The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,091 other followers

Archive for the ‘sendmail’ Category

Postfix for relaying SMTP, some info about my own configuration

Posted by jpluimers on 2020/03/20

I’ve a bunch of secondary MX servers using postfix (which I like a lot over sendmail). Basically all their configurations are very similar:

  1. To the file /etc/postfix/relay, add a list of domains to relay for, each ending with a space followed by OK as per
    [WayBack] Configure Postfix to relay mail to multiple internal mail servers w/different domains
  2. Run postmap /etc/postfix/relay to update the relay database file.
  3. Ensure that /etc/postfix/main.cf has these settings (note that the FQDN – in the example smtp3.example.org – isn’t always returned by hostname --fqdn, see below):
    1. inet_interfaces = all
    2. myhostname = smtp3.example.org
    3. smtpd_helo_required = yes
    4. smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
  4. rcpostfix restart && rcpostfix status

Check the functionality with journalctl -u postfix.

FQDN – how to get myhostname

This usually gives a good indication of your external FQDN, but depending on your network circumstances it might not at all be the FQDN of your machine:

dig +noall +answer +short -x `curl -s ipv4.whatismyip.akamai.com` | sed 's/\.$//'

I got there through these StackExchange answers:

Testing with sendEmail

Then test with sendEmail from [WayBack] GitHub – mogaal/sendemail: lightweight, command line SMTP email client, with statements like these

The most recent version is now at [Wayback/Archive.is] GitHub – zehm/sendEmail: SendEmail is a lightweight, command line SMTP email client.

  • sendEmail -o fqdn=sending.example.org -f sender@example.org -t recipient@example.com -u message-subjetc -s smtp3.example.org -m message-text
  • sendEmail -o fqdn=sending.example.org -f sender@example.org -t recipient@example.com -u message-subjetc -s smtp3.example.org -m message-text -v -v -v -v

If you get an error containing 450 4.7.1Helo command rejected: Host not found, then reject_unknown_helo_hostname works, but your -o fqdn= parameter contains an invalid hostname.

More sending examples are in the sendEmail documentation.

If you want to know more about fighting SPAM, then continue at [WayBack] Fighting Spam – What can I do as an: Email Administrator, Domain Owner, or User? – Server Fault

–jeroen

Posted in *nix, *nix-tools, postfix, Power User, sendmail | Leave a Comment »

Managing sendmail TLS authenticated users

Posted by jpluimers on 2020/02/03

A few notes for managing the users that should be allowed to send mail via sendmail using TLS authentication.

Most of it is derived/summarised for [WayBack] SMTP AUTH in sendmail 8.10-8.13 and [WayBack] Creating Users for a Postfix-Based Mail Relay – Scott’s Weblog – The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

  1. Verify your sendmail allows TLS:
    # sendmail -d0.1 -bv | grep SASL
    NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF SOCKETMAP
  2. The list of TLS authentication users differs from the ones in /etc/passwd
  3. The tools and files manage if  the output is SASLv2 or older. For SASLv2 they are:
    • /etc/sasldb2 has the users/passwords
    • sasldblistusers2 lists the users
    • saslpasswd2 manages users

For instance, this commands creates a new user for use with sendmail:

# saslpasswd2 -c -u example.org firstname.lastname
Password:
Again (for verification):

sasldblistusers2

firstname.lastname@example.org: userPassword

cat /etc/sasldb2

....................firstname.lastname@example.orguserPassword

For future reading:

I thought I needed this so I could add an alias @pluimers.com to my gmail box, as I read only the accepted answer at [WayBack] Add new alias to Gmail without SMTP (forwarding-only address) – Web Applications Stack Exchange pointing to:

I should have read the second answer at [WayBack] Add new alias to Gmail without SMTP (forwarding-only address) – Web Applications Stack Exchange:

As of writing, however, you can simply use the Gmail SMTP server, as long as you use [WayBackGoogle two-step authentication.

So just for completeness, the full steps:

  1. Gmail settings, Accounts and Import tab.
  2. Add another email address you own
  3. Type name and email address to be added.
  4. For SMTP Server, put smtp.gmail.com
  5. For Username, your full Gmail address including @gmail.com
  6. For password, provide an App Password generated in Google Accounts at https://security.google.com/settings/security/apppasswords
  7. Leave Secured connection using TLS selected as is.
  8. Add Account

–jeroen

Posted in *nix, *nix-tools, Power User, sendmail | Leave a Comment »

Cleaning up bounces from /var/spool/mqueue using qtool

Posted by jpluimers on 2018/11/26

Part of my /var/spool/mqueue consist of administrative bounces to mail domains that fail for a long time.

 

First a few queries to filter the messages I want to move (the -h suppresses filename so you can aggregate with sort and uniq):

grep -h "MDeferred: Connection" /tmp/mqueue-junk/qf* | sort | uniq -c

It gives results like this:

...
     56 MDeferred: Connection refused by static.vnpt.vn.
...
      1 MDeferred: Connection reset by cleanfreshliving.com.
...
     10 MDeferred: Connection timed out with netflix.ssl.com.
...

After blacklisting those domains, I’ve used qtool.pl to cleanup the mail queue.

qtool.pl

As qtool.pl does not have “dry run” or log options, it’s best to test expressions on a copy of your mail queue first. I’ve made copies in /tmp/mqueue for this.

The query expression language on qtool.pl is complicated to get right: the documentation talks about using %msg which in fact is $msg and there is no official documentation on the mapping of qf files in the mqueue directory to expressions used in qtool.pl.

Luckily that mapping is in qtool.pl itself as explained by www.the-art-of-web.com/system/sendmail-qtool/#section_2. A recent source is at github.com/freebsd/freebsd/blob/master/contrib/sendmail/contrib/qtool.pl where I copied the fragment further below from.

Now just see these commands:

./contrib/qtool.pl -C /etc/sendmail.cf -e '$msg{message}[0] =~ /Deferred: Connection refused by/' /tmp/mqueue-junk/ /tmp/mqueue/

and

./contrib/qtool.pl -C /etc/sendmail.cf -e '$msg{num_delivery_attempts} > 100' /tmp/mqueue-junk/ /tmp/mqueue/

Since there are two M lines per qf file, you have to index the {message} part. There is no need for that with the {num_delivery_attempts}.

Because of the =~ operator, the match expressions are of [WayBack] perlre – perldoc.perl.org: Perl regular expressions.

If you run this on the live /var/spool/mqueue directory, then you can get errors like this which means you should retry after a few minutes (or run with sendmail disabled):

Could not obtain fcntl lock on '/var/spool/mqueue//qfv4H9jv7M007291': Resource temporarily unavailable.
1
Could not obtain fcntl lock on '/var/spool/mqueue//qfv5DB2NkJ024360': Resource temporarily unavailable.
1

Note that the searching for Mhost map: lookup \(.*\): deferredfails, so I write this little script that shows which commands are going to be executed and how to execute them:

grep -l "^Mhost map: lookup \(.*\): deferred$" /var/spool/mqueue/qf* | xargs -n1 -I {} echo "./contrib/qtool.pl -C /etc/sendmail.cf /var/spool/mqueue-junk/ {}"
grep -l "^Mhost map: lookup \(.*\): deferred$" /var/spool/mqueue/qf* | xargs -n1 -I {} ./contrib/qtool.pl -C /etc/sendmail.cf /var/spool/mqueue-junk/ {}

It executes the qtool.pl once per grep output line.

Read the rest of this entry »

Posted in *nix, *nix-tools, Power User, sendmail | Leave a Comment »

On my todo list: experiment with having multiple sendmail queue directories under /var/spool/mqueue

Posted by jpluimers on 2018/09/27

Right now my sendmail configuration handling my domains have one queue directory /var/spool/mqueue which means that each round of the queue processing handles all the outgoing mail in succession.

This is getting less OK because of the increased mail volume over time both on mail that gets in and needs to be forwarded and mail that needs to be bounced for various reasons like SPAM.

So below are some links helping me to sort out various things including having multiple queues (as then each round can handle each queue in parallel).

The default sendmail configuration is one mail queue and I hope to find out for what reason that is.

Background info:

Read the rest of this entry »

Posted in *nix, *nix-tools, Development, Power User, Scripting, sendmail, Software Development | Leave a Comment »

Fixing Invalid HELO’s – major.io

Posted by jpluimers on 2017/12/08

for postfix and sendmail: [WayBackFixing Invalid HELO’s – major.io

Posted in *nix, *nix-tools, postfix, Power User, sendmail | Leave a Comment »

 
%d bloggers like this: