• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: Mail Server

Postfix : Standalone Mail Server

22 Monday Nov 2010

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

linux, Mail Server, mailqueue, MTA, MUA, postfix, Tutorial

Some Terminology
Part

What it Does
Example

Mail User Agent (MUA)
The MUA is the program which the user uses to read and send e-mail. It reads incoming messages that have been delivered to the user’s mailbox, and passes outgoing messages to an MTA for sending.

elm, pine, mutt
Mail Transfer Agent (MTA)

The MTA basicly acts as a “mail router”. It accepts a message passed to it by either an MUA or another MTA, decides based upon the message header which delivery method it should use, and then passes the message to the appropriate MDA for that delivery method.
sendmail, postfix, qmail

Mail Delivery Agent (MDA)
The MDA accepts a piece of mail from an MTA and performs the actual delivery.

mail.local, procmail
Structure of an Email Message
Email messages are compose of two parts:

1. Headers (lines of the form “field: value” which contain information about the message, such as “To:”, “From:”, “Date:”, and “Message-ID:”)
2. Body (the text of the message)


Example:
From johndoe@students.uiuc.edu Mon Jul 5 23:46:19 1999

Received: (from johndoe@localhost)
by students.uiuc.edu (8.9.3/8.9.3) id LAA05394;

Mon, 5 Jul 1999 23:46:18 -0500
Received: from staff.uiuc.edu (staff.uiuc.edu [128.174.5.59])

by students.uiuc.edu (8.9.3/8.9.3) id XAA24214;
Mon, 5 Jul 1999 23:46:25 -0500

Date: Mon, 5 Jul 1999 23:46:18 -0500
From: John Doe

To: John Smith
Message-Id:

Subject: This is a subject header.
This is the message body. It is seperated from the headers by a blank line.


SMTP and the Message Envelope

Postfix:

Download the postfix from http://www.postfix.org/. You can install both from tar.gz or rpm. Installation of postfix is straight forward. For rpm:



rpm –ivh postfix.version.rpm
For tar :

[root@mail postfix]# tar -zxvf postfix-2.1.5.tar.gz
[root@mail postfix]# rpm -qa | grep postifx

[root@mail postfix]# rpm -qa | grep sendmail
[root@mail postfix]# groupadd postfix

[root@mail postfix]# useradd -g postfix -s /bin/false postfix
[root@mail postfix]# groupadd postdrop

[root@mail postfix]# make
[root@mail postfix]# make install

The configuration files of postfix are in /etc/postfix folder. To make postfix work we mainly need to change two files. These are: main.cf and transport. The main.cf contains all the major configuration parameters. 
The following is a sample postfix main.cf file:

/etc/postfix/main.cf
# Install Time Configuration

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq
setgid_group = postdrop

manpage_directory = /usr/local/man
sample_directory = /etc/postfix

readme_directory = no
html_directory = no

queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix

command_directory = /usr/sbin
mail_owner = postfix

myhostname = hostname.domain.com
mydomain = domain.com

myorigin = $myhostname
mydestination= $myhostname, localhost.$mydomain, localhost

mynetworks = 10.0.0.0/8, 127.0.0.0/8
smtpd_banner = $myhostname ESMTP

header_checks = regexp:/etc/postfix/header_checks
smtpd_client_restrictions = hash:/etc/postfix/access

smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access
smtpd_recipient_restrictions = hash:/etc/postfix/access, reject_rbl_client bl.spamcop.net, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_multi_recipient_bounce

biff = no
smtpd_helo_required = yes

maximal_queue_lifetime = 2d
queue_run_delay = 3600s

ignore_mx_lookup_error = yes
smtp_always_send_ehlo = yes

default_destination_concurrency_limit = 10
default_destination_recipient_limit = 20

default_process_limit = 150
best_mx_transport = local

disable_vrfy_command = yes
alias_database = hash:/etc/postfix/aliases

mydestination = $myhostname, localhost.$mydomain, hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/transport

alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport

message_size_limit = 80000000
mailbox_size_limit = 1000000000

Explanation of the sample postfix main.cf configuration settings:
queue_directory

Postfix’s work directory. Where all the mail will be temporarily stored until it is delivered.
daemon_directory

Specifies the location of all the postfix programs.
command_directory

Specifies the location of all post* commands.
mail_owner

Specifies the user account that will own the mail queues.
myhostname

The name of this computer including the domain part. This is used when adding received by headers in email messages.
mydomain

This specifies the domain of this current computer.
myorigin

This name is added to locally originating email. So if you sent yourself a message from root, it would appear to come from root@mta1.domain.com.
mydestination

This setting tells postfix what domains it is the final destination for. This should be left at the default, and your domain should instead be listed in the transport file.
mynetworks

This setting tells postfix what networks it should consider local. In other words, computers connecting from any of these networks will be able to relay mail, etc. In our case, we put 127.0.0.0 (for localhost) and 10.0.0.0 (for any internal computer).
relay_domains

This setting tells postfix which domains it should relay. In this setting, we specify the transport file (which we’ll create below). This simply lists domains each on separate lines.
biff

This setting tells postfix not to use the biff program to let local users know that they have new email.
message_size_limit

This sets the maximum size of a message. Messages larger than 80 megs will be rejected. You can increase or decrease this based on your own server requirements.
mailbox_size_limit

This sets the maximum size of local mailbox files. We set it to 100 megs, although it should never reach this high because our only local mailboxes are spam and notspam
smtpd_banner

This is the banner that is displayed to connecting computers. It is a good security practice to give as little information as possible. I’ve included just the essentials.
transport_maps

This setting tells postfix where to find the transport information. The transport file is where we tell Postfix where to route certain mail. In our case, this file is where we tell Postfix that mail for domain.com should be delivered to our exchange server.
local_transport

This setting tells postfix that all local mail should be delivered using the local delivery agent.
smtpd_helo_restrictions, smtpd_sender_restrictions, smtpd_recipient_restrictions

These settings are used to deny access to postfix based on the HELO command, the sender, or the recipient. The recipient restrictions settings are used to prevent our mail server from being used as an open. You can get the details from http://www.postfix.org/uce.html
header_checks

The header_checks parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text.
Now change the transport file. The transport file contains the domain which have the relay access. The sample transport look like this:

/etc/postfix/transport
domain.com              local:

.domain.com             local:
Run the following command:

Syntex
Comment

cp /etc/postfix/aliases /etc/
#copy the aliases file to /etc

postalias /etc/postfix/aliases
#create the aliases.db file

postalias /etc/ aliases
#create the aliases.db file

postmap /etc/postfix/transport
#create the transport.db file

You can now start postfix using the postfix start command. Please check from netstat –nat output that port 25 is opne. You should test to make sure that you can connect to the SMTP interfaces on port 25. To do this use the command:
telnet localhost 25

The server should respond with:
Trying 127.0.0.1…

Connected to localhost.
Escape character is ‘^]’.

220 mta1.domain.com ESMTP
press ctrl-], then type ‘quit’ to quit

For further troubleshoot please check the maillog from /var/log/maillog.
Sample /etc/postfix/access file:
zakat.guide@gmail.com 550 Sorry, You are BLOCKED

xxx@123.net         550 Sorry, You are BLOCKED on Our Network
83.156.130.100        550 Sorry, You are BLOCKED on Our

221.29.132.160        550 Sorry, You are
Sample /etc/postfix/header_checks file:
/^From: khatun@123.net.ae/       REJECT Your PC is Virus Infected, Clean it first.
/^Subject: No More Guessing/          REJECT I can’t except mail from you!!.
/^Subject: 5 Minute Auto Loan/        REJECT I can’t except mail from you!!.

/^Subject: YOU JUST WONT A FREE GREENCARD!/ REJECT I can’t except mail from you!!.
/^Subject: You Have A Tiffany Bracelet Waiting For You/ REJECT I can’t except mail from you!!.

Sample /etc/postfix/body_checks file:
/Your Place Can Be Improved/          REJECT You are BLOCKED on Our Network. 
/Your Private Or Company Account/     REJECT You are BLOCKED on Our Network. 

/Your Secure Investment/              REJECT You are BLOCKED on Our Network. 
/Your Spouce Cheating Online/         REJECT You are BLOCKED on Our Network. 

/Yourthings.com.br/                   REJECT You are BLOCKED on Our Network. 
/Young Hot Bitches/                   REJECT You are BLOCKED on Our Network. 

/Young Teen Bitches/                  REJECT You are BLOCKED on Our Network. 


Blind Carbon Copy Maps
# vi /etc/postfix/main.cf

# always_bcc = root → copy all the incoming & outgoing mail to the user root
# sender_bcc_maps = hash:/etc/postfix/sender_bcc → this is one to one carbon copy. In the file we define which users mail are copied.

# vi /etc/postfix/sender_bcc → user (sender to match) root(BCC receipent) [mail send by user  is BCC to root]
# postmap /etc/postfix/sender_bcc
SMTP Authentication
You have to go through the following steps:

  1. install Cyrus-SASL
  2. configure Cyrus-SASL

  3. configure Postfix source-code with Cyrus-SASL support
  4. build Postfix

  5. (re)install Postfix
  6. configure Postfix to use the SASL SMTP features 
Cyrus-SASL
SASL comes with default linux installation which is ok for us. Or we can install it from cyrus-sasl packages. We need the cyrus-sasl and cyrus-sasl-devel program along with one or more authentication mechanism. If it is install or not we can check it from rpm -q cyrus-sasl.

The initial script is located in /etc/init.d/saslauthd
Reinstall Postfix
Need to recompile the postfix to support SMTP Authentication

# rpm -qa|grep cyrus → need to support authentication
# cd /root/postfix-2.1.5

# make tidy → clean up the installation
# make makefiles CCARGS=”-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl” AUXLIBS=”-L/usr/lib -lsasl2”

# make install
# postconf | grep smtpd_sasl

# postconf | grep smtpd_recipient_restriction
# postconf -a

# vi /etc/postfix/main.cf
# smtpd_sasl_auth_enable = yes

# smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# cd /usr/lib/sasl2

# vi smtpd.conf → pwcheck_method: saslauthd
                                                mech_list: plain login

#ln -s /usr/lib/sasl2 /usr/local/lib/sasl2
# saslpasswd2 username

Check for SMTP AUTH support

telnet localhost 25


S: 220 mail.example.com ESMTP Postfix
C: EHLO example.com
S: 250-mail.example.com
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-XVERP
S: 250 8BITMIME
C: quit
S: 221 Bye

Empty Mail Trash Folder

23 Monday Feb 2009

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

BASH, linux, Mail Server, My Work, Shell Script, Trash Folder

User always forget to empty there trash folder. User delete mail from there inbox; but don’t delete those mail from Trash folder. At the end, it eats up a lot of your server disk space. Empty this Trash folder is big headache for the administrator. Shell script can easily rescue the administrator. First create a list for you user. You can create it easily from awk commad. Save it in a file named user. Now create a new bassh file named trash_empty.sh and chown it to 755. Add the following syntex to the trash_empty.sh file

#!/bin/sh
for i in `more user`
do
echo $i
cat /dev/null > $i/mail/Trash
done

[user Trash folder in /home/username/mail/Trash. It may varies depending on your mail server configuration. ]

Now run the file trash_empty.sh WOW all your users Trash folder will be empty 🙂

Please take your own responsibility to empty users trash folder 🙂

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar