Mohan WebSite

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

Administration:Postfix Queue

Overview

When is postfix used?

Postfix can be used for the following functionality:

Masquerading
Shunting queue

The Postfix solution is not secured and hence should be used after the qmail server. Postfix can be put in front of qmail only on internal servers which are not exposed to direct hits from the Internet or LAN.

What is a shunting queue?

Consider a Connect Xf server which routes mail to other servers in the network.
For example a mail router which accepts mail from the MX server and depending on the location of the recipients mail box, routes the mail to that server.
Some times, if the connection to the destination server is experiencing problems, then mails for that server remain in the queue. The queue size grows and affects the delivery of mail to other locations where there is no problem with connectivity.
To solve this problem, you can install ‘shunting queues’ for each of the destination IPs/domains.
The working of the shunting queue can be explained as follows:

The mail arrives in the main queue. Depending on the destination, the mail is routed to a shunting queue which accepts this mail and then in turn delivers to the destination server.

Shunting queues can be used when you want to deliver mail to the following destinations using a separate queue:

Outgoing mail (mail to external domains)
Mail to hosted domains whose mailboxes are hosted on other servers.
Mail to a host (forward to host)
Mail to other mailbox locations.

Mails can be delivered via shunting queues either by configuring SMTP Routes or by configuring Prequeue Routing

Can I have more than one shunting queues?

Yes you can have one shunting queue per destination server.

What is the maximum number of shunting queues that I can install?

To keep the complexity of trouble shooting and mail tracing to a minimum, it is advisable to have minimum shunting queues. We do not recommend over 20 shunting queues.

Which MTA is used for shunting queues?

The Postfix MTA is used for shunting queues.

What is masquarading?

Consider an oranization which has standardized the email ids to firstname.lastname.
However prior to this policy, email ids were created in a random format.
This organization may need to do a phased roll out of the new nomemclature and would like only the mail to go with the new ids. In which case the od ids have to masquarade as new ids.
This is only one example of masqurading. Another may be when the mail on a domain has to be sent to servers hosting a sub a sub domain. In which case email ids from the parent domain have to be translated to email ids in the sub domain.

Installation

The postfix component gets automatically installed on installing Connect Xf 3.8+.

Configuration

How do I configure a postfix shunting queue?

Connect Xf 3.8 introduces new postfix templates which will help you configure the postfix shunting queues.
The instructions for installing these shunting queues are available in the following files:


Shunting queue for	Resource
Domain	/mithi/mcs/modules/mithi-bl/binconf/postfixTemplates/domainBasedShuntingQueueConfiguration.txt
Forward to host	/mithi/mcs/modules/mithi-bl/binconf/postfixTemplates/forwardToHostBasedShuntingQueueConfiguration.txt
mailboxlocation	/mithi/mcs/modules/mithi-bl/binconf/postfixTemplates/mailBoxLocationBasedShuntingQueueConfiguration.txt
Outgoing	/mithi/mcs/modules/mithi-bl/binconf/postfixTemplates/outgoingMailShuntingQueueConfiguration.txt

How do I ensure that the postfix service auto starts on server reboot?

Refer to the following file on the Connect Xf 3.8 server

/mithi/mcs/modules/mithi-bl/binconf/postfixTemplates/configurePostfixStartUp.txt

How do i take the backup of the postfix configuration?

The backup of the postfix queue configuration is now part of the system data backup.
For details on how to configure a backup, refer to the following topic:

Configuring Backup

How do i configure relay host in postfix?

The following settings can be added to the end of the “/etc/connectxfpostfix/postfix-<queueid>/main.cf” file.

 #Note the relay host server ip should be in square brackets.
 relayhost = [<ip of the relayserver>]
 smtp_sasl_password_maps = hash:/etc/connectxfpostfix/postfix-<queueid>/sasl_passwd

In the “/etc/connectxfpostfix/postfix-<queueid>/sasl_passwd” file make the following entries

 #Note the relay host server ip should be in square brackets.
 [<ip of relayserver>]              <userid>:<password>

Run the commands

postmap /etc/connectxfpostfix/postfix-<queueid>/sasl_passwd  
postmap //etc/connectxfpostfix/postfix-<queueid>/transport
/etc/init.d/postfix-<queueid> reload

How do i configure fallback relay in postfix?

Find the configuration directory of a shunting queue

ll /etc/connectxfpostfix/postfix-<queueid>

To setup a fallback or failover smtp add the following line to the main.cf in the configuration directory of a Shunting queue

fallback_relay= comma seperated ip address of failover relays

Save the file
Reload postfix

/etc/init.d/postfix-<queueid> reload

How to change the smtp concurrency

Open the mail.cf file

vi /etc/connectxfpostfix/postfix-<queueid>/main.cf

Search for the following lin

#default_destination_concurrency_limit = 20

Uncomment the line and change the concurrency according to your requirent
Refresh postfix

postmap /etc/connectxfpostfix/postfix-<queueid>/main.cf
/etc/init.d/postfix-<queueid> reload

How do I set maximum size of a message in the postfix?

Find the configuration directory of a shunting queue

ll /etc/connectxfpostfix/postfix-<queueid>

To set the maximum size of message, add/modify the following option in the main.cf in the configuration directory of a Shunting queue

message_size_limit = <Number of Bytes>

message_size_limit = 20480000

Save the file
Reload postfix

/etc/init.d/postfix-<queueid> reload

I want to configure Postfix to listen on port 25 of one IP and qmail to listen on port 25 of another IP assigned to the server

By default qmail will listen on Port 25 of all the IPs assigned to the server.
To enable Postfix to run on port 25 of another IP assigned to the server, in addition to binding postfix to the required IP, we have to explicitely bind qmail to only one IP.
The instructions to How to bind qmail to an IP is given here .

How do I delete a postfix queue?

1. stop the postfix queue

/etc/init.d/postfix-<queueid> stop

2. Ensure queue is empty

postqueue -p -c /etc/connectxfpostfix/postfix-<queueid>

3. Remove folders

rm -rf /etc/connectxfpostfix/postfix-<queueid>
rm -rf /var/spool/postfix-<queueid>
rm -f /etc/init.d/postfix-<queueid>

4. Delete from auto start

chkconfig --del postfix-<queueid>

How do I copy the postfix configurations from another server?

Install the postfix rpm as per the instructions given above.
Copy the etc postfix folders from the MCS server on which postfix has been installed, by running the following command on it

scp /etc/connectxfpostfix/postfix-<queueid>* <IP of the NEW SERVER>:

Make a backup of the postfix information in the spool folder from the MCS server on which postfix is already installed

cd /var/spool/
tar -czvf /root/mithiwork/postfix.spool.tar.gz postfix* --no-recursion

Copy the tar file to the target server
On the target server run the following commands

cd /var/spool/
tar -xzvf /root/mithiwork/postfix.spool.tar.gz postfix* --no-recursion

Copy info int /etc/init.d/postfix folder

scp /etc/init.d/postfix* <IP of new server>:/etc/init.d/

On the target server, for every postfix queue copied, run the following commands

postmap /etc/connectxfpostfix/postfix-<queueid>/transport
/etc/init.d/postfix-<queueid> restart

To test whether the postfix queues copied are work check using telnet

telnet localhost <ports defined in master.cf>

How do I configure masquarading?

Setup a postfix shunting queue as mentioned above.
Add the following lines to main.cf of the shunting queue

Change the following parameters (if the lines are not found add them)

vi /etc/connectxfpostfix/postfix-<queuename>/main.cf

myhostname = mcs.<domain name>
mydomain = mcs. <domain name>
inet_interfaces = <ip for interfacing with lotus>
local_recipient_maps =
local_header_rewrite_clients = static:all
masquerade_classes = envelope_recipient, envelope_sender, header_sender, header_recipient
masquerade_domains = <domainname>
masquerade_exceptions =
transport_maps = hash:/etc/connectxfpostfix/postfix-<queuename>/transport
best_mx_transport = smtp
relay_domains = $mydestination
local_recipient_maps =
mynetworks_style = host
mynetworks =  <List of ips  which will send mail> (This will consist of the Lotus machine ip/ips)
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps = hash:/etc/connectxfpostfix/postfix-<queuename>/canonical
relay_transport = relay

Modify the file /etc/connectxfpostfix/posfix-<queueid>/canonical

vi /etc/connectxfpostfix/posfix-<queueid>/canonical
and add entries in the format given below
email id 1        email id 2
email id 3        email id 4

The above will translate email id 1 to email id 2 and email id 3 to email id 4

To masquerade an entire domain, add the following line

@domain1        @domain2

The above will translate all ids from domain1 to corresponding ids in domain2

Save the file
Run postmap

postmap /etc/connectxfpostfix/postfix-<queueid>/main.cf
postmap /etc/connectxfpostfix/postfix-<queueid>/canonical
postmap /etc/connectxfpostfix/postfix-<queueid>/sender_canonical
postmap /etc/connectxfpostfix/postfix-<queueid>/recipient_canonical

Reload postfix

service postfix-<queueid> reload
or
/etc/init.d/postfix-<queueid> reload

How to update the database after changing the canonical files

If the cannonical file is modified, to update the database file run the command

postmap /etc/connectxfpostfix/postfix-<queueid>/sender_canonical
postmap /etc/connectxfpostfix/postfix-<queueid>/recipient_canonical

Reload the postfix service using the command

 /etc/init.d/postfix reload

How do I configure the postfix for the Virtual IP assigned to a MCS setup with DRBD and heartbeat?

Assuming that the postfix has been configured without DRBD and now we are setting DRBD with heart beat, the following changes have to be made:

In the file /etc/connectxfpostfix/postfix-<QUEUEID>/main.cf file, change the following line

inet_interfaces = 127.0.0.1

inet_interfaces = <Virtual IP>

In the same file, add the virtual IP, to the mynetworks. The IP has to be added to the list of comma seperated IPs already present.
Save the file
Run postmap

postmap /etc/connectxfpostfix/postfix-<QUEUEID>/main.cf
postmap /etc/connectxfpostfix/postfix-<QUEUEID>/master.cf

Restart postfic

/etc/init.d/postfix-<QUEUEID> restart

How do I rename a postfix queue?

1. stop the postfix queue

/etc/init.d/postfix-<QUEUE> stop

2. Rename folders

mv /etc/connectxfpostfix/postfix-<QUEUE> /etc/connectxfpostfix/postfix-<QUEUENEW>
mv /var/spool/postfix-<QUEUE> /var/spool/postfix-<QUEUENEW>
mv /etc/init.d/postfix-<QUEUE> /etc/init.d/postfix-<QUEUENEW>

3. update conf file

vi /etc/connectxfpostfix/postfix-<QUEUENEW>/main.cf
find <QUEUE> and replace with <QUEUENEW>
confirm the following
   queue_directory = /var/spool/postfix-<QUEUENEW>
   alternate_config_directories = /etc/connectxfpostfix/postfix-<QUEUENEW>
   mail_name = Postfix-<QUEUENEW>
   transport_maps = hash:/etc/connectxfpostfix/postfix-<QUEUENEW>/transport
   syslog_name = postfix-<QUEUENEW>

4. update startup script

vi /etc/init.d/postfix-<QUEUENEW>
find <QUEUE> and rename to <QUEUENAME>

5. start postfix

/etc/init.d/postfix-<QUEUENEW> start

6. Check telnet to the port of QUEUENEW

telnet localhost <QUEUENEW PORT>

7. check maillog

tail -f /var/log/maillog | grep <QUEUENEW>

Operations

How do i check messages in the postfix queue?

postqueue -p

How do i get the number of active mails in the postfix queue?

postqueue -p | grep "^[0-9A-Z]" | grep -v '!'  | wc -l

For checking mail in different postfix queues the command will look like the following

postqueue -p -c /etc/connectxfpostfix/postfix-<queuename> | grep "^[0-9A-Z]" | grep -v '!'  | wc -l

In which log file, are the postfix transactions logged?

/var/log/maillog

How do i alarm the postfix queue?

postsuper -r ALL

How do I flush the postfix queue?

postqueue -f

In case you have more than one postfix queues (as in case of multiple shunting queues, then to flush a particular queue, use the following command

postqueue -f -c /etc/connectxfpostfix/postfix-<queuename>

How do I stop and start postfix?

/etc/init.d/postfix stop
/etc/init.d/postfix start

How do I set routing for postfix?

The routing is set in the file /etc/connectxfpostfix/postfix-<queueid>/transport

To set default routes

vi /etc/connectxfpostfix/postfix-<queueid>/transport

At the end add the lines with the *, as follows

 *  smtp:<IP of the outgoingserver>:<Port>

Save the file.
Run the command

 postmap /etc/connectxfpostfix/postfix-<queueid>/transport

To set specific routes

vi /etc/connectxfpostfix/postfix-<queueid>/transport

Before the default route (if any), add the lines as follows

 <domain name> smtp:[<ip to which mails are to be routed]:25

Such lines can be added to route the mails for the respective domains
Save the file.
Run the command

 postmap /etc/connectxfpostfix/postfix-<queueid>/transport

How do i hold messages sent to a destination?

In the /etc/connectxfpostfix/postfix-<queueid>/transport add

destination_domain    defer:[ip address]:[port]

Ensure that there no other entry of the the domain in the file
Save the file and Rebuild transport map

postmap /etc/connectxfpostfix/postfix-<queueid>/transport

restart postfix

service postfix restart

Releasing the queue
In the /etc/connectxfpostfix/postfix-<queueid>/transport change defer to smtp for the destination domain

destination_domain    smtp:[ip address]:[port]

Save the file and Rebuild transport map

postmap /etc/connectxfpostfix/postfix-<queueid>/transport

restart postfix

service postfix-<queueid> restart

flush queue

postqueue -f

How do i hold/release messages sent from a email id?

To hold mail from or to an email id, use the following command

/mithi/mcs/bin/pfqueuehold-shunting.pl <emailid> <queueid>
where <emailid> is the email id and
<queueid> is the postfix queue

To release mail, use the following command

/mithi/mcs/bin/pfqueuerelese-shunting.pl <emailid> <queueid>
where <emailid> is the email id and
<queueid> is the postfix queue

How do i delete messages sent from a email id?

Call the following command

/mithi/mcs/bin/pfqueuedelete-shunting.pl <emailid> <queueid>
where <emailid> is the email id and
<queueid> is the postfix queue

Troubleshooting

Postfix service is not starting and throws an error “Segmentation fault”

Symptom

The Postfix service is not starting
Shows an error “Segmentation fault”

Cause The host names entries in /etc/hosts for IPs and Host names don’t match. This could be because the host file may have been copied from another server or the server is rebuilt by making a clone and these entries are not changed.

Remedy Correct the entries in /etc/hosts pertaining to this IP and the hostname

Postfix service is not starting

Symptom

The Postfix service is not working
The maillog shows the lines similar to ones given below

Sep  1 20:19:33 mail postfix/postfix-script: starting the Postfix mail system
Sep  1 20:19:33 mail postfix/master[974]: fatal: bind 172.16.1.6 port 25: Address already in use
Sep  1 20:22:21 mail postfix/postfix-script: fatal: the Postfix mail system is not running
Sep  1 20:23:15 mail postfix/postfix-script: fatal: the Postfix mail system is not running

Cause

Qmail is running on the same IP as the Postfix. This is the default behavior of qmail which binds itself to all IPs assigned to the server.

Remedy

Stop qmail
Stop postfix
Bind Qmail to the required IP
Confirm that Postfix is bound to correct IP
Start postfix
Start qmail

Postfix start shows “OK” but Postix status shows “Stopped”

Check the /var/log/maillog for the following errors and apply the remidies the error message

check if Qmail is already runing and is also bound to the Postfix inet_address If yes, bind qmail to a seperate IP and port, And postfix to another IP and Port

How do i check the version of postfix installed on my server

Run the following command to get the version of postfix installed on the server.

postconf -d | grep mail_version

How to add relay client in postfix

1. Edit the main.cf

vi /etc/connectxfpostfix/postfix-<queueid>/main.cf

2. search for a line similar to

mynetworks = 192.168.31.2,192.168.1.100, ...

(Where all the ips mentioned are allowed to relay through postfix)

3. Press “i” to insert

4. Go to the end of line. and insert the IP address with comma separated.

5. Press ESC + :wq then press

6. Restart postfix

/etc/init.d/postfix restart

I changed the cannonical file, but the changes are not taking any effect

The queue has to be reloaded and the postmap command executed as mentioned in the masquarading section.

Mail via postfix and not being delivered and the lailog shows the following error: “Unknown mail transport error”

Symptoms:

When you check the maillog, there are errors generated by the postfix service. For example the following command

cat /var/log/maillog | grep 'postfix'

gives the following error

Unknown mail transport error

Probable cause

Misconfiguration of the transport file.
Corrupt the master.cf file

Resolution

In the file /etc/connectxfpostfix/postfix-<QUEUEID>/transport, there should be no blank lines in the section which specifies the routes.

Check the last line, if is a blank line, remove it.
Mark the end of the file with a comment
Save the file.
Run the following command

postmap /etc/connectxfpostfix/postfix-<QUEUEID>/transport

Note: the string <QUEUEID> has to be replaced by the queue name.

How to debug postfix

This document describes how to debug parts of the Postfix mail system when things do not work according to expectation. The methods vary from making Postfix log a lot of detail, to running some daemon processes under control of a call tracer or debugger.

The text assumes that the Postfix main.cf and master.cf configuration files are stored in directory /etc/connectxfpostfix/postfix-<QUEUEID>. You can use the command “postconf config_directory” to find out the actual location of this directory on your machine.

Listed in order of increasing invasiveness, the debugging techniques are as follows:

Look for obvious signs of trouble
Debugging Postfix from inside
Try turning off chroot operation in master.cf
Verbose logging for specific SMTP connections
Record the SMTP session with a network sniffer
Making Postfix daemon programs more verbose
Manually tracing a Postfix daemon process
Automatically tracing a Postfix daemon process
Running daemon programs with the interactive ddd debugger
Running daemon programs with the interactive gdb debugger
Running daemon programs under a non-interactive debugger
Unreasonable behavior
Reporting problems to postfix-users@postfix.org

Look for obvious signs of trouble

Postfix logs all failed and successful deliveries to a logfile. The file is usually called /var/log/maillog or /var/log/mail; the exact pathname is defined in the /etc/syslog.conf file.

When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly:

% <b>egrep '(warning|error|fatal|panic):' /some/log/file | more</b>

Note: the most important message is near the BEGINNING of the output. Error messages that come later are less useful.

The nature of each problem is indicated as follows:

“panic” indicates a problem in the software itself that only a programmer can fix. Postfix cannot proceed until this is fixed.
“fatal” is the result of missing files, incorrect permissions, incorrect configuration file settings that you can fix. Postfix cannot proceed until this is fixed.
“error” reports an error condition. For safety reasons, a Postfix process will terminate when more than 13 of these happen.
“warning” indicates a non-fatal error. These are problems that you may not be able to fix (such as a broken DNS server elsewhere on the network) but may also indicate local configuration errors that could become a problem later.

Debugging Postfix from inside

With Postfix version 2.1 and later you can ask Postfix to produce mail delivery reports for debugging purposes. These reports not only show sender/recipient addresses after address rewriting and alias expansion or forwarding, they also show information about delivery to mailbox, delivery to non-Postfix command, responses from remote SMTP servers, and so on.

Postfix can produce two types of mail delivery reports for debugging:

What-if: report what would happen, but do not actually deliver mail. This mode of operation is requested with:
```
% <b>/usr/sbin/sendmail -bv address...</b>
Mail Delivery Status Report will be mailed to <your login name>.
```
What happened: deliver mail and report successes and/or failures, including replies from remote SMTP servers. This mode of operation is requested with:
```
% <b>/usr/sbin/sendmail -v address...</b>
Mail Delivery Status Report will be mailed to <your login name>.
```

These reports contain information that is generated by Postfix delivery agents. Since these run as daemon processes that cannot interact with users directly, the result is sent as mail to the sender of the test message. The format of these reports is practically identical to that of ordinary non-delivery notifications.

For a detailed example of a mail delivery status report, see the debugging section at the end of the ADDRESS_REWRITING_README document.

Try turning off chroot operation in master.cf

A common mistake is to turn on chroot operation in the master.cf file without going through all the necessary steps to set up a chroot environment. This causes Postfix daemon processes to fail due to all kinds of missing files.

The example below shows an SMTP server that is configured with chroot turned off:

/etc/connectxfpostfix/postfix-<QUEUEID>/master.cf:
   # =============================================================
   # service type  private unpriv  chroot  wakeup  maxproc command
   #               (yes)   (yes)   (yes)   (never) (100)
   # =============================================================
   smtp      inet  n       -       n       -       -       smtpd

Inspect master.cf for any processes that have chroot operation not turned off. If you find any, save a copy of the master.cf file, and edit the entries in question. After executing the command “postfix reload“, see if the problem has gone away.

If turning off chrooted operation made the problem go away, then congratulations. Leaving Postfix running in this way is adequate for most sites. If you prefer chrooted operation, see the Postfix BASIC_CONFIGURATION_README file for information about how to prepare Postfix for chrooted operation.

Verbose logging for specific SMTP connections

In /etc/connectxfpostfix/postfix-<queueid>/main.cf, list the remote site name or address in the debug_peer_list parameter. For example, in order to make the software log a lot of information to the syslog daemon for connections from or to the loopback interface:

/etc/connectxfpostfix/postfix-<queueid>/main.cf:
   debug_peer_list = 127.0.0.1

You can specify one or more hosts, domains, addresses or net/masks. To make the change effective immediately, execute the command “postfix reload“.

Record the SMTP session with a network sniffer

This example uses tcpdump. In order to record a conversation you need to specify a large enough buffer with the “-s” option or else you will miss some or all of the packet payload.

tcpdump -w /file/name -s 0 host example.com and port 25

Older tcpdump versions don’t support “-s 0“; in that case, use “-s 2000” instead.

Run this for a while, stop with Ctrl-C when done. To view the data use a binary viewer, ethereal, or good old less.

Making Postfix daemon programs more verbose

Append one or more “-v” options to selected daemon definitions in /etc/connectxfpostfix/postfix-<QUEUEID>/master.cf and type “postfix reload“. This will cause a lot of activity to be logged to the syslog daemon. For example, to make the Postfix SMTP server process more verbose:

 /etc/connectxfpostfix/postfix-<QUEUEID>/master.cf:
   smtp      inet  n       -       n       -       -       smtpd -v

To diagnose problems with address rewriting specify a “-v” option for the cleanup and/or trivial-rewrite daemon, and to diagnose problems with mail delivery specify a “-v” option for the qmgr or oqmgr queue manager, or for the lmtp, local, ipe, smtp, or virtual delivery agent.

Manually tracing a Postfix daemon process

Many systems allow you to inspect a running process with a system call tracer. For example:

trace -p process-id (SunOS 4)
strace -p process-id (Linux and many others)
truss -p process-id (Solaris, FreeBSD)
ktrace -p process-id (generic 4.4BSD)

Even more informative are traces of system library calls. Examples:

ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS)
sotruss -p process-id (Solaris)

See your system documentation for details.

Tracing a running process can give valuable information about what a process is attempting to do. This is as much information as you can get without running an interactive debugger program, as described in a later section.

Automatically tracing a Postfix daemon process

Postfix can attach a call tracer whenever a daemon process starts. Call tracers come in several kinds.

System call tracers such as trace, truss, strace, or ktrace. These show the communication between the process and the kernel.
Library call tracers such as sotruss and ltrace. These show calls of library routines, and give a better idea of what is going on within the process.

Append a -D option to the suspect command in /etc/connectxfpostfix/postfix-<queueid>/master.cf, for example:

/etc/connectxfpostfix/postfix-<queueid>/master.cf:
   smtp      inet  n       -       n       -       -       smtpd -D

Edit the debugger_command definition in /etc/connectxfpostfix/postfix-<queueid>/main.cf so that it invokes the call tracer of your choice, for example:

/etc/connectxfpostfix/postfix-<queueid>/main.cf:
   debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin;
        (truss -p $process_id 2&gt&1 | logger -p mail.info) & sleep 5

Type “postfix reload” and watch the logfile.

Running daemon programs with the interactive ddd debugger

If you have X Windows installed on the Postfix machine, then an interactive debugger such as ddd can be convenient.

Edit the debugger_command definition in /etc/connectxfpostfix/postfix-<queueid>/main.cf so that it invokes ddd:

/etc/connectxfpostfix/postfix-<queueid>/main.cf:
   debugger_command=
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        ddd $daemon_directory/$process_name $process_id & sleep 5

Be sure that gdb is in the command search path, and export XAUTHORITY so that X access control works, for example:

% setenv XAUTHORITY ~/.Xauthority (csh syntax)
$ export XAUTHORITY=$HOME/.Xauthority (sh syntax)

Append a -D option to the suspect daemon definition in /etc/connectxfpostfix/postfix-<queueid>/master.cf, for example:

/etc/connectxfpostfix/postfix-<queueid>/master.cf:
   smtp      inet  n       -       n       -       -       smtpd -D

Stop and start the Postfix system. This is necessary so that Postfix runs with the proper XAUTHORITY and DISPLAY settings.

Whenever the suspect daemon process is started, a debugger window pops up and you can watch in detail what happens.

Running daemon programs with the interactive gdb debugger

If you have the screen command installed on the Postfix machine, then you can run an interactive debugger such as gdb as follows.

Edit the debugger_command definition in /etc/connectxfpostfix/postfix-<queueid>/main.cf so that it runs gdb inside a detached screen session:

/etc/connectxfpostfix/postfix-<queueid>/main.cf:
   debugger_command =
       PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root;
       export HOME; screen -e^tt -dmS $process_name gdb
       $daemon_directory/$process_name $process_id & sleep 2

Be sure that gdb is in the command search path.

Append a -D option to the suspect daemon definition in /etc/connectxfpostfix/postfix-<queueid>/master.cf, for example:

/etc/connectxfpostfix/postfix-<queueid>/master.cf:
   smtp      inet  n       -       n       -       -       smtpd -D

Execute the command “postfix reload” and wait until a daemon process is started (you can see this in the maillog file).

Then attach to the screen, and debug away:

# HOME=/root screen -r
gdb) continue
gdb) where

Running daemon programs under a non-interactive debugger

If you do not have X Windows installed on the Postfix machine, or if you are not familiar with interactive debuggers, then you can try to run gdb in non-interactive mode, and have it print a stack trace when the process crashes.

Edit the debugger_command definition in /etc/connectxfpostfix/postfix-<queueid>/main.cf so that it invokes the gdb debugger:

/etc/connectxfpostfix/postfix-<queueid>/main.cf:
   debugger_command =
       PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
       where; sleep 8640000) | gdb $daemon_directory/$process_name$process_id 2&gt&1
       >$config_directory/$process_name.$process_id.log & sleep 5

Append a -D option to the suspect daemon in /etc/connectxfpostfix/postfix-<queueid>/master.cf, for example:

/etc/connectxfpostfix/postfix-<queueid>/master.cf:
   smtp      inet  n       -       n       -       -       smtpd -D

Type “postfix reload” to make the configuration changes effective.

Whenever a suspect daemon process is started, an output file is created, named after the daemon and process ID (for example, smtpd.12345.log). When the process crashes, a stack trace (with output from the “where” command) is written to its logfile.

Unreasonable behavior

Sometimes the behavior exhibited by Postfix just does not match the source code. Why can a program deviate from the instructions given by its author? There are two possibilities.

The compiler has erred. This rarely happens.
The hardware has erred. Does the machine have ECC memory?

In both cases, the program being executed is not the program that was supposed to be executed, so anything could happen.

There is a third possibility:

Bugs in system software (kernel or libraries).

Hardware-related failures usually do not reproduce in exactly the same way after power cycling and rebooting the system. There’s little Postfix can do about bad hardware. Be sure to use hardware that at the very least can detect memory errors. Otherwise, Postfix will just be waiting to be hit by a bit error. Critical systems deserve real hardware.

When a compiler makes an error, the problem can be reproduced whenever the resulting program is run. Compiler errors are most likely to happen in the code optimizer. If a problem is reproducible across power cycles and system reboots, it can be worthwhile to rebuild Postfix with optimization disabled, and to see if optimization makes a difference.

In order to compile Postfix with optimizations turned off:

% make tidy
% make makefiles OPT=

This produces a set of Makefiles that do not request compiler optimization.

Once the makefiles are set up, build the software:

% make
% su
Password:# 
make install

If the problem goes away, then it is time to ask your vendor for help.

While installing postfix rpm following error is coming.

[root@mcsmail ~]# rpm -ivh postfix-2.1.5-2.3.RHEL4.1.i386.rpm –nodeps warning: postfix-2.1.5-2.3.RHEL4.1.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e Preparing… ########################################### [100%]

1:postfix warning: group postdrop does not exist – using root warning: group postdrop does not exist – using root warning: group postdrop does not exist – using root warning: group postdrop does not exist – using root

Solution:

Create the group postdrop manually. After that run the following,

rpm -ivh postfix-2.1.5-2.3.RHEL4.1.i386.rpm –nodeps

Postfix on CentOS 6.4

MAIL SERVERSETUP USING POSTFIX ON CENTOS 6.4

Part 1 MTA Postfix

Chapter 1 Email Service
Chapter 2 Mail Transfer Agents
Chapter 3 Installation and Startup
Chapter 4 Postfix Configuration

Part 2 IMAP & POP3 Server

Chapter 5 IMAP and POP3 on Dovecot
Chapter 6 MUA Configuration

Part 3 Postfix aliases & access control

Chapter 7 Postfix Aliases
Chapter 8 Postfix Access Control
Chapter 9 Postfix Mailing List using Mailman

Part 4 Postfix Authentication

Chapter 10 Postfix Authentication using SASL
Chapter 11 Postfix Mail Encryption using SSL/TLS

Part 5 Postfix security

Chapter 12 Postfix Antispam
Chapter 13 Postfix Antivirus

Part 6 Postfix Extended Features

Chapter 14 Postfix Backup mail server (Queuing Server)
Chapter 15 Squirrelmail as a webmail
Chapter 16 Postfix Admin with MySQL

Mail Server Testing Environment

1.sever.chul.com: 192.168.80.5

l Postfix Mail server (ms1.chul.com)

l MUA – Evolution

2.client.chul.com: 192.168.80.6

l Linux mail client

l MUA – Thunderbird

l Postfix Backup Mail server (ms2.chul.com)

Windows 7

l Mail client using MS Outlook 2010

Chapter 1 Email Service

E-mail System Components

1.Mail User Agent (MUA):

A client used to compose and read e-mail (Outlook, Evolution, Thunderbird, Mutt)

2.Mail Transfer Agent (MTA):

An SMTP server used to relay or accept e-mail for delivery (Postfix, Sendmail, Exim, Qmail, Exchange server)

3.Mail Delivery Agent (MDA):

A program used by the final MTA to deliver e-mail to the message store

May be included with the MTA or a separate program such as procmail

4.Mail Access Agent (MAA):

An IMAP/POP3 server used by an MUA to access the message store (Dovecot, Cyrus IMAP)

Chapter 2 Mail Transfer Agents

Agent	Description
Sendmail	Sendmail mail transfer agent, popular but insecure, complicated to configurewww.sendmail.com
Postfix	Fast, easy to configure, and secure mail transfer agent compatible with Sendmail and designed to replace itwww.postfix.org
Qmail	Fast, flexible, and secure MTA with its own implementation and competitive with Postfixwww.qmail.org
Exim	MTA based on smail3www.exim.org

Chapter 3 Installation and startup

Package installation

l postfix-2.6.6-2.2.el6_1.i686

Service startup and main directory

# service sendmail stop

# service postfix start

# ls –l /etc/postfix

Service startup checking

# ps –ef | grep postfix

# netstat –nat | grep 25

Runlevel registration

# chkconfig postfix on

# chkconfig –list postfix

Testing on command

# telnet localhost 25

# mail –v –s ‘testing mail’ linux@chul.com < /etc/passwd

Chapter 4 Postfix Configuration

How to use postconf
postconf can display or edit /etc/postifx/main.cf settings
postconf : Display all settings including defaults:
postconf –n : Display changes from default settings:
Modify current main.cf: postconf -e ‘parameter=value‘

# postconf -e mynetworks_style=subnet

Much simpler than editing /etc/mail/sendmail.cf
Postfix Daemons – /etc/postfix/master.cf
master: postfix master process, runs Postfix daemons on demand
smtpd: postfix smtp server, accepts network connection requests and performs zero or more SMTP transactions per connection
pickup: Postfix local mail pickup, waits for hints that new mail has been

dropped into the ‘maildrop’ directory, and feeds it into the ‘cleanup’ daemon.

qmgr: postfix queue manager, awaits the arrival of incoming mail and

arranges for its delivery via Postfix delivery processes.

Postfix: Accepting Inbound E-mail
listen on port 25/tcp on all IP addresses

inet_interfaces = all

include all domains/hosts for which we accept local delivery

myhostname = server.chul.com

mydomain = chul.com

mydestination = $myhostname, $mydomain, jeong.com, localhost

Postfix: Outbound SMTP Relay
To relay e-mail sent by hosts on your internal network to the Internet:

inet_interfaces = all

To include all internal nets or hosts for which it will relay

mynetworks = 127.0.0.0/8 192.168.80.0/24

mynetworks_style = subnet

Postfix: Masquerading
Causes MTA to modify the envelope & headers of an outbound e-mail message
Reduces the number of MX records and hosts/domains to be listed in mydestination

myorigin = chul.com

masquerade_exceptions = root

Postfix Operation
always_bcc = address : Writes all messages
postqueue –p : Displays status of the mail queues
postqueue –f : Attempts to immediately deliver all queued mail
tail -f /var/log/maillog : Watch the mail log update in real time
Testing mail sending and receiving using domains

Chapter 5 IMAP and POP3 on Dovecot

1.Dovecot supports POP3, POP3s, IMAP, and IMAPs

# yum -y install dovecot

# vi /etc/dovecot/dovecot.conf

protocols = imap pop3
listen = *

# vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain login

# vi /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir

# vi /etc/dovecot/conf.d/10-master.conf

unix_listener auth-userdb {
mode = 0600
user = postfix
group = postfix
}

# service dovecot start

# chkconfig dovecot on

Testing dovecot

# telnet localhost 110

# telnet localhost 143

Chapter 6 MUA Configuration

1.Graphical:

l Evolution on Server system of Linux for POP3

# yum install evolution

user is tland@chul.com

l Thunderbird on Client system of Linux for IMAP

# yum install thunderbird

user is admin@chul.com

l Outlook 2010 on Client system of Windows 7 for IMAP

user is jeong@chul.com

2.Text-mode: Mutt and Fetchmail

# mutt -f pop://user@server

# mutt -f pops://user@server

Chapter 7 Postfix Aliases

Postfix Aliases

1) Local Aliases – mail forwarding

2) Virtual Aliases – Incoming and Outgoing Aliases

2.1) Incoming Aliases for Multiple domains (jeong.com, linux.com)

Virtual Alias Domains – Virtual domains using Linux system accounts
Virtual Mailbox Domains – Virtual domains using non-Linux accounts
Virtual Mailbox Domains using Database such as MySQL and LDAP

– Virtual domains and user mapping using Database

2.2) Outgoing Aliases – change sender’s mail address to receiver (Masquerading)

Postfix Local Aliases (/etc/aliases)
/etc/aliases contains alias maps

postmaster: root

admin: tland@chul.com

alist: kim,itc,dara,tland

tland: linux,jeong

Using aliases

# vi /etc/postfix/main.cf

alias_maps = hash:/etc/aliases

# newaliases or service postfix restart

# ls –l /etc/aliases*

3.Incoming Virtual Aliases

3.1 Virtual Alias Domains – multiple domains using system accounts

Check /etc/postfix/master.cf

virtual unix – n n – – virtual

Add two alias domains to /etc/postfix/main.cf

virtual_alias_domains = jeong.com, linux.com

virtual_alias_maps = hash:/etc/postfix/virtual

Create virtual mapping to /etc/postfix/virtual

admin@jeong.com admin

info@jeong.com jeong

admin@linux.com linux

info@linux.com itc

@jeong.com catchall //user unknown

@linux.com catchall //user unknown

File hash

# postmap /etc/postfix/virtual; ls –l /etc/postfix/virtual*

# service postfix restart

3.2 Virtual Mailbox Domains – multiple domains with non-Linux accounts

Check /etc/postfix/master.cf

virtual unix – n n – – virtual

Add two alias domains to /etc/postfix/main.cf

virtual_mailbox_domains = jeong.com, linux.com

virtual_mailbox_base = /var/spool/mailbox

virtual_mailbox_maps = hash:/etc/postfix/vmailbox

virtual_uid_maps = static:1000

virtual_gid_maps = static:1000

Create virtual mapping to /etc/postfix/vmailbox

admin@jeong.com jeong.com/admin

info@jeong.com jeong.com/info

admin@linux.com linux.com/admin

info@linux.com linux.com/info

@jeong.com jeong.com/catchall

@linux.com linux.com/catchall

Create User and Directory and File hashing

# useradd –u 1000 vuser

# mkdir –p /var/spool/vmailbox/jeong.com linux.com

# chown vuser.vuser /var/spool/vmailbox; chmod 700 /var/spool/vmailbox

# postmap /etc/postfix/vmailbox; ls –l /etc/postfix/vmailbox*

# service postfix restart

3.3 Virtual Mailbox Domains using Database like MySQL

Checking Postfix for MySQL Map Support

# postconf –m

Configuring Database

Create db, table and users on MySQL

Configuring Postfix to Use the Database

# vi /etc/postfix/main.cf

virtual_mailbox_domains = mysql:/etc/postfix/sql/virtual_mailbox_domains.cf

virtual_uid_maps = mysql:/etc/postfix/sql/virtual_uid_maps.cf

virtual_gid_maps = mysql:/etc/postfix/sql/virtual_gid_maps.cf

virtual_mailbox_maps = mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf

virtual_alias_maps = mysql:/etc/postfix/sql/virtual_alias_maps.cf

# mkdir /etc/postfix/sql

# service postfix restart

Postfix Outgoing Aliases (/etc/postfix/generic)
Activate outgoing aliases in /etc/postfix/main.cf

smtp_generic_maps = hash:/etc/postfix/generic

Creating table in /etc/postfix/generic

root@server.chul.com admin@chul.com

linux@chul.com linux@jeong.com

Save and close the file. Create or update generic postfix table

# postmap /etc/postfix/generic

Restart postfix

# service postfix restart

Alias Testing
Local aliases
Incoming virtual alias testing – virtual domains and virtual box
Outgoing virtual alias testing using MTA such as gmail, naver and yahoo

Chapter 8 Postfix Access Control

Activate access control in /etc/postfix/main.cf

smtpd_client_restrictions =

check_client_access hash:/etc/postfix/access

Creating access file format in /etc/postfix/access

1.2.3 REJECT

192.168.80.0 OK

admin@spammer.com OK

server.spammer.com REJECT

chul.com OK

Creating Hash file

# postmap /etc/postfix/access

# service postfix restart

Qmail delivery problems

We’re a PA partner and have clustered Qmail with 4 servers + NFS storage. We’ve seen an issue where Qmail throws the following error:

failure: Sorry,_I_could_not_find_a_mail_exchanger_or_IP_address._(#5.4.4)/

This is a permanent error and means Qmail will not retry, the sender will receive an NDR (Non delivery reply / bounce back).

I’ve seen 3 causes so far that cause this error to appear with Qmail. Other MTAs like Postfix and Exim don’t have this issue.

1) CNAMEs as MX records and or there being no A record for the $domain.tld in the absence of an MX record.
2) smtp fixup is enabled on the cisco pix/asa firewall where the MX record resides.
3) The size of the returned DNS packet from the nameservers of the domain causes Qmail issues.

Our experience isn’t limited to these scenarios but they are the most common that we’ve seen.

As we manage quite a number of Cisco ASA firewalls and we have mixed MTAs behind them (qmail, exchange, postfix, exim etc) we always disable Ciscos smtp fixup. I’ve seen too many problems caused by it and it serves no use.

Parallels should take a leaf out of Postfix’s book as it actually detects this and performs a work around on the fly:

Jul 8 09:46:00 bk1-relay relay16/smtp[8773]: 21EDC39803E: enabling PIX workarounds: disable_esmtp delay_dotcrlf for hostname.domain.tld[74.xxx.xxx.xxx]:25

How do you detect if smtp fixup is enabled?

Easy telnet to the MX record on port 25 and if the 220 banner returned looks like:

Escape character is ‘^]’.
220 ***********************

then it is enabled. I’d advise the end user in question to disable this setting on their firewall(s).

We’re using the smtproutes fix for domains that refuse to fix their end and it works fine. This is normally located in:

/var/qmail/control/
or
/usr/local/qmail/shared/control/ (typically in clustered configurations)

If the file “smtproutes” doesn’t exist simply create it and you add the route like this:

$domain.tld:relay.domain.tld where relay.domain.tld is your non qmail relay server.

Configure Postfix on CentOS/RHEL 6/5

Postfix is fast and popular SMTP server widely used. The main job of postfix is to relay mail locally or to intended destination outside the network. Some of the most popular SMTP servers are Sendmail, Postfix and Qmail. By default Sendmail comes pre-installed with CentOS/RHEL 5. We will need to remove it and install Postfix. On CentOS/RHEL 6 ‘postfix’ are installed by default, so there are no need to install it

Step 1: Install Postfix

If Postfix not already installed on your machine, Install it using following command. Also remove sendmail if already installed.

# yum remove sendmail
# yum install postfix

Make postfix as default MTA for your system using following command

# alternatives --set mta /usr/sbin/postfix

If above command not work and you get output as “/usr/sbin/postfix has not been configured as an alternative for mta“. Use below command to do the same else skip it

# alternatives --set mta /usr/sbin/sendmail.postfix

Step 2: Configure Postfix

Let’s start postfix configuration. Edit postfix configuration file /etc/postfix/main.cf in your favorite editor and make following changes. We can also use command line tool ‘postconf’ to do the same without editing configuration file.

# postconf -e "myhostname = mail.tecadmin.net"
# postconf -e "mydomain = tecadmin.net"
# postconf -e "myorigin = $mydomain"
# postconf -e "inet_interfaces = all"
# postconf -e "mydestination = $myhostname, localhost, $mydomain"
# postconf -e "mynetworks = 127.0.0.0/8, /32"
# postconf -e "relay_domains = $mydestination"
# postconf -e "home_mailbox = Maildir/"

After executing above command edit postfix configuration file and make sure all changes done properly.

Step 3: Restart Postfix Service

As we have done basic postfix configuration, So restart postfix service to read changes of configuration. Also configure to auto start on system boot.

# service postfix restart 
# chkconfig postfix on

Step 4: Open Firewall Port

Now if your system is configured to use iptables firewall, So add firewall rules to make postfix accessible from outside, using following commands.

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT 
# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 25 -j ACCEPT

Thanks for using this article.

Backup MX Server with RHEL

This post will explain how to configure a backup MX server for queuing mail for two (or more) domains if the primary mail server of those domains become unreachable.
I’ve tested this configuration for relaying mail to Microsoft Exchange, Postfix, QMail, Sendmail, Lotus Domino, Merak and other less common mail server without any kind of problems.

You could use Red Hat Enterprise Linux (RHEL) or CentOS without change an line of the following configuration, but with small adjustement you can use this how to to any linux distribution.

I’ve used Postfix as mail server, because for me it’s the best, and Amavisd-New, Clamd and SpamAssassin for checking Virus and Spam on relaying mail.

This post assume you have two queuing for two domains “yourdomain.com” and “yourdomain.net”.
This post assume that you have a primary mail server (MX with preference 10) for “yourdomain.com” with IP 111.111.111.111 and a primary mail server (MX with preference 10) for “yourdomain.com” with IP 111.222.222.222 and you want to use a server with IP 222.222.222.222 for queuing mail of both domains.

According to the assumption above you must have your DNS configured as follow :

root@linux:~# dig MX yourdomain.com @your.dns.server

yourdomain.com. 86400 IN MX 10 mail.yourdomain.com.
yourdomain.com. 86400 IN MX 20 mx2.yourdomain.com.

mail.yourdomain.com. 86400 IN A 111.111.111.111
mx2.yourdomain.com. 86400 IN A 222.222.222.222

root@linux:~# dig MX yourdomain.net @your.dns.server

yourdomain.com. 86400 IN MX 10 mail.yourdomain.net.
yourdomain.com. 86400 IN MX 20 mx2.yourdomain.com.

mail.yourdomain.net. 86400 IN A 111.222.222.222
mx2.yourdomain.com. 86400 IN A 222.222.222.222

The backup MX host must accept and queue mails, if the primary mailhost is down for a certain domain. To have a high degree of availability the backup MX host must be located outside the backed up domain. You can setup the backup MX host as a primary or secondary mx for a remote site, but in this example we have primary and backup MX on different networks for both domains.

The scenario will be the following :

The primary mailhost is down … Email is delivered to the backup MX host and queued there …. After the primary mailhost is up and running again, email is delivered from the backup MX host to the primary mailhost and stored in the local mailboxes.

After a standard Linux installation without any customization and a registration with a demo license key (only if you use RHEL), you must install the RPMFORGE packages from apt.sw.be to use some packages needed in the following steps.

For doing so you must use the following command :

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

You could see http://dag.wieers.com for details about the package and the repository. If the installation gave you no problem, you can update your YUM database repository packages by running :

yum update -y

Running the above command will cause the complete update of your system.

After the upgrade, it will be better if you reboot your system, because it’s possible that you’ve updated some packages which need a reboot (i.e. Kernel) to work correctly.
After the reboot, you can proceed to install all the packages needed for our setup, by running the following command :

yum install -y postfix spamassassin clamd clamav-db amavisd-new

By default RHEL (and CentOS) use sendmail as default MTA, I’ve just said that for me postfix it the best, so run alternatives to choose postfix as the default MTA and after this operation you culd definetely remove sendmail.

Configure your default MTA by running :

alternatives –config mta

and choose postfix (usually must type “2”).

Remove sendmail by running :

yum remove -y sendmail

The following is the configuration for postfix on mx2.yourdomain.com

/etc/postfix/main.cf:

myhostname = mx2.yourdomain.com
mydomain = yourdomain.com
myorigin = $mydomain
mynetworks = 127.0.0.0/8 222.222.222.222/255.255.255.255
inet_interfaces = all
relay_domains = yourdomain.com, yourdomain.net
mydestination = $myhostname, localhost.$mydomain
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
relay_recipient_maps =
message_size_limit = 0
mailbox_size_limit = 0
maximal_queue_lifetime = 5d

There’s one important thing I have to add: You must NOT list yourdomain.com and/or yourdomain.net in the following parameters in /etc/postfix/main.cf:

* mydestination
* virtual_alias_domains
* virtual_mailbox_domains

Take care of spam!

If you compare the configuration above with a typical modern anti-spam configuration almost everything is missing. This is what spammers like to see and that is the reason they like to send mail to lower priority MX servers, as they are more often than not not so well configured.
So, if you indeed intend to set up a backup mx, make sure it runs the same config in terms of spam rejection as your primary server. Otherwise you will notice an almost instant rise in spam mails that come through (relayed by your backup MX).

For doing so, you should add :

/etc/postfix/main.cf:

#AMAVIS-D NEW
content_filter=amavisfeed:[127.0.0.1]:10024

/etc/postfix/master.cf

# AMAVISD-NEW
amavisfeed unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o smtp_tls_note_starttls_offer=no

127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=

Then you must configure Amavisd-new according to your antiSPAM policy.

– Enable all services needed.
chkconfig postfix on
chkconfig amavisd on
chkconfig clamd on
chkconfig spamassassin on

– Restart all services in the following order :
service spamd restart
service clamd restart
service amavisd restart
service postfix restart

Reboot your server to check if all services works correctly and try to send some mail to yourdomain.com and yourdomain.net using your brand new server as relay to see if mail tranport works fine.

You’ve done !

Hope this help

manage Postfix mail queue

This post will show a simple perl tool to manage (delete) one or more message in Postfix mail queue.

The main script to use is delete-mailq.pl
Create a file called delete-mailq.pl in /usr/local/bin with the the following content :

</pre>
#!/usr/bin/perl -w
# Postfix mailq cleanup utility
$REGEXP = shift || die "no email-adress given (regexp-style, test.*@example.com)!";
@data = qx</usr/sbin/postqueue -p>;
for (@data) {
if (/^(w+)*?s/) {
$queue_id = $1;
}
if($queue_id) {
if (/$REGEXP/i) {
$Q{$queue_id} = 1;
$queue_id = "";
}
}
}
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;
foreach (keys %Q) {
print POSTSUPER "$_n";
};
close(POSTSUPER);
<pre>

Assign it correct ownership and permission with the following commands :

</pre>
chown root:root /usr/local/bin/delete-mailq.pl
chmod 700 /usr/local/bin/delete-mailq.pl
<pre>

You should run the file directly passing the variables directly on comand line, or you should (and I prefer) create another file in /usr/local/bin called clean-mailq.sh with the following content :

</pre>
#!/bin/sh
if [ -z $1 ]
then
echo "Insert the E-Mail address or a string to find it in mailqueue and delete it"
read STRING
else
STRING=$1
fi
/usr/local/bin/delete_mailq.pl $STRING
<pre>

Assign it correct ownership and permission with the following commands :

</pre>
chown root:root /usr/local/bin/clean-mailq.sh
chmod 700 /usr/local/bin/clean-mailq.sh
<pre>

At this time, you should execute /usr/local/bin called clean-mailq.sh as root and pass the value to find and to delete from mail queue.

Hope this help

Bye
Riccardo

SMTP relay server with RHEL

I prefer to use corporate mail server for mail relay mails from Linux box.

While settingup Nagios for my friend and as he insisted using Gmail to send Nagios alters I found interesting post.

Install dependencies.

yum -y install openssl-perl

If /etc/pki/CA/private/cakey.pem does not exists

/etc/pki/tls/misc/CA.pl -newca

That will create the cakey.pem file in /etc/pki/CA/private

Then edit the file /etc/pki/tls/openssl.cnf and set

dir = /etc/pki/CA

Generate CSR (in /etc/postfix/certs)

openssl genrsa -out itchy.key 1024
openssl req -new -key itchy.key -out itchy.csr
openssl ca -out itchy.pem -infiles itchy.csr

Postfix Configuration

relayhost = [smtp.gmail.com]:587

#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/certs/itchy.key
smtp_tls_cert_file=/etc/postfix/certs/itchy.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

cat /etc/postfix/sasl_passwd

gmail-smtp.l.google.com user@gmail.com:password
smtp.gmail.com user@gmail.com:password

postmap /etc/postfix/sasl_passwd

/etc/init.d/postfix reload

Qmail – Relay Mails to Gmail

Earlier we have covered postfix- relay mails to gmail

This tip is for the qmail server using Jms patch.

Many of us prefer Qmail instead of Postfix, especially when it come to use as mail server, for the one who wish to relay mails postfix is easy to install.

Make sure you have created cert while installing Qmail.
e.g.

cd /usr/src/qmail/qmail-1.03
./config-fast tech.linuxreaders.com
make cert
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
Create new smtp service. I created qmail-smtpd1 which listens on port 26

/service/qmail-smtpd1/run
#!/bin/sh
exec tcpserver -v 127.0.0.1 26 openssl s_client -quiet -connect smtp.gmail.com:25 2>&1
Aadd entry in smtproutes

cat /var/qmail/control/smtproutes
#following is to relay all mails through gmail
:smtp.gmail.com linuxreaders@gmail.com my_passwd
#OR
#following is to relay only technoreaders.com through gmail.
technoreaders.com:smtp.gmail.com linuxreaders@gmail.com my_passwd

Relay host in mail server

How to setup Relay host in mail server

POSTED ON SEPTEMBER 12, 2013 //

Please refer to the following information to assist in configuring various of the common mail servers:

Microsoft Exchange 2003

Important: If you are using Exchange with smtp-proxy.tm.net.my, you must configure your server to reject invalid recipients during the SMTP session, rather than generating NDRs and sending them out later. In the Message Delivery Properties dialog box in Global Settings, find the Recipient Filtering tab. Make sure that “Filter recipients who are not in the Directory” is checked, and Apply the settings.

Go to “Start/All Programs/Microsoft Exchange” and click on “System Manager”.
Expand the “Connectors” item.
By default, Exchange uses SMTP for outbound connections, so you should find an “Internet Mail SMTP Connector” already there. Right click on it and select “Properties”.
On the “General” tab, select “Forward all mail through this connector to the following smart hosts” and enter “smtp-proxy.tm.net.my” in the field below.
On the “Advanced” tab, click on the “Outbound Security” button to get to “Outbound Security” dialog box.
By default, exchange sets up security to use “Anonymous Access”. Change this to “Basic authentication (password is sent in clear text)” then click the “Modify” button, enter your domain username and password, and click “OK”.
Back at the “Outbound Security” dialog box, enable “TLS Encryption” and click “OK”.

Microsoft Exchange 2000

Exchange’s SMTP virtual server does not support authentication. In order to use smtp-proxy, you must add an SMTP connector.
Important: If you are using Exchange with smtp-proxy, you must configure your server to reject invalid recipients during the SMTP session, rather than generating NDRs and sending them out later. In the Message Delivery Properties dialog box in Global Settings, find the Recipient Filtering tab. Make sure that “Filter recipients who are not in the Directory” is checked, and Apply the settings.

Click on Routing Groups -> First routing group -> Connectors.
Add an SMTP connector by right clicking on Connectors.
In the properties, select “Forward all mail through this connector to the following smart hosts” and enter smtp-proxy.tm.net.my in the field below.
Add a local bridgehead. If you have only one server, this is your server.
Select Properties: Deactivate “Send HELO instead of EHLO”.
Activate “Do not send ETRN/TURN”.
On the Delivery Options page, select “Specify when messages are sent through this connector” and specify “Always Run” (or whatever you desire).
Under the Advanced tab, click “Outbound Security…” then “Basic authentication” then click Modify. Enter your domain username and password here.
Under Address Space, click Add then SMTP. Domain should be * and cost 1.
Connector Scope is probably “Entire organization”.
It is not necessary to click “Allow messages to be relayed through this domain” (and this option probably should not be selected).

Postfix

These instructions is for Mac OS X 10.3 that running postfix 2.0.10. It is expected that other versions of postfix running on various flavors of UNIX/Linux should be similarly configured.

These instructions assume the postfix config files live in /etc/postfix.

In /etc/postfix/main.cf add the lines:
relayhost = smtp-proxy.tm.net.my:25
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=

Optionally, also add the lines:
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cert.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache

to enable SSL/TLS when sending outgoing mail. Note that the path info in the second command may be different depending on your system and where you have installed your certificates. The last line may be omitted, but should help reduce CPU cycles verifying the certificate chain when sending outgoing E-Mail.

Create a file /etc/postfix/sasl_passwd with the contents:
smtp-proxy.tm.net.my userid:password

where userid and password are your domain username and password.
Next, change the ownership and permissions on the sasl_passwd file to protect it from unauthorized access.
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd

Finally, create a database file from the contents of the sasl_passwd file:
postmap hash:/etc/postfix/sasl_passwd

OPTIONAL: If you wish to relay only specific domains via smtp-proxy, You will need to do the following:
Remove the relayhost = smtp-proxy.tm.net.my entry in main.cf, if one exists.

Add the following line to your main.cf file: transport_maps = hash:/etc/postfix/transport

Edit /etc/postfix/transport and update it with something similar to the following:
# Syntax: .domain transport:relay_host
# Specifies specific domains for local delivery
my.domain.com :

# Specify all subdomains for local delivery
.my.domain :

# Specify domains that need to be relayed through smtp-proxy.tm.net.my
aol.com relay:smtp-proxy.tm.net.my
hotmail.com relay:smtp-proxy.tm.net.my

Create a database file from the contents of the transport file: postmap hash:/etc/postfix/transport
Lastly, reload postfix: postfix reload

If you want to change the port that Postfix uses to send outgoing mail, we have been told that you may need to change the definition of the SMTP port in /etc/services. We do not have comprehensive instructions for making this change, but some reasonable searching should get you the information you need – when changing /etc/services, though, you should be very careful, as this file controls a large part of the UNIX system’s TCP/IP interactions.

Sendmail

These instructions assume that you already have an appropriate .mc file prepared for your Sendmail configuration, and have the appropriate commands/tools prepared to compile that into a sendmail.cf file and install it in the appropriate location. On some BSD-based systems, this is as simple as typing “make” in /etc/mail and editing $hostname.mc. On other systems, it can be considerably more difficult. Consult the manual for your system or Sendmail for more information.

Add the following lines to your .mc file:
FEATURE(authinfo, `hash -o /etc/mail/authinfo’)
define(`SMART_HOST’, `smtp-proxy.tm.net.my’)

If you need to use an alternate port (other than 25) for smtp-proxy, also add the following line:

define(RELAY_MAILER_ARGS, `TCP $h 2525?)

Create or edit the file /etc/mail/authinfo, and add a line that looks like this:
AuthInfo:smtp-proxy.tm.net.my “U:username” “P:password” “M:LOGIN”

Replacing “username” and “password” with your domain username and password, respectively. Be sure to include the rest of the line exactly as it is shown above, quotes and all. You should make sure that this file is not readable by unpriviledged users, as it contains your login information.

Build the authinfo file into the Sendmail hash database format with the following command:
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
This will create an /etc/mail/authinfo.db file, which Sendmail will use to read the authentication information. You will need to re-run the above command any time you change /etc/mail/authinfo.

Finally, compile your .mc file to a .cf file, install it as sendmail.cf, and re-start Sendmail. Your server should now send all mail via the smtp-proxy.tm.net.my server

Exim

These instructions assume Exim 4.x and have been vetted by our support staff running Exim version 4.20 on FreeBSD 4.8:

In the “MAIN CONFIGURATION SETTINGS” make sure that your primary_hostname and local_domains variables are configured correctly. Otherwise you’ll likely generate nasty loops. Unfortunately we can’t tell you precisely how to configure these as they depend on too many local variables. Consult the Exim documentation for more details on configuring these items.

In the “ROUTERS CONFIGURATION” section, before any other routers, add the following:
send_to_gateway:
driver = manualroute
domains = !+local_domains
transport = remote_smtp
route_list = * smtp-proxy.tm.net.my

In the “TRANSPORTS CONFIGURATION” section, locate the remote_smtp directive and edit it to include:
remote_smtp:
driver = smtp
hosts_require_auth = smtp-proxy.tm.net.my

If you have Exim compiled to use SSL, add the following line as well:
hosts_require_tls = smtp-proxy.tm.net.my

Near the bottom of your configure file, in the “AUTHENTICATION CONFIGURATION”, enter:
login:
driver = plaintext
public_name = LOGIN
client_send = “: username : password”

The username and password should of course be your domain credentials.

Communigate Pro

These instructions is for Communigate Pro version 4.1.7 on Mac OS X 10.3. However, the basic interface for this in Communigate Pro hasn’t changed since 3.0 or earlier. As such, these instructions should work with most versions of Communigate Pro currently in service.

Using the basic Web interface to administer Communigate Pro, access the SMTP section and select the option “Forward to”.
Enter smtp-proxy.tm.net.my in the text field to the right of this option.
In the “Send AUTH” field enter your domain username.
In the “Password” field enter your domain password.
Optionally, in the “Send Encrypted (SSL/TLS)” enter smtp-proxy.tm.net.my in the “To Domains” field to engage SSL based encryption for communications between you and our relay server.

qmail

Relaying to a smart host
Setting qmail to route all outgoing SMTP traffic through that server by doing:

echo “:smtp-proxy.tm.net.my” > /var/qmail/control/smtproutes

qmail Remote host said: 504 5.5.2 Helo command rejected: need fully-qualified hostname

root@localhost control]# pwd
/var/qmail/control
[root@localhost control]# cat helohost
cat helohost
mail.rmohan.com

/var/qmail/control/me

mail.rmohan.com

Recent Posts

Pages

Categories

Archives

Recent Comments

Categories

Overview

When is postfix used?

What is a shunting queue?

Can I have more than one shunting queues?

What is the maximum number of shunting queues that I can install?

Which MTA is used for shunting queues?

What is masquarading?

Installation

Configuration

How do I configure a postfix shunting queue?

How do I ensure that the postfix service auto starts on server reboot?

How do i take the backup of the postfix configuration?

How do i configure relay host in postfix?

How do i configure fallback relay in postfix?

How to change the smtp concurrency

How do I set maximum size of a message in the postfix?

I want to configure Postfix to listen on port 25 of one IP and qmail to listen on port 25 of another IP assigned to the server

How do I delete a postfix queue?

How do I copy the postfix configurations from another server?

How do I configure masquarading?

How to update the database after changing the canonical files

How do I configure the postfix for the Virtual IP assigned to a MCS setup with DRBD and heartbeat?

How do I rename a postfix queue?

Operations

How do i check messages in the postfix queue?

How do i get the number of active mails in the postfix queue?

In which log file, are the postfix transactions logged?

How do i alarm the postfix queue?

How do I flush the postfix queue?

How do I stop and start postfix?

How do I set routing for postfix?

How do i hold messages sent to a destination?

How do i hold/release messages sent from a email id?

How do i delete messages sent from a email id?

Troubleshooting

Postfix service is not starting and throws an error “Segmentation fault”

Postfix service is not starting

Postfix start shows “OK” but Postix status shows “Stopped”

How do i check the version of postfix installed on my server

How to add relay client in postfix

I changed the cannonical file, but the changes are not taking any effect

Mail via postfix and not being delivered and the lailog shows the following error: “Unknown mail transport error”

How to debug postfix

Look for obvious signs of trouble

Debugging Postfix from inside

Try turning off chroot operation in master.cf

Verbose logging for specific SMTP connections

Record the SMTP session with a network sniffer

Making Postfix daemon programs more verbose

Manually tracing a Postfix daemon process

Automatically tracing a Postfix daemon process

Running daemon programs with the interactive ddd debugger

Running daemon programs with the interactive gdb debugger

Running daemon programs under a non-interactive debugger

Unreasonable behavior

While installing postfix rpm following error is coming.

Step 1: Install Postfix

Step 2: Configure Postfix

Step 3: Restart Postfix Service

Step 4: Open Firewall Port

How to setup Relay host in mail server

PRODUCTS