January 3, 2020 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 3, 2020 [00:06:00] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[00:06:32] *** Bheam <Bheam!~Bheam@80.232.6.94> has joined #postfix[00:06:35] <Bheam> yo[00:06:47] <Bheam> Can someone help me why i'm gettign spf-softfail on this? https://pastebin.com/QcX15MYJ[00:19:22] <lunaphyte> Bheam: postfix doesn't do spf, so that would be a question for #spamassassin[00:19:32] <lunaphyte> or you could also ask in ##email too[00:20:51] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 240 seconds)[00:35:00] <pj> It's also impossible to tell without knowing the envelope sender.[00:35:43] *** ek <ek!~ek@freebsd/contributor/ek> has quit IRC (Quit: Brb.)[00:37:42] <Bheam> what's the envelope sender?[00:42:42] *** mirko <mirko!~mirko@217.115.11.26> has joined #postfix[00:43:02] *** ek <ek!~ek@freebsd/contributor/ek> has joined #postfix[00:43:07] *** mirko is now known as Guest56747[00:45:00] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[01:24:16] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has quit IRC (Remote host closed the connection)[01:24:41] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has joined #postfix[02:13:34] *** Bebef <Bebef!sbreit@phobos.bebef.de> has quit IRC (Read error: Connection reset by peer)[02:14:45] *** Bebef <Bebef!sbreit@phobos.bebef.de> has joined #postfix[02:31:31] *** wings <wings!~wings@unaffiliated/wings> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)[02:33:39] *** wings <wings!~wings@unaffiliated/wings> has joined #postfix[02:38:18] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has quit IRC (Ping timeout: 260 seconds)[02:40:08] *** oculux <oculux!~oculux@128.127.105.184> has quit IRC (Ping timeout: 265 seconds)[02:43:25] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has joined #postfix[02:45:18] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Ping timeout: 260 seconds)[03:08:23] *** nyov <nyov!~nyov@unaffiliated/nyov> has quit IRC (Killed (verne.freenode.net (Nickname regained by services)))[03:08:30] *** nyov <nyov!~nyov@unaffiliated/nyov> has joined #postfix[03:14:45] <pj> !tell Bheam envelope[03:14:46] <knoba> Bheam: SMTP has MAIL FROM and RCPT TO commands. Addresses in those commands are envelope addresses. There is no requirement that they appear in any header.[03:56:58] *** zapata <zapata!~zapata@2001:470:58e8:1:54f0:f73c:cdd4:7a4> has quit IRC (Ping timeout: 252 seconds)[03:57:34] *** echoSMILE <echoSMILE!~censured@a83-132-44-139.cpe.netcabo.pt> has joined #postfix[03:58:17] *** zapata <zapata!~zapata@2001:470:58e8:1:54f0:f73c:cdd4:7a4> has joined #postfix[04:00:47] *** davispuh <davispuh!~quassel@87.110.32.91> has quit IRC (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)[04:02:28] *** zapata <zapata!~zapata@2001:470:58e8:1:54f0:f73c:cdd4:7a4> has quit IRC (Ping timeout: 248 seconds)[04:09:01] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Quit: leaving)[04:19:58] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has joined #postfix[04:32:17] *** zapata <zapata!~zapata@2001:470:58e8:1:c8:6f18:75b0:aaa> has joined #postfix[04:45:35] *** c0san0stra <c0san0stra!~nunyuh@unaffiliated/c0san0stra> has quit IRC (Ping timeout: 250 seconds)[04:46:11] *** andi- <andi-!~andi-@NixOS/user/andi-> has quit IRC (Remote host closed the connection)[04:47:39] *** c0san0stra <c0san0stra!~nunyuh@unaffiliated/c0san0stra> has joined #postfix[04:50:04] *** andi- <andi-!~andi-@NixOS/user/andi-> has joined #postfix[05:03:04] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.scb.ne.static.allophone.net> has quit IRC (Quit: Ex-Chat)[05:13:51] *** sphex <sphex!~nobody@xplr-208-114-153-215.xplornet.com> has quit IRC (Read error: Connection reset by peer)[05:17:39] *** sphex <sphex!~nobody@38.133.25.191> has joined #postfix[05:51:15] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[05:51:34] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix[05:57:13] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Ping timeout: 268 seconds)[06:16:13] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has quit IRC (Remote host closed the connection)[06:28:59] *** Ner0Zer0 <Ner0Zer0!~Ner0Zer0@87.253.63.54> has joined #postfix[07:02:35] *** jalalsfs_ <jalalsfs_!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 265 seconds)[07:04:26] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix[07:49:04] *** Ner0Zer0 <Ner0Zer0!~Ner0Zer0@87.253.63.54> has quit IRC (Read error: Connection reset by peer)[07:49:26] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Quit: led_dark_1)[07:49:36] *** Ner0Zer0 <Ner0Zer0!~Ner0Zer0@87.253.63.54> has joined #postfix[07:57:06] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[08:02:21] *** epony <epony!epony@unaffiliated/epony> has quit IRC (Quit: upgrades)[08:05:27] *** epony <epony!epony@unaffiliated/epony> has joined #postfix[08:20:34] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[08:22:53] *** SteffanW <SteffanW!~steffan@185.2.243.3> has joined #postfix[08:24:04] *** mTeK <mTeK!~quassel@192.151.137.68> has quit IRC (Ping timeout: 265 seconds)[08:24:36] *** mTeK <mTeK!~quassel@192.151.137.68> has joined #postfix[08:27:41] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Ping timeout: 268 seconds)[08:29:00] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[08:30:05] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-ghupvyaqsbbolutj> has joined #postfix[08:58:52] *** SteffanW <SteffanW!~steffan@185.2.243.3> has quit IRC (Remote host closed the connection)[09:00:20] *** Noti <Noti!~steffan@185.2.243.3> has joined #postfix[09:03:39] *** wowas <wowas!~wowas@projekte.imos.net> has joined #postfix[09:21:35] *** noxid <noxid!~noxid@unaffiliated/noxid> has quit IRC (Quit: WeeChat 1.0.1)[09:21:55] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 258 seconds)[09:22:13] *** noxid <noxid!~noxid@unaffiliated/noxid> has joined #postfix[09:41:53] *** internat <internat!biteme2@124-170-17-229.dyn.iinet.net.au> has quit IRC (Ping timeout: 265 seconds)[09:45:48] *** internat <internat!~nf@27-32-36-13.static.tpgi.com.au> has joined #postfix[10:13:03] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has quit IRC (Ping timeout: 246 seconds)[10:13:18] *** ghormoon <ghormoon!~ghormoon@ghorland.net> has joined #postfix[10:15:24] *** wings <wings!~wings@unaffiliated/wings> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)[10:39:42] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-ghupvyaqsbbolutj> has quit IRC (Quit: Connection closed for inactivity)[11:06:21] *** Rez <Rez!~LoRez@freenode/staff-emeritus/lorez> has quit IRC (Ping timeout: 268 seconds)[11:06:41] *** Rez <Rez!~LoRez@freenode/staff-emeritus/lorez> has joined #postfix[11:28:56] *** knoba <knoba!~limnoria@jen.workaround.org> has quit IRC (Remote host closed the connection)[11:29:14] *** knoba <knoba!~limnoria@yoda.workaround.org> has joined #postfix[11:31:10] <Signum> !knoba[11:31:10] <knoba> Signum: an informational bot in this channel (see http://workaround.org/f=postfix)[11:31:21] <Signum> Good… works again… just moved the bot to another server.[11:31:44] <Signum> I'll get the list of facts running right away...[11:33:50] <tuxick> facts are just opinions![11:41:38] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Read error: Connection reset by peer)[11:41:59] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[11:45:20] *** wowas <wowas!~wowas@projekte.imos.net> has quit IRC (Ping timeout: 265 seconds)[12:02:58] *** wowas <wowas!~wowas@projekte.imos.net> has joined #postfix[12:03:54] *** hipodilski <hipodilski!~hipo@pc-freak.net> has quit IRC (Remote host closed the connection)[12:04:27] *** NonFree_ <NonFree_!NonFree@gateway/vpn/privateinternetaccess/jasjar> has quit IRC (Ping timeout: 258 seconds)[12:07:07] *** NonFree <NonFree!NonFree@gateway/vpn/privateinternetaccess/jasjar> has joined #postfix[12:14:17] *** section1 <section1!~section1@178.33.109.106> has joined #postfix[12:26:19] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has joined #postfix[13:02:40] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Quit: led_dark_1)[14:13:03] *** wowas <wowas!~wowas@projekte.imos.net> has quit IRC (Ping timeout: 260 seconds)[14:14:24] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix[14:22:42] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has quit IRC (Quit: Goodbye cruel world!)[14:29:09] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has joined #postfix[14:29:41] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[14:40:51] *** oculux <oculux!~oculux@31.3.152.100> has joined #postfix[14:49:37] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has joined #postfix[14:50:30] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has quit IRC (Remote host closed the connection)[14:50:55] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has joined #postfix[14:52:51] *** Human_G33k <Human_G33k!~HumanG33k@62.147.242.8> has quit IRC (Ping timeout: 240 seconds)[14:56:55] *** wowas <wowas!~wowas@gate-dc-gp.imos.net> has joined #postfix[15:07:22] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Quit: led_dark_1)[15:09:35] *** mungustas <mungustas!~arnas@92.61.33.111> has quit IRC (Ping timeout: 250 seconds)[15:10:34] *** mungustas <mungustas!~arnas@92.61.33.111> has joined #postfix[15:14:48] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Remote host closed the connection)[15:15:06] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[15:26:51] *** wowas <wowas!~wowas@gate-dc-gp.imos.net> has quit IRC (Ping timeout: 240 seconds)[15:29:25] *** wowas <wowas!~wowas@projekte.imos.net> has joined #postfix[15:47:18] <survietamine> hello, I've some hash database file with OK and PERMIT actions. I can see PERMIT referenced in SMTPD_ACCESS_README and OK in access(5). Is there a difference between those 2 actions? If no, is that because of « historical » reasons?[15:56:25] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix[15:56:46] *** Matt <Matt!~matt@freenode/staff-emeritus/matt> has joined #postfix[15:56:51] <Matt> morning[16:10:11] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[16:13:42] <Matt> I'm trying to figure out if there's any vaguely sensible way to re-implement some key bits of an existing exim config in postfix, basically cause the previous admin liked to overcomplicate matters and liked exim, whereas I'd rather use postfix[16:13:50] <Matt> and it really doesn't /need/ to be this complicated[16:15:09] *** yoink <yoink!~yoink@unaffiliated/yoink> has quit IRC (Ping timeout: 258 seconds)[16:16:31] <Matt> the old exim setup (amongst other things I don't care to reimplement) delivered local mail by adding a header then passing to maildrop, which ran the users' .mailfilter, then passed the message back to exim by calling /usr/bin/sendmail, exim then checked for the x-maildrop-processed header and when it found it, delivered the message to dovecot via lmtp[16:16:54] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has joined #postfix[16:18:15] <Matt> it's preferable to have dovecot handle delivery, because that way it updates mailbox indexes as it goes rather then requiring a reindex when the user connects via imap, but I also need to keep maildrop in the loop so users don't lose their mail filters[16:18:56] <Matt> I was thinking I might be able to override mailbox_transport for pickup in master.cf, but that doesn't seem to work[16:23:37] *** rsx <rsx!~rsx@ppp-188-174-133-153.dynamic.mnet-online.de> has joined #postfix[16:26:07] *** wowas <wowas!~wowas@projekte.imos.net> has quit IRC (Quit: Leaving)[16:30:04] *** yoink <yoink!~yoink@unaffiliated/yoink> has joined #postfix[16:31:26] <lunaphyte> survietamine: ok is an access table action. permit is a restriction list result[16:37:35] *** davispuh <davispuh!~quassel@87.110.32.91> has joined #postfix[16:52:03] *** aadz <aadz!~Alexander@92.255.127.5> has quit IRC (Ping timeout: 240 seconds)[16:57:28] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has quit IRC (Remote host closed the connection)[16:58:00] <survietamine> lunaphyte: ah, correct, now I see the 'permit' listed in 'OTHER ACTIONS' section of access(5).[16:58:32] <survietamine> But, I have the feeling PERMIT and OK have same result on my setup[16:59:10] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has joined #postfix[17:00:27] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has quit IRC (Remote host closed the connection)[17:01:48] *** HumanGeek <HumanGeek!~HumanG33k@62.147.242.8> has joined #postfix[17:02:15] *** Noti <Noti!~steffan@185.2.243.3> has quit IRC (Quit: Konversation terminated!)[17:02:19] <survietamine> Matt: yeah, that looks overcomplicated setup[17:03:02] <survietamine> Matt: years ago, I moved from courier-imap to dovecot and didn't want to keep maildrop[17:12:51] *** gturner <gturner!~gturner@zoth-ommog.unzane.com> has quit IRC (Quit: ZNC - http://znc.in)[17:14:42] *** gturner <gturner!~gturner@zoth-ommog.unzane.com> has joined #postfix[17:21:20] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-tphuwensxqmmmkxs> has joined #postfix[17:32:50] *** tds3 <tds3!~tds@lounge.srv.home.timstallard.me.uk> has joined #postfix[17:33:08] *** tds <tds!~tds@lounge.srv.home.timstallard.me.uk> has quit IRC (Ping timeout: 248 seconds)[17:33:09] *** tds3 is now known as tds[17:41:18] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Ping timeout: 260 seconds)[17:44:03] *** Ner0Zer0 <Ner0Zer0!~Ner0Zer0@87.253.63.54> has quit IRC (Ping timeout: 240 seconds)[18:07:45] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has joined #postfix[18:08:28] *** cpm <cpm!~cpm@pdpc/supporter/active/cpm> has joined #postfix[18:11:28] <immae> Hello there, I need to add some ips to the "mynetworks" key in postfix configuration, but I would like to append them to the default (which already contains all the interfaces of my server), is there a way to do that without needing to rewrite the whole thing?[18:13:52] <lunaphyte> immae: avoid mynetworks [and permit_mynetworks][18:14:09] <lunaphyte> what problem are you trying to solve?[18:14:39] <immae> lunaphyte: I have trusted hosts that I want to allow to use my server as relay[18:15:31] <immae> (one central postfix server, and several machines which will send e-mail through that server)[18:18:59] <Matt> survietamine: yeah, I'll be pushing this site to move to sieve[18:19:27] <Matt> but it's a university site and some of the profs can be remarkably resistant to change[18:19:45] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[18:20:45] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix[18:21:40] *** foxcpp <foxcpp!~foxcpp@foxcpp.dev> has quit IRC (Quit: Looks like my relay decided to commit suicide)[18:21:42] *** echoSMIL1 <echoSMIL1!~censured@unaffiliated/echosmile> has joined #postfix[18:22:09] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Ping timeout: 268 seconds)[18:23:37] *** eelstrebor <eelstrebor!~eelstrebo@216.75.116.100> has joined #postfix[18:31:00] <cpm> gawds, , it's been so long. Q: Can I use pipes in /etc/postfix/virtual ? like for request tracker?[18:33:55] <cpm> IE, , like: helpdesk at rt dot domain.tld: "|/usr/bin/rt-mailgate --queue helpdesk --action correspond --url https://rt.domain.tld/rt"[18:34:08] <cpm> kinda thing?[18:34:33] <cpm> ah, heck, , just try I guess, see what breaks. :)[18:37:05] *** zerocool <zerocool!~muhGNUdoh@206.189.64.51> has joined #postfix[18:38:09] <zerocool> howdy yall, i have a question. when using reject_unknown_reverse_client_hostname, and smtpd_helo_required, is the value provided during helo treated the same as the hostname?[18:39:03] <zerocool> my issue is one sender connects and provides helo that doesn't resolve to a valid address, it resolves to a cname, then A record 127.0.0.1[18:39:44] <zerocool> our server rejects this, im assuming because of reject_unknown_reverse_client_hostname[18:40:31] <cpm> good[18:40:35] <cpm> your server should[18:41:00] <zerocool> i agree, im just about to explain the issue to them and want to point them at the directive that is causing the rejection[18:46:29] <cpm> ehlo/helo should be fqdn, which has an a record. Not a cname. Doesn't have to, by rfc, but should. Rejecting because this standard isn't met takes care of a lot of problems. They need to fix their end.[18:47:26] <zerocool> I agree, is this caused by reject_unknown_reverse_client_hostname though?[18:48:39] <zerocool> I just want to be able to point to that directive and say "you need to comply with that", in my email to them I am also including rfc5321 4.1.1.1 and DNS information[18:50:04] <zerocool> they're trying to say deliverability issues are on our end but only two of their mail servers/ip addresses are using invalid helo. so im arguing that it could the RFC is wrong, it could be postfix that's wrong, it could be cloudflare/google dns that's wrong, or those two mail servers are misconfigured.[19:02:14] <cpm> pull the relevant logs, tell them that you don't accept mail from invalid helo/ehlo, ask the to fix as they *should* noting that rfc differentiates between should and must. This is a should, and is a common sanity check.[19:03:06] <cpm> fwiw, your reject should have tossed a status, which they could sort for themselves.[19:07:01] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix[19:13:54] <cpm> Stephen J. Turnbull, in his Sysadmin's Lament says: "Email is hard, then you retire".[19:14:49] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Remote host closed the connection)[19:14:50] <cpm> email really isn't particularly /hard/ per say, but -due to spam- it is amazingly complex.[19:15:07] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[19:15:40] <cpm> doing a deliberate and careful job configuring one's email server to be rfc compliant makes a huge difference in functionality.[19:22:42] *** oculux <oculux!~oculux@31.3.152.100> has quit IRC (K-Lined)[19:22:48] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Remote host closed the connection)[19:23:12] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[19:28:00] <tuxick> yeah[19:28:06] <tuxick> 90% of users will complain[19:28:15] <tuxick> because they use outlook[19:29:47] <cpm> I feel for them[19:35:21] *** Gaaab <Gaaab!~Gaaab@mob-37-176-214-176.net.vodafone.it> has joined #postfix[19:35:57] <tuxick> more and more companies moving to o365[19:36:04] <tuxick> which means outlook or web[19:41:02] <cpm> I know it's bad brain-ing, but I -for one- am really kinda sick and tired of misconfigured cloudflare/digiocean/etc vhosts. Seems these hosting outfits could easily police this crap themselves, spare the internet all this pain.[19:43:56] <cpm> thank you for coming to my ted talk[19:58:10] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Quit: Leaving)[20:13:34] *** rsx <rsx!~rsx@ppp-188-174-133-153.dynamic.mnet-online.de> has quit IRC (Remote host closed the connection)[20:18:28] *** davispuh <davispuh!~quassel@87.110.32.91> has quit IRC (Quit: No Ping reply in 180 seconds.)[20:19:20] *** Gaaab <Gaaab!~Gaaab@mob-37-176-214-176.net.vodafone.it> has quit IRC (Ping timeout: 258 seconds)[20:20:39] *** TheFatherMind- <TheFatherMind-!~TheFather@cpe-172-117-218-16.socal.res.rr.com> has joined #postfix[20:21:29] *** kingkong <kingkong!antalya@shellium/member/kingkong> has quit IRC (Quit: www.ChatQ.Net New Style Chat Site)[20:22:42] *** kingkong <kingkong!antalya@chatq.net> has joined #postfix[20:23:28] *** TheFatherMind <TheFatherMind!~TheFather@cpe-172-117-218-16.socal.res.rr.com> has quit IRC (Ping timeout: 265 seconds)[20:23:58] *** blackmajic <blackmajic!~black@mail.justla.me> has quit IRC (Quit: No Ping reply in 180 seconds.)[20:25:04] *** blackmajic <blackmajic!~black@mail.justla.me> has joined #postfix[20:27:02] *** davispuh <davispuh!~quassel@87.110.32.91> has joined #postfix[20:36:07] *** cpm <cpm!~cpm@pdpc/supporter/active/cpm> has quit IRC (Quit: Leaving)[20:37:13] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Remote host closed the connection)[20:37:32] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[20:37:39] *** davispuh <davispuh!~quassel@87.110.32.91> has quit IRC (Ping timeout: 240 seconds)[20:43:30] *** Gaaab <Gaaab!~Gaaab@mob-31-159-255-31.net.vodafone.it> has joined #postfix[20:47:04] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Ping timeout: 268 seconds)[20:56:31] *** davispuh <davispuh!~quassel@87.110.32.91> has joined #postfix[21:00:35] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-tphuwensxqmmmkxs> has quit IRC (Quit: Connection closed for inactivity)[21:16:51] *** random_yanek <random_yanek!~random_ya@host-89-230-164-117.dynamic.mm.pl> has quit IRC (Ping timeout: 268 seconds)[21:23:08] *** random_yanek <random_yanek!~random_ya@87.116.237.199> has joined #postfix[21:30:57] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has quit IRC (Quit: Goodbye cruel world!)[21:39:34] *** echoSMIL1 is now known as echoSMILE[21:41:32] *** foxcpp1 <foxcpp1!~foxcpp@163.172.159.67> has joined #postfix[21:41:38] *** foxcpp1 <foxcpp1!~foxcpp@163.172.159.67> has quit IRC (Client Quit)[21:43:36] *** foxcpp <foxcpp!~foxcpp@foxcpp.dev> has joined #postfix[22:21:23] *** Gaaab <Gaaab!~Gaaab@mob-31-159-255-31.net.vodafone.it> has quit IRC (Remote host closed the connection)[22:28:45] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[22:29:51] <lunaphyte> immae: right. you use smtp auth for that. don't allow relaying based on source ip address[22:29:56] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix[22:37:35] <immae> lunaphyte: you mean sasl? It’snot possible in my situation because the sasl implementation is a mess that I don’t find how to adapt to a host...[22:38:10] <immae> (I mean: I have sasl for "real users" and I don’t find a way to extend it properly to authenticate a "host")[22:40:11] <immae> Is it possible to have more than one sasl authentication scheme?[22:41:33] <Zerberus> why? the client just sends a username and password - there is no magic[22:41:46] <immae> there is[22:41:59] <immae> I check that the user is allowed to send the email in the envelope from[22:42:14] <immae> But for the hosts I don’t have that kind of check, I "trust" them by default[22:42:52] <Zerberus> checking the envelop from is not SMTP AUTH[22:43:21] <Zerberus> it can be an additional function to check that the sender address is permitted for the authenticating client[22:43:37] <immae> Zerberus: Hmm are you sure?[22:43:42] <immae> I didn’t find anything permitting that[22:44:01] <Zerberus> SASL_README explains everything in detail[22:44:09] <immae> I read it several times already[22:44:20] <immae> It’s a weeks old problem that I have :p[22:44:23] <Zerberus> !getting_help[22:44:23] <knoba> Zerberus: before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:45:47] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has joined #postfix[22:49:14] <immae> Zerberus: https://paste.ee/p/Ks5Wi[22:50:38] <Zerberus> so you have properly implemented SMTP AUTH on submission, enforcing TLS and requiring AUTH[22:50:50] <immae> yes[22:51:03] <immae> And I can authenticate hosts (that’s not an issue)[22:51:09] <immae> The issue is with the sender checking[22:51:26] <Zerberus> in which way?[22:51:41] <immae> I trust the hosts, I don’t trust the users[22:51:54] <thumbs> that's foolish.[22:52:09] <immae> why?[22:52:45] <immae> The hosts are just parts of a consistent network[22:52:52] <immae> It’s not just "some host"[22:52:58] <Zerberus> who is the "user" in this case? the one logged in on the host? or the identity the host is using for AUTH?[22:53:10] <immae> The identity for AUTH[22:53:28] <immae> It can be a user (aka a person), for which I check that he is allowed to use the given sender[22:53:47] <immae> And it can be a host for which I trust anything at immae dot eu (not just anything, but I’ll take what I can)[22:56:11] <thumbs> any (rogue) process on the host could then spam away without restriction.[22:56:34] <immae> It could, but same could a rogue process on the postfix host[22:56:44] <thumbs> by requiring auth, you can lock down any compromised credentials without blocking the entire host.[22:57:00] <thumbs> immae: you need to require auth to email, even from the postfix host.[22:57:26] <immae> That’s not an option so far, it’s still draft[22:57:32] <thumbs> trusting "localhost" is just as foolish.[22:58:00] <immae> But I’m not against authenticating, I just don’t see any way to mix it with my current authentication of users[22:58:46] <thumbs> SASL can use any backend you have in place[22:58:56] <immae> Can it use more than one backend?[22:59:03] <thumbs> sure, in some cases.[22:59:09] <immae> Ah![22:59:41] <immae> Then that’s what I need and that I couldn’t find..[23:00:04] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Quit: Leaving.)[23:00:58] <immae> Hmm I just realized that I can simply open another submission port for hosts with different rules...[23:05:42] <immae> I’ll go that path I think, it’s much easier. Thanks for the spark![23:12:09] <Zerberus> that's correct[23:17:47] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has quit IRC (Quit: gu1lle_)[23:21:27] *** pins <pins!~pinPoint@about/windows/regular/pinpoint> has joined #postfix[23:22:41] *** pins <pins!~pinPoint@about/windows/regular/pinpoint> has quit IRC (Client Quit)[23:23:19] *** oculux <oculux!~oculux@31.3.152.100> has joined #postfix[23:32:03] *** phunyguy <phunyguy!~blaahchm@ubuntu/member/phunyguy> has joined #postfix