Tikejhya: Ashish Nepal

Knowledgebase

Category: postfix

virtual alias maps [Postfix]

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

How to redirect all incoming emails from one address to other email address, in postfix terms virtual alias mapping.

Lets try with regex [regex would give flexibility to use only certain type of email address rather than accepting spam emails]
virtual_alias_maps = regexp:/etc/postfix/virtualregexp

vi /etc/postfix/virtualregexp
/test-([A-z]{0,})-@ashishnepal.com / getall@tikejhya.com

In above example: We will be able to redirect all incoming email for email address such as [test-ashish-@ashishnepal.com] to getall@tikejhya.com

Used by virtual(5) delivery

Always invoked first time before any other address classes. It doesn’t care whether the recipient domain was listed in mydestination, virtual_mailbox_domains or other places. It will override the address/alias defined in other places.

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

The lookup input has some format

user@domain: it will match user@domain literally

user: it will match user@site when site is equal to $myorigin, when site is listed in $mydestination, or when it is listed in $inet_interfaces or $proxy_interfaces. This functionality overlaps with functionality of the local aliases(5) database.

@domain: it will match any email intended for domain regardless of local parts

The lookup result must be

valid email address
user without domain. Postfix will append $myorigin if append_at_myorigin set yes

postfix fight:spam

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

smtpd_recepient_restrictions = check_client_access cidr:/etc/postfix/blacklist.cidr

/etc/postfix/blacklist.cidr
192.168.0/24 REJECT Go away
postmap /etc/postfix/blacklist.cidr

body_checks=pcre:/etc/postfix/body_checks.pcre

/Viagra/ REJECT Go away

postfix smtp relay

echo “mail.test.com    no-reply@Test.com:PASSWORD” > /etc/postfix/saslpass

 

vi /etc/postfix/main.cf

relayhost = [mail.test.com]:587
smtp_sasl_auth_enable = yes
smtp_use_tls=yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous

 

Using diff IP to send email POSTFIX

This can be specified in the main.cf file for all SMTP clients, or it can be specified in the master.cf file for a specific client, for example:

Edit /etc/postfix/main.cf and make sure that the following line is present
inet_interfaces = 11.22.33.44, localhost

However, using smtp_bind_address will force to listen inbound mail only on new ip so if we want both ip to be there for listening for incomming mail you want to do.

Change this part:

smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=

to this:

smtp unix - - - - - smtp
-o smtp_bind_address=11.22.33.44
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_bind_address=11.22.33.44
-o smtp_fallback_relay=

Postfix DKIM

What is DKIM?

For funtional overview visit:
http://www.sendmail.co.uk/sm/open_source/dkim/functional_overview/

DKIM or DomainKeys Identified Mail is an electronic signature that is inserted into the full header of your email to identify the origin of where the message was sent.

Howto?

# Install opendkim, which is fork of dkim-milter.
yum install opendkim

# Create directory for you domain, generate key, change ownership.
mkdir /etc/opendkim/keys/mydomain.com
opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com
mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default

# If you have multiple domain, do same for each domain.

# Configuration File
/etc/opendkim.conf – OpenDKIM’s main configuration file
/etc/opendkim/KeyTable – a list of keys available for signing
/etc/opendkim/SigningTable - a list of domains and accounts allowed to sign
/etc/opendkim/TrustedHosts – a list of servers to “trust” when signing or verifying

# vi /etc/opendkim.conf
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002

Canonicalization relaxed/simple
Selector default
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/default.private
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

# vi /etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default

# If you have multiple domain add similar line with each domain

# vi /etc/opendkim/SigningTable
*@mydomain.com default._domainkey.mydomain.com

vi /etc/opendkim/TrustedHosts
127.0.0.1

# If you want to add simillar trusted domain or ip add in Trusted host file.

# Now Make postfix aware where to go for smtpd milter
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

# If you’re running a version of Postfix prior to 2.6, you may need to add:
milter_protocol = 2

Service opendkim start
service postfix reload

Add DNS entry with the key you created for each domain which can be found under.
/etc/opendkim/keys/mydomain.com/default.txt

Test:
By sending a blank email to the following address : sa-test@sendmail.net or check-auth@verifier.port25.com or autorespond+dkim@dk.elandsys.com and check the respon.

Or, check header of email message.

Checking Mail server reputation:
https://www.senderscore.org/
http://mxtoolbox.com/SuperTool.aspx

Openrelay Test:
http://www.mailradar.com/openrelay/

Test Openrelay Telnet:

telnet: > telnet mx1.example.com smtp
telnet: Trying 192.0.2.2…
telnet: Connected to mx1.example.com.
telnet: Escape character is ‘^]’.
server: 220 mx1.example.com ESMTP server ready Tue, 20 Jan 2004 22:33:36 +0200
client: HELO client.example.com
server: 250 mx1.example.com
client: MAIL from:
server: 250 Sender Ok
client: RCPT to:
server: 250 Recipient Ok
client: DATA
server: 354 Ok Send data ending with .
client: From: sender@example.com
client: To: recipient@example.com
client: Subject: Test message
client:
client: This is a test message.
client: .
server: 250 Message received: 20040120203404.CCCC18555.mx1.example.com@client.example.com
client: QUIT
server: 221 mx1.example.com ESMTP server closing connection

Postfix delete certain email queue

mailq | grep -i “tikejhya@ashishnepal.com” | awk ‘{ print $1 }’ | cut -d”*” -f1 | postsuper -d –

Powered by WordPress & Theme by Anders Norén