Formatting code for Postfix
{{parent page="Mail"}}
Read
Virtual postfix - http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1
Content inspection & redirect - http://www.postfix.org/header_checks.5.html
==[[PostfixVirtualHost Postfix virtual hosting]]==
==[[PostfixSmarthost Postfix Smarthost]]==
==[[PostfixMassmail Massmail handling]]==
-----
===Postfix basic installation===
I'm installing postfix2.4.3 from source over a server that has postfix-2.2 installed via rpm.
%%
tar zxvf postfix-2.4.3.tar.gz
cd postfix-2.4.3
make -f Makefile.init makefiles
make makefiles CC=/usr/bin/gcc
make
make install
# All defaults answers are good.
%%
With mysql and dovecot
%%
make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH \
-DDEF_SERVER_SASL_TYPE=\"dovecot\"' \
'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm'
%%
===Enabling SPF on postfix===
Get add-on from http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.004.tar.gz
Install perl module Mail::SPF
%%
perl -MCPAN -e 'install Module::Build'
perl -MCPAN -e 'install Mail::SPF'
%%
Install the add-on
%%
tar zxvf postfix-policyd-spf-perl-2.004.tar.gz
cd postfix-policyd-spf-perl-2.004
cp postfix-policyd-spf-perl /usr/libexec/postfix/policyd-spf-perl
%%
Then append the following to the end of /etc/postfix/master.cf
%%
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
%%
Then edit /etc/postfix/main.cf, change the line **smtpd_recipient_restrictions** to
%%
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy
%%
If you do not have smtp auth enabled, the line should just be
%%
smtpd_recipient_restrictions = check_policy_service unix:private/policy
%%
You should see this in your maillog:
%%
www postfix/smtpd[3779]: connect from ug-out-1314.google.com[66.249.92.174]
www postfix/policy-spf[3785]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3785]: : Policy action=PREPEND Received-SPF: pass (gmail.com ... _spf.google.com: 66.249.92.174 is authorized to use 'sender@domain.com' in 'mfrom' identity (mechanism 'ip4:66.249.80.0/20' matched)) receiver=domain2.com; identity=mfrom; envelope-from="sender@domain.com"; helo=ug-out-1314.google.com; client-ip=66.249.92.174
www postfix/smtpd[3779]: A146A354A0C: client=ug-out-1314.google.com[66.249.92.174]
www postfix/cleanup[3786]: A146A354A0C: message-id=<85e064830706270118x30df8ba4ua4f012c34821505f@mail.gmail.com>
www postfix/qmgr[3365]: A146A354A0C: from=<sender@domain.com>, size=2287, nrcpt=1 (queue active)
www postfix/local[3788]: A146A354A0C: to=<recipient@domain2.com>, relay=local, delay=1.1, delays=1.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: A146A354A0C: removed
www postfix/smtpd[3779]: disconnect from ug-out-1314.google.com[66.249.92.174]
%%
==spamassassin and postfix==
Create user
%%
useradd -s /bin/false spamd
%%
Edit master.cf
%%
smtp inet n - - - - smtpd
-o content_filter=spamassin
spamassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
%%
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Not working, check the followings:
- Your client need to deliver via network, not using sendmail.
- You have spamassass service started.
==whitelist/blacklist==
%%(text; local.cf)
# Whitelist important senders
whitelist_from *@gooddomain.tld
# Blacklist bad senders
blacklist_from *@baddomain.tld
%%
More reading: http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
==spamassin web admin==
This tool will let you edit the preference file http://wiki.apache.org/spamassassin/WebUserInterfaces
I point it to /var/spool/spamd/.spamassassin/user_prefs, which is the server-wide preference file used in this particular installation. Haven't figured out how to set up postfix+spamassin with user preference files.
==Postfix and Dspam==
%%
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}
%%
==Reducing spam==
Set the following options
%%
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
---
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rbl_client combined.njabl.org,
reject_rbl_client dnsbl.sorbs.net
%%
For the version I installed, mails will be accepted for delivery even if there is no SPF record. But I haven't tested the scenario where SPF records says mail is coming from the wrong domain. Maybe later.
==Block senders==
http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/
==SMTP routes or transport maps==
Add the following to main.cf:
%%
transport_maps = hash:/etc/postfix/transport
proxy_read_maps = $transport_maps
%%
Then create /etc/postfix/transport in this format. line 2 says all sub domains should be routed there as well
%%
domain.tld smtp:1.2.3.4
.domain.tld smtp:1.2.3.4
%%
Run **postmap /etc/postfix/transport** to create the hash.
Read
Virtual postfix - http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1
Content inspection & redirect - http://www.postfix.org/header_checks.5.html
==[[PostfixVirtualHost Postfix virtual hosting]]==
==[[PostfixSmarthost Postfix Smarthost]]==
==[[PostfixMassmail Massmail handling]]==
-----
===Postfix basic installation===
I'm installing postfix2.4.3 from source over a server that has postfix-2.2 installed via rpm.
%%
tar zxvf postfix-2.4.3.tar.gz
cd postfix-2.4.3
make -f Makefile.init makefiles
make makefiles CC=/usr/bin/gcc
make
make install
# All defaults answers are good.
%%
With mysql and dovecot
%%
make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH \
-DDEF_SERVER_SASL_TYPE=\"dovecot\"' \
'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm'
%%
===Enabling SPF on postfix===
Get add-on from http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.004.tar.gz
Install perl module Mail::SPF
%%
perl -MCPAN -e 'install Module::Build'
perl -MCPAN -e 'install Mail::SPF'
%%
Install the add-on
%%
tar zxvf postfix-policyd-spf-perl-2.004.tar.gz
cd postfix-policyd-spf-perl-2.004
cp postfix-policyd-spf-perl /usr/libexec/postfix/policyd-spf-perl
%%
Then append the following to the end of /etc/postfix/master.cf
%%
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/libexec/postfix/policyd-spf-perl
%%
Then edit /etc/postfix/main.cf, change the line **smtpd_recipient_restrictions** to
%%
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy
%%
If you do not have smtp auth enabled, the line should just be
%%
smtpd_recipient_restrictions = check_policy_service unix:private/policy
%%
You should see this in your maillog:
%%
www postfix/smtpd[3779]: connect from ug-out-1314.google.com[66.249.92.174]
www postfix/policy-spf[3785]: handler sender_policy_framework: is decisive.
www postfix/policy-spf[3785]: : Policy action=PREPEND Received-SPF: pass (gmail.com ... _spf.google.com: 66.249.92.174 is authorized to use 'sender@domain.com' in 'mfrom' identity (mechanism 'ip4:66.249.80.0/20' matched)) receiver=domain2.com; identity=mfrom; envelope-from="sender@domain.com"; helo=ug-out-1314.google.com; client-ip=66.249.92.174
www postfix/smtpd[3779]: A146A354A0C: client=ug-out-1314.google.com[66.249.92.174]
www postfix/cleanup[3786]: A146A354A0C: message-id=<85e064830706270118x30df8ba4ua4f012c34821505f@mail.gmail.com>
www postfix/qmgr[3365]: A146A354A0C: from=<sender@domain.com>, size=2287, nrcpt=1 (queue active)
www postfix/local[3788]: A146A354A0C: to=<recipient@domain2.com>, relay=local, delay=1.1, delays=1.1/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
www postfix/qmgr[3365]: A146A354A0C: removed
www postfix/smtpd[3779]: disconnect from ug-out-1314.google.com[66.249.92.174]
%%
==spamassassin and postfix==
Create user
%%
useradd -s /bin/false spamd
%%
Edit master.cf
%%
smtp inet n - - - - smtpd
-o content_filter=spamassin
spamassin unix - n n - - pipe
flags=Rq user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
%%
Edit /etc/mail/spamassassin/main.cf to suit your taste, then restart postfix and test! Not working, check the followings:
- Your client need to deliver via network, not using sendmail.
- You have spamassass service started.
==whitelist/blacklist==
%%(text; local.cf)
# Whitelist important senders
whitelist_from *@gooddomain.tld
# Blacklist bad senders
blacklist_from *@baddomain.tld
%%
More reading: http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
==spamassin web admin==
This tool will let you edit the preference file http://wiki.apache.org/spamassassin/WebUserInterfaces
I point it to /var/spool/spamd/.spamassassin/user_prefs, which is the server-wide preference file used in this particular installation. Haven't figured out how to set up postfix+spamassin with user preference files.
==Postfix and Dspam==
%%
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspamit ${sender} ${recipient}
%%
==Reducing spam==
Set the following options
%%
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_sender_restrictions = check_sender_access
hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender,
reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient
---
smtpd_delay_reject = yes
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client psbl.surriel.com,
reject_rbl_client combined.njabl.org,
reject_rbl_client dnsbl.sorbs.net
%%
For the version I installed, mails will be accepted for delivery even if there is no SPF record. But I haven't tested the scenario where SPF records says mail is coming from the wrong domain. Maybe later.
==Block senders==
http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/
==SMTP routes or transport maps==
Add the following to main.cf:
%%
transport_maps = hash:/etc/postfix/transport
proxy_read_maps = $transport_maps
%%
Then create /etc/postfix/transport in this format. line 2 says all sub domains should be routed there as well
%%
domain.tld smtp:1.2.3.4
.domain.tld smtp:1.2.3.4
%%
Run **postmap /etc/postfix/transport** to create the hash.
