for i in `find /var/spool/postfix/defer/ -type f`; do cat $i | grep recipient | sed 's/=/ /' | awk '{print $2}'; done | sort | uniq
Такой командой очень удобно ловить юзеров, у кого указан кривой/не рабочий ящик.
for i in `find /var/spool/postfix/defer/ -type f`; do cat $i | grep recipient | sed 's/=/ /' | awk '{print $2}'; done | sort | uniq
apt-get remove exim4-*
/etc/init.d/postfix restart
apt-get install mailx -y
echo test | mail -s test test@domain.ru
vi /etc/postfix/main.cf
smtp_bind_address = ...
/etc/init.d/postfix restart
Received: from test.domain.ru ([88.198.xx.xx])Но если нужно сохранить работу Postfix на ВСЕХ IP адреса, то достаточно сделать в конфиге /etc/postfix/master.cf вот так:
smtp unix - - - - - smtp -o smtp_bind_address=xx.yy.zz.ww
apt-get install -y pflogsumm
pflogsumm.pl -d today /var/log/mail.log
pflogsumm.pl -d yesterday /var/log/mail.log
Nov 21 01:27:45 v1 postfix/smtpd[10701]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Invalid argument
ls -la /etc/sasldb2
-rw-r----- 1 root postfix 45K 2010-11-19 15:10 /etc/sasldb2
echo qwerty | /usr/sbin/saslpasswd2 -p -a Sendmail -u test.ru username
/etc/sasldb2: file size not a multiple of the pagesize
sasldblistusers2
/etc/sasldb2: file size not a multiple of the pagesize
listusers failed
db4.6_recover -h /etc -c -v
Finding last valid log LSN: file: 1 offset 28
sasldblistusers2
/etc/sasldb2: file size not a multiple of the pagesize
listusers failed
$ sudo db_recover -v
*db_recover: Finding last valid log LSN: file: 3 offset 399092
*db_recover: Recovery starting from [2][887112]
*db_recover: Log sequence error: page LSN 2 322820; previous LSN 2 885276
*db_recover: Recovery function for LSN 2 887886 failed on forward pass
This error is usually the result of someone removing all of
the log files from a Berkeley DB database environment. You
can never remove all of the log files without also clearing
the database file references to the log.
You should be able to salvage your data -- see the -R and -r
options to the Berkeley DB db_dump utility.
db4.6_dump /root/sasldb2_backup -r
db4.6_dump /root/sasldb2_backup -R
db4.6_dump: /root/sasldb2_backup: DB_VERIFY_BAD: Database verification failed
vi /etc/postfix/main.cf
message_size_limit = 100240000
/etc/init.d/postfix restart
# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
# Example:
# Feb 25 00:38:07 v1 postfix/smtpd[11100]: warning: unknown[95.79.205.2]: SASL PLAIN authentication failed: authentication failure
# fixed by FastVPS version:
failregex = : warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: authentication failure$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Preconfiguring packages ...
Can't exec "/tmp/postfix.config.49981": Permission denied at /usr/share/perl/5.10/IPC/Open3.pm line 168.
open2: exec of /tmp/postfix.config.49981 configure 2.5.5-1.1 failed at /usr/share/perl5/Debconf/ConfModule.pm line 59
iptables -A OUTPUT -o lo -j ACCEPT # разрешаем соединения с loopback
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j DROP
# id
uid=0(root) gid=0(root) groups=0(root)
# telnet smtp.mail.ru 25
Trying 94.100.177.1...
Connected to smtp.mail.ru.
Escape character is '^]'.
220 mail.ru ESMTP Sun, 24 Jan 2010 19:15:27 +0300
$ id
uid=1000(nrg) gid=1000(nrg) groups=1000(nrg)
$ telnet smtp.mail.ru 25
Trying 94.100.177.1...
echo test | mail -s test odintsov@test.ru
Postfix sets the execute bit to indicate that a queue file is
complete. On file systems that don't allow users to set the execute
bit on a file, Postfix will never deliver mail.
> One suggestion which seemed rather interesting to me was mounting a
> filesystem with the noatime flag. I certainly don't use it in my general
> activities on a server but I was just wondering if anyone can tell me if
> postfix uses it?
Postfix doesn't use it.
Turning off atime updates means don't update the inode block when
a file is read.
I have many reasons to believe that would make zero difference,
because the inode block needs to be updated anyway after Postfix
accesses a queue file.
With each access, Postfix either creates or renames or deletes the
file, and/or it writes the queue file, and/or it sets the mtime
explicitly. All these require that the inode block be updated.
vi /etc/postfix/master.cf
#submission inet n - - - - smtpd
submission inet n - n - - smtpd
/etc/init.d/postfix restart
netstat -lnpt | grep master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 13491/master
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 13491/master
telnet xx.xx.xx.xx 587
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
220 xx.xx.xx.xx ESMTP Postfix (Debian/GNU)
HELO 1
250 xx.xx.xx.xx
MAIL FROM:suxx@usd.eu
250 2.1.0 Ok
RCPT TO:test@suxx.us
450 4.2.0: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/suxx.us.html
cat /var/log/mail.log | postgreyreport
apt-get install -y --force-yes strace
useradd spammer
su spammer
echo "some spam" | mail -s testspam testspammail@domain.ru
[pid 17520] execve("/usr/sbin/sendmail", ["send-mail", "-i", "--", "testspammail@domain.ru"], [/* 16 vars */]) = 0
Received: by domain.ru (Postfix, from userid 1001)
php -r "mail('testspammail@domain.ru', 'spamsubj','spambody');"
[pid 17553] execve("/bin/sh", ["sh", "-c", "/usr/sbin/sendmail -t -i"], [/* 16 vars */]
Jan 6 14:12:08 vrt1 postfix/qmgr[13940]: 7B112D52001: removed
Jan 6 14:14:49 vrt1 postfix/pickup[17379]: 54CF3D52001: uid=1001 from=
Jan 6 14:14:49 vrt1 postfix/cleanup[17546]: 54CF3D52001: message-id=<20100106131449.54CF3D52001@vrt1.domain.ru>
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 vrt1.domain.ru ESMTP Postfix (Debian/GNU)
HELO 11
250 vrt1.domain.ru
MAIL FROM:spammer@spammer.ru
250 2.1.0 Ok
RCPT TO:testspammer@domain.ru
250 2.1.5 Ok
DATA
354 End data with.
spam
.
250 2.0.0 Ok: queued as 009C768180
Received: from 11 (localhost [127.0.0.1])
Jan 6 14:32:26 vrt1 postfix/smtpd[17703]: connect from localhost[127.0.0.1]
Jan 6 14:32:52 vrt1 postfix/smtpd[17703]: 009C768180: client=localhost[127.0.0.1]
Jan 6 14:33:02 vrt1 postfix/cleanup[17705]: 009C768180: message-id=<20100106133252.009C768180@vrt1.domain.ru>
Jan 6 14:33:02 vrt1 postfix/qmgr[13940]: 009C768180: from=, size=333, nrcpt=1 (queue
By default, Postfix will relay mail for clients in authorized networks.
Authorized client networks are defined by the mynetworks parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to.
vi /etc/postfix/main.cf
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks =
/etc/init.d/postfix restart
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 vrt1.domain.ru ESMTP Postfix (Debian/GNU)
HELO 1
250 vrt1.domain.ru
MAIL FROM:spammer@domain.ru
250 2.1.0 Ok
RCPT TO:odintsov@domain.ru
554 5.7.1: Relay access denied
# echo "test@suxx.us" | base64
dGVzdEBzdXh4LnVzCg==
# echo "qwerty" | base64
cXdlcnR5Cg==
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 vrt1.domain.ru ESMTP Postfix (Debian/GNU)
HELO 1
250 vrt1.domain.ru
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdEBzdXh4LnVz
334 UGFzc3dvcmQ6
cXdlcnR5
235 2.7.0 Authentication successful
MAIL FROM:test@test.ru
250 2.1.0 Ok
RCPT TO:test@domain.ru
250 2.1.5 Ok
DATA
354 End data with.
spam
.
250 2.0.0 Ok: queued as 737C6680C6
Jan 6 15:32:31 vrt1 postfix/smtpd[18540]: connect from localhost[127.0.0.1]
Jan 6 15:33:08 vrt1 postfix/smtpd[18540]: 737C6680C6: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=test@suxx.us
Jan 6 15:33:13 vrt1 postfix/cleanup[18544]: 737C6680C6: message-id=<20100106143308.737C6680C6@vrt1.domain.ru>
Jan 6 15:33:13 vrt1 postfix/qmgr[18428]: 737C6680C6: from=, size=326, nrcpt=1 (queue active)
Jan 6 15:33:13 vrt1 postfix/smtp[18545]: 737C6680C6: to=, relay=ASPMX.L.GOOGLE.COM[2
vi /etc/postfix/main.cf
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 127.0.0.0/8, ip.ad.dr.es, ip.ad.dr.es
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_unverified_recipient
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_unverified_recipient, reject
reject_unauth_destination
Reject the request unless one of the following is true:
* the resolved destination address matches $relay_domains or a subdomain thereof, and the address contains no sender-specified routing (user@elsewhere@domain),
* Postfix is the final destination: any destination that matches $mydestination, $inet_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains.
The relay_domains_reject_code parameter specifies the response code for rejected requests (default: 554).
/etc/init.d/httpd restart
netstat -ln -t
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
...
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
...
vi /etc/postfix/main.cf
inet_interfaces = all
inet_interfaces = 127.0.0.1
/etc/init.d/postfix restart
netstat -ln -t
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
...
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
...