Postfix masquerading or changing outgoing SMTP email or mail address

Posted on in Categories Debian Linux, Gentoo Linux, Linux, Mail server, Postfix, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux, UNIX last updated December 28, 2006

Address rewriting allows changing outgoing email ID or domain name itself. This is good for hiding internal user names. For example:
SMTP user: tom-01
EMAIL ID: [email protected]
Server name: server01.hosting.com

However when tom-01 send an email from shell prompt or using php it looks like it was send from [email protected]

In some cases internal hosts have no valid Internet domain name, and instead use a name such as localdomain.local or something else. This can be a problem when you want to send mail over the Internet, because many mail servers reject mail addresses with invalid domain names to avoid spam.

Postfix MTA offers smtp_generic_maps parameter. You can specify lookup tables that replace local mail addresses by valid Internet addresses when mail leaves the machine via SMTP.

Open your main.cf file
# vi /etc/postfix/main.cf

Append following parameter
smtp_generic_maps = hash:/etc/postfix/generic

Save and close the file. Open /etc/postfix/generic file:
# vi /etc/postfix/generic

Make sure [email protected] change to [email protected]
[email protected] [email protected]

Save and close the file. Create or update generic postfix table:
# postmap /etc/postfix/generic

Restart postfix:
# /etc/init.d/postfix restart

When mail is sent to a remote host via SMTP this replaces [email protected] by [email protected] mail address. You can use this trick to replace address with your ISP address if you are connected via local SMTP.

ORDB.org RBL Anti Spam service going offline

Posted on in Categories Mail server, News, Postfix last updated December 18, 2006

Email filtering is an essential task. There are many methods like:
=> Bayesian spam filtering
=> SpamAssassin/DSPAM programs
=> Check open relay using RBL etc

Now ORDB.org is shutting down its operation. ORDB is quite effective and I use this list against all of email servers. Spammers still use 3rd party servers and desktop computers so that they could minimize or avoid detection by re-routing their e-mail through these third party e-mail servers.

According to their home page:
We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering. We recommend a combination involving greylisting and content-based analysis (such as the dspam project, bmf or Spam Assassin). DNS and the mailing lists will vanish today, December 18, 2006.

Generally, I use following sequence while configuring anti-spam
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net

These services blocks thousands of spam everyday before hitting email server and Spam Assassin. Indeed a bad news for mail server admins!

PHP Send Email Using Authenticated SMTP Mail Server In Real Time

Posted on in Categories Apache, Howto, lighttpd, Mail server, php, Postfix, Security, Troubleshooting last updated November 30, 2006

PHP has mail() function to send an email to users. However this mail() will not work:

=> If sendmail (or compatible binary) is not installed

=> If Apache Web server / Lighttpd running in chrooted jail

=> And your smtp server needs an authentication before sending an email

=> Or you just need to send email using PHP PEAR

In all these cases you need to use PHP PEAR’s Mail:: interface. It defines the interface for implementing mailers under the PEAR hierarchy, and provides supporting functions which are useful in multiple mailer backends. In this tip you will learn about how to send an e-mail directly to client smtp server in real time.

PHP Pear’s Mail.php is located in /usr/share/pear/ directory. Following is sample code to send an email via authenticated smtp server.

PHP send email using PHP SMTP mail Pear functions – Sample source code

Following code is well commented, you need to make necessary changes as per your setup.

<?php
include("Mail.php");
/* mail setup recipients, subject etc */
$recipients = "[email protected]";
$headers["From"] = "[email protected]";
$headers["To"] = "[email protected]";
$headers["Subject"] = "User feedback";
$mailmsg = "Hello, This is a test.";
/* SMTP server name, port, user/passwd */
$smtpinfo["host"] = "smtp.mycorp.com";
$smtpinfo["port"] = "25";
$smtpinfo["auth"] = true;
$smtpinfo["username"] = "smtpusername";
$smtpinfo["password"] = "smtpPassword";
/* Create the mail object using the Mail::factory method */
$mail_object =& Mail::factory("smtp", $smtpinfo);
/* Ok send mail */
$mail_object->send($recipients, $headers, $mailmsg);
?>

Sending smtp email from chrooted Apache or Lighttpd webserver

Read following section, if you are running a secure chrooted Apache or Lighttpd web server. I have already written about setting php mail() function in chrooted jail. If you are using chrooted jail server setup, copy all files from /usr/share/pear directory to /chroot-directory/usr/share/pear directory. For example if lighttpd chrooted jail located in /webroot directory, you need to type following commands to install PHP pear support:
# mkdir -p /webroot/usr/share/pear
# cd /webroot/usr/share/pear
# cp -avr /usr/share/pear .

If PHP SAFE MODE is on, you must set /webroot/usr/share/pear directory permission to webserver username to allow access. Otherwise you will see error as follows:

1-Nov-2006 09:43:19] PHP Warning:  main(): SAFE MODE Restriction in effect.  The script whose uid is 506 is not allowed to access /usr/share/pear/PEAR.php owned by uid 0 in /usr/share/pear/Mail.php on line 636.

So if webserver username is lighttpd or apache use following command to setup correct ownership:
# chown lighttpd:lighttpd /webroot/usr/share/pear -ROR# chown apache:apache /webroot/usr/share/pear -R

You may also find modified wordpress WP-ContactForm plugin useful. It is a drop in form for users to contact you. It can be implemented on a page or a post. Original authored by Ryan Duff, which use php mail() function to send email. I have modified the same to send email via my ISP authenticated gateway using PHP PEAR’s Mail:: interface 😀

Monitor and restart Apache or lighttpd webserver when daemon is killed

Posted on in Categories Apache, CentOS, Debian Linux, FreeBSD, GNU/Open source, Howto, lighttpd, Linux, Monitoring, MySQL, Networking, Postfix, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, UNIX last updated November 21, 2006

When you cannot monitor your server for service availability, it is better to take help of automated monitor and restart utility. Last 4 days I was away from my server as I was enjoying my vacation. During this time due to load my lighttpd webserver died but it was restarted automatically within 2 minutes. I had utility configured for monitoring services on a Linux system called monit. It offers all features you ever needed for system monitoring and perform error recovery for UNIX like system.

Setup sendmail php mail() support for chrooted Lighttpd or Apache web server

Posted on in Categories Apache, lighttpd, Postfix, Security, Tips, Troubleshooting last updated November 8, 2006
Lighttpd logo

Once chroot() call is applied to chrooted lighttpd or apache web server, you lost the connection with real /usr/sbin/sendmail program.

The php mail() function allows you to send mail. For the Mail functions to be available, PHP must have access to the sendmail binary on your system during compile time. If you use another mail program, such as qmail or postfix, be sure to use the appropriate sendmail wrappers that come with them. PHP will first look for sendmail in your PATH, and then in the following: /usr/bin:/usr/sbin:/usr/etc:/etc:/usr/ucblib:/usr/lib. It’s highly recommended to have sendmail available from your PATH. Also, the user that compiled PHP must have permission to access the sendmail binary. Because of chroot you cannot access anything outside jail.

Even if you copy /usr/sbin/sendmail it will not work because it needs all other directories in /var and sendmail config file in /etc/mail directory.

So how do I configure php mail() support in chrooted jail webserver?

  • Don’t use php mail() use php SMTP class to send email (recommended method #1)
  • Install complete sendmail in chrooted jail (this is too much work)
  • Install statically linked mini_sendmail and /bin/sh in chrooted jail. (recommended method #2)

Task: Setting up static mini_sendmail for chrooted apache or lighttpd web server

mini_sendmail reads its standard input up to an end-of-file and sends a copy of the message found there to all of the addresses listed. The message is sent by connecting to a local SMTP server. This means mini_sendmail can be used to send email from inside a chroot(2) area. However, it needs to create a pipe so you need to copy shell to chroot as well.

Install mini_sendmail

Type the following commands:
# cd /opt
# wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
# tar -zxvf mini_sendmail-1.3.6.tar.gz
# cd mini_sendmail-1.3.6

Compile mini_sendmail

# make

Copy mini_sendmail to chrooted directory

Assuming that your chrooted directory is /webroot
# mkdir -p /webroot/usr/sbin
# cp mini_sendmail /webroot/usr/sbin/sendmail

Configure php for mini_sendmail (sendmail)

Goto /webroot directory
# vi etc/php.ini
OR
# vi /webroot/etc/php.ini

Setup sendmail path

sendmail_path = /usr/sbin/sendmail -t -i

Restart Apache webserver

# /etc/init.d/httpd restart
# apachectl restart

Or Restart lighttpd web server

# /etc/init.d/lighttpd restart

Copy /bin/sh or /bin/bash

# cp /bin/sh /webroot/bin
# l2chroot /bin/sh

Test your setup

Create php script – mailtest.php as follows:
<?php
mail("[email protected]", "PHP Test mail", "Hope this works! ");
?>

Point browser to http://yourcrop.com/mailtest.php

More troubleshooting tips

(a) Make sure you have /etc/resolv.conf and /etc/hosts files available in chrooted jail at /webroot/etc directory.

(b) Make sure your mail server accept connection from localhost (default)

(c) Consult /var/log/maillog (or your MTA log file) outside jail for more information
# tail -f /var/logm/maillog

Continue reading the rest of Lighttpd security series articles

Postfix mail server limit the mailbox size

Posted on in Categories Linux, Postfix, Tips, Troubleshooting, Tuning, UNIX last updated October 28, 2006

So how do you limit the mailbox size for users configured with the Postfix mail server?

It is good choice to avoid problem (disk DoS) by limiting mailbox size. This will avoid the user or hacker to eat up all hard disk space.

Display the default mailbox size limit

Type the following command:
# postconf mailbox_size_limit
Output:

mailbox_size_limit = 51200000

51200000 bytes is default mailbox size limit.

Display the default maximum size in bytes of a message

Type the following command:
# postconf message_size_limit
Output:

message_size_limit = 10240000

Setup new mailbozsize limit

Open file /etc/postfix/main.cf and
# vi /etc/postfix/main.cf
Add/modify/set values as follows:
mailbox_size_limit = 30000000
message_size_limit = 10240000

Save and restart postfix mail server:
# /etc/init.d/postfix restart

Test mail server for an open relay

Posted on in Categories Linux, Networking, Postfix, Security, UNIX last updated October 27, 2006

I don’t want let spammers take control of my mail server, I have configured my mail server but I am not sure how do I test my mail server for open relay? But what is an open mail realy?

An open mail relay occurs when a mail server processes a mail message where neither the sender nor the recipient is a local user. In this example, both the sender and the recipient are outside the local domain (or rather, the local IP range, for the technically inclined). The mail server is an entirely unrelated third party to this transaction. The message really has no business passing through this server.

I can check my server for open relay using any one of the following methods.

The old way (open relay server test)

Telnet to mail.myserver.com at port 25 and issue all the following commands:
helo client.server.com
mail from: [email protected]
rcpt to: [email protected]
$ telnet mail.myserver.com 25Output:

Trying 202.51.x.xxx...
Connected to mail.myserver.com.
Escape character is '^]'.
220 mail.myserver.com ESMTP Postfix
helo client.server.com
250 mail.myserver.com
mail from: [email protected]
250 Ok
rcpt to: [email protected]
554 : Relay access denied

As you see access denied to send email i.e. my mail server is NOT open relay.

The new way

Another and the best way is to use this website to test an open relay.

See also:

  • ORDB FAQ

This is an old post created by LinuxTitli but it was deleted accidentally by me 🙁 I had restored the same from Google cache 🙂

Force sendmail to deliver a message in sendmail's mail queue

Posted on in Categories Linux, Postfix, UNIX last updated April 3, 2006

Sendmail is age-old mail transfer agent (MTA). We still use sendmail on Solaris boxes and all other web hosting (www) server to route mails via our master MTA.

Task: Linux/UNIX deliver old email

The command sendmail -q forces the mail queue to be sent. Use the command mailq to find out what’s in the queue:
# sendmail -q
# mailq
Following command will force sendmail to become verbose so that debugging turns into an easy job:

# sendmail -v -q

However, there is a catch. Sendmail would not process your queue if the system load were too high. You can configure these options in sendmail configuration file sendmail.cf and configure QueueLA option. Using this option you can configure load average at which Sendmail simply queues up new messages, this is a good tweaking and troubleshooting parameter.