Tag: postfix

postfix smtp Must issue a STARTTLS command first

When sending an email to a server, mail bounced with the following error message.

Action: failed
Status: 5.7.0
Remote-MTA: dns; mail01.riedelbau.de
Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first

To fix the error, first enabled debug in postfix for the Remote-MTA, for this, edit file

vi /etc/postfix/main.cf

Add the following lines. You need to remove these lines after debug is completed or your log file will get larger with debug log.

debug_peer_list=mail01.riedelbau.de
debug_peer_level=3

Restart postfix mail server.

systemctl restart postfix

Now I send a mail, in /var/log/mail.log, I got the detailed error message.

Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 64
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 220 mail01.riedelbau.de ESMTP Fri, 17 Sep 2021 08:32:23 +0200 
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: EHLO smtp1.serverok.in
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 31
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 221
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-mail01.riedelbau.de Hello [173.249.63.91]
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TURN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-SIZE 36700160
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ETRN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-PIPELINING
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-DSN
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-ENHANCEDSTATUSCODES
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-8bitmime
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-BINARYMIME
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-CHUNKING
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-VRFY
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-TLS
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250-STARTTLS
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 250 OK
Sep 17 08:32:25 mail postfix/smtp[31356]: server features: 0x901f size 36700160
Sep 17 08:32:25 mail postfix/smtp[31356]: Using ESMTP PIPELINING, TCP send buffer size is 87040, PIPELINING buffer size is 4096
Sep 17 08:32:25 mail postfix/smtp[31356]: Host offered STARTTLS: [mail01.riedelbau.de]
Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: MAIL FROM: SIZE=676
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: RCPT TO: ORCPT=rfc822;[email protected]
Sep 17 08:32:25 mail postfix/smtp[31356]: > mail01.riedelbau.de[93.188.26.3]:25: DATA
Sep 17 08:32:25 mail postfix/smtp[31356]: smtp_stream_setup: maxtime=300 enable_deadline=0
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_fflush_some: fd 14 flush 116
Sep 17 08:32:25 mail postfix/smtp[31356]: vstream_buf_get_ready: fd 14 got 141
Sep 17 08:32:25 mail postfix/smtp[31356]: < mail01.riedelbau.de[93.188.26.3]:25: 530 5.7.0 Must issue a STARTTLS command first

The error is fixed by running

postconf -e "smtp_tls_security_level=encrypt"
systemctl restart postfix

You may also need to check the value of smtpd_tls_CAfile

root@mail:~# postconf smtpd_tls_CAfile
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
root@mail:~#

If you don't have this set, run

postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"

See postfix

September 17, 2021

How to stop SPAM with Postfix RBL

To stop spam using RBL in postfix, edit main.cf

vi /etc/postfix/main.cf

Add

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org,
    permit

Restart postfix

systemctl restart postfix

See postfix

October 1, 2020

Postfix enable Maildir
To enable postfix, run
```
postconf -e "home_mailbox = Maildir/"
systemctl restart postfix
```
You can do it by editing /etc/postfix/main.cf
```
vi /etc/postfix/main.cf
```
Add
```
home_mailbox = Maildir/
```
if home_mailbox entry already in main.cf file, then modify instead of adding a new entry.

Virtual Mailbox

If you are using virtual mailbox, make sure you spedify folder in your virtual_mailbox_maps.

Here is what i have in main.cf
```
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
```
in /etc/postfix/vmailbox
```
root@ip-172-26-9-39:~# cat /etc/postfix/vmailbox
[email protected]   serverok.in/boby/
root@ip-172-26-9-39:~# 
```
if you miss / at end of the line, mail will get stored in mailbox format even if you specify home_mailbox = Maildir/

Verify Maildir

Create a user
```
useradd -m -s /bin/bash incoming
```
Sent a mail to the user
```
telnet localhost 25
ehlo localhost
mail from: root@localhost
rcpt to: incoming@localhost
data
Subject: Testing mail

Testing mail
.
quit
```
Login as the user
```
sudo - incoming
```
Check the mail
```
MAIL=/home/incoming/Maildir
mail
```
You will see the mail. Only recent version of mail command support Maildir. If you are using older version, it won’t work. If you are using recent version of Linux, you will be fine.

See Postfix
September 28, 2020

Plesk Mail not working amavis error

When sending email from a Plesk server, i get error

Aug 11 19:49:28 vmi274961 postfix/smtp[29276]: E413C3320265: to=, relay=none, delay=0.47, delays=0.47/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

This is beccause amavis service is not running. It is supposed to be run in port 10024

When i try to start amavis service, i get error

Aug 17 09:31:04 server.ishiply.com systemd[1]: Starting LSB: Starts amavisd-new mailfilter...
Aug 17 09:31:05 server.ishiply.com amavis[7771]: Starting amavisd: Problem in Amavis SQL base code: Can't locate DBI.pm in @INC (you may need to install the DBI module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at (eval 100) line 19.
Aug 17 09:31:05 server.ishiply.com amavis[7771]: BEGIN failed--compilation aborted at (eval 100) line 19.
Aug 17 09:31:05 server.ishiply.com amavis[7771]: (failed).

This is becuase Perl DBI module was missing. On Ubuntu server, i found the package that provide this DBI.pm with command “apt-cache search DBI.pm”. To fix the error, install package libdbd-mysql-perl.

apt install -y libdbd-mysql-perl

After installing this, i try start amavis again. I got differnt error

root@server:~# systemctl status amavis.service
● amavis.service - LSB: Starts amavisd-new mailfilter
   Loaded: loaded (/etc/init.d/amavis; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2020-08-17 09:59:37 SAST; 5s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 10597 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)

Aug 17 09:59:36 server.ishiply.com systemd[1]: Starting LSB: Starts amavisd-new mailfilter...
Aug 17 09:59:37 server.ishiply.com amavis[10603]: starting. /usr/sbin/amavisd-new at server.ishiply.com amavisd-new-2.10.1 (20141025), Unicode aware, LC_ALL="C", LANG="en_US.UTF-8"
Aug 17 09:59:37 server.ishiply.com amavis[10597]: Starting amavisd: ERROR: MISSING REQUIRED ADDITIONAL MODULES:
Aug 17 09:59:37 server.ishiply.com amavis[10597]:   DBD::mysql
Aug 17 09:59:37 server.ishiply.com amavis[10597]:   DBD::mysql
Aug 17 09:59:37 server.ishiply.com amavis[10597]: (failed).
Aug 17 09:59:37 server.ishiply.com systemd[1]: amavis.service: Control process exited, code=exited status=1
Aug 17 09:59:37 server.ishiply.com systemd[1]: Failed to start LSB: Starts amavisd-new mailfilter.
Aug 17 09:59:37 server.ishiply.com systemd[1]: amavis.service: Unit entered failed state.
Aug 17 09:59:37 server.ishiply.com systemd[1]: amavis.service: Failed with result 'exit-code'.
root@server:~#

To find package that provide DBD::mysql, i used command

apt-cache search DBD::mysql

To fix, install the package

apt install -y libdbd-mysql-perl

I am able to start amavis service with command

systemctl start amavis.service

In Plesk > Extensions > Plesk Email Security now shows Amavis, Postfix and Dovecot running properly.

August 17, 2020

fatal: open /etc/postfix/main.cf: Permission denied
On a CentOS server, when sending mail from PHP scripts, mail failed to work. On checking postfix log file (/var/log/maillog), i see following error.
```
Aug 11 01:41:53 forums postfix/sendmail[44463]: fatal: open /etc/postfix/main.cf: Permission denied
```
To fix this, disable selinux
```
setenforce 0
```
To permanantly disable SELinux, run
```
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
```
August 13, 2020

Postfix email forward

On an Ubuntu Server, i done following to setup email forwarding.

Install postfix

apt -y install postfix

Edit /etc/postfix/main.cf, add following

vi /etc/postfix/main.cf

Add

virtual_mailbox_domains = YOUR-DOMAIN_HERE.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual

Create Virtual mailbox

vi /etc/postfix/vmailbox

Add

user1@YOUR-DOMAIN_HERE.com    YOUR-DOMAIN_HERE.com/user1

Create alias file, used for mail forwarding

vi /etc/postfix/virtual

Add

admin@YOUR-DOMAIN_HERE.com [email protected]

Wth above configuration, mail coming to admin@YOUR-DOMAIN_HERE.com will get forwarded to [email protected]. Email coming to user1@YOUR-DOMAIN_HERE.com get delivered to local mailbox folder.

Now run following commands to make hashmap

postmap /etc/postfix/vmailbox
postmap /etc/postfix/virtual

Restart postfix

systemctl restart postfix

February 6, 2020

iredmail increase mail attachment size
Default mail attachment size in iredmail is 10 MB. To increase mail attachment size, login to server as user root, run following commands
```
postconf -e message_size_limit=104857600
postconf -e mailbox_size_limit=104857600
systemctl restart postfix
```
Here 104857600 is 100 MB in bytes (100 * 1024 * 1024). Change this as required. Sending very large file using mail attachment is not recommended, it is better use file sharing services like Google Drive, Dropbox, Microsoft OneDrive or another file hosting service for sharing large files.

Now edit php.ini file
```
vi /etc/php/7.2/fpm/php.ini
```
Change value for 3 of the following settings. It can be anything above 100 MB or whatever attachment size you want to use.
```
memory_limit = 256M;
upload_max_filesize = 100M;
post_max_size = 120M;
```
Restart php-fpm
```
systemctl restart php7.2-fpm
```
Edit roundcube configuration file
```
vi /opt/www/roundcubemail/config/config.inc.php
```
Set value for
```
$config['max_message_size'] = '100M';
```
Edit Nginx config file
```
vi /etc/nginx/conf-available/client_max_body_size.conf
```
Set value for
```
client_max_body_size 100m;
```
restart nginx
```
systemctl restart nginx
```
January 29, 2020

Postfix disable IPv6

To disable IPv6 on the postfix mail server, edit

vi /etc/postfix/main.cf

Find

inet_protocols = all

Replace with

inet_protocols = ipv4

Restart postfix

systemctl restart postfix

Method 2

postconf -e inet_protocols=ipv4
systemctl restart postfix

To see the current configuration, run

[root@server ~]# postconf inet_protocols
inet_protocols = ipv4
[root@server ~]#

June 17, 2019

Configure postfix to relay mails using Gmail

Install postfix

apt update
apt install postfix libsasl2-modules

Create file

touch /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
vi /etc/postfix/sasl_passwd

Add

[smtp.gmail.com]:587    [email protected]:password

Save and exit editor. Run

postmap /etc/postfix/sasl_passwd

Edit postfix configuration file

vi /etc/postfix/main.cf

Find and remove

relayhost =

At end of the file, add

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Restart postfix

systemctl restart postfix

Now all mails will be forwarded using gmail.

Test Email Delivery

Install mailutils

apt install mailutils

On CentOS

yum install mailx

To sent test email, run

echo "test" | mail -s "Testing gmail" [email protected]

Check mail log

tail -f /var/log/mail.log

See postfix

May 31, 2019

Postfix Delete Mails from a user
To delete emails from a particular user from postfix mail queue, run
```
postqueue -p | grep USER_HERE | cut -d' '  -f1 | postsuper -d -  
```
See postfix
February 16, 2019

Configure Postfix to use Amazon SES

Install postfix with

apt-get update && apt-get install postfix libsasl2-modules -y

Update postfix config with

sed -i "s/default_transport = error/# default_transport = error/g" /etc/postfix/main.cf
sed -i "s/relay_transport = error/# relay_transport = error/g" /etc/postfix/main.cf
sed -i "s/relayhost =/# relayhost =/g" /etc/postfix/main.cf

Edit

vi /etc/postfix/main.cf

Add to end of the file

relayhost = [SMTP_SERVER_NAME]:587
smtp_tls_security_level = encrypt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

In the above, replace SMTP_SERVER_NAME with your Amazon SES mail server, for example “email-smtp.us-east-1.amazonaws.com”, you can see it in your Amazon SES console.

Run

echo "[SMTP_SERVER_NAME]:587 SMTP_USERNAME:SMTP_PASSWORD" > /etc/postfix/sasl_passwd

Replace SMTP_SERVER_NAME, SMTP_USERNAME and SMTP_PASSWORD with your actual credentials.

Now run

postmap /etc/postfix/sasl_passwd

Restart postfix

service postfix restart

You can test mail working with

echo "test" | mail -r you@SES_VERIFIED_DOMAIN -s "test" [email protected]

For sending from Apache, you may need to set myorigin in postfix confgiration with your veirfied domain. This can be done by editing

vi /etc/mailname

You can verify myorgin with

root@ip-172-31-30-228:~# postconf | grep myorigin
append_at_myorigin = yes
myorigin = /etc/mailname
root@ip-172-31-30-228:~#

Sending Mail from Amazon EC2

When sending email from Amazon EC2, it rejected with

Aug 28 17:20:59 ip-172-31-11-238 postfix/smtp[27260]: 1BB10831A0: to=, relay=email-smtp.us-east-1.amazonaws.com[23.23.196.20]:587, delay=2.9, delays=0.02/0.03/1.7/1.2, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[23.23.196.20] said: 554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: [email protected] (in reply to end of DATA command))

Problem is solved by editing

vi /etc/postfix/main.cf

Find

myhostname = ip-172-31-28-58.ap-southeast-2.compute.internal

Replace with

myhostname = AWS_VERIFIED_DOMAIN_HERE

Amazon SES

April 10, 2018

postconf
postconf allow you to list/change postfix configuration.

To list current config, run
```
postconf -n
```
To change a configuration, run
```
postconf -e home_mailbox=Maildir/
```
postfix
March 3, 2018

Tag: postfix

Virtual Mailbox

Verify Maildir

Test Email Delivery