September 12, 2015 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 12, 2015 [00:04:57] *** MinetestForFun has quit IRC[00:21:34] *** Motoko has joined #postfix[00:31:41] *** githogori has joined #postfix[00:38:28] *** michael_mbp has quit IRC[00:39:50] *** internat has quit IRC[00:40:25] *** internat has joined #postfix[00:41:48] *** HeavyMetal has quit IRC[00:43:58] *** michael_mbp has joined #postfix[00:44:26] *** HeavyMetal has joined #postfix[00:44:27] *** HeavyMetal has joined #postfix[00:48:40] *** gu1lle_ has quit IRC[00:54:24] *** gamba47 has quit IRC[01:01:25] *** Chill-Surf has joined #postfix[01:02:53] *** twisted` has quit IRC[01:03:43] *** danieli has quit IRC[01:03:56] *** Freeaqingme has quit IRC[01:04:20] *** Chill_Surf has quit IRC[01:04:44] *** maedox has quit IRC[01:06:12] *** Freeaqingme has joined #postfix[01:07:55] *** maedox has joined #postfix[01:09:26] *** twisted` has joined #postfix[01:14:21] <fling> header_checks -> http://dpaste.com/3F6M11F[01:14:41] <fling> Why is _everything_ getting redirected?[01:20:47] <pj> !tell fling getting_help[01:20:47] <knoba> fling: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[01:22:15] <pj> fling: you probably don't want to be using header_checks for that anyways[01:22:31] <fling> From the manual -> `If multiple REDIRECT actions fire, only the last one is executed.`[01:22:44] <pj> !tell fling check_sender_actions[01:22:44] <knoba> pj: Error: No factoid matches that key.[01:22:50] <pj> !tell fling check_sender_access[01:22:50] <knoba> fling: "check_sender_access" : Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action.[01:22:50] <fling> But I thought the checks are performed in the order they are in the file…[01:23:30] <pj> !tell fling from!=sender[01:23:30] <knoba> fling: "from!=sender" : There are two different from addresses in an email, the From: header and the envelope sender. Postfix only cares about the envelope sender. See also !to!=recipient[01:24:36] <fling> pj: but is not header_checks pefrormed agains header fields and not envelope data?[01:26:17] <pj> fling: correct[01:26:59] <fling> to much not in my sentence :P what is correct?[01:28:01] <pj> you're trying to control mail in a sender-dependant way, usually this is best accomplished by looking at the envelope sender.[01:30:09] <pj> fling: as for multiple REDIRECT actions, that could happen if you have a REDIRECT that fires on two different lines in the headers.[01:31:17] <rob0> header_checks are so named because they check headers[01:31:49] <pj> so if you have a To: header that matches, followed by a From: header that matches (the .* rule) then the From REDIRECT will fire.[01:33:31] <pj> fling: you're making the common mistake of thinking that all of the headers in the message are checked simultaneously, they are not, they are checked one line at a time in the order in which they occur.[01:34:11] <pj> so there is no guarantee as to whether a To: header will be checked before or after the From: header, it simply depends on which order the MUA decided to put them in the data.[01:35:27] <fling> Ohh! So first it takes the first header from the message and checks it against each regexp in header_checks table, right?[01:35:36] <fling> Then it continues with the next header?[01:36:21] <pj> yes[01:36:46] <pj> and if multiple headers match different rules that both return a REDIRECT action then the last REDIRECT is the one that fires.[01:37:31] <pj> if DUNNO gets matched then that *input* line is ignored and postfix moves onto the next line.[01:37:51] <pj> so if you match the To: field with dunno, all that means is that no further processing is done on the To: line[01:37:59] <pj> postfix will still attempt to match the other lines[01:38:39] <pj> so a DUNNO match against To: will not in any way stop postfix from matching the *From:* rule at the bottom of your file and performing the redirect.[01:39:03] <fling> pj: does this look good? I don't see action in endif example in manual -> http://dpaste.com/1SD3P5G[01:39:47] <fling> Looks like I may remove DUNNO lines safely…[01:41:07] <pj> fling: you're still making the same mistake, your if block there doesn't change the fact that the match is all performed against *one* line of the input[01:41:24] <pj> so there is not going to be any match that can be tested against *both* From: and To:[01:42:22] <fling> Ohh!![01:42:40] <pj> you need to change your thinking. You're dealing with _one_line_at_a_time_. You can't match both From and To in the same line.[01:42:56] <fling> Ok, got it.[01:43:21] <pj> and to say !From: is simply going to match every other header in your message except the From: header[01:43:38] <fling> Then I want a proper way to apply header_checks only for outgoing mail. The problem is smtp_header_checks is not allowing me to use REDIRECT.[01:44:27] <pj> then put the header_checks in your master.cf file as part of the submission service.[01:45:00] <fling> I need two rules: 1. redirect everything going from a spammy box; 2. only allow mails from zdravalt and redirect everything else.[01:45:25] <pj> fling: this is sounding like a bad anti-spam measure...[01:45:35] <pj> what is the problem you're trying to solve here?[01:45:39] <fling> this is my master.cf -> https://bpaste.net/show/60a3fa9d1fb5 ; where exactly to put this line?[01:45:45] <moonpunter> does postfix need 2gb of ram to run well?[01:45:58] <pj> moonpunter: no[01:46:24] <fling> pj: two problems. I want to intercept mails from a single box and I want to intercept mail with the wrong From: field.[01:47:00] <pj> moonpunter: you can run postfix probably on as little as 1G or even 512 if your distro can support it, but you need more RAM for running SpamAssassin, and especially for ClamAV and possibly other related utilities.[01:47:12] <bluethundr> quit[01:47:17] *** bluethundr has quit IRC[01:47:24] <pj> fling: no that's not the problem you're trying to solve, that's your perceived solution.[01:47:31] <pj> what is the root problem here?[01:47:56] <moonpunter> aha[01:48:12] <fling> Users are allowed to use random 'From: '.[01:48:30] <moonpunter> i do have SA and CA running alongside dovecot, postfix, and squirrelmail, so presumably it would be a good idea to increase to 2gb from 1gb[01:48:32] <moonpunter> ?[01:48:39] <pj> fling: and this is a problem because?[01:49:33] <pj> moonpunter: in my experience ClamAV tends to need a lot of RAM because it likes to keep all it's antivirus defenitions in RAM and that takes up a fair bit.[01:49:46] <fling> … of the company policies. They should not be allowed to do so.[01:49:56] *** Crispy24 has joined #postfix[01:50:03] <moonpunter> pj: yeah, i figured this out when i ran out of ram trying to compile a little program.[01:50:13] <moonpunter> so i will just upgrade[01:50:26] <moonpunter> $20 as opposed to $10 per month, not bad really.[01:50:40] <pj> fling: the vast majority of MUAs will not allow someone to configure a different From: header from their envelope sender.[01:50:59] <pj> so unless they are spoofing the message with low-level utilities that's not going to be a problem.[01:51:13] <pj> moonpunter: yep[01:51:29] <fling> Some of them sometimes. And their messages need to be intercepted in this case.[01:52:43] *** xBytez has quit IRC[01:53:46] *** Haudegen has quit IRC[01:55:28] <fling> pj: am I putting '-o header_checks=/etc/postfix/header_checks' somewhere under 'submission inet n - n - - smtpd' in master.cf?[01:55:47] <pj> fling: yes[01:58:47] *** mikecmpbll has quit IRC[02:01:24] *** xBytez has joined #postfix[02:01:54] <fling> pj: thanks for help! Does this look any better? -> http://dpaste.com/3S20NH4[02:04:04] <pj> fling: no, that will redirect everything[02:04:28] <fling> D'oh! right… it will math everything.[02:04:40] <pj> as soon as postfix sees a header line that does not start with From: the second rule will fire.[02:05:05] <fling> I should match it against 'from' with 'if' first.[02:05:14] <pj> fling: that would likely work.[02:05:37] <fling> But I still don't get where to put action? I don't see it in endif example in the manul.[02:05:41] <fling> s/manul/manual/[02:05:50] *** Haudegen has joined #postfix[02:06:49] <pj> the individual actions go on the lines inbetween if ... endif[02:09:07] <fling> pj: got it -> http://dpaste.com/20KJ4VK[02:10:02] <pj> fling: no, there is no action on the if line[02:25:27] *** Chill-Surf has quit IRC[02:27:26] *** michael_mbp has quit IRC[02:30:57] *** michael_mbp has joined #postfix[02:34:23] *** huddy has quit IRC[02:35:40] *** joules has quit IRC[02:37:00] <fling> pj: looks like the line I added to /etc/postfix/master.cf is ignored.[03:12:54] *** trilby_mole has quit IRC[03:29:21] <pj> !tell fling getting_help[03:29:21] <knoba> fling: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[03:33:52] *** mroe has joined #postfix[03:40:21] *** evaryont has joined #postfix[03:40:57] <evaryont> Setting up a postfix server, why would postconf not return values I put into main.cf? (I did restart postfix to double check)[03:41:30] <evaryont> specifically, I'm trying to set up opendkim[03:45:48] <Crispy24> so running postconf -n doesn't return values you've explicitly changed in main.cf?[03:52:28] <pj> evaryont: there could be various different reasons. set up a pastebin with the output of "postconf -nf" and the actual contents of main.cf, please[03:52:40] <evaryont> Crispy24: yes[03:52:44] <evaryont> pj: will do[03:53:18] <evaryont> ohh man[03:53:36] <evaryont> actually I misread the settings[03:53:51] <evaryont> er, man page*. I was using `postconf -d`[03:54:07] <pj> ok, that would be why[03:54:10] <evaryont> yeah, my bad.[03:54:27] <pj> you'd be surprised how common that mistake is[04:03:56] <Crispy24> I found out my ISP is blocking port 25 :( bummer[04:04:30] <pj> !tell Crispy24 port_25_block[04:04:30] <knoba> Crispy24: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[04:04:44] <Crispy24> So much for hosting my web server and mail server from home! :P[04:04:48] <pj> Crispy24: that's quite common, it's a very good anti-spam tactic on the part of ISPs[04:04:58] <Crispy24> yeah[04:04:58] <pj> you can use a relayhost[04:05:01] <Crispy24> I don't blame them[04:05:09] <Crispy24> any free relayhosts you know of?[04:05:21] <pj> yeah, trying to remember the name, one sec[04:06:18] <pj> http://mandrill.com/[04:06:48] <pj> oh, they changed, nm[04:06:57] <Crispy24> lol[04:06:58] <pj> they used to be free for up to like 10k emails per month[04:07:02] <pj> now they charge for it[04:07:04] *** mices has left #postfix[04:07:09] <pj> sorry, don't know any, then[04:07:29] <Crispy24> no worries[04:07:37] <pj> but you can either (1) pay for mandrill, they're still free for a trial volume of up to 2000...[04:07:43] <pj> (2) get a cheap VPS[04:07:53] <Crispy24> I got a cheap VPS[04:08:02] <Crispy24> better than my GoDaddy I had before[04:08:05] <lunaphyte> http://ghettosmtp.com/[04:09:44] <Crispy24> damn, i'm already knee-deep in my VPS..[04:09:49] <pj> lunaphyte: that looks like it's for inbound mail, not outbound[04:10:13] <lunaphyte> oh, yes[04:10:33] <Crispy24> sick, my ISP doesn't block outbound[04:10:54] <lunaphyte> there are numerous benefit to using a vps anyway, just in general[04:10:56] <pj> Crispy24: outbound is what ISPs normally block[04:11:13] <pj> it's pointless for an ISP to block inbound.[04:11:27] <lunaphyte> yet some do it just to be tyrants anyway[04:11:35] <pj> well, pointless from an anti-spam pov[04:11:40] <lunaphyte> yeah[04:11:55] <pj> some will do it because they want you to upgrade to a "business" or "server" account.[04:12:01] <Crispy24> lunaphyte: yeah, VPS appeals to me. no need to do maintenance on the hardware[04:12:33] <pj> but yeah, VPS is a good idea, just put your full mail server on it.[04:12:34] <Crispy24> pj: capitalists![04:13:19] <pj> Crispy24: it would be capitalism if they weren't blocking competition from the market. As it is, it's just plain tyranny.[04:14:11] <Crispy24> pj: yep. Tyranny[04:15:24] <pj> some ISPs block both directions, or just inbound out of complete ignorance.[04:15:45] <pj> they heard that blocking port 25 helps to fight spam, but they don't know how to do it properly.[04:16:28] <lunaphyte> i don't run my full mail server on my vps[04:16:37] <lunaphyte> mail only passes through there. it doesn't stay[04:16:39] *** michael_mbp has quit IRC[04:16:57] *** michael_mbp has joined #postfix[04:17:19] <lunaphyte> there's too much risk for me in leaving all of my mail somewhere i don't fully trust[04:17:22] *** githogori has quit IRC[04:17:40] <pj> lunaphyte: fair enough[04:19:53] <Crispy24> lunaphyte: I didn't think of that. I might implement that on my VPS someday[04:21:22] *** Crispy24 has quit IRC[04:30:14] *** mroe has quit IRC[05:57:56] *** githogori has joined #postfix[06:04:23] *** julius_ has quit IRC[06:05:30] *** julius_ has joined #postfix[06:06:44] *** michael_mbp has quit IRC[06:10:58] *** michael_mbp has joined #postfix[06:11:26] *** Xenoth has quit IRC[06:18:53] *** TyrfingMjolnir has joined #postfix[06:27:52] *** michael_mbp has quit IRC[06:28:58] *** michael_mbp has joined #postfix[06:32:17] *** magyar has quit IRC[06:58:39] *** TyrfingMjolnir has quit IRC[06:59:10] *** TyrfingMjolnir has joined #postfix[07:04:27] *** sharky has quit IRC[07:06:46] *** wannabegeekster has quit IRC[07:12:06] *** sharky has joined #postfix[07:15:45] *** Motoko has quit IRC[07:29:53] *** zacdev has quit IRC[07:53:39] <julius_> hi[07:53:40] <julius_> i can run nslookup yellowstone, but postfix cant send a mail to that system. i get a mail back with: Host or domain name not found. Name service error for why?[07:58:09] <pj> for starters don't use nslookup, it's been deprecated for years.[07:58:51] <pj> secondly...[07:58:57] <pj> !tell julius_ relevant_logs[07:58:57] <knoba> julius_: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[08:03:44] *** ghostlines has joined #postfix[08:06:03] <ghostlines> Morning, I'm hosting a few websites on the same box. How can I tell postfix to send mail from different domains in effect changing the from address?[08:06:07] <ghostlines> on a per email basis[08:08:06] <ghostlines> ahh I think I found something http://www.postfix.org/VIRTUAL_README.html[08:08:34] <pj> ghostlines: you don't, the envelope sender and From: header are both set by the MUA, not by postfix.[08:10:52] <ghostlines> pj oh k. So once I setup the virtual hosting correctly Postfix will accept valid From: addresses when the MUA sets it?[08:18:10] <julius_> http://pastebin.ca/3159291[08:22:55] <julius_> ah yes, its dig and host[08:25:40] <julius_> my host is defined in /etc/hosts, does dig not look there? because it cant resolve my hostname[08:31:37] *** showaz has quit IRC[08:36:56] <ghostlines> my setup is rejecting emails received from gmail. How do I accept email from anywhere ppl may be sending from?[08:37:23] <ghostlines> I'm receiving a 'temporary lookup failure' then it rejects it[08:45:07] <ghostlines> ahh my mynetworks was all screwed up I did xxx.xxx.xxx.xxx/32 instead of just xxx.xxx.xxx.xxx[08:50:01] *** leeyaa has joined #postfix[08:50:05] <leeyaa> hello[08:50:46] <leeyaa> which part of email headers is unique when using postfix? Message-ID maybe ?[08:52:52] <leeyaa> i need to sort out some duplicates[09:37:26] <DominikB> leeyaa, that should be unique[09:38:34] <DominikB> leeyaa, what mda you use?[09:39:20] <leeyaa> DominikB: courier if mda is what i think it is[09:40:15] <DominikB> ok :D just was thinking about that your imap server could do some deduplicating for you but imho couirer is not capbale of that[09:40:54] <leeyaa> DominikB: tell me about it - ubuntu 6 and ubuntu 8 servers :D[09:41:05] <leeyaa> anything else in the header that could be unique? some messages dont have message ids[09:42:36] <DominikB> leeyaa, maybe the timestamp when it is a low frequent mailbox[09:44:05] <leeyaa> ill check that after it finishes sorting the ones with messages ids thanks[10:00:24] *** mikecmpbll has joined #postfix[10:39:40] <pj> julius_: no, dig doesn't look in /etc/hosts and neither does postfix by default[10:40:33] <pj> !tell julius_ smtp_host_lookup[10:40:33] <knoba> julius_: "smtp_host_lookup" : a configuration parameter in the main.cf: What mechanisms when the SMTP client uses to look up a host's IP address. This parameter is ignored when DNS lookups are disabled.[10:41:21] <pj> !tell ghostlines getting_help[10:41:21] <knoba> ghostlines: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[10:42:53] <pj> leeyaa: if you use long queue ids for postfix then the queue id is guaranteed to be unique, although that is not in a header depending on your specific needs it may not have to be.[10:44:04] <pj> otherwise the message-id should in theory be unique, but I think it's possible it might not be. If there is no message id when postfix receives the message then postfix will assign one at the cleanup stage.[10:48:03] *** artista_frustrad has quit IRC[10:48:56] *** artista_frustrad has joined #postfix[10:58:31] *** sphenxes01 has joined #postfix[11:01:28] *** sphenxes has quit IRC[11:06:51] *** ghostlines has quit IRC[11:36:33] *** sina0 has quit IRC[11:43:07] *** markw has quit IRC[11:49:46] *** SupaYoshi has quit IRC[11:50:33] *** SupaYoshi has joined #postfix[11:55:54] *** Haudegen has quit IRC[11:57:59] *** ghostlines has joined #postfix[12:09:47] *** joules has joined #postfix[12:10:14] *** Haudegen has joined #postfix[12:10:42] *** rotbeard has quit IRC[12:11:12] *** joules has quit IRC[12:14:02] *** joules has joined #postfix[12:14:17] *** joules has quit IRC[12:14:41] *** joules has joined #postfix[12:23:06] *** zacdev has joined #postfix[12:23:51] *** linkedinyou|2 has joined #postfix[12:27:26] *** zacdev has quit IRC[12:30:12] *** leeyaa has quit IRC[12:44:14] *** michael_mbp has quit IRC[12:47:28] *** michael_mbp has joined #postfix[12:50:34] *** pti-jean_ has joined #postfix[13:10:42] *** antiatom has quit IRC[13:12:53] *** Stealth has quit IRC[13:13:11] *** knoba has quit IRC[13:13:19] *** knoba has joined #postfix[13:13:28] *** Stealth has joined #postfix[13:13:37] *** antiatom has joined #postfix[13:33:30] *** Haudegen has quit IRC[13:42:10] *** markw has joined #postfix[13:52:23] *** mroe has joined #postfix[14:00:22] *** mroe has quit IRC[14:01:33] *** Haudegen has joined #postfix[14:06:02] *** Haudegen has quit IRC[14:17:18] *** ghostlines has quit IRC[14:20:05] *** Haudegen has joined #postfix[14:25:42] *** Haudegen has quit IRC[14:45:38] *** ghostlines has joined #postfix[14:47:23] *** MinetestForFun has joined #postfix[14:54:47] *** yosafbridge has quit IRC[14:56:18] *** Haudegen has joined #postfix[15:00:54] *** Haudegen has quit IRC[15:01:28] *** yosafbridge has joined #postfix[15:30:39] *** Haudegen has joined #postfix[15:45:21] *** moss has quit IRC[15:46:12] *** moss has joined #postfix[15:58:06] *** JanC has quit IRC[16:12:45] *** JanC has joined #postfix[16:25:03] *** Haudegen has quit IRC[16:33:15] *** zacdev has joined #postfix[16:39:54] *** kalz has quit IRC[16:47:40] *** kalz has joined #postfix[16:53:11] *** Haudegen has joined #postfix[17:04:10] *** internat has quit IRC[17:04:26] *** internat has joined #postfix[17:04:26] *** sphenxes01 has quit IRC[17:06:53] *** sphenxes has joined #postfix[17:36:50] *** Amkei has joined #postfix[17:40:01] *** Haudegen has quit IRC[17:40:30] *** MinetestForFun has quit IRC[17:50:58] *** Haudegen has joined #postfix[18:00:49] *** tschimmi42 has joined #postfix[18:18:05] *** Crispy24 has joined #postfix[18:26:12] *** MinetestForFun has joined #postfix[18:38:36] *** ghostlines has quit IRC[18:46:08] *** armguy has quit IRC[18:51:24] *** ghostlines has joined #postfix[18:53:41] *** asterismo has joined #postfix[18:53:48] <asterismo> hi[18:54:06] <asterismo> where can i check for logs in postfix? does it logs to mail.log?[18:54:19] <asterismo> i want to see if mails are reaching the server[18:55:59] <lunaphyte> !tell asterismo logs[18:55:59] <knoba> asterismo: "logs" : postfix logs to the mail facility of syslog. You can usually find them with ls /var/log/mail* otherwise something like grep -i `postconf -h syslog_facility` /path/to/syslog_config_file should tell you where logs are going. also see !no_logs and !have2mung[18:56:46] <asterismo> yeah, i have some issues with spamassasin[18:57:05] <asterismo> http://pastebin.oalm.gub.uy/view/5b6767f5[18:57:40] <lunaphyte> !tell asterismo getting_help[18:57:40] <knoba> asterismo: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[18:58:46] <julius_> pj, thank you[18:59:01] <julius_> pj, btw, why is smtp_host_lookup = native not the default?[18:59:36] <asterismo> lunaphyte: ok, i just wanted to know if the spamassasin line is well written: http://pastebin.oalm.gub.uy/view/6f4e0a74[19:00:56] <hydrajump> !submission[19:00:56] <knoba> hydrajump: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[19:02:25] <lunaphyte> julius_: because smtp/email is largely an internet concept, and the internet uses dns. not hosts files[19:02:54] <lunaphyte> asterismo: i would encourage you to use amavis[19:04:42] <hydrajump> I'm trying to figure out what is wise to uncomment in the default master.cf with regards to the submission service here https://gist.github.com/anonymous/6d1a23c18f05acf761da[19:05:29] <hydrajump> The postfix book does not seem to cover this service and I haven't found it discussed in the postfix docs either.[19:07:43] *** bolt has quit IRC[19:09:56] *** MinetestForFun has quit IRC[19:10:45] *** MinetestForFun has joined #postfix[19:11:37] *** MinetestForFun has quit IRC[19:13:10] *** penk has joined #postfix[19:15:23] <lunaphyte> it's an email concept, not a postfix concept. it wouldn't be something postfix would document, aside from the abstractive elements specific to postfix[19:16:06] <lunaphyte> in any case, what the example suggest there is generally a good idea, save from perhaps some personal preference for alternative terminology[19:16:46] <lunaphyte> *save for[19:17:25] *** Sai has joined #postfix[19:17:38] <hydrajump> I understand the point of using the submission service, just not sure on uncommenting which settings. Some are already set by default when I check using postconf -d and uncommenting in master.cf for the submission service would override those settings.[19:18:43] <lunaphyte> consider that smtp and submission are fundamentally the same thing. the difference lies in the purpose of their use[19:19:25] <lunaphyte> so - what that means is that fundamentally, you want to always override all smtpd_*_restrictions for the submission service, so it doesn't inadvertantly start acting like the smtp service[19:19:45] <lunaphyte> because if it did that, then you'd just have two smtp services, which would be pretty pointless[19:20:17] <rob0> worse, submission not requiring AUTH could be abused[19:20:25] <lunaphyte> right[19:20:37] <rob0> by spambots from behind port 25 blocks[19:20:40] *** bolt has joined #postfix[19:22:42] <hydrajump> so as I have `smtpd_recipient_restrictions = xxxxx` configured in main.cf and it covers all the restrictions for internal and external clients(old format) then for the submission service in master.cf I want to override `smtpd_recipient_restrictions` with just the appropriate rest. for submission?[19:23:23] <lunaphyte> in the global config, make two sets of all smtpd_*_restrictions. one set for smtp, the other for submission. then, name the submission set something other than "smtpd_..." - e.g. "mua_..." [as in the examples in master.cf][19:23:51] <lunaphyte> now you'll have a set for smtp, and a differently named set for submission[19:24:01] <lunaphyte> then, set them all as is appropriate[19:24:25] <rob0> What Postfix version do you have?[19:24:33] <hydrajump> 3.0.1[19:24:46] <lunaphyte> lastly, for the submission service in master.cf, point each of the real restrictions to your "fake" restrictions you've got in the global config[19:24:58] <lunaphyte> e.g. -o smtpd_client_restrictions=$mua_client_restrictions[19:25:58] <lunaphyte> that will give you wholly separate smtp an submission restrictions, all of which can be managed from within the global config, allowing you to reduce the degree with which you're messing with master.cf[19:25:58] <hydrajump> lunaphyte: you like to split up your restrictions versus having them all under smtpd_recipient_restrictions as was done in the past?[19:26:04] <lunaphyte> no[19:26:19] <lunaphyte> put all restrictions in smtpd_recipient_restrictions[19:26:26] <lunaphyte> all others should be empty/unset[19:26:30] *** Haudegen has quit IRC[19:27:26] <hydrajump> ok let me put together my config as you've explained and then I'll post a gist if you wouldn't mind looking over just the restrictions[19:29:48] <lunaphyte> sounds like a good plan[19:36:51] *** tmberg has quit IRC[19:37:11] <hydrajump> ok I think I've managed to do what you said https://gist.github.com/anonymous/9762adb01e1467d27d16[19:37:41] *** penk has quit IRC[19:40:25] *** tmberg has joined #postfix[19:45:29] *** MacWinne_ has joined #postfix[19:46:18] *** penk has joined #postfix[19:51:43] *** CustosL1m3n has joined #postfix[19:51:54] *** Sai has quit IRC[19:52:26] *** Haudegen has joined #postfix[19:54:55] *** CustosL1men has quit IRC[20:03:59] *** Sai has joined #postfix[20:07:40] <lunaphyte> you should duplicate all smtpd_*_restrictions[20:07:45] <lunaphyte> not just recipient[20:07:49] <lunaphyte> unless you like surprises[20:10:58] <hydrajump> and set them to "" even if they are set to that by the default config?[20:11:35] *** higuita has quit IRC[20:12:23] <lunaphyte> i do[20:14:15] <hydrajump> ok I'll make that change. Does the master.cf and main.cf in that gist look ok otherwise?[20:15:15] <lunaphyte> one could argue that those defaults are quite unlikely to ever change, and with the recently introduced compatibility_level setting, changes to defaults have become safer to some degree, but for me it's just more about them being different settings[20:15:55] <lunaphyte> show your full config as per !showconfig[20:16:12] <lunaphyte> we can't say if things are sensible if we are shown only a portion[20:17:44] <hydrajump> ok I didn't want to waste your time looking at everything as we were just discussing a part. But I can share the whole thing ;)[20:18:22] *** sina0 has joined #postfix[20:21:19] *** Sai has left #postfix[20:24:24] *** fling has quit IRC[20:27:22] *** higuita has joined #postfix[20:30:42] *** fling has joined #postfix[20:31:41] *** penk has quit IRC[20:40:39] *** moonpunter has quit IRC[20:43:13] *** Xenoth has joined #postfix[20:48:02] *** asterismo has quit IRC[20:49:16] *** armguy has joined #postfix[20:55:24] *** Crispy24 has quit IRC[21:16:09] <hydrajump> !showconfig[21:16:10] <knoba> hydrajump: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[21:17:23] *** Haudegen has quit IRC[21:19:40] <hydrajump> lunaphyte: https://gist.github.com/anonymous/3e1293ea4ef0168ee1b7[21:21:06] *** zacdev has quit IRC[21:21:25] *** tschimmi42 has left #postfix[21:23:14] *** armguy has quit IRC[21:28:55] *** danieli has joined #postfix[21:29:07] *** TyrfingMjolnir has quit IRC[21:34:03] *** armguy has joined #postfix[21:40:27] *** robinho86 has quit IRC[21:43:21] *** pti-jean_ has quit IRC[21:55:23] *** cuqa_ has quit IRC[21:58:36] *** cuqa_ has joined #postfix[22:00:27] *** mikecmpbll has quit IRC[22:10:49] *** MinetestForFun has joined #postfix[22:25:15] *** njbair has quit IRC[22:31:25] *** internat has quit IRC[22:31:49] *** internat has joined #postfix[22:45:21] *** michael_mbp has quit IRC[22:47:02] *** michael_mbp has joined #postfix[22:49:11] *** Amkei has quit IRC[22:50:46] *** master_o1_master has joined #postfix[22:54:07] *** master_of_master has quit IRC[23:02:22] *** silicong has joined #postfix[23:19:16] *** Xenoth has quit IRC[23:35:02] *** tomocha6 has quit IRC[23:45:12] *** magyar has joined #postfix[23:50:27] *** Haudegen has joined #postfix[23:54:55] *** Haudegen has quit IRC