Posts Tagged ‘mail server’

Finding spam sending php scripts on multiple sites servers – Tracing and stopping spammer PHP scripts

Monday, April 14th, 2014

stop_php_mail-spam-find-spammer-and-stop-php-spammer-websites
Spam has become a severe issue for administrators, not only for mail server admins but also for webshosting adms. Even the most secure spam protected mail server can get affected by spam due to fact it is configured to relay mail from other servers acting as web hosting sites.

Webhosting companies almost always suffer seriously from spam issues and often their mail servers gets blocked (enter spam blacklists), because of their irresponsible clients uploading lets say old vulnerable Joomla, WordPress without Akismet or proper spam handling plugin,a CMS which is not frequently supported / updated or custom client insecure php code.

What I mean is Shared server A is often configured to sent mail via (mail) server B. And often some of the many websites / scripts hosted on server A gets hacked and a spam form is uploaded and tons of spam start being shipped via mail server B.

Of course on mail server level it is possible to configure delay between mail sent and adopt a couple of policies to reduce spam, but the spam protection issue can't be completely solved thus admin of such server is forced to periodically keep an eye on what mail is sent from hosting server to mail server.
 


If you happen to be one of those Linux (Unix) webhosting admins who find few thousand of spammer emails into mail server logs or your eMail server queue and you can't seem to find what is causing it, cause there are multiple websites shared hosting using mainly PHP + SQL and you can't identify what php script is spamming by reviewing  Apache log / PHP files. What you can do is get use of:

PHP mail.log directive

Precious tool in tracking spam issues is a PHP Mail.log parameter, mail log paramater is available since PHP version >= 5.3.0 and above.
PHP Mail.log parameter records all calls to the PHP mail() function including exact PHP headers, line numbers and path to script initiating mail sent.

Here is how it is used:
 

1. Create empty PHP Mail.log file

touch /var/log/phpmail.log

File has to be writtable to same user with which Apache is running in case of Apache with SuPHP running file has to be writtable by all users.

On Debian, Ubunut Linux:

chown www:data:www-data /var/log/phpmail.log

On CentOS, RHEL, SuSE phpmail.log has to be owned by httpd:

chown httpd:httpd /var/log/phpmail.log

On some other distros it might be chown nobody:nobody etc. depending on the user with which Apache server is running.

 

2. Add to php.ini configuration following lines

mail.add_x_header = On
mail.log = /var/log/phpmail.log

PHP directive instructs PHP to log complete outbund Mail header sent by mail() function, containing the UID of the web server or PHP process and the name of the script that sent the email;
 

(X-PHP-Originating-Script: 33:mailer.php)


i.e. it will make php start logging to phpmail.log stuff like:
 

 

mail() on [/var/www/pomoriemonasteryorg/components/com_xmap/2ktdz2.php:1]: To: info@globalremarketing.com.au — Headers: From: "Priority Mail" <status_93@pomoriemon
astery.org> X-Mailer: MailMagic2.0 Reply-To: "Priority Mail" <status_93@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="——
—-13972215105347E886BADB5"
mail() on [/var/www/pomoriemonasteryorg/components/com_xmap/2ktdz2.php:1]: To: demil7167@yahoo.com — Headers: From: "One Day Shipping" <status_44@pomoriemonastery.
org> X-Mailer: CSMTPConnectionv1.3 Reply-To: "One Day Shipping" <status_44@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="—
——-13972215105347E886BD344"
mail() on [/var/www/pomoriemonasteryorg/components/com_xmap/2ktdz2.php:1]: To: domainmanager@nadenranshepovser.biz — Headers: From: "Logistics Services" <customer.
id86@pomoriemonastery.org> X-Mailer: TheBat!(v3.99.27)UNREG Reply-To: "Logistics Services" <customer.id86@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: mult
ipart/alternative;boundary="———-13972215105347E886BF43E"
mail() on [/var/www/pomoriemonasteryorg/components/com_xmap/2ktdz2.php:1]: To: bluesapphire89@yahoo.com — Headers: From: "Priority Mail" <status_73@pomoriemonaster
y.org> X-Mailer: FastMailer/Webmail(versionSM/1.2.6) Reply-To: "Priority Mail" <status_73@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternativ
e;boundary="———-13972215105347E886C13F2"

 

On Debian / Ubuntu Linux to enable this logging, exec:

echo 'mail.add_x_header = On' >> /etc/php5/apache2/php.ini
echo 'mail.log = /var/log/phpmail.log' >> /etc/php5/apache2/php.ini


I find it useful to symlink /etc/php5/apache2/php.ini to /etc/php.ini its much easier to remember php location plus it is a standard location for many RPM based distros.

ln -sf /etc/php5/apache2/php.ini /etc/php.ini

Or another "Debian recommended way" to enable mail.add_x_header logging on Debian is via:

echo 'mail.add_x_header = On' >> /etc/php5/conf.d/mail.ini
echo 'mail.log = /var/log/phpmail.log' >> /etc/php5/conf.d/mail.ini

On Redhats (RHEL, CentOS, SuSE) Linux issue:

echo 'mail.add_x_header = On' >> /etc/php.ini
echo 'mail.log = /var/log/phpmail.log' >> /etc/php.ini

3. Restart Apache

On Debian / Ubuntu based linuces:

/etc/init.d/apache2 restart

P.S. Normally to restart Apache without interrupting client connections graceful option can be used, i.e. instead of restarting do:

/etc/init.d/apache2 graceful

On RPM baed CentOS, Fedora etc.:

/sbin/service httpd restart

or

apachectl graceful
 

4. Reading the log

To review in real time exact PHP scripts sending tons of spam tail it:

tail -f /var/log/phpmail.log

 

mail() on [/var/www/remote-admin/wp-includes/class-phpmailer.php:489]: To: theosfp813@hotmail.com — Headers: Date: Mon, 14 Apr 2014 03:27:23 +0000 Return-Path: wordpress@remotesystemadministration.com From: WordPress Message-ID: X-Priority: 3 X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8"
mail() on [/var/www/pomoriemonasteryorg/media/rsinstall_4de38d919da01/admin/js/tiny_mce/plugins/inlinepopups/skins/.3a1a1c.php:1]: To: 2070ccrabb@kiakom.net — Headers: From: "Manager Elijah Castillo" <elijah_castillo32@pomoriemonastery.org> X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 Reply-To: "Manager Elijah Castillo" <elijah_castillo32@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="———-1397463670534B9A76017CC"
mail() on [/var/www/pomoriemonasteryorg/media/rsinstall_4de38d919da01/admin/js/tiny_mce/plugins/inlinepopups/skins/.3a1a1c.php:1]: To: 20wmwebinfo@schools.bedfordshire.gov.uk — Headers: From: "Manager Justin Murphy" <justin_murphy16@pomoriemonastery.org> X-Mailer: Opera Mail/10.62 (Win32) Reply-To: "Manager Justin Murphy" <justin_murphy16@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="———-1397463670534B9A7603ED6"
mail() on [/var/www/pomoriemonasteryorg/media/rsinstall_4de38d919da01/admin/js/tiny_mce/plugins/inlinepopups/skins/.3a1a1c.php:1]: To: tynyrilak@yahoo.com — Headers: From: "Manager Elijah Castillo" <elijah_castillo83@pomoriemonastery.org> X-Mailer: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 Reply-To: "Manager Elijah Castillo" <elijah_castillo83@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="———-1397463670534B9A7606308"
mail() on [/var/www/pomoriemonasteryorg/media/rsinstall_4de38d919da01/admin/js/tiny_mce/plugins/inlinepopups/skins/.3a1a1c.php:1]: To: 2112macdo1@armymail.mod.uk — Headers: From: "Manager Justin Murphy" <justin_murphy41@pomoriemonastery.org> X-Mailer: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 Reply-To: "Manager Justin Murphy" <justin_murphy41@pomoriemonastery.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="———-1397463670534B9A76086D1"

 

As you can see there is a junky spam mails sent via some spammer script uploaded under name .3a1a1c.php, so to stop the dirty bastard, deleted the script:

rm -f /var/www/pomoriemonasteryorg/media/rsinstall_4de38d919da01/admin/js/tiny_mce/plugins/inlinepopups/skins/.3a1a1c.php

It is generally useful to also check (search) for all hidden .php files inside directoring storing multiple virtualhost websites, as often a weirdly named hidden .php is sure indicator of either a PHP Shell script kiddie tool or a spammer form.

Here is how to Find all Hidden Perl / PHP scripts inside /var/www:

find . -iname '.*.php'
./blog/wp-content/plugins/fckeditor-for-wordpress-plugin/ckeditor/plugins/selection/.0b1910.php
./blog/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/.497a0c.php
./blog/wp-content/plugins/__MACOSX/feedburner_feedsmith_plugin_2.3/._FeedBurner_FeedSmith_Plugin.php

find . -iname '.*.pl*'

….

Reviewing complete list of all hidden files is also often useful to determine shitty cracker stuff

 find . -iname ".*"

Debugging via  /var/log/phpmail.log enablement is useful but is more recommended on development and staging (QA) environments. Having it enable on productive server with high amounts of mail sent via PHP scripts or just on dedicated shared site server could cause both performance issues, hard disk could quickly get and most importantly could be a severe security hole as information from PHP scripts could be potentially exposed to external parties.


Share this on

Installation and Configuration of Clamav antivirus on Debian GNU / Linux

Monday, September 9th, 2013

Clamav logo installing Clamav antivirus to scan periodically Debian server websites for viruses

Clamav Antivirus is one of must have packages installed on a new Debian Linux server. It is not only necessary whether configuring a new Mail server be it Qmail or Postfix but is good to have to always check files on a Webserver. Until few years infecting of Sites with Viruses / Installing WebShells or Backdooring for further access using Perl or PHP vulnerable PHP code was not so common, However nowadays with increase of complexity of languages and increase of not security minded programmers this possibility dramatically increaed. Thus nowadays, whether I configure a new Apache + PHP + CGI support server I always install Clamav AV. Some might argue that Clamav Virus definitions are still too little compared to proprietary solutions like BitDefender / AVG or Avast but since my experience with this under Linux is not so bright as well as Clamav captures essential Viruses and Backdoors I still prefer to keep on with Clamav.  Even on home Desktops with Linux clamav is of use as there are plenty of free-ware software for Linux which come only distributed only in a binary form and hence its good to check them with clamav before use whether they don't contain some well known Rootkit or Virus. Over the years Clamav has done great job for me whether I had to clean up "hacked" hosts containing  script kiddie exploit scanners or Virus infected ELF binaries
.
1. Installing ClamAV in Debian Wheezy Linux

Before time there was a separate Debian repository called Volatille providing latest version release of Clamav, since Debian Squeeze Volatille project is discontinued, thus installing on Wheezy as a deb package is only available via standard Debian repositories.

apt-get update && apt-get --yes upgrade
...

apt-get install --yes clamav clamav-daemon

As package dependencies you get installed:

clamav clamav-base clamav-freshclam libbz2-1.0 libclamav1 libcurl3 libidn11 ucf

Clamav-Daemon will launch immediately after packages are installed and is available as process name /usr/sbin/clamd

# ps ax |grep -i clam
 2641 ?        Ssl    6:39 /usr/sbin/clamd
 2791 ?        Ss    12:04 /usr/bin/freshclam -d --quiet
12300 pts/0    S+     0:00 grep -i clam

2. Updating Clamav Antivirus Definitions

Its worthy say few words on clamav-freshclam as it is part of ClamAV which is used to update Clamav Virus definitions. Update of ClamAV vir definitions are updating automatically through /usr/bin/freshclam daemon which is started automatically by Debian postconfiguration scripts right after Clamav install.

Manual update of AV definitions can be done also with freshclam.

# freshclam
ClamAV update process started at Sun Sep  8 17:48:36 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 17830, sigs: 1696886, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 225, sigs: 42, f-level: 63, builder: dgoddard)


To keep an eye on definition auto-updates (useful to check where something fails), check out in /var/log/clamav/freshclam.log

A sure indication that Anvirus updates are conducting fine should be log records like:
 

Sun Sep  8 16:27:44 2013 -> ————————————–
Sun Sep  8 17:27:44 2013 -> Received signal: wake up
Sun Sep  8 17:27:44 2013 -> ClamAV update process started at Sun Sep  8 17:27:44 2013
Sun Sep  8 17:27:44 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Sun Sep  8 17:27:44 2013 -> daily.cld is up to date (version: 17830, sigs: 1696886, f-level: 63, builder: neo)
Sun Sep  8 17:27:44 2013 -> bytecode.cld is up to date (version: 225, sigs: 42, f-level: 63, builder: dgoddard)
Sun Sep  8 17:27:47 2013 -> ————————————–



3. Configuring ClamAV

For Desktop use clamav default config is pretty good. However for servers its good to raise  2 up MaxThreads:

By default MaxThreads is 12

MaxThreads 12

Change to from 30 to 80 depending on how powerful machine ClamAV runs, even on some servers more Clamav threads might be necessary

MaxThreads 30

Other value I like changing is SelfCheck 3600 is too long time for clamav Virus definitions integrity I prefer to set it to 600, i.e.

SelfCheck 600

By default ClamAV is also configured to scan archive files as well. However for this to work you will have to have previously installed unzip and unrar on system. If still you don't have them installed run:

# apt-get install --yes unrar unzip
...

Note that you will need to have non-free part of Debian deb repositories to /etc/apt/sources.list

Here is one of my sources.list
 

deb http://ftp.uk.debian.org/debian squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://ftp.debian.skynet.be/ftp/debian/ squeeze main contrib non-free
deb-src http://ftp.debian.skynet.be/ftp/debian/ stable main contrib non-free

deb http://security.debian.org squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

3. Scanning with ClamAV

# clamscan -r /tmp/
./dos-58.160.208.43: OK
./dos-108.18.38.140: OK
./dos-188.194.80.100: OK
./dos-91.224.160.135: OK
./dos-128.253.117.70: OK
./dos-128.172.143.110: OK
./dos-77.92.102.34: OK
./dos-195.230.5.12: OK
...

....
----------- SCAN SUMMARY -----------
Known viruses: 2735887
Engine version: 0.97.8
Scanned directories: 1
Scanned files: 129
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 4.769 sec (0 m 4 s)


-r flag stands for recursive scan – e.g. scan all sub-directories in directory and its content

To not flood your console / ssh connection one very useful option is -i (print only whetherinfected files are matched). Here is one more sample case:

# clamscan -r -i /var/tmp/
----------- SCAN SUMMARY -----------
Known viruses: 2735887
Engine version: 0.97.8
Scanned directories: 1
Scanned files: 2
Infected files: 0
Data scanned: 0.26 MB
Data read: 0.13 MB (ratio 1.97:1)
Time: 4.824 sec (0 m 4 s)


Whether you're on a physical server console and it has pc speaker or sound blaster use –bell option to ring a bell every time a Virus infection is found, for exmpl.

# clamscan -r -i --bell /var/www/

4. Scanning periodically and reporting with ClamAV directories with websites

A very common use of ClamAV is to just setup a scheduled cronjob once a month to scan, whether server folder containing a bunch of websites in separate Virtualhosts contain some viruses or malicious stuff. Then as administrator check those logs once a month to make sure server site or group of sites does not become banned in search engine (blocked by Google Chrome and Firefox as Virus hotbed) …
# crontab -u root -e
00 02 01 * * clamscan -r /var/www -l /var/log/websites-scan.log

Then once a month check out /var/log/websites-scan.log


Share this on

Install postfix on Debian Wheezy Linux / Postfix mail server with Dovecot and MySQL user storage on Debian Wheezy 7 Linux

Monday, August 5th, 2013

postfix Debian GNU Linux logo picture install and configure postfix with dovecot on Wheezy debian 7 Linux

I have recently installed Postfix on a server following WorkAround.org ISPMail Tutorial on Debian Wheezy Linux 7. Officially as you can see on their website there is no official guide still for Debian Wheezy yet. Therefore my only option was to follow ISPMail tutorial using Postfix 2.7 (Debian Squeeze).

It was quite a struggle to adapt tutorial for Squeeze deb to Wheezy and it took me an  overall time of about of week (each day spending few hours trying to make various components of tutorial) work. But finally I managed to install it. This is how this article got born in hope that in future it will help others have a decent Postfix install on Wheezy.. 

For those unfamiliar with Workaround.org's ISPMail Postfix Tutorial it is pretty much standard step-by-step installation guide for dummies similar to QmailRocks.org or Thibs QmailRocks Updated Installation Guide.

In Other words Workaround.org  is probably the best Postfix full featured install tutorial currently online as of time of writting this post. Workaround.org is great for people who want to run full featured; 

Postfix SMTP configured to support;

 

  • Postfix to support Mail Virtual Domains (store E-mails in MySQL database)
  • Dovecot Secure IMAP / IMAPS / POP3 / POP3s server to offer Pop3 and Imap remote access
  • Support Properly Generated SSL Certificates for POP3s and IMAPs
  • Anti Spam – SMTPD restrictions, SPF,  RBL,  Greylisting
  • Install web frontend to support Web E-mail Domaim / Accounts easy administrations for users stored in MySQL db
  • Amavisd-New (to protect Mail server from Spam)
  • Postfix WebMail frontend with Roundcube or Squirrelmail

Here is the big picture as it gives good idea on how all above components correspond to each other:

how postfix dovecot amavis clamav and spamassassin work postfix the bigpicture

So here we go:
 

1. Install Postfix necessary  debian packages


a) Install Postfix / MySQL / phpmyadmin and Postfix support for MySQL mail storage deb packs

 

apt-get update

apt-get upgrade

apt-get install –yes ssh
apt-get install –yes postfix postfix-mysql
apt-get –purge remove 'exim4*'
apt-get install –yes mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d postfix libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailutils
apt-get install –yes mysql-server phpmyadmin

 

b) Install deb packages for Dovecot and Imap Support as well as Roundcube and / or Squirrelmail for Webmail support

 

squirrelmail
apt-get install –yes dovecot-pop3d dovecot-imapd dovecot-lmtpd

c) Install packages deb packages for Anti-spam greylisting (tumgreyspf)
 

 

apt-get install –yes tumgreyspf

2. Create necessary MySQL database structures


Next step is toconnect to MySQL as root via MySQL CLI or PhpMyadmin and  CREATE new user "mailuser" and new database "mailserver", then create basic structure for "mailserver" database – i.e. sql tables ("virtual_domains", virtual_users", virtual_aliases")
These user and database is used laters by Dovecot server  to connect and  fetch emails from MySQL on user request via POP3 or IMAP. I've taken all the SQL requests and from Workaround.org's site and placed them in one SQL file:
create-postfix-mysql-user-database.sql.

Below is mysql cli query to import it. If you prefer more user friendliness do it via PhpMyAdmin with a copy / paste from file or with PhpMyAdmin import

 

 

 wget -q http://www.pc-freak.net/files/postfix/create-postfix-mysql-user-database.sql
mysql -u root -p < create-postfix-mysql-user-database.sql

Link to create-postfix-mysql-user-database.sql is here
 

3. Setting up Dovecot required users and directories

Next its necessary configure some users and create directories where Dovecot will store its configuration files. Dovecot requires to create its custom files for each existing users in MySQL database. Therefore whenever user receives or sends e-mail or is simply created Dovecot also creates a user directory structure in /var/vmail/, for exmpl.:
 

 

# ls -al /var/vmail/mail-domain.org/test/mail/
total 20
drwx—— 4 vmail vmail 4096 jul 29 09:15 .
drwx—— 3 vmail vmail 4096 jul 29 07:20 ..
drwx—— 3 vmail vmail 4096 jul 29 09:15 .imap
drwx—— 2 vmail vmail 4096 jul 29 09:15 INBOX
-rw——- 1 vmail vmail   24 jul 29 09:15 .subscriptions

The functions of Dovecot server again are:

  • Get emails from Postfix (MySQL database) and save them to disk
  • Allow mail users to fetch emails using POP3 or IMAP protocol with Outlook / Thunderbird whatever pop3 client

    groupadd -g 5000 vmail
    useradd -g vmail -u 5000 vmail -d /var/vmail -m
    chown -R vmail:vmail /var/vmail
    chmod u+w /var/vmail
    chgrp vmail /etc/dovecot/dovecot.conf
    chmod g+r /etc/dovecot/dovecot.conf
    chown root:root /etc/dovecot/dovecot-sql.conf
    chmod go= /etc/dovecot/dovecot-sql.conf

 

4. Create self-signed SSL certificate for Postfix mail and Dovecot pop3 server

 

 

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem
chmod o= /etc/ssl/private/dovecot.pem
/etc/init.d/dovecot restart
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.pem
chmod o= /etc/ssl/private/postfix.pem

 

5. Configuring Amavis (Anti Virus frontend) with Clamav AV

To reduce viruses it is a must nowadays to install Antivirus in Qmail I used qmail-scanner (perl script) frontend to Clamav Antivirus to check for Viruses and some messed up e-mails. In Postfix just like in Sendmail, tool that does the same is amavisd-new.  There are some configuration files to do, but as its time consuming to do changes one by one I prefer moving old /etc/amavis/ to /etc/amavis-bak/ and download and untar archive with already set  proper configs
 

 

apt-get install –yes amavisd-new
useradd clamav -g amavis
mv /etc/amavis /etc/amavis-old
cd /etc/
wget http://www.pc-freak.net/files/postfix/
amavis-config-debian-wheezy-7.tar.gz
tar -zxvvf amavis-config-debian-wheezy-7.tar.gz

…..
/etc/init.d/amavis start
Starting amavisd: amavisd-new.

Amavisd is meant to communicate in two port numbers with Postfix. Postfix passes Input in one (10024) and Output – Scanned File Status in (10025). Thus for normal amavis operation this two ports has to be showing as listening on localhost, e.g.:
 

 

netstat -nap | grep -E '10024|10025'
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      13957/amavisd-new (
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      9007/master     

 

6. Placing Dovecot working (properly configured) config files for Debian Wheezy

On Workaround.org there are plenty of configurations to copy paste inside files and how it is explained is a bit complicated thus played a lot mainly with /etc/postfix/master.cf and /etc/postfix/main.cf configurations until I finally had a working version of (SMTP) configured not to be an open relay and receive / sent email OK …
Here are configurations that worked for me:
 

 

mv /etc/postfix /etc/postfix-old
cd /etc/
wget -q http://www.pc-freak.net/files/postfix/postfix-configs-debian-wheezy.tar.gz
tar -zxvvf postfix-configs-debian-wheezy.tar.gz
… …..

[ ok ] Stopping Postfix Mail Transport Agent: postfix.

[ ok ] Starting Postfix Mail Transport Agent: postfix.

 

To download my good postfixs-debian-wheezy.tar.gz look here

Afterwards only setting you have to change in /etc/postfix/main.cf is:
 

 

myhostname = example-mail.org

to your Fully Qualified Domain Name (FQDN), lets say pc-freak.net
 

myhostname = pc-freak.net

I find it also useful to remove from SMTP after connect banner reporting that Postfix is running on Debian in main.cf change:
 

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

 to

smtpd_banner = $myhostname ESMTP $mail_name

 

7. Placing Dovecot working config files in /etc/

Configuring Dovecot is not an easy task in Debian Linux Squeeze and Lenny, on Postfix ISPMail guide there is a special tutorial for each as there is none yet for Debian Wheezy. It took me long to figure it out how to translate from old config settings for Wheezy's Dovecot 2.1.7-7. Configuration files places has changed for some clarity in Dovecot 2.1.7-7. So many of the Workaround.rog's Squeeze Tutorial suggested changes in /etc/dovecot/dovecot.conf are to be made in files under /etc/dovecot/conf.d

Therefore quickest way to have working Dovecot is to move default config dir /etc/dovecot to /etc/dovecot-old and place tuned configs:
 

cd /etc/
wget -q http://www.pc-freak.net/files/postfix/dovecot-configs-debian-wheezy.tar.gz
tar -zxvvf dovecot-configs-debian-wheezy.tar.gz

….

chown -R vmail:dovecot /etc/dovecot
/etc/init.d/dovecot restart

[ ok ] Restarting IMAP/POP3 mail server: dovecot.
 

To download dovecot-configs-debian-wheezy.tar.gz click here

8.Install Web Interface User / Domain edit Mail Frontend – Mail Admin Tool – Matv1.1

There are 4 web mail admin interfaces suggested by ISPMail tutorial:

 

 

  • Matv.1.1 – Mail Admin Tool
  • ISPWebadmin
  • Mailadm
  • VEA

I tried with ISPWebadmin and VEA, but only one that worked for me is MATv1.1. Actually I liked a lot Mail Admin tool it is simple and does support; create new mail domains, create new users in domains and add user aliases.

Mail admin tool login screen screenshot Debian / Ubuntu GNU Linux

mail admin tool matv1 postfix web mail admin tool debian gnu linux wheezy

Here is how to install

cd /var/www;
wget -q http://mat.ssdata.dk/files/MATv1.1.tar.gz
tar -zxvvf MATv1.1.tar.gz
mv "MAT v1.1" mailadmin
cd mailadmin
cd includes
wget -q http://www.pc-freak.net/files/postfix/postfix-webadmin/config.php.txt
mv config.php.txt config.php
cd /var/www/mailadmin
wget -q http://www.pc-freak.net/files/postfix/postfix-webadmin/index-matv1.php.txt
mv index-matv1.php.txt index.php
chown -R www-data:www-data /var/www/mailadmin

Now point your browser to:
 

 

http://localhost/mailadmin/

or

http://xxx.xxx.xxx.xxx/mailadmin/

(where xxx.xxx.xxx.xxx is your local or Internet IP address) and you should see Matt mailadmin popup. I hope my little tutorial will be of use to many. Comments and problems with install steps will be much appreciated and might lead hopefully to improvements of this little Postfix Install Wheezy tutorial Enjoy 🙂
 

9. Configuring Web mail access to Mail server Mailboxes with Squirrelmail and Roundcube

a) Configuring Squirrelmail to work with Postfix

 

apt-get install –yes squirrelmail
ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
squirrelmail-configure


Squirrelmail config options default folder config none postfix debian wheezy linux

(Select option 3) – Folder Defaults

Choose Option 1 – Press 1
and set (Default Folder Prefix) to 'none'.

You can take few minutes to browse to other options too to select for example some meaningful title for your Squirrel Webmail – i.e. organization name or whatever…

That's all now to access Squirrel open in Firefox:

http://mail-domain.org/squirrelmail/

To test squirrel is configured correctly try to login with user john@example.org with pass summersun

b)Configure Roundcube + Postfix + Dovecot

Edit /etc/roundcube/apache.conf and uncomment:
 

#Alias /roundcube /var/lib/roundcube

to

Alias /roundcube /var/lib/roundcube
Then restart Apache:

 

/etc/init.d/apache2 restart
 …

 10. Testing if everything works fine together

a) Testing if mail server defined domain has properly configured DNS – PTR, MX and TXT records

First I assume here that mailserver has proper configured PTR record and it is defined properly in DNS to be MX (Mail Exchange server). You will have to contact your ISP (Internet Service Provider) and ask them to create new PTR record corresponding to hostname of mail server defined in myhostname var in /etc/postfix/main.cf
To test whether you have PTR record run:

host 83.228.93.76
pc-freak.net has address 83.228.93.76
pc-freak.net mail is handled by 0 mail.pc-freak.net.
root@websrv:/etc/dovecot# host 83.228.93.76
76.93.228.83.in-addr.arpa domain name pointer pc-freak.net.

In above example you see my domain pc-freak.net has proper defined PTR record. To test you have defined in domain DNS server (zone files) proper MX record issue:
 

host -t MX pc-freak.net
pc-freak.net mail is handled by 0 mail.pc-freak.net.

Again for sake of testing you see pc-freak.net has defined MX with priority of 0 (which in those case is highest), since there are no other defined MX domains and priorities.

It is good practice that domain name has also proper SPF record this is done with DNS server zone record of type TXT. 
Once again here is SPF record defined for pc-freak.net.
 

host -t TXT pc-freak.net
pc-freak.net descriptive text "google-site-verification=j9d4Bt5c_1ukGf4WBng0i4esOqJtbxSFVkG144dFqv4"
pc-freak.net descriptive text "spf1 a mx ptr ip4:83.228.93.76 -all"

You see 2nd line is the actual SPF record
pc-freak.net descriptive text "spf1 a mx ptr ip4:83.228.93.76 -all"

First line command returns is actually Domain DKIM key. I tried configuring DKIM keys following ISPMail tutorial unsuccesfully so by installing Postfix by my tutorial you will not have to have  DKIM keys (soft) installed or TXT records for Domain Keys defined.
 

b) Testing if mail server is able to send (deliver) mails to other MTA's correctly Next to test whether postfix is sending mails properly use:
 

mail -s "This is a simple test mail, no need to reply" systemexec@gmail.com
Heya,

Do you get this mail
?
Hope so 🙂
.
Cc:

Note that after writing the email you have to press "." and then Enter to send the mail.

To check everything is fine with sending the mail check in /var/log/mail.log, there should be something like;

Aug 2 08:29:56 websrv postfix/smtpd[16228]: connect from localhost[127.0.0.1]
Aug 2 08:29:57 websrv postfix/smtpd[16228]: 0D323662499: client=localhost[127.0.0.1]
 Aug 2 08:29:57 websrv postfix/cleanup[16224]: 0D323662499: message-id=<20130802132956.3C4A766249B@pc-freak.net>
 Aug 2 08:29:57 websrv postfix/qmgr[14241]: 0D323662499: from=<root@pc-freak.net>, size=749, nrcpt=1 (queue active)
 Aug 2 08:29:57 websrv amavis[13958]: (13958-01) Passed CLEAN {RelayedOpenRelay}, <root@pc-freak.net> -> <systemexec@gmail.com>, Message-ID: <20130802132956.3C4A766249B@pc-freak.net>, mail_id: 1oIcE-Zc9MND, Hits: -, size: 369, queued_as: 0D323662499, 828 ms
Aug 2 08:29:57 websrv postfix/smtp[16226]: 3C4A766249B: to=<systemexec@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1, delays=0.2/0.01/0.01/0.83, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0D323662499)
Aug 2 08:29:57 websrv postfix/qmgr[14241]: 3C4A766249B: removed
Aug 2 08:29:57 websrv postfix/smtp[16235]: connect to gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1b]:25: Network is unreachable
Aug 2 08:29:58 websrv postfix/smtp[16235]: 0D323662499: to=<systemexec@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=1.2, delays=0.08/0.01/0.65/0.49, dsn=2.0.0, status=sent (250 2.0.0 OK 1375450198 a48si4827663eep.113 – gsmtp)
Aug 2 08:29:58 websrv postfix/qmgr[14241]: 0D323662499: removed

As you see from above output gmail server returned status of  "Success" – 250 2.0.0 Ok: quequed as 0D323662499 – this means email is delivered OK and if the mail server IP from which you're sending is not listed in some Mailserver IPs Blacklist mail should arrive in a sec.

c) Testing if Dovecot POP3 and IMAP protocol are accessible by SQL kept mail accounts

Last thing to test is Dovecot (for Qmail users for sake of comparison – Dovecot is like Couirier IMAP and Courier POP3 mail server):

To test IMAP and POP3 easiest way is to use simple telnet connections. I've earlier written a small article on How to test if IMAP and POP3 mail service is working with telnet connections, so if you never done this take 2 mins to read it. By default ISPMail adds an email with username john@example.org with password summersun


telnet localhost pop3
Trying ::1…
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
USER john@example.org
+OK
PASS summersun
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.

To test IMAP protocol login

telnet localhost imap
Trying ::1…
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
01 login john@example.org summersun
01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE QUOTA] Logged in
^]
telnet> quit
Connection closed.

Well this is the end my friend 🙂 You should now have a properly running Postfix + Dovecot + Virtual Domains in SQL. Please drop me a thank you comment if it worked for you. If it doesn't drop a comment so I can integrate it and improve this tutorial. Happy Hacking 😉


Share this on

Create Email Forwarding with Qmail Vpopmail using .qmail file

Tuesday, June 11th, 2013

how to do forwarding on qmail with vpopmail qmail e mailbox screenshot logo

Even though Qmail is considered as obsolete email server lately and it lacks good systematical official documentation and requires a lot of "hacking" to make work. It is surely still the fastest and maybe securest mail server out there (if properly configured).
My Qmail uses Vpopmail (for Virtual Email hosting). Every now and them some client requires to add a new e-mail forwarding from E-mail mail@host.com to Email to mail1@host2.com. Though many like to use Web interface as QmailAdmin for adding the forward I still prefer do it via old fashioned way, by SSH-ing to qmail server host and manually creating .qmail file.

Location (of my Vpopmail) install is (/var/vpopmail), so (to add e-mail forwarding for sample mail – mail@host.com)  .qmail file needs to be created in dir /var/vpopmail/domains/host.com/mail/ with content:

/var/vpopmail/domains/host.com/mail/Maildir/
&mail@host1.com

qmail:~# echo '/var/vpopmail/domains/host.com/mail/Maildir/' > /var/vpopmail/domains/host.com/mail/.qmail

qmail:~# echo '&mail@host1.com' >> /var/vpopmail/domains/host.com/mail/.qmail

First file instructs, where to store a copy of received e-mail (copy is stored in Maildir of receipt e-mail).

In Second line is mail to which to forward. For forwarding to group of e-mails all e-mails has to be listed in .qmail, i.e.:

/var/vpopmail/domains/host.com/mail/Maildir/
&mail@host1.com
&mail1@host2.com
&mail3@host3.com

Finally to make just created .qmail file work peroperly user group permissions has to be fixed:

# chown -R vpopmail:vchkpw /var/vpopmail/domains/host.com/mail/Maildir/.qmail


Share this on

How to list and delete mail queue on Qmail / Sendmail / Postfix and Exim SMTP server

Wednesday, April 3rd, 2013

How to list and manage delete Qmail Postfix Sendmail Exim mail SMTP queue View-and delete manage Linux and FreeBSD mail server queue

I have to administrate different kind of mail servers. Different clients has different requirements so in daily job I had to take care for all major mail server platforms our there. Often I have to fix problems with mail servers one very useful thing is to check the mail server queue to see what is there holding to be delivered. Often problems with busy mail servers are rooted in overfilled queues with undelivered mails so checking the queue on Postfix / Exim / Sendmail and Qmail is among the first thing to do to diagnose a problem with improperly working SMTP. In this little article I will show how one can check what is in the queue even if he didn't have the technical background on how each of those mail delivery agents works.

1. How to check and manage queue of Qmail Mail Server

Essential info on how many messages are in the queue and to list this messages in Qmail are done with qmail-qstat and qmail-qread.

a) Checking how many messages are in Qmail queue undelivered to remote SMTPs

root@mail:~# qmail-qstat
messages in queue: 1
messages in queue but not yet preprocessed: 0

b) Listing undelivered e-mails held in Qmail queue

root@mail:~# qmail-qread
26 Mar 2013 01:33:07 GMT  #9609259  748  <info@pomoriemonastery.org>
    remote    bpfejd@gprizm.com
root@mail:~#

One other useful command in dealing with Qmail queue is qmail-qread type it and see for yourself what it does.
c) Flushing qmail queue

Use a tiny shell script ( flush_qmail_queue.sh ), deleting all files in /var/qmail/queue/mess – directory where qmail stores undelivered messages in queue.

# ./flush_qmail_queue.sh

Though above script should be working in some cases, where there are permission problems with Queue or some other mess it is better to use more sophisticated Qmail Queue cleaining tool Qmail MailRemove. To use its necessary to have a working version of Python programming language. Once downloaded Qmail MailRemove, mkdir  /var/qmail/queue/filter (a directory needed for MailRemove to work). Then run script

# ./mailRemove.py email_to_remove

Other variant to clean messed qmail queue is to use qmailHandle.

2. How to check and delete mails from queue in Postfix SMTP

On postfix queue is checked using both postqueue command which is postfix's specific tool for viewing the queue or the standard sendmail mailq. mailq is actually – Postfix to sendmail compitability interface, i.e. this command is not the native way to view queue in Postfix but is just a wrapper binary which invokes postqueue with an option to visualize what is in queue for SMTP admins accustomed to work with sendmail.

a) Checking list of undelivered e-mails

Below is an examples:

mail:~# mailq

-Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
4A22BBE1A3*     657 Mon Apr  1 18:46:01  www-data@debian.uk2net.com
                                         csacpabb@nasvalke.com

25824BE18B*     660 Thu Mar 28 18:15:03  www-data@debian.uk2net.com
                                         Aliermarl@fmailxc.com.com

D2AA7BE1BF      652 Sun Mar 31 04:30:21  www-data@debian.uk2net.com
(host mail.drugsellr.com[37.1.218.81] refused to talk to me: 421 Too many concurrent SMTP connections; please try again later.)
                                         Erudge@drugsellr.com

mail:~# postfix -p
-Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
36911BE18D*     662 Mon Mar 25 11:08:01  www-data@debian.uk2net.com
                                         lutuaslenty@fmailxc.com.com

C2439BE207*     662 Fri Mar 22 14:59:45  www-data@debian.uk2net.com
                                         Gavepolla@fmailxc.com.com

4A22BBE1A3*     657 Mon Apr  1 18:46:01  www-data@debian.uk2net.com
                                         csacpabb@nasvalke.com

b) Checking the  number of undelivered mails living in Postfix queue

postfix:~#  postqueue -p|wc -l
433

c) Viewing content of specific mail held in Postfix queue

Whether you need to check content of specific undelivered mail kept in queue you should do it by its ID, to view last mail from earlier postfix -p example:

postfix:~# postcat -q 4A22BBE1A3

*** ENVELOPE RECORDS deferred/A/4A22BBE1A3 ***
message_size:             656             187               1               0             656
message_arrival_time: Tue Apr  2 14:25:34 2013
create_time: Tue Apr  2 14:25:35 2013
named_attribute: rewrite_context=local
sender_fullname: www-data
sender: www-data@debian.uk2net.com
*** MESSAGE CONTENTS deferred/A/4A22BBE1A3 ***
Received: by postfix (Postfix, from userid 33)
        id AA379BE07A; Tue,  2 Apr 2013 14:25:34 +0100 (BST)
To: hawtiene@drugsellr.com
Subject: =?UTF8?B?QWNjb3VudCBpbmZvcm1hdGlvbiBmb3IgU09DQ0VSRkFNRQ==?=
X-PHP-Originating-Script: 1000:register_login_functions.php
From: SOCCERFAME <no-reply@mail.host.com>
Content-type:text/plain; charset=UTF8
Message-Id: <20130402132535.AA379BE07A@mail.host.com>
Date: Tue,  2 Apr 2013 14:25:34 +0100 (BST)

Please keep that email. It contains your username and password for postfix.
—————————-
nick : hawtiene
pass : 1v7Upjw3nT
—————————-

*** HEADER EXTRACTED deferred/A/4A22BBE1A3 ***
original_recipient: hawtiene@drugsellr.com
recipient: hawtiene@drugsellr.com
*** MESSAGE FILE END deferred/A/4A22BBE1A3 ***

d) Deleting mails in Postfix queue

To delete all mails in Postfix queue run:

postfix:~# postsuper -d ALL

If Postfix cannot deliver a message to a recipient it is placed in the deferred queue.  The queue manager will scan the deferred queue to see it if can place mail back into the active queue.  How often this scan occurs is determined by the queue_run_delay.
The queue_run_delay is by default 300s or 300 seconds. If you have a very busy mail server you may see a large deferred queue.
To delete all mails in deferred queue.

postfix:~# postsuper -d ALL deferred

3. How to check mail queue of Exim mail server

Viewing number of messages and list of undelivered messages in Exim queue is done using exim command by specifying arguments.

a) Checking the list of undelivered mails kept undelivered in Exim SMTP Queue

 

root@iqtestfb:/etc/exim4# exim -bp

4d 416 1UI1fS-00021I-1s <root@ETC_MAILNAME> *** frozen *** hipo@pc-freak.net 4d 746 1UI1gc-00023T-0S <root@ETC_MAILNAME> *** frozen *** root@ETC_MAILNAME 4d 752 1UI1lR-0003H0-89 <root@ETC_MAILNAME> *** frozen *** root@ETC_MAILNAME 4d 894 1UI1lR-0003H5-I6 <www-data@ETC_MAILNAME> *** frozen *** www-data@ETC_MAILNAME

b) Counting number of Exim undelivered messages kept in Mail Queue
exim-smtp:/etc/exim4# exim -bpc 2063 c) Getting a summary of all messages in Exim Queue (Count, Volume, Oldest, Newest, Destination Domain)
exim-smtp:/etc/exim4# exim -bp| exiqsumm

Count Volume Oldest Newest Domain —– —— —— —— —— 1 862 22h 22h 126.com 2 1751 12h 5h 163.com 21 3111KB 4d 3h abv.bg 2 766KB 42h 7h alice.it 1 383KB 7h 7h aol.com 1 383KB 4d 4d att.net 1 383KB 3d 3d beotel.net 2 766KB 20h 19h bih.net.ba 1685 3291KB 4d 1m etc_mailname 1 383KB 70h 70h facebook.com 1 383KB 66h 66h gaaa 81 22MB 4d 15m gmail.com 1 564 3d 3d gmaill.com 1 383KB 3d 3d googlemail.com 1 383KB 64h 64h hotmai.rs 33 10MB 4d 2h hotmail.com 25 9193KB 4d 79m hotmail.it 1 383KB 4d 4d hotmailcom 2 1128 24h 20h icloud.com 2 766KB 67h 67h inwind.it 11 3831KB 3d 7h libero.it 1 383KB 20h 20h live.co.uk 3 767KB 37h 3h live.com 6 1916KB 67h 45h live.it 1 552 28h 28h live.no 1 383KB 67h 67h llle.it 1 383KB 67h 67h lllle.it 1 383KB 33m 33m luigimori.it 2 389KB 56h 4h mail.bg 1 383KB 66h 66h mailmetrash.com 1 383KB 39h 39h malltron.it 1 562 7h 7h me.com 1 383KB 4d 4d msn.com 2 1116 49h 47h net.hr 1 383KB 28h 28h orion.rs 1 383KB 3d 3d paskaa.com 75 31KB 4d 3d pc-freak.net 1 572 3d 3d prismamedia.ro 1 383KB 71h 71h rediffmail.com 1 383KB 28h 28h seznam.cz 1 383KB 14m 14m siol.net 36 11KB 4d 3d sms.mtel.net 1 557 53h 53h t-com.hr 1 383KB 23h 23h tecnobagno.191.it 1 383KB 4d 4d teol.net 2 766KB 67h 44h virgilio.it 1 383KB 42h 42h windwslive.com 1 549 3d 3d yahoo 43 9213KB 4d 74m yahoo.com 2 766KB 70h 46h yahoo.it 1 383KB 71h 71h ymail.com ————————————————————— 2068 76MB 4d 1m TOTAL

 

c)  List Exim queued messages sorted by recipient address and sender address

  To list e-mails in queue sorted by recipient address

exim-smtp:/etc/exim4# exim -bpr|grep -Eo "^\s*[^ ]*@[^ ]*$" |sort | uniq -c

To List queued messages grouped by address of sender
exim-smtp:/etc/exim4# exim -bpr | grep -Eo "<[^ ]*@[^ ]*>" | sort | uniq -c  

d) Forcing Exim  to attempt re-send e-mails kept inside
queue

As Exim is relatively new SMTP its authors thought deeply before writting it and included options to do queue e-mail sent whether server is not under extremely high loads as well as send, regardless of load. Make Exim start sending queue e-mails if server is not overloaded (no extra-high server load)
exim-smtp:/etc/exim4# exim -q -v

  To make Exim force a queue run regardless of system load exim-smtp:/etc/exim4# exim -qf -v  

To make Exim deliver only e-mails sent from server to server (usually e-mails from local server monitoring software and log reports)
exim-smtp:/etc/exim4# exim -ql -v

e) Deleting e-mails from Exim mail queue

To Remove a message from queue identify by ID

exim-smtp:/etc/exim4# exim -Mrm <message-id>     Force Exim delivery of a message regardless of Frozen status

exim-smtp:/etc/exim4# exim -M<message-id >  

f) Removing Exim mails older than certain seconds or hours To remove all mails older than 12hrs (43000 seconds) exim-smtp:~# exiqgrep -o 43000 -i | xargs exim -Mrm

Deleting all frozen mails from queue is done with:

exim-smtp:~# exiqgrep -z -i | xargs exim -Mrm  

Removing all e-mails belonging to particular sender

exim-smtp:~# exiqgrep -i -f user@domain.com | xargs exim -Mrm

  Removing all mails from a sender that are older than 12hrs

exim-smtp:~# exiqgrep -o 43000 -i -f user@domain.com | xargs exim -Mrm
 

g) Flushing Exim mail queue
Use

exim-smtp:~# runq
  or

exim-smtp:~# exim -q

4. How to view and manage sendmail SMTP queue

a) Listing all e-mails stored in Sendmail queue

To list the mail queue in sendmail

sendmail:~# sendmail -bp
/var/spool/mqueue is empty
        Total requests: 0

or

sendmail:~# mailq
 

/var/spool/mqueue (3 requests) —–Q-ID—– –Size– —–Q-Time—– ————Sender/Recipient———– m9TMLQHG012749 1103 Thu Oct 30 11:21 <apache@localhost.localdomain> (host map: lookup (electrictoolbox.com): deferred) <test@electrictoolbox.com> m9TMLRB9012751 37113 Thu Oct 30 11:21 <apache@localhost.localdomain> (host map: lookup (electrictoolbox.com): deferred) <test@electrictoolbox.com> m9TMLPcg012747 240451 Thu Oct 30 11:21 <apache@localhost.localdomain> (host map: lookup (electrictoolbox.com): deferred) <test@electrictoolbox.com> Total requests: 3

b) Checking queue for specific mail sender or recipient

sendmail:~# mailq | grep -i email@domain-name.com -A 2 -B 2
....

c) Removing all e-mails from Sendmail queue

To delete everything stored in Sendmail queue delete files from directory where sendmail stores still undelivered mails. In sendmail this is /var/spool/mqueue and /var/mqueue

sendmail:~# rm /var/spool/mqueue/*.*
sendmail:~# rm /var/mqueue/*.*

Deleting all pending mails from queue

To remove / delete e-mails originating from certain domain / user or recipient

sendmail:~# sendmail -qS -v domain-name.com

To delete e-mail from certain user or recipieint

sendmail:~# sendmail -qR -v yahoo.co.uk

 


Share this on

Install Sendmail mail server on Debian GNU / Linux

Sunday, March 31st, 2013

Installing sendmail on Debian Linux is something not so common these days. As sendmail has been overshadowed by his competitors Exim and Postfix. By default Debian Linux comes with Exim (light) installed as Exim is tiny and perfectly suitable for dealing with small and mid-sized SMTP needs. The reason why sendmail has been moved out by its competitors over the last 15 years is sendmail configuration is one big hell and besides that sendmail has been well known for its many security remote exploit holes – making it a famous target for crackers. Well anyways in some cases sendmail is necessary to install especially if you have a client which wants to have it set up. In this short article I will show how very basic sendmail installation on Debian host is done.

 blackstar:~# apt-get install sendmail-bin sensible-mda

Reading package lists… Done
Building dependency tree      
Reading state information… Done

The following extra packages will be installed:
  sendmail-base sendmail-cf sensible-mda
Suggested packages:
  sendmail-doc logcheck resolvconf sasl2-bin
The following packages will be REMOVED:
  exim4 exim4-base exim4-config exim4-daemon-light sa-exim task-mail-server
The following NEW packages will be installed:
  sendmail-base sendmail-bin sendmail-cf
0 upgraded, 3 newly installed, 6 to remove and 26 not upgraded.
Need to get 1,626 kB of archives.
After this operation, 592 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-base all 8.14.4-2.1 [362 kB]
Get:2 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-cf all 8.14.4-2.1 [300 kB]
Get:3 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-bin i386 8.14.4-2.1 [964 kB]
Fetched 1,626 kB in 0s (3,057 kB/s)  
(Reading database … 199577 files and directories currently installed.)
Removing task-mail-server …
Selecting previously unselected package sendmail-base.
(Reading database … 199577 files and directories currently installed.)
Unpacking sendmail-base (from …/sendmail-base_8.14.4-2.1_all.deb) …
Selecting previously unselected package sendmail-cf.
Unpacking sendmail-cf (from …/sendmail-cf_8.14.4-2.1_all.deb) …
Processing triggers for man-db …
(Reading database … 199939 files and directories currently installed.)
Removing sa-exim …
[….] Reloading exim4 configuration files:invoke-rc.d: initscript exim4, action "reload" failed.
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.

Removing exim4-config …
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom; however:
  Package exim4-daemon-light is to be removed.
  Package exim4-daemon-heavy is not installed.
  Package exim4-daemon-custom is not installed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.

Removing exim4-daemon-light …
[ ok ] Stopping MTA:.
ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken
dpkg: exim4-base: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-base (>= 4.80).

Removing exim4-base …
Processing triggers for man-db …
Selecting previously unselected package sendmail-bin.
(Reading database … 199786 files and directories currently installed.)
Unpacking sendmail-bin (from …/sendmail-bin_8.14.4-2.1_i386.deb) …
Processing triggers for man-db …
Setting up sendmail-base (8.14.4-2.1) …
adduser: Warning: The home directory `/var/lib/sendmail' does not belong to the user you are currently creating.
Setting up sendmail-cf (8.14.4-2.1) …
Setting up sendmail-bin (8.14.4-2.1) …
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match sendmail Default-Stop values (1)
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-mta (sendmail-mta) in auto mode
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-msp (sendmail-msp) in auto mode
update-alternatives: warning: not replacing /usr/share/man/man8/sendmail.8.gz with a link

You are doing a new install, or have erased /etc/mail/sendmail.mc.
If you've accidentaly erased /etc/mail/sendmail.mc, check /var/backups.

I am creating a safe, default sendmail.mc for you and you can
run sendmailconfig later if you need to change the defaults.

[ ok ] Stopping Mail Transport Agent (MTA): sendmail.
Updating sendmail environment …
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Could not open /etc/mail/databases(No such file or directory), creating it.
Could not open /etc/mail/sendmail.mc(No such file or directory)
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Turning off Host Status collection
Could not open /etc/mail/databases(No such file or directory), creating it.
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…

Checking filesystem, this may take some time – it will not hang!
  …   Done.
 
Checking for installed MDAs…
Adding link for newly extant program (mail.local)
Adding link for newly extant program (procmail)
sasl2-bin not installed, not configuring sendmail support.

To enable sendmail SASL2 support at a later date, invoke "/usr/share/sendmail/update_auth"

 
Creating/Updating SSL(for TLS) information
Creating /etc/mail/tls/starttls.m4…
Creating SSL certificates for sendmail.
Generating DSA parameters, 2048 bit long prime
This could take some time
…+………………..+.+..+..+++
..+.+………….+.++++++++++++++++++++++++++++++*
Generating RSA private key, 2048 bit long modulus
………………..+++
…………………+++
e is 65537 (0x10001)

*** *** *** WARNING *** WARNING *** WARNING *** WARNING *** *** ***

Everything you need to support STARTTLS (encrypted mail transmission
and user authentication via certificates) is installed and configured
but is *NOT* being used.

To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally
   to /etc/mail/submit.mc:
  include(`/etc/mail/tls/starttls.m4')dnl
2) Run sendmailconfig
3) Restart sendmail

 
Updating /etc/hosts.allow, adding "sendmail: all".

Please edit /etc/hosts.allow and check the rules location to
make sure your security measures have not been overridden –
it is common to move the sendmail:all line to the *end* of
the file, so your more selective rules take precedence.
Checking {sendmail,submit}.mc and related databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Disabling HOST statistics file(/var/lib/sendmail/host_status).
Creating /etc/mail/sendmail.cf…
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
Creating /etc/mail/submit.cf…
Informational: confCR_FILE file empty: /etc/mail/relay-domains
Warning: confCT_FILE source file not found: /etc/mail/trusted-users
 it was created
Informational: confCT_FILE file empty: /etc/mail/trusted-users
Warning: confCW_FILE source file not found: /etc/mail/local-host-names
 it was created
Warning: access_db source file not found: /etc/mail/access
 it was created
Updating /etc/mail/access…
Linking /etc/aliases to /etc/mail/aliases
Updating /etc/mail/aliases…

WARNING: local host name (blackstar) is not qualified; see cf/README: WHO AM I?
/etc/mail/aliases: 13 aliases, longest 10 bytes, 145 bytes total
 
Warning: 3 database(s) sources
    were not found, (but were created)
    please investigate.
 
Warning: These messages were issued while creating sendmail.cf
    make sure they are benign before starting sendmail!
 
Errors in generating sendmail.cf
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
[ ok ] Starting Mail Transport Agent (MTA): sendmail.
(Reading database … 199837 files and directories currently installed.)
Removing exim4 …
 

Right after packages gets installed it is good idea to get rid of any remains of previous exim SMTP install, run;

blackstar:~# dpkg --purge exim4
blackstar:~# dpkg --purge exim4-base
blackstar:~# dpkg --purge exim4-config
blackstar:~# dpkg --purge exim4-daemon-light
blackstar:~# dpkg --purge sa-exim

blackstar:~# grep -i sendmail /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
blackstar:~# grep -i -E "smmta|smmsp" /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false

Sendmail install does create two new users smmta and smmsp in /etc/passwd and /etc/group

As you see from earlier apt-get output sendmail is provided on Debian via 4 packs:

root@blackstar:~# dpkg -l |grep -i sendmail
ii  libmail-sendmail-perl                0.79.16-1                          all          Send email from a perl script
ii  sendmail-base                        8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-bin                         8.14.4-2.1                         i386         powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-cf                          8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent

libmail-sendmail-perl installs a perl module (class)  /usr/share/perl5/Mail/Sendmail.pm.

sendmail-bin contains main sendmail components binary files, cron bindings related to sendmail, some manual pages and creates structure necessary for sendmail to process email queue. sendmail-cf provides a multitude of sendmail configurations in macroses and few documentation files on the macros configuration. All sendmail configuration macros are stored in /usr/share/sendmail/* – there are pleny of .m4 configs so for people who never installed sendmail it is really confusing.

sendmail-base package contains some bindings on how to to log rotate sendmail log files, few more sendmail binaries who deal with sendmail architecture, few files whether sendmail is run via PPP or DHCP connection, some documentation and example files. Sendmail documentation is installed in /usr/share/doc/sendmail*,  unfortunately documentation there is scarce so for extended documentation it is good to check Sendmail's Official site

To check if sendmail is running you should have it visible  in the list of running processes;

root@blackstar:~# ps xa|grep sendmail|grep -v grep
  468 ?        Ss     0:00 sendmail: MTA: accepting connections        

Further on it should be accepting connections on localhost / 25, i.e.

root@blackstar:~# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 blackstar ESMTP Sendmail 8.14.4/8.14.4/Debian-2.1; Sat, 30 Mar 2013 19:09:47 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] ^]
telnet> quit
 

 

Sendmail's configuration is being generated using a macro file using a macro processor via m4 command. There are few files, used as a basis for generation the final m4 most important of course is /etc/mail/sendmail.mc and sendmail.cf  –  /etc/mail/sendmail.cf, sendmail.mc after processed with the mambo-jambo with m4 generates the complex and about 15 times larger by size sendmail.cf.
All configs related to generating files instructing how sendmail will operate are stored in /etc/mail;

blackstar:~#  ls -1
access
access.db
address.resolve
aliases
aliases.db
databases
helpfile
local-host-names
m4
Makefile
peers
sasl
sendmail.cf
sendmail.cf.errors
sendmail.conf
sendmail.mc
service.switch
service.switch-nodns
smrsh
spamassassin
submit.cf
submit.mc
tls

sendmail.cf.errors
– contains errors during processing of macros config files.

 

root@blackstar:/etc/mail# cat sendmail.cf.errors
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()

This errors, are not fatal as sendmail.cf is there and sendmail is from now on ready to send mails via localhost.

To check if sendmail delivers mails onwards, use mail cmd;
 

hipo@blackstar:~$ mail -s "testing" test@pc-freak.net
this is a simple test email
Do you get it?
.
Cc:

To see all is fine with mail delivery check out /var/log/mail.log

blackstar:~# tail -f /var/log/mail/log
Mar 30 21:23:05 blackstar sm-msp-queue[1495]: unable to qualify my own domain name (blackstar) -- using short name
Mar 30 21:23:09 blackstar sm-mta[1499]: STARTTLS=client, relay=mail.pc-freak.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Mar 30 21:23:11 blackstar sm-mta[1524]: r2UJN8x2001524: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Mar 30 21:23:13 blackstar sm-mta[1499]: r2UJKwqR001412: to=<hipo@pc-freak.net>, ctladdr=<root@blackstar> (0/0), delay=00:02:15, xdelay=00:00:10, mailer=esmtp, pri=210313, relay=mail.pc-freak.net. [83.228.93.76], dsn=2.0.0, stat=Sent (ok 1364671405 qp 7492)
Mar 30 21:24:28 blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry
Mar 30 21:27:16 blackstar sendmail[1633]: My unqualified host name (blackstar) unknown; sleeping for retry

As you see there is an error in mail.log
 

blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry


This is because blackstar is not assigned as a a host recognized to 127.0.0.1 in /etc/hosts. To solve it on my host I had to change /etc/hosts which looked like so:

blackstar:~# cat /etc/hosts
127.0.0.1    localhost
127.0.1.1    blackstar
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

to

blackstar:~# vim /etc/hosts

127.0.0.1    localhost localhost.localdomain blackstar
127.0.1.1    blackstar

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 

 

Then restart sendmail to reread /etc/hosts
 

root@blackstar:/etc/mail# /etc/init.d/sendmail restart
[ ok ] Restarting Mail Transport Agent (MTA): sendmail.

 


Share this on

How to Fix E: Could not perform immediate configuration on ‘exim4-daemon-light’.

Saturday, March 23rd, 2013

If you get an error like:

E: Could not perform immediate configuration on 'exim4-daemon-light'. Please see man 5 apt.conf under APT::Immediate-Configure for details. (2)

,
During installing Exim with aptitude or apt-get, i.e. # apt-get install exim4-daemon-light

or

# aptitude install exim4-daemon-light

This is due to some kind of mess with other mail server packages (sendmail or postfix) previously installed on the host and some mess with mail servers installed on system, to solve it remove all SMTP server packages sendmail / postfix / exim and then after being sure all SMTP packages are purged from system from clean install Exim light SMTP variant: # apt-get update
# apt-get -f install
# apt-get --purge remove sendmail sendmail-bin
# dpkg --force-all -r postfix
# dpkg --purge exim4-base
# dpkg --purge exim4-config
# dpkg --purge exim4-daemon-light
# apt-get update
# apt-get -f install
# apt-get install exim4-base exim4-config exim4-daemon-light

 

 


Share this on

How to change Exim mail server hostname on Debian Linux

Tuesday, March 19th, 2013

If you have to configure Exim mail server to act as RELAY Forwarding SMTP through another mail server and nomatter, you set up in dpkg-reconfigure exim4-config command a hostname still connecting to localhost port 25 shows a hostname identical as configured hostname for server. You will have to explicitly instruct exim to desired hostname like so:

debian:~# cp -rpf /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf

Then edit /etc/exim4/exim4.conf

Add somewhere in beginning of config file

primary_hostname = DESIRED_HOSTNAME.COM

To make exim load new settings, restart SMTP:

debian:~# /etc/init.d/exim4 restart

Stopping MTA for restart: exim4_listener.
Restarting MTA: exim4.
 

debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 DESIRED_HOSTNAME.COM ESMTP Exim 4.72 Tue, 19 Mar 2013 19:02:52 +0000
^]
telnet> quit
Connection closed.

 


Share this on

How to configure mail server forwarding on Postfix – Email forwarding from one Postfix SMTP to another

Friday, March 1st, 2013

I needed to configure mail forwarding from one Postfix mail server with a correct MX and PTR record to another one for a reason the second mail server has filtered port 25, because of ISP policy. As it is recommended in such situations, I've configured mail forwarding from postfix host1 to host2 to use (submission) port number 587 which general purpose is for exactly situations like this. Mail forwarding is done via a simple /etc/postfix/main.cf, /usr/local/etc/postfix/main.cf (depending where Postfix is installed).

Thus as my postfix configs are in /etc/postfix, I edited /etc/postfix/main.cf on forwarding Postfix mail server, where mail comes in (host1) and added line:

relayhost = [123.123.123.123]:587

Where 123.123.123.123 is IP address of host2

To load settings I had to do the usual postfix restart

postfix# /etc/rc.d/postfix restart

postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: starting the Postfix mail system

On host2 – to which mail is forwarded, I had to add access for host1 to relay mail  in /etc/postfix/main.cf had to include:

mynetworks = 124.124.124.124

and 124.124.124.124 is IP of host1

One note to make is if mynetworks is not defined to host of host1 mail server, you will get in /var/log/maillog error:

Relay access denied (in reply to RCPT TO command))

Here is paste chunk from /var/log/maillog

Mar  1 08:57:01 host1 postfix/smtp[95236]: 88C8B11F911:
                    to=<amaderit.for.brother+caf_=amaderit2013FINAL=forward-host.org@gmail.com>, relay=24.129.36.212[24.129.36.212]:587, delay=0.54,
                    delays=0.01/0/0.44/0.09, dsn=5.7.1, status=bounced (host 24.129.36.212[24.129.36.212] said: 554 5.7.1
                    <amaderit.for.brother+caf_=amaderit2013FINAL=forward-host.org@gmail.com>: Relay access denied (in reply to RCPT TO command))


Share this on