November 1, 2018 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
November 1, 2018 [00:17:21] *** robinho86 <robinho86!~robsonjf@191.36.239.241> has left #postfix[00:22:27] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has quit IRC (Ping timeout: 240 seconds)[00:25:14] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[00:26:01] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[00:36:58] *** rcsu <rcsu!~su@p200300CF0704D9F8329C23FFFEA65719.dip0.t-ipconnect.de> has quit IRC (Quit: Konversation terminated!)[00:51:53] *** pti-jean_ <pti-jean_!~quassel@197.17.124.78.rev.sfr.net> has joined #postfix[00:54:21] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has joined #postfix[01:00:14] * thumbs grumbles[01:06:53] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-128-59.satx.res.rr.com> has joined #postfix[01:10:16] *** ephemer0l <ephemer0l!~ephemer0l@pentoo/user/ephemer0l> has quit IRC (Ping timeout: 264 seconds)[01:13:58] *** ih8wndz <ih8wndz!jwpierce3@001.srv.trnkmstr.com> has joined #postfix[01:21:11] *** ephemer0l_ <ephemer0l_!~ephemer0l@pentoo/user/ephemer0l> has joined #postfix[01:35:22] <orev> is it outlined anywhere which parameters support the per-service syntax, such as if a service is defined in master (e.g. slowsmtp), then some parameters in main.cf can be named like "slowsmtp_destination_recipient_limit". I'm having trouble finding anywhere this convention is explained.[01:58:57] *** JanC <JanC!~janc@lugwv/member/JanC> has quit IRC (Remote host closed the connection)[02:00:36] *** aero-224 <aero-224!~aero-224@207.148.181.27> has quit IRC (Ping timeout: 260 seconds)[02:05:31] *** JanC <JanC!~janc@lugwv/member/JanC> has joined #postfix[02:11:07] <pj> orev: look in postconf(5) at any settings that start with "transport_"[02:11:30] *** pti-jean_ <pti-jean_!~quassel@197.17.124.78.rev.sfr.net> has quit IRC (Remote host closed the connection)[02:11:34] <pj> well, most of them, they are documented there which ones work like that.[02:25:38] *** db` <db`!db@gateway/shell/panicbnc/x-anzztbmxvmrbrrre> has quit IRC (Quit: Quit)[02:31:51] *** db` <db`!db@gateway/shell/panicbnc/x-wodiwenceonqkpbc> has joined #postfix[02:32:11] *** troulouliou_div2 <troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439> has quit IRC (Read error: Connection reset by peer)[03:11:02] *** andylavarre <andylavarre!~andy@mobile-166-172-60-97.mycingular.net> has quit IRC (Remote host closed the connection)[03:20:12] *** MACscr <MACscr!~MACscr@c-98-215-100-46.hsd1.il.comcast.net> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)[03:29:30] *** sven_oostenbrink <sven_oostenbrink!~quassel@mx1.capmegamail.com> has joined #postfix[03:30:03] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Ping timeout: 245 seconds)[03:31:40] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[03:32:48] *** KsChoice <KsChoice!~quassel@mx1.capmegamail.com> has quit IRC (Ping timeout: 252 seconds)[03:34:38] *** Blubberbop <Blubberbop!~quassel@mx1.capmegamail.com> has joined #postfix[03:34:40] *** sven_oostenbrink <sven_oostenbrink!~quassel@mx1.capmegamail.com> has quit IRC (Ping timeout: 246 seconds)[03:36:57] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Excess Flood)[03:37:04] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[03:41:12] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Excess Flood)[03:41:19] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[03:42:58] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Excess Flood)[03:43:05] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[03:48:33] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Excess Flood)[03:49:09] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[03:57:42] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[03:58:39] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Ping timeout: 252 seconds)[04:00:17] *** sphex <sphex!~nobody@38.133.25.129> has joined #postfix[04:02:09] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[04:24:10] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has quit IRC (Quit: Ex-Chat)[04:26:36] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has joined #postfix[04:33:38] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has quit IRC (Quit: Ex-Chat)[04:34:04] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[04:34:45] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[05:01:00] *** johnny56 <johnny56!~johnny56@unaffiliated/johnny56> has quit IRC (Ping timeout: 272 seconds)[05:07:18] *** johnny56 <johnny56!~johnny56@unaffiliated/johnny56> has joined #postfix[05:26:31] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has quit IRC (Ping timeout: 260 seconds)[05:27:20] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has joined #postfix[05:45:18] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Remote host closed the connection)[05:45:35] *** Blubberbop <Blubberbop!~quassel@mx1.capmegamail.com> has quit IRC (Ping timeout: 268 seconds)[05:48:24] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[05:52:27] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Ping timeout: 240 seconds)[05:54:15] *** sphex <sphex!~nobody@38.133.25.129> has quit IRC (Remote host closed the connection)[05:54:34] *** sphex <sphex!~nobody@38.133.24.170> has joined #postfix[05:55:18] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[05:59:33] *** Penguin_ <Penguin_!~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net> has quit IRC (Ping timeout: 252 seconds)[06:01:45] *** Penguin_ <Penguin_!~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net> has joined #postfix[06:08:54] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-128-59.satx.res.rr.com> has quit IRC (Quit: cemotyz09)[06:18:48] *** Penguin_ <Penguin_!~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net> has quit IRC (Ping timeout: 252 seconds)[06:19:03] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Remote host closed the connection)[06:20:46] *** Penguin_ <Penguin_!~xwQ5kwYl6@our.systems.are.full.of.penguins.at.penguinsystems.net> has joined #postfix[06:21:55] *** okovko <okovko!40bba636@gateway/web/cgi-irc/kiwiirc.com/ip.64.187.166.54> has joined #postfix[06:37:44] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[06:38:29] *** aero-224_ <aero-224_!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[06:38:29] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Read error: Connection reset by peer)[06:46:25] *** rsx <rsx!~rsx@ppp-46-244-253-43.dynamic.mnet-online.de> has joined #postfix[06:54:32] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[07:32:04] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[07:46:21] *** okovko <okovko!40bba636@gateway/web/cgi-irc/kiwiirc.com/ip.64.187.166.54> has quit IRC (Ping timeout: 252 seconds)[08:22:43] *** ek <ek!ek@freebsd/contributor/ek> has quit IRC (Ping timeout: 246 seconds)[08:26:40] *** ek <ek!ek@freebsd/contributor/ek> has joined #postfix[08:42:40] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[08:43:31] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[08:56:40] *** aero-224_ <aero-224_!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Remote host closed the connection)[09:22:11] *** bhuddah <bhuddah!~michael@unaffiliated/bhuddah> has quit IRC (Remote host closed the connection)[09:23:12] *** bhuddah <bhuddah!~michael@unaffiliated/bhuddah> has joined #postfix[09:23:27] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Remote host closed the connection)[09:23:51] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix[09:27:19] *** golden_receiver <golden_receiver!~golden_re@unaffiliated/golden-receiver/x-4949035> has joined #postfix[09:31:03] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix[09:32:41] <tenaglia> rob0: re From: validation, there is no "real" problem to solve. I am migrating from MS Exchange to Postfix and Exchange does it - so our Exchange guys are saying "we should have it". Do you have some reading on why it is not recommended? I guess it slows down the pipeline[09:40:21] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Quit: Leaving)[10:03:06] *** MelMalik <MelMalik!ellenor@unaffiliated/ellenor> has quit IRC (Read error: Connection reset by peer)[10:06:04] *** Ellenor <Ellenor!ellenor@unaffiliated/ellenor> has joined #postfix[10:53:22] *** Ellenor is now known as MelMalik[10:57:14] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[10:58:50] *** c0san0stra <c0san0stra!~nunyuh@unaffiliated/c0san0stra> has quit IRC (Ping timeout: 272 seconds)[11:01:15] *** c0san0stra <c0san0stra!~nunyuh@unaffiliated/c0san0stra> has joined #postfix[11:01:36] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Ping timeout: 252 seconds)[11:16:11] *** adnn <adnn!~adnn_@178.135.24.32> has joined #postfix[11:16:44] <adnn> hello, I'm looking to set up a mail server on a VPS with multiple domain. This is the first time I'm doing it without a graphical interface from the webhost. I'm a little confused with the different postfix configurations. I'm looking to create multiple email addresses per domain to be used on online email clients.[11:16:52] <adnn> I'd like some quick insights on how's the best way to get it done[11:17:45] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Quit: ]SiB[)[11:17:57] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[11:18:35] *** Zilon <Zilon!~Zilon@www.schem.me> has quit IRC (Ping timeout: 276 seconds)[11:21:00] *** adnn <adnn!~adnn_@178.135.24.32> has quit IRC (Read error: Connection reset by peer)[11:21:29] *** Zilon <Zilon!~Zilon@mail.schem.me> has joined #postfix[11:22:04] *** adnn <adnn!~adnn@178.135.24.32> has joined #postfix[11:22:27] <sphex> adnn: what kind of online email clients?[11:23:08] <adnn> not necessarily online. I mean outlook, thunderbird. Eventually I might use stuff like squirrelmail[11:23:58] <sphex> adnn: you're going to need an imap/pop3 server in addition to postfix[11:25:46] <adnn> Are there any command-line tools for easier setup of all this stuff? The guys at #centos are already telling me to hire a professional because it's complicated.[11:26:51] <sphex> yeah it is a bit complicated. you'll have to make them work together and there are a lot of ways of doing it.[11:27:18] <sphex> There are tools that can handle that but I don't know of any good ones.[11:27:42] <adnn> hmm[11:28:05] <sphex> I'm not saying there aren't any good ones, but I don't know what they are.[11:32:44] <sphex> adnn: when postfix delivers emails, once it has determined that a given email's destination is local, there are a bunch of ways it can be configured to handle it. the traditional way is that it delivers them to local UNIX user accounts. this implies a bunch of things, like switching to the user's credentials, handling their ~/.forward files (and possibly forwarding/storing it into multiple mailboxes), etc.[11:34:15] <sphex> and if you don't have too many users (and a few hundreds might be not too many), this can be fine. you can build on top of that. you can have "virtual aliasing" on top of that to redirect arbitrary user@domain addresses to the local users that should receive them.[11:36:12] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has quit IRC (Quit: led_dark_1)[11:36:14] <adnn> yeah there aren't that many users. But now I'm thinking about spam management, maintenance overtime, storage limitations[11:36:22] <adnn> I think I'm gonna use an online service[11:38:50] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has joined #postfix[11:41:15] <sphex> yeah honestly this is quite a bit of work to setup. if you don't have much experience with it you should be ready to put quite a bit of time on it.[11:43:29] <adnn> 5$/user/month it is[12:05:24] *** adnn <adnn!~adnn@178.135.24.32> has quit IRC (Ping timeout: 252 seconds)[12:07:49] *** bolt <bolt!~r00t@unaffiliated/bolt> has quit IRC (Ping timeout: 252 seconds)[12:08:20] *** pmden <pmden!~pmden@fsf/member/pmden> has joined #postfix[12:09:36] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-128-59.satx.res.rr.com> has joined #postfix[12:16:50] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[12:43:55] *** andylavarre <andylavarre!~andy@mobile-166-172-60-97.mycingular.net> has joined #postfix[12:51:28] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[12:52:15] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[12:54:01] *** netanalyzer <netanalyzer!~ntnlzer@pix.gsy.it> has joined #postfix[12:54:53] *** ntnlzr <ntnlzr!~ntnlzer@pix.gsy.it> has quit IRC (Read error: Connection reset by peer)[12:57:25] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Quit: Konversation terminated!)[12:57:59] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has joined #postfix[13:02:36] *** aero-224 <aero-224!~aero-224@S01069050ca3c5013.cg.shawcable.net> has quit IRC (Ping timeout: 252 seconds)[13:03:42] *** hallaboi <hallaboi!~sre@82.163.163.160> has joined #postfix[13:08:42] <hallaboi> good old IRC :D[13:09:02] *** abf_ <abf_!~abf@2601:404:c101:234::edc8> has joined #postfix[13:10:14] <hallaboi> Do any of you guys know if postfix can reply to sender, if TLS handshake fails between MTA's? I must use forced-TLS and notify users if delivery fails because of it[13:13:58] *** pti-jean_ <pti-jean_!~quassel@197.17.124.78.rev.sfr.net> has joined #postfix[13:14:58] <rob0> !delay_warning_time[13:14:58] <knoba> rob0: "delay_warning_time" : a configuration parameter in the main.cf: The time after which the sender receives the message headers of mail that is still queued.[13:16:42] <rob0> It would apply to mail that is deferred for ANY reason, not jus mandatory TLS failure, and the delay warning message might not be easy for users to understand.[13:17:36] <petn-randall> !maximal_queue_lifetime[13:17:36] <knoba> petn-randall: "maximal_queue_lifetime" : a configuration parameter in the main.cf: The maximal time a message is queued before it is sent back as undeliverable, the default value is 5 days.[13:17:45] <petn-randall> !bounce_queue_lifetime[13:17:45] <knoba> petn-randall: "bounce_queue_lifetime" : a configuration parameter in the main.cf: The maximal time a bounce message is queued before it is considered undeliverable. By default, this is the same as the queue life time for regular mail.[13:18:39] <petn-randall> I'd argue setting those lower will indirectly help. It rarely happens that TLS issues get fixed in a reasonable time, and letting it in the queue for 5 days is a lot longer than what users expect.[13:18:50] <petn-randall> I've currently got it set to 12 hours, but YMMV.[13:21:23] <hallaboi> Im sending some specific mails though postfix for force tls1.2 only - if tls1.2 cant be established, it must notify the user. The only way i can think of, is a small bash script that monitors /var/log/mail.log for tls failures[13:23:32] <rob0> You'd also need smtp_tls_loglevel=1[13:23:48] <rob0> !smtp_tls_loglevel[13:23:48] <knoba> rob0: "smtp_tls_loglevel" : Enable additional Postfix smtp(8) client logging of TLS activity, default 0, 1 is a good operational setting. Each logging level also includes the information that is logged at all lower logging levels.[13:24:48] <hallaboi> true. Its already set to ensure it uses tls1.2 :)[13:25:00] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 268 seconds)[13:25:12] <double-p> meeeh postscreen warning: service "smtp" (25) has reached its process limit "1"[13:26:22] <lunaphyte> hallaboi: did smtp_tls_policy_maps not work for this?[13:27:02] <lunaphyte> and why exactly "must" you force encryption? that violates the spec, as per the rfcs which define it[13:28:57] <hallaboi> I will look into policy maps - postfix is still kinda new to me. I only force outgoing. Its to comply with a new law(gdpr related)[13:30:54] <rob0> sigh, laws, written by ignorant people[13:31:30] <hallaboi> Yeah. Tls doesnt reall help to secure data because its only transport.. but law is law..[13:31:42] <hallaboi> really *[13:32:46] <lunaphyte> well, it's not on topic here [there is #email if you wish to discuss further], but i would suggest that if you think gdpr laws require transport encryption, you are quite possibly wrong[13:33:59] <lunaphyte> ignorant armchair lawyers badly interpreting legislation is just as bad as ignorant politicians badly implementing legislation[13:35:07] <hallaboi> its not directly gdpr - its a law from the danish data protection agency, but tied to GDPR[13:35:26] <anexit> Is there a way in postfix to have username at domain dot com and username?[13:36:02] <lunaphyte> hallaboi: wether or not it's specific to gdpr, the essence remains unchanged[13:36:21] <lunaphyte> anexit: way too vague. what's the actual problem you're trying to solve?[13:37:00] <thumbs> anexit is likely going to lead to a discussion about unqualified addresses[13:37:07] <anexit> Office 365 is defaulting our imap accounts to username at domain dot com for the username. Our system is setup to only use the username for authentication.[13:37:18] <anexit> Maybe this is more of a dovecot issue..[13:37:48] <thumbs> !tell anexit sasl[13:37:48] <knoba> anexit: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[13:38:01] <thumbs> yes, if you use dovecot for SASL, it is.[13:39:33] <hallaboi> Correct. We cant change the law - only bend over and comply. Policy maps seems to do the same as security_level=encrypt - just for specific domains. I need to force tls on all outgoin mails. If i understand it correctly[13:39:54] <rob0> Virtual users are always user@domain, but you can configure a default realm in SASL. Local users are typically just "user" with no domain.[13:40:11] <thumbs> by requiring TLS, you will break things, hallaboi[13:40:23] <anexit> rob0: just came across that in google, I think virtual is my answer to this.[13:40:29] <thumbs> and by that, I mean loss of functionality.[13:42:43] <hallaboi> @thumbs I will break delivery - and thats the point also. I just need to notify users that "secure" delivery was not possible[13:42:57] <anexit> hallaboi: you can comply but only on the compentence of the people at "gdpr".[13:43:59] <anexit> green locks in a browser does not mean youre secure[13:44:07] <anexit> different levels[13:44:18] <hallaboi> anexit sorry what do you mean? I know tls does not in any way secure the data[13:44:30] <hallaboi> its only a compliance thing[13:44:57] *** section1 <section1!~section1@178.33.109.106> has joined #postfix[13:45:11] <anexit> We were out of compliance and a bsa showed up. After we showed him a website that was not even relevant to our email he said we're secure.[13:46:45] <anexit> You might get a person that has those skills if you're audited.. but when they make the bare bones it'll be tough.[13:46:54] <anexit> Or it will be an act of goodwill?[13:50:15] *** Diemuzi <Diemuzi!~IceChat9@unaffiliated/diemuzi> has joined #postfix[13:50:30] <hallaboi> anexit im not sure i understand what you mean[13:56:07] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has joined #postfix[13:59:43] *** AquaL1te <AquaL1te!~AquaL1te@unaffiliated/aqual1te> has joined #postfix[14:01:44] *** GDPR is now known as emerson[14:05:21] <AquaL1te> i usually got a dmarc email from google on a daily basis, or at least i would receive one once a week. now it has stopped for 3 weeks already. dmarc syntax checkers (online) do not mention anything about it. also https://www.port25.com/authentication-checker/ is fully okay. does that mean that google just has nothing to report? or that i might have a config problem? how often do you guys get dmarc mails[14:05:27] <AquaL1te> from google? is there another domain i can email that sends dmarc mails?[14:05:56] *** CyberCr33p <CyberCr33p!~chris@athedsl-4448986.home.otenet.gr> has joined #postfix[14:05:58] <CyberCr33p> hello[14:06:31] <CyberCr33p> I have this master.cf : https://pastebin.com/raw/cPLLVimh[14:06:56] <CyberCr33p> is it possible for users that use port 25 for authentication to not use content_filter=filter ?[14:07:11] <lunaphyte> CyberCr33p: no, users are not to use port 25[14:07:14] <CyberCr33p> and only use content_filter=filter for incoming messages from other servers[14:07:28] <lunaphyte> that's for mail servers to talk to other mail servers only[14:07:38] <CyberCr33p> lunaphyte: I know but for legacy reasons I allow users to authenticate and send e-mails using 25[14:07:55] <lunaphyte> use a different hostname and ip address for that[14:08:08] <lunaphyte> separate your mx traffic and your submission traffic[14:08:40] <CyberCr33p> lunaphyte: so there is no way to override the filter setting for authenticated users without 2 postfix instances right ?[14:08:47] <lunaphyte> hmm?[14:08:50] <lunaphyte> you don't need to[14:08:55] <lunaphyte> separate the traffic properly[14:10:22] <CyberCr33p> lunaphyte: can you tell me how to do it ? the general idea and I will find more info[14:10:52] <lunaphyte> use separate hostnames and ip addresses for smtp traffic and submission traffic[14:11:12] <lunaphyte> move users over to submission, off of smtp[14:11:25] <lunaphyte> "legacy reasons" is a nonsense cop out[14:11:42] <CyberCr33p> thanks[14:11:42] <lunaphyte> it's fine to temporarily allow while things are moved over[14:11:54] <lunaphyte> it's not fine to just indefinitely allow it, just because it was that way[14:12:04] <CyberCr33p> the problem is that these emai users are customers of my customers, can't contact them directly[14:12:13] <CyberCr33p> and there are thousands of domains + e-mail accounts[14:12:29] <lunaphyte> it can take time in some circumstances, yes[14:12:41] <CyberCr33p> i will try to send some notifications and hope that they will change settings in their mail clients[14:12:44] <lunaphyte> that's why i suggested the hostname/ip address separation[14:20:02] <CyberCr33p> lunaphyte: but if I seperate it don't I need 2 instances of postfix? One for SMTP and other for SUBMISSION? I can't find how to seperate it with one instance[14:21:36] <lunaphyte> no[14:21:44] <lunaphyte> but that would certainly be a good thing[14:21:54] <lunaphyte> set up 2 mail servers.[14:21:57] <lunaphyte> one for mx[14:22:00] <lunaphyte> one for submission[14:30:03] <rob0> For "legacy" setups, where you have little control over users who are submitting on port 25, I recommend using a separate IP address, which is not published via MX records.[14:32:16] <rob0> If you/your predecessor gave users the name of the MX host, you might have to change your MX records. It's much easier to do it that way than to try to get users to change the name they're using.[14:33:06] <rob0> (And if you can get them to change the submission hostname, you might as well get them to change the port.)[14:34:41] <lunaphyte> yup, in short, it's truly a complete non issue[14:35:06] <lunaphyte> even if you have to do things in the opposite of what you'd actually want to [meaning changing mx instead of changing submission][14:39:13] *** cemotyz09 <cemotyz09!~cemotyz09@cpe-70-121-128-59.satx.res.rr.com> has quit IRC (Quit: cemotyz09)[14:39:15] <CyberCr33p> I have 2 IPs on each server so it's ok to seperate it[14:39:31] <CyberCr33p> but I can't find how with 1 postfix to seperate it. Is a setting in master.cf ?[14:40:37] <CyberCr33p> now postfix bind to one ip only. I can remove the bind setting from main.cf to listen to both IPs[14:40:53] <CyberCr33p> but then how to seperate SMTP to one IP and SUBMISSION to 2nd ip ?[14:42:49] <CyberCr33p> is the setting in master.cf this: ip1:smtp ?[14:43:07] <lunaphyte> yes, specify the appropriate ip address for each of the two services in master.cf[14:43:19] <CyberCr33p> ok thank you[14:44:38] <CyberCr33p> I think I will do the opposite as rob0 said, I will add mx.example.com for MX record and mail.example.com for submission[14:52:35] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix[14:52:43] <CyberCr33p> and another question question: Is it possible header_checks to check 2 different regexs and if BOTH match to forward e-mail to an relay ?[14:55:00] <rob0> you're changing the name your users are using to configure their MUAs?[14:56:40] <CyberCr33p> no I don't change it, what I want to do is use different SMTP relays depending on the headers[14:57:36] <rob0> Anyway, rather than doing this in Postfix as you've said, you could simply -- assuming Linux of course -- use iptables REDIRECT to point port 25 of the submission IP to 587[14:57:56] <rob0> 13:46 < CyberCr33p> I think I will do the opposite as rob0 said, I will add mx.example.com for MX record and mail.example.com for submission[14:58:07] <rob0> ^^ this is what I was responding toe[14:58:26] <CyberCr33p> I use freebsd with ipfw but maybe it has REDIRECT too. I will check it[15:00:21] <CyberCr33p> rob0: if not possible with ipfw maybe I can use stunnel[15:00:51] <rob0> uh, no[15:01:14] <rob0> if not possible with ipfw stick with the master.cf thing[15:01:22] <CyberCr33p> ok[15:01:38] <CyberCr33p> for performance reasons?[15:15:11] *** qtch <qtch!~qtch@smtp.tarniny.pl> has quit IRC (Ping timeout: 250 seconds)[15:18:40] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has joined #postfix[15:20:28] *** qtch <qtch!~qtch@80-94-18-3.mierzyn.tarniny.pl> has joined #postfix[15:21:02] *** bauruine <bauruine!~bauruine@2a01:4f8:130:8285:fefe::36> has quit IRC (Ping timeout: 276 seconds)[15:25:12] <section1> !policy-spf_time_limit[15:25:12] <knoba> section1: Error: "policy-spf_time_limit" is not a valid command.[15:26:06] *** bauruine <bauruine!~bauruine@mail.tuxli.ch> has joined #postfix[15:30:33] *** abf_ <abf_!~abf@2601:404:c101:234::edc8> has quit IRC (Read error: Connection reset by peer)[15:32:45] <hallaboi> thanks for guideance guys! I got a little further now :D[15:34:15] *** hallaboi <hallaboi!~sre@82.163.163.160> has left #postfix[15:36:00] <double-p> <3 swaks[15:42:54] *** abf_ <abf_!~abf@2601:404:c101:234::edc8> has joined #postfix[15:58:58] *** genius_monkey <genius_monkey!~genius_mo@202.189.228.110> has quit IRC (Quit: genius_monkey)[16:00:40] *** genius_monkey <genius_monkey!~genius_mo@202.189.228.110> has joined #postfix[16:03:45] *** genius_monkey <genius_monkey!~genius_mo@202.189.228.110> has quit IRC (Remote host closed the connection)[16:05:37] *** genius_monkey <genius_monkey!~genius_mo@202.189.228.110> has joined #postfix[16:10:39] *** Kelsar <Kelsar!~quassel@unaffiliated/kelsar> has quit IRC (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)[16:10:44] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[16:12:59] *** Kelsar <Kelsar!~quassel@unaffiliated/kelsar> has joined #postfix[16:13:38] *** ujjain <ujjain!~ujjain@unaffiliated/ujjain> has quit IRC (Remote host closed the connection)[16:26:02] *** pj <pj!~pj@centos/ops/pj> has quit IRC (Ping timeout: 276 seconds)[16:31:15] *** ujjain- <ujjain-!~ujjain@144.76.19.126> has joined #postfix[16:33:45] *** NwS <NwS!~NwS@unaffiliated/nws> has joined #postfix[16:36:04] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[16:36:05] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Read error: Connection reset by peer)[16:37:58] *** pj <pj!~pj@centos/ops/pj> has joined #postfix[16:42:04] *** pinPoint <pinPoint!~pinPoint@about/windows/regular/pinpoint> has joined #postfix[16:43:44] *** faizy98 <faizy98!~faizy98@111.68.104.153> has joined #postfix[16:51:47] *** Noti <Noti!~steffan@ip4da40774.direct-adsl.nl> has quit IRC (Quit: Konversation terminated!)[17:00:45] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[17:00:58] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[17:02:07] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 240 seconds)[17:03:39] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[17:04:07] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Client Quit)[17:27:10] *** edux <edux!~edux@216.54.214.22> has joined #postfix[17:32:42] *** AquaL1te <AquaL1te!~AquaL1te@unaffiliated/aqual1te> has left #postfix[17:54:42] *** aero-224 <aero-224!~aero-224@207.148.181.27> has joined #postfix[17:56:39] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[17:59:46] *** aero-224 <aero-224!~aero-224@207.148.181.27> has quit IRC (Remote host closed the connection)[18:00:13] *** aero-224 <aero-224!~aero-224@207.148.181.27> has joined #postfix[18:04:16] *** abf_ <abf_!~abf@2601:404:c101:234::edc8> has quit IRC (Quit: Leaving)[18:11:44] *** zombs is now known as bs[18:23:27] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 240 seconds)[18:25:35] *** sputnik <sputnik!kli0rf@unaffiliated/kli0rf> has quit IRC (Ping timeout: 244 seconds)[18:30:27] *** sputnik <sputnik!kli0rf@justitia.lt> has joined #postfix[18:30:28] *** sputnik <sputnik!kli0rf@justitia.lt> has quit IRC (Changing host)[18:30:28] *** sputnik <sputnik!kli0rf@unaffiliated/kli0rf> has joined #postfix[18:30:37] *** higuita <higuita!~higuita@2001:818:dee9:4200:ec72:50ff:fe96:f291> has quit IRC (Ping timeout: 252 seconds)[18:34:01] *** higuita <higuita!~higuita@2001:818:dee9:4200:ec72:50ff:fe96:f291> has joined #postfix[18:34:11] *** gu1lle_ <gu1lle_!~Thunderbi@190.190.117.178> has joined #postfix[18:43:23] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[18:44:02] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[18:46:58] *** ]SiB[1 <]SiB[1!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[18:51:13] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 268 seconds)[18:51:14] *** ]SiB[1 is now known as ]SiB[[18:53:36] *** Blubberbop <Blubberbop!~quassel@mail.capmega.com> has joined #postfix[18:53:49] *** rsx <rsx!~rsx@ppp-46-244-253-43.dynamic.mnet-online.de> has quit IRC (Remote host closed the connection)[18:54:34] *** zapata_ is now known as zapata[19:02:18] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 252 seconds)[19:09:41] <CyberCr33p> in header_checks if a regexp matches, then it still continue to try to match everything else or it stops in first match ?[19:13:25] <rob0> well, there is the if...endif construct, but maybe "try to match everything else" won't do what you hope?[19:15:05] <CyberCr33p> https://pastebin.com/raw/yK4TJisP[19:15:51] <CyberCr33p> I want authenticated senders to send from same server and then if the X-Bogosity header exist to send from a relay[19:21:04] *** gabizou <gabizou!~gabizou@irc.spongepowered.org> has quit IRC (Ping timeout: 246 seconds)[19:35:20] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[19:42:44] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Read error: Connection reset by peer)[19:45:02] *** CyberCr33p <CyberCr33p!~chris@athedsl-4448986.home.otenet.gr> has quit IRC (Quit: CyberCr33p)[19:46:01] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[19:46:18] *** ih8wndz <ih8wndz!jwpierce3@001.srv.trnkmstr.com> has quit IRC (Ping timeout: 252 seconds)[19:48:32] *** ih8wndz <ih8wndz!jwpierce3@001.srv.trnkmstr.com> has joined #postfix[19:52:08] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 245 seconds)[19:52:35] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[19:57:02] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 244 seconds)[19:58:26] *** colinjmatt <colinjmatt!~colinjmat@matthews-co.uk> has quit IRC (Ping timeout: 268 seconds)[19:59:30] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has quit IRC (Quit: Ex-Chat)[20:19:24] *** colinjmatt <colinjmatt!~colinjmat@matthews-co.uk> has joined #postfix[20:56:07] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Quit: Leaving)[21:08:19] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Quit: Leaving)[21:08:37] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[21:09:41] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[21:10:14] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[21:32:34] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.allophone.biz> has joined #postfix[22:11:27] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Quit: Leaving.)[22:13:50] *** Diemuzi <Diemuzi!~IceChat9@unaffiliated/diemuzi> has quit IRC (Quit: See you on the flip side!)[22:38:00] *** random_yanek <random_yanek!~random_ya@host-89-230-167-79.dynamic.mm.pl> has quit IRC (Ping timeout: 250 seconds)[22:49:54] *** random_yanek <random_yanek!~random_ya@87.116.231.154> has joined #postfix[22:59:07] *** bolt <bolt!~r00t@unaffiliated/bolt> has quit IRC (Remote host closed the connection)[23:00:58] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[23:05:10] *** bolt <bolt!~r00t@unaffiliated/bolt> has quit IRC (Remote host closed the connection)[23:06:14] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[23:10:15] *** VibesYuth <VibesYuth!~lfesdaill@static-108-41-107-210.nycmny.fios.verizon.net> has joined #postfix[23:11:29] *** VibesYuth <VibesYuth!~lfesdaill@static-108-41-107-210.nycmny.fios.verizon.net> has quit IRC (Remote host closed the connection)[23:57:54] <orev> is there a way to enable global verbose mode? i see master supports a -v option and will propagate that to children, however postfix-script does not seem to import any config files to allow you to set it on startup[23:58:55] <orev> short of modifying the OS start script (i'm on centos 7)[23:59:04] <pj> orev: why would you want to do that?[23:59:29] <orev> pj: this is a test server and i want to be able to get more logging. it does not have any real volume[23:59:36] <pj> verbose mode is very rarely needed and will seriously bloat out your logs and make it very hard to find information that is actually useful.