January 27, 2016 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 27, 2016 [00:04:40] *** spookah has joined #postfix[00:05:46] <spookah> Is it possible for my postfix server to accept smtp emails and then redirect them to a single mailbox? For example all the emails send to: john at gmail dot com, mike at hotmail dot com, me at you dot com, someone at somewhere dot com would land in my mailbox mailcatch@localhost[00:06:00] *** gu1lle_ has quit IRC[00:06:20] *** Dominian has quit IRC[00:14:26] *** Dominian has joined #postfix[00:16:56] <lunaphyte> not gmail or hotmail, no[00:17:58] <lunaphyte> mail for those domains goes to their systems[00:18:45] <spookah> even if it's being sent outbound from my server?[00:19:15] <spookah> we have software that sends quite a bit of email and the devs are doing some braindead debugging. I was hoping to setup a server that could catch all the outbound emails (no matter what domain)[00:19:22] <spookah> and then they could review them sanely[00:19:42] <rob0> ah, that is simple[00:20:30] <rob0> basically a catchall virtual alias, also everything as a virtual alias domain[00:20:54] <rob0> and the actual destination has to be aliased to itself[00:21:05] <rob0> and that domain in mydestination[00:21:07] <spookah> i have to add an alias for every domain i want to catch?[00:21:14] <rob0> I thinkI posted something similar here[00:21:19] <rob0> !blackhole[00:21:19] <knoba> rob0: "blackhole" : http://archives.neohapsis.com/archives/postfix/2010-04/0168.html[00:22:13] <spookah> that looks promising[00:22:15] <spookah> thanks[00:25:15] <rob0> "have to add an alias for every domain i want to catch" would certainly not have been "simple"[00:27:47] *** DefunctProcess is now known as DefunctProcessZZ[00:27:57] <rob0> That one has nothing as virtual alias domain, which means you'd need a trick to accept the mail[00:28:18] <rob0> I should write this up better and post it again[00:45:32] *** spookah1 has joined #postfix[00:49:38] *** spookah has quit IRC[00:52:30] *** joules has joined #postfix[00:57:07] *** spookah has joined #postfix[00:57:32] *** spookah1 has quit IRC[00:59:32] *** setProfile has joined #postfix[01:16:36] *** jakesyl_mobile has quit IRC[01:21:35] *** dimitry7 has quit IRC[01:33:09] *** akkad has quit IRC[01:35:31] *** akkad has joined #postfix[01:42:39] *** jwing has joined #postfix[01:47:12] *** Batch has joined #postfix[02:03:54] *** gu1lle_ has joined #postfix[02:06:46] *** edux has quit IRC[02:14:39] *** edux has joined #postfix[02:18:07] *** atnakus has quit IRC[02:20:10] *** edux has quit IRC[02:33:02] *** edux has joined #postfix[02:37:42] *** edux has quit IRC[02:42:17] *** edux has joined #postfix[02:46:17] *** Xionkana has joined #postfix[02:46:26] *** edux has quit IRC[02:51:23] *** edux has joined #postfix[02:55:59] *** edux has quit IRC[02:59:25] *** Xionkana has quit IRC[03:00:35] *** edux has joined #postfix[03:04:48] *** edux has quit IRC[03:09:37] *** edux has joined #postfix[03:09:51] *** donmichelangelo has joined #postfix[03:11:23] *** dstarh has joined #postfix[03:12:36] *** michelangelo has quit IRC[03:14:19] *** edux has quit IRC[03:21:04] *** err-or_ has joined #postfix[03:25:10] *** err-or has quit IRC[03:26:14] *** guampa has joined #postfix[03:27:24] *** edux has joined #postfix[03:28:27] *** skyroveRR has joined #postfix[03:32:41] *** edux has quit IRC[04:07:52] *** githogori has quit IRC[04:13:59] *** robinho86 has quit IRC[04:15:51] *** githogori has joined #postfix[04:24:13] *** jakesyl_mobile has joined #postfix[04:27:59] *** lucascastro has joined #postfix[04:31:21] *** edux has joined #postfix[04:35:00] *** chachasmooth has quit IRC[04:36:00] *** edux has quit IRC[04:36:26] *** chachasmooth has joined #postfix[04:38:01] *** echan has quit IRC[04:39:38] *** spookah has quit IRC[04:40:26] *** spookah has joined #postfix[04:40:35] *** edux has joined #postfix[04:44:55] *** edux has quit IRC[04:51:27] *** Xionkana has joined #postfix[04:51:37] <Xionkana> !welcome[04:51:38] <knoba> Xionkana: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![04:54:02] <Xionkana> Hey everyone. If I have a server running on example.io, and an A record to the same IP at mx.example.io, should my postfix $mydestination still be localhost, or mx. or just example.io?[04:54:51] <Xionkana> At the moment, I can send emails through this to external mail servers, but I cannot receive just now. :/[04:58:34] *** edux has joined #postfix[05:00:47] <pj> Xionkana: mydestination needs to be set to the domain name that you're receiving mail for.[05:03:26] *** lucascastro has quit IRC[05:03:36] *** edux has quit IRC[05:07:56] *** edux has joined #postfix[05:08:03] <Xionkana> pj: I set it for mx.example.io, but I still don't seem to be receiving any email.[05:08:12] <Xionkana> mail.log isn't outputting anything useful.[05:08:31] <pj> Xionkana: you send mail to mx.example.io?[05:08:35] <Xionkana> telnet-ing on port 25 doesn't work, but 587 does (I'm using a proper SSL certificate)[05:08:49] <Xionkana> That's not the real domain name. xD[05:09:11] <pj> no doubt, but Ihtink you may have multiple issues.[05:09:16] <Xionkana> mx.awx.io is the one I'm attempting to configure for.[05:09:22] <pj> first off, what *is* the real domain name?[05:09:36] <Xionkana> Er, awx.io[05:09:39] <pj> ok, so you would send mail to foo at mx dot awx.io?[05:09:46] *** echan has joined #postfix[05:09:48] <pj> ok, awx.io, that's what I thought.[05:09:54] <Xionkana> Yeah, sorry. x)[05:09:55] <pj> one min, I'll check your dns...[05:10:04] <Xionkana> Much appreciated![05:11:15] *** robinho86 has joined #postfix[05:12:13] <pj> ok, awx.io has a proper mx record pointing to mx.awx.io, but mx.awx.io does not have an A record.[05:12:38] <pj> so that's the first thing to fix.[05:12:47] *** edux has quit IRC[05:12:51] <pj> it comes back NXDOMAIN[05:14:11] *** githogori has quit IRC[05:14:12] <Xionkana> My DNS configuration has it, but I only just added it earlier today, so that might just be propagation.[05:14:22] <thumbs> Xionkana: expiration.[05:15:26] <pj> not expiration, the record is not on the authroitative DNS servers.[05:15:59] <pj> Xionkana: it is not being served up by digitalocean's DNS, that is not an expiration issue.[05:16:08] <Xionkana> Hmm...[05:16:43] <pj> double check for typos, etc, in the record you added.[05:17:36] *** spookah has quit IRC[05:17:54] <pj> Xionkana: I found your issue:[05:18:01] <pj> mx.awx.io.awx.io. 1800 IN A 159.203.31.193[05:18:06] <pj> common mistake[05:18:20] <pj> you put in mx.awx.io in the DO form, you should just put "mx"[05:18:27] <Xionkana> Ahhhhhhhhhhhhhh[05:20:34] <Xionkana> Okay, I fixed that.[05:20:45] <Xionkana> Attempting to send an email now.[05:21:13] <pj> still not fixed on the DO serverz[05:21:37] <pj> it might take time for DO themselves to push the changes through.[05:21:51] <Xionkana> ah yeah.[05:22:09] <Xionkana> DO shows the zone file and it still hasn't updated.[05:22:29] <pj> right, so you need to wait for DO to show that they updated the zone.[05:22:50] <Xionkana> Will do.[05:23:15] <pj> not a big fan of DO, btw, they don't know what they're doing, imo.[05:24:11] <Xionkana> I got a bunch of credit for it through the github education pack, so I figured I'd at least use it.[05:24:17] * Xionkana shrugs.[05:24:27] <Xionkana> At the end of the day, I just want a box for docker apps. :)[05:24:30] <pj> ahhh, ok[05:24:36] <pj> uh huh[05:25:13] <Xionkana> If you don't mind me asking, who's your vps provider of choice?[05:25:15] <Xionkana> Linode?[05:25:32] <pj> I do like Linode, but lately I've heard a lot of good things about vultr[05:26:04] *** edux has joined #postfix[05:28:45] *** dstarh has quit IRC[05:29:09] <Xionkana> It seems like DO is forcing me to set the mx record to mx.awx.io[05:29:51] <Xionkana> I changed the MX record to just "0 mx.", and hit save which reloads the page and it goes back to mx.awx.io. >_<[05:30:15] *** edux has quit IRC[05:30:20] <pj> ok, it's the A record that is messed up, the MX record was fine.[05:30:47] <Xionkana> oh?[05:30:57] <pj> [17:18] <pj> mx.awx.io.awx.io. 1800 IN A 159.203.31.193[05:31:06] <pj> that's an A record ^^^^^^[05:31:18] <Xionkana> Hmm.[05:31:31] <Xionkana> Does that A record not need to explicitely defined?[05:31:41] <pj> in DO you have mx.aex.io in the left column[05:31:45] <pj> change it to mx[05:31:52] <pj> no dot in it at all.[05:32:19] <Xionkana> There we go![05:32:23] <Xionkana> The zone file is updated now too.[05:32:40] <pj> yep, correct now[05:36:45] <Xionkana> Okay, I can still send emails through awx.io to my work email.[05:36:58] <Xionkana> Work email -> awx.io still not working, as far as I can see.[05:39:02] <pj> Xionkana: ok, I can connect to your server just fine, so let's do this...[05:39:09] <pj> !tell Xionkana getting_help[05:39:09] <knoba> Xionkana: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[05:40:01] <Xionkana> !relevant_logs[05:40:01] <knoba> Xionkana: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[05:40:26] <Xionkana> !showconfig[05:40:27] <knoba> Xionkana: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[05:44:15] *** edux has joined #postfix[05:46:09] <Xionkana> http://pastebin.com/7jLr5YKs[05:48:18] <pj> Xionkana: I need to see relevant_logs as well, please.[05:48:25] *** edux has quit IRC[05:49:13] <Xionkana> There aren't any relevant logs for when I send an email from my work email to awx.io.[05:49:25] <Xionkana> Postfix doesn't spit anything out to mail.{log,err}[05:49:35] <pj> !nologs[05:49:36] <knoba> pj: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[05:49:57] <pj> also this...[05:50:00] <pj> !debianl_logs[05:50:00] <knoba> pj: Error: "debianl_logs" is not a valid command.[05:50:04] <pj> !debian_logs[05:50:04] <knoba> pj: "debian_logs" : Just to confuse you debian has taken the mail logs and given you the full log (mail.log) as well as splitting them into multiple other logs (mail.info, mail.err). Just look at mail.log and ignore the others.[05:54:24] <pj> Xionkana: when I connected to your server 15 minutes ago, did you see it in the mail.log file? You should have seen a connection and disconnection and possibly something else.[05:54:31] <Xionkana> Yeah, I saw that.[05:54:35] *** MxyzptlkFishStix has quit IRC[05:55:08] <pj> ok, so the logs are certainly working, but you don't see anything from your work.[05:55:16] <pj> in that case, do this...[05:55:20] <pj> !telnet_test[05:55:20] <knoba> pj: Error: "telnet_test" is not a valid command.[05:55:23] <pj> !telnettest[05:55:23] <knoba> pj: Error: "telnettest" is not a valid command.[05:55:28] <pj> !test[05:55:28] <knoba> pj: Error: "test" is not a valid command.[05:55:28] <Jamazia> Your bot is working![05:55:32] <pj> bleh[05:55:38] <pj> !telnet[05:55:39] <knoba> pj: "telnet" : Have you tried to reach your mail server from outside your local network? Try telnet <server> 25 and see if you get Connected to... . See also: http://www.freebsdwiki.net/index.php/SMTP,_testing_via_Telnet[05:55:42] <pj> there we go[05:56:01] <pj> Xionkana: try the instructions in that link ^^^^^[05:56:28] <Xionkana> telnet 25 doesn't work, but telnet 587 does.[05:56:54] <Xionkana> ufw has 25 and 587 unblocked.[05:56:57] <Xionkana> Could DO be blocking it?[05:57:10] <pj> no, I can connect to 25[05:57:15] <pj> your local ISP is blocking it[05:57:24] <Xionkana> Of course. >_>[05:57:24] <pj> !port_25_block[05:57:24] <knoba> pj: "port_25_block" : Many consumer-grade ISPs (and some which claim to be for business, such as Godaddy) block outbound port 25/tcp traffic to prevent abuse from their network. If your ISP does this, you should see the !basic and !relayhost factoids. Or, upgrade to business-class service (or change ISP if you already had it.)[05:57:33] <Xionkana> Bloody canadian ISPs.[05:57:44] <pj> it's a good thing, really[05:58:03] <Xionkana> I suppose.[05:58:14] <pj> you need to test from a server or something that doesn't have outbound 25 blocked.[05:58:16] <Xionkana> Still, annoying for this short-term incredibly specific purpose.[05:59:01] <pj> if you have access to another server or VPS somewhere do the test from that.[05:59:07] <Xionkana> Alright I'll give it a shot. I have another vps to use.[05:59:12] <pj> ok, cool[05:59:36] <thumbs> friends don't let other friends telnet to port 25[05:59:42] <pj> hahaha[06:00:00] <pj> in this case he needs to specifically, he's testing his server's MX capabilities.[06:00:16] <pj> and testing port 587 for MX is pointless.[06:02:25] *** edux has joined #postfix[06:06:52] *** edux has quit IRC[06:13:22] *** MxyzptlkFishStix has joined #postfix[06:14:59] <Xionkana> After a little more tinkering, I sent an email from my work account to awx.io and got this: http://pastebin.com/rYAM8E9i[06:17:09] <Xionkana> And it says I have mail in /var/mail/xionkana[06:17:39] <Xionkana> But checking the email from my iphone (via dovecot) isn't fetching anything at all.[06:17:43] <pj> Xionkana: fix this: Jan 26 22:13:00 andromeda postfix/trivial-rewrite[32097]: warning: do not list domain awx.io in BOTH mydestination and virtual_mailbox_domains[06:18:20] <pj> other than that, yes it worked just fine[06:19:09] <Xionkana> hm, so now it's a dovecot issue?[06:19:57] <pj> Xionkana: probably, it's delivering via local(8).[06:20:16] <pj> so either postfix is not delivering where you want it, or dovecot is looking for it in the wrong place.[06:21:07] <Xionkana> hmm.[06:21:19] *** Batch has quit IRC[06:26:37] <Xionkana> pj: dovecot has files with the email contents in exactly the folders I told it to look in.[06:27:11] <Xionkana> At least, I'm fairly certain that means that postfix<->dovecot is good.[06:27:19] <pj> if the message was delivered where you want and you can't see it via IMAP, then yes, it's a dovecot issue.[06:29:29] <Xionkana> AH. It downloaded![06:29:31] <Xionkana> I got it. :D[06:29:45] <Xionkana> Thanks for the help pj ^_^[06:31:18] <pj> Xionkana: yw :-)[06:31:27] <pj> Xionkana: do fix the warning that I mentioned.[06:31:36] <Xionkana> Already did, haha. :)[06:32:00] <Xionkana> Now I just need to find some method of pushing my dovecot emails to my iphone and I'll be quite happy.[06:32:47] <pj> your iphone should be able to connect via IMAP as well.[06:32:51] <pj> anyways, I have to go[06:33:50] <Xionkana> Ah, okay, cheers![06:33:50] <Xionkana> :)[06:37:54] <skyroveRR> Hey folks.[06:38:52] *** echan has quit IRC[06:41:08] *** Chill_Surf has quit IRC[06:43:25] *** echan has joined #postfix[06:43:47] <skyroveRR> I'm running a statically linked version of postfix 2.10.9 on my raspberry pi. Whenever I restart the postfix daemon, I get erors like these: postfix/local[PID]: warning: /etc/postfix/aliases, line 19: record is in "key: value" format; is this an alias file? " Here's the maillog: http://pktsurf.in/files/maillog.txt ; and here's the aliases file: http://pktsurf.in/files/aliases.txt .. any ideas?[06:44:30] *** Xionkana has quit IRC[06:47:41] *** edux has joined #postfix[06:52:15] *** edux has quit IRC[07:03:48] *** snow_bckspc has quit IRC[07:10:50] *** micah has quit IRC[07:11:44] *** micah has joined #postfix[07:11:44] *** micah has joined #postfix[07:16:46] *** micah has quit IRC[07:17:51] *** snow_bckspc has joined #postfix[07:20:10] *** gu1lle_ has quit IRC[07:20:23] *** TyrfingMjolnir has joined #postfix[07:21:47] *** githogori has joined #postfix[07:22:34] *** micah has joined #postfix[07:22:34] *** micah has joined #postfix[07:26:56] *** joulez has joined #postfix[07:27:37] *** echan has quit IRC[07:28:50] *** joules has quit IRC[07:29:45] *** echan has joined #postfix[07:33:01] *** edux has joined #postfix[07:37:22] *** edux has quit IRC[07:42:17] *** edux has joined #postfix[07:47:06] *** edux has quit IRC[07:51:31] *** edux has joined #postfix[07:56:13] *** edux has quit IRC[07:57:33] *** ws2k3 has quit IRC[07:57:51] *** spookah has joined #postfix[07:59:30] *** carl- has joined #postfix[08:00:30] *** edux has joined #postfix[08:00:51] *** spookah1 has joined #postfix[08:02:34] *** spookah has quit IRC[08:02:40] *** sphenxes01 has quit IRC[08:03:39] *** ws2k3 has joined #postfix[08:05:05] *** edux has quit IRC[08:06:36] *** jakesyl_mobile has quit IRC[08:09:41] *** edux has joined #postfix[08:14:52] *** edux has quit IRC[08:18:54] *** edux has joined #postfix[08:19:14] *** colona_ has joined #postfix[08:20:09] *** setProfile1 has joined #postfix[08:20:53] *** jwing- has joined #postfix[08:21:18] *** colona has quit IRC[08:21:21] *** jwing has quit IRC[08:21:21] *** setProfile has quit IRC[08:21:22] *** setProfile1 is now known as setProfile[08:22:00] *** TAARs has quit IRC[08:23:31] *** edux has quit IRC[08:24:31] <vladkao> skyroveRR: but what does main.cf say about alias_maps?[08:25:07] *** TAARs has joined #postfix[08:26:33] <skyroveRR> vladkao I solved the problem by commenting all the stuff in aliases :)[08:27:15] <skyroveRR> vladkao, "alias_maps = texthash:/etc/postfix/aliases"[08:28:05] <skyroveRR> vladkao , now that it's empty, should I remove alias_maps?[08:32:15] <vladkao> nope[08:32:23] <vladkao> alias_maps = hash:/etc/aliases[08:32:27] <vladkao> alias_database = hash:/etc/aliases[08:32:41] <vladkao> and don't forget to run newaliases after file updates[08:36:42] <skyroveRR> vladkao , I ran postmap /etc/postfix/aliases because newaliases gives me "postalias: fatal: unsupported map type: texthash"[08:37:00] *** osten has quit IRC[08:37:03] *** edux has joined #postfix[08:37:21] <vladkao> well texthash doesn't require postmap[08:38:14] <skyroveRR> Oh, sorry, "postalias /etc/postfix/aliases"[08:38:48] <vladkao> but is the file aliases now empty?[08:38:57] *** robinho86 has joined #postfix[08:41:30] *** edux has quit IRC[08:52:47] *** troulouliou_div2 has joined #postfix[08:54:02] *** jwing- has quit IRC[08:55:14] *** edux has joined #postfix[08:57:59] *** Haudegen has quit IRC[09:00:00] *** edux has quit IRC[09:12:22] *** spookah1 has quit IRC[09:13:21] *** edux has joined #postfix[09:14:44] *** Haudegen has joined #postfix[09:15:13] *** SCHAAP137 has joined #postfix[09:16:20] *** echan has quit IRC[09:17:35] *** edux has quit IRC[09:22:18] *** edux has joined #postfix[09:26:34] *** edux has quit IRC[09:31:22] *** edux has joined #postfix[09:31:25] <skyroveRR> vladkao , yes.[09:35:26] *** edux has quit IRC[09:41:26] <vladkao> skyroveRR: do you need it[09:43:47] <skyroveRR> I don't.[09:43:55] <skyroveRR> I just use virtual aliases in virtual file.[09:44:14] <skyroveRR> It redirects mails destined for "ad*** at domain dot com" to my local user.[09:45:52] *** echan has joined #postfix[09:49:12] *** edux has joined #postfix[09:54:36] *** edux has quit IRC[09:58:38] *** edux has joined #postfix[09:59:57] *** Hoffe has joined #postfix[10:02:59] *** olegfusion has quit IRC[10:03:13] *** edux has quit IRC[10:07:59] *** edux has joined #postfix[10:12:06] *** edux has quit IRC[10:21:10] *** olegfusion has joined #postfix[10:26:05] *** edux has joined #postfix[10:27:52] *** SunGod has quit IRC[10:30:15] *** edux has quit IRC[10:37:22] *** echan has quit IRC[10:40:44] *** echan has joined #postfix[10:44:07] *** edux has joined #postfix[10:46:14] *** echan has quit IRC[10:48:25] *** edux has quit IRC[10:51:32] *** echan has joined #postfix[11:02:04] *** edux has joined #postfix[11:06:32] *** tonythomas has joined #postfix[11:06:44] *** edux has quit IRC[11:11:02] *** PHPanos has joined #postfix[11:20:28] *** edux has joined #postfix[11:25:30] *** edux has quit IRC[11:29:35] *** edux has joined #postfix[11:34:05] *** edux has quit IRC[11:36:35] *** ugjka has quit IRC[11:37:03] *** ugjka has joined #postfix[11:38:49] *** argonius_ has left #postfix[11:38:49] *** edux has joined #postfix[11:43:05] *** edux has quit IRC[11:52:15] *** robinho86 has quit IRC[11:53:28] *** robinho86 has joined #postfix[11:56:23] *** robinho86 has joined #postfix[11:56:56] *** robinho86 has quit IRC[11:57:42] *** robinho86 has joined #postfix[12:03:26] *** robinho86 has quit IRC[12:15:01] *** iGeni has quit IRC[12:20:45] *** kkwet_ has joined #postfix[12:21:35] *** xMopxShell has quit IRC[12:22:37] *** kkwet has quit IRC[12:23:08] *** chabibi has quit IRC[12:23:09] *** tabakhase has quit IRC[12:23:54] *** setProfile has quit IRC[12:28:28] *** tabakhase has joined #postfix[12:28:29] *** xMopxShell has joined #postfix[12:28:43] *** chabibi has joined #postfix[12:33:25] *** edux has joined #postfix[12:34:52] *** pti-jean_ has joined #postfix[12:37:26] *** edux has quit IRC[12:42:15] *** edux has joined #postfix[12:42:15] *** Haudegen has quit IRC[12:42:53] *** ugjka has quit IRC[12:46:02] *** ugjka has joined #postfix[12:46:26] *** edux has quit IRC[12:50:46] *** lucascastro has joined #postfix[12:51:31] *** edux has joined #postfix[12:55:44] *** robinho86 has joined #postfix[12:56:11] *** tree333 has joined #postfix[12:56:26] *** robinho86 has quit IRC[12:56:32] *** edux has quit IRC[13:00:05] *** Haudegen has joined #postfix[13:02:04] *** edux has joined #postfix[13:14:04] *** echan has quit IRC[13:21:23] *** ratatine has quit IRC[13:23:15] *** Aprogas has quit IRC[13:25:53] *** Section1 has joined #postfix[13:31:08] *** infides has joined #postfix[13:34:43] *** spm_draget has joined #postfix[13:35:04] <spm_draget> Does postfix 2.11.3 support encrypted certificates?[13:40:10] <tuxick> mu[13:40:26] <tuxick> what do you mean?[13:41:01] <Hoffe> spm_draget, you mean password protected certificates?[13:41:09] <spm_draget> Yep[13:41:24] <tuxick> oh i hate those :)[13:41:24] <spm_draget> With querying password from a script for example[13:43:04] <tuxick> what's the point?[13:43:08] <Hoffe> I believe the usual approach is the software having to know the cleartext password, and stores it in memory as long as the process runs. Fetching it from a script/external file is (arguable) not a pretty software design[13:43:49] <Hoffe> that being said, I've never worked with password protected certificates neither in mail or webservers - to quote tuxick "I hate those :)"[13:44:19] <tuxick> people end up wrapping it in a script so things boot up[13:44:29] <tuxick> so you're not protecting anything[13:44:42] <Hoffe> password protected certificates for server applications are meaningless, since the password has to be stored somewhere in cleartext on the server... It's useful for exchanging certificates between human beings etc.[13:44:57] <tuxick> thank bob you can disable/remove password from certs[13:45:21] <tuxick> Hoffe: wrap it in pgp :)[13:46:34] *** Aprogas has joined #postfix[13:47:17] <Hoffe> tuxick: Yep! But some government websites still roll file-based certificates for auth, not to mention digital signing of e-mail in Outlook for example..[13:47:55] <tuxick> so?[13:48:03] <tuxick> oh[13:48:35] <tuxick> ok, well in my experience goverment stuff = waay overpriced windows shit implemented by near-criminal con sultans[13:48:52] <Hoffe> mmmm... sultans![13:48:59] <tuxick> so that's no excuse for password protecting your certs[13:49:25] <Hoffe> spm_draget, in short you will have to remove the password protection to use it with postfix.. everything else will overcomplicate your setup![13:49:39] <tuxick> indeed[13:49:48] <tuxick> removing is trivial but got to run now[13:49:52] <spm_draget> I am happily using password-protected certs for all other services (webserver, dovecot etc.)[13:50:11] <spm_draget> So I assume the sad answer is: No, it still does not support encrypted certificates.[13:52:37] <tuxick> well i've had cases where for whatever reasons hoster rebooted vms[13:52:44] <tuxick> ending up in dead services[13:53:14] <tuxick> unless you're willing to type pass on every boot, just remove this 'protection'[13:54:26] *** jakesyl_mobile has joined #postfix[14:06:46] *** synthroid has joined #postfix[14:07:11] *** junixbr has joined #postfix[14:21:45] <junixbr> hi there[14:23:03] *** aegis- has quit IRC[14:25:57] <junixbr> I'm trying to test a policy service here, I have the fields to test, but I don't know how to pass it by telnet[14:26:11] <junixbr> according pdp protocol: http://dpaste.com/1FPTGKK[14:26:48] <junixbr> I'm trying to send just a line in this way: smtpd_access_policy RCPT ESMTP 127.0.0.1 localhost server.anotherdomain.com sender at anotherdomain dot com recipient at mydomain dot com 99C1124048D 30d5.434d7ec2.0 0[14:27:22] <junixbr> is not working[14:29:15] <Zerberus> because you don't understand how it works[14:29:28] *** Guest96344 has joined #postfix[14:30:05] <Zerberus> connection parameters are taken from the connection, for instance the client_address - you don't feed these things through SMTP[14:31:12] <junixbr> Zerberus: it is a policy service[14:31:37] <junixbr> I need to know the client_address[14:32:51] <junixbr> it is to verify some information about the message a take some decisions[14:32:55] *** noc0lour has quit IRC[14:33:16] *** noc0lour has joined #postfix[14:33:21] <Zerberus> junixbr: if you want client_address to be 127.0.0.1 then connect with your client on localhost[14:34:12] <junixbr> 127.0.0.1 is only a test =)[14:34:42] <junixbr> my doubt is how to pass this fields in a telnet test[14:35:02] <Zerberus> you don't - what is so hard to understand?[14:35:29] <junixbr> ok, Zerberus[14:35:32] <junixbr> thank you[14:51:31] <spm_draget> tuxick: That is why you could supply the password by an external script. That could get it from a non-local resource.[14:52:21] <spm_draget> And if an attacker grabs the privates keys without root access, a locally saved plain PW would still help.[14:53:29] *** robinho86 has joined #postfix[14:53:44] *** robinho86 has quit IRC[14:55:35] *** _ruben has quit IRC[14:56:13] <rob0> Postfix does not support password-protected certificates, that is correct. If a feature is not listed in TLS_README, Postfix does not have it.[14:56:21] *** sphenxes01 has joined #postfix[14:56:21] <tuxick> spm_draget: means password in plain text[14:56:29] <tuxick> ending the reason for it to exist at all[14:56:48] <tuxick> publish it on facebook while at it[14:57:44] <spm_draget> No need to be sarcastic.[14:58:54] *** robinho86 has joined #postfix[14:58:59] *** robinho86 has quit IRC[14:59:00] <tuxick> trying to prove a point[14:59:23] *** dstarh has joined #postfix[14:59:41] *** robinho86 has joined #postfix[14:59:48] *** robinho86 has quit IRC[14:59:55] *** sphenxes has quit IRC[15:00:00] <spm_draget> A script providing the password can fix some attack scenarios. If you fail to see that, then please stop being hostile towards people asking a simple quesiton. A simple 'No, not supported' would have been sufficient[15:02:39] <rob0> huh?[15:03:05] *** hjb has joined #postfix[15:03:30] <rob0> Stop bringing your emotions into this. A simple fact has been stated, you call that "hostile"?[15:04:15] <rob0> oh, you mean tuxick and facebook.[15:04:20] * spm_draget nods[15:04:47] <spm_draget> Your answer was clear and helpful, thanks rob0 =)[15:04:53] <rob0> Anyway tuxick has a point too, that any automated process which can access an encrypted certificate is a potential weakness.[15:05:25] <rob0> (which is probably why Wietse & Viktor decided against such a feature in Postfix.)[15:06:23] <rob0> You're welcome to bring it up on the mailing list, as it has come up before.[15:07:27] <spm_draget> Nah, I read the older discussions.[15:08:12] <spm_draget> The only *remote* chance to bring it up would be a history of reputation plus a ready patchset that implements it. Cannot provide that. Thought I'd just ask. :)[15:09:07] <rob0> oh, Wietse doesn't mind the coding, but if you can provide a strong argument and a *documentation* patch, he will listen.[15:09:07] *** edux has quit IRC[15:10:39] *** edux has joined #postfix[15:11:51] *** FinboySlick has joined #postfix[15:20:47] *** lucascastro has quit IRC[15:29:38] *** lucascastro has joined #postfix[15:33:17] *** Chill_Surf has joined #postfix[15:39:39] *** _ruben has joined #postfix[15:54:23] *** spm_draget has left #postfix[15:54:26] *** lucascastro has quit IRC[15:57:09] *** dml337ira has joined #postfix[16:00:50] *** Mizar has joined #postfix[16:02:26] *** Mizar has left #postfix[16:20:38] *** Hoffe has quit IRC[16:21:13] *** Hoffe has joined #postfix[16:23:42] *** DefunctProcessZZ is now known as DefunctProcess[16:30:26] *** hjb has quit IRC[16:37:32] *** trepatud- has quit IRC[16:42:24] *** ronaldo has joined #postfix[16:42:37] *** pti-jean_ has quit IRC[16:43:27] *** pti-jean__ has joined #postfix[16:45:11] *** iGeni has joined #postfix[16:45:58] *** trepatudo has joined #postfix[16:46:36] *** jakesyl_mobile has quit IRC[16:51:16] *** synthroid has quit IRC[16:53:11] *** ratatine has joined #postfix[16:56:35] *** carl- has quit IRC[17:00:07] *** synthroid has joined #postfix[17:00:43] *** Jonukas has joined #postfix[17:04:37] *** synthroid has quit IRC[17:06:41] *** _0x5eb_ has quit IRC[17:09:35] *** _0x5eb_ has joined #postfix[17:16:09] *** Hoffe has quit IRC[17:21:15] *** chris| has quit IRC[17:21:51] *** synthroid has joined #postfix[17:22:15] *** kokel has quit IRC[17:22:34] *** Moult has quit IRC[17:23:28] *** chris| has joined #postfix[17:23:32] *** javak has quit IRC[17:23:46] *** damyan^ has quit IRC[17:24:02] *** kokel has joined #postfix[17:24:32] *** likewhoa has quit IRC[17:24:39] *** likewhoa- has joined #postfix[17:24:43] *** PaulePanter has quit IRC[17:24:59] *** amospalla has quit IRC[17:26:35] *** synthroid has quit IRC[17:26:41] *** Moult has joined #postfix[17:27:51] *** amospalla has joined #postfix[17:29:16] *** trepatudo has quit IRC[17:30:15] *** PaulePanter has joined #postfix[17:30:47] *** SCHAAP137 has quit IRC[17:35:52] *** trepatudo has joined #postfix[17:37:07] *** javak has joined #postfix[17:39:01] *** edux has quit IRC[17:41:12] *** Bombo has joined #postfix[17:41:15] <Bombo> hi[17:41:18] *** PHPanos has quit IRC[17:42:36] <Bombo> i got a catchall virtual entry ' at foo dot de bombo at foo dot de' can i exclude certain usernames? like getslottaspam at foo dot de?[17:43:16] <lunaphyte> catchalls are a no no. don't use them.[17:43:25] *** gu1lle_ has joined #postfix[17:43:36] *** synthroid has joined #postfix[17:43:59] *** PHPanos has joined #postfix[17:44:18] <Bombo> no?[17:44:31] <tuxick> unless you can sell the domain name to a russian spammer[17:44:35] <tuxick> they love those[17:44:41] *** junixbr has quit IRC[17:44:52] <tuxick> "i sent 50.000 mail da? you pay, da?"[17:45:10] *** ag4ve has quit IRC[17:45:11] * Bombo got $.$ in his eyes[17:45:23] <tuxick> ;p[17:45:36] <lunaphyte> oh. if you're a spammer, then you probably like catchalls, yeah.[17:46:44] <Bombo> i just want to make it easy for a user to set up more aliases for his domain...[17:47:31] <lunaphyte> any desired addresses can be easily added[17:47:40] <Bombo> maybe i'll do a php script that modifies the virtual file...[17:48:15] *** PHPanos has quit IRC[17:48:20] *** synthroid has quit IRC[17:50:09] <Bombo> that calls a bash script with root privs that takes anything as user@ arg ;)[17:50:50] *** damyan^ has joined #postfix[17:53:16] *** yrter has joined #postfix[17:56:02] *** likewhoa- has quit IRC[17:56:24] *** likewhoa has joined #postfix[17:57:25] <rob0> !tell Bombo check_recipient_access[17:57:25] <knoba> Bombo: "check_recipient_access" : Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.[17:57:32] <rob0> !tell Bombo policy[17:57:32] <knoba> Bombo: "policy" : Postfix smtpd(8) policy protocol, http://www.postfix.org/SMTPD_POLICY_README.html , for complex and intelligent restrictions[17:57:55] <rob0> Both are better ways to deal with this problem. But indeed, a catchall is a bad idea.[17:58:48] *** ronaldo has quit IRC[18:00:32] *** synthroid has joined #postfix[18:05:44] *** spookah has joined #postfix[18:23:58] <Bombo> rob0: ok thx *read*[18:27:07] *** hjb has joined #postfix[18:27:27] <tuxick> i've only done user definable aliases with ldap[18:27:43] <tuxick> via squirrelmail/roundcube plugin[18:30:31] *** synthroid has quit IRC[18:39:30] *** Guest96344 has quit IRC[18:40:08] *** spookah1 has joined #postfix[18:42:33] *** spookah has quit IRC[18:42:43] *** edux has joined #postfix[18:48:46] *** lucascastro has joined #postfix[18:48:53] *** synthroid has joined #postfix[18:49:44] *** v1c3 has joined #postfix[18:50:06] *** Haudegen has quit IRC[18:52:27] *** Guest93293 has joined #postfix[18:53:30] *** synthroid has quit IRC[19:03:49] *** skyroveRR has quit IRC[19:08:19] *** Haudegen has joined #postfix[19:08:20] *** limon has joined #postfix[19:09:13] <limon> Hello all, I have a duplicate mail problem with Postfix. I'm forwarding my mails from Gmail to my own server. Each mail gets duplicated in the Postfix. Is there any way to fix this?[19:10:37] *** synthroid has joined #postfix[19:14:46] *** synthroid has quit IRC[19:17:57] *** troulouliou_div2 has quit IRC[19:22:27] *** edux has quit IRC[19:32:24] *** synthroid has joined #postfix[19:32:50] *** spookah1 has left #postfix[19:33:01] *** spookah has joined #postfix[19:33:21] <spookah> !blackhole[19:33:22] <knoba> spookah: "blackhole" : http://archives.neohapsis.com/archives/postfix/2010-04/0168.html[19:34:23] <spookah> this article has a bunch of @ sign images.. silly question.. but those images should be replaced with the text version of the @ sign, right?[19:37:24] *** synthroid has quit IRC[19:41:06] <rob0> Neohapsis does that to inhibit email address harvesting. Other archives might do it differently.[19:54:07] *** synthroid has joined #postfix[19:54:20] *** ktosiek is now known as ja_chce_jeszcze_[19:54:37] *** ja_chce_jeszcze_ is now known as ktosiek[19:55:11] *** misterjack has quit IRC[19:57:29] *** misterjack has joined #postfix[19:58:40] *** synthroid has quit IRC[20:02:23] *** Section1 has quit IRC[20:15:48] *** synthroid has joined #postfix[20:20:26] *** synthroid has quit IRC[20:20:45] *** joules has joined #postfix[20:23:36] *** joulez has quit IRC[20:27:44] *** edux has joined #postfix[20:28:29] *** TyrfingM2olnir has joined #postfix[20:28:32] *** TyrfingM2olnir has quit IRC[20:29:04] *** TyrfingM2olnir has joined #postfix[20:29:05] *** TyrfingM2olnir has quit IRC[20:29:19] *** TyrfingM1olnir has quit IRC[20:29:24] *** TyrfingMjolnir has quit IRC[20:30:12] *** TyrfingMjolnir has joined #postfix[20:30:33] *** Psi-Jack has quit IRC[20:33:35] *** Psi-Jack has joined #postfix[20:37:33] *** synthroid has joined #postfix[20:38:32] *** sphenxes has joined #postfix[20:42:34] *** synthroid has quit IRC[20:59:18] *** synthroid has joined #postfix[21:03:09] *** gu1lle_ has quit IRC[21:03:55] *** Guest93293 has quit IRC[21:04:22] *** synthroid has quit IRC[21:05:58] *** blerp has joined #postfix[21:08:55] *** sphenxes02 has joined #postfix[21:14:52] *** andry has quit IRC[21:18:16] <MACscr|lappy> what do variables like so do in main.cf? postscreen_dnsbl_threshold = ${stress?1}${stress:7}[21:19:50] <rob0> !stress[21:19:51] <knoba> rob0: "stress" : Postfix stress features: http://www.postfix.org/STRESS_README.html[21:20:53] *** Hoffe has joined #postfix[21:21:02] *** synthroid has joined #postfix[21:21:04] *** Guest61696 has joined #postfix[21:25:26] *** synthroid has quit IRC[21:42:46] *** synthroid has joined #postfix[21:43:38] *** pti-jean__ has quit IRC[21:45:35] *** lucascastro has quit IRC[21:47:26] *** synthroid has quit IRC[21:48:51] *** Amkei has joined #postfix[21:57:48] *** infides has quit IRC[21:59:51] *** synthroid has joined #postfix[22:00:15] *** JDay has joined #postfix[22:04:02] *** synthroid has quit IRC[22:04:29] *** synthroid has joined #postfix[22:05:52] *** edux has quit IRC[22:05:57] *** rsx has joined #postfix[22:06:29] *** JDay_ has joined #postfix[22:08:49] *** synthroid has quit IRC[22:09:28] *** JDay has quit IRC[22:09:31] *** edux has joined #postfix[22:11:49] *** JDay_ has quit IRC[22:12:17] *** JDay has joined #postfix[22:12:29] <JDay> We are encountering a strange problem with Postfix that we are hoping someone here can enlighten us with:[22:13:09] <JDay> our server, when sending to, for example @hotmail.com... will reach out to free.fr for delivery.[22:13:33] <Dominian> need to see your config[22:13:34] <JDay> here is a snippet from logs:[22:13:35] <Dominian> see /topic[22:13:58] <rob0> I'm betting you didn't set it up, you're taking over from someone else?[22:14:09] <JDay> : /topic returns We are encountering a strange problem with Postfix that we are hoping someone here can enlighten us with:[22:14:11] <Dominian> rob0++[22:14:21] <Dominian> er.. what?[22:14:33] <Zerberus> !tell JDay getting_help[22:14:34] <knoba> JDay: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:14:34] <JDay> oops sorry[22:15:02] <Dominian> heh[22:15:02] <JDay> : /topic returns : [14:13] Insufficient arguments for command.[22:15:24] <Dominian> JDay: See !getting_help and provide a pastebin URL of !relevant_logs and !showconfig[22:15:27] <Dominian> before asking questions / check your logs / know your unix basics[22:15:32] <rob0> ^^ see !getting_help and answer my question?[22:15:44] <JDay> !getting_help[22:15:45] <knoba> JDay: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:17:05] *** ag4ve_ has joined #postfix[22:18:04] <JDay> I type /topic and IRC tells me [14:13] Insufficient arguments for command.[22:18:32] <rob0> Dominian already gave you what you needed from the /topic[22:19:06] <JDay> I type "/topic !getting_help" and I get [14:15] == You're not a channel operator: #postfix[22:19:16] <thumbs> JDay: don't do that[22:19:23] <peb`> !getting_help[22:19:24] <knoba> peb`: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:19:40] <thumbs> JDay: your IRC client seems to be broken. Try /topic #postfix or /msg ChanServ info #postfix[22:19:58] <peb`> or just /topic[22:20:08] <peb`> oh[22:20:16] <thumbs> peb`: his client seems broken - that fails for him[22:20:16] <Zerberus> thumbs: he is using the freenode webinterface[22:20:25] <peb`> thumbs: it's qwebirc[22:20:29] <peb`> that's why[22:20:31] <thumbs> yeah, so broken[22:20:36] <peb`> unfortunately[22:20:40] <JDay> ok, I'll find another client. Thanks guys.[22:21:07] <Zerberus> !relayhost[22:21:08] <knoba> Zerberus: "relayhost" : a configuration parameter in the main.cf: The default host to send non-local mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination. If your relay host requires authentication see the !saslclient channel factoid.[22:21:49] *** camroncade has joined #postfix[22:22:19] <peb`> JDay: you might be interested in weechat or pidgin[22:22:33] <peb`> depending on if your prefer command-line irc client or gui[22:26:01] *** rsx has quit IRC[22:26:16] *** synthroid has joined #postfix[22:28:19] *** KaiForce has joined #postfix[22:28:43] <KellerFuchs> peb`: I doubt anyone prefers security-nightmare libpurple :([22:29:36] <peb`> KellerFuchs: I bet you're not that right :)[22:29:46] <peb`> but of course, there is alternatives[22:29:56] <peb`> XChat as for an example[22:30:01] <peb`> s/is/are/[22:30:26] *** synthroid has quit IRC[22:30:47] <KellerFuchs> s/as //[22:31:10] <peb`> :o)[22:31:20] <KellerFuchs> peb`: I know I'm not right, hence the sadface[22:31:28] *** infides has joined #postfix[22:31:43] <KellerFuchs> Ok, that wasn't very explicit I guess[22:33:14] *** tissuesamples has joined #postfix[22:34:46] *** Slackology has quit IRC[22:37:33] *** tonythomas has quit IRC[22:41:52] *** JCDay has joined #postfix[22:42:04] *** JCDay has left #postfix[22:43:36] *** v1c3 has quit IRC[22:44:41] *** JCDay has joined #postfix[22:45:12] *** JDay has quit IRC[22:45:25] <JCDay> !welcome[22:45:25] <knoba> JCDay: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![22:45:51] <JCDay> !getting_help[22:45:51] <knoba> JCDay: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:46:21] <JCDay> !showconfig[22:46:21] <knoba> JCDay: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[22:47:37] *** Slackology has joined #postfix[22:47:59] *** synthroid has joined #postfix[22:49:03] <JCDay> !relevant_logs[22:49:03] <knoba> JCDay: "relevant_logs" : Relevant logs are mail.* syslog Postfix logs (NOT verbose, see !verbose) which show the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log might not do. IMAP/POP3 daemons and external delivery agents typically log to the same facility (mail); those are usually not relevant here.[22:49:57] <tissuesamples> Hi. Is there any easy way to implement smtp relaying based on spf records? I need a single IP address as a mail source and Gmail's IP address range is large and can change at any time.[22:51:13] <JCDay> Ok guys, back again, and this time better equipped... http://pastebin.com/pVCN00db ...why is mx2.free.fr being hit?!?[22:52:15] *** synthroid has quit IRC[22:53:13] <Hoffe> JCDay, which DNS servers are your server doing lookups to?[22:53:26] <JCDay> 8.8.8.8[22:53:33] <Dominian> I don't think that's the problem.[22:53:38] <JCDay> We thought the same thing... and changed to 8.8.8.8[22:55:07] <Dominian> DNS wouldn't cause that sort of oddity unless hotmail.com suddenly is using mx2.free.fr as a relayhost[22:55:45] *** edux__ has joined #postfix[22:55:46] <Hoffe> ..or someone was performing a man-in-the-middle DNS trick[22:55:51] <Dominian> one thing in that obfuscated log I see...[22:55:52] <JCDay> We're seeing this with @hotmail and @gmail. It is sporadic... happens a dozen times per day out of ~15k emails.[22:56:01] <Dominian> is that hotmail.com address is bouncign because it dies't exist[22:56:11] <JCDay> I can bring up others...[22:56:18] <JCDay> Mailbox full, etc.[22:56:23] <Dominian> Well, the fact you're obfuscating th elogs makes it diffcitult[22:56:38] <JCDay> I can unobfusciate it.[22:57:02] <JCDay> just a practice around here... but nothing scary, so here goes...[22:57:18] <rob0> I think something else has changed since these hotmail addresses were queued. Was transport_maps set?[22:57:20] <Dominian> one thing I don't see is smtpd_recipient_restrictions[22:57:41] <Dominian> Do your clients relay mail through this host?[22:57:49] <Dominian> and yes transport_maps might be part of it[22:57:57] <JCDay> yes it is our DKIM signing rig for outbound.[22:58:15] <JCDay> building pastebin[22:58:49] <JCDay> adding more log samples[22:58:56] *** edux has quit IRC[22:59:03] <Hoffe> Looks like mail with queue ID 4D58E123319 is a DSN to the user you're relaying the mail for - is that plausible? Perhabs you could grep logs for 4D58E123319 ? :)[23:01:18] <JCDay> http://pastebin.com/CBNGSsVH[23:01:58] <Dominian> Looks like someone might be using you as a spam relay[23:02:07] <JCDay> those are ours.[23:02:16] <JCDay> I recognize the from[23:03:15] <JCDay> We send contact registrations for our service... when someone signs up... but often these are badd addresses. This is our vetting process to add user accounts to our service.[23:03:49] <JCDay> If they bounce, they go to that from:[23:05:46] <JCDay> this server is outbound only. Handles our DKIM signing. Hence the possible omission of smtpd_recipient_restrictions.[23:06:30] *** KaiForce has quit IRC[23:07:47] <JCDay> if this machine is being used as a spam relay, they are getting past our IPTABLES and a server whitelist.[23:08:11] <JCDay> but I recognize these emails as our own.[23:08:49] <Hoffe> JCDay, have you grepped the entire conversation for 4D58E123319 in the log, or just yanked out relevant parts? in other words, could any lines be missing? Just checking...[23:09:43] <Hoffe> also, any funky stuff happening in /etc/aliases ? not seeing any orig_to rewriting though..[23:10:29] <JCDay> that is a complete transaction. They come from an AWS compute machine to listserver then out.[23:10:54] <JCDay> I can unpack gzip logs and grep further...[23:11:29] <Hoffe> no it's okay, just making sure you weren't just picking out lines from the conversation[23:12:05] <JCDay> I was running cat /var/log/mail.log* | grep 60D47124A90[23:12:23] <JCDay> etc.[23:12:45] <JCDay> looking at aliases[23:13:17] <JCDay> postmaster: root[23:13:19] <JCDay> EOF[23:13:46] <Hoffe> as expected[23:14:20] <JCDay> Stumper here, huh?... We've had 3 sysadmins scratching their heads at this one.[23:14:33] <Hoffe> hehe, yeah.. very simple conf[23:14:38] <JCDay> right[23:14:42] <JCDay> almost vanilla[23:15:16] <Hoffe> I would do some debug logging, to check out which steps are taking to determine that free.fr domain[23:15:28] <Hoffe> Can you reproduce the scenario, or does it happen randomly?[23:15:34] <JCDay> randomly[23:15:40] <Hoffe> but a few times a day?[23:15:55] <JCDay> would have to run debug all day... logs would blossom to something hideous.[23:16:29] <JCDay> if needed, though... we can do that.[23:16:59] <JCDay> correct... about a dozen per day[23:17:19] <Hoffe> it usually gives a clue where to look for the problem[23:17:21] <JCDay> enough to make free.fr hate us.[23:17:26] <Hoffe> hehe[23:17:36] <Hoffe> is it ALWAYS free.fr, not any other random domains?[23:17:46] *** Jonukas has quit IRC[23:18:23] <JCDay> it's been the one to complain. This wasn't an easy pattern in the logs to identify with a grep :p[23:19:34] <JCDay> Maybe we can figure something out amongst our infra guys... perhaps there is a clue there if other domains are hit.[23:20:17] <JCDay> I'll suggest to them to enable debug. We'll have to check for drive space... heh.[23:20:41] <Hoffe> you could do something like debug_peer_list = free.fr[23:21:25] <Hoffe> ...if free.fr is a frequent domain showing up in your logs[23:21:57] <JCDay> frequent enough for them to blacklist us. :p[23:22:03] <JCDay> Thanks for the ideas guys.[23:22:05] <Hoffe> bastards xD[23:22:55] <JCDay> We've got kids and parents in free.fr that we can't get support tickets to. Been a real bother.[23:23:00] <Hoffe> no problem! hope you find the problem![23:23:14] *** infides has quit IRC[23:33:42] *** dml337ira has quit IRC[23:36:46] *** sawtooth has quit IRC[23:38:12] *** camroncade has quit IRC[23:38:18] *** sawtooth has joined #postfix[23:43:14] *** dstarh has quit IRC[23:45:41] *** Amkei has quit IRC[23:55:04] *** tissuesamples has quit IRC[23:57:20] *** FinboySlick has quit IRC[23:59:27] *** echan has joined #postfix