MAINTAINING POSTFIX

assuming you got postfix up and running already

USER ACCOUNTS

we don’t want the file to be created with crazy perms (mail has write access on GNU). the mail user’s default 0022 umask will do the job just fine, as there is a sticky-bit over there already.

cp -pi /etc/default/useradd /etc/default/useradd.dist
vi /etc/default/useradd

# we force -s anyhow
SHELL=/bin/bash

# no need when using maildir
CREATE_MAIL_SPOOL=no

not sure we can use group mail for that account because it seems to be dedicated to few system components

find / -group mail
ls -ldF /var/spool/mail/
ls -ldF /var/spool/dma/
ls -ldF /usr/bin/lockfile
ls -ldF /usr/bin/procmail

besides, we’re not using the SGID on spool but rather the sticky bit

create a mailbox

MAILUSER=...

grep ^nogroup /etc/group
useradd -m -g nogroup -s /sbin/nologin $MAILUSER
    # -k /dev/null
    # -s /bin/false
    # -s /dev/null
passwd $MAILUSER

MBOX

chmod 600 /var/spool/mail/$MAILUSER # once it exists
chmod 700 /home/$MAILUSER/

MAILDIR

mkdir /home/$MAILUSER/Maildir/
chmod 700 /home/$MAILUSER/
chmod 700 /home/$MAILUSER/Maildir/
chown -R $MAILUSER:nogroup /home/$MAILUSER/

remove a mailbox and loose its data

userdel -r $MAILUSER

OPERATIONS

make sure the unix socket for SPF is there

netstat -an | grep policy

check the queue

mailq
# postqueue -p

flush (re-process) the queue

runq
# postfix flush
# postqueue -f

get rid of a specific failing message stuck in the queue

postsuper -d ID-HERE

FROM SOURCE (OR CONTAINER) OPERATIONS

apply minor config change

postfix check && echo ok
postfix reload

restart

which postfix
postfix stop
ps auxww | grep master
postfix check && echo ok
postfix start

and on netbsd eventhough you might have built it from source, YOU CAN keep using system’s built-in rc script

/etc/rc.d/postfix restart

NETBSD OPERATIONS

tail -100 -F /var/log/maillog

/etc/rc.d/postfix restart

and in case this is a custom build

vi /etc/rc.local

/usr/sbin/postfix start && echo -n postfix330
/usr/sbin/postconf -d | grep version

DEBIAN/UBUNTU OPERATIONS

tail -F /var/log/mail.*

systemctl restart psotfix

ACCEPTANCE

see postfix.acceptance

ADDITIONAL NOTES

wipe-out all

postsuper -d ALL

How to delete mail queue in Postfix https://sharadchhetri.com/2014/02/06/how-to-delete-mail-queue-in-postfix/

CLIENT REJECT & OK

see SUPPORTING FILES from the main guide

vi /etc/postfix/access.client

Deal with spam that eventually came through the hereby protections (wow, so that’s a clean spam!): look at the headers what fqdn connected to your MX and reject it manually so it doesn’t spam you again,

.domain.tld REJECT message
domain.tld  REJECT message

the other way around, allow a specific client to talk to you

.domain.tld OK
domain.tld  OK

also handy for ip ranges

109.206.237.0/24                REJECT too much SPAM from your ip range

and regenerate the map

postmap /etc/postfix/access.client

deal with Microsoft

unblock your server from MS’s blacklists:

How to Remove Your IP from the Hotmail Blacklist https://www.rackaid.com/blog/hotmail-blacklist-removal/

Microsoft’s Sender Information Form https://support.live.com/eform.aspx?productKey=edfsmsbl3&ct=eformts&wa=wsignin1.0&scrx=1

deal with Outlook.com

register to live.com and define your IP into SNDS: https://postmaster.live.com/snds/

then file a request to un-block your IP: https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3

Resources

5 top tips for reviewing your Postfix mail queue https://www.wirehive.com/thoughts/5-top-tips-reviewing-postfix-mail-queue/

How to create linux account with useradd without creating mail spool https://serverfault.com/questions/522556/how-to-create-linux-account-with-useradd-without-creating-mail-spool

handle the queue

Delete mail from specific sender from postfix queue http://pgabri.com/blog/delete-mail-from-specific-sender-from-postfix-queue/

How to remove Postfix queue messages sent to a specific domain https://serverfault.com/questions/638152/how-to-remove-postfix-queue-messages-sent-to-a-specific-domain/638156

How To Delete Mails From Or To A Specific Email Address From Your Mail Queue (Postfix) https://www.howtoforge.com/delete-mails-to-or-from-a-specific-email-address-from-postfix-mail-queue

Delete mail from specific sender from postfix queue https://micheleberardi.medium.com/delete-mail-from-specific-sender-from-postfix-queue-93e7260b7977

Delete messages from Postfix queue by sender address and recipient domain https://www.frontline.ro/en/blog/delete-messages-from-postfix-queue-by-sender-address-and-recipient-domain

client checks

https://ethitter.com/2016/03/blocking-sender-ips-in-postfix/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun