≡ Menu

Postfix

Lighttpd logo

Once chroot() call is applied to chrooted lighttpd or apache web server, you lost the connection with real /usr/sbin/sendmail program.

The php mail() function allows you to send mail. For the Mail functions to be available, PHP must have access to the sendmail binary on your system during compile time. If you use another mail program, such as qmail or postfix, be sure to use the appropriate sendmail wrappers that come with them. PHP will first look for sendmail in your PATH, and then in the following: /usr/bin:/usr/sbin:/usr/etc:/etc:/usr/ucblib:/usr/lib. It's highly recommended to have sendmail available from your PATH. Also, the user that compiled PHP must have permission to access the sendmail binary. Because of chroot you cannot access anything outside jail.

Even if you copy /usr/sbin/sendmail it will not work because it needs all other directories in /var and sendmail config file in /etc/mail directory.

So how do I configure php mail() support in chrooted jail webserver?

  • Don't use php mail() use php SMTP class to send email (recommended method #1)
  • Install complete sendmail in chrooted jail (this is too much work)
  • Install statically linked mini_sendmail and /bin/sh in chrooted jail. (recommended method #2)

Task: Setting up static mini_sendmail for chrooted apache or lighttpd web server

mini_sendmail reads its standard input up to an end-of-file and sends a copy of the message found there to all of the addresses listed. The message is sent by connecting to a local SMTP server. This means mini_sendmail can be used to send email from inside a chroot(2) area. However, it needs to create a pipe so you need to copy shell to chroot as well.

Install mini_sendmail

Type the following commands:
# cd /opt
# wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
# tar -zxvf mini_sendmail-1.3.6.tar.gz
# cd mini_sendmail-1.3.6

Compile mini_sendmail

# make

Copy mini_sendmail to chrooted directory

Assuming that your chrooted directory is /webroot
# mkdir -p /webroot/usr/sbin
# cp mini_sendmail /webroot/usr/sbin/sendmail

Configure php for mini_sendmail (sendmail)

Goto /webroot directory
# vi etc/php.ini
OR
# vi /webroot/etc/php.ini

Setup sendmail path

sendmail_path = /usr/sbin/sendmail -t -i

Restart Apache webserver

# /etc/init.d/httpd restart
# apachectl restart

Or Restart lighttpd web server

# /etc/init.d/lighttpd restart

Copy /bin/sh or /bin/bash

# cp /bin/sh /webroot/bin
# l2chroot /bin/sh

Test your setup

Create php script - mailtest.php as follows:
<?php
mail("you@yourcorp.com", "PHP Test mail", "Hope this works! ");
?>

Point browser to http://yourcrop.com/mailtest.php

More troubleshooting tips

(a) Make sure you have /etc/resolv.conf and /etc/hosts files available in chrooted jail at /webroot/etc directory.

(b) Make sure your mail server accept connection from localhost (default)

(c) Consult /var/log/maillog (or your MTA log file) outside jail for more information
# tail -f /var/logm/maillog

Continue reading the rest of Lighttpd security series articles

Postfix mail server limit the mailbox size

So how do you limit the mailbox size for users configured with the Postfix mail server?

It is good choice to avoid problem (disk DoS) by limiting mailbox size. This will avoid the user or hacker to eat up all hard disk space.

Display the default mailbox size limit

Type the following command:
# postconf mailbox_size_limit
Output:

mailbox_size_limit = 51200000

51200000 bytes is default mailbox size limit.

Display the default maximum size in bytes of a message

Type the following command:
# postconf message_size_limit
Output:

message_size_limit = 10240000

Setup new mailbozsize limit

Open file /etc/postfix/main.cf and
# vi /etc/postfix/main.cf
Add/modify/set values as follows:
mailbox_size_limit = 30000000
message_size_limit = 10240000

Save and restart postfix mail server:
# /etc/init.d/postfix restart

Test mail server for an open relay

I don't want let spammers take control of my mail server, I have configured my mail server but I am not sure how do I test my mail server for open relay? But what is an open mail realy?

An open mail relay occurs when a mail server processes a mail message where neither the sender nor the recipient is a local user. In this example, both the sender and the recipient are outside the local domain (or rather, the local IP range, for the technically inclined). The mail server is an entirely unrelated third party to this transaction. The message really has no business passing through this server.

I can check my server for open relay using any one of the following methods.

The old way (open relay server test)

Telnet to mail.myserver.com at port 25 and issue all the following commands:
helo client.server.com
mail from: rockyjr@vsnl.com
rcpt to: vivek@nixcraft.in
$ telnet mail.myserver.com 25Output:

Trying 202.51.x.xxx...
Connected to mail.myserver.com.
Escape character is '^]'.
220 mail.myserver.com ESMTP Postfix
helo client.server.com
250 mail.myserver.com
mail from: rockyjr@vsnl.com
250 Ok
rcpt to: vivek@nixcraft.in
554 : Relay access denied

As you see access denied to send email i.e. my mail server is NOT open relay.

The new way

Another and the best way is to use this website to test an open relay.

See also:

  • ORDB FAQ

This is an old post created by LinuxTitli but it was deleted accidentally by me :( I had restored the same from Google cache :)

Postfix is an open source mail transfer agent (MTA), for the routing and delivery of email. This post examples how to forward an email to another local or remote email user using Postfix MTA.
[click to continue…]

Sendmail is age-old mail transfer agent (MTA). We still use sendmail on Solaris boxes and all other web hosting (www) server to route mails via our master MTA.

Task: Linux/UNIX deliver old email

The command sendmail -q forces the mail queue to be sent. Use the command mailq to find out what's in the queue:
# sendmail -q
# mailq
Following command will force sendmail to become verbose so that debugging turns into an easy job:

# sendmail -v -q

However, there is a catch. Sendmail would not process your queue if the system load were too high. You can configure these options in sendmail configuration file sendmail.cf and configure QueueLA option. Using this option you can configure load average at which Sendmail simply queues up new messages, this is a good tweaking and troubleshooting parameter.