Category: Mail

  • SpamAssassin

    SpamAssassin

    SpamAssassin is a powerful open-source tool designed to filter out spam emails. Developed by the Apache Software Foundation, it helps users manage their inboxes by identifying and blocking unsolicited bulk emails.

    How SpamAssassin Works

    SpamAssassin employs various techniques to detect spam. It analyzes incoming emails using methods such as:

    • Header and Text Analysis: It examines the content and metadata of emails to identify patterns typical of spam.
    • Bayesian Filtering: This statistical method evaluates the likelihood that an email is spam based on previous user interactions.
    • DNS Blocklists: It checks if the sender’s IP address is listed on known spam databases.
    • Collaborative Filtering: This approach uses data from multiple users to improve spam detection accuracy.

    When an email is processed, SpamAssassin assigns a score based on these analyses. If the score exceeds a certain threshold (commonly set at 5), the email is flagged as spam. This scoring system allows users to customize their sensitivity settings according to their needs.

    Install SpamAssasin

    To install SpamAssasin on Ubuntu, run

    apt update
    apt-get install spamassassin spamc -y

    To update rules, run

    sa-update

    Configuration files located at

    /etc/spamassassin/local.cf

    To stop/start SpamAssasin

    systemctl start spamassassin
    systemctl stop spamassassin
    systemctl restart spamassassin

    White List a Sender

    To whitelist a sender, edit /etc/spamassassin/local.cf, add

    whitelist_from *@serverok.in
    whitelist_from admin@serverok.in

    Restart spamassasin

    systemctl restart spamassassin

    Back to Email

  • How to block a domain in Zimbra

    How to block a domain in Zimbra

    To block all emails from a specific domain in Zimbra, run the following commands as user zimbra (su – zimbra).

    zmprov md yourdomain.com +amavisBlacklistSender bad-domain.com
    zmamavisdctl restart

    To block a specific email address, run

    zmprov md yourdomain.com +amavisBlacklistSender user@bad-domain.com
    zmamavisdctl restart

    How to unblock

    If you have blocked a domain or email address and want to unblock, you can use

    -amavisBlacklistSender

    Example

    zmprov md yourdomain.com -amavisBlacklistSender bad-domain.com
    zmamavisdctl restart

    Back to zimbra

  • How to disable Zimbra dnscache service

    How to disable Zimbra dnscache service

    When you are using the Zimbra mail server behind NAT with Split DNS, you need to disable dnscache service.

    To view all enabled/installed services, run

    zmprov gs `zmhostname` zimbraServiceEnabled zimbraServiceInstalled
    

    Example

    zimbra@mail:~$ zmprov gs `zmhostname` zimbraServiceEnabled zimbraServiceInstalled
    # name mail.serverok.in
    zimbraServiceEnabled: amavis
    zimbraServiceEnabled: antivirus
    zimbraServiceEnabled: antispam
    zimbraServiceEnabled: opendkim
    zimbraServiceEnabled: logger
    zimbraServiceEnabled: ldap
    zimbraServiceEnabled: mta
    zimbraServiceEnabled: dnscache
    zimbraServiceEnabled: memcached
    zimbraServiceEnabled: snmp
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: proxy
    zimbraServiceEnabled: service
    zimbraServiceEnabled: zimbra
    zimbraServiceEnabled: zimbraAdmin
    zimbraServiceEnabled: zimlet
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: spell
    zimbraServiceInstalled: amavis
    zimbraServiceInstalled: antivirus
    zimbraServiceInstalled: antispam
    zimbraServiceInstalled: opendkim
    zimbraServiceInstalled: logger
    zimbraServiceInstalled: ldap
    zimbraServiceInstalled: mta
    zimbraServiceInstalled: dnscache
    zimbraServiceInstalled: snmp
    zimbraServiceInstalled: stats
    zimbraServiceInstalled: memcached
    zimbraServiceInstalled: proxy
    zimbraServiceInstalled: mailbox
    zimbraServiceInstalled: spell
    
    zimbra@mail:~$ 
    

    To disable dnscache service, run

    zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
    zmprov ms `zmhostname` -zimbraServiceInstalled dnscache
    

    Stop dnscache service

    zmdnscachectl stop
    

    Stop zimbra

    zmcontrol stop
    

    Start Zimbra

    zmcontrol start
    

    Back to Zimbra

  • How to Zimbra Split DNS with dnsmasq

    How to Zimbra Split DNS with dnsmasq

    When you install Zimbra on a server behind NAT, your public IP is not configured in the server, instead, it gets routed to the server using NAT gateway. Zimbra wants the IP address of your MX record present in the server.

    To solve this problem, we can use Split DNS. When you check the IP of the MX record from the server, it resolves to the internal IP address of the server. For everyone else, the MX record resolves to the public IP Address of the server.

    IMPORTANT: Do not install Zimbra dnscache (unbound) as it listens on port 53, which will cause conflict with Split DNS.

    Disable systemd-resolved

    On Ubuntu, local DNS resolving is done by systemd-resolved, you need it disabled.

    systemctl disable systemd-resolved.service
    systemctl stop systemd-resolved
    rm -f /etc/resolv.conf
    tee /etc/resolv.conf << END
    nameserver 127.0.0.1
    END
    

    Install dnsmasq

    Install dnsmasq with command

    apt install dnsmasq -y
    

    Configure dnsmasq

    Edit file

    vi /etc/dnsmasq.conf
    

    Add

    server=8.8.8.8
    server=1.1.1.1
    domain=aei.gt
    mx-host=yourdomain.com,mail.yourdomain.com,5
    listen-address=127.0.0.1
    

    Restart dnsmasq

    systemctl restart dnsmasq
    

    Edit /etc/hosts file

    vi /etc/hosts
    

    Add

    YOUR_LOCAL_IP  mail.yourdomain.com mail
    

    Edit /etc/resolv.conf

    vi  /etc/resolv.conf
    

    Add

    nameserver 127.0.0.1
    

    Remove any other name server entry, do all DNS requests go to dnsmasq.

    At this point, if you do a nslookup/dig for MX record, you should see your internal IP address.

    Back to Zimbra

  • Fake SMTP Server for testing

    Fake SMTP Server for testing

    When you develop a website or an application, you may need to use a fake SMTP server for debugging. Fake SMTP servers access emails, but they won’t deliver emails to the recipient’s email address.

    The simplest way to run a debugging SMTP server is using the following python code

    python3 -m smtpd -n -c DebuggingServer 0.0.0.0:2525
    

    This will start an SMTP server on port 2525. It does not support SMTP authentication.

    If you want to run a Fake SMTP server with Authentication support, use

    https://github.com/rnwood/smtp4dev

    You can install it using docker.

    First you need to install Docker. On Ubuntu, run

    apt install docker.io
    

    Run smtp4dev with the command

    docker run -d -it -p 3000:80 -p 2525:25 --restart=unless-stopped rnwood/smtp4dev
    

    SMTP Server will listen on port 2525. On port 3000, you have a web interface to read the mails

    Fake SMTP Server

    See SMTP

  • How to configure Hostname in PowerMTA

    How to configure Hostname in PowerMTA

    By default, PowerMTA uses the server’s hostname. You can specify a custom hostname per Virtual MTA.

    To set a hostname for VitualMTA, add host-name entry as follows.

    
        host-name smtp1.serverok.in
        #domain-key default,smtp1.serverok.in,/etc/pmta/default.smtp1.serverok.in.pem
        
        max-msg-rate 100/h
        
    
    
  • iRedMail Intentional policy rejection

    iRedMail Intentional policy rejection

    On an iRedMail, when receiving an email from steam, the mail server rejects the email with the error message “Recipient address rejected: Intentional policy rejection, please try again later”.

    Jan 31 20:31:46 mail postfix/smtpd[2042109]: Anonymous TLS connection established from smtp-03-tuk1.steampowered.com[208.64.202.39]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    Jan 31 20:31:47 mail postfix/smtpd[2042109]: NOQUEUE: reject: RCPT from smtp-03-tuk1.steampowered.com[208.64.202.39]: 451 4.7.1 : Recipient address rejected: Intentional policy rejection, please try again later; from= to= proto=ESMTP helo=
    Jan 31 20:31:47 mail postfix/smtpd[2042109]: disconnect from smtp-03-tuk1.steampowered.com[208.64.202.39] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
    

    This is due to gray listing in iRedMail server.

    To whitelist steam in iRedMail, run

    /opt/iredapd/tools/greylisting_admin.py --disable --from '@steampowered.com'
    

    Example

    root@mail:/var/log# /opt/iredapd/tools/greylisting_admin.py --disable --from '@steampowered.com'
    * Disable greylisting: @steampowered.com -> @.
    root@mail:/var/log# 
    
  • 554 5.7.1 Unknown Sender in Local Domain

    When sending an email from one server to another, the email gets bounced with an error

    SMTP error from remote mail server after MAIL FROM: SIZE=1575: 554 5.7.1 Unknown Sender in Local Domain .
    

    The error is because both servers have the sender domain name configured. The solution is to remove the domain name from one of the servers.

  • Google Workspace DKIM authentication settings failed.

    Google Workspace DKIM authentication settings failed.

    When generating DKIM in google Google Workspace I got the following error message.

    DKIM authentication settings failed
    

    This error happens when you have a newly activated Google Workspace account.

    As per Google support instructions at

    https://support.google.com/a/answer/174126

    You need to wait 24 to 78 hours before activating DKIM.

    Important: After you create your Google Workspace account and turn on Gmail, you must wait 24–72 hours before you can generate a DKIM key.

  • .forward file

    Users can create a .forward file in their home directories that is used by mail servers like exim, sendmail used to redirect email to another email account.

    When mail is sent to a local user, the sendmail command checks for the $HOME/.forward file. The $HOME/.forward file can contain one or more addresses or aliases. If the file exists, the message is not sent to the user. The message is sent to the addresses or aliases in the .forward file.

    On Cpanel servers, /root/.forward contains the email address of the server administrator, so all emails to root get forwarded to the Server Admin email account.

    Example

    [root@server52 ~]# cat /root/.forward 
    admin@serverok.in
    [root@server52 ~]# 
    

    To create a .forward file, you can run

    echo "you@gmail.com" > ~/.forward
    

    This will create a file $HOME/.forward with your email address inside it.

  • postfix smtp Must issue a STARTTLS command first

    postfix smtp Must issue a STARTTLS command first

    When sending an email to a server, mail bounced with the following error message.

    Action: failed
    Status: 5.7.0
    Remote-MTA: dns; mail01.riedelbau.de
    Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first
    

    To fix the error, first enabled debug in postfix for the Remote-MTA, for this, edit file

    vi /etc/postfix/main.cf
    

    Add the following lines. You need to remove these lines after debug is completed or your log file will get larger with debug log.

    debug_peer_list=mail01.riedelbau.de
    debug_peer_level=3
    

    Restart postfix mail server.

    systemctl restart postfix
    

    Now I send a mail, in /var/log/mail.log, I got the detailed error message.

    Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 64
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 220 mail01.riedelbau.de ESMTP Fri, 17 Sep 2021 08:32:23 +0200 
    Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: EHLO smtp1.serverok.in
    Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 31
    Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 221
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-mail01.riedelbau.de Hello [173.249.63.91]
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TURN
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-SIZE 36700160
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ETRN
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-PIPELINING
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-DSN
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ENHANCEDSTATUSCODES
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-8bitmime
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-BINARYMIME
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-CHUNKING
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-VRFY
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TLS
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-STARTTLS
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250 OK
    Sep 17 08:32:25 mail postfix/smtp[31356]: server features: 0x901f size 36700160
    Sep 17 08:32:25 mail postfix/smtp[31356]: Using ESMTP PIPELINING, TCP send buffer size is 87040, PIPELINING buffer size is 4096
    Sep 17 08:32:25 mail postfix/smtp[31356]: Host offered STARTTLS: [mail01.riedelbau.de]
    Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
    Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: MAIL FROM: SIZE=676
    Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: RCPT TO: ORCPT=rfc822;alex@riedelbau.de
    Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: DATA
    Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
    Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 116
    Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 141
    Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 530 5.7.0 Must issue a STARTTLS command first
    

    The error is fixed by running

    postconf -e "smtp_tls_security_level=encrypt"
    systemctl restart postfix
    

    You may also need to check the value of smtpd_tls_CAfile

    root@mail:~# postconf smtpd_tls_CAfile
    smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    root@mail:~# 
    

    If you don't have this set, run

    postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
    

    See postfix