Posts Tagged ‘postfix’

Enhanced e-mail SPAM protection in ISPConfig 3

Monday, November 21, 2011 posted by Till

The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.

In Detail:

  • Reject sender hostnames with invalid syntax
  • Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
  • Reject sender domains that have no DNS records
  • Check sender IP addresses against realtime blacklists.

First make a backup of the postfix main.cf file in case that you want to reverse the changes later:

cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak

Then execute this command to enable the additional spam protection functions (the command is one line!).

postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’

Then restart postfix:

/etc/init.d/postfix restart

Send all outgoing email trough one IP address in postfix

Tuesday, October 25, 2011 posted by Till

When a server has more then one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to the primary IP address of the server.

Edit the postfix main.cf file:

vi /etc/postfix/main.cf

and add the line:

smtp_bind_address = 192.168.0.1

were 192.168.0.1 has to be replaced with the primary IP address of the server. Then restart postfix:

/etc/init.d/postfix restart

You might see the error:

postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype

On a OpenSuSE server when you enable smtps in postfix master.cf file. The reason for the error is that the definition of the smtps port in /etc/services is missing.

Solution

Edit the /etc/services file

vi /etc/services

and add the following lines:

smtps 465/tcp # Secure SMTP
smtps 465/udp # Secure SMTP

Then restart postfix

/etc/init.d/postfix restart

How to enable port 587 (submission) in postfix

Monday, April 26, 2010 posted by Till

Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.

To enable port 587, edit the file /etc/postfix/master.cf

vi /etc/postfix/master.cf

and remove the # in front of the line:

#submission inet n – n – – smtpd

so that it looks like this:

submission inet n – n – – smtpd

and restart postfix:

/etc/init.d/postfix restart

Postfix provides with postsuper, postqueue and mailq some  shell utilitys to manage the mailqueue.

Here are some examples for common tasks:

List all messages that are in the mailqueue

postqueue -p

The output looks like this:

root@server:/# postqueue -p
-Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
501CA23B43DB     2182 Thu Dec  3 14:24:39  test@yourdomain.com
(Host or domain name not found. Name service error for name=otherdomain.com type=MX: Host not found, try again)
info@otherdomain.com

– 8 Kbytes in 1 Requests.

Delete a message by message ID

postsuper -d MessageID

replace MessageID with the ID of the message, e.g. 501CA23B43DB

root@server:/# postsuper -d 501CA23B43DB
postsuper: 501CA23B43DB: removed
postsuper: Deleted: 1 message

Remove emails by sender

mailq | tail +2 | awk ‘BEGIN { RS = “” }
# $7=sender, $8=recipient1, $9=recipient2
{ if ($7 == “info@otherdomain.com” && $9 == “”)
print $1 }
‘ | tr -d ‘*!’ | postsuper -d -

replace “info@otherdomain.com” with the sender email address.

Remove emails by recipient

mailq | tail +2 | awk ‘BEGIN { RS = “” }
# $7=sender, $8=recipient1, $9=recipient2
{ if ($8 == “you@yourdomain.com” && $9 == “”)
print $1 }
‘ | tr -d ‘*!’ | postsuper -d -

replace you@yourdomain.com with the recipient email address.

Remove emails by sender hostname

mailq | grep senderhostname | awk ‘{ print $1′} | postsuper -d -

replace the word “senderhostname” with the hostname of the email sender.

If your server has very high load and you want to temporarily move all message from the incoming queue to the hold queue, use the command:

postsuper -h ALL

to move the messages back to the incoming queue, use the command:

postsuper -r ALL

Instead of the word “ALL” you can also provide a specific message ID to move only one message to or from the hold queue. Message in the hold queue will not processed by postfix until they were requeued with postsuper -r.

How to enable port 465 (smtps) in postfix mailserver

Wednesday, October 28, 2009 posted by Till

More and more internet access providers are closing port 25 to reduce spam except for connections to their own mailservers. If you run your own mailserver and have problems to connect to it on port 25, you can enable port 465 (smtps) in postfix as a workaround. Edit the /etc/postfix/master.cf file:

vi /etc/postfix/master.cf

and remove the # in front of the smtps line. Example for Debain 5, change the line:

#smtps     inet  n       -       -       -       -       smtpd

to:

smtps     inet  n       -       -       -       -       smtpd

and restart postfix:

/etc/init.d/postfix restart

Install postfix with MySQL support on CentOS 5.3 (64Bit)

Monday, September 21, 2009 posted by Till

The following article explains the steps to compile postfix MTA with MySQL support on CentOS 5.3 as e.g. needed for ISPConfig 3.

Remove the postfix package from CentOS which does not has MySQL support:

/etc/init.d/postfix stop
rpm -e –nodeps postfix

Download the postfix source RPM and install it:

cd /tmp
wget http://mirror.rackspace.com/CentOS/5.3/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm
rpm -i postfix-2.3.3-2.1.el5_2.src.rpm

Edit the spec file to enable MySQL support.

vi /usr/src/redhat/SPECS/postfix.spec

and change the line:

%define MYSQL 0

to:

%define MYSQL 1

Install a few prerequisites before we build the new postfix RPM package

yum install pcre-devel mysql-devel

Build the postfix RPM with MySQL support:

rpmbuild -ba /usr/src/redhat/SPECS/postfix.spec

and install it.

cd /usr/src/redhat/RPMS/x86_64
rpm -i postfix-2.3.3-2.1.x86_64.rpm

Start postfix and configure it to be started at boot time:

/etc/init.d/postfix start
chkconfig –levels 235 postfix on

Postfix: “queue file write error”

Friday, August 21, 2009 posted by admin

If you get an error like:

Aug 21 12:41:03 webb4 postfix/sendmail[11234]: fatal: web1_user(12967): queue file write error

in your mail log, then the vale for message_size_limit in postfix main.cf is too low. Edit postfix main.cf:

vi /etc/postfix/main.cf

and set the message size limit to a higher value. E.g.

mesage_size_limit = 900000000

and restart postfix:

/etc/init.d/postfix restart

If there is no message_size_limit set in main.cf, just add the line.