Skip to content

Rage Against the Shell

Linux tips and other things…

  • Home
  • Contact
  • Privacy Policy

Category: Postfix

Mysql failover in Postfix

Posted on November 4, 2016 - December 6, 2017 by Mr. Reboot

Tested in Debian 8 / Postfix 2.11

In a environment with Postfix and Mysql as backend, if you have several mysql servers in replication mode (cluster, master-master, master-slave …), you can configure postfix to connect to these servers, so if one of them falls, postfix will try to connect the next available one.

This is made in the configuration file of the mysql connection, in the hosts parameter:

~ $ cd /etc/postfix
~ $ cat mysql-users.cf
user = mysql-user
password = mysql-password
dbname = mysql-db
table = users
hosts = server1 server2 server3
query = select maildir from users where username='%s'

If you have configuration files for alias, domains, or more, you will have to make changes in these files too.

Posted in PostfixLeave a comment

Postfix + OpenDMARC

Posted on June 18, 2016 - December 17, 2019 by Mr. Reboot

OpenDMARC is a spam control mechanism that complements SPF and DKIM checks, including reporting policies. In Debian/Ubuntu you can install opendmarc from repositories:

~ $ apt-get install opendmarc

On Debian wheezy you have to add backports to sources.list file before:

~ $ echo 'deb http://ftp.debian.org/debian wheezy-backports main contrib' >> /etc/apt/sources.list
~ $ apt-get update
~ $ apt-get install opendmarc

Change configuration en /etc/opendmarc.conf, take this as example:

AuthservID mail.server.com
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
TrustedAuthservIDs mail.server.com,mail2.server.com,mail3.server.com
UMask 0002
UserID opendmarc:opendmarc
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat
SoftwareHeader true

Add hosts to /etc/opendmarc/ignore.hosts:

~ $ mkdir /etc/opendmarc
~ $ vim /etc/opendmarc/ignore.hosts
localhost
192.168.1.0/24

Configure port in /etc/default/opendmarc:

SOCKET="inet:83682@localhost"

And restart opendmarc:

~ $ /etc/init.d/opendmarc restart

Now configure postfix, add milters to existent milters (dkim) in /etc/postfix/main.cf:

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:1234,inet:localhost:83682
non_smtpd_milters = inet:localhost:1234,inet:localhost:83682

Then restart:

~ $ /etc/init.d/postfix restart

Finally add _dmarc TXT dns record to your domain, example:

"v=DMARC1; p=none; pct=100; rua=mailto:postmaster@server.com; ruf=mailto:postmaster@server.com; fo=0; adkim=r; aspf=r"

Where:

v=DMARC1: dmarc version
p=none: means do nothing if dmarc check fails, is good for testing. You can use “p=quarantine” or “p=reject” instead.
pct=0: defines the percentage of mail to which policies are applied (0-100)
rua: address for sending reports
ruf: address for sending forensic reports
fo: reporting options, 0 generate a report if both SPF and DKIM checks failed
adkim: DKIM restrictive level (s=strict, r=relaxed)
aspf: SPF restrictive level (s=strict, r=relaxed)

Wait for the TTL refresh time and test if the record was created successfully:

~ $ dig +short txt _dmarc.server.com
"v=DMARC1\; p=none\; rua=mailto:postmaster@server.com\; ruf=mailto:postmaster@server.com\; fo=0\; adkim=r\; aspf=r"
Posted in Postfix1 Comment

Show subject in postfix logs

Posted on October 4, 2015 - September 18, 2016 by Mr. Reboot

To show the subject of the emails in the postfix log you can use the header_checks parameter.

In the main.cf file add:

header_checks = regexp:/etc/postfix/header_checks

And in the file /etc/postfix/header_checks add:

/^Subject:/ WARN

Then restart postfix:

~ $ /etc/init.d/postfix restart
Posted in PostfixLeave a comment

Search

Calendar

March 2023
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Jan    

Categories

  • Apache
  • Cisco
  • Command line
  • Distros
  • Dovecot
  • File systems
  • Gadgets
  • GlusterFS
  • MySQL
  • Nginx
  • NTP
  • Opendkim
  • Pacemaker + Corosync
  • Postfix
  • Raspberrypi
  • SSH
  • SSL
  • Varnish

RSS RSS

  • Using qrencode January 16, 2022
  • Compile varnish module vmod_vsthrottle April 22, 2020
  • SSH vpn with sshuttle April 9, 2020
  • Disable swap in systemd December 16, 2019
  • Getting the parent process pid October 12, 2018
Proudly powered by WordPress | Theme: micro, developed by DevriX.