January 17, 2017 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 17, 2017 [00:05:33] *** MACscr <MACscr!~MACscr@c-73-9-230-5.hsd1.il.comcast.net> has quit IRC (Read error: No route to host)[00:06:13] *** sputnik <sputnik!kli0rf@unaffiliated/kli0rf> has quit IRC (Ping timeout: 258 seconds)[00:06:26] *** MACscr <MACscr!~MACscr@c-73-9-230-5.hsd1.il.comcast.net> has joined #postfix[00:08:40] *** sputnik <sputnik!kli0rf@unaffiliated/kli0rf> has joined #postfix[00:10:01] <lunaphyte> UncleKiwi: if you are using dovecot, then you should use the dovecot lda [via lmtp][00:11:43] <UncleKiwi> lunaphyte: what is the reason for that[00:12:16] <UncleKiwi> lunaphyte: I seem to have it working quote nice /etc/aliases i can direct where things go etc[00:12:33] <UncleKiwi> lunaphyte: I seem to have it working quite nice /etc/aliases i can direct where things go etc[00:21:46] <lunaphyte> there are numerous performance and operational benefits, all covered in the documentation[00:22:28] <lunaphyte> but - if you are using local(8), i suppose the argument could be made for not using the dovecot lda[00:22:44] <lunaphyte> to answer your question, yes - i would just use system accounts[00:22:58] <UncleKiwi> thanks its a very small install[00:23:23] <pj> yeah, I would agree[00:23:27] <pj> just use system accounts.[00:23:32] <lunaphyte> it's not more secure to not use "system" accounts[00:23:43] <lunaphyte> that is anti pattern logic[00:23:58] <pj> I think what he's worried about is giving the users shell access or something.[00:24:05] <lunaphyte> yes, of course.[00:24:05] <UncleKiwi> pj you are right[00:24:19] <lunaphyte> system accounts does not magically equal shell access :)[00:24:34] <lunaphyte> set up sshd to require a group, and set each user's shell properly[00:24:43] <UncleKiwi> lunaphyte i have a lot to learn[00:25:13] <pj> you can set some of them to the nologin shell[00:25:42] <UncleKiwi> well when i useradd the account is locked anyway right[00:25:55] <lunaphyte> the best advice i can give you is to remember that /etc/passwd is not special. you can do all the same things with it that you'd do with any other place you might store users. all it is is a "database" of users.[00:26:02] <UncleKiwi> unless i set a password on it[00:26:04] <lunaphyte> use group membership to control access[00:26:35] <UncleKiwi> lunaphyte: i did think it was special[00:27:03] <pj> unix hasn't stored passwords in /etc/passwd for decades.[00:28:01] <pj> it actually has a field for the password but it hasn't been used in as long as I can remember.[00:28:18] <UncleKiwi> i think i need to get some foundational knowledge[00:28:35] <UncleKiwi> can you please suggest to me how i can get that[00:29:13] <pj> postfix doesn't need the passwords.[00:29:38] <UncleKiwi> pj ok[00:30:36] <UncleKiwi> can you please give me an overview of this topic of system accounts and other accounts in the unix system[00:30:58] <pj> UncleKiwi: passwords are stored in /etc/shadow[00:31:10] <UncleKiwi> ok[00:31:45] <pj> the reason is that /etc/password is world readable and it was quickly discovered that giving users a list of passwords, even in hashed form, makes brute-force attacks trivial.[00:32:01] <pj> */etc/passwd[00:32:39] <UncleKiwi> ok[00:32:48] <pj> UncleKiwi: these are linux basics[00:32:54] <pj> you can ask about them in ##linux[00:33:02] <UncleKiwi> thanks pj[00:33:05] <tharkun> !unixlesson[00:33:05] <knoba> tharkun: Error: "unixlesson" is not a valid command.[00:33:14] <tharkun> !unixlessons[00:33:14] <knoba> tharkun: Error: "unixlessons" is not a valid command.[00:33:16] <tharkun> bahh[00:33:44] <tharkun> !unix lessons[00:33:44] <knoba> tharkun: "unix lessons" : (1) Don't change the permissions, (2) back up your data, (3) keep it simple, stupid, (4) read the fscking manual, (5) don't fsck with package management, (6) don't type anything you don't understand, (7) always have a boot floppy or CD, (8) read your log files, (9) the FIRST error is the one that counts, (10) don't leave your root shell until you TEST your changes, (11) don't be root when you don't have to be[00:33:44] <UncleKiwi> got to start somewhere[00:34:01] <pj> !unix lessons[00:34:02] <knoba> pj: "unix lessons" : (1) Don't change the permissions, (2) back up your data, (3) keep it simple, stupid, (4) read the fscking manual, (5) don't fsck with package management, (6) don't type anything you don't understand, (7) always have a boot floppy or CD, (8) read your log files, (9) the FIRST error is the one that counts, (10) don't leave your root shell until you TEST your changes, (11) don't be root when you don't have to be[00:34:20] <pj> !unixbasics[00:34:20] <knoba> pj: "unixbasics" : /topic refers to 'know your unix basics' as a prerequisite for using this channel. This may be defined as knowing how to open/edit/save a text file using a command line editor and other basic file handling tasks. Further, you must be able to control your servers services from the command line and have a working understanding of TCP/IP networking and relevant DNS.[00:35:05] <lunaphyte> floppy :)[00:35:16] <pj> hah, that factoid is showing its age[00:35:35] <tharkun> Ok, it is indeed old but it still holds a lot of truth ;P[00:35:52] <UncleKiwi> hehe it's the user access control I need to learn and understand[01:03:53] <UncleKiwi> i want to sign outgoing messages using DKIM signatures - and i have multi domains this is all done with postfix right[01:07:20] <tharkun> DKIM is signed using a lot of other stuff but not postfix. opendkim and amavis will do that for you using the milter protocol.[01:07:44] <tharkun> multi domains?[01:09:28] <pj> !opendkim[01:09:28] <knoba> pj: "opendkim" : A commonly used milter for dkim signing your messages based on Sendmail's dkim-milter. See http://www.opendkim.org/[01:18:49] <UncleKiwi> my objective is to build an email system for some clients - it will be pop3s only[01:19:35] <UncleKiwi> and smtps[01:20:21] <UncleKiwi> its comming togeather slowly[01:20:29] <thumbs> UncleKiwi: holy, why?[01:20:57] <thumbs> UncleKiwi: use IMAP (with starttls) and don't use smtps - use submission instead.[01:25:52] <UncleKiwi> thumbs: with pop3s i dont need to be responsible for the users data on the server[01:26:05] <thumbs> UncleKiwi: bollocks[01:26:07] <UncleKiwi> <toothe> they can download it and then its not my problem[01:26:26] <lunaphyte> that[01:26:29] <lunaphyte> oops[01:26:36] <lunaphyte> that's nonsense[01:26:44] <UncleKiwi> ok[01:26:47] <UncleKiwi> tell me more[01:26:54] <thumbs> what the heck do you think thunderbird does when it reads a message using IMAP?[01:27:11] <thumbs> disconnect your ethernet, and see if you can still read the message.[01:28:13] <UncleKiwi> thumbs: ok but if something goes wrong with the maildir on my server will all the clients be stuffed if i did not have a backup[01:28:27] <thumbs> now, tell me if "the server is still responsible for the message"[01:29:44] <UncleKiwi> thumbs: my understanding of imap is that it keeps a local cached copy of the mailbox on the server[01:30:30] <UncleKiwi> thumbs: if something gets messed up on the server side could it not erase their local copy when they sync[01:30:53] <UncleKiwi> thumbs: i dont have much experience with imap[01:31:37] <UncleKiwi> i recall checking the same mailbox with pop and imap clients and really making a mess of things[01:32:02] *** mcfate <mcfate!~textual@174-134-145-16.res.bhn.net> has quit IRC (Remote host closed the connection)[01:32:55] <UncleKiwi> i know what ever i do I want it to be very very simple[01:33:02] <UncleKiwi> to start with[01:33:29] *** tinjaw <tinjaw!~tinjaw@wsip-72-214-252-28.sb.sd.cox.net> has joined #postfix[01:34:49] *** mcfate <mcfate!~textual@174-134-145-16.res.bhn.net> has joined #postfix[01:35:03] <UncleKiwi> clients that use smart devices eg an iphone to check and imap mailbox - will that eventually fill the devices local storage[01:35:24] *** JanC_ <JanC_!~janc@lugwv/member/JanC> has joined #postfix[01:35:31] <UncleKiwi> and i know you can get it to sync only the last 2 weeks for example[01:35:52] <UncleKiwi> but often searching for emails out of that range is a common thing[01:36:32] <UncleKiwi> do the searches only search local storage or do they go back to the server and query the entire mailbox[01:36:39] *** JanC is now known as Guest21246[01:36:39] *** Guest21246 <Guest21246!~janc@lugwv/member/JanC> has quit IRC (Killed (adams.freenode.net (Nickname regained by services)))[01:36:39] *** JanC_ is now known as JanC[01:38:52] <UncleKiwi> i know this is out of the scope of the channel - if someone wants to pm me and help me out I would appreciate that[01:43:10] <pj> UncleKiwi: I have news for you, pop3 can keep messages on the server as well[01:43:59] <UncleKiwi> pj really, you mean where it never downloads the messages locally[01:44:04] <pj> anyways, if you're going to provide email service then why start out keeping people in the dark ages? Disk space is cheap.[01:44:21] <pj> UncleKiwi: the main difference between IMAP and POP3 is IMAP has support for folders.[01:44:30] <UncleKiwi> pj i know it can be instructed by the email client to leave messages ont he server[01:45:55] <UncleKiwi> pj my understanding is that pop3 always downloads the messages locally[01:46:15] <UncleKiwi> pj but can leave a copy on the server[01:46:23] <pj> generally, yes.[01:47:30] <UncleKiwi> interesting thing - i have two test mail accounts on my android they are pop[01:47:52] <UncleKiwi> and i erased the mailboxes on the server[01:47:54] <pj> likely only because you configured them taht way.[01:47:57] <UncleKiwi> and recreated them[01:48:14] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has joined #postfix[01:48:16] <UncleKiwi> when i send and recieved the inboxes were empty[01:48:25] <UncleKiwi> i found that interesting[01:48:27] * pj nods[01:48:32] <thumbs> UncleKiwi: send and received? Is this lookout?[01:49:03] <pj> because they are purposefully leaving the mail on the server, probably to save on local storage on the android.[01:49:53] <UncleKiwi> pj yes interesting ... ofcourse android has very little storage generally[01:49:55] <pj> so just because it's POP3 does not mean that the client will store the messages locally, and just because it's IMAP doesn't mean it won't.[01:50:12] <pj> both are capable of working either way.[01:59:02] <UncleKiwi> ok thanks[01:59:45] <UncleKiwi> everyone seems to really dislike it when i talk about using pop3[01:59:52] <UncleKiwi> they talk about the 90's etc[02:00:03] <UncleKiwi> so maybe i should not allow it ?[02:00:09] <UncleKiwi> just use imap[02:10:47] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Remote host closed the connection)[02:11:21] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[02:11:43] <pj> POP3 can still be useful. Google's fetch feature only works with POP3, for example.[02:11:50] <tharkun> UncleKiwi: pop3 has its good things and its bad things. It is a matter of choice like everything else in life. I use it for some servers and I use imap for others. Just get to know the capabilities of each one and make up your mind to it.[02:13:03] <UncleKiwi> ok[02:16:10] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[02:24:20] *** JanC <JanC!~janc@lugwv/member/JanC> has quit IRC (Ping timeout: 252 seconds)[02:25:57] *** JanC <JanC!~janc@lugwv/member/JanC> has joined #postfix[02:33:20] *** freepe <freepe!~quassel@186.19.14.37.dynamic.jazztel.es> has quit IRC (Ping timeout: 260 seconds)[02:35:20] *** Aprogas <Aprogas!aprogas@enki.aprogas.net> has quit IRC (Ping timeout: 258 seconds)[02:40:58] *** freepe <freepe!~quassel@186.19.14.37.dynamic.jazztel.es> has joined #postfix[03:17:10] *** caitnop <caitnop!~py@ool-1826eaa1.dyn.optonline.net> has quit IRC (Ping timeout: 240 seconds)[03:31:38] *** Laibsch <Laibsch!~Laibsch@112.198.83.76> has joined #postfix[03:33:40] *** caitnop <caitnop!~py@ool-1826eaa1.dyn.optonline.net> has joined #postfix[03:52:02] *** Laibsch <Laibsch!~Laibsch@112.198.83.76> has quit IRC (Read error: Connection reset by peer)[04:03:58] *** caitnop <caitnop!~py@ool-1826eaa1.dyn.optonline.net> has quit IRC (Ping timeout: 245 seconds)[04:08:57] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has quit IRC (Quit: Konversation terminated!)[04:11:27] *** Laibsch <Laibsch!~Laibsch@112.198.83.76> has joined #postfix[04:28:33] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has quit IRC (Ping timeout: 245 seconds)[04:29:22] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has joined #postfix[04:35:50] *** baggykiin <baggykiin!baggykiin@hubble.jgeluk.net> has quit IRC (Ping timeout: 240 seconds)[04:36:25] *** Freeaqingme <Freeaqingme!~quassel@nl3.s.kynet.eu> has quit IRC (Ping timeout: 260 seconds)[05:11:07] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[05:15:12] *** namyzarc <namyzarc!~namyzarc@2601:989:4202:cde1:3552:33f1:613a:441d> has quit IRC (Quit: Leaving)[05:15:49] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[05:45:42] *** bolt <bolt!r00t@unaffiliated/bolt> has quit IRC (Remote host closed the connection)[05:47:31] *** bolt <bolt!r00t@unaffiliated/bolt> has joined #postfix[06:00:01] *** muh2000 <muh2000!~quassel@prx2.ernw.net> has joined #postfix[06:07:38] *** Laibsch <Laibsch!~Laibsch@112.198.83.76> has quit IRC (Ping timeout: 252 seconds)[06:08:36] *** muh2000 <muh2000!~quassel@prx2.ernw.net> has quit IRC (Ping timeout: 240 seconds)[06:12:08] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[06:14:33] *** podkilla <podkilla!~pod@81.14.212.78> has quit IRC (Quit: goodbye)[06:16:34] *** podkilla <podkilla!~pod@mail.darkmail.nz> has joined #postfix[06:17:01] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[07:10:34] *** Laibsch <Laibsch!~Laibsch@112.198.70.60> has joined #postfix[07:12:56] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[07:17:39] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[07:30:04] *** xberg <xberg!~xberg@195.214.130.74> has joined #postfix[07:30:04] *** xberg <xberg!~xberg@195.214.130.74> has quit IRC (Remote host closed the connection)[07:36:55] *** nwe <nwe!~nwe@sigwait.se> has joined #postfix[07:46:04] *** muh2000 <muh2000!~quassel@prx2.ernw.net> has joined #postfix[08:13:42] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[08:18:17] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[08:30:10] *** w6equj5 <w6equj5!~tan@121-75-0-47.dyn.vf.net.nz> has joined #postfix[08:32:18] <w6equj5> Hi all, I'm trying to send emails with the PHP mail() function through Postfix on localhost, but mail don't get sent. Here is my Postfix log: http://pastebin.com/rHCMWjq1. Not sure how to read that. Can someone help me troubleshoot this?[08:34:05] *** parasite_ <parasite_!~parasite@mar75-4-82-230-46-11.fbx.proxad.net> has joined #postfix[08:48:40] *** Phoenixz <Phoenixz!~quassel@187-163-219-201.static.axtel.net> has quit IRC (Remote host closed the connection)[09:10:03] *** mcfate <mcfate!~textual@174-134-145-16.res.bhn.net> has quit IRC (Quit: My MacBook has gone to sleep. ZZZzzz…)[09:21:19] <nate> w6equj5: You're tripping googles spam filters, which is kinda common when sending unauthenticated mail straight from mail()[09:21:27] <nate> you generally want to send mail via SMTP using something like phpmailer[09:22:26] *** Freeaqingme_ <Freeaqingme_!~quassel@nl3.s.kynet.eu> has joined #postfix[09:23:32] <joules> lol no[09:24:08] *** hyperized <hyperized!~hyperized@unaffiliated/hyperized> has joined #postfix[09:24:50] <joules> w6equj5: you need to work on increasing the accountability and reputation of your mail service.[09:27:48] <joules> I can think of 5 keywords to spam knoba with.[09:29:58] <w6equj5> joules, nate, OK thanks I'm gonna use PHPMailer so that I can use an external SMTP server. Seems easier.[09:31:43] <joules> phpmailer is an MUA[09:31:53] <joules> *a[09:32:57] <joules> !mta[09:32:57] <knoba> joules: "mta" : Mail Transfer Agent: software that facilitates the transfer of mail messages between hosts[09:33:02] <joules> !mua[09:33:02] <knoba> joules: "mua" : Mail User Agent: software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution and Thunderbird[09:33:20] <joules> phpmailer is a MUA![09:33:21] <joules> ffs[09:34:21] <joules> a mta client?[09:34:41] <nate> ... joules you probably shouldn't be telling people to stay away from stuff when you don't even know what it is[09:34:50] <nate> PMA is what people use to send mail over SMTP -from- PHP[09:35:00] <joules> lol[09:35:02] <nate> Not the only option, but one of the most common/popular mailing libs[09:35:23] <joules> !pma[09:35:24] <knoba> joules: Error: "pma" is not a valid command.[09:35:26] <joules> lol[09:35:30] <nate> roundcube would be an example more of an MUA in PHP, because it's a webmailbox software[09:35:32] <nate> er[09:35:33] <nate> not PMA[09:35:34] <nate> phpmailer[09:35:35] <nate> sorry[09:35:41] * nate was just helping someone with phpmyadmin lol[09:35:55] <joules> I know what phpmailer is[09:36:46] <joules> I also have telnet[09:36:57] <nate> Well your questioning to the bot seemed like you were confused as to what it was. Point is, a lot of providers and common spam filters look for signs if unauthenticated mail(), especially mail that has the PHP user-agent in it (which by default mail() will add)[09:37:06] <nate> *signs of[09:37:09] *** Laibsch <Laibsch!~Laibsch@112.198.70.60> has quit IRC (Quit: Leaving.)[09:37:35] <joules> lol I've had x-mailer reject regexp for phpmailer before :)[09:38:16] * w6equj5 grabs popcorn[09:38:26] <joules> like one is forced to be honest about what they put in X-Mailer[09:38:38] <survietamine> I don't get what you mean with roundcube is more than a MUA[09:38:49] <survietamine> it's a webmail, and a webmail is a MUA[09:38:51] <nate> joules: I never said phpmailer magically gets around every spamfilter, obviously the content of the email is going to matter as well, but base unauthenticated mail() out's from PHP are near fundamentally treated suspicious due to the common use of it for spam on compromised stuff[09:38:57] <nate> survietamine: who said it was "more THAN a"?[09:39:04] <survietamine> you[09:39:10] <joules> nate: I think you are confused. PHPMailer just sends mail.[09:39:10] <nate> You should re-read my line[09:39:16] <nate> joules: ... which I said?[09:39:29] <survietamine> < nate> roundcube would be an example more of an MUA in PHP, because it's a webmailbox software[09:39:32] <survietamine> this is your line[09:39:39] <survietamine> ah[09:39:48] <survietamine> you mean "one more example"?[09:40:11] <survietamine> so, it's a long phrase to just say it's a MUA[09:40:13] <nate> survietamine: Yes, that is my line, nowhere of which than was stated, and yes, sorta, I was saying more of an example in that it sounded like joules was implying phpmailer was an MUA[09:40:14] <nate> :P[09:40:39] <joules> look i don't use or have phpmailer (i'm a python fanboi) but yeh as long as the *MTA* with some cred accepts your client creds to relay.[09:41:07] <joules> ok it's 0.5 a MUA[09:41:08] <survietamine> non, phpmailer like pear mail::factory is just some class/framework in PHP that do more than mail() function[09:41:12] <joules> i don't give a shit[09:41:19] <survietamine> it's just to send mail like a nullclient does[09:41:25] <joules> ^[09:42:02] <nate> survietamine: It's largely designed to make it easier to do SMTP authentication to send outbound on, which is what I was trying to tell w6equj5 to do[09:42:14] <joules> but you can outbound with telnet.[09:42:15] <nate> joules: Most people doing PHP and mail() are not configuring the local MTA to do it over SMTP[09:42:30] <survietamine> it's an option, yes, it's better than mail() basic function[09:43:15] <survietamine> if he doesn't want those phpmailer or mail::factory or equivalent, at least configuring a !nullclient[09:43:21] <nate> survietamine: And more likely to help avoid getting spam trapped by basic filters for being a plain unauthenticated PHP-sent mail, which is what I had tried to put emphasis on several times[09:43:27] <nate> I don't think he said at any point he didn't want it[09:43:39] <nate> joules just sorta walked in the room, threw over the table and did his own thing for some reason[09:43:40] <nate> lol[09:43:58] <nate> which confused the whole situation :P[09:44:02] <joules> no.[09:44:02] <survietamine> yeah, he didn't say much things anyway[09:44:19] <nate> that's cause he grabbed popcorn to watch us[09:44:20] <nate> lol[09:44:22] <survietamine> yeah, joules did kilo-joules[09:44:23] <survietamine> lol[09:44:26] <joules> the point is PHPMailer out of scope.[09:45:05] <nate> joules: In relation to postfix, sure, in relation to him using PHP, not really.[09:45:17] <joules> any MUA without some library of code of whatever the server sees the same client authenticated OR other credentials to allow relaying mail OR not.[09:45:25] <joules> how is this hard to grasp.[09:46:02] <nate> w6equj5: TL;DR of it is, set up an SMTP account somewhere, use phpmailer to easily send through it, voila, should -largely- be okay as long as your email content doesn't trip other spam triggers. Also next time perhaps ask in ##php instead since we're "out of scope" in here[09:46:38] <joules> nate: it won't be voila he will get blocked without the proper credentials including !rdns !dkim etc etc.[09:46:59] <joules> so he might as well setup phpmailer to use gmail.[09:47:20] <w6equj5> nate, well thanks I'm trying phpmailer now. I don't have very high requirements so it should be sufficient to me.[09:47:24] <nate> thus my statement of 'somewhere', not neccessarily locally[09:47:32] <nate> w6equj5: yeah it's pretty straight forward[09:47:50] <joules> my servers do not get blocked by any large major mail relay service and client user agent provider.[09:48:36] <nate> That's good for you...? Neither do mine, but neither of us are w6equj5, so[09:48:44] <joules> omg[09:48:54] <survietamine> "client user agent provider" ?[09:49:00] <survietamine> what's that?[09:49:11] <joules> phpmailer is out of scope if he wants advice to getting postfix running to it increases cred so it doesn't get blocked by AOL then fine[09:49:14] * joules trolled a little.[09:49:30] <joules> survietamine: gmail[09:49:30] <nate> I think you've trolled far more than just a little at this point[09:49:34] <joules> survietamine: AOL[09:49:36] <joules> ;d[09:49:38] <survietamine> why do you want him to keep with postfix?[09:49:56] * joules double checks the channel.[09:50:02] <survietamine> he doesn't need a fully features MTA to send mails from his PHP scripts[09:50:06] <nate> survietamine: my guess is he's a heavy duty python fan guy and he's offended that the guy is using PHP[09:50:07] <nate> lol[09:50:08] <joules> If I'm a troll then you guys are doubling down hard.[09:50:28] <survietamine> even with python or perl, you have some mail classes/libs[09:50:30] <joules> nate: now you're being irrational. Imentioned telnet.[09:50:54] <joules> so how does postfix or any other MTA care about that?[09:51:20] * nate just leaves joules to his own ideals since they seem to be off on their own lol[09:51:35] <survietamine> anyway, I don't get what you mean with gmail or aol. I'm returning to my job[09:51:53] <joules> ok amateurs.[09:52:48] <joules> either 1) Set up a MTA like postfix with enough cred so it's relayed mail doesn't get spammed folder or 2) Use a third party provider.[09:53:04] <joules> who cares if it's phpmailer or telnet.[09:53:11] <joules> like i said out of scope.[09:53:53] <survietamine> and what is "enough cred"?[09:54:05] <joules> !rdns[09:54:05] <knoba> joules: "rdns" : A reverse lookup is often referred to as reverse resolving, or more specifically reverse DNS lookup, and is accomplished using the in-addr.arpa domain in the form of a PTR record. See the !ptr factoid as well as http://en.wikipedia.org/wiki/RDNS[09:54:08] <joules> !dkim[09:54:08] <knoba> joules: "dkim" : DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. this is typically implemented in postfix by means of a milter such as !opendkim. alternatively, existing content filters (e.g. !amavisd-new) may also have their own implementation mechanism.[09:54:12] <survietamine> even "it's relayed mail..." not clear to me[09:54:40] <survietamine> so, in your language credentials = dkim and rdns[09:54:42] <nate> survietamine: I think he's otherwise trying to imply that w6equj5 should configure his local postfix to be a full blown SMTP server[09:54:42] <survietamine> weird[09:55:00] <nate> and to default it to send out on a default SMTP account[09:55:00] <joules> ok stay in the gmail spam folder.[09:55:26] <nate> And making really stupid comments like that with 0 foundation to try and bully his suggestion onto w6equj5[09:55:30] <nate> lol[09:55:31] <joules> !tls[09:55:31] <knoba> joules: "tls" : Transport Layer Security (RFC2246). Previously known as SSL, TLS adds a layer of encryption to protocols such as SMTP, submission, IMAP or POP3 to improve security during transmission over the Internet. TLS is implemented using the STARTTLS method, while the non-standard wrapper style of implementation is deprecated at this point. See http://www.postfix.org/TLS_README.html for more info.[09:55:41] <joules> nate: you are out of your league.[09:55:46] <joules> and now looking stupid.[09:55:50] <nate> If you say so[09:56:03] <joules> then you must be drunk.[09:56:08] <nate> Though I must be honest, your opinion is hardly one that maters to me, so[09:58:09] <survietamine> imho, just /ignore him[09:58:18] <survietamine> will save us some time[09:59:38] <joules> SKY IS FALLING![09:59:47] <joules> /ignore *!*@*[10:00:25] <joules> ALIEN ATTACK![10:00:27] <joules> /ignore *!*@*[10:03:03] <joules> https://developers.google.com/gmail/oauth_overview[10:03:06] <joules> I like to help[10:04:17] <joules> w6equj5: The outgoing SMTP server, smtp.gmail.com, requires TLS. Use port 465, or port 587 if your client begins with plain text before issuing the STARTTLS command.[10:04:57] <joules> so setup phpmailer with the proper client credentials and google shouldn't have a problem.[10:08:02] <w6equj5> joules, nate, All good I'm using PHPMailer now and it's working the way it should. So for the record I really don't need a proper SMTP server on my computer, I just need an email to be sent every night with some data. Gmail's SMTP is largely enough for what I want.[10:10:42] <joules> yep[10:15:01] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[10:16:27] <survietamine> w6equj5: great to know that you did what some brilliant brain stated as "out of scope" and it's ok[10:17:17] <joules> I'm not brilliant[10:20:07] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[10:26:02] *** w6equj5 <w6equj5!~tan@121-75-0-47.dyn.vf.net.nz> has quit IRC (Ping timeout: 258 seconds)[10:32:48] *** w6equj5 <w6equj5!~tan@121-75-0-47.dyn.vf.net.nz> has joined #postfix[10:34:35] *** shaytan <shaytan!~shaytan@c-83-233-76-171.cust.bredband2.com> has quit IRC (Ping timeout: 240 seconds)[10:43:34] *** shaytan <shaytan!~shaytan@c-83-233-76-171.cust.bredband2.com> has joined #postfix[10:50:48] *** Laibsch <Laibsch!~Laibsch@112.198.70.60> has joined #postfix[10:58:16] *** markus_e92 <markus_e92!~markus_e9@91-115-158-150.adsl.highway.telekom.at> has quit IRC (Ping timeout: 255 seconds)[10:59:54] *** markus_e92 <markus_e92!~markus_e9@62-46-101-15.adsl.highway.telekom.at> has joined #postfix[11:00:39] *** w6equj5 <w6equj5!~tan@121-75-0-47.dyn.vf.net.nz> has quit IRC (Quit: Leaving)[11:16:27] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[11:20:45] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[11:21:38] *** Hercules <Hercules!Hercules@unaffiliated/genkei> has joined #postfix[11:25:46] *** Aprogas <Aprogas!aprogas@enki.aprogas.net> has joined #postfix[11:32:56] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has joined #postfix[11:32:56] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has quit IRC (Changing host)[11:32:56] *** sarri <sarri!~sari@unaffiliated/sarri> has joined #postfix[11:34:29] *** sarri <sarri!~sari@unaffiliated/sarri> has quit IRC (Read error: Connection reset by peer)[11:35:50] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has joined #postfix[11:35:50] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has quit IRC (Changing host)[11:35:50] *** sarri <sarri!~sari@unaffiliated/sarri> has joined #postfix[11:42:26] *** sarri <sarri!~sari@unaffiliated/sarri> has quit IRC (Read error: Connection reset by peer)[11:46:17] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has joined #postfix[11:46:17] *** sarri <sarri!~sari@p50995cae.dip0.t-ipconnect.de> has quit IRC (Changing host)[11:46:17] *** sarri <sarri!~sari@unaffiliated/sarri> has joined #postfix[11:59:51] *** Hercules <Hercules!Hercules@unaffiliated/genkei> has quit IRC (Quit: Leaving)[12:13:35] *** Section1 <Section1!~section1@190.195.71.40> has joined #postfix[12:14:10] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has quit IRC (Ping timeout: 240 seconds)[12:17:01] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[12:17:14] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has joined #postfix[12:21:23] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[12:25:29] *** Aprogas <Aprogas!aprogas@enki.aprogas.net> has quit IRC (Quit: hardware issues)[12:40:59] *** pti-jean_ <pti-jean_!~quassel@7.41.124.78.rev.sfr.net> has joined #postfix[12:53:00] *** Laibsch <Laibsch!~Laibsch@112.198.70.60> has quit IRC (Read error: Connection reset by peer)[12:54:27] *** nwe <nwe!~nwe@sigwait.se> has left #postfix[13:04:44] <anexit> Can someone point me to the manual where I can limit incoming connections? For example, if I have someone that sends five emails in 60 seconds I would like to delay them for five hours.[13:08:49] *** tinjaw_ <tinjaw_!~tinjaw@142.54.179.35> has joined #postfix[13:08:51] <bobkare> I've used postfwd for something along those lines. Not sure how you'd do that exact thing but limiting each IP or authenticated user to N mails per hour or day is fairly simple: id=AUTH_USER_RL_HOUR; sasl_username=~/.+/; action=rate(sasl_username/25/3600/DEFER Rate limit exceeded)[13:09:05] *** tinjaw <tinjaw!~tinjaw@wsip-72-214-252-28.sb.sd.cox.net> has quit IRC (Ping timeout: 240 seconds)[13:09:05] *** tinjaw_ is now known as tinjaw[13:13:39] <anexit> Well, I believe postfix has a rate limit somewhere built in[13:17:50] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[13:18:04] <anexit> here we go: https://grox.net/doc/postfix/html/rate.html[13:20:49] *** UncleKiwi <UncleKiwi!~UncleKiwi@unaffiliated/unclekiwi> has quit IRC (Read error: Connection reset by peer)[13:22:35] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[13:30:51] *** mactimes_ is now known as mactimes[13:34:36] *** NwS <NwS!~NwS@unaffiliated/nws> has joined #postfix[13:40:38] *** golden_receiver_ <golden_receiver_!~andry@b2b-78-94-14-194.unitymedia.biz> has joined #postfix[13:40:47] *** golden_receiver <golden_receiver!~andry@unaffiliated/golden-receiver/x-4949035> has quit IRC (Disconnected by services)[13:42:36] *** systeem <systeem!~systeem@2001:bc8:24e8:800:a:27ba:0:c9f1> has quit IRC (Ping timeout: 240 seconds)[13:57:12] *** sphenxes01 <sphenxes01!~sphenxes@194-118-227-8.hdsl.highway.telekom.at> has joined #postfix[14:01:11] *** sphenxes02 <sphenxes02!~sphenxes@194-118-227-8.hdsl.highway.telekom.at> has quit IRC (Ping timeout: 252 seconds)[14:03:30] *** mactimes <mactimes!~mactimes@unaffiliated/mactimes> has quit IRC (Read error: Connection reset by peer)[14:05:36] *** BoomerBile <BoomerBile!~MetaPhaze@96-42-197-150.dhcp.roch.mn.charter.com> has joined #postfix[14:08:40] <kingkong-> which one is better ? starttls or ssl/tls? with check or without check ?[14:09:12] *** _val_ <_val_!~val@freebsd/user/val> has joined #postfix[14:09:15] <lunaphyte> starttls is better[14:09:20] <lunaphyte> with check is better[14:12:42] <kingkong-> thanks. ok i connected my mail server via starttls but check is failed. it uses plain. does it secure how can i enable check? port number makes any difference? its under 1024.[14:12:59] <lunaphyte> the port number is to be 587[14:15:23] <kingkong-> 587 for starttls with check ?[14:15:31] <lunaphyte> correct[14:16:25] <_val_> Hello. I've a weird issue. One of our users complains that the email has arrived 4 days later than it was meant to. The email header proves that: http://sprunge.us/SNLb The logs of the mailserver tell me: Jan 17 10:23:09 mailserver1 postgrey[1165]: action=pass, reason=triplet found, client_name=relay1.adi-mps.com, client_address=107.21.37.86, sender=abcdefg at iop dot org, recipient=user1 at domain dot tld # is the relay1.adi-mps.com server that caused the delay?[14:16:34] <kingkong-> ok. when i choose starttls with check, app choices 143 as port. i will change it with 587. maybe it will connect then.[14:16:59] <lunaphyte> kingkong: retrieving mail and sending mail are two completely different things[14:17:12] <lunaphyte> retrieving mail uses port 143. sending mail uses port 587[14:17:25] *** mactimes <mactimes!~mactimes@unaffiliated/mactimes> has joined #postfix[14:18:41] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[14:18:48] <lunaphyte> _val_: your mailserver accepted the message at Tue, 17 Jan 2017 10:23:08 +0100 (CET)[14:19:18] <lunaphyte> you'll need to look further back in your logs if you wish to see if delivery was attempted prior to that[14:19:32] <lunaphyte> it would seem likely, since you're using greylisting [which is a bad idea][14:23:14] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 256 seconds)[14:23:34] <kingkong-> lunaphyte: ok i understood. which is better; Automatic, plain, login, cram_md5? i dont think my server uses cram_md5 though.[14:23:59] <lunaphyte> plain[14:24:05] <kingkong-> i think i use plain. is it secure ?[14:24:13] <lunaphyte> as long as encryption is required, yes[14:24:17] <kingkong-> since starttls secures it[14:24:27] <kingkong-> yes thanks you[14:24:53] <_val_> lunaphyte: greylisting a bad idea? Why is this discouraged?[14:25:24] <lunaphyte> kingkong: encryption [e.g. starttls] *must* be required, otherwise you are at risk[14:26:27] <lunaphyte> _val_: it should only be used if it's determined that a comprehensive postscreen configuration is inadequate [hint: it won't be][14:26:53] <thumbs> postscreen is a subtle form of greylisting too, but far more efficient[14:27:36] <lunaphyte> specifically including mechanisms to better deal with exactly the sort of thing you're asking about[14:30:55] *** mcfate <mcfate!~textual@174-134-145-16.res.bhn.net> has joined #postfix[14:33:24] *** synthroid <synthroid!~synthroid@50.202.5.122> has joined #postfix[14:33:31] <_val_> lunaphyte: the thing is, I've gone back in the logs and I see: http://sprunge.us/dEDN[14:37:48] *** JanC_ <JanC_!~janc@lugwv/member/JanC> has joined #postfix[14:39:03] *** JanC <JanC!~janc@lugwv/member/JanC> has quit IRC (Killed (barjavel.freenode.net (Nickname regained by services)))[14:39:03] *** JanC_ is now known as JanC[14:39:34] *** synthroi_ <synthroi_!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has joined #postfix[14:40:38] <kingkong-> lunaphyte: how can i check and be sure about starttls ?[14:41:22] <lunaphyte> _val_: rejecting based on helo value is also probably not a good idea[14:41:31] <lunaphyte> kingkong-: inspect your config[14:41:40] *** synthroid <synthroid!~synthroid@50.202.5.122> has quit IRC (Ping timeout: 240 seconds)[14:49:25] <kingkong-> lunaphyte: postconf -n ?[14:50:02] <_val_> lunaphyte: but the mail was accepted today. Why?[14:50:02] <thumbs> _val_: you seem to have made all the wrong decisions[14:50:04] <kingkong-> ssl/tls with check cert is better than starttls without check ?[14:51:10] <_val_> thumbs: hmm... I might have done so yes. This was during a migration so I copied almost everything, including bad configurations I'm afraid[14:51:51] <lunaphyte> !tell kingkong- showconfig[14:51:51] <knoba> kingkong-: "showconfig" : when asked to provide your config, please provide a SINGLE pastebin with postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[14:51:55] <thumbs> _val_: ditching greylisting and EHLO checks should be the fist step. Then configure postscreen[14:52:34] <lunaphyte> _val_: probably due to your restriction ordering, but who knows. we're not telepathic. see the !showconfig factoid i just shared with kingkong[14:53:29] *** guampa <guampa!~guampa@unaffiliated/guampa> has joined #postfix[14:55:36] <_val_> Ok guys. Thanks for the input. I'm going to reconsider the configuration.[15:04:01] *** Aprogas <Aprogas!aprogas@enki.aprogas.net> has joined #postfix[15:07:54] <kingkong-> lunaphyte: http://paste.debian.net/hidden/7fed05e0/[15:19:22] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[15:24:16] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has quit IRC (Ping timeout: 255 seconds)[15:30:18] *** sphenxes02 <sphenxes02!~sphenxes@194-118-227-8.hdsl.highway.telekom.at> has joined #postfix[15:33:10] *** sphenxes01 <sphenxes01!~sphenxes@194-118-227-8.hdsl.highway.telekom.at> has quit IRC (Ping timeout: 240 seconds)[15:35:14] *** zorg1 <zorg1!~zorg1@LNeuilly-656-1-74-35.w92-154.abo.wanadoo.fr> has quit IRC (Remote host closed the connection)[15:51:29] *** zorg1 <zorg1!~zorg1@LNeuilly-656-1-74-35.w92-154.abo.wanadoo.fr> has joined #postfix[16:09:15] *** Xentil <Xentil!~quassel@ip-46-21-210-22.nette.pl> has joined #postfix[16:11:24] *** Oclairi <Oclairi!~Oclair@178-191-54-246.adsl.highway.telekom.at> has joined #postfix[16:12:10] *** Oclair <Oclair!~Oclair@88-117-79-13.adsl.highway.telekom.at> has quit IRC (Ping timeout: 240 seconds)[16:15:56] *** muh2000 <muh2000!~quassel@prx2.ernw.net> has quit IRC (Remote host closed the connection)[16:26:57] *** dka <dka!~dka@118.69.28.15> has quit IRC (Ping timeout: 240 seconds)[16:28:15] *** dka <dka!~dka@118.69.28.15> has joined #postfix[16:39:43] *** tinjaw <tinjaw!~tinjaw@142.54.179.35> has quit IRC (Quit: tinjaw)[16:44:35] *** dka <dka!~dka@118.69.28.15> has quit IRC (Ping timeout: 240 seconds)[16:48:55] *** golden_receiver_ <golden_receiver_!~andry@b2b-78-94-14-194.unitymedia.biz> has quit IRC (Read error: Connection reset by peer)[16:51:58] *** dka <dka!~dka@118.69.28.15> has joined #postfix[17:05:24] *** fatdragon <fatdragon!~fatdragon@cpe-107-184-105-188.socal.res.rr.com> has joined #postfix[17:07:21] *** synthroi_ <synthroi_!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has quit IRC (Remote host closed the connection)[17:17:14] <audiodef> What does RBL stand for?[17:17:55] *** synthroid <synthroid!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has joined #postfix[17:18:04] <audiodef> Nm, found it.[17:18:52] *** robinho86 <robinho86!~robsonjf@201.22.86.124.static.gvt.net.br> has joined #postfix[17:26:28] *** blubb <blubb!~default@2001:67c:10ec:52c7:8000::1d08> has joined #postfix[17:26:48] *** z0mfg <z0mfg!~z0mfg@2a02:168:5c0b:1337:e2cb:4eff:fe4e:19c0> has joined #postfix[17:26:58] *** z0mfg <z0mfg!~z0mfg@2a02:168:5c0b:1337:e2cb:4eff:fe4e:19c0> has left #postfix[17:27:14] *** blubb <blubb!~default@2001:67c:10ec:52c7:8000::1d08> has left #postfix[17:27:38] *** default_ <default_!~default@2001:67c:10ec:52c7:8000::1d08> has joined #postfix[17:27:58] <default_> hi[17:31:18] *** infides <infides!~infides@p5B167E4A.dip0.t-ipconnect.de> has joined #postfix[17:34:39] <default_> could anyone help me how to fix "fatal: bind: public/pickup: Permission denied"? I have a nondefault queue_directory, but even setting the permissions of "public/" to 777 doesn't help.[17:34:42] <default_> I've already tried "postfix set-permissions", "postfix check" and "./post-install create-missing". running postfix 2.11.3 on debian stable.[17:35:49] <lunaphyte> !tell default_ getting_help[17:35:49] <knoba> default_: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[17:37:25] <default_> !getting_help[17:37:25] <knoba> default_: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[17:39:10] *** dka <dka!~dka@118.69.28.15> has quit IRC (Ping timeout: 240 seconds)[17:39:25] <default_> !relevant_log[17:39:25] <knoba> default_: Error: "relevant_log" is not a valid command.[17:39:29] <default_> !relevant_logs[17:39:29] <knoba> default_: "relevant_logs" : mail.* syslog Postfix log messages (NOT verbose, see !no_verbose) which show ONLY the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log are not adequate. IMAP/POP3 daemons and external delivery agents often log to the same syslog facility (mail); filter such messages out unless asked not to.[17:40:16] *** qtch <qtch!~bartek@80-94-25-93.mierzyn.tarniny.pl> has quit IRC (Ping timeout: 240 seconds)[17:41:30] *** qtch <qtch!~bartek@80-94-25-93.mierzyn.tarniny.pl> has joined #postfix[17:44:29] <default_> !showconfig[17:44:29] <knoba> default_: "showconfig" : when asked to provide your config, please provide a SINGLE pastebin with postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old[17:45:57] *** KsChoice <KsChoice!~quassel@187-163-219-201.static.axtel.net> has joined #postfix[17:46:23] *** dka <dka!~dka@118.69.28.15> has joined #postfix[17:50:49] *** davidw <davidw!~davidw@apache/committer/davidw> has joined #postfix[17:51:31] <default_> lunaphyte: here you go https://0x1a4.1337.cx/651k/[17:52:48] <lunaphyte> that's not a website i'm comfortable visiting[17:52:52] *** synthroid <synthroid!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has quit IRC (Remote host closed the connection)[17:53:04] <default_> haha, it's a "public pastebin" service[17:53:28] <lunaphyte> hmm, interesting[17:57:12] *** zorg1 <zorg1!~zorg1@LNeuilly-656-1-74-35.w92-154.abo.wanadoo.fr> has quit IRC (Quit: Leaving)[17:57:51] *** gu1lle_ <gu1lle_!~Thunderbi@181.167.195.114> has joined #postfix[18:01:25] *** gu1lle_ <gu1lle_!~Thunderbi@181.167.195.114> has quit IRC (Remote host closed the connection)[18:02:49] <default_> here, this domain looks more comfy: https://pst.moe/paste/ijqjbr[18:03:31] <lunaphyte> you seem to have a knack for picking obscure pastebins :)[18:03:39] <default_> ghostbin is down unfortunately[18:04:56] <lunaphyte> well, the factoid has a reference for a reason ;)[18:06:00] <rob0> Looks like it's unable to create a socket. Is Postfix being started as root? (I suppose so, because postfix(1) will barf on invocation by other than root.) SELinux or apparmor or such in use?[18:06:05] *** gu1lle_ <gu1lle_!~Thunderbi@181.167.195.114> has joined #postfix[18:08:24] <default_> no SEL, no apparmor, started as root[18:09:20] <default_> the only thing i suspect is the nondefault queue_directory (it's in a different filesystem, but that shouldn't be a problem i think)[18:09:24] <rob0> maybe then something is wrong with the filesystem mount options[18:09:48] <rob0> why did you do this?[18:12:58] <lunaphyte> if you put queue_directory back, does everything work properly?[18:14:40] <default_> trying that right now[18:16:01] <default_> yeah works, dammit, could have tested this far myself[18:17:00] <default_> i use a different queue_dir bc it's in an encfs container, the goal is to not have mails stored unencrypted even if they're deferred and stored temporarily before forwarding[18:17:13] <default_> but i guess this is not possible this way[18:17:46] <kingkong-> smtpd_tls_mandatory_protocols and smtpd_tls_protocols should be same/equal ?[18:18:40] <default_> now i think about it, i use the same setup with encfs on another machine and it works fine...[18:20:08] <rob0> encfs is FUSE, and if not done as root, probably won't work for this[18:20:40] <rob0> dm-crypt would work[18:20:40] *** synthroid <synthroid!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has joined #postfix[18:20:58] <default_> kingkong, I try to enforce strong TLS with clients while enabling older TLS versions for connections to/from other MTAs[18:21:22] <default_> kingkong: is that bad to do it this way?[18:21:52] <rob0> kingkong-, I'd suggest not messing with the defaults for those, except possibly on submission for mandatory TLS[18:26:25] <default_> hm, encfs is mounted with --public, so this shouldn't be an issue[18:37:50] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has joined #postfix[18:52:41] *** golden_receiver <golden_receiver!~andry@b2b-78-94-14-194.unitymedia.biz> has joined #postfix[18:52:41] *** golden_receiver <golden_receiver!~andry@b2b-78-94-14-194.unitymedia.biz> has quit IRC (Changing host)[18:52:41] *** golden_receiver <golden_receiver!~andry@unaffiliated/golden-receiver/x-4949035> has joined #postfix[18:53:11] <rob0> And when starting the fusermount as root, it works?[18:59:40] <kingkong-> default_: i care for balance more[19:01:09] <kingkong-> rob0: i havent smtpd_tls_mandatory_protocols setting yet. i'm thinking to add it. should be same as smtpd_tls_protocols if i'll add ? i cant decide this[19:03:10] <rob0> You're only going to require encryption on submission. You can't require it on 25. If you know what your users will be using, you can limit the mandatory TLS protocols to that.[19:03:29] <rob0> If you don't know anything about any of this, just leave it alone.[19:04:51] <petn-randall> rob0: Well, you *could*, but then you should be prepared for the fallout ;)[19:05:17] <rob0> that's my point :)[19:07:35] <petn-randall> rob0: You'd probably do the internet a favour with requiring TLS, just not yourself :P[19:11:00] <kingkong-> rob0: i'm following this postfix settings at https://cipherli.st/[19:12:30] <kingkong-> are you against "smtpd_tls_mandatory_protocols" except in submission written as on that page ?[19:14:48] <kingkong-> currently i have "smtpd_tls_protocols = !SSLv2, !SSLv3" already and im thinking to add "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3"[19:17:16] <kingkong-> it will work fine like this ?[19:20:25] <lunaphyte> kingkong-: in your global config? that's foolish[19:22:00] <kingkong-> do you mean mandatory ?[19:22:13] <kingkong-> in main.cf yes[19:23:07] <kingkong-> in https://cipherli.st/ they suggests as globally or submission ?[19:25:05] <kingkong-> but i readed a page where says mandatory setting can cause mail losses and mail servers not support it well.[19:26:35] <default_> kingkong-: i think i got my mandatory config from https://bettercrypto.org/ (not sure tho)[19:27:19] *** Darcidride <Darcidride!~Darcidrid@2a01:e35:8b4a:ca10:740d:252f:6d2c:a692> has joined #postfix[19:27:50] <default_> also my problem was solved by fixing missing read permissions of one folder in the path to the public/ directory >.< sorry for wasting your time[19:33:48] <kingkong-> i think, i will not use any mandatory[19:35:41] <kingkong-> i'll just add "smtpd_tls_ciphers = high" and it will use highest available one except sslv2/v3.[19:36:07] <rob0> I bet that will break things. Good luck.[19:39:18] <kingkong-> rob0: do you mean "smtpd_tls_ciphers = high" ? really ?[19:39:29] <default_> i think being permissive with nonmandatory and restrictive with mandatory (unless you have users that are customers) is the better choice[19:40:54] <kingkong-> why it will breaks things ? it will not choose most high ranked cipher except ssl/ssl3 ? whats wrong ?[19:41:05] <rob0> yes it is. Also: Victor and Wietse know a lot more about this than any of us. They carefully choose default values for these TLS-related settings. Stay with their expertise.[19:42:08] <kingkong-> hmm. so you don't advice https://cipherli.st/ conf then.[19:42:32] <thumbs> I'm not sure where those recommendations are coming from.[19:42:48] <thumbs> however, that site is excellent in regards to using secure ciphers[19:42:50] <rob0> I didn't look at it, but indeed the best advice is to read what Victor has to say.[19:43:11] <rob0> If Victor said the same thing, it's good advice.[19:43:28] <kingkong-> Victor is nickname?[19:44:19] <kingkong-> he isn't here now. i will ask his advice later then.[19:44:28] <rob0> You'll find him at [/in online archives of] the postfix-users mailing list. Not in IRC.[19:45:13] *** default_ <default_!~default@2001:67c:10ec:52c7:8000::1d08> has quit IRC (Quit: ChatZilla 0.9.93 [Firefox 45.6.0/20161213204132])[19:45:53] <kingkong-> i never used mailing list. whats the address to register at there[19:47:52] <rob0> it's Majordomo, only supports email commands, postfix-users at postfix dot org (see the page at www.postfix.org which tells about it.)[19:48:55] *** guampa <guampa!~guampa@unaffiliated/guampa> has quit IRC (Quit: quit)[19:53:43] *** prillian5 <prillian5!~prillian5@2001-4dd4-d7b7-0-4d81-9478-9c96-bd57.ipv6dyn.netcologne.de> has joined #postfix[19:53:55] <prillian5> Can I use two mx records at the same time?[19:54:48] <prillian5> I wan't to move mails from local server to an external one. And for this I wan't connect to the old-Mail-server via imap, and move the mails with an email-client to the new server (drag & drop)[19:56:27] <rob0> I'm not sure what you are asking.[19:57:37] <rob0> The best way to keep two separate mailstores in synch is to use imapsync or similar (yes, drag and drop in a GUI MUA is comparable.)[19:57:53] *** pppingme <pppingme!~pppingme@unaffiliated/pppingme> has quit IRC (Quit: Leaving)[19:58:11] <rob0> two deliveries from the MTA will not work.[19:58:41] *** guampa <guampa!~guampa@unaffiliated/guampa> has joined #postfix[19:59:14] *** pppingme <pppingme!~pppingme@unaffiliated/pppingme> has joined #postfix[19:59:35] *** Section1 <Section1!~section1@190.195.71.40> has quit IRC (Quit: Leaving)[20:00:11] <prillian5> rob0: Ok, thank you. I think I got it. I have also other domains at the same server. I could only use the mx of such an other domain to fetch the old account while i have changed the mx of the current domain to the new server[20:05:22] <prillian5> thanks anyway rob0[20:05:22] <kingkong-> rob0: thanks i readed the page didnt get it well. lol. this majordomo is bot which accepts defined commands written on email. am i right ?[20:05:50] <kingkong-> haha thanked him at the same second :)[20:05:55] *** prillian5 <prillian5!~prillian5@2001-4dd4-d7b7-0-4d81-9478-9c96-bd57.ipv6dyn.netcologne.de> has quit IRC (Quit: Konversation terminated!)[20:09:24] <kingkong-> i will send email to "majordomo at postfix dot org" and write "subscribe postfix-users" in email content. i think that's all.[20:10:01] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix[20:12:54] *** WakiMiko <WakiMiko!~WakiMiko@unaffiliated/wakimiko> has quit IRC (Max SendQ exceeded)[20:13:42] *** WakiMiko <WakiMiko!~WakiMiko@unaffiliated/wakimiko> has joined #postfix[20:17:02] <rob0> kingkong-, yes, but your questions are FAQ. You can probably find answers by browsing the recent archives.[20:20:59] *** muh2000 <muh2000!~muh2000@unaffiliated/muh2000> has joined #postfix[20:37:24] *** yupyupp <yupyupp!~yupyupp@tempi.kd8zev.net> has quit IRC (Quit: Reconnecting)[20:37:31] *** yupyupp <yupyupp!~yupyupp@tempi.kd8zev.net> has joined #postfix[21:05:58] *** synthroi_ <synthroi_!~synthroid@50.202.5.122> has joined #postfix[21:09:14] *** synthroid <synthroid!~synthroid@gateway/vpn/privateinternetaccess/synthroid> has quit IRC (Ping timeout: 260 seconds)[21:12:36] *** WakiMiko <WakiMiko!~WakiMiko@unaffiliated/wakimiko> has quit IRC (Max SendQ exceeded)[21:13:05] *** WakiMiko <WakiMiko!~WakiMiko@unaffiliated/wakimiko> has joined #postfix[21:20:33] *** tmberg <tmberg!tmberg@unaffiliated/tmberg> has quit IRC (Read error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number)[21:25:35] *** tmberg <tmberg!tmberg@unaffiliated/tmberg> has joined #postfix[21:32:00] *** synthroid <synthroid!~synthroid@108.61.68.160> has joined #postfix[21:34:05] *** synthroi_ <synthroi_!~synthroid@50.202.5.122> has quit IRC (Ping timeout: 240 seconds)[21:36:50] *** leprechau <leprechau!kqnwq8620p@c-67-187-127-110.hsd1.tn.comcast.net> has quit IRC (Quit: ZNC - http://znc.in)[21:42:31] *** muh2000_ <muh2000_!~quassel@prx2.ernw.net> has joined #postfix[21:50:14] *** davidw <davidw!~davidw@apache/committer/davidw> has quit IRC (Ping timeout: 258 seconds)[21:54:14] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has quit IRC (Quit: Konversation terminated!)[21:54:23] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has joined #postfix[21:54:26] *** AnHry <AnHry!~x@a94-132-78-87.cpe.netcabo.pt> has quit IRC (Client Quit)[21:59:48] *** muh2000_ <muh2000_!~quassel@prx2.ernw.net> has quit IRC (Ping timeout: 255 seconds)[22:05:16] *** leprechau <leprechau!kviaxrbvj1@c-67-187-127-110.hsd1.tn.comcast.net> has joined #postfix[22:17:02] *** Darcidride <Darcidride!~Darcidrid@2a01:e35:8b4a:ca10:740d:252f:6d2c:a692> has quit IRC (Read error: Connection reset by peer)[22:23:18] *** UncleKiwi <UncleKiwi!~UncleKiwi@unaffiliated/unclekiwi> has joined #postfix[22:50:05] *** synthroid <synthroid!~synthroid@108.61.68.160> has quit IRC ()[22:52:43] *** infides <infides!~infides@p5B167E4A.dip0.t-ipconnect.de> has quit IRC (Ping timeout: 245 seconds)[22:57:35] *** gu1lle_ <gu1lle_!~Thunderbi@181.167.195.114> has quit IRC (Remote host closed the connection)[23:11:37] *** tmberg <tmberg!tmberg@unaffiliated/tmberg> has quit IRC (Quit: tmberg)[23:16:31] *** tmberg <tmberg!tmberg@unaffiliated/tmberg> has joined #postfix[23:22:34] *** pti-jean_ <pti-jean_!~quassel@7.41.124.78.rev.sfr.net> has quit IRC (Remote host closed the connection)[23:28:49] *** davidw <davidw!~davidw@apache/committer/davidw> has joined #postfix