[00:01] <acmehandel> anyone here familiar with postfix?
=== stiv2k_ is now known as stiv2k
=== Lcawte is now known as Lcawte|Away
[00:21] <dork_> acmehandel: yep
[00:23] <acmehandel> dork_ well on one of my servers I am not getting an 'cannog assign requests address' from alt.gmail-smtp.l.google.com
[00:23] <acmehandel> I was having a problem earlier today where this server in question started sending out many many many messages to my email account.
[00:24] <acmehandel> I have this sinking feeling that google has blocked this servers IP address now.
[00:24] <acmehandel> before I was able to figure out how to fix this.
[00:24] <dork_> what do you mean you get that from alt.gmail-smtp.l.google.com
[00:24] <acmehandel> when I tail -100f /var/log/mail.lgo
[00:24] <acmehandel> when I tail -100f /var/log/mail.log
[00:24] <acmehandel> that is the message I get.
[00:25] <dork_> can you pastebin all the relevant lines of the specific message
[00:25] <dork_> or
[00:25] <dork_> you can check your ip's reputation on mxtoolbox
[00:25] <acmehandel> is that a .com?
[00:25] <dork_> sounds like someone used you as a reloy or something?
[00:25] <dork_> s/reloy/relay
[00:25] <dork_> http://mxtoolbox.com/
[00:25] <acmehandel> its more likely that I was careless in using postfix.
[00:26] <acmehandel> as I mentioned earlier.  The server started sending out many many many messages for nearly an hour before I noticed it arriving in my spam box
[00:26] <acmehandel> which is was not.
[00:27] <dork_> yeah but where did the messages come from
[00:27] <dork_> you're saying it looped the same legit piece of mail
[00:27] <dork_> ?
[00:27] <acmehandel> no.  not the same legit.  But new ones.  They were fail2ban, psad and logwatch messages
[00:27] <dork_> ohhhh
[00:27] <acmehandel> which unforunately I had set up incorrectly
[00:27] <dork_> how many were in the queue
[00:27] <acmehandel> ..apparently
[00:27] <acmehandel> thousands
[00:28] <dork_> there's a specific limit especially for free gmail accounts
[00:28] <acmehandel> just checked mxtoolbox says no ptr records exist
[00:28] <dork_> so if you fixed a problem and then bounced postfix while the queue was full then chances are yeah you could be rate limited
[00:28] <acmehandel> so I guess I'm clear for now.
[00:28] <dork_> is this just a mta that accepts mail to localhost only?
[00:28] <acmehandel> rate limited does not scare me...at least I dont think it should.   right?  I just dont want to be black flagged
[00:29] <acmehandel> or banned or whatever
[00:29] <dork_> no ptr means you have no reverse dns, but the reputation part you have to click the drop down menu at mxtoolbox
[00:29] <dork_> yeah it just means you won't be able to send to them for a little bit
[00:30] <acmehandel> I'm actually on two black lists now.   SORBS DUHL and Spamhuas Zen
[00:30] <acmehandel> wait no sorry....something doesnt seem right
[00:30] <dork_> what kind of postfix config is it
[00:31] <dork_> local only? is it an open relay?
[00:31] <dork_> satellite/relay?
[00:31] <acmehandel> er.....um....dunno
[00:31] <acmehandel> how can I check
[00:31] <acmehandel> one installled automatically with psad
[00:31] <acmehandel> but not this server
[00:32] <dork_> if it's self inflicted it should be fine, but you should make sure it isn't a misconfigured server that is being abused and getting you blacklisted
[00:32] <dork_> if you want you can message me the IP and i'll check
=== Joel_ is now known as Guest24021
[01:39] <acmehandel> what is the smartest way to disable a service and prevent it from restarting automatically?  i'm going through a variety of google searches and they dont seem to have any specific answer
[01:43] <TJ-> acmehandel: it depends on the init system
[01:44] <acmehandel> its 14.04   I check services using service --status-all  if that helps
[01:45] <TJ-> systemctl disable <service>; echo manual >> /etc/init/<service>.overrride; update-rc.d disable <service>
[01:45] <TJ-> that's Systemd, Upstart, and SysV-init respectively
[01:46] <acmehandel> the echo manual >> override one doesnt work.  I just tried it.  rebooted and the service came back
[01:46] <acmehandel> update-rc.d throws a 'api not stable and may change error' which is not very reassuring
[01:47] <TJ-> acmehandel: it depends on which init system script the service uses
[01:47] <patdk-lap> rm the service file always works :)
[01:47] <acmehandel> what if I just change the permissions to 000 on the service file?
[01:48] <patdk-lap> likely wont matter
[01:48] <patdk-lap> as it is normally run as root
[01:48] <acmehandel> wont matter in what sense?
[01:48] <acmehandel> that it wont have any affect?
[01:48] <patdk-lap> yep
[01:48] <patdk-lap> it would for sysv though
[01:49] <patdk-lap> due to lack of execut
[01:49] <patdk-lap> but not systemd or upstart
[01:49] <acmehandel> just tried the update-rc.d disable method and that did the trick.  but still not feeling assured that it wont cause a problem later....whenever that later may be
[04:14] <grendal_prime> I have two nics on conection to atnt_t1 line second to local wireless uplink privider. On rare ocations the wireless provider will go down (usually for an hour) but we need the t1 to act as a backup internet connection. what is the best way to do this . I have an ubuntu 14.04 doing all the routing.
[04:15] <grendal_prime> ive looked at iproute2 but i dont see a fall_back connection config for that..only a secondary gateway .
[04:53] <grendal_prime> i think i found something to work it out
=== DonRichie2 is now known as DonRichie
=== jgrimm is now known as jgrimm-away
=== cpaelzer_ is now known as cpaelzer
=== InfoTest1 is now known as InfoTest
=== Lcawte|Away is now known as Lcawte
[10:27] <jamespage> bug 1512908
[10:27] <ubottu> bug 1512908 in nova-compute (Juju Charms Collection) "Inability to add nova-compute host to os-aggregate" [High,New] https://launchpad.net/bugs/1512908
=== pdostal_ is now known as pdostal
=== InfoTest1 is now known as InfoTest
[12:32] <pmatulis> morning
[13:40] <Darkyyy> im getting "unable to resolve host" whenever i use SUDO
[14:04] <Darkyyy> im getting "unable to resolve host" whenever i use SUDO
[14:31] <teward> Darkyyy: edit /etc/hosts and make sure your hostname is defined somewhere in there, assigned an IP in the localhost range (127.0.0.1-127.0.3.255 preferably being one of the IPs you use)
[14:31] <teward> Darkyyy: assuming the 'unable to resolve host' hostname referenced is the local box's hostname
[14:35] <Darkyyy> teward:thanks
=== csdc is now known as adv_
=== wvvrw is now known as adv_
=== Lcawte is now known as Lcawte|Away
=== dork_ is now known as dork
=== Lcawte|Away is now known as Lcawte
[19:14] <impermanence> I'm getting a relay access denied message from postfix.  I'm new to postfix.  What's the deal?  I can send internally, but as soon as I try to hit gmail I get rejected.  Can somebody tell me how to change my main.cf to allow me hit gmail?
[19:16] <teward> impermanence: do you mean to send to GMail addresses from your postfix (i.e. your server sends a mail message to GMail)
[19:17] <impermanence> @teward yep.
[19:17] <qman__> Anonymous relay is disabled by default, because otherwise it would enable a bunch of spam by default
[19:18] <qman__> You need to configure who is allowed to relay, either by using g user authentication or configuring allowed relay networks
[19:18] <impermanence> @qman_ are you speaking to me?
[19:19] <qman__> That said, your messages will still be rejected by gmail unless you have SPF at a minimum
[19:19] <qman__> impermanence: yes
[19:19] <impermanence> @qman_ when I run the same config on a box not in the cloud they reach domains more weird than gmail.
[19:20] <impermanence> @qman_ I'm pretty sure it has something to do with poor configs in my main.cf
[19:21] <dork> impermanence: are you the guy that was here yesterday
[19:21] <qman__> impermanence: as I said, you either need user authentication, or to configure allowed relay networks, and gmail's anti-spam will block you unless you take considerable steps to legitimize your mail
[19:21] <impermanence> @dork unfortunately.
[19:21] <dork> hehe
[19:22] <dork> you're still not able to send to google servers?
[19:22] <impermanence> @dork not from my cloud box.  But my local box that works and the cloud box both point to the same mail server.
[19:23] <impermanence> @dork and locally I can send to gmail, whatever, just fine.
[19:23] <impermanence> @dork it isn't a firewall thing.
[19:23] <teward> qman__: since you know more about this, I have multiple domains that relay through a postfix system, set up to take mail for something@tld1, something@tld2, somethingelse@tld3, ... and send to my Google Apps email address.  All those forwards there get put into Spam by default, any way to make Google recognize it as 'legitimate'?
[19:24] <qman__> impermanence: if you're using a hosted server, your host may not allow you to send mail directly; go daddy is set up like this and you must use their mail relay
[19:24] <dork> impermanence: can you pastebin the relay errors being generated in /var/log/mail.log
[19:24] <dork> yeah he's on some off-name vps provider
[19:25] <impermanence> @qman_ aws...
[19:25] <qman__> teward: need to make sure you're not on any RBLs, set up SPF, and I recommend setting up DKIM
[19:25] <dork> he had a built up queue from psad/fail2ban/etc that probably all got flushed out but he also has a bad reputation on the known DNSBLs and also has no uniform forward and PTR records
[19:25] <qman__> teward: you also need valid PTR records
[19:26] <dork> and he also didn't give me the ip to check to see if ufw was set up properly, because his main.cf was set to listen on all interfaces
[19:26] <dork> so there's also that
[19:26] <qman__> Ah
[19:26] <teward> qman__: got a guide for setting up RBLs, SPF, DKIM, and valid PTR records given that the mail server's domain is mail.someotherdomain.xyz and all MX records point to that for my domains/
[19:26] <impermanence> give me a sec to pastebin my main.cf  I just need to obfuscate company stuff
[19:26] <teward> not RBLs
[19:27] <teward> qman__: the server's not on any RBLs, that's the first one i checked
[19:27] <qman__> good
[19:27] <dork> i'm guessing his domain doesn't have proper SPF records either
[19:27] <qman__> SPF is set up on your domain's DNS server, PTR is set up on your ISP's DNS server
[19:27] <qman__> DKIM is a bit more complex
[19:27] <qman__> and not strictly required, but helpful
[19:27] <dork> it all adds up
[19:27] <dork> basically
[19:28] <dork> but basically all the dinosaur RFCs need to be observed first
[19:28] <qman__> https://en.wikipedia.org/wiki/Sender_Policy_Framework  https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
[19:29] <impermanence> @dork relay error on pastebin: pastebin.com/zaiyks63
[19:29] <impermanence> @dork main.cf coming up  (it's probably horrible forewarning)
[19:29] <dork> did you change it since yesterday
[19:30] <dork> lol
[19:30] <dork> i'm not debugging your python hello world
[19:30] <dork> your code is not forging the required data for the parcel
[19:30] <dork> insanity
[19:30]  * dork walks away
[19:30] <teward> qman__: that doesn't answer my question with regards to the domains being served - does the PTR have to point to *each* domain's mail.domain.tld, or if the MX record for my domain is mail.somethingelse.xyz, do I just need to make sure the PTR is mail.somethingelse.xyz ?
[19:31] <teward> qman__: a guide for setting up SPF in this case would be nice, though
[19:31] <dork> teward: there is a galaxy of examples of spf records and what they do
[19:31] <dork> teward: you should read the RFCs
[19:32] <teward> dork: none that I've gotten to work - the pointbeing the mail server has a different domain, and I'm not sure how to add/include that data in the SPF in a way it works/operates correctly
[19:32] <qman__> teward: the PTR has to resolve to what your mail sever tells people it is, when they connect
[19:32] <qman__> not required for every domain it hosts
[19:32] <teward> ok
[19:32] <qman__> and that has to be a valid, real domain
[19:32] <teward> right
[19:32] <dork> all it does it uses a dns record to identify what servers are qualified to send legitimate e-mail on behalf of a domain
[19:32] <teward> qman__: that applies to both the v4 and v6?
[19:32] <qman__> yes
[19:32] <teward> OK
[19:33] <teward> i'll take those steps.  any way to verify I set up SPF right though, easily?  (It helps I control the DNS servers for my sites, instantupdates for the win)
[19:33] <impermanence> @dork the py code is fine.  works beautifully with internal addresses.  I wouldn't do you like that pal!
[19:33] <dork> teward: use dig in a terminal and look at various examples by querying domains
[19:33] <dork> like dig txt yahoo.com
[19:33] <impermanence> @dork anyway forget that.  look at my main.cf which I'm sure is terrible.
[19:34] <dork> impermanence: the parcel you're creating isn't respecting RFC standards
[19:34] <impermanence> @dork pastebin.com/8m9zhKdN
[19:34] <dork> and partly because your main.cf isn't configured properly
[19:34] <impermanence> @dork I'm sure not.
[19:34] <dork> but if your script were creating a MIME compliant parcel it wouldn't even matter
[19:35] <dork> and if your postfix config were properly configured it would be rewriting the headers properly
[19:36] <dork> unfortunately i need to leave to go back to work
[19:36] <impermanence> @dork np, pal.  I'll work it out.  I always do.  Just wanted to consult the experts first.  have a goodin'
[20:35] <Darkyyy> hello
[20:35] <Darkyyy> how i edit my hostname
[20:37] <Pici> !hostname
[20:37] <ubottu> Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hosts to include BOTH the old and new hostname and then change /etc/hostname to the new one. WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.
[20:38] <Darkyyy> yeah i got that part
[20:38] <Darkyyy> what do i exactly fill in
[20:40] <Darkyyy> i can see my local ip and some temporary hostname my hoster put in
[20:42] <Pici> Darkyyy: copy that line, but replace the temp name with your new hostname
[20:42] <Darkyyy> which is ?
[20:42] <Darkyyy> external ip maybe ?
[20:42] <Pici> Darkyyy: I don't know, what do you want your new hostname to me?
[20:42] <Pici> er, be?
[20:42] <Darkyyy> pici
[20:42] <Darkyyy> ;)
[20:43] <Pici> it can be your fqdn if you want., so for example my /etc/hosts has:  66.228.45.177   nullcortex.com  nullcortex  and /etc/hostname has just nullcortex.com
[22:56] <keithzg> What RBLs would one recommend for email spam blocking currently? Right now I'm just using zen.spamhaus.org