≡ Menu

Postfix

Courier IMAP SSL Server Certificate Installtion and Configuration

The Courier mail server is a mail transfer agent (MTA) server that provides ESMTP, IMAP, POP3, webmail, and mailing list services with individual components. But, it is best known for its IMAP / IMAPs and POP3 / POP3s (secure version) server component.

Courier can provides support for both regular UNIX operating system account (stored in /etc/passwd) and virtual mail account managed by third party backends such as OpenLDAP, MySQL and so on.

In this quick tutorial, you will learn about installing Courier IMAP SSL digital certificate.
[click to continue…]

Postfix Mail Server Security Update [moderate security impact]

Postfix MTA updated to fix security vulnerabilities such as incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. This update has been rated as having moderate security impact.

All users of postfix should upgrade to these updated packages.

How do I patch Postfix under Debian / Ubuntu Linux?

First, update the internal database, enter:
# apt-get update
Install corrected Postfix package, enter:
# apt-get upgrade

How do I patch Postfix under RHEL / CentOS Linux?

Type the following command under RHEL / CentOS 5.x:
# yum update
Type the following command under RHEL <= 4.x: # up2date -u

Postfix and MS-Exchange Mail Server Affected by ORDB.org Spam Service

Since y’day I noticed one of our article related to ORDB.org spam blocker receiving lots of traffic. I received couple of calls from our clients because most emails was getting bounced via Exchange or Postfix mail server.

ORDB is now configured to return each IP as spam source

ORDB was a database of open relay email servers, provided until 2006 as a voluntary service to block spam. Now ORDB.org service has been re-activated and it is returning every IP address queried as being on its blacklist. I guess this was done to punish lazy sys admin / mail administrators ;)

If you or your mail server / gateway / firewall querying relays.ordb.org; please stop it immediately. If you query relays.ordb.org – mail server will rejecting all incoming mails from that server.

Symantec Mail Security for MS-Exchange Server – Spam Filter

Symantec Mail Security for Microsoft Exchange configuration in the list of Anti-spam blacklist servers including relays.ordb.org. Immediately remove the entry.

Remove ORDB.ORG from MS-Exchange Server Spam Filter

In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization. Visit MS-Exchange System Manager > Global Settings > Message Delivery Properties -> Connection Filtering tab > Remove relays.ordb.org

Remove Linux / UNIX – Postfix Mail Server – Spam Filter

Open postfix configuration file and remove the following line:
reject_rbl_client relays.ordb.org,
Restart postfix mail server:
# service postfix restart

Postfix Flush the Mail Queue

Traditionally you use the “sendmail -q” command to flush mail queue under Sendmail MTA. Under Postfix MTA, just enter the following command to flush the mail queue:
# postfix flush
OR
# postfix -f

To see mail queue, enter:
# mailq

To remove all mail from the queue, enter:
# postsuper -d ALL

To remove all mails in the deferred queue, enter:
# postsuper -d ALL deferred

postfix-delete.pl script

Following script deletes all mail from the mailq which matches the regular expression specified as the first argument (Credit: ??? – I found it on old good newsgroup)

#!/usr/bin/perl
 
$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";
 
@data = qx</usr/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}
 
#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;
 
foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);

For example, delete all queued messages from or to the domain called fackspamdomain.com, enter:
./postfix-delete.pl fackspamdomain.com
Delete all queued messages that contain the word “xyz” in the e-mail address:
./postfix-delete.pl xyz

Updated for accuracy.

Postfix Illegal seek / queue file write mail server error and solution

Most mail servers are tight on resources. The Postfix system is designed to run within a finite memory budget. These limits are imposed on each and every user to avoid resource exhaustion. The idea is pretty simple, keep mail server running under conditions of stress, without making the problem worse.

However some time user sends large attachment and these are rejected by Postfix. The message_size_limit sets the maximal size of a postfix queue file, including envelope information (sender, recipient, etc.). The default is 10240000 bytes. You may see an error message in maillog file:

Sep 21 17:03:53 p5smtp22 postfix/postdrop[528]: warning: uid=2012: Illegal seek
Sep 21 12:03:53 p5smtp22 postfix/sendmail[527]: fatal: reports(2012): queue file write error

Postfix version 2.3 or olders reports “illegal seek” instead of “file too large” error. There are two ways to fix this problem:

  1. First upgrade Postfix to latest stable version such as 2.5
  2. Set message_size_limit parameter

Set message_size_limit

Open /etc/postfix/main.cf config file:
# vi /etc/postfix/main.cf
Set message_size_limit to 20971520 bytes (20 megabytes):
message_size_limit = 20971520
Restart postfix mail server:
# /etc/init.d/postfix restart

Linux Postfix SMTP (Mail Server) SSL Certificate Installations and Configuration

In this tutorial you will learn about Installing SSL Certificate (Secure Server Certificate) to secure communication between Postfix SMTP server and mail client such as Outlook or Thunderbird.
[click to continue…]

Postfix mail server block Malware with blacklist

Malware is used for a malicious purpose. It can be in your software or hardware. Email and pirated software is the most powerful way to spread malware. Malware inserted in a system without user notification.
[click to continue…]