January 26, 2016 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 26, 2016 [00:00:16] *** msmj has joined #postfix[00:03:18] *** rcsu has quit IRC[00:20:12] <msmj> hi! where can i tune the verbosity from postfix/submission/smtpd? i use postfix with mysql and it logs sensible stuff from db login which i want to deactive: http://pastebin.com/MMFhLN5b[00:23:17] <lunaphyte> logs sensible stuff?[00:23:33] <lunaphyte> oh, do you mean "logs sensitive stuff"?[00:26:15] *** camroncade has quit IRC[00:28:39] <msmj> oh lol yes sorry[00:28:56] <msmj> i found help by myself... i was just blind for more than an hour[00:29:21] <lunaphyte> if you don't want sensitive stuff like that logged, then turn off verbose logging [which you really shouldn't be needing in the first place][00:29:50] <msmj> it is /etc/procmail/master.conf line submission inet n - - - - smtpd ... i removed the -v .. :P[00:30:03] <msmj> thx![00:30:24] <lunaphyte> /etc/procmail/master.conf?[00:30:35] <lunaphyte> why do you have postfix config files in a directory named "procmail"?[00:30:40] <msmj> i mean postfix[00:35:15] <pj> someone needs to get some sleep I thnk.[00:35:42] *** rsx has quit IRC[00:36:17] *** moss has joined #postfix[00:38:14] <msmj> indeed pj[00:38:25] *** DefunctProcess is now known as DefunctProcessZZ[01:02:02] * dimitry7 has learnt that defunct processes only are killed by restarting[01:05:22] *** edux__ has quit IRC[01:06:47] *** setProfile has joined #postfix[01:28:46] *** ruel has quit IRC[01:34:52] *** lvlinux has joined #postfix[01:37:32] *** tonythomas has quit IRC[01:44:36] *** edux has joined #postfix[01:51:15] *** gu1lle_ has joined #postfix[01:53:21] *** Kellin has joined #postfix[01:55:16] *** wurm has joined #postfix[02:10:09] <KellerFuchs> lunaphyte: Finally figured out a nice way to authenticate my shell users without extra burden: SASL + GSSAPI[02:10:25] *** jwing has joined #postfix[02:10:25] *** jwing has joined #postfix[02:32:02] *** setProfile has quit IRC[02:32:32] *** setProfile has joined #postfix[02:33:46] *** setProfile has quit IRC[02:34:02] *** setProfile has joined #postfix[02:34:03] *** profile1 has joined #postfix[02:36:25] *** profile1 is now known as |[02:36:55] *** | is now known as Guest55574[02:38:11] *** sehh has joined #postfix[02:38:21] <sehh> hello everyone[02:38:47] <sehh> I'd appreciate some help with forwarders[02:38:58] <sehh> I have a setup with postfix+dovecot[02:39:31] <sehh> and virtual hosts under /home/[02:40:00] <sehh> I use dovecot-lmtp to deliver postfix emails to dovecot user home dirs[02:40:28] <sehh> and postfix also has a /etc/postfix/virtual_mailbox_domains, setup so it knows which domains to receive[02:41:14] <sehh> so my question is, how can I setup postfix for email forwarders, which remain in the users home directory, so they are editable by the user?[02:41:20] *** Guest55574 has quit IRC[02:42:05] <sehh> currently, in my setup, postfix knows nothing about /home directories, since it delivers the emails to dovecot LMTP, for delivery.[02:42:26] <sehh> any help would be appreciated[02:59:17] *** gu1lle_ has quit IRC[02:59:38] *** gu1lle_ has joined #postfix[03:07:16] *** dimitry7 has quit IRC[03:10:08] *** michelangelo has joined #postfix[03:11:56] *** edux has quit IRC[03:13:13] *** edux has joined #postfix[03:13:59] *** donmichelangelo has quit IRC[03:17:35] *** edux has quit IRC[03:22:19] *** edux has joined #postfix[03:22:26] *** err-or has joined #postfix[03:26:32] *** err-or_ has quit IRC[03:27:11] *** edux has quit IRC[03:38:48] <pj> sehh: have a look at dovecot-sieve[03:38:53] <pj> !tell sehh sieve[03:38:53] <knoba> sehh: "sieve" : sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info[03:39:03] <pj> ...along with managesieve[03:39:06] <pj> !managesieve[03:39:06] <knoba> pj: Error: "managesieve" is not a valid command.[03:39:10] <pj> !manage-sieve[03:39:10] <knoba> pj: Error: "manage-sieve" is not a valid command.[03:39:35] <pj> bleh, well it is managesieve, just no factoid.[03:40:56] <pj> oh to just put the filters in the home directory you only need sieve, I think.[03:42:12] <sehh> pj: instead of adding sieve, can't I just use virtual_mailbox_maps ?[03:42:40] <pj> sehh: sure, but adding sieve is probably easier.[03:44:31] <pj> sehh: I think doevecot may also have support for simple .forward files...[03:45:33] <pj> a bit of gooling reveals taht dovecot wants sieve to read the .forward file.[03:46:14] <sehh> I'd rather avoid sieve, I don't want to add an extra layer on my servers, especially when for something as simple as a forward rule[03:48:04] <pj> sehh: why are you using dovecot lmtp?[03:48:39] <sehh> erm is there a reason not to?[03:48:58] <pj> yes, local(8) has support for .forward files.[03:49:15] <sehh> that only works for local users, I've got virtual hosts[03:49:30] <pj> you said home directories, is that not local users?[03:50:14] <sehh> each virtual host has its own /home/mydomain/ directory, but each vitual host may have MULTIPLE domain names (parked domains)[03:50:38] <pj> oh, I see[03:50:39] <sehh> thus /home/mydomain/ may serve mydomain.com, but may also serve superdomain.edu[03:51:10] <sehh> so postfix doesn't know any of that, which is easy to let dovecot deal with virtual domains[03:51:25] <pj> ok, you can jump through loads of hoops, like running a cron job that pulls in the .forward files from all those home directories and compiles them to a single map file for postfix to access...[03:51:41] <pj> ...or you can just use sieve like everyone else who wants that functionality.[03:52:12] <sehh> hmm I think I can get virtual_mailbox_maps, to read multiple files[03:52:41] <pj> yes, it can, if you list them each individually.[03:53:04] <pj> so every time you add or remove a user you will have to change your main.cf config.[03:53:54] <sehh> sounds like the best idea, easy to implement as well (I already generate the main.cf automatically from my virtual hosting application)[03:54:58] <pj> no, it's a terrible idea, such a long list of files for postfix to access will actually take quite a bit of time to process for each message.[03:55:41] <pj> plus the various map types requires that you either have to postmap a file every time it's changed or you have to reload postfix.[03:57:08] <pj> so you can spend all day re-inventing the wheel for this (and doing a terrible job of it) or you can just use the right tool for the job (which is sieve).[03:58:58] <sehh> hmm[03:59:15] <sehh> well, I'll do some tests and see[03:59:21] <thumbs> use sieve[03:59:37] <sehh> if its too cumbersome or causes delays in postfix, then I'll test sieve[04:07:52] *** edux has joined #postfix[04:10:16] *** msmj has quit IRC[04:12:44] *** edux has quit IRC[04:17:04] *** edux has joined #postfix[04:20:33] *** Chill_Surf has quit IRC[04:21:36] *** edux has quit IRC[04:26:03] *** edux has joined #postfix[04:30:26] *** edux has quit IRC[04:35:19] *** edux has joined #postfix[04:36:20] *** chachasmooth has quit IRC[04:37:08] *** chachasmooth has joined #postfix[04:39:35] *** edux has quit IRC[04:57:55] *** nefigcas has joined #postfix[04:58:41] *** nefigcas has quit IRC[05:02:07] *** nefigcas has joined #postfix[05:04:24] *** nefigcas has quit IRC[05:05:16] *** nefigcas has joined #postfix[05:12:16] *** nhooyr has quit IRC[05:12:26] *** nhooyr has joined #postfix[05:13:07] *** nhooyr has quit IRC[05:13:35] *** nhooyr has joined #postfix[05:26:01] *** nhooyr has quit IRC[05:36:11] *** nhooyr has joined #postfix[05:37:16] *** wurm has quit IRC[05:38:54] *** edux has joined #postfix[05:43:06] *** edux has quit IRC[05:56:52] *** edux has joined #postfix[06:01:42] *** edux has quit IRC[06:06:02] *** edux has joined #postfix[06:10:26] *** edux has quit IRC[06:12:38] *** lucascastro has joined #postfix[06:24:02] *** tonythomas has joined #postfix[06:40:20] *** TyrfingMjolnir has quit IRC[06:47:24] *** TyrfingMjolnir has joined #postfix[06:54:08] *** nefigcas has quit IRC[07:05:06] *** nefigcas has joined #postfix[07:08:45] *** echan has quit IRC[07:10:42] *** gongoputch has quit IRC[07:18:47] *** edux has joined #postfix[07:22:28] *** echan has joined #postfix[07:23:59] *** edux has quit IRC[07:36:58] *** edux has joined #postfix[07:41:06] *** edux has quit IRC[07:44:14] *** gu1lle_ has quit IRC[07:45:59] *** edux has joined #postfix[07:46:05] *** lunaphyte has quit IRC[07:50:30] *** edux has quit IRC[07:51:43] *** lunaphyte has joined #postfix[07:55:18] *** edux has joined #postfix[07:59:40] *** edux has quit IRC[08:01:41] *** nefigcas has quit IRC[08:04:37] *** frdmn_ has left #postfix[08:06:09] *** frdmn has joined #postfix[08:09:50] *** Tuxick_ has joined #postfix[08:13:12] *** carl- has joined #postfix[08:14:56] *** Tuxick has quit IRC[08:14:56] *** Tuxick_ is now known as tuxick[08:27:32] *** tonythomas has quit IRC[08:49:36] *** skylite has joined #postfix[08:49:42] *** Motoko has quit IRC[08:51:06] *** Haudegen has quit IRC[08:59:02] *** edux has joined #postfix[09:03:15] *** edux has quit IRC[09:05:26] *** abramart has quit IRC[09:05:37] *** abramart has joined #postfix[09:06:33] *** abramart has quit IRC[09:06:45] *** abramart has joined #postfix[09:08:13] *** abramart has quit IRC[09:08:21] *** abramart has joined #postfix[09:08:59] *** abramart has quit IRC[09:09:09] *** abramart has joined #postfix[09:10:06] *** Haudegen has joined #postfix[09:17:03] *** edux has joined #postfix[09:17:29] *** zorg1 has joined #postfix[09:21:50] *** edux has quit IRC[09:25:54] *** edux has joined #postfix[09:30:26] *** edux has quit IRC[09:35:04] *** edux has joined #postfix[09:39:15] *** edux has quit IRC[09:44:06] *** edux has joined #postfix[09:48:46] *** edux has quit IRC[10:02:14] *** edux has joined #postfix[10:07:23] *** edux has quit IRC[10:12:10] *** SCHAAP137 has joined #postfix[10:42:09] *** befridolin has joined #postfix[10:46:01] *** tonythomas has joined #postfix[10:56:49] *** edux has joined #postfix[11:01:20] *** edux has quit IRC[11:15:04] *** edux has joined #postfix[11:17:31] *** parasite_ has joined #postfix[11:19:26] *** edux has quit IRC[11:24:26] *** edux has joined #postfix[11:29:41] *** edux has quit IRC[11:33:12] *** edux has joined #postfix[11:37:35] *** edux has quit IRC[11:38:33] *** setProfile has quit IRC[11:42:32] *** edux has joined #postfix[11:47:17] *** edux has quit IRC[12:00:49] *** edux has joined #postfix[12:02:02] <tuxick> wow[12:10:19] *** MACscr|lappy has joined #postfix[12:11:59] <MACscr|lappy> so i have a postfix anti-spam gateway setup before my zimbra server and its working great. I am though a bit curious on why I have so many "Received: from" header entries from my myself, etc. http://hastebin.com/raw/adobajulow[12:12:28] <MACscr|lappy> lite.exampleB.com is the destination zimbra server and mx1.example.com is the postfix anti-spam gateway[12:12:31] <MACscr|lappy> is this normal?[12:12:48] <MACscr|lappy> to have so many of them or could i have some sort of loop or what?[12:12:56] *** Section1 has joined #postfix[12:25:05] *** echan has quit IRC[12:28:59] *** Haudegen has quit IRC[12:30:01] *** andry has joined #postfix[12:36:52] *** wirehack7 has joined #postfix[12:39:35] <wirehack7> hello, I'm having a problem with my newly created mailserver, when sending a mail to it I always get Rejected: Access denied. I think there is a problem with the master.cnf, you might have a look: https://crypt.capslink.xyz/#PNzW176ly6-_fsUWkrlLxw thanks for your help in advance[12:43:06] <andry> -o smtpd_client_restrictions=permit_sasl_authenticated,reject[12:43:06] <andry> you can do that for submission etc., but not for smtpd (except you really want to)[12:43:49] <andry> a foreign mx does not authenticate against your smtpd[12:43:53] <wirehack7> oh ok, so commenting it out?[12:43:57] <andry> yes :)[12:44:01] <wirehack7> ok, ty :)[12:44:06] *** ntnlzr has quit IRC[12:44:41] <andry> you should create another listener besides the one on port 25 to submit mail[12:44:55] <andry> and move your client restriction there[12:45:07] <wirehack7> ok, commented it out, same error, hrmm[12:45:47] <andry> -o smtpd_tls_security_level=encrypt < this should be "may" for port 25, so mail servers without tls can send you mail[12:46:17] *** Haudegen has joined #postfix[12:47:06] <andry> i think you used all the options for submission on your smtp listener[12:47:54] <wirehack7> I used that ISP like mail workshop, but mail delivery is a bit confusing, so sorry. have to go every point through[12:48:21] <wirehack7> so, this encrypt might conflict cause the other server does not encrypt it?[13:19:18] <pj> MACscr|lappy: that's not that many Received headers.[13:19:52] <pj> it's pretty normal when passing mail off to various anti-spam stuff, etc. everything adds another header.[13:22:08] <pj> wirehack7: encrypt means that postfix refuses to do anything unless the connection is encrypted, but not all servers support encryption so you will find that you will not be able to receive mail from everyone if you use encrypt.[13:22:25] <pj> setting it to may is better, it means encrypt when you can.[13:26:52] *** pti-jean_ has joined #postfix[13:47:33] *** tonythomas has quit IRC[13:55:29] *** markit has joined #postfix[14:04:33] *** skylite has quit IRC[14:16:16] <markit> hi, I need some "understanding of principle" about postfix/dovecot. Postfix being a MTA, if I receive an email, who does it store it? So far seems that postfix itself stores in /var/mail/account. And if I send an email, how can be stored? Does dovecot enter in this picture?[14:17:16] *** synthroid has joined #postfix[14:20:36] *** jwing has quit IRC[14:35:52] <patdk-wk> well, postfix has two limited mda's, local and virtual, what you described is the local mda included in postfix[14:36:08] <patdk-wk> ideally, you should use the dovecot mda instead, likely the lmtp one[14:36:26] <patdk-wk> then you can make full use of dovecot, and store it in any dovecot supported mail storage formats[14:36:34] <rob0> Depends on what you need, which we can't tell you.[14:36:54] <thumbs> rob0: I need a cake[14:37:04] <patdk-wk> not a diet?[14:37:14] <rob0> "man cake", hmmm[14:37:21] <patdk-wk> !cake[14:37:22] <knoba> patdk-wk: Error: "cake" is not a valid command.[14:40:38] <markit> patdk-wk: oh, that makes sense... so postfix itself does not keep outgoing mails stored somewhere, correct?[14:40:52] <patdk-wk> define, outgoing[14:41:25] <markit> thunderbird uses postfix on port 587 or 25 to send mail to an external domain[14:41:51] <patdk-wk> only if you use the always_bcc option[14:42:23] <markit> patdk-wk: in that case I would find that message in my incoming box though (/var/mail/myaccount), right?[14:42:43] <markit> I will not have an /var/mail/myaccount_sent file/directory[14:42:48] <patdk-wk> well, in whatever account you assigned to that option[14:42:58] <lunaphyte> markit: thunderbid *can* use port 25, solely for the purposes of ancient, now misconfigured mail servers. however, it should not. 587 is the correct port to use[14:43:04] <patdk-wk> heh? postfix doesn't know what a mailbox is[14:43:10] <patdk-wk> there is only delievery destinations[14:43:14] <patdk-wk> your *inbox* is one[14:43:17] <markit> patdk-wk: I'm talking about "general stuff", a sort of "postfix 101 for newbies"[14:43:19] <patdk-wk> a sentbox is not[14:47:02] <markit> patdk-wk: I'll scratch my head further about what you said, thanks a lot for now :)[14:47:24] <patdk-wk> postfix is an mta :) it delievers email[14:47:35] <patdk-wk> it doesn't know or manage your mailbox folders[14:47:51] <patdk-wk> it very limited knows about an inbox is, via the local/virtual delievery agents :)[14:48:15] <markit> I know, but the second question becomes "ok, but who stores it (inbox and sent box)? Which piece of software?[14:48:25] <patdk-wk> your mua[14:48:43] <markit> because seems that dovecot does not either, it just gives you imap and pop3 access of what is already sotred by someone else,right?[14:48:45] <patdk-wk> when you send email from your mail program, it will store a copy in your sent folder[14:49:01] <patdk-wk> maybe[14:49:05] <patdk-wk> dovecot can sort the email[14:49:18] <patdk-wk> or the mua can (automatically or via a human)[14:49:28] <patdk-wk> !sieve[14:49:28] <knoba> patdk-wk: "sieve" : sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info[14:49:30] <patdk-wk> !mua[14:49:30] <markit> ah, so my sent folder, to be in the "mail server", needs to be an imap one through dovecot[14:49:31] <knoba> patdk-wk: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird[14:49:40] <patdk-wk> yes[14:52:01] *** irctc395 has joined #postfix[14:53:16] <markit> so, let's say that I want a maildir storage type, I need to configure postfix to store incoming mails that way, and then dovecot to use that storage type and location itsels. Then when Thunderbird is configured to have "sent mail" stored in SERVER_IP/sent box, it's a maildir created by dovecot through imap conversation with TB?[14:53:33] <markit> I've always seen mail server as "a whole" :([14:54:33] <markit> mmm no, rereading what you said, I have to tell postfix to use dovecot, and set dovecot to maildir[14:54:41] <markit> sorry for the last noise :)[14:55:57] *** sphenxes01 has joined #postfix[14:58:23] <Yatekii> Hey guys, any advice on a postfix setup with dovecot? Atm i use postgres an clamav to complement it. Do i need anything more?[14:58:30] *** robinho86 has quit IRC[14:59:02] *** sphenxes has quit IRC[14:59:06] *** sphenxes02 has quit IRC[14:59:22] *** sphenxes has joined #postfix[15:03:40] <irctc395> Hello, I am running postfix 2.9.6 and I want to filter outgoing mail for a subject like "test123". As soon as the subject is "test123" I want to forward this mail to archiv@domain.[15:04:19] *** robinho86 has joined #postfix[15:04:31] *** robinho86 has quit IRC[15:05:45] <tuxick> irctc395: http://www.postfix.org/regexp_table.5.html[15:09:35] <irctc395> tuxick: I know about the regex feature - I used that for "header_check" but noticed that "BCC" is not working with 2.9.6[15:18:01] <tuxick> dunno then[15:18:21] <rob0> http://www.postfix.org/header_checks.5.html ... there is no mention of a "BCC" action.[15:19:33] <Yatekii> guys what are dynamic maps for? :S I don't seem to find a good explanation :S[15:19:39] <Yatekii> (dynamicmaps.cf file[15:19:41] <Yatekii> )[15:19:56] *** Haudegen has quit IRC[15:21:51] <lunaphyte> Yatekii: see release_notes and install[15:22:09] <Yatekii> lunaphyte: uhhmm where exactly?[15:22:21] <lunaphyte> i'm not sure what you mean by "where"?[15:22:26] <Yatekii> (my debian install has that file, gentoo doesnt so I am confused)[15:22:31] <lunaphyte> they are the names of files, included with the software[15:22:33] <Yatekii> yeah where should those files be?[15:22:52] <lunaphyte> if you decided to have someone else provide the software, then you'll have to ask them where they put those files...[15:23:03] <rob0> Your Debian was patched[15:23:25] <rob0> however, that patch is now included in Postfix 3.x[15:23:26] <lunaphyte> [which is also covered in the documentation debian provides with their version of the software][15:23:32] <rob0> !debian[15:23:33] <knoba> rob0: "debian" : (#1) Please see /usr/share/doc/postfix/README.Debian for Debian-specific information. This probably applies to Ubuntu and most other Debian-derivative distributions as well., or (#2) Debian splits the syslog mail facility into several files; the one most likely to be of interest is mail.log , which contains all mail.* priority levels.[15:23:44] <Yatekii> hmm ok[15:23:50] <Yatekii> I am using gentoo now[15:23:53] <Yatekii> :)[15:24:03] <Yatekii> just wanted to know if I need that file migrating[15:24:08] <Yatekii> was hard googling the purpose[15:24:33] <Yatekii> it's also hard to google the "slow" master process :D[15:24:46] <Yatekii> u will only find complaints abaout slow postfix :D[15:26:18] * lunaphyte wonders what a "slow" master process actually is[15:26:31] <Yatekii> slow unix - - n - 1 smtp[15:26:37] <Yatekii> in my debian master.cf[15:26:46] <lunaphyte> oh[15:26:56] <Yatekii> I need to comment the entire file now, otherwise I am googling next time again[15:27:31] <Yatekii> because the smtp line doesn't tell me mcuh either^^[15:28:09] <lunaphyte> luckily, it's all documented ;)[15:28:33] <Yatekii> becasue the name is smtp and the command executed is smtpd and then the name is slow and the process executed is smtp[15:28:36] <Yatekii> like wtf[15:28:45] <Yatekii> it's not well documented if you can't find it.[15:29:07] <lunaphyte> heh, that's patently false[15:29:45] <e38383> i've never seen that "slow", where does that come from?[15:29:56] <lunaphyte> it's a customization[15:29:56] <Yatekii> reading about simple keywords or variables is very well documented and easily done[15:30:35] <e38383> you just need to document your own changes then?[15:30:38] <Yatekii> e38383: that's what I am asking too :) but guess it's hard to understand why googling "slow postfix master process" is hard[15:31:05] <Yatekii> well yeah might be I put that once. still can't remember, so I figured I'll ask[15:31:15] <lunaphyte> because you PICKED the word "slow"[15:31:25] *** Kellin has quit IRC[15:32:06] <Yatekii> I used some manuals on howto postfix, dovecot, psql clamav etc[15:32:45] <rob0> Each of those projects has their own documentation, BTW.[15:33:24] <Yatekii> rob0: I know, now I am working on postfix.[15:33:43] <rob0> Also, I do not recommend clamav. I don't recommend ANY content filtering without using safer and more effective pre-DATA checks.[15:33:46] <Yatekii> and there is a few default master processes which are not explained as well (at least not in the man files I read) so yeah[15:33:51] <rob0> !cheatsheet[15:33:51] <knoba> rob0: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2016-01-16, now requires Postfix 2.11+)[15:34:03] <Yatekii> ty :)[15:34:07] <Yatekii> will read![15:39:16] *** Haudegen has joined #postfix[15:40:32] *** FinboySlick has joined #postfix[15:56:19] *** irctc395 has quit IRC[15:58:25] *** carl- has quit IRC[16:04:14] *** befridolin has quit IRC[16:19:50] *** DefunctProcessZZ is now known as DefunctProcess[16:20:46] *** Chill_Surf has joined #postfix[16:35:51] *** synthroid has quit IRC[16:54:09] <KellerFuchs> rob0: Well, ClamAV, rspam and friends have their place ... later in the mail pipeline[16:54:50] <KellerFuchs> mostly because they are expensive, and cheap tests can be quite effective at killing 90% of the SPAM for 10% of the cost[16:57:35] <rob0> ClamAV has been known to break working setups without warning.[16:58:08] <rob0> irresponsible project management. And it hardly ever catches anything that postscreen misses.[16:58:37] <rob0> During the time I ran it, averaged 1/month on a heavily spammed domain.[17:00:05] <tuxick> especially that extra repository[17:01:00] *** trepatudo has quit IRC[17:03:51] *** lucascastro has quit IRC[17:10:30] *** trepatudo has joined #postfix[17:14:40] *** tonil has joined #postfix[17:14:40] *** tonil has joined #postfix[17:16:48] *** lucascastro has joined #postfix[17:19:21] <GTAXL> I keep getting spam e-mails, spamassassin puts them in the spam folder but the ones I'm concerned about are the spam e-mails others are sending posing as my mail server's hostname, I want them to be rejected.[17:21:22] <rob0> I guess "posing as my mail server's hostname" means HELO as your name?[17:21:30] <rob0> !check_helo_access[17:21:31] <knoba> rob0: "check_helo_access" : check_helo_access type:table - Search the specified access(5) database for the HELO or EHLO hostname or parent domains, and execute the corresponding action.[17:21:38] <rob0> !access[17:21:38] <knoba> rob0: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[17:21:54] <rob0> see also access.5.html[17:22:05] <GTAXL> idk, just the from email address has spammername at mail dot gtaxl.net[17:22:49] <rob0> oh.[17:23:31] <GTAXL> no, they use their own hostname for that, helo=static-212-68-45-36.kalehosting.com.tr;[17:24:00] <GTAXL> Subject: Best boosters on-line![17:24:00] <GTAXL> From: Don at mail dot gtaxl.net, Sams at mail dot gtaxl.net[17:24:20] *** robinho86 has joined #postfix[17:24:28] <GTAXL> I have a few people asking me wtf is my mail server sending but it clearly isn't if you look at the headers[17:25:08] <rob0> 36.45.68.212.zen.spamhaus.org. 900 IN TXT "https://www.spamhaus.org/query/ip/212.68.45.36"[17:25:29] <GTAXL> yeah, spamassassin picks up on that[17:25:31] <rob0> !tell GTAXL cheatsheet[17:25:31] <knoba> GTAXL: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2016-01-16, now requires Postfix 2.11+)[17:25:46] <GTAXL> but I don't want them going to spam if they use my own mail server's name posing, I want them rejected[17:27:30] *** gongoputch has joined #postfix[17:27:45] <GTAXL> I also need to figure out why opendkim is adding a signature header to incoming "spoofed" emails using my domain, it should opendkim should only be signing outbound e-mails[17:29:33] <GTAXL> opendmarc should of kicked in and rejected the e-mails[17:32:09] <jaybe> eh - you're signing on mail incoming on smtp port??[17:33:13] <GTAXL> it should sign all outbound e-mails yes[17:33:17] <GTAXL> but not inbound e-mails[17:33:20] <GTAXL> how to fix that?[17:33:44] <GTAXL> it only signs inbound e-mails that match the domains I have configured for signing in opendkim[17:35:02] <patdk-wk> it should only be hooked into the submission port, and submission should require auth[17:35:06] <patdk-wk> then, problem solved[17:35:36] <GTAXL> ok, what config file and line should I be looking at[17:38:11] *** dstarh has joined #postfix[17:40:17] *** Jonukas has joined #postfix[17:41:22] *** rsx has joined #postfix[17:42:16] *** dimitry7 has joined #postfix[17:45:23] *** SCHAAP137 has quit IRC[17:46:38] *** markit has quit IRC[17:47:29] *** mrwboilers has joined #postfix[17:48:17] *** rcsu has joined #postfix[17:48:46] *** camroncade has joined #postfix[17:49:06] <mrwboilers> I'm having a terrible time with what should be a simple configuration change.[17:49:24] <tharkun> !tell mrwboilers welcome[17:49:24] <knoba> mrwboilers: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![17:49:43] <mrwboilers> No matter what I set for myorigin or mydomain in main.cf, outgoing messages are sent as user@hostname.[17:50:05] <mrwboilers> Is there some other setting that could be overriding my changes?[17:50:16] <jaybe> !submission | GTAXL[17:50:17] <knoba> jaybe: Error: "submission" is not a valid command.[17:50:18] <mrwboilers> I'm running 'postfix reload' after every change to main.cf[17:50:24] <rob0> Yes. Your MUA might be setting a sender address.[17:50:25] <jaybe> !submission[17:50:25] <knoba> jaybe: "submission" : Port 587 is submission, for user submission of mail, NOT suitable for mail exchange. See the commented example in master.cf. also see !msa, and rfc 6409. Also read http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf[17:50:30] <jaybe> GTAXL, ^[17:52:46] <GTAXL> yeah, I'm looking at how to put the milter in the master.cf right now for submission only[17:52:51] <mrwboilers> rob0: Thanks, I'll look into that. I'm just using mail.[17:53:09] <rob0> !tell mrwboilers mail[17:53:09] <knoba> mrwboilers: "mail" : mail(1) (also known as mailx(1) or bsd-mailx) is not a Postfix-provided command. For help with it, see its man page. More powerful, commonly available console- and CLI-based MUAs include mutt, alpine and heirloom mailx (likewise, not supported here.)[18:00:07] *** lucascastro has quit IRC[18:02:17] *** zorg1 has quit IRC[18:02:38] *** roxer_ has joined #postfix[18:06:46] *** TyrfingM1olnir has joined #postfix[18:07:18] *** TyrfingMjolnir has quit IRC[18:07:19] *** trepatudo has quit IRC[18:09:59] *** atnakus has joined #postfix[18:10:22] *** atnakus has joined #postfix[18:10:58] *** trepatudo has joined #postfix[18:14:21] <mrwboilers> rob0: you were right. Something in mail was f'ing things up. Worked fine using mutt. And I was ready to blame postfix![18:15:58] <jelly> I'm going to leave this here without context. http://pastebin.com/64ja6Qku[18:16:46] *** gu1lle_ has joined #postfix[18:16:57] <jelly> without comment* too[18:17:08] <rob0> mrwboilers would not have been the first.[18:19:05] *** trepatud- has joined #postfix[18:20:35] *** trepatudo has quit IRC[18:21:03] *** tonil has quit IRC[18:28:19] *** lucascastro has joined #postfix[18:28:24] *** trn has quit IRC[18:29:24] *** Bish has quit IRC[18:30:51] *** PaulePanter has quit IRC[18:30:52] *** colona has quit IRC[18:31:23] *** PaulePanter has joined #postfix[18:31:37] *** colona has joined #postfix[18:35:44] *** Bish_ has joined #postfix[18:48:42] *** trn has joined #postfix[18:55:34] <GTAXL> actually I do need opendkim on port 25 too as it inspects inbound e-mails and adds a pass or fail header for dkim signatures, ugh.......[18:56:10] *** synthroid has joined #postfix[18:56:36] <lunaphyte> huh?[18:56:42] <lunaphyte> you are mistaken[18:59:16] <GTAXL> no, I'm not, opendkim adds an authentication header for inbound e-mails[18:59:53] *** Darcidride has joined #postfix[19:01:12] <lunaphyte> "need opendkim on port 25"[19:01:15] <lunaphyte> you are mistaken[19:02:31] <GTAXL> I want the verification headers though[19:02:47] <lunaphyte> are you using amavis/spamassassin?[19:02:51] <GTAXL> I just don't want it signing inbound e-mail for domains handled by the mail server[19:04:25] <GTAXL> I have spamassassin[19:04:35] <lunaphyte> no amavis?[19:04:57] <GTAXL> along with opendkim, opendmarc, and policyd-spf[19:05:12] <GTAXL> no, I'll be adding an av later, such as clamav or such[19:05:37] <rob0> !amavisd-new[19:05:37] <knoba> rob0: "amavisd-new" : amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers. See http://www.ijs.si/software/amavisd/[19:06:47] <GTAXL> yes, I see what it is, not my question.[19:07:11] <GTAXL> I'll guess I'll dig up how to exempt local domains[19:12:49] <lunaphyte> yikes, policyd-spf too?[19:12:59] <lunaphyte> that's not a good idea[19:13:16] <lunaphyte> and unnecessary too, if only you'd gone about this differently to begin with and used amavis[19:14:02] <lunaphyte> use amavis, with spamassassin, and get rid of the spf policy stuff. then, as an added bonus, you don't need opendkim to add any headers. amavis already does this[19:15:15] *** robinho86 has joined #postfix[19:34:47] *** mrwboilers has left #postfix[19:46:52] <nhooyr> lunaphyte: hmm. for some reason amavis removes the authentication results header. so I can't check opendmarc's results with spamassassin.[19:47:01] <nhooyr> like the previous ones[19:56:55] *** Section1 has quit IRC[19:59:02] <nhooyr> also for the policyd-spf. it adds the received-spf header unlike dmarc which can be used by opendmarc and then later on spamassassin as well.[19:59:20] *** rsx has quit IRC[20:03:34] *** synthroid has quit IRC[20:05:59] *** nhooyr has quit IRC[20:06:53] *** nhooyr has joined #postfix[20:13:02] *** nhooyr has quit IRC[20:13:53] *** nhooyr has joined #postfix[20:22:34] *** lucascastro has quit IRC[20:23:09] *** nhooyr has quit IRC[20:23:51] *** nhooyr has joined #postfix[20:28:56] <daynaskully> I'm getting an access denied error when sending from outside my mailserver (554 5.7.1) and this only started happening after some config changes... google says it might be smtpd_recipient_restrictions = permit_mynetworks (but this worked fine with the setting yesteray)[20:29:24] <Dominian> need to see actual logs etc[20:29:27] <Dominian> see /topic for what info is needed[20:43:44] <micah> how do you enforce the From when using client certs?[20:44:46] *** Haudegen has quit IRC[20:45:38] <rob0> micah, do you mean like reject_authenticated_login_sender_mismatch (or whatever) for SASL?[20:46:30] <micah> rob0: exactly[20:47:10] <rob0> The only way I can think would be with an ugly mess of restriction classes, or a custom policy server.[20:47:31] *** equilibriumuk has quit IRC[20:47:39] <micah> rob0: what about this:[20:47:40] <micah> smtpd_sender_restrictions = reject_unlisted_sender, reject_authenticated_sender_login_mismatch[20:47:40] <micah> smtpd_sender_login_maps = regexp:/etc/postfix/passthroughmap.regexp[20:47:51] <micah> and /etc/postfix/passthroughmap.regexp: /(.*)/ $1[20:48:38] <micah> that regexp would mean that the login could MAIL FROM as the login name only[20:48:55] <rob0> are you using SASL AUTH in addition to TLS certificates?[20:49:14] <micah> i think that it will use the CN of the certificate as the 'login' - but that is an assumption[20:49:35] <rob0> I think it would if that's what the documentation says.[20:49:36] <micah> rob0: no sasl[20:50:07] <micah> i did read that somewhere, but I'm having trouble remembering where[20:50:20] <rob0> Postfix without SASL support will ignore reject_authenticated_sender_login_mismatch, so i doubt it.[20:50:40] *** equilibriumuk has joined #postfix[20:51:27] <micah> rob0: really? do you see that in the postconf.5 docs somewhere?[20:54:10] <micah> it says this: Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.[20:54:12] <rob0> I've seen it happen, people ask questions here[20:54:37] <micah> but i was underthe impression that if you use a cert, you may not be "SASL" logged in, but there is an authenticated login name still[20:57:03] <rob0> it's authenticated, but it is not SASL AUTH[20:57:29] *** equilibriumuk has quit IRC[20:59:09] *** equilibriumuk has joined #postfix[21:01:20] *** Darcidride has quit IRC[21:02:12] *** Haudegen has joined #postfix[21:06:55] <tharkun> Is there yet a reliable DNSRBL or the concept by itself is not scalable to the ipv6 space?[21:07:16] <rob0> I am wondering the same thing.[21:07:57] <rob0> I suspect "not scalable", spammers' heaven.[21:08:40] <tharkun> rob0: Yes that is what worries me. I've been getting spam through that is comming from the ipv6 address space.[21:09:08] <rob0> I think DNS whitelisting will become more important. Those who run servers on ipv6 will need to register with entities like dnswl.org.[21:09:38] <tharkun> dnswl.org allready uses ipv6?[21:09:38] <rob0> With whitelisting and a default reject policy, ipv6 mail could be manageable.[21:09:51] <rob0> I don't think they do, not sure.[21:10:48] <rob0> My strategy is to stick my head in the ipv4 sand. I won't listen on ipv6 until such time as there is massive movement thereto.[21:11:15] <rob0> We (TINW) have spam pretty well beat in ipv4.[21:12:23] *** sandah has joined #postfix[21:15:00] *** JanC has quit IRC[21:16:09] *** Hoffe has joined #postfix[21:18:29] *** synthroid has joined #postfix[21:20:13] *** Jonukas has quit IRC[21:20:19] *** echan has joined #postfix[21:23:53] <tharkun> Well someidiotic mail admin of one of our providers only uses ipv6 for their Exchange server so I had to listen on for their mail. :([21:24:14] *** Amkei has joined #postfix[21:25:33] <sandah> Is there anything which can stop a one sender from hogging the outgoing queue? I work on an HPC cluster and users can send notifications from their jobs, so one user can send say 3000 messages, if they don't know what they are doing. Is there a way to throttle messages to a single sender so they won't block the queue for other users?[21:26:18] <rob0> tharkun, wow, I suppose they are still cut off from a huge chunk of the Internet.[21:28:57] <rob0> sandah, if they are using sendmail(1) to send, no, not really. If they're using submission, you could throttle them with a policy server.[21:29:18] <Hoffe> sandah, you could use a policy daemon that would limit a given user to send max number of mails over a period of time.[21:29:32] <Hoffe> ...what rob0 said ;)[21:29:59] <sandah> Is a policy daemon another piece of software or a function of postfix?[21:30:08] <rob0> !policy[21:30:09] <knoba> rob0: "policy" : Postfix smtpd(8) policy protocol, http://www.postfix.org/SMTPD_POLICY_README.html , for complex and intelligent restrictions[21:30:18] *** JanC has joined #postfix[21:30:22] <sandah> Thanks rob0 and Hoffe[21:30:26] <rob0> another piece of software[21:34:21] <tharkun> rob0: Did I mentioned idiotic? This little company has but 10 customers and all their e-mail users turned to gmail to get the work done.[21:35:32] *** lucascastro has joined #postfix[21:35:48] <rob0> :)[21:38:57] *** wiuempe is now known as wmp[21:51:30] <KellerFuchs> rob0: I'm not sure building gated-off islands of domains that can exchange mail (which is what domain whitelists achieve) is the right way to solve PSPAM[22:03:10] *** lucascastro has quit IRC[22:13:15] *** tris has quit IRC[22:14:43] <lunaphyte> join the debate ;)[22:14:51] <lunaphyte> there's no good answer yet[22:19:00] *** tris has joined #postfix[22:22:51] *** akkad has quit IRC[22:27:54] *** akkad has joined #postfix[22:32:54] *** echan has quit IRC[22:37:42] *** ghoti has quit IRC[22:44:16] <Yatekii> guys may I ask: when the MUA sends a mail, it does it using SMTP, right? but how does the MTA (postfix) act on incomming SMTP connections? does it deliver the mails only if it is meant for a known recipient and or if the sender is authenticated to send mail through that MTA (or if it isnt and it still accepts it that's called an open relay). right?[22:44:24] <Yatekii> just so I understood it all right[22:45:26] <Yatekii> so that means, the Protocol used is all SMTP. And smtpd is the server that handles incomming mails and delegates to smtp if needed. Is that right?[22:46:18] <Yatekii> And if I send a mail to another address from my MUA, I actually send it to my MTA and it forwards it for me to the other addresses MTA?[22:46:20] <rob0> Some Unix-based MUAs use sendmail(1) submission, not SMTP.[22:46:44] <Yatekii> oh kk[22:46:55] <Yatekii> well I have the submission master process activated[22:47:02] <rob0> most MUAs do SMTP, yes[22:47:29] <Yatekii> hmm what I read about submission is that it is just another port open and most MUAS can use it?[22:47:33] <rob0> and generally you'd require AUTH on submission, and allow relay for authenticated users.[22:47:49] <Yatekii> yeah that's what I do atm I think[22:47:58] <Yatekii> (I haven't gotten an open relay)[22:48:10] <Yatekii> ok so I guess I got that one right then[22:48:28] <Yatekii> oki[22:48:56] <Yatekii> last question: so IMAP does nothing with sending at all, right? it is just here to map my inbox, right?[22:50:08] *** synthroid has quit IRC[22:50:39] <GTAXL> yup[22:51:18] <Yatekii> ty so much[22:51:32] *** echan has joined #postfix[22:55:28] <Yatekii> do you guys recommend using uucp?[22:55:40] <lunaphyte> yes, unequivocally[22:56:11] <lunaphyte> i also recommend using fax machines, and i also recommend prostate warmers[22:57:00] *** edux has quit IRC[22:57:06] <Yatekii> ...[22:58:20] *** edux has joined #postfix[23:01:26] *** sandah has left #postfix[23:04:00] *** pti-jean_ has quit IRC[23:06:32] *** FinboySlick has quit IRC[23:07:06] *** ghoti has joined #postfix[23:09:42] *** jakesyl_mobile has joined #postfix[23:28:51] <tharkun> Yatekii: take a look at lmtp[23:29:31] *** nyloc has left #postfix[23:29:38] *** camroncade has quit IRC[23:30:11] <Yatekii> hmm[23:32:18] *** rcsu has quit IRC[23:37:15] <daynaskully> {Q} When using /etc/aliases to pipe to a script (postfix/dovecot) what permissions should the script file be; and where might i debug? (maillog just says "successfully delivered to command"[23:39:25] *** Hoffe has quit IRC[23:44:57] *** dstarh has quit IRC[23:52:48] *** tree333 has quit IRC[23:55:57] <lunaphyte> daynaskully: the script should be executable, as it's a script. where you should debug depends on what exactly you're trying to debug[23:58:23] *** Amkei has quit IRC