Introduction: I use a Relay SMTP service for sending my emails but I want to use it only for certain conditions like the sender address or the receiver address. Here is how it’s done: Relay to relay host depending on sender address Add in /etc/postfix/main.cf Create file /etc/postfix/relayhost_map and add this content: Run the following …
Category: Postfix
Mail Server Postfix Tricks
Configuring Domain Relaying with ISPConfig 3.1.xx
Intention: Redirect (reroute) specific email addresses via, for example, an SMTP service: Steps: – Enter the destination domain in the Advanced Routing Table (Email ==> Email Accounts/Email Routing) – Enter the same destination domain in the (Email ==> Global Filters / Relay Recipients) as @domain Example: eg. rerouting all emails of destination domain mydomain.com via …
No Type list in ISPConfig 3.1.11
Problem: The brand new version of ISPConfig 3.1.11 when I add or modify an email transport, no value is displayed anymore on “type”. Solution: Ref: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4924 Edit /usr/local/ispconfig/interface/web/mail/mail_transport_edit.php Change this line: $app->tpl->setVar($rec, null, true); to this: $app->tpl->setVar($rec); and should work again.
Install CERTBOT in Ubuntu-16-04-xenial and Debian Stretch
Intro: Here is a 1-to-1 copy of the article on how to install certbot in Ubuntu 16.04 and Debian Stretch Ubuntu 16.04 HOWTO: Install On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get …
Blocking reception of full TLDs
Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …
OpenDKIM doesn’t start after Upgrade from Jessie to Stretch
Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …
Transferring IMAP account mails and folders to another IMAP account on another server … or locally.
Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …
Hardening the SSL security in Apache, Dovecot and Postfix
Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …
Whitelisting Hosts in Postfix/Amavis
Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …
Fixing Spamassassin in Debian Jessie(8)
Introduction: For a long time under Debian Wheezy Spamassassin was running quite well until I upgraded the system to Jessie. That is when Spamassassin(spamd) started to crash every now and then without giving much reasons why. Cause of error message: Looking in the system logs(/var/log/syslog) I found the following error: spamd[7490]: util: refusing to untaint …
Testing SSL Connections with SSLyze, Nmap or OpenSSL
Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …
Relay emails for specific destinations
In the last couple of years many large email providers have started to refuse emails coming from certain IP addresses or according to certain other criteria. It is difficult to know for what reason certain emails are refused access with the server answer: ….refused to talk to me: 554…. The list of these emails destinations(which …
Installing DMARC filtering in Debian Wheezy
Principle: DMARC is a bit of a strange animal. It serves as a filter against SPAM but only according to the rules given by the owner of the domain sending emails. So, for example, if I send emails as sender me@example.com using a mail client program via my mail server , in order that my …
Anti-SPAM mail filtering using SPF on Debian Wheezy
Install the package: apt-get install postfix-policyd-spf-perl Add this line to /etc/postfix/main.cf: policy-spf_time_limit = 3600s Add the following lines to /etc/postfix/master.cf: policy-spf unix – n n – – spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl In /etc/postfix/main.cf, find the smtpd_recipient_restrictions section, and, immediately after permit_mynetworks (and permit_sasl_authenticated, if you’re using that), add: check_policy_service unix:private/policy-spf, Restart Postfix and check your logs …
TCP Load balancing email/web servers with NginX
I’ve got 2 synchronized email servers running and, in order to make sure I don’t have to change the servername settings of my mail client in case one server goes down, I was looking for a straight TCP layer load balancer. There are a few software packages on the market that can do that , …
Archiving all incoming/outgoing mails using Sieve
The following custom Sieve script can be used to make a copy of every email a user sends or receives. In the example, the user is user@domain.com and the copy of the .MSG file is saved in the spyfolder directory. if envelope :contains [“from”,”to”] “user@domain.com” { fileinto “c:\\spyfolder”; keep; } Note: Be careful to monitor …
Blocking user to send sensitive information using Sieve
The following article uses examples to show how to block users from sending attachments containing sensitive information (e.g. financial information) to the outside world. The script blocks attachments with certain names by flagging particular words. Scenario: – Your domain is widget.com – The administrator wants to block attachments with the word customer in the filename …
Force sending mails using SSL/TLS
Introduction: In some cases it might be requested to transfer emails to another mail server using encryption (SSL/TLS). Here is a way to do it using Sieve language which Dovecot supports: Use a sieve script to conditionally send encrypted messages. The script would insert a header element, called X-Requires-SSL, prompting SMTPDS (the Delivery Service) to …
Creating a XEN machine and Installing Group Office in Debian Wheezy
Introduction In this Tutorial I will explain the steps I did to create a Xen Virtual Machine with minimal packages and then install the latest Group Office Web based Collaboration software. You’ll need to be fluent in Linux and Xen because I don’t explain much here. Note: My hypervisor is Xen 4.0 in Debian Squeeze …
Install Geotrust/RapidSSL certificate in Zimbra 8.0.x
This How-to is based on the following page and after failing to install myself my commercial certificate I feel very grateful for his contribution: http://elijahpaul.co.uk/2012/12/installing-a-rapidssl-certificate-on-zimbra-8-0/#.UVjDBhlSP5g The best way to install a RapidSSL cert is via the CLI as the root user. 1. Start by logging as root superuser into your Zimbra servers CLI via SSH. …
Installing OpenDKIM in Debian Squeeze/Wheezy
Introduction Lately my mail server started to get refusals of emails from large mailing systems like AOL, Yahoo etc. I can’t blame them for trying to minimize the SPAMS to their clients. Although using an approved relay service is a good solution, if you want to take care of it yourself here is OpenDKIM at …
‘blocked by Verizon Online’s anti-spam system…’ OR ‘AOL: refused to talk to me: 554- (RTR:BL)’ OR ‘AT&T: blocked by ldap:ou=rblmx,dc=att,dc=net’
Lately I’ve been confronted with the following error messages from my Postfix server form AOL, Verizon or AT&T: VERIZON: ‘blocked by Verizon Online’s anti-spam system… AOL: refused to talk to me: 554- (RTR:BL)…. AT&T: blocked by ldap:ou=rblmx,dc=att,dc=net…. Moreover after trying to get my server on the whitelist it seemed almost impossible or quite a long …
intermitent dovecot imap login problem
I set-up dovecot as mail pic-up server for IMAP and POP3. If I left my webmail(roundcube) interface running on my browser, I experienced very often that as soon as I started an Apple mail product (iPad,iPhone or Mail on OSX the IMAP complained that my login failed and asked for typing my password. Normally the …
Configuring vacation response on incoming emails
This configuration is made to respond to each incoming email by an automated message. It is inspired from the site: http://www.akadia.com/services/automatic_email_answering.html In Debian: Install the package vacation apt-get install vacation Assumptions: System User: marie Email address: marie.larue@myserver.com Configuration: Initialize the database file ~/.vacation.db sudo -u marie vacation -I Create the following 2 files in the …
Running Postfix on multiple ports
Reference: The following Tip is been taken from the following forum: http://www.howtoforge.com/forums/archive/index.php/t-4788.html Description: Some ISPs, for some strange reasons, are blocking the port 25, therefore preventing many normal email clients software from picking-up their emails from other mail servers than their own ISP’s server. Solution: Making sure Postfix on your mail server listens on both …
Protect specific email clients
In my mailing list system (Mailman) I needed to make sure that no one else than a certain list of senders would be able to send commands via email to the xxxx-request@mylist.com. Since I could not find this feature in Mailman I decided to go the Postfix way. So here is the configuration I made …
Using TLS for mail delivery from postfix to another TLS activated mail server
Introduction: The default encryption method for delivering email from Postfix to another mail server is ‘NONE’ In certain cases for enhanced security reasons emails for certain destinations should be encrypted all the way: Meaning: Client 1 ==(TLS)==> Postfix Server ==TLS==> Other email Server ==SSL/TLS==> Client 2 In this case we cannot influence the way the …
Deleting the Postfix defered queues
Once in a while I get mails reused by certain servers(like AOL). After this happens too many times I might want to delete the deferred mails still stuck in the outbound queue. First I try again to send all the mails stuck in the outbound queues by issuing the command: postfix flush Then delete the …