Configure Postfix for DNS Blackhole Lists such as / database

in Categories , , , , last updated October 16, 2007

Q. How do I configure my Postfix mail server to scan incoming mail for spam using DNS Blackhole List such as:
a) The Spamhaus
b) Open Relay Database etc

A. To discard spam or garbage email you can use 3rd party services such as Spamhaus. These are realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus or other project team and supplied as a free service to help email administrators better manage incoming email streams.

Postfix MTA DNS Blackhole Lists Configuration

Under Postfix mail server you need to define DNSRBLs in file using the smtpd_recipient_restrictions configuration directive. Open file:
# vi /etc/postfix/
Locate smtpd_recipient_restrictions line and setup reject_rbl_client as follows:

smtpd_recipient_restrictions =

Here is my complete configuration:

smtpd_recipient_restrictions =

Save and close the file. Restart / reload postfix mail server:
# /etc/init.d/postfix restart

Postfix block PDF or ZIP files attachments

in Categories , , , last updated August 10, 2007

Q. How do I block all PDF or ZIP files attachments under Postfix Mail Server?

A. You can easily block email attachments using mime header check.

Open postfix config file

Login as the root, enter:
# vi /etc/postfix/

Block zip or pdf files

Use mime_header_checks postfix config directive, enter:
mime_header_checks = regexp:/etc/ostfix/block_attachments
Save and close the file. Open /etc/ostfix/block_attachments file and append code as follows:
/name=[^>]*\.(pdf|zip)/ REJECT
Save and close the file.

Restart Postfix MTA

You must restart or reload postfix:
# /etc/init.d/postfix reload

Howto: Linux Dovecot Secure IMAPS / POP3S SSL Server configuration

in Categories , , , , , , , , , , , last updated July 16, 2007

Q. How do I configure Dovecot IMAPS and POP3s server using SSL certificate? Can I use SSL certificates generated for Postfix mail server?

A. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.

You need to enable POP3s and IMAPS. Open default configuration file:
# vi /etc/dovecot.conf
Make sure POP3S and IMAPS are enabled:
protocols = imaps pop3s

Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):
ssl_cert_file = /etc/postfix/ssl/
ssl_key_file = /etc/postfix/ssl/

If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword

Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart

Postfix / smtpd : sql_select option missing auxpropfunc error no mechanism available error and solution

in Categories , , , , , last updated November 20, 2007

Q. I’m running Redhat Enterprise Linux 4.5 server along with Postfix and Cyrus mail server. However I’m getting following error in my log files:

Jun 10 18:00:04 server postfix/smtpd[7280]: sql_select option missing
Jun 10 18:00:04 server postfix/smtpd[7280]: auxpropfunc error no mechanism available

How do I fix this error? I’m not using mysql for postfix.

A. The cyrus software comes with various plugin. The cyrus-sasl-sql package contains the Cyrus SASL plugin which supports using a RDBMS for storing shared secrets.

If you are not using MySQL, just remove the plugin using rpm command:

# rpm -ev cyrus-sasl-sql

Note if you are using Debian or Ubuntu remove libsasl2-modules-sql package:
# apt-get remove libsasl2-modules-sql

Also on RHEL 3 / 4, make sure that file /etc/openldap/slapd.conf is owned by the user ldap:
# chown ldap.ldap /etc/openldap/slapd.conf

Other option is to configure the sql module. Now there should not be any sort of error in /var/log/messages or /var/log/maillog file.