Maildroprc Automatically Delete quotawarn File in Maildir

This is the Ugly workaround

Postfix master.cf setting

maildrop  unix  -       n       n       -       -       pipe
  flags=ODRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient} ${user} ${domain}

With this setting maildrop wil warn user if their Maildir reach 90% of quota and send warning to user

The problem is, even if user emptying their maildir, users wil always get warning because quotawarn is still in Maildir

[vchkpw] quotawarn question

#
MAILHOME="/var/data/postfix"
DOMAIN="$2"
USER="$1"

QUOTA=`echo "$MAILDIRQUOTA" | cut -f 1 -d S`
USAGE=`du -sb "$MAILHOME/$DOMAIN/$USER/" | awk '{print $1}'`
PERCENT=`echo "$QUOTA * 90/100" | bc`

if ( "$USAGE" < "$PERCENT" )
{
        `/bin/rm -f "$MAILHOME/$DOMAIN/$USER/quotawarn"`
}

Postfix Bind Sender Domain To Dedicated Outgoing IP Address

Recently there have been requests for sending mail with source IP addresses that depend on the envelope sender, it’s very usefull to protect IP-based domain reputations of different customers.

New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps

sender_dependent_default_transport_maps (default: empty)

    A sender-dependent override for the global default_transport parameter setting.
    The tables are searched by the envelope sender address and @domain.
    A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting.
    This information is overruled with the transport(5) table.

    Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.
          This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses.

    For safety reasons, this feature does not allow $number substitutions in regular expression maps.

    This feature is available in Postfix 2.7 and later.

Create file called sdd_transport_maps.regexp:

/@customer1-dom\.tld$/		customer1:
/@customer2-dom\.tld$/		customer2:
/@customer3-dom\.tld$/		customer3:
..... next .....

Postfix Selective Sender Addresss Verification

The idea is selectively probe valid email sender for certain domain that frequently forged by spammer, we should use sender access verification carefully. Much better if we noticing postmaster/admin that we conducting SAv/probing their server for valid user, or otherwise we’ll end up in backscatterer.org list hehehe…

Create smtpd_restriction_class call verify_sender

smtpd_restriction_classes = verify_sender

Define verify_sender so it should reject all unverified email sender, verified one will be permit/pass

verify_sender = reject_unverified_sender, permit

Create has table called frequently_forged_senders to define sender domain that going to be in verification list

check_sender_access hash:/etc/postfix/frequently_forged_senders

frequently_forged_senders contains

domain1.tld		verify_sender
domain2.tld		verify_sender
domain3.tld		verify_sender

Postfix TLS Support On Fedora 12

It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.

As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website

When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates

  • Certificates part
  • # cd /etc/postfix
    # mkdir ssl
    # cd ssl
    # mkdir certs crl newcerts private
    # echo "01" > serial
    # cp /dev/null index.txt
    # cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf
    
    # openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
    # openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf
    # openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    
    # openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
    
    # cp cacert.pem /etc/postfix
    # grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem
    # chmod 400 /etc/postfix/key.pem
    # cp newcert.pem /etc/postfix/cert.pem
    

Postfix Smtp Auth using pam_mysql On Fedora 12

First of all, of course we need to compile postfix for supporting sasl.the easiest way is read tutorial how to compile postfix rpm source at Simon J Mudd’s website

Since i’m using mysql database for storing username/password, i’m gonna show you how to create smtp authentication/SASL.

Install pam_mysql:

# yum -y install pam_mysql

Edit /etc/pam.d/smtp file :

auth required pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0
account sufficient pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0

How To Use LIKE In MYSQL Stored Procedure Select Statement?

I write a stored procedure as below but always result nothing/incorect. [text] DELIMITER // DROP PROCEDURE IF EXISTS get_domain // CREATE PROCEDURE get_domain (IN domin VARCHAR(64)) BEGIN SELECT * FROM domain_senders WHERE domain LIKE '%domin%'; END// DELIMITER ; [/text] The procedure itself is successfully created.After looking around with google i've…

Postfix Create Blackhole For Authenticated User’s Outgoing Submission (revised)

There's weakness in previous article.if i sent message to two or more recipients, it will be also discarded. The solution is just simply route domain to discard service in transport_maps ;-) [text] auth.domain.net discard:silently [/text] Log shows: [text] Dec 7 17:23:05 smtp postfix/smtpd[1178]: AFDB72503B: client=tebet.domain.net.id[202.xxx.xx.xxx], sasl_method=PLAIN, sasl_username=hari.h@auth.domain.net Dec 7 17:23:05…

Postfix Create Blackhole For Authenticated User’s Outgoing Submission

I don’t know what is the right subject for this topic, the idea is, i just want my outgoing smtp for sending email only, authenticated user not supposed send(or accidentally) to his/her smtp authentication account.which are in my configuration stored in virtual mailbox maps table. In normal case can delivering email to maildir.

I’m using postfixadmin to generate username/password, saslauthd with pam_mysql for querying username/password to mysql virtual mailbox table.Everything is okay with authentication things, except i don’t want username receiving email

In postfix access 5 manual there is actions called DISCARD

       DISCARD optional text...
              Claim successful delivery and silently discard  the
              message.   Log the optional text if specified, oth-
              erwise log a generic message.

              Note: this action currently affects all  recipients
              of  the  message.   To  discard  only one recipient
              without discarding  the  entire  message,  use  the
              transport(5) table to direct mail to the discard(8)
              service.

              This feature is available in Postfix 2.0 and later.

Installing Self Signed smtp/imapd/pop3 Certificate on K800i Sony Ericsson

I own this beautiful K800i phonecell about 3 years more or less. The great things is K800i’s email client support for smtp authentication, imap, pop3, ssl, tls, port customization. I will show you how to plant my self signed smtp server certificate into K800i

First of all we need to copy the certificate to have a .cer extension. The phone uses this as the clue that the file is a certificate and will ask if it is to be installed.

Self signed cert for ougoing SMTP

# cd /etc/postfix
# cp cacert.pem smtp.cer
# more smtp.pem   
-----BEGIN CERTIFICATE-----
MIIDvzCCAyigAwIBAgIJAK6WD/vgjFZcMA0GCSqGSIb3DQEBBAUAMIGcMQswCQYD
VQQGEwJJRDEUMBIGA1UECBMLREtJIEpha2FydGExEDAOBgNVBAcTB0pha2FydGEx
---- snip ----
---- snip ----
---- snip ----
jUSsVnNPHYewsKdKRfzoivMqQgI+IIzw5NXiE78lpmAsZOdMfkR4U+dpTr87mCmE
wcBi07++mqLhDvYvcGw4ol1Yp7sX4NgMbTrZ6APpaI8l4Rx4jb2p7UXU0YGx7aPV
idZr
-----END CERTIFICATE-----