Hi
I got this amazing site that guides one on how to setup a mailserver
http://fedorasolved.org/server-solutions/postfix-mail-server?searchterm=postfix
everything is okay until i try and run the following command but i get an error failed
/sbin/service postfix start
The following is registered i the log viewer
fatal: /etc/postfix/main.cf, line 164: missing '=' after attribute name: "info"
I have attached my main.cf file
what could be wrong with it
Please help
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
#
http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain = mebkenya.com
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
#
user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
Info
Postfix Mail Server
by daMaestro — last modified Jan 30, 2008 02:46 AM
— filed under: Server Solutions
This howto explains how to setup postfix with features such as tls encryption, smtp auth, content filtering, spam protection, virus protection and grey listing. This howto uses postfix, amavisd-new, spam assassin, clamav and sqlgrey. Most of which are in Fedora Extras. Work is also being done to make sure all are in Fedora Extras soon.
Applicable to Fedora Versions
* Fedora Core 5+
Requirements
Mail servers rely on port 25 (tcp) to send and receive mail. It is also helpful to have a static IP address, however, it is not needed with todays offerings for dynamic DNS services. Some providers don't allow port 25 but this is mainly just restricted for "residential" lines. It is always good to keep Fedora updated and this howto assumes you are updated and running the latest versions for your release.
* Port 25 inbound
* Updated Fedora Core
Assumptions Made in HowTo
This howto assumes the following:
* Domain name: example.com
* Host name: host.example.com
* Firewall is already configured to allow port 25:tcp
* IPv4
* Local user account: local-user
Doing the Work
The first steps are to just get everything installed that will be needed to complete the full howto. At this time this includes a few things that are not in Fedora Extras yet. This howto will be updated as software makes it into Fedora Extras. We will be using mysql server for postgrey. If you don't want postgrey or you want to use a different database backend, either don't install a database server or install your database server of choice. Information about using Postgre SQL will be added at some point.
1. Install Needed Software
1. Install most of the needed software from Fedora Extras using yum:
yum install postfix mysql-server spamassassin clamav amavisd-new cyrus-sasl clamav-update sqlgrey
2. Configure and Test Postfix
1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:
mydomain = mebkenya.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
2. Start the server for the first time:
/sbin/service postfix start
3. Send a test mail to a local user using telnet:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix>
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
MAIL FROM: <user>
250 2.1.0 Ok
RCPT TO: <local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
250 2.0.0 Ok: queued as B95C8110064
QUIT
4. Check the users mail with the 'mail' command when logged in as the local-user:
mail
If this worked delete the users mail and move on, 'man mail' for more information about the mail command.
3. Do Some More Configuration for Postfix
This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:
* Mail is stored in $HOME
* TLS required for sending mail remotely
* Certificates in /etc/postfix
* The 'standard' is /etc/pki/tls
1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
1. The following changes are updates:
home_mailbox = Maildir/
2. These changes are additions to the configuration file and may be added at the end of the file.
#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Add some security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
If you don't have a certificate already, you may generate a self signed cert with the following commands:
cd /etc/postfix
openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
chmod 600 *.pem
3. Restart the server:
/sbin/service postfix restart
4. Try to send test mail to your local-user account both from localhost and a remote server.
This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you 'EHLO':
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
5. Test if TLS is working correctly:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
If you do not see 'Ready to start TLS', something is wrong with your TLS setup.
4. Test SMTP Auth Using a Standard Mail Client
Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.
1. Start sasl:
/sbin/service saslauthd start
2. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
In addition to a remote account, you could also send a test message to root, another account or yourself.
* Host: host.example.com
* User: local-user
* Password: local-user's password
* Force TLS for SMTP
* Force SMTP Auth
5. Setup Amavisd-New, Spam Assassin, Clam-AV
Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.
1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
$myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command 'hostname'
$mydomain = 'example.com';
$myhostname = 'host.example.com';
2. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
whitelist_from *@example.com
3. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
Note: The change is to comment out this line.
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4. Update /etc/freshclam.conf to enable automatic updates:
Note: The change is to comment out 'Example'.
#Example
5. Start everything up:
/sbin/service amavisd start
/sbin/service clamd.amavisd start
/sbin/service spamassassin start
6. Configure Postfix to Use the New Content Filtering System
Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.
1. Add the following to /etc/postfix/master.cf:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
2. Add the following to the /etc/postfix/main.cf config file:
content_filter = smtp-amavis:[127.0.0.1]:10024
3. Restart postfix to apply the changes:
/sbin/service postfix restart
7. Setup Grey Listing
Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.
1. Setup the mysql database:
This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the '-p' switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.
/sbin/service mysqld start
mysql -u root
2. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
Commands are in bold responses are in italics
mysql> create database sqlgrey;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
3. Set a root password for mysql:
mysqladmin -u root password "mysqlRootPassword"
4. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/sqlgrey.conf config:
db_type = mysql
db_pass = mysqlUserPassword
admin_mail =
server-admin@example.com
5. Start the sqlgrey service:
/sbin/service sqlgrey start
8. Setup Postfix to Do Grey Listing
Postfix needs to be configured to check the greylisting service for the status of a sender.
1. Configure postfix to do the greylist check. Make the following update to the /etc/postfix/main.cf config file:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:2501
2. Restart postfix to apply the changes:
/sbin/service postfix restart
9. Set Services to Run on Boot
The combination of services need to get set to run on boot. Do so with 'chkconfig':
/sbin/chkconfig postfix on
/sbin/chkconfig amavisd on
/sbin/chkconfig clamd.amavisd on
/sbin/chkconfig spamassassin on
/sbin/chkconfig mysqld on
/sbin/chkconfig sqlgrey on
Troubleshooting
How to Test
Test by sending mail from a remote service/server.
Common Problems and Fixes
The most common issue is networking issues. Please be sure your networking is setup correctly. For example the below is to allow port 25:tcp using iptables:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
More Information
Check the following sites for more details about configuration:
Disclaimer
We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #fedora on irc.freenode.net
Added Reading
* Postfix
http://www.postfix.org/
* Amavisd-new
http://freshmeat.net/projects/amavisd-new/
* Clamav
http://www.clamav.net/
* Spam Assassin
http://spamassassin.apache.org/
* SQLgrey
http://sqlgrey.sourceforge.net/
Document Actions
* Send this
* Print this
Info
Postfix Mail Server
by daMaestro — last modified Jan 30, 2008 02:46 AM
— filed under: Server Solutions
This howto explains how to setup postfix with features such as tls encryption, smtp auth, content filtering, spam protection, virus protection and grey listing. This howto uses postfix, amavisd-new, spam assassin, clamav and sqlgrey. Most of which are in Fedora Extras. Work is also being done to make sure all are in Fedora Extras soon.
Applicable to Fedora Versions
* Fedora Core 5+
Requirements
Mail servers rely on port 25 (tcp) to send and receive mail. It is also helpful to have a static IP address, however, it is not needed with todays offerings for dynamic DNS services. Some providers don't allow port 25 but this is mainly just restricted for "residential" lines. It is always good to keep Fedora updated and this howto assumes you are updated and running the latest versions for your release.
* Port 25 inbound
* Updated Fedora Core
Assumptions Made in HowTo
This howto assumes the following:
* Domain name: example.com
* Host name: host.example.com
* Firewall is already configured to allow port 25:tcp
* IPv4
* Local user account: local-user
Doing the Work
The first steps are to just get everything installed that will be needed to complete the full howto. At this time this includes a few things that are not in Fedora Extras yet. This howto will be updated as software makes it into Fedora Extras. We will be using mysql server for postgrey. If you don't want postgrey or you want to use a different database backend, either don't install a database server or install your database server of choice. Information about using Postgre SQL will be added at some point.
1. Install Needed Software
1. Install most of the needed software from Fedora Extras using yum:
yum install postfix mysql-server spamassassin clamav amavisd-new cyrus-sasl clamav-update sqlgrey
2. Configure and Test Postfix
1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:
mydomain = mebkenya.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
2. Start the server for the first time:
/sbin/service postfix start
3. Send a test mail to a local user using telnet:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix>
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
MAIL FROM: <user>
250 2.1.0 Ok
RCPT TO: <local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
250 2.0.0 Ok: queued as B95C8110064
QUIT
4. Check the users mail with the 'mail' command when logged in as the local-user:
mail
If this worked delete the users mail and move on, 'man mail' for more information about the mail command.
3. Do Some More Configuration for Postfix
This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:
* Mail is stored in $HOME
* TLS required for sending mail remotely
* Certificates in /etc/postfix
* The 'standard' is /etc/pki/tls
1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
1. The following changes are updates:
home_mailbox = Maildir/
2. These changes are additions to the configuration file and may be added at the end of the file.
#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Add some security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
If you don't have a certificate already, you may generate a self signed cert with the following commands:
cd /etc/postfix
openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
chmod 600 *.pem
3. Restart the server:
/sbin/service postfix restart
4. Try to send test mail to your local-user account both from localhost and a remote server.
This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you 'EHLO':
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
5. Test if TLS is working correctly:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
If you do not see 'Ready to start TLS', something is wrong with your TLS setup.
4. Test SMTP Auth Using a Standard Mail Client
Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.
1. Start sasl:
/sbin/service saslauthd start
2. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
In addition to a remote account, you could also send a test message to root, another account or yourself.
* Host: host.example.com
* User: local-user
* Password: local-user's password
* Force TLS for SMTP
* Force SMTP Auth
5. Setup Amavisd-New, Spam Assassin, Clam-AV
Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.
1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
$myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command 'hostname'
$mydomain = 'example.com';
$myhostname = 'host.example.com';
2. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
whitelist_from *@example.com
3. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
Note: The change is to comment out this line.
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4. Update /etc/freshclam.conf to enable automatic updates:
Note: The change is to comment out 'Example'.
#Example
5. Start everything up:
/sbin/service amavisd start
/sbin/service clamd.amavisd start
/sbin/service spamassassin start
6. Configure Postfix to Use the New Content Filtering System
Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.
1. Add the following to /etc/postfix/master.cf:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
2. Add the following to the /etc/postfix/main.cf config file:
content_filter = smtp-amavis:[127.0.0.1]:10024
3. Restart postfix to apply the changes:
/sbin/service postfix restart
7. Setup Grey Listing
Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.
1. Setup the mysql database:
This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the '-p' switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.
/sbin/service mysqld start
mysql -u root
2. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
Commands are in bold responses are in italics
mysql> create database sqlgrey;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
3. Set a root password for mysql:
mysqladmin -u root password "mysqlRootPassword"
4. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/sqlgrey.conf config:
db_type = mysql
db_pass = mysqlUserPassword
admin_mail =
server-admin@example.com
5. Start the sqlgrey service:
/sbin/service sqlgrey start
8. Setup Postfix to Do Grey Listing
Postfix needs to be configured to check the greylisting service for the status of a sender.
1. Configure postfix to do the greylist check. Make the following update to the /etc/postfix/main.cf config file:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:2501
2. Restart postfix to apply the changes:
/sbin/service postfix restart
9. Set Services to Run on Boot
The combination of services need to get set to run on boot. Do so with 'chkconfig':
/sbin/chkconfig postfix on
/sbin/chkconfig amavisd on
/sbin/chkconfig clamd.amavisd on
/sbin/chkconfig spamassassin on
/sbin/chkconfig mysqld on
/sbin/chkconfig sqlgrey on
Troubleshooting
How to Test
Test by sending mail from a remote service/server.
Common Problems and Fixes
The most common issue is networking issues. Please be sure your networking is setup correctly. For example the below is to allow port 25:tcp using iptables:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
More Information
Check the following sites for more details about configuration:
Disclaimer
We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #fedora on irc.freenode.net
Added Reading
* Postfix
http://www.postfix.org/
* Amavisd-new
http://freshmeat.net/projects/amavisd-new/
* Clamav
http://www.clamav.net/
* Spam Assassin
http://spamassassin.apache.org/
* SQLgrey
http://sqlgrey.sourceforge.net/
Document Actions
* Send this
* Print this
Info
Postfix Mail Server
by daMaestro — last modified Jan 30, 2008 02:46 AM
— filed under: Server Solutions
This howto explains how to setup postfix with features such as tls encryption, smtp auth, content filtering, spam protection, virus protection and grey listing. This howto uses postfix, amavisd-new, spam assassin, clamav and sqlgrey. Most of which are in Fedora Extras. Work is also being done to make sure all are in Fedora Extras soon.
Applicable to Fedora Versions
* Fedora Core 5+
Requirements
Mail servers rely on port 25 (tcp) to send and receive mail. It is also helpful to have a static IP address, however, it is not needed with todays offerings for dynamic DNS services. Some providers don't allow port 25 but this is mainly just restricted for "residential" lines. It is always good to keep Fedora updated and this howto assumes you are updated and running the latest versions for your release.
* Port 25 inbound
* Updated Fedora Core
Assumptions Made in HowTo
This howto assumes the following:
* Domain name: example.com
* Host name: host.example.com
* Firewall is already configured to allow port 25:tcp
* IPv4
* Local user account: local-user
Doing the Work
The first steps are to just get everything installed that will be needed to complete the full howto. At this time this includes a few things that are not in Fedora Extras yet. This howto will be updated as software makes it into Fedora Extras. We will be using mysql server for postgrey. If you don't want postgrey or you want to use a different database backend, either don't install a database server or install your database server of choice. Information about using Postgre SQL will be added at some point.
1. Install Needed Software
1. Install most of the needed software from Fedora Extras using yum:
yum install postfix mysql-server spamassassin clamav amavisd-new cyrus-sasl clamav-update sqlgrey
2. Configure and Test Postfix
1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
2. Start the server for the first time:
/sbin/service postfix start
3. Send a test mail to a local user using telnet:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix>
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
MAIL FROM: <user>
250 2.1.0 Ok
RCPT TO: <local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
250 2.0.0 Ok: queued as B95C8110064
QUIT
4. Check the users mail with the 'mail' command when logged in as the local-user:
mail
If this worked delete the users mail and move on, 'man mail' for more information about the mail command.
3. Do Some More Configuration for Postfix
This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:
* Mail is stored in $HOME
* TLS required for sending mail remotely
* Certificates in /etc/postfix
* The 'standard' is /etc/pki/tls
1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
1. The following changes are updates:
home_mailbox = Maildir/
2. These changes are additions to the configuration file and may be added at the end of the file.
#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Add some security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
If you don't have a certificate already, you may generate a self signed cert with the following commands:
cd /etc/postfix
openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
chmod 600 *.pem
3. Restart the server:
/sbin/service postfix restart
4. Try to send test mail to your local-user account both from localhost and a remote server.
This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you 'EHLO':
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
5. Test if TLS is working correctly:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
If you do not see 'Ready to start TLS', something is wrong with your TLS setup.
4. Test SMTP Auth Using a Standard Mail Client
Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.
1. Start sasl:
/sbin/service saslauthd start
2. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
In addition to a remote account, you could also send a test message to root, another account or yourself.
* Host: host.example.com
* User: local-user
* Password: local-user's password
* Force TLS for SMTP
* Force SMTP Auth
5. Setup Amavisd-New, Spam Assassin, Clam-AV
Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.
1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
$myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command 'hostname'
$mydomain = 'example.com';
$myhostname = 'host.example.com';
2. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
whitelist_from *@example.com
3. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
Note: The change is to comment out this line.
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4. Update /etc/freshclam.conf to enable automatic updates:
Note: The change is to comment out 'Example'.
#Example
5. Start everything up:
/sbin/service amavisd start
/sbin/service clamd.amavisd start
/sbin/service spamassassin start
6. Configure Postfix to Use the New Content Filtering System
Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.
1. Add the following to /etc/postfix/master.cf:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
2. Add the following to the /etc/postfix/main.cf config file:
content_filter = smtp-amavis:[127.0.0.1]:10024
3. Restart postfix to apply the changes:
/sbin/service postfix restart
7. Setup Grey Listing
Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.
1. Setup the mysql database:
This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the '-p' switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.
/sbin/service mysqld start
mysql -u root
2. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
Commands are in bold responses are in italics
mysql> create database sqlgrey;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
3. Set a root password for mysql:
mysqladmin -u root password "mysqlRootPassword"
4. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/sqlgrey.conf config:
db_type = mysql
db_pass = mysqlUserPassword
admin_mail =
server-admin@example.com
5. Start the sqlgrey service:
/sbin/service sqlgrey start
8. Setup Postfix to Do Grey Listing
Postfix needs to be configured to check the greylisting service for the status of a sender.
1. Configure postfix to do the greylist check. Make the following update to the /etc/postfix/main.cf config file:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:2501
2. Restart postfix to apply the changes:
/sbin/service postfix restart
9. Set Services to Run on Boot
The combination of services need to get set to run on boot. Do so with 'chkconfig':
/sbin/chkconfig postfix on
/sbin/chkconfig amavisd on
/sbin/chkconfig clamd.amavisd on
/sbin/chkconfig spamassassin on
/sbin/chkconfig mysqld on
/sbin/chkconfig sqlgrey on
Troubleshooting
How to Test
Test by sending mail from a remote service/server.
Common Problems and Fixes
The most common issue is networking issues. Please be sure your networking is setup correctly. For example the below is to allow port 25:tcp using iptables:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
More Information
Check the following sites for more details about configuration:
Disclaimer
We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #fedora on irc.freenode.net
Added Reading
* Postfix
http://www.postfix.org/
* Amavisd-new
http://freshmeat.net/projects/amavisd-new/
* Clamav
http://www.clamav.net/
* Spam Assassin
http://spamassassin.apache.org/
* SQLgrey
http://sqlgrey.sourceforge.net/
Document Actions
* Send this
* Print this
Info
Postfix Mail Server
by daMaestro — last modified Jan 30, 2008 02:46 AM
— filed under: Server Solutions
This howto explains how to setup postfix with features such as tls encryption, smtp auth, content filtering, spam protection, virus protection and grey listing. This howto uses postfix, amavisd-new, spam assassin, clamav and sqlgrey. Most of which are in Fedora Extras. Work is also being done to make sure all are in Fedora Extras soon.
Applicable to Fedora Versions
* Fedora Core 5+
Requirements
Mail servers rely on port 25 (tcp) to send and receive mail. It is also helpful to have a static IP address, however, it is not needed with todays offerings for dynamic DNS services. Some providers don't allow port 25 but this is mainly just restricted for "residential" lines. It is always good to keep Fedora updated and this howto assumes you are updated and running the latest versions for your release.
* Port 25 inbound
* Updated Fedora Core
Assumptions Made in HowTo
This howto assumes the following:
* Domain name: example.com
* Host name: host.example.com
* Firewall is already configured to allow port 25:tcp
* IPv4
* Local user account: local-user
Doing the Work
The first steps are to just get everything installed that will be needed to complete the full howto. At this time this includes a few things that are not in Fedora Extras yet. This howto will be updated as software makes it into Fedora Extras. We will be using mysql server for postgrey. If you don't want postgrey or you want to use a different database backend, either don't install a database server or install your database server of choice. Information about using Postgre SQL will be added at some point.
1. Install Needed Software
1. Install most of the needed software from Fedora Extras using yum:
yum install postfix mysql-server spamassassin clamav amavisd-new cyrus-sasl clamav-update sqlgrey
2. Configure and Test Postfix
1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:
mydomain = mebkenya.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
2. Start the server for the first time:
/sbin/service postfix start
3. Send a test mail to a local user using telnet:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix>
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
MAIL FROM: <user>
250 2.1.0 Ok
RCPT TO: <local>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
250 2.0.0 Ok: queued as B95C8110064
QUIT
4. Check the users mail with the 'mail' command when logged in as the local-user:
mail
If this worked delete the users mail and move on, 'man mail' for more information about the mail command.
3. Do Some More Configuration for Postfix
This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:
* Mail is stored in $HOME
* TLS required for sending mail remotely
* Certificates in /etc/postfix
* The 'standard' is /etc/pki/tls
1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
1. The following changes are updates:
home_mailbox = Maildir/
2. These changes are additions to the configuration file and may be added at the end of the file.
#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Add some security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
If you don't have a certificate already, you may generate a self signed cert with the following commands:
cd /etc/postfix
openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
chmod 600 *.pem
3. Restart the server:
/sbin/service postfix restart
4. Try to send test mail to your local-user account both from localhost and a remote server.
This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you 'EHLO':
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
5. Test if TLS is working correctly:
commands are in bold reponses are in italics
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
If you do not see 'Ready to start TLS', something is wrong with your TLS setup.
4. Test SMTP Auth Using a Standard Mail Client
Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.
1. Start sasl:
/sbin/service saslauthd start
2. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
In addition to a remote account, you could also send a test message to root, another account or yourself.
* Host: host.example.com
* User: local-user
* Password: local-user's password
* Force TLS for SMTP
* Force SMTP Auth
5. Setup Amavisd-New, Spam Assassin, Clam-AV
Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.
1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
$myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command 'hostname'
$mydomain = mebkenya.com;
$myhostname = 'host.example.com';
2. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
whitelist_from *@example.com
3. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
Note: The change is to comment out this line.
#FRESHCLAM_DELAY=disabled-warn # REMOVE ME
4. Update /etc/freshclam.conf to enable automatic updates:
Note: The change is to comment out 'Example'.
#Example
5. Start everything up:
/sbin/service amavisd start
/sbin/service clamd.amavisd start
/sbin/service spamassassin start
6. Configure Postfix to Use the New Content Filtering System
Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.
1. Add the following to /etc/postfix/master.cf:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
2. Add the following to the /etc/postfix/main.cf config file:
content_filter = smtp-amavis:[127.0.0.1]:10024
3. Restart postfix to apply the changes:
/sbin/service postfix restart
7. Setup Grey Listing
Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.
1. Setup the mysql database:
This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the '-p' switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.
/sbin/service mysqld start
mysql -u root
2. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
Commands are in bold responses are in italics
mysql> create database sqlgrey;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye
3. Set a root password for mysql:
mysqladmin -u root password "mysqlRootPassword"
4. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/s
