≡ Menu

EMail Servers

Delete all root mail / inbox from a shell prompt

Q. I've CentOS Linux acting as router for our small community based college. I see logwatch and other cron job generating emails for root account. How do I delete those emails? I don't want to disable email facility but just wanted to get rid of all root emails.

A. The easilst way is to empty root / users email message file i.e. /var/spool/mail/root or /var/spool/mail/username. Simply type the following command at shell:
> /var/spool/mail/root

Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database

Q. How do I configure my Postfix mail server to scan incoming mail for spam using DNS Blackhole List such as:
a) The Spamhaus
b) Open Relay Database etc

A. To discard spam or garbage email you can use 3rd party services such as Spamhaus. These are realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus or other project team and supplied as a free service to help email administrators better manage incoming email streams.

Postfix MTA DNS Blackhole Lists Configuration

Under Postfix mail server you need to define DNSRBLs in main.cf file using the smtpd_recipient_restrictions configuration directive. Open main.cf file:
# vi /etc/postfix/main.cf
Locate smtpd_recipient_restrictions line and setup reject_rbl_client as follows:

smtpd_recipient_restrictions =
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,

Here is my complete configuration:

smtpd_recipient_restrictions =
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,

Save and close the file. Restart / reload postfix mail server:
# /etc/init.d/postfix restart

Postfix block PDF or ZIP files attachments

Q. How do I block all PDF or ZIP files attachments under Postfix Mail Server?

A. You can easily block email attachments using mime header check.

Open postfix config file

Login as the root, enter:
# vi /etc/postfix/main.cf

Block zip or pdf files

Use mime_header_checks postfix config directive, enter:
mime_header_checks = regexp:/etc/ostfix/block_attachments
Save and close the file. Open /etc/ostfix/block_attachments file and append code as follows:
/name=[^>]*\.(pdf|zip)/ REJECT
Save and close the file.

Restart Postfix MTA

You must restart or reload postfix:
# /etc/init.d/postfix reload

Howto: Linux Dovecot Secure IMAPS / POP3S SSL Server configuration

Q. How do I configure Dovecot IMAPS and POP3s server using SSL certificate? Can I use SSL certificates generated for Postfix mail server?

A. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.

You need to enable POP3s and IMAPS. Open default configuration file:
# vi /etc/dovecot.conf
Make sure POP3S and IMAPS are enabled:
protocols = imaps pop3s

Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They're opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):
ssl_cert_file = /etc/postfix/ssl/smtp.theos.in.crt
ssl_key_file = /etc/postfix/ssl/smtp.theos.in.key

If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword

Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart

Postfix setup catch-all email accounts using /etc/postfix/virtual

Q. How do I setup cacth-all email accounts under Postfix MTA? For example if an email send to me@domain.com, info@you.com and sales@you.com, should be sent to the same email address.

This is useful if anyone of user mistypes an email address when they send it to me, or just guesses at a valid email address, then they will likely get an error message from my server such as user / email mail box does not exist. So I wish to set up a "catch all" address

A. Mapping is done using /etc/postfix/virtual file.
# vi /etc/postfix/virtual
Append code as follows, replacing domain and emailusername with actual values:
@yourdomain.com emailusername

Save and close the file. Run following command:
# postmap /etc/postfix/virtual

Also make sure you have following line in /etc/postfix/main.cf file:
virtual_alias_maps = hash:/etc/postfix/virtual

If you just added above, line reload postfix:
# service postfix reload

Caution: if you set up a catch-all email address, you will likely receive more unsolicited (spam) email.

Postfix blacklist or reject an email address

Q. I’ve Postfix based CentOS Linux server. I need to blacklist email ID: user@abadboy.com . How do I blacklist email address with postfix? I also have spamassassin software installed.

A. By default, the Postfix SMTP server accepts any sender address. However you can block / blacklist sender email address easily with Postfix. It has SMTP server access table.

Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access

Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart

You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart

spamassassin will marke mail as SPAM instead of rejecting the same.

Q. I’m running Redhat Enterprise Linux 4.5 server along with Postfix and Cyrus mail server. However I’m getting following error in my log files:

Jun 10 18:00:04 server postfix/smtpd[7280]: sql_select option missing
Jun 10 18:00:04 server postfix/smtpd[7280]: auxpropfunc error no mechanism available

How do I fix this error? I’m not using mysql for postfix.

A. The cyrus software comes with various plugin. The cyrus-sasl-sql package contains the Cyrus SASL plugin which supports using a RDBMS for storing shared secrets.

If you are not using MySQL, just remove the plugin using rpm command:

# rpm -ev cyrus-sasl-sql

Note if you are using Debian or Ubuntu remove libsasl2-modules-sql package:
# apt-get remove libsasl2-modules-sql

Also on RHEL 3 / 4, make sure that file /etc/openldap/slapd.conf is owned by the user ldap:
# chown ldap.ldap /etc/openldap/slapd.conf

Other option is to configure the sql module. Now there should not be any sort of error in /var/log/messages or /var/log/maillog file.

Linux / UNIX find out size of email account or mailbox

Q. I would like to show the list of email accounts which used the most disk on my Linux mail server. How do I find out size of email account?

A. Usually mail is stored in /var/mail directory. By running the following command you can get list of email account disk size.

ls -lL will display user filesize.

Use awk command to print user mailbox size along with username

Finally sort command will sort mailbox size.

Type the command:
$ ls -lL /var/mail | awk '{print $5, $9}' | sort -rn
$ ls -lL /var/mail | awk '{print $5, $9}' | head -10

How to Delete Exim Email For A Particular User From Mail Server Queue

Q. I’m using Fedora 7 server with exim pre installed by someone else. How do I delete email for a particular user from exim queue (like user@dom.com)?
[click to continue…]

What is an MX record in DNS entries?

Q. I see MX record in DNS configuration file. Can you explain the usage of MX record?

A. AN MX is short form for Mail exchanger record. The Domain Name System (DNS) stores and associates many types of information with domain names including
=> IP address
=> Host aliases
=> Email server address etc

DNS server is a general-purpose distributed, replicated, data query service chiefly used on Internet for translating hostnames into Internet addresses such as www.yahoo.com into or vise-versa.

a) To specify IP address you need to use A record.

b) To specify Email server IP you need to use an MX record. With MX record Internet e-mail should be routed. MX records point to the servers that should receive an e-mail, and their priority relative to each other. Consider following DNS zone file for gite.in domain:

@  IN SOA gite.in (
                          2007020704     ; Serial
                          3600           ; Refresh
                          300            ; Retry
                          604800         ; Expire
                          3600           ; Minimum
   @                      86400    IN ns    ns1.gite.in.
   @                      86400    IN ns    ns2.gite.in.
   @                      86400    IN a
   www                    86400    IN a
   mx1                    86400    IN a
   mx2                    86400    IN a
   ns1                    86400    IN a
   ns2                    86400    IN a
   mail.gite.in           86400    IN cname mail.cyberciti.biz.
10 @                      604800   IN mx    mx1.gite.in.
20 @                      604800   IN mx    mx2.gite.in.

Last two line define an MX recored for gite.in mail server. So if someone send an email to user@gite.in it will be first routed to mail server called mx1.gite.in. If mx1 failed to accept an email, it will routed to 2nd mail server mx2.gite.in.

The relative priority of an MX server is determined by the preference number present in the DNS MX record. When a remote client (typically another mail server) does an MX lookup for the domain name, it gets a list of servers and their preference numbers. The MX record with the smallest preference number has the highest priority and is the first server to be tried. The remote client will go up the list of servers until it successfully delivers the message or gets permanently rejected due to an unreachable server or if the mail account does not exist on that server. If there is more than one entry with the same preference number, all of those must be tried before moving on to lower-priority entries.

See also