Postfix: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 10: Line 10:
apt-get install popa3d
apt-get install popa3d
# get rid of the postfix pop daemon
# get rid of the postfix pop daemon
/etc/logrotate.d/postfix:
------------------------------
/var/log/mail/popa3d.log /var/log/mail/mail.err /var/log/mail/mail.info /var/log/mail/mail.warn /var/log/mail/mail.log {
        prerotate
                /opt/triphost/statisticstripghostmail.sh
        endscript
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
------------------------------
add the following to /etc/rsyslogd.conf
!popa3d
*.*                            /var/log/mail/popa3d.log
touch /var/log/mail/popa3d.log
</pre>
</pre>



Revision as of 13:00, 15 September 2009

Changes for a new install on Debian:
/etc/postfix
touch relay-domains
touch virtual
touch virtual-domains
touch transport
#This is the list of domains we will transport mail for over smtp, using different protocols.
# This is a hashfile, so postmap transport after editing.
apt-get install popa3d
# get rid of the postfix pop daemon

/etc/logrotate.d/postfix:
------------------------------
/var/log/mail/popa3d.log /var/log/mail/mail.err /var/log/mail/mail.info /var/log/mail/mail.warn /var/log/mail/mail.log {
        prerotate
                /opt/triphost/statisticstripghostmail.sh
        endscript
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
------------------------------

add the following to /etc/rsyslogd.conf
!popa3d
*.*                             /var/log/mail/popa3d.log

touch /var/log/mail/popa3d.log


Check configuration
postconf -n

/etc/postfix/virtual
# In order to translate any mailbox address from one domain to a mapped user on another domain add the following entries:

# account1@olddomain.ext account1
# account2@olddomain.ext account2
# newdomain.ext DOMAIN
# @newdomain.ext @olddomain.ext

# this will ensure that account1@olddomain.ext AND account1@newdomain.ext is delivered to account1 and account2@[newdomain or olddomain].ext goes to account2

# After changing this file run
# postmap virtual

# Catchalls are set up with
# @domain.ext	userid

/etc/postfix/virtual-domains
# This file contains the domains for which postfix will accept email
# It's not a hash file, so no need to run postmap on it.

These are the /etc/postfix/main.cf edits

# Tripany edits
sage_size_limit = 15000000
# Add virtual accounts and all the domains into these two files
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = /etc/postfix/virtual-domains
virtual_mailbox_base = /var/spool/mail
smtpd_recipient_restrictions = permit_mynetworks,
                            reject_unauth_destination,
                            reject_non_fqdn_sender,
                            reject_unknown_sender_domain,
                            reject_non_fqdn_recipient,
                            reject_unknown_recipient_domain,
                            reject_unauth_destination,
                            reject_rbl_client zen.spamhaus.org,
                            reject_rbl_client bl.spamcop.net,
                            permit
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client sbl.spamhaus.org, permit
smtpd_helo_restrictions = reject_invalid_hostname, permit
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_sender_restrictions = reject_unknown_sender_domain, permit
smtpd_sender_restrictions = warn_if_reject, reject_unknown_sender_domain, permit
smtpd_helo_required = yes
disable_vrfy_command = yes
default_process_limit = 100
# This is what postfix will act as an SMTP server for
relay_domains = /etc/postfix/relay-domains
# For delayed delivery using etrn
defer_transports = etrn-only
fast_flush_domains = $relay_domains
smtpd_etrn_restrictions = permit_mynetworks, reject
# This is all added for Mailman
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1

maximal_queue_lifetime = 5d
### ANTI SPAM MEASURES
#
# The commented lines kills a tad too much
# (kept for educaitonal use)
#
# smtpd_helo_required = yes
smtpd_sender_restrictions = reject_unknown_address
smtpd_recipient_restrictions =
#       reject_invalid_hostname,
#       reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_rbl_client zombie.dnsbl.sorbs.net,
#       reject_rbl_client relays.ordb.org,
#       reject_rbl_client opm.blitzed.org,
#       reject_rbl_client list.dsbl.org,
        reject_rbl_client sbl.spamhaus.org,
        permit

# prevent backscatter
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
To accept messages in the mailqueue and defer them untill the primary MX server is up again,
add the domain.ext to /etc/postfix/relay-domains and in transport add
domain.ext	etrn-only:

The mail will then be delivered when sendmail -q is sent, or when telnet mailserver 25, 
helo originating.domain
etrn defermaildomain.ext

mails get defered - you can see them in mailq
also in /var/spool/postfix/flush/

(see also
http://lists.freebsd.org/pipermail/freebsd-questions/2006-February/112246.html
http://www.postfix.org/ETRN_README.html
http://archives.neohapsis.com/archives/postfix/2001-07/0730.html)

postfix reload reloads the config

http://wiki.ev-15.com/debian:mail_system for how to set up squirrelmail and cyrus for IMAP with postfix

You can also force the queue delivery by running

postqueue -f


or deliver a specific message by

postsuper -r queue_id


You can see the structure of the queues by using

qshape

you can see the active / incoming / deferred / hold queues by doing

qshape deferred

you may have to wait a bit for the output though.

To kill all deferred messages in the queue you can use

postsuper -d ALL deferred

An example from http://sysop.com.cn/document/Postfix.The.Definitive.Guide/0596002122_postfix-chp-5-sect-2.html

Example 5-1. Perl script to delete queued messages by email address

#!/usr/bin/perl -w
#
# pfdel - deletes message containing specified address from
# Postfix queue. Matches either sender or recipient address.
#
# Usage: pfdel <email_address>
#

use strict;

# Change these paths if necessary.
my $LISTQ = "/usr/sbin/postqueue -p";
my $POSTSUPER = "/usr/sbin/postsuper";

my $email_addr = "";
my $qid = "";
my $euid = $>;

if ( @ARGV !=  1 ) {
        die "Usage: pfdel <email_address>\n";
} else {
        $email_addr = $ARGV[0];
}

if ( $euid != 0 ) {
        die "You must be root to delete queue files.\n";
}


open(QUEUE, "$LISTQ |") || 
  die "Can't get pipe to $LISTQ: $!\n";

my $entry = <QUEUE>;    # skip single header line
$/ = "";                # Rest of queue entries print on
                        # multiple lines.
while ( $entry = <QUEUE> ) {
        if ( $entry =~ / $email_addr$/m ) {
                ($qid) = split(/\s+/, $entry, 2);
                $qid =~ s/[\*\!]//;
                next unless ($qid);

                #
                # Execute postsuper -d with the queue id.
                # postsuper provides feedback when it deletes
                # messages. Let its output go through.
                #
                if ( system($POSTSUPER, "-d", $qid) != 0 ) {
                        # If postsuper has a problem, bail.
                        die "Error executing $POSTSUPER: error " .
                           "code " .  ($?/256) . "\n";
                }
        }
}
close(QUEUE);

if (! $qid ) {
        die "No messages with the address <$email_addr> " .
          "found in queue.\n";
}

exit 0;

Postgrey is a greylister that rejects email from a server on the first try, using the fact that most spammers do not retry to send their email, whereas almost all normal mail servers do.