Q. I’ve recently changed email user account password using passwd command, for one my postfix email server which requires SMTP authentication before sending an email. Now following error is logged into my /var/log/maillog file:
ERROR: Password not accepted from server: 535 5.7.0 Error: authentication failed: authentication failure
How do I solve this problem under Red Hat enterprise Linux running Postfix with SASL authentication?
Q. How do I configure my Postfix mail server to scan incoming mail for spam using DNS Blackhole List such as:
a) The Spamhaus
b) Open Relay Database etc
A. To discard spam or garbage email you can use 3rd party services such as Spamhaus. These are realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus or other project team and supplied as a free service to help email administrators better manage incoming email streams.
Postfix MTA DNS Blackhole Lists Configuration
Under Postfix mail server you need to define DNSRBLs in main.cf file using the smtpd_recipient_restrictions configuration directive. Open main.cf file:
# vi /etc/postfix/main.cf
Locate smtpd_recipient_restrictions line and setup reject_rbl_client as follows:
smtpd_recipient_restrictions = .... ..... reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, .... permit
Here is my complete configuration:
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, permit_mynetworks, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit
Save and close the file. Restart / reload postfix mail server:
# /etc/init.d/postfix restart
Q. How do I block all PDF or ZIP files attachments under Postfix Mail Server?
A. You can easily block email attachments using mime header check.
Open postfix config file
Login as the root, enter:
# vi /etc/postfix/main.cf
Block zip or pdf files
Use mime_header_checks postfix config directive, enter:
mime_header_checks = regexp:/etc/ostfix/block_attachments
Save and close the file. Open /etc/ostfix/block_attachments file and append code as follows:
Save and close the file.
Restart Postfix MTA
You must restart or reload postfix:
# /etc/init.d/postfix reload
Q. How do I configure Dovecot IMAPS and POP3s server using SSL certificate? Can I use SSL certificates generated for Postfix mail server?
A. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats.
You need to enable POP3s and IMAPS. Open default configuration file:
# vi /etc/dovecot.conf
Make sure POP3S and IMAPS are enabled:
protocols = imaps pop3s
Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):
ssl_cert_file = /etc/postfix/ssl/smtp.theos.in.crt
ssl_key_file = /etc/postfix/ssl/smtp.theos.in.key
If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword
Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart
Q. How do I setup cacth-all email accounts under Postfix MTA? For example if an email send to email@example.com, firstname.lastname@example.org and email@example.com, should be sent to the same email address.
This is useful if anyone of user mistypes an email address when they send it to me, or just guesses at a valid email address, then they will likely get an error message from my server such as user / email mail box does not exist. So I wish to set up a “catch all” address
A. Mapping is done using /etc/postfix/virtual file.
# vi /etc/postfix/virtual
Append code as follows, replacing domain and emailusername with actual values:
Save and close the file. Run following command:
# postmap /etc/postfix/virtual
Also make sure you have following line in /etc/postfix/main.cf file:
virtual_alias_maps = hash:/etc/postfix/virtual
If you just added above, line reload postfix:
# service postfix reload
Caution: if you set up a catch-all email address, you will likely receive more unsolicited (spam) email.