Postfix

From Edgar BV Wiki
Jump to navigation Jump to search

Installing Postfix

Changes for a new install on Debian in /etc/postfix:

touch relay-domains
touch virtual
touch virtual-domains
touch transport
touch aliases
postmap aliases
postmap virtual
postmap transport

This goes in some of the files:

/etc/postfix/virtual

# In order to translate any mailbox address from one domain to a mapped user on another domain add the following entries:

# account1@olddomain.ext account1
# account2@olddomain.ext account2
# newdomain.ext DOMAIN
# @newdomain.ext @olddomain.ext

# this will ensure that account1@olddomain.ext AND account1@newdomain.ext is delivered to account1 and account2@[newdomain or olddomain].ext goes to account2

# After changing this file run
# postmap virtual

# Catchalls are set up with
# @domain.ext	userid

/etc/postfix/virtual-domains

# This file contains the domains for which postfix will accept email
# It's not a hash file, so no need to run postmap on it.

Make sure the following is appended to mynetworks in main.cf

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24, 212.61.33.42/32, 31.160.12.64/29, 188.204.140.192/27, 217.81.192.88/32

These are the /etc/postfix/main.cf edits

# Tripany edits
# Prevent backscatter
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550


message_size_limit = 15000000

# Add virtual accounts and all the domains into these two files
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = /etc/postfix/virtual-domains
# To make aliases add them to these files
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail
# Anti Spam measures
smtpd_recipient_restrictions = permit_mynetworks,
                             permit_sasl_authenticated,
                            reject_unauth_destination,
                            reject_unknown_recipient_domain,
                            reject_unlisted_recipient,
                            reject_unverified_recipient,
                            reject_non_fqdn_recipient,
                            reject_unknown_sender_domain,
                            reject_unauth_destination,
                            reject_non_fqdn_hostname,
                            reject_unauth_pipelining,
                            reject_rbl_client zen.spamhaus.org,
                            reject_rbl_client bl.spamcop.net,
                            permit
smtpd_client_restrictions = permit_mynetworks,
                          reject_rbl_client sbl.spamhaus.org,
                          permit
smtpd_helo_restrictions = permit_mynetworks,
                        reject_invalid_helo_hostname,
                        permit
smtpd_sender_restrictions = permit_mynetworks,
                          reject_non_fqdn_sender,
                          reject_unknown_sender_domain,
                          permit
smtpd_data_restrictions = reject_unauth_pipelining,
                        permit
smtpd_relay_restrictions = permit_mynetworks,
                        reject_unauth_destination,
                        permit
# you can test the above lines by putting warn_if_reject before a rule, eg "warn_if_reject reject_non_fqdn_hostname,", which puts up a warning in the logfiles, but allows the mail to go through anyway


smtpd_helo_required = yes
disable_vrfy_command = yes
default_process_limit = 100

# This is what postfix will act as an SMTP server for
relay_domains = /etc/postfix/relay-domains
# For delayed delivery using etrn
defer_transports = etrn-only
fast_flush_domains = $relay_domains
smtpd_etrn_restrictions = permit_mynetworks, reject
# This is all added for Mailman
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1
# This is for maildir delivery
home_mailbox = Maildir/

Some of the documentation on Maildir sets

mailbox_command =

But we're going to configure procmail to deliver to mailbox later, so we keep it as such:

mailbox_command = procmail -a "$EXTENSION"

Check configuration

postconf -n

get rid of the postfix pop daemon

apt-get install dovecot-popa3d (for maildir support)

procmail

Change procmail to maildir delivery. Create /etc/procmailrc

LOGFILE=/var/log/mail/procmail
LOGABSTRACT=all
VERBOSE=off
LOG=$date
DEFAULT="$HOME/Maildir/"
MAILDIR="$HOME/Maildir/"

Old procmail (non maildir)

vi /etc/procmailrc

#Procmailrc modified by RazoR
#
MAILDIR=/var/spool/mail
LOGFILE=/var/log/mail/procmail
LOGABSTRACT=all
VERBOSE=off
LOG=$date

Create everything

mkdir /var/log/mail/
touch /var/log/mail/procmail

If you mount your mail (mbox format)

ln -s /home/spool/mail/ /var/mail

rsyslog and logrotation

Edit /etc/logrotate.d/rsyslog to add /var/log/mail/procmail to it

edit the mail lines in /etc/rsyslog.conf to go to /var/log/mail/ something like:

mail.info                       -/var/log/mail/mail.info
mail.warn                       -/var/log/mail/mail.warn
mail.err                        /var/log/mail/mail.err
mv /var/log/mail.* /var/log/mail/
service rsyslog restart

In /etc/logrotate.d/rsyslog (nb. because we have moved mail logs to /var/log/mail from /var/log)

/var/log/syslog
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                invoke-rc.d rsyslog reload > /dev/null
        endscript
}

/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages

/var/log/mail/mail.info /var/log/mail/mail.warn /var/log/mail/mail.err /var/log/mail/mail.log /var/log/mail/popa3d.log /var/log/mail/spamd.log /var/log/mail/procmail
{
        sharedscripts
        prerotate
                /opt/triphost/statisticstripghostmail.sh
        endscript
        rotate 7
        daily
        missingok
#       notifempty
        compress
        delaycompress
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/rsyslog restart
        endscript
}

If still using popa3d

touch /var/log/mail/popa3d.log

FOR OLD SYSLOG BEHAVIOUR

!popa3d
*.*                             /var/log/mail/popa3d.log

FOR RSYSLOG

in /etc/rsyslog.d/popa3d.conf

if $programname == 'popa3d' and $syslogseverity <= '6' then /var/log/mail/popa3d.log
if $programname == 'popa3d' and $syslogseverity <= '6' then ~

Mutt

Use Mutt to open a maildir:

mutt -m maildir -f ~/Maildir

Set Mutt to read maildir. Edit /etc/Muttrc

set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"

Useful info

accept for primary MX if it goes down

To accept messages in the mailqueue and defer them untill the primary MX server is up again, add the domain.ext to /etc/postfix/relay-domains and in transport add

domain.ext	etrn-only:

The mail will then be delivered when sendmail -q is sent, or when

telnet mailserver 25, 
helo originating.domain
etrn defermaildomain.ext

mails get defered - you can see them in mailq

also in /var/spool/postfix/flush/

(see also [1] [2] [3]

postfix reload reloads the config

Squirrelmail and IMAP

for how to set up squirrelmail and cyrus for IMAP with postfix [Webmail_Squirrelmail_for_Debian]


force the queue delivery

postqueue -f

or deliver a specific message by

postsuper -r queue_id

Queue management

See the queue structure

qshape

you can see the active / incoming / deferred / hold queues by doing

qshape deferred

you may have to wait a bit for the output though.

To kill all deferred messages in the queue you can use

postsuper -d ALL deferred

An example from [4]

Example 5-1. Perl script to delete queued messages by email address

#!/usr/bin/perl -w
#
# pfdel - deletes message containing specified address from
# Postfix queue. Matches either sender or recipient address.
#
# Usage: pfdel <email_address>
#

use strict;

# Change these paths if necessary.
my $LISTQ = "/usr/sbin/postqueue -p";
my $POSTSUPER = "/usr/sbin/postsuper";

my $email_addr = "";
my $qid = "";
my $euid = $>;

if ( @ARGV !=  1 ) {
        die "Usage: pfdel <email_address>\n";
} else {
        $email_addr = $ARGV[0];
}

if ( $euid != 0 ) {
        die "You must be root to delete queue files.\n";
}


open(QUEUE, "$LISTQ |") || 
  die "Can't get pipe to $LISTQ: $!\n";

my $entry = <QUEUE>;    # skip single header line
$/ = "";                # Rest of queue entries print on
                        # multiple lines.
while ( $entry = <QUEUE> ) {
        if ( $entry =~ / $email_addr$/m ) {
                ($qid) = split(/\s+/, $entry, 2);
                $qid =~ s/[\*\!]//;
                next unless ($qid);

                #
                # Execute postsuper -d with the queue id.
                # postsuper provides feedback when it deletes
                # messages. Let its output go through.
                #
                if ( system($POSTSUPER, "-d", $qid) != 0 ) {
                        # If postsuper has a problem, bail.
                        die "Error executing $POSTSUPER: error " .
                           "code " .  ($?/256) . "\n";
                }
        }
}
close(QUEUE);

if (! $qid ) {
        die "No messages with the address <$email_addr> " .
          "found in queue.\n";
}

exit 0;

Postgrey is a greylister that rejects email from a server on the first try, using the fact that most spammers do not retry to send their email, whereas almost all normal mail servers do.

Old info

Old pop daemon

apt-get install popa3d

/etc/logrotate.d/postfix:

/var/log/mail/mail.log {
        prerotate
                /opt/triphost/statisticstripghostmail.sh
        endscript
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
}

/var/log/mail/popa3d.log /var/log/mail/mail.err /var/log/mail/mail.info /var/log/mail/mail.warn {
        daily
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
}