January 9, 2020 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 9, 2020 [00:04:36] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Ping timeout: 268 seconds)[00:26:03] *** tachoknight <tachoknight!~tachoknig@205.178.20.7> has quit IRC (Ping timeout: 240 seconds)[01:07:52] *** neo4 <neo4!~Thunderbi@212-247-92-178.pool.ukrtel.net> has joined #postfix[01:47:53] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has joined #postfix[01:56:59] *** qgTG_ is now known as qgTG[01:59:17] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has quit IRC (Quit: nksegos)[02:01:15] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has joined #postfix[02:01:29] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has quit IRC (Client Quit)[02:03:48] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has joined #postfix[02:07:46] *** ub3g33k <ub3g33k!ubergeek@thunix.net> has quit IRC (Quit: WeeChat 2.6)[02:09:16] *** troulouliou_div2 <troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439> has quit IRC (Quit: Leaving)[02:12:42] *** freebds <freebds!6f7ddd41@111.125.221.65> has joined #postfix[02:20:10] <freebds> what does mydestination in postfix config mean?[02:21:26] <thumbs> !tell freebds mydestination[02:21:26] <knoba> freebds: a configuration parameter in the main.cf: The list of domains that Postfix delivers via the $local_transport mail delivery transport. By default, mail is given to the Postfix local(8) delivery agent that looks up all recipients in /etc/passwd and /etc/aliases, or their equivalents. See http://www.postfix.org/postconf.5.html#mydestination for more information.[02:22:03] *** NonFree_ <NonFree_!NonFree@gateway/vpn/privateinternetaccess/jasjar> has quit IRC (Ping timeout: 240 seconds)[02:22:34] *** NonFree <NonFree!NonFree@gateway/vpn/privateinternetaccess/jasjar> has joined #postfix[02:23:00] <freebds> local_transport what is that?[02:23:13] <lunaphyte> freebds: please see man 5 postconf[02:23:22] <lunaphyte> these are all documented configuration parameters[02:23:54] <freebds> i read it i donot understand[02:24:04] <freebds> need a little elaboration[02:24:18] <lunaphyte> you'll need to explain then[02:25:03] <freebds> so mydestination refers to those addresses which postfix will send directly without going to relay server?[02:25:45] <lunaphyte> as documented, mydestination contains domains. not addresses.[02:25:49] <lunaphyte> i'm not sure what you're saying[02:27:26] *** nksegos <nksegos!~Thunderbi@ppp089210124062.access.hol.gr> has quit IRC (Quit: nksegos)[02:36:02] *** ovrstorm <ovrstorm!~ovrstorm@air.raid.io> has quit IRC (Quit: We're sorry, your call cannot be dialed as completed ...)[02:38:42] *** Dessa <Dessa!Dessa@pku74f0o.dip0.t-iqconnect.de> has quit IRC (Quit: ZNC - http://znc.in)[02:39:18] *** Dessa <Dessa!Dessa@pku74f0o.dip0.t-iqconnect.de> has joined #postfix[02:41:31] *** freebds <freebds!6f7ddd41@111.125.221.65> has left #postfix[02:41:35] *** ovrstorm <ovrstorm!~ovrstorm@air.raid.io> has joined #postfix[02:54:49] *** neo4 <neo4!~Thunderbi@212-247-92-178.pool.ukrtel.net> has quit IRC (Quit: neo4)[03:02:59] *** nyov is now known as Guest99155[03:02:59] *** Guest99155 <Guest99155!~nyov@unaffiliated/nyov> has quit IRC (Killed (livingstone.freenode.net (Nickname regained by services)))[03:03:07] *** nyov <nyov!~nyov@unaffiliated/nyov> has joined #postfix[03:07:04] *** davispuh <davispuh!~quassel@95.68.80.195> has quit IRC (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)[03:09:44] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[03:10:43] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix[03:27:00] *** phoenixz <phoenixz!~quassel@187.211.1.83> has joined #postfix[03:49:48] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 265 seconds)[04:00:09] *** nyov <nyov!~nyov@unaffiliated/nyov> has quit IRC (Killed (weber.freenode.net (Nickname regained by services)))[04:00:16] *** nyov <nyov!~nyov@unaffiliated/nyov> has joined #postfix[04:38:27] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has quit IRC (Quit: Leaving)[05:04:29] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.scb.ne.static.allophone.net> has quit IRC (Quit: Ex-Chat)[05:17:53] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has quit IRC (Ping timeout: 260 seconds)[05:28:13] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has quit IRC (Ping timeout: 245 seconds)[05:51:30] *** breitenj <breitenj!~breitenj@bnc.plusnull.net> has quit IRC (Ping timeout: 252 seconds)[05:52:02] *** n-st <n-st!~n-st@unaffiliated/n-st> has quit IRC (Ping timeout: 260 seconds)[05:52:03] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has joined #postfix[05:52:34] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has quit IRC (Remote host closed the connection)[06:04:38] *** breitenj <breitenj!~breitenj@bnc.plusnull.net> has joined #postfix[06:05:09] *** n-st <n-st!~n-st@unaffiliated/n-st> has joined #postfix[06:24:00] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has joined #postfix[06:39:04] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[07:03:20] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Quit: led_dark_1)[07:07:12] *** tris <tris!tristan@camel.ethereal.net> has quit IRC (Ping timeout: 268 seconds)[07:08:51] *** DocMAX <DocMAX!~DocMAX@x4d066024.dyn.telefonica.de> has quit IRC (Ping timeout: 240 seconds)[07:09:23] *** DocMAX <DocMAX!~DocMAX@x4d081371.dyn.telefonica.de> has joined #postfix[07:12:21] *** tris <tris!tristan@camel.ethereal.net> has joined #postfix[07:14:04] *** gu1lle_ <gu1lle_!~Thunderbi@190.191.219.70> has joined #postfix[07:20:40] *** fannagoganna <fannagoganna!uid110488@gateway/web/irccloud.com/x-zqrdoxotkwgfkaja> has joined #postfix[07:29:37] *** gu1lle_ <gu1lle_!~Thunderbi@190.191.219.70> has quit IRC (Remote host closed the connection)[07:36:32] *** wings is now known as gnomethrower[07:36:41] *** gnomethrower is now known as wings[07:44:10] *** tris <tris!tristan@camel.ethereal.net> has quit IRC (Excess Flood)[07:44:18] *** tris <tris!tristan@camel.ethereal.net> has joined #postfix[08:07:25] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Read error: Connection reset by peer)[08:08:20] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[08:20:51] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has quit IRC (Ping timeout: 240 seconds)[08:32:18] *** Noti <Noti!~steffan@185.2.243.3> has joined #postfix[08:33:16] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has quit IRC (Quit: Leaving)[08:35:39] *** indy <indy!~indy@dsl-static-104.213-160-167.telecom.sk> has quit IRC (Ping timeout: 240 seconds)[08:36:12] *** zmyrgel <zmyrgel!~user@91-152-75-188.elisa-laajakaista.fi> has joined #postfix[08:37:38] <zmyrgel> morning, I have trouble configuring our postfix relay servers to transport tld domain to another server[08:38:48] <zmyrgel> the problem is that I have sender_dependent_relay_maps and if I define transport it seems to override the sender based stuff[08:40:11] <zmyrgel> I'd need a rule that mail to any mail with recipient that ends with ".sec" should be routed to dedicated smtp server[08:41:29] *** Noti <Noti!~steffan@185.2.243.3> has quit IRC (Quit: Konversation terminated!)[08:43:07] *** Noti <Noti!~steffan@185.2.243.3> has joined #postfix[08:43:10] *** wowas <wowas!~wowas@projekte.imos.net> has joined #postfix[09:30:13] *** fannagoganna <fannagoganna!uid110488@gateway/web/irccloud.com/x-zqrdoxotkwgfkaja> has quit IRC (Quit: Connection closed for inactivity)[09:32:34] *** mikami <mikami!~scurfee@mail.dveriunion.ru> has joined #postfix[09:33:19] *** mikami <mikami!~scurfee@mail.dveriunion.ru> has quit IRC (Client Quit)[09:34:24] *** internat <internat!~nf@27-32-36-13.static.tpgi.com.au> has quit IRC (Ping timeout: 268 seconds)[09:35:19] *** internat <internat!~nf@38.47.220.203.static.comindico.com.au> has joined #postfix[09:37:40] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 268 seconds)[09:39:04] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix[09:40:08] *** wowas <wowas!~wowas@projekte.imos.net> has quit IRC (Ping timeout: 268 seconds)[09:44:29] *** wowas <wowas!~wowas@hotspot.filstalnetz.de> has joined #postfix[09:51:25] *** rsx <rsx!~rsx@ppp-188-174-140-47.dynamic.mnet-online.de> has joined #postfix[09:59:38] *** eramirez <eramirez!~eramirez@104.129.194.65> has quit IRC (Quit: eramirez)[10:01:21] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has joined #postfix[10:02:07] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Ping timeout: 258 seconds)[10:03:18] <jelly> zmyrgel: do you control .sec TLD?[10:05:04] <jelly> if you do, you can create one or more MX records (or make your auth dns for that domain generate MX automatically for any name under .sec)[10:05:55] *** SteffanW <SteffanW!~steffan@185.2.243.3> has joined #postfix[10:06:20] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has quit IRC (Ping timeout: 258 seconds)[10:06:39] *** Noti <Noti!~steffan@185.2.243.3> has quit IRC (Ping timeout: 268 seconds)[10:06:58] <survietamine> maybe I'm too noob, I don't get how sender_dependent* would help to choose relay for some recipient domain[10:19:05] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has joined #postfix[10:30:07] <zmyrgel> jelly: I don't think the .sec is valid TLD but we might be able to set its MX record internally.[10:31:10] <zmyrgel> the .sec emails get send to dedicated server which then does the "you have received confidential email, go to this address to open it" stuff.[10:31:46] <Kelsar> and then .sec becomes an official TLD you can't communicate with...[10:33:01] <zmyrgel> survietamine: no, it doesn't help in that but if I add transport rule to send .sec domain it disables the sender_dependent stuff. I need to find way to have both rules active[10:33:29] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has joined #postfix[10:43:23] *** FH_thecat <FH_thecat!~FH_thecat@75.11.25.212.ftth.as8758.net> has joined #postfix[10:52:11] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[10:56:37] *** eramirez <eramirez!~eramirez@104.129.194.64> has joined #postfix[11:11:55] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[11:13:05] *** qgTG_ <qgTG_!~qgTG@unaffiliated/qgtg> has joined #postfix[11:14:03] *** qgTG <qgTG!~qgTG@unaffiliated/qgtg> has quit IRC (Ping timeout: 240 seconds)[11:25:15] *** qgTG_ <qgTG_!~qgTG@unaffiliated/qgtg> has quit IRC (Ping timeout: 240 seconds)[11:25:20] *** qgTG <qgTG!~qgTG@unaffiliated/qgtg> has joined #postfix[11:29:08] <rob0> uh, if you need end-to-end security, you need user-level encryption, e.g., gpg[11:29:08] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[11:29:43] <rob0> making up new TLDs is not going to do that[11:29:54] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix[11:30:28] *** qgTG_ <qgTG_!~qgTG@unaffiliated/qgtg> has joined #postfix[11:30:57] *** qgTG <qgTG!~qgTG@unaffiliated/qgtg> has quit IRC (Ping timeout: 268 seconds)[11:49:40] *** DTZUZO <DTZUZO!~DTZUZO@205.ip-149-56-132.net> has joined #postfix[12:00:16] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has quit IRC (Read error: Connection reset by peer)[12:01:35] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has joined #postfix[12:09:40] *** troulouliou_div2 <troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439> has joined #postfix[12:19:09] *** section1 <section1!~section1@178.33.109.106> has joined #postfix[12:28:36] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has quit IRC (Ping timeout: 246 seconds)[13:36:07] <zmyrgel> rob0: we have some appliance which does the encryptions which allows us to 'send encrypted' messages a lot easier than using gpg. Mainly that the email is stored in the appliance and recipient can view it via https[13:37:45] <rob0> but then it is not really secure, this is just a vendor selling you a dream.[13:40:48] <zmyrgel> rob0: well, its a dream that I need to get working[13:43:57] <rob0> it's apparently one which does not integrate well into your very non-standard configuration[13:44:57] <rob0> I bet your vendor could set you up with something Microsofty![13:47:42] <zmyrgel> rob0: probably, but I'd like to use our existing postfix mail gateways for this[13:50:51] *** nksegos <nksegos!~Thunderbi@2001:1458:202:228::101:aca1> has joined #postfix[13:54:29] <rob0> do you mind saying, who is this vendor that came up with the "sec" TLD idea?[13:55:22] <rob0> also, so @sec overrides sender_dependent stuff, but why would that be a problem?[13:55:45] <zmyrgel> Deltagon I think[13:55:59] <rob0> obviously (!) you have to keep @sec internal to your system[13:57:11] <zmyrgel> our servers use postfix gw servers to send email, some senders want to direct their mail through mandrill etc. services instead of directly sending emails to end users[13:57:41] <rob0> mandrill et al will not know how to handle a make-believe TLD[13:57:55] <zmyrgel> rob0: and it shouldn't[13:59:35] <zmyrgel> the new case are recipients with ".sec" addresses, these should be transported / relayd to vendors smtp server in our premises where they will handle the communication to end user instead of using more traditional smtp service[14:01:03] <zmyrgel> the .sec part just identifies those emails, if I want to send confidential message to foo at example dot com, I type it as "foo at example dot com.sec" and it should go through the vendor app to foo at example dot com[14:01:13] <rob0> oh lord, it's a marketing scheme[14:01:18] <Alver> o_0[14:02:42] <Alver> rob0: as crazy as it sounds, it is common enough. Keep in mind that many large banks have handed over their private keys for transactional systems to Akamai, in order to be able to have DDoS protection.[14:02:52] *** robinho86 <robinho86!~robson@177.96.157.126> has joined #postfix[14:03:02] <Alver> But I have to say, this is one Convoluted setup with capital C.[14:04:07] <zmyrgel> the problem is this, I can use transport file to make all .sec ending addresses and rest use normal smtp, postfix won't process the sender-based rules casing the emails intended to mandrill to go directly to end users[14:05:48] *** neo4 <neo4!~Thunderbi@212-247-92-178.pool.ukrtel.net> has joined #postfix[14:25:19] <f3ew> zmyrgel: why not use a policy daemon for this?[14:25:31] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has joined #postfix[14:33:12] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has quit IRC (Ping timeout: 246 seconds)[14:33:29] <zmyrgel> f3ew: policy daemon?[14:35:00] <f3ew> http://www.postfix.org/SMTPD_POLICY_README.html[14:35:09] <f3ew> !policyd[14:35:09] <knoba> f3ew: http://www.policyd.org/ : an anti-spam Postfix policy daemon which can manage throttling of email and a variety of other things not handled by Postfix directly. Look for \"cluebringer\" in your OS package system.[14:35:47] <f3ew> You can then implement all the rules you like[14:37:48] *** dl8bh <dl8bh!~bammes@shells.postadigitale.org> has quit IRC (Quit: WeeChat 2.7)[14:38:00] *** dl8bh <dl8bh!~bammes@shells.postadigitale.org> has joined #postfix[14:40:25] *** niee <niee!~user@MINE.THE.GAP.MEDOLINA.INFO> has joined #postfix[14:52:23] *** zmyrgel <zmyrgel!~user@91-152-75-188.elisa-laajakaista.fi> has quit IRC (Remote host closed the connection)[14:53:38] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Read error: Connection reset by peer)[14:54:40] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[15:12:20] *** cromag <cromag!~cromag@irssi/user/cromag> has quit IRC (Ping timeout: 248 seconds)[15:40:45] *** troulouliou_div2 <troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439> has quit IRC (Remote host closed the connection)[16:08:01] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has quit IRC (Quit: leaving)[16:08:19] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has joined #postfix[16:08:43] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has quit IRC (Client Quit)[16:12:11] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has joined #postfix[16:22:16] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has quit IRC (Ping timeout: 264 seconds)[16:26:49] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has joined #postfix[16:27:08] *** neo4 <neo4!~Thunderbi@212-247-92-178.pool.ukrtel.net> has quit IRC (Quit: neo4)[16:33:21] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has quit IRC (Ping timeout: 240 seconds)[16:37:23] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[16:38:16] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Client Quit)[16:38:44] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[16:39:07] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Client Quit)[16:39:39] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[16:41:34] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has joined #postfix[16:42:10] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Client Quit)[16:43:37] *** wowas <wowas!~wowas@hotspot.filstalnetz.de> has quit IRC (Ping timeout: 260 seconds)[16:46:16] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has quit IRC (Ping timeout: 264 seconds)[16:46:58] *** RadoQ <RadoQ!~cheater@unaffiliated/radoq> has joined #postfix[16:53:22] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[16:54:13] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Client Quit)[16:55:14] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-uzxilhfkzlebdrgl> has joined #postfix[17:01:05] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[17:02:01] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Client Quit)[17:02:27] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[17:06:58] *** SteffanW <SteffanW!~steffan@185.2.243.3> has quit IRC (Quit: Konversation terminated!)[17:16:58] *** rsx <rsx!~rsx@ppp-188-174-140-47.dynamic.mnet-online.de> has quit IRC (Quit: rsx)[17:31:16] *** tachoknight <tachoknight!~tachoknig@205.178.20.7> has joined #postfix[17:36:47] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix[17:37:21] *** mikami <mikami!~scurfee@broadband-77-37-146-212.ip.moscow.rt.ru> has joined #postfix[17:38:02] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has quit IRC (Ping timeout: 265 seconds)[17:38:56] <jimpop> a cursory check of logfiles seems to suggest that I could set smtpd_tls_security_level=encrypt, if not for rfc2487 saying not to.[17:40:33] <jimpop> "This rule prevents the STARTTLS extension from damaging the interoperability of the Internet's SMTP infrastructure[17:40:37] <jimpop> "[17:41:11] <jimpop> ...written over 20 years ago...[17:41:57] <jimpop> #postfix, convince me not to do it![17:48:43] <jelly> do you want to not get mail?[17:53:35] *** qgTG_ is now known as qgTG[17:53:55] <rob0> If you're willing to lose mail, have fun. Here's a prelude:[17:54:35] <rob0> smtpd_end_of_data_restrictions = warn_if_reject reject_plaintext_session[17:55:17] <rob0> after a month or so of that logging, you can see what you will lose.[17:55:57] <rob0> report back here if it's something you're going to go through with[18:00:12] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has quit IRC (Read error: Connection reset by peer)[18:01:33] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has joined #postfix[18:26:22] <tuxick> the biggest problem with policyd is the name :)[18:26:33] <tuxick> but it's quite useful[18:31:15] <jimpop> jelly, rob0, I'm not convinced I would lose any mail.[18:32:16] <lunaphyte> i wouldn't require encryption for mx traffic, and i can't see the practical benefit even if in theory i would lose no mail[18:32:54] <lunaphyte> if all traffic you're currently getting is encrypted, then what is changing is you require encryption?[18:33:32] <lunaphyte> the only thing that changes is you're now ensuring that the traffic you eventually get that isn't encrypted is going to be lost[18:33:36] <jimpop> the bot spam that I eventually filter out down the pipe[18:33:42] <lunaphyte> it's not a change that makes anything any better[18:33:51] <tuxick> require TLSv1.3 to be extra sure[18:33:57] <jimpop> aparently TLS is hard for bots[18:34:14] <tuxick> hmm[18:34:19] <tuxick> so is my filter ;p[18:34:35] <jimpop> :-)[18:34:39] <regis> After GDPR I disallowed plaintext on some secondary MX boxes in less-trusted networks. As in "we allow all connections to primary MX with highest priority, but only encrypted ones on MX in shady/public networks". Reasoning for it is I'd rather want the message delayed (or for some reason not delivered at all) than transfered in plaintext over shady networks. I've discussed this with some clients and made[18:34:45] <regis> decisions based on logs. 220 mx3.TLS-ONLY.com ESMTP ...[18:34:48] <regis> ... Postfix - only encrypted transfers allowed (TLSv1-TLSv1.3)[18:35:12] <jimpop> n0ice[18:36:01] *** imcdona <imcdona!~imcdonald@2602:41:642e:a601:9d01:6045:e9cf:c4d8> has joined #postfix[18:36:03] <regis> I know it's not ideal, definitely not RFC-compliant at this time but for me it was the lesser of two evils.[18:37:02] <tuxick> i've been doing fine without secondary mx for ages now[18:37:08] <tuxick> but if you run one, make it anal[18:37:15] <rob0> 16:54 < rob0> smtpd_end_of_data_restrictions = warn_if_reject reject_plaintext_session[18:37:22] <jimpop> tuxick: closed tightly?[18:37:39] <rob0> last I had that going, bot spam was NOT what was getting logged[18:37:41] <tuxick> like default greylisting 10 minutes etc[18:38:17] <rob0> It was Dovecot mailing list and a few legit mass mailers.[18:38:53] <tuxick> are there topposters on dovecot mailinglist?[18:39:01] <tuxick> or does it auto-deply remote-facestabber?[18:39:05] <tuxick> deploy[18:56:26] <imcdona> Would anyone mind doing a sanity check on my postfix config? https://pastebin.com/kkf5qXF4 I want to make sure I'm not missing anything[18:57:45] <imcdona> If sender exists in /etc/postfix/senders then them send only to specific domain listed in config. Furthermore, depending on the senders address postfix may have to relay the mail via different hosts. Finally, allow local networks to send anywhere they want[19:00:03] *** Bahhumbug <Bahhumbug!jrd@psychotic/admin/jrd> has quit IRC (Ping timeout: 240 seconds)[19:03:01] *** Bahhumbug <Bahhumbug!jrd@psychotic/admin/jrd> has joined #postfix[19:20:12] <lunaphyte> "allow local networks to send anywhere they want" - not responsible. use smtp auth[19:20:26] *** davispuh <davispuh!~quassel@95.68.80.195> has joined #postfix[19:23:19] *** chowbok <chowbok!~chowbok@207.181.255.76> has quit IRC (Read error: Connection reset by peer)[19:24:57] *** chowbok <chowbok!~chowbok@207.181.255.76> has joined #postfix[19:40:53] *** echoSMILE <echoSMILE!~censured@unaffiliated/echosmile> has joined #postfix[19:59:55] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Remote host closed the connection)[20:06:29] *** indy <indy!~indy@dsl-static-104.213-160-167.telecom.sk> has joined #postfix[20:06:47] *** eramirez <eramirez!~eramirez@104.129.194.64> has quit IRC (Read error: Connection reset by peer)[20:11:56] *** heroux <heroux!sandroco@gateway/shell/insomnia247/x-awuuxgoemzujcomq> has quit IRC (Ping timeout: 265 seconds)[20:15:13] *** eramirez <eramirez!~eramirez@104.129.194.64> has joined #postfix[20:15:36] *** eramirez <eramirez!~eramirez@104.129.194.64> has quit IRC (Remote host closed the connection)[20:16:03] *** eramirez <eramirez!~eramirez@104.129.194.50> has joined #postfix[20:21:49] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Read error: Connection reset by peer)[20:24:31] <imcdona> @lunaphyte Other than that do you see anything else that could leave us open to relaying mail?[20:41:13] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[20:41:36] *** Gaaab <Gaaab!~Gaaab@k2.ilion.info> has joined #postfix[20:47:41] <jimpop> rob0: welp, first failure: Session encryption is required; from=<mailop-bounces at mailop dot org>[20:51:56] *** mikami <mikami!~scurfee@broadband-77-37-146-212.ip.moscow.rt.ru> has quit IRC ()[21:01:21] *** jink <jink!mrjink@chat.jink.net> has quit IRC (Ping timeout: 246 seconds)[21:02:16] *** jink <jink!~mrjink@chat.jink.net> has joined #postfix[21:03:55] *** heroux <heroux!sandroco@gateway/shell/insomnia247/x-ashnrlihdczoegfn> has joined #postfix[21:05:21] *** troulouliou_div2 <troulouliou_div2!~troulouli@unaffiliated/troulouliou-div2/x-0271439> has joined #postfix[21:07:32] *** nickzxcv <nickzxcv!~nick@edi.schmalenberger.us> has quit IRC (Quit: Lost terminal)[21:20:39] *** davispuh <davispuh!~quassel@95.68.80.195> has quit IRC (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)[21:22:46] *** wowas <wowas!~wowas@212.87.150.46> has joined #postfix[21:23:44] *** davispuh <davispuh!~quassel@95.68.80.195> has joined #postfix[21:37:43] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Read error: Connection reset by peer)[21:38:07] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[21:55:18] *** eramirez <eramirez!~eramirez@104.129.194.50> has quit IRC (Remote host closed the connection)[22:01:13] *** DTZUZO <DTZUZO!~DTZUZO@205.ip-149-56-132.net> has quit IRC (Ping timeout: 260 seconds)[22:02:08] *** DTZUZO_ <DTZUZO_!~DTZUZO@205.ip-149-56-132.net> has joined #postfix[22:03:02] *** wowas <wowas!~wowas@212.87.150.46> has quit IRC (Ping timeout: 268 seconds)[22:09:16] *** aniketh <aniketh!uid171160@gateway/web/irccloud.com/x-uzxilhfkzlebdrgl> has quit IRC (Quit: Connection closed for inactivity)[22:17:59] *** robinho86 <robinho86!~robson@177.96.157.126> has quit IRC (Quit: Leaving.)[22:32:18] *** phoenixz <phoenixz!~quassel@187.211.1.83> has quit IRC (Ping timeout: 258 seconds)[22:53:24] *** eramirez <eramirez!~eramirez@104.129.194.66> has joined #postfix[22:54:01] *** eramirez <eramirez!~eramirez@104.129.194.66> has quit IRC (Client Quit)[23:01:46] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has joined #postfix[23:08:14] *** Oclair <Oclair!~Oclair@www.aventia.pw> has quit IRC (Quit: %Cya%)[23:11:08] *** Oclair <Oclair!~Oclair@www.aventia.pw> has joined #postfix[23:16:43] *** Oclair <Oclair!~Oclair@www.aventia.pw> has quit IRC (Quit: %Cya%)[23:17:32] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Ping timeout: 265 seconds)[23:19:27] *** Oclair <Oclair!~Oclair@www.aventia.pw> has joined #postfix[23:23:20] *** CarlenWhite <CarlenWhite!~CarlenWhi@175.sub-174-241-132.myvzw.com> has quit IRC (Ping timeout: 265 seconds)[23:28:25] *** CarlenWhite <CarlenWhite!~CarlenWhi@179.sub-174-231-128.myvzw.com> has joined #postfix[23:33:47] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has quit IRC (Remote host closed the connection)[23:37:05] *** CarlenWhite <CarlenWhite!~CarlenWhi@179.sub-174-231-128.myvzw.com> has quit IRC (Ping timeout: 258 seconds)[23:42:41] *** CarlenWhite <CarlenWhite!~CarlenWhi@60.sub-174-241-128.myvzw.com> has joined #postfix