Category: Mail

  • Enable Web Monitor UI in PowerMTA

    PowerMTA comes with a Web Monitor UI, that will show you some stats about your mail server, also able to run some commands, edit PowerMTA configuration file.

    PowerMTA web monitor UI

    To enable Web Monitor UI, you need to white list your IP address in PowerMTA configuration, for this you need a fixed IP Address.

    vi /etc/pmta/config
    

    Find

    http-access 127.0.0.1 monitor
    http-access ::1 monitor
    

    Add below

    http-access 51.38.246.115 admin
    

    Replace 51.38.246.115 with your IP address in above line and restart PowerMTA.

    systemctl restart pmta
    

    Now you will be able to access PowerMTA Web Monitor UI at

    https://YOUR_MAIL_SERVER_IP:8080/

    Web Monitor log file

    tail -f /var/log/pmta/pmtahttp.log
    

    See PowerMTA

  • PowerMTA allow an IP to sent email

    To allow a web server to send email through PowerMTA with out autentication, you need to edit PowerMTA configuration file

    vi /etc/pmta/config
    

    Add a source entry for the IP address that you need to allow relaying mails

    
        always-allow-relaying yes
        smtp-service yes
    
    

    Replace IP_ADDRESS with IP address of web server that you need to allow sending email with out autentication.

    Restart PowerMTA

    systemctl restart pmta
    

    With out source entry, if you try to sent email, you will be rejected with error “550 5.7.1 relaying denied for recipient”.

    Example using swaks

    root@lab:~# swaks --to [email protected] --server smtp1.serverok.in --port 2525
    === Trying smtp1.serverok.in:2525...
    === Connected to smtp1.serverok.in.
    <-  220 smtp1.serverok.in ESMTP service ready
     -> EHLO lab.serverok.in
    <-  250-smtp1.serverok.in says hello
    <-  250-ENHANCEDSTATUSCODES
    <-  250-PIPELINING
    <-  250-CHUNKING
    <-  250-8BITMIME
    <-  250-AUTH CRAM-MD5
    <-  250-AUTH=CRAM-MD5
    <-  250-XACK
    <-  250-SIZE 0
    <-  250-VERP
    <-  250-SMTPUTF8
    <-  250 DSN
     -> MAIL FROM:
    <-  250 2.1.0 MAIL ok
     -> RCPT TO:
    <** 550 5.7.1 relaying denied for recipient in "RCPT TO:"
     -> QUIT
    <-  221 2.0.0 smtp1.serverok.in says goodbye
    === Connection closed with remote host.
    root@lab:~# 
    

    See PowerMTA

  • swaks – Command line SMTP Testing Tool

    swaks is a command line SMTP testing tool available at

    http://www.jetmore.org/john/code/swaks/

    On Debian/Ubuntu, you can install it with the command

    apt install swaks
    swaks mail testing tool

    if you just type swaks, it will ask for your email, then send a mail using MX Record to a specified email address.

    To send email using a specific mail server

    swaks --to [email protected] --server test-server.example.net

    Deliver a standard test email, requiring CRAM-MD5 authentication as user [email protected]. An “X-Test” header will be added to the email body. The authentication password will be prompted for if it cannot be obtained from your .netrc file.

    swaks --to [email protected] --from [email protected] --auth CRAM-MD5 --auth-user [email protected] --header-X-Test "test email"

    Here is an example command that uses a remote SMTP server to send email. I used this on a backup bash script to send email alters after the backup was completed.

    swaks --to [email protected] --from [email protected] --server smtp1.serverok.in --auth-user [email protected] --auth-password '7XwlzPnSmlsWsdbS' --body "This is a test message" --header 'Subject: Backup completed'

    To send email from cpanel server, use

    swaks --to [email protected] \
          --server server46.hostonnet.com \
          --port 587 \
          --from [email protected] \
          --auth-user [email protected] \
          --auth-password 'PW_HERE' \
          --body "This is a test message" \
          --header 'Subject: Backup completed' \
          --auth \
          --tls

    See SMTP

  • Create DKIM in PowerMTA

    To generate DKIM, run the command

    openssl genpkey -algorithm RSA -out private.pem
    openssl rsa -pubout -in private.pem -out public.pem

    This will create 2 files. private.pem and public.pem

    Create a file and copy the content of the file private.pem in it.

    /etc/pmta/DOMAIN_NAME_HERE.pem

    Public Key

    The file public.pem contains the public key, which you need to put in your DNS zone.

    public.pem file contains something that looks like the following.

    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl
    gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD
    gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc
    JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC
    gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ
    Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV
    vQIDAQAB
    -----END PUBLIC KEY-----

    NOTE: This is just an example, don’t use it.

    You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, and remove line chars, so it looks like one long string. For example

    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB

    Next, you need to edit the DNS record for your domain name. Create a TXT record with the following name

    default._domainkey.DOMAIN_NAME_HERE

    For the value, use

    "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

    Example

    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB"

    Enable DKIM Signing

    To enable DKIM signing, edit

    vi /etc/pmta/config

    Add

    domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem

    You can also add this in virtual MTA settings.

    See PowerMTA

  • Change SMTP port in PowerMTA

    To change SMTP port in PowerMTA, edit file

    vi /etc/pmta/config
    

    Find line starting with

    smtp-listener
    

    This line specify port used by PowerMTA server. You can change the power on this line. If you need PowerMTA listen to multiple ports, duplicate the line and change port, this will make PowerMTA work using both ports.

    smtp-listener 0/0:2525
    smtp-listener 0/0:25
    

    This will make PowerMTA work on both port 25 and port 2525

    After editing /etc/pmta/config, you need to restart PowerMTA with

    systemctl restart pmta
    

    See PowerMTA

  • Create SMTP user in PowerMTA

    Once you have PowerMTA installed, you need to create SMTP user. To create an SMTP user, edit file

    vi /etc/pmta/config
    

    Find

    #
    #    password "changeme"
    #
    

    Add below

    
        password "SMTP_PASSWORD_HERE"
        source {smtpuser-auth}
    
    
    
        smtp-service yes
        always-allow-relaying yes
        require-auth true
        process-x-virtual-mta yes
        default-virtual-mta vmta-1
        remove-received-headers true
        #add-received-headers false
        hide-message-source true
    
    
    
        #smtp-source-host 79.137.44.176 smtp1.serverok.in
        #domain-key default,smtp1.serverok.in,/etc/pmta/default.smtp1.serverok.in.pem
        
        max-msg-rate 100/h
        
    
    

    In above code, replace SMTP_USERNAME_HERE and SMTP_PASSWORD_HERE with SMTP username and password you need.

    in vmta-1, domain-key line that is commented out is used to Enable DKIM signing of out going emails.

    Resatrt PowerMTA

    systemctl restart pmta
    

    See PowerMTA

  • How do I view what exim is doing?

    Exim comes with a utility called “exiwhat” which will display what each instance of exim is currently involved with.

    exiwhat
    

    The output will look similar to this

    exim mail server exiwhat

    To monitor the exim log in realtime, you may use the tail command

    tail -f /var/log/exim_mainlog
    

    See Exim, exiwhat

  • How to stop SPAM with Postfix RBL

    To stop spam using RBL in postfix, edit main.cf

    vi /etc/postfix/main.cf
    

    Add

    smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_invalid_hostname,
        reject_unauth_pipelining,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client zen.spamhaus.org,
        permit
    

    Restart postfix

    systemctl restart postfix
    

    See postfix

  • Postfix enable Maildir

    To enable postfix, run

    postconf -e "home_mailbox = Maildir/"
    systemctl restart postfix
    

    You can do it by editing /etc/postfix/main.cf

    vi /etc/postfix/main.cf
    

    Add

    home_mailbox = Maildir/
    

    if home_mailbox entry already in main.cf file, then modify instead of adding a new entry.

    Virtual Mailbox

    If you are using virtual mailbox, make sure you spedify folder in your virtual_mailbox_maps.

    Here is what i have in main.cf

    virtual_mailbox_maps = hash:/etc/postfix/vmailbox
    

    in /etc/postfix/vmailbox

    root@ip-172-26-9-39:~# cat /etc/postfix/vmailbox
    [email protected]   serverok.in/boby/
    root@ip-172-26-9-39:~# 
    

    if you miss / at end of the line, mail will get stored in mailbox format even if you specify home_mailbox = Maildir/

    Verify Maildir

    Create a user

    useradd -m -s /bin/bash incoming
    

    Sent a mail to the user

    telnet localhost 25
    ehlo localhost
    mail from: root@localhost
    rcpt to: incoming@localhost
    data
    Subject: Testing mail
    
    Testing mail
    .
    quit
    

    Login as the user

    sudo - incoming
    

    Check the mail

    MAIL=/home/incoming/Maildir
    mail
    

    You will see the mail. Only recent version of mail command support Maildir. If you are using older version, it won’t work. If you are using recent version of Linux, you will be fine.

    See Postfix

  • fatal: open /etc/postfix/main.cf: Permission denied

    On a CentOS server, when sending mail from PHP scripts, mail failed to work. On checking postfix log file (/var/log/maillog), i see following error.

    Aug 11 01:41:53 forums postfix/sendmail[44463]: fatal: open /etc/postfix/main.cf: Permission denied
    

    To fix this, disable selinux

    setenforce 0
    

    To permanantly disable SELinux, run

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    
  • Postfix email forward

    Postfix email forward

    On an Ubuntu Server, i done following to setup email forwarding.

    Install postfix

    apt -y install postfix
    

    Edit /etc/postfix/main.cf, add following

    vi /etc/postfix/main.cf
    

    Add

    virtual_mailbox_domains = YOUR-DOMAIN_HERE.com
    virtual_mailbox_base = /var/mail/vhosts
    virtual_mailbox_maps = hash:/etc/postfix/vmailbox
    virtual_minimum_uid = 100
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_alias_maps = hash:/etc/postfix/virtual
    

    Create Virtual mailbox

    vi /etc/postfix/vmailbox
    

    Add

    user1@YOUR-DOMAIN_HERE.com    YOUR-DOMAIN_HERE.com/user1
    

    Create alias file, used for mail forwarding

    vi /etc/postfix/virtual
    

    Add

    admin@YOUR-DOMAIN_HERE.com [email protected]
    

    Wth above configuration, mail coming to admin@YOUR-DOMAIN_HERE.com will get forwarded to [email protected]. Email coming to user1@YOUR-DOMAIN_HERE.com get delivered to local mailbox folder.

    Now run following commands to make hashmap

    postmap /etc/postfix/vmailbox
    postmap /etc/postfix/virtual
    

    Restart postfix

    systemctl restart postfix
    
  • iredmail

    iRedMail allow you to run your own mail server easily. It use postfix mail server for mail delivery.

    https://www.iredmail.org/

    iredmail increase mail attachment size
    iRedMail Intentional policy rejection