error remains: connect to 127.0.0.1 :10024:connection refused and telnet just disconnects[22:36:49] <hikenboot> also fatal no sasl authentication caused by previous erro warning SASL connect to inet:127.0.0.1P:12345 failed connection refused[22:36:54] <waldi> hikenboot: remove the redirect or content filter[22:37:21] <hikenboot> in which file would that be...sorry for my ignorance[22:37:36] <waldi> you added it in the first place?[22:37:48] <hikenboot> actually a script added the amavisd[22:38:34] <hikenboot> can you point me to documentation on this particular subject?[22:39:47] <adaptr> !amavisd[22:39:48] <knoba> adaptr: "amavisd" : see !amavisd-new[22:39:59] <hikenboot> thanks[22:40:00] <lunaphyte_> content_inspection_readme[22:40:07] <hikenboot> thanks[22:40:11] <hikenboot> !amavisd[22:40:11] <knoba> hikenboot: "amavisd" : see !amavisd-new[22:40:22] <hikenboot> !amavisd-new[22:40:22] <knoba> hikenboot: "amavisd-new" : amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers. See http://www.ijs.si/software/amavisd/[22:43:53] <hikenboot> thanks got it #content_filter=smtp-amavis:[127.0.0.1]:10024[22:46:23] *** todd_dsm has joined #postfix[22:53:29] *** kradalby has quit IRC[22:53:52] *** kradalby has joined #postfix[22:58:46] *** trusktr has quit IRC[23:01:28] <hikenboot> I am using inet and am getting a connection refused...fixed the amavisd problem but I cant just remove sasl with 127.0.0.1 any doc on this[23:03:06] *** grknight has quit IRC[23:05:44] *** jarif has quit IRC[23:06:00] <adaptr> what ARE you talking about[23:08:12] *** mechanicalduck has joined #postfix[23:11:34] <hikenboot> ok in my configuration (main.cf) I have smtpd_sasl_path = inet:127.0.0.1:12345 it is throwing up a connection refused error. I have not installed a firewall at this time however from what I understand since I am using debian it does work in a chroot so I am not sure if that has something to do with it...[23:12:45] <hikenboot> the error occures when I try and telnet into it then it disconnects[23:13:30] <wolfmitchell> for what program?[23:13:36] <wolfmitchell> owait[23:13:36] <hikenboot> postfix[23:13:36] <wolfmitchell> derp[23:13:39] <wolfmitchell> wrong channel[23:13:40] <wolfmitchell> xD[23:13:41] <adaptr> hikenboot: use a unix socket instead.[23:13:46] *** mechanicalduck has quit IRC[23:14:09] <wolfmitchell> (how the heck did this channel end up showing up as another channel on another network o-o[23:14:11] <wolfmitchell> )[23:14:26] <adaptr> get a real client ?[23:14:42] <hikenboot> it seems the unix socket docs are wrong but if you can suggest one in particular that is right I would appreciate it[23:15:04] <adaptr> have yuo tried the documentation ?[23:15:58] <hikenboot> I have tried everything but it doesnt seem to work...at this point I am really frustrated. I am running the latest revision for debian 7 perhaps I would have been better on debian 6 with an older version[23:16:16] <adaptr> what revision are we talking about ?[23:16:33] <adaptr> you're not providing a lot of useful information here[23:17:31] <hikenboot> version 2.9.6[23:17:56] <adaptr> ah, version.[23:18:16] <adaptr> so, which part of the SASL_README were you having problems with, exactly ?[23:19:40] <hikenboot> let me bring it back up hold on[23:20:54] *** Borg has joined #postfix[23:22:48] *** trusktr has joined #postfix[23:26:04] *** UQlev has quit IRC[23:30:07] *** donmichelangelo has quit IRC[23:31:15] *** donmichelangelo has joined #postfix[23:38:45] *** mechanicalduck has joined #postfix[23:54:47] *** mechanicalduck has quit IRC[23:58:59] *** mechanicalduck_ has joined #postfix