December 27, 2017 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
December 27, 2017 [00:23:41] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has joined #postfix[00:29:37] *** Death_rattle__ <Death_rattle__!~death@200116b8201d3100eddacec6886e3e1c.dip.versatel-1u1.de> has quit IRC (Quit: bye)[00:39:13] *** ariscop <ariscop!~Phase4@203.45.225.141> has joined #postfix[00:41:24] *** ZeiP <ZeiP!zeip@2a01:7e00::f03c:91ff:fe73:fd27> has quit IRC (Remote host closed the connection)[00:41:59] *** yovannys1990 <yovannys1990!~canaima@190.74.164.200> has joined #postfix[00:47:05] *** ZeiP <ZeiP!quasselcor@2a01:7e00::f03c:91ff:fe73:fd27> has joined #postfix[00:53:31] *** yovannys1990 <yovannys1990!~canaima@190.74.164.200> has left #postfix[01:24:44] *** rsx <rsx!~rsx@ppp-46-244-246-85.dynamic.mnet-online.de> has quit IRC (Quit: rsx)[01:54:13] <dvl> I'm working with a cert for cliff.int.unixathome.org which contains: DNS:cliff.int.unixathome.org, DNS:cliff.unixathome.org (i.e. X509v3 Subject Alternative Name). Sending server gets "CA certificate verification failed for cliff.unixathome.org[173.49.113.226]:5587: num=2:unable to get issuer certificate" and I don't see why yet. Details here: https://gist.github.com/dlangille/4d4c5b5073f510e679b2c0890b56da7a[01:56:13] <dvl> Could this be because CN=cliff.int.unixathome.org and 'DNS:cliff.int.unixathome.org, DNS:cliff.unixathome.org' is not relevant?[01:58:40] <dvl> The issuer in question is found in smtp_tls_CAfile & smtpd_tls_CAfile[02:03:00] *** fishcooker <fishcooker!~chika.tam@202.148.7.34> has joined #postfix[02:37:29] *** mauro25987 <mauro25987!~mgonzalez@r179-25-184-173.dialup.adsl.anteldata.net.uy> has joined #postfix[02:37:38] <mauro25987> hi people[02:41:44] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-157-202.satx.res.rr.com> has joined #postfix[02:43:21] <mauro25987> someone can help me with policyd, I did everything that is in the documentation.[02:43:22] <mauro25987> but I think steps are missing.[02:43:55] <mauro25987> https://wiki.policyd.org/installing[02:44:41] <mauro25987> it does not say what to do with cluebringer.conf[02:44:44] <mauro25987> for example[02:45:19] <mauro25987> everything that is the webui I could install it correctly.[03:01:36] <dvl> mauro25987: I have no idea, but I do see: Move cluebringer.conf to your /etc directory and edit your database details in cluebringer.conf[03:08:38] <dvl> I still can't figure out why the client cert is not trusted.[03:10:04] <mauro25987> ok[03:10:12] <mauro25987> dvl: Is this documentation incomplete?[03:10:27] <dvl> mauro25987: I don't know, I have never used it.[03:11:16] <mauro25987> ok thanks[03:17:06] *** Gaaab <Gaaab!~Gaaab@host172-27-dynamic.3-87-r.retail.telecomitalia.it> has joined #postfix[03:20:19] <tmberg> Hm.. I wonder why i disabled policyd..[03:22:43] <tmberg> !postscreen[03:22:43] <knoba> tmberg: "postscreen" : SMTP triage server available since Postfix 2.8, see http://www.postfix.org/POSTSCREEN_README.html and http://www.postfix.org/postscreen.8.html[03:23:11] <tmberg> mauro25987: You are aware of postscreen i assume?[03:26:16] *** Gaaab <Gaaab!~Gaaab@host172-27-dynamic.3-87-r.retail.telecomitalia.it> has quit IRC (Remote host closed the connection)[03:29:24] <mauro25987> No, I do not know it[03:29:24] <mauro25987> they asked me to control the postifx shipping fee.[03:29:24] <mauro25987> by domain and by user.[03:29:24] <mauro25987> that's why I want to finish installing policyd[03:30:58] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has joined #postfix[03:38:57] *** nomeed <nomeed!~nomeed@p54A24C70.dip0.t-ipconnect.de> has quit IRC (Ping timeout: 248 seconds)[03:40:18] *** nomeed <nomeed!~nomeed@p54A24C18.dip0.t-ipconnect.de> has joined #postfix[03:44:18] <lunaphyte> mauro25987: you're in the wrong channel for that.[03:44:39] <lunaphyte> this channel is for postfix, not for things that you might use in conjunction with postfix.[03:49:34] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has quit IRC (Read error: Connection reset by peer)[04:14:37] *** Ellenor <Ellenor!ellenor@unaffiliated/ellenor> has quit IRC (Ping timeout: 255 seconds)[04:21:11] *** xa0z <xa0z!~interex@2001:470:ba7f:1f::11> has quit IRC (Ping timeout: 240 seconds)[04:30:57] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has joined #postfix[04:31:36] *** chachasmooth_ <chachasmooth_!~chachasmo@unaffiliated/chachasmooth> has quit IRC (Ping timeout: 265 seconds)[04:59:29] *** damyan^ <damyan^!damyan@mail.0x4711.org> has quit IRC (Ping timeout: 252 seconds)[05:01:25] *** Ellenor <Ellenor!ellenor@unaffiliated/ellenor> has joined #postfix[05:24:34] *** mauro25987 <mauro25987!~mgonzalez@r179-25-184-173.dialup.adsl.anteldata.net.uy> has quit IRC (Quit: Leaving.)[05:38:18] *** zapata <zapata!~zapata@2a02:b18:581:10:fdfd:1a10:84d7:875a> has quit IRC (Ping timeout: 265 seconds)[05:58:15] *** eelstrebor <eelstrebor!~eelstrebo@216.75.116.100> has joined #postfix[06:00:32] *** eelstrebor <eelstrebor!~eelstrebo@216.75.116.100> has quit IRC (Client Quit)[06:17:24] *** damyan^ <damyan^!damyan@mail.0x4711.org> has joined #postfix[06:27:03] *** gu1lle_1 <gu1lle_1!~Thunderbi@190.18.187.175> has joined #postfix[06:27:41] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has quit IRC (Ping timeout: 256 seconds)[06:27:41] *** gu1lle_1 is now known as gu1lle_[06:41:21] *** gu1lle_1 <gu1lle_1!~Thunderbi@190.18.187.175> has joined #postfix[06:43:04] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has quit IRC (Ping timeout: 265 seconds)[06:45:57] *** gu1lle_1 <gu1lle_1!~Thunderbi@190.18.187.175> has quit IRC (Ping timeout: 264 seconds)[06:46:46] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has joined #postfix[06:51:19] *** xa0z <xa0z!~interex@2001:470:ba7f:1f::11> has joined #postfix[06:51:37] *** gu1lle_1 <gu1lle_1!~Thunderbi@190.18.187.175> has joined #postfix[06:53:05] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has quit IRC (Ping timeout: 248 seconds)[06:55:36] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has joined #postfix[06:56:21] *** gu1lle_1 <gu1lle_1!~Thunderbi@190.18.187.175> has quit IRC (Ping timeout: 260 seconds)[07:06:51] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Ping timeout: 240 seconds)[07:09:20] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[07:41:12] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Ping timeout: 272 seconds)[07:43:12] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[07:47:46] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Remote host closed the connection)[07:48:37] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[07:54:30] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has joined #postfix[07:55:50] *** ariscop <ariscop!~Phase4@203.45.225.141> has quit IRC (Quit: Leaving)[08:07:26] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-157-202.satx.res.rr.com> has quit IRC (Quit: cemotyz09)[08:07:32] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Remote host closed the connection)[08:08:14] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[08:25:22] *** zapata <zapata!~zapata@2a02:b18:581:10:8900:7dc2:7765:39c2> has joined #postfix[08:30:50] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Write error: Broken pipe)[08:37:48] *** jucaroba <jucaroba!~quassel@static-153-155-225-77.ipcom.comunitel.net> has quit IRC (Read error: Connection reset by peer)[08:39:31] *** jucaroba <jucaroba!~quassel@static-153-155-225-77.ipcom.comunitel.net> has joined #postfix[08:44:39] *** ariscop <ariscop!~Phase4@58.106.177.140> has joined #postfix[08:57:55] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[09:14:59] *** damyan^ <damyan^!damyan@mail.0x4711.org> has quit IRC (Quit: WeeChat 2.1-dev)[09:17:31] *** damyan^ <damyan^!damyan@mail.0x4711.org> has joined #postfix[09:28:41] *** stenrose <stenrose!~stenrose@martin.ilait.se> has quit IRC (Quit: Leaving)[09:35:27] *** Darcidride <Darcidride!~Darcidrid@194.2.202.81> has joined #postfix[09:44:14] *** impy <impy!~textual@ptr-g1zxlv5btmc9gbp7grj.18120a2.ip6.access.telenet.be> has quit IRC (Quit: My MacBook has gone to sleep. ZZZzzz…)[10:06:38] *** ek <ek!ek@freebsd/contributor/ek> has quit IRC (Ping timeout: 268 seconds)[10:14:34] *** stenrose <stenrose!~stenrose@martin.ilait.se> has joined #postfix[10:29:51] *** fishcooker <fishcooker!~chika.tam@202.148.7.34> has quit IRC (Quit: Leaving.)[10:31:47] *** ek <ek!ek@freebsd/contributor/ek> has joined #postfix[10:34:37] *** fishcooker <fishcooker!~chika.tam@115.69.222.6> has joined #postfix[10:37:10] *** fishcooker <fishcooker!~chika.tam@115.69.222.6> has quit IRC (Client Quit)[10:47:59] *** bolt <bolt!~r00t@unaffiliated/bolt> has quit IRC (Remote host closed the connection)[10:50:29] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[11:05:21] *** _rudi_s <_rudi_s!~simon@steep.informatik.uni-erlangen.de> has quit IRC (Remote host closed the connection)[11:24:03] *** phunyguy <phunyguy!~vault@ubuntu/member/phunyguy> has quit IRC (Ping timeout: 256 seconds)[11:50:53] *** _rudi_s <_rudi_s!~simon@steep.informatik.uni-erlangen.de> has joined #postfix[11:51:15] *** _rudi_s <_rudi_s!~simon@steep.informatik.uni-erlangen.de> has quit IRC (Client Quit)[11:51:52] *** rudi_s is now known as rudi_s1[11:53:34] *** rudi_s <rudi_s!~simon@steep.informatik.uni-erlangen.de> has joined #postfix[12:02:54] *** rsx <rsx!~rsx@ppp-46-244-248-66.dynamic.mnet-online.de> has joined #postfix[12:10:16] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has joined #postfix[12:31:59] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has quit IRC (Quit: inabit. zz.)[12:32:22] *** celyr <celyr!~celyr@unaffiliated/celyr> has joined #postfix[12:32:24] *** philip <philip!~philip@2a06:6dc0:10:6de0::1:3> has joined #postfix[12:36:16] *** Gaaab <Gaaab!~Gaaab@host172-27-dynamic.3-87-r.retail.telecomitalia.it> has joined #postfix[12:56:00] *** section1 <section1!~section1@190.194.77.25> has joined #postfix[12:56:41] *** pti-jean_ <pti-jean_!~quassel@79.38.124.78.rev.sfr.net> has joined #postfix[13:06:02] *** mauro25987 <mauro25987!~mgonzalez@r201-217-134-243.ir-static.anteldata.net.uy> has joined #postfix[13:07:00] *** fishcooker <fishcooker!~chika.tam@139.195.154.28> has joined #postfix[13:13:36] *** fishcooker <fishcooker!~chika.tam@139.195.154.28> has quit IRC (Quit: Leaving.)[13:27:40] *** Uf0_ <Uf0_!~luna@212.47.194.63> has quit IRC (Ping timeout: 268 seconds)[13:38:18] *** Uf0 <Uf0!~luna@212.47.194.63> has joined #postfix[13:38:37] *** rsc <rsc!~robert@fedora/rsc> has left #postfix ("Linux - The future has already started!")[13:39:40] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Ping timeout: 272 seconds)[13:39:56] *** impy <impy!~textual@ptr-g1zxlv3fot7himekrt4.18120a2.ip6.access.telenet.be> has joined #postfix[13:40:59] *** nemo <nemo!nemo@c-73-212-126-29.hsd1.md.comcast.net> has joined #postfix[13:41:52] <nemo> Recently I've been getting a number of spam emails about "Pandora Outlets" that come from a constantly generated new domain, like @xxxx.win @xyyy.win etc[13:42:27] <nemo> I was wondering if it is possible to block that in access map. at present I have REJECT for specific misbehaving domains.[13:42:39] <nemo> But had no idea if a rule could be defined for all of ".win"[13:43:01] <nemo> maybe I need to move the block into DNS[13:43:10] <nemo> hm. no. that wouldn't work ☺[13:43:27] *** Uf0 <Uf0!~luna@212.47.194.63> has quit IRC (Ping timeout: 240 seconds)[13:44:21] <nemo> just read the man page again, doesn't seem blocking by tld is possible?[13:44:31] <nemo> must have been from a simpler time before the explosion of TLDs[13:44:55] *** Uf0 <Uf0!~luna@212.47.194.63> has joined #postfix[13:45:33] <dvl> nemo: perhaps http://www.postfix.org/access.5.html[13:45:43] <nemo> dvl: yeah. that's what I was reading[13:45:45] <nemo> https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 ☹[13:46:25] <nemo> hm.[13:46:29] <nemo> actually that one works I guess[13:46:32] <nemo> define map then reject[13:46:34] * nemo reads on[13:47:04] <nemo> oh. hahaha. I made a pcre map for bad domains long ago, then forgot about it apparently[13:47:16] <nemo> well. not that long ago. guess my memory is crap these days[13:47:23] <nemo> one more for the bucket[13:48:35] <nemo> main.cf: check_client_access pcre:/etc/postfix/check_client_access aaand /\.win$/ REJECT Sorry, too much abuse from this tld[13:49:19] <nemo> looks like I'm currently blocking .xyz .top .tk .info .men .faith .win for abuse[13:50:00] <patdk-lap> that is all?[13:52:05] *** pti-jean_ <pti-jean_!~quassel@79.38.124.78.rev.sfr.net> has quit IRC (Remote host closed the connection)[13:52:15] *** Uf0 <Uf0!~luna@212.47.194.63> has quit IRC (Ping timeout: 250 seconds)[13:53:00] <nemo> patdk-lap: you have some more suggestions?[13:53:06] <nemo> patdk-lap: I don't want to block .cn ...[13:53:57] <nemo> patdk-lap: I basically just block anything that gets past sbl-xbl, valid mail checks, and greylisting - haven't bothered with spamassassin or mail analysis, since that seems to catch 99% of 'em[13:54:15] <patdk-lap> I outright block, top, xyz, rocks, click, whoswho, science, win, party, zip, reviews, review, download, date, bid, kim, cricket, country, stream[13:54:15] <nemo> a couple of pieces of spam a day is acceptable in my book[13:54:19] <nemo> hm[13:54:33] <nemo> those all sound pretty stupid and shady to me.[13:54:36] <nemo> I'll add 'em[13:54:51] <nemo> patdk-lap: I only block ones that actually make it to me. I guess you get a lot more[13:55:18] <nemo> patdk-lap: your list didn't start with : but I assume "block" is not a domain ☺[13:55:18] <patdk-lap> no, those are the ones that are so annoying I blocked them[13:55:22] <nemo> wow[13:55:27] <patdk-lap> I ENFORCE SPF on all the others[13:55:34] <patdk-lap> no spf, rejected[13:55:50] <nemo> oh. interesting. I haven't gone that far yet[13:55:56] <nemo> was worried about the collateral damage[13:56:01] <patdk-lap> I made an exception for grind.work though[13:56:05] <nemo> like... our domain for hedgewars, we didn't setup spf[13:56:19] <nemo> so your users would never get account registration emails[13:56:24] <nemo> w/ the new password to change[13:56:29] <patdk-lap> yep[13:56:32] <nemo> just as a random example[13:56:39] <patdk-lap> you oviously don't care about your email, so why should I :)[13:56:47] <nemo> lol it's just a means to verify the user[13:56:54] <nemo> if you want to reject it, that's your problem ☺[13:57:02] <nemo> our attitude mirrors yours 😃[13:57:18] <patdk-lap> yes, till you have issues with people not being able to use your site[13:57:23] * nemo shrugs[13:57:31] <nemo> guess I won't hear about 'em 'cause they never got the emails 😃[13:57:39] <nemo> or maybe they switched to another mail provider[13:57:47] <nemo> anyway.[13:57:55] <nemo> I'll add your block suggestions. thanks[13:58:23] <patdk-lap> hmm, looks like mcdonalds gave up their tld's[14:00:15] <nemo> patdk-lap: oh. btw. do you have a more elegant way to do it than my regex thing?[14:01:12] <patdk-lap> 4 emails blocked from require spf from new tld's in the last 3 months[14:01:58] <patdk-lap> I use a makefile[14:02:26] <nemo> odd. that's a surprising combo. I would have expected that if you go to trouble of poluting global DNS with your new domains, you could make an SPF line for added versimilitude[14:02:30] <patdk-lap> https://apaste.info/RsB6[14:02:34] <nemo> the two are pretty conveniently the same mechanism[14:03:43] <nemo> yep. these new spam ones, shocker, have SPF records[14:03:53] <nemo> $ dig +short TXT aglk.win[14:03:54] <nemo> "v=spf1 include:spf.aglk.win -all"[14:04:10] <patdk-lap> yep[14:04:39] <patdk-lap> the real spamming ones generally do[14:04:52] *** Uf0 <Uf0!~luna@212.47.194.63> has joined #postfix[14:04:58] <patdk-lap> but generally hijacked servers and stuff, won't[14:07:55] <nemo> patdk-lap: wouldn't surprise me that strict SPF enforcement would block minor notification emails from someone's brand new wordpress site or whatever.[14:08:24] <nemo> but. eh, I'll mention it to unc0rr, maybe he'll add something[14:08:30] <nemo> checked and. sure enough... dig +short TXT hedgewars.org[14:08:41] <nemo> but yeah, it's not like we're in business of sending emails so was pretty low on radar[14:08:52] <patdk-lap> well, I don't block on no spf to the original tld's[14:08:54] <patdk-lap> only the new ones[14:09:00] <nemo> was just the initial account creation challenge to cut down on user spam[14:09:03] <nemo> oh[14:09:07] <nemo> well. no problem then[14:09:14] <patdk-lap> well, for now :)[14:09:17] * nemo shrugs[14:09:24] <nemo> got enough other things to worry about ☺[14:09:32] <nemo> like. why the game is crashing in windows ☹[14:14:10] *** synthroid <synthroid!~synthroid@50.202.5.122> has joined #postfix[14:35:06] <celyr> patdk-lap, may I ask you how many users are you administering ?[14:45:46] <patdk-lap> no idea[14:45:55] <patdk-lap> 20k[14:46:23] <celyr> use use really radical systems[14:46:29] <patdk-lap> heh?[14:46:33] <celyr> but I have no experience with so large deployments[14:46:45] <celyr> well blocking tlds :D[14:46:57] <patdk-lap> the issue with the tlds[14:47:03] <patdk-lap> is they sold them for $1 for the first year[14:47:13] <patdk-lap> so spammers use them as an infiniate source of cheap domains[14:47:33] <patdk-lap> and it's not radical, most people have done it[14:47:47] <celyr> well they still had to have a MTA so[14:47:53] <patdk-lap> no[14:47:58] <patdk-lap> why would they have to have an mta?[14:48:08] <celyr> how do they send out the emails ?[14:48:20] <patdk-lap> infected php scripts, perl scripts, ...[14:48:28] <patdk-lap> all they have to do is make a tcp connection on port 25[14:48:31] <patdk-lap> no mta required[14:48:42] <celyr> oh well[14:48:49] <patdk-lap> if they use an mta, it's a hacked server[14:49:03] <patdk-lap> but mostly they don't bother[14:49:15] <celyr> most of hosting doesn't allow to make a connection to port 25[14:49:16] <celyr> afaik[14:49:21] <patdk-lap> since when?[14:49:37] <celyr> idk since when but google, amazon, aruba ovh..[14:49:48] <patdk-lap> amazon allows it[14:50:05] <patdk-lap> ovh used to forever, they claimed they fixed it, but last time I bothered to look they didn't[14:56:20] <dvl> I have two servers which don't trust each other. The receiving server says 'Client certificate not trusted'; the sending server says 'CA certificate verification failed for X; num=2:unable to get issuer certificate'. Both servers have certs from the same CA. It makes me want to look at what certs are being presented up. Way too much information at https://gist.github.com/dlangille/4d4c5b5073f510e679b2c0890b56da7a[14:56:50] <dvl> I spent an hour or so on that last night, but I think today's task must be wiring up a rack.[14:57:53] *** celyr <celyr!~celyr@unaffiliated/celyr> has quit IRC (Quit: bye)[14:59:22] <patdk-lap> it's very ovious[14:59:26] <patdk-lap> you are using lets encrypt[14:59:32] <patdk-lap> but you told postfix not to trust letsencrypt[15:00:51] *** philip <philip!~philip@2a06:6dc0:10:6de0::1:3> has left #postfix[15:02:16] *** celyr <celyr!~celyr@unaffiliated/celyr> has joined #postfix[15:03:50] <dvl> patdk-lap: One way to tell Postfix to trust Let's Encrypt is to ensure their root/intermediate cert is covered by smtpd_tls_CAfile ?[15:04:11] <patdk-lap> no[15:04:17] <patdk-lap> what is the goal here with certs[15:04:22] <patdk-lap> you have all kinds of random stuff defined[15:08:49] *** fishcooker <fishcooker!~chika.tam@139.195.154.28> has joined #postfix[15:10:47] <dvl> cliff's primary goal is handling outgoing email from the LAN. Servers on that LAN forward to cliff, cliff then relays on to a server outside the LAN which has public internet. I'll explain mx-ingress01 next.[15:11:42] <dvl> mx-ingress01 has an internet connection and accepts incoming email. Most of that is processed locally, and some is forwarded to cliff for distribution to another system on the LAN.[15:13:27] <dvl> cliff does auth with the server it relays to. Purpose of certs: proof of id, yes, this is that server, and not some MITM. I did use a private CA for this in the past, and I'm tempted to go back to it.[15:14:53] <dvl> At one time, I think I was obsessed with certs for auth (Yes, I'll take email from you) but now that's done via sasl auth.[15:15:47] <dvl> TLS is a goal, it'd be nice to keep data private.[15:15:59] <dvl> patdk-lap: Sense or babble? ^[15:16:11] <patdk-lap> so you want tls encryption like normal?[15:16:17] <patdk-lap> plus client cert auth?[15:16:31] <rob0> If you're using SASL for authenticated relay, ^^ you're normal, who cares about cert verification?[15:16:40] <dvl> I don't know what you mean by 'like normal'?[15:16:59] <patdk-lap> well, in your config, you break ssl for everyone that isn't youself[15:17:05] <patdk-lap> that is one issue your having[15:17:17] <patdk-lap> forget client cert auth[15:17:22] <patdk-lap> do you want ssl to work as it should?[15:17:28] <patdk-lap> or are you attempting something custom[15:17:34] <dvl> patdk-lap: Sounds like a good start, so, yes.[15:17:41] <rob0> Ideally you need to be having this discussion on the mailing list, with Viktor.[15:17:53] <dvl> rob0: I've seen his posts.[15:18:17] <dvl> One goal I had this week was a diagram with arrows and goals of each server. Not done yet. Should do.[15:19:57] <rob0> The typical role of TLS in SMTP is merely to encrypt the transport. For submission that encryption is mandatory, because TLS protects the SASL credentials.[15:20:01] <dvl> rob0: And yes, cert verification is a goal for some servers, especially the ones within my net which are talking to others in my net. Not so much for others.[15:20:12] <dvl> rob0: I follow.[15:20:30] <rob0> Cert verification is covered in the more arcane parts of TLS_README[15:20:55] <rob0> I'm sure you have been looking at that.[15:21:40] <dvl> http://www.postfix.org/TLS_README.html ? Yes, but it sounds like I'm missing it. Time to read it all again.[15:21:59] <rob0> and yes, if you're planning to do cert verification for authenticated relay, I'd go for a private CA.[15:23:42] <dvl> And a public CA for outoing email?[15:24:07] <dvl> That can be on the same postfix instance, because smtp_ vs smtpd_ parameters...[15:26:28] <dvl> More reading to be done here, for sure. I'll do up that diagram too. Today has some HDD shipping and some cabling.[15:32:09] <patdk-lap> you don't use a CA for outgoing mail[15:32:16] <patdk-lap> you use a public CA for incoming[15:34:00] <rob0> I use LE on my submission port, so users' MUAs are happy.[15:34:32] <rob0> I use my own CA on 25, so my TLSA records are stable, for DANE.[15:34:46] <patdk-lap> is mx-ingress01 ever doing submitting a cert to be verified by another server?[15:35:05] <rob0> other than DANE, I don't care at all if anyone fails to validate my cert.[15:38:14] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has quit IRC (Remote host closed the connection)[15:44:33] *** sebastienthiry <sebastienthiry!~Thunderbi@109.130.178.119> has joined #postfix[15:47:20] *** nemo <nemo!nemo@c-73-212-126-29.hsd1.md.comcast.net> has left #postfix[15:48:35] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.res.dyn.allophone.biz> has joined #postfix[15:54:29] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has joined #postfix[15:55:09] <dvl> patdk-lap: mx-ingress01 is for incoming mail from a few public MTA (mostly freebsd.org FWIW). They don't care about validating mx-ingress01 AFAIK.[15:55:51] <patdk-lap> why is all the ca stuff defined for smtp?[15:57:07] *** damyan^ <damyan^!damyan@mail.0x4711.org> has quit IRC (Read error: Connection reset by peer)[15:57:17] *** damyan^ <damyan^!damyan@mail.0x4711.org> has joined #postfix[15:57:32] *** phunyguy <phunyguy!~vault@ubuntu/member/phunyguy> has joined #postfix[15:59:58] <dvl> patdk-lap: I figure I'm wrong because you're asking. When relaying mail onwards to other servers, I wanted TLS. Now I think you're saying I don't need CA stuff for that. I thought it had to be set up for both smtpd and smtp.[16:00:40] <patdk-lap> ok, this is just evil, but think https[16:00:48] <patdk-lap> do you send your CA stuff when you connect to a website[16:00:57] <patdk-lap> must you supply a certificate every time?[16:01:18] <dvl> Sometimes evil is a good explanation tool.[16:02:06] <patdk-lap> you only setup ssl on the server[16:02:06] <Nit_> just wondering, does postfix submission support client auth via x509 client certificates ?[16:02:13] <patdk-lap> nit, yes[16:02:19] <patdk-lap> !telll Nit_ tls[16:02:20] <knoba> patdk-lap: Error: "telll" is not a valid command.[16:02:24] <patdk-lap> !tell Nit_ tls[16:02:24] <knoba> Nit_: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[16:02:46] <patdk-lap> client ssl is only used for auth[16:02:59] <patdk-lap> though client ca is used to verify server certs[16:03:16] *** fishcooker <fishcooker!~chika.tam@139.195.154.28> has quit IRC (Quit: Leaving.)[16:04:11] <dvl> patdk-lap: cliff does do auth when talking to clavin (the relayhost).[16:04:26] <patdk-lap> yes[16:04:57] <rob0> dvl, skim through the steps of the "quick & dirty" part of ^^ TLS_README[16:05:18] <dvl> rob0: I shall. I have to ship some HDD first. Thank you.[16:05:31] <rob0> note that he does not set CA for smtp[16:05:42] <rob0> !smtp!=smtpd[16:05:42] <knoba> rob0: "smtp!=smtpd" : Postfix smtp_* and smtpd_* configuration parameters have different meanings. smtp_ = client and smtpd_ = server, the client-side sends mail whilst the server-side receives mail. (smtp = client = sends mail) (smtpd = server = receives mail)[16:05:54] <rob0> ^^ you probably know that, but there it is to be sure[16:22:22] <dvl> rob0: Yes, that part I followed. I do have smtp_tls_CAfile https://gist.github.com/dlangille/4d4c5b5073f510e679b2c0890b56da7a#file-postconf-n-for-cliff-L32[16:27:47] <patdk-lap> what is in that ca.cer file[16:28:15] <patdk-lap> that should NOT be the ca of your cert[16:28:25] <patdk-lap> but should be the list of trusted CA's you connect to[16:30:21] <dvl> patdk-lap: As shown, yes, it is the ca of my cert. Last night, I changed it to a list of CAs I trust.[16:31:38] *** led_ir22 <led_ir22!~Thunderbi@hotspot10.rywasoft.net> has quit IRC (Quit: led_ir22)[16:34:54] <patdk-lap> none of your logs make sense[16:35:10] <patdk-lap> why is mx-ingress sending to cliff[16:35:55] <patdk-lap> I thought you said cliff sends mail to mx-ingress[16:39:49] <dvl> patdk-lap: cliff's main functin is outgoing and it relays to clavin. That configuration was created some time ago and works as intented. What I've recently tried doing is letting mx-ingress send to clavin for some incoming mail. The thought has crossed my mind to create a separate incoming server in the LAN. That would definintely simplify things. I'm still tempted to do that.[16:39:53] <patdk-lap> what is in /etc/local/etc/ssl/ca.cer[16:40:08] <dvl> /etc/local/etc/ssl/ca.cer is my CA's cert[16:40:20] <patdk-lap> you keep saying that[16:40:25] <patdk-lap> but the logs don't agree[16:40:41] *** led_ir22 <led_ir22!~Thunderbi@hotspot10.rywasoft.net> has joined #postfix[16:42:04] <patdk-lap> here, fix your openssl test to be proper[16:42:26] <patdk-lap> openssl s_client -showcerts -connect cliff.unixathome.org:5587 -starttls smtp -cafile /usr/local/etc/ssl/ca.cer[16:44:23] <dvl> patdk-lap: some paramaters may have changed last night as I messed with this, but here is the output from just now: https://gist.github.com/dlangille/90001b5e73a019c35ce5123907d4ca2f[16:44:46] <patdk-lap> I can only tell you what is wrong based on what you post[16:44:51] *** nikitis <nikitis!~nikitis@208-104-228-173.rh4.cm.dyn.comporium.net> has quit IRC (Ping timeout: 240 seconds)[16:44:54] <patdk-lap> if what you post is NOT what your using, I cannot help you at all[16:45:51] <patdk-lap> so anything we tell you, can be, and likely will be, inaccurate, and tests unreliable[16:46:45] <dvl> patdk-lap: Fair enough. Thanks for tolerating. I will redo this and come back. I've got more reading to do.[16:46:58] <patdk-lap> also see if your using chroot[16:47:06] <patdk-lap> cause if you are, I doubt your paths are usable as is[16:48:13] <dvl> I'm quite sure I am not using chroot. [dan@mx-ingress01:~] $ grep -i chroot /usr/local/etc/rc.d/postfix[16:48:13] <dvl> [dan@mx-ingress01:~] $[16:48:25] <patdk-lap> heh?[16:48:30] <patdk-lap> !tell dvl getting_help[16:48:31] <knoba> dvl: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[16:48:40] <patdk-lap> !tell dvl chroot[16:48:41] <knoba> dvl: "chroot" : The fifth column in master.cf determines if the Postfix process described on that line runs in a chroot. The default is 'y' for postfix versions prior to 3.0 and 'n' for newer. See !debug, !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems.[16:50:45] <dvl> chroot is n in all rows of master.cf on both cliff and mx-ingress01[16:52:31] *** nikitis <nikitis!~nikitis@208-104-228-173.rh4.cm.dyn.comporium.net> has joined #postfix[16:52:37] <patdk-lap> ok, so it should atleast be able to read all the files[17:00:11] *** jucaroba <jucaroba!~quassel@static-153-155-225-77.ipcom.comunitel.net> has quit IRC (Read error: Connection reset by peer)[17:01:33] *** jucaroba <jucaroba!~quassel@static-153-155-225-77.ipcom.comunitel.net> has joined #postfix[17:03:38] *** gu1lle_ <gu1lle_!~Thunderbi@190.18.187.175> has quit IRC (Remote host closed the connection)[17:10:33] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has quit IRC (Ping timeout: 264 seconds)[17:15:58] *** sfs <sfs!~pkubaj@unaffiliated/sfs> has joined #postfix[17:16:03] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has joined #postfix[17:16:30] <sfs> i want to implement a custom tcp_table postfix map[17:17:10] <sfs> it replies with "200 ACCEPT" or "200 REJECT"[17:17:30] <sfs> my problem is that postmap doesn't work with it[17:17:35] <sfs> it returns[17:17:44] <sfs> postmap: warning: read TCP map reply from 127.0.0.1:2020: malformed reply: get: Succes[17:18:00] <sfs> and[17:18:08] <sfs> postmap: fatal: table tcp:127.0.0.1:2020: query error: Operation now in progress[17:20:05] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has quit IRC (Ping timeout: 240 seconds)[17:25:12] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has joined #postfix[17:27:15] *** troys <troys!~troys@23-24-139-177-static.hfc.comcastbusiness.net> has joined #postfix[17:28:12] *** Epx998 <Epx998!~Epx998@thunderhill.nvidia.com> has joined #postfix[17:28:33] <Epx998> Postfix installs its own /usr/sbin/sendmail?[17:28:52] <patdk-lap> normally, depends on the packager[17:29:10] <rob0> !sendmail[17:29:11] <knoba> rob0: "sendmail" : a pretty cryptic MTA that was famous in the ancient days of UNIX and still runs on a lot of mail servers. Don't confuse it with the "sendmail" command that is offered by Postfix to send emails (for compatibility reasons).[17:31:07] <Epx998> rob0: just asking because the postfix package installed /usr/sbin/sendmail, trying to run a cli sendmail command and set the subject[17:31:28] *** sebastienthiry <sebastienthiry!~Thunderbi@109.130.178.119> has quit IRC (Quit: sebastienthiry)[17:33:23] <rob0> sendmail has nothing to do with such headers. You feed it a fully-formed RFC 822 (5322) mail message on stdin.[17:33:29] <rob0> !mail[17:33:29] <knoba> rob0: "mail" : mail(1) (also known as mailx(1) or bsd-mailx) is not a Postfix-provided command. For help with it, see its man page. More powerful, commonly available console- and CLI-based MUAs include mutt, alpine and heirloom mailx (likewise, not supported here.)[17:36:50] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has quit IRC (Ping timeout: 252 seconds)[17:40:35] *** gongoputch <gongoputch!~kseel@freebsd/op/gongoputch> has joined #postfix[17:47:06] *** synthroid <synthroid!~synthroid@50.202.5.122> has quit IRC (Remote host closed the connection)[17:50:45] *** gu1lle_ <gu1lle_!~Thunderbi@181.167.195.114> has joined #postfix[18:00:15] <Epx998> I got is sorted, weird thing is the im reading in the body of a message and its ignoring some lines for no obvious reason[18:14:29] *** synthroid <synthroid!~synthroid@50.202.5.122> has joined #postfix[18:20:58] <Epx998> !headers[18:20:58] <knoba> Epx998: Error: "headers" is not a valid command.[18:27:51] *** troys is now known as troys_[18:42:56] *** troys_ is now known as troys[18:43:34] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has quit IRC (Read error: Connection reset by peer)[18:46:09] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has joined #postfix[18:50:06] *** ghoti <ghoti!~paul@75.98.206.5> has quit IRC (Ping timeout: 272 seconds)[18:52:32] *** tamier <tamier!~tmaier@129.187.208.108> has joined #postfix[18:52:42] *** Death_rattle__ <Death_rattle__!~death@200116b820c40000c08e5c89cf619e93.dip.versatel-1u1.de> has joined #postfix[19:03:09] *** KaiForce <KaiForce!~chatzilla@99.133.184.129> has quit IRC (Quit: ChatZilla 0.9.93 [Firefox 52.5.2/20171206101620])[19:05:15] *** RaiNerTsuFal <RaiNerTsuFal!~RaiNerTsu@89.187.142.244> has joined #postfix[19:18:22] *** Darcidride <Darcidride!~Darcidrid@194.2.202.81> has quit IRC (Remote host closed the connection)[19:18:23] *** tamier <tamier!~tmaier@129.187.208.108> has quit IRC (Quit: Leaving.)[19:18:36] *** tamier <tamier!~tmaier@129.187.208.108> has joined #postfix[19:21:54] <rob0> Epx998, by "its" I presume you meant "it's" (it is), and I'm wondering what "it" refers to? Postfix definitely is not ignoring any headers. What it gets, it will pass on, possibly subject to:[19:22:00] <rob0> !header_checks[19:22:00] <knoba> rob0: "header_checks" : a configuration parameter in the main.cf: Optional lookup tables for content inspection of primary non-MIME message headers, as specified in the header_checks(5) manual page.[19:22:17] <Epx998> i just wanted a list of available headers, i found it[19:22:26] <rob0> ok[19:28:58] *** tamier <tamier!~tmaier@129.187.208.108> has quit IRC (Quit: Leaving.)[19:42:57] *** NightMonkey <NightMonkey!~NightMonk@pdpc/supporter/professional/nightmonkey> has quit IRC (Ping timeout: 264 seconds)[19:53:52] *** mauro25987 <mauro25987!~mgonzalez@r201-217-134-243.ir-static.anteldata.net.uy> has quit IRC (Quit: Leaving.)[19:54:21] *** mauro25987 <mauro25987!~mgonzalez@r201-217-134-243.ir-static.anteldata.net.uy> has joined #postfix[19:54:29] *** mauro25987 <mauro25987!~mgonzalez@r201-217-134-243.ir-static.anteldata.net.uy> has quit IRC (Client Quit)[20:05:18] *** ogny <ogny!~orkun@46.197.10.191> has joined #postfix[20:05:18] *** ogny <ogny!~orkun@46.197.10.191> has quit IRC (Changing host)[20:05:18] *** ogny <ogny!~orkun@unaffiliated/ogny> has joined #postfix[20:12:51] *** necrogami <necrogami!sid211237@gateway/web/irccloud.com/x-egllnunlzhseewcj> has quit IRC (Ping timeout: 240 seconds)[20:12:52] *** L235 <L235!sid41243@wikipedia/fsf.member.Lixxx235> has quit IRC (Ping timeout: 240 seconds)[20:12:52] *** twisted` <twisted`!sid6794@gateway/web/irccloud.com/x-mqlkaslfamlbvuys> has quit IRC (Ping timeout: 240 seconds)[20:13:09] *** ggherdov <ggherdov!sid11402@gateway/web/irccloud.com/x-sfmurpkbmrucnqbu> has quit IRC (Ping timeout: 250 seconds)[20:13:33] *** boxrick <boxrick!sid98261@gateway/web/irccloud.com/x-hllxvywhoaebsavt> has quit IRC (Read error: Connection reset by peer)[20:14:01] *** dan_j <dan_j!sid21651@gateway/web/irccloud.com/x-vrszzwwoemgfqsew> has quit IRC (Ping timeout: 250 seconds)[20:14:27] *** poz2k4444 <poz2k4444!sid22701@gateway/web/irccloud.com/x-wywyihgnutblqkxj> has quit IRC (Ping timeout: 250 seconds)[20:14:53] *** timeless <timeless!sid4015@firefox/developer/timeless> has quit IRC (Ping timeout: 250 seconds)[20:14:57] *** kingkong <kingkong!antalya@shellium/member/kingkong> has quit IRC (Ping timeout: 240 seconds)[20:14:58] *** klow <klow!sid213056@gateway/web/irccloud.com/x-hmqznljfujgqzmvq> has quit IRC (Ping timeout: 272 seconds)[20:15:34] *** kingkong <kingkong!antalya@chatq.net> has joined #postfix[20:15:34] *** kingkong <kingkong!antalya@chatq.net> has quit IRC (Changing host)[20:15:34] *** kingkong <kingkong!antalya@shellium/member/kingkong> has joined #postfix[20:16:27] *** dka <dka!~code-is-a@master-sbg-01.kopaxgroup.com> has quit IRC (Ping timeout: 240 seconds)[20:16:31] *** xa0z <xa0z!~interex@2001:470:ba7f:1f::11> has quit IRC (Ping timeout: 265 seconds)[20:16:57] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has quit IRC (Ping timeout: 240 seconds)[20:18:03] *** dka <dka!~code-is-a@master-sbg-01.kopaxgroup.com> has joined #postfix[20:18:21] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has joined #postfix[20:28:14] *** synthroid <synthroid!~synthroid@50.202.5.122> has quit IRC ()[20:30:46] *** NightMonkey <NightMonkey!~NightMonk@pdpc/supporter/professional/nightmonkey> has joined #postfix[20:32:21] <cpama> hi all, i've inherited a postfix install from someone else... and it's broken. well, to be exact, a SCRIPT that is being referenced in the aliases file is failing.[20:32:33] <cpama> trying to conduct some tests..[20:33:03] <cpama> and what I'm wondering right now is if i can include multiple command line commands in the aliases file[20:33:13] <cpama> so for example:[20:33:22] <cpama> in aliases I currently have this:[20:33:39] <cpama> │email_pager: "|/etc/postfix/smtp_to_tnpp.sh"[20:33:58] <cpama> but can do something like this:[20:34:03] <cpama> email_pager: "| tee /tmp/teeme.net;cat /tmp/teeme.net|/etc/postfix/smtp_to_tnpp.sh"[20:35:50] <cpama> the reason I want to do this is because... when the smtp_to_tnpp script is execute from within the aliases file... it fails.[20:35:51] <cpama> but ...[20:36:18] <cpama> if i change that command to email_pager: "tee /tmp/somefile.net"[20:36:26] <cpama> the system creates that file correctly....[20:36:29] <cpama> and then I manually try this:[20:36:43] <cpama> cat /tmp/somefile.net|/etc/postfix/smtp_to_tnpp.sh[20:36:45] <cpama> and everything works[20:36:52] <cpama> the system sends out the email notification[20:41:41] *** poz2k4444 <poz2k4444!sid22701@gateway/web/irccloud.com/x-zcotrbxuemcgwagr> has joined #postfix[20:43:49] *** necrogami <necrogami!sid211237@gateway/web/irccloud.com/x-qezomftggyydkhqd> has joined #postfix[20:44:21] *** timeless <timeless!sid4015@firefox/developer/timeless> has joined #postfix[20:45:11] *** boxrick <boxrick!sid98261@gateway/web/irccloud.com/x-pvoguufkhpytatnp> has joined #postfix[20:45:30] *** twisted` <twisted`!sid6794@gateway/web/irccloud.com/x-phhnsfuznmrxdxxj> has joined #postfix[20:45:55] *** klow <klow!sid213056@gateway/web/irccloud.com/x-kptiqhzecebgdcep> has joined #postfix[20:46:53] *** L235 <L235!sid41243@wikipedia/fsf.member.Lixxx235> has joined #postfix[21:03:39] *** section1 <section1!~section1@190.194.77.25> has quit IRC (Quit: Leaving)[21:10:54] *** troys is now known as troys_[21:17:35] *** NightMonkey <NightMonkey!~NightMonk@pdpc/supporter/professional/nightmonkey> has quit IRC (Quit: ZNC - http://znc.in)[21:19:42] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[21:20:17] *** NightMonkey <NightMonkey!~NightMonk@pdpc/supporter/professional/nightmonkey> has joined #postfix[21:22:40] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Remote host closed the connection)[21:23:18] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[21:26:36] *** aindilis <aindilis!~aindilis@172-12-3-117.lightspeed.sgnwmi.sbcglobal.net> has quit IRC (Ping timeout: 265 seconds)[21:45:56] *** ek <ek!ek@freebsd/contributor/ek> has quit IRC (Ping timeout: 268 seconds)[21:53:54] *** ek <ek!ek@freebsd/contributor/ek> has joined #postfix[21:54:50] *** rsx <rsx!~rsx@ppp-46-244-248-66.dynamic.mnet-online.de> has quit IRC (Remote host closed the connection)[22:13:00] *** ek <ek!ek@freebsd/contributor/ek> has quit IRC (Ping timeout: 265 seconds)[22:14:38] *** ek <ek!ek@freebsd/contributor/ek> has joined #postfix[22:17:57] *** mattcen <mattcen!~mattcen@c122-108-68-124.sunsh1.vic.optusnet.com.au> has quit IRC (Ping timeout: 240 seconds)[22:23:38] *** mattcen <mattcen!~mattcen@c122-108-68-124.sunsh1.vic.optusnet.com.au> has joined #postfix[22:24:11] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has quit IRC (Remote host closed the connection)[22:24:46] *** sklv <sklv!~sklv@gateway/tor-sasl/sklv> has joined #postfix[22:26:14] *** ld50 <ld50!~quassel@2001:41d0:8:baae::bad:deed> has quit IRC (Ping timeout: 255 seconds)[22:28:11] *** dan_j <dan_j!sid21651@gateway/web/irccloud.com/x-chixmhmfmwylfeqr> has joined #postfix[22:29:35] *** golden_receiver <golden_receiver!~golden_re@unaffiliated/golden-receiver/x-4949035> has quit IRC (Read error: Connection reset by peer)[22:31:13] *** golden_receiver <golden_receiver!~golden_re@unaffiliated/golden-receiver/x-4949035> has joined #postfix[22:31:29] *** ld50 <ld50!~quassel@2001:41d0:8:baae::bad:deed> has joined #postfix[22:33:51] *** ggherdov <ggherdov!sid11402@gateway/web/irccloud.com/x-atjiufdmhcallamz> has joined #postfix[22:40:04] *** MACscr <MACscr!~MACscr@c-73-9-230-5.hsd1.il.comcast.net> has joined #postfix[22:49:22] <rob0> !tell cpama default_privs[22:49:22] <knoba> cpama: "default_privs" : postconf(5) setting for the default rights used by local(8) delivery agent for delivery to external file or command. These rights are used when delivery is requested from a root-owned aliases(5) file, or when delivering to root. DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. See also !aliases_owner[22:49:40] <rob0> !tell cpama aliases_owner[22:49:41] <knoba> cpama: "aliases_owner" : When an aliases(5) file (listed in or referred to from $alias_maps) is owned by a user other than root, the file owner and group would be the UID/GID for any commands invoked from that file. See aliases(5) and local(8) for details.[22:50:55] <cpama> yeah I figured it out.[22:51:04] <cpama> not a priv issue[22:51:18] <cpama> the shell script was actually referencing another lua file. which was dying silently[22:55:44] *** jucaroba <jucaroba!~quassel@static-153-155-225-77.ipcom.comunitel.net> has left #postfix ("http://quassel-irc.org - Chatee cómodamente donde sea.")[22:57:12] *** Oclair <Oclair!~Oclair@91-115-162-237.adsl.highway.telekom.at> has joined #postfix[23:22:04] *** Death_rattle__ <Death_rattle__!~death@200116b820c40000c08e5c89cf619e93.dip.versatel-1u1.de> has quit IRC (Remote host closed the connection)[23:22:25] *** ariscop <ariscop!~Phase4@58.106.177.140> has quit IRC (Ping timeout: 248 seconds)[23:38:16] *** Ellenor is now known as Eamon[23:59:45] *** Epx998 <Epx998!~Epx998@thunderhill.nvidia.com> has quit IRC (Ping timeout: 268 seconds)[23:59:45] *** rigel <rigel!~rigel@202.ip-158-69-195.net> has quit IRC (Read error: Connection reset by peer)