Archive for the ‘Email’ Category

Enhanced e-mail SPAM protection in ISPConfig 3

Monday, November 21, 2011 posted by Till

The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.

In Detail:

  • Reject sender hostnames with invalid syntax
  • Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
  • Reject sender domains that have no DNS records
  • Check sender IP addresses against realtime blacklists.

First make a backup of the postfix main.cf file in case that you want to reverse the changes later:

cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak

Then execute this command to enable the additional spam protection functions (the command is one line!).

postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’

Then restart postfix:

/etc/init.d/postfix restart

How to change the welcome email message text in ISPConfig 3

Thursday, November 10, 2011 posted by Till

As of ISPConfig 3.0.4, the text of the welcome email message that is sent to new email accounts is stored in the folder /usr/local/ispconfig/server/conf/mail/.

The message has this format:

————————————————————————
From: ISPConfig <postmaster@localhost.localdomain>
Subject: Welcome to your new email account.

Welcome to your new email account. Your webmaster.
————————————————————————

The first line starts with “From: ” followed by the sender email address. The second line starts with “Subject: ” followed by the email subject. The third line should be empty. All following lines are the email text.

The email text files are named “welcome_email_<language>.txt” where <language> has to be replaced with the system language like “en” for English or “de” for German language, e.g. “welcome_email_en.txt” for the english welcome email.

The customized language file should be stored in the folder /usr/local/ispconfig/server/conf-custom/mail/ so that it does not get overwritten by ISPConfig updates.

Send all outgoing email trough one IP address in postfix

Tuesday, October 25, 2011 posted by Till

When a server has more then one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to the primary IP address of the server.

Edit the postfix main.cf file:

vi /etc/postfix/main.cf

and add the line:

smtp_bind_address = 192.168.0.1

were 192.168.0.1 has to be replaced with the primary IP address of the server. Then restart postfix:

/etc/init.d/postfix restart

You might see the error:

postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype

On a OpenSuSE server when you enable smtps in postfix master.cf file. The reason for the error is that the definition of the smtps port in /etc/services is missing.

Solution

Edit the /etc/services file

vi /etc/services

and add the following lines:

smtps 465/tcp # Secure SMTP
smtps 465/udp # Secure SMTP

Then restart postfix

/etc/init.d/postfix restart

If you get the error message “connect to mysql server 127.0.0.1: Too many connections” in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:

vi /etc/mysql/my.cnf

and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:

[mysqld]
……
max_connections = 500
max_user_connections = 500
…….

If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:

Edit postfix main.cf file

vi /etc/postfix/main.cf

and comment out these lines by adding a “#” in front of them:

# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings

Then restart postfix:

/etc/init.d/postfix restart

Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary

/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop

update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove

P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.

The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.

How to update Spamassassin on ISPConfig 2

Thursday, May 27, 2010 posted by Till

The spamassassin installation on a ISPConfig 2 server is normally updated together with ISPConfig. Here are the steps iIf you want to update spamassassin manually without updating ISPConfig 2:

Download the latest Spamassassin sources and unpack the tar.gz file

cd /tmp
wget http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/\
www.apache.org/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
tar xfz Mail-SpamAssassin-3.3.1.tar.gz

Configure, make and install spamassassin

cd Mail-SpamAssassin-3.3.1
perl Makefile.PL PREFIX=/home/admispconfig/ispconfig/tools/\
spamassassin/usr SYSCONFDIR=/home/admispconfig/ispconfig/\
tools/spamassassin/etc
make
make install

Cleanup

cd ..
rm -f Mail-SpamAssassin-3.3.1.tar.gz
rm -rf Mail-SpamAssassin-3.3.1

How to enable port 587 (submission) in postfix

Monday, April 26, 2010 posted by Till

Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.

To enable port 587, edit the file /etc/postfix/master.cf

vi /etc/postfix/master.cf

and remove the # in front of the line:

#submission inet n – n – – smtpd

so that it looks like this:

submission inet n – n – – smtpd

and restart postfix:

/etc/init.d/postfix restart

As of today, all ClamAV 0.94 or older installs will stop working. The Debian project has not released updates for their current stable release (5.0) yet to solve this, but there is a workaround. The Debain volatile project provides newer clamav versions. The installation steps to install ClamAV 0.95.3 on Debian lenny are:

1) Add the debian volatile repository to the sources list:

echo “deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free” >> /etc/apt/sources.list

2) Update the sources and install the new clamav package:

apt-get update
apt-get install clamav
apt-get -u upgrade

3) If you use amavisd-new (e.g. if you use a ISPConfig 3 server) then restart amavisd:

/etc/init.d/amavis restart

Keep the spamassassin filter rules up to date in ISPConfig 3

Friday, February 5, 2010 posted by Till

To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:

crontab -e

then insert the following line:

23 4 */2 * * /usr/bin/sa-update –no-gpg &> /dev/null

and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:

which sa-update

to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.