September 4, 2015 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 4, 2015 [00:00:05] <ExoUNX> I'm gonna try one more thing[00:00:14] <ExoUNX> and then I can show you my master.conf[00:01:50] <guampa> you should show both master.cf and main.cf, as the config is defined by both, plus relevant logs[00:02:00] <guampa> hence !getting_help[00:02:02] <guampa> !getting_help[00:02:02] <knoba> guampa: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[00:02:35] *** skweek has quit IRC[00:04:20] *** Haudegen has joined #postfix[00:05:12] *** pti-jean_ has quit IRC[00:09:57] <ExoUNX> guampa, here you go - http://pastebin.com/n8xcjfT0[00:09:59] *** tharkun has quit IRC[00:10:46] <guampa> ExoUNX: the restrictions you have in client restrictions in the submission service go into relay_restrictions, also "permit_sasl_authenticared", typo there[00:12:03] <lunaphyte> smtpd_relay_restrictions are only needed if both mx and submission traffic are using the same port [and this is a huge huge nono][00:13:16] <guampa> i use it because of the (given in the manual) good reason of a less error-prone config[00:13:23] <guampa> it's clearer[00:14:12] <axisys> how do I receive email and process OR autoreply to the sender with some instruction, based on senders domain name?[00:15:19] *** skweek has joined #postfix[00:15:23] <axisys> in qmail I had .qmail-foo which calls a script which looks for domain name in ${SENDER} variable[00:15:23] <ExoUNX> guampa, so turn the client_restrictions into relay_restrictions?[00:15:49] <axisys> what is ${SENDER} equivalent in postfix?[00:16:00] <axisys> what is qmail ${SENDER} equivalent in postfix?[00:16:37] <axisys> or should I need to pipe it to procmail?[00:17:10] <guampa> ExoUNX: yes, unless you have some other use for it[00:17:27] <guampa> (like reject_plaintext_session)[00:19:28] <ExoUNX> guampa, I fixed the typo and changed it to relay_restrictions[00:19:34] *** Haudegen has quit IRC[00:19:43] <ExoUNX> still getting the same error and can't use TLS on either 465 or 587 only SSL[00:20:08] <guampa> ExoUNX: you can't use straight SSL on 587[00:20:25] <guampa> it won't even connect[00:20:36] <ExoUNX> I've only tested SSL on 465, TLS doesn't work on 465 or 587[00:20:49] <ExoUNX> and ok, I use SSL on 465 and it connects[00:21:01] <ExoUNX> but I still get the error[00:21:21] <ExoUNX> I think it's a remote client issue btw if that helps any[00:23:00] *** mc_fail has quit IRC[00:25:37] <lunaphyte> given proper separation of mx and submission traffic, it's no more secure[00:26:15] <lunaphyte> plus, it's more confusing, because there is no "relay" portion of an smtp conversation[00:27:56] *** darkavenger is now known as darkavenger_afk[00:28:07] <ExoUNX> so all traffic should go through 465?[00:28:07] <guampa> yeah I know, although it doesn't correlate like the other restrictions to a smtp stage i still find it less confusing, because it univocally deals with relaying[00:28:34] <guampa> which also i think was the intended effect[00:28:38] <lunaphyte> ExoUNX: heavens no. smtps[465] has been deprecated for over 15 years [and was never an actual standard in the first place][00:29:14] *** pzduniak is now known as zz_pzduniak[00:30:19] <guampa> i would disable it for the sake of simplicity while you troubleshoot even if you decide to enable 465 later (although as lunaphyte says is ugly and prone to global famine and disease)[00:30:19] <lunaphyte> i just find smtpd_relay_restrictions unnecessary. it solves no actual problem for me, as there was no problem prior to its inception. it's just yet another setting that exists because people are not careful and thorough[00:30:38] *** Xenoth has joined #postfix[00:31:15] <ExoUNX> so should I switch relay_restrictions back to client_restrictions?[00:31:23] <guampa> lunaphyte: there i agree with you. I'm less savvy though, and so I thank that it makes the relaying stuff easier to spot for me[00:31:26] <ExoUNX> also I tried tls on port 25 and I'm still getting the error :/[00:31:46] <thumbs> ExoUNX: don't use port 25 either.[00:32:21] <ExoUNX> what port?[00:32:40] <lunaphyte> don't forget global warming. i'm pretty sure it contributes to that[00:32:46] <guampa> lol[00:32:50] <thumbs> ExoUNX: submission is 587[00:32:53] <ExoUNX> why is this so hard :([00:33:09] <lunaphyte> hey, we have a factoid for that! :)[00:33:11] <lunaphyte> !easy[00:33:12] <knoba> lunaphyte: "easy" : unfortunately, because there are some folks who invest the time and effort to understand things, it makes emailing very easy for lots of other people, which seems to foster the notion that it couldn't possibly be any more complex than clicking send. this, of course, is not the case. as with most things, you get what you put in. also see !maintain[00:33:27] <lunaphyte> yay for rants![00:33:38] *** Haudegen has joined #postfix[00:34:13] <occupant> The first solution to any email problem is "pay someone to make it go away". If that can't be done, then you start considering other things.[00:34:17] <ExoUNX> I don't expec it to be that easy[00:34:51] <guampa> don't expect it to be nowhere easy[00:36:41] <thumbs> ExoUNX: it probably will be the hardest thing you ever configured.[00:36:47] <ExoUNX> it is[00:36:50] <ExoUNX> seriously[00:36:55] *** michael_mbp has quit IRC[00:37:13] <ExoUNX> I've configured so much stuff in linux just fine, but I can't fully wrap my head around this yet[00:37:34] *** michael_mbp has joined #postfix[00:37:35] <ExoUNX> It seems like a technology that want's to move on but is restricted by the past[00:37:40] <thumbs> ExoUNX: give yourself another few weeks. Or Months.[00:37:45] <guampa> heh, the usual excuse[00:37:46] <ExoUNX> so security measures have been hacked to work[00:37:55] <guampa> "it's hard, this doesn't seem modern"[00:38:14] <ExoUNX> well it's like a mix[00:38:18] *** ashwoods_ has joined #postfix[00:38:30] <ExoUNX> it seems modern but it's like trying modernize IPX[00:38:31] <ExoUNX> lol[00:38:38] *** kyrix has quit IRC[00:39:12] <ExoUNX> all I want to do is authenticate my remote client :/[00:39:38] <thumbs> !tell ExoUNX submission[00:39:38] <knoba> ExoUNX: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[00:39:41] <thumbs> !tell ExoUNX sasl[00:39:42] <knoba> ExoUNX: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[00:40:51] <ExoUNX> thumbs, here's my master.cf/main.cf/postconf -n/ and logs - http://pastebin.com/n8xcjfT0[00:41:11] <ExoUNX> typo has been fixed[00:52:41] *** michael_mbp has quit IRC[00:54:05] *** michael_mbp has joined #postfix[00:55:41] <ExoUNX> I wouldn't blame you guys if you didn't know either[00:55:46] <ExoUNX> it's crazy difficult[00:56:05] <thumbs> ExoUNX: I can't access pastebin.com, so I'll let someone else look at it.[00:56:22] <ExoUNX> thumbs, I can upload elsewhere if you prefer?[00:56:43] <thumbs> I have to step in a meeting now anyway[00:56:59] <ExoUNX> ok[01:02:29] <ExoUNX> anyone able to help?[01:02:50] <ExoUNX> I'll love you forever if you do[01:05:54] *** tharkun has joined #postfix[01:06:55] *** michael_mbp has quit IRC[01:09:05] *** michael_mbp has joined #postfix[01:11:51] <ExoUNX> who wan't some love <3[01:11:56] <ExoUNX> wants*[01:12:44] *** pti-jean has joined #postfix[01:21:19] *** skweek has quit IRC[01:22:03] *** skweek has joined #postfix[01:22:48] *** michael_mbp has quit IRC[01:24:05] *** michael_mbp has joined #postfix[01:28:46] *** skweek has quit IRC[01:31:29] <rob0> Wow, I had to scroll down to the very end of a 908-line paste to see that the client did not even attempt AUTH. Hour ago: 22:39 < thumbs> !tell ExoUNX sasl In that time have you gone over the instructions there to see what you missed?[01:35:02] <rob0> hint: SASL_README.html#server_sasl_authz[01:36:56] *** michael_mbp has quit IRC[01:37:41] *** pti-jean has quit IRC[01:41:35] *** michael_mbp has joined #postfix[01:42:28] <rob0> Also: every non-standard smtpd should have a unique setting of " -o syslog_name=postfix/submission". And don't offer AUTH on port 25. And get rid of smtps.[01:47:12] <ExoUNX> rob0, line 698 has the relay restrictions[01:47:21] <ExoUNX> rob0, how do I change it from port 25 to something else?[01:52:43] *** michael_mbp has quit IRC[01:57:35] *** michael_mbp has joined #postfix[02:06:57] *** michael_mbp has quit IRC[02:10:33] *** davlefou__ has joined #postfix[02:11:05] *** michael_mbp has joined #postfix[02:12:44] *** michael_mbp has quit IRC[02:13:23] *** davlefou_ has quit IRC[02:14:05] *** michael_mbp has joined #postfix[02:14:25] *** ExoUNX has quit IRC[02:15:37] *** pti-jean_ has joined #postfix[02:17:44] <jaybe> port 25 doesn't change or go away. that's how servers talk with each other.[02:19:15] *** Xenoth has quit IRC[02:23:05] *** ExoUNX has joined #postfix[02:23:06] <ExoUNX> back[02:28:48] *** twb has joined #postfix[02:44:49] <ExoUNX> anyone there?[02:47:49] <twb> no[02:48:48] <ExoUNX> twb, please be my savior <3[02:50:18] *** joulez has joined #postfix[02:50:32] *** joules has quit IRC[02:56:26] <rob0> "Relay restrictions"? Why do you think you need that? I scrolled past your main.cf anyway, had no intention of looking at that.[02:57:45] <rob0> Did you read the comments in the examples in the hint I gave you?[03:02:34] <ExoUNX> rob0, yes and it appeared to match my main.cf[03:02:36] *** pppingme has quit IRC[03:02:55] <rob0> The comments talk about version numbers.[03:03:41] <rob0> tell ya what: open your own "man 5 postconf" and search: /smtpd_relay_restrictions[03:04:42] <rob0> This is what you get for running software that's 5+ years past EOL: the newer documentation requires you to stay alert. You didn't.[03:07:54] <ExoUNX> rob0, ok so should I upgrade to CentOS7[03:08:00] <ExoUNX> and use the newer postfix?[03:09:05] <rob0> or read documentation that confuses you less[03:09:22] <rob0> your version came with complete documentation[03:09:24] *** zorg1 has quit IRC[03:09:56] <rob0> of course, you're missing a lot of newer features, but that's why you chose CentOS, right?[03:10:26] <ExoUNX> I chose CentOS for the stability[03:10:42] <ExoUNX> granted there are a few things I don't sacrifice stability with[03:10:56] <ExoUNX> such as nginx/php/mysql[03:11:13] <ExoUNX> and I'm sure willing to do that with postfix/dovecot/SA if I have to[03:12:07] *** mroe has joined #postfix[03:12:17] <ExoUNX> would it be better to run fedora 22 as the server?[03:12:27] <ExoUNX> or latest debian?[03:13:16] <rob0> I'm sure either is a different can of worms.[03:13:55] *** pppingme has joined #postfix[03:14:22] <ExoUNX> well fedora is more cutting edge[03:14:27] <ExoUNX> less stable of course[03:14:50] <ExoUNX> debian is much more stable but still has newer repos than CentOS afaik[03:15:27] *** pppingme is now known as Cruz4prez[03:17:59] <rob0> And Debian does goofy stuff in their default configs which will trip you up, just as they have done to many other of their users.[03:18:30] <ExoUNX> well it sounds like CentOS 7 might be the best option[03:21:48] *** dbalog has joined #postfix[03:25:29] *** mroe has quit IRC[03:26:04] *** zorg1 has joined #postfix[03:34:24] *** ExoUNX has quit IRC[04:11:48] *** njbair has quit IRC[04:16:54] *** skweek has joined #postfix[04:16:58] *** michael_mbp has quit IRC[04:20:05] *** michael_mbp has joined #postfix[04:21:02] *** njbair has joined #postfix[04:41:50] *** ExoUNX has joined #postfix[04:41:53] <ExoUNX> back for now[04:43:19] <ExoUNX> so questions[04:43:29] <ExoUNX> apparently I'm not supposed to use port 465[04:43:37] <ExoUNX> 587 isn't for TLS and same with port 25[04:43:42] <Dominian> what?[04:43:44] <ExoUNX> what port am I supposed to use for TLS[04:43:47] <Dominian> !sasl[04:43:48] <knoba> Dominian: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[04:43:58] <Dominian> port 587 is submission[04:44:00] <Dominian> !submission[04:44:01] <knoba> Dominian: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[04:44:04] <Dominian> and yes.. it does TLS[04:44:07] <Dominian> !starttls[04:44:08] <knoba> Dominian: "starttls" : STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. Postfix supports STARTTLS over the SMTP protocol. Also see !tls.[04:44:34] <ExoUNX> ok so all SASL configured for postfix is for dovecot?[04:45:05] <Dominian> cyrus or dovecot[04:45:16] <ExoUNX> ok[04:45:35] <ExoUNX> so the only way to have encrypted SMTP access is through starttls?[04:46:17] <Dominian> wait.. do you mean as a client sending emal?[04:46:22] <Dominian> or do you mean between servers?[04:46:41] *** dbalog has quit IRC[04:46:50] <ExoUNX> so when a client sends an email to postfix say using thunderbird[04:47:18] <ExoUNX> is the only way for the message to connect securely to the SMTP server is through starttls[04:47:30] <Dominian> The factoids tell you all of that[04:47:37] <Dominian> !tls[04:47:37] <knoba> Dominian: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[04:48:15] <ExoUNX> ok so don't tls over smtp using port 465[04:48:26] <ExoUNX> use starttls on 587 instead correct?[04:49:17] <lunaphyte> yes[04:49:19] <Dominian> yes[04:49:21] <Dominian> !465[04:49:22] <knoba> Dominian: "465" : see !smtps[04:49:24] <Dominian> !smtps[04:49:25] <knoba> Dominian: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. This means that smtps should *not* be used, and that this factoid exists for historical purposes only and should not be implemented. See !submission for smtps' successor. That being said, Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[04:49:27] <Dominian> ^^^^[04:49:31] <Dominian> that's why you don't use 465[04:50:08] <ExoUNX> well I'd rather say current and secure so I have no problems[04:50:17] <ExoUNX> I'm just re-doing the whole mailserver tonight[04:50:27] <ExoUNX> upgrading from CentOS 6.7 to 7[04:52:53] *** internat has quit IRC[04:52:59] *** mdik has quit IRC[04:53:07] *** internat has joined #postfix[04:53:56] *** eagles0513875 has quit IRC[04:56:12] *** eagles0513875 has joined #postfix[04:56:31] <ExoUNX> any other good and secure methods I need to know settiing this up?[04:59:53] <ExoUNX> also is this a good guide? - http://blog.iandreev.com/?p=1975#postfix_and_TLS[05:02:33] <Dominian> !tutorial[05:02:33] <knoba> Dominian: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[05:04:31] <ExoUNX> you guys a[05:04:38] <ExoUNX> you guys got a ! for everything[05:05:12] <rob0> You're asking stuff we have seen a few gazillion times.[05:05:33] *** joulez has quit IRC[05:05:52] <thumbs> you're making mistake after mistake[05:06:13] <rob0> sorry, I'll try harder[05:06:28] <thumbs> rob0: YOU CAN DO BETTER[05:06:43] * rob0 smears jelly with thumbs[05:06:55] <thumbs> well, that's gross[05:10:10] <ExoUNX> I actually haven't made the mistakes yet[05:10:14] <ExoUNX> that's why I ask here[05:10:28] <thumbs> oh, phew[05:10:30] <ExoUNX> so I might be guided in the right the direction[05:10:43] <ExoUNX> if I didn't want to do it right I wouldn't be here[05:11:23] <ExoUNX> rob0, and yah I know these are common questions[05:11:31] *** pj has quit IRC[05:11:34] <ExoUNX> another question[05:11:49] <ExoUNX> is it best to setup accounts through a DB or using linux accounts[05:12:15] <ExoUNX> or using a file[05:12:40] <ExoUNX> also does postfix support bcrypt?[05:14:57] *** Zombie has left #postfix[05:16:47] <ExoUNX> ok getting off now[05:16:54] <ExoUNX> I'll prbly be back on for more questions[05:16:59] <ExoUNX> thanks and ttyl[05:17:04] *** ExoUNX has quit IRC[05:28:34] *** nikgod has quit IRC[05:28:35] *** nate has quit IRC[05:29:08] *** eagles0513875 has quit IRC[05:32:33] *** nikgod has joined #postfix[05:33:34] *** eagles0513875 has joined #postfix[05:34:31] *** synapt has joined #postfix[05:40:21] *** BoomerBile has quit IRC[05:53:51] *** jaybe_ has joined #postfix[05:54:22] *** jaybe has quit IRC[05:54:38] *** jaybe_ is now known as jaybe[05:56:01] *** BoomerBile has joined #postfix[05:56:54] *** jaybe has quit IRC[05:57:07] *** jaybe has joined #postfix[05:59:56] *** leprechau has quit IRC[06:02:04] *** leprechau has joined #postfix[06:29:00] *** vigilvindex has quit IRC[06:30:18] *** vigilvindex has joined #postfix[06:36:27] *** homas is now known as thomas[06:52:05] *** davlefou_ has joined #postfix[06:54:08] *** davlefou__ has quit IRC[06:57:00] *** davlefou__ has joined #postfix[06:59:20] *** davlefou_ has quit IRC[07:00:44] *** davlefou_ has joined #postfix[07:03:08] *** davlefou__ has quit IRC[07:03:52] *** sharky has quit IRC[07:10:51] *** sharky has joined #postfix[07:11:12] *** pti-jean_ has quit IRC[07:14:40] *** pti-jean has joined #postfix[07:24:37] *** pti-jean has quit IRC[07:25:01] *** magyar has joined #postfix[07:25:28] *** githogori has quit IRC[07:31:45] *** githogori has joined #postfix[07:46:15] *** twb has quit IRC[08:36:26] *** carl- has joined #postfix[08:41:59] *** TyrfingMjolnir has quit IRC[09:02:32] *** zacdev has joined #postfix[09:05:09] *** fzirngibl has joined #postfix[09:06:07] *** cynicalcats has quit IRC[09:06:11] *** ek has quit IRC[09:08:51] *** Darcidride has joined #postfix[09:08:51] *** skynews has joined #postfix[09:22:29] *** ek has joined #postfix[09:43:43] *** davlefou_ has quit IRC[09:43:48] *** davlefou has joined #postfix[09:44:04] *** RadoQ has quit IRC[09:45:19] *** Haudegen has quit IRC[09:46:09] *** RadoQ has joined #postfix[09:47:12] *** cynicalcats has joined #postfix[09:49:22] *** skylite has joined #postfix[09:53:53] *** cynicalcats has quit IRC[09:53:54] *** cynicalcats has joined #postfix[09:54:09] *** Haudegen has joined #postfix[09:58:08] *** D-Boy has quit IRC[10:00:37] *** TyrfingMjolnir has joined #postfix[10:07:02] *** zblakany has joined #postfix[10:08:16] *** D-Boy has joined #postfix[10:19:13] *** d3lphi has joined #postfix[10:27:57] *** carl- has quit IRC[10:32:30] *** ogny has joined #postfix[10:32:30] *** ogny has joined #postfix[10:40:04] *** artista-frustrad has quit IRC[10:41:12] *** ThomasKeller has joined #postfix[10:48:35] *** roukoswarf has joined #postfix[10:53:01] *** nyloc has quit IRC[10:53:36] *** nyloc has joined #postfix[10:54:27] *** brgtt has joined #postfix[10:58:28] *** joules has joined #postfix[11:02:24] <roukoswarf> hello, i cant seem to get delivery to work, kinda at a loss, as a simliar config worked on a different server, error is "User unknown in virtual alias table"[11:05:17] <roukoswarf> the user is configured in a database, it shouldnt hit the alias table[11:08:37] <TheFatherMind> If your mappings are working right.[11:08:45] <TheFatherMind> !getting_help[11:08:45] <knoba> TheFatherMind: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[11:09:22] <roukoswarf> when i return self from the alias map, it doesnt work[11:09:32] <TheFatherMind> Did you switch your mappings to use the database?[11:09:54] <roukoswarf> virtual_alias_maps = pgsql:/etc/postfix/virtual_alias_maps.cf is present in postmap[11:10:39] <roukoswarf> !showconfig[11:10:39] <knoba> roukoswarf: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[11:12:07] <TheFatherMind> You are using a postgres database NOT mysql?[11:12:13] <roukoswarf> yes.[11:12:19] <TheFatherMind> Okay[11:12:33] <TheFatherMind> I am about to rest.. but lots of people here are helpful.[11:12:57] <roukoswarf> https://ptpb.pw/zMaL[11:20:00] *** ExoUNX has joined #postfix[11:20:03] <ExoUNX> anyone there?[11:21:07] <ExoUNX> I'm unable to connect dovecot or postfix outside the machine[11:21:14] <ExoUNX> the ports are open in firewalld[11:21:22] <ExoUNX> and I can telnet into the services locally[11:21:25] <ExoUNX> but not externally[11:21:32] <roukoswarf> listen on public address instead of localhos[11:21:33] <roukoswarf> t[11:21:51] <ExoUNX> issue is the server is set to 192.168.1.100[11:21:57] <ExoUNX> the wan IP is different[11:22:03] <ExoUNX> does this matter?[11:22:15] <roukoswarf> you have a mailserver behind a nat?[11:22:30] <ExoUNX> yes but it's DMZed[11:22:40] <roukoswarf> do you have port 25?[11:23:11] <ExoUNX> yes[11:23:31] <roukoswarf> no idea then[11:23:35] <ExoUNX> I had the server behind the same firewall earlier today[11:23:40] <ExoUNX> on CentOS 6.7[11:23:49] <ExoUNX> and it was working fine[11:34:16] *** skynews has quit IRC[11:36:10] *** dazo_afk is now known as dazo[11:37:39] *** penna_ has joined #postfix[11:41:20] *** penna_ has quit IRC[11:41:42] *** penna has joined #postfix[11:43:10] <penna> hey. I got user unknown in local rec. table. I thought it could lookup usernames somehow in dovecot, but it seems it doesn't work? I am kinda lost now. Do I need virtual_tables sinec I have the users already in dovecot?[11:43:35] <penna> here is the error: http://codepad.org/LyOY7EQ1 and ehre is postconf -n: http://codepad.org/VUHyRXyU[11:45:43] *** TyrfingMjolnir has quit IRC[11:45:50] <penna> dig +short servers.pgr MX[11:45:50] <penna> 10 mail.servers.pgr[11:46:12] *** TyrfingMjolnir has joined #postfix[11:50:29] <tuxick> what are the risks in using SRS? i've got way too many users/accounts forwarding to hotmail and gmail[11:50:35] <tuxick> and hotmail = fubar[11:51:04] <tuxick> management expects me to do the impossible[11:51:21] <tuxick> "fix hotmail"[11:53:16] <JPT> I can't think of risks right now, but i recall that the gmail guys had an article about better not using srs when forwarding to them.[11:53:44] <tuxick> and i consider gmail guys the competent ones[11:53:55] <tuxick> i don't use it myself but having little trouble with gmail[11:53:59] <JPT> https://support.google.com/mail/answer/175365?hl=en <-- i think it was this one.[11:54:36] *** Chill_Surf has joined #postfix[11:54:43] <tuxick> my problem is the fact the forwards will include spam[11:54:50] <tuxick> i can't run a tight filter on this domain[11:59:13] <JPT> I feel your pain :([12:00:09] <tuxick> i've been warning about those forwards for years, predicting things will only get worse[12:00:25] <tuxick> especially since russian govt refuses to arrest those criminals[12:02:21] <tuxick> anyway, i'll first see if i can predict the effects of SRS, then warn them about this[12:02:25] <tuxick> and then implement :)[12:02:32] * tuxick prepares a new toldyousodance[12:03:34] <JPT> How about this: All the incoming mail will be tagged by spamassassin (or whatever else). Positive SPAM matches will be thrown into a local folder that users can review (but these won't be forwarded). The rest (which should contain only very few spam mails), can then be forwarded using SRS and proper DKIM-signing to hotmail (or as is to google)?[12:04:33] <tuxick> JPT: not an option[12:04:52] <tuxick> policy is not to give them local boxes at all[12:05:01] <JPT> meh :/[12:05:05] <tuxick> only very few real users set forwards themselves[12:05:13] <tuxick> those few i could deal with[12:05:42] <JPT> umm... what kind of service is this (going to be)?[12:05:45] <tuxick> funny enough i run another server/domain with 10x more users[12:05:55] <tuxick> what you mean?[12:06:23] <JPT> Is it "bring your domain to our MTA and set up your forwarding target"?[12:06:28] <JPT> Why no local boxes?[12:06:35] <tuxick> policy :/[12:06:46] <tuxick> you know, the old story[12:06:58] <tuxick> people who know least make the decisions[12:07:02] <tuxick> aka "management"[12:07:28] <JPT> I guess i have not heard the old story yet, sorry. :/ Is this a company offering their employees an official email adress which then gets forwarded to their private email account?[12:07:44] <tuxick> it's lots worse[12:07:50] <tuxick> it's a political party[12:07:54] <JPT> aah[12:07:58] <JPT> that explains... meeh.[12:08:02] <tuxick> and yet those idiotss forwarwd to american servers[12:08:29] <tuxick> i've explained many times[12:09:14] <tuxick> i can *easily* run a few hundred extra boxes[12:09:17] <tuxick> no problem at all[12:09:43] <tuxick> don't even need more cpu/ram etc, maybe some more storage[12:10:30] <ExoUNX> thanks and good night[12:10:41] *** ExoUNX has quit IRC[12:11:02] <JPT> hm.. don't you have a "datenschutzbeauftragter" somewhere (somebody who takes care of how data is protected from bad things like theft, abuse, ...)?[12:11:20] <JPT> "privacy officer"[12:13:14] <JPT> I mean ... for a political organization, there are things that should be handled with care, aren't there?[12:13:40] * tuxick coughs[12:13:52] <tuxick> that'd be me[12:14:00] <tuxick> aka "the guy nobody listens to"[12:14:03] <penna> does noone has a idea how to fix my problem?[12:14:31] <tuxick> of course the core people have real mailboxes[12:14:59] <tuxick> but there's no real policy regarding forwards[12:15:11] <tuxick> just hoping for a serious incident[12:15:16] <tuxick> eye opening etc[12:15:53] *** mikecmpbll has joined #postfix[12:16:18] <JPT> Maybe you can reduce the damage that gets done by forwarding spam ... use a different domain/ip for the srs-forwarding of the non-core guys. This way, the mails from the core guys may keep their reputation... :|[12:17:09] <JPT> It's more of an ugly hack[12:19:10] <tuxick> actually i suggested and even implemented subdomains to all local divisions[12:19:36] <tuxick> even made it so that postmaster at sub dot doma.in could manage accounts within that[12:19:46] <tuxick> all in ldap :)[12:19:57] <JPT> penna: Postfix will need the (virtual) tables to look up users. I don't know of a way to tell postfix to just ask dovecot (maybe there is?), but my small setup uses tables. :)[12:21:12] <penna> don't you use mailboxes? Or when you say you do not a way for dovecot and postfix I will believe and will add users to postfix and dovecot.[12:22:08] <tuxick> use dovecot/lmtp[12:22:11] <JPT> penna: I'm sorry, but i am not that much of an expert to give you a 100% answer. I only know my own setup and that using tables /should/ be the way to go (i may be wrong).[12:22:13] <tuxick> leave it all to dovecot[12:22:23] <penna> and I got that virtual.db file in that format: "tester at servers dot pgr tester" ...but there is already aliases from /etc/aliases? Where would I put virtual?[12:22:28] <tuxick> you only need to tell postfix about the domains to accept mail for[12:22:51] <penna> okay thats what I tried. but it seems like they do not interact together[12:28:00] *** chser has joined #postfix[12:30:02] <survietamine> hey guys, I will manage to "re DKIM sign" mails posted to our mailing lists from senders in our domains. But what would I do when people from external domains send mails to our mailing list system? The dkim verification will break for them[12:31:12] *** chser has quit IRC[12:31:28] *** azwieg103 has quit IRC[12:32:54] <survietamine> hmm, I'm reading rfc6377[12:33:11] <tuxick> penna: wiki2.dovecot.org has it all documented[12:37:02] *** zacdev has quit IRC[12:51:17] *** Haris has joined #postfix[12:51:18] *** Haris has joined #postfix[12:55:51] *** d3lphi has quit IRC[13:00:56] *** TyrfingMjolnir has quit IRC[13:06:41] *** dbalog has joined #postfix[13:06:42] *** linkedinyou has quit IRC[13:06:50] *** master_of_master has quit IRC[13:13:11] *** skweek has quit IRC[13:19:45] *** master_of_master has joined #postfix[13:21:20] *** fzirngibl has quit IRC[13:21:52] *** darkavenger_afk is now known as darkavenger[13:35:04] *** sarri has quit IRC[13:37:31] *** sarri has joined #postfix[13:45:04] *** Bheam has joined #postfix[13:45:14] <Bheam> yo[13:45:37] *** azwieg103 has joined #postfix[13:45:44] <Bheam> i'm having trouble with incoming email being set to 3 days in the past in outlook[13:45:49] <Bheam> seems to not happen always[13:46:10] <Bheam> i checked and the Date: header is fine, but there are some odd dates in the Received headers[13:46:33] <Bheam> but they are all local, so i assume it's a system issue - but the question is what :p anyone ever experienced anything like it?[13:47:52] <thumbs> !tell Bheam relevant_logs[13:47:52] <knoba> Bheam: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[13:56:57] *** pj has joined #postfix[13:58:05] *** drehmer has joined #postfix[13:58:36] *** darkavenger is now known as darkavenger_afk[13:59:57] *** skweek has joined #postfix[14:03:59] *** sarri has quit IRC[14:04:29] *** linkedinyou has joined #postfix[14:04:33] *** sarri has joined #postfix[14:17:21] *** michael_mbp has quit IRC[14:20:37] *** michael_mbp has joined #postfix[14:25:23] *** schnuffle has joined #postfix[14:29:54] *** drewlander has joined #postfix[14:42:24] *** sina0 has quit IRC[14:48:05] *** mc_fail has joined #postfix[14:50:43] <tuxick> haha, someone on phone complaining somebody couldn't mail her, got rejected[14:51:11] <tuxick> and of course another case of semi-govt organisation wasting public money on exchange[14:51:18] <tuxick> misconfigured, as usual[14:51:46] <tuxick> millions are wasted every year :/[14:56:00] *** ashwoods_ has quit IRC[14:57:04] *** kyrix has joined #postfix[14:57:24] *** davispuh has joined #postfix[15:05:57] *** Section1 has joined #postfix[15:13:01] *** Haudegen has quit IRC[15:13:01] *** kyrix has quit IRC[15:13:15] *** darkavenger_afk is now known as darkavenger[15:15:27] *** kyrix has joined #postfix[15:17:33] *** Haudegen has joined #postfix[15:18:06] *** Haris has left #postfix[15:18:36] <patdk-wk> tuxick, it's not wasted[15:18:53] <patdk-wk> they where only paying that person likely half what a real person would require[15:19:03] <patdk-wk> so half screwups are ok :)[15:21:06] <rob0> sometimes they're paying a lot, because the org lacks the wherewithal to determine the value of tech staff[15:21:06] <tuxick> half?[15:21:19] <tuxick> windows clickers are usually overpaid[15:21:26] <lunaphyte> it's usually double, yes[15:21:28] <lunaphyte> sadly[15:21:31] <tuxick> at least paid more than they're worth :)[15:21:47] <rob0> They can't even identify who's capable and who's a fake.[15:21:54] <tuxick> that's the main problem[15:22:06] <tuxick> almost all dutch govt IT projects fail, massively[15:22:14] <tuxick> capgemini making fortunes[15:22:21] <rob0> Even the fakes, most of them don't know they ARE fakes. They just have that general sense of unease around true tech people.[15:22:23] <tuxick> billions actually[15:22:48] <tuxick> no idea how much tax money going to MS :/[15:22:59] *** Haudegen has quit IRC[15:23:06] *** skweek has quit IRC[15:23:30] <rob0> They come in here and expect to be treated like emperors, then storm off when we point out that the emperor has no clothes, :)[15:23:35] *** davispuh has quit IRC[15:24:45] <raijin> lol people in this room have an awfully high opinon of themselves[15:25:09] <raijin> opinion*[15:25:14] <raijin> :P[15:25:43] <schnuffle> I'M not belonging to those poeple in here, but I can assure you, that mostly the opinion is based expertice :-)[15:25:48] <thumbs> raijin: no, we've just seen our share of stupidity, in this channel mostly[15:25:52] <guampa> in the govt is even worst than in the private sector, at least here in my country. Tech bosses usually get in their position via political contacts and lobbies[15:26:07] <guampa> the results are nothing but ugly[15:26:19] <rob0> raijin, trolling? We don't need that here. Thank you.[15:26:28] <lunaphyte> heh, high opinion.[15:26:40] * raijin shrugs[15:26:47] <DominikB> :D[15:26:57] <raijin> one man's observation is another man's "troll"[15:27:00] <DominikB> rob0, don't feed the troll[15:27:18] <lunaphyte> sounds like something you'd say if you wanted to justify being a charlatan[15:27:28] <lunaphyte> in any case, good luck, i suppose[15:27:51] *** Haudegen has joined #postfix[15:28:14] *** swizgard has quit IRC[15:29:11] *** olegfusion has quit IRC[15:31:04] <raijin> all I know is that I came in here for help, was ridiculed, told my config was crazy and wouldn't work. . . and all I needed was some commas[15:31:26] <lunaphyte> gee, that doesn't sound hyperbolic at all[15:31:28] <raijin> so, justify that[15:31:36] *** kyrix has quit IRC[15:31:46] <lunaphyte> it also doesn't sound like an overly fragile ego :)[15:31:53] <raijin> hurrdurr[15:32:13] <raijin> it doesn't sound like your'e a snarky asshole[15:32:51] *** Haudegen has quit IRC[15:33:17] *** kyrix has joined #postfix[15:33:20] <lunaphyte> an intolerance for nonsense? yes, absolutely[15:33:29] <rob0> raijin, as I recall you failed to make a complete pastebin, which made your "simple" answer impossible to find. You know not whereof you speak.[15:33:44] <rob0> raijin, furthermore, again, the trolling is not going to be tolerated.[15:33:53] * raijin shrugs[15:34:03] <raijin> I don't need you[15:34:04] <rob0> raijin, namecalling is even worse.[15:34:47] *** skylite has quit IRC[15:35:09] <raijin> and of course you recall what would make you seem all knowledgeable[15:35:21] <raijin> what a fucking crock of shit lololol[15:35:42] *** ChanServ sets mode: +o rob0[15:35:52] *** rob0 sets mode: +q raijin!*@*[15:36:33] <lunaphyte> you gotta love that[15:36:34] <DominikB> he messed with the wrong one[15:37:12] <lunaphyte> we recall what would make us seem knowledgeable, but he does not recall what would make him seem slighted...[15:37:57] *** rob0 sets mode: +b $a:raijin[15:39:37] *** Haudegen has joined #postfix[15:40:25] <rob0> 13:39 <raijin> it must hurt to know you are an idiot[15:40:25] <rob0> 13:40 <rob0> yes[15:43:42] <patdk-wk> needed some commas? those are optional[15:44:28] *** Haudegen has quit IRC[15:44:31] <rob0> unless in master.cf overrides, but there, as pointed out, we couldn't know unless we had been shown.[15:47:44] *** olegfusion has joined #postfix[15:49:09] *** kyrix has quit IRC[15:49:17] *** sarri has quit IRC[15:51:13] *** Haudegen has joined #postfix[15:56:16] *** _mel_ has joined #postfix[15:56:37] <_mel_> Hi. can i define a virtual user for all domains like hostmaster@**?[15:59:04] *** Haudegen has quit IRC[16:00:35] <patdk-wk> virtual? no[16:00:37] <patdk-wk> local? sure[16:01:27] <rob0> There are ways to do wildcards, but they're usually wrong.[16:01:46] <rob0> (That is: not the right thing to do.)[16:03:37] <_mel_> its local. i have kolab which uses postfix. and i like to add one virtual user to catch all hostmaster@ abuse@ ando so on[16:04:01] <patdk-wk> you said virtual[16:04:13] <patdk-wk> !local[16:04:13] <knoba> patdk-wk: "local" : The local(8) daemon processes delivery requests from the Postfix queue manager to deliver mail to local recipients, meaning users that exist in your /etc/passwd. This is done for domains listed in $mydestination. See !basic, http://www.postfix.org/local.8.html and http://www.postfix.org/ADDRESS_CLASS_README.html#local_domain_class[16:04:14] <patdk-wk> !virtual[16:04:15] <knoba> patdk-wk: "virtual" : a way to configure additional domains and mailboxes that do not require individual system accounts. See: http://www.postfix.org/VIRTUAL_README.html[16:04:17] *** sarri has joined #postfix[16:04:32] <_mel_> oh, ok. virtual users[16:04:50] *** penk has joined #postfix[16:04:53] <rob0> Your wildcard would have to be limited to your own domains. You certainly do not want to intercept all mail to <role-account>@everywhere.[16:05:08] <_mel_> maybe some incoming rule whoo looks at the mail and forward it[16:05:35] *** Haudegen has joined #postfix[16:05:35] <DominikB> _mel_, setup one postmaster help info abuse and let the rest be aliases to it[16:05:36] <rob0> It's usually simplest to just maintain your alias list for each domain.[16:05:59] <rob0> You can script something to add the aliases when you add a domain.[16:06:34] <tuxick> i read all sorts of things about srs, not feeling confident about implementing[16:06:44] <tuxick> definitely not at friday afternoon anyway :)[16:06:44] <_mel_> yeah. kolab sucks on scripting witch multiple domains :( its designed for one domain only[16:07:36] <_mel_> can i define aliases besides a ldap backend by using another (maybe file based) alias mapping?[16:08:00] <DominikB> _mel_, you can setup an addtional virtual_alias file[16:08:14] <_mel_> like in hash:/etc/postfix/virtual_alias_maps_manual.cf?[16:08:28] <DominikB> _mel_, yep[16:09:15] <_mel_> ok. i could write a script to get all domains and add the entries. will postfix need to restart if the file changes?[16:09:42] <rob0> remember, order matters. Consider whether you want "virtual_alias_maps = ldap:whatever hash:/etc/postfix/virtual_alias_maps_manual.cf" or the other way around.[16:10:19] *** rob0 sets mode: -qo raijin!*@* rob0[16:10:28] <_mel_> its like this: virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, hash:/etc/postfix/virtual_alias_maps_manual.cf[16:10:37] <rob0> ugh, that's bad[16:10:56] <rob0> you don't want $alias_maps there.[16:11:02] <_mel_> so it breaks if it doesn't find anything inside the ldap[16:11:13] <_mel_> and never looks in the file?[16:11:26] *** synapt is now known as nate[16:11:35] <_mel_> its a default config brought by kolab[16:12:30] <rob0> Sounds like the kolab folks don't know Postfix very well.[16:12:38] <guampa> it's probably using /etc/aliases for virtual aliasing[16:13:34] <_mel_> rob0: the kolab guys make mistakes all around... allmost nothing works on default[16:15:26] <_mel_> but it seems to work if i add entries like this: hostmaster at pp-nt dot de hostmaster at pp-nt dot net[16:15:34] <_mel_> without restarting anything[16:17:26] <rob0> you do not need to restart for hash file changes. You DO need to postmap that file (newaliases in the case of $alias_maps.)[16:18:29] <_mel_> ok[16:18:33] *** ced117 has joined #postfix[16:18:46] *** ced117 has joined #postfix[16:19:29] *** KaiForce has joined #postfix[16:26:47] <_mel_> just postmap the file and thats it[16:27:01] *** sarri has quit IRC[16:29:16] *** junixbr has joined #postfix[16:29:27] *** yaxell has joined #postfix[16:29:50] *** sarri has joined #postfix[16:30:06] *** JanC has quit IRC[16:32:49] *** ThomasKeller has quit IRC[16:43:07] *** JanC has joined #postfix[16:46:48] *** Andre65 has joined #postfix[16:52:08] *** yaxell has quit IRC[16:53:41] *** darkavenger is now known as darkavenger_afk[17:05:22] *** cin_ has joined #postfix[17:05:28] *** cin_ has left #postfix[17:06:44] *** Andre65 has quit IRC[17:07:23] *** cinatic has joined #postfix[17:07:25] <cinatic> hi[17:13:04] *** danieli has joined #postfix[17:13:59] *** ogny has quit IRC[17:25:30] *** sarri has quit IRC[17:28:13] *** danieli has quit IRC[17:29:40] *** danieli has joined #postfix[17:34:49] *** Xenoth has joined #postfix[17:51:20] *** skweek has joined #postfix[17:54:16] *** schnuffle has quit IRC[17:55:41] *** yosafbridge has quit IRC[17:56:18] *** yosafbridge has joined #postfix[18:00:22] *** TyrfingMjolnir has joined #postfix[18:00:30] *** zorg1 has quit IRC[18:02:56] *** Darcidride has quit IRC[18:05:41] *** mikecmpbll has quit IRC[18:07:01] *** schnuffle has joined #postfix[18:10:43] *** mikecmpbll has joined #postfix[18:12:45] *** davlefou_ has joined #postfix[18:15:13] *** davlefou has quit IRC[18:15:32] *** davlefou_ has quit IRC[18:15:44] *** davlefou has joined #postfix[18:20:42] *** Quadro has quit IRC[18:33:21] *** davlefou_ has joined #postfix[18:35:26] *** darkavenger_afk is now known as darkavenger[18:35:30] *** davlefou has quit IRC[18:50:46] *** _mel_ has quit IRC[18:55:09] *** Kellin has quit IRC[18:57:37] *** cinatic has quit IRC[19:00:58] *** KaiForce has quit IRC[19:01:22] *** brgtt has quit IRC[19:05:07] *** Xenoth has quit IRC[19:07:03] *** gu1lle_ has quit IRC[19:12:33] *** robinho86 has joined #postfix[19:17:55] *** Xenoth has joined #postfix[19:18:37] <penna> hm I uncommented submission lines in master.cf but it still doesnt use it after restart? Any lines I need to add in main.cf to have it used?[19:19:22] *** gu1lle_ has joined #postfix[19:21:12] <nomadz> no, it should work. can you do a telnet to port 587 ?[19:21:51] <penna> yes[19:22:01] <penna> http://codepad.org/JR1BNiFM postconf -n and master[19:22:55] <penna> master.cf was copied three times instead of one, sorry.[19:23:33] <penna> and I do not see verbose output from postfix... so it doesn't seem to use it. When I add -v to smtpd in first line it does verbose[19:26:45] <patdk-wk> define, used[19:27:13] <patdk-wk> why is line 60 commented[19:27:21] <patdk-wk> and 69[19:27:42] <patdk-wk> and why the -v?[19:28:05] <penna> because I have it without TLS. And -v because I wanted to see more debug output[19:28:23] <patdk-wk> tls should be required[19:29:05] <penna> Can't i setup mailserver without TLS?[19:29:25] <patdk-wk> you can, but it is very stupid to submit your passwords without encryption[19:29:40] <patdk-wk> so no, you SHOULD NOT[19:29:59] <penna> I know. And the security issue is not my question here.[19:30:12] <patdk-wk> well, you didn't even list a question[19:31:09] <patdk-wk> your question is undefined, due to we don't know what, used, means[19:31:26] <patdk-wk> and no logs where supplied[19:31:36] <patdk-wk> nothing to give us a clue what you are attempting to ask[19:31:49] <patdk-wk> since you asked an unambiguous question.[19:33:02] <penna> So postfix fails to communicate with dovecot. Why? and it says: fatal no sasl_auth mechanisms... there are no more logs except dovecot log recognizes one connect from postfix[19:35:46] <penna> thats why I wondered it maybe doesn't use submission to do sasl auth[19:39:34] <guampa> penna: are you able to authenticate directly to dovecot?[19:39:47] <guampa> ie for imap[19:41:11] <penna> yes, via thunderbird from other machine[19:41:57] *** m4rcu5 has quit IRC[19:48:22] <nomadz> what does that lmtp in the submission entry?[19:48:54] <nomadz> path should be private/auth or something, lmtp has nothing to do with submission[19:50:06] *** mc_fail has quit IRC[19:51:53] <penna> I changed it to lmtp because I thought it would be the sasl method[19:52:19] <penna> but this doesn't change anything btw.[19:53:18] <penna> this is what dovecot says when postfix tried to connect: Sep 04 19:49:54 lmtp(3487): Info: Disconnect from local: Connection closed (in banner)[20:02:41] *** davispuh has joined #postfix[20:03:57] *** davlefou__ has joined #postfix[20:06:19] *** davlefou_ has quit IRC[20:12:54] *** schnuffle has quit IRC[20:13:17] <rob0> LMTP has nothing to do with SASL[20:14:08] <rob0> Totally separate, despite both being provided. Look at Dovecot config and see they're separate in there too.[20:14:44] <rob0> err, s/vided./vided by Dovecot./[20:18:01] <penna> ok. should it work without submission too? I mean I have most of those options in my main.cf? I commented submission now[20:18:34] <rob0> commented submission? Why?[20:19:09] <penna> I just try to have a minimal setup as possible to find the reason of non delivery :)[20:19:25] <rob0> The point of submission is to keep your users' submitted mail separate from incoming mail exchange.[20:20:28] <rob0> !showconfig[20:20:29] <knoba> rob0: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[20:20:36] <rob0> !relevant_logs[20:20:37] <knoba> rob0: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[20:20:54] <rob0> again: NOT verbose![20:21:18] <rob0> show a pastebin with all of that, it's probably very simple.[20:21:36] <rob0> (simple to see what's wrong given that information)[20:22:06] <penna> Okay. I just changed smtpd_sasl_path to private/auth and it says user known in local table... but I wanted that it checks dovecot for known users[20:22:08] <penna> ok[20:24:01] *** zacdev has joined #postfix[20:24:15] <penna> so with sasl_path = private/dovecot-lmtp I get this: fatal: no SASL authentication mechanisms[20:24:32] <penna> with private/auth: NOQUEUE: reject: RCPT from unknown[192.168.0.1]: 550 5.1.1 <tester at servers dot pgr>: Recipient address rejected: User unknown in local recipient table; from=<arsch at servers dot pgr> to=<tester at servers dot pgr> proto=ESMTP helo=<[192.168.0.1]>[20:24:39] <penna> no more log entries[20:28:13] *** eschmidbauer has joined #postfix[20:28:17] <guampa> dovecot-ltmp is probably the dovecot socket for lmtp, not sasl[20:28:37] <guampa> that you should know by your dovecot config[20:28:49] *** m4rcu5 has joined #postfix[20:28:50] <eschmidbauer> Can anyone help me setup postfix as an SMTP server? We need it to authenticate the senders[20:28:59] <eschmidbauer> very simple[20:29:52] *** dazo is now known as dazo_afk[20:30:04] <penna> and here all relevant configfiles: http://codepad.org/QAtZ5UQO guampa rob0[20:30:37] <guampa> eschmidbauer: overly broad question. What part of the setup are you having trouble with? Have you read postfix documentation?[20:31:13] <eschmidbauer> guampa i've read some of it. postfix has many configuration options, i just need to authenticate the sender[20:31:24] <guampa> !sasl[20:31:25] <knoba> guampa: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[20:31:25] <eschmidbauer> i dont want to store the mail locally, just forward it on[20:31:41] <eschmidbauer> so i need to use dovecot ?[20:31:53] <eschmidbauer> or cyrus?[20:32:04] <guampa> yes[20:32:27] <rob0> Again, LMTP has nothing to do with SASL, penna. Don't expect your SASL AUTH socket to accept mail; don't expect your LMTP socket to do SASL AUTH.[20:32:48] <patdk-wk> eschmidbauer, depends[20:32:48] <rob0> !tell penna unknown_local[20:32:49] <knoba> penna: "unknown_local" : User unknown in local recipient table means that the recipient domain was found in $mydestination but the username was not found in local_recipient_maps (by default: users in /etc/passwd and aliases(5) in /etc/aliases).[20:33:52] <penna> rob0, thats were I started today morning. I wanted to have postfix check dovecot userdb for allowed email addresses. So that I do not need to make two files with allowed users / email addresses[20:35:09] <rob0> You're trying to simplify; get rid of LMTP. Make it work with local(8) / virtual(8) first. Getting rid of submission is not a good idea.[20:36:15] <rob0> You're getting confused between outbound relaying and inbound. Your submission port should ONLY accept authenticated clients.[20:37:17] <rob0> When you send to user at a dot mydestination.domain it won't be relayed out! If "user" isn't found in local_recipient_maps, see ^^ !unknown_local above.[20:39:00] <penna> well. I just added "local_recipient_maps =" to my main.cf and now it works? I mean where can I see those default values, seems like it was kinda set before?[20:42:55] *** stevej has joined #postfix[20:44:33] *** eschmidbauer has left #postfix[20:44:39] <penna> rob0, so you recommend use authed smtp only and block "anonymous"?[20:47:21] <patdk-wk> anonymous?[20:47:28] <patdk-wk> why would you let anonymous users login?[20:49:21] <rob0> yikes!![20:49:49] <rob0> "local_recipient_maps =" is such a bad idea.[20:49:57] <rob0> I did not in any way suggest that.[20:50:12] <patdk-wk> I do love how all requests so far have been ignored[20:50:15] <patdk-wk> every single one[20:50:18] <penna> patdk-wk, thats how it is configured now[20:50:25] <patdk-wk> and the solutions have gone from horrible, to idiotic[20:50:55] <penna> Why shall I need TLS when not a simple mail flow was working patdk-wk ?[20:56:38] *** Darcidride has joined #postfix[20:57:53] *** saliak has quit IRC[20:59:50] *** michael_mbp has quit IRC[21:01:39] *** michael_mbp has joined #postfix[21:04:23] *** Darcidride has quit IRC[21:06:06] *** MinetestForFun has joined #postfix[21:06:41] *** junixbr has quit IRC[21:08:17] *** tharkun has quit IRC[21:08:17] *** tharkun has joined #postfix[21:23:04] *** Batch has joined #postfix[21:39:11] *** TyrfingMjolnir has quit IRC[21:53:43] *** darkavenger is now known as darkavenger_afk[21:56:50] *** Section1 has quit IRC[21:59:54] *** penk has quit IRC[22:12:52] *** ek_ has joined #postfix[22:13:41] *** mage__ has joined #postfix[22:15:06] *** ek_ has quit IRC[22:15:45] *** OnkV has joined #postfix[22:16:08] *** ek has quit IRC[22:16:10] *** hackeron has quit IRC[22:16:14] *** Tourist has quit IRC[22:16:15] *** Tourist|AFK has joined #postfix[22:16:20] *** PaulePanter has quit IRC[22:16:21] *** rob0 has quit IRC[22:16:22] *** trepatudo has quit IRC[22:16:23] *** Haudegen has quit IRC[22:16:25] *** Tourist|AFK has quit IRC[22:16:25] *** Tourist|AFK has joined #postfix[22:16:27] *** Kunsi has quit IRC[22:16:30] *** mage_ has quit IRC[22:16:32] *** rob0_ has joined #postfix[22:16:33] *** rob0_ has quit IRC[22:16:33] *** rob0_ has joined #postfix[22:16:34] *** PaulePanter has joined #postfix[22:16:35] *** Kunsi has joined #postfix[22:16:35] *** hackeron has joined #postfix[22:16:36] *** trepatudo has joined #postfix[22:21:24] *** MacWinne_ has joined #postfix[22:24:08] *** ek has joined #postfix[22:26:00] *** skweek has quit IRC[22:30:48] *** gehidore is now known as man[22:30:53] *** man is now known as gehidore[22:36:27] *** rob0_ is now known as rob0[22:48:23] *** michael_mbp has quit IRC[22:48:38] *** michael_mbp has joined #postfix[22:49:21] *** master_o1_master has joined #postfix[22:52:26] *** master_of_master has quit IRC[23:00:59] *** Chill_Surf has quit IRC[23:07:16] *** c|oneman has quit IRC[23:07:28] *** Bheam has quit IRC[23:07:38] *** Bheam has joined #postfix[23:08:18] *** armguy has quit IRC[23:08:36] *** bipolar has quit IRC[23:09:23] *** c|oneman has joined #postfix[23:09:49] *** epretorious has quit IRC[23:10:17] *** Kesker has joined #postfix[23:10:52] *** Klamity has quit IRC[23:11:00] *** skynews has joined #postfix[23:13:51] *** skynews has quit IRC[23:14:05] *** bipolar has joined #postfix[23:14:06] *** skynews has joined #postfix[23:20:27] *** armguy has joined #postfix[23:23:45] *** epretorious has joined #postfix[23:28:03] *** michael_mbp has quit IRC[23:32:38] *** michael_mbp has joined #postfix[23:34:41] *** penk has joined #postfix[23:41:14] *** penk has quit IRC[23:44:58] *** OnkV has quit IRC[23:46:42] *** danieli has quit IRC[23:51:57] *** Haudegen has joined #postfix[23:53:15] *** gamba47 has joined #postfix[23:53:26] *** Xenoth has quit IRC