Postfix and MS-Exchange Mail Server Affected by ORDB.org Spam Service

Posted on in Categories Linux, Postfix, Sys admin, Tips, Troubleshooting, UNIX, Windows server last updated March 27, 2008

Since y’day I noticed one of our article related to ORDB.org spam blocker receiving lots of traffic. I received couple of calls from our clients because most emails was getting bounced via Exchange or Postfix mail server.

ORDB is now configured to return each IP as spam source

ORDB was a database of open relay email servers, provided until 2006 as a voluntary service to block spam. Now ORDB.org service has been re-activated and it is returning every IP address queried as being on its blacklist. I guess this was done to punish lazy sys admin / mail administrators 😉

If you or your mail server / gateway / firewall querying relays.ordb.org; please stop it immediately. If you query relays.ordb.org – mail server will rejecting all incoming mails from that server.

Symantec Mail Security for MS-Exchange Server – Spam Filter

Symantec Mail Security for Microsoft Exchange configuration in the list of Anti-spam blacklist servers including relays.ordb.org. Immediately remove the entry.

Remove ORDB.ORG from MS-Exchange Server Spam Filter

In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization. Visit MS-Exchange System Manager > Global Settings > Message Delivery Properties -> Connection Filtering tab > Remove relays.ordb.org

Remove Linux / UNIX – Postfix Mail Server – Spam Filter

Open postfix configuration file and remove the following line:
reject_rbl_client relays.ordb.org,
Restart postfix mail server:
# service postfix restart

Postfix Illegal seek / queue file write mail server error and solution

Posted on in Categories Howto, Linux, Postfix, Sys admin, Tips, Troubleshooting, UNIX last updated September 27, 2007

Most mail servers are tight on resources. The Postfix system is designed to run within a finite memory budget. These limits are imposed on each and every user to avoid resource exhaustion. The idea is pretty simple, keep mail server running under conditions of stress, without making the problem worse.

However some time user sends large attachment and these are rejected by Postfix. The message_size_limit sets the maximal size of a postfix queue file, including envelope information (sender, recipient, etc.). The default is 10240000 bytes. You may see an error message in maillog file:

Sep 21 17:03:53 p5smtp22 postfix/postdrop[528]: warning: uid=2012: Illegal seek
Sep 21 12:03:53 p5smtp22 postfix/sendmail[527]: fatal: reports(2012): queue file write error

Postfix version 2.3 or olders reports “illegal seek” instead of “file too large” error. There are two ways to fix this problem:

  1. First upgrade Postfix to latest stable version such as 2.5
  2. Set message_size_limit parameter

Set message_size_limit

Open /etc/postfix/main.cf config file:
# vi /etc/postfix/main.cf
Set message_size_limit to 20971520 bytes (20 megabytes):
message_size_limit = 20971520
Restart postfix mail server:
# /etc/init.d/postfix restart

Postfix mail server block Malware with blacklist

Posted on in Categories Howto, Linux, Mail server, Networking, Postfix, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, Tips, Ubuntu Linux, UNIX last updated June 25, 2007

Malware is used for a malicious purpose. It can be in your software or hardware. Email and pirated software is the most powerful way to spread malware. Malware inserted in a system without user notification.
Continue reading “Postfix mail server block Malware with blacklist”

Postfix mail server block .bat, .exe .com .vbs mime attachments – common virus spreading files

Posted on in Categories Howto, Linux, Mail server, Postfix, RedHat/Fedora Linux, UNIX last updated June 20, 2007

Postfix provides Mime header check for all incoming messages. You can put restrictions on .exe / .bat / .vbs files and block all attachments.

mime_header_checks directive allows you to define file, you will place a restriction for any file extensions that you do not want to have passing through your mail sever system.

On most mail server the first thing that needs to be done is to enable header checks and block dangerous files.

Define mine header checks

Open main.cf file:
# vi /etc/postfix/main.cf
Append / set mime_header_checks directive as follows:
mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.

Block attachments

Now open /etc/postfix/mime_header_checks file:
# vi /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file.

Restart postfix

First create postfix lookup table for mime_header_checks file:
# /etc/init.d/postfix restart

Watch log file

You should see rejected mail log in /var/log/maillog file:
# tail -f /var/log/maillog
Output:

Jun 20 14:28:06 server postfix/smtpd[5442]: connect from web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/smtpd[5442]: 245F913906EE: client=web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: message-id=<[email protected]>
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: reject: header Content-Type: application/x-msdos-program; name="updatebankdetails.bat" from web31601.mail.mud.yahoo.com[68.142.198.147]; from= to= proto=SMTP helo=: Message content rejected

For more information please read postfix and header_checks man page.

How to setup Linux antivirus and antispam mail server

Posted on in Categories Howto, Linux, Mail server, Postfix, RedHat/Fedora Linux, Sys admin last updated February 7, 2007

Librenix has a posted small and sweet article that explains basic steps to configure and install a mail server with antivirus / antispam in minutes.

From the article:
This article illustrates a situation where you need to set up your own mail server (be it your home mail server, or a small office one). It actually shows that, if using an integrated service mail server, anyone can do the job, all in a matter of minutes.
AXIGEN Mail Server, the solution chosen for this example, can send and receive e-mails securely via “mydomain.com” and is able to retrieve them in a WebMail interface – this means that it includes all mail services needed for a fully functional mail server (SMTP, IMAP, POP3, WebMail, WebAdmin).

To get an idea of the amount of time you can spare by installing such a solution, just think of all the different open source applications you would need to install instead (i.e. an MTA, Squirrelmail for Webmail, QmailAdmin for web configuration, Courier for IMAP and POP3 and many others.)

=> Install a Mail Server with Antivirus and Antispam in minutes