apt-get install postfix Choose Internet Site Config.
After Install - Main folder = /etc/postfix
Main file = main.cf
Just the name used to identify server myhostname = mail.domain.com # disable lookup of usernames disable_vrfy_command = yes Remove hash beside delay_warning_time = 4h
===To prevent cross over emails between multiple domains,===
e.g. where root@mydomain1.net and root@mydomain2.net are on the same server.
Add the following line into /etc/postfix/main.cf:
smtpd_sender_restrictions = check_recipient_access hash:/etc/postfix/restrict
Create the file: /etc/postfix/restrict
goodemail@mydomain2.net OK
mydomain2.net REJECT
To activate/ add this file into postfix, type in the shell →
postmap /etc/postfix/restrict
Further Details at: http://www.seifried.org/security/index.php/Closet20001122_Postfix_-_The_Sendmail_Replacement,_Part_II
vi /etc/postfix/main.cf #add in the following: virtual_maps = regexp:/etc/postfix/virt/kartbuilding_net virtual_alias_domains = kartbuilding.net mkdir /etc/postfix/virt/ vi /etc/postfix/virt/kartbuilding_net #add in: # Kartbuilding.net mail /^email1@kartbuilding.net$/ localusername /^email2@kartbuilding.net$/ differentemail@forward.com cd /etc/postfix/virt postmap kartbuilding_net /etc/init.d/postfix restart
Save and restart postfix. Now the server will handle mail for this domain. No other config required in main.cf. It will deliver it to the localusername or forward it. If an email is sent and isn't matched a 550 will be sent back. This is miles better that the previous postfix/restrict config above.
On a lists (mailman) server I run - I want to disable mail delivery to local users, however I still want Postfix to deliver mail to /etc/aliases. The line below, which is to be put into /etc/postfix/main.cf forces postfix to only consult $alias_maps (which is: hash:/etc/aliases ).
local_recipient_maps = $alias_maps
This is commonly referred to as a “Postfix anti-UCE configuration” (UCE - unsolicited emails). Postfix, with a very simply modification can block incoming email via spamhaus RBLs (Real Time Black-Hole Lists). The following line is to be added to /etc/postfix/main.cf:
smtpd_recipient_restrictions reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net #If there are entries already - thats fine, just comment delimit them. #Note: sbl-xbl.spamhaus.org has now changed to zen.spamhaus.org as per http://www.spamhaus.org/zen/index.lasso
The sender is then bounced back an email saying “Blocked by spamhouse” and it is their, or their ISP's responsibility to remove themselves from spamhaus.
Note: “ping sbl-xbl.spamhaus.org” wont resolve. What postfix does when checking an ip (e.g. w.x.y.z), is to “ping z.y.x.w.sbl-xbl.spamhaus.org”, and if that resolves - that ip is listed as spam. (thanks davisc). <br> Note: Make sure ICMP packets are allowed through the firewall. Otherwise postfix will get a “Destination Not Reachable” and allow the mail through.
See more details at: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt and http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x441.html and http://www.postfix.org/uce.html and http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
Further Info on UCE and Postfix:
smtpd_sender_restrictions = Restrictions based in the context of the MAIL FROM command. I.e. restrictions based on who emails are from. smtpd_recipient_restrictions = Restrictions based on the RCPT TO command. I.e. restrictions based on who emails are been delivered to. smtpd_client_restrictions = SMTP server access restrictions in the context of a SMTP connection request.
I have found that blocking mails via DNSBL at “smtpd_sender_restrictions” is not always effective as some spammers can forge the MAIL FROM command. “smtpd_client_restrictions” is the first line of restrictions, and ideally the DNSBL blocks should be put in here, however as outlined on http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt , “smtpd_recipient_restrictions” is the best place to place DNSBL blocks.
Link: http://www.crynwr.com/spam/
Simply send an email to the appropriate address on the above website, and it will reply an automated email with the status of whether your email server is blocking correctly using zen.spamhaus.org
Nice :)
SENDING AN EMAIL VIA TELNET 25 & Testing forwarding
mail from: sri@mara.net rcpt to: user@lastre.com data . quit
If you get “503 5.5.2 Send hello first”, type “ehlo” as the first line after telneting to host 25.
Test and get working Normal - Should be able to send and revieve via pine etc.
Had to adjust /etc/hosts with domain name (this allowed sending emails ok):
127.0.0.1 localhost 136.201.1.250 kartbuilding.net phidebian
Good URLS
http://www.muine.org/~hoang/postfix.html
http://www.debianhelp.co.uk/postfix.htm
For Example - sending an email to someone and it bounces. Default retry is for 3 days. To remove it manually :
postsuper -d queue_id
Tons more info at: http://www.postfix.org/postsuper.1.html
If spam emails are been sent and/or your mail queue fills up, you can delete all deferred emails with the following:
postsuper -d ALL deferred
pflogsumm shows all the essential information from mail.log. It groups information into the following headings:
apt-get install pflogsumm pflogsumm /var/log/mail.log | less
It is a very useful tool and shows an excellent insight into mail delivery and sending on your server.
If mails are deferred etc. and you want to see a list of them:
postqueue -p
On one server, I want it to be only able to send emails only. Therefore the following config will bind it to 127.0.0.1 on port 25. It will also be sending emails using a “smart host”. Below are the uncommented lines only in main.cf:
vi /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no myhostname = thunder.burkesys.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = relayhost = mail.burkesys.com mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = 127.0.0.1
It must also be checked on mail.burkesys.com that thunder is allowed to relay emails.
After a new install of debian bullseye, and after setup or courier and procmail, the following is the config lines added to main.cf (Note: there were minor mods added further for sasl see here )
disable_vrfy_command = yes message_size_limit = 30720000 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org virtual_maps = regexp:/etc/postfix/virt/kartbuilding_net, regexp:/etc/postfix/virt/sburke_eu virtual_alias_domains = kartbuilding.net, sburke.eu home_mailbox = Maildir/ mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir