Skip to content

Instantly share code, notes, and snippets.

@nardev

nardev/Postfix tricks and tips.md

Forked from facelordgists/Postfix tricks and tips.md
Last active August 29, 2015 14:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nardev/620dc4210f243df533b0 to your computer and use it in GitHub Desktop.
Save nardev/620dc4210f243df533b0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Postfix tricks and tips.md

Postfix tricks and tips

http://www.shaunfreeman.co.uk/install-fail2ban-on-centos-6-with-plesk/

http://forum.parallels.com/showthread.php?72464-Shell-script-for-checking-mail-queue

http://www.devcu.com/forums/topic/274-locking-down-postfix-against-spam/

Useful commands

Log Location

/usr/local/psa/var/log/maillog

View the log in realtime

tail -f /usr/local/psa/var/log/maillog

Display number of emails being sent to each domain and how long they have been in the active queue.

See more into about Qshape here

qshape active

Display differed queue

qshape deferred

Display hold queue

qshape deferred

Display Custom Queue script (see below for how to create)

/root/mailq.pl

Check Postfix Queue

postqueue -p

Perform actions on the Queue

Remove all unsent mailer daemon notifications

mailq|awk ' /^[0-9A-F][0-9A-F]*[^*].*MAILER-DAEMON$/ {print $1}'|sudo xargs -rn1 postsuper -d

#delete based on the from address:

mailq|awk ' /^[0-9A-F][0-9A-F]*.*mail.ru$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d

Read a message in the Postfix Queue

postcat -q MESSAGE_ID

Resend messages in the queue

postqueue -f

Delete all messages in Queue

postsuper -d ALL

Test Email sending from postfix

echo "Test mail from postfix" | mail -s "Test Postfix" milo@roadsidemultimedia.com

Check for serious errors in the log

egrep '(reject|warning|error|fatal|panic):' /usr/local/psa/var/log/maillog | more

Postfix Guides

Create a little script for managing Queue

Create file /root/mailq.pl

Set permissions to allow root execution

Dump this into it:

#!/usr/bin/env perl

use strict; use warnings; use Symbol; sub count { my ($dir) = @_; my $dh = gensym(); my $c = 0; opendir($dh, $dir) or die "$0: opendir: $dir: $!\n"; while (my $f = readdir($dh)) { if ($f =~ m{^[A-F0-9]{5,}$}) { ++$c; } elsif ($f =~ m{^[A-F0-9]$}) { $c += count("$dir/$f"); } } closedir($dh) or die "closedir: $dir: $!\n"; return $c; } my $qdir = postconf -h queue_directory; chomp($qdir); chdir($qdir) or die "$0: chdir: $qdir: $!\n"; printf "Incoming: %d\n", count("incoming"); printf "Active: %d\n", count("active"); printf "Deferred: %d\n", count("deferred"); printf "Bounced: %d\n", count("bounce"); printf "Hold: %d\n", count("hold"); printf "Corrupt: %d\n", count("corrupt");

Execute by typing /root/mailq.pl

Secure postfix by customizing the configuration

http://www.freesoftwaremagazine.com/articles/focus_spam_postfix

Secure postfix using fail2ban

http://www.dp.cx/blog/postfix---fail2ban---win.html#.UYFohCs4XOU

Switch Mail Transfer Agents in Plesk from Qmail to Postfix and back

Determine which MTA is currently in use

/usr/local/psa/admin/sbin/mailmng --features | grep SMTP_Server

Stop SMTP Service and let queue send out what's in it first, as the queue is destroyed when switching

/usr/local/psa/admin/sbin/mailmng --stop-smtpd

To flush the queue (deliver all mail in it), use the following commands:

  • QMail MTA: ```kill -ALRM `pidof qmail-send````

  • Postfix MTA: postqueue -f

Switch MTA

/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component postfix
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component qmail

Add Gmail to certificate

http://stevejenkins.com/blog/2011/06/fixing-postfix-certificate-verification-failed-for-gmail-untrusted-issuer-error-message/

Fix Google SSL support

edit /etc/postfix/main.cf

Find/edit this section:

smtpd_tls_security_level = none
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no

Further steps to secure sever

http://www.howtoforge.com/virtual_postfix_antispam

etc/postfix/mail.cf

Remove announcement details

By default Postfix appends a little announcement to outgoing messages saying that this email is powered by Postfix. It's best to give hackers as little information as possible about your server, so you should remove the banner by finding the line for smtpd_banner in the configuration file and setting it to:

smtpd_banner = $myhostname ESMTP

Set to only accept local emails for delivery

change inet_interfaces = all to ```inet_interfaces = localhost``

Add this stuff to block bad SMTP requests

Checks to remove badly formed email

smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes

unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554

smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit

smtpd_recipient_restrictions = reject_invalid_hostname,

Can cause issues with Auth SMTP, so be weary!

reject_non_fqdn_hostname,

################################## reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net

/etc/postfix/helo.regexp

Create /etc/postfix/helo.regexp and set contents to:

/^subdomain.host.com$/ 550 Don't use my own hostname /^xxx.yyy.zzz.xxx$/ 550 Don't use my own IP address /^[xxx.yyy.zzz.xxx]$/ 550 Don't use my own IP address /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant /^[0-9]+(.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment