I used to have Simon J. Mudd when building postfix rpm package, but seems he’s not releasing official postfix 2.7.0 yet, here’s a way for impatient one
First make RedHat Linux the standard directory structure in our homedir
$ mkdir rpmbuild
$ mkdir -p rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS,tmp}
Create .rpmmacros file
$ vi .rpmmacros
%_topdir %(echo $HOME)/rpmbuild %_tmppath %(echo $HOME)/rpmbuild/tmp
Create tempoerary working directory for postfix
$ mkdir postfix $ cd postfix
Even there’s an easier way calculating directory size ftw syscall/API
NAME ftw, nftw - file tree walk DESCRIPTION ftw() walks through the directory tree that is located under the directory dirpath, and calls fn() once for each entry in the tree. By default, directories are handled before the files and subdirectories they contain (pre-order traversal). CONFORMING TO POSIX.1-2001, SVr4, SUSv1.
example code size.c
I’ve just found this great articles at Jim Plank website. I know, it was lots easier using linux du command
Without any further nonsense talk, here we go. First we need download some source code at Jim Plank website
# mkdir prsize # cd prsize # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/notes/Prsize/prsize8.c # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/src/dllist.c # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/notes/Dllists/dllist.h # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/src/jrb.c # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/include/jrb.h # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/src/jval.c # wget http://www.cs.utk.edu/~plank/plank/classes/cs360/360/include/jval.h
prsize8.c is the main program, while dllist.c/h jrb.c/h jval.c/h is library that prsize8 statically linked in.
Now we need to create some static library.(Original website doesn’t explain how to create the libs)
# gcc -c dllist.c -o dllist.o # gcc -c jrb.c -o jrb.o # gcc -c jval.c -o jval.o # ar rcs libdllist.a dllist.o # ar rcs libjrb.a jrb.o # ar rcs libjval.a jval.o
This is the Ugly workaround
Postfix master.cf setting
maildrop unix - n n - - pipe
flags=ODRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient} ${user} ${domain}
With this setting maildrop wil warn user if their Maildir reach 90% of quota and send warning to user
The problem is, even if user emptying their maildir, users wil always get warning because quotawarn is still in Maildir
#
MAILHOME="/var/data/postfix"
DOMAIN="$2"
USER="$1"
QUOTA=`echo "$MAILDIRQUOTA" | cut -f 1 -d S`
USAGE=`du -sb "$MAILHOME/$DOMAIN/$USER/" | awk '{print $1}'`
PERCENT=`echo "$QUOTA * 90/100" | bc`
if ( "$USAGE" < "$PERCENT" )
{
`/bin/rm -f "$MAILHOME/$DOMAIN/$USER/quotawarn"`
}
Recently there have been requests for sending mail with source IP addresses that depend on the envelope sender, it’s very usefull to protect IP-based domain reputations of different customers.
New Feature in postfix postfix-2.7-20091209 is sender_dependent_default_transport_maps
sender_dependent_default_transport_maps (default: empty)
A sender-dependent override for the global default_transport parameter setting.
The tables are searched by the envelope sender address and @domain.
A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting.
This information is overruled with the transport(5) table.
Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport.
This feature does not support the transport_maps syntax for null transport, null nexthop, or null email addresses.
For safety reasons, this feature does not allow $number substitutions in regular expression maps.
This feature is available in Postfix 2.7 and later.
Create file called sdd_transport_maps.regexp:
/@customer1-dom\.tld$/ customer1: /@customer2-dom\.tld$/ customer2: /@customer3-dom\.tld$/ customer3: ..... next .....
The idea is selectively probe valid email sender for certain domain that frequently forged by spammer, we should use sender access verification carefully. Much better if we noticing postmaster/admin that we conducting SAv/probing their server for valid user, or otherwise we’ll end up in backscatterer.org list hehehe…
Create smtpd_restriction_class call verify_sender
smtpd_restriction_classes = verify_sender
Define verify_sender so it should reject all unverified email sender, verified one will be permit/pass
verify_sender = reject_unverified_sender, permit
Create has table called frequently_forged_senders to define sender domain that going to be in verification list
check_sender_access hash:/etc/postfix/frequently_forged_senders
frequently_forged_senders contains
domain1.tld verify_sender domain2.tld verify_sender domain3.tld verify_sender
It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.
As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website
When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates
# cd /etc/postfix # mkdir ssl # cd ssl # mkdir certs crl newcerts private # echo "01" > serial # cp /dev/null index.txt # cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf # openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf # openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf # openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem # openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem # cp cacert.pem /etc/postfix # grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem # chmod 400 /etc/postfix/key.pem # cp newcert.pem /etc/postfix/cert.pem
First of all, of course we need to compile postfix for supporting sasl.the easiest way is read tutorial how to compile postfix rpm source at Simon J Mudd’s website
Since i’m using mysql database for storing username/password, i’m gonna show you how to create smtp authentication/SASL.
Install pam_mysql:
# yum -y install pam_mysql
Edit /etc/pam.d/smtp file :
auth required pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0 account sufficient pam_mysql.so user=postfix passwd=password host=localhost db=postfixdb table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0