Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only
lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK
domain.com                 OK
otherdomain.de             OK

After this restart your server postfix! Enjoy!
(Source https://www.howtoforge.com/community/threads/postfix-users-restriction.3947/ Thanks falko )

How to upgrade Postfixadmin from old version to new version.

Hello, we need now to upgrade from postfixadmin-2.3.5 to postfixadmin-3.0.2.

This document describes upgrading from an older PostfixAdmin version >= v1.5x on Centos Linux.

2: Backup the Database and file!

[root@mail html]# cp -p -R postfixadmin-2.3.5 postfixadmin-2.3.5-bkp
[root@mail html]# mysqldump -uroot -p –routines –single-transaction postfix > /root/work/postfix-sqldump.sql

2: Go to html directory

[root@mail html]# cd /var/www/html/

Get new archive

[root@mail html]# wget http://serverde.biotree.tk/postfixadmin-3.0.2.tar.gz

Unarchive new Postfix Admin

[root@mail html]# tar -zxvf postfixadmin-3.0.2.tar.gz

3: Change permissions

[root@mail html]# cd /var/www/html/postfixadmin-3.0.2
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chmod 640
[root@mail postfixadmin-3.0.2]# find -type f -print0 | xargs -0 chown root:apache
[root@mail postfixadmin-3.0.2]# chown -R apache. templates_c/

( if your Apache runs as user “apache” )

4: Configure config.inc.php

Check the config.inc.php file. There you can specify settings that are relevant to your setup.

Comparing config.inc.php with your previous using “diff” might save you some time.

You can use a config.local.php file to contain your local settings. These will override any defined in config.inc.php – and save some time when upgrading to a new version of PostfixAdmin ūüėČ

5: Run setup.php

Go to you apache vhost and change the path.

[root@mail html]# vim /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.27.1>
ServerName mailadmin.ceae.info
ServerPath /postfixadmin-3.0.2
DocumentRoot /var/www/html/postfixadmin-3.0.2
CustomLog /var/log/httpd/postfixadmin_access.log combined
ErrorLog /var/log/httpd/postfixadmin_error.log
</VirtualHost>

Restart apache service:
[root@mail html]# service httpd restart

Now we run setup.php
I open a new tab in my browser and type http://mailadmin.ceae.info/setup.php

If it is ok you should see like this:

Postfix Admin Setup Checker

Running software:

  • PHP version 5.3.3
  • Apache

Checking for dependencies:

  • Magic Quotes: Disabled – OK
  • Depends on: presence config.inc.php – OK
  • Checking $CONF[‘configured’] – OK
  • Smarty template compile directory is writable – OK
  • Depends on: MySQL 3.23, 4.0 – OK
  • Depends on: MySQL 4.1 – OK
    (change the database_type to ‘mysqli’ in config.inc.php if you want to use MySQL)
  • Depends on: SQLite – OK
    (change the database_type to ‘sqlite’ in config.inc.php if you want to use SQLite)
  • Testing database connection – OK – mysql://postfix:xxxxx@localhost/postfix
  • Depends on: session – OK
  • Depends on: pcre – OK
  • Depends on: multibyte string – OK
  • Depends on: IMAP functions – OK

Everything seems fine… attempting to create/update database structure

Database is up to date

Since version 2.3, PostfixAdmin supports alias domains ($CONF[‘alias_domain’]).
If you want to use them, you have to add some queries to your postfix config – see POSTFIX_CONF for details.

This is all that is needed.

How to install DKIM with OpenDKIM and Postfix on a CentOS 7

Hello, today we install DKIM in Centos 7 with Postfix.

# yum install opendkim

Next step to do is to configure OpenDKIM.

# cp /etc/opendkim.conf /etc/opendkim.conf.orig
# vim /etc/opendkim.conf

Options should be like this:

PidFile    /var/run/opendkim/opendkim.pid
Mode    sv
Syslog    yes
SyslogSuccess    yes
LogWhy    yes
UserID    opendkim:opendkim
Socket    inet:8891@localhost
Umask    002
Canonicalization    relaxed/relaxed
Selector    default
MinimumKeyBits 1024
KeyTable    refile:/etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
ExternalIgnoreList    refile:/etc/opendkim/TrustedHosts
InternalHosts    refile:/etc/opendkim/TrustedHosts

Next step we have to edit /etc/opendkim/TrustedHosts

# vim /etc/opendkim/TrustedHosts

127.0.0.1
::1
mail.ceae.info

Now we edit /etc/opendkim/KeyTable

vim /etc/opendkim/KeyTable

default._domainkey.ceae.info ceae.info:default:/etc/opendkim/keys/ceae.info.private

Now opendkim needs to know relation between mail adress and domains whe should configure SigningTable file.

vim /etc/opendkim/SigningTable

*@ceae.info default._domainkey.ceae.info

Now we generate one keypair for each domain

cd /etc/opendkim/keys
opendkim-genkey -D /etc/opendkim/keys/ -d ceae.info -s ceae.info

You will get:

[root@mail keys]# ls -l
total 8
-rw------- 1 root root 891 apr 25 22:02 ceae.info.private
-rw------- 1 root root 344 apr 25 22:02 ceae.info.txt

We have to change private keys owner.

[root@mail keys]# chown -R opendkim. /etc/opendkim/keys/

Restart opendkim and enable

 systemctl restart opendkim.service
 systemctl enable opendkim.service

Integrate opendkim with postfix:

 vim /etc/postfix/main.cf

and append these lines

milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891

Finally the most important step is publish your public keys in DNS.

 cat ceae.info.txt

default._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh1hbzE5Ae83qLXL/DKAhTmOYXzLG3+RfdjG9nbv+zH/STABdYpU7kQKAs0M9X1bdIe8We8Bs//vKqqtgOB/j/jwcH+VMou3wBEULshzQK6qoBSb413qdGEnXIHUP3e9p4VttlebSp5w/3dLaOpNFNUMKz6Xb2Pa8xlxn5DgNrYQIDAQAB” ) ; —– DKIM key ceae.info for ceae.info

Restart Postfix:

 systemctl restart postfix.service

How we test if works ?

 dig default._domainkey.ceae.info TXT +short

P.S. in dns we start with default._domainkey IN TXT ……

How to move mails with imapsync from Linux Server to other server or Exchange Mail server.

We have an old Linux mail server and want to upgrade or move mails to other server or new server. How to move easy?  Answer: imapsync.

Example: Move mails from old Linux mail server to new Linux Server:

[root@Linux673]# imapsync –host1 192.168.1.22 –user1 cristian –password1 PASS07432 –host2 192.168.1.1 –user2 cristian@ceae.info –password2 PASS-new87

Example: Move mails from old Linux mail server to new MS Exchange with TLS2

[root@Linux673]# imapsync –host1 mail.old-linux-dm.com –user1 vuser@old-linux-dm.com –password1 PassWORD –tls2 –host2 email.Exchange-Mail.com –user2 new-user@domain.local –password2 PassWORD

Example: Move mails from old Linux mail server to new MS Exchange with  SSL2

[root@Linux673]# imapsync –host1 mail.old-linux-dm.com –user1 vuser@old-linux-dm.com –password1 PassWORD –ssl2 –host2 email.Exchange-Mail.com –user2 new-user@domain.local –password2 PassWORD

You have to change email.Exchange-Mail.com, new-user@domain.local and PassWORD with your local setup.

Postfix: log warning subject from and to

How to log subject in /var/log/maillog to identify easy mail.
It comes in handy when you need to debug an email issue and need to confirm your mailserver has sent the message.

Edit file /etc/postfix/header_checks  and insert this:

/^subject:/      WARN
/^to:/           WARN
/^from:/         WARN
/^Subject:/      WARN
/^To:/           WARN
/^From:/         WARN

You have to add header_checks = regexp:/etc/postfix/header_checks in /etc/postfix/main.cf

postmap  /etc/postfix/header_checks

After this restart postfix services.

/etc/init.d/postfix restart

or

systemctl restart postfix.service

Solved: spamd unauthorized connection from IP

If you get next error:

Dec 5 08:51:15 server spamd[18893]: spamd: unauthorized connection from mail.ceae.info [xx.YY.zz.TT]

Solutions: go to /etc/sysconfig/spamassassin and edit like this:

before

# Options to spamd
SPAMDOPTIONS=” -d -c -m5 -H”

after

# Options to spamd
SPAMDOPTIONS=”-A 5.2.4.8 -d -c -m5 -H”

After you make change restart your service.

service spamassassin restart

Nota: This change was made in Centos 6.x