Category: Mail

PowerMTA allow an IP to sent email

To allow a web server to send email through PowerMTA with out autentication, you need to edit PowerMTA configuration file

vi /etc/pmta/config

Add a source entry for the IP address that you need to allow relaying mails


    always-allow-relaying yes
    smtp-service yes

Replace IP_ADDRESS with IP address of web server that you need to allow sending email with out autentication.

Restart PowerMTA

systemctl restart pmta

With out source entry, if you try to sent email, you will be rejected with error “550 5.7.1 relaying denied for recipient”.

Example using swaks

root@lab:~# swaks --to [email protected] --server smtp1.serverok.in --port 2525
=== Trying smtp1.serverok.in:2525...
=== Connected to smtp1.serverok.in.
<-  220 smtp1.serverok.in ESMTP service ready
 -> EHLO lab.serverok.in
<-  250-smtp1.serverok.in says hello
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250-CHUNKING
<-  250-8BITMIME
<-  250-AUTH CRAM-MD5
<-  250-AUTH=CRAM-MD5
<-  250-XACK
<-  250-SIZE 0
<-  250-VERP
<-  250-SMTPUTF8
<-  250 DSN
 -> MAIL FROM:
<-  250 2.1.0 MAIL ok
 -> RCPT TO:
<** 550 5.7.1 relaying denied for recipient in "RCPT TO:"
 -> QUIT
<-  221 2.0.0 smtp1.serverok.in says goodbye
=== Connection closed with remote host.
root@lab:~#

See PowerMTA

December 13, 2020

swaks – Command line SMTP Testing Tool
swaks is a command line SMTP testing tool available at

http://www.jetmore.org/john/code/swaks/

On Debian/Ubuntu, you can install it with the command
```
apt install swaks
```
if you just type swaks, it will ask for your email, then send a mail using MX Record to a specified email address.

To send email using a specific mail server
```
swaks --to [email protected] --server test-server.example.net
```
Deliver a standard test email, requiring CRAM-MD5 authentication as user [email protected]. An “X-Test” header will be added to the email body. The authentication password will be prompted for if it cannot be obtained from your .netrc file.
```
swaks --to [email protected] --from [email protected] --auth CRAM-MD5 --auth-user [email protected] --header-X-Test "test email"
```
Here is an example command that uses a remote SMTP server to send email. I used this on a backup bash script to send email alters after the backup was completed.
```
swaks --to [email protected] --from [email protected] --server smtp1.serverok.in --auth-user [email protected] --auth-password '7XwlzPnSmlsWsdbS' --body "This is a test message" --header 'Subject: Backup completed'
```
To send email from cpanel server, use
```
swaks --to [email protected] \
      --server server46.hostonnet.com \
      --port 587 \
      --from [email protected] \
      --auth-user [email protected] \
      --auth-password 'PW_HERE' \
      --body "This is a test message" \
      --header 'Subject: Backup completed' \
      --auth \
      --tls
```
See SMTP
December 12, 2020

Create DKIM in PowerMTA

To generate DKIM, run the command

openssl genpkey -algorithm RSA -out private.pem
openssl rsa -pubout -in private.pem -out public.pem

This will create 2 files. private.pem and public.pem

Create a file and copy the content of the file private.pem in it.

/etc/pmta/DOMAIN_NAME_HERE.pem

Public Key

The file public.pem contains the public key, which you need to put in your DNS zone.

public.pem file contains something that looks like the following.

NOTE: This is just an example, don’t use it.

You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, and remove line chars, so it looks like one long string. For example

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB

Next, you need to edit the DNS record for your domain name. Create a TXT record with the following name

default._domainkey.DOMAIN_NAME_HERE

For the value, use

"v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

Example

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB"

Enable DKIM Signing

To enable DKIM signing, edit

vi /etc/pmta/config

Add

domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem

You can also add this in virtual MTA settings.

See PowerMTA

December 12, 2020

Change SMTP port in PowerMTA
To change SMTP port in PowerMTA, edit file
```
vi /etc/pmta/config
```
Find line starting with
```
smtp-listener
```
This line specify port used by PowerMTA server. You can change the power on this line. If you need PowerMTA listen to multiple ports, duplicate the line and change port, this will make PowerMTA work using both ports.
```
smtp-listener 0/0:2525
smtp-listener 0/0:25
```
This will make PowerMTA work on both port 25 and port 2525

After editing /etc/pmta/config, you need to restart PowerMTA with
```
systemctl restart pmta
```
See PowerMTA
December 12, 2020

Create SMTP user in PowerMTA

Once you have PowerMTA installed, you need to create SMTP user. To create an SMTP user, edit file

vi /etc/pmta/config

Find

#
#    password "changeme"
#

Add below


    password "SMTP_PASSWORD_HERE"
    source {smtpuser-auth}



    smtp-service yes
    always-allow-relaying yes
    require-auth true
    process-x-virtual-mta yes
    default-virtual-mta vmta-1
    remove-received-headers true
    #add-received-headers false
    hide-message-source true



    #smtp-source-host 79.137.44.176 smtp1.serverok.in
    #domain-key default,smtp1.serverok.in,/etc/pmta/default.smtp1.serverok.in.pem
    
    max-msg-rate 100/h

In above code, replace SMTP_USERNAME_HERE and SMTP_PASSWORD_HERE with SMTP username and password you need.

in vmta-1, domain-key line that is commented out is used to Enable DKIM signing of out going emails.

Resatrt PowerMTA

systemctl restart pmta

See PowerMTA

December 12, 2020

How do I view what exim is doing?
Exim comes with a utility called “exiwhat” which will display what each instance of exim is currently involved with.
```
exiwhat
```
The output will look similar to this

To monitor the exim log in realtime, you may use the tail command
```
tail -f /var/log/exim_mainlog
```
See Exim, exiwhat
November 14, 2020

How to stop SPAM with Postfix RBL

To stop spam using RBL in postfix, edit main.cf

vi /etc/postfix/main.cf

Add

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    permit

Restart postfix

systemctl restart postfix

See postfix

October 1, 2020

Postfix enable Maildir
To enable postfix, run
```
postconf -e "home_mailbox = Maildir/"
systemctl restart postfix
```
You can do it by editing /etc/postfix/main.cf
```
vi /etc/postfix/main.cf
```
Add
```
home_mailbox = Maildir/
```
if home_mailbox entry already in main.cf file, then modify instead of adding a new entry.

Virtual Mailbox

If you are using virtual mailbox, make sure you spedify folder in your virtual_mailbox_maps.

Here is what i have in main.cf
```
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
```
in /etc/postfix/vmailbox
```
root@ip-172-26-9-39:~# cat /etc/postfix/vmailbox
[email protected]   serverok.in/boby/
root@ip-172-26-9-39:~# 
```
if you miss / at end of the line, mail will get stored in mailbox format even if you specify home_mailbox = Maildir/

Verify Maildir

Create a user
```
useradd -m -s /bin/bash incoming
```
Sent a mail to the user
```
telnet localhost 25
ehlo localhost
mail from: root@localhost
rcpt to: incoming@localhost
data
Subject: Testing mail

Testing mail
.
quit
```
Login as the user
```
sudo - incoming
```
Check the mail
```
MAIL=/home/incoming/Maildir
mail
```
You will see the mail. Only recent version of mail command support Maildir. If you are using older version, it won’t work. If you are using recent version of Linux, you will be fine.

See Postfix
September 28, 2020
fatal: open /etc/postfix/main.cf: Permission denied
On a CentOS server, when sending mail from PHP scripts, mail failed to work. On checking postfix log file (/var/log/maillog), i see following error.
```
Aug 11 01:41:53 forums postfix/sendmail[44463]: fatal: open /etc/postfix/main.cf: Permission denied
```
To fix this, disable selinux
```
setenforce 0
```
To permanantly disable SELinux, run
```
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
```
August 13, 2020

Postfix email forward

On an Ubuntu Server, i done following to setup email forwarding.

Install postfix

apt -y install postfix

Edit /etc/postfix/main.cf, add following

vi /etc/postfix/main.cf

Add

virtual_mailbox_domains = YOUR-DOMAIN_HERE.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual

Create Virtual mailbox

vi /etc/postfix/vmailbox

Add

user1@YOUR-DOMAIN_HERE.com    YOUR-DOMAIN_HERE.com/user1

Create alias file, used for mail forwarding

vi /etc/postfix/virtual

Add

admin@YOUR-DOMAIN_HERE.com [email protected]

Wth above configuration, mail coming to admin@YOUR-DOMAIN_HERE.com will get forwarded to [email protected]. Email coming to user1@YOUR-DOMAIN_HERE.com get delivered to local mailbox folder.

Now run following commands to make hashmap

postmap /etc/postfix/vmailbox
postmap /etc/postfix/virtual

Restart postfix

systemctl restart postfix

February 6, 2020

iredmail

iRedMail allow you to run your own mail server easily. It use postfix mail server for mail delivery.

https://www.iredmail.org/

iredmail increase mail attachment size
iRedMail Intentional policy rejection

February 3, 2020
iredmail increase mail attachment size
Default mail attachment size in iredmail is 10 MB. To increase mail attachment size, login to server as user root, run following commands
```
postconf -e message_size_limit=104857600
postconf -e mailbox_size_limit=104857600
systemctl restart postfix
```
Here 104857600 is 100 MB in bytes (100 * 1024 * 1024). Change this as required. Sending very large file using mail attachment is not recommended, it is better use file sharing services like Google Drive, Dropbox, Microsoft OneDrive or another file hosting service for sharing large files.

Now edit php.ini file
```
vi /etc/php/7.2/fpm/php.ini
```
Change value for 3 of the following settings. It can be anything above 100 MB or whatever attachment size you want to use.
```
memory_limit = 256M;
upload_max_filesize = 100M;
post_max_size = 120M;
```
Restart php-fpm
```
systemctl restart php7.2-fpm
```
Edit roundcube configuration file
```
vi /opt/www/roundcubemail/config/config.inc.php
```
Set value for
```
$config['max_message_size'] = '100M';
```
Edit Nginx config file
```
vi /etc/nginx/conf-available/client_max_body_size.conf
```
Set value for
```
client_max_body_size 100m;
```
restart nginx
```
systemctl restart nginx
```
January 29, 2020

Category: Mail

Public Key

Enable DKIM Signing

Virtual Mailbox

Verify Maildir