December 1, 2015 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
December 1, 2015 [00:08:57] *** gu1lle_ has quit IRC[00:10:32] *** skweek has joined #postfix[00:11:11] *** todd_dsm has joined #postfix[00:11:21] *** todd_dsm has quit IRC[00:11:35] *** todd_dsm has joined #postfix[00:16:14] *** infides has quit IRC[00:20:35] *** higuita has quit IRC[00:24:35] *** ss_ has joined #postfix[00:26:20] *** SCHAAP137 has quit IRC[00:27:17] *** pti-jean has quit IRC[00:28:10] *** skweek has quit IRC[00:33:52] *** akajedi has joined #postfix[00:36:11] *** \sky has quit IRC[00:40:31] *** akajedi has quit IRC[00:40:47] *** higuita has joined #postfix[00:42:06] *** schnuffle has left #postfix[00:56:41] *** Merch^ has quit IRC[00:56:41] *** Merch^ has joined #postfix[01:03:41] *** TheFatherMind has quit IRC[01:03:50] *** pozitron has quit IRC[01:05:16] *** joules has joined #postfix[01:07:33] *** Laban has joined #postfix[01:09:05] <Laban> Hello! I'm trying to change delivery to go via maildrop instead of virtual delivery agent. But I'm getting errors that the user is unknown. But I'm not sure what parameters are thrown at the process, and I think it's permission related.[01:09:25] <pj> !tell Laban getting_help[01:09:25] <knoba> Laban: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[01:09:32] <Laban> It's practicaly copy-pasted from the postfix-maildrop-readme.[01:10:31] <Laban> pj: Thanks... I'll get stuff pasted. In the meantime; this is the message: status=bounced (user unknown. Command output: ERR: authdaemon: s_connect() failed: No such file or directory Invalid user specified. )[01:11:09] *** edux has quit IRC[01:12:31] *** pozitrono has joined #postfix[01:17:55] *** echan has joined #postfix[01:18:18] <pj> Laban: please follow the directions in !getting_help[01:19:08] <Laban> !relevant_logs[01:19:09] <knoba> Laban: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[01:19:18] <Laban> !showconfig factoids[01:19:18] <knoba> Laban: Error: "showconfig" is not a valid command.[01:19:49] <Laban> !showconfig[01:19:49] <knoba> Laban: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[01:29:59] <Laban> So... something like; http://pastebin.com/tECvMmF6[01:33:14] <rob0> "getent passwd vmail"[01:33:29] <rob0> did you create that user?[01:33:54] <Laban> vmail:x:112:112::/var/empty:/bin/false[01:35:21] <Laban> Yes I created the user.[01:46:25] *** skweek has joined #postfix[01:46:49] *** pozitrono has quit IRC[01:53:19] *** Kronuz has quit IRC[01:53:47] *** Slackology has quit IRC[01:56:19] *** Kronuz has joined #postfix[02:06:31] *** DarwinElf has left #postfix[02:08:51] <pj> Laban: maildrop issue, postfix connects to maildrop just fine and maildrop is rejecting the message.[02:10:34] *** mattcen has quit IRC[02:11:58] *** Darcidride has quit IRC[02:17:25] *** akajedi has joined #postfix[02:19:56] *** mattcen has joined #postfix[02:24:25] *** sphenxes02 has joined #postfix[02:28:12] *** sphenxes01 has quit IRC[02:28:19] *** sphenxes has quit IRC[02:29:10] *** sphenxes has joined #postfix[02:37:39] *** mattcen has quit IRC[02:46:50] *** mattcen has joined #postfix[02:55:51] *** mattcen has quit IRC[03:05:37] *** err-or_ has joined #postfix[03:06:06] *** skweek has quit IRC[03:08:01] *** mattcen has joined #postfix[03:08:25] *** sparr has quit IRC[03:08:25] *** sparr has joined #postfix[03:09:48] *** err-or has quit IRC[03:14:29] *** joulez has joined #postfix[03:15:26] *** _0x5eb_ has quit IRC[03:15:49] *** _0x5eb_ has joined #postfix[03:16:12] *** edux has joined #postfix[03:16:44] *** joules has quit IRC[03:20:35] *** _0x5eb_ has quit IRC[03:37:29] *** joulez has quit IRC[03:45:24] *** pozitron has joined #postfix[03:50:18] *** edux has quit IRC[03:51:13] *** edux has joined #postfix[03:56:03] *** edux has quit IRC[03:57:35] *** joules has joined #postfix[03:59:09] *** gu1lle_ has joined #postfix[04:05:50] *** mattcen has quit IRC[04:13:02] *** mattcen has joined #postfix[04:16:35] *** skweek has joined #postfix[04:32:34] *** skweek has quit IRC[04:35:17] *** Batch has quit IRC[04:36:57] *** edux has joined #postfix[04:41:24] *** edux has quit IRC[04:45:22] *** joules has quit IRC[04:46:10] *** edux has joined #postfix[04:47:52] *** Slackology has joined #postfix[04:49:12] *** joules has joined #postfix[04:51:06] *** edux has quit IRC[05:04:03] *** edux has joined #postfix[05:04:38] *** pj has quit IRC[05:05:26] *** svetlana has joined #postfix[05:06:08] *** dandkburt1 has joined #postfix[05:08:26] <dandkburt1> I am getting an error when I go to reply or send a message in roundcube. can someone help me figure out why and how to fix[05:08:36] <dandkburt1> http://paste.linux.chat/view/734decc1[05:08:59] <dandkburt1> I have narrowed it down to the smtp on postfix and need help configuring this[05:09:19] *** edux has quit IRC[05:09:26] <thumbs> !tell dandkburt1 relay_denied[05:09:27] <knoba> dandkburt1: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains[05:09:59] <thumbs> dandkburt1: see the /topic how to provide the proper information to get help[05:11:18] <dandkburt1> !showconfig[05:11:19] <knoba> dandkburt1: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[05:11:46] *** Slackology has quit IRC[05:13:34] <dandkburt1> http://paste.linux.chat/view/c1b824a8[05:15:02] <dandkburt1> http://paste.linux.chat/view/5050300b[05:20:17] <dandkburt1> !relevant_logs[05:20:17] <knoba> dandkburt1: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[05:22:17] *** pj has joined #postfix[05:22:24] *** edux has joined #postfix[05:24:14] *** Slackology has joined #postfix[05:27:03] *** edux has quit IRC[05:27:07] <dandkburt1> http://paste.linux.chat/view/8e99d3c2 mail log[05:27:28] <dandkburt1> the syslog is too big to display in pastebin[05:28:48] <rob0> "Relevant logs" means you go through it and select only the part which shows the problem for ONE mail. Anyway, your answer was 04:09 < thumbs> !tell dandkburt1 relay_denied[05:28:52] <echan> !smtpd_recipient_restrictions[05:28:52] <knoba> echan: "smtpd_recipient_restrictions" : Configuration parameter in main.cf: Access restrictions that the smtpd(8) applies in the context of the RCPT TO command. See access(5) for an overview of access restriction features. These restrictions control relaying to external domains. Default is to relay only for client IP addresses in $mynetworks; See: http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions[05:30:29] <dandkburt1> this mail server is supposed to be internet accessable[05:32:38] <dandkburt1> why would I set recipient restrictions[05:33:18] <dandkburt1> ok I see[05:33:41] <dandkburt1> but that url does not explain what I need to put into the variables of that setting[05:34:02] <dandkburt1> what would I put for general in and out[05:34:12] <rob0> !basic[05:34:12] <knoba> rob0: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[05:34:25] <rob0> see the "relay from" section, and:[05:34:27] <rob0> !sasl[05:34:28] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[05:34:39] <dandkburt1> I am using tls[05:35:49] <rob0> good, you should also use SASL. But TLS for a webmail client on the same host is not very important.[05:36:15] <dandkburt1> so I should put in $mydestination[05:36:34] <dandkburt1> does that open it up to the other domains like msn, google, and all others[05:37:07] <rob0> No, see the "relay from" section in !basic[05:38:12] <dandkburt1> ok i am getting confused[05:39:48] <dandkburt1> that narrows down the recieving portion[05:40:28] <dandkburt1> I am trying to configure sending and forwarding[05:40:34] *** edux has joined #postfix[05:40:43] <dandkburt1> I am sorry but this is confusing me[05:41:24] *** joules has quit IRC[05:44:53] * dandkburt1 looks and finds that recipiend restrictions is set to mynetworks[05:45:06] <dandkburt1> digging a little deaper[05:45:15] *** edux has quit IRC[05:46:07] <rob0> There are two ways to control relaying: by client (weak and inferior) or by AUTH (better.)[05:46:45] <dandkburt1> rob0 what would you recommend for a webhosting server[05:46:55] <dandkburt1> one that will have lots of domains[05:47:26] <rob0> mynetworks is the legacy (client access) way. I always recommend SASL AUTH because it gives accountability and better control.[05:47:28] <dandkburt1> it will also need to accept you general domains like msn google[05:47:50] <dandkburt1> can you help me change to that[05:49:02] *** joules has joined #postfix[05:50:34] *** pj has quit IRC[05:58:53] *** edux has joined #postfix[06:02:49] *** pj has joined #postfix[06:03:27] *** edux has quit IRC[06:07:57] *** edux has joined #postfix[06:09:55] *** namyzarc has quit IRC[06:12:46] *** edux has quit IRC[06:14:43] <dandkburt1> how can you tell what ver of postfix I have[06:17:00] *** edux has joined #postfix[06:17:05] <lunaphyte> man 5 postconf[06:17:09] <lunaphyte> see mail_version[06:17:14] <lunaphyte> e.g. postconf mail_version[06:19:25] <pj> I generally do postconf -d mail_version, just to make sure someone didn't do something stupid like set mail_version=1.0 in main.cf[06:19:37] <dandkburt1> lmao[06:20:04] <dandkburt1> I am glad that I am now the only one that accesses this server lol[06:21:10] <dandkburt1> if I want to use sasl instead of tls I should remove all instances of tls in the main.conf right?[06:21:19] <lunaphyte> huh?[06:21:25] <lunaphyte> that does not compute[06:21:39] *** edux has quit IRC[06:21:40] <lunaphyte> you do not use sasl instead of tls[06:21:53] <lunaphyte> sasl is smtp auth. tls is encryption[06:22:02] <dandkburt1> ok[06:22:12] <lunaphyte> smtp auth should never be offered without being protected by encryption[06:22:23] <dandkburt1> k[06:22:26] <lunaphyte> e.g. you should never be using sasl without using tls[06:22:35] <dandkburt1> I have tls[06:22:43] <dandkburt1> and I am able to recieve mail[06:23:10] <dandkburt1> but when I do a reply or send mail to a outside domain like my gmail.com account[06:23:21] <dandkburt1> I get an permission denied error[06:23:35] <dandkburt1> in this instance I should add sasl?[06:24:32] <pj> you should never *allow* SASL to be used without *requiring* a TLS session be established first.[06:24:56] <dandkburt1> TLS is already in session[06:25:24] <pj> anyways, did you see and follow !getting_help for your question?[06:25:39] <dandkburt1> already read it[06:25:47] <dandkburt1> already posted my logs and conf's[06:25:58] <dandkburt1> I know smtp is the issue[06:26:17] <dandkburt1> and I have a feeling that sasl is needed to be inserted into the equasion[06:26:55] <pj> you'll note that I haven't been in the channel the entire time, if you want *my* help I need to see your pastebin.[06:27:09] <dandkburt1> thats cool[06:27:12] <dandkburt1> just a sec[06:27:24] <dandkburt1> http://paste.linux.chat/view/c1b824a8[06:27:49] <pj> and the rest?[06:27:53] *** edux has joined #postfix[06:28:02] <dandkburt1> http://paste.linux.chat/view/8e99d3c2 mail log[06:28:36] <pj> well, this is pretty straight forward: Nov 30 22:45:53 ddbgroupkvm postfix/smtpd[19106]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit[06:28:44] <pj> you need to fix that before anything else.[06:28:54] <dandkburt1> http://paste.linux.chat/view/c1b824a8[06:28:59] <dandkburt1> right[06:29:02] <dandkburt1> and I am trying[06:29:16] <dandkburt1> but I am confused on what to put there[06:29:33] <dandkburt1> reject_unauth_destination?[06:30:29] <pj> I would recommend you get rid of permit_mynetworks there and replace it with at least reject_unauth_destination...[06:30:39] <dandkburt1> I was just about to paste this into the main.conf[06:30:40] <dandkburt1> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination[06:30:41] <pj> you shouldn't be accepting submission on port 25 anyways.[06:31:08] <dandkburt1> right[06:31:20] <pj> no, you don't accept submission on port 25, so you don't want permit_mynetworks or permit_sasl_authenticated.[06:31:53] <dandkburt1> smtpd_relay_restrictions = reject_unauth_destination[06:32:22] *** edux has quit IRC[06:32:50] * pj sighs, I'm sure I didn't say anything about smtpd+_relay_restrictions[06:34:35] <dandkburt1> I changed the recipient[06:34:43] <dandkburt1> to reject_unauth_destination[06:35:13] <dandkburt1> you told me no in the relay and I was just about to paste that in the conf.[06:35:17] <dandkburt1> so that confused me[06:35:35] <dandkburt1> should I add this for sasl relay[06:35:41] <dandkburt1> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination[06:35:46] <pj> no[06:35:58] <dandkburt1> k[06:36:05] <dandkburt1> I will not add the relay[06:36:21] <pj> I don't think you understand how those settings work.[06:36:56] <dandkburt1> relay is to send[06:37:34] <dandkburt1> you are right[06:37:41] <dandkburt1> please help me understand[06:37:43] <pj> no, not exactly[06:38:08] <pj> it is just another restrictions list, and one that is generally not needed and just confuses people.[06:38:39] <pj> just set "smtpd_relay_restrictions=" (blank) and leave it.[06:38:51] <pj> !tell dandkburt1 submission[06:38:51] <knoba> dandkburt1: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[06:39:12] <pj> dandkburt1: learn the difference between the MX port (25) and the submission port (587) ^^^^^[06:39:20] * dandkburt1 is trying to learn this after a massive idiot config thrashing from a "so called trusted friend"[06:39:26] <pj> also, learn how main.cf and master.cf interact[06:39:37] <pj> !master.cf[06:39:37] <knoba> pj: "master.cf" : postfix master process configuration file. each logical line describes how a postfix service will be run. see man 5 master or http://www.postfix.org/master.5.html for more information. also see !master[06:40:25] <pj> and for a general settings reference...[06:40:29] <pj> !postconf_5[06:40:29] <knoba> pj: "postconf_5" : All possible postconf(5) settings are documented in the manual: use man 5 postconf, or visit http://www.postfix.org/postconf.5.html[06:46:02] <dandkburt1> so port 587 is for secure submission of mail[06:46:05] *** edux has joined #postfix[06:47:42] <pj> it's for any submission, but it should only be used securely.[06:49:16] <dandkburt1> the reason I am asking this is that the url for the "submission" did not come up so I cannot read on the ports[06:49:54] <dandkburt1> and my understanding is that port 25 is the defauld general port for unsecured mail transfer[06:50:38] <dandkburt1> you use 587 for athentication[06:50:48] <dandkburt1> and 25 for transmitting[06:51:02] *** edux has quit IRC[06:54:13] <dandkburt1> now in the function for service ath[06:54:17] <jaybe> submission accepts mail securely from authenticated clients for delivery to recipients. once accepted, the mail server connects to another mail server on port 25.[06:54:18] <dandkburt1> you want to use the port 587[06:55:08] <dandkburt1> o wait that is only if dovecot and postfix is on seperate machines[06:55:12] <dandkburt1> nvm on that[06:55:23] <jaybe> a component of submission [should] includes authentication[06:55:48] <dandkburt1> I am starting to understand this more[06:56:02] <dandkburt1> however this is not helping me resulve my issue[06:57:06] <dandkburt1> what do I put in main.conf to get it to accept outside domains like gmail.com[06:57:51] <dandkburt1> I already changed the recipient to the suggested no_unoth[06:59:48] <dandkburt1> its still wanting me to add to the relay[07:00:03] <dandkburt1> testing a theary[07:00:38] <pj> you have to be authenticated to relay outside[07:01:09] <dandkburt1> I thought I was[07:01:20] <pj> !tell dandkburt1 getting_help[07:01:20] <knoba> dandkburt1: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[07:03:02] <Psi-Jack> heh[07:03:59] *** edux has joined #postfix[07:07:40] <svetlana> <pj> just set "smtpd_relay_restrictions=" (blank) and leave it.[07:08:01] <svetlana> is this the complete and full solution to this problem?[07:08:43] <dandkburt1> no because it is needing a working configuration[07:08:45] <svetlana> dandkburt1: did you try to do that change and did it start working after it or not yet?[07:08:46] *** edux has quit IRC[07:08:54] <dandkburt1> not yet[07:09:01] <svetlana> what does it say now?[07:09:07] <dandkburt1> infact nothing has changed yet[07:09:10] <dandkburt1> same error[07:09:35] <dandkburt1> cnecking logs to see if it changed[07:10:43] <dandkburt1> same exact error[07:10:58] * dandkburt1 wonders if restarting postfix will help[07:11:34] <dandkburt1> reloaded configurations[07:11:37] <dandkburt1> checking again[07:11:40] <svetlana> <pj> I would recommend you get rid of permit_mynetworks there and replace it with at least reject_unauth_destination...[07:12:03] <dandkburt1> I already did[07:12:06] <Psi-Jack> Yep. Because un-authenticated user submitted emails is bad.[07:12:07] <svetlana> I can not read past this bit. I simply think that a mail server should send out emails anywhere, anytime, regardless of the destination, as long as it's using an encrypted connection[07:12:09] <pj> it's not the complete solution, no. You need restrictions in master.cf in the submission section.[07:12:22] <Psi-Jack> svetlana: That's incorrect.[07:12:23] <svetlana> this is where I stop and I can't follow the conversation anymore[07:12:41] <dandkburt1> posting what I added to master.cf[07:12:42] <svetlana> for you it is probably a different line. please find the first line you are unclear about and ask questions about it[07:12:44] <pj> they should be there already, in the *commented_out* submssion section, but yet, I haven't seen anything from master.cf so I couldnt' say.[07:13:02] <pj> dandkburt1: just do this...[07:13:06] <pj> !tell dandkburt1 doitagain[07:13:06] <knoba> dandkburt1: "doitagain" : Please follow the instructions for getting help as per the channel topic for *every* issue you ask for help with, no matter how many times you have done it already. Also see !spellitout[07:13:08] <Psi-Jack> Submission is for Humans, authentication and encryption required. SMTP is for MTA to MTA communication. Roundcube is an MUA, involving a Human.[07:13:09] <svetlana> Psi-Jack: yes, I know that it's incorrect: I'm ignorant in this area so I can't offer any help at this point[07:13:31] <pj> Psi-Jack: not all submission is done by humans.[07:13:44] <Psi-Jack> It should be. :)[07:13:48] <pj> nope[07:13:59] <pj> automated emails need to be submitted somewhere.[07:14:03] <svetlana> pj: I think that dandkburt1 needs some other thing than doing it again (there is a load of information above and he simply does not know what he is doing or what for). He needs to identify where he stopped to follow, and ask questions. Trying to do it again without asking questions would make it more complicated.[07:14:45] <svetlana> that said, if someone wants to point me to a good read which helps me get rid of my ignorance, that'd be nice: I think knowing more things never hurts, even if I don't use them myself[07:14:52] <pj> svetlana: certainly he does not know what he is doing, but he has certainly made changes and has new logs since he has made his last paste and I am not about to try to determine what his config or his situation is *now* without a new paste.[07:15:05] <svetlana> ah, okay[07:15:23] <svetlana> that's reasonable, pj, thank you[07:15:26] <Psi-Jack> Yeah, pj, as well as rob0, and lunaphyte, are all very accurate, and helpful people here. :)[07:15:44] <dandkburt1> pj: http://paste.linux.chat/view/691adc89[07:16:09] <svetlana> that way of doing things makes it a lot more simple and I don't feel that the task has no end, it's a good way ;)[07:16:35] <pj> -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject[07:16:52] <pj> !reject_unknown_recipient_domain[07:16:52] <knoba> pj: Error: "reject_unknown_recipient_domain" is not a valid command.[07:16:55] <pj> bleh[07:17:39] <pj> one min[07:18:29] <pj> dandkburt1: ok, I need you to do a full paste of everything that !getting_help asks for, please[07:18:45] <pj> I'm not going to ask again.[07:18:50] <dandkburt1> in one post[07:18:55] <dandkburt1> or what[07:19:02] <pj> !tell dandkburt1 getting_help[07:19:02] <knoba> dandkburt1: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[07:20:27] *** joules has quit IRC[07:22:19] *** edux has joined #postfix[07:24:11] <dandkburt1> I have information from mail.err and syslog[07:24:15] <dandkburt1> not the whole files[07:24:22] <dandkburt1> what other logs do you want[07:25:10] <pj> !debian_logs[07:25:11] <knoba> pj: "debian_logs" : Just to confuse you debian has taken the mail logs and given you the full log (mail.log) as well as splitting them into multiple other logs (mail.info, mail.err). Just look at mail.log and ignore the others.[07:26:23] <pj> dandkburt1: I've said it several times, and I have other things to do other than babysit you through providing the right info that is clearly spelled out in the factoids.[07:26:58] *** edux has quit IRC[07:27:01] <dandkburt1> k go do that then I will ask someone that feels like they are able to without giving me irc commands[07:27:41] <pj> you do that then[07:28:20] <dandkburt1> I am about to post information that I feel is relevent to the issue[07:28:35] <dandkburt1> I have gotten no where with pj[07:28:49] <dandkburt1> can someone plese step in and assist me[07:29:00] <Psi-Jack> Heh. ALways turning away the help.[07:29:13] <Psi-Jack> Then complaining about the help.[07:29:29] <dandkburt1> http://paste.linux.chat/view/8628842e[07:31:58] *** atnakus has quit IRC[07:36:14] *** rascul has joined #postfix[07:40:28] *** edux has joined #postfix[07:40:49] *** echan has quit IRC[07:41:00] *** joules has joined #postfix[07:45:11] *** edux has quit IRC[07:56:29] *** TheFatherMind has joined #postfix[07:58:30] *** edux has joined #postfix[08:03:23] *** edux has quit IRC[08:08:29] *** sep has quit IRC[08:16:49] *** edux has joined #postfix[08:21:35] *** edux has quit IRC[08:23:06] *** dandkburt1 has quit IRC[08:26:25] *** carl- has joined #postfix[08:34:57] *** edux has joined #postfix[08:39:46] *** edux has quit IRC[08:40:14] *** pozitron has quit IRC[08:43:02] *** Haudegen has quit IRC[08:44:32] *** gu1lle_ has quit IRC[08:52:51] *** heroux has quit IRC[08:53:17] *** edux has joined #postfix[08:57:10] *** Haudegen has joined #postfix[08:57:58] *** edux has quit IRC[09:02:33] *** edux has joined #postfix[09:05:05] *** Columbo0815 has joined #postfix[09:06:49] *** edux has quit IRC[09:12:21] *** SCHAAP137 has joined #postfix[09:13:31] *** infides has joined #postfix[09:19:17] *** joulez has joined #postfix[09:20:22] *** joules has quit IRC[09:20:23] *** heroux has joined #postfix[09:20:24] *** edux has joined #postfix[09:25:02] *** edux has quit IRC[09:25:26] *** morse has quit IRC[09:32:11] *** sphenxes02 has quit IRC[09:33:37] *** e7d has joined #postfix[09:37:31] *** e7d has quit IRC[09:38:20] *** e7d has joined #postfix[09:38:44] *** edux has joined #postfix[09:43:15] *** edux has quit IRC[09:46:05] *** morse has joined #postfix[09:50:09] *** morse has quit IRC[09:52:20] *** afics has quit IRC[09:53:41] *** afics has joined #postfix[09:56:34] *** edux has joined #postfix[10:00:37] *** morse has joined #postfix[10:01:28] *** edux has quit IRC[10:04:32] *** pozitrono has joined #postfix[10:23:17] *** sep has joined #postfix[10:24:07] *** edux has joined #postfix[10:28:30] *** edux has quit IRC[10:33:21] *** edux has joined #postfix[10:35:29] *** samgoody has joined #postfix[10:37:51] *** edux has quit IRC[10:39:29] *** ogny has joined #postfix[10:39:29] *** ogny has joined #postfix[10:42:20] *** edux has joined #postfix[10:44:51] *** ogny has quit IRC[10:46:32] *** edux has quit IRC[10:51:28] *** edux has joined #postfix[10:56:03] *** edux has quit IRC[11:09:29] *** edux has joined #postfix[11:11:47] *** ogny has joined #postfix[11:11:48] *** ogny has joined #postfix[11:14:15] *** edux has quit IRC[11:14:25] <samgoody> I just came across mailscanner, together with some arguments about whether or not it works well with postfix.[11:15:38] <samgoody> Can I get some advice, as I am trying to set up a mail server. Have the issues been resolved and this is the way to go? Is there there a comparable package that competes but is more postfix friendly?[11:22:48] <SCHAAP137> no idea about mailscanner, but i'm using clamav + spamassassin + amavisd[11:25:30] <Zerberus> !mailscanner[11:25:30] <knoba> Zerberus: "mailscanner" : don't you dare! mailscanner uses direct manipulation of postfix queues, employing undocumented methods, which may potentially change without warning at any point. there are much better ways for this sort of thing. consider amavisd-new instead.[11:27:25] *** edux has joined #postfix[11:29:17] <survietamine> :)[11:30:01] <samgoody> Thank you. Looking into amavisd. Never heard of them before.[11:32:14] *** edux has quit IRC[11:36:10] *** infides has quit IRC[11:36:51] *** edux has joined #postfix[11:41:46] *** edux has quit IRC[11:47:14] *** Kronuz has quit IRC[11:47:25] *** err-or_ has quit IRC[11:48:29] *** joulez has quit IRC[11:49:20] *** joulez has joined #postfix[11:49:42] *** err-or has joined #postfix[11:51:57] *** Kronuz has joined #postfix[11:55:18] *** edux has joined #postfix[11:57:36] *** sarri has quit IRC[11:59:23] *** sarri has joined #postfix[11:59:59] *** edux has quit IRC[12:04:07] *** edux has joined #postfix[12:05:19] *** infernix has quit IRC[12:08:50] *** edux has quit IRC[12:13:17] *** edux has joined #postfix[12:17:39] *** edux has quit IRC[12:20:03] *** SelfishMan has quit IRC[12:20:18] *** SelfishMan has joined #postfix[12:21:41] *** sphenxes01 has joined #postfix[12:22:01] *** infernix has joined #postfix[12:27:00] *** pti-jean_ has joined #postfix[12:31:11] *** edux has joined #postfix[12:35:44] *** edux has quit IRC[12:37:39] *** sep has quit IRC[12:38:04] *** drewlander has quit IRC[12:38:20] *** ovrstorm- has quit IRC[12:38:35] *** equilibriumuk has quit IRC[12:38:36] *** ovrstorm has joined #postfix[12:38:52] *** pj has quit IRC[12:39:13] *** SelfishMan has quit IRC[12:39:14] *** pj has joined #postfix[12:40:07] *** todd_dsm has quit IRC[12:40:10] *** SelfishMan has joined #postfix[12:40:29] *** drewlander has joined #postfix[12:40:33] *** edux has joined #postfix[12:41:38] *** equilibriumuk has joined #postfix[12:44:45] *** Mizar has joined #postfix[12:44:45] *** edux has quit IRC[12:44:57] *** SunGod has joined #postfix[12:46:39] *** todd_dsm has joined #postfix[12:46:59] *** sphenxes01 has quit IRC[12:49:39] *** edux has joined #postfix[12:50:33] *** Mizar has left #postfix[12:54:06] *** edux has quit IRC[12:56:20] *** SunGod has quit IRC[12:56:36] *** atnakus has joined #postfix[12:56:51] *** SunGod has joined #postfix[12:57:14] *** joulez has quit IRC[12:58:53] *** edux has joined #postfix[12:58:54] *** ogny has quit IRC[12:59:18] *** sep has joined #postfix[13:03:04] *** edux has quit IRC[13:06:14] *** ploopkazoo has quit IRC[13:06:14] *** shawniverson has quit IRC[13:08:14] *** shawniverson has joined #postfix[13:08:38] *** shawniverson is now known as Guest13867[13:08:40] *** ploopkazoo has joined #postfix[13:09:58] *** Haudegen has quit IRC[13:10:00] *** sphenxes01 has joined #postfix[13:10:53] *** robinho86 has joined #postfix[13:17:03] *** edux has joined #postfix[13:21:24] *** edux has quit IRC[13:25:11] *** Section1 has joined #postfix[13:28:10] *** Haudegen has joined #postfix[13:35:09] *** edux has joined #postfix[13:39:19] *** edux has quit IRC[14:00:23] *** d0nn1e has quit IRC[14:01:53] *** edux has joined #postfix[14:02:43] *** d0nn1e has joined #postfix[14:04:44] *** sphenxes01 has quit IRC[14:04:57] *** troulouliou_div2 has joined #postfix[14:05:02] *** sphenxes has quit IRC[14:06:24] *** edux has quit IRC[14:08:28] *** sphenxes has joined #postfix[14:08:30] *** sphenxes01 has joined #postfix[14:17:37] *** edux has joined #postfix[14:26:40] *** mices has joined #postfix[14:27:56] <mices> on freebsd i'm receiving mail for all my virtuals but for the account at my server's host name i only receive mails from the system because i have root virtual'd to it[14:34:43] <lunaphyte> !tell mices getting_help[14:34:43] <knoba> mices: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[14:38:13] *** sphenxes has quit IRC[14:38:15] *** zblakany has joined #postfix[14:38:39] *** bolt has quit IRC[14:43:09] *** Section1 has quit IRC[14:44:31] *** Chill_Surf has joined #postfix[14:46:14] *** Section1 has joined #postfix[14:46:33] *** winem has joined #postfix[14:48:09] *** Section1 has quit IRC[14:49:08] *** winem has quit IRC[14:49:25] *** winem has joined #postfix[14:49:51] *** winem has joined #postfix[14:51:28] *** bolt has joined #postfix[14:55:18] *** winem has joined #postfix[14:55:38] *** winem has quit IRC[14:55:58] *** winem_ has joined #postfix[14:57:16] *** winem_ has quit IRC[14:57:33] *** winem has joined #postfix[14:57:45] *** infides has joined #postfix[14:57:51] *** Section1 has joined #postfix[14:59:00] *** winem has quit IRC[14:59:16] *** aindilis2 has joined #postfix[15:00:34] *** d0nn1e has quit IRC[15:02:49] *** d0nn1e has joined #postfix[15:04:11] *** edux has quit IRC[15:23:51] *** skylite has joined #postfix[15:39:19] *** _0x5eb_ has joined #postfix[15:40:20] *** pozitrono has quit IRC[15:43:00] *** dandkburt1 has joined #postfix[15:43:30] *** irctc349 has joined #postfix[15:48:57] *** irctc349 has quit IRC[15:48:57] *** postfixuser has joined #postfix[15:48:58] *** postfixuser has left #postfix[15:52:21] *** echelog has joined #postfix[15:53:26] *** Slackology has quit IRC[15:54:06] *** sysdef has quit IRC[15:54:08] *** postfixuser has joined #postfix[15:54:09] *** postfixuser has quit IRC[16:03:06] <jaybe> samgoody, amavisd-new (specifically)[16:03:24] *** ss_ has quit IRC[16:04:30] *** sysdef has joined #postfix[16:09:04] <rob0> samgoody, apparently they're working on a mailscanner milter, which will make it 100% Postfix-compatible.[16:09:22] <lunaphyte> wow, really?[16:09:39] <rob0> (but yeah, for now I'd concur with the amavisd-new recommendation)[16:09:58] <rob0> lunaphyte, the developer was in here a few days ago.[16:10:09] <lunaphyte> remarkable! i wonder why now[16:12:24] *** infernix has quit IRC[16:12:31] *** TyrfingMjolnir has joined #postfix[16:16:58] <lunaphyte> ah. the stick in the mud is perhaps now departed from the project?[16:18:04] <rob0> dunno, but it sounded like the "don't do that!" warnings have finally been heeded.[16:19:19] *** carl- has quit IRC[16:19:25] <lunaphyte> oh, i was just extrapolating from the exchange[16:19:54] *** infernix has joined #postfix[16:23:05] *** FinboySlick has joined #postfix[16:31:06] *** akajedi has quit IRC[16:33:21] *** skylite has quit IRC[16:34:56] *** infides has quit IRC[16:41:00] *** e7d has quit IRC[16:57:28] *** sysdef has quit IRC[17:03:12] *** sphenxes has joined #postfix[17:03:59] *** Columbo0815 has quit IRC[17:15:27] *** edux has joined #postfix[17:18:29] *** Kronuz has quit IRC[17:23:50] *** Kronuz has joined #postfix[17:25:32] *** gu1lle_ has joined #postfix[17:33:54] *** SCHAAP137 has quit IRC[17:39:35] *** kokel has quit IRC[17:41:11] *** kokel has joined #postfix[17:42:28] *** akajedi has joined #postfix[17:43:16] *** pozitron has joined #postfix[17:47:51] *** edux has quit IRC[17:58:57] *** sphenxes has quit IRC[18:01:26] *** edux has joined #postfix[18:06:59] *** sphenxes has joined #postfix[18:08:41] *** sphenxes has quit IRC[18:09:34] *** dandkburt1 has quit IRC[18:14:44] *** sphenxes has joined #postfix[18:15:28] *** SCHAAP137 has joined #postfix[18:17:34] *** drewlander has quit IRC[18:18:56] *** pti-jean_ has quit IRC[18:19:17] *** sphenxes has quit IRC[18:19:48] *** SCHAAP137 has quit IRC[18:19:54] *** drewlander has joined #postfix[18:20:41] *** pti-jean has joined #postfix[18:23:24] *** drewlander has quit IRC[18:24:00] *** drewlander has joined #postfix[18:26:26] *** ntnlzr is now known as ntnlzr|out[18:26:41] *** ntnlzr|out has quit IRC[18:32:13] *** SCHAAP137 has joined #postfix[18:42:06] *** mices has quit IRC[18:43:09] *** sphenxes has joined #postfix[18:57:11] *** sphenxes01 has quit IRC[18:57:39] *** sphenxes has quit IRC[18:59:47] *** sphenxes has joined #postfix[19:00:29] *** daynaskully has quit IRC[19:05:44] *** Haudegen has quit IRC[19:20:55] *** Haudegen has joined #postfix[19:23:37] *** ufoczek has joined #postfix[19:23:41] <ufoczek> hello[19:24:35] *** Darcidride has joined #postfix[19:25:20] <ufoczek> is there any possibility to configure postfix to block all outgoing without informing sender about that?[19:25:30] <ufoczek> all outgoing mails of course[19:27:39] <Dominian> erm..what?[19:28:52] <ufoczek> huh[19:30:33] <ufoczek> i want to disable all outgoing mails for user a at b dot com[19:32:34] <ufoczek> and that user, a at b dot com shouldn't be notified by postfix about that (no REJECT messages etc.)[19:34:23] *** sphenxes01 has joined #postfix[19:35:12] *** troulouliou_div2 has quit IRC[19:35:46] <Dominian> Hmm that beats my suggestion in just resetting their password[19:35:59] <Nit_> like disabling the user in sasl ?[19:37:59] <Nit_> I have an infra (with unix accounts in ldap) where we put shadowExpire=0 to disable an account[19:38:32] <Nit_> for example if the account send a large number of spam (probably password leak)[19:38:57] <Section1> DISCARD[19:42:00] <Dominian> I'm sure it's doable, I've never done it though so I don't have any good suggestion other than disabling hte account[19:45:24] <rob0> check_sender_access with a HOLD action, applied only on submission[19:45:58] <rob0> or, better yet, check_sasl_access if it's 3.0+[19:47:29] <ufoczek> 'k, thanks ;)[19:50:20] <Section1> the messages will keep in the queue after queue expiration ?[19:51:17] <Section1> bah s/expiration/lifetime/[19:52:12] *** robinho86 has quit IRC[19:52:48] <rob0> see HOLD in the access(5) manual, also -H/-h in postsuper(1).[19:53:15] *** robinho86 has joined #postfix[20:02:05] <Section1> oh thanks[20:13:42] *** Darcidride has quit IRC[20:16:48] *** sphenxes01 has quit IRC[20:21:10] *** Haudegen has quit IRC[20:22:33] *** edux__ has joined #postfix[20:25:54] *** edux has quit IRC[20:26:32] *** ufoczek has left #postfix[20:27:14] *** Kronuz has quit IRC[20:29:02] *** Kronuz has joined #postfix[20:35:44] *** failshell has joined #postfix[20:37:55] *** failshell has left #postfix[20:46:55] *** Haudegen has joined #postfix[20:56:26] *** sphenxes01 has joined #postfix[21:00:07] *** sgen_ has joined #postfix[21:02:54] *** daynaskully has joined #postfix[21:03:55] *** Section1 has quit IRC[21:07:14] *** daynaskully has quit IRC[21:17:20] *** e7d has joined #postfix[21:28:36] *** infides has joined #postfix[21:29:07] *** edux has joined #postfix[21:31:46] *** edux__ has quit IRC[21:42:40] *** Guest13867 is now known as shawniverson[22:00:28] *** misterli has joined #postfix[22:01:33] *** edux__ has joined #postfix[22:02:23] <misterli> Hello, ive a question. My Server got hacked due a customer who had a worst configured wordpress on apache. Now the hacker was able to install rootkits, modify files and so on. Now my postfix was sending a few thousand mails a hour. I found all the scripts but my postfix is still sending tons of mails. ive tried to secure postfix but mail.log is still showing TONS of mails even after deleting the queue. Here is my config. http://w[22:03:41] <misterli> and here is a little part of my mail.log .. http://pastebin.com/HqYGHuz0 but i cant figure out HOW it was possible to send the mails.. Ive configured php.ini file to add a header with the filename called. But it looks like that all NEW mails are sent without the webserver.. since it doesnt modify the headers[22:03:45] <jhass> how can you say you found "all the scripts" when you still get mails submitted?[22:03:50] *** edux has quit IRC[22:04:12] <misterli> well, all corrupted php files. The hacker modified about 400 scripts.. and added several shells and fucked up about 100 domains[22:04:15] <jhass> honestly, it's probably better to wipe the box clean and look into doing a new setup with better isolation[22:04:37] <misterli> yeah, i know, but this is not possible (yet) before christmas[22:05:04] <jhass> it should be possible, if not to say it must be done[22:05:06] *** samgoody has quit IRC[22:05:17] <pj> misterli: if your server got hacked, especially to that level, then you cannot rely on being able to clean it up[22:05:51] <misterli> yeah, it should and must be done. but i dont have the time and money to wipe it (now) since im not at the office. just have shell access via phablet[22:05:51] <pj> you really need to wipe it and install fresh, or restore to a backup from before the hack.[22:05:59] <jhass> so are 203.27.144.218 and 91.213.100.36 your IPs?[22:06:05] <misterli> no[22:06:42] <jhass> so that's just other hacked boxes trying to use you as a relay[22:06:42] <pj> well, to be blunt, your system is not in a state where it can be trusted.[22:06:47] <misterli> resolve from 203.27.144.218 is mail.bendigoradiologgy.com.au .. its a different mailserver. how is that possible?[22:06:58] <pj> not even postfix itself can be trusted at this point.[22:07:00] <misterli> i dont have an open relay[22:07:01] <thumbs> I agree. Your system can't be trusted.[22:07:22] <misterli> ill try to move a site each day, but these are hundreds of sites[22:07:29] <pj> so anything you show, logs, config, etc could be altered or mis-representing the truth.[22:07:34] <misterli> which means it would be great to fix it (for now)! unless i have moved everything[22:08:04] <pj> misterli: start by moving postfix, then you at least can have a trusted mail server.[22:08:07] <jhass> the log you've shown (if as said it can be trusted at all) is just normal log spam from being tried to use as an open relay[22:08:10] <misterli> tried SEVERAL scanner. rkhunter, checked all php files for base64_encode, eval, etc. Checked all logs. it seems that everything is fixed (within the webserver). Removed all shells, checked netstat[22:08:47] <misterli> yeah, but the mail accounts are generated by ISPConfig :/ lots of customers ..[22:09:20] <pj> yep, didn't say it was gonna be easy[22:09:27] <misterli> yeah[22:09:35] <misterli> ec 1 22:09:29 server postfix/smtpd[6950]: NOQUEUE: reject: RCPT from a2-scarface1.uol.com.br[200.147.34.112]: 454 4.7.1 <carrie_stone at fuss-informativ dot de>: Relay access denied; from=<lejelly.sspam at uol dot com.br> to=<carrie_stone at fuss-informativ dot de> proto=ESMTP helo=<a2-scarface1.uol.com.br>[22:09:36] <misterli> Dec 1 22:09:29 server postfix/smtpd[6950]: disconnect from a2-scarface1.uol.com.br[200.147.34.112][22:09:39] <pj> what distro is the server running?[22:09:41] <misterli> What does this EXACTLY mean?[22:09:46] <misterli> Debian, Postfix, dovecot Clamav[22:09:59] <pj> !tell misterli relay_denied[22:10:00] <knoba> misterli: "relay_denied" : NOQUEUE: reject: RCPT from CLIENT_HOST[CLIENT_IP]: 554 5.7.1 <RECIPIENT@RCPT_DOMAIN>: Relay access denied; from=<SENDER@SENDER_DOMAIN> to=<RECIPIENT@RCPT_DOMAIN> proto=ESMTP helo=<HELO>: This typically means that CLIENT_IP is not in mynetworks (and did not AUTH), and that RCPT_DOMAIN was not recognized as one of this Postfix's domains (not listed in mydestination, relay_domains or virtual_*_domains).[22:10:19] <misterli> Yeah but how can it even "send" when its not able to auth?[22:10:27] <jhass> it can't[22:10:31] <pj> misterli: it didn't, it rejected[22:10:34] <pj> as it should[22:11:00] <misterli> Ah, okay[22:11:06] <misterli> Then it seems that it cant be used for sending spam anymore (for now)?[22:11:13] <pj> I have no idea[22:11:23] <jhass> who knows[22:11:24] <pj> I can only say what those logs tell me.[22:11:26] <misterli> because i got about 10tsd emails with "Undelivered Mail returned to sender"[22:11:43] <jhass> I'd guess they stole credentials and also auth[22:11:51] <jhass> but that's not from the logs you've shown[22:11:57] <misterli> including this: http://pastebin.com/Ek7xGf86[22:12:17] <misterli> Yeah, ive changed all my account passwords and removed all scripts which are sending spam. and logging all emails to a file which has been sent using php[22:17:15] *** samgoody has joined #postfix[22:17:34] <misterli> ok.. still sending http://www.seiboldsoft.de/spam.png[22:18:10] *** skylite has joined #postfix[22:20:18] *** akajedi has quit IRC[22:23:16] *** DanDare has joined #postfix[22:24:27] <misterli> okay, found some more php scripts which has been "recreated"[22:25:48] <thumbs> spin up a new client server. Migrate clients to it.[22:25:57] <thumbs> you'll have downtime, too.[22:27:27] <misterli> yeah, but what happen if there is another corrupted php file which exploits the server again[22:28:04] <jhass> of course you identify the issue in your setup that allowed that to happen in the first place and don't repeat it in the new setup[22:28:15] <jhass> properly isolate your customers[22:28:44] <DanDare> Hello. I have a working postfix and now Im trying to get used to logs information. I have this line in the logs http://pastebin.com/XfWDtfNf[22:28:48] <misterli> okay :/[22:29:09] <DanDare> "smtp.myHOST.com.br" is my hostname, also the host banner[22:29:23] <DanDare> But question is: Whats being send?[22:30:21] <DanDare> What email is this? All email boxes are user at myHOST dot com.br. I dont know any @smtp.myHOST.com.br[22:35:47] *** robinho86 has quit IRC[22:40:16] <rob0> what are you talking about? That's just ONE line, doesn't tell us much.[22:40:17] *** edux__ has quit IRC[22:41:18] <DanDare> rob0, I see.[22:46:07] *** mpls-eric has joined #postfix[22:49:43] *** FinboySlick has quit IRC[22:51:28] <DanDare> rob0, this is enough to have my question sorted out? http://pastebin.com/JsBQrcEi[22:52:02] *** echan has joined #postfix[22:52:41] <rob0> except for missing a question, maybe?[22:52:57] <rob0> what there is confusing you?[22:53:12] *** Fleurety has joined #postfix[22:54:57] <DanDare> rob0, whats confusing me is log says something was sent to "someuser at hostX dot com.br" from "20151201105027.ED1E6B301 at smtp dot myHOST.com.br" but "20151201105027.ED1E6B301 at smtp dot myHOST.com.br" is not a email box/account[22:55:05] <DanDare> rob0, so what was sent?[22:55:11] *** mpls-eric has left #postfix[22:55:22] <DanDare> SMTP acknowledgment perhaps?[22:57:31] <DanDare> hmm nvm... "SMTP acknowledgment" looks like not the answer anyway[22:59:11] <rob0> message-id=<...>[22:59:29] <rob0> it did not say that was the sender[23:00:23] <rob0> The sender is null, on line 9 (this seems to be a DSN).[23:00:40] <rob0> !dsn[23:00:40] <knoba> rob0: "dsn" : Delivery Status Notifications as described in RFC 3461 & 3464, first implemented in Postfix 2.3 - See: http://www.postfix.org/DSN_README.html[23:02:36] <DanDare> Ahh cool. Thanks rob0, knoba[23:07:16] <DanDare> Im trying to make some script to check logs and detect any abuse[23:24:09] *** samgoody has left #postfix[23:26:10] *** pj has quit IRC[23:34:19] *** pj has joined #postfix[23:36:42] *** infides has quit IRC[23:40:47] *** edux has joined #postfix[23:41:05] *** kminor has joined #postfix[23:41:18] <kminor> I'm running Debian, ISPConfig2, with Postfix, Courier, & RoundCube webmail... somehow spammers are getting around my iptables autoban[23:41:29] <kminor> I need a little help hardening postfix MTA up[23:42:14] <kminor> If anyone could help, I'd love them for it...because gmail banned my IP because of these darn spammers & a lot of my clients have their mail forwarded to a gmail address[23:44:31] <jhass> so you have an open sign up or why are you sending spam to gmail?[23:44:32] *** SupaYoshi has quit IRC[23:44:36] <kminor> My Nickname is registered, has been for years! Do i need to do anything else to get help?[23:44:50] <jhass> kminor: you need patience[23:45:10] <kminor> jhass, I'm not sending spam, I keep getting port 25 attacks & somehow my iptables autoban doesn't keep them from sending out mail[23:45:18] <kminor> jhass: thanks for replying[23:45:34] *** edux has quit IRC[23:45:50] <kminor> jhass: Sorry, not to be impatient, just wanted to find someone on IRC who might be able to point me in the right direction to fix this[23:46:03] <kminor> Re: not trying to be impatient[23:46:11] <jhass> your best bet is to hang around for 2-4 hours really[23:46:29] <kminor> jhass: Do you use postfix?[23:46:29] <jhass> even after you got some initial suggestions[23:46:34] <jhass> yes[23:46:42] <jhass> I don't redirect my mail to gmail though[23:46:47] *** SupaYoshi has joined #postfix[23:47:01] <kminor> jhass: I know buddy hehe, I'm no IRC newb... been IRCing before AIM & all the other instant messangers existed[23:47:27] <kminor> jhass: Well thats just a client issue that is why I want to solve the problem[23:47:34] <jhass> so, got DMARC/DKIM,SPF setup?[23:47:59] <kminor> jhass: I want to learn how to better harden POSTFIX so these spammers IPs will be blocked when connecting to my postfix[23:48:23] <jhass> I think everybody got that[23:49:58] <kminor> Well I wasn't sure based on ur response so wanted to make myself clear. Thanks tho[23:50:47] <kminor> jhass: I think so, I'm going to read more on DKIM though... thanks for the suggestion[23:53:14] <kminor> jhass: i have like 28 or 30 domains on this server & my mail.log shows they're sending emails from 'fakeaccount at domain dot com' or rather sending from email addresses that don't exist on my server. Not sure how they're doing that or how to block it[23:53:35] <kminor> Thanks for your help by the way[23:53:55] <jhass> some real log might hint on how[23:53:55] <rob0> Show some evidence of the "spammers [who] are getting around [your] iptables autoban", and in fact, explain how "iptables autoban" would help against spam. It makes no sense so far.[23:54:17] *** joules has joined #postfix[23:55:02] <rob0> BTW if you join here without a nickserv account, you cannot speak in channel.[23:55:25] <kminor> rob0: Okay let me ssh into my server... I'm not very educated on how MTA's work. I'll try to be more clear so u guys can help me[23:55:52] <thumbs> the scary part is where unexperienced folks run live mail servers.[23:55:58] <rob0> !tell kminor relevant_logs[23:55:58] <knoba> kminor: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[23:56:03] <kminor> rob0: Kool, ya my nicknames registered... Im just usually an EFNet guy, only get on freenode for specialized help[23:56:07] <rob0> !tell kminor showconfig[23:56:07] <knoba> kminor: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[23:58:02] *** SCHAAP137 has quit IRC[23:59:26] <kminor> knoba: Cool, yea..originally I installed postfix from the source postfix.tar.gz because the postfix MTA wasn't in the debian repository back then in debian etch, but when it was added in later distro's I installed the postfix.deb over the source.tar.gz install so it would be auto-upgradable with apt-get upgrade[23:59:49] <kminor> knoba: I am a newb with the workings of postfix though, so bare with me... but I am a quick learner.[23:59:57] <thumbs> kminor: why are you talking to a bot?