[01:15] <jiffe> ubuntu server installer doesn't support booting off zfs yet?
[05:01] <tomreyn> jiffe: i think there's only experimental support for zfs on / in desktop installers so far.
[05:04] <tomreyn> "We announced 6 months ago that support for deploying Ubuntu root on ZFS with MAAS was available as an experimental feature." "We want to support ZFS on root as an experimental installer option, initially for desktop, but keeping the layout extensible for server later on." https://ubuntu.com/blog/enhancing-our-zfs-support-on-ubuntu-19-10-an-introduction
[15:49] <jiffe> ah, well that kind of sucks
[15:49] <jiffe> seems like zfs would be more useful on a server environment
[15:50] <jiffe> maybe desktop is a better testbed
[16:14] <jiffe> so doesn't sound like I'd be able to manually install server on zfs by any means either, I'd still need to use desktop live version
[16:21] <ducasse> jiffe: there used to be a guide on github somewhere, you could still use that, i guess
[16:23] <ducasse> jiffe: https://github.com/zfsonlinux/zfs/wiki/Ubuntu-18.04-Root-on-ZFS
[17:36] <jiffe> ducasse: yeah I saw that, that requires dektop live version
[17:37] <ducasse> yeah, but you can just get rid of the desktop stuff and install the -server metapackage
[17:39] <jiffe> worth a shot, eh?
[18:36] <aberrant> hi all
[18:36] <aberrant> I have a question regarding apt and packagekit.
[18:36] <aberrant> I run a headless server, and packagekit logs TERM events every day
[18:36] <aberrant> so I decided to disable and mask it
[18:37] <aberrant> now apt is reporting errors on update
[18:37] <aberrant> is there a way to resolve this so I don't get any errors or events?
[18:44] <tomreyn> what do you mean by "TERM events"?
[18:44] <tomreyn> aberrant: ^
[18:45] <tomreyn> and whic ubuntu server version is this?
[19:05] <aberrant> tomreyn: sorry for the delay
[19:06] <aberrant> tomreyn: daemon.warning: Dec 29 02:17:17 elemental systemd[1]:  packagekit.service: Main process exited, code=killed, status=15/TERM
[19:06] <aberrant> tomreyn: this is 19.10
[19:06] <aberrant> I get multiple messages per day
[19:11] <aberrant> troubling especially due to https://blogs.gnome.org/hughsie/2019/02/14/packagekit-is-dead-long-live-well-something-else/
[19:15] <aberrant> if I remove packagekit I also remove ubuntu-server, which I probably don't want to remove.
[19:20] <chapman_r> Good morning and Happy New Year all.  I'm using Ubuntu 18.04.3 LTS and trying to set up Postfix to use an Exchange server as a relay.  I have read and followed numerous guides and instructions but I cannot get it to authenticate properly using PLAIN, LOGIN or NTLM which the Exchange server supports LOGIN/NTLM.  Any help with this would be most
[19:20] <chapman_r> appreciated. Thanks in advance.
[19:27] <JanC> did you check the logs in both servers?
[19:37] <chapman_r> JanC, I do not have access to the logs on the Exchange server.   If I remove NTLM as a Mech I get an error that no Mechs can be found. So it seems that postfix defaults to using NTLM.  I can manually authenticate using "Auth LOGIN" with base64 encoded username/password and I can send an email.  but when postfix relays an email it uses NTLM and it
[19:37] <chapman_r> will fail.  I get the following error message.SASL authentication failed; server mail.domain.com[x.x.x.x] said: 535 5.7.3 Authentication unsuccessful
[19:38] <chapman_r> JanC, it seems that postfix doesn't/cannot use LOGIN which works for me doing it manually
[19:41] <tomreyn> LOGIN was an attempt to have secure authentication over insecure transports / links. nowadays almost everything is TLS, or should be, and PLAIN is the better approach for that, so you probably don't want LOGIN.
[19:42]  * tomreyn can't comment on NTLM though.
[19:43] <chapman_r> My tests are using "telnet mail.domain.com 25" and base64 encoded username/password.  could this be an issue with TLS encrypting with something other thant base64?
[19:44] <chapman_r> tomreyn, see above
[19:44] <chapman_r> I'm sorry "encoding not encrypting"
[19:46] <chapman_r> topmreyn, Also when I try using PLAIN, postfix complains about not having any Mechs (Mechanisms)
[19:49] <chapman_r> when encoding the username and password I use "echo "username" | base64; echo "password" | base64"
[19:52] <tomreyn> chapman_r: i was merely commenting on whether it makes sense to use LOGIN rather than PLAIN, in general, nowadays. I don't expect LOGIN to be no longer supported, nor to break when used in combination with TLS.
[19:57] <chapman_r> tomreyn, gotcha, thanks for the comment.  I'm not very familiar with TLS and it's encoding/encryption methods.
[19:57] <tomreyn> actually i mixed this up, sorry, LOGIN is just base64-encoded username + ppassword, just like PLAIN. what i had in mind in terms of '(attempting to) securely authenticating without TLS' is CRAM-MD5, you should not need to use this naymore.
[19:59] <tomreyn> chapman_r: LOGIN is defined in an expired RFC draft, never got official, shoul dbe considered obsolete, but is still implemented often, but also really similar to PLAIN.
[20:01] <chapman_r> tomreyn, I haven't tried CRAM-MD5 yet.  Yes the documentation seems to suggest not using PLAIN or LOGIN anymore.  The exchange server only supports "LOGIN or NTLM"
[20:03] <tomreyn> PLAIN would be ideal over encrypted transport from postfix's point of view, i guess. i suggest you ask in #postfix oder #dovecot (if you're using their sasl) about how to make the two mail server variants cooperate properly.
[20:05] <chapman_r> tomreyn, Oh I hadn't thought about that.  I'll try #postfix and see if anyone can help.  Thanks again for your help I really appreciate it.
[20:06] <tomreyn> https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/ supports NTLM via samba.
[20:09] <chapman_r> tomryn, thanks I'll give it a read.
[20:09] <JanC> it probably also depends on how the Exchange server is configured...
[20:11] <chapman_r> JanC, Yes, and trying to get that information is next to impossible. I have had tickets in for weeks trying to get someone from the Exchange group to help, but no one has responded.  Gah! lol
[20:14] <tomreyn> in the ms exchange domain, never-touch-a-running-system-if-you-somehow-managed-to-get-it-to-run is not just a recomendation but a punishable law, and deeper understanding of the systems' configuration is considered somehwere between wizardry and godlikeness. and those higher beings may not wish to talk to a commoner linux admin.
[20:23] <chapman_r> tomreyn, OMG this is so true lol
[21:43] <JanC> if they actually know how their system works, they can also tell you what it's configured to expect...
[21:47] <teward> Exchange is pain regardless :p
[21:48] <JanC> I wonder if IIS still includes a mailserver?
[21:49] <JanC> that actually worked more or less like a normal mail server
[21:55] <teward> JanC: Last I checked, IIS doesn't bundle a mail server with itself
[21:55] <teward> but Exchange bundles IIS
[21:56] <teward> because that's how most of the Exchange protocol stuff communicates (HTTPS for web services and crap)
[21:56] <JanC> IIS used to come with SMTP & POP3 servers at least
[21:56] <teward> i'd have to check what a base IIS comes with, but it's still annoying with Exchange defaulting to NTLM auth.
[21:57] <teward> TYPICALLY someone would set up a connector that lets you use STARTTLS+PLAIN or encrypted, at least in most environments I've seen that, except from mail gateways delivering in which case they're just plain whitelisted as individual send/receive connectors
[21:57] <JanC> (as wel as HTTP, FTP, gopher, etc.)
[21:57] <JanC> NNTP too IIRC
[21:58] <JanC> Exchange didn't even exist in the old Windows server days  :)
[22:00] <JanC> see e.g. http://www.it-notebook.org/uncategorized/article/email_server_win_2003.htm