January 30, 2016 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 30, 2016 [00:02:43] *** rsx has joined #postfix[00:04:35] *** sina0 has quit IRC[00:04:36] *** edux has joined #postfix[00:06:22] *** rsx has quit IRC[00:09:38] *** edux has quit IRC[00:20:30] *** sina0 has joined #postfix[00:22:51] *** edux has joined #postfix[00:27:47] *** edux has quit IRC[00:32:12] *** edux has joined #postfix[00:34:24] *** gu1lle_ has quit IRC[00:36:34] *** edux has quit IRC[00:40:19] *** spat has joined #postfix[00:41:27] *** edux has joined #postfix[00:42:38] <spat> I have set up a mailserver with an alias maillist. I is now set to reject with a custom rejection message. How can I keep this from all but authorized senders?[00:43:29] <spat> s/from/for/[00:45:30] *** edux has quit IRC[00:45:50] <lunaphyte> sorry, it's not clear what you're asking[00:48:56] <spat> lunaphyte: lets say I have list at domain dot com. to avoid abuse I want to have all senders be rejected to send to this address with the exeption of authorized senders (my networks for example).[00:50:22] <lunaphyte> let's not say that, no[00:50:41] <lunaphyte> domains owned by others are off limits when hiding yours[00:51:27] <lunaphyte> so you want to require authentication in order to send to list at example dot com?[00:52:17] <spat> yes either authentication or restrict by ip[00:52:20] <lunaphyte> then just set check_recipient_access with a reject for your global restrictions, and leave it out of the submission restrictions[00:52:35] <lunaphyte> authorization based on source ip address isn't responsible[00:53:40] <spat> I already have this: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/custom_replies[00:54:00] <spat> lunaphyte: is that what you mean by global restrictions?[00:54:24] <lunaphyte> global smtpd_recipient_restrictions[00:54:34] <lunaphyte> e.g. defined in main.cf[00:54:45] <lunaphyte> main.cf defines global postfix settings[00:56:49] <spat> lunaphyte: Ok I have that. So now I have to set a submission restriction and also make sure it only applies to list at example dot com?[00:56:52] *** Hoffe has quit IRC[00:57:22] <lunaphyte> backwards[00:57:37] <lunaphyte> the global restriction applies to list at example dot com.[00:57:45] <lunaphyte> the submission restriction should not include it[00:57:46] *** e38383_ has joined #postfix[00:58:37] *** [44] has joined #postfix[00:59:35] *** edux has joined #postfix[00:59:52] *** arcanine has quit IRC[00:59:53] *** e38383 has quit IRC[00:59:54] *** guampa has quit IRC[00:59:58] *** e38383_ is now known as e38383[01:00:00] <spat> lunaphyte: so the submission restrictions overrule the global restictions? than i have to say list at example dot com ACCEPT?[01:00:11] *** guampa has joined #postfix[01:00:11] <lunaphyte> yes. no.[01:00:38] <lunaphyte> service specific settings take precedence over global settings[01:00:44] *** arcanine has joined #postfix[01:01:26] *** javak has quit IRC[01:01:48] <lunaphyte> leave check_recipient_access out of your smtpd_recipient_restrictions for the submission service[01:02:07] *** javak has joined #postfix[01:02:57] <spat> Damn it I have administrated postfix servers for years and have no clue what you are talking about. I have modified main.cf and master.cf what on earth are serfice specific settings. Excuse my ignorance[01:03:24] <lunaphyte> service specific settings are settings for a specific service in master.cf[01:04:09] <spat> lunaphyte: Ah thanks no I see what you are getting at[01:04:09] <lunaphyte> main.cf defines global config parameters. master.cf defines services, and any service specific settings needed to override the global defaults defined in main.cf[01:04:10] *** edux has quit IRC[01:08:10] <spat> lunaphyte: ok so I set an override on smtpd. How do I manage this? do i have to pipe it trough some script?[01:08:22] <lunaphyte> huh?[01:08:29] <lunaphyte> what is "it"?[01:08:36] *** edux has joined #postfix[01:09:49] <Mr_Pete> Thanks, tharkun[01:10:55] <spat> I have no clue the only thing I have done with master.cf is change ports and add a different deliverey thing (forgot the term again sorry). So I was thinging that I first need to route mail trough a script. Or something[01:11:55] <lunaphyte> you don't need to route mail through a script in order to leave check_recipient_access out of your smtpd_recipient_restrictions for the submission service, no[01:12:36] *** anunnaki_ has quit IRC[01:12:36] *** anunnaki_ has joined #postfix[01:12:41] <spat> lunaphyte: Ok than I asume I have to use the -o option on smtp. Is this correct?[01:13:40] *** edux has quit IRC[01:15:17] <spat> If still have no clue how to do this. If authorized (either ip, from e-mail adres (this is the weakest check), or sasl) than pass mail to list at example dot com. While other mail adressen on example.com get ¨instant¨ passes[01:17:46] *** edux has joined #postfix[01:22:26] *** edux has quit IRC[01:25:15] *** Mr_Pete has quit IRC[01:26:37] <spat> lunaphyte: I think I may have found what I was looking for: http://www.postfix.org/RESTRICTION_CLASS_README.html#internal[01:26:52] *** edux has joined #postfix[01:27:08] *** Fleurety has quit IRC[01:29:17] <lunaphyte> spat: your submission service. not your smtp service[01:30:09] <lunaphyte> yes. restriction classes are helpful. you still need to exclude the restriction from your submission service[01:31:35] *** edux has quit IRC[01:32:44] *** Fleurety has joined #postfix[01:35:51] *** edux has joined #postfix[01:37:10] *** spat has quit IRC[01:37:35] *** [44] has quit IRC[01:38:59] *** spat has joined #postfix[01:39:38] <spat> lunaphyte: Ok that makes sense. Thanks![01:40:09] *** spat has quit IRC[01:40:26] *** edux has quit IRC[01:40:57] *** ``rawr has quit IRC[01:44:55] *** edux has joined #postfix[01:49:59] *** edux has quit IRC[01:53:39] *** pti-jean_ has quit IRC[01:54:04] *** edux has joined #postfix[01:54:10] *** de-vri-es has quit IRC[01:55:08] *** de-vri-es has joined #postfix[01:55:50] *** buki_ has joined #postfix[01:57:10] *** jbyte_ has quit IRC[01:57:18] *** Cybert1nus has joined #postfix[01:58:06] *** TAAR1 has joined #postfix[01:58:24] *** edux has quit IRC[01:58:27] *** Numline1_ has joined #postfix[01:59:11] *** hachiya_ has joined #postfix[01:59:19] *** yosafbridge` has joined #postfix[01:59:27] *** err-or has joined #postfix[01:59:31] *** anyk_ has joined #postfix[01:59:31] *** midacts has joined #postfix[01:59:38] *** atmx_ has joined #postfix[01:59:46] *** hyperized has joined #postfix[01:59:47] *** hyperized has joined #postfix[02:02:26] *** cworth` has joined #postfix[02:02:56] *** ruel has joined #postfix[02:02:59] *** chris|| has joined #postfix[02:03:05] *** edux has joined #postfix[02:03:07] *** ghormoon_ has joined #postfix[02:04:09] *** anyk has quit IRC[02:04:10] *** Cybertinus has quit IRC[02:04:12] *** ichthys has quit IRC[02:04:13] *** err-or_ has quit IRC[02:04:16] *** higuita has quit IRC[02:04:19] *** chris| has quit IRC[02:04:20] *** TAARs has quit IRC[02:04:21] *** akkad has quit IRC[02:04:22] *** trn has quit IRC[02:04:24] *** parasite_ has quit IRC[02:04:25] *** lvlinux has quit IRC[02:04:26] *** Tykling has quit IRC[02:04:26] *** patdk-wk has quit IRC[02:04:28] *** Numline1 has quit IRC[02:04:29] *** nathanhi has quit IRC[02:04:33] *** hyperize1 has quit IRC[02:04:36] *** buki has quit IRC[02:04:37] *** boxrick1 has quit IRC[02:04:38] *** atmx has quit IRC[02:04:40] *** Zerberus has quit IRC[02:04:42] *** kalz has quit IRC[02:04:43] *** cworth has quit IRC[02:04:48] *** ghormoon has quit IRC[02:04:50] *** hachiya has quit IRC[02:04:51] *** johnny56 has quit IRC[02:04:52] *** yosafbridge has quit IRC[02:04:53] *** defanor has quit IRC[02:04:54] *** chris|| is now known as chris|[02:04:55] *** ruel is now known as lvlinux[02:04:57] *** Zerberus has joined #postfix[02:04:58] *** parasite_ has joined #postfix[02:05:30] *** patdk-wk has joined #postfix[02:06:05] *** jbyte has joined #postfix[02:07:31] *** akkad has joined #postfix[02:07:38] *** jakesyl_mobile has quit IRC[02:08:11] *** boxrick1 has joined #postfix[02:08:23] *** ktosiek has quit IRC[02:08:45] *** ktosiek has joined #postfix[02:09:02] *** edux has quit IRC[02:10:02] *** macscr has joined #postfix[02:10:02] *** higuita has joined #postfix[02:10:02] *** nathanhi has joined #postfix[02:10:02] *** defanor has joined #postfix[02:10:51] *** nathanhi is now known as Guest12025[02:11:56] *** kalz has joined #postfix[02:12:53] *** Tykling has joined #postfix[02:13:31] *** johnny56 has joined #postfix[02:14:48] *** troulouliou_div2 has joined #postfix[02:20:07] *** Kellin has joined #postfix[02:21:03] *** edux has joined #postfix[02:24:15] *** troulouliou_div2 has quit IRC[02:25:46] *** edux has quit IRC[02:28:43] *** jwing has joined #postfix[02:33:20] *** lucascastro has joined #postfix[02:39:14] *** edux has joined #postfix[02:44:12] *** edux has quit IRC[02:47:05] *** trn has joined #postfix[02:48:35] *** edux has joined #postfix[02:53:28] *** Mr_Pete has joined #postfix[02:53:34] *** edux has quit IRC[02:57:44] *** edux has joined #postfix[03:02:15] *** edux has quit IRC[03:06:23] *** michelangelo has joined #postfix[03:06:50] *** edux has joined #postfix[03:10:29] *** donmichelangelo has quit IRC[03:11:21] *** edux has quit IRC[03:15:59] *** edux has joined #postfix[03:17:26] *** err-or_ has joined #postfix[03:20:58] *** edux has quit IRC[03:21:28] *** joules has quit IRC[03:22:14] *** err-or has quit IRC[03:25:00] *** edux has joined #postfix[03:28:24] *** joules has joined #postfix[03:29:28] *** edux has quit IRC[03:34:13] *** edux has joined #postfix[03:35:37] *** echan has joined #postfix[03:38:26] *** edux has quit IRC[03:38:36] *** anunnaki_ is now known as anunnaki[03:42:45] *** lucas_ has joined #postfix[03:43:12] *** edux has joined #postfix[03:43:26] *** xebra has joined #postfix[03:45:14] *** lucascastro has quit IRC[03:47:35] *** edux has quit IRC[03:50:05] *** macscr has quit IRC[03:52:17] *** edux has joined #postfix[03:52:27] *** xebra has left #postfix[03:56:50] *** edux has quit IRC[04:01:21] *** edux has joined #postfix[04:05:52] *** edux has quit IRC[04:10:34] *** edux has joined #postfix[04:14:58] *** edux has quit IRC[04:19:40] *** edux has joined #postfix[04:23:24] *** macscr has joined #postfix[04:24:01] *** macscr has left #postfix[04:24:26] *** edux has quit IRC[04:30:34] *** chachasmooth has quit IRC[04:34:57] *** chachasmooth has joined #postfix[04:37:51] *** edux has joined #postfix[04:43:05] *** edux has quit IRC[04:43:11] *** Mr_Pete has quit IRC[05:13:45] *** epretorious has joined #postfix[05:14:05] *** epretorious is now known as PDXPretorious[06:17:59] *** edux has joined #postfix[06:23:11] *** edux has quit IRC[06:26:44] *** edux has joined #postfix[06:31:26] *** edux has quit IRC[06:33:48] *** namyzarc has joined #postfix[06:35:55] *** edux has joined #postfix[06:40:34] *** edux has quit IRC[06:44:57] *** edux has joined #postfix[06:49:34] *** edux has quit IRC[06:54:03] *** edux has joined #postfix[06:58:56] *** edux has quit IRC[07:03:08] *** edux has joined #postfix[07:08:20] *** edux has quit IRC[07:12:13] *** edux has joined #postfix[07:16:45] *** edux has quit IRC[07:21:18] *** edux has joined #postfix[07:23:18] *** yrter has joined #postfix[07:26:00] *** edux has quit IRC[07:30:34] *** edux has joined #postfix[07:34:54] *** edux has quit IRC[07:56:35] *** tonythomas has joined #postfix[07:57:38] *** edux has joined #postfix[08:02:15] *** edux has quit IRC[08:06:54] *** edux has joined #postfix[08:11:10] *** edux has quit IRC[08:21:29] *** zapata has quit IRC[08:23:08] *** zapata has joined #postfix[08:29:52] *** ZeuZ has joined #postfix[08:30:47] <ZeuZ> Guys, I've got two domains that point to my IP, using virtual users, when I send a mail from a user in another domain, I receive the mail but I see "Received from: first_domain.tld"[08:30:52] <ZeuZ> instead of the second domain[08:30:55] <ZeuZ> how can I fix that?[08:36:42] *** Hoffe has joined #postfix[08:41:38] *** Hoffe has quit IRC[08:41:51] *** Hoffe has joined #postfix[08:47:56] *** Hoffe has quit IRC[08:48:36] *** Hoffe has joined #postfix[08:50:58] *** Hoffe has quit IRC[08:51:14] *** Hoffe has joined #postfix[08:58:41] *** rsx has joined #postfix[08:59:12] *** sina0 has quit IRC[09:16:27] *** fatalhalt has joined #postfix[09:19:04] *** edux has joined #postfix[09:24:32] *** edux has quit IRC[09:26:17] *** Motoko has quit IRC[09:28:34] *** edux has joined #postfix[09:29:56] *** echan has quit IRC[09:31:33] *** JanC has joined #postfix[09:32:58] *** edux has quit IRC[09:37:38] *** edux has joined #postfix[09:42:52] *** edux has quit IRC[09:45:30] *** JanC has quit IRC[09:47:05] *** edux has joined #postfix[09:47:56] *** rsx has quit IRC[09:51:20] *** edux has quit IRC[09:55:53] *** edux has joined #postfix[09:56:10] *** anunnaki has quit IRC[10:00:21] *** edux has quit IRC[10:05:01] *** edux has joined #postfix[10:09:22] *** edux has quit IRC[10:10:01] *** SelfishMan has quit IRC[10:11:28] *** SelfishMan has joined #postfix[10:14:01] *** edux has joined #postfix[10:15:29] *** lucas_ has quit IRC[10:18:47] *** edux has quit IRC[10:23:09] *** edux has joined #postfix[10:24:42] *** anunnaki has joined #postfix[10:27:26] *** edux has quit IRC[10:28:30] *** JanC has joined #postfix[10:32:11] *** edux has joined #postfix[10:36:44] *** edux has quit IRC[10:41:17] *** edux has joined #postfix[10:45:40] *** atmx_ is now known as atmx[10:46:25] *** edux has quit IRC[10:46:33] *** rcsu has joined #postfix[10:50:20] *** edux has joined #postfix[10:52:06] *** rcsu has quit IRC[10:54:17] *** rcsu has joined #postfix[10:54:56] *** edux has quit IRC[10:57:26] *** JanC has quit IRC[10:57:55] *** pti-jean_ has joined #postfix[11:08:20] *** edux has joined #postfix[11:13:04] *** edux has quit IRC[11:26:38] *** edux has joined #postfix[11:29:07] *** rsx has joined #postfix[11:31:15] *** edux has quit IRC[11:32:00] *** JanC has joined #postfix[11:34:12] *** JanC is now known as JanC_FOSDEM[11:35:47] *** edux has joined #postfix[11:40:30] *** edux has quit IRC[11:41:26] *** rsx has quit IRC[11:44:55] *** edux has joined #postfix[11:49:28] *** edux has quit IRC[11:53:54] *** edux has joined #postfix[11:58:40] *** edux has quit IRC[12:03:13] *** edux has joined #postfix[12:07:54] *** edux has quit IRC[12:16:51] *** bolt has joined #postfix[12:16:58] *** bolt has joined #postfix[12:40:34] *** JanC_FOSDEM has quit IRC[12:56:38] *** Haudegen has quit IRC[13:08:31] *** __NiC is now known as _NiC[13:13:16] *** Haudegen has joined #postfix[13:20:58] *** sphenxes02 has quit IRC[13:24:52] *** edux has joined #postfix[13:29:26] *** edux has quit IRC[13:31:37] *** lapator has quit IRC[13:31:48] *** rsx has joined #postfix[13:32:14] *** souther has quit IRC[13:32:31] *** lapator has joined #postfix[13:33:15] *** souther has joined #postfix[13:33:56] *** edux has joined #postfix[13:38:14] *** edux has quit IRC[13:40:57] *** lucascastro has joined #postfix[13:42:59] *** edux has joined #postfix[13:48:26] *** edux has quit IRC[13:52:09] *** edux has joined #postfix[13:56:50] *** edux has quit IRC[14:01:09] *** edux has joined #postfix[14:05:53] *** edux has quit IRC[14:10:16] *** edux has joined #postfix[14:14:26] *** edux has quit IRC[14:15:06] *** zapata has quit IRC[14:19:20] *** edux has joined #postfix[14:23:35] *** edux has quit IRC[14:25:37] *** zapata has joined #postfix[14:26:36] *** SunGod has quit IRC[14:26:54] *** SunGod has joined #postfix[14:28:35] *** edux has joined #postfix[14:32:54] *** edux has quit IRC[14:35:14] *** fatalhalt has quit IRC[14:47:23] *** Elion has joined #postfix[14:47:24] *** Elion has joined #postfix[14:47:30] *** lucascastro has quit IRC[14:48:46] *** Slackology has quit IRC[14:49:41] *** omgs has joined #postfix[14:49:56] *** Haudegen has quit IRC[14:53:53] *** Elion has quit IRC[14:54:29] *** Elion has joined #postfix[14:54:29] *** Elion has joined #postfix[14:54:53] *** Elion has quit IRC[14:55:40] *** Elion has joined #postfix[14:55:41] *** Elion has joined #postfix[14:56:37] *** sphenxes02 has joined #postfix[14:58:06] *** jwing has quit IRC[15:00:10] *** sphenxes has quit IRC[15:00:48] *** sphenxes01 has quit IRC[15:01:03] *** sphenxes has joined #postfix[15:04:48] *** Elion has left #postfix[15:07:26] *** Haudegen has joined #postfix[15:16:10] *** Hoffe has quit IRC[15:22:01] *** ZeuZ has quit IRC[15:23:32] *** Haudegen has quit IRC[15:30:34] *** buki_ is now known as buki[15:31:04] *** edux has joined #postfix[15:35:47] *** edux has quit IRC[15:40:56] *** Haudegen has joined #postfix[15:48:59] *** edux has joined #postfix[15:54:20] *** edux has quit IRC[15:58:15] *** edux has joined #postfix[16:03:47] *** edux has quit IRC[16:07:40] *** edux has joined #postfix[16:12:08] *** edux has quit IRC[16:16:32] *** edux has joined #postfix[16:20:55] *** edux has quit IRC[16:24:18] *** edux has joined #postfix[16:24:36] *** echan has joined #postfix[16:27:25] *** JanC_FOSDEM has joined #postfix[16:55:22] *** JanC_FOSDEM has quit IRC[17:01:09] <Yatekii> hey guys, I get: Postfix is running with backwards-compatible default settings[17:01:24] <Yatekii> what does this mean exactly? because I feel like it doesn't load my main.cf at all :S[17:04:24] *** Fleurety has quit IRC[17:10:49] <lunaphyte> Yatekii: read compatibility_readme[17:17:52] *** Fleurety has joined #postfix[17:18:58] *** Fleurety has quit IRC[17:29:05] *** Fleurety has joined #postfix[17:31:03] *** Fleurety has quit IRC[17:32:08] *** vvassilev has joined #postfix[17:34:47] *** Fleurety has joined #postfix[17:35:30] <vvassilev> Hi all. I am thinking of setting up a postfix config, which does the relaying more or less like apache proxy. I.e. the gateway postfix will just forward to a bunch of LAN workers and once they do antispam and other checks they will return back the messages to the gateway, ready to send them. Does that make sense? If yes where I can read more about this kind of setup.[17:38:36] *** Fleurety has quit IRC[17:39:08] *** caitnop has quit IRC[17:39:39] *** caitnop has joined #postfix[17:41:45] *** Fleurety has joined #postfix[17:44:04] *** Fleurety has quit IRC[17:49:44] *** Fleurety has joined #postfix[17:54:05] *** Fleurety has quit IRC[17:59:45] *** Fleurety has joined #postfix[18:03:29] <rob0> What's the purpose of that, just to reduce the memory/CPU load on the gateway machine?[18:04:01] <rob0> If you're really big, yes, I can see some sense in that.[18:04:39] <rob0> Of course you'd want to do as much antispam on the gateway, pre-DATA, as possible:[18:04:44] <rob0> !cheatsheet[18:04:44] <knoba> rob0: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2016-01-16, now requires Postfix 2.11+)[18:05:06] *** Fleurety has quit IRC[18:06:47] *** Fleurety has joined #postfix[18:08:08] <vvassilev> rob0: yes, performance reasons + separation of concerns.[18:09:21] *** Fleurety has quit IRC[18:10:01] <vvassilev> rob0: also security reasons, because I don't want to expose one more machine to the wild...[18:11:49] <rob0> It's really pretty simple. Most examples you will find, including the Amavisd-new documentation, show a Postfix content_filter on 127.0.0.1. Simply use a name which resolves to your filter worker machines. And the reinjection port on the gateway can't be on 127.0.0.1, use the LAN IP address.[18:13:09] <vvassilev> I see, that's a good idea.[18:13:12] <rob0> Use "name.example:port" if you plan to use MX records, or "[name.example]:port" if using A or AAAA.[18:13:28] <lunaphyte> expose one more machien to the wild? why woudl you have to do that?[18:13:31] <lunaphyte> *would[18:14:14] <rob0> Also, it sounds like you are talking about a MSA, because the gateway is sending messages out?[18:14:49] <lunaphyte> also, depending on what is to actually to happen with the mail after it is processed, returning the mail to postfix isn't necessarily the most sensible thing to do[18:14:57] <vvassilev> lunaphyte: I don't want to run the postfix service on the gateway. This would mean exposing one more outside our infrastructure. Eg. I will have to run things such as fail2ban etc...[18:15:11] <rob0> You'd have to be REALLY big, on the level of a major ISP or mail provider like Yahoo/Gmail/GMX, for that to make sense. It would be better to simply separate your MSA host from the MX host.[18:15:38] <lunaphyte> sorry, i don't understand "run the postfix service on the gateway"[18:15:46] <lunaphyte> what exactly is "the gateway"?[18:15:52] <rob0> whoa, what? "I don't want to run the postfix service on the gateway" makes no sense[18:16:01] <lunaphyte> postfix *is* the thing that shoudl be exposed to the internet. not other things...[18:16:10] <vvassilev> Sorry, keeping 2 parallel conversations is difficult.[18:16:13] <rob0> I assumed that you were running Postfix on the gateway?[18:16:14] <lunaphyte> woudl, shoudl, :([18:16:57] <vvassilev> rob0: I am running a postfix on the gateway, yes. I didn't want to install and run spamassasign graylists AV etc. on the same machine.[18:17:10] <lunaphyte> oh. that's fine.[18:17:30] <vvassilev> I want to have a dedicated HA machine doing exactly that, but I still want to relay through the gateway.[18:17:45] <rob0> greylisting is a bad idea. Do it the Postfix way, with postscreen,[18:17:48] <rob0> !postscreen[18:17:49] <knoba> rob0: "postscreen" : SMTP triage server available in Postfix 2.8, see http://www.postfix.org/POSTSCREEN_README.html and http://www.postfix.org/postscreen.8.html[18:17:54] <rob0> and the link above[18:17:57] <lunaphyte> i think you should stop using the term "gateway" ;)[18:18:14] <lunaphyte> indeed, avoid greylisting.[18:18:28] <rob0> greylisting is an exceptionally bad idea for a MSA!![18:18:34] <vvassilev> Sorry, I cannot think of a better one :) Is master-worker better terms?[18:18:45] <lunaphyte> no need for any of those terms[18:18:46] <vvassilev> MSA?[18:19:00] <lunaphyte> yes, what is this all actually for?[18:19:05] <rob0> !msa[18:19:05] <knoba> rob0: "msa" : Message Submission Agent : a process which accepts message submissions from MUAs on port 587 known as 'message submission service' using the 'message submission protocol' defined by rfc4409. To enable message submission service in postfix uncomment the relevant lines in master.cf. also see !submission.[18:19:50] *** edux has quit IRC[18:20:09] <lunaphyte> e.g. where is this mail coming from, and where is it going?[18:20:15] <vvassilev> Okay, sorry, I am slow, but I don't really have a lot of experience with postfix and emails...[18:20:31] <rob0> start simple[18:20:34] <vvassilev> So lets make two steps back.[18:20:57] <rob0> Do expansion like this only when and if it makes sense for your user base.[18:20:57] <lunaphyte> think of it like this. presumably you're contemplating all of this in order to solve some actual, real, problem. what is it?[18:21:04] <vvassilev> I have a common machine which does firewall, traffic control and so on.[18:21:51] <vvassilev> I have all security setting and so on tweaked.[18:21:57] <lunaphyte> oh. literally, your network gateway, presumably?[18:22:04] <vvassilev> Yes[18:22:15] <rob0> a single IPv4 address?[18:22:41] <vvassilev> right now yes, in future a few more but mails will perhaps go out through a single ip.[18:23:07] <vvassilev> This is why I thought a good idea to have a service which does "deligates" to a dedicated machine which handles mail "stuff".[18:23:44] <lunaphyte> well, it won't realy work that way[18:24:01] <lunaphyte> if this "gateway" is a regular computer, then sure, you can install postfix on it.[18:24:06] <vvassilev> And here is my problem: I want to ISP_comp to relay to worker_comp and then worker_comp to relay to ISP_comp signing off the msg for sending.[18:24:23] <lunaphyte> but there will not be "delegation". postfix will do what it does, and then pass the message along as appropriate[18:24:32] <vvassilev> I have postfix already installed there.[18:25:13] <lunaphyte> now "gateway" is "ISP_comp"?[18:25:27] <vvassilev> yes (you told me not to use gateway :) )[18:25:40] <lunaphyte> ok[18:25:53] <lunaphyte> where does ISP_comp get mail from?[18:26:00] *** err-or_ has quit IRC[18:26:12] <vvassilev> Internet?[18:26:26] <vvassilev> I am explaining it too weird...[18:26:30] <lunaphyte> where does this mail ultimately go?[18:26:41] *** err-or has joined #postfix[18:26:43] <vvassilev> Internet[18:26:47] <lunaphyte> why?[18:26:52] <vvassilev> + local mailing[18:26:55] <vvassilev> Wait[18:27:07] <vvassilev> Let me tell you what I have and it kind of works.[18:27:50] <vvassilev> I have ISP_comp forwarding "everyting" to worker_comp. Then worker_comp does its thing and sends out.[18:28:30] <vvassilev> It works good, but I must add a DNAT entry in my firewall to worker_comp. This DNAT I want to kill in favor of relaying back to ISP_comp.[18:28:44] *** edux has joined #postfix[18:29:32] <vvassilev> Does it make more sense?[18:29:47] <lunaphyte> getting email from the internet and then sending it back out to the internet does not make sense[18:30:42] <lunaphyte> why are you doing this?[18:30:43] <vvassilev> Sorry, mistake: we are getting email from the internet for out customers.[18:30:50] *** Fleurety has joined #postfix[18:31:08] <lunaphyte> mail sent to your customers arrives at your server? why?[18:31:32] <vvassilev> Confused again...[18:32:11] <vvassilev> We are hosting a few websites. Those websites need to have mailboxes. Postfix help us out there.[18:32:39] <vvassilev> So our users need to send/receive emails from our infrastructure.[18:32:48] *** Fleurety has quit IRC[18:33:22] *** edux has quit IRC[18:33:26] <lunaphyte> are you receiving arbitrary mail from the internet, and forwarding it to other people's mail servers?[18:33:54] <vvassilev> I am happy to paste my configs because I am probably using not the right terms...[18:34:13] <lunaphyte> sounds good[18:34:23] <lunaphyte> !tell vvassilev showconfig[18:34:24] <knoba> vvassilev: "showconfig" : when asked to provide your config, pastebin postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[18:34:36] <rob0> Yes. Again, when you get to that point, your best bet when "de-simplifying" is to run a separate MSA. One machine getting port 25 from the Internet (the MX) and another getting 587.)[18:35:00] <lunaphyte> i fear he's doing same envelope forwarding :([18:35:16] <rob0> ohh, that could be, yes[18:35:37] <vvassilev> http://paste.ubuntu.com/14745404/[18:35:52] <vvassilev> "gateway"[18:37:05] <vvassilev> "dedicated machine":http://paste.ubuntu.com/14745673/[18:37:18] <lunaphyte> a little whitespace between the commands next time :)[18:37:24] <rob0> "relayhost = 10.11.12.8" ?[18:37:59] *** edux has joined #postfix[18:38:02] <lunaphyte> inet_interfaces = loopback-only?[18:38:11] <lunaphyte> are you doing iptables trickery?[18:38:27] <rob0> oh, you seem to have DNSBLs in the wrong place. Those must be on the externally-facing machine.[18:38:47] <vvassilev> rob0: ""relayhost = 10.11.12.8"" ->this is common-services[18:38:59] <vvassilev> lunaphyte: not that I am aware of.[18:39:37] <rob0> !tell vvassilev basic[18:39:37] <knoba> vvassilev: "basic" : http://www.postfix.org/BASIC_CONFIGURATION_README.html : a good starting place for Postfix beginners, many common questions are answered here.[18:39:43] <lunaphyte> is postfix listening only on loopback on the gateway?[18:40:03] <lunaphyte> if so, you will have much difficulty getting mail to it from the internet[18:40:15] *** Guest12025 has quit IRC[18:40:15] *** Guest12025 has joined #postfix[18:40:17] *** Guest12025 is now known as nathanhi[18:40:24] <vvassilev> lunaphyte: no, it works. I send / receive messages[18:42:07] <vvassilev> This work was done by a colleague and there are a few things I don't understand...[18:42:41] <lunaphyte> you have lots of opportunity ahead of you! :)[18:42:47] *** edux has quit IRC[18:43:24] <vvassilev> http://paste.ubuntu.com/14746496/[18:43:25] <lunaphyte> it appears there was much your colleague did not understand as well :p[18:43:34] <vvassilev> My postfix config logs/complaints[18:44:08] <vvassilev> lunaphyte: well ;) This is what I am trying to fix...[18:44:25] <vvassilev> He did a good job but he doesn't get a lot of time to work on that...[18:44:34] <lunaphyte> good. you are doing the right thing[18:45:17] <vvassilev> So my question I guess is: Is any of my issues reasonably easy to fix for a novice like me?[18:45:30] <lunaphyte> sure, why not?[18:45:49] <vvassilev> Some of the mail goes in spam, some of it loops indefinitely and some of it makes it...[18:46:32] <vvassilev> I guess the worker machine doesn't sign it properly...[18:47:04] *** edux has joined #postfix[18:47:37] <vvassilev> And I haven't even had the chance to think of sasl :)[18:47:59] <vvassilev> So if you had these configs and setup, what would you do?[18:48:28] <lunaphyte> virtual_transport = dovecot[18:48:31] <lunaphyte> dovecot is involved?[18:48:39] <lunaphyte> how do customers read their mail?[18:48:52] <vvassilev> We are thinking to use dovecot for this[18:48:59] <vvassilev> imap and so on...[18:49:40] <lunaphyte> they will use imap - e.g. a regular mail client? you will not forward "to their gmail account"?[18:50:15] <vvassilev> We want to support both.[18:50:21] <lunaphyte> you cannot[18:50:27] <vvassilev> Currently we forward. In future we want to do dovecot[18:50:29] <lunaphyte> it is not ok to forward to gmail[18:50:39] <lunaphyte> that will be half of your issues right there[18:50:54] <lunaphyte> same envelope forwarding is no longer feasible on today's modern internet[18:51:21] <vvassilev> okay, as is it sort of works.[18:51:42] <lunaphyte> so does driving around without a seatbelt[18:51:47] <vvassilev> I get a dkim reports from google but this is a tuneup issue I believe[18:52:27] <lunaphyte> the right thing to do is use imap[18:52:40] <lunaphyte> if customers want to read their email with google, then they should use google apps[18:52:46] <rob0> I use a seatbelt. I should use IMAP?[18:53:13] <lunaphyte> accepting mail from arbitrary senders on the internet, then forwarding it to other people's mail systems is rude, and prone to problems[18:53:16] <lunaphyte> hah[18:53:25] <lunaphyte> you should use an imapbag[18:53:45] <vvassilev> Okay... The forwarding was perhaps implemented because of missing dovecot setup.[18:53:55] *** edux has quit IRC[18:54:00] <vvassilev> However we don't just forward, we do checks on it...[18:54:18] <lunaphyte> it's common, unfortunately. inexperienced admin think it's ok to do[18:54:20] <vvassilev> sign it...[18:55:35] <vvassilev> So let me be explicit: we have "forwarding" mailboxes. Where somebody gets email and this forward to the email address which he wrote. Is that what you say is wrong?[18:56:13] <lunaphyte> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf[18:56:40] <lunaphyte> if that's what you're referring to, and it has things like gmail etc in it, then yes, that's wrong to do[18:57:11] <lunaphyte> do you have multiple public ip addresses available for use?[18:57:18] <vvassilev> Not at the moment.[18:58:19] <vvassilev> I need to focus on the most severe things. I get: "Mail for common-services loops back to myself"[18:58:57] <lunaphyte> is this a residential internet connection?[18:58:58] <vvassilev> IIUC this means that it tries to exit through the "gateway", but it gets back.[18:59:07] <vvassilev> Yes, this is a SOHO[18:59:54] <lunaphyte> i would configure postfix on the gateway as the mx[mta], and as the msa. then i would pass messages to another computer, running amavis, for content filtering[19:00:15] <lunaphyte> lastly, dovecot needs ot be running somewhere. this could be on the same computer as amavis, or it could also be on its own computer[19:00:19] <lunaphyte> *to be[19:01:15] <lunaphyte> i would configure amavis with two policy banks. one for the mta postfix service on the gateway, and the other for the msa postfix service on the gateway[19:01:26] <vvassilev> Yes, this sounds completely reasonable. This is more or less what I was thinking to do...[19:02:12] <vvassilev> I am not sure where should I start[19:02:13] <lunaphyte> there's another consideration as well. do you want [or think you need] to put submission mail [e.g. msa mail] through a content filter?[19:02:43] <vvassilev> I believe so.[19:02:47] <rob0> Generally that ^^ is a good idea, essential if you're serving Windows users.[19:02:55] <lunaphyte> ok[19:03:06] <lunaphyte> then two amavis policy banks is the right way[19:03:31] <lunaphyte> mail from the mta service, through amavis, doesn't need to go back to postfix. it can just go to dovecot, for delivery[19:03:50] <vvassilev> Okay...[19:03:54] <lunaphyte> mail from the msa service, however, should go back to postfix, for relay to its internet destination[19:04:05] <lunaphyte> i have to go for a while. bbl[19:05:22] <vvassilev> Okay, I got a few things straighten out. But some of them were difficult to grasp. I will come back with a few questions about them later.[19:06:13] <vvassilev> What should I focus on, first? Frankly speaking I've no idea where I should start from. (Ideally I want less downtime as possible).[19:28:08] *** roentgen has joined #postfix[19:29:29] <vvassilev> !logs[19:29:30] <knoba> vvassilev: "logs" : Postfix logs to the mail facility of syslog. You can usually find them with ls /var/log/mail*; otherwise see your system's syslog server documentation. Also see !nologs and !mung[19:29:38] <vvassilev> !nologs[19:29:38] <knoba> vvassilev: "nologs" : Nothing in your mail logs commonly means one of two things: either your syslogd is broken (try restarting it), or the connections are not coming to your server. Check your firewall/networking and the DNS for the domain in question. also see !logs.[19:29:52] <vvassilev> !mung[19:30:04] <vvassilev> !mung[19:30:06] <knoba> vvassilev: "mung" : Mash Until No Good : the art of obfuscating data which ultimately results in unintentional consequences such as making diagnostics impossible. If you think you must hide details, see !have2mung[19:30:20] <vvassilev> !have2mung[19:30:21] <knoba> vvassilev: "have2mung" : if you absolutely have to mung details, such as anonymizing domains, email and IP addresses etc., try to do so in a minimal, consistent and meaningful way. Keep in mind that this is our first look at your particular configuration and or log details and we do not have the benefit you posses about your existing configuration.[19:30:33] <lunaphyte> to minimize downtime, your approach will need to be fairly surgical. this may beget enlisting the services of a consultant[19:30:58] <vvassilev> lunaphyte: I am afraid we cannot afford this.[19:31:59] <lunaphyte> aha. so what parameters have you selected from the iron triangle?[19:31:59] <vvassilev> So I have started to do what you suggested.[19:32:13] <vvassilev> "i would configure postfix on the gateway as the mx[mta], and as the msa. "[19:32:45] <vvassilev> This was fairly straight forward.[19:33:18] <vvassilev> I am not sure how to test whether the change is okay and everything works at least as good as before :)[19:33:18] <lunaphyte> on your mx, you'll need to list all domains you receive mail for in relay_domains[19:33:32] <lunaphyte> you'll also need to list all valid recipients in relay_recipient_maps.[19:33:52] <lunaphyte> then, set relay_transport to point to the other postfix cserver[19:33:55] <lunaphyte> *server[19:34:15] <lunaphyte> oop - to the amavis server, rather[19:34:18] <lunaphyte> *oops[19:34:24] <lunaphyte> bah. fingers are too cold still[19:35:08] <vvassilev> :)[19:35:16] <vvassilev> so no relayhost =[19:35:20] <vvassilev> but relay_transport[19:35:21] <lunaphyte> correct[19:36:02] <vvassilev> relay_transport=mx...?[19:36:10] *** echan has quit IRC[19:36:11] <vvassilev> the internal_server[19:36:22] <lunaphyte> see man 5 postconf for documentation on relay_transport[19:36:34] <lunaphyte> it should point to amavis[19:36:56] <lunaphyte> then amavis should be configured to relay to dovecot[19:37:18] <lunaphyte> internet -> postfix -> amavis -> dovecot[19:38:13] <vvassilev> should I keep the relay host?[19:38:18] <lunaphyte> no[19:38:18] <vvassilev> relayhost[19:39:02] <vvassilev> ok[19:40:03] <lunaphyte> move pretty much all of your postfix settings from the amavis host to the mx[19:40:12] <lunaphyte> except smtps.[19:40:19] <lunaphyte> that is deprecated, and should not be used[19:41:00] <vvassilev> will do brb[19:41:03] <lunaphyte> get to the point where you have postfix just on the mx, and only amavisspamassasin on the other computer.[19:41:05] <lunaphyte> bbiab[20:03:25] *** moss_ has joined #postfix[20:03:38] *** moss is now known as m00s3[20:03:43] *** moss_ is now known as moss[20:05:14] *** m00s3 has quit IRC[20:07:51] *** c0de1 has joined #postfix[20:07:53] <c0de1> hi[20:08:05] <c0de1> anyone on?[20:11:14] <tharkun> No, everyone under[20:23:21] <rob0> I got over being under.[20:24:25] *** tonil has joined #postfix[20:24:25] *** tonil has joined #postfix[20:24:59] <thumbs> rob0: you're not under the weather any more?[20:25:32] <rob0> well, literally speaking, aren't we all?[20:25:46] <rob0> unless we're in orbit?[20:26:02] <thumbs> rob0: so you're over the weather?[20:27:13] <rob0> I'm in a surprisingly good mood. :)[20:27:28] <thumbs> rob0: can I get a lift?[20:34:43] <thumbs> no lift???[20:35:01] * rob0 tries to lift thumbs ...[20:35:20] <rob0> ... no, they're stuck to the spacebar[20:38:53] *** Fleurety has joined #postfix[20:41:58] *** Fleurety has quit IRC[20:44:51] *** Fleurety has joined #postfix[20:45:32] <c0de1> hi[20:55:57] *** lucascastro has joined #postfix[21:03:58] *** Haudegen has quit IRC[21:05:50] *** anigma has joined #postfix[21:06:34] <anigma> there shouldn't be no problem replacing mysql with mariadb when postfix is depended on mysql?[21:07:18] <rob0> I don't know. The queries are surely the same, but I don't know about the library linking.[21:07:41] <rcsu> mariadb is a fork of mysql as you know[21:07:54] <rcsu> so the linking is also the same[21:08:13] *** Fleurety_ has joined #postfix[21:08:21] <rcsu> the client libs also have the name libmysql[21:09:12] <rob0> Whether they have binary compatibility, I do not know.[21:09:30] *** Fleurety has quit IRC[21:10:06] <rob0> That might be a question for the mariadb people.[21:21:04] *** Fleurety_ has quit IRC[21:22:31] *** Haudegen has joined #postfix[21:28:07] *** Cybert1nus has quit IRC[21:32:11] *** Cybertinus has joined #postfix[21:36:45] *** lucascastro has quit IRC[21:42:49] *** Fleurety has joined #postfix[21:43:07] *** IronMike has joined #postfix[21:47:32] *** Fleurety has quit IRC[21:48:46] *** namyzarc has quit IRC[21:49:24] *** tmberg has quit IRC[21:53:45] *** lucascastro has joined #postfix[21:54:48] *** Yatekii has quit IRC[21:55:16] *** rsx has quit IRC[21:57:38] *** pti-jean_ has quit IRC[22:00:03] <c0de1> since moving my postfix/dovecot config over to a new server I'm getting "Helo command rejected: need fully qualified hostname" when sending using outlook[22:02:33] <c0de1> thunderbird on Linux works fine. main.cf: http://pastie.org/private/tr9nkpm0x3vtf6dwevplrg[22:03:26] <c0de1> master.cf: http://pastie.org/private/et7ignlcyolgwtlpibroua[22:03:59] <tharkun> !tell c0de1 welcome[22:04:00] <knoba> c0de1: "welcome" : Welcome to #postfix! If you're new here, or to IRC, first read the channel topic (/topic). It has important instructions on how to ask good questions. You will get more and better help if you follow those instructions. Good Luck![22:05:50] <c0de1> whoops. let me pastebin mail.log (mail.err is empty)[22:07:25] <c0de1> mail.log http://pastie.org/private/ldyqc4efoldsoq7wd2m1na[22:08:57] <c0de1> I'm concerned about "table lookup problem". but a google search only shows up info about mysql.. which I'm not using[22:10:05] <c0de1> I'm using the same config (with mailname and such modified) from my older server (no problems there). and again, I can send mail from thunderbird on linux with no problems[22:13:38] <rcsu> c0de1: does a 'postfix -m' show the mysql module ?[22:13:41] <rob0> Yes, Thunderbird is a better client.[22:13:50] <c0de1> rcsu, I'm not using mysql at all[22:13:52] <rob0> mysql is not the issue[22:14:02] <rcsu> k[22:14:19] <rob0> You should not apply any HELO-based restrictions to submission.[22:14:33] <vvassilev> lunaphyte: it seems that my gateway postfix refuses the connection from its worker relay server[22:14:48] *** IronMike has quit IRC[22:14:53] <rob0> Apparently you forgot to -o override restrictions for the submission smtpd.[22:15:32] <c0de1> rob0, submission inet?[22:16:23] <c0de1> I tried that earlier but still failed[22:16:45] <rob0> I did not look at all your pastes, so I don't know which restrictions you failed to override.[22:17:26] <c0de1> ah, well.. I added that again and It still fails with the same error[22:17:40] <rob0> A submission smtpd should basically have permit_sasl_authenticated,reject ONLY.[22:18:29] <rob0> Any other restrictions will cause problems.[22:20:19] <c0de1> -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject[22:21:45] <c0de1> the thing is, setting smtpd_helo_required = no and commenting out smtpd_helo_restrictions doesn't fix it either...[22:22:06] <rob0> Any other restrictions you are using should have overrides like your sample, " -o smtpd_helo_restrictions=".[22:27:15] <c0de1> anything I change relating to helo restrictions doesn't fix it at all[22:29:10] *** IronMike has joined #postfix[22:30:48] *** IronMike has quit IRC[22:31:07] *** IronMike has joined #postfix[22:34:12] <rob0> Which restrictions contain reject_non_fqdn_helo_hostname? (Or the deprecated older syntax, reject_non_fqdn_hostname)[22:34:32] <rob0> Any other restrictions you are using should have overrides like your sample, " -o smtpd_helo_restrictions=".[22:34:50] <c0de1> one second[22:35:27] <c0de1> what's the difference between smtpd_relay_restrictions, smtpd_recipient_restrictions and sender restrictions?[22:35:45] <rob0> !access[22:35:45] <knoba> rob0: "access" : http://www.postfix.org/SMTPD_ACCESS_README.html : An overview of access(5) controls in the Postfix smtpd(8) SMTP server.[22:36:34] <c0de1> ah, thanks[22:36:54] <c0de1> turns out I had reject_non_fqdn_hostname before permit_sasl_authenticated in relay restrictions[22:37:15] <rob0> oh, that sort of thing has no place in relay restrictions[22:38:06] <IronMike> Anyone had any issues with postfix successfully sending mail to a corporate mail server but having it not delivered internally? MX Toolbox claims all is fine with my server and the corporate email servers accept with a status 200[22:38:34] <rob0> You'd probably want to read your logs.[22:39:02] <IronMike> My logs say it was successfull accepted by the other server. There are no errors.[22:39:38] <rob0> oh. What then does "delivered internally" mean?[22:39:41] <IronMike> Was just curious if someone had any ideas what the issue could be. I think it must be some email filter between the corporate MTA and the MDA[22:40:31] *** tonil has quit IRC[22:41:57] <IronMike> Delivered internally means that the other email server accepted my email for delivery, but the intended recipient never received it and their internal staff claims it was never received[22:42:33] *** Yatekii has joined #postfix[22:44:54] *** Yatekii has quit IRC[22:47:17] <rob0> hmm. Sounds like maybe they lied, or maybe they don't know how to read their own logs.[22:47:55] <rob0> or possibly a spam-folder thing, and the recipient forgot to look?[22:48:25] <rob0> Anyway, this is not an issue with anything Postfix did.[22:49:41] <c0de1> do I even need to specify smtpd_relay_restrictions?[22:50:27] *** rcsu_ has joined #postfix[22:53:24] *** rcsu has quit IRC[22:55:26] <lunaphyte> !tell vvassilev getting_help[22:55:26] <knoba> vvassilev: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[22:55:35] <lunaphyte> prepare a pastebin with that detail[22:56:07] <vvassilev> lunaphyte: got it, it was as you mentioned before inet_interfaces=loopback-only :)[22:56:10] <IronMike> ok. thanks Rob[22:56:21] <lunaphyte> aha[23:03:25] *** shad0VV has quit IRC[23:09:26] *** shad0VV has joined #postfix[23:15:52] *** JanC_FOSDEM has joined #postfix[23:19:32] *** JanC_FOSDEM has quit IRC[23:21:24] *** JanC_FOSDEM has joined #postfix[23:27:58] *** JanC_FOSDEM has quit IRC[23:36:07] *** enoch has joined #postfix[23:36:09] <enoch> hi all[23:37:00] <enoch> i send email with php from my website, i set the "from" field but postfix always reports the web user www-data@...[23:37:04] <enoch> how to hide it?[23:46:45] *** enoch has quit IRC[23:46:50] <rob0> sendmail(1) expects a fully-formed RFC 5322 email message on stdin. There are also command line options for setting the envelopew senders.[23:46:53] <rob0> wow[23:52:13] *** enoch has joined #postfix[23:52:20] <rob0> sendmail(1) expects a fully-formed RFC 5322 email message on stdin. There are also command line options for setting the envelopew senders.[23:52:43] <rob0> oops, *envelope sender[23:57:33] *** tonythomas has quit IRC[23:58:07] *** IronMike has quit IRC