The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,055 other followers

Archive for the ‘postfix’ Category

Postfix for relaying SMTP, some info about my own configuration

Posted by jpluimers on 2020/03/20

I’ve a bunch of secondary MX servers using postfix (which I like a lot over sendmail). Basically all their configurations are very similar:

  1. To the file /etc/postfix/relay, add a list of domains to relay for, each ending with a space followed by OK as per
    [WayBack] Configure Postfix to relay mail to multiple internal mail servers w/different domains
  2. Run postmap /etc/postfix/relay to update the relay database file.
  3. Ensure that /etc/postfix/main.cf has these settings (note that the FQDN – in the example smtp3.example.org – isn’t always returned by hostname --fqdn, see below):
    1. inet_interfaces = all
    2. myhostname = smtp3.example.org
    3. smtpd_helo_required = yes
    4. smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
  4. rcpostfix restart && rcpostfix status

Check the functionality with journalctl -u postfix.

FQDN – how to get myhostname

This usually gives a good indication of your external FQDN, but depending on your network circumstances it might not at all be the FQDN of your machine:

dig +noall +answer +short -x `curl -s ipv4.whatismyip.akamai.com` | sed 's/\.$//'

I got there through these StackExchange answers:

Testing with sendEmail

Then test with sendEmail from [WayBack] GitHub – mogaal/sendemail: lightweight, command line SMTP email client, with statements like these

  • sendEmail -o fqdn=sending.example.org -f sender@example.org -t recipient@example.com -u message-subjetc -s smtp3.example.org -m message-text
  • sendEmail -o fqdn=sending.example.org -f sender@example.org -t recipient@example.com -u message-subjetc -s smtp3.example.org -m message-text -v -v -v -v

If you get an error containing 450 4.7.1Helo command rejected: Host not found, then reject_unknown_helo_hostname works, but your -o fqdn= parameter contains an invalid hostname.

More sending examples are in the sendEmail documentation.

If you want to know more about fighting SPAM, then continue at [WayBack] Fighting Spam – What can I do as an: Email Administrator, Domain Owner, or User? – Server Fault

–jeroen

Posted in *nix, *nix-tools, postfix, Power User, sendmail | Leave a Comment »

Postfix and blacklists

Posted by jpluimers on 2019/04/19

Still learning postfix configuration, below are some links on how to enable various blacklists that use the RBL DNS (aka [WayBack] DNSBL) way of operations.

They are centered around using the of the [WayBack] Postfix Documentation entry reject_rbl_client listings:

Basically reject_rbl_client is part of smtpd_client_restrictions.

TODO:

I need to dig further into some other blacklist options than reject_rbl_clientreject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction.

Then I need to go through these links:

Some blacklist checking links:

–jeroen

Posted in *nix, *nix-tools, postfix, Power User | Leave a Comment »

mail-filters/Makefile at master · fumiyas/mail-filters

Posted by jpluimers on 2019/04/15

Cool tool if you use Postfix: mail-filters/Makefile at master · fumiyas/mail-filters.

You set it up like this:

cd /etc/postfix
wget https://raw.githubusercontent.com/fumiyas/mail-filters/master/postfix/Makefile

Then each time you change your postfix configuration:

cd /etc/postfix
make

In that directory, it will (re)generate a Makefile.postmapbased on the lines with hash in main.cf, then make each .db file from the source hash file.

After that you have to manually restart postfix, which depends on your Linux flavour.

Similar solutions:

–jeroen

Posted in *nix, *nix-tools, Development, Makefile, postfix, Power User, Scripting, Software Development | Leave a Comment »

Default OpenSuSE Postfix main.cf forgets to configure SASL for cyrus…

Posted by jpluimers on 2019/04/15

If you see the below in your Postfix log when trying to test your config, then the SASL configuration is empty. Oddly that seems the default on OpenSuSE for a while now, despite it providing cyrus SASL out of the box.

Sep 15 14:30:07 katrien postfix/smtpd[12719]: fatal: bad string length 0 < 1: smtpd_sasl_path =
Sep 15 14:30:08 katrien postfix/master[12400]: warning: process /usr/lib/postfix/smtpd pid 12719 exit status 1
Sep 15 14:30:08 katrien postfix/master[12400]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Prior OpenSuSE versions had this in /etc/postfix/main.cf:

# SASL stuff
############################################################
smtp_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps =
smtpd_sasl_auth_enable = no
#smtpd_sasl_path = private/auth
#smtpd_sasl_type = dovecot

Newer OpenSuSE versions have this:

# SASL stuff
############################################################
smtp_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps =
smtpd_sasl_auth_enable = no
# cyrus : smtpd_sasl_type = cyrus, smtpd_sasl_path = smtpd
# dovecot : smtpd_sasl_type = dovecot, smtpd_sasl_path = private/auth
smtpd_sasl_path =
smtpd_sasl_type = 

Despite the newer having these installed:

# rpm -qa | grep cyrus
cyrus-sasl-crammd5-2.1.26-14.2.aarch64
cyrus-sasl-2.1.26-14.2.aarch64
cyrus-sasl-plain-2.1.26-14.2.aarch64
cyrus-sasl-digestmd5-2.1.26-14.2.aarch64
cyrus-sasl-gssapi-2.1.26-14.2.aarch64

Solution:

smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus

Since the values for both lines are default, you could even comment them out; see the documentation:

–jeroen

Via: [WayBackpostfix IRC logs [July 26 – 2007]

Posted in *nix, *nix-tools, Linux, openSuSE, postfix, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

Some Postfix configuration guidelines

Posted by jpluimers on 2019/02/08

Not just for Postfix are the first two guidelines:

  • Change one thing at a time
  • Save known working configurations

For the latter, I’m using etckeeper pushing to an external git repository hoster.

For Postfix are the others from [WayBackPostfix Configuration Guidelines.

One tip that’s missing, but saved my life numerous of times:

In /etc/postfix/main.cfg do not use this line ever:

inet_interfaces = $myhostname

If the resolving (through DNS or hosts file) of $myhostname fails for any reason in the future, then Postfix will not start at all, but in stead emit a fatal error like this:

/usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for 127.0.0.2

Specify exact interfaces in stead, like any of these:

inet_interfaces = all

inet_interfaces = localhost

inet_interfaces = 192.168.24.68

–jeroen

Posted in *nix, *nix-tools, postfix, Power User | Leave a Comment »

 
%d bloggers like this: