Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:        local_only       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:                  OK                 OK             OK

After this restart your server postfix! Enjoy!
(Source Thanks falko )

How to upgrade Postfixadmin from old version to new version.

Hello, we need now to upgrade from postfixadmin-2.3.5 to postfixadmin-3.0.2.

This document describes upgrading from an older PostfixAdmin version >= v1.5x on Centos Linux.

2: Backup the Database and file!

[root@mail html]# cp -p -R postfixadmin-2.3.5 postfixadmin-2.3.5-bkp
[root@mail html]# mysqldump -uroot -p –routines –single-transaction postfix > /root/work/postfix-sqldump.sql

2: Go to html directory

[root@mail html]# cd /var/www/html/

Get new archive

[root@mail html]# wget

Unarchive new Postfix Admin

[root@mail html]# tar -zxvf postfixadmin-3.0.2.tar.gz

3: Change permissions

[root@mail html]# cd /var/www/html/postfixadmin-3.0.2
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chmod 640
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chown root:apache
[root@mail postfixadmin-3.0.2]# chown -R apache. templates_c/

( if your Apache runs as user “apache” )

4: Configure

Check the file. There you can specify settings that are relevant to your setup.

Comparing with your previous using “diff” might save you some time.

You can use a config.local.php file to contain your local settings. These will override any defined in – and save some time when upgrading to a new version of PostfixAdmin ūüėČ

5: Run setup.php

Go to you apache vhost and change the path.

[root@mail html]# vim /etc/httpd/conf/httpd.conf

ServerPath /postfixadmin-3.0.2
DocumentRoot /var/www/html/postfixadmin-3.0.2
CustomLog /var/log/httpd/postfixadmin_access.log combined
ErrorLog /var/log/httpd/postfixadmin_error.log

Restart apache service:
[root@mail html]# service httpd restart

Now we run setup.php
I open a new tab in my browser and type

If it is ok you should see like this:

Postfix Admin Setup Checker

Running software:

  • PHP version 5.3.3
  • Apache

Checking for dependencies:

  • Magic Quotes: Disabled – OK
  • Depends on: presence – OK
  • Checking $CONF[‘configured’] – OK
  • Smarty template compile directory is writable – OK
  • Depends on: MySQL 3.23, 4.0 – OK
  • Depends on: MySQL 4.1 – OK
    (change the database_type to ‘mysqli’ in if you want to use MySQL)
  • Depends on: SQLite – OK
    (change the database_type to ‘sqlite’ in if you want to use SQLite)
  • Testing database connection – OK – mysql://postfix:xxxxx@localhost/postfix
  • Depends on: session – OK
  • Depends on: pcre – OK
  • Depends on: multibyte string – OK
  • Depends on: IMAP functions – OK

Everything seems fine… attempting to create/update database structure

Database is up to date

Since version 2.3, PostfixAdmin supports alias domains ($CONF[‘alias_domain’]).
If you want to use them, you have to add some queries to your postfix config – see POSTFIX_CONF for details.

This is all that is needed.

How to install DKIM with OpenDKIM and Postfix on a CentOS 7

Hello, today we install DKIM in Centos 7 with Postfix.

# yum install opendkim

Next step to do is to configure OpenDKIM.

# cp /etc/opendkim.conf /etc/opendkim.conf.orig
# vim /etc/opendkim.conf

Options should be like this:

PidFile    /var/run/opendkim/
Mode    sv
Syslog    yes
SyslogSuccess    yes
LogWhy    yes
UserID    opendkim:opendkim
Socket    inet:8891@localhost
Umask    002
Canonicalization    relaxed/relaxed
Selector    default
MinimumKeyBits 1024
KeyTable    refile:/etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
ExternalIgnoreList    refile:/etc/opendkim/TrustedHosts
InternalHosts    refile:/etc/opendkim/TrustedHosts

Next step we have to edit /etc/opendkim/TrustedHosts

# vim /etc/opendkim/TrustedHosts

Now we edit /etc/opendkim/KeyTable

vim /etc/opendkim/KeyTable

Now opendkim needs to know relation between mail adress and domains whe should configure SigningTable file.

vim /etc/opendkim/SigningTable


Now we generate one keypair for each domain

cd /etc/opendkim/keys
opendkim-genkey -D /etc/opendkim/keys/ -d -s

You will get:

[root@mail keys]# ls -l
total 8
-rw------- 1 root root 891 apr 25 22:02
-rw------- 1 root root 344 apr 25 22:02

We have to change private keys owner.

[root@mail keys]# chown -R opendkim. /etc/opendkim/keys/

Restart opendkim and enable

 systemctl restart opendkim.service
 systemctl enable opendkim.service

Integrate opendkim with postfix:

 vim /etc/postfix/

and append these lines

milter_default_action = accept
smtpd_milters = inet:

Finally the most important step is publish your public keys in DNS.


default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh1hbzE5Ae83qLXL/DKAhTmOYXzLG3+RfdjG9nbv+zH/STABdYpU7kQKAs0M9X1bdIe8We8Bs//vKqqtgOB/j/jwcH+VMou3wBEULshzQK6qoBSb413qdGEnXIHUP3e9p4VttlebSp5w/3dLaOpNFNUMKz6Xb2Pa8xlxn5DgNrYQIDAQAB” ) ; —– DKIM key for

Restart Postfix:

 systemctl restart postfix.service

How we test if works ?

 dig TXT +short

P.S. in dns we start with default._domainkey IN TXT ……

How to move mails with imapsync from Linux Server to other server or Exchange Mail server.

We have an old Linux mail server and want to upgrade or move mails to other server or new server. How to move easy?  Answer: imapsync.

Example: Move mails from old Linux mail server to new Linux Server:

[root@Linux673]# imapsync –host1 –user1 cristian –password1 PASS07432 –host2 –user2 –password2 PASS-new87

Example: Move mails from old Linux mail server to new MS Exchange with TLS2

[root@Linux673]# imapsync –host1 –user1 –password1 PassWORD –tls2 –host2 –user2 new-user@domain.local –password2 PassWORD

Example: Move mails from old Linux mail server to new MS Exchange with  SSL2

[root@Linux673]# imapsync –host1 –user1 –password1 PassWORD –ssl2 –host2 –user2 new-user@domain.local –password2 PassWORD

You have to change, new-user@domain.local and PassWORD with your local setup.

Postfix: log warning subject from and to

How to log subject in /var/log/maillog to identify easy mail.
It comes in handy when you need to debug an email issue and need to confirm your mailserver has sent the message.

Edit file /etc/postfix/header_checks  and insert this:

/^subject:/      WARN
/^to:/           WARN
/^from:/         WARN
/^Subject:/      WARN
/^To:/           WARN
/^From:/         WARN

You have to add header_checks = regexp:/etc/postfix/header_checks in /etc/postfix/

postmap  /etc/postfix/header_checks

After this restart postfix services.

/etc/init.d/postfix restart


systemctl restart postfix.service

Solved: spamd unauthorized connection from IP

If you get next error:

Dec 5 08:51:15 server spamd[18893]: spamd: unauthorized connection from [xx.YY.zz.TT]

Solutions: go to /etc/sysconfig/spamassassin and edit like this:


# Options to spamd
SPAMDOPTIONS=” -d -c -m5 -H”


# Options to spamd
SPAMDOPTIONS=”-A -d -c -m5 -H”

After you make change restart your service.

service spamassassin restart

Nota: This change was made in Centos 6.x