September 11, 2015 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 11, 2015 [00:00:36] *** skweek has quit IRC[00:00:49] <pj> ok, then yes[00:00:54] <pj> !tell pramsky master.cf[00:00:54] <knoba> pramsky: "master.cf" : postfix master process configuration file. each logical line describes how a postfix service will be run. see man 5 master or http://www.postfix.org/master.5.html for more information. also see !master[00:01:28] <pramsky> i have -o virtual_alias_maps=regexp:/usr/local/etc/postfix/virtual.regex set in master.cf , but it does not seem to rewrite.[00:02:03] <pj> !tell pramsky getting_help[00:02:03] <knoba> pramsky: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[00:02:58] <hydrajump> pj: alpine linux[00:03:20] <pj> hydrajump: never heard of that.[00:03:34] <hydrajump> pj: alpinelinux.org[00:04:08] <pj> hrmmmm, very lightweight distro.[00:04:15] <hydrajump> why is it that some configurations show for instance `smtpd_tls_mandatory_protocols` the setting in master.cf but in other main.cf[00:04:28] <hydrajump> pj: yeah just started using it instead of ubuntu server[00:04:52] <pj> hydrajump: see the factoid above and documentation for master.cf[00:05:38] <hydrajump> pj: is it because if the setting is in master.cf it only applies to the specific postfix service whereas if it is in main.cf it applies to all services?[00:05:49] <pj> hydrajump: yes[00:05:52] <hydrajump> ;)[00:14:44] *** skweek has joined #postfix[00:14:45] *** Crispy24 has joined #postfix[00:16:55] *** LaBliMo has quit IRC[00:18:05] *** darkavenger is now known as darkavenger_afk[00:22:56] <pramsky> pj, http://pastebin.com/YmyhHbud[00:27:09] *** gu1lle_ has quit IRC[00:33:56] *** gehidore has quit IRC[00:34:18] *** gehidore has joined #postfix[00:39:37] *** Darcidride has joined #postfix[00:39:45] *** mikecmpbll has quit IRC[00:39:54] <mices> the postfix virtuals file isn't just for virtuals it's for all aliasing?[00:40:15] <lunaphyte> what is the "virtuals file"?[00:40:37] <mices> i mean virtual[00:41:20] <lunaphyte> i don't know what you're asking[00:41:29] *** necrogami has quit IRC[00:41:29] <mices> can i map a virtual mail address to a path to a script on my server in the virtual file[00:42:13] <mices> or can i at least map the vmail to the users mailbox and below that map the user to the path to process[00:42:24] <hydrajump> in this master.cf config https://github.com/mail-in-a-box/mailinabox/blob/master/setup/mail-postfix.sh#L90-L92 the submission service[00:42:36] <lunaphyte> there is no such "virtual file" concept in postfix. i don't know what you're talking about[00:42:44] <hydrajump> cleans the headers from sensitive data. Isn't that what `header_checks` is for?[00:42:50] <mices> i have a virtual file[00:42:57] *** necrogami has joined #postfix[00:43:01] <lunaphyte> used how?[00:43:03] <mices> with entries for all my virtual mailboxes[00:43:25] <lunaphyte> used by postfix how?[00:43:41] <mices> wait i'll give you the statement that refers to it from my main.cf[00:43:48] <lunaphyte> hydrajump: that example is using header_checks[00:44:23] <mices> virtual_alias_maps = hash:/usr/local/etc/postfix/virtual[00:44:55] <lunaphyte> virtual_alias_maps is applied globally, to all mail[00:45:10] <pramsky> lunaphyte, can this be overridden in master.cf ?[00:45:26] <lunaphyte> the name of the file it may point to is not of any significance or inherent meaning[00:45:33] <hydrajump> lunaphyte: ah missed that. I thought it was sufficient to specify `header_checks` in main.cf and not have that authclean service[00:45:37] <mices> can i put my map to the script in virtual_alias_maps?[00:46:11] <mices> or in my case the file virtual[00:46:24] <mices> i mean virtual_alias_domains in your parlance[00:46:34] <lunaphyte> pramsky: i don't know what "this" is[00:47:01] <lunaphyte> hydrajump: perhaps. who knows what that person thinks they're doing[00:47:03] <pramsky> lunaphyte, sorry about that. I was trying to override virtual_alias_maps in master.cf , but it does not seem to work.[00:47:25] <pramsky> lunaphyte, http://pastebin.com/YmyhHbud[00:47:47] <lunaphyte> mices: i don't know what "put my map to the script" means[00:49:46] <lunaphyte> pramsky: it would probably be better to just explain whatever the actual problem is you're trying to solve[00:50:46] <pramsky> ok, i want postfix to listen on another port on this system, any mail sent to this port will always be sent to a single email address regardless of the to address in the message.[00:50:54] <lunaphyte> why?[00:51:09] <lunaphyte> what is the actual problem you're trying to solve?[00:51:38] <pramsky> i have a development app that sends out email which I don't want delivered to the actual recipients.[00:51:49] <lunaphyte> !blackhole[00:51:50] <knoba> lunaphyte: "blackhole" : http://archives.neohapsis.com/archives/postfix/2010-04/0168.html[00:52:25] <pramsky> But I do want to be delivered to a specific user that needs to see the emails.[00:52:56] <lunaphyte> did you read?[00:53:05] <pramsky> yes, and that is exactly what I am trying to do[00:53:12] <lunaphyte> yes[00:53:15] <pramsky> if I set it in main.cf, it applies to all email, even those on port 25[00:53:29] <pramsky> but I don't want that to be applied to postfix on port 25[00:54:07] <pramsky> which is why I created another 'instance' on port 2525 with -o virtual_alias_maps=regexp:/usr/local/etc/postfix/virtual-regex[00:54:25] <pramsky> if i keep that in main.cf, it works how I need it to[00:54:42] <pramsky> i only need it to work on the 2525 instance[00:54:55] <pramsky> postconf -p says its there : 2525/inet/virtual_alias_maps = regexp:/usr/local/etc/postfix/virtual-regex[00:56:12] <lunaphyte> first, set a custom syslog_name for that service[00:56:41] <lunaphyte> second, do not use mail.info. that is an unfortunate debianism that is not helpful[00:57:01] <lunaphyte> lastly, prepare a new pastebin, after correcting the above, as per !getting_help[00:58:06] <pramsky> its a freebsdism I suppose[00:58:16] <lunaphyte> this is freebsd?[00:58:17] <pramsky> !getting_help[00:58:17] <knoba> pramsky: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[00:58:19] <pramsky> yes[00:58:26] <lunaphyte> i wasn't aware they split up the mail logs like that[00:58:27] <lunaphyte> too bad[00:58:29] <pramsky> !relevant_logs[00:58:29] <knoba> pramsky: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[00:58:33] <hydrajump> lunaphyte: reading the docs for header_checks it looks like it alone in main.cf without any extra auth_clean service will do the job of removing any specified headers. What I don't understand is if header_checks will apply to both mail sent by MUA as well as other MTA[00:58:46] *** Xenoth has quit IRC[00:58:51] <lunaphyte> hydrajump: header_checks is global[00:59:55] <lunaphyte> that means *everything*[01:00:18] <lunaphyte> the only way to avoid this is to have multiple cleanup services[01:00:25] <lunaphyte> see man 5 header_checks[01:01:43] <pramsky> lunaphyte, my question was, will adding -o virtual_alias_maps in master.cf override the one in main.cf ? When it is loaded in main.cf it works exactly how it needs to. At this time I might as well setup a separate smtpd server for this service as it would take less time than debugging it . I'll just send a question over to the mailing list[01:01:59] <hydrajump> it seems wrong to remove those headers from incoming mail received by other MTAs. Am I wrong or is this a standard practice?[01:02:54] *** pramsky has left #postfix[01:02:57] *** pramsky has joined #postfix[01:02:58] <lunaphyte> pramsky: we ask for the same data on mailing list. at some point, if you wish others to help, it will be necessary to provide it[01:03:13] <lunaphyte> hydrajump: what is "incoming mail received by other MTAs"?[01:04:00] *** drehmer has quit IRC[01:04:18] <hydrajump> I should have said from other MTAs, e.g. @gmail.com -> @example.com[01:04:56] <pramsky> I am still not sure what info is actually missing from my paste, there is no issue with delivery, its just not rewriting the to address. I'll follow your advice on the logs and send it to the list. Thanks for your help.[01:04:56] <lunaphyte> oh[01:05:25] <lunaphyte> yes, removing headers from other mail servers upon reciept of messages is almost certainly misguided[01:07:38] *** pramsky has left #postfix[01:07:42] *** pramsky has joined #postfix[01:07:59] <hydrajump> lunaphyte: ok then a separate cleanup service is the way to go for the submission service[01:08:21] <hydrajump> thank you lunaphyte[01:08:29] <lunaphyte> you might consider a completely separate server[01:08:44] <lunaphyte> rather than introducing awkward complexity to the configuration[01:09:06] <lunaphyte> really, any modestly sized environment should seriously consider this[01:09:21] <lunaphyte> there are numerous benefits[01:09:30] <hydrajump> this server setup is for ~20 users[01:10:05] <lunaphyte> neither server needs to use much in the way of resources[01:10:12] <lunaphyte> is it a virtual guest?[01:10:47] <hydrajump> yep[01:10:52] <hydrajump> vmware esxi[01:12:12] <lunaphyte> well, that's unfortunate, but nonetheless, i'd encourage you to consider it[01:15:07] *** skweek has quit IRC[01:15:58] <hydrajump> unfortunate that it's a virtual guest?[01:16:18] <lunaphyte> unfortunate that it's vmware[01:19:57] *** Darcidride has quit IRC[01:33:24] *** Yatekii has quit IRC[01:38:25] *** Yatekii has joined #postfix[01:45:31] *** Crispy24 has quit IRC[01:53:27] *** dvl has quit IRC[01:56:51] *** dvl has joined #postfix[01:56:51] *** dvl has joined #postfix[02:24:35] <hydrajump> anyone have any recommendations for `smtpd_sender_restrictions` and `smtpd_recipient_restrictions` that they wouldn't mind sharing[02:40:44] *** internat has quit IRC[02:40:59] *** internat has joined #postfix[02:44:36] *** zhb has joined #postfix[03:01:52] *** mroe has joined #postfix[03:20:21] *** mroe has quit IRC[03:22:00] <lunaphyte> for what port?[03:32:54] *** pramsky has quit IRC[03:33:21] *** pramsky has joined #postfix[03:35:52] *** NightMonkey has quit IRC[03:39:43] *** NightMonkey has joined #postfix[03:42:56] *** mroe has joined #postfix[03:58:06] *** JanC has quit IRC[04:12:08] *** JanC has joined #postfix[04:23:12] *** pppingme has quit IRC[04:33:04] *** mroe has quit IRC[05:01:24] *** Xenoth has joined #postfix[05:13:40] *** pppingme has joined #postfix[05:28:47] *** nikgod has quit IRC[05:32:10] *** MacWinne_ has quit IRC[05:34:28] *** nikgod has joined #postfix[05:41:14] *** Xenoth has quit IRC[05:49:36] *** pppingme has quit IRC[06:04:27] *** julius_ has quit IRC[06:05:11] *** julius_ has joined #postfix[06:21:44] *** magyar has quit IRC[06:24:49] *** SuperPhly has joined #postfix[06:58:00] *** skweek has joined #postfix[07:04:06] *** sharky has quit IRC[07:10:43] *** sharky has joined #postfix[07:22:36] *** Pies has quit IRC[07:27:01] *** Pies has joined #postfix[07:36:21] *** skweek has quit IRC[07:38:43] *** cyrn has quit IRC[07:41:35] *** rotbeard has quit IRC[07:48:09] *** fling has joined #postfix[07:52:22] <fling> I have a dovecot account spamming a lot. A bunch of emails deferred in the maillog.[07:52:50] <fling> What is the proper way of redirectiong all the outgoing containing this address in from= field to another account?[07:59:17] <fling> Is it header_checks?[08:12:33] <fling> Looks like /etc/aliases is getting ignore even after newaliases hmm hmmm[08:19:49] <fling> postconf -n | https://bpaste.net/show/62a71c2189d2[08:23:09] <fling> lrwxrwxrwx 1 root root 31 Мар 20 2014 /usr/bin/newaliases.postfix -> ../../usr/sbin/sendmail.postfix[08:23:18] <fling> Is not this a regular thing? ^ :D[08:23:37] <fling> lrwxrwxrwx 1 root root 32 Мар 20 2014 /usr/bin/newaliases -> /etc/alternatives/mta-newaliases[08:26:28] *** darkavenger_afk is now known as darkavenger[08:29:16] *** carl- has joined #postfix[08:36:12] <fling> this does not help -> alternatives --config mta[08:37:03] <DominikB> fling, when it is a virtual user you need to use the virtual_alias_map[08:37:29] <fling> ahh[08:38:50] *** rdvmem has joined #postfix[08:39:41] *** darkavenger is now known as darkavenger_afk[08:39:51] <fling> DominikB: root is not a virtual.[08:40:41] <DominikB> fling, yeah but when you will redirect user@domain => root it will be a vvirtual user where you setup the alias for[08:41:17] <fling> Now I'm trying to redirect 'root: some at e dot mail'[08:41:27] <fling> DominikB: just want to start reading root's mail.[08:41:58] <DominikB> fling, you just could setup an user root@domain that would catch roots mail[08:43:54] <fling> hmm hmmmm[08:44:15] <fling> Ok, I will continue with root mail later…[08:44:25] <fling> header_checks time![08:45:49] <fling> DominikB: is it possible to filter the whole current deferred queue via header_checks after I add them?[08:50:26] <DominikB> fling, not entirly shure but when you restart postfix it should run with its new config[08:51:56] *** pppingme has joined #postfix[08:52:29] <fling> DominikB: I will just reload, and header_checks will be used for the _new_ mail. The idea is to filter the mail already existing in the queue too.[08:55:32] *** rdvmem has quit IRC[08:56:22] <DominikB> fling you can lock at postsuper -r ALL that will requeue your mail but i'm not sure if the header checks are done again[08:56:57] <fling> looks like not.[09:04:40] <fling> DominikB: ok, postsuper is the right tool but…[09:05:08] <fling> DominikB: looks like I need to filte by envelope records and not by message contents[09:05:37] <fling> DominikB: I see the field I need in 'sender:' and 'named_attribute: sasl_username'[09:06:02] <fling> DominikB: and also in maillog 'from=<'[09:06:03] *** fzirngibl has joined #postfix[09:06:17] <fling> So what is the proper way of forwarding these mails?[09:06:44] *** moonpunter has joined #postfix[09:07:23] <DominikB> fling, you want to save the mails from the spamer or just get rid of them ?[09:07:39] <moonpunter> sending from within the server works, mail is received, but sending from an external e-mail address does not arrive. any ideas?[09:07:42] <fling> yes, I want to forward these spam mails.[09:07:58] <fling> DominikB: I also noticed some part of the queue was forwarded with header_checks[09:08:12] <fling> DominikB: where I used REDIRECT directive.[09:08:15] <survietamine> moonpunter: read topic[09:08:57] <DominikB> fling, whats in your mail.log about the mails get redirected[09:10:57] <DominikB> fling, you said it is a sasl user you locking for[09:11:05] <moonpunter> survietamine: http://pastebin.com/afYfj6iR -- there is config[09:11:25] *** skynews has joined #postfix[09:13:17] <moonpunter> mail.err - http://pastebin.com/LUyfhJUv[09:13:57] *** Guest2416 has left #postfix[09:14:33] <survietamine> moonpunter: this is not relevant postfix logs but amavis and dovecot[09:14:54] <survietamine> you didn't follow topic's directions like !getting_help[09:15:06] <survietamine> and people don't like much pastebin with ads[09:15:15] <fling> DominikB: status 250 about 211 messages that got redirected actually.[09:15:25] <fling> DominikB: a lot of 450 for other messages not getting redirected…[09:16:50] <moonpunter> !getting_help[09:16:50] <knoba> moonpunter: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[09:16:57] <moonpunter> !relevant_logs[09:16:58] <knoba> moonpunter: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[09:18:10] <DominikB> fling, ok[09:19:25] <fling> DominikB: what if I will perform this -> 1. set softbounce; 2. will redirect all the queue using header_checks; 3. remove the softbounce?[09:19:43] <DominikB> fling, can work but not shure[09:19:57] <fling> Will softbounce prevent postfix from receiving anything to the queue?[09:20:06] <fling> Only want to work with deferred…[09:27:57] *** skynews has quit IRC[09:29:00] *** Haudegen has quit IRC[09:31:12] *** lrea has joined #postfix[09:32:11] *** SuperPhly has quit IRC[09:36:04] *** Poster has quit IRC[09:36:32] *** zacdev has joined #postfix[09:38:26] <fling> DominikB: ok I figured it out. header_checks works great and redirected all the messages with the needed From:.[09:38:44] <fling> DominikB: deferred messages are using random from field.[09:39:02] <fling> I will add permitted from as DUNNO to header_checks to fix this.[09:39:17] *** Haudegen has joined #postfix[09:51:50] *** evaryont has quit IRC[09:52:50] <hydrajump> lunaphyte: was this `lunaphyte | for what port? ` meant for me?[09:53:06] <hydrajump> !smtpd_sender_restrictions[09:53:06] <knoba> hydrajump: "smtpd_sender_restrictions" : a configuration parameter in the main.cf: Optional restrictions that the Postfix SMTP server applies in the context of the SMTP MAIL FROM command. See access(5) for an overview of access restriction features.[09:53:24] <hydrajump> !smtpd_recipient_restrictions[09:53:24] <knoba> hydrajump: "smtpd_recipient_restrictions" : Configuration parameter in main.cf: Access restrictions that the smtpd(8) applies in the context of the RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; See: http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions[09:57:16] *** Mizar has joined #postfix[10:02:11] *** Twirl has joined #postfix[10:02:42] <Twirl> Hello, i'm setting up my mail server and i'm getting "The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers." -Google, any way to fix this?[10:03:14] *** mikecmpbll has joined #postfix[10:03:16] *** Kunsi has left #postfix[10:03:51] *** ogny has joined #postfix[10:03:51] *** ogny has joined #postfix[10:05:18] <jaybe> Twirl, ... yes. not to be daft, but-- use an ip that is not blocked. for example, 'home' internet users IP blocks are commonly banned.[10:05:35] <Twirl> that's unfair[10:06:41] <Twirl> doesn't look like neutral to me[10:07:00] <Twirl> its basically asking me to pay for an additional service when i'm doing this just to avoid having to pay, brilliant[10:08:23] <Twirl> anyways i guess ill just set up another mail account in a server that allows me to receive from this ip bc its for a contact form for me in my web server anyways?[10:09:14] *** ThomasKeller has joined #postfix[10:10:13] <jaybe> 'fair' has little to do with anything in life[10:10:37] <Twirl> jaybe u know a free mail acc i could make in a different provider to forward that to my gmail acc?[10:11:00] <jaybe> iirc google provides vanity email domain hosting[10:11:07] <jaybe> along with myriad others[10:11:10] <Twirl> i'm not going to pay for anything[10:11:36] <Twirl> i'm doing this to avoid having to pay[10:12:35] <Twirl> what i'm asking is, could i just send the mails to yahoo for example and forward them to my gmail acc?[10:12:49] <fling> DominikB: header_checks did the trick! Thanks for the tip about `postsuper -r ALL`[10:12:51] <jaybe> why wouldn't/couldn't you? gmail is free.[10:13:18] <Twirl> jaybe: i don't understand what ur suggestion is, i thought gmail won't receive my emails?[10:13:23] <jaybe> fling, did that re-queue and reprocess header checks?[10:13:45] <jaybe> Twirl, usually ones ISP provides email gateway options/services as well[10:13:46] <fling> jaybe: yes. Added header_checks for redirecting deferred mail.[10:13:53] <jaybe> fling, nice; ;)[10:14:11] <DominikB> fling, thats great to hear[10:14:35] <Twirl> jaybe: dunno, researching that would probably take longer than just setting up a mail acc in w/e provider and forward that with POP3 or w/e to gmail?[10:14:54] <jaybe> i don't know what actual question was just asked of me[10:15:09] <jaybe> if you want to gateway email - contact your isp and request an SMTP gateway[10:15:37] <Twirl> jaybe: i don't know how to configure that and i don't want to contact my ISP, i hate them[10:15:51] <Twirl> besides its only for myself i'm not setting up a service[10:16:07] <Twirl> i just want to receive emails sent to me in a contact form in a website in my gmail inbox[10:16:16] <jaybe> Twirl, if you think configuring and managing a mail server on the internet is 'easier' in *any way* whatsoever compared to contacting your isp and 'setting it up', you're completely misguided.[10:16:28] <jaybe> managing internet email is extremely non-trivial.[10:17:11] <Twirl> jaybe: i'm not setting up a service i just want to receive emails in my gmail inbox sent to me in a contact form in my personal website[10:17:14] <jaybe> ISP: "oh hi - yah - use smtp.example.com for sending mail. thanks. take care."[10:17:28] <jaybe> Twirl, you're missing the point. sending mail is sending mail.[10:18:04] <Twirl> i'm pretty sure many servers or most will accept my mail and then i can forward that to gmail?[10:18:09] <jaybe> Twirl, the easiest way to get your mail accepted and delivering, is to use a valid SMTP gateway. in your case, so far, it sounds like your isp would be the best option.[10:19:04] <jaybe> s/accept my mail/accept my smtp origination address and IP/[10:19:59] <Twirl> i was thinking you could recommend some server that would accept my ip[10:20:01] <jaybe> why not send the contact form to an account on your web server/box/whatever? if it's because you want it delivered to gmail, then you'll need a valid, acceptable smtp gateway with an acceptable IP.[10:20:25] <jaybe> do i know of 'free' email gateways? no.[10:20:35] <jaybe> and if there were, would i use them? no.[10:21:21] <Twirl> yea there are other things i could do its just not consistent with net neutrality that my ip is not allowed to send email[10:21:21] <jaybe> set up a null client with auth so you can log into your gmail account and deliver/ send to/through it[10:21:29] <jaybe> !nullclient[10:21:29] <knoba> jaybe: "nullclient" : a null client is a computer that can only send mail. it receives no mail from the network, and it does not deliver any mail locally. while postfix can be configured to fill this role, it is often unnecessary overkill, and a much simpler software package is more appropriate. see !nullclient_software for more details.[10:21:30] <Twirl> besides its only gmail that doesnt want my email[10:22:12] <jaybe> that political concept and ip blocks on smtp traffic are unrelated[10:22:31] <jaybe> !nullclient_software[10:22:31] <knoba> jaybe: "nullclient_software" : a program that serves as a drop in replacement for /usr/sbin/sendmail and provides a simple means to submit messages to an existing msa without the need to install and maintain a full-blown mta/msa. examples include msmtp, esmtp, ssmtp and nullmailer. also see !msa[10:23:04] <Twirl> that doesnt solve that gmail wont receive my mail?[10:23:53] <jaybe> authenticate to gmail[10:23:58] <jaybe> so it knows who you are and trusts you[10:24:04] <jaybe> otherwise, it doesn't, obviously[10:24:06] <Twirl> how?[10:24:15] <jaybe> use google[10:24:55] <Twirl> i dont understand exactly what you mean with authenticate to gmail[10:25:06] <jaybe> login/pass. authentication.[10:25:28] <Twirl> that i have to set it up in postfix?[10:25:33] <jaybe> it's how humans prove their credentials with regards to computers, technology, and access[10:25:39] <jaybe> did you read any of the factoids provided above?[10:26:01] <jaybe> you don't even need postfix[10:26:18] <Twirl> i already have postfix installed it would be stupid to purge it and install another software[10:26:34] <jaybe> sigh[10:26:37] <jaybe> best of luck to you[10:26:39] * jaybe wanders off[10:29:44] *** michael_mbp has quit IRC[10:33:26] *** michael_mbp has joined #postfix[10:35:05] *** dazo_afk is now known as dazo[10:37:05] <fling> DominikB: how to perform header_checks only for outgoing mail?[10:37:50] <DominikB> fling, smtp_header_checks[10:43:57] *** Mizar has quit IRC[10:45:54] *** Darcidride has joined #postfix[10:47:37] <hydrajump> fling: DominikB I was doing that last night and had to create a separate cleanup service for submission[10:48:06] <hydrajump> because header_checks applies to _all_ email and I only wanted to strip private headers on submission email[10:48:08] <DominikB> hydrajump, that sounds not the fun kind[10:48:20] <hydrajump> DominikB: does smtp_header_checks do this instead?[10:50:02] <DominikB> hydrajump, no clue if there is a special treat for submission but it goes only for outgoing mails but accoring to the docs you can not alter the destination[10:51:37] <hydrajump> DominikB: so you can't create a table and use smtp_header_checks for these https://gist.github.com/anonymous/94801a358a3fe2ed0c03[10:52:14] <DominikB> hydrajump, that would work because its not altering the destination[10:54:12] <hydrajump> ok then I can replace this from last night https://gist.github.com/anonymous/eb59be44ba8ed309fd71[10:54:56] <DominikB> yeah[10:55:14] <hydrajump> DominikB: you're the man! thank you.[10:56:57] *** antiatom has joined #postfix[10:58:21] *** sphenxes02 has joined #postfix[10:58:44] <fling> DominikB: looks like smtp_header_checks is not working at all.[10:58:55] <DominikB> hm[10:59:20] <fling> I'm doing 'postsuper -r ALL' and nothing gets off the queue[10:59:24] *** Mizar has joined #postfix[11:01:28] <fling> hydrajump: tell me more please. What should I do?[11:01:51] *** sphenxes01 has quit IRC[11:02:49] <DominikB> fling, when you try to alter the destination it wont work[11:03:00] <fling> DominikB: right.[11:03:12] <DominikB> as the doc says[11:04:21] <fling> haha I will just add 'To: something DUNNO' to the header_checks too for passing incoming[11:06:49] *** zacdev has quit IRC[11:06:56] <fling> DominikB: works.[11:07:08] <DominikB> nice[11:07:26] <fling> hydrajump: I like your example too. Thanks, I will use it.[11:07:54] <fling> Should I change some headers with random stuff for better privacy btw?[11:09:23] <hydrajump> fling: I don't think you should add "random stuff"[11:10:12] <hydrajump> what I'm doing is removing/stripping header that contain internal info that I don't want exposed.[11:10:49] *** darkavenger_afk is now known as darkavenger[11:14:56] <hydrajump> DominikB: do you have any recommendation for configuring `smtpd_recipient_restrictions` and `smtpd_sender_restrictions`? I'm working through a completely new postfix install and looking to do this better than I have in the past.[11:15:34] <DominikB> hydrajump, not realy i also just use the standart thing you would find reading the doks[11:15:47] <hydrajump> It's very confusing when searching for postfix config examples online as many seem to do weird things such as that extra cleanup service to accomplish what smtp_header_checks does[11:16:07] <DominikB> hydrajump, a good source is peer heinlein and the postfix book[11:18:10] <hydrajump> the first source is for dovecot?[11:23:42] *** Mizar has left #postfix[11:23:48] <DominikB> hydrajump, maybe an other title for the english version[11:25:31] <fling> hydrajump: why not to replace some info with the wrong one?[11:29:26] <hydrajump> fling: security through obscurity[11:29:36] <hydrajump> what's the point[11:29:42] <fling> Right.[11:29:48] <fling> Noone will notice you remove anything.[11:30:06] <hydrajump> yeah only people like us ;)[11:30:29] <hydrajump> regular users don't look at headers[11:30:36] <hydrajump> they don't even know what they are[11:36:13] <fling> But men in the middle are always looking.[11:36:30] * DominikB looks away[11:39:26] <hydrajump> lol[11:44:36] *** marchelly has joined #postfix[11:44:49] <fling> hmm hmm looks like something is wrong[11:45:26] <hydrajump> this look slike a good resource http://www.tunnelsup.com/making-postfix-rfc-compliant[11:46:26] <marchelly> Hi, how can I configure postfix message for Undelivered message returned to sender?[11:46:51] <DominikB> hydrajump, then you lock out outlook and apple mail[11:47:11] <pj> hydrajump: postfix is not RFC compliant in those areas where it would cause problems to be so. There are some areas where postfix has to be accepting of non-RFC compliant servers in order to better interoperate on the internet.[11:47:19] <fling> DominikB: Looks like it is not always intercepting To: part -> https://bpaste.net/show/9b74e8bf978d[11:47:35] <marchelly> I do not want postfix to send back the real reason like mailbox unavailable or full, or other reason, I want to tell something like "Server Error: my preconfigured reason"[11:48:48] <DominikB> fling, it should at least the mail has a too part[11:48:55] <DominikB> too is not mandatory[11:49:29] <fling> so if there is zdravalt.ru in the To: header field the message should not be redirected to the dummy address?[11:49:38] <DominikB> yep[11:49:44] <fling> But it is getting redirected hmm hmmmm[11:51:25] <hydrajump> DominikB: lock out apple mail how so?[11:51:56] <hydrajump> pj: I see but it seems that some some those things can be applied such as `smtpd_helo_required = yes`[11:52:48] <DominikB> hydrajump, non fqdn sender thats a weak point of appel mail[11:53:35] *** Darcidride has quit IRC[11:54:54] <hydrajump> DominikB: so with that restiction apple mail emails will be rejected? That's just Apple at its best ;)[11:55:27] <hydrajump> I'm kind of surprised that `postconf -d smtpd_recipient_restrictions` is empty[11:55:28] <DominikB> hydrajump, no appel user could send mails over your server as well as all outlock user[11:56:30] <pj> hydrajump: sure[11:57:25] <pj> DominikB: different restrictions for submission vs MX[11:57:50] <DominikB> pj, yes but when the use uses 25[12:01:38] <hydrajump> is it ok to set `disable_vrfy_command = yes` so you can't check to see what recipients exist on my mx?[12:12:30] *** Twirl has quit IRC[12:13:22] *** nagylzs has joined #postfix[12:16:28] <fling> DominikB: I will try with this -> /^To:.*zdravalt.*/ DUNNO[12:21:44] *** darkavenger is now known as darkavenger_afk[12:24:10] *** [NoClan]GoAway has quit IRC[12:25:03] *** Klamity has joined #postfix[12:25:36] *** Kesker has quit IRC[12:30:56] *** azwieg103 has quit IRC[12:37:54] *** [NoClan]GoAway has joined #postfix[13:00:31] <nagylzs> Can somebody please help me I have a logfile permission problem.[13:01:36] <nagylzs> In main.cf I have virtual_transport = dovecot[13:02:03] <DominikB> ! !relevant_logs[13:02:03] <knoba> DominikB: Error: "!relevant_logs" is not a valid command.[13:02:12] <DominikB> !relevant_logs[13:02:12] <knoba> DominikB: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[13:02:21] <nagylzs> in master.cf I have dovecot-lda setup[13:02:44] <nagylzs> When mail comes in, postfix log gives me?[13:03:07] <nagylzs> Sep 11 13:58:38 vps011 postfix/pipe[4340]: 807FE38E3B41: to=<gandalf at mess dot hu>, relay=dovecot, delay=0.03, delays=0/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: Can't open log file /var/log/dovecot.log: Permission denied )[13:03:29] <nagylzs> If I change permissions of the logfile to 777 then the email gets delivered.[13:03:39] <pj> nagylzs: dovecot issue, ask in #dovecot[13:03:47] <nagylzs> Hmmm[13:03:49] <nagylzs> I see[13:03:51] <DominikB> nagylzs, pj is right ask in #dovecot[13:04:08] <nagylzs> Is it true, that the dovecot-lda started by postfix,[13:04:13] <nagylzs> runs as user postfix?[13:04:32] <nagylzs> OR should I ask this on dovecot too?[13:04:45] <DominikB> would be better[13:04:48] <nagylzs> Thanks[13:05:37] *** nagylzs has left #postfix[13:07:25] *** Haudegen has quit IRC[13:17:21] *** Haudegen has joined #postfix[13:17:36] *** sina0 has joined #postfix[13:25:14] *** stemid has joined #postfix[13:25:43] <stemid> 0.023% of my relayed mail traffic is being bounced from the backend MS Exchange with 554 Security violation. I just love these little MS Exchange related issues.[13:25:54] <stemid> google is as perplexed about this error as I am it seems.[13:26:00] <stemid> and I know it's not a postfix issue[13:26:33] <stemid> just wondered if anyone here had more info. I've already asked the MS Exchange admins to troubleshoot it, handing over a bunch of log examples from my relay end but I would be surprised if they can even spell MS Exchange.[13:27:00] <hydrajump> reading the restrictions info in the postfix book and comparing to the postfix docs for 3.x.x it seems that quite a few things have changed.[13:27:38] <hydrajump> Can someone please take a look at my restrictions config and see if it looks right for postfix 3.x.x as shown in this gist https://gist.github.com/anonymous/57eb43c4ea46b8248a81[13:32:08] <DominikB> hydrajump, locks ledigt for anything above 2.10[13:35:44] <hydrajump> DominikB: that's for taking a look. I'm unsure if the `smtpd_recipient_restrictions` in the new config should also have `permit_mynetworks[13:35:44] *** pti-jean_ has joined #postfix[13:35:46] <hydrajump> permit_sasl_authenticated`[13:36:01] <hydrajump> as in the old config when everything was under `smtpd_recipient_restrictions`[13:36:16] <hydrajump> not clear to me from the docs if I should I add that again?[13:38:35] <pj> hydrajump: to convert from older config to new simply set "smtpd_relay_restrictions="[13:40:01] *** Darcidride has joined #postfix[13:42:03] <hydrajump> pj: I saw that in the docs, but I thought that as the newer postfix has split up that single config option into multiple ones for clarity I would go ahead I use the newer options[13:43:08] <pj> hydrajump: you can, but it's largely a matter of personal preference. Many prefer just having everything in recipient_restrictions anyways as that simplifies things that need to be changed in master.cf[13:43:38] <hydrajump> good point[13:44:24] <pj> at the end of the day as long as you understand how the restrictions work and how they are affected by the order of restrictions and how you can override them in master.cf, etc then that's the most important thing, then you can design your own.[13:44:34] <hydrajump> I'm curious though when splitting things up as I attempted to do in that gist is equivalent to the single config[13:44:46] <hydrajump> pj: that's also a very good point ;)[13:45:47] <pj> hydrajump: well not equivalent, no, but how it works really depends on the exact restrictions you have and in what order, etc.[13:46:18] <pj> hydrajump: this is old, but it may help...[13:46:22] <pj> !tell hydrajump cheatsheet[13:46:22] <knoba> hydrajump: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html[13:46:59] <hydrajump> hmm so eventhough I kept the order of the restrictions when I split them up, the new config doesn't work the same way?[13:47:43] <pj> no, certainly not.[13:48:26] <hydrajump> that's confusing to me anyway[13:48:33] <pj> if you have five different restrictions in smtpd_recipient_restrictions, then it will stop processing as soon as it gets a reject, permit, or defer result...[13:48:47] <pj> ...but it still processes other restrictions chains.[13:49:40] *** zorg1 has quit IRC[13:50:19] <pj> so if you have permit in recipient restrictions and reject in relay restrictions you will end up with a reject, but if recipient restrictions has permit, followed later by reject then the processing will stop at the permiit and postfix will not see the reject.[13:53:30] <hydrajump> so is the order of the chains if I read it correctly in the postfix book: helo, sender, recipient, relay ?[13:54:31] <pj> client at the front, and data at the end, otherwise I think you're correct, though not entirely certain on the order between recipient and relay[13:57:10] <hydrajump> then it would seem to me that when splitting up the config as I attempted to do will result in the restrictions not being executed in the same order as this https://gist.github.com/anonymous/57eb43c4ea46b8248a81#file-postfix_old[13:58:45] *** Darcidride has quit IRC[13:59:44] <hydrajump> if I follow then the single smtpd_recipient_restrictions would always go top to bottom evaluating each restriction, but when split up the order would be very different like this https://gist.github.com/anonymous/252275e2cc90419fea2c[14:00:33] <hydrajump> unless as you said relay is not at the end and/or it is necessary to repeat ` permit_mynetworks[14:00:34] <hydrajump> permit_sasl_authenticated[14:00:36] <hydrajump> defer_unauth_destination[14:00:51] <hydrajump> in maybe smtp_recipient_restrictions?[14:01:18] <pj> see the cheatsheet links I gave you above, as I said it's an old doc, but is still a very good explanation. It simply does not include relay restrictions.[14:01:40] <pj> and I have to go.[14:01:47] <hydrajump> thanks for the discussion pj[14:01:54] <pj> yw[14:03:14] <lunaphyte> hydrajump: yes[14:07:06] *** eschmidbauer has left #postfix[14:10:28] *** fzirngibl has quit IRC[14:16:24] <hydrajump> pj: awesome resource you linked to! It says it was updated in June 2015. I'll follow the advice and continue using smtpd_recipient_restrictions and take bits and pieces from that link in tweaking my own. Thanks again[14:20:18] *** syshero has joined #postfix[14:20:18] *** syshero is now known as chaosmaker[14:22:52] *** stemid has left #postfix[14:27:49] *** chaosmaker has quit IRC[14:33:59] *** darkavenger_afk is now known as darkavenger[14:37:30] *** busta has joined #postfix[14:37:30] *** marchelly has quit IRC[14:38:46] *** omerjaved__ has left #postfix[14:39:42] *** xernus has quit IRC[14:39:51] *** xernus has joined #postfix[14:46:03] *** sina0 has quit IRC[14:47:35] *** davlefouAMD has joined #postfix[14:48:58] *** sina0 has joined #postfix[14:58:08] *** lrea has quit IRC[14:59:52] *** drehmer has joined #postfix[15:02:19] *** Tuxick has joined #postfix[15:03:20] *** azwieg103 has joined #postfix[15:11:03] *** cyrn has joined #postfix[15:16:06] *** Haudegen has quit IRC[15:19:13] *** FinboySlick has joined #postfix[15:20:52] *** penk has joined #postfix[15:24:49] *** toby_miller has joined #postfix[15:26:16] *** toby_miller has quit IRC[15:26:34] *** toby_miller has joined #postfix[15:27:12] *** toby_miller has left #postfix[15:28:18] *** Darcidride has joined #postfix[15:28:20] *** marchelly has joined #postfix[15:29:48] *** trilby_mole has joined #postfix[15:30:54] *** busta has quit IRC[15:32:25] *** azwieg103 has quit IRC[15:36:30] <honestly> is it possible to have more than one master.cf file for a single postfix?[15:37:52] *** azwieg103 has joined #postfix[15:38:25] <rob0> no[15:40:48] *** GTAXL has quit IRC[15:40:56] *** GTAXL has joined #postfix[15:41:02] <Dominian> honestly: you can enable postfix multi instances[15:41:06] <Dominian> !multi[15:41:06] <knoba> Dominian: "multi" : See !multi_instance[15:41:42] *** ThomasKeller has quit IRC[15:42:45] <honestly> ok[15:43:05] <lunaphyte> to what end do you think you need this?[15:45:07] *** azwieg103 has quit IRC[15:45:49] *** azwieg103 has joined #postfix[15:45:59] <patdk-wk> he did say single though[15:46:12] <Tuxick> management complaining i can't push out > 20k mails to hotmail/gmail in an hour[15:46:14] * patdk-wk assumes he wants to do debian style config includes[15:46:30] <patdk-wk> Tuxick, why not?[15:46:38] <patdk-wk> I can, but not to roadrunner/yahoo[15:46:58] <Tuxick> patdk-wk: if too fast i get that "too many connections from" stuff[15:47:05] <Tuxick> still trying to tune[15:47:40] <Tuxick> IMO it's better not to rush things :)[15:48:06] <patdk-wk> yes, I have that issue with a client[15:48:17] <Tuxick> what issue?[15:48:24] <patdk-wk> they push out 100k or so, but only do it about 4times a year, so thy don't manage to build a reputation[15:48:35] <Tuxick> oh but reputation is ok[15:48:45] <patdk-wk> I mean replutation for pushing lots of emails[15:48:52] <patdk-wk> different from spam reputation[15:49:04] <Tuxick> yet last week things went to fast, in the end it took 3 days to get all out[15:49:11] <Tuxick> ah ok[15:49:28] <patdk-wk> bulk sender reputation :)[15:50:39] <Tuxick> setting smtp_destination_rate_delay > 0 makes things too slow[15:50:58] <Tuxick> but when it's 0 i really can't make smtp_destination_concurrency_limit too high[15:51:00] *** OnkV has joined #postfix[15:51:45] <Tuxick> i think the world needs an internation no-spam-filtering day[15:51:54] <Tuxick> so management will see the impact of spam[15:55:47] *** OnkV has quit IRC[15:57:42] *** penk has quit IRC[16:05:53] *** OnkV has joined #postfix[16:06:08] <Tuxick> i see scache[22866]: statistics: domain lookup hits=157 miss=355 success=30%[16:06:21] *** carl- has quit IRC[16:07:27] <patdk-wk> why use rate delay at all?[16:07:31] <patdk-wk> just limit the concurrency[16:07:54] <Tuxick> yes, that's why it's at 0[16:12:28] <Tuxick> wondering about smtp_connection_reuse_time_limit[16:12:45] <Tuxick> any point increasing that?[16:14:09] <Tuxick> i also don't see conn_use really get above 5[16:17:37] <Tuxick> glad i did manage to convince them of the importance of proper bounce handling[16:18:02] <Tuxick> trying too many nonexisting address is bad :)[16:22:13] *** Xenoth has joined #postfix[16:23:19] *** robinho86 has quit IRC[16:25:26] *** OnkV has left #postfix[16:26:14] *** Haudegen has joined #postfix[16:51:10] *** magyar has joined #postfix[16:51:11] *** magyar has joined #postfix[16:55:33] *** penk has joined #postfix[17:03:17] *** Amkei has joined #postfix[17:04:13] *** Darcidride has quit IRC[17:05:05] *** D-Boy has quit IRC[17:07:37] *** lrea has joined #postfix[17:16:37] *** Xenoth has quit IRC[17:17:39] *** Haudegen has quit IRC[17:20:37] *** marchelly has quit IRC[17:20:41] *** busta has joined #postfix[17:23:07] *** RalfJ has quit IRC[17:24:36] *** D-Boy has joined #postfix[17:24:41] *** RalfJ has joined #postfix[17:26:38] *** Xenoth has joined #postfix[17:26:55] *** busta has quit IRC[17:30:21] *** Haudegen has joined #postfix[17:36:52] *** darkavenger is now known as darkavenger_afk[17:39:10] *** ogny has quit IRC[17:39:44] *** marchelly has joined #postfix[17:44:43] *** eschmidbauer has joined #postfix[17:44:46] <eschmidbauer> hello[17:45:15] <eschmidbauer> for those of you who remember me yesterday-- here is the tutorial i wrote up for an SMTP server using postfix (& dovecot + postgres)[17:45:17] <eschmidbauer> https://blog.voipxswitch.com/[17:47:17] <eschmidbauer> importantly, it does user auth[17:53:43] <patdk-wk> hmm, I need to add a new metric to watch for hacked accounts[17:53:43] <eschmidbauer> if any of you professional see potentials issue (like security) please let me know[17:53:52] <patdk-wk> how many different helo names are used per sasl username[17:54:00] <patdk-wk> and ip's[17:54:07] <patdk-wk> actually, I meant the other way[17:54:17] <patdk-wk> how many different sasl usernames are used PER helo name[17:54:33] <lunaphyte> i would really see more contributions to existing canonical documentation than yet another tutorial[17:54:37] <lunaphyte> *really like to see[17:55:43] <eschmidbauer> canonical documentation?[17:55:50] <eschmidbauer> please feel free to copy my write up[17:56:05] <eschmidbauer> i write these tutorials for myself[17:56:09] <eschmidbauer> quick reference[17:56:28] <lunaphyte> lots of problems with that blog :([17:56:34] <eschmidbauer> Please advise[17:56:51] <lunaphyte> the most egregious of which is the use of smtp auth on port 25. that is a huge huge no no[17:57:15] <eschmidbauer> may i ask why?[17:57:21] <eschmidbauer> is that not the standard port?[17:57:26] <lunaphyte> that's not qhat port 25 is for[17:57:29] <lunaphyte> *what[17:57:31] <lunaphyte> heavens no[17:57:45] <eschmidbauer> what is it for?[17:57:47] <lunaphyte> port 25 is for servers to talk to other servers. not for clients to be using[17:58:01] <lunaphyte> clients are to use port 587[17:58:01] <eschmidbauer> this is servers talking to other servers[17:58:07] <lunaphyte> it's been that way for over 15 years[17:58:12] *** davlefouAMD has quit IRC[17:58:12] <lunaphyte> no, it's not[17:58:20] <eschmidbauer> is postfix not a server?[17:58:37] <eschmidbauer> this is not for someone to "login" and check their email[17:58:48] <eschmidbauer> this is for an MTA to relay[17:58:57] <eschmidbauer> and use user/pass auth[17:59:19] <lunaphyte> sigh.[17:59:24] <lunaphyte> i'm using YOUR words, sir.[17:59:31] *** robinho86 has joined #postfix[17:59:36] <lunaphyte> "Now configure your mail client to use the SMTP server"[17:59:41] <eschmidbauer> ok[17:59:42] <patdk-wk> user/pass logins on port 587 only[17:59:49] <patdk-wk> using port 25 for logins isn't right[17:59:49] <jaybe> !submission[17:59:50] <knoba> jaybe: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[17:59:52] <eschmidbauer> perhaps that is misleading language[18:00:09] <patdk-wk> if a *server* needs to login to another server, the login has to be configured, and should use 587 then also[18:00:15] <lunaphyte> other glaring problems are use of md5, storing of passwords in an sql database.[18:00:15] <eschmidbauer> it's not a login[18:00:19] <eschmidbauer> it's SMTP auth[18:00:19] <patdk-wk> as you already modified that server from non-defaults to use a login[18:00:24] <patdk-wk> heh?[18:00:33] <patdk-wk> login == smtp auth[18:00:40] <jaybe> ;p[18:00:46] <patdk-wk> certificate could be a login also, but that is NOT smtp auth[18:01:05] <eschmidbauer> let me explain use-case here[18:01:17] <patdk-wk> it doesn't matter, your using postfix AS a mua[18:01:22] <patdk-wk> so it needs to follow mua rules[18:01:38] <eschmidbauer> please let me explain use-case and you could better tell me[18:02:23] <eschmidbauer> i have voip servers, i dont want them email voicemails directly out to internet, i want them to be relayed to smtp server[18:02:27] <patdk-wk> you can try, but there is nothing special you can come up with[18:02:47] <eschmidbauer> so i configure postfix on voip servers to use relay to my smtp server[18:02:53] <lunaphyte> i also am not a fan of the "run this command to edit this file" encouragement[18:02:56] <patdk-wk> if it uses any kind of login, smtp auth, certificate, ..., it should be required to use port 587[18:03:02] <patdk-wk> even my INTERNAL relays, I use port 687[18:03:04] <patdk-wk> 587[18:03:11] <eschmidbauer> now voip servers sends to local MTA (postfix)[18:03:17] <eschmidbauer> postfix relays to my smtp server[18:03:25] <eschmidbauer> it should still use 587 in this case?[18:03:29] <lunaphyte> if you wish to direct viewers to edit a file, just say that. no need for the magical incantations of eot laden commands[18:03:33] <patdk-wk> do any of the servers use auth?[18:03:34] <eschmidbauer> ok sure[18:03:39] <patdk-wk> of any kind?[18:03:42] <lunaphyte> you are using the term server too loosely.[18:03:48] <eschmidbauer> sure, i dont want my smtp server open to world[18:03:52] <patdk-wk> and is there a chance of ANY of them getting a firewall port 25 block?[18:03:55] <lunaphyte> this channel is #postfix, where the topic is email[18:03:59] <jaybe> user/script/client/app/whatever AUTH should leverage submission[18:04:01] <patdk-wk> then using 25 is ok, but 587 is perferred[18:04:09] <lunaphyte> so when we're talking about servers, we're talking about email servers. not other servers.[18:04:32] <eschmidbauer> im talking about a use-case scenario here[18:04:38] <lunaphyte> in other words, no, your voip server is not an *email* server.[18:04:44] <lunaphyte> it is an email *client*[18:05:01] <eschmidbauer> ok[18:05:03] <lunaphyte> it submits mail to an msa, for further delivery, just like any other email client does[18:05:20] <patdk-wk> if it's your own private network, sure, yo ucan get away with using port 25, but it will end up screwing yourself later[18:05:30] <lunaphyte> so, back to where we started - port 25 is for *email* servers to talk to other *email* servers.[18:05:35] <patdk-wk> when you need to lockdown/secure your email servers better[18:06:01] <lunaphyte> if a server is not an email server, then it is an email client, and is to communicate using port 587[18:06:03] <eschmidbauer> no, we are talking about open web[18:06:11] <eschmidbauer> all public IPs on these servers[18:06:14] <lunaphyte> open web?[18:06:25] <lunaphyte> so far we're talking about voip servers and email servers. no web servers[18:06:28] <eschmidbauer> sorry[18:06:31] <patdk-wk> should use port 587 with logins then, only[18:06:43] <eschmidbauer> i mean just public IPs on NICs on all servers[18:06:50] <lunaphyte> ah. you mean the internet[18:07:15] <patdk-wk> there is a good chance, a server can be hacked, isp will firewall your spamming on port 25[18:07:21] <patdk-wk> or they do that anyways[18:07:30] <patdk-wk> why build it, so it will fail?[18:07:38] <eschmidbauer> how is it open to get hacked?[18:07:47] <eschmidbauer> bruteforce attacks?[18:07:53] <patdk-wk> your telling me nothing on those servers have any possible way to compromise them?[18:07:57] <lunaphyte> it's also a bad idea to get into that whole "well my use-case..." habit.[18:07:58] <patdk-wk> no, I was not talking about bruteforcing[18:08:57] *** lrea has left #postfix[18:09:25] <patdk-wk> it doesn't matter how secure you make something, it WILL be hacked[18:09:30] <eschmidbauer> how else could it be hacked?[18:09:43] <lunaphyte> i'm unsure of the difference between "your local mta" and "your smtp server"[18:10:13] <guampa> imo tutorials as this do more harm than good to folks that intend to use postfix. It does nothing to explain how things work, assumptions made, mistakes encountered and avoided, does not link to a *singlle* official documentation, which is a shame especially in the case of posftix, one of the best documented projects out there[18:10:19] <lunaphyte> yup[18:10:46] <guampa> the only thing this will lead is another hundred people coming in here to ask why the tutorial doesn't work for *their* use case[18:10:55] <lunaphyte> i have a wiki, which has lot and lots of notes and various commands, etc.[18:11:03] <lunaphyte> but it is not accessible to the public[18:11:07] <lunaphyte> that would be a disservice[18:11:14] <eschmidbauer> heh-- like i said, i use my tutorials as quick reference guides[18:11:22] <lunaphyte> sure, that's fine[18:11:33] <eschmidbauer> and provided they follow these exact steps on a fresh install, it will work[18:11:37] <patdk-wk> recommending others to use it, would be bad[18:11:40] <eschmidbauer> i tested running through each command[18:11:47] <lunaphyte> but when it's publicly available, and likely indexed, you are encouraging others, which is not responsible[18:12:10] <eschmidbauer> it *works*[18:12:16] <guampa> eschmidbauer: unless they have the exact same, bit-by-bit installation as yours, there will be potential for errors[18:12:24] <patdk-wk> you have tested this on all possible cases?[18:12:26] <guampa> plus, the usecase adds more variation[18:12:36] <eschmidbauer> the use-case is very simple[18:12:48] <lunaphyte> "it works", and "that's how we've always done it" are the calling cards of the cargo cult admin[18:13:02] <patdk-wk> we already told you, the solution to your usecase is flawed[18:13:21] <eschmidbauer> other than the port... are their any other flaws?[18:13:30] <patdk-wk> I haven't even looked at it yet :)[18:13:35] <lunaphyte> i gave my three points of feedback[18:13:46] <lunaphyte> oops, four[18:13:53] <lunaphyte> don't offer smtp auth on port 25[18:13:56] <lunaphyte> don't use md5[18:14:01] <lunaphyte> don't store passwords in sql[18:14:04] <patdk-wk> md5?[18:14:08] <patdk-wk> passwords?[18:14:08] <lunaphyte> and don't spoon feed text editing[18:14:13] * patdk-wk doesn't want to look at it[18:14:15] <eschmidbauer> i changed the text editing[18:14:27] <eschmidbauer> i will change port[18:14:28] <patdk-wk> eschmidbauer, did you miss the whole ashly madison thing?[18:14:32] <eschmidbauer> why not store passwords in sql?[18:14:39] <patdk-wk> and every other md5 issue for the last 6+years?[18:14:41] <lunaphyte> oh, hah. we'll have to add one more[18:14:45] *** mikecmpbll has quit IRC[18:14:57] <lunaphyte> don't omit encryption with passing credentials[18:15:02] <eschmidbauer> I will change encryption[18:15:07] <lunaphyte> i missed that one at first[18:15:45] <lunaphyte> also, the voip server should be using a proper null client[18:15:56] <eschmidbauer> i appreciate the feedback. i do not pretend to be a professional at email. i just need an SMTP server that does user/pass auth[18:16:05] <eschmidbauer> and it took me a while to figure this out on my own[18:16:16] <lunaphyte> fwiw, what you're setting up there is called an msa[18:16:27] <lunaphyte> it's a special subclass of smtp servers[18:17:07] <eschmidbauer> what does FWIW and MSA mean[18:17:15] <patdk-wk> !msa[18:17:15] <knoba> patdk-wk: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[18:18:51] <eschmidbauer> great, thank you for the informatino[18:19:03] <eschmidbauer> can you please tell me why it is bad to store passwords in sql?[18:19:10] <eschmidbauer> in database i mean[18:19:16] <eschmidbauer> the SQL file is just there for example[18:19:33] <patdk-wk> hmm, ya, since well, ever[18:19:46] <patdk-wk> that is the first thing anyone that has to touch a password has to learn[18:20:00] <eschmidbauer> huh?[18:21:09] <patdk-wk> http://blog.moertel.com/posts/2006-12-15-never-store-passwords-in-a-database.html[18:21:16] <patdk-wk> oh look, an ok blog post from 2006[18:21:29] <lunaphyte> when passwords are stored in sql, there is no proper abstracted auth mechanism involved. any application which wishes to auth must be allowed to read all password hashes[18:21:51] <patdk-wk> any compromise will compromise all passwords for all users[18:21:59] <lunaphyte> this is a huge huge no no in terms of responsible security[18:22:25] <patdk-wk> you are still building your system as, I cannot be hacked[18:22:29] <patdk-wk> instead of, it will be hacked[18:22:48] <hydrajump> can someone please explain what this means "Reject the same requests as reject_unauth_destination, with a non-permanent error code" for defer_unauth_destination[18:23:15] <eschmidbauer> i will have to assume that the user practices proper security protocol when it comes to accessing the database[18:23:18] <patdk-wk> exactly what it says[18:23:27] <eschmidbauer> if it is so insecure why does dovecot support it[18:23:28] <patdk-wk> what do you not understand hydrajump?[18:23:34] <eschmidbauer> or anything support it[18:23:38] <hydrajump> patdk-wk: "non-permanent error code"[18:23:44] <lunaphyte> reject_unauth_destination is permanent [fatal]. defer_unauth_destination is not[18:23:46] <eschmidbauer> i mean every single website out their stores password hashes in a db[18:23:47] <patdk-wk> means retry, or NEVER retry[18:23:57] <patdk-wk> non-perm allows the sender to attempt again later[18:24:01] <lunaphyte> eschmidbauer: indeed, many do, sadly[18:24:16] <hydrajump> ok so the defer option is preferable?[18:24:18] <lunaphyte> and then we read stories about password hashes getting cracked[18:24:20] *** de-vri-es has quit IRC[18:24:22] <patdk-wk> eschmidbauer, heh? hashs are safe[18:24:23] <lunaphyte> hydrajump: heavens no[18:24:33] <patdk-wk> md5 hashes are simple to crack[18:24:42] <patdk-wk> anything without salt might as well not even be hashed[18:24:45] <hydrajump> lunaphyte: hmm that's the default setting. weird[18:24:49] *** de-vri-es has joined #postfix[18:24:52] <hydrajump> i'll change it to use reject instead[18:24:53] <lunaphyte> hydrajump: for what?[18:25:09] <hydrajump> lunaphyte: smtpd_relay_restrictions[18:25:17] <lunaphyte> oh. that's different[18:25:21] <patdk-wk> special case[18:25:24] <hydrajump> "permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination"[18:25:32] <patdk-wk> you might have outdated list of valid users[18:25:39] <patdk-wk> so defer might make more sense than reject[18:25:52] <lunaphyte> smtpd_relay_restrictions is only needed if both mx and submission traffic are being used on the same port.[18:25:58] <patdk-wk> reject is perferred, if you know your list of users is accurate[18:25:59] <lunaphyte> this should never ever be done though, of course[18:26:23] <hydrajump> ok thanks patdk-wk lunaphyte[18:26:25] <lunaphyte> just set smtpd_relay_restrictions and forget about it, unless you are dealing with an old, poorly configured existing system[18:26:29] <lunaphyte> oops[18:26:36] <lunaphyte> set smtpd_relay_restrictions to empty[18:27:23] <hydrajump> yeah I've decided to do that even if I'm using 3.x.x and instead stick with smtpd_recipient_restritctions as pj linked this http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt[18:28:04] <hydrajump> I just wanted to check if I should switch to defer in that link as it was the default for relay_restrictions, but I'll stick with reject as stated[18:28:07] <lunaphyte> good plan[18:28:14] <lunaphyte> not stick with[18:28:18] <lunaphyte> set to empty.[18:28:19] <hydrajump> good advice in that link[18:28:33] <lunaphyte> it's not neeed at all[18:28:36] <lunaphyte> *needed[18:28:46] <hydrajump> lunaphyte: yes set to empty but use reject_unauth_destination in smtpd_recipient_restrictions[18:28:55] <lunaphyte> ah. yes, indeed[18:29:12] *** Amkei has quit IRC[18:31:24] <hydrajump> the only thing I don't see in that link's restrictions is `permit_sasl_authenticated`[18:32:00] <hydrajump> I need that between permit_mynetworks and reject_unauth_destination, right?[18:32:01] <lunaphyte> that is a restriction that is to be only for the submission service[18:32:16] <lunaphyte> anti-uce is an mx concept, ergo no relation ship to the sbumission service[18:32:30] <lunaphyte> oh, yikes, permit_mynetworks should never be used, period[18:33:23] *** silicong has joined #postfix[18:33:27] <hydrajump> so permit_sasl_authenticated should be set in master.cf for the submission service only?[18:33:33] <lunaphyte> right[18:34:29] <lunaphyte> you could use restriction classes, in which case the actual text itself would be in main.cf, but the application of the restriction would be done only for the submission service[18:35:43] <hydrajump> looking at master.cf the following are commented[18:35:44] <hydrajump> # -o smtpd_recipient_restrictions=[18:35:46] <hydrajump> # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject[18:36:02] <hydrajump> so I ould uncomment the last one[18:36:10] <lunaphyte> i wouldn't, but others might[18:36:23] <hydrajump> very confusing :([18:36:38] <lunaphyte> i would just use smtpd_recipient_restrictions, and put the restrictions there[18:37:01] <lunaphyte> smtpd_relay_restrictions exists mostly to keep idiots form shooting themselves in the foot, at the cost of some additional complexity[18:37:25] <lunaphyte> i don't use it, as it solves a problem that doesn't exist if you make even a marginal effort to be educated[18:37:47] <hydrajump> ok so uncomment the first line above and just add `permit_sasl_authenticated` or do I also need to add other restrictions since I'm overriding what I set in main.cf?[18:38:14] <lunaphyte> just start with permit_sasl_authenticated,reject[18:38:21] <hydrajump> ok thank you ;)[18:38:31] <hydrajump> you should write a book on postfix :P[18:39:55] <lunaphyte> heh :)[18:39:57] <lunaphyte> no way[18:41:57] <Tuxick> why not???[18:42:06] <Tuxick> ah i know, a treehugger!![18:42:11] <hydrajump> haha[18:42:18] <lunaphyte> that's one reason :)[18:42:18] <hydrajump> there are these thigns called ebooks :P[18:42:47] <hydrajump> no trees get hurt for the sake of postfix enlightenment[18:42:48] *** CustosL1men has joined #postfix[18:43:10] <lunaphyte> an ebook, otherwise known as a local website[18:44:49] <Tuxick> ye epub is nice[18:45:15] <Tuxick> buying a kobo made me save lots of trees[18:46:29] <hydrajump> "kobo" sounds like you bought a pet[18:46:45] <patdk-wk> I can't stand to use ebooks[18:47:09] <Tuxick> i read a lot in bed, holding books open is effort :)[18:47:15] *** gu1lle_ has joined #postfix[18:59:06] *** CustosL1men has quit IRC[19:06:42] <hydrajump> Tuxick: do you read "technical" books on that e-reader? does it work well compared to paperback?[19:07:18] <Tuxick> hydrajump: no, mostly scifi and fantasy :)[19:07:29] <Tuxick> no diagrams or formulas[19:07:50] <DominikB> for that a amzon kindle is gigantic[19:08:25] <Tuxick> ye but very drm[19:08:34] <Tuxick> or did they fix that?[19:11:03] <DominikB> Tuxick, when you use nondrm books its ok[19:11:36] <Tuxick> oh ok[19:13:08] <hydrajump> DominikB: you like kindle for tech books?[19:13:17] <DominikB> hydrajump, yep[19:13:32] <hydrajump> what kindle do you have?[19:13:41] <DominikB> paperwhite 2gen[19:13:51] <hydrajump> do you load pdfs as well or proper ebook formats .mobi, .epub?[19:14:04] <DominikB> hydrajump, pdf and epub[19:14:09] <DominikB> mobi wont work[19:15:38] <hydrajump> i've just played with one briefly and I found it annoying when viewing images/diagrams and having to zoom in and out to see what the hell is going on[19:15:45] <hydrajump> maybe it's something you get used to[19:16:03] <hydrajump> btw postfix q. is pcre preferable to regexp because of speed?[19:16:33] <DominikB> precompiled regexp are allways faster then normal regexp[19:16:48] <rob0> yes, PCRE should be faster. But usually you can do better than PCRE.[19:17:53] <hydrajump> rob0: what do you mean by your last comment "you can do better.."? that if I see an example online using pcre: I should rewrite it to just use regexp?[19:18:35] <rob0> I mean maybe you should say why you think you want to use regular expressions.[19:18:47] *** MinetestForFun has joined #postfix[19:18:52] <rob0> because I sure won't try to guess[19:19:45] <hydrajump> hehe sure. So looking at this link http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt there are examples for instance /etc/postfix/recipient_checks.pcre:[19:19:59] <rob0> okay[19:20:18] <hydrajump> i've seen others written without pcre and just wanted to know the difference if one was better to use[19:20:56] <rob0> Once again, pcre: should typically beat regexp: on the same expressions.[19:21:06] <hydrajump> ok[19:26:30] *** phunyguy has quit IRC[19:26:59] <lunaphyte> !regex[19:26:59] <knoba> lunaphyte: "regex" : some people, when confronted with a problem, think i know, i'll use regular expressions. now they have two problems. (jamie zawinski)[19:27:18] <lunaphyte> one of my favorite factoids[19:27:37] <hydrajump> haha yeah regex is a pain to figure out[19:28:13] *** phunyguy has joined #postfix[19:29:32] *** sphenxes02 has quit IRC[19:30:34] <lunaphyte> it's not the figuring things out that is the risk. it's the fool who thinks he has.[19:31:56] <rob0> heh[19:35:23] <hydrajump> fools and idiots are a common theme ;)[19:35:35] <lunaphyte> we see many[19:35:35] <hydrajump> that could be the name of your best seller lunaphyte[19:35:54] <hydrajump> I'll just take a 20% royalty[19:36:20] <hydrajump> tell me about it I deal with them on a daily basis unwillingly[19:36:45] <rob0> Clowns to the left of me, jokers to the right! Here I am, stuck in the middle with you.[19:36:53] <patdk-wk> damned amazon route53[19:37:04] <patdk-wk> it won't allow me to use 2048 dkim keys[19:37:31] <patdk-wk> doesn't support edns it seems[19:43:21] *** sphenxes has joined #postfix[19:47:55] *** dazo is now known as dazo_afk[19:50:48] *** darkavenger_afk is now known as darkavenger[19:59:29] *** CustosL1men has joined #postfix[20:00:49] *** showaz has joined #postfix[20:07:22] *** mikecmpbll has joined #postfix[20:07:28] *** rotbeard has joined #postfix[20:16:20] *** epretorious has quit IRC[20:21:33] *** TyrfingMjolnir has quit IRC[20:27:55] *** TyrfingMjolnir has joined #postfix[20:27:58] *** michael_mbp has quit IRC[20:28:08] *** TyrfingMjolnir has quit IRC[20:28:56] *** michael_mbp has joined #postfix[20:34:59] *** CustosL1men has quit IRC[20:43:53] *** Fleurety has joined #postfix[20:45:29] *** drehmer has quit IRC[20:50:47] *** danieli has joined #postfix[20:51:19] *** MinetestForFun has quit IRC[21:13:06] <hydrajump> question about helo_checks https://gist.github.com/anonymous/db51bbf2ee87bfe62e12[21:13:36] <hydrajump> in the example here https://gist.github.com/anonymous/db51bbf2ee87bfe62e12#file-helo_checks-L1-L2[21:14:24] <hydrajump> shouldn't I just list the hostname of the mail server, e.g. mail.example.com or should I list all the domains that my mail server receives mail for?[21:14:43] <patdk-wk> you can do anything you wish[21:14:46] <lunaphyte> anything that you *know* another server should never be using[21:14:54] <patdk-wk> the question is, what will the results break? that you care about[21:15:20] <lunaphyte> oh, and then be prepared to disable them when you experience the high rate of false positives[21:15:28] <lunaphyte> i mostly gave up on helo checks.[21:15:29] <hydrajump> according to the postfix book " only host that is allowed to use the server hostname is the host itself."[21:15:46] <hydrajump> so that to me sounds like I just want mail.example.com but I'm not sure[21:15:48] <patdk-wk> I almost do no helo checks[21:16:03] <patdk-wk> the only real helo checks I do, is a helo rbl based on reputation[21:16:03] *** darkavenger is now known as darkavenger_afk[21:16:07] <patdk-wk> that works pretty good for me[21:16:18] <lunaphyte> what little garbage they prevented that wasn't already prevented by other settings which also prevented much more was not worth the cultivation[21:16:40] <patdk-wk> lunaphyte, if that is the goal[21:16:48] <patdk-wk> my goal was to limit the amount of other dns lookups[21:16:57] <patdk-wk> so even if it is minimal, worth it still to me[21:17:32] <patdk-wk> and as always, depends on scale :)[21:18:21] <lunaphyte> the larger point here is that something like is this is likely much better considered for addition *after* the server has been running for some time[21:19:13] <lunaphyte> then, if you feel that there is still significant garbage getting through, you can look at the *actual* characteristics of it and decide which course of action might be best[21:20:42] <hydrajump> ok then what is the minimum setup that you consider before deploying? Or in other words what is essential in terms of these restrictions, checks[21:21:26] <lunaphyte> first, a thorough postscreen config[21:22:17] *** Haudegen has quit IRC[21:23:16] <lunaphyte> then, sensible smtpd restrictions[21:23:19] <hydrajump> I configured postscreen as exaplined in the docs by modifying the services in master.cf[21:23:27] <hydrajump> and then I added the following to main.cf[21:23:28] <lunaphyte> here's what i use: http://dpaste.com/0NVA0Y5.txt[21:24:16] <hydrajump> https://gist.github.com/anonymous/b8c523411dfc6e22542a[21:24:23] <hydrajump> that's all i've changed in master.cf[21:24:30] <hydrajump> looking now lunaphyte[21:27:34] <hydrajump> so postscreen is quite important[21:27:48] *** jaggzes has joined #postfix[21:28:24] <jaggzes> The vmailbox file (virtual_mailbox_maps), can I list multiple destinations? for example, an email to foo at bar dot com would go into multiple mailboxes, and possibly an outside email address?[21:28:26] <lunaphyte> i consider it to be[21:29:49] <jaggzes> Oh wait, I think I found it: http://www.postfix.org/virtual.5.html[21:29:51] <lunaphyte> the rhs of s virtual_mailbox_maps lookup is used only by virtual(8), to determine where on the disk a message should be delivered/written[21:29:57] <lunaphyte> *of a[21:30:07] <lunaphyte> it is not used to redirect mail elsewhere[21:30:17] <lunaphyte> for that, see virtual_alias_maps[21:31:21] <jaggzes> thanks lunaphyte :)[21:31:54] <jaggzes> now to see how to use those together[21:32:21] <jaggzes> I'll want some to go to local virtual hosts foo.com/jaggz/ and another to jaggz at outside dot com[21:32:27] *** robinho86 has quit IRC[21:33:05] *** Haudegen has joined #postfix[21:37:32] *** githogori has quit IRC[21:40:39] *** robinho86 has joined #postfix[21:43:00] <hydrajump> ok I'm going to just use `check_recipient_access` and `check_helo_access` for now as they both seem quite reasonable[21:43:41] <hydrajump> I've seen spoofed mail, so the helo_checks should deal with that from my understanding[21:44:41] <hydrajump> and the check_recipient_access will ensure that I receive mail intended for abuse and postmaster and that some tester don't report my mail server as an open relay[21:46:34] *** pti-jean_ has quit IRC[21:49:17] *** nyloc has quit IRC[21:49:56] *** nyloc has joined #postfix[21:50:48] *** sina0 has quit IRC[21:54:54] *** silicong has quit IRC[22:00:46] *** gamba47 has joined #postfix[22:02:34] *** zacdev has joined #postfix[22:02:38] *** cyrn has quit IRC[22:03:39] *** sina0 has joined #postfix[22:04:55] *** CustosL1men has joined #postfix[22:16:55] *** anunnaki_ has quit IRC[22:16:55] *** anunnaki_ has joined #postfix[22:21:05] *** cyrn has joined #postfix[22:22:49] *** anunnaki_ is now known as anunnaki[22:31:38] <hydrajump> lunaphyte: I'm going over the config you shared and you set two lists for `postscreen_access_list`[22:31:57] <hydrajump> so how are you creating those two tables? manually?[22:32:34] <hydrajump> I'm looking at the postscreen docs and it seems like you'd need to maintain a white and black list[22:34:32] <eschmidbauer> !msa[22:34:36] <eschmidbauer> !msa[22:34:37] <knoba> eschmidbauer: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[22:34:59] <hydrajump> !submission[22:34:59] <knoba> hydrajump: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[22:41:02] * eschmidbauer updated tutorial to use submission port[22:44:32] * eschmidbauer needs to research encryption better than md5 with dovecot + postgres[22:47:16] <eschmidbauer> dovecot only ssupports md5[22:47:21] * eschmidbauer is confused now[22:47:34] <hydrajump> eschmidbauer: maybe look through this http://shisaa.jp/postset/mailserver-1.html[22:47:40] <eschmidbauer> oh isee it supports crypt()[22:47:47] <hydrajump> that's part one. there's another part that cover dovecot and postgres[22:47:56] <eschmidbauer> ahh cool[22:48:35] <eschmidbauer> http://shisaa.jp/postset/mailserver-2.html[22:49:50] *** master_of_master has joined #postfix[22:52:36] *** master_o1_master has quit IRC[22:55:18] <hydrajump> very well written, but might be outdated somewhat[22:58:37] <eschmidbauer> i dont see how dovecot can read that password though[22:59:38] <eschmidbauer> i dont see any mention of default_pass_scheme in that tutorial[23:01:12] *** Haudegen has quit IRC[23:01:21] <eschmidbauer> getting Invalid password in passdb: crypt() failed: Invalid argument[23:01:26] <eschmidbauer> oh well ... i'll revisit monday[23:04:52] *** FinboySlick has quit IRC[23:10:53] *** fatalhalt has joined #postfix[23:13:25] *** Haudegen has joined #postfix[23:19:40] *** MinetestForFun has joined #postfix[23:22:51] *** bluethundr has joined #postfix[23:22:58] *** penk has quit IRC[23:23:41] <bluethundr> we have postfix 2.6.6 installed on a RHEL 6.6 machine.. and the app that's running there is sending multiple emails[23:23:50] <bluethundr> but when you test postfix from the command line that's not the case[23:24:01] <bluethundr> so how do you think we can test to prove that the MTA is not the problem ?[23:24:27] <bluethundr> it's just a basic, bare postfix install with NO alterations from the package install[23:24:46] <bluethundr> and sendmail was doing the same thing before the switch to a basic postfix setup[23:32:30] *** a_west has quit IRC[23:42:16] *** Chill_Surf has joined #postfix[23:54:45] *** a_west has joined #postfix