/srv/irclogs.ubuntu.com/2016/05/22/#ubuntu-server.txt

ballerhey RickyB98  i tried installing it from this morning00:49
DatzRoyK: I suppose I do. What do you use?02:42
RoyKDatz: the commandline03:17
DatzI see. I find sometimes it's nice to have everything laid out. But really it depends..03:28
RoyKif you know what you're doing, you design the database before you put it into production03:33
RoyKand the visualisation from phpmyadmin is minimal03:33
DatzI think I fall only partly into the "know what you're doing" category.03:35
=== owh is now known as onno
=== athairus is now known as afkthairus
=== Piper-Off is now known as Monthrect
=== TJ- is now known as Guest61243
JemoeEI have a problem on my SMTP mailserver. It is set up with Postfix and Dovecot, and should require AUTH but somehow spammers are able to send from my email without AUTH. See a snippet from mail.log on http://pastebin.com/raw/s9KsqKNE13:21
trippehJemoeE: so it's sending to your gmail address? is it set up to forward?13:48
JemoeEtrippeh,  yep13:48
trippehthat would be why then, I guess13:49
trippehis it sending to anyone else not having forwards?13:50
trippehthat is, the spammers13:50
JemoeEyeah but they were refused by the server because the email addresses did not exist13:51
JemoeEso no, the only succeeded to send to my personal email (i think)13:51
JemoeEbut i can't see how it has to do with the forwarding. the mail should even get in if the client did not AUTH13:54
trippehis it your MX?13:54
JemoeEyes13:56
trippehif it required AUTH noone would be able to send you mail then.13:56
JemoeEcan't I require AUTH when the mail from email is from mine ?13:57
trippehits possible, not entirely sure how with postfix. most likely what you want is to have auth-only on the submission port, and reject anything from the outside with your domain as sender on port 2514:02
trippehmaybe just enforced using SPF?14:02
trippehoh wait14:02
trippehif its also sending, SPF wont really help14:03
trippeherr14:03
trippehsorry, disregard the last line14:03
trippehmind melted for a few seconds14:03
JemoeEhehe it's cool14:06
JemoeEmaybe SpamAssassin would help, but im just not sure im covering up the right hole14:09
trippehSPF would, and would also make others make sure your email comes from the right places14:12
trippehSPF is a little finicky with mailing lists though, so beware.14:12
JemoeEyeah i've thought about SPF. that should work. Im just still not sure why postfix/dovecot doesn't require auth when an email is sent from my domain14:16
rbasakJemoeE: usually the submission and regular smtp cases are implemented completely separately. Either by port or by entire server. It's pretty unusual to try to configure both cases on a single port.14:19
rbasakJemoeE: I would either use a submission port or a separate MTA instance for the two cases, and forget about trying to implement both on the same port on the same server.14:20
JemoeErbasak, if I understand you correctly, that's also what i'm trying to. In gmail my SMTP is using port 465 using SSL, so that's is my sender port. And incoming mails should be on port 25..14:23
JemoeEbut it seems like the spammers are sending mails from my port 25 also (from my email address to my own email address)14:24
rbasakJemoeE: so they're "just" spoofing you as a sender. They can do that equally to any other recipient. Use normal spam fighting techniques (SPF as mentioned or DKIM, RBLs, etc)14:32
JemoeErbasak, im setting up SPF now, thanks for taking the time, and thanks trippeh14:41
patdk-lapwhitelisting your own domain/email address is normally a very bad thing to do14:45
JemoeEpatdk-lap, sorry what?14:45
patdk-lapthe only way those emails should be getting past your normal anti-spam/anti-virus/.... stuff, would be if you whitelisted your own address/domain14:46
patdk-lapso spam checking is skipped when someone spoofs you14:46
JemoeEdoes spf whitelist my own domain ? (sorry if noob question :)14:49
patdk-lapthat is up to your postfix/spamassin/... configs14:49
patdk-lapspf doesn't do anything itself14:49
patdk-laphow you use spf does though14:49
JemoeEah, i just started reading about spf14:50
JemoeEas I understand i could set SPF up to allow mails sent from gmail, and then only gmail can send mail from my domains?14:52
patdk-lapif you use -all, and everyone that receives emails from you, checks spf, and follows SPF strictly14:52
JemoeE:|14:53
JemoeEso what do you recommend?14:55
patdk-lapprotecting other people from people spoofing your domain, you cannot control that, you can do what you can, implement spf, dkim, dmarc15:03
patdk-lapbut once you do that, you can easily add spf/dkim checks and reject based on someone spoofing you to yourself, easily15:04
patdk-lapand the reason to do that is so, instead of creating that for your own use, let others use the same stuff, if they want too, and limit the amount of backscatter you get15:05
JemoeEso I can only reject if someone is spoofing from my mail to my mail, and not to other mails? (because they need to check spf on their end?)15:08
patdk-lapjamespage, mostly yes15:25
LargePrimehi.  I am adding a user to my server, and granting ssh access.  they sent me a putty generated pub key.  how doi add it to my server?15:32
LargePrimeI have created and permed the .ssh dir and the authorized_keys fle15:32
LargePrimeI am really looking for the authorized keys file format or example15:33
LargePrimealso, am i doing it wrong?15:33
tewardLargePrime: if they sent you the Putty format Public Key they need to go back and get the OpenSSH public key string inside of puttygen for their private key15:47
tewardLargePrime: PuttyGen has a blank space at the top area of the window where it puts the OpenSSH public key string15:47
tewardyou need them to give you that15:47
patdk-lapor just convert it, though converting it is annoying15:47
LargePrimefrom a learning point of view can i not just cut the one key into opwn ssh format15:48
patdk-lapmany options: http://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux15:48
LargePrimethank you patdk-lap teward , much apprecated15:58
tewardpatdk-lap: i've had issues converting the public key parts without the private key15:59
tewardthough you're right converting is doable15:59
tewardLargePrime: probably easier for the user to just give you the *correct* information15:59
LargePrimeabsolutly.  but for political reasons i am trying to get it working16:00
LargePrimeyou guys make me look good16:00
patdk-laphmm, I hadn't had that issue, sometimes though rarely people had those to me for sftp usage16:00
LargePrimewell perhaps16:00
LargePrimeawaiting the user to awake and test16:01
tewardpatdk-lap: someone gave me an SSH-2 pubkey once, that was fun to convert.16:06
teward:16:06
teward(that proprietary format of pubkey from ancient times heh)16:06
=== RoyK^ is now known as RoyK^Home
Seveasteward: ssh-keygen -i :)18:01
tewardSeveas: context is nice, I don't remember anything from a few hours ago (pre-Coffee, I usually don't retain things well heh)18:04
tewardah, import18:06
=== shannon_ is now known as smasters
compdocFroberg, can I have your computer?20:56
Frobergheh, whatever for?20:56
Frobergit is mine20:57
Frobergmine own20:57
Frobergmy precious20:57
compdocWithout your computer, I am useless.20:57
FrobergAs I am without it.20:57
compdocyouve had it for a while. its my turn20:58
FrobergWell, I see you're based in Lithuania20:59
FrobergFeel free to come visit me in Denmark, we'll see about it ;-)20:59
FrobergNice country, by the way, I've been there a couple of times.21:00
BadApei am thinking about using ubuntu as the base OS for hosting docker containers21:44
BadApeare there any webui's to manage containers?21:45
compdocIm in Denver. bit further away. But Ive been to Denmark22:13
=== devil is now known as Guest27968
profallCan I install fglrx (amd proprietary drivers) on server even though there is no Xorg?22:56
patdk-lapdoubtful22:59
patdk-lapisn't those drivers in the kernel?22:59
patdk-lapbeen awhile since they where seperate22:59
profallyea, makes sense.23:26

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!