January 11, 2016 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 11, 2016 [00:11:50] *** Darcidride has quit IRC[00:17:18] *** infides_afk has quit IRC[00:21:44] *** v1c3 has quit IRC[01:09:06] *** danieli has quit IRC[01:11:23] *** TAARs has quit IRC[01:12:45] *** D-Boy has quit IRC[01:14:29] *** TyrfingMjolnir has joined #postfix[01:15:03] *** danieli has joined #postfix[01:15:04] *** TAARs has joined #postfix[01:15:33] *** danieli has joined #postfix[01:16:03] *** danieli has joined #postfix[01:16:33] *** danieli has joined #postfix[01:17:03] *** danieli has joined #postfix[01:17:33] *** danieli has joined #postfix[01:18:03] *** danieli has joined #postfix[01:23:28] *** sandeen has joined #postfix[01:34:04] *** Motoko has joined #postfix[01:47:24] *** Batch has joined #postfix[01:47:30] *** Motoko has quit IRC[01:49:14] *** Motoko has joined #postfix[01:52:42] *** skylite has quit IRC[02:06:52] *** xargs has joined #postfix[02:09:17] *** akkad has quit IRC[02:18:29] *** akkad has joined #postfix[02:19:39] *** Slackology has joined #postfix[02:21:41] *** sandeen has quit IRC[02:23:23] <DarwinElf> If I'm setting up SASL & TLS, which should I do first, and is there a way to test it with a log in Thunderbird?[02:24:28] <pj> DarwinElf: I would set up TLS first.[02:24:42] <pj> !sasltest[02:24:42] <knoba> pj: Error: "sasltest" is not a valid command.[02:24:45] <pj> !sasl_test[02:24:46] <knoba> pj: "sasl_test" : http://www.postfix.org/SASL_README.html#server_test[02:26:02] *** sandeen has joined #postfix[02:37:27] <lunaphyte> !tell DarwinElf s_client[02:37:28] <knoba> DarwinElf: "s_client" : see !tlstest[02:37:32] <lunaphyte> oh. heh[02:38:04] <DarwinElf> !tlstest[02:38:04] <knoba> DarwinElf: "tlstest" : Starting with OpenSSL 0.9.7, you can test the server-side TLS with the following: openssl s_client -starttls smtp -connect <hostname>:587 (or :25, accordingly).[02:38:30] <lunaphyte> free hint: when using s_client, do not use uppercase[02:39:06] <DarwinElf> it said connection refused on port 587, but said stuff on port 25[02:39:09] <lunaphyte> even though the smtp commands/verbs are often presented in upper case, they don't need to be.[02:39:11] <DarwinElf> someone said use port 587...[02:39:20] <lunaphyte> yes, port 587 is submission[02:39:27] <lunaphyte> for clients [muas][02:39:40] <lunaphyte> clients are not to use port 25. that's only for servers to talk to other servers[02:39:54] <lunaphyte> perhaps you have not enabled submission[02:39:58] <lunaphyte> !tell DarwinElf submision[02:39:59] <knoba> lunaphyte: Error: No factoid matches that key.[02:40:02] <lunaphyte> oops[02:40:05] <lunaphyte> !tell DarwinElf submission[02:40:06] <knoba> DarwinElf: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[02:41:27] <DarwinElf> !msa[02:41:27] <knoba> DarwinElf: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[02:47:42] *** sandeen has quit IRC[02:50:30] *** D-Boy has joined #postfix[02:55:05] *** Aebian has left #postfix[03:04:07] *** err-or has quit IRC[03:07:31] *** CRCinAU has joined #postfix[03:08:41] <CRCinAU> Hi all, I'm wondering.... Can I use check_helo_access as a hash to insted of issuing a 521 / 500 etc, to (in essense) set smtpd_soft_error_limit = 1 && smtpd_error_sleep_time = 60s ?[03:08:52] <CRCinAU> ie for that connection?[03:11:05] <pj> CRCinAU: I'm not entirely sure what you're getting at.[03:11:20] <CRCinAU> maybe a more in depth explanation :P[03:11:49] *** sandeen has joined #postfix[03:11:54] <CRCinAU> I'm using check_helo_access to try and slow down a few systems that are hammering my mail server every 2-3 seconds with attempted deliveries.[03:12:25] <pj> oh, you want to throttle some systems.[03:12:39] <CRCinAU> I'd like to inspect the HELO provided, then if it matches something in the hash, set smtpd_soft_error_limit=1 and smtpd_error_sleep_time = 60s,[03:12:43] <CRCinAU> yeah.[03:12:55] <pj> probably a policy daemon would be better for throttling, policyd is pretty much designed for that.[03:12:58] <pj> !policyd[03:12:58] <knoba> pj: "policyd" : http://www.policyd.org/ : an anti-spam Postfix policy daemon which can manage throttling of email and a variety of other things not handled by Postfix directly. Look for \"cluebringer\" in your OS package system.[03:13:05] <CRCinAU> but instead of doing it globally, be ultra harsh on a certain trigger[03:13:24] <CRCinAU> hmmmm[03:13:32] <pj> ok, well if you want to use check_helo_access ... hrmmmm[03:13:35] <pj> one min[03:14:03] <CRCinAU> see, right now, I'm just using stuff like: megared.net.mx 521 Too much spam from this ISP[03:14:25] *** akkad has quit IRC[03:14:26] <pj> well, no, not really[03:14:55] <CRCinAU> it may not be possible - but I figured I should at least ask :P[03:15:04] <pj> you can direct the message to another transport with those settings, but the problem there is that to do that postfix queues the message before putting it off to the target transport, so it's already accepted and that won't help with throttling at all.[03:15:38] <CRCinAU> yeah.... otherwise, I was thinking an iptables rule for rate limiting - but its a /13 subnet and the IPs on it seem somewhat random.[03:16:09] <CRCinAU> I tried to modify fail2ban to look up an IP with whois, then temp ban the entire subnet allocated at the RIR level[03:16:13] <pj> your best bet is to use a policy daemon, if policyd won't work directly you can certainly create your own, the policy daemon will get all the relevant info to work with, including the EHLO hostname.[03:16:14] <CRCinAU> but that seems a little harsh.[03:16:49] <pj> then to thottle you just keep track of the connections and spit out a 4xx response when you want to throttle.[03:16:55] <pj> that's pretty much how it's done.[03:17:28] <CRCinAU> I wonder... is it considered too harsh to set smtpd_soft_error_limit = 1 globally?[03:17:45] <CRCinAU> as I guess real SMTP / addressed mail shouldn't come across any soft errors on delivery.......[03:17:59] *** akkad has joined #postfix[03:18:16] <CRCinAU> hmmmmmmm[03:18:33] *** akkad has quit IRC[03:18:37] <CRCinAU> then if I used the helo as a soft error vs hard error..... that would automatically trigger based on smtpd_soft_error_limit = 1[03:18:45] <CRCinAU> slightly different approach?[03:18:49] <pj> TBH I dont' have direct experience with that, but I think you'll find that there are actually a not-insiginficnant number of legitimate servers that trigger that limit.[03:19:26] <CRCinAU> soft errors are the 4xx vs 5xx (hard?) right?[03:19:37] <pj> do keep in mind that there are some pretty crap servers out there from major companies. Exchange comes to mind[03:19:59] <pj> no, you're thinking of defer vs reject, which is an entirely different thing.[03:20:20] <pj> defer is often referred to as a "soft bounce"[03:20:28] *** akkad has joined #postfix[03:21:02] <pj> !smtpd_soft_error_limit[03:21:02] <knoba> pj: "smtpd_soft_error_limit" : a configuration parameter in the main.cf: The number of errors a remote SMTP client is allowed to make without delivering mail before the Postfix SMTP server slows down all its responses.[03:21:26] *** beber_ has quit IRC[03:22:18] *** sarri has quit IRC[03:22:31] *** shoonya has joined #postfix[03:22:56] <pj> CRCinAU: you can try tweaking those parameters if you want, what could happen is if you get a lot of connections that trigger the limit and you have a high sleep time then you could end up clogging up your connections.[03:23:13] <CRCinAU> yeah, I'm aware of that too :p[03:23:25] *** sarri has joined #postfix[03:23:33] <DarwinElf> it's not clear to me what to do with the server key. The instructions say 'smtpd_tls_cert_file = /etc/postfix/server.pem', 'smtpd_tls_key_file = $smtpd_tls_cert_file'... well if the key is something different, why would you just use the same variable as for the certificate? I know it said you can put the key in that file, but it seems there's no explanation how to do that or to otherwise use the key in it's own file[03:23:34] <pj> note that the default is 1s, you want to slow it to 60s. That's quite a long time.[03:23:46] <CRCinAU> *nods*[03:23:59] <CRCinAU> if the remote is already connected to me, it doesn't try to connect again....[03:24:08] <CRCinAU> ie this constant crap is a single thread delivery[03:24:19] <CRCinAU> its only when I drop the connection does it try again from a different IP[03:24:22] <pj> DarwinElf: I would keep the public and private keys separate.[03:25:23] *** pozitrono has joined #postfix[03:25:25] <CRCinAU> you know, I can't find any clear definition on what a soft error is :\[03:25:51] <pj> CRCinAU: well, the way to throttle is to spit out a 4xx response as fast as possible. If you slow down the connection like that it tends to do just the opposite, imo.[03:26:05] <pj> CRCinAU: did you have a look at postconf(5)?[03:26:23] <CRCinAU> yeah, looking here: http://www.postfix.org/postconf.5.html[03:26:33] <pj> there is no such thing as a "soft error", there are just errors.[03:26:52] <pj> the difference between the soft error limit and hard error limit is what postfix does when that number of errors is reached.[03:27:07] <CRCinAU> that'd explain why I can't find anything on it then ;)[03:27:10] <pj> the limits are different and postfix's reaction is different, but the errors are the same.[03:28:22] <DarwinElf> I think I got TLS working[03:28:34] <pj> DarwinElf: cool[03:28:48] <DarwinElf> sort of... it showed the certificate but wouldn't send the message yet[03:29:16] <pj> DarwinElf: see !getting_help[03:29:36] *** sandeen has quit IRC[03:30:18] <DarwinElf> !getting_help[03:30:18] <knoba> DarwinElf: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[03:30:21] <CRCinAU> DarwinElf: next you'll be tweaking the SSL/TLS config to get real encryption etc going :)[03:30:34] <DarwinElf> !relevant_logs[03:30:35] <knoba> DarwinElf: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[03:32:37] <CRCinAU> pj: seeing as I see you everywhere on freenode, you don't happen to know much about rsyslog by chance? :P[03:32:54] <pj> hahaha, not much, sorry.[03:33:01] <pj> for me it mostly "just works"[03:33:16] <pj> and I've done the occasional tweaks to add stuff to rsyslog.conf[03:33:19] <CRCinAU> yeah - but I'm trying to get a single rsyslog server doing both tls and plain.[03:33:35] <pj> yeah, that's beyond anything I've ever done.[03:33:43] <CRCinAU> but it seems I can get it to listen on multiple ports, but its either all plain, or all TLS - and not one of each :([03:33:51] <CRCinAU> but hey, that's waaaay off topic for here :)[03:33:55] <pj> yep[03:34:19] <CRCinAU> I asked in #rsyslog about 12 hours ago, but seems everyone there is dead :P[03:34:26] *** sandeen has joined #postfix[03:34:27] * pj counts ... 15 channels at the moment ;-)[03:34:40] <pj> not exactly "everywhere", but ...[03:35:39] <pj> CRCinAU: well, It's the weekend, maybe you'll have better luck during the week, or they probably have a mailing list or forum you can ask on.[03:36:21] <CRCinAU> oh yeah - I forget about timezones :P[03:36:24] <CRCinAU> 13:36 on Monday here :)[03:36:25] <DarwinElf> I'm getting the logs but don't have any mail activity in syslog[03:36:32] *** trepatud- has quit IRC[03:36:36] <pj> Monday here as well[03:36:49] <pj> well, NZ and AU are pretty close[03:37:03] <DarwinElf> and I don't know what the Postfix log is... I thought it just writes to maillog[03:37:26] <pj> DarwinElf: postfix logs to syslog[03:37:37] <pj> where that goes is dependant on your syslogd[03:37:41] <pj> !tell DarwinElf logs[03:37:42] <knoba> DarwinElf: "logs" : Postfix logs to the mail facility of syslog. You can usually find them with ls /var/log/mail*; otherwise see your system's syslog server documentation. Also see !nologs and !mung[03:38:42] <CRCinAU> eyyyy[03:38:44] <CRCinAU> postfix/smtpd[7192]: NOQUEUE: reject: RCPT from unknown[200.225.24.158]: 550 5.7.1 <CableLink-200-225-24-158.Hosts.Cablevision.com.mx>: Helo command rejected: Throttled. Please wait.; from=<Diggs_Gavin at fiscoconsultores dot com> to=<mo at wireless dot org.au> proto=SMTP helo=<CableLink-200-225-24-158.Hosts.Cablevision.com.mx>[03:38:50] <CRCinAU> that's working ;)[03:39:11] <pj> cool, policyd?[03:39:11] <CRCinAU> then it just grinds to a halt with a 60 second pause[03:39:28] <DarwinElf> !showconfig[03:39:29] <knoba> DarwinElf: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[03:39:59] <pj> CRCinAU: also that's not exactly 'working"[03:40:04] <pj> 550 is not throttling[03:40:09] <CRCinAU> nah - smtpd_soft_error_limit = 1 && smtpd_error_sleep_time = 60s && Hosts.Cablevision.com.mx 550 Throttled. Please wait.[03:40:35] <CRCinAU> yeah, I know - but there doesn't seem to be a code for 'calm you tits' in SMTP......[03:40:48] <pj> yep, 4xx[03:40:58] *** trepatudo has joined #postfix[03:40:59] <DarwinElf> ok... maillog: http://apaste.info/HnZ , syslog: http://apaste.info/5gd , configurations: http://apaste.info/zKa[03:41:00] <CRCinAU> well, 421 terminates the connection straight away[03:41:08] <CRCinAU> so does 451 by the looks of it[03:41:11] <pj> I'd have to look up the exact code, but any 4xx code will cause a deferral[03:41:34] <CRCinAU> I was just looing at: http://www.greenend.org.uk/rjk/tech/smtpreplies.html[03:41:39] <pj> by rights you should look up the correct basic code and extended code and return both.[03:42:18] <CRCinAU> yeah, checking https://tools.ietf.org/html/rfc3463 now[03:42:42] <pj> amazon uses 454[03:42:53] <pj> and yeah, check the various codes[03:43:10] <CRCinAU> X.5.4 Invalid command arguments :\[03:43:16] <CRCinAU> oh wait, wrong one :P[03:45:26] *** heroux has quit IRC[03:47:38] *** heroux has joined #postfix[03:47:58] *** sandeen has quit IRC[03:50:52] <CRCinAU> hmmm[03:50:53] <CRCinAU> postfix/smtpd[7496]: NOQUEUE: reject: RCPT from unknown[177.231.53.94]: 454 4.7.1 <customer-GDL-53-94.megared.net.mx>: Helo command rejected: Throttled. Please wait.; from=<ypxbnpshxjkz at macquarie-gpa dot net> to=<ajordomon at wireless dot org.au> proto=SMTP helo=<customer-GDL-53-94.megared.net.mx>[03:51:03] <CRCinAU> then it hangs onto the connection for a while.[03:52:23] <pj> why would you have it hand onto the connection, though?[03:52:38] <pj> that probably has to do with the 60s[03:52:45] <CRCinAU> because while its in a wait state, it doesn't connect again.[03:53:06] <CRCinAU> if I drop the connection, it reconnects and tries again in about 3-4 seconds time from a different IP[03:53:16] <pj> yes, but it also pegs one of your connections.[03:53:17] <CRCinAU> essentially acting as a tarpit[03:53:49] <CRCinAU> well, I can have it connect twice a minute this way, or 20+ times a minute by disconnecting it[03:53:59] <pj> anyways ... dealing with other people broken crap is always ... fun.[03:54:13] <CRCinAU> oh, its not broken stuff, its pure spam.[03:54:58] <pj> oh, is this botspam?[03:55:04] <pj> or legitmate servers?[03:55:05] <CRCinAU> I've been debating just perm banning the entire /13[03:55:11] <CRCinAU> botspam[03:55:19] <pj> are you running psotscreen?[03:55:23] <pj> *postscreen[03:55:26] <CRCinAU> for whatever reason, its picked one of my domains and goes nuts.[03:55:32] <CRCinAU> postscreen eh?[03:55:37] <pj> !postscreen[03:55:37] <knoba> pj: "postscreen" : SMTP triage server available in Postfix 2.8, see http://www.postfix.org/POSTSCREEN_README.html and http://www.postfix.org/postscreen.8.html[03:55:49] <pj> really good at dealing with botspam ^^^^^[03:56:03] <pj> also, I would make sure you're using some good DNSRBLs[03:56:19] <pj> this may also help...[03:56:22] <pj> !cheatsheet[03:56:23] <knoba> pj: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html[03:56:24] <CRCinAU> I've only just upgraded to EL7 on these systems, so only had 2.6.6. previously[03:56:30] <pj> the 2nd entry there specifically[03:56:47] <pj> yeah, 2.6.6 is old, but ghettoforge has 3.0.3 for both el6 and el7[03:56:52] <pj> (and el5 for that matter)[03:57:11] <CRCinAU> I still have spamd && clamd on it (now used as milters vs content filters)[03:57:17] <CRCinAU> so that's nice.[03:57:24] <pj> right, and those are good, but those are high-cost filters[03:57:30] <CRCinAU> now I'm on 2.10 by the looks of things[03:57:47] <pj> postscreen is lightweight and low cost, and can donk a large portion of your spam before you spend resources on it with spamd and clamav[03:58:16] <CRCinAU> hmmmmm[03:58:19] <CRCinAU> bew toys :D[03:58:35] <pj> 2.10 is fine, it does at least have postscreen[03:59:05] <pj> enable postscreen, and add some DNSRBLs (especially as per the second cheatsheet)[03:59:28] <pj> and you will likely find that the problem you're experiencing is taken care of with that.[03:59:52] *** sandeen has joined #postfix[04:00:27] <pj> and if you want to bump to 3.0.3 I highly recommend the ghettoforge packages (I built them myself)[04:09:24] <rob0> 2.11 has what I consider an essential postscreen feeture, the whitelisting[04:10:16] *** ponky has quit IRC[04:10:25] <pj> yes, so bumping up to the 3.0.3 packages from GF would give you that.[04:12:07] *** ponky has joined #postfix[04:17:35] *** chachasmooth has quit IRC[04:19:01] <DarwinElf> I think I know what my problem is from the logs, but not sure. My new registrar has an entry for * subdomain on my IP address, that I don't think I added myself... so I didn't think I had to add a record for the subdomain that's the mailserver hostname[04:19:19] *** chachasmooth has joined #postfix[04:19:33] <DarwinElf> it has an MX record but that record isn't listed as a subdomain elsewhere[04:20:20] <pj> DarwinElf: I would much rather see the !relevant_logs and your config to determine what the issue is than try to interpret your explanation of the issue.[04:20:28] <DarwinElf> I posted that 40 minutes ago[04:20:38] <CRCinAU> pj: Ooohhhhhh http://fpaste.org/309234/45248242/[04:21:22] <pj> CRCinAU: you're way off[04:21:31] <DarwinElf> seems there's some other problems in the logs though[04:21:32] <pj> you do submission on ort 587, not on port 25.[04:21:49] <pj> what's happening is that you have postscreen (correctly) configured wiht a bunch of policy blacklists[04:22:03] <pj> and since your IP is on those blacklists you're getting rejected on port 25[04:22:14] <CRCinAU> that's just normal spam.[04:22:20] <pj> but that's why you don't do submission on port 25[04:22:26] <CRCinAU> ie its not me sending anything to anywhere.... solar at wireless dot org.au doesn't exist :)[04:22:32] <pj> ok, then why did you show me those log entries?[04:22:38] <CRCinAU> yeah I do 587/465 for delivery.[04:22:47] <CRCinAU> pj: cos its working and new and shiney to me ;)[04:22:51] <pj> !smtps[04:22:51] <knoba> pj: "smtps" : Port 465 is smtps, SMTP over SSL, a deprecated means of submission. This means that smtps should *not* be used, and that this factoid exists for historical purposes only and should not be implemented. See !submission for smtps' successor. That being said, Postfix can implement smtps with a separate smtpd(8) listener with \"-o smtpd_tls_wrappermode=yes\". See the commented example in master.cf.[04:22:57] <pj> don't use 465[04:23:10] <DarwinElf> 42 minutes ago: <DarwinElf> ok... maillog: http://apaste.info/HnZ , syslog: http://apaste.info/5gd , configurations: http://apaste.info/zKa[04:23:33] <CRCinAU> pj: its only there because its already configured on remote sites....[04:23:43] <CRCinAU> too hard to change now:\[04:24:09] <lunaphyte> the reason to change is not because it's easy. it's because it's right[04:24:12] <pj> ok, yeah DNS issues...[04:24:33] <CRCinAU> yey - its also nailing the guys I was trying to slow down with the helo filters too:[04:24:36] <CRCinAU> postfix/postscreen[8163]: NOQUEUE: reject: RCPT from [187.247.117.220]:56164: 550 5.7.1 Service unavailable; client [187.247.117.220] blocked using zen.spamhaus.org; from=<Peters_Tamera at cazavision dot com>, to=<apache at wireless dot org.au>, proto=SMTP, helo=<customer-GDL-117-220.megared.net.mx>[04:24:42] <DarwinElf> what about 'TLS library problem' though?[04:25:11] <pj> DarwinElf: ok, temple-of-mathematics.com has an MX entry, that's not the issue[04:25:22] <pj> the issue is that it points to this -> mathematicon.temple-of-mathematics.com.cust.b.hostedemail.com.[04:25:29] <pj> and mathematicon.temple-of-mathematics.com.cust.b.hostedemail.com. has no A entry[04:25:34] <DarwinElf> I thought I changed that weeks ago[04:25:50] <pj> (or AAAA for that matter)[04:25:54] <pj> it returns NXDOMAIN[04:26:08] <CRCinAU> pj: thanks for the tip of postscreen... that's massively more useful than the path I was going down....[04:26:11] <pj> DarwinElf: the MX record?[04:26:19] <pj> CRCinAU: yw :-)[04:26:22] <DarwinElf> ok, I think I fixed it now; I guess I hadn't selected 'save'[04:26:31] <pj> CRCinAU: and do consider bumping to 3.0.3 from ghettoforge.[04:26:44] <lunaphyte> DarwinElf: you need to uncomment the rest of the submission service[04:27:06] <lunaphyte> all of the overrides which follow it[04:27:16] <pj> DarwinElf: yes, that looks better now.[04:27:18] *** heroux has quit IRC[04:29:48] *** heroux has joined #postfix[04:30:07] <DarwinElf> is that the lines starting with '-o'?[04:30:13] <lunaphyte> yes[04:31:02] <rob0> starting with " -o " to be precise / pedantic (not really pedantic because it does matter)[04:31:12] <DarwinElf> well I use British grammar[04:31:14] <DarwinElf> I did that, then it's saying there's undefined parameters: mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions[04:31:39] <rob0> maybe you meant to set those in main.cf?[04:32:36] *** ponky has quit IRC[04:32:44] <lunaphyte> put those in main.cf, and set them to empty[04:32:57] <rob0> Grammar is not an issue. I was merely making the point that leading whitespace on those lines is important.[04:33:01] <lunaphyte> unfortunately, the submission example leaves a little bit to be desired[04:38:27] *** Batch has quit IRC[04:40:13] *** ponky has joined #postfix[04:51:24] <CRCinAU> pj: man, that postscreen is amazing.[04:51:51] <CRCinAU> I haven't had a single email hit the actual SMTP server in the last 10 minutes (except my testing ones)[04:52:32] <CRCinAU> and most of the hosts hitting that server have a DNSBL of 10 or higher[04:54:41] <DarwinElf> I entered those, reloaded, still have various things that look like problems in the log; here's my new log and configuration (still nothing in syslog): http://apaste.info/10P , http://apaste.info/asZ[04:55:05] <pj> CRCinAU: :-)[04:55:27] <DarwinElf> some of it might just be from some network problems/slowness that have started[04:55:59] <lunaphyte> DarwinElf: fatal: no SASL authentication mechanisms[04:56:01] <lunaphyte> fix that[04:56:08] <lunaphyte> also, don't worry about syslog[04:56:14] <DarwinElf> I didn't set that up yet. Someone said set up TLS first, then SASL[04:56:28] <lunaphyte> all that matters is whatever file mail.* messages are sent to[04:56:49] <lunaphyte> DarwinElf: oh, ok. then set line 49 to no for now[04:57:23] <pj> DarwinElf: yes, you should set up TLS first, but you can't expect SASL to actually *work* before you set it up.[04:57:38] <DarwinElf> ok[04:58:27] *** heroux has quit IRC[04:58:59] <DarwinElf> I didn't see a 'yes or no' thing on line 49 of main.cf or master.cf[04:59:09] <lunaphyte> line 49 of your pastebin[04:59:14] *** heroux has joined #postfix[04:59:35] *** ponky has quit IRC[05:00:39] <DarwinElf> ok. Also when I 'postfix reload', it says: postfix/postfix-script: warning: group or other writable: /etc/postfix/./99d0fa06.0[05:00:39] <DarwinElf> postfix/postfix-script: warning: group or other writable: /etc/postfix/./02d17400.0[05:00:43] <pj> DarwinElf: you probably won't be able to send a message until you properly configure SASL[05:00:50] <DarwinElf> but those are just links, so of course they're rwxrwxrwx[05:02:00] *** shoonya has quit IRC[05:02:47] <pj> heh, more issues with the slackhappy-build?[05:07:19] <DarwinElf> no, that's because I did what Postfix's TLS text said: # $OPENSSL_HOME/bin/c_rehash /path/to/directory[05:07:27] <DarwinElf> which created those files[05:07:33] <DarwinElf> links to certificates or keys[05:09:09] <DarwinElf> My installation of Postfix has Dovecot-SASL, but now I'm back to the question yesterday I got four replies that avoided explaining: to use Dovecot SASL, must I also install Dovecot, or not?[05:09:45] <lunaphyte> your installation of postfix has *support* for dovecot sasl. it does not have dovecot sasl.[05:09:55] <DarwinElf> ok[05:10:03] <lunaphyte> it means that *if* dovecot sasl is installed, postfix is capable of using it [if you tell it to][05:10:19] <thumbs> the slackbuild has SASL support.[05:10:20] <lunaphyte> dovecot's sasl bits must still be installed[05:10:49] <pj> DarwinElf: the queston was quite clearly answered when you asked it yesterday. Yes you must have dovecot installed to use dovecot SASL.[05:11:45] <lunaphyte> note that technically, the dovecot sasl bits need not be installed on the same computer as postfix. if you're going to use dovecot sasl, it just means that postfix must be able to communicate with dovecot's sasl components - be it on the local computer via a unix socket, or on some remote computer over the network via a network socket, etc.[05:13:40] <rob0> right, there is no library to link to[05:14:13] <rob0> On the Postfix side, you simply have to enable SASL.[05:14:35] <rob0> but that is done at compile time.[05:15:01] <thumbs> rob0: the SBo does that[05:15:02] <rob0> I think the comments in Alan's slackbuild show this?[05:15:57] *** Batch has joined #postfix[05:24:21] *** ponky has joined #postfix[05:26:59] *** BoomerBile has quit IRC[05:30:28] *** sandeen has quit IRC[05:39:18] *** sandeen has joined #postfix[05:44:47] *** sandeen has quit IRC[05:45:02] <CRCinAU> pj: so, the crap getting passed to my server has dropped from ~33/min to 1/min.[05:45:13] <CRCinAU> postscreen ftw.[05:45:17] <thumbs> rob0: right, they do[05:51:23] <pj> CRCinAU: yep, postscreen is a game-changer.[05:55:07] <DarwinElf> what does it mean when the mail log says a mail bounced because 'mail for <domain> loops back to myself'?[05:59:46] <CRCinAU> however, the ISPs I'm getting pounded from are hargray.net, cableonline.com.mx, Cablevision.com.mx and megared.net.mx[05:59:52] <CRCinAU> why do the mexicans hate me :P[06:07:39] *** namyzarc has quit IRC[06:12:23] <pj> !tell DarwinElf loopback[06:12:24] <knoba> DarwinElf: "loopback" : 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains[06:13:02] <pj> CRCinAU: hahaha[06:15:31] <DarwinElf> thanks[06:21:15] *** ponky has quit IRC[06:22:06] <CRCinAU> ok - so now looking at sharing the postscreen cache between mail systems.....[06:22:18] <CRCinAU> so I get the memcache = inet:blah:11211[06:22:29] <CRCinAU> but iirc, that *connects* to that port.... what does the listening?[06:26:10] <CRCinAU> durrrrrrr don't worry about me :)[06:26:17] <CRCinAU> connects to memcached ;)[06:32:18] *** chets` has left #postfix[06:34:46] *** ponky has joined #postfix[06:37:40] <CRCinAU> although I also wonder if you can cache negative hits.... ie blocks in postscreen via memcached[07:10:35] *** Fleurety has quit IRC[07:26:59] *** Batch has quit IRC[07:34:32] *** TyrfingMjolnir has quit IRC[07:39:05] *** Motoko has quit IRC[07:39:34] *** Motoko has joined #postfix[07:40:34] *** sputnik has quit IRC[07:41:08] *** sputnik has joined #postfix[07:43:42] *** Lord_xeo has joined #postfix[07:44:29] *** Motoko has quit IRC[07:54:53] *** Lord_xeo has quit IRC[08:12:16] *** carl- has joined #postfix[08:26:01] *** carl- has quit IRC[08:27:13] *** carl- has joined #postfix[08:36:26] *** Haudegen has quit IRC[08:53:55] *** Haudegen has joined #postfix[08:57:41] <DarwinElf> ok, maybe it was answered clearly yesterday and I just thought "I'll work on it tomorrow". I'm not doing anything as complex as running Postfix and Dovecot on separate servers, but now that I've installed Dovecot, am wondering if I also have to have it running, or if it (like Postfix) also has several programs and I just run the authentication server[09:03:27] *** TyrfingMjolnir has joined #postfix[09:11:03] <pj> CRCinAU: I think you can cache them somehow, have a look at the various postscreen settings.[09:11:32] <pj> DarwinElf: dovecot has to be running.[09:12:00] <pj> DarwinElf: and save yourself some headache and use Dovecot for your IMAP and POP3 server while you're at it.[09:12:15] <DarwinElf> I guess I will, if I can set it up[09:12:57] <DarwinElf> at least when I move to a professional server (well, that'd probably be a prerequisite of mine, though popa3d and impad work fine so far since I'm the only person using the mail, and only on my LAN)[09:13:06] <pj> CRCinAU: look at postscreen_cache_map[09:14:08] *** infides_afk has joined #postfix[09:16:01] *** TyrfingMjolnir has quit IRC[09:16:38] <pj> DarwinElf: using Dovecot for those saves having to install that many more programs on your server, plus dovecot will authenticate POP, IMAP and SASL AUTH all to the same DB without having to configure the auth db multiple times, plus dovecot is just plain better.[09:16:42] *** TyrfingMjolnir has joined #postfix[09:16:51] <DarwinElf> neat[09:29:38] *** SCHAAP137 has joined #postfix[09:30:10] *** ntnlzr|out is now known as ntnlzr[09:34:14] *** ntnlzr has quit IRC[09:40:53] *** shoonya has joined #postfix[09:42:02] *** shoonya has quit IRC[09:42:15] *** shoonya has joined #postfix[09:42:21] *** zapata has joined #postfix[09:42:58] *** shoonya has quit IRC[10:11:15] *** pozitrono has quit IRC[10:30:22] *** zblakany has joined #postfix[10:38:29] *** ThomasKeller has quit IRC[10:50:20] *** infides_afk has quit IRC[10:58:54] *** Tykling has quit IRC[10:59:46] *** dh has quit IRC[11:00:48] *** nihe has quit IRC[11:01:12] *** mungustas has quit IRC[11:01:30] *** nihe has joined #postfix[11:02:13] *** googlah has quit IRC[11:02:26] *** googlah has joined #postfix[11:02:56] *** CRCinAU has quit IRC[11:02:58] *** mungustas has joined #postfix[11:03:52] *** CRCinAU has joined #postfix[11:04:30] *** dh has joined #postfix[11:05:09] *** Tykling has joined #postfix[11:08:30] *** Fleurety has joined #postfix[11:31:07] <CRCinAU> pj: yeah - it says: The postscreen_cache_map parameter specifies the location of the temporary whitelist.[11:31:17] <CRCinAU> so seems only whitelist - not block list as well[12:13:55] *** Section1 has joined #postfix[12:21:49] *** Haudegen has quit IRC[12:23:38] *** skylite has joined #postfix[12:26:04] *** quenode_ has joined #postfix[12:26:55] *** quenode has quit IRC[12:29:11] *** d0nn1e has quit IRC[12:29:35] *** ThomasKeller has joined #postfix[12:30:39] *** d0nn1e has joined #postfix[12:40:13] *** Haudegen has joined #postfix[13:06:18] *** robinho86 has joined #postfix[13:38:27] *** johnny56 has joined #postfix[13:40:23] *** johnny56_ has quit IRC[13:53:49] *** ced117 has joined #postfix[13:57:32] *** ced117 has quit IRC[13:59:01] <DarwinElf> thanks again for all the help, I got Postfix & Dovecot working (or at least running... have to test mail) now also with some Slackware site text about setting up an entire mailserver[13:59:02] *** DarwinElf has left #postfix[14:00:23] *** lucascastro has joined #postfix[14:04:47] *** troulouliou_div2 has joined #postfix[14:14:20] <Bish> ls[14:14:24] <Bish> nyeh.[14:17:49] <lunaphyte> permission denied[14:21:12] *** D-Boy has quit IRC[14:21:34] *** err-or has joined #postfix[14:23:59] *** Mooash has joined #postfix[14:24:57] <Mooash> i have some internal postfix systems sending email outbound via another postfix system via relay_host but the relay seems to be stripping some X headers that I set at the origin. Is it possible to disable this?[14:25:38] <lunaphyte> why do you think this is happening?[14:25:59] <Mooash> The headers never make it past the relay host[14:26:49] <lunaphyte> postfix does not modify mail [with a very short list of exceptions] unless it has been specifically configured to do so[14:27:06] <lunaphyte> so turn off whatever has been turned on in postfix to do this[14:27:33] <lunaphyte> for more specific help, follow the directions in !getting_help[14:27:38] <lunaphyte> !tell Mooash getting_help[14:27:39] <knoba> Mooash: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[14:28:24] *** lucascastro has quit IRC[14:28:49] *** lucascastro has joined #postfix[14:34:49] *** lucascastro has quit IRC[14:34:58] *** edux has joined #postfix[14:45:00] *** D-Boy has joined #postfix[14:45:40] *** troulouliou_div2 has quit IRC[14:47:18] *** sandeen has joined #postfix[14:51:11] *** johnny56 has quit IRC[14:51:31] <Mooash> Okay, thanks lunaphyte! I'll come back with some more evidence[14:52:37] *** johnny56_ has joined #postfix[14:53:11] *** johnny56_ is now known as johnny56[15:01:23] *** synthroid has joined #postfix[15:06:33] *** sandeen has quit IRC[15:08:25] *** FinboySlick has joined #postfix[15:11:34] *** daemon has quit IRC[15:18:42] *** sandeen has joined #postfix[15:23:07] *** troulouliou_div2 has joined #postfix[15:37:10] *** ThomasKeller has quit IRC[15:46:41] *** infides_afk has joined #postfix[16:01:16] *** Guest22968 has quit IRC[16:07:49] *** showaz has joined #postfix[16:12:50] *** sarri has quit IRC[16:14:24] *** sarri has joined #postfix[16:15:43] *** leeyaa has joined #postfix[16:15:44] <leeyaa> hello[16:16:13] <leeyaa> can you whitelist network blocks with check_client_access ?[16:21:53] <lunaphyte> sure[16:23:35] <leeyaa> lunaphyte, would that be 1.2.3 OK or 1.2.3.0/24 OK ?[16:25:44] *** camroncade has joined #postfix[16:27:47] *** iGeni has quit IRC[16:28:57] <lunaphyte> leeyaa: man 5 cidr_table[16:29:27] <lunaphyte> also note that whitelisting network blocks is very unlikely to be a good idea. i would encourage you to describe whatever the actual problem is you're trying to solve[16:29:33] <leeyaa> thanks lunaphyte[16:29:50] <leeyaa> well im doing some sort of a migration and i need to whitelist my proxy servers[16:30:48] *** pti-jean_ has joined #postfix[16:30:55] <leeyaa> anyway this should be enough, thanks[16:37:37] <lunaphyte> sure thing, good luck[16:38:17] *** carl- has quit IRC[16:44:23] *** ThomasKeller has joined #postfix[16:46:05] *** skylite has quit IRC[16:52:12] *** Motoko has joined #postfix[16:58:13] *** TyrfingMjolnir has quit IRC[17:00:36] *** pozitron has joined #postfix[17:26:00] *** CQ has joined #postfix[17:26:32] <CQ> hello, is there a way to rewrite a to: address to contain a +something? i.e. to me at mydomain dot com -> me+something at mydomain dot com ?[17:27:10] <lunaphyte> why?[17:27:27] <rob0> there is nothing special about a +[17:27:31] <rob0> !rewrite[17:27:31] <knoba> rob0: "rewrite" : Postfix Address Rewriting features, see http://www.postfix.org/ADDRESS_REWRITING_README.html[17:27:42] <CQ> lunaphyte: because I'm using a smarthost, and a bunch of machines will be sending through the same account[17:27:45] <CQ> VMs[17:27:53] <lunaphyte> yikes[17:27:54] <rob0> Generally the client would set the sender address[17:28:35] <rob0> oh, you specifically mention "to"[17:28:47] <CQ> lunaphyte: why yikes? I need some solution where I don't need to set up separate subdomains for each host I set up[17:29:10] <CQ> well, I can do it with a From as well I guess, after that it's just a matter of filtering[17:29:47] <CQ> basically, I have VMs who all need to mail via the same smarthost account, and I need to see where a cron mail (for example) comes from[17:29:59] <CQ> I'm open to the best way to do that[17:30:17] <lunaphyte> for starters, each computer should be using its own set of credentials[17:30:42] <lunaphyte> second, when cron sends mail, it includes the sending hostname[17:30:50] <CQ> lunaphyte: these are all VMs on a NATed home network, no external access[17:30:59] <lunaphyte> that's not relevant[17:31:34] <CQ> why is that not relevant? are you speaking security general best practice, or what is the reason?[17:32:04] *** SCHAAP137 has quit IRC[17:32:22] <lunaphyte> reason why it's not relevant? it just has no impact on anything[17:33:14] <CQ> lunaphyte: not sure I understand you. I'm arguing that the credentials for the VMs can be the same because there is no external access to them[17:33:42] <lunaphyte> ok[17:58:50] *** leeyaa has quit IRC[18:06:31] *** synthroid has quit IRC[18:08:02] <doubletwist> if I have a domain in "virtual_alias_domains" - that gets aliased to $mydestination?[18:10:20] <lunaphyte> no[18:10:51] <lunaphyte> you only list a domain in virtual_alias_domains if the domain is only found in virtual_alias_maps[18:15:07] <rob0> The ultimate destination of any address in virtual_alias_domains could be anywhere (does not matter) *EXCEPT* another address in virtual_alias_domains.[18:19:09] <doubletwist> So if I want allusers at somedomain dot com to be delivered to @newdomain.com?[18:19:30] <doubletwist> where " at newdomain dot com" is set up in relay_domains to deliver to Cyrus via smtp[18:19:35] <doubletwist> I mean lmtp[18:20:29] *** gu1lle_ has joined #postfix[18:20:33] <lunaphyte> !tell doubletwist example[18:20:34] <knoba> doubletwist: "example" : Example.TLD has been reserved for examples in generic top-level domains (com,net,org) and many other TLDs. Please do not use real Internet names as examples.[18:20:43] <lunaphyte> generic or not, those domain names belong to someone[18:21:02] <lunaphyte> using theirs to hide yours is not nice[18:22:27] *** lucascastro has joined #postfix[18:22:28] <lunaphyte> anyway, i woudl encourage you to configure the domains independently to do the same thing, rather than trying to alias one to the other[18:22:29] <doubletwist> Sorry. Question still stands[18:22:31] <lunaphyte> *would[18:24:16] <doubletwist> I'm not sure if the app that's picking up these emails would accept that. And I'm not in a position to change that aspect of things at this time.[18:25:07] *** showaz has quit IRC[18:39:19] *** synthroid has joined #postfix[18:44:28] *** TyrfingMjolnir has joined #postfix[18:48:30] *** TyrfingMjolnir has quit IRC[18:51:04] *** infides_afk is now known as infides[18:53:27] *** iGeni has joined #postfix[18:54:45] *** TyrfingMjolnir has joined #postfix[19:08:45] *** troulouliou_div2 has quit IRC[19:14:02] *** TyrfingMjolnir has quit IRC[19:15:59] *** Darcidride has joined #postfix[19:17:17] *** anunnaki has joined #postfix[19:21:24] *** leeyaa has joined #postfix[19:22:47] *** akkad has quit IRC[19:24:11] *** andry has quit IRC[19:25:34] *** TyrfingMjolnir has joined #postfix[19:25:52] *** akkad has joined #postfix[19:30:43] *** akkad has joined #postfix[19:42:51] *** edux has quit IRC[19:43:30] *** edux has joined #postfix[19:53:56] *** [NoClan]GoAway has quit IRC[20:01:03] *** rsx has joined #postfix[20:06:08] *** Amkei has joined #postfix[20:07:20] *** TyrfingMjolnir has quit IRC[20:11:36] <tharkun> !spf[20:11:36] <knoba> tharkun: "spf" : sender policy framework - an extension to SMTP that allows to identify and reject emails from spoofed/forged email senders. SPF is just a TXT or SPF record in your DNS zone in a special format. See: http://www.openspf.net/[20:18:24] *** TyrfingMjolnir has joined #postfix[20:23:16] *** leeyaa has quit IRC[20:24:20] *** TyrfingMjolnir has quit IRC[20:26:54] <tharkun> !dkim[20:26:55] <knoba> tharkun: "dkim" : DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. this is typically implemented in postfix by means of a milter such as !opendkim. alternatively, existing content filters (e.g. !amavisd-new) may also have their own implementation mechanism.[20:28:00] *** rsx has quit IRC[20:34:51] *** Section1 has quit IRC[20:42:51] *** [NoClan]GoAway has joined #postfix[20:43:43] *** CQ has quit IRC[21:01:22] *** pankid has quit IRC[21:01:48] *** pankid has joined #postfix[21:22:53] *** TyrfingMjolnir has joined #postfix[21:26:46] *** sarri has quit IRC[21:29:30] *** sarri has joined #postfix[21:32:38] *** anunnaki has quit IRC[21:37:07] *** sphenxes has joined #postfix[21:39:52] *** Darcidride has quit IRC[21:40:10] *** sphenxes01 has quit IRC[21:40:11] *** sphenxes02 has quit IRC[21:40:18] *** sphenxes02 has joined #postfix[21:46:23] *** lucascastro has quit IRC[21:52:14] *** anunnaki has joined #postfix[21:53:17] *** lucascastro has joined #postfix[21:54:31] *** lucascastro has quit IRC[21:56:15] *** pozitron has quit IRC[21:58:43] *** [NoClan]GoAway has quit IRC[22:00:52] *** mator has joined #postfix[22:01:10] *** sandeen has quit IRC[22:01:14] <mator> how do i make postfix to listen all interfaces, except of one?[22:02:49] <lunaphyte> list the desired addresses[22:03:19] <patdk-wk> or ip's[22:03:32] <mator> what about interfaces ?[22:03:42] <mator> like eth0, tun/tap[22:03:48] <lunaphyte> yes, addresses implies ip addresses[22:03:51] <lunaphyte> mator: no.[22:04:01] <lunaphyte> man 5 postconf. see inet_interfaces[22:04:14] <mator> inet_interfaces = all, !eth0 ?[22:04:34] <lunaphyte> if that notation is documented, sure[22:04:49] <mator> lunaphyte, thanks, you being a very helpful person[22:05:07] <mator> i'm blue[22:15:50] *** robinho86 has quit IRC[22:20:31] *** sphenxes02 has quit IRC[22:27:15] *** sandeen has joined #postfix[22:27:29] *** v1c3 has joined #postfix[22:30:59] *** Amkei has quit IRC[22:43:47] *** edux has quit IRC[22:43:51] *** Haudegen has quit IRC[22:44:05] *** edux has joined #postfix[22:46:33] *** synthroid has quit IRC[22:48:09] *** CyberDems has quit IRC[22:51:08] *** CyberDems has joined #postfix[22:51:16] *** [NoClan]GoAway has joined #postfix[22:54:24] *** CyberDems has quit IRC[22:55:09] *** RickyB98 has quit IRC[22:55:35] *** CyberDems has joined #postfix[22:55:44] *** RickyB98 has joined #postfix[22:55:49] *** RickyB98 has quit IRC[22:55:49] *** RickyB98 has joined #postfix[22:59:56] *** Haudegen has joined #postfix[23:01:38] *** FinboySlick has quit IRC[23:02:40] *** Gaius has joined #postfix[23:03:00] <Gaius> !getting_help[23:03:00] <knoba> Gaius: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[23:04:50] <Gaius> Ok, short question I hope (I'm completely new to postfix and MTAs...): what happens if someone sends an email while the postfix service isn't running? And what if my whole server is down? (simple internet site setup)[23:05:29] <jwing> Gaius: that's a question that only the sender's MTA admin can answer[23:06:35] <Gaius> jwing: So, it's possible the email is just dropped into nothingness?[23:06:38] <jwing> "someone" is very vague. Meaning.. a user of your service? Someone on the internet trying to send mail to you?[23:07:17] <jwing> sure.. if they are complete idiots they could configure their MTA to only try to send mail one time.[23:08:01] <Gaius> Ah right. I mean someone else sends an email to my MTA.[23:08:38] <jwing> normally the MTA is configured to try repetitively with a time back off between retries.[23:08:49] <jwing> until so much time has passed or so many attempts have been made.[23:09:09] <Gaius> And then a "permanently failed to deliver" thingy is sent to them, generally?[23:09:26] <jwing> the MTA will send to the sender a failure to deliver message.. yes[23:09:45] <jwing> some will send a warning saying it's having no success yet..[23:10:03] <jwing> until the final failure. then the permanent fail message is sent[23:10:57] <Gaius> Alright, so in general, if the server/mta should be down for a small amount of time and at that moment a mail is sent to the MTA, it should end up arriving anyway?[23:11:05] <jwing> yes[23:11:23] <jwing> SMTP is a store/forward mechanism with retry[23:11:24] <Gaius> Perfect, thank you jwing :)[23:11:52] *** sandeen is now known as |[23:12:00] *** | is now known as sandeen[23:27:58] *** mator has left #postfix[23:30:46] *** javak has joined #postfix[23:33:35] *** pti-jean_ has quit IRC[23:36:56] *** echan has joined #postfix[23:37:40] *** bb0x has joined #postfix[23:37:49] <bb0x> hi guys[23:38:23] <bb0x> can I use short hostname as relayhost ? e.g.: relayhost = [mail01][23:52:07] *** sandeen has quit IRC[23:57:09] *** sandeen has joined #postfix