| acmehandel | anyone here familiar with postfix? | 00:01 |
|---|---|---|
| === stiv2k_ is now known as stiv2k | ||
| === Lcawte is now known as Lcawte|Away | ||
| dork_ | acmehandel: yep | 00:21 |
| acmehandel | dork_ well on one of my servers I am not getting an 'cannog assign requests address' from alt.gmail-smtp.l.google.com | 00:23 |
| acmehandel | I was having a problem earlier today where this server in question started sending out many many many messages to my email account. | 00:23 |
| acmehandel | I have this sinking feeling that google has blocked this servers IP address now. | 00:24 |
| acmehandel | before I was able to figure out how to fix this. | 00:24 |
| dork_ | what do you mean you get that from alt.gmail-smtp.l.google.com | 00:24 |
| acmehandel | when I tail -100f /var/log/mail.lgo | 00:24 |
| acmehandel | when I tail -100f /var/log/mail.log | 00:24 |
| acmehandel | that is the message I get. | 00:24 |
| dork_ | can you pastebin all the relevant lines of the specific message | 00:25 |
| dork_ | or | 00:25 |
| dork_ | you can check your ip's reputation on mxtoolbox | 00:25 |
| acmehandel | is that a .com? | 00:25 |
| dork_ | sounds like someone used you as a reloy or something? | 00:25 |
| dork_ | s/reloy/relay | 00:25 |
| dork_ | http://mxtoolbox.com/ | 00:25 |
| acmehandel | its more likely that I was careless in using postfix. | 00:25 |
| acmehandel | as I mentioned earlier. The server started sending out many many many messages for nearly an hour before I noticed it arriving in my spam box | 00:26 |
| acmehandel | which is was not. | 00:26 |
| dork_ | yeah but where did the messages come from | 00:27 |
| dork_ | you're saying it looped the same legit piece of mail | 00:27 |
| dork_ | ? | 00:27 |
| acmehandel | no. not the same legit. But new ones. They were fail2ban, psad and logwatch messages | 00:27 |
| dork_ | ohhhh | 00:27 |
| acmehandel | which unforunately I had set up incorrectly | 00:27 |
| dork_ | how many were in the queue | 00:27 |
| acmehandel | ..apparently | 00:27 |
| acmehandel | thousands | 00:27 |
| dork_ | there's a specific limit especially for free gmail accounts | 00:28 |
| acmehandel | just checked mxtoolbox says no ptr records exist | 00:28 |
| dork_ | so if you fixed a problem and then bounced postfix while the queue was full then chances are yeah you could be rate limited | 00:28 |
| acmehandel | so I guess I'm clear for now. | 00:28 |
| dork_ | is this just a mta that accepts mail to localhost only? | 00:28 |
| acmehandel | rate limited does not scare me...at least I dont think it should. right? I just dont want to be black flagged | 00:28 |
| acmehandel | or banned or whatever | 00:29 |
| dork_ | no ptr means you have no reverse dns, but the reputation part you have to click the drop down menu at mxtoolbox | 00:29 |
| dork_ | yeah it just means you won't be able to send to them for a little bit | 00:29 |
| acmehandel | I'm actually on two black lists now. SORBS DUHL and Spamhuas Zen | 00:30 |
| acmehandel | wait no sorry....something doesnt seem right | 00:30 |
| dork_ | what kind of postfix config is it | 00:30 |
| dork_ | local only? is it an open relay? | 00:31 |
| dork_ | satellite/relay? | 00:31 |
| acmehandel | er.....um....dunno | 00:31 |
| acmehandel | how can I check | 00:31 |
| acmehandel | one installled automatically with psad | 00:31 |
| acmehandel | but not this server | 00:31 |
| dork_ | if it's self inflicted it should be fine, but you should make sure it isn't a misconfigured server that is being abused and getting you blacklisted | 00:32 |
| dork_ | if you want you can message me the IP and i'll check | 00:32 |
| === Joel_ is now known as Guest24021 | ||
| acmehandel | what is the smartest way to disable a service and prevent it from restarting automatically? i'm going through a variety of google searches and they dont seem to have any specific answer | 01:39 |
| TJ- | acmehandel: it depends on the init system | 01:43 |
| acmehandel | its 14.04 I check services using service --status-all if that helps | 01:44 |
| TJ- | systemctl disable <service>; echo manual >> /etc/init/<service>.overrride; update-rc.d disable <service> | 01:45 |
| TJ- | that's Systemd, Upstart, and SysV-init respectively | 01:45 |
| acmehandel | the echo manual >> override one doesnt work. I just tried it. rebooted and the service came back | 01:46 |
| acmehandel | update-rc.d throws a 'api not stable and may change error' which is not very reassuring | 01:46 |
| TJ- | acmehandel: it depends on which init system script the service uses | 01:47 |
| patdk-lap | rm the service file always works :) | 01:47 |
| acmehandel | what if I just change the permissions to 000 on the service file? | 01:47 |
| patdk-lap | likely wont matter | 01:48 |
| patdk-lap | as it is normally run as root | 01:48 |
| acmehandel | wont matter in what sense? | 01:48 |
| acmehandel | that it wont have any affect? | 01:48 |
| patdk-lap | yep | 01:48 |
| patdk-lap | it would for sysv though | 01:48 |
| patdk-lap | due to lack of execut | 01:49 |
| patdk-lap | but not systemd or upstart | 01:49 |
| acmehandel | just tried the update-rc.d disable method and that did the trick. but still not feeling assured that it wont cause a problem later....whenever that later may be | 01:49 |
| grendal_prime | I have two nics on conection to atnt_t1 line second to local wireless uplink privider. On rare ocations the wireless provider will go down (usually for an hour) but we need the t1 to act as a backup internet connection. what is the best way to do this . I have an ubuntu 14.04 doing all the routing. | 04:14 |
| grendal_prime | ive looked at iproute2 but i dont see a fall_back connection config for that..only a secondary gateway . | 04:15 |
| grendal_prime | i think i found something to work it out | 04:53 |
| === DonRichie2 is now known as DonRichie | ||
| === jgrimm is now known as jgrimm-away | ||
| === cpaelzer_ is now known as cpaelzer | ||
| === InfoTest1 is now known as InfoTest | ||
| === Lcawte|Away is now known as Lcawte | ||
| jamespage | bug 1512908 | 10:27 |
| ubottu | bug 1512908 in nova-compute (Juju Charms Collection) "Inability to add nova-compute host to os-aggregate" [High,New] https://launchpad.net/bugs/1512908 | 10:27 |
| === pdostal_ is now known as pdostal | ||
| === InfoTest1 is now known as InfoTest | ||
| pmatulis | morning | 12:32 |
| Darkyyy | im getting "unable to resolve host" whenever i use SUDO | 13:40 |
| Darkyyy | im getting "unable to resolve host" whenever i use SUDO | 14:04 |
| teward | Darkyyy: edit /etc/hosts and make sure your hostname is defined somewhere in there, assigned an IP in the localhost range (127.0.0.1-127.0.3.255 preferably being one of the IPs you use) | 14:31 |
| teward | Darkyyy: assuming the 'unable to resolve host' hostname referenced is the local box's hostname | 14:31 |
| Darkyyy | teward:thanks | 14:35 |
| === csdc is now known as adv_ | ||
| === wvvrw is now known as adv_ | ||
| === Lcawte is now known as Lcawte|Away | ||
| === dork_ is now known as dork | ||
| === Lcawte|Away is now known as Lcawte | ||
| impermanence | I'm getting a relay access denied message from postfix. I'm new to postfix. What's the deal? I can send internally, but as soon as I try to hit gmail I get rejected. Can somebody tell me how to change my main.cf to allow me hit gmail? | 19:14 |
| teward | impermanence: do you mean to send to GMail addresses from your postfix (i.e. your server sends a mail message to GMail) | 19:16 |
| impermanence | @teward yep. | 19:17 |
| qman__ | Anonymous relay is disabled by default, because otherwise it would enable a bunch of spam by default | 19:17 |
| qman__ | You need to configure who is allowed to relay, either by using g user authentication or configuring allowed relay networks | 19:18 |
| impermanence | @qman_ are you speaking to me? | 19:18 |
| qman__ | That said, your messages will still be rejected by gmail unless you have SPF at a minimum | 19:19 |
| qman__ | impermanence: yes | 19:19 |
| impermanence | @qman_ when I run the same config on a box not in the cloud they reach domains more weird than gmail. | 19:19 |
| impermanence | @qman_ I'm pretty sure it has something to do with poor configs in my main.cf | 19:20 |
| dork | impermanence: are you the guy that was here yesterday | 19:21 |
| qman__ | impermanence: as I said, you either need user authentication, or to configure allowed relay networks, and gmail's anti-spam will block you unless you take considerable steps to legitimize your mail | 19:21 |
| impermanence | @dork unfortunately. | 19:21 |
| dork | hehe | 19:21 |
| dork | you're still not able to send to google servers? | 19:22 |
| impermanence | @dork not from my cloud box. But my local box that works and the cloud box both point to the same mail server. | 19:22 |
| impermanence | @dork and locally I can send to gmail, whatever, just fine. | 19:23 |
| impermanence | @dork it isn't a firewall thing. | 19:23 |
| teward | qman__: since you know more about this, I have multiple domains that relay through a postfix system, set up to take mail for something@tld1, something@tld2, somethingelse@tld3, ... and send to my Google Apps email address. All those forwards there get put into Spam by default, any way to make Google recognize it as 'legitimate'? | 19:23 |
| qman__ | impermanence: if you're using a hosted server, your host may not allow you to send mail directly; go daddy is set up like this and you must use their mail relay | 19:24 |
| dork | impermanence: can you pastebin the relay errors being generated in /var/log/mail.log | 19:24 |
| dork | yeah he's on some off-name vps provider | 19:24 |
| impermanence | @qman_ aws... | 19:25 |
| qman__ | teward: need to make sure you're not on any RBLs, set up SPF, and I recommend setting up DKIM | 19:25 |
| dork | he had a built up queue from psad/fail2ban/etc that probably all got flushed out but he also has a bad reputation on the known DNSBLs and also has no uniform forward and PTR records | 19:25 |
| qman__ | teward: you also need valid PTR records | 19:25 |
| dork | and he also didn't give me the ip to check to see if ufw was set up properly, because his main.cf was set to listen on all interfaces | 19:26 |
| dork | so there's also that | 19:26 |
| qman__ | Ah | 19:26 |
| teward | qman__: got a guide for setting up RBLs, SPF, DKIM, and valid PTR records given that the mail server's domain is mail.someotherdomain.xyz and all MX records point to that for my domains/ | 19:26 |
| impermanence | give me a sec to pastebin my main.cf I just need to obfuscate company stuff | 19:26 |
| teward | not RBLs | 19:26 |
| teward | qman__: the server's not on any RBLs, that's the first one i checked | 19:27 |
| qman__ | good | 19:27 |
| dork | i'm guessing his domain doesn't have proper SPF records either | 19:27 |
| qman__ | SPF is set up on your domain's DNS server, PTR is set up on your ISP's DNS server | 19:27 |
| qman__ | DKIM is a bit more complex | 19:27 |
| qman__ | and not strictly required, but helpful | 19:27 |
| dork | it all adds up | 19:27 |
| dork | basically | 19:27 |
| dork | but basically all the dinosaur RFCs need to be observed first | 19:28 |
| qman__ | https://en.wikipedia.org/wiki/Sender_Policy_Framework https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail | 19:28 |
| impermanence | @dork relay error on pastebin: pastebin.com/zaiyks63 | 19:29 |
| impermanence | @dork main.cf coming up (it's probably horrible forewarning) | 19:29 |
| dork | did you change it since yesterday | 19:29 |
| dork | lol | 19:30 |
| dork | i'm not debugging your python hello world | 19:30 |
| dork | your code is not forging the required data for the parcel | 19:30 |
| dork | insanity | 19:30 |
| * dork walks away | 19:30 | |
| teward | qman__: that doesn't answer my question with regards to the domains being served - does the PTR have to point to *each* domain's mail.domain.tld, or if the MX record for my domain is mail.somethingelse.xyz, do I just need to make sure the PTR is mail.somethingelse.xyz ? | 19:30 |
| teward | qman__: a guide for setting up SPF in this case would be nice, though | 19:31 |
| dork | teward: there is a galaxy of examples of spf records and what they do | 19:31 |
| dork | teward: you should read the RFCs | 19:31 |
| teward | dork: none that I've gotten to work - the pointbeing the mail server has a different domain, and I'm not sure how to add/include that data in the SPF in a way it works/operates correctly | 19:32 |
| qman__ | teward: the PTR has to resolve to what your mail sever tells people it is, when they connect | 19:32 |
| qman__ | not required for every domain it hosts | 19:32 |
| teward | ok | 19:32 |
| qman__ | and that has to be a valid, real domain | 19:32 |
| teward | right | 19:32 |
| dork | all it does it uses a dns record to identify what servers are qualified to send legitimate e-mail on behalf of a domain | 19:32 |
| teward | qman__: that applies to both the v4 and v6? | 19:32 |
| qman__ | yes | 19:32 |
| teward | OK | 19:32 |
| teward | i'll take those steps. any way to verify I set up SPF right though, easily? (It helps I control the DNS servers for my sites, instantupdates for the win) | 19:33 |
| impermanence | @dork the py code is fine. works beautifully with internal addresses. I wouldn't do you like that pal! | 19:33 |
| dork | teward: use dig in a terminal and look at various examples by querying domains | 19:33 |
| dork | like dig txt yahoo.com | 19:33 |
| impermanence | @dork anyway forget that. look at my main.cf which I'm sure is terrible. | 19:33 |
| dork | impermanence: the parcel you're creating isn't respecting RFC standards | 19:34 |
| impermanence | @dork pastebin.com/8m9zhKdN | 19:34 |
| dork | and partly because your main.cf isn't configured properly | 19:34 |
| impermanence | @dork I'm sure not. | 19:34 |
| dork | but if your script were creating a MIME compliant parcel it wouldn't even matter | 19:34 |
| dork | and if your postfix config were properly configured it would be rewriting the headers properly | 19:35 |
| dork | unfortunately i need to leave to go back to work | 19:36 |
| impermanence | @dork np, pal. I'll work it out. I always do. Just wanted to consult the experts first. have a goodin' | 19:36 |
| Darkyyy | hello | 20:35 |
| Darkyyy | how i edit my hostname | 20:35 |
| Pici | !hostname | 20:37 |
| ubottu | Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hosts to include BOTH the old and new hostname and then change /etc/hostname to the new one. WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly. | 20:37 |
| Darkyyy | yeah i got that part | 20:38 |
| Darkyyy | what do i exactly fill in | 20:38 |
| Darkyyy | i can see my local ip and some temporary hostname my hoster put in | 20:40 |
| Pici | Darkyyy: copy that line, but replace the temp name with your new hostname | 20:42 |
| Darkyyy | which is ? | 20:42 |
| Darkyyy | external ip maybe ? | 20:42 |
| Pici | Darkyyy: I don't know, what do you want your new hostname to me? | 20:42 |
| Pici | er, be? | 20:42 |
| Darkyyy | pici | 20:42 |
| Darkyyy | ;) | 20:42 |
| Pici | it can be your fqdn if you want., so for example my /etc/hosts has: 66.228.45.177 nullcortex.com nullcortex and /etc/hostname has just nullcortex.com | 20:43 |
| keithzg | What RBLs would one recommend for email spam blocking currently? Right now I'm just using zen.spamhaus.org | 22:56 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!