In
this post I am going to explain how to record/archive all the incoming and
outgoing emails from a postfix system to two different email
addresses.
I
have a CentOS 6.3 x86_64 Minimal install system. In CentOS 6, postfix is
installed and will be running by default.
Pre-requesites:
1)
Working DNS Server : Incase you dont know how to configure, please follow this
link to configure BIND DNS Server
2)
Postfix must be installed. Incase its not installed then
[root@mail
~]# yum install postfix -y
Edit
the Postfix Configuration file
[root@mail
~] # vim /etc/postfix/main.cf
myhostname
= mail.example.com
mydomain
= example.com
myorigin
= $mydomain
inet_interfaces
= $myhostname, localhost
inet_protocols = all
mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.124.0/24,
127.0.0.0/8
mynetworks_style = subnet
sender_bcc_maps
= hash:/etc/postfix/outgoing
recipient_bcc_maps
= hash:/etc/postfix/incoming
Create
two users inmails and outmails and assign passwords for them
[root@mail
~]# useradd inmails
[root@mail
~]# echo "redhat" | passwd --stdin inmails
[root@mail
~]# useradd outmails
[root@mail
~]# echo
"redhat" | passwd --stdin
outmails
Create
two file inside the postfix configuration directory
[root@mail
~]# vim /etc/postfix/incoming
@example.com inmails@example.com
[root@mail
~]# vim /etc/postfix/outgoing
@example.com outmails@example.com
Create
the postfix lookup table using the postmap command. Postmap
is utility program that will
convert /etc/postfix/incoming to /etc/postfix/incoming.db in
Berkley DB format, so that Postfix can access the data faster.
[root@mail
~]# postmap /etc/postfix/incoming
[root@mail
~]# postmap /etc/postfix/outgoing
Restart
the postfix service and make service available during startup
[root@mail
~]# service postfix restart
Test
the configuration by sending a mail to any user on the system it will recorded
in inmails user mailbox and outmails user mailbox as well.
Postfix is infinitely configurable to suit your needs. For large corporations and ISPs, Postfix can be configured to use a mySQL backend instead of using configuration files. Thus a quick insert or delete of a record can add users, domains, etc. This tutorial configures Postfix to receive email using local configuration files.
Postfix Installation:
- Red Hat/Fedora/CentOS: yum install postfix
- Ubuntu/Debian: apt-get install postfix
Postfix configuration file: /etc/postfix/main.cf
(Red Hat, Fedora, Suse and Ubuntu!)Basic:
# Common for all Postfix configurations:
smtpd_banner = $myhostname ESMTP $mail_name - Mail RFC requirement. RHEL5: uncomment this line
biff = no - Turn off local user mail notification
mailbox_size_limit = 0 - Zero implies no limit
message_size_limit = 20480000 - Set a size limit on email
recipient_delimiter = + - RHEL5: uncomment this line
append_dot_mydomain = no - appending .domain is the MUA's job
Can not send email to partial domain user@partialdomainname,
only full domains
mail_spool_directory = /var/mail - RHEL5: uncomment this line
Allow no relay or outbound SMTP:
Add to file main.cf:relayhost =
mynetworks = 127.0.0.1/32
inet_interfaces = all - Interfaces to listen on. Comma separated list eg. localhost, hostname
Receive email for local users: (multiple domains can be specified but an email sent to Michael is not distinguished between domains. One Michael for all domains.)
Add to file main.cf:myhostname = mail.megawebhost.com
mydomain = megawebhost.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# All domains listed in mydestination are subject to /etc/aliases mapping.
# Do not list domains to be used with virtual hosts!
mydestination = $mydomain $myhostname alternateName1 localhost.localdomain localhost
Virtual host:
(receive
email for multiple domains. Users distinguished between domains. Email recipient
ed@megacorp.com is different than ed@charity.com)
Add
this definition to support virtual hosts:
# After edting file /etc/postfix/valias.txt
# run command: postmap /etc/postfix/valias.txt
# to create hash db file.
virtual_alias_maps = hash:/etc/postfix/valias.txt
# Use local unix account mailboxes for these domains
virtual_alias_domains = /etc/postfix/vhosts.txt
Add anti-SPAM measures:
Add to file main.cf:# Place all of the restrictions into the smtpd_recipient_restrictions:
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
smtpd_sender_restrictions =
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_recipient_restrictions =
# permit_mynetworks,
# permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
# check_client_access hash:/etc/postfix/maps/access_client,
# check_helo_access hash:/etc/postfix/maps/access_helo,
# check_sender_access hash:/etc/postfix/maps/access_sender,
check_sender_access hash:/etc/postfix/access_sender,
# check_recipient_access hash:/etc/postfix/maps/access_recipient,
# reject_rhsbl_client blackhole.securitysage.com, THIS SITE IS RETIRED
# reject_rhsbl_sender blackhole.securitysage.com, THIS SITE IS RETIRED
# reject_rbl_client relays.ordb.org, THIS SITE IS RETIRED
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
# reject_rbl_client proxies.blackholes.wirehub.net, THIS SITE IS RETIRED
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org,
# reject_rbl_client opm.blitzed.org, THIS SITE IS RETIRED
# reject_rbl_client dnsbl.njabl.org, THIS SITE IS RETIRED
# reject_rbl_client list.dsbl.org, THIS SITE IS RETIRED
# reject_rbl_client multihop.dsbl.org, THIS SITE IS RETIRED
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
Note:
- SpamHaus combines three blackhole lists: Exploits block list (exploited systems): xbl.spamhaus.org, Policy block list (non-MTA IP): pbl.spamhaus.org and Spamhaus block list: sbl.spamhaus.org, into one "zen.spamhaus.org".
Limit denial of service attacks:
Add to file main.cf:default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
header_size_limit = 51200
smtp_recipient_limit = 100
File: /etc/postfix/vhosts.txt
megacorp.com
charityX.org
productX.com
Domains
listed here should NOT be listed with the "mydestination" directive.
File: /etc/postfix/valias.txt
This file maps email addresses to local user names:joe@megacorp.com userjoe
joe@charityX.org userjoseph
info@productX.com userjoe
Upon
creation or change, create the db file: postmap /etc/postfix/valias.txt This creates the file /etc/postfix/valias.txt.db
File: /etc/postfix/access_sender
0.0.0.0/8 REJECT Domain MX in broadcast network
10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
127.0.0.0/8 REJECT Domain MX in loopback network
169.254.0.0/16 REJECT Domain MX in link local network
172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
192.0.2.0/24 REJECT Domain MX in TEST-NET network
192.168.0/16 REJECT Domain MX in RFC 1918 private network
224.0.0.0/4 REJECT Domain MX in class D multicast network
240.0.0.0/5 REJECT Domain MX in class E reserved network
248.0.0.0/5 REJECT Domain MX in reserved network
Generate
database file "access_sender.db": postmap /etc/postfix/access_sender Used by main.cf directive check_sender_access hash:/etc/postfix/access_sender
- Red Hat: /var/log/maillog
- Ubuntu: /var/log/mail.log
Postfix Pitfalls:
- Error in /var/log/maillog
.. ... Feb 7 21:45:00 ip-XXX-XXX-XXX-XXX postfix/postfix-script[26232]: starting the Postfix mail system Feb 7 21:45:00 ip-XXX-XXX-XXX-XXX postfix/master[26233]: fatal: bind 0.0.0.0 port 25: Address already in use Feb 7 21:48:22 ip-XXX-XXX-XXX-XXX postfix/postfix-script[26273]: fatal: the Postfix mail system is not running ... ..Check for other applications using port 25: fuser -uv 25/tcp
Often Sendmail is installed by default and may be running.
Fix: service sendmail stop; service postfix restart
Postfix can be configured three different ways to interface with Mailman. The following uses the /etc/aliases file for this configuration. Requires the following main.cf configuration:
alias_maps = hash:/etc/aliasesFile: /etc/aliases
alias_database = hash:/etc/aliases
# # regular aliases # info: user1 joe: user1 theadore: ted # # mailman aliases # mailman: "|/var/mailman/mail/mailman post mailman" mailman-admin: "|/var/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/mailman/mail/mailman confirm mailman" mailman-join: "|/var/mailman/mail/mailman join mailman" mailman-leave: "|/var/mailman/mail/mailman leave mailman" mailman-owner: "|/var/mailman/mail/mailman owner mailman" mailman-request: "|/var/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/mailman/mail/mailman unsubscribe mailman" # megacorp: "|/var/mailman/mail/mailman post megacorp" megacorp-admin: "|/var/mailman/mail/mailman admin megacorp" megacorp-bounces: "|/var/mailman/mail/mailman bounces megacorp" megacorp-confirm: "|/var/mailman/mail/mailman confirm megacorp" megacorp-join: "|/var/mailman/mail/mailman join megacorp" megacorp-leave: "|/var/mailman/mail/mailman leave megacorp" megacorp-owner: "|/var/mailman/mail/mailman owner megacorp" megacorp-request: "|/var/mailman/mail/mailman request megacorp" megacorp-subscribe: "|/var/mailman/mail/mailman subscribe megacorp" megacorp-unsubscribe: "|/var/mailman/mail/mailman unsubscribe megacorp" #