Category: Postfix

Mail Server Postfix Tricks

Email, Linux, Postfix

Configuring Domain Relaying with ISPConfig 3.1.xx

Intention: Redirect (reroute) specific email addresses via, for example, an SMTP service: Steps: – Enter the destination domain in the Advanced Routing Table (Email ==> Email Accounts/Email Routing) – Enter the same destination domain in the (Email ==> Global Filters / Relay Recipients) as @domain Example: eg. rerouting all emails of destination domain mydomain.com via …

Email, Linux, Postfix

No Type list in ISPConfig 3.1.11

Problem: The brand new version of ISPConfig 3.1.11 when I add or modify an email transport, no value is displayed anymore on “type”. Solution: Ref: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4924 Edit /usr/local/ispconfig/interface/web/mail/mail_transport_edit.php Change this line: $app->tpl->setVar($rec, null, true); to this: $app->tpl->setVar($rec); and should work again.

Apache, Linux, NGinX, Postfix, Security

Install CERTBOT in Ubuntu-16-04-xenial and Debian Stretch

Intro: Here is a 1-to-1 copy of the article on how to install certbot in Ubuntu 16.04 and Debian Stretch Ubuntu 16.04 HOWTO: Install On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get …

Email, Linux, Postfix

Blocking reception of full TLDs

Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …

Email, Linux, Postfix, Security, Systemd

OpenDKIM doesn’t start after Upgrade from Jessie to Stretch

Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …

Email, Linux, Postfix

Transferring IMAP account mails and folders to another IMAP account on another server

Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …

Apache, Email, Linux, Postfix, Security

Hardening the SSL security in Apache, Dovecot and Postfix

Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …

Email, Linux, Postfix

Whitelisting Hosts in Postfix/Amavis

Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …

Email, Linux, Postfix, Security

Fixing Spamassassin in Debian Jessie(8)

Introduction: For a long time under Debian Wheezy Spamassassin was running quite well until I upgraded the system to Jessie. That is when Spamassassin(spamd) started to crash every now and then without giving much reasons why. Cause of error message: Looking in the system logs(/var/log/syslog) I found the following error: spamd[7490]: util: refusing to untaint …

Apache, Linux, MAC OS X, Postfix, Security, Windows, Wordpress

Testing SSL Connections with SSLyze, Nmap or OpenSSL

Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …

Linux, Postfix

Relay emails for specific destinations

In the last couple of years many large email providers have started to refuse emails coming from certain IP addresses or according to certain other criteria. It is difficult to know for what reason certain emails are refused access with the server answer: ….refused to talk to me: 554…. The list of these emails destinations(which …

Linux, Postfix

Installing DMARC filtering in Debian Wheezy

Principle: DMARC is a bit of a strange animal. It serves as a filter against SPAM but only according to the rules given by the owner of the domain sending emails. So, for example, if I send emails as sender me@example.com using a mail client program via my mail server , in order that my …

Linux, Postfix

Anti-SPAM mail filtering using SPF on Debian Wheezy

Install the package: apt-get install postfix-policyd-spf-perl Add this line to /etc/postfix/main.cf: policy-spf_time_limit = 3600s Add the following lines to /etc/postfix/master.cf: policy-spf unix – n n – – spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl In /etc/postfix/main.cf, find the smtpd_recipient_restrictions section, and, immediately after permit_mynetworks (and permit_sasl_authenticated, if you’re using that), add: check_policy_service unix:private/policy-spf, Restart Postfix and check your logs …

Linux, NGinX, NGinX, Postfix

TCP Load balancing email/web servers with NginX

I’ve got 2 synchronized email servers running and, in order to make sure I don’t have to change the servername settings of my mail client in case one server goes down, I was looking for a straight TCP layer load balancer. There are a few software packages on the market that can do that , …

Linux, Postfix

Archiving all incoming/outgoing mails using Sieve

The following custom Sieve script can be used to make a copy of every email a user sends or receives. In the example, the user is user@domain.com and the copy of the .MSG file is saved in the spyfolder directory. if envelope :contains [“from”,”to”] “user@domain.com” { fileinto “c:\\spyfolder”; keep; } Note: Be careful to monitor …

Linux, Postfix

Blocking user to send sensitive information using Sieve

The following article uses examples to show how to block users from sending attachments containing sensitive information (e.g. financial information) to the outside world. The script blocks attachments with certain names by flagging particular words. Scenario: – Your domain is widget.com – The administrator wants to block attachments with the word customer in the filename …

Linux, Postfix

Force sending mails using SSL/TLS

Introduction: In some cases it might be requested to transfer emails to another mail server using encryption (SSL/TLS). Here is a way to do it using Sieve language which Dovecot supports: Use a sieve script to conditionally send encrypted messages. The script would insert a header element, called X-Requires-SSL, prompting SMTPDS (the Delivery Service) to …

Apache, Linux, Postfix, XEN

Creating a XEN machine and Installing Group Office in Debian Wheezy

Introduction In this Tutorial I will explain the steps I did to create a Xen Virtual Machine with minimal packages and then install the latest Group Office Web based Collaboration software. You’ll need to be fluent in Linux and Xen because I don’t explain much here. Note: My hypervisor is Xen 4.0 in Debian Squeeze …

Linux, Postfix

Install Geotrust/RapidSSL certificate in Zimbra 8.0.x

This How-to is based on the following page and after failing to install myself my commercial certificate I feel very grateful for his contribution: http://elijahpaul.co.uk/2012/12/installing-a-rapidssl-certificate-on-zimbra-8-0/#.UVjDBhlSP5g The best way to install a RapidSSL cert is via the CLI as the root user. 1. Start by logging as root superuser into your Zimbra servers CLI via SSH. …

Linux, Postfix

Installing OpenDKIM in Debian Squeeze/Wheezy

Introduction Lately my mail server started to get refusals of emails from large mailing systems like AOL, Yahoo etc. I can’t blame them for trying to minimize the SPAMS to their clients. Although using an approved relay service is a good solution, if you want to take care of it yourself here is OpenDKIM at …