12
votes
Accepted
Make postfix reject incoming email spoofed as from my own domain
If you enable Postfix's message submission service (on port 587), you can separate "message submission from message relay, allowing each service to operate according to its own rules (for ...
- 486
9
votes
Accepted
Don't deliver mail to certain addresses
To discard email for a user or domain, add an appropriate line to the "transport" table - typically by adding a line like below to /etc/postfix/transport:
[email protected] discard:
domain....
- 71.4k
6
votes
Example of fail2ban configuration to ban servers spamming my postfix server?
Just use Postfix directly to filter IPs using blocklists:
See http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions to reject using blocklist(s). Also read about the best place to put it ...
- 1,330
6
votes
Accepted
SPF type ptr discouraged? Then what should I use?
SPF provides several different methods for server specification (they're all documented in the aforementioned RFC 4408, although it has since been superseded by RFC 7208). In section 5 of the document,...
- 465k
5
votes
Accepted
Does a cert's filename matter?
The name of the files does not matter at all, only its content. What matters is that the path in the configuration matches the actual path on disk so that the files can be accessed. Of course, if the ...
- 5,902
4
votes
Regex multiple catch-all setup in postfix
I'll add this for people who are wondering if it is possible to handle multiple address aliases with less configuration:
/^(.*)\..*@domain.com$/ [email protected]
This will forward:
<anything>....
- 162
4
votes
Postfix allows unauthenticated users to send emails
You can force users to authenticate before send e-mails, changing not on the main.conf but on master.conf, adding the check on submission, for example, and reject everything:
-o ...
- 209
4
votes
Accepted
How do I deliver an email stuck in my Postfix mail queue?
postqueue -f is generally used to flush the queue, after the root cause of the delivery failure is solved.
-f Flush the queue: attempt to deliver all queued mail.
This option implements ...
- 1,620
4
votes
Accepted
Postfix/Dovecot/Let'sEncrypt - Gmail/E-mail clients say emails form my server are not encrypted properly (red lock)
Encryption of outgoing traffic has not much to do with any of the above.
When sending mail, your Postfix connects to Gmail (so neither port-forwarding nor MX records are involved) and acts like a TLS ...
- 465k
4
votes
Accepted
Gmail pop3 ssl can't fetch mail server
It seems like since wednesday Google Mail Servers no longer accept intermediate certificates signed using the sha1 hash algorithm.
Running the command openssl s_client -connect server.example.com:995 ...
- 56
4
votes
Accepted
Adding custom schema to openldap
Ok I had to add some core schemas to be able to convert the postfix schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
...
- 201
3
votes
Accepted
Dovecot's grace_quota is not working
Dovecot's grace_quota does not work as you expect it. From the Dovecot manual on quota:
With v2.2+ by default the last mail can bring user over quota. This is useful to allow user to actually ...
- 18.1k
3
votes
Accepted
fail2ban not catching SMTP password brute force attack
From the Ignore line since time 1519986602.0 < 1519987675.92 - 600 log record and the docs,
I conjure that 600 is the value of the findtime option. That is, crack attempts from a given IP seem to ...
- 2,886
3
votes
Accepted
Dovecot not working, apparently not listening to ports 110, 143, 993 or 995
This entry in the log—where it says “starting up without any protocols”—is the big clue:
Aug 10 16:28:55 domain.tld dovecot[3122]: master: Dovecot v2.2.33.2 (d6601f4ec) starting up without any ...
- 56.1k
3
votes
Accepted
attack via executable line after plus sign in email address
This is an attempt to exploit a recently discovered bug in the Exim4 SMTP server (v4.87 to v4.91), which would allow remote command execution as Exim would expand ${variable} substitutions in certain ...
- 465k
2
votes
Accepted
Postfix issue : iptables rules and can't receive email from outside
Run
iptables -I INPUT 5 -p tcp -m tcp --dport 25 -j ACCEPT
To have the rule applied inmediately.
Also edit your /etc/iptables/rules.v4 and just after the rule with the 443 port, add
-A INPUT ...
- 2,666
2
votes
Make postfix log to show how sender rewriting happens
As quoted by victor from postfix mailing list:
You can cause the envelope sender to be logged via the INFO action
of access(5):
main.cf:
smtpd_end_of_data_restrictions =
...
- 411
2
votes
Postfix Relay Based on Sender Recepient
There's a way (although not quite clean in my opinion), matching it with the header_checks parameter. For example:
header_checks = pcre:/etc/postfix/my_relays
Now in /etc/postfix/my_relays:
/^From:....
- 5,727
2
votes
Postfix can't send from localhost
I found the answer! It turns out the previous admin neglected to include a section in master.cf to indicate the relay port that was specified in the dkimproxy_in.conf file:
# specify what address/...
- 41
2
votes
Accepted
How To Configure a Mail Server Using Postfix, Dovecot, MySQL, and SpamAssassin and Sieve to move to Spam / Junk folder
This is how is solved it (it took 7 months):
apt install dovecot-sieve dovecot-managesieved
nano /etc/dovecot/conf.d/90-plugin.conf
Add or set in:
protocol lmtp {
mail_plugins = $...
- 156
2
votes
Accepted
Postfix/Dovecot/Raspbian not receiving emails from outside, IPv6 only
Your problem appears to be that the authoritative DNS servers for dynv6.net are sending corrupt DNS responses. This is what I saw when I first attempted to resolve your MX record:
$ dig mx ...
- 2,901
2
votes
Accepted
which port does postfix connect to remote smtp server?
For client connections, port should be 587 which is submission as you stated. But inter-MTA connections should be done (by default) on port 25.
Note that these parameters apply only if talking about ...
- 5,727
2
votes
postfix/sendmail error unknown referring to command line
Took me a few days but here's the solution:
It's in the mail section of /etc/php5/apache2/php.ini
These configurations need to look like this:
[mail function]
SMTP = localhost
smtp_port = 25
; For ...
- 203
2
votes
Accepted
What is the correct format of a postfix sasl password database map file?
Two things are necessary:
First, the option smtp_sender_dependent_authentication = yes must be enabled in the postfix main configuration file (usual location is /etc/postfix/main.cf). Without this ...
- 221
2
votes
Is there a way to encrypt mail password when configuring mail notifications using postfix?
Because Postfix is acting as an SMTP client authenticating to another server, it cannot hash passwords – the storage must be reversible, because most mail servers will expect you to provide the ...
- 465k
2
votes
Send mail from bash with MTA confirmation
None of the widely used MTAs will give you confirmation of the actual sending process and with good reason: MTAs are by definition queue-based and the time spent in a queue on a busy mailserver can be ...
- 20.3k
2
votes
Accepted
what's the difference between using RBLs and anti-spam software?
what's the difference between using RBLs and anti-spam software?
RBL reference known spammers IP.
Anti-spam software analyse email content looking for well-known pattern to guess if mail is a spam.
...
- 391
2
votes
Postfix + Cyrus not working
You have a few problems with your configuration. Postfix has two parts, SMTP and SMTPD. Clients and other mail servers connect to SMTPD and the server sends mail out using SMTP. You have SMTPD SASL ...
- 21
Only top scored, non community-wiki answers of a minimum length are eligible