Proxy_interface – Postfix

proxy_interfaces (default: empty)

The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. This feature is available in Postfix 2.0 and later.
You must specify your “outside” proxy/NAT addresses when your system is a backup MX host for other domains, otherwise mail delivery loops will happen when the primary MX host is down.

Example:

proxy_interfaces = 1.2.3.4

If you miss this step, you’ll see messages like this in your log file:

Apr 8 20:10:14 hades postfix/smtp[1908]: 08CABB59: to=, relay=mail.4network.eu[46.7.161.66]:25, delay=1.4, delays=0.39/0.01/0.99/0, dsn=4.4.6, status=deferred (mail for 4network.org loops back to myself)

http://www.postfix.org/postconf.5.html#proxy_interfaces

Postfix relay certain domain internal and external.

root# cat /etc/postfix/main.cf
--cut
relay_domains = $mydestination, hash:/etc/postfix/relaydomains
--cut
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/acc
ess, reject
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
--cut

root# cat /etc/postfix/relaydomains
domain.com OK
domain1.com OK

root# cat /etc/postfix/access
172.16.12.99 OK

root# cat /etc/postfix/mynetworks
172.16.12.100/32
172.16.12.101/32

Remember to run: postmap /etc/postfix/relaydomains and postmap /etc/postfix/access
172.16.12.99 is allowed to send e-mails just to domain.com and domain1.com via the relay server.
172.16.12.100 and 172.16.12.101 are allowed to send e-mails to everywhere via the relay server.

Email Traffic Per Hour

The busiest time for the email traffic:
10:00 – 12:00 and 14:00 to 15:00

Per-Hour Traffic Summary
————————
time received delivered deferred bounced rejected
——————————————————————–
0000-0100 50 58 0 0 0
0100-0200 19 20 0 0 0
0200-0300 40 40 0 0 0
0300-0400 16 15 0 0 0
0400-0500 30 25 0 0 0
0500-0600 76 81 0 0 0
0600-0700 81 82 0 0 0
0700-0800 231 254 0 0 0
0800-0900 468 485 0 0 0
0900-1000 686 776 0 0 0
1000-1100 841 718 0 0 2
1100-1200 845 818 0 0 0
1200-1300 624 681 0 0 10
1300-1400 607 630 0 0 0
1400-1500 714 747 0 0 0
1500-1600 688 782 0 0 0
1600-1700 605 662 0 0 0
1700-1800 357 417 0 0 0
1800-1900 287 291 0 0 0
1900-2000 158 149 0 0 0
2000-2100 102 98 0 0 0
2100-2200 105 119 0 0 0
2200-2300 62 62 0 0 0
2300-2400 54 46 0 0 0

generic – Postfix generic table format

It has been taken from man – an interface to the on-line reference manuals.

The following shows a generic mapping with an indexed file. When mail
is sent to a remote host via SMTP, this replaces his@localdomain.local
by his ISP mail address, replaces her@localdomain.local by her ISP mail
address, and replaces other local addresses by his ISP account, with an
address extension of +local (this example assumes that the ISP supports
“+” style address extensions).

/etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example

Execute the command “postmap /etc/postfix/generic” whenever the table
is changed. Instead of hash, some systems use dbm database files. To
find out what tables your system supports use the command “postconf -m”.
Continue reading “generic – Postfix generic table format”

Retrieve mail and save attachment with fetchmail, procmail and uudeview.

Retrieve mail from user called user01 of smtp.some.server.ie server:

root:~> cat .fetchmailrc
poll "smtp.some.server.ie" proto IMAP user "user01" password "password" is user01 keep sslproto ''
mda '/usr/bin/procmail -d %T'
set logfile /home/user01/fetchmail.log

To save an attachment from an e- mail use procmail andUUDeview is a program that helps you transmit and receive binary files over the Internet, using electronic mail or newsgroups The UUDeview package includes both an encoder and a decoder. The decoder automatically detects the type of encoding used, offering MIME’s Base64 and BinHex as well as the popular uuencoding and the less frequently used xxencoding methods.

root:~> cat .procmailrc
:0
*^content-Type:
{
:0c:
/var/spool/mail/user01

# Now the actual unpacking part
# forward to uudeview and unpack
:0fw
| uudeview -i +a +o -p /share/Shared/attachment/ -
}
root:~>

And then run fetchmail command 😉

Address masquerading in Postfix.

Address masquerading refers to the idea that you can hide the names of internal hosts, and make all addresses appear as if they originated from the gateway system itself. You may have internal systems that use your Postfix server as a gateway. When mail is sent from these systems and the sender addresses include the fully qualified hostname, you may want addresses to appear with the domain name only. The masquerade_domains parameter strips hostnames down to their simpler domain names.

The parameter takes a list of domains. Any address whose fully qualified hostname matches the domain portion is stripped down to just the domain name:

root# vim /etc/postfix/main.cf

masquerade_domains = domain.com

Addresses that look like user1@srv1.domain.com and user2@srv2.domain.com are converted to user1@domain.com and user2@example.com.

You can list multiple domains and subdomains. Postfix processes addresses against masquerade domain names in the order you list them. Consider a network that includes the two subdomains, acct.example.com and hr.example.com. You want addresses from these domains to show the subdomain, but you want addresses from any other domain or host in the network to show the parent domain. Set masquerade_domains as follows:

masquerade_domains = srv.domain.com srv1.domain.com domian.com

With this setting, the address user1@hades.srv.domain.com matches srv.domain.com, so that it becomes user1@srv.domain.com.
The address user2@prod.srv1.domain.com matches srv1.domain.com, and becomes user2@srv1.domain.com. Finally, user3@srv1.domain.com matches the last value, domain.com, to become user3@domain.com.

If you want to preserve a domain name that would otherwise be stripped down, you can preface the domain with an exclamation point:

masquerade_domains = !srv2.domain.com, domain.com

In this case, the domain srv2.domain.com will not be rewritten, so the address user10@srv2.domain.com stays as it is.

You can exclude specific account names from masquerading. For example, if you want an address like root@srv10_prod.example.com to stay intact, add the account to the masquerade_exceptions parameter:

masquerade_exceptions = admin, root

And then:

root# /etc/init.d/./postfix restart

Rewriting Addresses – Postfix canonical maps.

Postfix canonical maps can be defined in 3 ways.

1. canonical_maps – rewrites the sender and recipient address
2. sender_canonical_maps – rewrites the sender address
3. recipient_canonical_maps – rewrites the recipient address

In main.cf, point the canonical_maps parameter to the canonical file and then add addresses that you would like to rewrite.
For Example:

root# vim /etc/postfix/main.cf
# Add the following to your configuration file.
canonical_maps = hash:/etc/postfix/canonical

root# vim /etc/postfix/canonical
# address that would like to rewrite new address
user1 greg
user2@domain.com greg@otherdomian.com

root# postmap canonical && postfix reload

What is the maximum length of a valid email address?

That limit is a maximum of 64 characters (octets) in the “local part” (before the “@”) and a maximum of 255 characters (octets) in the domain part (after the “@”) for a total length of 320 characters. Systems that handle email should be prepared to process addresses which are that long, even though they are rarely encountered.

For more information see: https://www.rfc-editor.org/rfc/rfc3696.txt

Send a file as a mail attachment using mail command.

The simplest way to send a file as a mail attachment is shown by the following examples:

# uuencode snoopy1.jpeg snoopy1.jpeg | mail user@dump.4network.org

If user uses a current mail reader like Mozilla, Netscape Messenger or Microsoft Exchange, she/he will see a mail containing just one file attachment: the file “snoopy1.jpeg”.

This way we can include text, too:

# (cat mailtext; uuencode snoopy1.jpeg snoopy1.jpeg) | mail user@dump.4network.org

The file called “snoopy1.jpeg” again appears twice on the uuencode command line: the first time to specify the input file name, the second time for the remote extraction file name.

or

echo -e "text in line1 ntext in line2"| mail -s "Subject of an e-mail" -r "User1<user1@dump.4network.org>" -a "/tmp/abc.zip" name@domian.com

Send an email via telnet.

To send an email via telnet just type:

root:~# telnet 172.16.12.25 25
220 hostname.com Internet Agent 0.0.3
HELO domain.com
250 hostname.com Ok
MAIL FROM: you@hostname.com
250 Ok
RCPT TO: them@hostname_away.com
250 Ok
DATA
354 Enter mail, end with "." on a line by itself
ie, type your message or whatever
.

250 Ok
quit
221 hostname.com Closing transmission channel
Connection to host lost.

By the way, you will not see any AUTH listed when connecting and doing an ehlo. In addition any attempt to auth will be met with the error:

035.5.1 Error: authentication not enabled

It will not display options for smtp authentication unless a TLS security is used to connect.

Try connecting with:

openssl s_client -connect localhost:25 -starttls smtp

Now you will see the 250-AUTH PLAIN LOGIN on ehlo and you will be able to auth.

When posting logs of the SASL negotiations to public lists, please keep in mind that username/password information is trivial to recover from the base64-encoded form.

You can use one of the following commands to generate base64 encoded authentication information:

Using a recent version of the bash shell:

echo -ne '00username00password' | openssl base64

Some other shells support similar syntax.

Using the printf command:

printf '%s%s' 'username' 'password' | openssl base64
printf '%s%s' 'username' 'password' | mmencode

The mmencode command is part of the metamail software.

root:~# openssl s_client -connect 4network.eu:25 -starttls smtp

and the output:

Compression: 1 (zlib compression)
Start Time: 1373377800
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 DSN

and then type:

ehlo domain.org
250-hades
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

auth plain AGpvbGFudGEAam9sYW50YQ==
235 2.7.0 Authentication successful

SMTP Status Codes
You may notice along the way that after typing commands you see responses from the server starting with “250″. 250 is a good thing, and there are a lot of other SMTP status codes you’ll encounter the more you use this technique.
Continue reading “Send an email via telnet.”