Postfix

The Courier mail server is a mail transfer agent (MTA) server that provides ESMTP, IMAP, POP3, webmail, and mailing list services with individual components. But, it is best known for its IMAP / IMAPs and POP3 / POP3s (secure version) server component.

Courier can provides support for both regular UNIX operating system account (stored in /etc/passwd) and virtual mail account managed by third party backends such as OpenLDAP, MySQL and so on.

In this quick tutorial, you will learn about installing Courier IMAP SSL digital certificate.
[continue reading…]

Postfix MTA updated to fix security vulnerabilities such as incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. This update has been rated as having moderate security impact.

All users of postfix should upgrade to these updated packages.

How do I patch Postfix under Debian / Ubuntu Linux?

First, update the internal database, enter:
# apt-get update
Install corrected Postfix package, enter:
# apt-get upgrade

How do I patch Postfix under RHEL / CentOS Linux?

Type the following command under RHEL / CentOS 5.x:
# yum update
Type the following command under RHEL # up2date -u

Since y’day I noticed one of our article related to ORDB.org spam blocker receiving lots of traffic. I received couple of calls from our clients because most emails was getting bounced via Exchange or Postfix mail server.

ORDB is now configured to return each IP as spam source

ORDB was a database of open relay email servers, provided until 2006 as a voluntary service to block spam. Now ORDB.org service has been re-activated and it is returning every IP address queried as being on its blacklist. I guess this was done to punish lazy sys admin / mail administrators 😉

If you or your mail server / gateway / firewall querying relays.ordb.org; please stop it immediately. If you query relays.ordb.org – mail server will rejecting all incoming mails from that server.

Symantec Mail Security for MS-Exchange Server – Spam Filter

Symantec Mail Security for Microsoft Exchange configuration in the list of Anti-spam blacklist servers including relays.ordb.org. Immediately remove the entry.

Remove ORDB.ORG from MS-Exchange Server Spam Filter

In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization. Visit MS-Exchange System Manager > Global Settings > Message Delivery Properties -> Connection Filtering tab > Remove relays.ordb.org

Remove Linux / UNIX – Postfix Mail Server – Spam Filter

Open postfix configuration file and remove the following line:
reject_rbl_client relays.ordb.org,
Restart postfix mail server:
# service postfix restart

Traditionally you use the “sendmail -q” command to flush mail queue under Sendmail MTA. Under Postfix MTA, just enter the following command to flush the mail queue:
# postfix flush
OR
# postfix -f

To see mail queue, enter:
# mailq

To remove all mail from the queue, enter:
# postsuper -d ALL

To remove all mails in the deferred queue, enter:
# postsuper -d ALL deferred

postfix-delete.pl script

Following script deletes all mail from the mailq which matches the regular expression specified as the first argument (Credit: ??? – I found it on old good newsgroup)

#!/usr/bin/perl
 
$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";
 
@data = qx</usr/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}
 
#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;
 
foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);

For example, delete all queued messages from or to the domain called fackspamdomain.com, enter:
./postfix-delete.pl fackspamdomain.com
Delete all queued messages that contain the word “xyz” in the e-mail address:
./postfix-delete.pl xyz

Updated for accuracy.

Most mail servers are tight on resources. The Postfix system is designed to run within a finite memory budget. These limits are imposed on each and every user to avoid resource exhaustion. The idea is pretty simple, keep mail server running under conditions of stress, without making the problem worse.

However some time user sends large attachment and these are rejected by Postfix. The message_size_limit sets the maximal size of a postfix queue file, including envelope information (sender, recipient, etc.). The default is 10240000 bytes. You may see an error message in maillog file:

Sep 21 17:03:53 p5smtp22 postfix/postdrop[528]: warning: uid=2012: Illegal seek
Sep 21 12:03:53 p5smtp22 postfix/sendmail[527]: fatal: reports(2012): queue file write error

Postfix version 2.3 or olders reports “illegal seek” instead of “file too large” error. There are two ways to fix this problem:

  1. First upgrade Postfix to latest stable version such as 2.5
  2. Set message_size_limit parameter

Set message_size_limit

Open /etc/postfix/main.cf config file:
# vi /etc/postfix/main.cf
Set message_size_limit to 20971520 bytes (20 megabytes):
message_size_limit = 20971520
Restart postfix mail server:
# /etc/init.d/postfix restart

Postfix provides Mime header check for all incoming messages. You can put restrictions on .exe / .bat / .vbs files and block all attachments.

mime_header_checks directive allows you to define file, you will place a restriction for any file extensions that you do not want to have passing through your mail sever system.

On most mail server the first thing that needs to be done is to enable header checks and block dangerous files.

Define mine header checks

Open main.cf file:
# vi /etc/postfix/main.cf
Append / set mime_header_checks directive as follows:
mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.

Block attachments

Now open /etc/postfix/mime_header_checks file:
# vi /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file.

Restart postfix

First create postfix lookup table for mime_header_checks file:
# /etc/init.d/postfix restart

Watch log file

You should see rejected mail log in /var/log/maillog file:
# tail -f /var/log/maillog
Output:

Jun 20 14:28:06 server postfix/smtpd[5442]: connect from web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/smtpd[5442]: 245F913906EE: client=web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: message-id=
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: reject: header Content-Type: application/x-msdos-program; name="updatebankdetails.bat" from web31601.mail.mud.yahoo.com[68.142.198.147]; from= to= proto=SMTP helo=: Message content rejected

For more information please read postfix and header_checks man page.

Librenix has a posted small and sweet article that explains basic steps to configure and install a mail server with antivirus / antispam in minutes.

From the article:
This article illustrates a situation where you need to set up your own mail server (be it your home mail server, or a small office one). It actually shows that, if using an integrated service mail server, anyone can do the job, all in a matter of minutes.
AXIGEN Mail Server, the solution chosen for this example, can send and receive e-mails securely via “mydomain.com” and is able to retrieve them in a WebMail interface – this means that it includes all mail services needed for a fully functional mail server (SMTP, IMAP, POP3, WebMail, WebAdmin).

To get an idea of the amount of time you can spare by installing such a solution, just think of all the different open source applications you would need to install instead (i.e. an MTA, Squirrelmail for Webmail, QmailAdmin for web configuration, Courier for IMAP and POP3 and many others.)

=> Install a Mail Server with Antivirus and Antispam in minutes