October 8, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
October 8, 2013 [00:00:48] *** s0ber has quit IRC[00:00:50] *** s0ber_ is now known as s0ber[00:14:57] *** davlefou_ has quit IRC[00:20:47] *** robinho86 has quit IRC[00:28:53] *** Zelest has joined #postfix[00:28:57] *** err-or has joined #postfix[00:37:09] <khelair> Hello everybody. I've got a bit of a question that I'm having trouble finding appropriate documentation on. I have a BBS running on a machine that I've recently gotten postfix working on, and it's working great for standard system mail. However, if the user is not found in /etc/passwd or the aliases database, I'd like to have it forward to another SMTP server (the BBS's one) on localhost:26. Also, I'd like to be able to enable relaying fro[00:37:09] <khelair> m the BBS email subsystem through postfix, as well. Can anybody point me to the correct spot in the docs to look for how to do these options without breaking something else, as I've already done a few times? I would greatly appreciate it. TIA[00:38:54] <adaptr> !tell khelair transport_maps[00:38:54] <knoba> khelair: "transport_maps" : a configuration parameter in the main.cf: Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) for details.[00:39:01] <adaptr> !tell khelair fallback_relay[00:39:01] <knoba> khelair: "fallback_relay" : a configuration parameter in the main.cf: Optional list of relay hosts for destinations that can't be found or that are unreachable.[00:39:09] <adaptr> !tell khelair relayhost[00:39:09] <knoba> khelair: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[00:39:23] <adaptr> plenty of documentation[00:39:26] <adaptr> !tell khelair basic[00:39:26] <knoba> khelair: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[00:39:57] <khelair> thank you sir, my google-fu was sucking earlier, obviously I'd not had enough coffee. I appreciate your pointing me to the correct sections to RTFM. :)[00:40:12] <adaptr> I recommend starting with the last one[00:42:03] <khelair> understood; it is my first time using postfix as opposed to sendmail or exim.[00:42:35] <adaptr> basically, you could set a relayhost to whatever you please, but that doesn't automagically allow all mail to pass[00:42:47] <adaptr> you'd have to be more specific on what you want to allow[00:44:52] <adaptr> I'd also be inclined to ask why a BBS is handling SMTP[00:45:38] *** nutron has quit IRC[00:46:58] <monoglets> I'm trying to configure postfix and I can send email, but cant receive properly.. my logs is here http://paste.debian.net/52915/[00:47:07] <monoglets> someone could gentle help[00:49:57] <adaptr> !tell monoglets loopback[00:49:57] <knoba> monoglets: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains[00:52:36] *** twb has joined #postfix[00:54:29] <monoglets> adaptr, is this problem about sending mail? but I sent well... i just cant receive[00:59:10] *** monkwitdafunk has quit IRC[00:59:53] <khelair> knoba, sorry to pester, but when you mentioned 'destinations that can't be found or that are unreachable', is that talking about a hostname or a particular UID?[01:00:07] <khelair> I guess I don't know the semantics well enough yet :|[01:00:32] <khelair> er adaptr, I guess[01:00:33] *** freezey has quit IRC[01:01:48] *** jarif has quit IRC[01:02:11] *** freezey has joined #postfix[01:06:07] *** nihe has quit IRC[01:06:19] *** gu1lle_ has quit IRC[01:06:44] *** nihe has joined #postfix[01:11:42] <monoglets> so I can send email and receive by my network, but outside I just can send... someone know what could be the reason?[01:14:28] *** freezey has quit IRC[01:16:19] *** freezey has joined #postfix[01:25:35] <khelair> I guess you guys are afk, or sick of people like me not being able to pull it properly out of the FM, but if anybody could tell me if I'm onto the right idea or not by setting up a fallback_transport = relay:unix:192.168.1.104:26 in main.cf to pass it off to the other SMTP on the same machine running on nonstandard port 26 I would greatly appreciate it[01:27:09] <lunaphyte> what is it you're actually trying to do?[01:28:57] <pj> for starters you shouldn't be using a port in the (lower) system range for a non-standard port. Use a high numbered port in the user port range.[01:29:14] <lunaphyte> 26 is lmtp anyway[01:29:26] <pj> it is? IANA lists it as unassigned[01:29:46] <pj> secondly you probably hsould be using the submission port for your transport.[01:31:24] <pj> oh, another SMTP on the same machine? why 192...? why not use localhost? or is it another VM on the same physical host?[01:32:03] <lunaphyte> yeah, not officially. i should have been clearer. i thought i recalled the unofficial defacto being 26. but i don't recall where now.[01:33:54] <khelair> well, I have postfix set up to handle standard incoming and outgoing SMTP on my externally facing machine just fine, and it's working alright[01:34:04] <khelair> however, I have a BBS with SMTP capabilities running on that server, as well.[01:35:19] <khelair> there are significant issues with that SMTP subsystem of the BBS, so I'm trying to set it up so that if the user isn't found in /etc/passwd or the aliases file, it'll forward to whatever nonstandard port (I can make it above 1024 if 26 is taken); also I need postfix to be able to accept connections from the BBS's SMTP subsystem in order to relay it to the outside world, but I'm pretty sure I've got that part nailed down now[01:35:36] <lunaphyte> for a basic, starter, beginner mail server setup, things like fallback_transport, relay:unix, port 26, other mail servers running on the same computer, etc, do not belong.[01:35:48] <lunaphyte> where have you come up with all of this convolution?[01:36:12] <lunaphyte> even for more complex involved setups, those are not part of a logical recipe[01:36:24] <khelair> to work around OpenBSD incompatibilities in the BBS code that have made the mail subsystem fubar on my machine, as I'm the only person running it on OpenBSD[01:36:27] *** loompek has quit IRC[01:37:02] <khelair> seemed like relaying to and from postfix might be an easy way to do it. If you have better suggestions, the BBS coders do not, and I would love to hear them.[01:37:12] <lunaphyte> so this is all in an attempt to compensate for the idiosyncracies/deficiencies of some other smtp server that you cannot abandon?[01:37:21] <khelair> yeah[01:37:37] <khelair> the other workaround I could do is give a shell account to each of my BBS users, and I'm not willing to do that[01:38:01] <lunaphyte> what is this software and why is it required from an email/smtp perspective?[01:38:07] <khelair> although... now that I think about it I could code something to run a restricted version of alpine or mutt or some client to read from the mailspool from them, probably, but that'd take quite awhile to implement[01:38:47] <khelair> Synchronet 3.16; it's not required, but I like having my users able to access DOVE-Net netmail, fidonet netmail, all of the echoes, and be able to do standard internet email along with local system mail all in the same user-friendly package[01:39:11] <khelair> and on any other mainstream OS, the different Linux variants, 'doze variants, OS/2, etc, all of those subsystems work fine[01:39:27] <khelair> it's just on OpenBSD something in reply.cpp corrupts the hell out of my mailbase, and I'm hoping this might work around it[01:39:46] <khelair> bbiaf, gotta feed the kid[01:44:20] *** freezey has quit IRC[01:46:20] <khelair> back, if yr still willing to offer opinions[01:48:19] <lunaphyte> i have to tend to dinner, but i'll be back in a bit[01:48:50] *** exos_ has joined #postfix[01:49:10] *** freezey has joined #postfix[01:51:28] *** exos has quit IRC[01:51:40] <khelair> a'ite, I'll be afk for a little bit, too[01:53:51] <rob0> LMTP's unofficial default port is 24, or at least that's the default used by the Postfix lmtp client.[02:01:24] *** zerick has quit IRC[02:03:27] <khelair> eh, fuggit, I got it working how I want. local postfix isn't relaying for me, which is what I really want, but it's forwarding to the BBS smtp subsystem when it should, and it's using an external smtp relay to get stuff out of the BBS, so they're working more or less hand in hand[02:03:37] <khelair> I'm open to suggestions on how to make this not such an ugly hack, though[02:03:49] *** hallamigo has quit IRC[02:14:11] *** freezey has quit IRC[02:15:38] *** loompek has joined #postfix[02:25:15] <rob0> I understand that "BBS" is "bulletin board system", like the old DOS things we used to call with our modems. But I do NOT understand what the BBS is doing with SMTP.[02:28:40] <lunaphyte> same here, i guess.[02:29:09] <lunaphyte> do people connect to this bbs and then from within its interface, do email things?[02:30:35] <lunaphyte> does the bbs software listen via smtp in some capacity, and does it connect via smtp to other smtp servers?[02:30:56] <rob0> If the BBS receives mail, you need to maintain a complete list of its addresses.[02:32:07] <rob0> (And I would not recommend having those addresses in the same domain as what Postfix thinks it owns.)[02:32:13] *** Leandros has quit IRC[02:35:23] <lunaphyte> in a *very* loose, vague, sense, i get a "postfix + mailman" sort of vibe, just in terms of what might be logical as far as integration between the two.[02:42:32] *** gu1lle_ has joined #postfix[02:45:19] *** dvl has left #postfix[03:05:51] *** err-or has quit IRC[03:18:52] *** _H33HaW has joined #postfix[03:23:16] *** midnightmagic has joined #postfix[03:37:21] *** leprechau has joined #postfix[03:38:30] *** leprechau has quit IRC[03:47:51] *** leprechau has joined #postfix[03:50:19] *** monkwitdafunk has joined #postfix[03:54:56] *** Azelphur has joined #postfix[03:56:53] <Azelphur> Hi folks, trying to get my first postfix setup working. Testing by sending an email from the postfix server (bitex) to my personal email (azelphur at azelphur dot com, google apps), however the error in mail.log seems to indicate it can't connect to google to deliver the mail, which is bizarre. Any ideas? here's the error from mail.log: http://pastebin.com/J1kYjStn[03:58:40] <lunaphyte> from the server running postfix, can you telnet to 173.194.65.26 on port 25?[03:59:21] <Azelphur> lunaphyte: nope, it times out[03:59:39] *** khelair has left #postfix[03:59:41] <lunaphyte> so then that's not bizarre at all, is it?[03:59:51] <lunaphyte> until you can do that, postfix certainly can't[04:00:04] <Azelphur> lunaphyte: I suppose not, however, google mail is up, I can receive emails from elsewhere[04:00:32] <lunaphyte> well of course google mail is up.[04:00:36] <Azelphur> indeed[04:00:40] <Azelphur> that's why it's confusing xD[04:00:45] <lunaphyte> i guess i'm not sure what you mean by "however" :)[04:00:56] <lunaphyte> what would be confusing?[04:01:07] <lunaphyte> can you telnet to other mail servers on port 25?[04:01:41] <Azelphur> lunaphyte: ah, I think this may be as simple as my host blocking outgoing port 25[04:01:49] <Azelphur> I thought they'd unblocked it, they may not have[04:01:56] <lunaphyte> quite probable, yes.[04:02:07] <twb> Residential ISPs tend to do that by default to discourage botnets[04:02:19] <lunaphyte> many do, especially residential providers[04:02:23] <lunaphyte> oh. heh.[04:02:48] <Azelphur> well, it's a VPS, they do block 25 by default but I thought I was unblocked, I guess not[04:02:53] <Azelphur> I'll go nudge them :)[04:04:50] *** gyutyuglf has joined #postfix[04:09:21] *** midnightmagic has quit IRC[04:12:01] <monoglets> warning: TLS library problem: 26035:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('/etc/ssl/cert.pem','r'):[04:12:06] <monoglets> how to solve this[04:14:20] <lunaphyte> !tell monoglets getting_help[04:14:20] <knoba> monoglets: "getting_help" : before asking your question, provide a pastebin which includes relevant log data and your config. see !pastebin, !relevant_logs and !showconfig for instructions on doing this.[04:14:44] *** midnightmagic has joined #postfix[04:20:00] <monoglets> so could someone look to my issue: http://paste.debian.net/53057/[04:25:48] *** gyutyuglf has quit IRC[04:27:56] <lunaphyte> please completelyfollow the instructions in the factoid that was shared with you.[04:28:03] <lunaphyte> *completely follow[04:28:55] <lunaphyte> until then, all i can say is "No such file or directory" "/etc/ssl/cert.pem" seems quite straightforward to me[04:30:30] <monoglets> what more could I give[04:33:07] *** colt has joined #postfix[04:34:39] <lunaphyte> read the factoid.[04:34:48] <lunaphyte> do what it instructs.[04:35:01] <lunaphyte> i don't know it could be any clearer[04:37:01] *** leprechau has quit IRC[04:37:32] <monoglets> why to enable tls?[04:38:08] <lunaphyte> i can't understand that sentence.[04:49:12] <monoglets> smtp_use_tls = yes[04:55:40] *** leprechau has joined #postfix[05:21:00] *** nathan10001 has joined #postfix[05:21:49] *** nathan10001 has quit IRC[05:23:47] <pj> !smtp_use_tls[05:23:49] <knoba> pj: "smtp_use_tls" : Obsolete main.cf setting to enable STARTTLS in smtp(8) client connections. For Postfix 2.3 and later, see http://www.postfix.org/postconf.5.html#smtp_tls_security_level instead.[05:23:57] <pj> monoglets: obsolete ^^^^^[05:24:20] <monoglets> ??[05:24:44] <monoglets> ok[05:32:18] *** jarif has joined #postfix[05:52:26] *** Borg has quit IRC[05:55:26] *** MHQ-Johnny has joined #postfix[06:00:13] *** donmichelangelo has quit IRC[06:00:44] *** donmichelangelo has joined #postfix[06:02:08] *** joobz has quit IRC[06:09:11] <monoglets> why postfix remove my message after delivery to mailbox?[06:13:43] <mjt> should it keep delivering it again and again ad infinitum?[06:15:23] <monoglets> so why its not there?[06:15:52] <monoglets> on my inbox[06:17:28] <pj> monoglets: postfix can't remove messages from your inbox.[06:17:57] <monoglets> so I'm dont understanding the logs[06:18:14] <pj> show the logs that you don't understand[06:24:08] <monoglets> ok[06:28:16] *** jarif has quit IRC[06:28:38] <monoglets> pj: http://paste.debian.net/53133/[06:29:05] <pj> are you talking about this line? Oct 8 00:25:51 mantodea postfix/qmgr[26985]: 736631E198: removed[06:29:35] <monoglets> do you understand what happened after I try to send an email outside my server to my server?[06:29:56] <monoglets> I cant receive it[06:30:04] <monoglets> and its the log[06:30:04] <pj> it was delivered locally.[06:30:08] *** colt has quit IRC[06:30:28] <monoglets> but isnot in my inbox..[06:30:31] <pj> the line that says removed simply means that postfix removed it from the queue after delivering hte message, that's normal.[06:30:38] <pj> you're probably looking in the wrong place.[06:30:47] <monoglets> I use roundcube[06:30:52] <monoglets> so, should be there[06:30:53] <pj> has something to do with this: Oct 8 00:25:51 mantodea postfix/trivial-rewrite[27013]: warning: do not list domain monoglets.org in BOTH mydestination and virtual_mailbox_domains[06:31:03] <pj> fix that.[06:31:49] <monoglets> if i send locally it go to the right place[06:32:06] <monoglets> im not looking to the worng place[06:32:40] <pj> fix that warning first.[06:32:47] <monoglets> so can I remove my domain from mydestination?[06:32:49] <monoglets> ok[06:35:20] <monoglets> lol[06:35:22] <monoglets> its done[06:35:24] <monoglets> hahahahhaha[06:35:33] <pj> and it works, right?[06:35:41] <monoglets> yes[06:36:14] <pj> of course it does, like I said before you were looking in the wrong place. Postfix was delivering it locally and you were looking in the virtual mailbox.[06:36:35] <monoglets> yes[06:36:42] <monoglets> you was right[06:37:04] <monoglets> working fine[06:37:12] <pj> it was all right there in your logs.[06:38:02] <monoglets> thank you pj[06:38:07] <pj> yw :-)[06:39:46] *** exos has joined #postfix[06:42:11] <monoglets> is there something more complete than roundcube?[06:42:14] *** exos_ has quit IRC[06:42:49] <pj> for webmail? I use roundcube for webmail, but I rarely use webmail.[06:43:05] <monoglets> yes[06:43:19] <monoglets> I'm also using it[06:43:30] <pj> what features are you looking for?[06:43:44] <monoglets> just something with more tools[06:43:52] <monoglets> like fonts to increase the text[06:43:59] <monoglets> more options[06:44:21] <pj> use a real client, like Thunderbird.[06:45:05] <monoglets> good idea[06:48:26] <monoglets> now will create a full documentation[06:49:00] *** Borg has joined #postfix[06:53:27] *** mohshami has joined #postfix[06:53:41] <mohshami> hey guys, I have a running postfix server and tried to configure milters, Postfix seems to be ignoring the setting completely, any idea what I'm missing?[06:58:49] <pj> !tell mohshami welcome[06:58:49] <knoba> mohshami: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![06:59:02] <pj> !tell mohshami getting_help[06:59:02] <knoba> mohshami: "getting_help" : before asking your question, provide a pastebin which includes relevant log data and your config. see !pastebin, !relevant_logs and !showconfig for instructions on doing this.[07:04:23] <mohshami> pj: thanks mate, was about to paste that info :)[07:04:38] <mohshami> !showconfig[07:04:38] <knoba> mohshami: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[07:05:20] <mohshami> postconf -nf http://pastebin.com/T5EVBkwp[07:05:54] <mohshami> postconf -Mf http://pastebin.com/FMifkvjd[07:06:15] <mohshami> !relevant_logs[07:06:16] <knoba> mohshami: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[07:06:48] <mohshami> There is nothing related to the milter setup showing in the log[07:07:56] <pj> I'm not getting into an argument over this, if you want help, then show relevant logs.[07:08:30] <mohshami> pj: sure, 1 min[07:10:43] <mohshami> pj, it's quite a busy server, will events related to a single message be enough?[07:10:56] <mohshami> sorry, my bad[07:11:07] <mohshami> pj, here you gohttp://pastebin.com/bJw1LvUT[07:11:07] <pj> yes, I only want to see log entries for one message[07:11:17] <mohshami> pj, here you go http://pastebin.com/bJw1LvUT *[07:13:04] <pj> is that connection coming from port 25, or submission or smtps?[07:13:07] *** bolt has joined #postfix[07:13:11] *** bolt has joined #postfix[07:13:31] <mohshami> port 25[07:14:02] <pj> hrmmmm, ok, well first off you shouldn't be using port 25 for submission ...[07:14:20] <mohshami> it's a PHPList setup[07:14:42] <mohshami> I started this job a couple of day ago, I will replace it soon :)[07:15:12] <pj> are you sure it's cming via port 25 and not pickup?[07:15:31] <mohshami> yep, I did a telnet to port 25 myself[07:15:41] <pj> ok, yeah, and it would be.[07:16:36] <pj> one sec[07:16:49] <mohshami> take your time[07:17:58] <pj> you did do a "postfix reload" after making the changes, right?[07:18:32] <mohshami> yep, and a restart[07:18:37] <mohshami> just to make sure[07:22:19] <pj> I can't see anything wrong with it.[07:23:43] <pj> let me double check what it should show.[07:26:34] <pj> are you sure the milter isn't running? postfix logs won't show the connection to the milter.[07:26:47] <mohshami> pj, sorry was AFK[07:26:52] <mohshami> nope, nothing[07:27:26] <pj> does your milter do any logging?[07:27:58] <mohshami> yep, and it's only showing entries for startup/shutdown[07:28:15] <pj> ok, what does netstat -lntp show?[07:31:06] <mohshami> netstat -ln http://pastebin.com/upvYgqCt[07:31:12] <mohshami> tp are not valid on freebsd[07:31:43] <pj> ugh, freebsd[07:31:56] <mohshami> even stopping the milter doesn't show any errors in maillog[07:32:30] <pj> it looks like "l" isn't valid either, I need to see listening sockets.[07:33:05] <mohshami> ok let me check[07:33:21] <pj> that said, that does actually show a connection was just established to port 8891 recently, which indicates that postfix is actually connecting to the milter: tcp4 0 0 127.0.0.1.8891 127.0.0.1.41397 TIME_WAIT[07:34:08] <pj> so I'd suggest that the problem is in the milter.[07:34:44] <mohshami> http://pastebin.com/QXb9Euw8[07:35:17] <mohshami> I set postfix to return a tempfail if the milter doesn't work, and messages are passed without issues[07:37:13] <pj> which suggests that the milter is simply returning successfulyl without doing anything.[07:37:34] <mohshami> I stopped the milter and the same thing happens[07:37:45] <pj> hrmmmm[07:38:59] <mohshami> been working on this for a while :([07:39:04] <pj> well, tbh I can't see why it's not working.[07:39:23] <pj> wait for someone smarter than me, or post to the mailing list.[07:39:37] <mohshami> thanks a million mate :)[07:40:21] <pj> yw[07:59:56] *** mibofra has quit IRC[08:00:22] *** mibofra has joined #postfix[08:00:31] *** mibofra has quit IRC[08:00:53] *** mibofra has joined #postfix[08:01:29] *** mibofra has quit IRC[08:01:53] *** mibofra has joined #postfix[08:02:11] *** mibofra has quit IRC[08:02:23] *** mibofra has joined #postfix[08:02:53] *** Guest983 has joined #postfix[08:03:23] *** mibofra- has joined #postfix[08:05:06] *** err-or has joined #postfix[08:05:25] *** jmcnaught has quit IRC[08:07:05] *** twb has quit IRC[08:10:12] *** Cromulent has joined #postfix[08:22:08] *** maxter has joined #postfix[08:39:38] *** Cromulent has quit IRC[08:43:02] *** softmanpetro has joined #postfix[08:43:10] <softmanpetro> how can I test sending email with auth ?[08:43:31] *** err-or has quit IRC[08:43:52] *** err-or has joined #postfix[08:46:16] *** jmcnaught has joined #postfix[08:49:30] *** exos_ has joined #postfix[08:52:05] *** exos has quit IRC[08:52:17] *** olegfusion has joined #postfix[08:52:30] *** exos_ has quit IRC[08:53:18] <softmanpetro> I am always asked for password[08:53:32] *** softmanpetro has quit IRC[08:57:56] *** LLckfan has joined #postfix[08:58:00] <LLckfan> Does any1 know how to get a stale house smell out of a clean house without opening windows?[08:58:18] <tuxick> fart[08:58:57] <survietamine> stale = dirty ?[08:59:06] <LLckfan> Not dirty[08:59:11] <LLckfan> The house is clean[08:59:47] <survietamine> to get a <clean> house smell out of a clean house ? :)[08:59:56] <survietamine> sorry, I'm really not fluent in English[09:00:01] *** steven4455 has quit IRC[09:01:22] <survietamine> LLckfan: so what is the answer of your joke ?[09:01:35] <survietamine> was it fart ?[09:01:54] <LLckfan> IT IS NOT A JOKE[09:02:28] <survietamine> hmmm, wait, I'm searching for translation[09:02:33] <survietamine> "riddle"[09:02:37] <survietamine> is it the word ?[09:03:46] *** wdp has joined #postfix[09:03:46] *** wdp has joined #postfix[09:03:52] *** err-or has quit IRC[09:04:04] <LLckfan> nop joke or riddle[09:04:39] <survietamine> oh, you are selling products ? :)[09:05:12] <LLckfan> no[09:05:16] *** _mohshami has joined #postfix[09:05:29] <LLckfan> I am asking because the house I live in has a stale order[09:05:34] <LLckfan> odere*[09:07:19] <survietamine> odour ?[09:07:26] *** mohshami has quit IRC[09:07:38] <LLckfan> odour[09:09:23] *** jarif has joined #postfix[09:10:01] <survietamine> I think you have to find why it smells stale[09:10:22] <survietamine> but, it is really not the purpose of this channel[09:10:38] *** Borg- has joined #postfix[09:10:53] *** ovrstorm- has joined #postfix[09:11:08] <LLckfan> The house is clean[09:11:12] *** LLckfan has left #postfix[09:12:29] *** Rewt`_ has joined #postfix[09:12:38] *** failure_ has joined #postfix[09:13:00] *** stephanj has joined #postfix[09:13:00] *** fbh_ has joined #postfix[09:13:20] *** stephanj has quit IRC[09:13:20] *** stephanj has joined #postfix[09:13:24] *** drakkhen_ has joined #postfix[09:15:42] *** Dessa_ has joined #postfix[09:15:58] *** _mohshami has quit IRC[09:16:11] *** famicom` has joined #postfix[09:16:25] *** temik has joined #postfix[09:17:49] *** Borg has quit IRC[09:17:50] *** stephan48 has quit IRC[09:17:51] *** todd_dsm has quit IRC[09:17:53] *** cali has quit IRC[09:18:02] *** drakkhen has quit IRC[09:18:02] *** miniyo has quit IRC[09:18:02] *** ovrstorm has quit IRC[09:18:03] *** muh2000 has quit IRC[09:18:04] *** Dessa has quit IRC[09:18:09] *** temikus has quit IRC[09:18:09] *** failure has quit IRC[09:18:10] *** famicom has quit IRC[09:18:13] *** fbh has quit IRC[09:18:14] *** Rewt` has quit IRC[09:18:24] *** davlefou has joined #postfix[09:23:12] <jelly-home> that dude was a known troll, survietamine[09:24:23] *** miniyo has joined #postfix[09:25:06] *** todd_dsm has joined #postfix[09:25:13] *** cali has joined #postfix[09:37:04] *** davlefou_ has joined #postfix[09:39:06] *** davlefou has quit IRC[09:55:47] *** eagles0513875 has joined #postfix[09:57:09] <eagles0513875> hey guys my postconf -n output is here i keep getting a relay access denied and I'm not sure why I'm comparing the main.cf to one which is on a working system and everything matches[09:57:12] <eagles0513875> http://pastebin.com/JnC0sAeU[09:58:59] *** [dmp] has quit IRC[09:59:06] *** dmp_ has joined #postfix[09:59:18] *** dmp_ is now known as [dmp][10:02:00] *** Dessa_ has quit IRC[10:02:00] *** Dessa_ has joined #postfix[10:03:50] *** nbg has joined #postfix[10:07:02] *** muh2000 has joined #postfix[10:13:21] *** omgs has joined #postfix[10:14:19] *** winux has joined #postfix[10:16:00] <winux> how would I route emails being sent to username at localhost dot local to the username@locahost inbox ?[10:22:02] *** gu1lle_ has quit IRC[10:24:44] <survietamine> winux: aliasing ?[10:25:02] <omgs> Hi[10:25:56] <omgs> I'm running a linux mail server using debian, postfix, and mailman (there are no individual mail boxes)[10:26:53] <omgs> From time to time, I get a handful of tries to several users of hotmail.com, but improperly formed[10:26:58] <winux> survietamine: adding an entry to myorigin looks like it did the trick[10:27:27] <omgs> Thus, I get the warning "warning: Illegal address syntax from RCPT ..."[10:28:07] <omgs> The messages are like <'user at hotmail dot com'>, no idea why[10:29:01] <omgs> It might be this because hotmail has put my ip in a blacklist, so I wonder if there's something can I do the prevent these to be processed and be discarded[10:30:05] <blueskin> possible it's someone testing your server, are the actual source IPs microsoft IPs?[10:30:39] <blueskin> I get a lot of yahoo.com.tw accounts testing mine for open relaying to other yahoo.com.tw accounts, but they are all random IPs[10:31:50] *** muh2000 has quit IRC[10:32:05] <survietamine> omgs: maybe some clients wrote <'localpart at example dot com'> instead of '<localpart at example dot com>', I've seen that on some Outlook iirc[10:32:46] <survietamine> were our users...[10:33:19] <survietamine> I don't know how they wrote that syntax (from the addresses book or some auto completion...)[10:33:53] <tuxick> hmm, looks like the outlook.com flood stopped. finally[10:33:57] <adaptr> omgs: what does "handful of tries to hotmail" mean ?[10:35:22] <omgs> adaptr, survietamine: it's not an external smtp server, so the only connections are from localhost[10:35:53] <adaptr> omgs: what does that mean ? how does it receive email,ever ?[10:36:06] <survietamine> omgs: in my cases, were our users sending wrong messages with bad rcpt headers[10:36:19] <omgs> adaptr: it's running mailman lists[10:36:20] *** davlefou__ has joined #postfix[10:36:40] <adaptr> none of that answers my questions[10:36:46] <survietamine> omgs: did you check your mailman subscriptions table ?[10:37:11] <omgs> So, apart from the real origin, I wonder if it's possible to filter these in order to not be even queued[10:38:05] <adaptr> omgs: they will never be accepted by postfix. show logs that invalid addresses are accepted by postfix.[10:38:10] *** jelly has quit IRC[10:38:47] *** jelly has joined #postfix[10:39:06] *** muh2000 has joined #postfix[10:39:07] <omgs> adaptr: I take that "warning" means "I'll try to deliver it, even if I don't like it"[10:39:28] *** davlefou_ has quit IRC[10:39:33] *** winux has quit IRC[10:39:44] *** zorg1 has joined #postfix[10:40:14] <omgs> For instance: "postfix/smtpd[15225]: warning: Illegal address syntax from localhost.localdomain[127.0.0.1] in RCPT command: <'XXXX at hotmail dot com'>[10:40:37] <omgs> Of course, I've replaced the address with XXXX[10:40:55] <omgs> There are many different addressed[10:41:29] <omgs> But I'd like to make sure that nothing of these get to hotmail servers[10:47:12] <blueskin> checked for any bugs in mailman relating to it if that's the source?[10:52:36] *** DND has joined #postfix[10:53:09] <DND> hi guys i need to relay mails to another server. i have used this: http://marcelog.github.io/articles/configure_postfix_forward_all_email_smtp_gateway.html[10:53:16] <DND> but its not relaying.[10:53:21] <adaptr> !tell dnd tutorial[10:53:21] <knoba> dnd: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If something goes wrong, they have no clue whatsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not The Proper Way.[10:53:33] <adaptr> !tell dnd basic[10:53:33] <knoba> dnd: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[10:53:37] <adaptr> !tell dnd relayhost[10:53:37] <knoba> dnd: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[10:55:26] *** Dazax has joined #postfix[10:59:28] *** gyutyuglf has joined #postfix[10:59:47] <jiffe99> I have postfix setup to sasl auth via dovecot and then have a default_transport to redirect all mail to our spam filter. dovecot auth is done via ldap and what I would like to be able to do is put a flag in ldap that would indicate mail from this authenticated user should be put somewhere else, either in a local folder or directed to a different server, or maybe just add something to the header. Is there a[10:59:49] <jiffe99> way to do something like this?[11:07:08] <DND> also why mail command is looking for sendmail.cf[11:17:31] *** jad_jay has quit IRC[11:21:51] <survietamine> is an address with two @ valid ?[11:26:55] *** ffiore has joined #postfix[11:30:26] *** nevstah has joined #postfix[11:33:21] <nevstah> !welcome[11:33:22] <knoba> nevstah: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![11:37:52] *** davlefou_ has joined #postfix[11:39:30] <omgs> DND: What means "its not relaying?"[11:39:38] <omgs> Does it even try to relay?[11:40:18] *** davlefou__ has quit IRC[11:40:54] <nevstah> hi all, i've got postfix up and running and generally no problems at all, but *sometimes* an invalid outbound mail is rejected 'unknown host' which is great, but the message sits in the deferred queue rather than being rejected properly - can someone point me in the right direction of where to start resolving this please? logs all look as you would expect[11:42:07] <omgs> nevstah: what is the destination mail domain?[11:43:30] <nevstah> omgs: there have been several, but currently i have mail to bajstrup-rejser.dk sat in the queue[11:44:06] <omgs> What I mean is how does your server contact the mx of the destination mail server[11:45:03] <nevstah> sorry, we have a windows dns server on the LAN, postfix uses this, there is no BIND installed[11:46:43] <omgs> nevstah: that's not an issue, you try with "host" command from your server[11:52:00] <nevstah> host just returns not found: 2(servfail)[11:52:40] *** eagles0513875 has quit IRC[11:52:50] <omgs> nevstah: there it is[11:53:46] <nevstah> i understand, but why is it not rejected?[11:54:23] <omgs> nevstah: there is a delay until postfix decides the mail has to be rejected[11:55:28] <omgs> take that if there's a temporary server problem, the mail has to be retried for some time[11:55:52] <nevstah> omgs: ok, i did not realise that, thanks. so thats in response to 'servfail'?[11:56:37] *** davlefouAMD has joined #postfix[12:07:14] *** armin has quit IRC[12:07:20] <omgs> nevstah: do you understand how a mail to a @foo.com is delivered?[12:07:57] *** UQlev has joined #postfix[12:10:02] <nevstah> omgs: i see that postfix looks for a MX record for the recipient domain, then if available, contacts that server to query if the address is valid and then to deliver[12:10:56] <nevstah> but i do not understand why postfix attempts to connect to an A record, when no MX record exists[12:11:09] <nevstah> omgs: is that what you are asking?[12:12:02] <omgs> nevstah: more or less, yes[12:13:07] <pj> nevstah: it depends on what exactly caused the rejection. In some cases postfix will reject the mail (5xx code) and in some cases it will defer it (4xx). The defaults for what postfix does when can be changed but I don't recommend it, they are pretty sane defaults.[12:13:24] <omgs> the way to deliver a mail to its domain is by delivering it to the mail server of the domain, which is defined in the mx record of its dns zone[12:13:33] <pj> as for this...[12:13:34] <pj> [23:10] <nevstah> but i do not understand why postfix attempts to connect to an A record, when no MX record exists[12:14:06] <nevstah> omgs: i understand that yes[12:14:10] <pj> the reason is because it is valid to not have an MX record but just put your server on an A record.[12:14:25] <pj> postfix is imply following the appropriate RFCs.[12:14:28] <pj> *simply[12:16:05] <omgs> nevstah: the "host" command tries to find the mx record, too, but if it can't find none, as in your case, no mail can be delivered to that domain meanwhile[12:16:17] <nevstah> pj: ok - i couldnt see any reference in the postfix docs, but maybe i didnt look hard enough - couldnt understand why mail to an A record was being deferred instead of rejected, but maybe its the same reason as the previos above[12:17:47] <pj> nevstah: as I said, it depends. If it looks like there is a DNS error then postfix will defer, if it looks like the DNS is correct and is simply stating that the domain does not exist then postfix will reject.[12:17:50] <omgs> nevstah: Host bajstrup-rejser.dk not found: 1(FORMERR)[12:18:17] <omgs> FORMERR != NXDOMAIN, so something wrong is happening with the domain[12:18:28] <pj> if there is no MX record but there is an A record postfix will attempt to deliver to the A record and if no server answers postfix will assume that the server is down and will defer.[12:18:30] <nevstah> pj: ok thanks[12:20:03] <pj> right, postfix in this case is explicitly getting a response saying there is a DNS error, so it is correct to defer, because there is every reason to believe that the DNS error will be fixed and a later delivery attempt will be successful.[12:22:21] *** olegfusion has quit IRC[12:24:53] <nevstah> thats great. i didnt think postfix was doing anything wrong, i just could not see the right answer, thanks for the help[12:25:18] *** gyutyuglf has quit IRC[12:30:47] *** gyutyuglf has joined #postfix[12:32:50] *** UQlev has quit IRC[12:37:17] *** davlefou__ has joined #postfix[12:40:46] *** davlefou_ has quit IRC[12:53:11] *** DND has quit IRC[12:56:38] <nevstah> if i send a message to nevstah at foo dot com but foo is configured to only listen on localhost, postfix cannot deliver because the connection is correctly refused, but deferred - foo.com has an A record, but intentionally no MX record - how do i avoid the defer? is it a postfix config, or iptables?[12:58:51] *** donmichelangelo has quit IRC[12:59:08] *** donmichelangelo has joined #postfix[13:06:00] *** asdzxc has joined #postfix[13:06:06] <asdzxc> hi[13:08:33] <asdzxc> i'm having problem with virtual aliases set by this:[13:08:33] <asdzxc> account1 -> account2[13:08:33] <asdzxc> account2 -> account1[13:08:50] <asdzxc> so both accounts will be synchronized[13:09:34] <asdzxc> this was fully working in Postfix 2.7 but i'm having problem with Postfix 2.9 - getting error 'Alias expansion error'[13:09:36] <asdzxc> any ideas?[13:09:50] *** eagles0513875_ has quit IRC[13:15:18] *** gyutyuglf has quit IRC[13:15:42] *** gyutyuglf has joined #postfix[13:17:21] *** yezariaely has joined #postfix[13:29:05] <pj> asdzxc: I'm not aware that would ever have worked, it is an endless loop.[13:29:31] <asdzxc> it was really working[13:30:05] <asdzxc> Postfix was smaty enough to NOT expand the alias second time while delivering[13:30:08] *** sach has joined #postfix[13:30:08] <asdzxc> *smart[13:30:41] <asdzxc> anyway, any ideas how to resolve this?[13:30:47] <pj> maybe your postfix 2.7 was patched to allow this.[13:31:25] <pj> I honestly can't say for sure why it worked for you before, but postfix doesn't work that way normally.[13:32:20] <asdzxc> is there any simple way how to check if alias is cyclic? so i can, for example, deny creating such aliasses[13:33:32] <survietamine> isn't that logged as alias loop by your postfix ?[13:33:46] *** sniffells has quit IRC[13:34:19] <asdzxc> where exactly is should be logged?[13:34:31] <pj> asdzxc: not at creation time, no, but postfix will detect it when there is an attempt to use it.[13:34:56] <pj> asdzxc: you might be able to do something with virtual_alias_recursion_limit[13:35:08] <pj> but really you should avoid such constructs.[13:36:39] <asdzxc> our users are creating such dump aliasses :([13:37:30] <tuxick> you allow users to create aliases??[13:37:35] *** davlefou_ has joined #postfix[13:38:52] <asdzxc> yes[13:39:11] <asdzxc> they are restrict to their domains only[13:39:23] <asdzxc> *restricted[13:39:30] *** mroe has joined #postfix[13:39:33] <tuxick> still :)[13:39:42] *** mroe has quit IRC[13:39:49] <survietamine> postfixadmin ?[13:40:22] * survietamine would like to get some alternative to postfixadmin[13:40:51] *** davlefou__ has quit IRC[13:41:17] <asdzxc> no, we have our own system[13:41:52] <asdzxc> tuxick: i don't see any problem in it. they own the domain so they are allowed to create any e-mail aliasses on it[13:43:20] <pj> asdzxc: the main problem has to do with backscatter.[13:44:00] <pj> user creates an alias to a non-existent account somewhere. postfix accepts email to that user, then tries to forward it to the non-existant account.[13:44:14] <pj> the other server rejects and postfix bounces[13:44:23] <pj> spammers abuse and you get backscatter.[13:44:29] <asdzxc> pj: our system does not allow creating aliasses for non-existent accounts[13:44:56] <asdzxc> if account is delete so are all it's aliasses[13:45:04] <pj> asdzxc: or an existing account that goves over quota, or ends up getting deleted on a later date.[13:45:24] <pj> asdzxc: I don't mean that the account on your system is non-existant[13:45:37] <pj> I mean the account that the alias points to is non-existent,.[13:45:48] <tuxick> oh well, i also provide this, but the user interface does some checking :)[13:45:57] *** mroe has joined #postfix[13:46:38] <tuxick> that's forwards, they have to use sieve for that[13:46:38] <asdzxc> pj: it's not an alias, we call this a 'forward'. but we are also allowing to create any forwards. i don't see how this can be abused[13:47:30] <pj> asdzxc: as a spammer I send spam to your postfix with your account foo, and a spoofed envelope sender.[13:47:46] <pj> your account foo attempts to forward to external account bar.[13:48:05] <pj> you know what, why am I explaining all this[13:48:10] <pj> !tell asdzxc backscatter[13:48:10] <knoba> asdzxc: "backscatter" : see http://www.postfix.org/BACKSCATTER_README.html - Basically backscatter are bounces sent to innocent systems. A spammer sent email in behalf of the victim's system. Undeliverable emails get bounced to the victim.[13:53:07] <pj> and forwards and aliases are largely interchangeable terms.[13:53:30] *** Section1 has joined #postfix[13:55:56] *** bungalo has joined #postfix[14:02:25] *** eagles0513875 has joined #postfix[14:05:10] *** eagles0513875 has quit IRC[14:05:10] *** eagles0513875 has joined #postfix[14:05:11] *** eagles0513875 has joined #postfix[14:08:37] *** sysdef has quit IRC[14:08:51] *** sysdef has joined #postfix[14:14:50] <asdzxc> pj: with the idea you are describing it is impossible to create any forwards as they can anytime became backscatter things[14:16:09] <rob0> Same-envelope forwarding to servers you do not control is very risky. Eventually you forward some spam, and the destination site will consider you the spammer.[14:17:41] *** higuita has quit IRC[14:18:00] <asdzxc> the same applies for 'vacancy' autoresponders[14:18:17] <asdzxc> every single autoresponders can be used for backscattering[14:19:43] <rob0> Autoresponders (on a personal email account) are impossible to implement properly.[14:19:59] <lunaphyte_> yup. autoresponders are dumb enough and problematic enough to begin with let alone backscatter issues.[14:20:29] <asdzxc> and still every e-mail provider is offering them..[14:20:37] <lunaphyte_> autoresponders are like read reciepts. they solve a non problem that doesnot actually need solving.[14:20:51] <lunaphyte_> sure, of course they do. what would that have to do with anything?[14:20:57] <lunaphyte_> *does not[14:20:58] <rob0> but people who don't understand email demand them[14:21:15] <rob0> demand != correctness[14:25:38] <tuxick> just got another panicky mail[14:25:57] <tuxick> "i'm expecting urgent email, and it hasn't arrived! it's GONE!!!"[14:26:12] <lunaphyte_> "dear mailer-daemon..."[14:26:15] <tuxick> :)[14:31:37] *** MaximusColourum has joined #postfix[14:37:39] <survietamine> rob0, lunaphyte_ : so what should people do when they are out of office or on holidays ?[14:37:55] <survietamine> to notice senders that they are not available ?[14:37:58] <survietamine> just not answer ?[14:38:09] *** davlefou__ has joined #postfix[14:38:42] <rob0> You think you can implement it properly? I bet you can't. :)[14:39:25] <survietamine> no, but yes, I did provide via maildrop+mailbot or sieve this "feature"[14:39:43] <rob0> and it will bite you[14:40:05] <survietamine> so I read what you wrote here about that[14:40:13] <survietamine> and now I'm wondering what to do[14:40:26] <survietamine> if I remove these, what should I tell to users ?[14:41:01] <survietamine> personnally, I don't set autoresponder when i'm not working, but they ask for[14:41:12] *** davlefou_ has quit IRC[14:41:14] <tuxick> i find it extremely annoying[14:41:37] <survietamine> i set mailbot to only answer once a week[14:41:39] <rob0> that's your tightrope to walk. Sometime one of your users will set it and it will go haywire.[14:41:50] <survietamine> and with maildropfilter, I added "if" conditions[14:42:26] <survietamine> today, with new postfix+dovecot they set it with roundcube sieve plugin[14:42:42] <survietamine> I can remove, but what would I tell them to do ?[14:44:02] <survietamine> for my team, I don't need this "i'm not working, please send mails to my teamate at mymate at example dot com" because we are using mailing list[14:44:13] <rob0> Again, I cannot answer that and will not attempt to do so. Good luck.[14:47:19] <tuxick> into old issue again: mailman tries to batch mails to accounts in same domain, if one account no longer exists, mail to the others stays in queue for days[14:47:20] *** eagles051387|2 has joined #postfix[14:47:28] <eagles051387|2> hey guys has anyone in here used postfix admin before in here?[14:47:36] <tuxick> should i fix this on postfix or mailman?[14:47:57] <eagles051387|2> hey tuxick[14:47:58] <tuxick> well right now it's a postfix issue anyway[14:48:00] <tuxick> lo[14:49:56] <eagles051387|2> i have a very annoying issue which im not sure waht the issue is. i have a wordpress website with some rewrite rules. and basically im trying to run the setup for postfix admin as such http://ADDRESS/postfixadmin/setup.php but since the address is associated with a vhost the wordpress site's vhost is picking it up as well as the rewrite rules and giving me a 404 page .[14:50:19] <eagles051387|2> woudl the issue im experiencing be an issue of rewrite and me needing to adjust my rewrite rules for the site?[14:50:19] <asdzxc> thnx, bye[14:50:21] *** asdzxc has left #postfix[14:51:06] <survietamine> tuxick: isn't that esmtp vs lmtp ?[14:51:16] <eagles051387|2> hey survietamine[14:51:54] <survietamine> rob0: so your opinion is that rfc like 5436 are useless and won't never be helpful ?[14:52:09] <survietamine> hello eagles051387|2[14:52:22] <eagles051387|2> how are you survietamine[14:52:46] <survietamine> eagles051387|2: your question is not about postfix[14:52:59] <survietamine> eagles051387|2: it is about your httpd[14:53:18] <eagles051387|2> ok i had a hunch it was potentially an issue with my rewrite rules[14:53:39] <tuxick> survietamine: it's about outgoing mails, so definitely not lmtp[14:53:51] <tuxick> but i'm not sure where to look[14:53:52] <survietamine> eagles051387|2: anyway I dislike wordpress[14:54:06] <eagles051387|2> its better then drupal or joomla[14:54:12] <eagles051387|2> joomla i find too confusing to work with[14:54:13] <survietamine> tuxick: ah sorry, we are using SYMPA, not mailman, cannot help you[14:54:20] <eagles051387|2> drupal is a spam paradise[14:55:10] <tuxick> well point is that queue gets stuck if one single address bounces[14:55:11] <survietamine> eagles051387|2: I won't discuss these CMS here[14:55:25] <tuxick> i'm sure that's something to fix in postfix configuration[14:55:33] <tuxick> but i don't even know how to get queue running again[14:55:49] <tuxick> since it's a bunch of mails sharing one ID[14:55:56] <survietamine> tuxick: isn't the mta your server is talking to that use esmtp ?[14:56:14] <survietamine> the destination server[14:56:17] <tuxick> setting default_destination_concurrency_limit to 1 might fix it[14:56:32] <tuxick> both are postfix anyway[14:57:39] <survietamine> eagles051387|2: I guess you set something like listen x.x.x.x on your httpd[14:57:57] <eagles051387|2> vhost has *:80[14:58:22] <survietamine> you should ask to your web server channel[14:58:26] *** monoglets has quit IRC[14:58:27] <tuxick> it's not a postfix issue anyway[14:58:30] <survietamine> and provide them your settings[14:58:38] *** master_o1_master has joined #postfix[15:01:35] *** monoglets has joined #postfix[15:01:40] <eagles051387|2> i am survietamine i think rewrite has something to do with it[15:01:59] *** master_of_master has quit IRC[15:04:45] <nevstah> what would be the correct way to permanently reject all external mail so that a sending server does not defer mail to try later?[15:10:11] *** mroe has quit IRC[15:10:49] *** mroe has joined #postfix[15:11:22] <survietamine> eagles051387|2: your are not survietamine, I am :)[15:11:46] <survietamine> eagles051387|2: and if you are talking about web redirections, it is not #postfix related[15:12:10] <eagles051387|2> lol[15:12:19] <eagles051387|2> are you named after a medication survietamine[15:13:16] <survietamine> your nickname is more exotic than mine, I don't have digits nor pipes in mine[15:14:15] <survietamine> nevstah: do you mean that you want to "refuse to talk" to some server ?[15:14:22] *** tolkor has quit IRC[15:14:55] *** gyutyuglf has quit IRC[15:14:58] *** Ether_Man has left #postfix[15:15:06] *** mroe has quit IRC[15:15:12] <tuxick> hmm[15:15:58] <tuxick> why on earth do i see "delivery temporarily suspended" in mailq, while it's a definite "user unknown" when i try rcpt to: myself?[15:16:16] <nevstah> survietamine: i'd like it to refuse to talk to *all* external servers[15:16:20] *** tolkor has joined #postfix[15:16:54] *** gyutyuglf has joined #postfix[15:17:56] *** robinho86 has joined #postfix[15:18:36] <survietamine> nevstah: ah, so your server has an internet ip address but must not listen to port 25 when requests come from Internet ?[15:19:46] <nevstah> survietamine: yes thats correct, i'd prefer mail to be instantly rejected if possible[15:21:12] <eagles051387|2> a different question then my last one[15:21:32] <eagles051387|2> if i have system users and i switch to virtual users do they still use the users Maildir in their home directory?[15:24:04] <survietamine> nevstah: does your server have multiple interface (eg : 1 for the Internet, I for LAN/WAN...) ?[15:25:37] <nevstah> survietamine: no, there is lo and eth0 (WAN), no LAN connectivit[15:26:09] <nevstah> i have set inet_interfaces to localhost only[15:26:42] <survietamine> I've never set that, and then, your postfix stills listen on the internet interface ?[15:27:31] <survietamine> you've seen it with netstat/ss ?[15:28:37] <nevstah> from the public perspactive, port 25 is closed, so its not listening, which is what i want, but if you send an email to the domain, it just sits in the queue as 'deferred'[15:28:59] *** eagles0513875 has quit IRC[15:29:02] <nevstah> maybe what i am asking is not possible?[15:29:27] <survietamine> who is sending mail to ?[15:29:36] <survietamine> a locally process ?[15:29:49] <jwing> if you aren't listening to the port, anyone sending to you has no option but to defer until your MX's are tried and their configured timeout expires[15:30:04] <jwing> i.e. typically 5 days[15:30:07] <nevstah> yes, local scripts send mail which is processed by postfix then delivered externally[15:30:25] <survietamine> hmm[15:30:28] <lunaphyte> if you want to reject, you must listen, so the program can perform the rejection[15:30:49] <survietamine> your scripts send mails to external addresses ?[15:31:04] <nevstah> lunaphyte: i think thats what i'm looking for, listen - but accept nothing[15:31:25] <lunaphyte> what is this all actually for?[15:31:30] <rob0> "smtpd_recipient_restrictions=reject" (and soft_bounce not set), permanently rejects all mail.[15:31:44] <rob0> However, you have no control over the clients.[15:31:52] <survietamine> yes, what to goal to set up a mail server that won't accept any message ?[15:31:53] <nevstah> rob0: thanks[15:32:12] <rob0> A client with soft_bounce=yes (or equivalent) will retry.[15:32:26] <jwing> survietamine: who accepts mail for your domain? e.g. postmaster?[15:32:33] <nevstah> its a server i have taken over, mail is sent out, but with a 'replyto' configured for a different domain[15:33:04] <jwing> err.. nevstah.. sorry.. wrong tag :)[15:33:05] <lunaphyte> so this server is not an mx?[15:33:10] <nevstah> :)[15:33:10] <survietamine> nevstah: maybe you should set a null client[15:33:33] <jwing> does anyone accept mail for that domain?[15:33:38] <survietamine> jwing: is your question related to nevstah problem ?[15:33:43] * jwing nods[15:33:52] <survietamine> jwing: or did you really ask this for my own domains ?[15:34:04] <jwing> no.. i meant to tag nevstah on that questoin[15:34:09] <survietamine> ok[15:34:17] <lunaphyte> jwing: explain yourself man! :p[15:34:20] <jwing> lol[15:34:40] <jwing> basically.. no domain should be sending email for which no one is accepting email[15:34:56] <jwing> abuse@ and postmaster@ are required mail boxes[15:34:59] <nevstah> jwing: noone accepts any mail for this domain ever (currently)[15:35:08] <jwing> then it shouldn't be sending any mail[15:35:10] <lunaphyte> is it a real domain?[15:35:23] <nevstah> let me elaborate more...[15:35:29] <lunaphyte> yes, please.[15:35:32] <rob0> Reply-To: is not an adequate replacement for using a valid envelope sender.[15:36:39] *** eagles0513875 has joined #postfix[15:36:47] <rob0> If you're sending bulk mail, you MUST accept and handle the bounces. (And you should know more about email before attempting to send bulk mail at all.)[15:36:52] <rob0> !esp[15:36:52] <knoba> rob0: "esp" : Email Service Provider[15:37:25] <rob0> If money is at stake, spend a bit of it to hire an ESP who can do it right.[15:37:55] <nevstah> the server has several domains, (vhosts) some domains send/receive mail, some dont - the ones that do, have a MX record pointing to a totally different server[15:38:33] *** davlefou_ has joined #postfix[15:39:01] <lunaphyte> um, that doesn't make sense[15:39:25] <nevstah> so mail is going out as foo.com from server1 and being received by server2. bar.com does not send or receive mail but is on server1[15:40:53] *** gyutyuglf has quit IRC[15:40:53] <tuxick> rob0: several large dutch publishers fail to handle bounces[15:41:04] <tuxick> i didn't even manage to contact them[15:41:14] <lunaphyte> if the mx record for a domain points to some other computer, how could this computer you're talking about "have" said domain?[15:41:28] *** davlefou__ has quit IRC[15:42:16] <jwing> if you have example.com's MX on server 1 and server 2 sends mail for example.com, then where are you seeing/experiencing defer'd email for example.com?[15:46:13] <nevstah> jwing: what you said works fine, but when foo.com is on the same server as example.com but doesnt wish to send or receive mail as foo.com - this is where hotmail.com (as an example) see's mail deferred to foo.com[15:46:43] <rob0> "doesnt wish to send or receive mail as foo.com"?[15:46:52] <rob0> !tell nevstah example[15:46:52] <knoba> nevstah: "example" : Example.TLD has been reserved for examples in generic top-level domains (com,net,org) and many other TLDs. Please do not use real Internet names as examples.[15:47:40] <rob0> A sender address is normally set in the MUA or whatever you're using to generate the mail.[15:47:49] <nevstah> oops, sorry, i was referring to the 'example' jwing was using[15:47:54] <jwing> nevstah: you aren't making sense. If it's not sending nor receiving for a domain, then what is causing mail to be sent to the domain? and if nothing is sending for the domain, who cares if someone else sends to a non-mail enabled domain.[15:47:57] <rob0> Postfix by default does not care what sender address you use.[15:48:27] <rob0> Anyway, I was not answered before, so I am losing interest.[15:48:54] <jwing> e.g. I have example.net .. I don't send mail on that domain. So, I don't care if some idiot tries to send mail to the domain.[15:49:04] <nevstah> sorry if i missed your question rob0[15:49:25] <jiffe99> I have postfix setup to auth via dovecot and have a default_transport to redirect all mail to a filter. dovecot auth is done via ldap and what I would like to do is put a flag in ldap that would indicate mail from this authenticated user should be put somewhere else, either in a local folder or directed to a different server, or maybe just add a header. Is there a way to do something like this?[15:50:26] <rob0> jiffe99, that is not the purpose of default_transport, it is the purpose of content_filter.[15:50:43] <nevstah> jwing: i get what you mean, but users on my main server try to send emails because they try and guess email addresses, i don't care, just would be nice to keep my queue clean[15:50:43] <rob0> Headers are not used in mail routing.[15:51:25] <jiffe99> rob0: adding a header is just one of my ideas, I just want to be able to do something other than send to the filter[15:51:42] <jiffe99> rob0: based on something in ldap and not sure how I would go about that[15:51:52] <jwing> don't accept mail for domains which you are not willing to handle. i.e. if you have some MSA want to send mail from example.net and you don't allow mail to be sent from that domain, reject it at the submission.[15:52:53] <tuxick> gr[15:54:29] <rob0> Why don't you want to filter submission mail? Your users are immune from malware?[15:56:08] <nevstah> i've resolved my problem by opening up the port rather than trying to close it - now mail gets rejected :)[15:56:18] <jwing> use the "check_sender_access" on the submission to prevent your users from attempting to send email for which they are not authorized.[15:56:50] <jwing> otherwise, you might as well just allow your users to spam the world from any number of domains for which they are not authorized.[15:56:57] <jiffe99> rob0: no and thats why I am doing this, the filter doesn't catch everything, if they do something obvious I want to flag the account so that the mail will go elsewhere and we can manually check it and verify the suspicion.[15:58:47] <rob0> Oh. Usually a rate limit will be triggered by these. I have seen quite a few, and they always exceed normal human sending rates by orders of magnitude.[15:59:20] <rob0> Also, I have yet to see one which didn't trigger a URIBL rule.[16:00:03] <jiffe99> rob0: unfortunately we have lots of legitimate mailing lists that trigger these too so we needed to turn of rate limiting[16:00:20] *** donmichelangelo has quit IRC[16:01:00] *** donmichelangelo has joined #postfix[16:02:16] <jiffe99> spammers seem to be hitting us pretty hard the past month or two and they find something that makes it through because we get complaints[16:05:26] <rob0> So I guess what you want is to continue accepting spam from a known compromised user, but quarantine it rather than relay.[16:06:22] <jiffe99> correct, until we verify it and then I can shut off auth on that user so we stop accepting mail until they change their password[16:07:10] <rob0> Postfix still does not have a check_sasl_access restriction (although it has been considered and might eventually be implemented.) So basically the only way to do that is to use a policy service.[16:07:21] <rob0> !postfwd[16:07:21] <knoba> rob0: "postfwd" : http://postfwd.org/ : A Postfix policy daemon to combine complex restrictions in a ruleset. See also http://www.postfix.org/SMTPD_POLICY_README.html[16:07:28] <rob0> !policyd[16:07:28] <knoba> rob0: "policyd" : http://www.policyd.org/ : an anti-spam Postfix policy daemon which can manage throttling of email and a variety of other things not handled by Postfix directly. Look for \"cluebringer\" in your OS package system.[16:07:52] *** mibofra- has quit IRC[16:08:12] *** mibofra has joined #postfix[16:08:17] *** mibofra has quit IRC[16:08:24] <rob0> Personally, I have no problem with rejecting a submission client which has exceeded reasonable limits. (Those limits should be published in your ToS.)[16:08:42] *** mibofra has joined #postfix[16:09:12] *** mibofra has joined #postfix[16:09:14] *** mibofra has quit IRC[16:09:42] *** mibofra has joined #postfix[16:10:12] *** mibofra has joined #postfix[16:15:05] *** nevstah has left #postfix[16:20:54] *** sniffells has joined #postfix[16:37:40] *** MaximusColourum has quit IRC[16:38:21] *** MaximusColourum has joined #postfix[16:42:14] *** davlefou_ has quit IRC[16:55:20] *** davlefou_ has joined #postfix[17:01:29] *** Dazax has quit IRC[17:04:41] *** freezey has joined #postfix[17:07:00] *** todd_dsm has quit IRC[17:07:27] *** freezey has quit IRC[17:08:00] *** freezey has joined #postfix[17:12:58] <tuxick> what does man postfix mean with "destination" anyway?[17:14:00] *** freezey_ has joined #postfix[17:17:36] *** freezey has quit IRC[17:19:09] <Azelphur> Hmm, I'm following this howto http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix it sets up postfix to look at /etc/postfix/virtual.db, client_access.db and helo_access.db, yet it doesn't explain what these files are, or how to create them, I'm a little lost :([17:22:37] *** smue has quit IRC[17:23:14] <trurl> Azelphur: http://www.postfix.org/DATABASE_README.html#intro[17:23:38] *** smue has joined #postfix[17:23:39] <patdk-wk> trurl, no database involved[17:23:44] <patdk-wk> so why would you link a database url?[17:23:55] <patdk-wk> !virtual[17:23:55] <knoba> patdk-wk: "virtual" : a way to configure additional domains and mailboxes that do not require individual system accounts. See: http://www.postfix.org/VIRTUAL_README.html[17:23:58] <patdk-wk> !client_access[17:23:59] <knoba> patdk-wk: Error: "client_access" is not a valid command.[17:24:09] <patdk-wk> !restrict_client_access[17:24:09] <knoba> patdk-wk: Error: "restrict_client_access" is not a valid command.[17:24:11] <patdk-wk> damn it[17:24:22] <Azelphur> trurl: ty :)[17:24:29] <trurl> patdk-wk: please look at the url[17:24:29] <rob0> patdk-wk: are you familiar with DATABASE_README.html?[17:24:33] *** yezariaely has quit IRC[17:24:57] <rob0> A hash: map is indeed a "database" to Postfix.[17:25:00] <patdk-wk> been awhile[17:25:02] <patdk-wk> :)[17:25:18] <patdk-wk> missleading name :)[17:25:38] <patdk-wk> database vs lookup table or mapping[17:25:49] <trurl> patdk-wk: hint: .db ;)[17:25:55] <patdk-wk> .db is not a database[17:25:59] <patdk-wk> .db == hashmap[17:26:01] <lunaphyte> sure it is[17:26:27] <lunaphyte> db literally means database, and that's exactly what it is.[17:28:19] <rob0> Fuss at Wietse. He enjoys that. ;)[17:28:22] *** freezey has joined #postfix[17:28:25] *** smue has quit IRC[17:30:38] <lunaphyte> all rdbms' are databases, but not all databases are rdbms'. there is more to the world of databases than mysql, postgresql, sqlite, etc...[17:31:15] *** smue has joined #postfix[17:31:50] *** freezey_ has quit IRC[17:32:47] *** shal3r has quit IRC[17:33:46] *** freezey has quit IRC[17:34:19] *** freezey has joined #postfix[17:36:55] *** freezey has quit IRC[17:37:27] *** freezey has joined #postfix[17:37:31] *** shal3r has joined #postfix[17:39:16] *** eagles051387|2 has quit IRC[17:39:36] *** davlefou__ has joined #postfix[17:39:42] <patdk-wk> lunaphyte heh :)[17:39:53] <patdk-wk> I used to fight using databases, and used lookup maps for everything[17:40:05] <patdk-wk> then needed something more power, and started using indexed lookup maps[17:40:12] <patdk-wk> then multi level indexed lookup maps[17:40:14] *** eagles051387|2 has joined #postfix[17:40:30] <patdk-wk> at this point, I learned, I had recreated a rdbms, and opted to finally learn sql[17:41:24] <Zelest> why is using sql a bad thing? or is it just that it's more room for mistakes for people new to postfix/sql ?[17:41:52] <lunaphyte> it's not empirically a bad thing.[17:41:54] <tuxick> depends on scale i guess[17:42:10] <patdk-wk> it was more, extra overhead and complexity for a small program[17:42:21] <Zelest> ah[17:42:23] <patdk-wk> but the program grew enough, it did worrent the extra complexity[17:42:36] <lunaphyte> the actual issue has nothing to do with sql. it's the same old story - people doing things without knowing why, because they read some idiot's "blog".[17:42:45] <Zelest> i like it for the fact that it's easy to make web gui's for your server :)[17:42:54] <patdk-wk> lunaphyte, this was long before *blogs* :)[17:42:59] *** davlefou_ has quit IRC[17:43:00] <lunaphyte> true, indeed.[17:43:42] <lunaphyte> people often have a penchant for figuring out ways to get bad information.[17:44:08] <tuxick> :)[17:50:01] *** newbie has joined #postfix[17:50:26] *** newbie is now known as Guest22237[17:52:57] *** eagles051387|2 has quit IRC[17:54:28] *** Guest22237 has quit IRC[17:55:39] *** Kunda has joined #postfix[17:58:05] *** Cromulent has joined #postfix[17:59:18] *** rotbeard has joined #postfix[17:59:55] *** rotbeard has quit IRC[18:02:29] *** Cromulent has quit IRC[18:05:55] *** dylukes has joined #postfix[18:09:36] *** rob0_ has joined #postfix[18:13:33] *** freezey has quit IRC[18:16:08] *** ffiore has quit IRC[18:19:01] *** omgs has quit IRC[18:25:27] *** MHQ-Johnny has left #postfix[18:30:12] *** donmichelangelo has quit IRC[18:30:32] *** donmichelangelo has joined #postfix[18:31:31] *** dylukes has quit IRC[18:35:43] *** Guest22237 has joined #postfix[18:37:09] *** Guest22237 has quit IRC[18:37:09] *** Guest22237 has joined #postfix[18:37:41] *** Guest22237 is now known as eagles0513875|[18:40:11] *** davlefou_ has joined #postfix[18:40:24] *** jnorell has joined #postfix[18:42:21] *** bungalo has quit IRC[18:43:17] *** davlefou__ has quit IRC[18:45:45] *** hallamigo has joined #postfix[18:51:49] *** wdp has quit IRC[18:58:48] <jnorell> I'd like to implement mail forwarding (a few local accounts that forward to gmail/wherever) similar to a before-queue filter, where the originating smtp connection is held open and the forwarding status passed through without hitting the queue[18:59:15] <jnorell> is that possible? if so, any pointers/search terms to use? (I'm not finding anything)[18:59:19] <eagles0513875|> jnorell: not sure how to achieve all that[18:59:33] <eagles0513875|> jnorell: the way i do it is alias the email account on your server[18:59:43] <eagles0513875|> let me get you an example of what i do[19:00:11] *** UQlev has joined #postfix[19:00:12] <eagles0513875|> jnorell: this is the man page for aliases :) http://www.postfix.org/aliases.5.html[19:00:19] <eagles0513875|> not sure if its exactly what you are after[19:00:21] <jnorell> but it hits the queue, right? (so spam in -> gmail rejects - > bounce sits in queue)[19:00:36] *** dylukes has joined #postfix[19:01:36] <eagles0513875|> jnorell: not sure but from what I have seen if something is aliased it doesnt even hit the mail directory on the local system for that user but instantly gets redirected[19:01:45] <eagles0513875|> someone feel free to correct me if i am wrong[19:01:59] <eagles0513875|> jnorell: gmail would be doing all the filtering then[19:02:02] <eagles0513875|> if i am not mistaken[19:03:49] *** davlefouAMD has quit IRC[19:08:24] <jnorell> aliases(5) is used by local(8) delivery agent (per that man page), which we're not using ... I think you'd have the same issue there, as local(8) works on queue files (which I'm trying to avoid)[19:08:42] <eagles0513875|> jnorell: i use it to redirect to emails such as hotmail and yahoo[19:08:48] <eagles0513875|> ahh[19:08:49] <eagles0513875|> ok[19:08:51] <eagles0513875|> then im not sure[19:12:02] *** rob0 is now known as rob0__[19:12:11] *** rob0_ is now known as rob0[19:12:52] <rob0> jnorell, your idea won't work. You want to avoid being considered a spammer by gmail, but they will.[19:13:36] *** freezey has joined #postfix[19:13:39] <jnorell> we've not had reputation problems (yet), we're just generating backscatter and/or undeliverable bounces[19:13:40] <rob0> Perhaps a better way to use gmail as your mailstore is to pull to gmail via IMAP?[19:14:18] <jnorell> (fyi we're a small ISP, most email is delivered locally, just a few accounts forward off-site)[19:15:13] *** sysdef has quit IRC[19:15:18] <jnorell> for gmail that might work .. we have a few accounts forwarding to other destinations, too, that was just an example[19:18:05] *** Kunda has quit IRC[19:19:51] *** gu1lle_ has joined #postfix[19:24:11] <jnorell> something like mailsend or msmtp (ie. command line smtp mailers) would work except so far I haven't found one that does the MX lookups[19:24:48] <jnorell> well, if I can get an appropriate return status from them[19:25:36] <jnorell> maybe I can find a perl library to do the MX lookup part easily, then just modify smtpprox as a before-queue content filter[19:26:03] *** sysdef has joined #postfix[19:26:08] <jnorell> (it's almost not worth it, given the small amount of mail this happens to, but I'd like to clean up our queues / stop the backscatter)[19:28:39] *** staticsafe has quit IRC[19:29:12] *** Kunda has joined #postfix[19:29:38] <rob0> Your best choice would be aggressive antispam filtering pre-queue and pre-forwarding.[19:30:03] <rob0> "Aggressive" might mean rejecting some non-spam, of course.[19:30:11] <jnorell> how do you implement the pre-forwarding part?[19:30:33] <rob0> I just mean a content filter for that.[19:31:05] <jnorell> I do want to change with before-queue spam filtering, which will help[19:31:55] <jnorell> still seems like that would be a useful thing though (ie. forwarding at SMTP level, with no queue)[19:32:07] <rob0> Maybe tag the suspects, user+spam at example dot com, and not forward those tagged messages.[19:34:26] *** eagles0513875| has quit IRC[19:34:37] *** freezey has quit IRC[19:34:53] *** eagles0513875| has joined #postfix[19:41:07] *** davlefou__ has joined #postfix[19:42:07] *** freezey has joined #postfix[19:43:52] *** davlefou_ has quit IRC[19:47:01] *** MacWinner has quit IRC[19:47:46] *** sysdef has quit IRC[19:48:04] *** eagles0513875| has quit IRC[19:53:04] *** sysdef has joined #postfix[19:57:07] <dylukes> eugh[19:57:22] <dylukes> I can't even SET the Authorization header since the gdata endpoint blocks OPTIONS requesrs[19:58:16] <dylukes> If I set it common for instance, a GET request I know for sure works fails, since the preflighting OPTIONS is rejected.[19:58:33] <rob0> um, are you sure you're in the right channel?[19:59:48] <dylukes> ...nope[20:03:20] *** jarif has quit IRC[20:07:16] *** Kunda has quit IRC[20:10:32] *** wdp has joined #postfix[20:10:32] *** wdp has joined #postfix[20:11:33] *** sysdef has quit IRC[20:11:44] *** mroe has joined #postfix[20:11:46] *** sysdef has joined #postfix[20:12:28] *** mroe has quit IRC[20:13:06] *** mroe has joined #postfix[20:16:41] *** freezey has quit IRC[20:17:31] *** mroe has quit IRC[20:17:52] *** mjt has left #postfix[20:23:52] *** Bronze has joined #postfix[20:31:05] *** sysdef has quit IRC[20:31:46] *** sysdef has joined #postfix[20:38:13] *** dylukes has quit IRC[20:38:28] *** sysdef has quit IRC[20:39:24] *** sysdef has joined #postfix[20:39:35] *** GNU\colossus has quit IRC[20:41:04] *** davlefou_ has joined #postfix[20:44:26] *** davlefou__ has quit IRC[20:45:29] *** GNU\colossus has joined #postfix[20:47:03] *** olegfusion has joined #postfix[20:47:32] *** gu1lle_1 has joined #postfix[20:49:39] *** gu1lle_ has quit IRC[21:00:00] *** gu1lle_ has joined #postfix[21:00:13] *** gu1lle_1 has quit IRC[21:00:20] *** gu1lle_1 has joined #postfix[21:02:40] *** jarif has joined #postfix[21:04:27] *** gu1lle_ has quit IRC[21:12:07] *** tharkun has quit IRC[21:12:07] *** tharkun has joined #postfix[21:15:13] <adaptr> local(8) works on queue files ?!?[21:17:24] *** freezey has joined #postfix[21:19:59] *** UQlev has quit IRC[21:21:43] *** freezey has quit IRC[21:22:10] *** freezey has joined #postfix[21:34:42] *** bodie_ has joined #postfix[21:34:46] *** bodie_ has left #postfix[21:40:19] *** mroe has joined #postfix[21:44:27] *** davlefou_ has quit IRC[21:47:55] * jnorell shrugs[21:47:59] <jnorell> per the man page, yes[21:54:41] *** mroe has quit IRC[21:55:07] *** mroe has joined #postfix[21:58:34] *** davlefou_ has joined #postfix[21:58:57] *** Section1 has quit IRC[22:11:23] *** roe_ has joined #postfix[22:11:26] *** mroe has quit IRC[22:24:18] *** olegfusion has quit IRC[22:25:25] *** steven4455 has joined #postfix[22:28:20] *** roe_ has quit IRC[22:31:05] *** nathan10001 has joined #postfix[22:33:40] <adaptr> ...no, it really doesn't[22:34:10] <adaptr> local is a delivery agent. it is called by the qmgr, which does work on queue files.[22:38:09] *** loompek has left #postfix[22:38:09] *** loompek has joined #postfix[22:38:13] *** loompek has joined #postfix[22:38:13] <loompek> mornin, smee again[22:38:29] <adaptr> who[22:38:34] <adaptr> who'smee[22:40:19] <jwing> Cap'n Hook's right hand man[22:41:22] <rob0> I thought the hook WAS his right hand?[22:42:02] *** davlefou__ has joined #postfix[22:42:03] <loompek> so... on an older slackware distro i compiled openssl 1.0.1e (./config --prefix=/opt/openssl101e shared && make && make install) and postfix 2.10.2 afterwards (make makefiles CCARGS="-DUSE_TLS -I/opt/openssl101e/include/openssl/" AUXLIBS="-L/opt/openssl101e/lib -ldl -lssl -lcrypto") but... the new postfix still uses the distro ssl library: warning: run-time library vs. compile-time header version mismatch: OpenSSL 1.0.1 may not be compatible with Ope[22:42:30] <adaptr> rob0: you're giving me some unsavory images right now[22:42:41] <adaptr> Prince Albert comes to mind[22:42:45] <loompek> how could i convince it to use 1.0.1 instead of 0.9.7[22:43:38] *** nathan10001 has left #postfix[22:44:01] <adaptr> "convince it" ? if you installed a new openssl version, that IS the system openssl[22:44:07] <jwing> loompek: is the newer openssl in the LD_LIBRARY_PATH?[22:44:11] <rob0> eww[22:44:46] <rob0> it's not easy to upgrade openssl unless you upgrade the whole distro[22:45:07] <loompek> adaptr installed it to a different location (/opt/openssl101e instead /usr/something... whichever slack uses)...[22:45:15] <adaptr> everything that depends on it :) servers, browsers, gpg, DNS, ldap... the list is loong[22:45:20] *** davlefou_ has quit IRC[22:45:38] <adaptr> sshd, PAM (not on slackware though)[22:45:43] <loompek> jwing yes.. also added /opt/openssl101e/lib to /etc/ld.so.conf and run ldconfig -v | grep ssl[22:45:48] <loompek> jsut to make sure[22:46:10] <adaptr> apparently not really :)[22:46:36] <loompek> adaptr that's why i installed it to a different location.. so other services would still use old ssl lib.. till i compile new versions of the services...[22:46:49] <adaptr> which one is actually linked ? ldd /usr/libexec/postfix/smtpd[22:47:15] <rob0> cite, BTW: my server died last week, and it is resurrected with a more recent distro, "OpenSSL 1.0.1e 11 Feb 2013". So maybe I'll get to play with DANE.[22:47:29] <adaptr> loompek: it may be a simple case of the headers not being in the expected location[22:47:40] <adaptr> rob0: WHAT DISTRO[22:47:56] <loompek> adaptr the correct one, i guess http://rula.net/675[22:48:14] <rob0> you know what distro, be thou not silly[22:48:18] <adaptr> then yes, find those headers[22:48:30] <thumbs> I've found the latest centos to be tolerable too.[22:48:46] <rob0> thumbs are here![22:49:03] <loompek> adaptr what headers?[22:49:24] <adaptr> rob0: ah. okay. I forgot it was upgraded.[22:49:33] *** Dessa_ is now known as Dessa[22:49:41] <adaptr> loompek: the ones the error message is obviously complaining about ?[22:50:22] <rob0> adaptr, I think this is a 14.1 prerelease[22:50:50] <adaptr> nah, mine has it too[22:51:55] <rob0> oh[22:52:16] <adaptr> did I burst your pre-release bubble?[22:52:43] * rob0 sobs uncontrollably[22:52:52] <loompek> adaptr but i did compile with that path! http://rula.net/676[22:53:17] <adaptr> show the ACTUAl error message.[22:53:25] <adaptr> Y U no real data[22:54:05] <loompek> Oct 8 21:54:09 mainframe postfix/smtpd[25550]: warning: run-time library vs. compile-time header version mismatch: OpenSSL 1.0.1 may not be compatible with OpenSSL 0.9.7[22:54:05] <loompek> Oct 8 21:54:09 mainframe postfix/smtpd[25550]: warning: TLS library problem: 25550:error:140D5042:SSL routines:SSL3_CTRL:called a function you should not call:s3_lib.c:3194:[22:54:08] <rob0> It's not enough to point to the right headers. The binaries have to be finding the right libraries at runtime.[22:54:39] <loompek> ldd says they should[22:55:05] <adaptr> pastebin the exact build commands for both[22:55:12] <adaptr> (and why did you not make slackbuilds)[22:55:22] <adaptr> it would have been trivial with slackbuilds[22:55:59] <thumbs> adaptr: I've been toying with rebuilding rpms for $work lately too[22:56:07] <loompek> for compiling openssl i used " ./config --prefix=/opt/openssl101e shared" and make && make install afterwards[22:56:25] <adaptr> and where did that put the headers ?[22:56:47] <loompek> in /opt/openssl101e/include/openssl[22:56:53] <loompek> like i pasted[22:57:11] <adaptr> and where are the system headers ?[22:57:24] <adaptr> (I haven't seen you pass the above to postfix, by the way)[22:57:45] <loompek> it seems they are in /usr/include/openssl/[22:58:08] <loompek> so.. for postfix i used[22:58:09] <loompek> make makefiles CCARGS="-DUSE_TLS -I/opt/openssl101e/include/openssl/" AUXLIBS="-L/opt/openssl101e/lib -ldl -lssl -lcrypto"[23:00:10] <loompek> and yes... tried make tidy prior runing that command[23:01:14] <adaptr> did you save the buildlog ?[23:01:23] <adaptr> grep it for the system include location[23:01:42] <adaptr> try to see where, if not why, that was used[23:03:33] <loompek> i'm remaking postfix... and will pastebin the makeprocess[23:03:46] *** gyutyuglf has joined #postfix[23:04:23] <adaptr> you should probably also postfix stop, delete log file, postfix start, and pastebin all of it[23:05:30] *** amospalla has quit IRC[23:06:06] *** _H33HaW has quit IRC[23:06:25] <loompek> http://rula.net/677[23:06:30] <loompek> the make process[23:06:42] *** pj has quit IRC[23:07:17] *** amospalla has joined #postfix[23:08:43] *** pj has joined #postfix[23:09:55] *** _H33HaW has joined #postfix[23:11:36] *** gyutyuglf has left #postfix[23:12:45] <loompek> and... http://rula.net/678[23:12:47] <loompek> maillog[23:12:56] <loompek> after trying openssl s_client -connect localhost:25 -starttls smtp[23:13:45] <loompek> keys exchange... tls seems to work, server greeting is printed.. and connection is closed afterwards[23:24:26] *** maxter has quit IRC[23:30:10] *** donmichelangelo has quit IRC[23:30:34] *** donmichelangelo has joined #postfix[23:31:12] *** wdp has quit IRC[23:34:15] *** milligan has quit IRC[23:35:58] *** milligan has joined #postfix[23:36:17] *** sharky has quit IRC[23:37:12] *** sharky has joined #postfix[23:42:26] *** davlefou_ has joined #postfix[23:42:40] *** Cybert1nus is now known as Cybertinus[23:46:03] *** davlefou__ has quit IRC[23:49:57] *** MaximusColourum has quit IRC