Postfix mail server block .bat, .exe .com .vbs mime attachments – common virus spreading files

Posted on in Categories Howto, Linux, Mail server, Postfix, RedHat/Fedora Linux, UNIX last updated December 18, 2007

Postfix provides Mime header check for all incoming messages. You can put restrictions on .exe / .bat / .vbs files and block all attachments.

mime_header_checks directive allows you to define file, you will place a restriction for any file extensions that you do not want to have passing through your mail sever system.

On most mail server the first thing that needs to be done is to enable header checks and block dangerous files.

Define mine header checks

Open main.cf file:
# vi /etc/postfix/main.cf
Append / set mime_header_checks directive as follows:
mime_header_checks = regexp:/etc/postfix/mime_header_checks

Save and close the file.

Block attachments

Now open /etc/postfix/mime_header_checks file:
# vi /etc/postfix/mime_header_checks
Append following line:
/name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT
Save and close the file.

Restart postfix

First create postfix lookup table for mime_header_checks file:
# /etc/init.d/postfix restart

Watch log file

You should see rejected mail log in /var/log/maillog file:
# tail -f /var/log/maillog
Output:

Jun 20 14:28:06 server postfix/smtpd[5442]: connect from web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/smtpd[5442]: 245F913906EE: client=web31601.mail.mud.yahoo.com[68.142.198.147]
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: message-id=<[email protected]>
Jun 20 14:28:07 server postfix/cleanup[5492]: 245F913906EE: reject: header Content-Type: application/x-msdos-program; name="updatebankdetails.bat" from web31601.mail.mud.yahoo.com[68.142.198.147]; from= to= proto=SMTP helo=: Message content rejected

For more information please read postfix and header_checks man page.

How to setup Linux antivirus and antispam mail server

Posted on in Categories Howto, Linux, Mail server, Postfix, RedHat/Fedora Linux, Sys admin last updated February 7, 2007

Librenix has a posted small and sweet article that explains basic steps to configure and install a mail server with antivirus / antispam in minutes.

From the article:
This article illustrates a situation where you need to set up your own mail server (be it your home mail server, or a small office one). It actually shows that, if using an integrated service mail server, anyone can do the job, all in a matter of minutes.
AXIGEN Mail Server, the solution chosen for this example, can send and receive e-mails securely via “mydomain.com” and is able to retrieve them in a WebMail interface – this means that it includes all mail services needed for a fully functional mail server (SMTP, IMAP, POP3, WebMail, WebAdmin).

To get an idea of the amount of time you can spare by installing such a solution, just think of all the different open source applications you would need to install instead (i.e. an MTA, Squirrelmail for Webmail, QmailAdmin for web configuration, Courier for IMAP and POP3 and many others.)

=> Install a Mail Server with Antivirus and Antispam in minutes

Postfix masquerading or changing outgoing SMTP email or mail address

Posted on in Categories Debian Linux, Gentoo Linux, Linux, Mail server, Postfix, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux, UNIX last updated December 28, 2006

Address rewriting allows changing outgoing email ID or domain name itself. This is good for hiding internal user names. For example:
SMTP user: tom-01
EMAIL ID: [email protected]
Server name: server01.hosting.com

However when tom-01 send an email from shell prompt or using php it looks like it was send from [email protected]

In some cases internal hosts have no valid Internet domain name, and instead use a name such as localdomain.local or something else. This can be a problem when you want to send mail over the Internet, because many mail servers reject mail addresses with invalid domain names to avoid spam.

Postfix MTA offers smtp_generic_maps parameter. You can specify lookup tables that replace local mail addresses by valid Internet addresses when mail leaves the machine via SMTP.

Open your main.cf file
# vi /etc/postfix/main.cf

Append following parameter
smtp_generic_maps = hash:/etc/postfix/generic

Save and close the file. Open /etc/postfix/generic file:
# vi /etc/postfix/generic

Make sure [email protected] change to [email protected]
[email protected] [email protected]

Save and close the file. Create or update generic postfix table:
# postmap /etc/postfix/generic

Restart postfix:
# /etc/init.d/postfix restart

When mail is sent to a remote host via SMTP this replaces [email protected] by [email protected] mail address. You can use this trick to replace address with your ISP address if you are connected via local SMTP.

ORDB.org RBL Anti Spam service going offline

Posted on in Categories Mail server, News, Postfix last updated December 19, 2006

Email filtering is an essential task. There are many methods like:
=> Bayesian spam filtering
=> SpamAssassin/DSPAM programs
=> Check open relay using RBL etc

Now ORDB.org is shutting down its operation. ORDB is quite effective and I use this list against all of email servers. Spammers still use 3rd party servers and desktop computers so that they could minimize or avoid detection by re-routing their e-mail through these third party e-mail servers.

According to their home page:
We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin). DNS and the mailing lists will vanish today, December 18, 2006.

Generally, I use following sequence while configuring anti-spam
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net

These services blocks thousands of spam everyday before hitting email server and Spam Assassin. Indeed a bad news for mail server admins!

PHP Send Email Using Authenticated SMTP Mail Server In Real Time

Posted on in Categories Apache, Howto, lighttpd, Mail server, php, Postfix, Security, Troubleshooting last updated April 18, 2008

PHP has mail() function to send an email to users. However this mail() will not work:

=> If sendmail (or compatible binary) is not installed

=> If Apache Web server / Lighttpd running in chrooted jail

=> And your smtp server needs an authentication before sending an email

=> Or you just need to send email using PHP PEAR

In all these cases you need to use PHP PEAR’s Mail:: interface. It defines the interface for implementing mailers under the PEAR hierarchy, and provides supporting functions which are useful in multiple mailer backends. In this tip you will learn about how to send an e-mail directly to client smtp server in real time.

PHP Pear’s Mail.php is located in /usr/share/pear/ directory. Following is sample code to send an email via authenticated smtp server.

PHP send email using PHP SMTP mail Pear functions – Sample source code

Following code is well commented, you need to make necessary changes as per your setup.

<?php
include("Mail.php");
/* mail setup recipients, subject etc */
$recipients = "[email protected]";
$headers["From"] = "[email protected]";
$headers["To"] = "[email protected]";
$headers["Subject"] = "User feedback";
$mailmsg = "Hello, This is a test.";
/* SMTP server name, port, user/passwd */
$smtpinfo["host"] = "smtp.mycorp.com";
$smtpinfo["port"] = "25";
$smtpinfo["auth"] = true;
$smtpinfo["username"] = "smtpusername";
$smtpinfo["password"] = "smtpPassword";
/* Create the mail object using the Mail::factory method */
$mail_object =& Mail::factory("smtp", $smtpinfo);
/* Ok send mail */
$mail_object->send($recipients, $headers, $mailmsg);
?>

Sending smtp email from chrooted Apache or Lighttpd webserver

Read following section, if you are running a secure chrooted Apache or Lighttpd web server. I have already written about setting php mail() function in chrooted jail. If you are using chrooted jail server setup, copy all files from /usr/share/pear directory to /chroot-directory/usr/share/pear directory. For example if lighttpd chrooted jail located in /webroot directory, you need to type following commands to install PHP pear support:
# mkdir -p /webroot/usr/share/pear
# cd /webroot/usr/share/pear
# cp -avr /usr/share/pear .

If PHP SAFE MODE is on, you must set /webroot/usr/share/pear directory permission to webserver username to allow access. Otherwise you will see error as follows:

1-Nov-2006 09:43:19] PHP Warning:  main(): SAFE MODE Restriction in effect.  The script whose uid is 506 is not allowed to access /usr/share/pear/PEAR.php owned by uid 0 in /usr/share/pear/Mail.php on line 636.

So if webserver username is lighttpd or apache use following command to setup correct ownership:
# chown lighttpd:lighttpd /webroot/usr/share/pear -ROR# chown apache:apache /webroot/usr/share/pear -R

You may also find modified wordpress WP-ContactForm plugin useful. It is a drop in form for users to contact you. It can be implemented on a page or a post. Original authored by Ryan Duff, which use php mail() function to send email. I have modified the same to send email via my ISP authenticated gateway using PHP PEAR’s Mail:: interface :D

Monitor and restart Apache or lighttpd webserver when daemon is killed

Posted on in Categories Apache, CentOS, Debian Linux, FreeBSD, GNU/Open source, Howto, lighttpd, Linux, Monitoring, MySQL, Networking, Postfix, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, UNIX last updated January 1, 2009

When you cannot monitor your server for service availability, it is better to take help of automated monitor and restart utility. Last 4 days I was away from my server as I was enjoying my vacation. During this time due to load my lighttpd webserver died but it was restarted automatically within 2 minutes. I had utility configured for monitoring services on a Linux system called monit. It offers all features you ever needed for system monitoring and perform error recovery for UNIX like system.