Switch to DuckDuckGo Search
   September 12, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >

Toggle Join/Part | bottom
[00:21:54] <xpoint> opendkim, opendmarc, openarc is a very big mess
[00:22:25] *** robinho86 <robinho86!~robsonjf@191.36.239.241> has quit IRC (Quit: Leaving.)
[00:22:53] <xpoint> if amavisd had supported dmarc i would have used it
[00:23:32] <xpoint> openarc is not needed if none breaked dkim
[00:24:08] <xpoint> 5000 milters in postfix and sendmail cant make a single policy
[00:24:18] <xpoint> sad :(
[00:28:03] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix
[00:32:23] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 245 seconds)
[00:42:22] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has quit IRC (Remote host closed the connection)
[00:55:00] *** golden_receiver <golden_receiver!~andry@unaffiliated/golden-receiver/x-4949035> has quit IRC (Read error: Connection reset by peer)
[00:55:17] *** golden_receiver <golden_receiver!~andry@unaffiliated/golden-receiver/x-4949035> has joined #postfix
[00:59:00] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix
[01:03:15] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has quit IRC (Ping timeout: 240 seconds)
[01:09:19] <jimpop> opendmarc has a big kinda security hole these days that people are saying the project is abandoned and the dev won't fix. let me find the link
[01:09:47] <jimpop> https://github.com/trusteddomainproject/OpenDMARC/pull/48
[01:10:08] <jimpop> apparently you just send 2 From's and opendmarc passes
[01:11:18] <jimpop> the question is, (since the dev is the same) does that affect opendkim and openarc too
[01:44:53] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[01:45:46] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[02:21:40] *** Bebef <Bebef!sbreit@phobos.bebef.de> has quit IRC (Read error: Connection reset by peer)
[02:22:28] *** Bebef <Bebef!sbreit@phobos.bebef.de> has joined #postfix
[02:44:54] *** lxsinfo <lxsinfo!~Alex@2a02:a210:2043:4f80:fcd6:67fe:8597:4c1c> has quit IRC (Remote host closed the connection)
[03:04:07] *** BXS <BXS!~BXS@46.246.224.104.dsl.dyn.forthnet.gr> has joined #postfix
[03:11:14] *** johnny56 <johnny56!johnny56@gateway/vpn/protonvpn/johnny56> has quit IRC (Ping timeout: 240 seconds)
[03:19:25] *** johnny56 <johnny56!johnny56@gateway/vpn/protonvpn/johnny56> has joined #postfix
[03:54:10] *** eelstrebor <eelstrebor!~eelstrebo@216-75-116-100.static.allophone.net> has quit IRC (Quit: Ex-Chat)
[04:07:58] *** RudyValencia <RudyValencia!~rudy@unaffiliated/rudyvalencia> has quit IRC (Quit: 410 Gone)
[04:08:42] *** RudyValencia <RudyValencia!rudy@unaffiliated/rudyvalencia> has joined #postfix
[05:32:47] *** joules <joules!~lucifurba@pdpc/supporter/active/joulez> has joined #postfix
[06:31:40] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has quit IRC (Ping timeout: 268 seconds)
[06:41:53] *** CarlenWhite <CarlenWhite!~CarlenWhi@41.sub-174-231-128.myvzw.com> has joined #postfix
[06:42:08] *** epony <epony!epony@unaffiliated/epony> has quit IRC (Ping timeout: 245 seconds)
[06:46:12] *** BXS <BXS!~BXS@46.246.224.104.dsl.dyn.forthnet.gr> has quit IRC (Read error: Connection reset by peer)
[06:52:54] *** aadz <aadz!~Alexander@92.255.127.5> has quit IRC (Quit: Bye)
[07:12:46] *** MACscr_ <MACscr_!~MACscr@c-98-215-100-46.hsd1.il.comcast.net> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)
[07:14:13] *** chowbok <chowbok!~chowbok@207.181.255.76> has quit IRC (Ping timeout: 268 seconds)
[07:29:51] *** chowbok <chowbok!~chowbok@207.181.255.76> has joined #postfix
[07:34:45] *** cxc99 <cxc99!~cxc99@unaffiliated/cxc99> has quit IRC (Ping timeout: 246 seconds)
[07:43:11] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has quit IRC (Ping timeout: 244 seconds)
[07:43:29] *** jimpop <jimpop!~jimpop@pdpc/supporter/professional/jimpop> has joined #postfix
[08:02:22] *** aadz <aadz!~Alexander@92.255.127.5> has joined #postfix
[08:39:04] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has quit IRC (Ping timeout: 264 seconds)
[08:39:20] *** chachasmooth <chachasmooth!~chachasmo@unaffiliated/chachasmooth> has joined #postfix
[08:46:17] *** MACscr <MACscr!~MACscr@c-98-215-100-46.hsd1.il.comcast.net> has joined #postfix
[08:52:06] *** Vamp898 <Vamp898!57c1b019@gateway/web/cgi-irc/kiwiirc.com/ip.87.193.176.25> has joined #postfix
[08:53:06] <Vamp898> Hi there guys, maybe a silly question but what exactly is bounce verification. An partner told us that he is only willing to do an contract with us, if we don't use bounce verification (amongst other things). I never heard of that term to be honest
[08:57:15] *** chowbok <chowbok!~chowbok@207.181.255.76> has quit IRC (Quit: chowbok)
[08:57:52] *** lilmike <lilmike!~server@mtserver.mwtd.net> has quit IRC (Quit: ZNC 1.7.4 - https://znc.in)
[08:58:19] *** lilmike <lilmike!~server@mtserver.mwtd.net> has joined #postfix
[08:59:45] *** chowbok <chowbok!~chowbok@207.181.255.76> has joined #postfix
[09:05:52] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has joined #postfix
[09:11:04] <Vamp898> Ah, got it, nvmd =)
[09:15:02] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 245 seconds)
[09:24:13] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[09:28:26] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 240 seconds)
[09:28:41] <rudi_s> Vamp898: Care to tell use what it is? I'm curious.
[09:30:49] <Vamp898> It seems to workaround the issue when you send bounces instead of rejects https://shonamail.com/what-is-bounce-email-verification-service/
[09:31:56] <Vamp898> or better said, when you send lot of marketing and promotional mails to addresses that don't exist
[09:31:56] <rudi_s> Ok, so weird stuff spammers need, I see.
[09:32:02] <Vamp898> exactly
[09:37:57] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[09:51:54] *** cxc99 <cxc99!~cxc99@unaffiliated/cxc99> has joined #postfix
[09:57:03] *** m712 <m712!~annoying@unaffiliated/thefam> has left #postfix ("WeeChat 2.4")
[10:35:29] *** kingkong <kingkong!antalya@shellium/member/kingkong> has quit IRC (Ping timeout: 258 seconds)
[10:36:16] *** kingkong <kingkong!antalya@chatq.net> has joined #postfix
[10:36:16] *** kingkong <kingkong!antalya@chatq.net> has quit IRC (Changing host)
[10:36:16] *** kingkong <kingkong!antalya@shellium/member/kingkong> has joined #postfix
[10:41:03] <pj> Vamp898: I'm not sure what bounce verification is, if it's anything like bounce processing, it means that when a message to a recipient bounces that under the right circumstances that recipient will be removed from your list. Spammers generally don't do bounce processing because they don't care about keeping their lists clean.
[10:42:04] <pj> it is hi9ghly recommended for any mailing list to do proper bounce processing, though. You don't want to keep sending messages to an address that is bouncing.
[10:45:43] <Zerberus> sounds like recipient verification
[10:56:22] <Vamp898> pj i think its mostly marketing because you dont want to end up on backscatter dnsrbl
[11:00:50] *** epony <epony!epony@unaffiliated/epony> has joined #postfix
[11:30:25] <pj> Vamp898: backscatter has to do with sending out bounce messages for mail you receive, it has nothing to do with mail you send.
[11:32:21] <Vamp898> pj But that is, as i understand, this service. They re-write your sender address and send the mail for you so your server doesn't get to the backscatter list
[11:32:42] <Vamp898> But maybe i misread it
[11:32:50] <pj> Vamp898: even if you sent the mail you wouldn't get on the backscatter list.
[11:33:37] <pj> if a spammer sends you a message with a spoofed sender which you accept and later bounce, then that bounce goes to someone else then the address listed in the sender gets the bounce and that's backscatter.
[11:33:59] <Vamp898> right, mixed things up
[11:34:14] <Vamp898> but what exactly does this service do then?
[11:34:35] <pj> from what little I read I think it just does bounce processing.
[11:34:55] <pj> which is something that is relatively easy to set up and any MLM worth its salt does it already.
[11:36:26] <Vamp898> "What bounce email verification services do is check or verifies the email ids in your list. They remove all non-working emails that fit any of the above mentioned points above. Typically the email ids that have spelling errors or misplaced “@” or “.” signs are easily detected and removed from your bulk email list"
[11:36:29] <Vamp898> Sounds different
[11:36:50] <pj> I read that already
[11:36:54] <Zerberus> yes, they probe addresses and remove those from their list, which would bounce
[11:37:09] <pj> it'
[11:37:12] <Vamp898> ah ok
[11:37:25] <pj> it's not a service I would use. You can jsut do normal bounce processing and it would handle that.
[11:41:10] <pj> it sounds liek they are doing recipient verification on your mail list, actually. That is actually frowned upon.
[11:41:16] <pj> !recipient_verification
[11:41:16] <knoba> pj: Error: "recipient_verification" is not a valid command.
[11:41:19] <pj> hrmmm
[11:41:22] <pj> !verification
[11:41:22] <knoba> pj: http://www.postfix.org/ADDRESS_VERIFICATION_README.html : the Postfix verify(8) server
[11:42:11] <pj> well, postfix can actually do verification as well, but you are only meant to use it against your own servers, not against public MXes
[11:42:50] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has quit IRC (Ping timeout: 240 seconds)
[11:46:23] *** rsx <rsx!~rsx@ppp-188-174-157-25.dynamic.mnet-online.de> has joined #postfix
[11:48:11] *** Sketch <Sketch!sketch@2604:180:2::a506:5c0d> has quit IRC (Remote host closed the connection)
[11:48:21] *** Sketch <Sketch!sketch@2604:180:2::a506:5c0d> has joined #postfix
[11:51:00] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has joined #postfix
[12:00:04] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has quit IRC (Read error: Connection reset by peer)
[12:00:24] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has quit IRC (Ping timeout: 246 seconds)
[12:01:11] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has joined #postfix
[12:03:00] *** zamba <zamba!~marius@80-89-33-242.inet.signal.no> has joined #postfix
[12:06:14] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[12:06:41] *** tmberg <tmberg!~tmberg@unaffiliated/tmberg> has quit IRC (Ping timeout: 244 seconds)
[12:06:56] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[12:12:48] *** tmberg <tmberg!tmberg@unaffiliated/tmberg> has joined #postfix
[13:00:52] *** ]SiB[ <]SiB[!~Thunderbi@unaffiliated/sib/x-9459575> has left #postfix
[13:11:06] *** mrtnt <mrtnt!~martint@martint.data.ee> has quit IRC (Quit: WeeChat 1.6)
[13:35:11] *** random_yanek <random_yanek!~random_ya@87.116.229.147> has quit IRC (Ping timeout: 276 seconds)
[13:41:57] *** random_yanek <random_yanek!~random_ya@host-89-230-165-194.dynamic.mm.pl> has joined #postfix
[14:03:19] *** section1 <section1!~section1@178.33.109.106> has joined #postfix
[14:10:05] *** lxsinfo <lxsinfo!~Alex@2a02:a210:2043:4f80:b1e5:f017:69f9:4c6> has joined #postfix
[14:29:45] *** asgardian <asgardian!~RazvanDum@mssm-portal.com> has joined #postfix
[14:29:53] <asgardian> hello
[14:31:38] <asgardian> I have postfix configured with an application (not configured by me) that sends email automatically, there is no dovecot configured. Any idea if postfix saves somewhere the sent emails?
[14:33:25] <asgardian> maillog:Sep 10 12:26:16 vwehsinc2opp06 postfix/smtp[18348]: BAF5BABF02: to=<someone at email dot com>, relay=some-relay:25, delay=1, delays=0.05/0/0.1/0.86, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EDDB65632C)
[14:37:05] <thumbs> asgardian: it depends on what the /topic says
[14:37:52] <thumbs> or requires from you, rather.
[14:39:05] <asgardian> he need the content of the email, but from what I know postfix is only a relay doesn't store emails
[14:39:36] <asgardian> but I wanted to ask first here
[14:39:50] <thumbs> asgardian: please follow the channel /topic first.
[14:48:38] <rob0> Postfix would normally NOT save sent mails.
[14:49:47] <thumbs> what the channel /topic requires would give you hints on what happens
[14:49:58] <rob0> There are features you can use to send a BCC somewhere on one or more condition, but you would need to ask the person who configured it, or post ^^ what the /topic says,
[14:50:16] <thumbs> asgardian: so where is what the channel /topic requires?
[14:50:16] <rob0> !relevant_logs
[14:50:16] <knoba> rob0: mail.* syslog Postfix log messages (NOT verbose, see !no_verbose) which show ONLY the entire handling of a single mail which illustrates the issue with which you want help. Random selections from your mail log are not adequate. IMAP/POP3 daemons and external delivery agents often log to the same syslog facility and should not be shown. Also see http://rob0.nodns4.us/postfix-logging
[14:50:23] <rob0> !showconfig
[14:50:23] <knoba> rob0: when asked to provide your config, please provide a SINGLE pastebin (see !pastebin) with postconf -nf and postconf -Mf. if your version is too old for those commands to work (< 2.9), you should upgrade, but see !showconfig_old
[14:51:57] <thumbs> I think we lost asgardian a little while ago, either way.
[14:52:08] <thumbs> (too much Ragnarok)
[14:52:14] <section1> lol
[14:53:24] <asgardian> still here, :P rob0 the person who configured left :), so I don't have whom to ask
[14:53:42] <rob0> BTW it would be cleaner and probably preferable to have the sending app save sent mails.
[14:54:33] <rob0> Okay, but notice I gave you TWO choices, "... or post ^^ what the /topic says".
[14:54:42] <asgardian> rob0, I don't have access to the application, but I searched everywhere no signs for sent emails
[14:55:08] <section1> asgardian, do you have access to the postfix server ?
[14:55:17] <asgardian> I'm on it
[14:55:32] <rob0> Logs are usually the most important, but probably not so in this case, if you just want to know if you have Bcc's somewhere.
[14:55:52] <section1> ok follow that instructions
[14:56:02] <rob0> although it's possible that the app could be sending Bcc also
[15:00:38] <lunaphyte> rob0 was the person who configured and left? :(
[15:00:41] <lunaphyte> that's awful!
[15:00:56] <thumbs> yeah, rob0 is a terrible contractor
[15:01:16] <rob0> sigh, if I was better I could make a living at it!
[15:14:08] *** FinboySlick <FinboySlick!~shark@74.117.40.10> has joined #postfix
[15:50:47] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has quit IRC (Quit: led_dark_1)
[15:54:36] *** led_dark_1 <led_dark_1!~Thunderbi@217.66.160.14> has joined #postfix
[16:10:29] <tuxick> a boring living
[16:10:46] <tuxick> typing sudo all day is more fun!
[16:12:05] *** robinho86 <robinho86!~robson@189.115.58.83> has joined #postfix
[16:15:15] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[16:16:06] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[16:25:04] <Kelsar> i aliased it to please
[16:25:12] <Kelsar> be nice to our future overlords
[16:27:01] *** camelCaser <camelCaser!~camela@144.48.39.12> has quit IRC (Quit: ZNC 1.7.3 - https://znc.in)
[16:27:01] *** cslcm <cslcm!~cslcm@188-39-28-98.static.enta.net> has quit IRC ()
[16:36:53] *** camelCaser <camelCaser!~camela@144.48.39.12> has joined #postfix
[16:37:06] *** xelxebar_ <xelxebar_!~xelxebar@gateway/tor-sasl/xelxebar> has quit IRC (Remote host closed the connection)
[16:37:30] *** xelxebar <xelxebar!~xelxebar@gateway/tor-sasl/xelxebar> has joined #postfix
[16:39:41] *** ooAoo <ooAoo!~username@unaffiliated/ooaoo> has joined #postfix
[16:39:46] <ooAoo> hello
[16:40:24] <ooAoo> anyone around at this time?
[16:41:01] <Alver> Don't ask to ask, just ask
[16:41:48] <rob0> || On using IRC, workaround.org/getting-help-on-irc ||
[16:41:55] <ooAoo> rob0: hello
[16:41:58] <ooAoo> Alver: hello
[16:42:02] <ooAoo> Received: from [1.2.3.4] (port=41343 helo=host-237337.123.com)
[16:42:08] <rob0> In your many times here apparently you have missed the /topic
[16:42:10] <ooAoo> there isn't any hostname
[16:42:17] <ooAoo> what kind of attack is this called?
[16:42:43] <rob0> That's not Postfix logging nor a Postfix Received: header.
[16:43:55] <ooAoo> rob0: ok. ya. the mail was 'forward' from another mail server to my mailbox
[16:44:45] <rob0> Host 4.3.2.1.in-addr.arpa. not found: 3(NXDOMAIN)
[16:45:07] <rob0> is that what you mean, "no hostname"?
[16:45:11] <ooAoo> rob0: it is an example
[16:45:37] <ooAoo> does postfix check email forwarded from another mailserver?
[16:45:50] <ooAoo> or how do i make it check mail forwarded from another mailserver
[16:45:51] <rob0> "check"?
[16:46:48] <ooAoo> scan
[16:46:49] <ooAoo> :D
[16:47:39] <rob0> "Deep header inspection" is when a content filter reads and processes Received: headers on incoming mail. It's risky and prone to errors. One of the Spamhaus FAQs explains why.
[16:48:11] <rob0> Also, Postfix is not a content filter. You would do that by means of external software, e.g.,
[16:48:16] <rob0> !amavisd
[16:48:16] <knoba> rob0: see !amavisd-new
[16:48:20] <rob0> !amavisd-new
[16:48:20] <knoba> rob0: amavisd-new is a high-performance and reliable interface between mailer (MTA) and one or more content checkers. See http://www.ijs.si/software/amavisd/
[16:48:45] <ooAoo> rob0: ok
[16:49:14] <ooAoo> rob0: i have to exit. only can stay here for a while. thank you for your attention.
[16:49:43] <rob0> ok, yw, bye
[16:50:09] <rob0> this might also help for next time:
[16:50:12] <rob0> !xy
[16:50:12] <knoba> rob0: The XY problem is that you want to do X, but don't know how. You think that you can solve X by doing Y, so you ask us how to do Y. We tell you that's an odd problem to want to solve. Just ask us about the real problem.
[16:50:36] *** ooAoo <ooAoo!~username@unaffiliated/ooaoo> has quit IRC (Quit: leaving)
[16:53:41] <rob0> "PBL (and, therefore, Zen) should not be used to check all the IP addresses appearing in mail headers. It is entirely normal for legitimate emails to originate from an IP listed in PBL, and that IP will usually appear in the message headers. PBL must be used exclusively for checks at the SMTP connection level."
[16:53:59] <rob0> https://www.spamhaus.org/faq/section/Spamhaus%20PBL#187
[17:06:16] <Ein> i have a check_recipient_access, with user at example dot com REJECT
[17:06:31] <Ein> and it works, mail sent to user at example dot com bounces
[17:06:42] <Ein> however, if that email address is in an alias, it gets delivered
[17:07:01] *** Vamp898 <Vamp898!57c1b019@gateway/web/cgi-irc/kiwiirc.com/ip.87.193.176.25> has quit IRC (Remote host closed the connection)
[17:07:08] <Ein> so in aliases test:user at example dot com will cause mail to be delivered to user at example dot com
[17:07:46] <Ein> check_recipient_access is in smtpd_recipient_restrictions
[17:20:25] <rob0> check_recipient_access acts on the RCPT TO in SMTP.
[17:21:00] <Ein> but would not an alias to an email get reinjected as SMTP?
[17:21:16] <rob0> uh, no
[17:21:29] <Zerberus> alias expansion is happening later
[17:21:41] <rob0> and if it did, you certainly must not reject it
[17:22:04] <rob0> !check_recipient_access
[17:22:04] <knoba> rob0: Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action.
[17:24:25] <Ein> so what is the best way to ensure that user at example dot com never gets mail delivered (even though they exist in the local user table)
[17:25:17] <rob0> why are you aliasing addresses to an address that you never want to get any mail?
[17:25:31] <rob0> that makes no sense to me
[17:26:02] <Ein> because it is a shitty old mail server, that i am slowly drawing down
[17:26:03] <rob0> list the aliases in your check_recipient_access lookup\
[17:27:04] <rob0> 1.unwanted.alias at example dot com REJECT
[17:27:06] <Ein> but there is still tooling in place that causes headache
[17:27:07] <rob0> 2.unwanted.alias at example dot com REJECT
[17:27:51] <Ein> and i am working with the involved parties, but sometimes making changes in an environment like this is difficult
[17:28:14] <Ein> which is why there is still a Solaris 10 server running mail
[17:29:58] <Ein> rob0: i do have them in a check_recipient_access lookup
[17:31:45] <rob0> show the line in your check_recipient_access lookup, and also !showconfig and !relevant_logs showing the listed address being accepted, all in one pastebin
[17:32:21] <xpoint> Ein: if mydestination have public faced domain you could move that domain to virtual domain to avoid this problem
[17:34:01] <xpoint> Then make virtual alias to system users as needed remember fqdn still
[17:34:54] <xpoint> But more help after logs
[17:35:47] <Ein> the goal here is to eliminate all local mail delivery
[17:35:58] <xpoint> Okay
[17:36:21] <Ein> everyone either gets an alias to someplace else, or mail bounces
[17:36:44] <Ein> and really, only legacy users should get an alias
[17:36:55] <xpoint> Yes this i All possible if All is virtual
[17:37:29] <rob0> perhaps publish a null MX for the domain: "example.com. 86400 IN MX 0 ."
[17:37:40] <xpoint> System users should not have aliases
[17:38:18] <rob0> oh huh? You want to host example.com. mail but not deliver any? Alias to where?
[17:38:33] <rob0> !mantras
[17:38:34] <Ein> that is correct
[17:38:34] <knoba> rob0: (#1) Do not accept mail that you do not intend (or are unable) to deliver., or (#2) Do not drop mail., or (#3) Do not use wildcards or catchalls., or (#4) Do not forward mail to third party systems.
[17:38:41] <xpoint> rob0: make mydestination only have rfc1918 ips works more simple
[17:38:51] <rob0> are these systems you do not control?
[17:38:58] <Ein> rob0: again, this is a legacy server that is going away
[17:39:10] <rob0> [the alias destinations]
[17:39:10] <Ein> so this is all temporary
[17:39:18] <Ein> rob0: that is correct
[17:40:07] <Ein> and yes, i am definitely doing #1 and #4
[17:40:17] <rob0> yes, you will get spammed and forward that spam to the third party systems; they wlii block you as a spam source. That's why we have #4.
[17:40:45] <Ein> rob0: that has already come up and is a known
[17:41:04] <Ein> once the process is done, the 3rd party will take over MX for the domain
[17:41:14] <rob0> okay, well, what you talk about here is easy to do, scroll back up to 15:31 UTC
[17:42:48] <xpoint> Only mx change is needed, and the old server should change to backupmx so it Will know New server ips
[17:43:24] <rob0> Change MX, why?
[17:43:26] <Ein> oh, and actually, i am also doing #2. because these new users are in the auth database but don't have home directories so procmail is putting the mail somewhere(?)
[17:43:28] <xpoint> No need to add backupmx on dns for this to happen
[17:44:20] <Ein> which is why i want mail for them to be rejected
[17:45:14] <xpoint> We talk postfix or cyrus sasl?
[17:45:58] <Ein> postfix
[17:46:07] <xpoint> Good
[17:46:43] <xpoint> Sasl should be moved aswell to the New server
[17:47:08] <rob0> I don't think we are talking about setting up the new server yet, are we?
[17:47:31] <xpoint> Unsure here aswell
[17:49:30] <Ein> sasl is already disabled
[17:49:39] <Ein> as was imap
[17:50:16] <xpoint> So why is procmail still in service?
[17:50:17] <Ein> https://pastebin.com/N0jnf23Z
[17:50:28] <Ein> xpoint: remember the Solaris 10 part?
[17:50:55] <Ein> and actually, it is dovecot-lda, i did put that in a little while ago
[17:50:59] <xpoint> No i have raspberrypi 😀🍊
[17:51:50] <Ein> my predecessor did not apparently believe in patching
[17:52:18] <Ein> or upgrading
[17:54:30] <rob0> test at sub dot example.com, that's not in either of your check_recipient_access lookups?
[17:55:06] <rob0> also, the logs are incomplete, not showing the arrival
[17:55:28] <xpoint> Oh good, solaris is basicly dead as like msdos is, but good news both Are now opensources 😀
[17:55:42] <Ein> checking
[17:56:44] <xpoint> Note relay local
[17:57:03] <xpoint> You want system users
[17:58:19] <Ein> ok, there is a test@ in a different recipient check, going to remove that because it is for a diffent domain, long defunct
[18:00:03] <rob0> BTW procmail was never necessary, not even 20 years ago; Postfix had local(8) even then.
[18:00:04] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has quit IRC (Read error: Connection reset by peer)
[18:00:42] <xpoint> rob0: and exim have sieve 😀
[18:00:47] <Ein> when the people over in physics get the time machine working i'll be sure to go back then and inform them
[18:01:11] *** _cr_ <_cr_!~quassel@srv.ncxs.de> has joined #postfix
[18:02:19] <xpoint> Try sendmail -f root root
[18:02:32] <rob0> yeah, I just thought that would be an item of interest, you can /ignore me if you prefer.
[18:02:43] <xpoint> Logs showing where it goes
[18:03:31] <xpoint> Ups missed - bv in sendmail
[18:04:30] <rob0> Note that sendmail testing will not do anything at all to help troubleshoot smtpd restrictions.
[18:04:57] <xpoint> rob0: i started using policyd v1 with hrp tracking in mind
[18:05:59] <xpoint> If only one postfix server correct
[18:08:39] *** sloucher <sloucher!~Thunderbi@2604:5500:c128:d600::cb8> has quit IRC (Quit: sloucher)
[18:31:31] *** honestly <honestly!~luke@unaffiliated/luketheduke> has quit IRC (Ping timeout: 246 seconds)
[18:31:43] *** darkavenger <darkavenger!~sacha16@82.196.15.101> has quit IRC (Ping timeout: 245 seconds)
[18:32:18] <Ein> rob0: its a busy mailserver, i tried to catch all the relevant parts
[18:32:19] <Ein> https://pastebin.com/TKRkTNEP
[18:32:52] <Ein> and i changed test@sub to qwerty@sub to avoid any other accidental whitelists
[18:34:06] *** honestly <honestly!~luke@unaffiliated/luketheduke> has joined #postfix
[18:35:42] <xpoint> you like to have content moved to another server, still using relay local ?
[18:35:48] <rob0> mta-p7.bigit.example.com[C.D.196.207], this is another server of yours, sending what looks like a postmaster notification of a double nounce?
[18:35:55] <rob0> *bounce
[18:36:28] <Ein> double-bounce is from sub.domain
[18:36:37] <Ein> bigit is where i am sending the mail from
[18:37:24] <rob0> You have withheld information which was needed to answer your questions. For example, is C.D.196.207 in mynetworks? I'd have no way to know.
[18:37:43] <Ein> it is not
[18:38:12] <Ein> it is remote sender sending to qwerty at sub dot domain, qwery is an alias entry that expands
[18:38:27] <Ein> expands to an email address that is local to that mail server
[18:38:43] <rob0> and qwerty at sub dot domain, not listed in your check_recipient_access lookups?
[18:38:52] <Ein> (should be just a user, and if it is a user it correctly rejects it)
[18:39:16] <Ein> it is not, the email address that it expands to is listed in check_recipient_access
[18:39:44] <rob0> Again, that won't work, because check_recipient_access checks the RCPT TO address.
[18:40:23] *** darkavenger <darkavenger!~sacha16@82.196.15.101> has joined #postfix
[18:40:27] <Ein> right, so what is the correct way to make this work
[18:40:57] <rob0> list your unwanted addresses in your check_recipient_access lookups
[18:41:56] <Ein> maybe xpoint has a point, and i should just make sub.domain a virtual domain
[18:42:04] <rob0> same issue
[18:42:44] <rob0> well, another way to handle it with virtuality is to limit your valid recipient lists
[18:42:50] <Ein> is there any other way to stop mail delivery for a local user?
[18:42:53] <rob0> (that can be done with local as well)
[18:43:12] <rob0> !local_recipient_maps
[18:43:12] <knoba> rob0: a configuration parameter in the main.cf: Lookup tables with all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces.
[18:43:36] <xpoint> i will not repeat...
[18:43:56] <rob0> local_recipient_maps = hash:/etc/postfix/valid-local-recipients
[18:44:21] <rob0> valid-local-recipients: gooduser1 ok
[18:44:27] <rob0> gooduser1 ok
[18:44:31] <xpoint> keep that file empty then
[18:45:53] <xpoint> move users over to virtual alias so it will stop relay local in logs
[18:46:23] <rob0> So two ways: list all your addresses to accept, or list all your ones to reject. Either way will do it, decide based on which list is easier to create and maintain.
[18:46:49] <xpoint> make postfix configs jumbo makes possible more jumbo problems to solve
[18:47:43] <Ein> xpoint: this is a rats next of configurations already
[18:47:46] <xpoint> virtual alias can deliver mail to system users in mydestination
[18:48:43] <Ein> there are 7 virtual_alias maps, about a dozen access maps
[18:48:53] <xpoint> keeping mydestination rfc1918 ips only makes it even more simple
[18:48:58] <Ein> with a hodgepodge of access/deny rules
[18:49:19] <rob0> local_recipient_maps will ONLY look at the localpart. It's checked when the domain is listed in mydestination.
[18:51:08] <Ein> where do aliases fit in there?
[18:51:44] <xpoint> postconf -n shows it, if defaults config see postconf -d
[18:51:48] <Ein> because that might just be a solution, all the good recipients are aliased off
[18:51:52] <rob0> Some folks doing a variation of this will set "local_recipient_maps = $alias_maps" where each valid recipient is in alias_maps.
[18:52:09] <rob0> might work for you, I guess
[18:52:11] <Ein> alias_maps is in there
[18:52:46] <Ein> worth trying out
[18:52:58] <rob0> "local_recipient_maps = $alias_maps", see the ""? That means exact, as shown. That excludes the Unix user lookup.
[18:53:40] <xpoint> revert it back to default with coment that line in main.cf
[18:53:40] <Ein> right, which is what i want
[18:54:01] <Ein> default excludes $alias_maps
[18:54:01] <xpoint> why do you want it ?
[18:54:11] <rob0> take OUT the aliases for addresses you do not want to receive
[18:54:51] <xpoint> this is why i say rfc1918 in mydestination
[18:55:51] <rob0> local_recipient_maps default is "local_recipient_maps = proxy:unix:passwd.byname $alias_maps"
[18:57:17] <Ein> thanks guys, i'll try and implement this in the afternoon
[18:59:13] <xpoint> +1
[19:00:52] <xpoint> remember virtual alias can deliver mail to system users in mydestination, but mydestination domains can not be sent to since its rfc1918 ips, hints from me, all postfix users could learn from this
[19:02:17] <xpoint> rob0: i will try rewrite policyd v1 to use lmdb, hope i can do it, i was active helping with makefiles in that version :)
[19:14:01] *** RazvanDumitru__ <RazvanDumitru__!~RazvanDum@109.166.128.111> has joined #postfix
[19:14:20] *** gu1lle_ <gu1lle_!~Thunderbi@201.216.253.75> has joined #postfix
[19:18:08] *** asgardian <asgardian!~RazvanDum@mssm-portal.com> has quit IRC (Ping timeout: 265 seconds)
[19:22:58] *** k-man <k-man!~jason@unaffiliated/k-man> has quit IRC (Ping timeout: 245 seconds)
[19:24:46] *** k-man <k-man!~jason@unaffiliated/k-man> has joined #postfix
[19:32:50] *** RazvanDumitru__ <RazvanDumitru__!~RazvanDum@109.166.128.111> has quit IRC (Read error: Connection reset by peer)
[19:33:11] *** RazvanDumitru__ <RazvanDumitru__!~RazvanDum@109.166.128.111> has joined #postfix
[19:34:05] *** RazvanDumitru__ <RazvanDumitru__!~RazvanDum@109.166.128.111> has quit IRC (Read error: Connection reset by peer)
[19:34:33] *** asgardian <asgardian!~RazvanDum@78.96.210.97> has joined #postfix
[19:46:31] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 244 seconds)
[19:56:53] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix
[20:24:17] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has quit IRC (Read error: Connection reset by peer)
[20:25:19] *** n_1-c_k <n_1-c_k!~n_1-c_k@2a02:8010:63a6::70> has joined #postfix
[20:27:23] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 245 seconds)
[20:31:46] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix
[20:38:50] *** ephemer0l_ is now known as ephemer0l
[21:16:10] *** shibboleth <shibboleth!~shibbolet@gateway/tor-sasl/shibboleth> has joined #postfix
[21:52:25] *** jalalsfs_ <jalalsfs_!~jalalsfs@unaffiliated/jalalsfs> has joined #postfix
[21:54:18] *** joules <joules!~lucifurba@pdpc/supporter/active/joulez> has quit IRC (Quit: WeeChat 1.9.1)
[21:54:23] *** jalalsfs <jalalsfs!~jalalsfs@unaffiliated/jalalsfs> has quit IRC (Ping timeout: 276 seconds)
[22:15:51] *** section1 <section1!~section1@178.33.109.106> has quit IRC (Quit: Leaving)
[22:35:59] *** robinho86 <robinho86!~robson@189.115.58.83> has quit IRC (Quit: Leaving.)
[22:39:09] *** trident <trident!~trident@paranoia.trisec.se> has quit IRC (Ping timeout: 246 seconds)
[22:51:43] *** trident <trident!~trident@paranoia.trisec.se> has joined #postfix
[23:25:52] *** Southron <Southron!~Southron@unaffiliated/southron> has joined #postfix
[23:45:02] <ws2k3> how can i debug Recipient address rejected: User unknown in virtual mailbox table; ? i created the user in postfixadm
[23:47:48] *** oculux <oculux!~oculux@213.152.161.165> has quit IRC (Quit: blah)
[23:48:34] <rob0> yeah, that's a Postfix problem
[23:48:40] <rob0> !unknown_virtual
[23:48:41] <knoba> rob0: (#1) \"User unknown in virtual $X table\" means that the recipient domain was found in $virtual_$X_domains but the username@domain was not found in $virtual_$X_maps. ("$X" can be either alias or mailbox .), or (#2) In the special case of virtual_alias_domains this could mean that the virtual_alias_maps entry for the recipient address resolves to one or more addresses which are all in virtual_a
[23:49:32] <rob0> !postmapq
[23:49:33] <knoba> rob0: You can check your lookups with the postmap command. Example: if you defined transport_maps = mysql:/etc/postfix/transport.cf you may check this mapping by running postmap -q example.com mysql:/etc/postfix/transport.cf and see if it works.
[23:49:40] *** oculux <oculux!~oculux@213.152.161.165> has joined #postfix
[23:50:31] <ws2k3> rob0 i have transport_maps = hash:/etc/postfix/transport
[23:51:02] <rob0> we are talking about virtual_mailbox_maps!
[23:52:54] <rob0> "User unknown in virtual mailbox table" means that the recipient domain was found in $virtual_mailbox_domains but the username@domain was not found in $virtual_mailbox_maps.
[23:53:16] <ws2k3> rob0 so something like this? postmap -q example.com.com mysql:/etc/postfix/transport
[23:54:04] <rob0> Why are you focused on transport_maps? Do you know what EXAMPLE is?
[23:54:13] <rob0> 21:51 < rob0> we are talking about virtual_mailbox_maps!
[23:54:39] <ws2k3> cause i saw You can check your lookups with the postmap command. Example: if you defined transport_maps = mysql:/etc/postfix/transport.cf you may check this mapping by running postmap -q example.com mysql:/etc/postfix/transport.cf and see if it works.
[23:54:57] <ws2k3> i wanted to try that out
[23:55:07] <rob0> yes, that was supoposed to be an EXAMPLE of how to use postmap -q
[23:56:14] <ws2k3> rob0 i have virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
[23:56:15] <ws2k3> virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_domains_maps.cf
[23:56:15] <ws2k3> virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
top

   September 12, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >