September 1, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
September 1, 2013 [00:00:06] *** davlefou_ has quit IRC[00:04:37] *** ced117 has quit IRC[00:30:28] <aeris> rehello[00:31:48] <aeris> I try another tutorial, but I must keep my last mail data, many year old, and have many problème[00:31:50] <aeris> http://pastebin.fr/28595[00:31:54] *** samfisher has quit IRC[00:32:18] <aeris> My old conf and system are deprecated...[00:32:41] <Patrickdk_> !tutorial[00:32:41] <knoba> Patrickdk_: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[00:33:47] <aeris> Yes but manu user don't haave time and skill to understand all the mecanism of all the software they use[00:33:59] <rob0> Stop with the tutorials. Start over with the documentation.[00:34:06] <rob0> !basic[00:34:06] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[00:34:15] <Patrickdk_> this is why people *sell* *services*[00:34:25] <Patrickdk_> if you have not the time, or skill, hire it[00:34:57] <rob0> http://wiki2.dovecot.org/QuickConfiguration[00:37:50] *** Southron has joined #postfix[00:38:14] *** samfisher has joined #postfix[00:38:14] *** samfisher has joined #postfix[00:45:09] <aeris> You're only here for belittle the user, or sometime you make something good ?[00:45:53] <jimpop> :-)[00:54:31] <thumbs> aeris: don't presuming that configuring a server is simple and skipping the documentation is acceptable.[00:54:36] <thumbs> *go[00:55:27] *** tuxIO has quit IRC[00:55:39] <aeris> I solve many problème with wiki documentations, but this error message is juste a peace of shit[00:56:31] <thumbs> ah, the tld on the pastebin site you used makes sense.[00:59:33] <aeris> Yes, I am french, bad in english, use english tutorial, documentation and software and only want to know what this error message mean[01:00:10] <aeris> Because I have find nothing help me on google[01:00:14] *** davlefou__ has quit IRC[01:00:48] <lunaphyte> pastebin postconf -Mf[01:01:52] <aeris> http://pastebin.fr/28597[01:02:50] <lunaphyte> you should use lmtp for delivery to dovecot, and you shouldn't be using virtual_mailbox_domains and virtual_mailbox_maps[01:03:02] <thumbs> and pastebin.fr is horribly slow, bleh[01:03:46] <lunaphyte> just use relay_domains and relay_recipient_maps, then just point relay_transport to dovecot[01:04:11] <lunaphyte> thumbs: it's slow for you? weird, i'm usually the one complaining about pastebin sites being slow[01:04:17] <aeris> My last server and data use virtual_mailbox_domains and virtual_mailbox_maps and not lmtp, I think I must keep this[01:04:25] <lunaphyte> no.[01:04:53] <thumbs> lunaphyte: pastebin.* usually sucks here, whereas pastebin.com takes 10+ minutes to load[01:05:03] <lunaphyte> blech[01:05:21] <aeris> I don'y know if my last mysql database is compatible with the new config[01:05:38] <lunaphyte> it is[01:08:05] <rob0> aeris, why do you think it's a good idea to insult people who try to help you?[01:08:19] <aeris> You first[01:08:39] <lunaphyte> aeris: knock it off. stay focused on your task.[01:08:40] <aeris> Sorry if I am stupid[01:08:45] <lunaphyte> wtf are you talking about?[01:08:49] <lunaphyte> who said you were stupid?[01:08:58] <lunaphyte> please stop getting carried away with your feelings.[01:08:59] <rob0> Me first? How so?[01:09:09] * thumbs makes peace with shit[01:09:10] <lunaphyte> either work on your project, or go do something else.[01:09:13] <thumbs> heh[01:12:00] <thumbs> also, a little humour never killed anyone (stress and frustration won't help you here, aeris)[01:12:18] <rob0> !calm[01:12:19] <knoba> rob0: Error: "calm" is not a valid command.[01:12:38] *** davlefou__ has joined #postfix[01:12:41] <lunaphyte> yes, definitely good to relax and lighten up. stop being so serious with everything.[01:12:48] <thumbs> rob0: looking for a "Keep calm and .." response?[01:13:20] <rob0> I was just thinking something about calmness might make a good factoid.[01:13:22] <lunaphyte> stop, drop and rofl?[01:14:43] <aeris> I forget something, I have a new problem[01:20:06] *** davlefou__ has quit IRC[01:23:03] *** sphenxes has quit IRC[01:23:46] <aeris> I activate lmtp and remove namesapce and mail receiving look working[01:24:29] <thumbs> nice running commentary, in any case[01:26:08] *** Olipro has quit IRC[01:34:30] <aeris> Sending work and mail client too, I think it's good[01:34:41] <aeris> Big thanks =')[01:39:23] *** Olipro has joined #postfix[01:41:40] *** diegows has joined #postfix[01:49:06] *** HaxCore has quit IRC[01:53:19] *** p3rror has joined #postfix[01:55:12] *** p3rror has quit IRC[01:56:45] *** p3rror has joined #postfix[01:57:55] *** mezgani has joined #postfix[01:58:03] *** kiri has joined #postfix[01:58:07] *** mezgani has quit IRC[02:06:13] *** samfisher has quit IRC[02:06:26] *** Southron has left #postfix[02:21:25] *** Olipro has quit IRC[02:24:10] *** dimitry7 has joined #postfix[02:26:17] *** howitdo has quit IRC[02:27:43] *** kiri has quit IRC[02:27:55] *** Olipro has joined #postfix[02:29:14] *** kiri has joined #postfix[02:39:59] *** Kellin has joined #postfix[02:44:52] <alnr> in logs i'm seeing 'unknown' everywhere i would expect to see a host that would be reversed from an ip. why might postfix not be doing reverse dns? dig -x <ip> works ok[02:46:06] *** trusktr has quit IRC[02:46:50] <lunaphyte> try disabling any chroots in master.cf[02:47:09] *** trusktr has joined #postfix[02:47:23] *** dimitry7 has quit IRC[02:47:57] <alnr> none there[02:50:15] <rob0> yes, did you also lookup the PTR value?[02:52:28] <rob0> Is this a distro package?[02:53:04] <alnr> its on ubuntu[02:53:22] *** dimitry7 has joined #postfix[02:54:39] <alnr> rob0 what lookup, do u mean host n.n.n.n.in-addr.arpa[02:56:37] <rob0> "dig -x <ip>" looks up the PTR. That would return a name.[02:56:54] <rob0> okay, you are wrong about chroot[02:56:57] <rob0> !debian[02:56:57] <knoba> rob0: "debian" : Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well.[02:57:37] <alnr> yes i did dig, it seems to work in returning a hostname[02:57:46] *** err-or has joined #postfix[02:58:09] *** err-or_ has quit IRC[02:58:52] <alnr> rob0: do you mean does any service in master.cf have a y in the chroot column? none do[02:59:25] <rob0> Did you read the README.Debian?[03:00:00] <thumbs> no one reads the debian readme, for any package[03:00:15] <rob0> Sigh. I've noticed.[03:00:52] *** plee has quit IRC[03:01:13] <alnr> i see it says the install is chrooted[03:01:35] *** plee has joined #postfix[03:02:48] <thumbs> most debian users think that because of all the automation that is provided, they are above reading docs and readme files[03:03:23] <alnr> any suggestions on what to do to get the reverse lookups to work?[03:04:04] <thumbs> use a worker resolver[03:04:11] <thumbs> s/worker/working/[03:04:24] <thumbs> or just disable that silly chroot[03:04:45] <rob0> Disable or fix the chroot.[03:04:49] <rob0> !chroot[03:04:49] <knoba> rob0: "chroot" : The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot, see !debug , !queue_directory and files in the examples/chroot-setup subdirectory of the Postfix source archive which show examples of a Postfix chroot environment on a variety of systems[03:05:20] <rob0> I expected that the README.Debian would have told you how to fix it.[03:05:51] <thumbs> again, proves my point[03:06:11] <thumbs> running debian doesn't magically make you capable of running a server without effort[03:08:29] <thumbs> I really think that this is the general mentality with most debian users.[03:08:56] <alnr> thanks, i'm lazy and illiterate debian user, thanks for pointing it out. i just see that none of the services in my master.cf have y in fifth column. the readme saying nothing helpful, and i dont know what debian means that the the install is chrooted when none of the services have Y for chroot[03:09:39] <rob0> Did you read the factoid?[03:10:03] <rob0> The fifth column in master.cf, if not n , means that the Postfix process described on that line runs in a chroot.[03:10:41] <alnr> right. all of the them have n[03:10:57] <rob0> you did this?[03:11:19] <alnr> ok i lied.[03:11:23] <alnr> lots of them have -[03:11:46] <alnr> so the suggestion is change them all to n?[03:12:19] <rob0> My suggestion was: 01:04 < rob0> Disable or fix the chroot.[03:14:18] <alnr> in chroot it cant do reverse lookups? not knowing why debian made these chroot i guess i want to fix chroot, how do i do it?[03:14:39] <thumbs> if you have to ask, just disable the chroot[03:14:59] <alnr> fightin words. now i want to understand how to[03:15:12] <thumbs> then read about DNS[03:18:07] <rob0> Well, we are still guessing. You have presented no evidence. My guess would be that the /var/spool/postfix/etc/resolv.conf has a bad (or no) nameserver.[03:18:33] <alnr> i was just wondering how it sources resolv.conf..[03:18:43] <rob0> sources?[03:19:48] <alnr> that one has 8.8.8.8 just like /etc/resolv.conf[03:20:02] <thumbs> alnr: is that resolver reacheable from the chroot?[03:20:24] *** Olipro has quit IRC[03:20:32] <jimpop> just 8.8.8.8 ?[03:20:46] <alnr> and 4.2.2.2[03:21:33] <rob0> ugh. BTW you can't use DNSBL lookups with open resolvers like those. You'll find that Spamhaus, and probably others, have blocked them.[03:22:03] <rob0> A public MX host should be running its own caching resolver.[03:22:38] <thumbs> I use a simple caching DNS resolver with Slackware - it works well[03:22:44] <jimpop> err, exactly "8.8.8.8" ? or "nameserver 8.8.8.8" ? also what rob0 said.[03:23:16] *** Olipro has joined #postfix[03:24:12] <alnr> sorry, yes nameserver 8.8.8.8. this is a new mx. on my others i have upstreams nameservers so maybe that is why. but googles should be able to reverse[03:24:38] <thumbs> alnr: why ignore what we say here?[03:25:00] <alnr> what am i ignoring[03:25:11] <thumbs> 2013-08-31 21:21:33 < rob0> ugh. BTW you can't use DNSBL lookups with open resolvers like those. You'll find that Spamhaus, and probably others, have blocked them.[03:25:25] <jimpop> google will also rate limit your ptr requests[03:25:44] <thumbs> being a free resolver service, I don't blame them[03:25:56] <rob0> A public MX host should be running its own caching resolver, or using one under your control at your site.[03:27:32] *** ovrstorm has quit IRC[03:27:35] <rob0> 4.2.2.2 was left open many years ago, but it is technically not free to use.[03:32:55] <Patrickdk_> there are so many *public* dns servers[03:33:29] <Patrickdk_> so many, I dunno how they ever plan to fix the dns ddos's[03:36:00] *** ovrstorm has joined #postfix[03:37:51] *** biggimat has quit IRC[03:38:29] <jimpop> rate limiting[03:39:45] <Patrickdk_> how to do descide how much of a dos the target can handle?[03:39:48] <Patrickdk_> decide[03:40:04] <Patrickdk_> plus all the different isp's[03:42:02] <jimpop> dns servers can be configured to rate limit requests per requesting ip.[03:42:39] <Patrickdk_> thinking[03:42:54] <Patrickdk_> so the public dns attack, they where spoofing the source ip?[03:43:10] <Patrickdk_> heh, idiot isp's[03:43:35] <jimpop> doesn't matter, what ever ip is hammering, it gets limited[03:43:45] <jimpop> s/what ever/each/[03:43:55] <Patrickdk_> ya, but isp's should be filtering source ip[03:43:55] <jimpop> s/is/that is/[03:44:03] <jimpop> true[03:44:05] <Patrickdk_> same for routes[03:44:28] <Patrickdk_> I forget people don't do this sometimes :) mainly everywhere in europe[03:44:36] <Patrickdk_> and asia[03:44:57] <jimpop> then they get blocked. ;-0[03:45:47] <Patrickdk_> takes hours[03:45:58] <Patrickdk_> everytime we have a bgp highjacking case[03:46:23] <Patrickdk_> I'm still in complete awe at how many 10.x source ip's I see, on my crappy isp[03:46:46] <Patrickdk_> all my other isp's, filter those[03:47:09] <jimpop> you can bring a cow to water but you can't make them drink[03:47:20] <rob0> moo[03:47:57] <thumbs> meow[03:48:06] <Patrickdk_> stop drinking the cow[03:51:57] *** exos has joined #postfix[03:54:08] *** diegows has quit IRC[04:02:17] *** Motoko has quit IRC[04:10:54] *** kirin` has quit IRC[04:12:18] *** kirin` has joined #postfix[04:18:58] *** ghoti__ has joined #postfix[04:20:30] *** ghoti has quit IRC[04:23:26] *** ghoti__ has quit IRC[04:23:54] *** ghoti has joined #postfix[04:27:41] *** tunage has joined #postfix[04:28:02] <tunage> my users are getting relay reject http://bpaste.net/show/npEC4Df7WpDJ6dZu9Uv9/[04:28:53] *** ghoti has quit IRC[04:30:37] <tunage> NOQUEUE: reject: RCPT[04:35:07] <Patrickdk_> 451 4.3.5 Server configuration error;[04:35:32] <Patrickdk_> post some real logs?[04:35:36] <Patrickdk_> 1 line != logs[04:35:48] <thumbs> Hi Brads.[04:36:01] *** ghoti has joined #postfix[04:38:16] <tunage> i figured it out[04:39:07] *** t4shi has joined #postfix[04:40:28] <thumbs> tunage: good job brad.[04:41:19] *** ghoti has quit IRC[04:41:42] *** ghoti has joined #postfix[04:43:01] *** tunage has left #postfix[04:43:20] *** sleepee has joined #postfix[04:46:36] *** machduck has joined #postfix[04:46:48] *** ghoti has quit IRC[04:47:26] *** ghoti has joined #postfix[04:47:38] *** trusktr has quit IRC[04:49:16] *** exos has quit IRC[04:49:40] <machduck> Hello. I'm having trouble disabling NDN. Any soft_bounce = no, and changing bounce -> discard in master.cf failed.[04:50:43] *** trusktr has joined #postfix[04:50:57] <machduck> Or finding any other way to mitigate NDN spam.[04:51:33] <rob0> !address_classes[04:51:33] <knoba> rob0: "address_classes" : http://www.postfix.org/ADDRESS_CLASS_README.html describes how Postfix deals with different classes of addresses: local, relay, virtual alias, virtual mailbox, and Internet.[04:52:03] <rob0> You mitigate backscatter by never accepting mail that you can't deliver.[04:52:25] <rob0> Disabling NDN is quite the wrong way to go about it.[04:52:31] *** ghoti has quit IRC[04:53:09] *** ghoti has joined #postfix[04:57:19] * rob0 afk -- read that.[05:03:55] *** donmichelangelo has quit IRC[05:04:20] *** donmichelangelo has joined #postfix[05:10:56] <machduck> yeah, i read about NDN.. And just finished reading the link. I *do* have my smtpd_recipient_restrictions and local_recipient_maps set..[05:11:29] <machduck> From what i gather that should stop backscatter. http://pastie.org/private/pjfuvu6a51g3rekyqntg[05:13:45] <thumbs> !backscatter[05:13:45] <knoba> thumbs: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.[05:14:13] <machduck> thumbs: i'm being used for generating backscatter.[05:15:34] *** jarif has joined #postfix[05:22:10] <machduck> and i read that and followed the guide. Even though i have version 2.7.1. Maybe there's some issue with ispconfig?[05:23:40] <machduck> Because i have everything set that relates to backscatter in the config. Even added smtpd_error_sleep_time = 0 just to be sure.[05:47:19] *** p3rror has quit IRC[05:50:09] <lunaphyte> what is the *actual* problem you are trying to solve?[05:50:20] <lunaphyte> are you a backscatter source?[05:53:50] <alnr> i'm still having issues with reverse dns, i've turned off chroot for all processes in master.cf, and am running a recursive dns resolver pointered to by /etc/resolv.conf. any other ideas?[05:56:53] <lunaphyte> pastebin some actual log entries which exemplify the issue[05:59:04] <lunaphyte> pastebin postconf -nf and postconf -Mf[06:00:07] <thumbs> being the *victim* of another server that backscatter is not a problem.[06:00:37] <thumbs> just notify the admin of the server that's misconfigured.[06:03:07] <lunaphyte> backscatter is weird.[06:04:12] <lunaphyte> for some reason, people seem to think they when they are generating it, they are somehow a "victim", and need to diddle unrelated postfix settings to "protect" themselves from the "attacks".[06:04:24] <lunaphyte> instead, begin by actually understanding what backscatter is[06:05:15] <thumbs> yeah[06:06:35] <thumbs> there's *nothing* you can do to *protect* yourself against your domain being used for backscatter.[06:07:25] *** mike4_ has joined #postfix[06:10:31] *** Motoko has joined #postfix[06:10:56] *** Bronze has quit IRC[06:15:12] <alnr> lunaphyte: http://pastebin.com/ddYzw3iS[06:15:39] <thumbs> well, ask rob0, short of not accepting emails you can't deliver.[06:15:43] <thumbs> but that's a given.[06:16:24] *** t4shi has quit IRC[06:17:06] <alnr> what is your opinion of recipient verification as a means of not accepting emails not deliverable[06:18:55] <thumbs> alnr: are you using virtual users?[06:19:00] <mike4_> hi so i sent an email to yahoo and it was a normal email no spam and it ended up in the spam box am i doing something wrong with the header?[06:19:10] <thumbs> !yahoo[06:19:10] <knoba> thumbs: "yahoo" : Yahoo and other providers throttle inbound connections in an attempt to reduce spam. If you're a big operator, talk to them about whitelisting. If not, just wait for the retry, your mail eventually goes through. For bulk mail issues this contact is helpful: <mail-abuse-bulk at cc dot yahoo-inc.com>[06:19:32] <alnr> thumbs: no[06:20:22] <mike4_> thumbs: well mine goes into spam.[06:20:41] <mike4_> I think it's because i didn't fill the header right.[06:20:54] <mike4_> I only have from: to: and subject:[06:21:13] <mike4_> do i need to fill in more?[06:21:53] <mike4_> mta7.am0.yahoodns.net[06:23:55] *** tuxIO has joined #postfix[06:36:45] <mike4_> hello?[06:43:14] <thumbs> dkim may help[06:54:02] *** err-or has quit IRC[06:54:32] *** err-or has joined #postfix[07:02:26] <alnr> hmm orig_client=unknown[n.n.n.n] the host comes from xforward, not a reverse lookup[07:06:30] *** tuxIO has quit IRC[07:17:29] *** maxter has joined #postfix[07:23:19] *** magyar has quit IRC[07:28:09] *** Motoko has quit IRC[07:59:19] *** jmcnaught has quit IRC[08:00:51] *** dimitry7 has quit IRC[08:09:23] *** jmcnaught has joined #postfix[08:22:42] *** iceroot_ has joined #postfix[08:40:24] *** dekae has quit IRC[08:44:10] *** dekae has joined #postfix[08:57:29] *** t4shi has joined #postfix[09:42:19] *** trusktr has quit IRC[09:49:28] *** t4shi has quit IRC[09:54:35] *** sphenxes has joined #postfix[10:02:41] *** ffiore has joined #postfix[10:03:27] *** ced117 has joined #postfix[10:04:19] *** ffiore has quit IRC[10:05:54] *** ffiore has joined #postfix[10:13:34] <machduck> lunaphyte: yes, i am a backscatter source. It's queueing up thousands of emails and legit ones can't come through.[10:16:14] <machduck> the actual problem is that all the NDN are queueing up and legit emails come through with a couple hour delay.[10:17:26] <machduck> queueing up as in outgoing from the mailer daemon.[10:18:04] <adaptr> that will only happen if postfix cannot deliver fast enough, and your machine is resource-bound.[10:18:13] <adaptr> needless to say, this is a very bad sign[10:19:10] <machduck> well when i'm hit with tens of spoofed emails a second and i'm trying to notify them all - i'd say it's a bad sign too.[10:19:39] <adaptr> notify them ? what the fuck are you notifying spoofed messages for ?[10:19:46] <adaptr> !backscatter[10:19:46] <knoba> adaptr: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.[10:20:00] <machduck> spoofed as in the return address is spoofed.[10:20:13] <adaptr> you're saying "yeah, postfix is queueing everything up because I can't backscatter fast enough"[10:20:19] <machduck> yeah[10:20:22] <adaptr> think about that for a minute[10:20:43] <machduck> that's what i've been doing. I want to stop sending out NDN..[10:21:02] <machduck> to non deliverable addresses.[10:25:12] <machduck> stop sending out NDN because of non delivery to non existent addresses in my domain*[10:26:30] <adaptr> don't accept those messages in the first place.[10:26:46] <adaptr> if you're not using a dependable DNSBL, now would be the time to start[10:26:49] <adaptr> !zen[10:26:49] <knoba> adaptr: "zen" : http://www.spamhaus.org/zen/ : A composite of all Spamhaus DNSBLs: SBL, XBL and PBL. Testing your DNSBL lookup can be done here: http://www.crynwr.com/spam/[10:28:40] <machduck> < adaptr> don't accept those messages in the first place.[10:28:49] <machduck> exactly what i'm trying to figure out how to do[10:29:01] <adaptr> ..I just told you how[10:31:13] <machduck> could you please explain how blacklisting could help? I mean the return addresses are pretty much random.. I really doubt the effectiveness of this.[10:32:09] <machduck> Much easier to check if the user exists on my domain, from a logical perspective. It's just that i can't figure out how.[10:32:48] <adaptr> yes, that is the first thing to check for any mail you accept. if you did not change the default recipient restrictions, this is what would happen.[10:33:03] <adaptr> and no, not easier. both are required.[10:38:27] *** tuxIO has joined #postfix[10:44:28] *** p3rror has joined #postfix[10:46:13] *** nfroidure has joined #postfix[10:47:58] *** davlefou has joined #postfix[10:55:35] <nfroidure> hi ![10:55:53] <nfroidure> I'm running Postfix+Dovecot[10:55:54] *** tuxIO has quit IRC[10:56:16] <nfroidure> With virtual mail servers based on MySQL driver[10:56:42] *** helmut has quit IRC[10:57:07] * waldi .o( why do all beginners start with mysql instead of simple files? )[10:57:12] <nfroidure> Currently i store mail in a /var/vmail/ directory, but i'd like to store them in /home/(unix user corresponding to the domain)/domain.com/user/[10:57:27] <nfroidure> I could do it with Dovecot with no problem.[10:57:43] <machduck> waldi: probably because of ispconfig and other panels..[10:57:55] <nfroidure> But, i've got a problem with postfix when using the pipe mechanism[10:58:39] <waldi> nfroidure: if you use mysql you have a large setup and want to use lmtp to submit mails into dovecot[10:58:40] <nfroidure> i'd like to launch the dovecot deliver process with a diferrent user depending on the domain name of the recipient mail[10:59:18] <adaptr> you'd have to ask that in #dovecot[10:59:37] <adaptr> (see above re: LMTP)[10:59:59] <waldi> nfroidure: otherwise start with a simple setup without mysql[11:00:28] <nfroidure> The fact is that on the dovecot side all is alright.[11:00:40] <waldi> does not help[11:01:27] <nfroidure> dovecot unix - n n - - pipe[11:01:27] <nfroidure> flags=DRhu chroot= user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}"[11:01:37] <nfroidure> in my master.cf file[11:02:01] <nfroidure> i'd like to replace vmail:vmail by a custom username.[11:02:14] *** davlefou_ has joined #postfix[11:02:15] <adaptr> did you find in the documentation how to do this ?[11:05:21] <nfroidure> nope, i wanted to run the command as root and do sudo -u $(domain2unixuser.sh ${domain}) -g vmail /usr/lib/dovecot/deliver but postfix refuses to run it as root[11:05:37] <adaptr> correct.[11:05:48] *** davlefou has quit IRC[11:05:54] <nfroidure> But the lmtp seems to fit my needs[11:06:15] <nfroidure> I lets dovecot manage everything i i understand well[11:06:21] <nfroidure> *It[11:06:25] <nfroidure> *f[11:06:27] <adaptr> !lmtp[11:06:27] <knoba> adaptr: "lmtp" : Local Mail Transfer Protocol, defined in RFC 2033, can be used for delivery via the Postfix lmtp(8) transport. You need an external LMTP daemon such as implemented by Cyrus or Dovecot IMAP.[11:10:20] <nfroidure> Ok, i'll try lmtp, thank you for givin me the way ;)[11:10:58] *** alnkpa2 has joined #postfix[11:18:03] *** err-or has quit IRC[11:18:29] *** grossing is now known as feuersalamander[11:18:45] *** err-or has joined #postfix[11:20:28] *** Cromulent has joined #postfix[11:20:57] *** feuersalamander is now known as Unschuldslamm[11:25:26] *** Unschuldslamm is now known as grossing[11:33:31] *** tuxIO has joined #postfix[11:47:49] *** mike4_ has quit IRC[11:48:06] *** alnkpa2 has quit IRC[11:48:31] *** Cromulent has quit IRC[12:02:48] *** davlefou__ has joined #postfix[12:05:51] *** davlefou_ has quit IRC[12:13:08] *** ice9 has joined #postfix[12:16:48] *** ovrstorm has quit IRC[12:18:36] *** ovrstorm has joined #postfix[12:18:53] *** tld has quit IRC[12:32:31] *** ice9 has quit IRC[12:41:50] *** alnkpa2 has joined #postfix[12:49:03] *** [sr] has joined #postfix[12:49:04] <[sr]> hi[12:49:25] <[sr]> how to make postfix try to deliver the messages fr X days, even if the mailbox is full ?[13:06:10] *** davlefou__ has quit IRC[13:08:08] <adaptr> don't return a 5xx status when the mailbox is full[13:13:43] *** ced117 has quit IRC[13:19:49] *** davlefou__ has joined #postfix[13:22:48] *** diegows has joined #postfix[13:27:10] *** ced117_ has joined #postfix[13:33:57] *** biggimat has joined #postfix[13:37:13] *** reith has joined #postfix[13:40:19] *** maxter has quit IRC[13:41:19] *** maxter has joined #postfix[13:54:58] *** ice9 has joined #postfix[14:03:45] *** ced117_ has left #postfix[14:03:56] *** davlefou_ has joined #postfix[14:04:11] *** ced117 has joined #postfix[14:05:14] *** cilly has joined #postfix[14:07:07] *** davlefou__ has quit IRC[14:14:01] *** cilly has quit IRC[14:14:18] *** jarif has quit IRC[14:31:33] *** reith has quit IRC[14:34:14] *** alnkpa2 has quit IRC[14:36:04] *** cilly has joined #postfix[14:39:58] *** CalinB has joined #postfix[14:44:09] *** diabel has quit IRC[14:47:06] *** diabel has joined #postfix[14:47:48] *** reith has joined #postfix[14:54:28] *** TheJH has quit IRC[14:59:13] *** TheJH has joined #postfix[14:59:29] *** jarif has joined #postfix[15:04:09] *** davlefou__ has joined #postfix[15:07:07] *** davlefou_ has quit IRC[15:10:19] *** CalinB has quit IRC[15:11:01] *** Bronze has joined #postfix[15:24:21] *** reith has quit IRC[15:25:23] *** aeris has quit IRC[15:29:43] *** maxter has quit IRC[15:54:33] *** ffiore has quit IRC[16:04:37] *** davlefou_ has joined #postfix[16:05:33] *** ffiore has joined #postfix[16:07:43] *** davlefou__ has quit IRC[16:34:48] *** mack25 has joined #postfix[16:37:34] *** galex-713 has joined #postfix[16:37:49] *** tuxIO has quit IRC[16:38:12] <galex-713> Can I send an e-mail using an alias defined in /etc/aliases?[16:38:29] *** tuxIO has joined #postfix[16:38:56] <galex-713> So the From field is “dev at galex-713 dot eu” instead of “galex-713 at galex-713 dot eu” for example[16:40:16] <lunaphyte> the from field is set by the program which generates the message[16:40:24] <galex-713> Ok[16:41:34] <[sr]> adaptr: hum.. simple then[16:41:51] <galex-713> But I’m trying to send an e-mail using “dev at galex-713 dot eu” account set in my e-mail client (Evolution), using “galex-713” account in smtp (and crypted with SSL on port 465), but that doesn’t work[16:43:05] <lunaphyte> first of all, why on earth are you using 465? that's been deprecated for well over a decade.[16:43:19] <lunaphyte> second "that doesn’t work" is a worthless problem description.[16:43:40] <lunaphyte> when describing a problem, you describe what *is* happening - not what *isn't* happening.[16:43:57] <galex-713> It says “Unable to send” or something, wait I’m retrying to get the exact error message[16:44:21] <lunaphyte> only postfix logs matter. use a pastebin.[16:44:54] <galex-713> "Error during HELO : I/O operation timed out"[16:45:01] <galex-713> And yeah I’m pasting logs[16:47:09] <galex-713> https://paste.galex-713.eu/?3890c832e160c739#pNyt2EUcT+N1Vnf4XGttnIC+jfFM6d/p7xBj9GLYD4I=[16:49:17] <galex-713> I’m now trying with 587[16:50:39] <galex-713> lunaphyte, Evolution call the 465 port the “SMTP over SSL” and the 587 port the “submission port”, I thought 465 was to 25 what 443 was to 80 ports.[16:51:00] *** maxter has joined #postfix[16:51:03] <lunaphyte> sort of[16:51:14] <lunaphyte> but it doesn't work that way in email[16:51:19] <lunaphyte> use submission, and use starttls[16:51:33] <galex-713> Then using 465 works with “galex-713 at galex-713 dot eu”[16:51:48] <galex-713> So yes I’m using 587 now[16:54:01] *** maxter_ has joined #postfix[16:54:38] <galex-713> Same error… Here’s the paste : https://paste.galex-713.eu/?d3122fd406b89ed2#4jFwvE0Yc9gx/LZClosqGlGYlbtM5EK09Sx4ZbcfhFg=[16:56:04] *** maxter has quit IRC[16:57:23] <galex-713> I’m trying with “TLS” instead of “SSL” in Evolution settings (don’t understood what’s the difference)[16:58:28] <galex-713> Log paste : https://paste.galex-713.eu/?b7f322ed3dbf241d#iyc7zyw05S7IBG0KFfZu+kF/I5jH80ozDE4dzYutVvc=[17:03:27] *** Kellin has quit IRC[17:03:59] *** Kellin has joined #postfix[17:03:59] *** Kellin has joined #postfix[17:04:58] *** davlefou__ has joined #postfix[17:06:08] *** NightTrain has joined #postfix[17:08:24] *** davlefou_ has quit IRC[17:15:57] *** Bronze has quit IRC[17:24:47] *** maxter_ has quit IRC[17:28:01] *** nfroidure has quit IRC[17:28:47] *** brenden has joined #postfix[17:29:55] *** p3rror has quit IRC[17:31:24] *** p3rror has joined #postfix[17:32:57] *** p3rror has quit IRC[17:33:57] *** p3rror has joined #postfix[17:36:59] *** p3rror has quit IRC[17:45:48] *** p3rror has joined #postfix[18:05:30] *** davlefou_ has joined #postfix[18:08:38] *** davlefou__ has quit IRC[18:09:30] *** ffiore has quit IRC[18:28:22] *** NightTrain has quit IRC[18:34:08] *** p3rror has quit IRC[18:36:10] *** p3rror has joined #postfix[19:06:13] *** davlefou__ has joined #postfix[19:06:34] *** alnkpa2 has joined #postfix[19:09:16] *** davlefou_ has quit IRC[19:09:24] *** maxter has joined #postfix[19:11:05] *** err-or has quit IRC[19:13:39] *** Motoko has joined #postfix[19:16:03] *** tuxIO has quit IRC[19:16:50] *** samfisher has joined #postfix[19:19:28] *** davlefou__ has quit IRC[19:20:01] *** davlefou has joined #postfix[19:22:15] *** maxter has quit IRC[19:23:38] <samfisher> Hi. I still get this error in maillog: NOQUEUE: reject: RCPT from unknown[188.xx.xx.xx]: 553 5.7.1 <samfisher at nodomain dot com>: Sender address rejected: not owned by user samfisher; from=<samfisher at nodomain dot com> to=<fishersam at gmail dot com> proto=ESMTP helo=<[188.xx.xx.xx]>[19:23:59] <jimpop> !poll[19:23:59] <knoba> jimpop: "poll" : please do not ask if anyone uses some program or postfix feature. Instead ask your real question.[19:24:46] <jimpop> real question: am I the only one who sees no MX for ca.ibm.com[19:24:52] <jimpop> ;-)[19:25:15] <staticsafe> jimpop: SERVFAIL[19:25:20] <staticsafe> for dig MX ca.ibm.com[19:25:26] <jimpop> yep[19:25:37] <jimpop> ty[19:26:06] <staticsafe> np[19:26:33] <samfisher> anyone know what might be my issue?[19:51:59] *** sleepee has quit IRC[20:06:39] *** davlefou_ has joined #postfix[20:09:24] *** samfisher has quit IRC[20:09:42] *** davlefou has quit IRC[20:12:18] *** samfisher has joined #postfix[20:12:19] *** samfisher has joined #postfix[20:15:39] *** cilly has left #postfix[20:17:04] <lunaphyte> samfisher: pastebin postconf -nf and postconf -Mf[20:25:43] *** samfisher has quit IRC[20:30:11] *** tuxIO has joined #postfix[20:30:35] *** roentgen has joined #postfix[20:30:35] *** roentgen has joined #postfix[20:37:49] *** samfisher has joined #postfix[20:38:01] <samfisher> lunaphyte_: thank you. here it is: http://pastebin.com/ktZBspD6[20:39:51] *** ice9 has quit IRC[20:40:26] *** trusktr has joined #postfix[20:42:30] *** potion has quit IRC[20:49:54] *** kiri has quit IRC[20:55:19] *** potion has joined #postfix[20:57:17] <samfisher> lunaphyte_: any idea?[20:59:36] *** Motoko has quit IRC[21:00:29] *** kiri has joined #postfix[21:02:13] *** Motoko has joined #postfix[21:04:12] *** Motoko has quit IRC[21:05:59] *** ice9 has joined #postfix[21:05:59] *** ice9 has joined #postfix[21:07:03] *** davlefou__ has joined #postfix[21:08:44] <jaybe> hi. preparing to research and implement dkim. using postfix with debian. recommendations for a package that handles implementation elegantly, safely, and properly? any experience, advice, direction welcomed. thanks.[21:10:14] *** davlefou_ has quit IRC[21:11:40] <lunaphyte> "implement dkim" is too vague :)[21:11:57] <lunaphyte> do you wish to sign mail, or check signed mail? [or both]?[21:12:03] <lunaphyte> samfisher: looking[21:12:39] <jaybe> lunaphyte, first order is to properly sign outgoing mail[21:12:57] <lunaphyte> i use and like opendkim[21:12:57] <jaybe> ultimately, [both][21:13:11] <lunaphyte> [for signing][21:13:14] *** trusktr has quit IRC[21:13:20] <lunaphyte> for checking, i use amavisd/spamassassin[21:13:41] <lunaphyte> samfisher: you did not pastebin what was requested[21:14:28] <jaybe> lunaphyte, great; thanks. the two i've been queuing up to research are opendkim and python-dkim. i'll start with opendkim. thanks[21:14:41] <lunaphyte> sure.[21:15:23] <jaybe> lunaphyte, i stopped using amavisd some time ago because i found postscreen so effective. curious about the value you receive form amavisd. i suppose its power provides more features and opportunities than just spam filtering.[21:16:49] <lunaphyte> like spf, dkim is poorly implemented by way way too many mail admins to be used as an empirical means for rejection.[21:17:17] <lunaphyte> but, it is still useful as a metric, when tempered with other metrics, which is exactly what amavisd does.[21:18:01] *** p3rror has quit IRC[21:20:54] <Patrickdk_> dkim is great for reputation tracking[21:21:12] <Patrickdk_> but you have to be able to scan the email to reject there[21:22:36] <jaybe> generic dkim question: host A manages a mailing list for non-profit. host A running postifx and queuing/originating messages from list which are then gateway'd to host B (privately). host B is main gateway for internet transfer. should dkim be implemented on both host A and host B? would think just host B.[21:23:35] <Patrickdk_> does it matter?[21:24:00] <Patrickdk_> though, doing it on both, is really bad idea[21:24:58] <jaybe> makes sense i suppose. the dkim should be the signature from the net-sending mail gateway. could be set either place i suppose. in that case, i'd prefer to set it at the actual gatewat.[21:25:00] <lunaphyte> host a is the mx?[21:25:23] <jaybe> lunaphyte, negative. host a = mailman box… which passed gatewaying to host b[21:25:30] <jaybe> s/passed/passes/[21:25:47] <jaybe> both are internet hosts, however, host a does not accept mail from anything other than host b (mx)[21:25:50] <lunaphyte> i don't know what "passes gatewaying" means[21:25:58] <jaybe> host a gateways through host b[21:25:58] <lunaphyte> oh[21:26:08] <Patrickdk_> I would vote dkim goes on host a[21:26:17] <jaybe> Patrickdk_, … since that's the 'true' originator?[21:26:29] <lunaphyte> so from the internet, all mail goes to, and appears to come from, host b?[21:26:32] <Patrickdk_> no, cause it would have a high probability of knowing if it should dkim or not[21:27:09] <jaybe> incoming from net = (net) -> (host b mx) -> (host a)[21:27:20] <jaybe> outgoing to net = (host b) -> (host a mx) -> (net)[21:27:32] <jaybe> host b = main gateway[21:27:34] <Patrickdk_> that makes no sense[21:27:46] <lunaphyte> uh[21:28:15] <jaybe> i'm probably not explain this properly[21:28:42] <Patrickdk_> well ya, you keep counterdicting yourself[21:28:48] <lunaphyte> yes[21:29:54] <jaybe> apologies. host B is a box running mailman to manage the lists. it receives mail via a main a main gateway.[21:31:35] <lunaphyte> heh[21:31:42] <lunaphyte> what is "a main gateway"?[21:31:58] <lunaphyte> this has become a bit cyclical :)[21:32:43] <jaybe> by 'main gateway' i mean the mail server the receives and sends email to and from the internet for the domains[21:32:49] <jaybe> sorry for confusion :p[21:33:47] <lunaphyte> so all mail traffic to and from the internet goes through one mail server.[21:34:03] <jaybe> lunaphyte, correct. the mailman box is separated from the one main mail server.[21:34:05] <lunaphyte> there is some other mail server, running mailman, which only talks to the main mail server.[21:34:31] <jaybe> lunaphyte, correct. the other mail server, running mailman, only talks to the mail mail server.[21:34:35] <Patrickdk_> (mailman) <--> (mx gateway) <--> cloud[21:34:36] <lunaphyte> finally.[21:34:39] <jaybe> main mail server[21:34:46] <Patrickdk_> net was replaced with cloud a few years ago :)[21:35:08] <jaybe> i find the term 'cloud' cliche and stenchy.[21:35:17] <Patrickdk_> but?[21:35:32] <Patrickdk_> we can thank cisco, and some sales guy talking a cisco class[21:35:40] <Patrickdk_> taking[21:35:40] <jaybe> exactly :)[21:35:49] <staticsafe> >_>[21:36:54] <lunaphyte> signing with either is really fine. you just need to sort out the details[21:37:19] <lunaphyte> if you sign with the mailman host, the main server will be adding additional headers, which can break dkim[21:37:53] <jaybe> that's what i am thinking as well. since the 'main mail server' is the one identifying itself to other mail servers, it should probably manage the dkim.[21:38:34] <jaybe> i'd like to keep the mailman box as 'passive' as possible and let the main mail server be the authoritarian.[21:38:44] <lunaphyte> sounds reasonable[21:38:56] <lunaphyte> god forbid it become sentient.[21:39:03] <jaybe> thanks for the discussion[21:39:36] <rob0> samfisher, the problem is still as it was yesterday: Sender address samfisher at whatever dot domain is not owned by user samfisher; either not listed in the smtpd_sender_login_maps or not listed as belonging to user "samfisher".[21:39:42] <lunaphyte> sure[21:40:29] <rob0> Sam, given the amount of time this is taking you to resolve, I'm sure the best idea is to disable smtpd_sender_login_maps and the reject_*sender_login_mismatch restrictions.[21:40:54] *** jarif has quit IRC[21:41:23] <jaybe> i presume 2048 key length would be sensible out of the gate[21:42:09] <rob0> The smtpd_sender_login_maps is appropriate for a large and potentially hostile userbase. If it's just you and a few friends and family, you can deal with the issue in different ways -- it's not likely to come up with a small, trusted userbase.[21:42:23] <lunaphyte> jaybe: i use 4096[21:42:39] <Patrickdk_> for dkim?[21:42:44] <Patrickdk_> that is huge[21:42:52] <Patrickdk_> or do we not rotate dkim keys ever? like google?[21:42:57] <lunaphyte> hmm?[21:43:06] <jaybe> lunaphyte, glad to know that; i'd prefer 4096[21:43:20] <Patrickdk_> dkim is not about security, a small key is good[21:43:26] <lunaphyte> yes.[21:43:28] <Patrickdk_> but you where suppost to rotate that key weekly or monthly[21:43:32] <lunaphyte> and a large key is also good[21:43:39] <Patrickdk_> gmail used a 512byte key, and never rotated it[21:43:47] <Patrickdk_> ya, large is fine, to burn cpu :)[21:44:04] <lunaphyte> pfft[21:44:25] <Patrickdk_> how will I get my spam out? cost me too much in cpu's[21:44:28] <jaybe> it's not being regenerated every mailing. it's merely being included.[21:44:40] <Patrickdk_> jaybe, not true[21:44:47] <Patrickdk_> it's being generated on each email[21:44:48] *** jarif has joined #postfix[21:45:04] <lunaphyte> well, it's being used, yes.[21:45:22] <Patrickdk_> yes, the email has to be signed using the key, to create the dkim headers[21:45:32] <Patrickdk_> the dkim is generated on each email[21:45:34] *** ice9 has quit IRC[21:45:46] <jaybe> Patrickdk_, i'm listening/learning. admittedly new to this piece.[21:45:53] <Patrickdk_> but I suppose this is normal these days[21:46:01] <Patrickdk_> with all websites going ssl only[21:46:18] *** alnkpa2 has quit IRC[21:46:32] <Patrickdk_> hmm, does dkim support ecc keys yet? that could really burn some cpu[21:53:36] *** ced117 has quit IRC[22:07:45] *** davlefou_ has joined #postfix[22:10:23] *** davlefou__ has quit IRC[22:27:54] *** jarif has quit IRC[22:48:25] <jaybe> lunaphyte, Patrickdk_, i'm curious as to your approach to implementing dkim by associating individual domains with unique keys or by signing with a common key associated with the main mail server.[22:48:56] <lunaphyte> it's a function of administrative boundaries[22:49:37] <lunaphyte> if it's just a bunch of domains for the same organization, i don't typically use multiple keypairs[22:50:20] <Patrickdk_> I normally use one key per server[22:50:38] <Patrickdk_> that key can be on as many domains as you want[22:50:50] <lunaphyte> there is some argument for security, etc, versus administrative convenience, but that's typically immaterial since almost invariably, the private keys are all on the same computer[22:51:16] <jaybe> that helps; i think using one key associated with the mail server and thereby all the domains that are routed/trusted through it would make sense.[22:51:36] <Patrickdk_> if you setup your key right[22:51:55] <Patrickdk_> you can do ns entries, so you only have one point to update all domains[22:52:46] <Patrickdk_> I guess cnames could work there too[22:52:49] <jaybe> in `dig`ging around, i'm curious why i don't find/see dkim entries in dns for common players, such as gmail, yahoo, etc.[22:53:05] <Patrickdk_> dunno, gmail and yahoo both use it[22:53:08] <Patrickdk_> yahoo created it[22:53:33] <jaybe> that's why it's odd to me; i can't acquire their public key via dig -t txt or the likes[22:53:47] <Patrickdk_> so you know their selector?[22:54:18] <Patrickdk_> s=echoe; d=yahoogroups.com[22:54:47] <jaybe> re: key setup. i thought i read a blurb that stating something about being able to leverage external references like SPF records can to get records from a master. e.g. _spf.domain.com[22:55:21] <jaybe> e.g. redirect _spf.domain.com ~all;[22:55:42] <Patrickdk_> dig txt echoe._domainkey.yahoogroups.com[22:56:11] <jaybe> Patrickdk_, i think i was mistaken and was expecting results from the primary domain, which doesn't make sense. my bad i think.[22:56:31] <Patrickdk_> find an email signed with dkim on the primary domain[22:56:34] <Patrickdk_> and you will have it[22:56:57] *** davlefou_ has quit IRC[22:57:15] <jaybe> gmail: s=20120113[22:57:21] <jaybe> at least in this particular case[22:57:44] *** davlefou has joined #postfix[22:58:01] <Patrickdk_> dig txt 20120113._domainkey.gmail.com[22:58:10] <jaybe> nod[22:58:11] <Patrickdk_> not how gmail NEVER fucking rotates their keys[22:58:19] <Patrickdk_> they got us into this mess in the first place[22:58:52] <jaybe> i know the selector chosen is arbitrary but is there any reasoning behind it? i suppose a date would be fine.[22:59:08] <Patrickdk_> I used week of the year[22:59:13] <Patrickdk_> rotated my key weekly[22:59:29] <Patrickdk_> exactly how the dkim rfc's recommended[23:03:03] <jaybe> so in generating the key, one would use -d with the host/domainname of the mail server based on the way we're discussing it, using one key for the mail server/domains[23:05:11] *** howitdo has joined #postfix[23:06:40] *** jarif has joined #postfix[23:06:46] <Patrickdk_> what is a -d?[23:07:05] <Patrickdk_> I personally use weeknum.hostname as mine[23:08:15] <jaybe> Patrickdk_, referring to directions regarding creating the key: $ opendkim-genkey -b 1024 -d example.com -s selector1[23:08:18] *** p3rror has joined #postfix[23:08:33] <Patrickdk_> dunno anything about opendkim[23:08:42] <Patrickdk_> and this isn't #opendkim so that was not ovious[23:08:47] <lunaphyte> i never really bothered with those commands.[23:08:50] <jaybe> perhaps the -d is just for reference[23:08:53] <lunaphyte> it's just a wizard[23:08:53] <Patrickdk_> I have never used opendkim[23:09:07] <jaybe> Patrickdk_, understood; lunaphyte and i were discussing opendkim initally[23:09:18] <Patrickdk_> in this case, the -d is just to create idiot proof dns entries[23:09:41] <jaybe> lunaphyte, nod; i think the wizard just uses the -d to include a comment or form the dns entry. just checking.[23:09:43] <lunaphyte> yeah[23:11:16] *** davlefou has quit IRC[23:11:51] *** sphenxes has quit IRC[23:19:12] <jaybe> if i am leveraging a cleanup service via master.cf, will that re-inject whereby i would need to specify, e.g.: -o receive_override_options=no_milters ?[23:19:29] <jaybe> … to avoid double dkim[23:19:54] *** alexbst has quit IRC[23:20:42] <jaybe> i don't think cleanup would be considered a second smtp process[23:24:06] *** Creamz has quit IRC[23:25:06] *** davlefou has joined #postfix[23:26:00] *** alexbst has joined #postfix[23:31:05] *** s0ber has quit IRC[23:32:35] *** s0ber has joined #postfix[23:41:50] *** [sr] has quit IRC[23:49:54] <jaybe> postfix chroot/socket thing was fun to identify and work around. :\ :p[23:50:05] <jaybe> lunaphyte, Patrickdk_, up and running; thanks again for discussion and clues.[23:50:24] <lunaphyte> you're welcome[23:50:32] <lunaphyte> i prefer to use inet sockets.[23:50:42] <lunaphyte> that way you need not worry about chroot[23:50:47] *** master_o1_master has joined #postfix[23:51:26] <jaybe> inet sockets, e.g. bound to 127.0.0.1?[23:53:10] <jaybe> i prefer unix sockets when possible. i solved with a mount bind.[23:54:00] *** master_of_master has quit IRC[23:55:14] <lunaphyte> sure, 127.0.0.1 or whatever interface is appropriate[23:55:55] *** snearch has joined #postfix[23:58:10] <jaybe> do you just list each domain you want to sign for (opendkim) as a separate block in opendkim.conf; e.g. Domain, Keyfile, Selector. or do you set that once to main mail server adn then use ATPSDomains to list the other domains represented?[23:58:22] <lunaphyte> i use ldap[23:58:54] <jaybe> do you employ ATPSDomains? config states its experimental[23:59:02] <jaybe> # List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures[23:59:44] <lunaphyte> no.[23:59:55] <lunaphyte> i don't have any third party domains