Postfix: Difference between revisions
From DWIKI
mNo edit summary |
|||
(24 intermediate revisions by the same user not shown) | |||
Line 19: | Line 19: | ||
*[[Postfix on Debian]] | *[[Postfix on Debian]] | ||
*http://www.postfix.org/VIRTUAL_README.html | *http://www.postfix.org/VIRTUAL_README.html | ||
*https://skrilnetz.net/setup-your-own-mailserver/ | |||
*[https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssassin] | |||
==Postfix and smtp auth/sasl== | ==Postfix and smtp auth/sasl== | ||
Line 53: | Line 55: | ||
==Spam filtering== | ==Spam filtering== | ||
*http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt | *http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt | ||
*[http://postfwd.org/ Postfwd] | |||
*[http://www.postfix.org/postscreen.8.html Postscreen] | |||
*[http://rob0.nodns4.us/postscreen.html Postscreen cheatsheet] | |||
*http://www.xnote.com/howto/postfix-spamassassin.html | *http://www.xnote.com/howto/postfix-spamassassin.html | ||
*http://www.akadia.com/services/postfix_spamassassin.html | *http://www.akadia.com/services/postfix_spamassassin.html | ||
*[http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/ Filtering spam with Postfix] | *[http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/ Filtering spam with Postfix] | ||
*[http://www.malgouyres.fr/linux/spamass-milter_postfix_en.html Postfix and spamass-milter] | |||
==ldap and aliases== | ==ldap and aliases== | ||
Line 67: | Line 73: | ||
man maildirquota | man maildirquota | ||
= | =Tools= | ||
* | *postfwd | ||
==pflogsumm== | |||
Log analyzer | |||
==vimbadmin== | |||
[http://www.vimbadmin.net/ vimbadmin] | |||
==queue== | = Notes = | ||
===Clean the postfix queue=== | |||
mailq | grep ^[A-F0-9]| awk '{ print $1 }'| | *postconf | ||
*postsuper | |||
== anti spam measures that work for me == | |||
smtpd_recipient_restrictions = | |||
permit_sasl_authenticated, | |||
reject_unverified_recipient, | |||
permit_mynetworks, | |||
reject_sender_login_mismatch, | |||
reject_invalid_hostname, | |||
reject_unknown_reverse_client_hostname, | |||
reject_non_fqdn_hostname, | |||
reject_non_fqdn_sender, | |||
reject_non_fqdn_recipient, | |||
reject_unknown_sender_domain, | |||
reject_unknown_recipient_domain, | |||
reject_unauth_destination, | |||
check_recipient_access hash:/etc/postfix/recipient_access, | |||
reject_rbl_client bl.spamcop.net, | |||
#reject_rbl_client safe.dnsbl.sorbs.net, | |||
reject_rbl_client b.barracudacentral.org, | |||
permit | |||
== tls on outgoing mail == | |||
smtp_use_tls = yes | |||
smtp_tls_security_level = may | |||
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt | |||
smtp_tls_cert_file = /etc/postfix/ssl/domainname.com.pem | |||
smtp_tls_key_file = /etc/postfix/ssl/domainname.com.key | |||
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache | |||
smtp_tls_loglevel = 1 | |||
=CentOS packages= | |||
gf-plus repository | |||
or epel :) | |||
= FAQ = | |||
=== Limit CC === | |||
/etc/postfix/header_checks | |||
/^To:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients. | |||
/^Cc:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients. | |||
=== log subject === | |||
Create file /etc/postfix/header_checks and put in: | |||
/^[Ss]ubject:/ WARN | |||
and in /etc/postfix/main.cf | |||
header_checks = regexp:/etc/postfix/header_checks | |||
| |||
=== rate limit outgoing mail === | |||
*[http://steam.io/2013/04/01/postfix-rate-limiting/ Postfix rate limiting – Politeness goes a long way] | |||
*[https://wiki.deimos.fr/Postfix:_limit_outgoing_mail_throttling.html limit by domain] | |||
Probably start with | |||
smtp_destination_rate_delay = 5s | |||
== queue == | |||
=== Clean the postfix queue === | |||
mailq | grep ^[A-F0-9]| awk '{ print $1 }'| sed 's/*//' | while read i;do postsuper -d ${i};done | |||
Or simple: | |||
postsuper -d ALL | |||
=== View message in queue === | |||
postcat | postcat | ||
===Delete message from queue=== | === Delete message from queue === | ||
postsuper -d | |||
postsuper -d | |||
=== Requeue mails === | |||
postsuper -r ALL | |||
or | |||
postqueue -f | |||
== Postfix as secondary MX == | |||
relay_domains = foo.com, bar.com | relay_domains = foo.com, bar.com | ||
relay_recipient_maps = | relay_recipient_maps = | ||
hash:/etc/postfix/relay_recipients | hash:/etc/postfix/relay_recipients | ||
| |||
== milter-reject 4.7.0 DNS timeout == | |||
Most likely caused by sid-filter, aka milter-sid, aka sid-milter. Try adding "-D" to the rc.conf or defaults or whatever file starting it. | |||
== postqueue: fatal: Connect to the Postfix showq service: Permission denied == | |||
postfix set-permissions | |||
== too many concurrent connections == | |||
If that's what you get sending to a server you don't control, check | |||
initial_destination_limit | |||
| |||
== warning: SASL authentication failure: No worthy mechs found == | |||
could be missing cyrus-sasl-plain | |||
==Sender address rejected: need fully-qualified address== | |||
myorigin = /etc/mailname | |||
[[Category:Mail]] | |||
Revision as of 14:56, 14 November 2021
Docs
- Homepage
- http://www.postfix.org/ADDRESS_CLASS_README.html
- Postfix on FreeBSD
- Postfix survival guide
- Postfix and Amavis
- Postfix and SpamAssassin
- postfix+spamd
- postfix with spamassass-milter on freebsd
- FAQ
- Postfix with clamav-milter
- Postfix wiki
- postfix dovecot
- postfix amavisd-new freebsd
- http://souptonuts.sourceforge.net/postfix_tutorial.html
- Setting up automatic relay_recipient_maps in postfix
- http://wiki.kartbuilding.net/index.php/Postfix_SMTP#Blocking_Spam_with_spamhaus_and_Postfix
- Postfix on Debian
- http://www.postfix.org/VIRTUAL_README.html
- https://skrilnetz.net/setup-your-own-mailserver/
- How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssassin
Postfix and smtp auth/sasl
- http://mirrors.loonybin.net/postfix_tls/doc/setup.html (this is a good one!)
- http://www.postfix.org/SASL_README.html
- http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL?action=show&redirect=PostfixAndDovecotSASL
- http://adomas.org/2006/08/postfix-dovecot/
- http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html
- http://forums.macosxhints.com/archive/index.php/t-96919.html
Postfix and Network Solutions certificates
#The private key you created together with privkey.csr, readable for root only! smtpd_tls_key_file = privkey.pem
#the certificate you received from NS smtpd_tls_cert_file = /etc/ssl/MY.HOST.COM.crt
#NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt combined in a single file smtpd_tls_CAfile = /etc/postfix/intermediate.pem
Postfix and LDAP
- Postfix LDAP
- Hosting Multiple Domains with Virtual Accounts
- LDAP Support in Postfix
- Virtual hosting with LDAP
- Postfix LDAP Howto v2.1
- http://www.root-it.fiberworld.nl/vriesman.tk/postfix-courier-ldap-howto.html
- http://swik.net/Postfix+LDAP
- http://gentoo-wiki.com/HOWTO_Postfix-LDAP_virtual_users_with_qmail_schema
- http://www.ldapsource.com/content/ldap_postfix.html
- http://www.boobah.info/howto/postfix-ldap.html
Spam filtering
- http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
- Postfwd
- Postscreen
- Postscreen cheatsheet
- http://www.xnote.com/howto/postfix-spamassassin.html
- http://www.akadia.com/services/postfix_spamassassin.html
- Filtering spam with Postfix
- Postfix and spamass-milter
ldap and aliases
- http://www.postfix.org/LDAP_README.html
- http://www.howtoforge.com/mandriva-directory-server-on-debian-etch-p3
man ldap_table man maildirquota
Tools
- postfwd
pflogsumm
Log analyzer
vimbadmin
Notes
- postconf
- postsuper
anti spam measures that work for me
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unverified_recipient, permit_mynetworks, reject_sender_login_mismatch, reject_invalid_hostname, reject_unknown_reverse_client_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access, reject_rbl_client bl.spamcop.net,
- reject_rbl_client safe.dnsbl.sorbs.net,
reject_rbl_client b.barracudacentral.org, permit
tls on outgoing mail
smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtp_tls_cert_file = /etc/postfix/ssl/domainname.com.pem smtp_tls_key_file = /etc/postfix/ssl/domainname.com.key smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_loglevel = 1
CentOS packages
gf-plus repository or epel :)
FAQ
Limit CC
/etc/postfix/header_checks
/^To:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients. /^Cc:([^@]*@){50,}/ REJECT Sorry, your message has too many recepients.
log subject
Create file /etc/postfix/header_checks and put in:
/^[Ss]ubject:/ WARN
and in /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
rate limit outgoing mail
Probably start with
smtp_destination_rate_delay = 5s
queue
Clean the postfix queue
mailq | grep ^[A-F0-9]| awk '{ print $1 }'| sed 's/*//' | while read i;do postsuper -d ${i};done
Or simple:
postsuper -d ALL
View message in queue
postcat
Delete message from queue
postsuper -d
Requeue mails
postsuper -r ALL
or
postqueue -f
Postfix as secondary MX
relay_domains = foo.com, bar.com relay_recipient_maps = hash:/etc/postfix/relay_recipients
milter-reject 4.7.0 DNS timeout
Most likely caused by sid-filter, aka milter-sid, aka sid-milter. Try adding "-D" to the rc.conf or defaults or whatever file starting it.
postqueue: fatal: Connect to the Postfix showq service: Permission denied
postfix set-permissions
too many concurrent connections
If that's what you get sending to a server you don't control, check
initial_destination_limit
warning: SASL authentication failure: No worthy mechs found
could be missing cyrus-sasl-plain
Sender address rejected: need fully-qualified address
myorigin = /etc/mailname