Category: Mail

  • Enable Web Monitor UI in PowerMTA

    PowerMTA comes with a Web Monitor UI, that will show you some stats about your mail server, also able to run some commands, edit PowerMTA configuration file.

    PowerMTA web monitor UI

    To enable Web Monitor UI, you need to white list your IP address in PowerMTA configuration, for this you need a fixed IP Address.

    vi /etc/pmta/config

    Find

    http-access 127.0.0.1 monitor
http-access ::1 monitor

    Add below

    http-access 51.38.246.115 admin

    Replace 51.38.246.115 with your IP address in above line and restart PowerMTA.

    systemctl restart pmta

    Now you will be able to access PowerMTA Web Monitor UI at

    https://YOUR_MAIL_SERVER_IP:8080/

    Web Monitor log file

    tail -f /var/log/pmta/pmtahttp.log

    See PowerMTA

  • PowerMTA allow an IP to sent email

    To allow a web server to send email through PowerMTA with out autentication, you need to edit PowerMTA configuration file

    vi /etc/pmta/config

    Add a source entry for the IP address that you need to allow relaying mails 

    
    always-allow-relaying yes
    smtp-service yes

    Replace IP_ADDRESS with IP address of web server that you need to allow sending email with out autentication.

    Restart PowerMTA

    systemctl restart pmta

    With out source entry, if you try to sent email, you will be rejected with error “550 5.7.1 relaying denied for recipient”.

    Example using swaks

    root@lab:~# swaks --to admin@serverok.in --server smtp1.serverok.in --port 2525
=== Trying smtp1.serverok.in:2525...
=== Connected to smtp1.serverok.in.
<-  220 smtp1.serverok.in ESMTP service ready
 -> EHLO lab.serverok.in
<-  250-smtp1.serverok.in says hello
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250-CHUNKING
<-  250-8BITMIME
<-  250-AUTH CRAM-MD5
<-  250-AUTH=CRAM-MD5
<-  250-XACK
<-  250-SIZE 0
<-  250-VERP
<-  250-SMTPUTF8
<-  250 DSN
 -> MAIL FROM:
<-  250 2.1.0 MAIL ok
 -> RCPT TO:
<** 550 5.7.1 relaying denied for recipient in "RCPT TO:"
 -> QUIT
<-  221 2.0.0 smtp1.serverok.in says goodbye
=== Connection closed with remote host.
root@lab:~#

    See PowerMTA

  • swaks – Command line SMTP Testing Tool

    swaks is a command line SMTP testing tool available at

    http://www.jetmore.org/john/code/swaks/

    On Debian/Ubuntu, you can install it with the command

    apt install swaks
    swaks mail testing tool

    if you just type swaks, it will ask for your email, then send a mail using MX Record to a specified email address.

    To send email using a specific mail server

    swaks --to user@example.com --server test-server.example.net

    Deliver a standard test email, requiring CRAM-MD5 authentication as user me@example.com. An “X-Test” header will be added to the email body. The authentication password will be prompted for if it cannot be obtained from your .netrc file.

    swaks --to user@example.com --from me@example.com --auth CRAM-MD5 --auth-user me@example.com --header-X-Test "test email"

    Here is an example command that uses a remote SMTP server to send email. I used this on a backup bash script to send email alters after the backup was completed.

    swaks --to serverok.in@gmail.com --from labs@serverok.in --server smtp1.serverok.in --auth-user labs@serverok.in --auth-password '7XwlzPnSmlsWsdbS' --body "This is a test message" --header 'Subject: Backup completed'

    To send email from cpanel server, use

    swaks --to serverok.in@gmail.com \
      --server server46.hostonnet.com \
      --port 587 \
      --from support@serverok.in \
      --auth-user support@serverok.in \
      --auth-password 'PW_HERE' \
      --body "This is a test message" \
      --header 'Subject: Backup completed' \
      --auth \
      --tls

    See SMTP

  • Create DKIM in PowerMTA

    To generate DKIM, run the command

    openssl genpkey -algorithm RSA -out private.pem
openssl rsa -pubout -in private.pem -out public.pem

    This will create 2 files. private.pem and public.pem

    Create a file and copy the content of the file private.pem in it.

    /etc/pmta/DOMAIN_NAME_HERE.pem

    Public Key

    The file public.pem contains the public key, which you need to put in your DNS zone.

    public.pem file contains something that looks like the following.

    -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl
gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD
gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc
JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC
gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ
Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV
vQIDAQAB
-----END PUBLIC KEY-----

    NOTE: This is just an example, don’t use it.

    You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, and remove line chars, so it looks like one long string. For example

    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB

    Next, you need to edit the DNS record for your domain name. Create a TXT record with the following name

    default._domainkey.DOMAIN_NAME_HERE

    For the value, use

    "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

    Example

    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB"

    Enable DKIM Signing

    To enable DKIM signing, edit

    vi /etc/pmta/config

    Add

    domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem

    You can also add this in virtual MTA settings.

    See PowerMTA

  • Change SMTP port in PowerMTA

    To change SMTP port in PowerMTA, edit file

    vi /etc/pmta/config

    Find line starting with

    smtp-listener

    This line specify port used by PowerMTA server. You can change the power on this line. If you need PowerMTA listen to multiple ports, duplicate the line and change port, this will make PowerMTA work using both ports.

    smtp-listener 0/0:2525
smtp-listener 0/0:25

    This will make PowerMTA work on both port 25 and port 2525

    After editing /etc/pmta/config, you need to restart PowerMTA with

    systemctl restart pmta

    See PowerMTA

  • Create SMTP user in PowerMTA

    Once you have PowerMTA installed, you need to create SMTP user. To create an SMTP user, edit file

    vi /etc/pmta/config

    Find

    #
#    password "changeme"
#

    Add below

    
    password "SMTP_PASSWORD_HERE"
    source {smtpuser-auth}



    smtp-service yes
    always-allow-relaying yes
    require-auth true
    process-x-virtual-mta yes
    default-virtual-mta vmta-1
    remove-received-headers true
    #add-received-headers false
    hide-message-source true



    #smtp-source-host 79.137.44.176 smtp1.serverok.in
    #domain-key default,smtp1.serverok.in,/etc/pmta/default.smtp1.serverok.in.pem
    
    max-msg-rate 100/h

    In above code, replace SMTP_USERNAME_HERE and SMTP_PASSWORD_HERE with SMTP username and password you need.

    in vmta-1, domain-key line that is commented out is used to Enable DKIM signing of out going emails.

    Resatrt PowerMTA

    systemctl restart pmta

    See PowerMTA

  • How do I view what exim is doing?

    Exim comes with a utility called “exiwhat” which will display what each instance of exim is currently involved with. 

    exiwhat

    The output will look similar to this

    exim mail server exiwhat

    To monitor the exim log in realtime, you may use the tail command

    tail -f /var/log/exim_mainlog

    See Exim, exiwhat

  • How to stop SPAM with Postfix RBL

    To stop spam using RBL in postfix, edit main.cf

    vi /etc/postfix/main.cf

    Add

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    permit

    Restart postfix

    systemctl restart postfix

    See postfix

  • Postfix enable Maildir

    To enable postfix, run

    postconf -e "home_mailbox = Maildir/"
systemctl restart postfix

    You can do it by editing /etc/postfix/main.cf

    vi /etc/postfix/main.cf

    Add

    home_mailbox = Maildir/

    if home_mailbox entry already in main.cf file, then modify instead of adding a new entry.

    Virtual Mailbox

    If you are using virtual mailbox, make sure you spedify folder in your virtual_mailbox_maps.

    Here is what i have in main.cf

    virtual_mailbox_maps = hash:/etc/postfix/vmailbox

    in /etc/postfix/vmailbox

    root@ip-172-26-9-39:~# cat /etc/postfix/vmailbox
boby@serverok.in   serverok.in/boby/
root@ip-172-26-9-39:~#

    if you miss / at end of the line, mail will get stored in mailbox format even if you specify home_mailbox = Maildir/

    Verify Maildir

    Create a user

    useradd -m -s /bin/bash incoming

    Sent a mail to the user

    telnet localhost 25
ehlo localhost
mail from: root@localhost
rcpt to: incoming@localhost
data
Subject: Testing mail

Testing mail
.
quit

    Login as the user

    sudo - incoming

    Check the mail

    MAIL=/home/incoming/Maildir
mail

    You will see the mail. Only recent version of mail command support Maildir. If you are using older version, it won’t work. If you are using recent version of Linux, you will be fine.

    See Postfix

  • fatal: open /etc/postfix/main.cf: Permission denied

    On a CentOS server, when sending mail from PHP scripts, mail failed to work. On checking postfix log file (/var/log/maillog), i see following error.

    Aug 11 01:41:53 forums postfix/sendmail[44463]: fatal: open /etc/postfix/main.cf: Permission denied

    To fix this, disable selinux

    setenforce 0

    To permanantly disable SELinux, run

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
  • Postfix email forward

    Postfix email forward

    On an Ubuntu Server, i done following to setup email forwarding.

    Install postfix

    apt -y install postfix

    Edit /etc/postfix/main.cf, add following

    vi /etc/postfix/main.cf

    Add 

    virtual_mailbox_domains = YOUR-DOMAIN_HERE.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual

    Create Virtual mailbox

    vi /etc/postfix/vmailbox

    Add

    user1@YOUR-DOMAIN_HERE.com    YOUR-DOMAIN_HERE.com/user1

    Create alias file, used for mail forwarding

    vi /etc/postfix/virtual

    Add

    admin@YOUR-DOMAIN_HERE.com YOU@gmail.com

    Wth above configuration, mail coming to admin@YOUR-DOMAIN_HERE.com will get forwarded to YOU@gmail.com. Email coming to user1@YOUR-DOMAIN_HERE.com get delivered to local mailbox folder.

    Now run following commands to make hashmap

    postmap /etc/postfix/vmailbox
postmap /etc/postfix/virtual

    Restart postfix

    systemctl restart postfix

  • iredmail

    iRedMail allow you to run your own mail server easily. It use postfix mail server for mail delivery.

    https://www.iredmail.org/

    iredmail increase mail attachment size
    iRedMail Intentional policy rejection