email: postfix SPAM and security tricks & tips
http://www.shaunfreeman.co.uk/install-fail2ban-on-centos-6-with-plesk/
http://forum.parallels.com/showthread.php?72464-Shell-script-for-checking-mail-queue
http://www.devcu.com/forums/topic/274-locking-down-postfix-against-spam/
Log Location
/usr/local/psa/var/log/maillog
View the log in realtime
tail -f /usr/local/psa/var/log/maillog
Display number of emails being sent to each domain and how long they have been in the active queue.
See more into about Qshape here
qshape active
Display differed queue
qshape deferred
Display hold queue
qshape deferred
Display Custom Queue script (see below for how to create)
/root/mailq.pl
Check Postfix Queue
postqueue -p
Remove all unsent mailer daemon notifications
mailq|awk ' /^[0-9A-F][0-9A-F]*[^*].*MAILER-DAEMON$/ {print $1}'|sudo xargs -rn1 postsuper -d
#delete based on the from address:
mailq|awk ' /^[0-9A-F][0-9A-F]*.*mail.ru$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d
Read a message in the Postfix Queue
postcat -q MESSAGE_ID
Resend messages in the queue
postqueue -f
Delete all messages in Queue
postsuper -d ALL
Test Email sending from postfix
echo "Test mail from postfix" | mail -s "Test Postfix" person@example.com
Check for serious errors in the log
egrep '(reject|warning|error|fatal|panic):' /usr/local/psa/var/log/maillog | more
Create file /root/mailq.pl
Set permissions to allow root execution
Dump this into it:
#!/usr/bin/env perl
use strict;
use warnings;
use Symbol;
sub count {
my ($dir) = @_;
my $dh = gensym();
my $c = 0;
opendir($dh, $dir) or die "$0: opendir: $dir: $!\n";
while (my $f = readdir($dh)) {
if ($f =~ m{^[A-F0-9]{5,}$}) {
++$c;
} elsif ($f =~ m{^[A-F0-9]$}) {
$c += count("$dir/$f");
}
}
closedir($dh) or die "closedir: $dir: $!\n";
return $c;
}
my $qdir = `postconf -h queue_directory`;
chomp($qdir);
chdir($qdir) or die "$0: chdir: $qdir: $!\n";
printf "Incoming: %d\n", count("incoming");
printf "Active: %d\n", count("active");
printf "Deferred: %d\n", count("deferred");
printf "Bounced: %d\n", count("bounce");
printf "Hold: %d\n", count("hold");
printf "Corrupt: %d\n", count("corrupt");
Execute by typing /root/mailq.pl
http://www.freesoftwaremagazine.com/articles/focus_spam_postfix
http://www.dp.cx/blog/postfix---fail2ban---win.html#.UYFohCs4XOU
/usr/local/psa/admin/sbin/mailmng --features | grep SMTP_Server
/usr/local/psa/admin/sbin/mailmng --stop-smtpd
QMail MTA: ```kill -ALRM `pidof qmail-send````
Postfix MTA: postqueue -f
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component postfix
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component qmail
edit /etc/postfix/main.cf
Find/edit this section:
smtpd_tls_security_level = none
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
http://www.howtoforge.com/virtual_postfix_antispam
By default Postfix appends a little announcement to outgoing messages saying that this email is powered by Postfix. It's best to give hackers as little information as possible about your server, so you should remove the banner by finding the line for smtpd_banner in the configuration file and setting it to:
smtpd_banner = $myhostname ESMTP
change inet_interfaces = all
to ```inet_interfaces = localhost``
### Checks to remove badly formed email
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp: /etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
### Can cause issues with Auth SMTP, so be weary!
### reject_non_fqdn_hostname,
##################################
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net
Create /etc/postfix/helo.regexp
and set contents to:
/^subdomain\.host\.com$/ 550 Don't use my own hostname
/^xxx\.yyy\.zzz\.xxx$/ 550 Don't use my own IP address
/^\[xxx\.yyy\.zzz\.xxx\]$/ 550 Don't use my own IP address
/^[0-9.]+$/ 550 Your software is not RFC 2821 compliant
/^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant