Linux Server Details

User Tools

Site Tools

Trace:
postfix_smtp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
postfix_smtp [2022/07/19 21:13] – external edit 127.0.0.1postfix_smtp [2022/07/21 19:50] (current) admin
Line 1: Line 1:
-====== Postfix_SMTP ======+===== Postfix_SMTP =====
  
-====== Install as per normal ======+==== Install as per normal ==== 
 +<code>
  apt-get install postfix  apt-get install postfix
  Choose Internet Site Config.  Choose Internet Site Config.
  
-After Install - Main folder = /etc/postfix<br>+</code> 
 + 
 +After Install - Main folder = /etc/postfix\\
 Main file = main.cf Main file = main.cf
  
-======Basic Changes:======+====Basic Changes:==== 
 +<code>
  Just the name used to identify server  Just the name used to identify server
- myhostname = mail.domain.com<br> + myhostname = mail.domain.com 
- <nowiki>//</nowiki>disable lookup of usernames+ disable lookup of usernames
  disable_vrfy_command = yes  disable_vrfy_command = yes
  Remove hash beside delay_warning_time = 4h  Remove hash beside delay_warning_time = 4h
 +</code>
  
-====== Advanced Changes: ======+==== Advanced Changes: ====
 <del> <del>
-=====To prevent cross over emails between multiple domains,=====+===To prevent cross over emails between multiple domains,===
 e.g. where root@mydomain1.net and root@mydomain2.net are on the same server.  e.g. where root@mydomain1.net and root@mydomain2.net are on the same server. 
  Add the following line into /etc/postfix/main.cf:  Add the following line into /etc/postfix/main.cf:
Line 32: Line 37:
  
 ===== Handle email from Multiple Domains ===== ===== Handle email from Multiple Domains =====
 +<code>
  vi /etc/postfix/main.cf  vi /etc/postfix/main.cf
- <nowiki>//</nowiki>add in the following:+ #add in the following:
  virtual_maps = regexp:/etc/postfix/virt/kartbuilding_net  virtual_maps = regexp:/etc/postfix/virt/kartbuilding_net
  virtual_alias_domains = kartbuilding.net  virtual_alias_domains = kartbuilding.net
Line 39: Line 45:
  mkdir /etc/postfix/virt/  mkdir /etc/postfix/virt/
  vi /etc/postfix/virt/kartbuilding_net  vi /etc/postfix/virt/kartbuilding_net
- <nowiki>//</nowiki>add in:+ #add in:
  # Kartbuilding.net mail  # Kartbuilding.net mail
  /^email1@kartbuilding.net$/             localusername  /^email1@kartbuilding.net$/             localusername
Line 47: Line 53:
  postmap kartbuilding_net  postmap kartbuilding_net
  /etc/init.d/postfix restart  /etc/init.d/postfix restart
 +
 +</code>
  
 Save and restart postfix. Now the server will handle mail for this domain. No other config required in main.cf. It will deliver it to the localusername or forward it. If an email is sent and isn't matched a 550 will be sent back. This is miles better that the previous postfix/restrict config above. Save and restart postfix. Now the server will handle mail for this domain. No other config required in main.cf. It will deliver it to the localusername or forward it. If an email is sent and isn't matched a 550 will be sent back. This is miles better that the previous postfix/restrict config above.
Line 54: Line 62:
 ===== Restrict Mail delivery to Local users ===== ===== Restrict Mail delivery to Local users =====
 On a lists (mailman) server I run - I want to disable mail delivery to local users, however I still want Postfix to deliver mail to /etc/aliases. The line below, which is to be put into /etc/postfix/main.cf  forces postfix to only consult $alias_maps (which is: hash:/etc/aliases ). On a lists (mailman) server I run - I want to disable mail delivery to local users, however I still want Postfix to deliver mail to /etc/aliases. The line below, which is to be put into /etc/postfix/main.cf  forces postfix to only consult $alias_maps (which is: hash:/etc/aliases ).
 +<code>
  local_recipient_maps = $alias_maps  local_recipient_maps = $alias_maps
 +</code>
  
 ===== Blocking Spam with spamhaus and Postfix ===== ===== Blocking Spam with spamhaus and Postfix =====
 This is commonly referred to as a "Postfix anti-UCE configuration" (UCE - unsolicited emails). Postfix, with a very simply modification can block incoming email via spamhaus RBLs (Real Time Black-Hole Lists). The following line is to be added to /etc/postfix/main.cf: This is commonly referred to as a "Postfix anti-UCE configuration" (UCE - unsolicited emails). Postfix, with a very simply modification can block incoming email via spamhaus RBLs (Real Time Black-Hole Lists). The following line is to be added to /etc/postfix/main.cf:
 +<code>
  smtpd_recipient_restrictions reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net  smtpd_recipient_restrictions reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
- <nowiki>//</nowiki>If there are entries already - thats fine, just comment delimit them. + #If there are entries already - thats fine, just comment delimit them. 
- <nowiki>//</nowiki>Note: sbl-xbl.spamhaus.org has now changed to zen.spamhaus.org as per http://www.spamhaus.org/zen/index.lasso + #Note: sbl-xbl.spamhaus.org has now changed to zen.spamhaus.org as per http://www.spamhaus.org/zen/index.lasso 
-The sender is then bounced back an email saying "Blocked by spamhouse" and it is their, or their ISP's responsibility to remove themselves from spamhaus.<br>+</code> 
 + 
 +The sender is then bounced back an email saying "Blocked by spamhouse" and it is their, or their ISP's responsibility to remove themselves from spamhaus. 
 **Note:** "ping sbl-xbl.spamhaus.org" wont resolve. What postfix does when checking an ip (e.g. w.x.y.z), is to "ping z.y.x.w.sbl-xbl.spamhaus.org", and if that resolves - that ip is listed as spam. (thanks davisc). <br> **Note:** "ping sbl-xbl.spamhaus.org" wont resolve. What postfix does when checking an ip (e.g. w.x.y.z), is to "ping z.y.x.w.sbl-xbl.spamhaus.org", and if that resolves - that ip is listed as spam. (thanks davisc). <br>
-**Note:** Make sure ICMP packets are allowed through the firewall. Otherwise postfix will get a "Destination Not Reachable" and allow the mail through.<br>+**Note:** Make sure ICMP packets are allowed through the firewall. Otherwise postfix will get a "Destination Not Reachable" and allow the mail through. 
 See more details at: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt   and http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x441.html and http://www.postfix.org/uce.html and http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions See more details at: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt   and http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x441.html and http://www.postfix.org/uce.html and http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
  
-Further Info on UCE and Postfix:<br>+Further Info on UCE and Postfix: 
 +<code>
  smtpd_sender_restrictions = Restrictions based in the context of the MAIL FROM command. I.e. restrictions based on who emails are from.  smtpd_sender_restrictions = Restrictions based in the context of the MAIL FROM command. I.e. restrictions based on who emails are from.
  smtpd_recipient_restrictions = Restrictions based on the RCPT TO command. I.e. restrictions based on who emails are been delivered to.  smtpd_recipient_restrictions = Restrictions based on the RCPT TO command. I.e. restrictions based on who emails are been delivered to.
  smtpd_client_restrictions = SMTP server access restrictions in the context of a SMTP connection request.  smtpd_client_restrictions = SMTP server access restrictions in the context of a SMTP connection request.
 +</code>
 I have found that blocking mails via DNSBL at "smtpd_sender_restrictions" is not always effective as some spammers can forge the MAIL FROM command. "smtpd_client_restrictions" is the first line of restrictions, and ideally the DNSBL blocks should be put in here, however as outlined on http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt , "smtpd_recipient_restrictions" is the best place to place DNSBL blocks. I have found that blocking mails via DNSBL at "smtpd_sender_restrictions" is not always effective as some spammers can forge the MAIL FROM command. "smtpd_client_restrictions" is the first line of restrictions, and ideally the DNSBL blocks should be put in here, however as outlined on http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt , "smtpd_recipient_restrictions" is the best place to place DNSBL blocks.
  
 ==== Testing zen.spamhaus.org ==== ==== Testing zen.spamhaus.org ====
 +<code>
  Link: http://www.crynwr.com/spam/  Link: http://www.crynwr.com/spam/
 +</code>
  
 Simply send an email to the appropriate address on the above website, and it will reply an automated email with the status of whether your email server is blocking correctly using zen.spamhaus.org Simply send an email to the appropriate address on the above website, and it will reply an automated email with the status of whether your email server is blocking correctly using zen.spamhaus.org
Line 81: Line 100:
 ====== Debugging and Testing via Telnet ====== ====== Debugging and Testing via Telnet ======
 SENDING AN EMAIL VIA TELNET 25 & Testing forwarding SENDING AN EMAIL VIA TELNET 25 & Testing forwarding
 +<code>
  mail from: sri@mara.net  mail from: sri@mara.net
  rcpt to: user@lastre.com  rcpt to: user@lastre.com
Line 86: Line 106:
  .  .
  quit  quit
 +</code>
  
 If you get "503 5.5.2 Send hello first", type "ehlo" as the first line after telneting to host 25. If you get "503 5.5.2 Send hello first", type "ehlo" as the first line after telneting to host 25.
Line 92: Line 113:
  
 Had to adjust /etc/hosts with domain name (this allowed sending emails ok): Had to adjust /etc/hosts with domain name (this allowed sending emails ok):
 +<code>
  127.0.0.1       localhost  127.0.0.1       localhost
  136.201.1.250   kartbuilding.net        phidebian  136.201.1.250   kartbuilding.net        phidebian
 +</code>
  
 Good URLS Good URLS
Line 105: Line 128:
 ====== Managing Postfix ====== ====== Managing Postfix ======
 ===== Delete an Email from the Queue ===== ===== Delete an Email from the Queue =====
-For Example - sending an email to someone and it bounces. Defauly retry is for 3 days. To remove it manually :+For Example - sending an email to someone and it bounces. Default retry is for 3 days. To remove it manually : 
 +<code>
  postsuper -d queue_id  postsuper -d queue_id
 +</code>
  
 Tons more info at: http://www.postfix.org/postsuper.1.html Tons more info at: http://www.postfix.org/postsuper.1.html
Line 112: Line 137:
 ===== Delete all Deferred Emails from the Queue ===== ===== Delete all Deferred Emails from the Queue =====
 If spam emails are been sent and/or your mail queue fills up, you can delete all deferred emails with the following: If spam emails are been sent and/or your mail queue fills up, you can delete all deferred emails with the following:
 +<code>
  postsuper -d ALL deferred  postsuper -d ALL deferred
 +</code>
  
 ===== Checking Mail logs with pflogsumm ===== ===== Checking Mail logs with pflogsumm =====
Line 130: Line 157:
   * smtp delivery failures   * smtp delivery failures
   * Warnings   * Warnings
 +<code>
  apt-get install pflogsumm  apt-get install pflogsumm
  pflogsumm /var/log/mail.log | less  pflogsumm /var/log/mail.log | less
 +</code>
 It is a very useful tool and shows an excellent insight into mail delivery and sending on your server. It is a very useful tool and shows an excellent insight into mail delivery and sending on your server.
  
 ===== Show Mail Queue ===== ===== Show Mail Queue =====
 If mails are deferred etc. and you want to see a list of them: If mails are deferred etc. and you want to see a list of them:
 +<code>
  postqueue -p  postqueue -p
 +</code>
  
-====== Install Postfix for sending mail via relayhost ======+===== Install Postfix for sending mail via relayhost =====
 On one server, I want it to be only able to send emails only. Therefore the following config will bind it to 127.0.0.1 on port 25. It will also be sending emails using a "smart host". Below are the uncommented lines only in main.cf: On one server, I want it to be only able to send emails only. Therefore the following config will bind it to 127.0.0.1 on port 25. It will also be sending emails using a "smart host". Below are the uncommented lines only in main.cf:
 +<code>
  vi /etc/postfix/main.cf  vi /etc/postfix/main.cf
  smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)  smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
Line 154: Line 186:
  recipient_delimiter = +  recipient_delimiter = +
  inet_interfaces = 127.0.0.1  inet_interfaces = 127.0.0.1
 +</code>
 It must also be checked on mail.burkesys.com that thunder is allowed to relay emails. It must also be checked on mail.burkesys.com that thunder is allowed to relay emails.
 +
 +===== Debian Bullseye Config =====
 +After a new install of debian bullseye, and after setup or [[courier_imaps_server_-_maildir|courier]] and procmail, the following is the config lines added to main.cf (Note: there were minor mods added further for sasl [[setup-config-debian-bullseye#secure_smtpd_using_postfix_and_sasl|see here]] )
 +<code>
 +disable_vrfy_command = yes
 +message_size_limit = 30720000
 +smtpd_recipient_restrictions = permit_mynetworks,
 +                                permit_sasl_authenticated,
 +                                reject_unauth_destination,
 +                                reject_rbl_client bl.spamcop.net,
 +                                reject_rbl_client zen.spamhaus.org
 +
 +virtual_maps = regexp:/etc/postfix/virt/kartbuilding_net,
 +                regexp:/etc/postfix/virt/sburke_eu
 +virtual_alias_domains = kartbuilding.net, sburke.eu
 +home_mailbox = Maildir/
 +mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir
 +</code>
postfix_smtp.1658261600.txt.gz · Last modified: 2022/07/19 21:13 by 127.0.0.1