Archive for the ‘Email’ Category
Keep the spamassassin filter rules up to date in ISPConfig 3
To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:
crontab -e
then insert the following line:
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:
which sa-update
to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.
How to fix the spamassassin bug with the FH_DATE_PAST_20XX rule
Since january 1 2010, spamassassin is falsely marking non spam emails as spam due to an error in the regular expression of the FH_DATE_PAST_20XX rule.
Description of the bug:
https://secure.grepular.com/blog/index.php/2010/01/01/spamassassin-2010-bug/
To fix this, run the following command on the shell as root user:
sa-update
If you use the software ISPConfig 2 on your server, run this command:
/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update
How to renew the SSL certificate for dovecot on CentOS
Make a backup of the old key and certificate file
mv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.old mv /etc/ssl/private/dovecot.key /etc/ssl/private/dovecot.key.old
Create the new SSL certificate
openssl genrsa -out /etc/ssl/private/dovecot.key 1024 openssl req -new -x509 -key /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem -days 730
Restart Dovecot:
/etc/init.d/dovecot restart
How to renew the SSL certificate for dovecot on Ubuntu Linux
To create new SSL certificates for the dovecot pop3 and imap server on Ubuntu, follow these steps:
Make a backup copy of the old key and certificate file
sudo cp /etc/ssl/private/dovecot.key /etc/ssl/private/dovecot.key.old sudo cp /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.old Create the new key file <p class="command">openssl genrsa -out /etc/ssl/private/dovecot.key 1024
Create the new certificate file, valid for 2 years
Then restart dovecot
/etc/init.d/dovecot restart
Manage the postfix mailqueue with postsuper, postqueue und mailq
Postfix provides with postsuper, postqueue and mailq some shell utilitys to manage the mailqueue.
Here are some examples for common tasks:
List all messages that are in the mailqueue
postqueue -p
The output looks like this:
root@server:/# postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 501CA23B43DB 2182 Thu Dec 3 14:24:39 test@yourdomain.com (Host or domain name not found. Name service error for name=otherdomain.com type=MX: Host not found, try again) info@otherdomain.com -- 8 Kbytes in 1 Requests. <strong>Delete a message by message ID</strong> <p class="command">postsuper -d MessageID
replace MessageID with the ID of the message, e.g. 501CA23B43DB
root@server:/# postsuper -d 501CA23B43DB postsuper: 501CA23B43DB: removed postsuper: Deleted: 1 message <strong>Remove emails by sender</strong> <p class="command">mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($7 == "info@otherdomain.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d - replace "info@otherdomain.com" with the sender email address. <strong>Remove emails by recipient</strong> <p class="command">mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "you@yourdomain.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d - replace you@yourdomain.com with the recipient email address. <strong>Remove emails by sender hostname</strong> <p class="command">mailq | grep senderhostname | awk ‘{ print $1′} | postsuper -d -
replace the word “senderhostname” with the hostname of the email sender.
If your server has very high load and you want to temporarily move all message from the incoming queue to the hold queue, use the command:
postsuper -h ALL
to move the messages back to the incoming queue, use the command:
postsuper -r ALL
Instead of the word “ALL” you can also provide a specific message ID to move only one message to or from the hold queue. Message in the hold queue will not processed by postfix until they were requeued with postsuper -r.
How to enable port 465 (smtps) in postfix mailserver
More and more internet access providers are closing port 25 to reduce spam except for connections to their own mailservers. If you run your own mailserver and have problems to connect to it on port 25, you can enable port 465 (smtps) in postfix as a workaround. Edit the /etc/postfix/master.cf file:
vi /etc/postfix/master.cf
and remove the # in front of the smtps line. Example for Debain 5, change the line:
#smtps inet n - - - - smtpd
to:
smtps inet n - - - - smtpd
and restart postfix:
/etc/init.d/postfix restart
I get the following error message after an Ubuntu upgrade: s_connect() failed: Permission denied Invalid user specified.
After running a system upgrade on your Ubuntu based ISPConfig 3 server, it might happen that aptitude overwrites some config files from postfix especially the main.cf file. To fix this, download the latest ISPConfig 3 installer, unpack it and run the update.php script. Choose “yes” when the updater asks if the services shall be reconfigured. ISPConfig will replace the configuration files that had been modified by the ubuntu upgrade.
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xvfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install
php -q update.php
Install postfix with MySQL support on CentOS 5.3 (64Bit)
The following article explains the steps to compile postfix MTA with MySQL support on CentOS 5.3 as e.g. needed for ISPConfig 3.
Remove the postfix package from CentOS which does not has MySQL support:
/etc/init.d/postfix stop rpm -e --nodeps postfix Download the postfix source RPM and install it: <p class="command">cd /tmp wget http://mirror.rackspace.com/CentOS/5.3/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm rpm -i postfix-2.3.3-2.1.el5_2.src.rpm Edit the spec file to enable MySQL support. <p class="command">vi /usr/src/redhat/SPECS/postfix.spec
and change the line:
%define MYSQL 0
to:
%define MYSQL 1
Install a few prerequisites before we build the new postfix RPM package
yum install pcre-devel mysql-devel
Build the postfix RPM with MySQL support:
rpmbuild -ba /usr/src/redhat/SPECS/postfix.spec
and install it.
cd /usr/src/redhat/RPMS/x86_64
rpm -i postfix-2.3.3-2.1.x86_64.rpm
Start postfix and configure it to be started at boot time:
/etc/init.d/postfix start
chkconfig –levels 235 postfix on
How to enable DKIM email signatures in amavisd-new and ISPConfig 3
DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam and virus scanning and amavisd-new is also able to sign messages with DKIM. The next steps explain how to configure amavisd-new to sign messages for a domain named “example.com” with DKIM. The steps below should work with any amavisd-new setup even if you do not use ISPConfig.
1) Create the domain key:
mkdir /var/db/dkim/ amavisd genrsa /var/db/dkim/example-foo.key.pem 2) Configure amavisd to use this key for the domain example.com. Edit the amavisd configuration file <p class="command">vi /etc/amavisd/amavisd.conf
and add the following lines:
$enable_dkim_verification = 1; $enable_dkim_signing = 1; dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem'); @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16); # list your internal networks 3) Run the command: <p class="command">amavisd showkeys
to get the public key that has to be added as TXT record in the DNS server of the example.com DNS server.
4) Thest the setup with the command:
amavisd testkeys
and if it works properly, restart amavisd:
/etc/init.d/amavis restart
Here is a more detailed description in the amavisd-new manual on how to setup DKIM in amavisd-new:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Blocking .exe attachments with postfix or amavisd-new and ISPConfig 3
If you use postfix and / or amavisd-new on the mail server, you can use the following recipes to block emails with executable (exe, bat, scr) attachments.
Block the attachments with a postfix header filter
In ISPConfig, click on “Email in the upper menu, then on “Content filter” in the left menu and click on the “Add new content filter” button. Enter the following details:
Filter:
MIME-Header Filter
Regexp. Pattern:
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(bat|exe|scr))(\?=)?"?\s*(;|$)/x
Data:
File extension is blacklisted on this server
Action:
DISCARD
Use amavisd-new to block the emails with executable attachments.
Edit the amavisd configuration file (/etc/amavisd.conf or /etc/amavisd/amavisd.conf)
vi /etc/amavisd/amavisd.conf
and add the following lines:
$banned_filename_re = new_RE(
qr’.\.(bat|exe|scr)$’i,
qr’^\.(exe|zip|lha|tnef)$’i,
);
then restart amavisd-new:
/etc/init.d/amavis restart