Configuring Postfix to block outgoing mail to all but one domain

This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you’re using real-world data to do some testing, do you want to send all those users irrelevant emails?).

This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

Don’t use IPTables

You could, of course, add two IPTables rules to the outgoing chain. The first of which would allow connections on Port 25 to the domain you wish to allow, the second blocking connection to any server on Port 25.

It’ll block the mail from being sent, but will mean that every one of those messages sits in the mail queue for 60 days until it’s disregarded. You could reconfigure the timeout, but given the ease of the steps below, what’s the point?

Use Transport Mapping

Using this method, we can tell Postfix to either reject the mail, or disregard it. The latter is generally the preferred method as we want the sending application to believe the mail has been sent. Continue reading “Configuring Postfix to block outgoing mail to all but one domain” »

Share

Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following: Continue reading “Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6” »

Share

Increasing Attachment Size in Posfix

Postfix by default restrict attachment size to approx 10MB i.e. 10240000 bytes.

You can check it using following command:

postconf | grep message_size_limit

To change attachment-size to say 50 MB, run a command like:

postconf -e message_size_limit=52428800

Note:
If you are running a mail-server with SMTP/IMAP access, you need to change postfix attachment size only. I spent half-hour debugging dovecot to increase attachment size, just to realize that above change in postfix config was all I needed!

Share

Allow large attachment (greater than 10MB) in ISPConfig postfix MTA

Just a small hack, but worked good on my ISPConfig 3 setup. Add the following:

nano /etc/postfix/main.cf

mailbox_size_limit = 104857600

Save and restart postfix service.

According to official postfix documentation:
message_size_limit (default: 10240000) The maximal size in bytes of a message, including envelope information. Note: be careful when making changes. Excessively small values will result in the loss of non-delivery notifications, when a bounce message size exceeds the local or remote MTA’s message size limit. Continue reading “Allow large attachment (greater than 10MB) in ISPConfig postfix MTA” »

Share

Perfect Backup MX using Postfix

This is quite simple, and with a very simple setup, and does not require that much, since we do not need to send out e-mails from clients from this server, or use ASMTP. I find that MySQL is not needed here, but could be used. I will use normal flat files, since the number of domains to run a backup for is most likely a rather small number. 

This setup can be editet to run all times of different checks, antivirus etc.  Normally you would make sure that the setup is exactly the same on both the primary MTA, and the backup. It hardenens the systems, and should reduce spam, and unwanted traffic. Create public DNS entries. Remember to create an MX record with an lower priority than the primary mail server, or else this will not work! 

Example:example.com. 43200 IN MX 10 mail.example.com.
example.com. 43200 IN MX 20 backup.example.com.

After this these two records are created with A records pointing to different IPs (different servers).  Continue reading “Perfect Backup MX using Postfix” »

Share

Failed to open /var/mail/root : No such file or directory

If you’re receiving the following message on webmin- “Failed to open /var/mail/root : No such file or directory”.

Possible resolution is-

rumi@mordor:~$
rumi@mordor:~$ sudo touch /var/mail/rumi
rumi@mordor:~$ sudo chown thufir:mail /var/mail/rumi
rumi@mordor:~$ sudo chmod o-r /var/mail/rumi
rumi@mordor:~$ sudo chmod g+rw /var/mail/rumi
rumi@mordor:~$
rumi@mordor:~$ mail
No mail for thufir
thufir@mordor:~$

Share

Postfix using Gmail as a Mail Relay with Debian 7

Prerequisites

Before starting this tutorial, you should have:

  • Debian 7 installed
  • Your fully qualified domain name (FQDN)
  • All updates installed :
apt-get update

A valid username and password for the SMTP mail provider, such as Mandrill, or SendGrid
Make sure the libsasl2-modules package is installed and up to date:

apt-get install libsasl2-modules

Continue reading “Postfix using Gmail as a Mail Relay with Debian 7” »

Share

OpenDKIM Postfix SMTP Relay Server on Debian -7

Install OpenDKIM

Before starting the installation, a system update is recommended:

sudo apt-get update
sudo apt-get dist-upgrade

Install OpenDKIM and it’s dependencies:

sudo apt-get install opendkim opendkim-tools

Additional packages will be listed as dependencies, type yes and press Enter to continue.

Configure OpenDKIM

A couple of files must be created and edited in order to configure OpenDKIM.

Nano will be used as an editor because it’s installed by default on DigitalOcean droplets and it’s simple to operate:

navigate with the arrow keys
exit without saving changes: press CTRL + X and then N
exit and save changes: press CTRL + X and then Y, and finally press Enter
Important: replace every instance of example.com with your own domain in all commands and configuration files. Don’t forget to save your files after editing.

Let’s start with the main configuration file: Continue reading “OpenDKIM Postfix SMTP Relay Server on Debian -7” »

Share

DKIM installation on Debian

 

This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails.

This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar.

First, install dkim-filters

Debian based

apt-get install dkim-filter

Redhat Based

Enable EPEL

yum install dkim-milter Continue reading “DKIM installation on Debian” »

Share