baller | hey RickyB98 i tried installing it from this morning | 00:49 |
---|---|---|
Datz | RoyK: I suppose I do. What do you use? | 02:42 |
RoyK | Datz: the commandline | 03:17 |
Datz | I see. I find sometimes it's nice to have everything laid out. But really it depends.. | 03:28 |
RoyK | if you know what you're doing, you design the database before you put it into production | 03:33 |
RoyK | and the visualisation from phpmyadmin is minimal | 03:33 |
Datz | I think I fall only partly into the "know what you're doing" category. | 03:35 |
=== owh is now known as onno | ||
=== athairus is now known as afkthairus | ||
=== Piper-Off is now known as Monthrect | ||
=== TJ- is now known as Guest61243 | ||
JemoeE | I have a problem on my SMTP mailserver. It is set up with Postfix and Dovecot, and should require AUTH but somehow spammers are able to send from my email without AUTH. See a snippet from mail.log on http://pastebin.com/raw/s9KsqKNE | 13:21 |
trippeh | JemoeE: so it's sending to your gmail address? is it set up to forward? | 13:48 |
JemoeE | trippeh, yep | 13:48 |
trippeh | that would be why then, I guess | 13:49 |
trippeh | is it sending to anyone else not having forwards? | 13:50 |
trippeh | that is, the spammers | 13:50 |
JemoeE | yeah but they were refused by the server because the email addresses did not exist | 13:51 |
JemoeE | so no, the only succeeded to send to my personal email (i think) | 13:51 |
JemoeE | but i can't see how it has to do with the forwarding. the mail should even get in if the client did not AUTH | 13:54 |
trippeh | is it your MX? | 13:54 |
JemoeE | yes | 13:56 |
trippeh | if it required AUTH noone would be able to send you mail then. | 13:56 |
JemoeE | can't I require AUTH when the mail from email is from mine ? | 13:57 |
trippeh | its possible, not entirely sure how with postfix. most likely what you want is to have auth-only on the submission port, and reject anything from the outside with your domain as sender on port 25 | 14:02 |
trippeh | maybe just enforced using SPF? | 14:02 |
trippeh | oh wait | 14:02 |
trippeh | if its also sending, SPF wont really help | 14:03 |
trippeh | err | 14:03 |
trippeh | sorry, disregard the last line | 14:03 |
trippeh | mind melted for a few seconds | 14:03 |
JemoeE | hehe it's cool | 14:06 |
JemoeE | maybe SpamAssassin would help, but im just not sure im covering up the right hole | 14:09 |
trippeh | SPF would, and would also make others make sure your email comes from the right places | 14:12 |
trippeh | SPF is a little finicky with mailing lists though, so beware. | 14:12 |
JemoeE | yeah i've thought about SPF. that should work. Im just still not sure why postfix/dovecot doesn't require auth when an email is sent from my domain | 14:16 |
rbasak | JemoeE: usually the submission and regular smtp cases are implemented completely separately. Either by port or by entire server. It's pretty unusual to try to configure both cases on a single port. | 14:19 |
rbasak | JemoeE: I would either use a submission port or a separate MTA instance for the two cases, and forget about trying to implement both on the same port on the same server. | 14:20 |
JemoeE | rbasak, if I understand you correctly, that's also what i'm trying to. In gmail my SMTP is using port 465 using SSL, so that's is my sender port. And incoming mails should be on port 25.. | 14:23 |
JemoeE | but it seems like the spammers are sending mails from my port 25 also (from my email address to my own email address) | 14:24 |
rbasak | JemoeE: so they're "just" spoofing you as a sender. They can do that equally to any other recipient. Use normal spam fighting techniques (SPF as mentioned or DKIM, RBLs, etc) | 14:32 |
JemoeE | rbasak, im setting up SPF now, thanks for taking the time, and thanks trippeh | 14:41 |
patdk-lap | whitelisting your own domain/email address is normally a very bad thing to do | 14:45 |
JemoeE | patdk-lap, sorry what? | 14:45 |
patdk-lap | the only way those emails should be getting past your normal anti-spam/anti-virus/.... stuff, would be if you whitelisted your own address/domain | 14:46 |
patdk-lap | so spam checking is skipped when someone spoofs you | 14:46 |
JemoeE | does spf whitelist my own domain ? (sorry if noob question :) | 14:49 |
patdk-lap | that is up to your postfix/spamassin/... configs | 14:49 |
patdk-lap | spf doesn't do anything itself | 14:49 |
patdk-lap | how you use spf does though | 14:49 |
JemoeE | ah, i just started reading about spf | 14:50 |
JemoeE | as I understand i could set SPF up to allow mails sent from gmail, and then only gmail can send mail from my domains? | 14:52 |
patdk-lap | if you use -all, and everyone that receives emails from you, checks spf, and follows SPF strictly | 14:52 |
JemoeE | :| | 14:53 |
JemoeE | so what do you recommend? | 14:55 |
patdk-lap | protecting other people from people spoofing your domain, you cannot control that, you can do what you can, implement spf, dkim, dmarc | 15:03 |
patdk-lap | but once you do that, you can easily add spf/dkim checks and reject based on someone spoofing you to yourself, easily | 15:04 |
patdk-lap | and the reason to do that is so, instead of creating that for your own use, let others use the same stuff, if they want too, and limit the amount of backscatter you get | 15:05 |
JemoeE | so I can only reject if someone is spoofing from my mail to my mail, and not to other mails? (because they need to check spf on their end?) | 15:08 |
patdk-lap | jamespage, mostly yes | 15:25 |
LargePrime | hi. I am adding a user to my server, and granting ssh access. they sent me a putty generated pub key. how doi add it to my server? | 15:32 |
LargePrime | I have created and permed the .ssh dir and the authorized_keys fle | 15:32 |
LargePrime | I am really looking for the authorized keys file format or example | 15:33 |
LargePrime | also, am i doing it wrong? | 15:33 |
teward | LargePrime: if they sent you the Putty format Public Key they need to go back and get the OpenSSH public key string inside of puttygen for their private key | 15:47 |
teward | LargePrime: PuttyGen has a blank space at the top area of the window where it puts the OpenSSH public key string | 15:47 |
teward | you need them to give you that | 15:47 |
patdk-lap | or just convert it, though converting it is annoying | 15:47 |
LargePrime | from a learning point of view can i not just cut the one key into opwn ssh format | 15:48 |
patdk-lap | many options: http://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux | 15:48 |
LargePrime | thank you patdk-lap teward , much apprecated | 15:58 |
teward | patdk-lap: i've had issues converting the public key parts without the private key | 15:59 |
teward | though you're right converting is doable | 15:59 |
teward | LargePrime: probably easier for the user to just give you the *correct* information | 15:59 |
LargePrime | absolutly. but for political reasons i am trying to get it working | 16:00 |
LargePrime | you guys make me look good | 16:00 |
patdk-lap | hmm, I hadn't had that issue, sometimes though rarely people had those to me for sftp usage | 16:00 |
LargePrime | well perhaps | 16:00 |
LargePrime | awaiting the user to awake and test | 16:01 |
teward | patdk-lap: someone gave me an SSH-2 pubkey once, that was fun to convert. | 16:06 |
teward | : | 16:06 |
teward | (that proprietary format of pubkey from ancient times heh) | 16:06 |
=== RoyK^ is now known as RoyK^Home | ||
Seveas | teward: ssh-keygen -i :) | 18:01 |
teward | Seveas: context is nice, I don't remember anything from a few hours ago (pre-Coffee, I usually don't retain things well heh) | 18:04 |
teward | ah, import | 18:06 |
=== shannon_ is now known as smasters | ||
compdoc | Froberg, can I have your computer? | 20:56 |
Froberg | heh, whatever for? | 20:56 |
Froberg | it is mine | 20:57 |
Froberg | mine own | 20:57 |
Froberg | my precious | 20:57 |
compdoc | Without your computer, I am useless. | 20:57 |
Froberg | As I am without it. | 20:57 |
compdoc | youve had it for a while. its my turn | 20:58 |
Froberg | Well, I see you're based in Lithuania | 20:59 |
Froberg | Feel free to come visit me in Denmark, we'll see about it ;-) | 20:59 |
Froberg | Nice country, by the way, I've been there a couple of times. | 21:00 |
BadApe | i am thinking about using ubuntu as the base OS for hosting docker containers | 21:44 |
BadApe | are there any webui's to manage containers? | 21:45 |
compdoc | Im in Denver. bit further away. But Ive been to Denmark | 22:13 |
=== devil is now known as Guest27968 | ||
profall | Can I install fglrx (amd proprietary drivers) on server even though there is no Xorg? | 22:56 |
patdk-lap | doubtful | 22:59 |
patdk-lap | isn't those drivers in the kernel? | 22:59 |
patdk-lap | been awhile since they where seperate | 22:59 |
profall | yea, makes sense. | 23:26 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!