February 28, 2019 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | >
February 28, 2019 [00:00:08] <cybrNaut> I have this to ensure that the postmaster receives all bounces => "notify_classes = resource, software, protocol, policy, delay, bounce, 2bounce"[00:00:58] <cybrNaut> but the bounce msg is still going to the sender in addition to the postmaster. I want /only/ the postmaster to receive the bounce msg[00:02:31] *** el_sparfo <el_sparfo!~seba@bonbon.sepplix.net> has joined #postfix[00:17:04] *** el_sparfo <el_sparfo!~seba@bonbon.sepplix.net> has quit IRC (Quit: Lost terminal)[00:25:12] *** Diemuzi <Diemuzi!~IceChat9@unaffiliated/diemuzi> has quit IRC (Quit: See you on the flip side!)[01:00:30] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has quit IRC (Quit: inabit. zz.)[01:17:13] *** boombudder <boombudder!~boom@p54BECE5B.dip0.t-ipconnect.de> has quit IRC (Quit: WeeChat 2.4)[01:29:07] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 240 seconds)[02:01:47] *** boombudder <boombudder!~boom@p200300E98F3586601F4B266E570F10AE.dip0.t-ipconnect.de> has joined #postfix[02:03:33] <pj> cybrNaut: bounce messages are always sent to the envelope sender.[02:03:57] <pj> !tell cybrNaut from!=sender[02:03:57] <knoba> cybrNaut: "from!=sender" : There are two different from addresses in an email, the From: header and the envelope sender. Postfix only cares about the envelope sender. See also !to!=recipient[02:08:42] <pj> cybrNaut: this sounds like some sort of misguided attempt to accomplish some goal...[02:08:46] <pj> !tell cybrNaut xy[02:08:46] <knoba> cybrNaut: "xy" : (#1) The XY problem is that you want to do X, but don't know how. You think that you can solve X by doing Y, so you ask us how to do Y. We tell you that's an odd problem to want to solve. Just ask us about the real problem., or (#2) http://mywiki.wooledge.org/XyProblem -- I want to do X, but I'm asking how to do Y...[02:08:53] <pj> what's your actual goal here?[02:20:52] *** Bebef <Bebef!sbreit@phobos.bebef.de> has quit IRC (Read error: Connection reset by peer)[02:21:57] *** Bebef <Bebef!sbreit@phobos.bebef.de> has joined #postfix[02:29:56] <pj> hrmmmmm, looks like I can't build postfix 3.4 for CentOS 6 :-([02:30:13] <thumbs> pj: why?[02:30:46] <pj> because postfix 3.4 dropped support for openssl 1.0.1[02:30:53] <pj> and C6 runs 1.0.1e[02:31:14] <pj> so unless I can find a way around that ...[02:32:09] <lunaphyte> centos 6 can't run a current version of openssl?[02:32:36] <lunaphyte> i think 1.0.1 hasn't been supported for like 2+ years now, right?[02:33:00] <lunaphyte> and that's the last 1.0.1 revision, too[02:45:35] *** boombudder <boombudder!~boom@p200300E98F3586601F4B266E570F10AE.dip0.t-ipconnect.de> has quit IRC (Quit: WeeChat 2.4)[02:52:35] <pj> lunaphyte: RHEL6 was released something like 8 years ago, by policy they rarely change versions of software after the release date but instead backport security and bug fixes. RHEL6 openssl 1.0.1e will continue to be supported (by redhat) until 2020.[02:52:35] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[02:53:08] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[02:56:55] <pj> I may just have to leave CentOS 6 on postfix 3.3[03:13:08] *** gislaved <gislaved!5266180a@gateway/web/cgi-irc/kiwiirc.com/ip.82.102.24.10> has quit IRC (Ping timeout: 250 seconds)[03:42:58] *** pyco <pyco!~p@pierkorb.de> has joined #postfix[03:42:58] *** pyco <pyco!~p@pierkorb.de> has quit IRC (Changing host)[03:42:58] *** pyco <pyco!~p@pdpc/supporter/active/pyco> has joined #postfix[03:44:08] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has joined #postfix[04:10:47] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has quit IRC (Quit: Ex-Chat)[04:16:33] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has quit IRC (Quit: shibboleth)[04:16:39] *** pj <pj!~pj@centos/ops/pj> has quit IRC (Ping timeout: 268 seconds)[04:46:19] *** MrNewbie_ <MrNewbie_!02333608@gateway/web/freenode/ip.2.51.54.8> has quit IRC (Ping timeout: 256 seconds)[04:48:45] *** pj <pj!~pj@centos/ops/pj> has joined #postfix[05:01:28] *** wolfshappen_ <wolfshappen_!~wolfshapp@irc.furworks.de> has quit IRC (Ping timeout: 250 seconds)[05:02:19] *** wolfshappen <wolfshappen!~wolfshapp@irc.furworks.de> has joined #postfix[05:26:10] <hiya> !postscreen[05:26:10] <knoba> hiya: "postscreen" : SMTP triage server available since Postfix 2.8, see http://www.postfix.org/POSTSCREEN_README.html and http://www.postfix.org/postscreen.8.html[05:26:18] <rob0> Postfix doesn't have a native means to filter outbound mail for spam, BTW.[05:26:58] <rob0> And if you have that as a problem, you have big trouble. /me thinks of the old Dilbert cartoon[05:27:17] <rob0> see also:[05:27:24] <rob0> !whatis cheatsheet 2[05:27:24] <knoba> rob0: A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2017-07-06, now requires Postfix 2.11+)[05:28:22] <pj> there is nothing wrong with filtering outbound mail but it pretty much has to be done with a content filter.[05:28:56] <pj> you can also implement policy-based filtering for outbound, though.[05:46:37] *** MACscr <MACscr!~MACscr@c-98-215-100-46.hsd1.il.comcast.net> has joined #postfix[05:57:17] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix[05:59:55] *** buddy123 <buddy123!~buddy123@96.44.144.114> has quit IRC (Ping timeout: 246 seconds)[06:17:40] <hiya> ok[06:18:42] <hiya> how would we define spam? Is it just with IPs?[06:18:52] <hiya> if someone using Tor to send email we drop it?[06:21:38] <rob0> !ube[06:21:38] <knoba> rob0: "ube" : Unsolicited Bulk E-mail, the spam menace. See !cheatsheet for an introduction to controlling spam in Postfix.[06:34:45] *** Bahhumbug <Bahhumbug!jrd@psychotic/admin/jrd> has joined #postfix[06:47:00] *** buddy123 <buddy123!~buddy123@96.44.144.122> has joined #postfix[06:54:36] <hiya> !cheatsheet[06:54:37] <knoba> hiya: "cheatsheet" : (#1) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt : A HOWTO for pre-DATA spam control., or (#2) A postscreen cheatsheet can be seen at http://rob0.nodns4.us/postscreen.html (updated 2017-07-06, now requires Postfix 2.11+)[06:59:45] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has quit IRC (Quit: led_dark_1)[07:02:40] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has joined #postfix[07:09:23] <hiya> rob0, how does threshold work in dnsbl?[07:11:34] <hiya> !postscreen_dnsbl_threshold[07:11:34] <knoba> hiya: "postscreen_dnsbl_threshold" : The inclusive lower bound for blocking an SMTP client, based on its combined DNSBL score. See http://www.postfix.org/postconf.5.html#postscreen_dnsbl_threshold for more information This feature available starting with Postfix 2.8[07:50:25] *** DTZUZO <DTZUZO!~DTZUZO@S0106bcd16584b0aa.vs.shawcable.net> has joined #postfix[07:52:41] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has quit IRC (Ping timeout: 250 seconds)[08:12:14] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has joined #postfix[08:19:34] <pj> hiya: if the accumulated DNSBL score falls at or below the threshold then the after-220 tests are skipped and the connection passed directly to smtpd.[08:20:45] <hiya> pj, I have seen some example using *2 weight for lists and setting threshold = 2, so what good would it do vs setting it to 1 and not using *2 for lists?[08:20:53] <pj> by giving trusted whitelists a negative score you can effectively allow whitelisted hosts to bypass the after-220 tests so that they don't get a deferal code from postscreen that way.[08:21:37] <pj> oh wait...[08:22:44] <pj> sorry, I got that confused with postscreen_dnsbl_whitelist_threshold[08:23:26] <pj> postscreen_dnsbl_threshold basically means that if the accumulated score is at least as high as the threshold then the connection will be rejected.[08:24:25] <hiya> postscreen_dnsbl_threshold = 2[08:24:25] <hiya> postscreen_dnsbl_sites = ix.dnsbl.manitu.net*2[08:24:26] <hiya> zen.spamhaus.org*2[08:24:39] <pj> and the idea is if you set it to 2 or 3, you can have certain dnsbls with a weight lower than the threshold which effectively requires the client to be on two dnsbls that way.[08:24:54] <hiya> pj, ^ is it any good vs threshold = 1 and no *2 for sites?[08:25:09] <pj> hiya: you did read the cheatsheet, right?[08:25:13] <pj> this is all explained there.[08:26:46] <pj> if you set the threshold to 1 and don't set a weight for any of the dnsbls then any dnsbl hit will cause the client to be rejected.[08:27:04] <pj> this is fine but you had best make sure you trust the dnsbls implicitly for this.[08:27:55] <hiya> why is this so complicated?[08:28:10] <hiya> I will read thoroughly and get back if I have any more questions[08:28:53] <pj> hiya: because there are very few blacklists that can be trusted implicitly to reject hosts outright. False positives do happen.[08:29:13] <pj> but if a client is listed on two or three blacklists then it's much more certain that you would want to reject them.[08:30:23] <hiya> so does it count all the lists for the final score?[08:30:26] <hiya> like 2+2[08:30:31] <hiya> or only 1?[08:30:37] <pj> all the lists.[08:31:00] <pj> so if you have a threshold of 3 and the client is on two lists with a weight of 2 then the accumulated weight is 4 and it will be rejected.[08:31:03] <hiya> In that case I should be setting, threshold as 4?[08:31:32] <hiya> 2 = only 1 list?[08:31:52] <pj> that depends on the weight you give the list[08:32:03] <hiya> or I should set threshold as 2 and not put weight on list[08:32:07] <hiya> so it is 1+1[08:32:50] <hiya> What is the most trusted list so far pj ? One can't be absolute, correct?[08:32:56] <pj> you could do that, setting it to 3 gives you more flexibility. At the end of the day it boils down to how much you trust each list. Some lists may be more trusted than others.[08:33:11] <pj> I would trust zen implicitly.[08:33:33] <hiya> ix.dnsbl.manitu.net[08:33:36] <hiya> ?[08:33:42] <pj> I have no idea about that one.[08:33:46] <hiya> hmm[08:34:05] <hiya> so even with weight 2, I think 3 as threshold is fine[08:34:13] <hiya> You are correct[08:34:17] <hiya> It is best setting[08:35:46] <hiya> no man, I think threshold should be 2 only, because zen can't be wrong either.[08:35:52] <hiya> back to work, see you in night[08:36:11] <pj> I set the threshold to 3 and set the weight for zen to 3[08:37:32] *** ced117 <ced117!~ced117@opensuse/member/ced117> has quit IRC (Ping timeout: 245 seconds)[08:39:31] *** Bebef <Bebef!sbreit@phobos.bebef.de> has quit IRC (Remote host closed the connection)[08:40:25] *** Bebef <Bebef!sbreit@phobos.bebef.de> has joined #postfix[08:46:49] *** ced117 <ced117!~ced117@opensuse/member/ced117> has joined #postfix[08:47:14] <hiya> pj, and only use one?[08:48:58] <pj> hiya: it's all in rob0's cheatsheet, it's really not that hard to grasp.[08:49:28] <hiya> ok[08:58:08] *** golden_receiver_ <golden_receiver_!~andry@b2b-78-94-14-194.unitymedia.biz> has quit IRC ()[08:58:29] *** golden_receiver <golden_receiver!~andry@unaffiliated/golden-receiver/x-4949035> has joined #postfix[09:05:15] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix[09:18:14] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[09:36:10] *** gislaved <gislaved!5266180a@gateway/web/cgi-irc/kiwiirc.com/ip.82.102.24.10> has joined #postfix[09:59:02] *** chkbsd <chkbsd!~ucio@unaffiliated/ucio> has quit IRC (Max SendQ exceeded)[09:59:29] *** chkbsd <chkbsd!~ucio@2a02:8070:51a3:a700::21:1> has joined #postfix[09:59:30] *** chkbsd <chkbsd!~ucio@2a02:8070:51a3:a700::21:1> has quit IRC (Changing host)[09:59:30] *** chkbsd <chkbsd!~ucio@unaffiliated/ucio> has joined #postfix[10:10:29] *** mami64 <mami64!2ef8a1a5@gateway/web/freenode/ip.46.248.161.165> has joined #postfix[10:15:52] <cybrNaut> pj: when a mutt user writes "From: sometag.jerry at spamgourmet dot com", and the message bounces, the bounced message does not go to jerry@localhost. It goes out externally to sometag.jerry at spamgourmet dot com. That's what I intend to stop.[10:16:53] <cybrNaut> I did not think "From: sometag.jerry at spamgourmet dot com" would be considered the /envelope/ sender[10:17:47] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has joined #postfix[10:17:54] <cybrNaut> The From: field is whatever the user wants it to be, and my postfix config seems prone to backscatter[10:18:30] *** DzAirmaX_ <DzAirmaX_!~DzAirmaX@unaffiliated/dzairmax> has joined #postfix[10:19:27] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has quit IRC (Ping timeout: 240 seconds)[10:44:53] *** DzAirmaX_ <DzAirmaX_!~DzAirmaX@unaffiliated/dzairmax> has quit IRC (Quit: We here br0.... xD)[10:45:15] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has joined #postfix[10:49:57] *** jalalsfs_ <jalalsfs_!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix[10:52:07] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 245 seconds)[10:54:07] *** MasterPiece <MasterPiece!~masterpie@unaffiliated/masterpiece> has joined #postfix[11:01:30] *** wolfshappen <wolfshappen!~wolfshapp@irc.furworks.de> has quit IRC (Ping timeout: 244 seconds)[11:02:33] *** wolfshappen_ <wolfshappen_!~wolfshapp@irc.furworks.de> has joined #postfix[11:14:58] *** oculux- <oculux-!~oculux@109.202.107.5> has joined #postfix[11:17:44] *** oculux- <oculux-!~oculux@109.202.107.5> has quit IRC (Quit: blah)[11:25:29] *** oculux <oculux!~oculux@109.202.107.5> has joined #postfix[11:26:26] <oculux> I am concerned about a postfix log entry that I have set something grossly wrong or my system is compromised. Can I ask it here by posting the single line from the log?[11:27:28] <Alver> Sure.[11:27:34] <oculux> Thank you.[11:27:37] <oculux> Feb 28 10:08:06 mail postfix/qmgr[25782]: 54C5A98D0: from=<>, size=6449, nrcpt=1 (queue active)[11:27:40] <oculux> Feb 28 10:08:10 mail postfix/smtp[25983]: 54C5A98D0: to=<infogoeza at tri-finance dot com>, relay=mx.kinamo.be[93.94.104.9]:25, delay=155613, delays=155609/0.01/2.6/1.1, dsn=4.7.1, status=deferred (host mx.kinamo.be[93.94.104.9] said: 450 4.7.1 <infogoeza at tri-finance dot com>: Relay access denied (in reply to RCPT TO command))[11:27:42] <Alver> Not sure one log line will be enough information to give an analysis, though.[11:28:54] <oculux> What I am concerned about is the <> for the from address and I am not sure which system is denying which.[11:28:58] <Alver> Looks like either mx.kimano.be is badly configured, since it doesn't accept mail for tri-finance.com, or that tri-finance.com has wrongly set their MX record to mx.kinamo.be[11:29:19] <oculux> But I am not either of those domains[11:29:37] <Alver> One of your users tried to mail to infogoeza at tri-finance dot com, I take it.[11:29:53] <regis> oculux: This might be of interest to you: http://www.postfix.org/BACKSCATTER_README.html[11:29:57] <oculux> No one in my network[11:30:26] <oculux> Which settings should I concentrate on to eliminate this?[11:30:49] <oculux> Is my server sending to mx.kinomo.be?[11:31:14] <regis> It is, since this is the MX for tri-finance.com[11:31:24] <oculux> Is this coming from the internet or is it originating in my machine?[11:31:49] <oculux> the from=<> --- does that indicate it's from one of my machines or users?[11:32:02] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has joined #postfix[11:32:23] <regis> Try to see one of these messgaes to determine if it's sent by mailer deamon. If so - check the url from above[11:32:43] <oculux> how can i see it?[11:32:57] <regis> postcat 54C5A98D0, iirc[11:33:07] <oculux> the postqueue I mean... ok thanks i'll try[11:33:42] <oculux> postcat command not found[11:39:29] <regis> I don't know what to tell you. Maybe it's there but outside from your $PATH?[11:43:18] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has quit IRC (Ping timeout: 258 seconds)[11:49:15] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has joined #postfix[11:49:52] <oculux> seems like its backscatter[11:51:10] <oculux> the mail originates from one of my users computers and my new fuglu filter is set to bounce messages it finds as spam and this is causing a bounce message to be generated and sent to the other server.[11:51:37] <oculux> I will have to look into the fuglu to postfix connection a bit more[11:53:53] <boombudder> I have a small issue that's probably just bad understanding on my end[11:54:18] <boombudder> trying to telnet to 25 externally gives me 'connection closed by foreign host' after a second[11:54:41] <boombudder> emails being sent to the server fail with banner misread, no surprise[11:54:56] <boombudder> 587 works just fine though[11:55:25] <boombudder> this is with dovecot, if someone can just send me in a direction to look into what could be my issue I would be very thankful[11:58:06] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has quit IRC (Ping timeout: 264 seconds)[11:59:25] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has joined #postfix[12:00:17] *** led_dark_2 <led_dark_2!~Thunderbi@217.66.160.14> has joined #postfix[12:03:01] <oculux> thanks all I think I have it sorted now. All 3 messages causing this were backscatter from a mail filter bounce from a HIGH SPAM score. I have now set it to DELETE these messages rather than bounce.[12:03:25] <oculux> I was afraid there was a compromise of password or a worm locally[12:04:00] *** led_dark_1 <led_dark_1!~Thunderbi@hotspot10.rywasoft.net> has quit IRC (Ping timeout: 258 seconds)[12:04:00] *** led_dark_2 is now known as led_dark_1[12:10:27] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Ping timeout: 245 seconds)[12:12:11] *** MasterPiece <MasterPiece!~masterpie@unaffiliated/masterpiece> has quit IRC (Ping timeout: 268 seconds)[12:13:02] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix[12:24:07] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has quit IRC (Ping timeout: 240 seconds)[12:25:08] *** MasterPiece <MasterPiece!~masterpie@unaffiliated/masterpiece> has joined #postfix[12:26:03] *** MasterPiece <MasterPiece!~masterpie@unaffiliated/masterpiece> has quit IRC (Remote host closed the connection)[12:32:51] *** mouses <mouses!mouses@hellomouse/member/mouses> has quit IRC (Quit: ZNC 1.7.2+deb1+bionic0 - https://znc.in)[12:36:08] *** mouses <mouses!mouses@hellomouse/member/mouses> has joined #postfix[12:44:42] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has joined #postfix[12:45:52] *** section1 <section1!~section1@178.33.109.106> has joined #postfix[12:50:01] *** shal3r <shal3r!~shal3r@80.232.250.159> has quit IRC (Quit: emerge life)[12:51:39] <bhuddah> oculux: it's a bad practice to bounce spam messages. usually they do not originate where they claim they do.[12:52:29] *** shal3r <shal3r!~shal3r@80.232.250.159> has joined #postfix[13:07:12] *** CyberCr33p <CyberCr33p!~chris@athedsl-172434.home.otenet.gr> has joined #postfix[13:08:37] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[13:23:26] *** CyberCr33p <CyberCr33p!~chris@athedsl-172434.home.otenet.gr> has quit IRC (Quit: CyberCr33p)[13:24:01] *** mouses <mouses!mouses@hellomouse/member/mouses> has left #postfix ("WeeChat 2.4")[13:28:21] *** CyberCr33p <CyberCr33p!~chris@athedsl-172434.home.otenet.gr> has joined #postfix[13:41:54] *** Diemuzi <Diemuzi!~IceChat9@unaffiliated/diemuzi> has joined #postfix[13:44:07] *** treehug88 <treehug88!~textual@pool-98-113-184-194.nycmny.fios.verizon.net> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)[13:47:48] *** zapata_ <zapata_!~zapata@2a02:b18:581:10:bc09:e2ce:7d98:53dc> has joined #postfix[13:49:25] *** zapata <zapata!~zapata@2a02:b18:581:10:3889:4893:70cb:b5f7> has quit IRC (Ping timeout: 258 seconds)[13:57:01] *** robinho86 <robinho86!~robson@179.180.170.138> has joined #postfix[14:01:41] *** robinho86 <robinho86!~robson@179.180.170.138> has quit IRC (Client Quit)[14:12:23] *** CyberCr33p <CyberCr33p!~chris@athedsl-172434.home.otenet.gr> has quit IRC (Quit: CyberCr33p)[14:15:34] *** robinho86 <robinho86!~robson@179.180.170.138> has joined #postfix[14:35:02] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has quit IRC (Ping timeout: 245 seconds)[14:36:23] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has joined #postfix[14:38:40] *** phunyguy <phunyguy!~vault@ubuntu/member/phunyguy> has quit IRC (Read error: Connection reset by peer)[14:40:15] *** phunyguy <phunyguy!~vault@ubuntu/member/phunyguy> has joined #postfix[14:53:10] *** boombudder <boombudder!~boombudde@tmo-102-3.customers.d1-online.com> has quit IRC (Read error: Connection reset by peer)[15:09:32] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has joined #postfix[15:36:23] *** rsx <rsx!~rsx@ppp-188-174-130-167.dynamic.mnet-online.de> has joined #postfix[15:52:03] <kermit> is there a way to log the dsn to an sql server other than syslog?[15:59:10] <rob0> Postfix only supports syslog for logging.[16:14:32] <colo-work> doesn't the newest release have a log-server-thingie impl. of its own?[16:14:41] <colo-work> (to be more container-friendly, or some such thing?)[16:19:37] *** buddy123 <buddy123!~buddy123@96.44.144.122> has quit IRC (Ping timeout: 245 seconds)[16:20:23] <lunaphyte> yes[16:20:55] <lunaphyte> choices as of 3.4.0 are: syslog, file, or stdout[16:21:06] <lunaphyte> file and stout are available only in 3.4.0 or later[16:21:44] <lunaphyte> *stdout[16:27:10] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Read error: Connection reset by peer)[16:27:37] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix[16:30:06] *** anexit <anexit!~anexit@push.anexit.net> has quit IRC (Ping timeout: 244 seconds)[16:33:51] *** anexit <anexit!~anexit@push.anexit.net> has joined #postfix[16:43:44] *** Darcidride <Darcidride!~Darcidrid@77.59.212.138> has joined #postfix[17:00:43] *** wolfshappen_ <wolfshappen_!~wolfshapp@irc.furworks.de> has quit IRC (Ping timeout: 246 seconds)[17:02:48] *** wolfshappen <wolfshappen!~wolfshapp@irc.furworks.de> has joined #postfix[17:15:11] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has quit IRC (Quit: Ex-Chat)[17:17:25] *** Myrth <Myrth!~quassel@li331-222.members.linode.com> has quit IRC (Quit: No Ping reply in 180 seconds.)[17:18:32] *** Myrth <Myrth!quassel@2600:3c01::f03c:91ff:fee0:e5cc> has joined #postfix[17:18:47] *** Franciman <Franciman!~Franciman@mail.bugbyte.tk> has quit IRC (Ping timeout: 245 seconds)[17:20:06] *** Franciman <Franciman!~Franciman@mail.bugbyte.tk> has joined #postfix[17:33:38] *** anexit <anexit!~anexit@push.anexit.net> has quit IRC (Ping timeout: 255 seconds)[17:35:39] *** anexit <anexit!~anexit@push.anexit.net> has joined #postfix[17:46:12] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix[17:49:35] *** Brilpikk3wyn <Brilpikk3wyn!~Segfault0@unaffiliated/segfault0x40> has joined #postfix[17:49:51] *** Brilpikk3wyn is now known as Pikk3wyn[18:13:14] *** DzAirmaX <DzAirmaX!~DzAirmaX@unaffiliated/dzairmax> has quit IRC (Quit: We here br0.... xD)[18:20:36] <hiya> I have deployed postfix, how do I check if it is working other than from logs?[18:20:43] *** Gaaab <Gaaab!~Gaaab@host9-94-dynamic.13-79-r.retail.telecomitalia.it> has joined #postfix[18:20:48] <lunaphyte> use it[18:20:53] <hiya> how?[18:21:50] <hiya> !tlsproxy[18:21:50] <knoba> hiya: Error: "tlsproxy" is not a valid command.[18:22:17] <lunaphyte> what do you mean how?[18:22:25] <rob0> Send yourself email? Get a free mail account somewhere.[18:22:36] <hiya> lunaphyte, I apologize, I have delployed postscreen[18:22:45] <hiya> rob0, ^[18:22:48] *** rednul <rednul!~rednul@219.163.48.199.static.reverse.as19531.net> has quit IRC (Ping timeout: 268 seconds)[18:22:55] <hiya> deployed*[18:23:01] <lunaphyte> oh[18:23:10] <lunaphyte> you want to test postscreen, you're saying?[18:23:44] <hiya> yes sir[18:24:37] <hiya> I tried weird temp emails and it is receiving emails from all[18:25:01] <hiya> zen lists is clearing them all[18:25:05] <lunaphyte> what are weird temp emails?[18:25:24] <hiya> www.cs.email/[18:26:01] <hiya> Disposable Temporary E-Mail Address[18:26:15] <hiya> I think they all use clearest and purest IPs[18:26:16] <hiya> :P[18:27:08] *** rednul <rednul!~rednul@219.163.48.199.static.reverse.as19531.net> has joined #postfix[18:27:12] <cybrNaut> anyone know how to stop postfix from sending bounce messages to the address in the "From:" header field?[18:28:39] <hiya> cybrNaut, like what?[18:29:15] <cybrNaut> hiya: not sure what you're asking[18:29:31] <hiya> I am not sure what is it that you are trying to remove[18:30:31] <cybrNaut> i'm trying to stop an action. When a message fails delivery, postfix sends an error message to the address in the "From:" field of the failed message[18:30:47] *** Gaaab <Gaaab!~Gaaab@host9-94-dynamic.13-79-r.retail.telecomitalia.it> has quit IRC (Ping timeout: 255 seconds)[18:32:14] <cybrNaut> i have copies of bounce messages going to the postmaster, and that's sufficiant. I do not want a copy being sent to the sender's "From:" field address[18:35:21] <Pikk3wyn> i dont know much postfix, but if you find the text[18:35:41] <Pikk3wyn> go to postfixes 'stuff location' maybe in /usr/lib or /usr/share[18:35:45] <Pikk3wyn> and use grep -r[18:36:05] <Pikk3wyn> then find the filename[18:36:07] <hiya> cybrNaut, what options do you have in "notify_classes"[18:36:10] <lunaphyte> !tell cybrNaut getting_help[18:36:10] <knoba> cybrNaut: "getting_help" : before asking your question, read the !relevant_logs and !showconfig factoids, and prepare a single pastebin containing all of that data. if you don't understand what this means, or if you need help doing this, please let us know. also see !pastebin[18:37:01] <cybrNaut> hiya: i have "notify_classes = resource, software, protocol, policy, delay, bounce, 2bounce"[18:37:27] <cybrNaut> this is what ensures the postmaster gets a copy - and that's working.[18:38:22] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has quit IRC (Ping timeout: 245 seconds)[18:42:19] <cybrNaut> the backscatter how-to (http://www.postfix.org/BACKSCATTER_README.html) actually only addresses inbound backscatter. It doesn't say how to prevent creation of backscatter locally[18:43:16] *** Gaaab <Gaaab!~Gaaab@milik.frozenstar.info> has joined #postfix[18:44:12] <hiya> cybrNaut, http://www.postfix.org/bounce.8.html Check all the recipient options[18:50:27] <cybrNaut> hiya: i have none of the *_recipient options defined in main.cf, which means they default to postmaster. So it's not clear why the sender is also getting a bounce message.[18:52:12] <cybrNaut> it says the default is "postmaster", but the system behaves like the default is postmaster /and/ sender[18:52:54] *** olspookishmagus <olspookishmagus!~pookie@snf-137798.vm.okeanos.grnet.gr> has quit IRC (Quit: All for nothing)[18:54:12] <rob0> That's right. Bounces *always* go to the envelope sender. They only go to the postmaster when you specifically configure that.[18:55:17] <rob0> !dnsbl_test[18:55:18] <knoba> rob0: "dnsbl_test" : Many DNSBLs support a special test record of 127.0.0.2, so you can dig 2.0.0.127.zen.spamhaus.org. any to test Zen, for example. See also http://www.crynwr.com/spam/ to test your server's use of various DNSBLs.[18:55:28] <rob0> hiya, ^^[18:55:41] <rob0> if that might help you test your postscreen[18:56:20] <cybrNaut> rob0: you say "envelope sender", but actually the bounces seem to be going to the "From:" header (not the user@localhost which is what i expect the envelope sender to be)[18:56:32] *** Pikk3wyn <Pikk3wyn!~Segfault0@unaffiliated/segfault0x40> has quit IRC (Remote host closed the connection)[18:56:53] *** bolt_ <bolt_!~r00t@unaffiliated/bolt> has joined #postfix[18:57:22] <rob0> Logs will tell you what the envelope sender address was. It's logged on a separate line with each smtp(8) delivery attempt.[18:57:26] <cybrNaut> my postfix instance is actually sending bounce messages out on the WAN, when really i just want them distributed locally[18:58:14] *** bolt <bolt!~r00t@unaffiliated/bolt> has quit IRC (Ping timeout: 255 seconds)[19:00:14] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has joined #postfix[19:01:09] <cybrNaut> the logs in /var/log/mail.log show "from=<external address in the From: field>". Is that the "envelope sender"? Maybe that's my problem. Postfix is taking the "From:" field to be the envelope sender, when really that's whatever the sender writes it as[19:02:37] <cybrNaut> if the message comes from myuser@localhost, then I want "myuser@localhost" to be the envelope sender, not whatever the user freely wrote on the From: field[19:04:09] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has joined #postfix[19:04:45] *** delacroix <delacroix!~delacroix@2a02:810c:e3f:e500:381a:b1ff:fe38:b6b8> has quit IRC (Quit: ZNC - http://znc.in)[19:05:46] <pj> cybrNaut: postfix does not care what the From: field is, it is just a coincidence that in your case it is the same as the envelope sender.[19:06:21] <rob0> did you pastebin logs of this somewhere?[19:06:24] <pj> your MUA sets both the From: field and the envelope sender.[19:07:42] <rob0> Perhaps your users are using SMTP submission, in which case ^^ the MUA sets the sender address.[19:07:46] <cybrNaut> ah, so mutt must be simply making the envelope match whatever is in From:. I'll have to see if I can fix that in mutt[19:08:05] <rob0> With sendmail submission the command line can alter the envelope sender.[19:08:52] <cybrNaut> rob0: i've not posted logs or configs anywhere.. hopefully i can avoid that b/c i'd have to filter them for privacy[19:10:40] <rob0> was mutt using sendmail or SMTP?[19:11:14] <cybrNaut> although in principle postfix probably shouldn't trust the MUA's envelope sender - a sketchy user (or infected user) could abuse that and cause backscatter[19:11:28] <cybrNaut> i'll have to see what mutt is doing[19:11:59] <lunaphyte> i'm not sure what you mean by trust the envelope sender[19:12:16] <lunaphyte> submission should require authentication[19:12:31] <lunaphyte> if you're allowing submission without authentication, that would need to be corrected[19:13:37] <cybrNaut> lunaphyte: users must login, but once they're logged in they can put whatever they want in the From: field in mutt[19:13:48] <rob0> There are various ways to rewrite sender addresses, but I am not sure how you would do what you describe.[19:14:09] <rob0> It might be easier to do in Exim or Sendmail.[19:14:11] <lunaphyte> cybrNaut: i'm talking about postfix. not shell access[19:15:35] <lunaphyte> i would not allow direct submission via the sendmail command, period.[19:15:50] <lunaphyte> configure mutt to use the submission or submission protocol[19:16:02] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has quit IRC (Quit: inabit. zz.)[19:16:15] <cybrNaut> lunaphyte: once they have shell access, there is no further authentication. All local users are allowed to send email.[19:16:24] *** cryptic <cryptic!~cryptic@142.196.139.17> has quit IRC (Read error: Connection reset by peer)[19:16:36] <lunaphyte> [13.12.31] lunaphyte: if you're allowing submission without authentication, that would need to be corrected[19:16:44] <lunaphyte> [13.15.35] lunaphyte: i would not allow direct submission via the sendmail command, period[19:16:48] <lunaphyte> [13.15.51] lunaphyte: configure mutt to use the submission or submission protocol[19:17:35] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has joined #postfix[19:17:39] *** mikecmpbll <mikecmpbll!~mikecmpbl@ruby/staff/mikecmpbll> has quit IRC (Client Quit)[19:19:24] <cybrNaut> mutt is configured with "set envelope_from", which means "set the envelope sender according to the address used in the From: line." So one way to solve this might be to nix that option in mutt[19:19:44] *** delacroix <delacroix!~delacroix@ip5f597811.dynamic.kabel-deutschland.de> has joined #postfix[19:20:01] *** buddy123 <buddy123!~buddy123@173.254.222.146> has joined #postfix[19:20:29] *** cryptic <cryptic!~cryptic@142.196.139.17> has joined #postfix[19:21:01] <cybrNaut> although i think it's set that way for privacy. The external recipient shouldn't necessarily see who the internal user of my system is[19:21:55] *** mpo <mpo!~quassel@unaffiliated/mpo49> has quit IRC (Read error: Connection reset by peer)[19:23:12] <lunaphyte> it's not really about privacy[19:23:50] <lunaphyte> it's mostly just that most muas do happen to set the From: header to the same as the envelope sender[19:24:00] <lunaphyte> under nominal conditions, of course[19:24:13] *** Darcidride <Darcidride!~Darcidrid@77.59.212.138> has quit IRC (Ping timeout: 246 seconds)[19:24:36] <cybrNaut> what if my user chooses a login name of "masterbationKing", and then he uses the system to send an email to his boss with "From: your_loyal_worker at company dot com" (but in the headers the boss could see "masterbationKing", for example)[19:24:42] <lunaphyte> in nay case, the answer to all of this is to use submission, and not use the sendmail command[19:24:45] <lunaphyte> *any[19:25:02] <lunaphyte> cybrNaut: people lie[19:25:10] <lunaphyte> it's nothing specific to postfix nor email[19:25:26] <hiya> rob0, thanks[19:25:49] <cybrNaut> users userid's should not be exposed externally... i'm not sure how "people lie" is relevant to that[19:26:12] <lunaphyte> oh, i see what you're saying[19:26:16] <lunaphyte> same thing though[19:26:20] <lunaphyte> people make choices about what they do[19:26:34] <lunaphyte> he picks his userid. someone allow him to pick it[19:26:45] <lunaphyte> he chooses to send an email to someone like that[19:26:50] <lunaphyte> he chooses how to represent himself[19:27:00] <lunaphyte> like i said, it's not about privacy.[19:27:14] <lunaphyte> sure, it can potentially have a privacy related impact.[19:27:19] <lunaphyte> but that's beside the point[19:27:31] <cybrNaut> yikes, no, he does not necessarily know his internal user id would be leaked to outsiders if he set's the From: field -- it's absolutely a privacy issue[19:28:00] <hiya> rob0, 521 5.7.1 Service unavailable; client [192.203.178.107] blocked using zen.spamhaus.org[19:28:04] <hiya> So beautiful :P[19:28:32] <lunaphyte> hiya: you can also just do manual testing yourself, using netcat[19:29:09] <lunaphyte> see the after 220 behaviors, if they've been enabled, etc[19:29:24] <cybrNaut> a user might choose a user id that's impressive to one group and not another.. but the needless exposure of that userid is a privacy abuse. Can I tell postfix to change the envelope sender to the "From:" field when it transmits?[19:30:05] <lunaphyte> cybrNaut: postfix is a mail router.[19:30:24] <lunaphyte> configure the mua to act as desired[19:30:36] <cybrNaut> because really the envelope from the MUA to the MTA /should/ be the internal user (so bounces are routed), but that's not what should be exposed externally[19:30:42] <lunaphyte> don't compose messages badly and then try to configure postfix to clean them up after the fact[19:31:08] *** zerocool <zerocool!~muhGNUdoh@50-39-127-180.bvtn.or.frontiernet.net> has joined #postfix[19:31:08] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)[19:31:13] <cybrNaut> it's a problem with either config[19:31:14] <hiya> lunaphyte, how?[19:31:19] <pj> cybrNaut: hang on, before you were complaining that the envelpe sender was set to From: now you explicitly want postfix to change the envelpe sender to From:?[19:31:45] <lunaphyte> cybrNaut: just compose the message as desired[19:31:51] *** n_1-c_k <n_1-c_k!~nick@2a02:8010:63a6::70> has joined #postfix[19:31:56] <lunaphyte> postfix isn't involved. no need for it to be[19:32:02] <zerocool> hey dudes what is the RFC for the "From" that is not header?[19:32:11] <lunaphyte> zerocool: huh?[19:32:35] <lunaphyte> hiya: use netcat, connect to port 25, issue smtp commands[19:32:43] <lunaphyte> hiya: emulate an smtp conversation[19:32:46] <zerocool> for instance when you connect via telnet to SMTP[19:32:48] <zerocool> and you type from[19:32:50] <pj> the envelpe sender and recipient are specified in both the original and updated SMTP RFCs[19:32:53] <zerocool> what is the RFC for that?[19:32:53] <cybrNaut> pj: it depends on the segment of the transmission. From the MUA to the MTA, locally, the envelope should be the internal user so that bounces are kept internal. But from the MTA to the cloud, the internal userid should not be exposed, so the envelope /should/ differ for privacy[19:33:06] <zerocool> vs the header 'From:'[19:33:08] <lunaphyte> zerocool: i don't understand "that is not header"[19:33:16] <lunaphyte> zerocool: oh[19:33:27] <lunaphyte> you are referring to the mail from: smtp command?[19:33:36] <lunaphyte> that's called the envelope sender[19:33:52] <zerocool> ah, okay, that sounds familiar, i'll google for it, thanks lunaphyte[19:34:32] <cybrNaut> it seems postfix users must choose one privacy abuse or another -- they cannot have privacy in both senses despite feasibility[19:34:50] <zerocool> does this look right? https://tools.ietf.org/html/rfc5321[19:35:28] <hiya> lunaphyte, yes, that is also possible.[19:35:33] <hiya> tanks[19:36:20] <pj> cybrNaut: this is where getting the MUA to use submission will help. When submission is used the MSA does not have to bounce messages from the MUA, it can simply reject them.[19:37:02] <pj> at least it can up until the message gets queued.[19:38:06] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has joined #postfix[19:38:21] <cybrNaut> pj: well i need to look into that.. ATM it's unfamiliar territory. So if I understand correctly, for submission i must configure postfix to require authentication from internal users, correct?[19:39:11] <pj> cybrNaut: yes, but more importantly you need to change MUTTs settings so that it uses submission instead of the sendmail command.[19:42:37] <cybrNaut> ok, thanks pj, lunaphyte.. i'll do some homework along those lines[19:42:48] <rob0> also, sendmail can be limited or even disabled entirely[19:42:58] <pj> anyways, yes, postfix can change the envelope sender, but you're probably barking up the wrong tree to do so. You should just be getting MUTT to set it properly in the first place, and generally speaking people want to see if a message they have sent has bounced so by rights it should be set to an email address that they will receive.[19:45:30] <cybrNaut> pj: right, i agree the sender should see the bounce. i just need it to happen without the bounce going to the WAN (which is what's happening now)[19:46:01] <pj> as far as security is concerned, you're right, leaking people's usernames is of some concern, but probably not as much of a concern as you may think. Unless you think your systems are somehow prone to a very targeted, very expensive attack then generally the attack surface they will be subjected to is simply a bot guessing both the username and password of users.[19:46:39] <pj> cybrNaut: then set the envelop sender to an appropriate email address from MUTT.[19:48:14] <cybrNaut> pj: there are 2 leaks i'm trying to control here. If mutt uses the internal address on the envelope that solves the bounce problem (keeps the bounce internal), but that also causes the userid leak to the WAN.[19:48:39] <cybrNaut> if i understand you correctly, using submission will mitigate both leaks[19:48:47] <pj> and if you think that your users are in the habit of regularily emailing people that will want to do malicious, targeted, attacks against their accounts then yes, you probably should be more concerned, but then so should they.[19:49:07] <cybrNaut> so bounces will be kept internal, and external recipients will not see the internal user ids[19:50:26] <pj> cybrNaut: with submission the envelope sender is still set from MUTT, but at least until the message is queued it won't bounce, it will simply be rejected in the connection from MUTT and so it won't matter at that stage what the envelope sender is.[19:50:49] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has quit IRC (Read error: Connection reset by peer)[19:50:55] <pj> after the message gets queued then it does matter because a bounce email has to be generated and sent if something goes wrong.[19:51:32] <cybrNaut> so it sounds like it doesn't solve both problems if the receiving mail server is using graylisting[19:52:06] *** Azrael_- <Azrael_-!~aweoi@adsl-178-39-68-29.adslplus.ch> has quit IRC ()[19:53:12] <pj> by the time that greylisting comes into play the message is already queued anyways.[19:54:09] <pj> using submission will help for other reasons, it has a partial benefit here, but not a full one.[19:54:36] <cybrNaut> oh right, so as long as the graylisting ultimately works and the message is delivered there's no issue. I guess it's quite rare that graylisting starts and then delivery ultimately fails[19:56:03] <pj> well, that depends. postscreen does a type of greylisting but it does not check things such as the recipient address before passing the message on, so it is very possible that with postscreen the message could be deferred and ultimately rejected.[19:56:49] <pj> I can't speak for what other greylisting solutions do, I imagine that they might be similar in that regard.[19:58:35] <pj> anyways, I have to go[19:59:12] *** Gaaab <Gaaab!~Gaaab@milik.frozenstar.info> has quit IRC (Ping timeout: 245 seconds)[20:00:05] <hiya> cybrNaut, is it fixed?[20:00:10] <rob0> gn pj[20:00:58] <cybrNaut> hiya: no.. i have a partial fix to try out though[20:01:15] <hiya> ok[20:01:17] <hiya> rob0, http://www.dnsbl.manitu.net/[20:01:20] <hiya> do you trust this one?[20:02:02] <rob0> I have heard of it, but as you already know, it's not on the list of sites I use.[20:02:26] <hiya> yes[20:02:51] <hiya> I will use it as well[20:03:23] <rob0> It would almost surely be safe as a 1-point list with a threshold of 3.[20:04:09] <hiya> I give it 2 with threshold of 2[20:04:46] <rob0> I am more cautious than that, when I am not familiar with a DNSBL.[20:05:52] <hiya> yes, I think I trust the guy who is asking me to trust it. I still can't figure out wy would hotmail put me in Spam, it could my full name in thunderbird's settings[20:06:52] *** nailyk <nailyk!~nailyk@carbonfusion/co-admin/nailyk> has joined #postfix[20:12:37] <buddy123> Im having difficulties with opendkim and im not sure what they are. I also try to use 'opendkim-testkey' to test my key and all I get is "query timed out"[20:13:10] *** shAGGie <shAGGie!~shAGGie@200116b840e1ff00453153af5505b812.dip.versatel-1u1.de> has joined #postfix[20:13:32] <shAGGie> hi, i want to set outgoing emailadress to one for all users on server, how do i do that[20:14:41] <rob0> buddy123, that's surely an #opendkim question, whether or not anyone is there to answer it. But it sounds like the DNS query (to fetch your public key) times out. You can try testing the query.[20:15:26] <buddy123> thanks rob0. Regarding the timeout, any clue why that might happen? Isnt that just regular dns query? I also see those timeouts in my postfix log[20:15:39] <rob0> shAGGie, very strange thing to ask. Why do you want that?[20:15:53] *** Gaaab <Gaaab!~Gaaab@host9-94-dynamic.13-79-r.retail.telecomitalia.it> has joined #postfix[20:16:02] <shAGGie> because i onoly have one mailadress for my domain[20:16:24] <shAGGie> and wehn something happens on my server, it should send me mails to alert[20:16:25] <rob0> all users share one address?[20:16:36] <shAGGie> there aren't users at all[20:16:52] *** rsx <rsx!~rsx@ppp-188-174-130-167.dynamic.mnet-online.de> has quit IRC (Remote host closed the connection)[20:16:57] <shAGGie> it is just a server for general purpose[20:17:13] <rob0> The next strange thing: why is mail being sent?[20:18:06] <shAGGie> because of an alert, for axample, cronjob to renew tls cert is goning wrong or something, and i want to get a message[20:18:20] <shAGGie> to my emailaddress[20:18:38] <shAGGie> from my server, who hast to use the webmaster at domain dot de mailadress[20:18:56] <rob0> buddy123, it is a query for a TXT record, and there might be 12.2 gazillion reasons why it's answering slowly.[20:25:54] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has joined #postfix[20:26:21] <tuxick> +1[20:26:34] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Remote host closed the connection)[20:26:47] *** shAGGie <shAGGie!~shAGGie@200116b840e1ff00453153af5505b812.dip.versatel-1u1.de> has quit IRC (Quit: Leaving)[20:26:48] <buddy123> tnx[20:29:27] *** level7 <level7!~quassel@31.44.17.250> has joined #postfix[20:52:38] *** Azrael_- <Azrael_-!~aweoi@adsl-178-39-68-29.adslplus.ch> has joined #postfix[20:52:43] <Azrael_-> hi[20:53:18] <Azrael_-> any suggestions how to approach/implement dkim/dmarc best (the quickest way)? :)[20:54:58] <rob0> DMARC, why? DKIM, signing or checking signatures? I think opendkim can do both, and amavisd-new can do the checking.[20:55:43] <rob0> and what specifically do you mean about implementing DMARC that might be relevant to Postfix?[20:56:57] <Azrael_-> signing. until now i don't use any of them and the score of my sent emails isn't the best. i was told it is currently an absolute must have both and so i was looking how to do this best. if you can't provide me something nice, i'll just google/read up the topics[20:59:37] *** gislaved <gislaved!5266180a@gateway/web/cgi-irc/kiwiirc.com/ip.82.102.24.10> has quit IRC (Remote host closed the connection)[21:00:14] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has quit IRC (Quit: shibboleth)[21:00:22] *** gislaved <gislaved!5266180a@gateway/web/cgi-irc/kiwiirc.com/ip.82.102.24.10> has joined #postfix[21:00:35] <Azrael_-> don't know much about both of them yet[21:00:47] <rob0> "must have both? for what purpose? I often hear that myth about DMARC helping with deliverability, but no one can explain how/why it would matter.[21:01:14] <rob0> so I figure, they're wrong, it's a myth :)[21:01:47] <Azrael_-> yeah, it's all about deliverability. currently some hosters accept my mail but then put them into the spam folder although they aren't any spam. not really nice if the receiver expects the mail but never looks into the spam folder[21:01:49] <rob0> DKIM won't hurt, but it won't really help without some history and reputation[21:02:02] <rob0> !dnswl[21:02:02] <knoba> rob0: "dnswl" : http://www.dnswl.org The DNS Whitelist protects against false positives from known good senders[21:02:21] <rob0> this ^^ DOES help with deliverability.[21:03:08] <rob0> unless of course you have a mailing list of purchased or web-scraped addresses[21:04:03] <rob0> (nothing can help with that)[21:04:14] <Azrael_-> nah, none of that[21:04:42] <Azrael_-> thanks for the link, will have a look[21:05:22] <rob0> !easy_dmarc[21:05:23] <knoba> rob0: "easy_dmarc" : If you just need a DMARC policy to help satisfy ESP recommendations you can use this to basically tell servers not to enforce DMARC on your mail: _dmarc.example.com. TXT "v=DMARC1;p=none;adkim=r;aspf=r;pct=0"[21:38:02] *** delacroix <delacroix!~delacroix@ip5f597811.dynamic.kabel-deutschland.de> has quit IRC (Quit: ZNC - http://znc.in)[21:43:03] * jimpop waits for someone to report "ignoring out-of-zone data"[21:43:23] <rob0> haha could be[21:44:00] *** level7 <level7!~quassel@31.44.17.250> has quit IRC (Read error: Connection reset by peer)[21:44:19] *** level7 <level7!~quassel@31.44.17.250> has joined #postfix[21:45:04] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has quit IRC (Read error: Connection reset by peer)[21:45:52] *** bolt_ <bolt_!~r00t@unaffiliated/bolt> has quit IRC (Ping timeout: 245 seconds)[21:46:23] *** bolt <bolt!~r00t@unaffiliated/bolt> has joined #postfix[21:47:39] *** delacroix <delacroix!~delacroix@2a02:810c:e3f:e500:381a:b1ff:fe38:b6b8> has joined #postfix[21:48:02] <Azrael_-> ignoring out-of-zone data?[21:52:15] <cybrNaut> i uncommented the line in master.cf "submission..." and the 5 lines that followed. Is there anything else i need to do on the Postfix side of things to enable submission? Do I need to create username and passwords for local users who use submission?[21:52:40] <rob0> !sasl[21:52:40] <knoba> rob0: "sasl" : SASL is 'Simple Authentication and Security Layer', necessary for SMTP AUTH, and provided to Postfix by addin software. Cyrus SASL and/or Dovecot IMAP/POP3 can provide SASL. See http://www.postfix.org/SASL_README.html for details.[21:53:05] <rob0> !dovecot_sasl[21:53:05] <knoba> rob0: "dovecot_sasl" : See http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL for instructions to configure Dovecot SASL for Postfix. See also: http://www.postfix.org/SASL_README.html#server_dovecot[21:53:38] <cybrNaut> thanks[21:53:44] <rob0> You can use the system user auth, but it has to be verified through a SASL backend.[21:55:12] <cybrNaut> i see this "Usually, SMTP servers accept mail to remote destinations when the client's IP address is in the "same network" as the server's IP address." So I think i don't need to implement inbound SASL[21:55:47] <cybrNaut> my clients won't need to access the mail server from outside the LAN[21:59:08] *** olegfusion <olegfusion!~olegfusio@mail.mobileforsale.ru> has quit IRC (Quit: Leaving)[22:14:08] *** level7_ <level7_!~quassel@31.44.17.250> has joined #postfix[22:14:43] *** level7 <level7!~quassel@31.44.17.250> has quit IRC (Ping timeout: 244 seconds)[22:22:22] <cybrNaut> so i added this line to mutt => "set smtp_url=smtp://127.0.0.1:587"[22:22:36] <cybrNaut> i believe that should instruct mutt to use submission with postfix[22:22:37] *** aldenp <aldenp!~aldenp@xplr-104-249-225-192.xplornet.com> has joined #postfix[22:22:49] <cybrNaut> but i get the error: "Could not negotiate TLS connection"[22:23:09] <cybrNaut> i also tried "set smtp_url=smtps://127.0.0.1:587" and got the same error[22:23:12] <aldenp> hey; I'm trying to get smtps working, and although it's running on port 465 it isn't actually using SSL for whatever reason (I'll post my config in a moment)[22:24:20] *** Gaaab <Gaaab!~Gaaab@host9-94-dynamic.13-79-r.retail.telecomitalia.it> has quit IRC (Ping timeout: 255 seconds)[22:24:30] <aldenp> http://dpaste.com/3B674CJ[22:24:41] <aldenp> can post master.cf as well if it's necessary[22:24:47] <cybrNaut> mail.log says "warning: TLS library problem: error:1417A0C1:SSL routines:tls_post_process_client_he[22:24:50] <cybrNaut> llo:no shared cipher:../ssl/statem/statem_srvr.c:1419:"[22:26:21] *** Gigs <Gigs!~gigs@pdpc/supporter/28for7/gigs> has left #postfix ("Leaving")[22:31:11] *** jwhitmore <jwhitmore!~jwhitmore@109.76.142.81> has joined #postfix[22:33:12] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix[22:35:34] <aldenp> nevermind, I'm an idiot, it's fine[22:36:15] *** level7_ <level7_!~quassel@31.44.17.250> has quit IRC (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)[22:36:26] *** level7 <level7!~quassel@31.44.17.250> has joined #postfix[22:45:00] *** aldenp <aldenp!~aldenp@xplr-104-249-225-192.xplornet.com> has left #postfix ("WeeChat 2.3")[22:52:05] <cybrNaut> ah, i worked it out. needed: smtpd_client_restrictions=permit_mynetworks[23:01:14] *** wolfshappen <wolfshappen!~wolfshapp@irc.furworks.de> has quit IRC (Ping timeout: 255 seconds)[23:02:06] *** wolfshappen_ <wolfshappen_!~wolfshapp@irc.furworks.de> has joined #postfix[23:08:47] *** jwhitmore <jwhitmore!~jwhitmore@109.76.142.81> has quit IRC (Ping timeout: 245 seconds)[23:16:44] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has quit IRC (Quit: Leaving.)[23:35:05] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has quit IRC (Quit: leaving)[23:53:23] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has joined #postfix[23:54:36] *** zapata_ is now known as zapata