January 29, 2016 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 29, 2016 [00:07:05] *** marigeo has quit IRC[00:16:35] *** ag4ve has joined #postfix[00:16:48] *** Redmancometh has joined #postfix[00:17:44] *** v1c3 has joined #postfix[00:18:35] <Redmancometh> Hey does anyone know how I would accept mail from any domain on postfix?[00:19:23] *** FinboySlick has quit IRC[00:19:30] *** DefunctProcess is now known as DefunctProcessZZ[00:20:05] *** v1c3_ has quit IRC[00:20:33] <tharkun> !tell Redmancometh basic[00:20:33] <knoba> Redmancometh: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[00:21:54] <Redmancometh> Ah okay[00:26:15] <Redmancometh> Thanks :p[00:26:58] <Redmancometh> Uh I'm looking at the receive emails section and it mentions nothing about wildcards for the domain..simply how to receive from one or multiple domains[00:27:13] <Redmancometh> I'm trying to enable the ability to create MX records from freeDNS and receive them on my box[00:28:14] *** muh2000 has quit IRC[00:33:37] *** muh2000 has joined #postfix[00:36:32] *** setProfile has joined #postfix[00:40:00] *** riv has joined #postfix[00:40:03] <tharkun> Redmancometh: clarify this please "wildcards for the domain".[00:40:43] <Redmancometh> So like I want my server to accept mail for any user on any domain, period[00:40:46] <Redmancometh> Like just *@*[00:41:22] <tharkun> Redmancometh: Ok, I thought I understood that. Does it make sense to you what you are saying?[00:42:10] <Redmancometh> Okay if I create an MX record at any domain at say freeDNS (mail.crabdance.com, mail.3dfx.com, mail.xxx.xxx) and point it at my box[00:42:14] <Redmancometh> I want it to receive the mail[00:42:59] <tharkun> Nice, you are beginning to get the idea. What if I post on some other dns an mx record pointing to your server. What do you plan to do?[00:43:19] *** puzzled has quit IRC[00:43:48] <thumbs> tharkun: forward it to rob0's server.[00:45:58] *** lucascastro has joined #postfix[00:47:20] <guampa> i think i[00:47:45] <guampa> i think i've found an error in the man for cidr_table[00:48:56] <pj> guampa: do share.[00:49:43] <guampa> it shows an example with a result of "OK" for whitelisting, I'm using a cidr map for postscreen whitelisting[00:50:19] <guampa> here's what i get if i put an "OK" result: postfix/postscreen[50306]: warning: cidr:/etc/postfix/maps/cidr_access.cidr: unknown command: OK -- ignoring the remainder of this access[00:50:19] <guampa> list[00:50:50] <guampa> it works with a result of "PERMIT" however, but i couldn't find where is "PERMIT" a valid result[00:51:08] <guampa> it doesn't show up in man 5 access[00:51:15] <pj> guampa: right, cidr_tables are used for a lot more than postscreen whitelisting.[00:51:22] <pj> the example is correct for some applications.[00:51:48] <guampa> can you point me on how can i learn the logic?[00:51:59] <pj> guampa: what setting are you using it for?[00:54:14] <guampa> well, now I guess it may be wrong, I'm using it both for postscreen_access_list and for check_client_access in the smtpd restrictions[00:55:00] <pj> yeah, you can't use the same table for both because they are expected to have different responses.[00:55:07] <pj> !postconf_5[00:55:07] <knoba> pj: "postconf_5" : All possible postconf(5) settings are documented in the manual: use man 5 postconf, or visit http://www.postfix.org/postconf.5.html[00:55:17] <pj> guampa: look up those two settings here ^^^^[00:56:59] <Redmancometh> "[17:43] <tharkun> Nice, you are beginning to get the idea. What if I post on some other dns an mx record pointing to your server. What do you plan to do?" Accept it, I'm using dispoable vultr boxes[00:57:13] <Redmancometh> So resource exhaustion is a non-issue[00:59:04] <guampa> pj: i get the hang of it, so *_table don't really define anything about the results, it depends on what you use them for[00:59:13] <pj> right[00:59:27] <guampa> a pity that i have to whitelist twice[00:59:30] <pj> they just tell the different properties of the different db types[00:59:32] <pj> !database[00:59:32] <knoba> pj: "database" : http://www.postfix.org/DATABASE_README.html provides an overview of how Postfix lookup tables work, and the various types that are implemented.[00:59:38] <pj> guampa: ^^^^^[01:00:06] <pj> that's an overview, the *_table man pages are detailed explanations of each.[01:00:37] <pj> but it's all in the form of, feed it a key and get a response based on that key.[01:01:35] <guampa> maybe i should script the explicit whitelisting/blacklisting so i can have the rules in one place and from there i update the many tables[01:02:01] <guampa> they will be two for now, one for postscreen and one for smtpd[01:03:25] <guampa> thanks pj, reading now[01:05:05] *** wdp has quit IRC[01:05:20] <lunaphyte> the documentation for postscreen_access_list is interesting[01:05:34] <lunaphyte> i think i may agree that it is somewhat unclear[01:06:07] <pj> yeah, it is.[01:06:17] <pj> I had to read it a couple of times to get it.[01:06:26] <lunaphyte> "Specify a comma- or whitespace-separated list of commands (in upper or lower case) or lookup tables"[01:06:40] <lunaphyte> what is a "command", exactly?[01:06:50] <pj> well it goes on to define a command[01:07:10] <pj> but it's not explicit that the lookup table results should also be commands.[01:07:23] <lunaphyte> where is it indicated that what follows are commands?[01:07:51] <pj> oh, you're right it's not.[01:08:07] <pj> it's implied, but it coulde be made clearer with one added line.[01:08:20] <lunaphyte> permit_mynetworks could be called a command, i would say, and type:table is not a command, since it says "commands or lookup tables"[01:08:30] <lunaphyte> but are permit reject dunno commands?[01:08:55] <pj> yes[01:09:04] <lunaphyte> it seems to indirectly indicate they are, given "All postscreen(8) access lists implicitly have this command at the end" reference to dunno.[01:09:04] <pj> but again, it's not clear.[01:09:46] <pj> so post to the ml, see if weitse will fix it up.[01:10:28] *** Redmancometh has quit IRC[01:12:07] <lunaphyte> that would be premature[01:12:31] <lunaphyte> i haven't exhaustively tried to parse it yet :)[01:13:28] <lunaphyte> for example, why would someone just list the literal commands?[01:13:36] <lunaphyte> e.g. postscreen_access_list = accept[01:13:47] <lunaphyte> what would be the point of that?[01:14:20] *** gamba47 has quit IRC[01:16:09] *** gamba47 has joined #postfix[01:26:12] *** tree333 has quit IRC[01:26:47] *** caitnop has joined #postfix[01:29:40] *** caitnop has quit IRC[01:30:19] *** caitnop has joined #postfix[02:30:19] *** blerpity has joined #postfix[02:33:32] *** blerp has quit IRC[02:40:26] *** edux has quit IRC[02:48:11] *** edux has joined #postfix[02:53:35] *** edux has quit IRC[03:05:57] *** jwing has joined #postfix[03:08:01] *** donmichelangelo has joined #postfix[03:10:55] *** michelangelo has quit IRC[03:18:51] *** err-or_ has joined #postfix[03:22:56] *** err-or has quit IRC[03:27:16] *** riv has left #postfix[03:38:14] *** githogori has quit IRC[03:39:38] *** Columbo0815 has joined #postfix[03:48:41] *** ovrstorm has quit IRC[03:52:12] *** ovrstorm has joined #postfix[04:11:41] *** dstarh has joined #postfix[04:13:35] *** v1c3_ has joined #postfix[04:16:06] *** v1c3 has quit IRC[04:31:37] *** chachasmooth has quit IRC[04:35:10] *** chachasmooth has joined #postfix[04:52:49] *** showaz has joined #postfix[04:57:05] *** v1c3_ has quit IRC[04:58:08] *** v1c3 has joined #postfix[05:02:40] *** v1c3 has quit IRC[05:30:45] *** Columbo0815 has quit IRC[05:37:09] <setProfile> Good day all. I work for the _fictitious_ Yoyodyne Mail Solutions as a new mail admin. Now I face this problem (a _real_ problem for me, that is): https://paste.kde.org/p4wrcdfat/oxs8xl/raw . Any thoughts and expert's advice on how to go about this, please?[05:38:21] *** ichthys has joined #postfix[05:40:32] *** midacts has quit IRC[06:08:00] <pj> setProfile: migrate the mail from the customer's IMAP account first, then change the MX records wait for the TTL to expire on the old records and migrate any new messages. You will want to use something like dsync: http://wiki2.dovecot.org/Migration/Dsync[06:08:42] <pj> setProfile: however, what do you intend to do if the customer cannot supply all the passwords?[06:11:23] <setProfile> pj: It is very like that _not_ _all_ passwords will be provided... I also do not know how to work around such case, really.[06:13:07] <setProfile> pj: _no_ passwords provided just complicates the problem to another level.[06:13:16] <pj> setProfile: right, there may not be any way to work around it. The only sure way to get a user's mail is with their login credentials.[06:13:40] *** showaz has quit IRC[06:13:47] <pj> various other services may have individual ways to get user's mail from an admin account, but there's no set protocol for that.[06:15:01] *** tonythomas has joined #postfix[06:15:08] <pj> setProfile: what will your stack be? postfix with what else?[06:16:28] <setProfile> pj: As the problem being handed to me, https://paste.kde.org/p4wrcdfat/oxs8xl/raw, is concerned... is it not specified it is PostFix or some other else...[06:16:50] <setProfile> ...not even specified if its IMAP or POP.[06:17:51] <pj> setProfile: I would encourage you to use IMAP, POP is old and IMAP has all of its functionality and more. In your position you would probably want to support both, though and let the customer choose.[06:18:38] <setProfile> pj: The goal is to cover as many scenarious as possible (Postfix -> others, Postfix -> Postfix ->, others -> Postfix, others -> something else).[06:19:25] <pj> setProfile: as a provider you pick your stack, but offer multiple protocols and ways to connect toit.[06:19:40] <setProfile> ...but, of course, my being only here in #postfix asks for the scenarios that involve Postfix as a start.[06:19:56] <pj> there is no need to run both postfix and exim, for example, but you probably want to support both IMAP and POP3.[06:20:25] <pj> setProfile: I tend to like postfix and dovecot for the two main components of the stack.[06:21:56] <pj> other pieces you may want to look into are SpamAssassin, ClamAV, Amavisd-New...[06:22:40] <pj> and you'll likely want a webmail component as well, something like roundcube or squirlmail.[06:23:11] <pj> and some sort of management component, you can use postfixadmin, but for the best look it generally pays to roll your own with that one.[06:23:26] <setProfile> Mm-hmm.[06:23:51] <pj> the management just has to be able to change entries in a db and manipulate some files and directories.[06:24:26] *** Laibsch has joined #postfix[06:24:45] <pj> and for database consider either LDAP or SQL storage (postfix supports MySQL/MariaDB, PostgreSQL and SQLite).[06:25:09] <pj> but also keep in mind to start simple and build your system up one piece at a time, don't try to toss everything together in one shot.[06:25:39] <pj> !basic[06:25:39] <knoba> pj: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[06:31:57] <setProfile> >> ...try to toss everything together in one shot.[06:31:57] <setProfile> Very true.[06:32:53] <setProfile> >> edit: ...start simple and build your system up one piece at a time, don't try to toss everything together in one shot.[06:32:54] <setProfile> True. Same goal here.[06:35:55] <pj> yep, cool[06:36:14] <pj> it does pay to have a good view of the end-goal and what pieces you will want throughout the process, though.[06:38:44] <setProfile> pj: Thanks to you for all these tips.[06:38:50] <pj> setProfile: yw[06:41:40] *** TheFatherMind- has joined #postfix[06:41:55] <skyroveRR> pg, is it possible to disable or delay the statistics messages in the log files?[06:44:02] <pj> skyroveRR: not that I'm aware of, but I might be wrong.[06:44:55] *** TheFatherMind has quit IRC[06:46:44] *** olegfusion has joined #postfix[06:54:26] *** _ruben has quit IRC[07:23:51] *** echan has quit IRC[07:35:57] *** echan has joined #postfix[07:52:26] *** zapata has quit IRC[08:04:44] *** zapata has joined #postfix[08:07:35] *** edux has joined #postfix[08:12:24] *** edux has quit IRC[08:16:33] *** carl- has joined #postfix[08:21:11] *** Ulver_ has quit IRC[08:24:37] *** edux has joined #postfix[08:25:00] *** troulouliou_div2 has joined #postfix[08:29:50] *** edux has quit IRC[08:33:55] *** edux has joined #postfix[08:34:28] *** sdfr_ has quit IRC[08:38:28] *** edux has quit IRC[08:42:54] *** edux has joined #postfix[08:47:10] *** edux has quit IRC[08:48:49] *** zorg1 has joined #postfix[08:49:30] *** sdfr_ has joined #postfix[08:52:01] *** edux has joined #postfix[08:56:35] *** edux has quit IRC[09:01:00] *** lrea has joined #postfix[09:01:07] *** edux has joined #postfix[09:01:07] <iTaskmanager> !showconfig[09:01:07] <knoba> iTaskmanager: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[09:05:40] *** edux has quit IRC[09:08:23] <setProfile> pj: By the way, this might be a dumb question. But, um, as a newbie... do you think I get to create a fast, decent mail service by directly using http://www.iredmail.org/ (with Postfix in it) ...or should I just create a mail system with Postfix from scratch?[09:10:13] *** edux has joined #postfix[09:13:49] *** olegfusion has quit IRC[09:14:26] *** edux has quit IRC[09:19:17] *** edux has joined #postfix[09:23:50] *** edux has quit IRC[09:24:16] *** ugjka has joined #postfix[09:26:52] *** olegfusion has joined #postfix[09:28:18] *** edux has joined #postfix[09:28:33] *** olegfusion has quit IRC[09:32:52] *** edux has quit IRC[09:36:27] *** roxer_ has left #postfix[09:36:29] *** roxer_ has joined #postfix[09:40:09] *** roxer_ has left #postfix[09:40:19] *** roxer has joined #postfix[09:42:36] *** Haudegen has quit IRC[09:44:28] *** roxer has left #postfix[09:44:29] *** roxer has joined #postfix[09:46:24] *** edux has joined #postfix[09:46:39] *** roxer has left #postfix[09:47:42] *** roxer has joined #postfix[09:49:53] <stemid> is there any way to COPY a mail based on headers in 2.6? header_checks does not have a COPY feature, only REDIRECT and then the original mail is not delivered to its destination.[09:49:58] *** SCHAAP137 has joined #postfix[09:50:06] <roxer> !welcome[09:50:07] <knoba> roxer: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![09:50:38] <pj> setProfile: I have heard some good things about iredmail but it's not my preferred approach, especially as a newbie I think it's better to take the "do it yourself" approach as you learn a lot more that way and in your position you're going to need that knowledge.[09:51:00] *** edux has quit IRC[09:51:05] <setProfile> pj: A-okay.[09:51:28] <roxer> setProfile: is it a complete mailsetup with both smtp and imap/pop3 u want?[09:54:08] <setProfile> roxer: Yes, a complete IMAP/POP3 is all I want... in case I go very slow in building Postfix from scratch (estimate of completion for a prototype is set to only a week... ) . Just a fallback plan, though... i might need a complete mailsetup as Plan B.[09:54:38] <roxer> workaround/ispmail is what i used for our server[09:54:44] *** Laibsch has quit IRC[09:54:51] <setProfile> roxer: I stilll got to learn the ins and outs of Postfix, though... in proper time.[09:55:12] <roxer> workaround.org/ispmail*[09:55:34] *** edux has joined #postfix[09:55:45] <pj> stemid: no, header_checks does not have a BCC or similar action. What is it you're trying to accomplish?[09:55:56] <roxer> i think that guide is good, and it explains alot[09:57:15] <setProfile> roxer: I am on it, https://workaround.org/ispmail . Thanks.[10:00:04] *** edux has quit IRC[10:01:11] *** Haudegen has joined #postfix[10:02:58] <pj> roxer: from a quick glance that does look like one of the more competent guides I've seen. I don't normally like tutorials they tend to cause more harm than good.[10:04:16] <roxer> Pj yes that is why i liked it so much :)[10:13:46] *** edux has joined #postfix[10:18:12] *** edux has quit IRC[10:21:32] *** voidy has joined #postfix[10:23:17] <stemid> pj: copying a mail based on a certain header. the end goal is to copy all mail with a spam score lower than X. sort of like the autolearning feature already in spamassassin.[10:23:47] <iTaskmanager> btw., wdp, tharkun: I just solved the problem itself now. Thanks anyway for the AWESOME(!) help. ;) /i /s[10:25:34] *** skyroveRR has quit IRC[10:26:03] <tuxick> stemid: maybe some global sieve script?[10:26:24] *** depate has joined #postfix[10:26:38] <pj> yeah, I was going to say sieve as well[10:26:52] <stemid> I'll look into sieve, thanks.[10:27:48] <pj> !sieve[10:27:48] <knoba> pj: "sieve" : sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info[10:28:41] <pj> !learn sieve as A common implementation of sieve is via the !dovecot_lmtp MDA. See http://wiki2.dovecot.org/Pigeonhole/Sieve.[10:28:45] <pj> !sieve[10:28:45] <knoba> pj: "sieve" : (#1) sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info, or (#2) A common implementation of sieve is via the !dovecot_lmtp MDA. See http://wiki2.dovecot.org/Pigeonhole/Sieve.[10:29:16] <pj> !forget sieve 2[10:29:25] <pj> !learn sieve as A common implementation of sieve is via a plugin to the !dovecot_lmtp MDA. See http://wiki2.dovecot.org/Pigeonhole/Sieve.[10:29:29] <pj> !sieve[10:29:29] <knoba> pj: "sieve" : (#1) sieve is a language that can be used to create filters for email. see http://sieve.info/ , rfc 5228, or http://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) for more info, or (#2) A common implementation of sieve is via a plugin to the !dovecot_lmtp MDA. See http://wiki2.dovecot.org/Pigeonhole/Sieve.[10:32:03] *** edux has joined #postfix[10:32:32] *** wirehack7 has left #postfix[10:32:57] <survietamine> I also find interesting this page http://www.iana.org/assignments/sieve-extensions/sieve-extensions.xhtml[10:34:04] *** Laibsch has joined #postfix[10:36:54] *** edux has quit IRC[10:48:13] *** voidy is now known as Gunnhildr[10:50:01] *** edux has joined #postfix[10:50:06] <Gunnhildr> Hi all. I want to use check_policy_service for a dovecot quota-daemon, however, I want to have a map that specifies which policy daemon server to connect to based on a database lookup on the email address. Is it possible to have that kind of map to determine which policy service to connect to?[10:51:53] <survietamine> you mean for use with dovecot's quota flag?[10:52:05] <survietamine> *overquota-flag[10:52:35] *** Laibsch has quit IRC[10:55:07] *** edux has quit IRC[10:55:23] *** depate has quit IRC[10:56:53] <survietamine> isn't it easier to just have check_recipient_access checking a sql map?[10:58:35] <tuxick> i don't understand the problem[10:58:37] <tuxick> !goal[10:58:37] <knoba> tuxick: "goal" : describe your goal, not what you think the solution is[10:59:09] *** edux has joined #postfix[11:04:06] *** edux has quit IRC[11:05:43] *** joulez has quit IRC[11:07:46] *** depate has joined #postfix[11:08:31] <Gunnhildr> I can use the overquota flag but it has race conditions, and so I was investigating whether I can just connect to the different quota daemons[11:09:07] <pj> Gunnhildr: write your own intermediate policy service daemon that passes the request off to the appropriate service.[11:09:08] <tuxick> race conditions? really?[11:09:14] <pj> a wrapper.[11:09:14] <Gunnhildr> dovecot updating the overquota flag has race conditions I mean. I'm just looking at different options[11:09:58] <Gunnhildr> I have an nginx proxy using a custom python http auth server that I wrote, and I thought about running a policy check client in that using twisted, but I just thought I'd see if I could do it simply in postfix[11:10:32] <pj> well, actually[11:10:39] <pj> come to think of it you can...[11:10:47] <pj> but it has to be postfix 3.0, I think[11:10:54] <pj> one second...[11:11:21] <Gunnhildr> I have to disappear for 5 minutes (I'm at work :) )[11:11:30] <Gunnhildr> thanks for answers so far![11:11:41] <pj> ...I think, I'm checking.[11:15:00] <pj> Gunnhildr: ok, you don't need 3.0, you can do it in earlier versions...[11:15:19] <pj> the trick is that you can chain restrictions, so the results of one restriction can be another restriction.[11:17:15] <pj> since check_policy_service is a restriction this would work: smtpd_recipient_restrictions=check_recipient_access hash:/postfix/recipient_policies[11:17:15] *** edux has joined #postfix[11:17:23] <pj> errr[11:17:29] <pj> since check_policy_service is a restriction this would work: smtpd_recipient_restrictions=check_recipient_access hash:/etc/postfix/recipient_policies[11:18:42] <pj> then in /etc/postfix/recipient_policies you do something like this: foo at example dot com check_policy_service blah[11:18:54] *** setProfile has quit IRC[11:19:08] <pj> of course you can use any map type other than hash, so you could use a pcre table, or sql database, etc.[11:22:14] *** edux has quit IRC[11:33:53] *** sina0 has joined #postfix[11:34:46] *** sina0 has quit IRC[11:34:55] *** sina0 has joined #postfix[11:35:20] *** edux has joined #postfix[11:40:22] *** edux has quit IRC[11:43:21] <Gunnhildr> pj, that's absolutely perfect and I'm looking at trying that now :)[11:43:27] <Gunnhildr> thanks once again![11:43:34] <pj> Gunnhildr: yw :-)[11:53:33] *** edux has joined #postfix[11:55:20] *** skyroveRR has joined #postfix[11:55:41] *** skyroveRR has joined #postfix[11:58:30] *** edux has quit IRC[12:10:14] *** infides has joined #postfix[12:11:40] *** edux has joined #postfix[12:13:21] *** lucascastro has quit IRC[12:14:20] *** joules has joined #postfix[12:15:02] *** Section1 has joined #postfix[12:15:44] *** Chill_Surf has joined #postfix[12:16:38] *** edux has quit IRC[12:22:32] *** olegfusion has joined #postfix[12:26:41] *** pti-jean_ has joined #postfix[12:29:49] *** edux has joined #postfix[12:34:46] *** edux has quit IRC[12:36:20] *** infides has quit IRC[12:48:02] *** edux has joined #postfix[12:49:08] *** _ruben has joined #postfix[12:52:54] *** edux has quit IRC[12:54:48] *** Cybertinus has quit IRC[13:03:26] *** Ulver has joined #postfix[13:04:36] *** Cybertinus has joined #postfix[13:06:13] *** edux has joined #postfix[13:06:58] *** lucascastro has joined #postfix[13:11:02] *** edux has quit IRC[13:15:28] *** edux has joined #postfix[13:20:07] *** edux has quit IRC[13:20:26] *** lucascastro has quit IRC[13:24:31] *** edux has joined #postfix[13:29:10] *** edux has quit IRC[13:32:55] *** lucascastro has joined #postfix[13:37:12] *** zorg1 has quit IRC[13:38:29] *** echan has quit IRC[13:42:32] *** edux has joined #postfix[13:47:18] *** edux has quit IRC[13:47:48] *** jwing has quit IRC[13:50:35] *** Haudegen has quit IRC[14:00:45] *** edux has joined #postfix[14:04:59] *** synthroid has joined #postfix[14:05:26] *** edux has quit IRC[14:06:52] *** Haudegen has joined #postfix[14:16:06] *** ronaldo has joined #postfix[14:18:19] *** emiliano_ has joined #postfix[14:19:23] *** emiliano_ has quit IRC[14:20:07] *** prooz has quit IRC[14:20:30] *** edux has joined #postfix[14:20:32] *** bolt has quit IRC[14:20:48] *** ronaldo has quit IRC[14:23:20] *** depate has quit IRC[14:23:53] *** prooz has joined #postfix[14:25:48] *** Hoffe has joined #postfix[14:27:38] *** Laibsch has joined #postfix[14:29:51] *** internat has quit IRC[14:34:53] *** robinho86 has joined #postfix[14:38:40] *** guampa has quit IRC[14:39:49] *** guampa has joined #postfix[14:39:54] *** internat has joined #postfix[14:46:35] *** Laibsch has quit IRC[14:52:19] *** Laibsch has joined #postfix[14:54:48] *** _hit has joined #postfix[14:55:25] *** _hit has quit IRC[14:59:35] *** sphenxes has quit IRC[14:59:44] *** sphenxes02 has quit IRC[14:59:45] *** sphenxes01 has quit IRC[15:00:01] *** sphenxes has joined #postfix[15:00:16] *** sphenxes01 has joined #postfix[15:00:17] *** sphenxes02 has joined #postfix[15:11:35] *** Hoffe has quit IRC[15:14:17] *** FinboySlick has joined #postfix[15:15:09] *** blerpity has quit IRC[15:15:32] *** Haudegen has quit IRC[15:17:34] *** _0x5eb_ has quit IRC[15:19:01] *** ag4ve has quit IRC[15:20:06] *** OnkelTem has joined #postfix[15:20:47] <OnkelTem> Hi all. Our IP got into Google blacklist. I've checked out logs for the last month and saw nothing interesting[15:21:12] <OnkelTem> So, changing IP is the only option?[15:21:51] *** JanC has quit IRC[15:23:22] <Dominian> uh no[15:23:29] <Dominian> getting your IP off the blacklist is your best option.[15:23:37] <Dominian> changing IPs makes you look like a spammer[15:24:44] <OnkelTem> What is the official procedure of getting an IP off the blacklist?[15:25:12] <OnkelTem> The most frustrating thing - I have no idea why it was blacklisted :([15:25:28] <tuxick> OnkelTem: 1) fix your configuration[15:25:37] <tuxick> 2) wait[15:25:55] <OnkelTem> tuxick: I wished to. If only I know what's wrong :-/[15:25:58] <tuxick> you're lucky it's google, they're competent[15:26:05] <tuxick> if it's hotmail you're screwed[15:26:10] <OnkelTem> heh[15:26:29] <tuxick> OnkelTem: http://multirbl.valli.org/lookup/[15:26:30] <tuxick> start there[15:27:07] <tuxick> !blacklist[15:27:08] <knoba> tuxick: Error: "blacklist" is not a valid command.[15:27:09] <tuxick> hm[15:28:06] <tuxick> haha[15:28:14] <tuxick> reject: RCPT from mail-vk0-f72.google.com[209.85.213.72]: 554 5.7.1 Service unavailable; Client host [209.85.213.72] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?209.85.213.72[15:28:23] <tuxick> as you can see, it even happens to google[15:28:39] <tuxick> this morning i had a google server blocked by barracuda as well[15:31:24] <OnkelTem> tuxick: Two black lines: https://sc-cdn.scaleengine.net/i/174e7b089f2b2a3d8ce50757bab0e654.png[15:32:21] <tuxick> haha russians, screw them[15:32:28] <tuxick> but no explanation?[15:32:29] <OnkelTem> And there're also 2 blue "Listed" (Hostkarma and Abuse.net) which I think is neutral)[15:32:55] <tuxick> rfc-ignorant can be many things[15:33:13] <e38383> it's rfc^2 - so most likely something .ru does wrong[15:33:32] <e38383> .de e.g. failes for whois and is therefore in rfc-ignorant listed[15:34:15] <e38383> 2012-09-27 18:07:30 WHOIS2 ...[15:34:27] <tuxick> .ru definitely does something wrong: refusing to arrest notorious botnet spammers[15:34:51] <tuxick> like the canadian pharmacy mafia[15:35:00] <e38383> that's not needed by rfc ;P[15:35:05] <tuxick> haha[15:35:24] <tuxick> anyway, missing postmaster@ and/or abuse@ is still considered rfc ignorant[15:35:29] <tuxick> so is running exchange[15:35:41] <e38383> true[15:42:36] <tuxick> OnkelTem: gmail usually provides some clue when rejecting mail, really nothing useful?[15:42:52] <tuxick> hotmail just gives a totally useless url[15:43:17] <OnkelTem> a moment[15:43:29] <tuxick> when you contact them Rajesh will tell you he can not give you more information[15:44:18] <OnkelTem> Lol, it just started working[15:44:22] <OnkelTem> wtf[15:45:11] <tuxick> well it's worth find out why it happened[15:45:21] <tuxick> repeated offenders will get longer bans[15:48:46] <OnkelTem> I've only changed two things: set PTR and envelope sender[15:48:47] *** Laibsch has quit IRC[15:48:53] *** skyroveRR has quit IRC[15:49:34] <OnkelTem> and since right after I've changed sender I made test and it failed, I vote for PTR[15:50:28] <tuxick> without matching ptr you can forget sending mail indeed[15:51:16] <tuxick> well, i reject on missing ptr, a mismatch is just bad score[15:51:18] <OnkelTem> eh, it worked before[15:51:26] <OnkelTem> ok[15:53:20] <OnkelTem> tuxick: thanks![15:55:00] *** Laibsch has joined #postfix[15:56:02] <OnkelTem> Laibsch: seems like "Laibach" was busy?[16:02:57] *** Haudegen has joined #postfix[16:07:24] *** Haudegen has quit IRC[16:11:37] *** dstarh has quit IRC[16:18:20] *** Kellin has quit IRC[16:19:18] *** DefunctProcessZZ is now known as DefunctProcess[16:19:54] *** Laibsch has quit IRC[16:22:40] *** sep has quit IRC[16:24:19] *** MACscr|lappy has quit IRC[16:25:38] *** Haudegen has joined #postfix[16:28:24] *** macscr_ has joined #postfix[16:28:26] <sdfr_> Hi. I have postfix running with TLS+SASL, and I am able to send mail via the server from my computers, and openssl s_client connetcs fine. The problem is one embedded device which is said to support sending email with SSL (i.e, while setting smtp server addres & port one may tic 'SSL'), but it seems to fail with 'SSL_accept:failed in SSLv3 read client key exchange A'. http://pastebin.com/cg4WB13c includes[16:28:28] <sdfr_> snips from maillog for openssl s_client and the embedded box.[16:29:15] <sdfr_> Could there be something to be done at the server or do I just have to accept that I am not going to be able to use that embedded box as I would like[16:31:08] <tuxick> sdfr_: maybe that client is so broken it'll only do sslv2 or whatever?[16:31:57] <sdfr_> I thought about that but either that is not the case or I failed to set postfix accept sslv2[16:32:13] <tuxick> sure? did you try accepting all?[16:32:48] <tuxick> since it seemed to be doing sslv3 and failing[16:33:09] <tuxick> also allow all in cipher list[16:33:35] <tuxick> once determined what it can do right, you can set exception[16:34:40] *** Jonukas has joined #postfix[16:37:05] *** anyk has quit IRC[16:37:21] *** anyk has joined #postfix[16:42:13] <sdfr_> thanks, I'll try that now[16:42:44] *** zZap-X has left #postfix[16:46:20] <tuxick> uhm btw, ssl/tls on what? submission?[16:49:04] <tuxick> hm[16:49:31] <tuxick> if it's just relaying to outside maybe better not to bother[16:51:38] <sdfr_> submission[16:52:34] <Nomads> HarryCross2, after the screenshots, not Etienne but Bene wanted to test the machine. That shoould be an improvement eh?[16:53:51] <tuxick> k[16:58:30] *** Mizar has joined #postfix[16:59:07] *** _0x5eb_ has joined #postfix[17:13:23] *** Mizar has left #postfix[17:20:55] *** macscr_ has quit IRC[17:23:05] *** SCHAAP137 has quit IRC[17:25:00] *** Dominian has quit IRC[17:27:00] *** carl- has quit IRC[17:27:46] *** macscr_ has joined #postfix[17:30:58] *** vladkao has quit IRC[17:30:59] *** lrea has left #postfix[17:32:40] *** macscr_ has quit IRC[17:45:32] *** Dominian has joined #postfix[17:47:02] *** virt has joined #postfix[17:54:01] *** gu1lle_ has joined #postfix[17:54:29] *** macscr has joined #postfix[17:55:27] *** macscr has left #postfix[17:56:55] *** Gunnhildr has quit IRC[18:00:24] *** synthroid has quit IRC[18:00:54] *** manman has quit IRC[18:04:29] *** Dominian has quit IRC[18:08:51] *** Dominian has joined #postfix[18:09:47] *** vladkao has joined #postfix[18:10:37] *** sina0 has quit IRC[18:20:34] *** Motoko has joined #postfix[18:26:13] *** ktosiek has quit IRC[18:31:01] *** synthroid has joined #postfix[18:31:35] *** camroncade has joined #postfix[19:15:16] *** ktosiek has joined #postfix[19:17:13] *** Section1 has quit IRC[19:20:16] *** ronaldo has joined #postfix[19:20:54] *** ronaldo has quit IRC[19:21:06] *** ronaldo has joined #postfix[19:21:32] *** ronaldo has quit IRC[19:21:39] *** rsx has joined #postfix[19:30:14] *** sina0 has joined #postfix[19:38:56] *** heroux has quit IRC[19:39:03] *** ktosiek has quit IRC[19:39:27] *** ktosiek has joined #postfix[19:39:32] *** heroux has joined #postfix[19:40:06] *** troulouliou_div2 has quit IRC[19:45:06] *** NightMonkey has quit IRC[19:47:29] *** NightMonkey has joined #postfix[19:49:46] *** Haudegen has quit IRC[19:57:33] *** tonythomas has quit IRC[20:06:27] *** Haudegen has joined #postfix[20:25:11] *** Mr_Pete has joined #postfix[20:25:40] *** Motoko has quit IRC[20:29:42] <Mr_Pete> Hiya, I have an apparently unusual use case, and an idea how to implement but feel like I'm over-complexifying. My smtpd_recipient_restrictions has a policy check for SPF (which currently sets a PREPEND header) later followed by a greylist policy. I'd like to skip greylist when SPF passes. But to do that I need to either scan headers for the prepended header, or somehow return something from the SPF check that will accompl[20:31:03] <Mr_Pete> (ie return a restriction class; then do one or more access checks that: a) does the prepend; b) does an "OK" if there was SPF pass, or greylist if not.[20:31:17] <Mr_Pete> Would this work? Is there a simpler way? Am I nuts? And what about Naomi? ;)[20:31:58] *** Motoko has joined #postfix[20:34:20] <patdk-wk> your nuts[20:34:37] <patdk-wk> buf if you want to do what you said, you need to setup and use smtpd_restriction_classes[20:35:25] <patdk-wk> and have your spf checker return the correct class, depending on the result[20:36:38] <Mr_Pete> ok, so the general path may work. By any chance am I nuts... because perhaps I shouldn't trust that just because they pass SPF doesn't mean they would pass a greylist?[20:37:58] <Mr_Pete> (in any case, thanks for the reply, patdk-wk :) )[20:39:37] <patdk-wk> that is up to you[20:39:48] <patdk-wk> kill greylisting :)[20:40:11] <Mr_Pete> of course ;) ... yeah, I would kill it... except it is extremely effective.[20:40:30] <Mr_Pete> I have a Very Old Domain so it absorbs a ridiculous amount of spam etc.[20:40:31] <patdk-wk> I haven't seen it be effective[20:40:44] <patdk-wk> most spam I see, is always retried[20:40:49] <patdk-wk> so it would all pass greylisting[20:41:40] <Mr_Pete> Not here. I do plan to do a new analysis of that. Since we track both spam and what (if anything) detected it, we can in theory analyze for what tools help the most...[20:41:55] <Mr_Pete> It's been a bunch of years since I did that.[20:42:04] <patdk-wk> just use postscreen :)[20:43:33] <Mr_Pete> already doing that... need to poke at it more; may not be optimized.[20:47:45] *** moss_ has joined #postfix[20:49:35] *** moss_ has quit IRC[20:55:38] *** gu1lle_ has quit IRC[21:29:44] <tharkun> !cheatsheet[21:29:44] <knoba> tharkun: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2016-01-16, now requires Postfix 2.11+)[21:30:25] <tharkun> Mr_Pete: ^^^[21:39:52] *** rsx has quit IRC[21:46:42] *** Haudegen has quit IRC[21:51:26] *** chandlermelton has joined #postfix[21:55:45] *** ek has quit IRC[21:58:44] *** lucascastro has quit IRC[22:01:16] *** ek has joined #postfix[22:08:22] *** DefunctProcess is now known as DefunctProcessZZ[22:12:48] *** e38383 has quit IRC[22:12:59] *** e38383 has joined #postfix[22:16:57] *** Hoffe has joined #postfix[22:23:13] *** robinho86 has quit IRC[22:23:16] *** chandlermelton has left #postfix[22:24:39] *** Hoffe has quit IRC[22:38:06] *** Haudegen has joined #postfix[22:42:58] *** ``rawr has joined #postfix[22:50:05] *** synthroid has quit IRC[23:03:46] *** FinboySlick has quit IRC[23:11:57] *** jakesyl_mobile has joined #postfix[23:20:51] *** Jonukas has quit IRC[23:26:04] *** virt has quit IRC[23:27:34] *** Chill_Surf has quit IRC[23:31:59] *** Hoffe has joined #postfix[23:34:38] *** camroncade has quit IRC[23:37:04] *** gu1lle_ has joined #postfix[23:38:49] *** ag4ve has joined #postfix[23:57:57] *** edux has quit IRC