Marcus Hall

User Tools

Site Tools

Trace: postfix
software:linux:postfix

Table of Contents

Postfix

————————————————————————————————————————————————

Simple setup for printer liaison

on Raspberry Pi for Office 365 Direct Send 

inet_interfaces = all
inet_protocols = all
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
masquerade_exceptions = root
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = mailserver1.contorseau.com
mynetworks_style = subnet
#mynetworks = 127.0.0.0/8 10.1.0.0/16
relayhost = contorseau-com.mail.protection.outlook.com:25
DNS entry Value
SPF v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all

From <https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365>

SpamHaus Blocked List - remove IP by going to bottom of “view details”

https://www.spamhaus.org/query/ip/xx.xxx.xxx.xxx

Don’t panic! The inclusion of your IP address on the Policy Blocklist (PBL) is standard for the vast majority of internet users and is not the result of your actions. Here are some key PBL facts for your understanding: 

• Being on this list does not mean you won’t be able to send emails.
• You do not need to request removal from PBL.
• This listing is controlled by your Internet Service Provider (ISP), not Spamhaus.
• Your ISP lists ranges of IP addresses that shouldn’t be sending email directly to the internet.
• Typically, IPs of broadband or dial-up customers will be included in this list.
• This is part of Internet best practices enacted to protect all users.

From <https://check.spamhaus.org/>

Postfix Smtp sasl TLS

I need to use postfix to send email from openSUSE Leap 42.3, I configured it using Yast → Network Services → Mail Server, then in the outgoing mail, I selected use TLS and I did the configuration under Authentication option (so I placed the domain of the outgoing server, the username and the password of the email that I am going to use it).

https://forums.opensuse.org/t/postfix-for-sending-email-on-port-465-using-ssl/140203 

# enable SASL authentication
smtp_sasl_auth_enable = yes

# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous

# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

# Enable STARTTLS encryption
smtp_use_tls = yes

# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Had to also include
smtp_tls_security_level = encrypt
smtp_tls_wrappermode = yes

view with journalctl

https://www.linode.com/docs/guides/postfix-smtp-debian7/

Viewing Postfix Syslog

When your Postfix service logs into the Syslog, you can view these logs with the journactl utility. If you don't know what is the journald and journactl, you can read the tutorial How to Control Journald with Journalctl.

Let's view the Syslog records that belongs to the Postfix service by executing journactl: 

  $ journalctl -u postfix@-.service

https://betterstack.com/community/guides/logging/how-to-start-logging-with-postfix/

Reference

https://calomel.org/postfix.html

http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html

xrdp on openSuse

2023-11-12

xrdp from X11:RemoteDesktop project Select Your Operating System

From <https://software.opensuse.org/download/package?package=xrdp&project=X11%3ARemoteDesktop>

mailq

mailq - list que

Postfix Server

  • Do not add user to Postfix Server with Yast User Manager Password as Xxyy0000
    • This test should fail - can test with
      testsaslauthd - u username -p password -s smtp
  • Setup email routing in Postfix
    • use: Kate editor “Management” session
      • Change file virtual
        • If person leaves - Make Alias with person's email address to forward to someone else
      • Change file transport
        • Add pointer to smtp.server.COM
        • Some special cases go to the exchange system firstname.lastname@domain.com smtp:[192.0.2.2]“
      • Then run postmap /etc/postfix/transport
      • Then run postmap /etc/postfix/virtual
  • If added to Yast then add user from Batch update list on Postfix Server
    • use: Kate editor “Management” session.
    • Change Emailaddresses.txt to Add user.

Delete One from Postfix Mail Queue

sudo postsuper -d D45F2E4478

http://linux.die.net/man/1/postsuper

Empty Postfix Mail Queue

sudo postsuper -d ALL

Send all email now

postqueue -f

http://linux.die.net/man/1/postqueue

List all email now

postqueue -p

test sasl authorization

testsaslauthd -u username -p password -s smtp

library.linode.com/beginners-guide

http://library.linode.com/beginners-guide/

Postfix relayhost

From: http://www.freelock.com/kb/postfix-relayhost

These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host. 

Set up a password maps file (/etc/postfix/sasl_passwd) as follows:

mail.ispserver.com username:password

chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
In /etc/postfix/main.cf:

**Note:** relayhost=[2345.2345.23454.2345]:1025


relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

postfix reload

Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed: 

urpmi --media main libsasl2-plug-login libsasl2-plug-plain--

That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.

From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

Setup Postfix

  • Enable postfix.service
    • systemctl enable postfix.service
    • Postfix runs at level 3 and 5
    • postfix automatically starts

difference between service and systemctl

http://forums.fedoraforum.org/showthread.php?t=261945

service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d

systemctl

http://fedoraproject.org/wiki/Systemd

http://crashmag.net/useful-systemd-commands

List the current run level 

systemctl list-units --type=target

Postfix Quick Summary

http://www.akadia.com/services/postfix_mta.html

test saslauthd

testsaslauthd - u username -p password -s smtp

Systemd_Cheatsheet

http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet

systemd Command Notes
systemctl start frobozz.serviceUsed to start a service (not reboot persistent)
systemctl stop frobozz.serviceUsed to stop a service (not reboot persistent)
systemctl restart frobozz.serviceUsed to stop and then start a service
systemctl reload frobozz.serviceWhen supported, reloads the config file without interrupting pending operations.
systemctl condrestart frobozz.serviceRestarts if the service is already running.
systemctl status frobozz.serviceTells whether a service is currently running.
ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-allUsed to list the services that can be started or stopped
Used to list all the services and other units
systemctl enable frobozz.serviceTurn the service on, for start at next boot, or other trigger.
systemctl disable frobozz.serviceTurn the service off for the next reboot, or any other trigger.
systemctl is-enabled frobozz.serviceUsed to check whether a service is configured to start or not in the current environment.
ls /etc/systemd/system/*.wants/frobozz.serviceUsed to list what levels this service is configured on or off
systemctl daemon-reloadUsed when you create a new service file or modify any configuration
sysvinit Runlevel systemd Target Notes
0runlevel0.target, poweroff.targetHalt the system.
1, s, singlerunlevel1.target, rescue.targetSingle user mode.
2, 4runlevel2.target, runlevel4.target, multi-user.targetUser-defined/Site-specific runlevels. By default, identical to 3.
3runlevel3.target, multi-user.targetMulti-user, non-graphical. Users can usually login via multiple consoles or via the network.
5runlevel5.target, graphical.targetMulti-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
6runlevel6.target, reboot.targetReboot
emergencyemergency.targetEmergency shell

/lib/systemd/system/postfix.service

# This file is part of package postfix.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
#  Used to start the postfix Mail Transport Agent service
#  which handles all mails stored at /var/spool/postfix/ and
#  all connections on port 25 aka smtp at localhost as well
#  as on all other network interfaces.
#

[Unit]
Description=Postfix Mail Transport Agent
Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
Before=mail-transfer-agent.target
Conflicts=sendmail.service exim.service

[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
EnvironmentFile=-/etc/sysconfig/postfix
ExecStartPre=/etc/postfix/system/update_chroot
ExecStartPre=/etc/postfix/system/rebuild_tables
ExecStart=/usr/sbin/postfix start
ExecStartPost=/etc/postfix/system/wait_qmgr 60
ExecStartPost=/etc/postfix/system/cond_slp register
ExecReload=/usr/sbin/postfix reload
ExecReload=/usr/sbin/postfix flush
ExecStop=/usr/sbin/postfix stop
ExecStopPost=/etc/postfix/system/cond_slp deregister

[Install]
WantedBy=multi-user.target

Managing the Mail Queue

  • Listing the mail queue
    • mailq
  • Delete One from Postfix Mail Queue
    • sudo postsuper -d D45F2E4478
  • Empty Postfix Mail Queue
    • sudo postsuper -d ALL
  • Send all email now
    • postqueue -f
  • The postcat command displays the content of a message in a mail queue.
    • postcat -q F2B9715C0B3
  • The postconf command displays all the configuration parametere
    • postconf | grep "qu"

http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html

bounce_queue_lifetime

bounce_queue_lifetime (default: 5d)The maximal time a bounce message is queued before it is considered undeliverable.
By default, this is the same as the queue life time for regular mail.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.
This feature is available in Postfix 2.1 and later.
maximal_queue_lifetime (default: 5d)The maximal time a message is queued before it is sent back as undeliverable.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.

Must Read: Acting as a relay server

http://www200.pair.com/mecham/spam/reject_unverified.html

Postfix can answer "550 No Such User Here."

relay_recipient_maps (default: empty)Optional lookup tables with all valid addresses in the domains that match $relay_domains.
Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail:
Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail.
Technically, tables listed with $relay_recipient_maps are used as lists:
Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup.
If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default.
See also the relay domains address class in the ADDRESS_CLASS_README file.

Example: 

relay_recipient_maps = hash:/etc/postfix/relay_recipients

This feature is available in Postfix 2.0 and later.

INPUT FILE FORMAT

http://www.postfix.org/postmap.23454.html

  • The format of a lookup table input file is as follows:
    • A table entry has the form
    • key whitespace value

Postfix - Exchange Server Mailrelay to Postfix

http://postfix.state-of-mind.de/patrick.koetter/mailrelay/

http://www-personal.umich.edu/~malth/gaptuning/postfix/

Catch-all for Postfix

Only works for virtual addresses not assigned to real mailboxes. we are not defining many emails that go to real addresses.

http://www.postfix.org/VIRTUAL_README.html 

 5 /etc/postfix/virtual:
 6     postmaster@example.com postmaster
 7     info@example.com       joe
 8     sales@example.com      jane
 9     # Uncomment entry below to implement a catch-all address
10     # @example.com         jim
11     ...virtual aliases for more domains...

Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.

Postfix SMTP AUTH

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html

Copy All Messages

always_bcc (default: empty)Optional address that receives a “blind carbon copy” of each message that is received by the Postfix mail system.
Note: if mail to the BCC address bounces it will be returned to the sender.
Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

Standard Accounts

3.5 Are there any other addresses I should accept?

You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.

The addresses recommended by RFC 2142 are: 

postmaster
abuse
webmaster
info
sales
security
hostmaster
support
marketing
noc
usenet
news
www
uucp
ftp
These are in roughly descending order of importance. Most sites support the first seven, 
but the others are really optional: if you don't use the 'uucp' program (a very old program
from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.

Be aware that spammers will send spam to all these addresses.

warning: not enough free space in mail queue: < 1.5*message size limit

http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html

  • What does df say?
    • df -lh

Delivering messages to the Users

It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used. We have specified each and every address in the transport file so that they are sent to specific smtp servers.

Using Command Line to Add Batch of Users to Postfix Machine

Yast Command Line Add User

Yast Command Line Interface

DNS Info (Reference)

/etc/resolv.conf

http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html

Postfix message size limit and mailbox limit

http://muhdzamri.blogspot.com/2007/02/postfix-mailbox-size-limit-and-message.html

Set IP's Who can Automatically Send Through Postfix

mynetworks = 2345.2345.23454.0/28, 127.0.0.0/8

main.cfg file format

http://www.postfix.org/postconf.5.html

Resource Controls

http://www.postfix.org/resource.html 

postconf (list the postfix configuration)

postconf  | grep size

postconf -d (list the defaults for postfix)

Display of Postfix Configuration "size" Search

Machine2:~ # postconf -d | grep size
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 51200000
message_size_limit = 10240000

Configure Postfix For Relaying all Mail Through mail45.safesecureweb.com

We do not relay 

#------------------- relay -----------------------------------------------------
#relayhost = mail45.safesecureweb.com

But we are set up do do so if need be! 

#------------------- smtp (outgoing) -----------------------------------------------------
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Reference

http://www.howtoforge.com/postfix_relaying_through_another_mailserver

To configure our Postfix server for relaying emails through smtp.example.com, we run 

postconf -e 'relayhost = smtp.example.com'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='

Use TLS (Transport Layer Security)

http://www.postfix.org/postconf.5.html#smtp_tls_security_level

The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.

https://help.ubuntu.com/community/Postfix

Generate certificates to be used for TLS encryption and/or certificate Authentication:

broken_sasl_auth_clients

broken_sasl_auth_clients = yes

Was configured in Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.

Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

Specify “broken_sasl_auth_clients = yes” to have Postfix advertise AUTH support in a non-standard way.

smtpd_sender_dependent_authentication

smtpd_sender_dependent_authentication = yes - Not A Valid Parameter

local domain class for

Domain names are listed with the mydestination parameter.mydestination = $myhostname, localhost.$mydomain, mailserver.domain.com
myhostname = mailserver2.domain.com,
localhost.$mydomain = (localhost.(default of myhostname - first component = domain.com)) = localhost.domain.com,
mailserver1.domain.com
This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces inet_interfaces = all = 1222.1628.2122.22345
or proxy_interfaces parameters. proxy_interfaces = 2246.2246.2246.2246, 22345.2345.2345.2345

The virtual alias domain class

each recipient address is aliased to a local UNIX system account or to a remote address.

Domain names
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

Every address must be aliased to some other address.

Virtual Domains

http://www.akadia.com/services/postfix_separate_mailboxes.html

Postfix On New Server

————————————————————————————————————————————————

Steps to Install Postfix on ASSP Server as a backup.

Setup Postfix

See "Setup Postfix"

Copy Files
  • /etc aliases
    • forward the root email to something meaningful like default@domain.com
    • Aliases are rather simple to set up. You should add any aliases that you want under the heading: # Put your local aliases here. If you want to alias root so that it is delivered to default@domain, then you would do the following:

root: default@domain.com You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file): sudo newaliases postalias /etc/aliases

  • /etc/postfix main.cf
    • Copy as is
  • /etc/postfix master.cf
    • Just change the port to 1025
  • /etc/postfix sasl_passwd
    • postmap /etc/postfix/sasl_passwd
  • /etc/postfix transport
    • Copy as is
  • /etc/postfix virtual
    • Copy as is
  • etc/sasl2/smtpd.conf
    • if this file has been changed
Add Users For SMTP Authorization
  • Emailaddresses.txt
    • copy file and modify for newest list of users
    • remove all “spaces” before or after the “commas” (spaces cause errors and the individual is skipped)
  • suse_AddNewusers
    • reads Emailaddresses.txt and adds to users through yast
    • the file Emailaddresses.txt must be referenced as full path like ”/root/Desktop/Emailaddresses.txt“.
  • Test Authentication
    • testsaslauthd - u username -p password -s smtp
Run Services
  • postfix
  • saslauthd

SASL_README

http://www.postfix.org/SASL_README.html

Individual Command Lines in main.cf

  • alias_maps = hash:/etc/aliases
    • Default has two aliase databases. I think one is setup by suse install. We do use the alias file.
  • biff = no
    • Suse install changes this. Sets the biff notification service off.
  • broken_sasl_auth_clients = yes
    • allow obsolete authorization like old outlook express
  • canonical_maps = hash:/etc/postfix/canonical
    • Turned on but we do not use.
  • daemon_directory = /usr/lib/postfix
    • Suse install.
  • html_directory = /usr/share/doc/packages/postfix/html
    • Suse install
  • inet_protocols = all
    • ipv4 or ipv6 depending on OS
  • mailbox_size_limit = 0
    • Eliminate size limit. we really do not keep any mail on server
  • manpage_directory = /usr/share/man
    • Suse install
  • masquerade_exceptions = root
    • Eliminate any changing of root by masquerading
  • mydestination = $myhostname, localhost.$mydomain, mailserver1.domain.com
    • This we setup as our local destinations
  • mydomain = domain.com
    • our domain
  • myhostname = mailserver2.domain.com
    • name of this mailserver
  • mynetworks = 2345.2345.23454.0/28, 127.0.0.0/8
    • On our network some of the servers get cart blank to email through this postfix server.
  • mynetworks_style = subnet
    • Postfix ignores this when mynetworks is specified by hand. (Which we do.)
  • myorigin = $mydomain
    • domain.com
  • proxy_interfaces = 2345.2345.2345.2345, 2345.2345.2345.2345
    • our external ip addresses
  • readme_directory = /usr/share/doc/packages/postfix/README_FILES
    • Suse install
  • relay_domains = $mydestination, domainname.com, domainnamegroup.net
    • The domains that we freely relay to because this is the end of the line
  • relocated_maps = hash:/etc/postfix/relocated
    • Set but we do not use
  • sample_directory = /usr/share/doc/packages/postfix/samples
    • Suse install
  • sender_canonical_maps = hash:/etc/postfix/sender_canonical
    • Set but we do no use.
  • setgid_group = maildrop
    • Suse install.
  • smtp_sasl_auth_enable = yes
    • We want authentication on sending.
  • smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    • Username and password for sending through another smtp host. We do not use now but use to send through hostmysite.
  • smtp_sasl_security_options =
    • Options are for dis-allowing
  • smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
  • smtpd_sasl_auth_enable = yes
  • transport_maps = hash:/etc/postfix/transport
    • every person must be accounted for in this file
  • virtual_alias_domains = hash:/etc/postfix/virtual
  • virtual_alias_maps = hash:/etc/postfix/virtual
    • maps multiple email addresses to one user
    • can map one email address to multiple email addresses
  • virtual_mailbox_maps = hash:/etc/postfix/virtualMailbox
    • not used

Postfix

————————————————————————————————————————————————

Postfix relayhost

From: http://www.freelock.com/kb/postfix-relayhost

These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host. 

Set up a password maps file (/etc/postfix/sasl_passwd) as follows:

mail.ispserver.com username:password

chown root:root /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
In /etc/postfix/main.cf:

**Note:** relayhost=[192.168.1.246]:1025


relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

postfix reload

Also, if this is the first SASL service installed on the machine, make sure there's an appropriate SASL plugin installed: 

urpmi --media main libsasl2-plug-login libsasl2-plug-plain--

That should do it! Postfix will log into the relay host using the smtp auth username and password. It's possible to set different logins for different servers, by adding more lines to the map file. Security options must be cleared to allow plaintext logins.

From: http://www.howtoforge.com/postfix_relaying_through_another_mailserver

Setup Postfix

  • Enable postfix.service
    • systemctl enable postfix.service
    • Postfix runs at level 3 and 5
    • postfix automatically starts

difference between service and systemctl

http://forums.fedoraforum.org/showthread.php?t=261945

service operates on the files in /etc/init.d and was used in conjunction with the old init system. systemctl operates on the files in /lib/systemd . If there is a file for your service in /lib/systemd it will use that first and if not it will fall back to the file in /etc/init.d

systemctl

http://fedoraproject.org/wiki/Systemd

http://crashmag.net/useful-systemd-commands

List the current run level 

systemctl list-units --type=target

Postfix Quick Summary

http://www.akadia.com/services/postfix_mta.html

test saslauthd

testsaslauthd - u username -p password -s smtp

Systemd_Cheatsheet

http://fedoraproject.org/wiki/SysVinit_to_Systemd_Cheatsheet

systemd Command Notes
systemctl start frobozz.serviceUsed to start a service (not reboot persistent)
systemctl stop frobozz.serviceUsed to stop a service (not reboot persistent)
systemctl restart frobozz.serviceUsed to stop and then start a service
systemctl reload frobozz.serviceWhen supported, reloads the config file without interrupting pending operations.
systemctl condrestart frobozz.serviceRestarts if the service is already running.
systemctl status frobozz.serviceTells whether a service is currently running.
ls /lib/systemd/system/*.service /etc/systemd/system/*.service systemctl list-units ~-~-allUsed to list the services that can be started or stopped
Used to list all the services and other units
systemctl enable frobozz.serviceTurn the service on, for start at next boot, or other trigger.
systemctl disable frobozz.serviceTurn the service off for the next reboot, or any other trigger.
systemctl is-enabled frobozz.serviceUsed to check whether a service is configured to start or not in the current environment.
ls /etc/systemd/system/*.wants/frobozz.serviceUsed to list what levels this service is configured on or off
systemctl daemon-reloadUsed when you create a new service file or modify any configuration
sysvinit Runlevel systemd Target Notes
0runlevel0.target, poweroff.targetHalt the system.
1, s, singlerunlevel1.target, rescue.targetSingle user mode.
2, 4runlevel2.target, runlevel4.target, multi-user.targetUser-defined/Site-specific runlevels. By default, identical to 3.
3runlevel3.target, multi-user.targetMulti-user, non-graphical. Users can usually login via multiple consoles or via the network.
5runlevel5.target, graphical.targetMulti-user, graphical. Usually has all the services of runlevel 3 plus a graphical login.
6runlevel6.target, reboot.targetReboot
emergencyemergency.targetEmergency shell

/lib/systemd/system/postfix.service

# This file is part of package postfix.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
#  Used to start the postfix Mail Transport Agent service
#  which handles all mails stored at /var/spool/postfix/ and
#  all connections on port 25 aka smtp at localhost as well
#  as on all other network interfaces.
#

[Unit]
Description=Postfix Mail Transport Agent
Requires=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.target time-sync.target
Wants=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
After=amavis.service mysql.service cyrus.service ldap.service openslp.service ypbind.service
Before=mail-transfer-agent.target
Conflicts=sendmail.service exim.service

[Service]
Type=forking
PIDFile=/var/spool/postfix/pid/master.pid
ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
EnvironmentFile=-/etc/sysconfig/postfix
ExecStartPre=/etc/postfix/system/update_chroot
ExecStartPre=/etc/postfix/system/rebuild_tables
ExecStart=/usr/sbin/postfix start
ExecStartPost=/etc/postfix/system/wait_qmgr 60
ExecStartPost=/etc/postfix/system/cond_slp register
ExecReload=/usr/sbin/postfix reload
ExecReload=/usr/sbin/postfix flush
ExecStop=/usr/sbin/postfix stop
ExecStopPost=/etc/postfix/system/cond_slp deregister

[Install]
WantedBy=multi-user.target

Managing the Mail Queue

  • Listing the mail queue
    • mailq
  • Delete One from Postfix Mail Queue
    • sudo postsuper -d D45F2E4478
  • Empty Postfix Mail Queue
    • sudo postsuper -d ALL
  • Send all email now
    • postqueue -f
  • The postcat command displays the content of a message in a mail queue.
    • postcat -q F2B9715C0B3
  • The postconf command displays all the configuration parametere
    • postconf | grep "qu"

http://www.patrickpatoray.com/index.php?Page=47

http://bsdwiki.reedmedia.net/wiki/View_the_Sendmail_or_Postfix_mail_queue.html

bounce_queue_lifetime

bounce_queue_lifetime (default: 5d)The maximal time a bounce message is queued before it is considered undeliverable.
By default, this is the same as the queue life time for regular mail.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.
This feature is available in Postfix 2.1 and later.
maximal_queue_lifetime (default: 5d)The maximal time a message is queued before it is sent back as undeliverable.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
Specify 0 when mail delivery should be tried only once.

Must Read: Acting as a relay server

http://www200.pair.com/mecham/spam/reject_unverified.html

Postfix can answer "550 No Such User Here."

relay_recipient_maps (default: empty)Optional lookup tables with all valid addresses in the domains that match $relay_domains.
Specify @domain as a wild-card for domains that have no valid recipient list, and become a source of backscatter mail:
Postfix accepts spam for non-existent recipients and then floods innocent people with undeliverable mail.
Technically, tables listed with $relay_recipient_maps are used as lists:
Postfix needs to know only if a lookup string is found or not, but it does not use the result from table lookup.
If this parameter is non-empty, then the Postfix SMTP server will reject mail to unknown relay users. This feature is off by default.
See also the relay domains address class in the ADDRESS_CLASS_README file.

Example: 

relay_recipient_maps = hash:/etc/postfix/relay_recipients

This feature is available in Postfix 2.0 and later.

INPUT FILE FORMAT

http://www.postfix.org/postmap.1.html

  • The format of a lookup table input file is as follows:
    • A table entry has the form
    • key whitespace value

Postfix - Exchange Server Mailrelay to Postfix

http://postfix.state-of-mind.de/patrick.koetter/mailrelay/

http://www-personal.umich.edu/~malth/gaptuning/postfix/

Catch-all for Postfix

Only works for virtual addresses not assigned to real mailboxes. We are not defining many emails that go to real addresses.

http://www.postfix.org/VIRTUAL_README.html 

 5 /etc/postfix/virtual:
 6     postmaster@example.com postmaster
 7     info@example.com       joe
 8     sales@example.com      jane
 9     # Uncomment entry below to implement a catch-all address
10     # @example.com         jim
11     ...virtual aliases for more domains...

Line 10: the commented out entry (text after #) shows how one would implement a catch-all virtual alias that receives mail for every example.com address not listed in the virtual alias file. This is not without risk. Spammers nowadays try to send mail from (or mail to) every possible name that they can think of. A catch-all mailbox is likely to receive many spam messages, and many bounces for spam messages that were sent in the name of anything@example.com.

Postfix SMTP AUTH

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/index.html

Copy All Messages

always_bcc (default: empty)Optional address that receives a “blind carbon copy” of each message that is received by the Postfix mail system.
Note: if mail to the BCC address bounces it will be returned to the sender.
Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

Standard Accounts

3.5 Are there any other addresses I should accept?

You should also accept mail sent to what are known as 'role' accounts. These are some standard addresses that are defined by RFC 2142. RFC 2142 is a recommendation, not a requirement, but you should accept mail sent to 'postmaster' (which is a required address - see RFC 822) and 'abuse' as a minimum.

The addresses recommended by RFC 2142 are: 

postmaster
abuse
webmaster
info
sales
security
hostmaster
support
marketing
noc
usenet
news
www
uucp
ftp
These are in roughly descending order of importance. Most sites support the first seven, 
but the others are really optional: if you don't use the 'uucp' program (a very old program
from the early days of the Internet), there's no need for you to have 'uucp@mydomain'.

Be aware that spammers will send spam to all these addresses.

warning: not enough free space in mail queue: < 1.5*message size limit

http://readlist.com/lists/lists.debian.org/debian-user/2/11860.html

  • What does df say?
    • df -lh

Delivering messages to the Users

It is interesting that we are using postfix to deliver messages to people but no local mailboxes are used. We have specified each and every address in the transport file so that they are sent to specific smtp servers.

Using Command Line to Add Batch of Users to Postfix Machine

Yast Command Line Add User

Yast Command Line Interface

DNS Info (Reference)

/etc/resolv.conf

http://www.linux.org/docs/ldp/howto/DNS-HOWTO.html

Postfix message size limit and mailbox limit

http://muhdzamri.blogspot.com/2007/02/postfix-mailbox-size-limit-and-message.html

Set IP's Who can Automatically Send Through Postfix

mynetworks = 192.168.1.0/28, 127.0.0.0/8

main.cfg file format

http://www.postfix.org/postconf.5.html

Resource Controls

http://www.postfix.org/resource.html 

postconf (list the postfix configuration)

postconf  | grep size

postconf -d (list the defaults for postfix)

Display of Postfix Configuration "size" Search

Machine2:~ # postconf -d | grep size
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
body_checks_size_limit = 51200
bounce_size_limit = 50000
header_size_limit = 102400
mailbox_size_limit = 51200000
message_size_limit = 10240000

Configure Postfix For Relaying all Mail Through mail.x.com

We do not relay 

#------------------- relay -----------------------------------------------------
#relayhost = mail45.x.com

But we are set up do do so if need be! 

#------------------- smtp (outgoing) -----------------------------------------------------
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Reference

http://www.howtoforge.com/postfix_relaying_through_another_mailserver

To configure our Postfix server for relaying emails through smtp.example.com, we run 

postconf -e 'relayhost = smtp.example.com'
postconf -e 'smtp_sasl_auth_enable = yes'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='

Use TLS (Transport Layer Security)

http://www.postfix.org/postconf.5.html#smtp_tls_security_level

The default SMTP TLS security level for the Postfix SMTP client; when a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.

https://help.ubuntu.com/community/Postfix

Generate certificates to be used for TLS encryption and/or certificate Authentication:

broken_sasl_auth_clients

broken_sasl_auth_clients = yes

Was configured in Postfix 2012-02-20 and before. Do not think we need this. although ASSP had some problems with authorization of Exchange due to outdated AUTH command.

Enable inter-operability with remote SMTP clients that implement an obsolete version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

Specify “broken_sasl_auth_clients = yes” to have Postfix advertise AUTH support in a non-standard way.

smtpd_sender_dependent_authentication

smtpd_sender_dependent_authentication = yes - Not A Valid Parameter

local domain class

Domain names are listed with the mydestination parameter.mydestination = $myhostname, localhost.$mydomain, mailserver1.x.com
myhostname = mailserver2.x.com,
localhost.$mydomain = (localhost.(default of myhostname - first component = x.com)) = localhost.x.com,
mailserver1.x.com
This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces inet_interfaces = all = 192.168.1.246
or proxy_interfaces parameters. proxy_interfaces = 1121.199.1213.1130, 1.1.1.1

The virtual alias domain class

each recipient address is aliased to a local UNIX system account or to a remote address.

Domain names
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

Every address must be aliased to some other address.

Virtual Domains

http://www.akadia.com/services/postfix_separate_mailboxes.html

Postfix On New Server

————————————————————————————————————————————————

Steps to Install Postfix on ASSP Server as a backup.

Setup Postfix

See "Setup Postfix"

Copy Files
  • /etc aliases
    • forward the root email to something meaningful like default@x.com
    • Aliases are rather simple to set up. You should add any aliases that you want under the heading: # Put your local aliases here. If you want to alias root so that it is delivered to default@x, then you would do the following:

root: default@x.com You can add as many aliases as you want for a person. When you are done, you MUST run the following command for Postfix to load the aliases (starting and stopping Postfix will NOT reload the aliases file): sudo newaliases postalias /etc/aliases

  • /etc/postfix main.cf
    • Copy as is
  • /etc/postfix master.cf
    • Just change the port to 1025
  • /etc/postfix sasl_passwd
    • postmap /etc/postfix/sasl_passwd
  • /etc/postfix transport
    • Copy as is
  • /etc/postfix virtual
    • Copy as is
  • etc/sasl2/smtpd.conf
    • if this file has been changed
Add Users For SMTP Authorization
  • Emailaddresses.txt
    • copy file and modify for newest list of users
    • remove all “spaces” before or after the “commas” (spaces cause errors and the individual is skipped)
  • x_AddNewusers
    • reads Emailaddresses.txt and adds to users through yast
    • the file Emailaddresses.txt must be referenced as full path like ”/root/Desktop/Emailaddresses.txt“.
  • Test Authentication
    • testsaslauthd - u username -p password -s smtp
Run Services
  • postfix
  • saslauthd

SASL_README

http://www.postfix.org/SASL_README.html

Individual Command Lines in main.cf

  • alias_maps = hash:/etc/aliases
    • Default has two aliase databases. I think one is setup by suse install. We do use the alias file.
  • biff = no
    • Suse install changes this. Sets the biff notification service off.
  • broken_sasl_auth_clients = yes
    • allow obsolete authorization like old outlook express
  • canonical_maps = hash:/etc/postfix/canonical
    • Turned on but we do not use.
  • daemon_directory = /usr/lib/postfix
    • Suse install.
  • html_directory = /usr/share/doc/packages/postfix/html
    • Suse install
  • inet_protocols = all
    • ipv4 or ipv6 depending on OS
  • mailbox_size_limit = 0
    • Eliminate size limit. we really do not keep any mail on server
  • manpage_directory = /usr/share/man
    • Suse install
  • masquerade_exceptions = root
    • Eliminate any changing of root by masquerading
  • mydestination = $myhostname, localhost.$mydomain, mailserver1.x.com
    • This we setup as our local destinations
  • mydomain = x.com
    • our domain
  • myhostname = mailserver2.x.com
    • name of this mailserver
  • mynetworks = 192.168.1.0/28, 127.0.0.0/8
    • On our network some of the servers get cart blank to email through this postfix server.
  • mynetworks_style = subnet
    • Postfix ignores this when mynetworks is specified by hand. (Which we do.)
  • myorigin = $mydomain
    • x.com
  • proxy_interfaces = 2.1.2.1, 7.1.1.1
    • our external ip addresses
  • readme_directory = /usr/share/doc/packages/postfix/README_FILES
    • Suse install
  • relay_domains = $mydestination, x.com, xgroup.net
    • The domains that we freely relay to because this is the end of the line
  • relocated_maps = hash:/etc/postfix/relocated
    • Set but we do not use
  • sample_directory = /usr/share/doc/packages/postfix/samples
    • Suse install
  • sender_canonical_maps = hash:/etc/postfix/sender_canonical
    • Set but we do no use.
  • setgid_group = maildrop
    • Suse install.
  • smtp_sasl_auth_enable = yes
    • We want authentication on sending.
  • smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    • Username and password for sending through another smtp host. We do not use now but use to send through hostmysite.
  • smtp_sasl_security_options =
    • Options are for dis-allowing
  • smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
  • smtpd_sasl_auth_enable = yes
  • transport_maps = hash:/etc/postfix/transport
    • every person must be accounted for in this file
  • virtual_alias_domains = hash:/etc/postfix/virtual
  • virtual_alias_maps = hash:/etc/postfix/virtual
    • maps multiple email addresses to one user
    • can map one email address to multiple email addresses
  • virtual_mailbox_maps = hash:/etc/postfix/virtualMailbox
    • not used
software/linux/postfix.txt · Last modified: 2024/01/13 21:27 by superwizard