PostfixMail.com

Postfix Default Settings

December 27, 2008 – 6:04 am

You can list the default settings with Postfix with this command:

postconf -d

2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = postmaster
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, nis:mail.aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 20
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
enable_original_recipient = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_host_lookup = dns
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_threshold_time = 500s
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_enable = no
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_cert_file =
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_scert_verifydepth = 5
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 200600825
mail_spool_directory = /var/mail
mail_version = 2.3.3
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 1000s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = spidertools.org
myhostname = ns.spidertools.org
mynetworks = 127.0.0.0/8 127.0.0.1/32 12.32.36.123/32
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 1000s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = no
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /etc/postfix
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_enable = no
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_scert_verifydepth = 5
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!”#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers =
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH
tls_low_cipherlist = !EXPORT:ALL:+RC4:@STRENGTH
tls_medium_cipherlist = !EXPORT:!LOW:ALL:+RC4:@STRENGTH
tls_null_cipherlist = !aNULL:eNULL+kRSA
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =

By mike | Posted in Postfix Configuration | Tagged posftix default settings, postfix | Comments (0)

Enforcing Mailbox quotas

December 26, 2008 – 4:07 am

One nice feature of cyrus IMAP is that it does support quotas. Quotas are applied on the basis of the mailbox and any sub-mailboxes that do not have quotas. This means that a mailbox can only have or be a part of one quota. When mail arrives the quota is checked to verify that the mail will not cause the quota to be exceeded, THE MAIL WILL STILL BE DELEVERED; however, the user will be notified they are over the limit. If the mailbox is already over the limit when the mail arrives it will not be accepted.

By mike | Posted in Cyrus-Imap | Tagged cyrus, cyrus quotas, Cyrus-Imap, postfix | Comments (0)

Using Dovecot with Multiple Domains

December 10, 2008 – 5:05 am

See Dovecot installation below for details on how to set up Dovecot. In this section, the focus will be on creating passwords for users on multiple domains with Dovecot.

Edit your /etc/dovecot.conf file to reflect these changes

}

default_mail_env = maildir:/var/spool/vhosts/%d/%n
auth_mechanisms = plain DIGEST-MD5 CRAM-MD5
auth_verbose = yes
auth default {
mechanisms = plain
passdb passwd-file {
args = /etc/dovecot/passdb
}
userdb static {
args = uid=virtual gid=virtual /etc/dovecot/userdb
}
}

The first line will define the maildir format and show dovecot where the users are located. The %d represents the domain and the %n represents the username. So if you have two domains called example.com and myexample.com with two users called tom and joe it would look like this:

/var/spool/vhosts/example.com/tom/new
cur
tmp
/var/spool/vhosts/myexample.com/joe/new
cur
tmp

Note that each user must have these three directories created, new, cur, and tmp.

The auth_mechanisms shows which methods for authentication will be used. The next two lines represent the user database and the user password database for the virtual domains.
User Database
The /etc/dovecot/userdb is a file that will contain the users for the virtual domains. These users will not be able to login to the server itself. They will only be able to retrieve mail. The format of the file is:

tom@example.com::1000:1000::/var/spool/vhosts/example.com/:/bin/false::
joe@myexample.com::1000:1000::/var/spool/vhosts/myexample.com/:/bin/false::

Note that in this example the user and group virtual were created above with the uid and gid of 1000 so that that user may read the mail for the users to have access.

Password Database
The password database is a file /etc/dovecot/passdb that will include the encrypted passwords of each user on the virtual hosts. You may use the utility that is available with dovecot for creating passwords called dovecotpw. SSHA is a strong scheme that is easy to use. Note that each time you create a password it uses random salts to create a unique SSHA hash so that creating the same password twice will have different answers.

# dovecotpw -s ssha
Enter new password:
Retype new password:
{SSHA}9ivQ2nS4Ri9PZMNrZLs0a15weuD8Q/6s

Now the passwd file entry will look like this:
mike:{SSHA}9ivQ2nS4Ri9PZMNrZLs0a15weuD8Q/6s

The password that you used to create the encryption would be what the user will use.

Another way of creating these passwords is to use the utility mkpasswd. mkpasswd is a script written by Aaron Sherman in 1995 which creates encrypted passwords. You may download this file from a number of locations on the Internet. Save the script to the /root directory and chmod 755 so it will execute.
You will need to put a “./” before the utility to get it to execute. In the example it is creating a password for the term mynewpassword. This text then can be added to the database.

# ./mkpasswd mynewpassword
mynewpassword : o8J38mzOgsS7E

Here md5 encryption is added with the -5 option. Note the password is now much longer.
# ./mkpasswd -5 mynewpassword
mynewpassword : $1$r6NIrFZ9$n12Hx7Z3BnjwgtkFAatCQ/

Here is the database format for /etc/dovecot/passdb.

joe@example.com:o8J38mzOgsS7E
Be sure to chmod 640 the /etc/dovecot/passdb file.

options:

-h|-?|–help         Print summary help
–man                Show manual
-v|–verbose         Verbose output
-d|–debug           Debugging mode
-q|–quiet           Suppress excess output
-r|–random          Choose a random pattern
-s|–salt STRING     Use STRING as the salt for on-way encryption
-w|–wordlist FILE   Use FILE as the source for randomly chosen words
-n|–number N        Produce N passwords
-p|–pattern STRING Use STRING as the password pattern
-C|–ciphertext      Don’t produce the plain text password
-N|–non-words       Discard results that are words (combinations)
-P|–plaintext       Don’t produce the encrypted password
-R|–extra-random    Re-seed RNG from entropy pool constantly
-U|–unix-crypt      Turn off MD5 (this is the default)
-X|–max-password-length N
Produce passwords no more than N characters long
-5|–md5-format      Use MD5 password encryption
–extra-long         Allow extra-long random patterns
–punctuation STR    Use STR as the valid punctuation
–punctuation add:STR        Add STR to the punctuation list
–strict             Strict mode (same as -rR5 plus harder patt

By mike | Posted in Dovecot | Tagged Dovecot, multiple domains Dovecot | Comments (0)

Create Virtual Ownership

December 9, 2008 – 4:49 am

Mailbox Ownership
The mailboxes must each be owned by a user and connected to a group on the system. There are two directives which determine the ownership of mailboxes for users and groups.
virtual_uid_maps
virtual_gid_maps

It is possible to set a static map which means that one user will own all of the mailboxes of one domain. If you were setting up a static map with an account called vmail which had a UID of 1023 and a GID of 1024 you would setup the static map like this in the main.cf:
virtual_uid_maps = static:1023
virtual_gid_maps = static:1024

In order to set up different UIDs for each mailbox you would have to create a lookup file that would map addresses to the UIDs. In main.cf you must add a line that would access this file.

virtual_uid_maps = hash:/etc/postifix/virtual_uids

If you need the majority of mailboxes to be set up with one UID but several need static maps it would look like this:

virtual_uid_maps = hash:/etc/postifix/virtual_uids static:1023
Groups work the same way as the UIDs.

It is easier to create the UID and GID that are static this way:
Create the user virtual and group. Take note of the UID and GID.

useradd virtual -u 1000

groupadd virtual -g 1000

In this example if the UID and GID of virtual were 1000 this line in the main.cf would look like this.

virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

Change the permissions on the vmail directory so virtual can read all mail.

chown -R virtual:virtual /var/spool/vhosts
chmod 700 /var/spool/vhosts

Permissions on Working Virtual Mailbox

drwx—— 8 virtual virtual 4096 Sep 17 13:14 .
drwxr-xr-x 8 virtual virtual 4096 Feb 9 2008 ..
drwxr-xr-x 2 virtual virtual 4096 Sep 17 13:14 cur
-rw——- 1 virtual virtual   168 Sep 17 13:13 dovecot.index
-rw——- 1 virtual virtual 20480 Sep 17 13:13 dovecot.index.cache
-rw——- 1 virtual virtual 1760 Sep 17 13:14 dovecot.index.log
-rw——- 1 virtual virtual   428 Sep 17 13:13 dovecot-uidlist
drwx—— 5 virtual virtual 4096 Sep 14 03:24 .Drafts
drwxr-xr-x 2 virtual virtual 4096 Sep 17 13:13 new
drwx—— 5 virtual virtual 4096 Sep 14 03:24 .Sent
-rw——- 1 virtual virtual    18 Feb 9 2008 subscriptions
drwxr-xr-x 2 virtual virtual 4096 Sep 17 13:13 tmp
drwx—— 5 virtual virtual 4096 Feb 9 2008 .Trash

By mike | Posted in Multiple Domains | Tagged Multiple Domains, postfix, postfix virtual domains, Virtual Domains | Comments (0)

Dropping Spanish Spam with Spamassassin

December 5, 2008 – 5:52 am

Spamassassin has a section in /usr/share/spamassassin called 25_body_tests_es.cf which deals with Spanish Spam. These rules are not listed in the 50_scores.cf so as explained in the 50_scores.cf rules not listed automatically get a score of “1”. In some cases that score may not be enough so you will want to modify it in /etc/mail/spamassassin/local.cf. In this example the rules have all been take from the 25_body_tests_es.cf and placed in local.cf. Each rule has had score added to adjust the score and the number 3 at the end to add an additional 3 points to each rule. The file is saved and then you can restart spamassassin and the changes will begin to take effect.

score REMOVE_ES_01 3
score REMOVE_ES_01 3
score REMOVE_ES_02 3
score REMOVE_ES_03 3
score REMOVE_ES_04 3
score REMOVE_ES_05 3
score REMOVE_ES_06 3
score REMOVE_ES_07 3
score REMOVE_ES_08 3
score SUBSCRIBE_ES_01 3
score DEJAR_DE_FUMAR_ES 3
score GRATIS_ES 3
score INTERESADO_ES 3
score LEY_ORGANICA_ES 3
score NORMATIVA_SPAM_ES 3
score LEY_CHILE_ES_01 3
score LEY_CHILE_ES_02 3
score TARJETA_VERDE_ES 3
score PROMOCION_ES 3
score ALTA_BUSCADORES_ES 3
score EXCLAMACION_ES 3
score PRESENTAMOS_ES 3
score CONTRA_REEMBOLSO_ES 3
score PEDIDO_ES 3
score CLICK_ES 3
score REGALO_ES 3
score GANADORES_ES_01 3
score GANADORES_ES_02 3
score PORNO_GRATIS_ES 3
score MAS_INFORMACION_ES 3
score INFORMACION_RESERVA_ES 3
score REENVIA_ES 3
score NO_MAS_MAIL_1_ES 3
score NO_MAS_MAIL_2_ES 3
score COLECTOR_DE_MAILS_ES 3

By mike | Posted in Spam Control | Tagged spamassasin, spamassassin rules | Comments (0)

tcp_wrappers Problems

December 4, 2008 – 5:28 am

Mail Does Not Send
A common problem is finding that mail is not sending correctly and that the /var/spool/clientqueue is filling up with files. This directory can actually shut down your server if you do not have a separate directory for /var when this happen. The speed at which this happens is determined by the amount of mail that is being sent.
Cause of the Problem:
The cause of the problem is most often a mis configured firewall or a mis configured tcp_wrappers.
The firewall should allow connections on port 25 for Postfix, port 143 for IMAP (web based email) and port 110 for POP3. Check your firewall that these are open.
Here is an example of a tcp_wrappers hosts.allow from a working Mail Server. Note that the is mail server does not allow POP3 but allows IMAP, and POSTFIX .
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the ‘/usr/sbin/tcpd’ server.
#
POSTFIX:       ALL
SMTP:   ALL
IMAP:   ALL

Cannot Create Mailboxes
Even if cyrus IMAP is set up correctly there are times when the user cyrus cannot login to create a mailbox. If the password is correct the problem is probably related to /etc/hosts.allow/
Add this line to etc/hosts.allow
ALL: 127.0.0.1

Savemail Panic
If you see the error “Losing.lqfj54koqLM019255:savmail panic”
or
“savemail: cannot save rejected email anywhere”
Add this line to etc/hosts.allow
ALL: 127.0.0.1

By mike | Posted in Troubleshooting | Tagged Postfix Mail Server, Postfix Training, tcp_wrappers | Comments (0)

Blocking Zombie Spam Netblocks

November 30, 2008 – 8:05 am

There are network subnets that have been taken over by Spammers and run by bots. These networks are recorded and documented by Spamhaus and provide you a quick way to modify your firewall to eliminate these know blocks of Spam. You will need to have an iptables firewall and add this section to the firewall which will use the information found in the list to drop the subnets thus taking the load off your Postfix mail server.

The DROP list is maintained by Spanhaus and is found here:

http://www.spamhaus.org/DROP/

Here is a quote from the site:

“DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and routing equipment.

DROP is currently available as a simple text list, but will also be available shortly as BGP with routes of listed IPs announced via an AS# allowing networks to then null those routes as being IPs that they do not wish to route traffic for.

The DROP list will NEVER include any IP space “owned” by any legitimate network and reassigned - even if reassigned to the “spammers from hell”. It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations. These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.”

In order to implement this, add this section close to the top or your firewall and create a text file in /etc/rc.d called banned. Add one subnet to each line as you see in the actual code below. Please use this information on your own risk…the subnets could change over time.
#####################################################
# BLOCK ZOMBIE NETBLOCKS #
#####################################################
BADIP=”/etc/rc.d/banned”
BANNED=$( grep -v -E “^#” $BADIP )
for ip in $BANNED
do
iptables -A FORWARD -p tcp -s $ip -j DROP
done

# This is what the banned file needs to look like.
116.199.128.0/19
116.50.8.0/21
128.199.0.0/16
129.47.0.0/16
132.232.0.0/16
132.240.0.0/16
134.175.0.0/16
134.33.0.0/16
138.252.0.0/16
138.43.0.0/16
139.167.0.0/16
141.193.0.0/16
143.49.0.0/16
147.203.0.0/16
148.51.0.0/16
148.7.0.0/16
149.47.0.0/16
152.147.0.0/16
167.97.0.0/16
170.26.0.0/16
170.67.0.0/16
192.115.68.0/22
192.160.44.0/24
192.43.153.0/24
192.43.154.0/23
192.43.156.0/22
192.43.160.0/24
192.67.16.0/24
192.86.85.0/24
193.110.136.0/24
193.142.244.0/24
193.16.100.0/24
193.19.120.0/23
193.200.29.0/24
193.200.50.0/23
193.238.36.0/22
193.93.236.0/22
194.1.152.0/24
194.110.160.0/22
194.116.146.0/23
194.126.193.0/24
194.145.235.0/24
194.146.204.0/22
194.189.44.0/22
195.114.8.0/23
195.225.176.0/22
195.234.159.0/24
195.238.242.0/24
195.74.88.0/23
195.95.161.0/24
196.32.216.0/21
198.151.152.0/22
198.186.16.0/20
198.186.25.0/24
198.204.0.0/21
199.120.163.0/24
199.166.200.0/22
199.245.138.0/24
199.60.102.0/24
200.108.160.0/20
200.124.64.0/20
201.158.96.0/21
201.71.0.0/20
203.19.101.0/24
203.202.236.0/22
203.31.88.0/23
203.33.120.0/24
203.34.205.0/24
203.34.70.0/23
203.34.71.0/24
204.13.32.0/21
204.14.24.0/21
204.153.248.0/21
204.18.0.0/16
204.236.0.0/19
204.52.255.0/24
204.79.220.0/22
204.89.224.0/24
205.210.137.0/24
205.235.64.0/20
205.236.189.0/24
206.197.175.0/24
206.197.176.0/24
206.197.176.0/24
206.197.177.0/24
206.197.28.0/24
206.197.29.0/24
208.38.192.0/18
208.64.44.0/22
208.66.192.0/22
208.72.168.0/21
208.76.160.0/21
208.76.48.0/21
208.77.224.0/21
208.81.136.0/21
208.82.136.0/21
208.84.28.0/22
208.87.152.0/21
208.93.152.0/22
209.145.192.0/18
209.165.224.0/20
209.205.192.0/19
209.205.224.0/20
209.213.48.0/20
216.188.128.0/19
216.243.240.0/20
216.255.176.0/20
216.37.96.0/20
58.65.232.0/21
58.83.12.0/22
58.83.8.0/22
62.176.16.0/22
64.255.128.0/19
64.28.176.0/20
66.206.32.0/22
66.231.64.0/20
66.54.91.0/24
66.55.160.0/19
67.210.0.0/20
67.213.128.0/20
69.42.160.0/20
69.50.160.0/19
69.8.176.0/20
69.80.0.0/17
72.2.176.0/20
78.108.176.0/20
78.157.128.0/19
79.110.160.0/20
79.135.160.0/19
81.29.240.0/20
81.95.144.0/20
85.255.112.0/20
86.105.230.0/24
89.35.0.0/23
91.196.232.0/22
91.200.144.0/22
91.203.92.0/22
91.208.0.0/24
91.208.162.0/24
91.208.228.0/24
91.209.14.0/24
92.53.104.0/22
93.188.160.0/21
94.154.0.0/18
94.154.128.0/18
94.176.96.0/20

By mike | Posted in Security | Tagged block spam, block zombies, iptables firewall | Comments (0)

Monitoring Postfix with Nagios 3

November 28, 2008 – 3:43 am

When you set up Postfix it is a critical service for your organization. It is important that you set up a way to verify that the mail server is up and running. Nagios 3 provides an easy set up to allow you to monitor your mail server. This tutorial will help you understand how to add mail service checks for your Postfix Mail Server. If you need help in setting up Nagios 3 please check THIS ARTICLE.

Step #1: Add a Host
An easy way to start setting up hosts is to choose a web server to monitor.
You will need to edit /etc/nagios3/Define your host, give it a host name and an alias, be sure to have the correct IP Address. Use the check_http command which will monitor your web server on port 80 tcp. This is a much easier way to monitor a web server using icmp because you have to modify so many firewalls to allow icmp.

define host{
use                             generic-host
host_name                       mail
alias                           mail
address                         192.168.5.12
check_command                   check_smtp
max_check_attempts              10
notification_interval           120
notification_period             24×7
notification_options            d,u,r
contact_groups                  admins
}

Step #2: Add Host to a Service

Edit the /etc/nagios3/conf.d/generic-service_nagios2.cfg. If you are using the same service you can just add the second host to the host_name line. This will make it very easy to add a number of hosts to modify. Note two host names listed.

define service{
use     generic-service
host_name       mail
service_description     SMTP
check_command   check_smtp
}

Step #3: Check Configuration and Restart
You will want to run this command to check your pre-flight check to verify you do not have typos or other errors.

nagios -v /etc/nagios3/nagios.cfg

This should result in no errors and no warnings before you proceed.

Now restart nagios and the web server for nagios.

/etc/init.d/nagios3 restart
/etc/init.d/apache2 restart

Now access the web interface of Nagios at:

http://your_ip_address/nagios3

You should see that the service is being monitored.

By mike | Posted in Security | Tagged monitor postfix, nagios monitoring, postfix, Postfix Training | Comments (0)

SpamAssassin Rules Basics

November 24, 2008 – 5:20 am

SpamAssassin will use tests to check mail headers, the body, IP Addresses and checksums to locate patterns that indicate SPAM. So SpamAssassin will use pattern-based scores for checking patters that are found in headers, the body or attachments and it will use network-based tests that use DNS lookups or access RBL lists.
If you look in the /usr/share/spamassassin directory you will see a list of the tests that are performed by SpamAssassin.

The tests which are used by SpamAssassin and thus amavisd are located in /usr/share/spamassassin. These consist of over 1000 tests on various parts of the email that arrives. It also includes checks for known spammers. There are thousands of rules that are set up in the /usr/share/spamassassin directory. Each test file contains a number of rules that will be performed. The test files are basically self explanatory but here is some additional information that will help. Ratware are programs that are used by spammers to send their email. These specially designed programs have signatures that will be detected. The 10_misc.cf is a file that defines the templates that are used to report spam. The 20_compensate.cf file creates negative scores for good values in mail that indicate that the mail is not spam. The 50_scores.cf is the file that contains the scores for each rule. 60_whitelist.cf is where common addresses are listed. Here is a list of the directory.

# ls /usr/share/spamassassin/
10_misc.cf                 25_accessdb.cf           30_text_nl.cf
20_advance_fee.cf          25_antivirus.cf          30_text_pl.cf
20_anti_ratware.cf         25_body_tests_es.cf     30_text_pt_br.cf
20_body_tests.cf           25_body_tests_pl.cf     50_scores.cf
20_compensate.cf        25_dcc.cf                60_awl.cf
20_dnsbl_tests.cf         25_dkim.cf               60_whitelist.cf
20_drugs.cf                25_domainkeys.cf         60_whitelist_dk.cf
20_fake_helo_tests.cf 25_hashcash.cf           60_whitelist_dkim.cf
20_head_tests.cf           25_pyzor.cf              60_whitelist_spf.cf
20_html_tests.cf          25_razor2.cf             60_whitelist_subject.cf
20_meta_tests.cf           25_replace.cf           languages
20_net_tests.cf            25_spf.cf                sa-update-pubkey.txt
20_phrases.cf              25_textcat.cf            sa-update.cron
20_porn.cf                 25_uribl.cf             triplets.txt
20_ratware.cf             30_text_de.cf            user_prefs.template
20_uri_tests.cf            30_text_fr.cf
23_bayes.cf                30_text_it.cf

Here is an example taken from the 20_head_tests.cf file. Note that some tests require a specific version which is listed at the top. The test is listed in CAPS with underscores followed by the regular expression used to evaluate the rule that is listed. The line underneath provides a description of the rule. The score for each rule is listed in 50_scores.cf.
require_version 3.001007

header HEAD_LONG eval:check_msg_parse_flags(’truncated_header’)
describe HEAD_LONG Message headers are very long

# partial messages; currently-theoretical attack
# unsurprisingly this hits 0/0 right now.
header FRAGMENTED_MESSAGE Content-Type =~ /\bmessage\/partial/i
describe FRAGMENTED_MESSAGE Partial message

header MISSING_HB_SEP eval:check_msg_parse_flags(’missing_head_body_separator’)
describe MISSING_HB_SEP Missing blank line between message header and body

header UNPARSEABLE_RELAY        eval:check_relays_unparseable()
tflags UNPARSEABLE_RELAY        userconf
describe UNPARSEABLE_RELAY      Informational: message has unparseable relay lines

Each test looks similar to what you see here. These are header test so they start with the work “header” followed by the name of the test in CAPS. The actual expression of the test is on the right hand side. The first one is a regular expression that shows that there is not real name in the header. The second line is a description of the test. The second test listed shows that the From is a blank line and tests for that with a regular expression.
header NO_REAL_NAME From =~ /^["\s]*\<?\S+\@\S+\>?\s*$/
describe NO_REAL_NAME From: does not include a real name

header FROM_BLANK_NAME From =~ /(?:\s|^)”" <\S+>/i
describe FROM_BLANK_NAME From: contains empty name

Each test has a score that is associated with it in the 50_scores.cf file which is also located in /usr/share/spamassassin. The score adds to the email total score which determines if it is Spam.
score NO_REAL_NAME 0 0.550 0 0.961
The scores have 4 fields. The first is the score added is if a matching message has both the network and Bayesian tests are not in use. In NO_REAL_NAME this is 0. The second score is when network tests are in use and Bayesian tests are not in use. The third score is when Bayesian tests are in use but network tests are not. The final score is when both network tests and Bayesian are in use.

score FROM_BLANK_NAME 1.659 1.467 0.936 1.534

By mike | Posted in Spam Control | Tagged postfix, spaassassin rules, spamassassin | Comments (2)

Stopping Non-English Spam

November 22, 2008 – 5:38 am

One way you may choose to manage the mail that comes to the Postfix server is to use the locales which is a part of Spamassassin. If you cannot read other languages there is really no need to run them through your mail system. So for example if you wanted to limit email to English you would edit the:

/etc/mail/spamassassin/local.cf

ok_locales en

This will treat any mail in character sets other than Western as spam. Here are the option that you have:

en   - Western character sets in general
ja   - Japanese character sets
ko   - Korean character sets
ru   - Cyrillic character sets
th   - Thai character sets
zh   - Chinese (both simplified and traditional) character sets
all - Allow all character sets

This is an easy setting to help clean up mail that you cannot read anyway.

By mike | Posted in Spam Control | Tagged non-english spam, postfix, spam, spamassassin | Comments (0)

IMAP and SquirrelMail Install

November 21, 2008 – 7:31 am

IMAP offers the flexibility that most people want with email. Access mail from different computers, locations and also access from PDAs, TV, etc. IMAP by default stores mail on a central server that provides access to a mail account from anywhere in the world.
SquirrelMail is a standards-based program that offers you an easy way to set up an IMAP web based email server. It is written in PHP4 and provides support for both IMAP and SMTP. One advantage of SquirrelMail is that the javaScript is an option not a requirement for users making it more browser compatible. The setup on a CentOS or RHEL server is an effective way to provide email access to roaming users from an office or from home.
Requirements
In order to use Squirrelmail you must have installed:
Apache
PHP4.1.2 or better
IMAP
Browser – cookies must be enabled
Install
SquirrelMail has become an option for install on most Linux distributions.

Centos
yum install squirrelmail

Ubuntu
apt-get install squirrelmail
SquirrelMail is installed in /usr/share/squirrelmail typically.
Some directories for queuing & attachments are set up in /var/lib.
The config files are found in /etc/squirrelmail.
A config file for httpd is added to /etc/http/conf.d which creates the alias, webmail for SquirrelMail. The webmail alias allows you to access SquirrelMail by using the link, http://example.org/webmail
This will then bring up the login for the server. A cron job is activated to purge the attachments directory.
/etc/cron.daily/squirrelmail.cron

By mike | Posted in Squirrelmail | Tagged centos, postfix, Squirrelmail, ubuntu 8.10 | Comments (0)

Header Checks: Examples of What Not to Do

November 17, 2008 – 5:26 am

Listed here are a number of header checks that do work but they are ineffective for the most part. Here is the problem. When you look at these examples they have a Subject that you are searching for. As a result you will be writing header checks until the day you die, not good. My thinking is that you will want to discard this methodology for header checks that are more general and throw a wider net over the problem. Two reason for this are; first you have SpamAssassin or some other program to do actual Spam testing later. Second, you need to preserver resources on your Postfix mail server. Actually this is the most important aspect of what you are doing is trying to save yourself money and time by reducing the load on your server. If you place too many header checks in Postfix you will begin to see a speed loss and resource loss.

So review your header checks and make sure you are using each line wisely.

/^Subject: Get Viagra Online Now !!!/                REJECT
/^Subject: ENLARGE YOUR PACAKGE GUARANTEED/            REJECT
/^Subject: Add REAL Inches To Your Package! GUARANTEED/    REJECT
/^Subject: At Last, Herbal V, the All Natural Alternative!/    REJECT
/^Subject: Have Hair Loss? We Can Help You!\.\.Read on\.\./    REJECT
/^Subject: Pill to Increase Your Ejaculation by \d{3}%/        REJECT
/^Subject: free trial herbal viagra good for men and women/    REJECT
/^Subject: STAYING POWER/                    REJECT
/^Subject: Isn\’t It Time You Solved Your \”little\” Problem\?\s*\d{2,6}/    REJECT
/^Subject: Non Prescription Alternative to Viagra/        REJECT

# financial / money

/^Subject: INSTANT Daily PAY!/                    REJECT
/^Subject: INSTANT Pay to \$\d{2,3} A Day!/            REJECT
/^Subject: The easiest way to make money on the internet!/    REJECT
/^Subject: INTEREST RATES HAVE DROPPED/                REJECT !
/^Subject: Make Money In Your Sleep! /                REJECT
/^Subject: Lowest Rates In Years! /                REJECT
/^Subject: make money now!!!!!/                    REJECT
/^Subject: HOME-BASED BUSINESSES /                REJECT
/^Subject: Sick of paying and paying and staying in debt? /    REJECT
/^Subject: Recession Hurts!/                    REJECT
/^Subject: Got Debt\?\s*Cut Your Bills in HALF!/            REJECT
/^Subject: Double your policy at No Extra Cost!/        REJECT
/^Subject: Make \d{2}% Yearly Fully Secured!/            REJECT
/^Subject: Have tax problems?\s*\[\w{4,6}\]/            REJECT
/^Subject: Got a Mortgage\?\s{1,9}\d.\d{2}% Fixed Rate Mortgage/    REJECT
/^Subject: Rates Have Fallen Again!\s{1,9}\d.\d{2}% Fixed Rate Mortgage/    REJECT
/^Subject: Take Advantage of Falling Interest Rates!/        REJECT
/^Subject: Double Your Life Insurance at NO EXTRA COST!/    REJECT
/^Subject: Got Debt\?.*\[\w{4,6}\\]/                REJECT
/^Subject: Are you in debt\?\s*\[\w{4,6}\\]/            REJECT
/^Subject: Refinance rates as low as \d.\d{2}%/            REJECT
/^Subject: Hot Casino Action - \d{2,3}% Bonus/            REJECT
/^Subject: Double your policy at No Extra Cost!/        REJECT
/^Subject: Need More Life Insurance\? Double it for No Extra Cost/    REJECT
/^Subject: Did you get your money\?/                REJECT
/^Subject: Tired of dropping stock prices\?\d{1,6}/        REJECT
/^Subject: \d{2,6}\s*Work From Home /                REJECT
/^Subject: Debt Consolidation.\s*\[\w{4,6}\]/            REJECT
/^Subject: Mortgage interest rates are lowered AGAIN/        REJECT
/^Subject: Re: Easy money! Muy dinero! \(/            REJECT
/^Subject: Feel the Excitement of CyberXCasino/            REJECT
/^Subject: Free Loan Quotations\.\.\.\.\.Lower your Rate!/        REJECT
/^Subject: Free Vacation$/                    REJECT
/^Subject: GUARANTEED MONTHLY INCOME- Join FREE NOW!/        REJECT
/^Subject: Is your mortgage APR as low as \d.\d{2}/        REJECT
/^Subject: Tired of the 40 X 40.*\?/                REJECT
/^Subject: NEVER REPAY, FREE CASH GRANTS\.*\s*\d{2,7}$/        REJECT
/^Subject: Are You Making \$\w{2,}\+ A Month Online\?\s*\d{2,7}$/    REJECT
/^Subject: Secure Your Financial Future!$/            REJECT
/^Subject: \d{2,3}% OFF Your Life Insurance/            REJECT

# piracy

/^Subject: Copy Your Favorite DVD Movies !!!/            REJECT
/^Subject: EASILY COPY ANY DVD MOVIE FOR FREE!/            REJECT
/^Subject: Favorite Movie not on DVD?/                REJECT

# random

/^Subject: Try this, it really works! /                REJECT
/^Subject: Increased Emotional Stability /            REJECT
/^Subject: Free Travel/                        REJECT
/^Subject: Chart Returns - Charles Taylor /            REJECT
/^Subject: You could search for a year and\.\.\.\.\./        REJECT
/^Subject: Escape the Ordinary\.\.\.\.\.\.New Opportunity for you\.\./    REJECT
/^Subject: This Is What You’ve Been Waiting For\..*\d{2,6}/    REJECT
/^Subject: Get Rid of those Paper Piles!\s*\d{2,6}/        REJECT
/^Subject: Imaging Software for the Home.*\d{2,6}/        REJECT
/^Subject: End static on the cell/                REJECT
/^Subject: Free Trials & HBC Updates!/                REJECT
/^Subject: Free Trials from Home Business Connection/        REJEC
/^Subject: Fw: Marketing your product or service just got easier!/    REJECT
/^Subject: Re: I did not hear back from you$/            REJECT
/^Subject: Safe, Easy Snoring Solution!\s*\w{2,7}/        REJECT

# search engines

/^Subject: Search Engine Bids Are Now Half Price!/ REJECT
/^Subject: Guaranteed Top Ten Search Engine Placement!!\s*\d{2,7}/ REJECT

# spamware / email addresses

/^Subject: \d{2,3} Million Fresh Email Addresses/        REJECT
/^Subject: \d{2,3} Million Email Addresses - \$\d{2,3}/        REJECT
/^Subject: Internet Marketing Works! -\w{48}/            REJECT
/^Subject: Lets Learn How to market successfully!\s*\d{2,7}/    REJECT

# spyware

/^Subject: Investigate Anyone or Anything now!/ REJECT
/^Subject: NEW!! Find out ANYTHING about ANYONE w\/ your PC!/ REJECT

# paranoia

/^Subject: Protect yourself from Small pox and Anthrax Naturally\s*\w{2,7}/ REJECT

# just plain unrealistic

/^Subject: Boost Your Windows Reliability/ REJECT
/^Subject: Give Windows Operating System A Boost In Reliability!/ REJECT

By mike | Posted in Filters | Tagged header checks, postfix, postfix spam, Postfix Training, spam | Comments (0)

Dropping X-Mailers in Header Checks

November 14, 2008 – 7:14 am

Header checks with Postfix can be used to deal with unwanted mail before your server wastes time with it. Created the file /etc/postfix/header_checks and then add this line in your main.cf.

header_checks = pcre:/etc/postfix/header_checks

The format line for each header check follows this pattern:

/^HEADER:.*content_for_review/ ACTION

The HEADER that you usually will act on is the Subject header. However, you can also filter headers based on the X-Mailer. One idea is to DISCARD all mail that comes from typical X-Mailers that a Spammer will use. Here is a list of X-Mailers that you could place in your header_checks file. Note that often you will use REJECT to send a message back to the user but with these known mailers you probably do not want to send anything back to them. Note also, that this method is bound to create some false positives, so test it for yourself before you make any final decisions.

# Following is a list of known mass mailer programs.
/^X-Mailer: 0001/                               DISCARD
/^X-Mailer: 007 Direct Email Easy/                          DISCARD
/^X-Mailer: Advanced Mass Sender/                          DISCARD
/^X-Mailer: Aristotle /                          DISCARD
/^X-Mailer: Aureate Group Mail/                          DISCARD
/^X-Mailer: Avalanche/                          DISCARD
/^X-Mailer: commercialmail /                          DISCARD
/^X-Mailer: Copia emailFacts /                          DISCARD
/^X-Mailer: Crescent Internet Tool/             DISCARD
/^X-Mailer: CyberCreek/                          DISCARD
/^X-Mailer: DiffondiCool/                       DISCARD
/^X-Mailer: Dynamic Opt-In Emailer /                          DISCARD
/^X-Mailer: DMailer /                          DISCARD
/^X-Mailer: eGroups Message Poster /                          DISCARD
/^X-Mailer: E-Mail Delivery Agent/              DISCARD
/^X-Mailer: Emailer Platinum/                   DISCARD
/^X-Mailer: E-mail sender /                          DISCARD
/^X-Mailer: e-Merge /                          DISCARD
/^X-Mailer: Entity/                             DISCARD
/^X-Mailer: Extractor/                          DISCARD
/^X-Mailer: Floodgate/                          DISCARD
/^X-Mailer: GMail2 /                          DISCARD
/^X-Mailer: GOTO Software Sarbacane/            DISCARD
/^X-Mailer: Inet_Mail_Out /                          DISCARD
/^X-Mailer: jfmailer /                          DISCARD
/^X-Mailer: Mail Bomber /                          DISCARD
/^X-Mailer: MailWorkz/                          DISCARD
/^X-Mailer: MassE-Mail/                         DISCARD
/^X-Mailer: MaxBulk.Mailer/                     DISCARD
/^X-Mailer: MailKing /                          DISCARD
/^X-Mailer: Mailloop /                          DISCARD
/^X-Mailer: MailXSender /                          DISCARD
/^X-Mailer: MassE-Mail /                          DISCARD
/^X-Mailer: MultiMailer /                          DISCARD
/^X-Mailer: NetMasters SMTP /                          DISCARD
/^X-Mailer: Opt-In Lightning /                          DISCARD
/^X-Mailer: PersMail /                          DISCARD
/^X-Mailer: PLAUZIUM /                          DISCARD
/^X-Mailer: Power CGI Bulk /                          DISCARD
/^X-Mailer: Prospect Mailer /                          DISCARD
/^X-Mailer: News Breaker Pro/                   DISCARD
/^X-Mailer: SmartMailer/                        DISCARD
/^X-Mailer: Sparc12 /                          DISCARD
/^X-Mailer: StormPort/                          DISCARD
/^X-Mailer: SuperMail-2/                        DISCARD
/^X-Mailer: Super-Duper-FastMail/                          DISCARD

By mike | Posted in Filters | Tagged header checks, Postfix Mail Server, posttix filters, x-mailers | Comments (0)

Automating Log Statistics

November 13, 2008 – 7:52 am

This tutorial will show you how to set up your log statistics to be mailed to you every night so you know what is happening with your Postfix Mail Server.

Set up a cron job so that it will run at 11:55 PM, just before midnight as you want to get all of the logs for that day. Be sure to give enough time for the script to run before the next day. Here is the line to use if you have install pflogsumm at /usr/pflogsumm, see this article for installation.

As root run:

crontab -e

Now add this line with your email at the end. Note the \ which indicates a line break.

55 23 * * * /usr/pflogsumm/./pflogsumm.pl -u 5 -h 5 –problems_first -d today \
/var/log/maillog | mail -s “PostFix Report `date`” \someemail@somewhere.com

Here is an example

Postfix log summaries for Nov 13

Grand Totals
————
messages

19   received
16   delivered
0   forwarded
1   deferred (5 deferrals)
1   bounced
16   rejected (50%)
0   reject warnings
0   held
0   discarded (0%)

69610   bytes received
66259   bytes delivered
10   senders
9   sending hosts/domains
6   recipients
6   recipient hosts/domains

message deferral detail
———————–
smtp (total: 5)
3 hjeigb.info[69.64.157.16]: Connection refused
2 conversation with hjeigb.info[216.52.184.243] timed out while …

message bounce detail (by relay)
——————————–
none (total: 1)
1 Host not found

message reject detail
———————
cleanup
header (total: 2)
1   Content-Type: text/html; charset=”iso-2022-jp”
1   Content-Type: text/plain;??charset=”gb2312″
RCPT
blocked using sbl-xbl.spamhaus.org (total: 2)
1   125.187.32.174
1   konstantynow.mm.pl
Helo command rejected: need fully-qualified hostname (total:
2   122.198.44.5
1   59.151.193.207
1   123.131.179.188
1   221.205.192.210
1   59.25.194.72
1   ppp85-141-130-24.pppoe.mtu-net.ru
1   117.104.245.29
Relay access denied (total: 4)
1   parestaurant.org
1   92.80.72.159
1   92.113.111.226
1   122.198.44.5

message reject warning detail: none

message hold detail: none

message discard detail: none

smtp delivery failures
———————-
connection refused (total: 3)
3 hjeigb.info

Warnings
——–
smtpd (total: 5)
1   99.178.220.164: hostname adsl-99-178-220-164.dsl.irvnca.sbcglob…
1   92.113.111.226: hostname 226-111-113-92.pool.ukrtel.net verific…
1   117.104.245.29: hostname 29.245.104.117.ids.service.eastern-tel…
1   Unable to look up MX host for pure1-mail.net: Host not found
1   Unable to look up MX host for amota8.co.il: Host not found

Fatal Errors: none

Panics: none

Master daemon messages: none

Per-Hour Traffic Summary
time          received delivered   deferred    bounced     rejected
——————————————————————–
0000-0100           2          1          1          1          1
0100-0200           3          3          1          0          3
0200-0300           3          2          1          0          2
0300-0400           4          4          1          0          0
0400-0500           3          2          0          0          4
0500-0600           4          4          1          0          6
0600-0700           0          0          0          0          0
0700-0800           0          0          0          0          0
0800-0900           0          0          0          0          0
0900-1000           0          0          0          0          0
1000-1100           0          0          0          0          0
1100-1200           0          0          0          0          0
1200-1300           0          0          0          0          0
1300-1400           0          0          0          0          0
1400-1500           0          0          0          0          0
1500-1600           0          0          0          0          0
1600-1700           0          0          0          0          0
1700-1800           0          0          0          0          0
1800-1900           0          0          0          0          0
1900-2000           0          0          0          0          0
2000-2100           0          0          0          0          0
2100-2200           0          0          0          0          0
2200-2300           0          0          0          0          0
2300-2400           0          0          0          0          0

Host/Domain Summary: Message Delivery (top 5)
sent cnt bytes   defers   avg dly max dly host/domain
——– ——- ——- ——- ——- ———–
3     8124        0     5.8 s    7.9 s yahoo.com
7     4175        0     3.2 s    3.2 s news.espacopublico.com.br

Host/Domain Summary: Messages Received (top 5)
msg cnt   bytes   host/domain
——– ——- ———–
3     6481   gmail.com
2    14562   alicensing.com
2     3238   chasey.com

top 5 Senders by message count
——————————
3   from=<>
2   c19remove@alicensing.com
2   ash22@chasey.com

top 5 Recipients by message count
———————————
1 noreply@news.espacopublico.com.br

top 5 Senders by message size
—————————–
17328   sophiew@ubi.com
14562   c19remove@alicensing.com
11353   from=<>
5238   noreply@news.espacopublico.com.br

top 5 Recipients by message size
——————————–

4175 noreply@news.espacopublico.com.br

By mike | Posted in Statistics | Tagged postfix, Postfix statistics, Postfix Training | Comments (0)

Built in Content Filters for Postfix

November 8, 2008 – 8:18 am

One way to implement content filtering is to use regular expressions in your header, mime_header, nested_header and body checks. This should be simple matches to regular expressions. The goal with this example is to eliminate non-English characters, since we cannot read them anyway. This will drop all non-English mail.

header_checks = pcre:/etc/postfix/header_checks
mime_header_checks = pcre:/etc/postfix/mime_header_checks
nested_header_checks = pcre:/etc/postfix/nested_header_checks
body_checks = pcre:/etc/postfix/body_checks

Notice that the map is pcre in these examples, you could use regexp. Best performance is with pcre (Perl Compatible Regular Expression) tables. Check that you can use pcre with:

postconf -m

If you do not have pcre support you can use regexp.

When you create the file header_checks here are a couple options, there are others.

/pattern/flags action

!/pattern/flags action

Decide which one you want to use. The example below uses pattern matches.

If you want to reject or discard all email that is non-English you can take these steps.

Before you set up the header_checks you need to be somewhat familiar with the actions that you want to take. Here is a list of actions with a brief description.

Actions
DISCARD             drop out of existence
DUNNO                pretend input line did not match pattern
FILTER               write a content filter and sent to external filter
HOLD                put in hold queue
IGNORE            delete current line and move to next line
PREPEND            prepend a one with text and inspect next line
REDIRECT             enter an email to be directed to
REPLACE             put text to replace line
REJECT optional text reply with message
WARN optional text       warning with text message

In the example two actions are shown, the first is to DISCARD which means no message will be sent to the user, it is just dropped. The second is to REJECT and then send to message to indicate an unacceptable character set.

# Header Checks
header_checks = pcre:/etc/postfix/header_checks

Create a new file, you can move the default header_checks man page to header_checks_bk and then start a new page.

Contents of header_checks. Thanks to Wietse Venema for this suggestion.

/[^[:print:]]{8}/ DISCARD

# Chinese, Japanese and Korean
/^Content-Type:.*?charset\s*=\s*”?(Big5|gb2312|euc-cn)”?/
REJECT HDR2100: Unaccepted character set: “$1″
/^Content-Type:.*?charset\s*=\s*”?(euc-kr|iso-2022-kr)”?/
REJECT HDR2110: Unaccepted character set: “$1″
/^Content-Type:.*?charset\s*=\s*”?(iso-2022-\w+|euc-jp|shift_jis)”?/
REJECT HDR2120: Unaccepted character set: “$1″
# Cyrrilic character sets: Russian/Ukrainian
/^Content-Type:.*?charset\s*=\s*”?(koi8-(?:r|u))”?/
REJECT HDR2200: Unaccepted character set: “$1″
/^Content-Type:.*?charset\s*=\s*”?(windows-(?:1250|1251))”?/
REJECT HDR2210: Unaccepted character set: “$1″

Once you have the file created restart postfix and then test. Create a testpattern file and place an example in that file to test the header check.

postmap -q - pcre:/etc/postfix/header_checks < testpattern

If the pattern matches that you placed in testpattern then you will get a return on the command. If there is no match, you will get nothing in return.
:

By mike | Posted in Filters | Tagged header checks, postfix header, Postfix Training | Comments (0)