September 3, 2015 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 3, 2015 [00:02:34] <pj> ceptor: do keep in mind that you can only prevent users from spoofing when they submit mail through your server. Nohting prevents them from spoofing anything they want via a different server.[00:03:34] *** Amkei has joined #postfix[00:03:45] *** Amkei has quit IRC[00:03:45] *** Amkei has joined #postfix[00:06:11] *** [NoClan]GoAway has joined #postfix[00:19:13] *** robinho86 has quit IRC[00:19:28] *** mroe has joined #postfix[00:20:35] *** Xenoth has quit IRC[00:23:25] *** Xenoth has joined #postfix[00:25:59] <ceptor> pj: that was not the problem here[00:26:12] <ceptor> lunaphyte: Everything works, i am extatic. :)[00:31:36] *** Amkei has quit IRC[00:33:08] *** magyar has joined #postfix[00:41:59] *** githogori has quit IRC[01:02:09] *** githogori has joined #postfix[01:04:23] *** Haudegen has quit IRC[01:05:12] *** ceptor has quit IRC[01:05:44] *** Chill_Surf has quit IRC[01:17:51] *** Haudegen has joined #postfix[01:19:22] *** sarri has joined #postfix[01:26:18] *** skweek has quit IRC[01:34:00] *** MinetestForFun has quit IRC[01:36:18] *** michael_mbp has quit IRC[01:36:30] *** mroe has quit IRC[01:37:33] *** michael_mbp has joined #postfix[01:38:08] *** skweek has joined #postfix[01:47:14] *** tafa2 has joined #postfix[01:52:54] *** gamba47 has joined #postfix[01:58:36] *** tafa2 has quit IRC[02:04:39] *** hlieberman has quit IRC[02:04:58] *** hlieberman has joined #postfix[02:14:54] *** mc_fail has quit IRC[02:27:05] *** keanne has quit IRC[02:29:36] *** RadoQ has quit IRC[02:36:33] *** skweek has quit IRC[02:54:59] *** n-st has joined #postfix[02:59:01] *** skweek has joined #postfix[03:00:11] *** n-st has quit IRC[03:02:18] *** n-st has joined #postfix[03:03:01] *** tmberg has quit IRC[03:32:34] *** n-st has quit IRC[03:34:04] *** n-st has joined #postfix[03:50:31] *** D-Boy has quit IRC[03:52:54] *** joules has joined #postfix[03:54:32] *** gamba47 has quit IRC[04:05:27] *** skweek has quit IRC[04:11:25] *** gamba47 has joined #postfix[04:12:00] *** linkedinyou has quit IRC[04:12:18] *** linkedinyou has joined #postfix[04:50:53] *** gamba47 has quit IRC[05:08:00] *** gamba47 has joined #postfix[05:10:56] *** linkedinyou has quit IRC[05:22:47] *** gamba47 has quit IRC[05:24:46] *** D-Boy has joined #postfix[05:27:38] *** nikgod has quit IRC[05:31:15] *** guampa has quit IRC[05:32:20] *** guampa has joined #postfix[05:33:53] *** nikgod has joined #postfix[05:59:24] *** ovrstorm has quit IRC[05:59:48] *** ovrstorm has joined #postfix[06:16:42] *** TyrfingMjolnir has joined #postfix[06:21:23] *** linkedinyou has joined #postfix[06:41:24] *** Xenoth has quit IRC[06:54:25] *** cesurasean has quit IRC[07:02:46] *** pexapor has joined #postfix[07:03:45] *** tolkor has quit IRC[07:04:18] *** sharky has quit IRC[07:04:24] *** cesurasean has joined #postfix[07:05:28] *** tmberg has joined #postfix[07:06:28] *** TyrfingMjolnir has quit IRC[07:11:46] *** sharky has joined #postfix[07:24:02] *** BoomerBile has quit IRC[07:29:01] *** echan has quit IRC[07:36:56] *** skylite has joined #postfix[07:58:16] *** Haris___ has joined #postfix[07:58:26] *** zorg1 has quit IRC[07:58:45] *** zorg1 has joined #postfix[07:58:57] *** Haris___ has left #postfix[08:00:31] *** Haris has joined #postfix[08:00:33] <Haris> hello all[08:01:10] <Haris> In a postfix+dovecot setup, where dovecot is also doing local delivery, how do I setup submission in postfix. some ISPs' filter outgoing on 25[08:01:22] <Haris> need to provide alternate setup for mail submission/sending/outgoing[08:01:39] <Haris> just enable submission in master.cf "as it is" ?[08:02:11] *** michael_mbp has quit IRC[08:02:13] <Haris> sasl auth is enabled in postfix[08:02:27] <Haris> sasl type is dovecot[08:03:47] <Haris> guys, anyone around at this hour ?[08:05:03] *** michael_mbp has joined #postfix[08:06:18] *** tabakhase has quit IRC[08:06:44] *** skylite has quit IRC[08:07:41] *** michael_mbp has quit IRC[08:10:04] *** michael_mbp has joined #postfix[08:12:56] *** michael_mbp has quit IRC[08:17:57] *** michael_mbp has joined #postfix[08:18:34] *** michael_mbp has joined #postfix[08:18:52] *** TyrfingMjolnir has joined #postfix[08:25:13] <Haris> ?[08:27:50] <Haris> postfix/submission/smtpd[17881]: NOQUEUE: reject: RCPT from unknown[x.xx.x.x]: 554 5.7.1 <unknown[x.xx.x.x]>: Client host rejected: Access denied;[08:27:55] <Haris> what does this mean ?[08:28:05] <Haris> sasl auth didn't work ?[08:29:29] *** carl- has joined #postfix[08:32:03] *** xernus has joined #postfix[08:32:56] <Kunsi> !tell Haris submission[08:32:56] <knoba> Haris: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[08:33:11] <Kunsi> for question half an hour ago[08:33:20] <Haris> well[08:33:30] <Haris> I'v enabled submission. but as my log is saying, its not working[08:33:54] <Kunsi> are you sure you enabled sasl auth, and it's working?[08:34:35] <Haris> I have 2 pieces of config. one in main.cf, enabling sasl_auth[08:34:44] <Haris> another, in master.cf, enabling submission[08:34:51] <Kunsi> access denied means "something blocked your client"[08:34:58] <Kunsi> !getting_help[08:34:59] <knoba> Kunsi: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[08:35:03] <Haris> sasl auth was working fine on port 25. but I need it to work on other than port 25[08:35:20] <Haris> pasting info. hold please[08:35:35] *** pppingme has quit IRC[08:39:17] <xernus> Hi! I'm having trouble blocking some IP addresses. The entire 10.0.0.0/8 is listed in mynetworks. However, I would like to block a specific subnet (10.15.160.0/20) from sending. But it lets e-mail through, how can this be? main.cf: http://pastie.org/10393557 - client_access: http://pastie.org/10393558[08:39:50] <xernus> I have added the "check_client_access" under "smtpd_recipient_restrictions"[08:39:53] *** pppingme has joined #postfix[08:41:07] <Haris> what's the command to give output of current master.cf ?[08:41:11] <Haris> postfix -M ?[08:41:56] <Haris> postconf -<[08:41:57] <Haris> M[08:53:15] *** Chill_Surf has joined #postfix[08:54:18] *** zacdev has joined #postfix[09:03:26] *** tabakhase has joined #postfix[09:05:08] *** lrea has joined #postfix[09:08:07] *** fzirngibl has joined #postfix[09:10:54] <Haris> http://pastebin.ca/3150019[09:11:07] <Haris> also --> http://pastebin.ca/raw/3150019[09:12:59] *** zorg1 has quit IRC[09:20:01] <Haris> I'v tried without mua_sender_restrictions, mua_helo_restrictions. result is same[09:20:33] <Haris> my setup is postfix+mysql + dovecot for sasl auth, imap, local mail delivery[09:26:13] *** zorg1 has joined #postfix[09:26:31] <tuxick> xernus: it's better to use authentication, got a reason not to?[09:32:59] <Haris> guys, any help for my issue /[09:33:08] <Haris> ./ = ?[09:37:24] *** clement_ has joined #postfix[09:40:41] <survietamine> looks like you set restrictions and ask why some clients are restricted[09:42:30] <Haris> I have ? where ?[09:42:43] <Haris> smtpd_client_restrictions ?[09:44:24] <tuxick> i'd say yes :)[09:44:45] *** twb has joined #postfix[09:44:51] <tuxick> but you shouldn't do ssl/auth on 25[09:44:57] <tuxick> sasl[09:45:23] <tuxick> meh i first need to wake up properly[09:45:29] <Haris> how to not allow it on 25 and allow it on other ports ?[09:45:34] * Haris is confused[09:45:43] <survietamine> Haris: smtpd_client_restrictions is empty by defaults in recent versions. So every restrictions you added, you should know why[09:46:14] <Haris> I know the restrictions in the above line[09:46:27] <twb> I have this awful bit of master.cf: http://sprunge.us/dfWh[09:46:34] <survietamine> *every restrictions you added*[09:46:48] <survietamine> your paste doesn't included only this restriction[09:46:56] <Haris> hmm[09:47:10] <twb> My question is: can I have maxwell use LMTP (instead of SMTP) to send the message on to $nexthop?[09:47:13] <survietamine> and the log includes hint: <unknown[x.xx.x.x]>: Client host rejected[09:47:50] <twb> At a glance I guess I can just by changing "127.0.0.1:10026 inet n - - - - smtpd" from smtpd to lmtpd, and changing maxwell from (Python) smtplib.SMTP() to smtplib.LMTP()[09:48:39] <twb> I guess the real question is: should I even bother? SMTP is working, after all.[09:48:42] <Haris> reject_non_fqdn_sender is causing it ?[09:48:48] <Haris> from main.cf ?[09:49:43] <Haris> in main.cf, I think I should add permit_sasl_authenticated, before reject_non_fqdn_sender for smtpd_recipient_restrictions ?[09:49:57] <Haris> does order matter ?[09:50:38] <twb> Haris: order matters in general[09:50:53] <Haris> I'v never had the "Client host rejected: Access denied" error before. My googling hasn't revealed much into this one[09:50:56] <tuxick> <insert german joke>[09:51:12] <twb> It's like an iptables firewall - it tries them in the order you list them[09:53:54] <clement_> guys, have a question around policy protocol usage of postfix. say i have policyd to rate limit mails for each user (at smtpd_recipient_restrictions) and smtpd_milters configured with an anti spam milter. say the current mail is allowed as per policyd, but the mail is rejected at end of data for spam, this rejected mail is counted against his quota now. is this fine?[09:54:06] <Haris> nope. this is not it. I still get the same error msg[09:54:40] <Haris> I'm not sure what "Client host rejected: Access denied;" error means, or which part of the config it is hitting for this error msg[09:57:30] *** D-Boy has quit IRC[09:58:16] *** D-Boy has joined #postfix[10:06:06] *** Haudegen has quit IRC[10:08:07] <Haris> smtpd_client_restrictions=permit_sasl_authenticated,reject <- what to change in this ? I need to allow non-fqdn sender ?[10:08:34] * Haris is reading http://www.postfix.org/postconf.5.html for smtpd_client_restrictions[10:10:22] <Haris> do I need to remove the reject at the end, and replace if with permit ?[10:12:10] <Haris> smtpd_client_restrictions=permit_sasl_authenticated,reject <- this is the only instance of smtpd_client_restrictions in my paste[10:12:22] <twb> Haris: I think you should read the document "Postfix SMTP relay and access control"[10:12:39] <survietamine> hmm, is your master.cf really has no whitespace before smtpd_client_restrictions and smtpd_recipient_restrictions?[10:12:50] <Haris> smtpd_client_restrictions=permit_sasl_authenticated,reject <- this was intended to allow authenticated relay, and reject relaying from all others[10:13:00] <Haris> checking[10:13:07] <twb> Haris: and the document "SASL Authentication"[10:13:08] <Haris> twb: already done that many many times[10:13:24] <twb> OK. Those are what I read last time I did what you're doing.[10:13:52] <twb> There wasn't a simple "postfix best practices" document.[10:14:29] <Haris> http://pastebin.ca/3150140[10:14:54] *** Haudegen has joined #postfix[10:15:23] <Haris> I have a few commented out lines in definition for 'submission'[10:22:25] *** TyrfingMjolnir has quit IRC[10:23:43] *** twb has quit IRC[10:26:10] <Haris> it should only go to 'reject', if 'permit_sasl_authenticated' is not getting hit ?[10:26:21] <Haris> which should be getting hit[10:32:10] <Haris> that means, sasl auth is failing ?[10:32:20] <Haris> that's why it is hitting the reject clause ?[10:32:25] <Haris> its acting wierd[10:32:36] <Haris> I can't understand where I'm going wrong with my config[10:33:55] *** TyrfingMjolnir has joined #postfix[10:38:05] <Haris> master.cf on -> http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL[10:42:05] *** darkavenger_afk is now known as darkavenger[10:48:09] *** dazo_afk is now known as dazo[11:08:48] *** TyrfingMjolnir has quit IRC[11:17:05] *** clement_ has quit IRC[11:18:26] *** RadoQ has joined #postfix[11:18:45] *** RadoQ has quit IRC[11:18:45] *** RadoQ has joined #postfix[11:19:24] *** mc_fail has joined #postfix[11:23:10] *** skynews has joined #postfix[11:35:04] *** clement_ has joined #postfix[11:38:45] <clement_> guys,can anyone answer on this.[11:38:48] <clement_> guys, have a question around policy protocol usage of postfix. say i have policyd to rate limit mails for each user (at smtpd_recipient_restrictions) and smtpd_milters configured with an anti spam milter. say the current mail is allowed as per policyd, but the mail is rejected at end of data for spam, this rejected mail is counted against his quota now. is this fine?[11:40:01] *** TyrfingMjolnir has joined #postfix[11:49:37] *** Darcidride has joined #postfix[12:02:21] *** mc_fail has quit IRC[12:17:13] <tuxick> wasn't there some issue with using underscores in email address?[12:23:10] *** BoomerBile has joined #postfix[12:30:35] *** Haris has quit IRC[12:32:47] *** pti-jean_ has joined #postfix[13:01:00] *** pti-jean_ has quit IRC[13:02:57] *** Darcidride_ has joined #postfix[13:03:41] *** Darcidride has quit IRC[13:13:48] *** pti-jean_ has joined #postfix[13:31:21] *** Amkei has joined #postfix[13:37:03] *** zacdev has quit IRC[13:43:58] *** sina0 has quit IRC[13:51:53] *** sina0 has joined #postfix[13:53:38] *** Section1 has joined #postfix[14:05:57] *** skweek has joined #postfix[14:07:02] *** ogny has joined #postfix[14:15:56] *** ws2k3 has quit IRC[14:17:33] *** ws2k3 has joined #postfix[14:21:26] *** clement_ has quit IRC[14:29:49] *** hackeron_ has joined #postfix[14:30:16] <survietamine> addon page on postfix.org website seems not up to date with newest/more interesting softwares. Do you guys, grab infos elsewhere?[14:31:13] *** skweek has quit IRC[14:33:04] *** skweek has joined #postfix[14:33:13] *** hackeron_ has left #postfix[14:33:21] <patdk-wk> we? what do we have to do with the website?[14:34:18] <survietamine> I mean, where to find good resources for postfix addons softwares?[14:34:23] *** hackeron has joined #postfix[14:34:58] <survietamine> are you subscribed to some mailing lists or forum?[14:35:06] <hackeron> hey, I am using gmail to relay my email - occationally it says "status=bounced (host smtp-relay.gmail.com said: 550-5.7.1 Daily relay limit exceeded for domain" -- if I retry sending the email, even right away, it sends correctly. How do I set up postfix to retry emailing in these cases?[14:35:38] <survietamine> I don't know which sources a postmaster should read for news about mail softwares[14:37:08] <patdk-wk> hackeron, by telling it to not use gmail[14:39:55] <hackeron> patdk-wk: for the immediate solution, I want to retry sending, not switch away from gmail[14:41:32] *** drehmer has joined #postfix[14:43:36] *** Amkei has quit IRC[14:45:42] *** Chill_Surf has quit IRC[14:49:11] <patdk-wk> for the imeddiant solution, postfix is doing as it is told, gmail told it to not retry ever[14:50:11] <hackeron> patdk-wk: yeh, I want it to have a custom behaviour - if the sender email is no-reply@mydomain - I don't want it to bounce the email back to sender and if the server replied, "Daily relay limit" I want it to retry in 15 minutes[14:50:35] <patdk-wk> good luck[14:50:41] <patdk-wk> postfix wasn't designed to ignore the rules[14:51:45] <hackeron> patdk-wk: can it at least not bounce the email back to no-reply@ ?[14:54:38] *** skylite has joined #postfix[14:55:33] *** Amkei has joined #postfix[14:57:50] *** Amkei has quit IRC[15:03:26] *** FinboySlick has joined #postfix[15:03:52] *** pti-jean___ has joined #postfix[15:04:26] *** pti-jean_ has quit IRC[15:06:20] *** dbalog has joined #postfix[15:13:06] *** mc_fail has joined #postfix[15:19:34] *** saliak has joined #postfix[15:22:16] <saliak> for some reason the message_size_limit in my main.cf isn’t being picked up - https://paste.ee/p/2pk72 any ideas?[15:24:39] <DominikB> saliak, are you shure you wan't this value to be 0[15:25:02] <saliak> DominikB: not really, but mostly just for a matter of example[15:25:22] <saliak> DominikB: i really just want to double the size limit, but it’s not picking up any changes.[15:25:37] <saliak> also tried using postconf -e with no luck[15:26:17] *** darix has joined #postfix[15:26:44] <DominikB> saliak,can you give a complete postconf -n[15:28:04] <darix> can i make postfix log the dns resolving related stuff? i have cases where it tries to use the wrong MX for a domain. so i would love to see some logging for "MX look up for domain returned <list here>"[15:28:37] <darix> the list of target domains with the wrong MX is random.[15:28:56] <darix> also the wrong MX are random[15:29:20] <saliak> DominikB: ok. at https://paste.ee/p/wdurB (removed host names, etc..)[15:30:30] <DominikB> saliak, ok did you restart the postfix after it but before you restart change the value to a much higer value then 0[15:31:49] <DominikB> darix, did you look at http://www.postfix.org/DEBUG_README.html ?[15:32:42] <saliak> DominikB: yes, see https://paste.ee/p/V8kKj[15:34:02] <DominikB> saliak, you grep from the default values[15:34:05] <DominikB> -d Print main.cf default parameter settings instead of actual set-[15:34:05] <DominikB> tings. Specify -df to fold long lines for human readability[15:34:05] <DominikB> (Postfix 2.9 and later).[15:34:19] <DominikB> you have to use -n[15:34:24] <DominikB> for new set values[15:34:28] <saliak> good god[15:34:29] <darix> DominikB: yes and i didnt see anything to make it just enable logging of dns stuff. and the server is a bit too busy for full debug[15:34:51] <DominikB> darix, take a closer look about -v to serveral process[15:34:51] <saliak> DominikB: *face-palm*[15:35:01] <saliak> DominikB: ok, thanks[15:35:40] <DominikB> darix, and to diagnose problems with mail delivery specify a "-v" option for the qmgr(8) or oqmgr(8) queue manager,[15:35:55] *** skweek has quit IRC[15:36:13] <darix> DominikB: it is actually mails send via mlmmj to the outside[15:36:48] <DominikB> darix, then you have to debug the stmp from mlmmj[15:37:19] <Dominian> tsk tsk darix breakin' stuff again[15:37:58] <darix> DominikB: no i dont. it is postfix' smtp that is doing weird stuff[15:38:05] <DominikB> hm ok[15:38:17] <darix> Dominian: if i broke something, than i would at least know where to look[15:38:53] <DominikB> darix, add a -v to the smtp process in master.conf[15:40:31] <Dominian> darix very true[15:41:57] <patdk-wk> I dunno you even want to log the dns lookups there[15:42:06] <patdk-wk> probably much more useful to tcpdump port 53[15:42:34] <rob0> um, what?[15:42:38] <darix> patdk-wk: might be viable but the server is a bit busy ;)[15:43:08] <rob0> Did you try with dig to see what you got? Definitely do that before any verbose logging.[15:43:20] <darix> rob0: the issue is not consistent[15:43:30] <darix> it is definitely *not* an issue of the destination[15:43:54] <darix> it is also not a dns recursing server issue, we switched that out[15:43:56] <patdk-wk> check all their ns servers?[15:44:05] *** Cybertinus has quit IRC[15:44:13] <darix> patdk-wk: 15:28:36 < darix> the list of target domains with the wrong MX is random.[15:44:14] <patdk-wk> have that all the time, different ns's giving different results[15:44:26] <patdk-wk> oh, the domains are random[15:44:45] *** skweek has joined #postfix[15:44:50] <Dominian> patdk-wk: yeah..[15:44:56] <Dominian> patdk-wk: it's really... weird[15:44:58] *** fzirngibl has quit IRC[15:45:08] <darix> time to add a patch for dns logging[15:45:18] <darix> the code seems to indicate there is none atm[15:45:31] <rob0> You could have the Postfix server run its own resolver and use "nameserver 127.0.0.1" in resolv.conf(5)[15:45:44] *** sina0 has quit IRC[15:45:44] <Dominian> aye[15:46:02] <Dominian> So.. the domains will got batty for a while, then go back to normal, but it's not affecting all domains[15:46:05] <Dominian> that is fucked up[15:46:44] *** Cybertinus has joined #postfix[15:46:52] <patdk-wk> what postfix version?[15:47:19] <darix> 2.11.0[15:47:28] <rob0> Choice of resolver software, normally I'd say BIND named, but in this case you'd want dnstap, which BIND does not yet have.[15:47:46] <rob0> So check out unbound and powerdns in no particular order.[15:47:53] <darix> Dominian: it can even be within a single second it can fail to send a mail because of using a wrong MX but the next mail is correct again[15:48:04] <darix> rob0: dnsmasq, pdns-recursor[15:48:16] <rob0> dnsmasq is not a recursor[15:48:24] <patdk-wk> I used to use powerdns everywhere, but have switch all my postfix to unbound, for dnssec[15:49:37] <nomadz> pdns doesn't do dnssec?[15:50:06] <darix> pdns authorative does dnssec[15:50:14] <darix> pdns recursor is not a validating dns resolver yet[15:50:29] <nomadz> ah ok. i don't use pdns recursor[15:50:46] <nomadz> unbound on all mail related boxes[15:51:07] <darix> if your app does dnssec validation anyway, it doesnt matter all that much.[15:51:15] <rob0> https://www.powerdns.com/dnssec.html only mentions the authoritative server[15:51:16] *** sina0 has joined #postfix[15:52:24] <nomadz> I don't know if spamassassin and others use dnssec, but I switched from dnsmasq to unbound a while ago for speed[15:53:23] <rob0> Still there's the apples/oranges thing; dnsmasq is merely a forwarder, while unbound does actual recursion.[15:54:17] <nomadz> true[15:54:23] <nomadz> didn't read above :)[15:54:28] <darix> well given it happens with both ... this could also just be a postfix dns/connection cache bug[15:55:54] <rob0> I'd focus on the DNS before chasing down some vague Postfix bug theory. Postfix doesn't cache DNS, BTW, and connection caching can't change IP address.[15:56:30] *** sina0 has quit IRC[15:57:54] <patdk-wk> they said the next version of pdns-recursor will have dnssec[15:58:11] <patdk-wk> I do like unbound, it has lots of options and control, and is really nice[15:58:24] <patdk-wk> it's rather annoying to scale it though, where pdns-recursor basically autoscales[15:58:49] <rob0> http://dnstap.info/Examples/ looks like right now it's between unbound and knot[16:01:26] *** master_of_master has quit IRC[16:01:54] <darix> i packaged that[16:02:09] <darix> atm i use just tcpdump[16:02:26] <rob0> that works too[16:02:56] <rob0> have you caught one of the erroneous DNS responses yet?[16:03:11] <darix> nope[16:06:30] <darix> it is also not 100% reproducable sadly[16:08:34] <sysmonk> hm[16:08:43] <sysmonk> i think there was another guy who had similar issue[16:08:53] <darix> http://postfix.1071664.n5.nabble.com/Postfix-relays-through-wrong-IP-instead-of-MX-randomly-td75971.html[16:08:59] <darix> looks a bit similar[16:09:15] <sysmonk> nah, a different guy! :)[16:09:51] *** sina0 has joined #postfix[16:09:52] <darix> sysmonk: got a reference?[16:10:00] <sysmonk> i'm pinging him on skype[16:10:09] <sysmonk> to check if my memory fails me[16:11:18] *** ThomasKeller has quit IRC[16:11:46] *** fzirngibl has joined #postfix[16:13:02] <sysmonk> darix: he says he had a similar issue, running postfix 2.11 on centos6[16:13:18] <sysmonk> he says he downgraded to 2.10 and looks like it helped[16:13:25] <darix> sysmonk: did he find out anything[16:13:57] <rob0> is yours also centos6?[16:14:12] <darix> sle12[16:14:18] <sysmonk> but also 2.11 ?[16:14:33] <darix> yes[16:14:51] <sysmonk> well, maybe you can downgrade to 2.10 and see if it helps? :)[16:14:52] <darix> so i guess i should bring this up on the postfix ML[16:14:57] *** fornax has joined #postfix[16:14:58] <sysmonk> or upgrade to 3 :)[16:15:15] <darix> sysmonk: which 2.11.x did he test exactly?[16:15:23] <sysmonk> no idea[16:15:58] <rob0> I would try to bring it up, yes, but it would help a lot if you could catch something in the tcpdump. BTW are you watching both UDP and TCP with that?[16:16:12] <darix> yes[16:16:17] <sysmonk> darix: he's leaving office so he can't join here to chat[16:16:29] <sysmonk> you can try searching logs - he's nick is "mungustas"[16:16:41] <sysmonk> but i'm not sure if you'll find anything useful[16:17:47] <darix> time to read the changes between 2.11.0 and 2.11.6 if something rings a bell[16:18:17] *** penk has joined #postfix[16:18:33] *** carl- has quit IRC[16:19:29] <tuxick> shouldn't be much?[16:20:03] <sysmonk> darix: are you sure it works fine in 2.11.6?[16:20:43] <darix> sysmonk: naw. but i will also read the 2.11.0 rc changes[16:21:02] <darix> git diff original-postfix-2.10 original-postfix-2.11 | view - ^^[16:21:15] <sysmonk> s/view/lp/[16:21:15] <sysmonk> :)[16:21:53] <darix> lp?[16:22:11] <rob0> print[16:22:15] <sysmonk> yeah, green guys would kill for that[16:22:16] <sysmonk> :)[16:23:08] <darix> 81421 lines of diff[16:23:14] <darix> i definitely do not want that on paper[16:27:51] <darix> sysmonk: when you have time to chat with him again ... for me it looks like the bug only happens if you have a lot of outgoing traffic. please ask him if he had similar observations. TIA[16:28:42] <darix> rob0: the problem with building dnstap is ... some of the libraries it needs required really new versions which makes supporting older distros a bit pita[16:29:58] *** DrZaius has quit IRC[16:32:28] <rob0> What are you using for a resolver now? Does anything other than Postfix also use this?[16:32:42] <darix> pdns-recursor[16:32:45] <darix> and yes[16:34:11] <Dominian> BIND ftw[16:34:12] <sysmonk> darix: he has lots of outgoing traffic. he's a spammer[16:34:13] <sysmonk> :)[16:34:13] <Dominian> /o\[16:34:27] <Dominian> heh[16:34:28] <darix> pff[16:34:37] <Dominian> He's spamming openSUSE goodness to the mailing lists![16:34:41] <rob0> I would isolate that so nothing else can use it.[16:38:50] <jimpop> holy fsck... mailbombed by hotmail....[16:38:58] <tuxick> lucky you[16:39:13] <jimpop> "complaint about message from 10.162.90.147"[16:39:22] <jimpop> over and over[16:39:29] <tuxick> i had another case if "idiot reported legit mail as spam"[16:39:40] <tuxick> ah similar :)[16:40:20] * jimpop checks to make sure IANA hasn't re-allocated parts of 10/8[16:42:07] <jimpop> nope[16:43:01] <tuxick> oww i had that problem couple of times[16:43:47] <jimpop> 10.162.90.147 is an internal hotmail interface on BLUPR10MB0418.namprd10.prod.outlook.com[16:44:00] <jimpop> *network interface*[16:46:51] *** souther has quit IRC[16:47:15] *** souther has joined #postfix[16:47:55] <rob0> damn, that's bad[16:48:13] <rob0> and I know how to make it worse[16:48:53] *** Xenoth has joined #postfix[16:49:04] <rob0> Just think how much money those hotmail/msn/live admins are paid. Probably more than you![16:49:27] *** skweek has quit IRC[16:49:51] <jimpop> lol[16:51:27] <jimpop> unlreated to hotmail... does this error indicate that my dh key is too small, or the receiver's dh key?[16:51:30] <jimpop> https://paste.debian.net/hidden/5bb69ba1/[16:52:22] <darix> jimpop: remote[16:52:27] <jimpop> k, thx[16:52:29] <darix> openssl bumped the minimum to 1024[16:52:46] <jimpop> and the remote didn't upgrade?[16:53:02] <darix> yes[16:53:11] *** davlefou_ has joined #postfix[16:53:14] <darix> maybe you can write them a mail about it?[16:53:23] <evaryont> darix: for reference, what would a client side DH key error look like?[16:53:37] <jimpop> darix: good idea.[16:53:39] <darix> evaryont: there is no such thing?[16:53:52] <darix> dh params are server side[16:54:50] <evaryont> so that error message is just openssl bailing out before establishing an insecure tunnel? The server had asked for a DH key size that it thought was too small, so it aborted the handshake?[16:55:03] <darix> yes[16:55:15] <evaryont> ah, thanks for helping me understand :)[16:55:17] *** davlefou has quit IRC[16:57:22] <evaryont> hm, wonder if there is a way to send a message to the server that the client didn't like that DH key size... without user reports, I don't think the sysadmin would've noticed.[16:57:54] <evaryont> a message as part of the handshake for libraries/applications.[16:58:05] <jimpop> i use a tls_policy file for that, just need to know what domains to not try TLS with.[16:58:35] <evaryont> that just feels like working around the problem though. Good enough in the meantime, I guess. :)[16:58:38] *** [NoClan]GoAway has quit IRC[16:59:11] <jimpop> well, tbh, the domains in the list are ones that I feel would be anti-TLS anyways.[16:59:33] <jimpop> 163.com, 126.com, cantv, etc. (China, Venezuela, etc)[16:59:59] <evaryont> I'm asking even though I haven't researched it all yet, but is it possible to have postfix read multiple tls policy files?[17:00:21] <evaryont> something along the lines of integrating https://github.com/EFForg/starttls-everywhere/[17:01:06] <lunaphyte> as in smtp_tls_policy_maps?[17:01:21] <jimpop> i suppose you could have multiple smtp definitions in master.cf, and then each would reference a sep smtp_tls_policy_maps stanza[17:01:46] <evaryont> lunaphyte: ah, that would be the option. thanks![17:02:39] <evaryont> one should be able to have multiple table lookups separated by commas, right?[17:02:47] <lunaphyte> man 5 postconf[17:04:25] *** ogny has quit IRC[17:13:01] *** skylite has quit IRC[17:13:36] *** Quadro has quit IRC[17:14:12] *** dstarh has joined #postfix[17:14:31] *** Quadro has joined #postfix[17:22:58] *** lrea has left #postfix[17:23:09] *** fornax has quit IRC[17:28:27] *** fzirngibl has quit IRC[17:35:24] *** dFence has joined #postfix[17:36:07] *** darkavenger is now known as darkavenger_afk[17:39:25] *** PHPanos has joined #postfix[17:42:13] *** fornax has joined #postfix[17:45:53] *** fornax has quit IRC[17:46:21] <dFence> crap… I configured amavis to scan mail and forward them via dovecot’s lmtp socket. For incoming mail, it works perfectly fine, but outgoing mails are bounced b/c dovecot-lmtp (obviously) rejects the mail… any suggestions how to solve it? instead of pointing it towards dovecot-lmtp have it re-inject through postfix’ lmtp?[17:52:30] *** rotbeard has joined #postfix[17:52:52] <lunaphyte> sounds like you have not set up a proper submission service[17:53:01] <lunaphyte> !tell dFence show_config[17:53:01] <knoba> dFence: "show_config" : see !showconfig[17:53:04] <lunaphyte> !tell dFence showconfig[17:53:05] <knoba> dFence: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[18:01:13] <dFence> lunaphyte: I’ve reverted it to inet-sockets for now, I’ll have to give it another try tomorrow[18:04:51] *** dFence has quit IRC[18:06:17] *** Darcidride_ has quit IRC[18:06:24] *** darkxploit has joined #postfix[18:12:33] *** [NoClan]GoAway has joined #postfix[18:17:32] *** michael_mbp has quit IRC[18:21:04] *** michael_mbp has joined #postfix[18:21:37] *** thomas has quit IRC[18:30:09] *** skynews has quit IRC[18:38:07] *** Elion has joined #postfix[18:38:11] *** master_of_master has joined #postfix[18:40:09] <Elion> Hello, i have a pb with my postfix instance, whe i receive a mail i got this in the log : status=deferred (delivery temporarily suspended: lost connection with mymailer.tld[private/dovecot-lmtp] while receiving the initial server greeting), and my mails got stuck in the queue[18:40:28] <Elion> when* i recieve[18:41:53] <rob0> pb?[18:42:10] <lunaphyte> make sure dovecot is running, and has provided the referenced unix socket in the appropriate filesystem location[18:42:13] <darix> Elion: your lmtp isnt answering[18:42:22] <darix> and what lunaphyte said[18:42:33] <lunaphyte> indeed, we're not in such a rush here that we can't properly spell out the world "problem", please[18:42:43] <rob0> ohhhhhhh[18:42:53] <Dominian> I have a pb[18:42:55] <rob0> and I got all hung up on that[18:42:57] <Dominian> sandwich that is![18:43:02] <Elion> dovecot is running, and the socket is right where it should be[18:43:12] <rob0> yes, I was thinking peanut butter too :)[18:43:21] <buki> Dominian: that's pbj, no?[18:43:24] <darix> Elion: check your mail/dovecot log for errors[18:43:25] <Elion> rob0: lol[18:43:40] <Elion> darix: i'll make a gist[18:43:52] <rob0> jelly, are you on Dominian's pb?[18:44:00] <darix> so knot update done[18:44:08] <darix> but knot2 will not run on many older distros[18:44:09] * rob0 sticks thumbs in jelly[18:44:19] <lunaphyte> here is my advice/hint: use an inet socket, not a unix socket[18:44:21] <Dominian> buki: I like to type it quickly.. so I leave off the 'j'... takes too long otherwise[18:44:24] <Dominian> /o\[18:44:54] <rob0> lol[18:45:56] <lunaphyte> that does seem like it would take way too long[18:46:06] <Dominian> it's insane how long it takes[18:46:09] <lunaphyte> speaking of food[18:46:16] <lunaphyte> he was hungry, so i made a mistake[18:46:20] <Dominian> split second of indecision can delay you for like.. 2 split seconds.[18:49:39] <Elion> darix: https://gist.github.com/Nox-404/d3431d580ba9d6415a3d[18:50:54] <Elion> there is no error in dovecot log, only a few successfull imap connexions[18:56:13] <Elion> ok i got it, i needed to set the hostname in dovecot/conf.d/15-lda.conf, since the hostname was not exactly matching[18:56:23] <Elion> thx for your time :)[18:56:50] *** MinetestForFun has joined #postfix[18:58:04] *** raijin is now known as kurojin[19:00:17] *** pti-jean___ has quit IRC[19:01:22] *** darkxploit has quit IRC[19:01:49] *** fnuw543 has joined #postfix[19:06:03] *** rotbeard has quit IRC[19:07:25] *** kurojin has quit IRC[19:13:40] *** pti-jean_ has joined #postfix[19:14:23] *** darkxploit has joined #postfix[19:14:30] *** darkxploit has quit IRC[19:22:32] *** sarri has quit IRC[19:24:44] *** sarri has joined #postfix[19:24:48] *** Toerkeium has joined #postfix[19:25:41] *** raijin has joined #postfix[19:32:09] *** PHPanos has quit IRC[19:35:43] *** fnuw543 has quit IRC[19:41:07] *** kisisten has joined #postfix[19:41:07] *** magyar has quit IRC[19:59:43] <jelly> lunaphyte: meh, silly dovecot cannot do auth ("sasl") service on ssl, what use is an inet socket[20:00:06] <darix> that line doesnt make sense[20:00:11] *** mc_fail has quit IRC[20:00:25] <lunaphyte> yeah, that part is true. no encryption for the auth inet socket last i knew[20:00:36] <jelly> darix: inet sockets are useful for remote access. However, plaintext is not a good idea for remote acces[20:01:15] <lunaphyte> still just as safe on localhost though, without the problems people often have with unix sockets[20:01:20] <darix> hmm[20:01:24] *** kisisten has quit IRC[20:01:27] <darix> i just saw something about dovecot sockets and ssl[20:01:50] <jelly> right. Not sure about unix socket issues, maybe permissions or chrootses, but that's not too hard to solve[20:01:54] *** kisisten has joined #postfix[20:02:12] <lunaphyte> it's all relative[20:02:27] <jelly> yeah, less things to troip on, the better[20:02:32] <jelly> trip* on[20:04:48] *** master_o1_master has joined #postfix[20:07:29] *** sina0 has quit IRC[20:07:53] *** sina0 has joined #postfix[20:08:05] *** master_of_master has quit IRC[20:16:28] *** evilthomas is now known as homas[20:20:49] *** kisisten has quit IRC[20:26:12] <Freeaqingme> Hi folks. In RFC 5321 I read that the maximum length for a local part of a from address is 64 characters ( https://tools.ietf.org/html/rfc5321#section-4.5.3.1.1 ). I'm seeing some senders though (most notably mailchimp) who use local parts with a length of >80 characters. Are they bluntly violating all specs? Am I perhaps missing something?[20:27:15] <rob0> are they really? hmm.[20:28:12] <rob0> I would think Postfix would reject that.[20:28:36] <Freeaqingme> it doesn't. But right now my milter does[20:29:01] <Freeaqingme> if postfix would reject it I think mailchimp wouldn't even have thought of using such long addresses[20:30:07] *** ced117 has joined #postfix[20:30:09] <DominikB> Freeaqingme, imho this rule more a rule of thumb because it says should not must[20:31:00] <DominikB> There are several objects that have required minimum/maximum sizes.[20:31:02] <patdk-wk> should not != must not[20:31:03] <DominikB> Every implementation MUST be able to receive objects of at least[20:31:03] <DominikB> these sizes. Objects larger than these sizes SHOULD be avoided when[20:31:03] <DominikB> possible.[20:31:08] <Freeaqingme> was about to paste that[20:31:12] <Freeaqingme> you're right[20:31:31] <DominikB> patdk-wk, very rfc state what should and must mean[20:31:56] *** TyrfingMjolnir_ has joined #postfix[20:32:01] <patdk-wk> yes, there is an rfc that tell you :)[20:32:02] *** TyrfingMjolnir has quit IRC[20:32:02] *** TyrfingMjolnir_ is now known as TyrfingMjolnir[20:32:29] <DominikB> https://tools.ietf.org/html/rfc2119 my fav one[20:32:36] <Freeaqingme> So, I'm storing all the from addresses (among other stuff) in a database. Given that I apparently should increase the max length of the field to capture them. What would be a reasonable size you think?[20:33:50] <DominikB> Freeaqingme, 255 for local and 512 for domain[20:34:04] <DominikB> using varchar you not waste space[20:34:11] <Freeaqingme> DominikB: are these just arbitrary, or do they have a specific reason?[20:34:47] <patdk-wk> 2048 :)[20:35:03] <patdk-wk> it is all arbitary[20:35:10] <patdk-wk> there is no max length specified for email[20:35:24] <patdk-wk> there is only recommended line lengths, but lines can be wrapped[20:35:47] <patdk-wk> though, for either part to be >256 not normal[20:35:57] <DominikB> Freeaqingme, thats things i encoutered during my work[20:36:03] <patdk-wk> dns actually limits to like 256 I believe, but that again, doesn't mean much[20:36:35] <Freeaqingme> patdk-wk: headers can be wrapped. But the envelope stuff as well?[20:36:52] <patdk-wk> there is no line length limit, so it doesn't matter anyways[20:36:56] <Freeaqingme> true[20:37:23] <patdk-wk> just, lots of mail software will have issues at >2k per line[20:38:11] <Freeaqingme> aight. Thanks[20:41:23] *** ExoUNX has joined #postfix[20:42:42] *** darkavenger_afk is now known as darkavenger[20:42:55] <ExoUNX> what's the best way to get rid of spam?[20:43:20] <ExoUNX> or is their an irc channel where I can discuss this?[20:44:19] *** Toerkeium has quit IRC[20:45:38] <Freeaqingme> ExoUNX: there really are many approaches to that. It's like asking "how do I become rich fast"[20:46:07] <Freeaqingme> having said that,take a look at postscreen, blacklists, a spamfilter like spamassassin (or rspamd) and greylisting and you're well on your way[20:46:15] *** ced117 has quit IRC[20:47:24] <patdk-wk> forget fast[20:47:29] <patdk-wk> how do your become rich :)[20:48:21] <ExoUNX> I use postfix/SA/ClamAV/Amavisd-new right now[20:48:31] <ExoUNX> seems to suck though[20:48:38] <patdk-wk> I use the same, works great[20:52:36] <ExoUNX> apparently postfix people don't like mailscanner?[20:57:37] <guampa> software combos are one half, how effectively you tune the software is the other. I use the same and don't have spam[20:58:07] <ExoUNX> is there good guides out there to improve it[20:59:32] <guampa> none that comes to mind now, no[21:02:37] <darix> i only use postscreen+postgrey and no spam[21:02:57] *** skweek has joined #postfix[21:03:07] <patdk-wk> that will solve a lot of spam :)[21:03:25] <patdk-wk> except all this, b2b spam and associate services spam[21:05:18] <darix> you mean like feeding the mgmt/ceo mails into sa until they are sorted proprly?[21:05:54] <patdk-wk> no, the stupid, sign up for an account/support/... at a company, say, microsoft/vmware/...[21:06:05] <patdk-wk> and all the spam you get from people selling services that they sell your info to[21:06:06] <darix> lol[21:06:43] <patdk-wk> microsoft partner portal was the worst one I have ever seen[21:07:11] <ExoUNX> it's weird though, I have seen improvements in spam filtering[21:07:25] <ExoUNX> a few tests now succeed and I get less spam myself[21:08:03] <ExoUNX> but other people using the emails have had theirs for a 10+ years and have used the emails for everything[21:08:07] *** dazo is now known as dazo_afk[21:08:31] <darix> ExoUNX: the system needs time to learn[21:08:43] <patdk-wk> AND you have to teach it[21:08:44] <tuxick> best way to get rid of spam is go do putins job[21:08:49] <ExoUNX> does it actually learn on its own? or do I need to set that up?[21:09:13] <tuxick> haha no you need to train it[21:09:14] <ExoUNX> by have a spam folder that they can place into and run crons on it?[21:09:27] <tuxick> and you can't trust users to train spamfilters[21:09:59] <ExoUNX> best way to train it?[21:10:01] <tuxick> they'd mark notifications from facebook or linkedin as spam[21:10:16] <tuxick> because they're too stupid to toggle the right options[21:10:58] <tuxick> "why unsubscribe, i just block!"[21:11:18] <ExoUNX> tuxick, right[21:12:12] <darix> the best way is no uservtraining but honeypot accounts[21:12:17] <tuxick> i put a 'report as spam' button on webmail[21:12:49] <tuxick> they report: 1) mails already marked as {Spam} 2) notifications 3) stuff they subscribed to[21:13:10] <tuxick> less than 1 in 10 reports is useful though[21:14:21] <tuxick> mind you, every click they get warning "this is NOT for unsubscribing etc etc"[21:14:38] * tuxick foams[21:15:40] <ExoUNX> isn't it possible to match up SA with widely used blacklists?[21:18:11] <ExoUNX> like these here?[21:18:12] <ExoUNX> https://mxtoolbox.com/problem/blacklist/[21:23:37] <darix> ExoUNX: sure[21:23:55] <darix> but de dns bl in postscreen[21:24:01] <darix> do ...[21:25:54] <ExoUNX> how do I add it as a RCVD[21:26:18] <ExoUNX> is it just score RCVD_IN_SUB_DOMAIN_NET [score number here][21:29:20] *** ovrstorm has quit IRC[21:29:45] *** ovrstorm has joined #postfix[21:34:49] *** FinboySlick has quit IRC[21:42:51] <Psi-Jack> GAAAAAAHH[21:43:02] <Psi-Jack> New wave of new spammers getting through to my inbox. :/[21:44:12] *** irctc324 has joined #postfix[21:44:45] *** irctc324 has quit IRC[21:45:26] <Psi-Jack> Guess it's time to add in SpamAssassin inline with DSPAM.[21:45:45] *** JanC_ has joined #postfix[21:46:22] *** JanC has quit IRC[21:46:58] *** FinboySlick has joined #postfix[21:52:19] <ExoUNX> Psi-Jack, where have I've you before?[21:52:43] <ExoUNX> Psi-Jack, do you hangout on the reddit IRC server?[21:52:56] <ExoUNX> Psi-Jack, in TechSupport?[21:53:32] <Psi-Jack> No.[21:53:51] <Psi-Jack> Reddit is banned on my network, intentionally.[21:58:48] *** JanC_ is now known as JanC[22:00:27] <ExoUNX> Psi-Jack, do you hang out in php, centos, or linux channels?[22:00:33] <Psi-Jack> I do.[22:00:45] <ExoUNX> Psi-Jack, ok that's prbly where I saw you then lol[22:00:48] <ExoUNX> and this is odd guys[22:01:13] <ExoUNX> so all I send emails from my internal network but I can't send emails from a different wan IP[22:01:36] <ExoUNX> I get server error 554 5.7.1[22:01:59] <Psi-Jack> That's relay access denied.[22:02:05] *** Section1 has quit IRC[22:02:46] <ExoUNX> yah, I tried to send an email to my personal email from outside the network and I get that error[22:03:05] <ExoUNX> but I had a co-worker send it an email to the same email address and it worked for her[22:03:11] *** _nalle has quit IRC[22:03:19] <Psi-Jack> Many questions related to that. 1> How are you trying to send mail? 2> What's the log say?[22:03:30] <Psi-Jack> Many others could be posed after those 2. :)[22:03:59] <ExoUNX> Psi-Jack, yah I'll get you the logs + postconf -n[22:06:34] <ExoUNX> might be a sasl issue, not sure though[22:06:51] <ExoUNX> I've never manually setup up postfix/dovecot until recently[22:06:57] <ExoUNX> still learning it[22:08:12] *** skweek has quit IRC[22:11:57] <Psi-Jack> Heh[22:12:04] <ExoUNX> off topic question while I'm getting this[22:12:20] <Psi-Jack> I've got a pretty nice setup, but it's still allowing spam to get through with a vengence, at times.[22:12:22] <ExoUNX> I'm getting a lot of connections refused after adding some RBLs to spamassassin[22:12:23] <ExoUNX> that good?[22:12:26] <ExoUNX> in the mail logs[22:12:41] <darix> you do have a local dns cache right?[22:13:03] <ExoUNX> and they all seem to be spam domains too[22:13:08] <ExoUNX> and talking to me darix?[22:13:52] <darix> yes[22:19:10] <Psi-Jack> Hmmm.[22:19:56] <kriebz> can I prevent mail that comes in on 25 but originates from a list, perhaps mynetwork, to bypass a content filter?[22:20:21] <kriebz> oops, I typed that badly. s/prevent/permit/[22:20:30] <darix> kriebz: shouldnt it be enough to sort that accept before the content filter?[22:22:16] *** _nalle has joined #postfix[22:22:29] <kriebz> perhaps. can you be more specific, I get confused very easily[22:22:40] *** skweek has joined #postfix[22:22:44] *** michael_mbp has quit IRC[22:23:15] <kriebz> darix: is smtpd_recipient_restrictions evaluated in order?[22:23:35] *** michael_mbp has joined #postfix[22:23:47] <kriebz> is that where you mean?[22:24:16] <darix> i would think so[22:24:43] <lunaphyte> perhaps consulting the documentation would reveal the answer to this mystery[22:25:53] <darix> where would be the fun in that.[22:26:21] *** skweek has quit IRC[22:27:38] <kriebz> well, for one, I didn't know where to look until a human, with a different perspective, made a suggestion[22:28:05] <lunaphyte> man 5 postconf[22:28:30] <lunaphyte> also see smtpd_access_readme[22:28:55] <kriebz> and two, the mass of jargon that in the documentation frequently makes me want to band my head against a wall over and over[22:29:11] <kriebz> man my typing is bad today[22:30:51] *** Max-P has joined #postfix[22:36:18] *** skweek has joined #postfix[22:36:55] *** michael_mbp has quit IRC[22:38:32] *** ExoUNX has quit IRC[22:38:39] <Max-P> Hi, is it possible to tell postfix to refuse to send mail from an address that would not be a valid recipient? Basically, I want my server to only allow to send mails from people that have a mailbox on that machine[22:38:50] *** ExoUNX has joined #postfix[22:39:17] *** ExoUNX has quit IRC[22:39:31] <Max-P> Tried both smtpd_reject_unlisted_sender and reject_unlisted_sender with no effect at all; I can still send mail from @example.com from localhost[22:39:39] *** ExoUNX has joined #postfix[22:39:41] <ExoUNX> ok back[22:39:51] <ExoUNX> so this the error I get Psi-Jack - http://pastebin.com/uuTMB720[22:39:52] <lunaphyte> Max-P: yes. configure smtpd_sender_login_maps and use reject_sender_login_mismatch in your subsmission restrictions[22:40:05] *** michael_mbp has joined #postfix[22:40:13] <lunaphyte> ExoUNX: the client did not authenticate[22:40:46] <ExoUNX> lunaphyte, what do you mean by that?[22:40:59] <ExoUNX> lunaphyte, like a SASL auth? or account auth?[22:41:23] <lunaphyte> there is only one type of authentication in postfix. smtp auth, which if done by way of sasl.[22:41:27] <lunaphyte> *which is[22:42:19] <ExoUNX> lunaphyte, let me try some things[22:43:20] <ExoUNX> lunaphyte, the client is able to connect to connect to postfix though[22:43:40] <lunaphyte> i'm not sure how that would be a "though"[22:43:49] <lunaphyte> connecting is step one in a multi step process[22:43:59] <lunaphyte> performing authentication is a subsequent step[22:44:19] <ExoUNX> ok is there a setting I need to do in Outlook?[22:44:30] *** Haudegen has quit IRC[22:44:39] <ExoUNX> or is it a rDNS issue?[22:44:50] *** tharkun has quit IRC[22:45:02] <lunaphyte> first you need to configure encryption for your postfix submission service.[22:45:15] <lunaphyte> then you need to configure smtp auth for your postfix submission service[22:45:32] <lunaphyte> lastly, you need to configure your client software to use both encryption and smtp auth[22:46:00] <ExoUNX> lunaphyte, how do I do that?[22:46:18] <lunaphyte> that's all covered in the documentation included with the software[22:46:56] <lunaphyte> you'll also need to enable and configure the submission service if you've not already done so[22:47:00] <lunaphyte> !tell ExoUNX submission[22:47:02] <knoba> ExoUNX: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[22:47:15] <lunaphyte> see tls_readme for setting up encryption[22:47:28] *** skweek has quit IRC[22:47:30] <lunaphyte> see sasl_readme for setting up smtp auth[22:48:43] *** master_of_master has joined #postfix[22:48:44] <Max-P> lunaphyte: Mmh, that doesn't seem to work. It still accepted my mail[22:48:56] <lunaphyte> !tell Max-P getting_help[22:48:56] <knoba> Max-P: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:50:06] <ExoUNX> lunaphyte, I have sasl enabled though, did you see my paste?[22:50:16] *** MinetestForFun has quit IRC[22:51:50] *** master_o1_master has quit IRC[22:54:15] *** Haudegen has joined #postfix[22:54:55] *** pzduniak has joined #postfix[22:55:35] <Max-P> lunaphyte: http://d.max-p.me/temp5/postfix/ here for the config[22:55:37] <pzduniak> hi, could someone help me figure out why i timeout when i try to send an email to gmail?[22:55:39] <pzduniak> 2015-09-03T20:52:12.976787+00:00 59378a4a5f4e postfix/smtp[140]: connect to aspmx.l.google.com[74.125.136.27]:25: Connection timed out[22:56:00] <pzduniak> that's literally all i get, i remember that i had a similar issue earlier[22:56:06] <pzduniak> not sure how i fixed it back then[22:57:30] <Max-P> as for the logs, all I have is connect from localhost, gets the mail and queues it[22:58:46] <Max-P> pzduniak: Sounds like your ISP/provided blocked your E-Mails. Can you connect to gmail manually? "nc 74.125.136.27 25" or "telnet 74.125.136.27 25", the server should say you hello. If it doesn't, it's blocked at the network level[22:59:25] <pzduniak> 2015-09-03T20:59:01.024616+00:00 59378a4a5f4e postfix/smtp[147]: E9A7B5B8: to=<g9938768 at trbvm dot com>, relay=none, delay=30, delays=0.01/0.02/30/0, dsn=4.4.1, status=deferred (connect to mail.digitalsanctuary.com[174.37.94.132]:25: Connection timed out)[22:59:26] <pzduniak> im amused[22:59:38] *** mc_fail has joined #postfix[22:59:39] <ExoUNX> lunaphyte, so I have smtpd_sasl_auth_enable = yes and smtp_tls_policy_maps = hash:/etc/postfix/tls_policy[22:59:54] <pzduniak> Max-P, i figured that out, seems that my client asked me to set up a mailing service on a server that has outgoing :25 blocked[22:59:55] *** dstarh has quit IRC[22:59:58] <pzduniak> hilarious[23:00:17] *** skweek has joined #postfix[23:01:25] <Max-P> pzduniak: Yep. Have you check with the host if you need to ask them to enable it first, or if it was blocked due to spam before?[23:02:05] <Max-P> Mine's blocked right now because someone's Wordpress got hacked yet again and started sending spam (thus why I now want to enforce valid mail even from localhost, to limit the damages)[23:02:10] <pzduniak> no idea, i'm doing a demo for an investor who is interested in financing my project and he gave me a server where i was supposed to install a codebase[23:02:28] <pzduniak> and i got that thing lol[23:06:56] *** michael_mbp has quit IRC[23:08:34] *** michael_mbp has joined #postfix[23:09:06] <ExoUNX> im lost atm, I need some guidance :/[23:12:24] <ExoUNX> lunaphyte, still there?[23:12:28] *** tharkun has joined #postfix[23:17:39] *** Xenoth has quit IRC[23:20:13] *** tharkun has quit IRC[23:21:21] *** pti-jean_ has quit IRC[23:22:18] *** Ulver has quit IRC[23:23:26] *** pti-jean_ has joined #postfix[23:25:12] *** Ulver has joined #postfix[23:27:02] *** Max-P has left #postfix[23:28:50] *** pti-jean_ has quit IRC[23:33:39] <ExoUNX> lunaphyte, I see that for some reason my outlook client isn't not sasl_authenticated[23:34:19] <ExoUNX> lunaphyte, problem is ports 465 and 587 are not work and they're open[23:34:30] <ExoUNX> lunaphyte, only port 25 seems to work and using SASL[23:35:40] <ExoUNX> I'll try editing my master.cd[23:35:42] <ExoUNX> master.cf[23:36:25] *** penk has quit IRC[23:39:01] *** pti-jean_ has joined #postfix[23:42:28] *** tharkun has joined #postfix[23:43:07] *** drehmer has quit IRC[23:44:17] *** zacdev has joined #postfix[23:45:00] *** Haudegen has quit IRC[23:45:04] *** MacWinne_ has quit IRC[23:45:41] *** zacdev has quit IRC[23:46:10] *** zacdev has joined #postfix[23:46:13] *** dbalog has quit IRC[23:47:17] *** zacdev has quit IRC[23:47:45] *** zacdev has joined #postfix[23:48:46] *** zacdev has quit IRC[23:49:14] *** pti-jean_ has quit IRC[23:50:08] <ExoUNX> WHY ISN'T IT WORKING![23:50:08] <ExoUNX> lol[23:50:34] <ExoUNX> seriously, I've had no trouble with configs an any server except for postfix[23:50:51] <ExoUNX> postfix is the only thing I've ever had issues with[23:50:57] <ExoUNX> arg[23:51:44] *** pti-jean_ has joined #postfix[23:51:56] *** michael_mbp has quit IRC[23:52:35] *** michael_mbp has joined #postfix[23:53:46] <ExoUNX> WHY! -____-[23:53:54] <ExoUNX> can connect to port 587 with TLS[23:55:10] <ExoUNX> why doesn't it let me send from a remote client!:?[23:57:03] <guampa> wrapper mode is for 465, not 587. Also, what exactly do you understand by "TLS"? Also, what do the logs say?