Archive for the ‘Email’ Category
Enhanced e-mail SPAM protection in ISPConfig 3
The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.
In Detail:
- Reject sender hostnames with invalid syntax
- Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
- Reject sender domains that have no DNS records
- Check sender IP addresses against realtime blacklists.
First make a backup of the postfix main.cf file in case that you want to reverse the changes later:
cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak
Then execute this command to enable the additional spam protection functions (the command is one line!).
postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’
Then restart postfix:
/etc/init.d/postfix restart
How to change the welcome email message text in ISPConfig 3
As of ISPConfig 3.0.4, the text of the welcome email message that is sent to new email accounts is stored in the folder /usr/local/ispconfig/server/conf/mail/.
The message has this format:
————————————————————————
From: ISPConfig <postmaster@localhost.localdomain>
Subject: Welcome to your new email account.
Welcome to your new email account. Your webmaster.
————————————————————————
The first line starts with “From: ” followed by the sender email address. The second line starts with “Subject: ” followed by the email subject. The third line should be empty. All following lines are the email text.
The email text files are named “welcome_email_<language>.txt” where <language> has to be replaced with the system language like “en” for English or “de” for German language, e.g. “welcome_email_en.txt” for the english welcome email.
The customized language file should be stored in the folder /usr/local/ispconfig/server/conf-custom/mail/ so that it does not get overwritten by ISPConfig updates.
Send all outgoing email trough one IP address in postfix
When a server has more then one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to the primary IP address of the server.
Edit the postfix main.cf file:
vi /etc/postfix/main.cf
and add the line:
smtp_bind_address = 192.168.0.1
were 192.168.0.1 has to be replaced with the primary IP address of the server. Then restart postfix:
/etc/init.d/postfix restart
Fix for OpenSuSE error: postfix/master: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype
You might see the error:
postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype
On a OpenSuSE server when you enable smtps in postfix master.cf file. The reason for the error is that the definition of the smtps port in /etc/services is missing.
Solution
Edit the /etc/services file
vi /etc/services
and add the following lines:
smtps 465/tcp # Secure SMTP
smtps 465/udp # Secure SMTP
Then restart postfix
/etc/init.d/postfix restart
Solve the warning: connect to mysql server 127.0.0.1: Too many connections
If you get the error message “connect to mysql server 127.0.0.1: Too many connections” in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:
vi /etc/mysql/my.cnf
and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:
[mysqld]
……
max_connections = 500
max_user_connections = 500
…….
How to disable spamfilter- and antivirus functions in ISPConfig 3
If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:
Edit postfix main.cf file
vi /etc/postfix/main.cf
and comment out these lines by adding a “#” in front of them:
# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings
Then restart postfix:
/etc/init.d/postfix restart
Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop
update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove
P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.
The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.
How to update Spamassassin on ISPConfig 2
The spamassassin installation on a ISPConfig 2 server is normally updated together with ISPConfig. Here are the steps iIf you want to update spamassassin manually without updating ISPConfig 2:
Download the latest Spamassassin sources and unpack the tar.gz file
cd /tmp
wget http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/\
www.apache.org/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
tar xfz Mail-SpamAssassin-3.3.1.tar.gz
Configure, make and install spamassassin
cd Mail-SpamAssassin-3.3.1
perl Makefile.PL PREFIX=/home/admispconfig/ispconfig/tools/\
spamassassin/usr SYSCONFDIR=/home/admispconfig/ispconfig/\
tools/spamassassin/etc
make
make install
Cleanup
cd ..
rm -f Mail-SpamAssassin-3.3.1.tar.gz
rm -rf Mail-SpamAssassin-3.3.1
How to enable port 587 (submission) in postfix
Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.
To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line:
#submission inet n – n – – smtpd
so that it looks like this:
submission inet n – n – – smtpd
and restart postfix:
/etc/init.d/postfix restart
How to solve the ClamAV error “This version of the ClamAV engine is outdated” on Debian 5.0 (Lenny)
As of today, all ClamAV 0.94 or older installs will stop working. The Debian project has not released updates for their current stable release (5.0) yet to solve this, but there is a workaround. The Debain volatile project provides newer clamav versions. The installation steps to install ClamAV 0.95.3 on Debian lenny are:
1) Add the debian volatile repository to the sources list:
echo “deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free” >> /etc/apt/sources.list
2) Update the sources and install the new clamav package:
apt-get update
apt-get install clamav
apt-get -u upgrade
3) If you use amavisd-new (e.g. if you use a ISPConfig 3 server) then restart amavisd:
/etc/init.d/amavis restart
Keep the spamassassin filter rules up to date in ISPConfig 3
To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:
crontab -e
then insert the following line:
23 4 */2 * * /usr/bin/sa-update –no-gpg &> /dev/null
and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:
which sa-update
to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.