≡ Menu


In this tutorial you will learn about Installing SSL Certificate (Secure Server Certificate) to secure communication between Postfix SMTP server and mail client such as Outlook or Thunderbird.
[click to continue…]

Malware is used for a harmful purpose. It can be in your software or hardware. Email and free (don't confuse with OSS) or pirated software is the most famous way to spread malware. It is inserted in a system w/o user notification.

Wikipedia defines Malware as:

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

It will be a nice idea to block malware spreading urls and website. Setting up a mlaware blacklist in Postix MTA is quite easy. The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware. The list is available in 25 formats.

Create a blacklist

First you need to create a blacklist, type the following command:
# wget -O - http://www.malware.com.br/cgi/submit?action=list_postfix > /etc/postfix/mbl-body-deny

Configure Postfix

Open postfix main.cf file:
# vi /etc/postfix/main.cf
Setup postfix body_check directive:
body_checks = regexp:/etc/postfix/mbl-body-deny

Restart Postfix

Now just restart postfix:
# postmap /etc/postfix/mbl-body-deny
# /etc/init.d/postfix restart

Automate procedure

You need to setup a cron job to automate entire procedure. Create a shell script as follows (Download link):

# Script to update malware urls
/usr/bin/wget -O - http://www.malware.com.br/cgi/submit?action=list_postfix > /etc/postfix/mbl-body-deny
/usr/sbin/postmap /etc/postfix/mbl-body-deny
/etc/init.d/postfix reload

Add cronjob as follows:
40 23 * * * /etc/admin/scripts/fetch.postfixmalware.sh >/dev/null 2>&1

You may wan to combine this feature with mime attachments blocking and anti spam blacklist for the best result.

Further readings

Postfix configure anti spam with blacklist

Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add
following directives to /etc/postfix/main.cf file:

=> disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

=> smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

=> smtpd_helo_requi
red = yes
: Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don't have FQDN names.
reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don't have valid internet hostname.

You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
=> smtpd_recipient_restrictions =
reject_invalid_hostname, - Reject email if it not valid hostname
reject_non_fqdn_hostname, - Reject email if it not valid FQDN
reject_non_fqdn_sender, - Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
reject_non_fqdn_recipient, - Reject the request when the RCPT TO address is not in fully-qualified domain form
reject_unknown_sender_domain, - Reject email, if sender domain does not exists
reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
reject_rbl_client list.dsbl.org, Configure spam black lists
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,

Open /etc/postfix/main.cf file :
# vi /etc/postfix/main.cf
Set/modify configuration as follows

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
smtpd_recipient_restrictions =
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Also force (highlighted using red color) Postfix to limit incoming or receiving email rate to avoid spam.

Save and close the file. Restart postfix:
# /etc/init.d/postfix restart

Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
# tail -f /var/log/maillog

Jan  9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[]: 554 Service unavailable; Client host [] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
Jan  9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[]
Jan  9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[]
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp: at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp: at Jan  9 06:07:17
Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan  9 06:07:17
Jan  9 06:16:58 server postfix/smtpd[10358]: warning: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
Jan  9 06:16:58 server postfix/smtpd[10358]: connect from unknown[]
Jan  9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
Jan  9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[]

Next time I will write about simple procmail and spamassassin combination to filter out spam :)

Postfix is an open source mail transfer agent (MTA), for the routing and delivery of email. This post examples how to forward an email to another local or remote email user using Postfix MTA.
[click to continue…]

Q. My sendmail service is running under Linux and whenever I try to telnet it from other LAN IP, it gives connection refuse error. If I connect it from localhost it accept connection. I can only send mail from my server only. How do I force sendmail to accept mail from other hosts/LAN ips?

A. For security reason sendmail is by default configured to accept connection from local system ( This should avoid open mail relay problem.

To allow connections from ALL hosts/LAN IPs open sendmail.mc file (login as the root):

# vi /etc/mail/sendmail.mc

Look for line that read as follows:

DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl

Comment or remove above line and insert new line that read as follows:


Above line will force to accept connection from any host. Save the file. Regenerate sendmail configuration file using m4:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart sendmail service :

# /etc/init.d/sendmail restart

Caution: You should configure firewall and other Sendmail Anti-Spam configuration control to avoid problems.

See also:

If you need to send an email with a text file (or binary file) as attachment using shell script or command prompt in Unix or Linux; try mutt - a terminal-based e-mail client for Unix-like systems.
[click to continue…]