acmehandelanyone here familiar with postfix?00:01
=== stiv2k_ is now known as stiv2k
=== Lcawte is now known as Lcawte|Away
dork_acmehandel: yep00:21
acmehandeldork_ well on one of my servers I am not getting an 'cannog assign requests address' from alt.gmail-smtp.l.google.com00:23
acmehandelI was having a problem earlier today where this server in question started sending out many many many messages to my email account.00:23
acmehandelI have this sinking feeling that google has blocked this servers IP address now.00:24
acmehandelbefore I was able to figure out how to fix this.00:24
dork_what do you mean you get that from alt.gmail-smtp.l.google.com00:24
acmehandelwhen I tail -100f /var/log/mail.lgo00:24
acmehandelwhen I tail -100f /var/log/mail.log00:24
acmehandelthat is the message I get.00:24
dork_can you pastebin all the relevant lines of the specific message00:25
dork_you can check your ip's reputation on mxtoolbox00:25
acmehandelis that a .com?00:25
dork_sounds like someone used you as a reloy or something?00:25
acmehandelits more likely that I was careless in using postfix.00:25
acmehandelas I mentioned earlier.  The server started sending out many many many messages for nearly an hour before I noticed it arriving in my spam box00:26
acmehandelwhich is was not.00:26
dork_yeah but where did the messages come from00:27
dork_you're saying it looped the same legit piece of mail00:27
acmehandelno.  not the same legit.  But new ones.  They were fail2ban, psad and logwatch messages00:27
acmehandelwhich unforunately I had set up incorrectly00:27
dork_how many were in the queue00:27
dork_there's a specific limit especially for free gmail accounts00:28
acmehandeljust checked mxtoolbox says no ptr records exist00:28
dork_so if you fixed a problem and then bounced postfix while the queue was full then chances are yeah you could be rate limited00:28
acmehandelso I guess I'm clear for now.00:28
dork_is this just a mta that accepts mail to localhost only?00:28
acmehandelrate limited does not scare me...at least I dont think it should.   right?  I just dont want to be black flagged00:28
acmehandelor banned or whatever00:29
dork_no ptr means you have no reverse dns, but the reputation part you have to click the drop down menu at mxtoolbox00:29
dork_yeah it just means you won't be able to send to them for a little bit00:29
acmehandelI'm actually on two black lists now.   SORBS DUHL and Spamhuas Zen00:30
acmehandelwait no sorry....something doesnt seem right00:30
dork_what kind of postfix config is it00:30
dork_local only? is it an open relay?00:31
acmehandelhow can I check00:31
acmehandelone installled automatically with psad00:31
acmehandelbut not this server00:31
dork_if it's self inflicted it should be fine, but you should make sure it isn't a misconfigured server that is being abused and getting you blacklisted00:32
dork_if you want you can message me the IP and i'll check00:32
=== Joel_ is now known as Guest24021
acmehandelwhat is the smartest way to disable a service and prevent it from restarting automatically?  i'm going through a variety of google searches and they dont seem to have any specific answer01:39
TJ-acmehandel: it depends on the init system01:43
acmehandelits 14.04   I check services using service --status-all  if that helps01:44
TJ-systemctl disable <service>; echo manual >> /etc/init/<service>.overrride; update-rc.d disable <service>01:45
TJ-that's Systemd, Upstart, and SysV-init respectively01:45
acmehandelthe echo manual >> override one doesnt work.  I just tried it.  rebooted and the service came back01:46
acmehandelupdate-rc.d throws a 'api not stable and may change error' which is not very reassuring01:46
TJ-acmehandel: it depends on which init system script the service uses01:47
patdk-laprm the service file always works :)01:47
acmehandelwhat if I just change the permissions to 000 on the service file?01:47
patdk-laplikely wont matter01:48
patdk-lapas it is normally run as root01:48
acmehandelwont matter in what sense?01:48
acmehandelthat it wont have any affect?01:48
patdk-lapit would for sysv though01:48
patdk-lapdue to lack of execut01:49
patdk-lapbut not systemd or upstart01:49
acmehandeljust tried the update-rc.d disable method and that did the trick.  but still not feeling assured that it wont cause a problem later....whenever that later may be01:49
grendal_primeI have two nics on conection to atnt_t1 line second to local wireless uplink privider. On rare ocations the wireless provider will go down (usually for an hour) but we need the t1 to act as a backup internet connection. what is the best way to do this . I have an ubuntu 14.04 doing all the routing.04:14
grendal_primeive looked at iproute2 but i dont see a fall_back connection config for that..only a secondary gateway .04:15
grendal_primei think i found something to work it out04:53
=== DonRichie2 is now known as DonRichie
=== jgrimm is now known as jgrimm-away
=== cpaelzer_ is now known as cpaelzer
=== InfoTest1 is now known as InfoTest
=== Lcawte|Away is now known as Lcawte
jamespagebug 151290810:27
ubottubug 1512908 in nova-compute (Juju Charms Collection) "Inability to add nova-compute host to os-aggregate" [High,New] https://launchpad.net/bugs/151290810:27
=== pdostal_ is now known as pdostal
=== InfoTest1 is now known as InfoTest
Darkyyyim getting "unable to resolve host" whenever i use SUDO13:40
Darkyyyim getting "unable to resolve host" whenever i use SUDO14:04
tewardDarkyyy: edit /etc/hosts and make sure your hostname is defined somewhere in there, assigned an IP in the localhost range ( preferably being one of the IPs you use)14:31
tewardDarkyyy: assuming the 'unable to resolve host' hostname referenced is the local box's hostname14:31
=== csdc is now known as adv_
=== wvvrw is now known as adv_
=== Lcawte is now known as Lcawte|Away
=== dork_ is now known as dork
=== Lcawte|Away is now known as Lcawte
impermanenceI'm getting a relay access denied message from postfix.  I'm new to postfix.  What's the deal?  I can send internally, but as soon as I try to hit gmail I get rejected.  Can somebody tell me how to change my main.cf to allow me hit gmail?19:14
tewardimpermanence: do you mean to send to GMail addresses from your postfix (i.e. your server sends a mail message to GMail)19:16
impermanence@teward yep.19:17
qman__Anonymous relay is disabled by default, because otherwise it would enable a bunch of spam by default19:17
qman__You need to configure who is allowed to relay, either by using g user authentication or configuring allowed relay networks19:18
impermanence@qman_ are you speaking to me?19:18
qman__That said, your messages will still be rejected by gmail unless you have SPF at a minimum19:19
qman__impermanence: yes19:19
impermanence@qman_ when I run the same config on a box not in the cloud they reach domains more weird than gmail.19:19
impermanence@qman_ I'm pretty sure it has something to do with poor configs in my main.cf19:20
dorkimpermanence: are you the guy that was here yesterday19:21
qman__impermanence: as I said, you either need user authentication, or to configure allowed relay networks, and gmail's anti-spam will block you unless you take considerable steps to legitimize your mail19:21
impermanence@dork unfortunately.19:21
dorkyou're still not able to send to google servers?19:22
impermanence@dork not from my cloud box.  But my local box that works and the cloud box both point to the same mail server.19:22
impermanence@dork and locally I can send to gmail, whatever, just fine.19:23
impermanence@dork it isn't a firewall thing.19:23
tewardqman__: since you know more about this, I have multiple domains that relay through a postfix system, set up to take mail for something@tld1, something@tld2, somethingelse@tld3, ... and send to my Google Apps email address.  All those forwards there get put into Spam by default, any way to make Google recognize it as 'legitimate'?19:23
qman__impermanence: if you're using a hosted server, your host may not allow you to send mail directly; go daddy is set up like this and you must use their mail relay19:24
dorkimpermanence: can you pastebin the relay errors being generated in /var/log/mail.log19:24
dorkyeah he's on some off-name vps provider19:24
impermanence@qman_ aws...19:25
qman__teward: need to make sure you're not on any RBLs, set up SPF, and I recommend setting up DKIM19:25
dorkhe had a built up queue from psad/fail2ban/etc that probably all got flushed out but he also has a bad reputation on the known DNSBLs and also has no uniform forward and PTR records19:25
qman__teward: you also need valid PTR records19:25
dorkand he also didn't give me the ip to check to see if ufw was set up properly, because his main.cf was set to listen on all interfaces19:26
dorkso there's also that19:26
tewardqman__: got a guide for setting up RBLs, SPF, DKIM, and valid PTR records given that the mail server's domain is mail.someotherdomain.xyz and all MX records point to that for my domains/19:26
impermanencegive me a sec to pastebin my main.cf  I just need to obfuscate company stuff19:26
tewardnot RBLs19:26
tewardqman__: the server's not on any RBLs, that's the first one i checked19:27
dorki'm guessing his domain doesn't have proper SPF records either19:27
qman__SPF is set up on your domain's DNS server, PTR is set up on your ISP's DNS server19:27
qman__DKIM is a bit more complex19:27
qman__and not strictly required, but helpful19:27
dorkit all adds up19:27
dorkbut basically all the dinosaur RFCs need to be observed first19:28
qman__https://en.wikipedia.org/wiki/Sender_Policy_Framework  https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail19:28
impermanence@dork relay error on pastebin: pastebin.com/zaiyks6319:29
impermanence@dork main.cf coming up  (it's probably horrible forewarning)19:29
dorkdid you change it since yesterday19:29
dorki'm not debugging your python hello world19:30
dorkyour code is not forging the required data for the parcel19:30
* dork walks away19:30
tewardqman__: that doesn't answer my question with regards to the domains being served - does the PTR have to point to *each* domain's mail.domain.tld, or if the MX record for my domain is mail.somethingelse.xyz, do I just need to make sure the PTR is mail.somethingelse.xyz ?19:30
tewardqman__: a guide for setting up SPF in this case would be nice, though19:31
dorkteward: there is a galaxy of examples of spf records and what they do19:31
dorkteward: you should read the RFCs19:31
tewarddork: none that I've gotten to work - the pointbeing the mail server has a different domain, and I'm not sure how to add/include that data in the SPF in a way it works/operates correctly19:32
qman__teward: the PTR has to resolve to what your mail sever tells people it is, when they connect19:32
qman__not required for every domain it hosts19:32
qman__and that has to be a valid, real domain19:32
dorkall it does it uses a dns record to identify what servers are qualified to send legitimate e-mail on behalf of a domain19:32
tewardqman__: that applies to both the v4 and v6?19:32
tewardi'll take those steps.  any way to verify I set up SPF right though, easily?  (It helps I control the DNS servers for my sites, instantupdates for the win)19:33
impermanence@dork the py code is fine.  works beautifully with internal addresses.  I wouldn't do you like that pal!19:33
dorkteward: use dig in a terminal and look at various examples by querying domains19:33
dorklike dig txt yahoo.com19:33
impermanence@dork anyway forget that.  look at my main.cf which I'm sure is terrible.19:33
dorkimpermanence: the parcel you're creating isn't respecting RFC standards19:34
impermanence@dork pastebin.com/8m9zhKdN19:34
dorkand partly because your main.cf isn't configured properly19:34
impermanence@dork I'm sure not.19:34
dorkbut if your script were creating a MIME compliant parcel it wouldn't even matter19:34
dorkand if your postfix config were properly configured it would be rewriting the headers properly19:35
dorkunfortunately i need to leave to go back to work19:36
impermanence@dork np, pal.  I'll work it out.  I always do.  Just wanted to consult the experts first.  have a goodin'19:36
Darkyyyhow i edit my hostname20:35
ubottuUse hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hosts to include BOTH the old and new hostname and then change /etc/hostname to the new one. WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.20:37
Darkyyyyeah i got that part20:38
Darkyyywhat do i exactly fill in20:38
Darkyyyi can see my local ip and some temporary hostname my hoster put in20:40
PiciDarkyyy: copy that line, but replace the temp name with your new hostname20:42
Darkyyywhich is ?20:42
Darkyyyexternal ip maybe ?20:42
PiciDarkyyy: I don't know, what do you want your new hostname to me?20:42
Picier, be?20:42
Piciit can be your fqdn if you want., so for example my /etc/hosts has:   nullcortex.com  nullcortex  and /etc/hostname has just nullcortex.com20:43
keithzgWhat RBLs would one recommend for email spam blocking currently? Right now I'm just using zen.spamhaus.org22:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!