Mix
# vi /etc/postfix/aliases
office: :include:/etc/postfix/office [File user]
jamal: jamal,korim,rahim,kamal [mail IDs]
# vi /etc/postfix/virtual
jamal@worldcm.net jamal@worldcm.net,rohim@worldcm.net,kamal@worldcm.net
Create BCC of incoming and outgoing mails without knowing the users - Postfix
# vi /etc/postfix/main.cf
Postfix provides three mechanisms:
always_bcc = address
Deliver a copy of all mail to the specified address.
sender_bcc_maps = type:table
Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address.
recipient_bcc_maps = type:table
Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address.
These features are implemented in postfix 2.1 and later versions.
always_bcc
Add the following entry in /etc/postfix/main.cf to forward all mails in the server to administrator@example.com.
always_bcc = administrator@example.com
sender_bcc_maps and recipient_bcc_maps
You can setup these functions as follows.
[root@postfix ~]# touch /etc/postfix/sender_bcc
[root@postfix ~]# touch /etc/postfix/recipient_bcc
[root@postfix ~]# postmap sender_bcc
[root@postfix ~]# postmap recipient_bcc
Then, open /etc/postfix/main.cf and add the following lines in it.
sender_bcc_maps = hash:/etc/postfix/sender_bcc
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
verify the following files are generated once the above steps are finished.
/etc/postfix/recipient_bcc.db
/etc/postfix/sender_bcc.db
You can add entries as like follows in sender_bcc and recipient_bcc. This will forward mails from user@domain.com to other@example.com.
[root@postfix ~]# cat /etc/postfix/sender_bcc
user@domain.com other@example.com
[root@postfix ~]# cat /etc/postfix/recipient_bcc
user@domain.com other@example.com
Finally reload postfix,
[root@postfix ~]# postfix reload
Stop Outgoing Spam Already Tagged as Spam
See Postfix Header Checks Man page for details.
Example:
In "/etc/postfix/main.cf", add
header_checks = regexp:/etc/postfix/header_checks
In "/etc/postfix/header_checks", have
/^(Subject: \[SPAM\])(.+)$/ DISCARD
The above will discard all emails whose Subject starts with "[SPAM]".
###################################################################################
vi main.cf
header_checks = pcre:/etc/postfix/whitelist.pcre
touch whitelist.pcre
vi whitelist.pcre [ bypass domain Mail ]
/service@gtnexus\.com/ FILTER smtp:[127.0.0.1]:10025
header_checks
/etc/postfix/header_checks
#######################################################################
Group Allow & 0ther Reject (virtual)
# vi /etc/postfix/access
office@silkroutedesignltd.com permit_mynetworks,reject
office@mail.silkroutedesignltd.com permit_mynetworks,reject
---------------------------------------------------------------------------------------------------------------------------
Group e all mail send ( creat office/urmioffice ) -File in postfix folder
# vi /etc/postfix/aliases
u1: u2,u3 [add only mail ID]
office: :include:/etc/postfix/office [ add a file of a mail ID]
###################################################################################
Allow some of user to send mail a specific mail ID
# vi /etc/postfix/main.cf
### Group Email
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access hash:/etc/postfix/allowed-users, reject
##### SMTPD RECIPIENT RESTRICTIONS
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/restricted-mail-groups,
permit_mynetworks,
# touch /etc/postfx/restricted-mail-groups
# vi restricted-mail-groups
alluser@worldcm.net insiders_only #[ only allow id/group ]
all@worldcm.net insiders_only
office@worldcm.net insiders_only
# touch /etc/postfx/allowed-users
# vi allowed-users
u1@worldcm.net OK # [ only allow user who have send mail ]
u2@worldcm.net OK
# touch /etc/postfx/insiders
# vi insiders
u1@worldcm.net OK
u2@worldcm.net OK
one mail id: dblworld@mtl.group.com
create a file postfix
#touch restricted_sender_dblworld
[root@mtl postfix]# vi restricted_sender_dblworld
info@mtl.dbgroup.com OK
management@mtl.group.com OK [ only allow send mail this ID]
hrdepartment@mtl.group.com OK
itdepartment@mtl.group.com OK
create a file postfix
#touch protected_destinations
[root@mtl postfix]# vi protected_destinations
dblmworld@mtl.group.com restricted_sender_dblworld
dblworld@dbgroup.com restricted_sender_dblworld
[root@mtl postfix]# vi main.cf
# SMTPD RECIPIENT RESTRICTIONS
smtpd_restriction_classes = restricted_sender_dblworld
restricted_sender_dblworld = check_sender_access hash:/etc/postfix/restricted_sender_dblworld, reject
### Filter
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/protected_destinations,
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Add this stuff to block bad SMTP requests
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp: /etc/postfix/helo.regexp, permit smtpd_recipient_restrictions = reject_invalid_hostname, ### Can cause issues with Auth SMTP, so be weary! ### reject_non_fqdn_hostname, ################################## reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
/etc/postfix/helo.regexp
Create /etc/postfix/helo.regexp and set contents to:
/^subdomain\.host\.com$/ 550 Don't use my own hostname /^xxx\.yyy\.zzz\.xxx$/ 550 Don't use my own IP address /^\[xxx\.yyy\.zzz\.xxx\]$/ 550 Don't use my own IP address /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant /^[0-9]+(\.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant
###################################################################
# vi /etc/postfix/transport
localhost local:
localhost.hmgroup.com local:
mail.hmgroup.com local:
nishat.hmgroup.com smtp:[125.129.177.82]
tswl.hmgroup.com smtp:[125.129.167.42]
############################################################
Postfix blacklist or reject an email address
Open /etc/postfix/sender_access file
# cd /etc/postfix
# vi sender_access
Append sender email id as follows:
user@abadboy.com REJECT
Save and close the file. Use postmap command to create a database:
# postmap hash:sender_access
Now open main.cf and add code as follows:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
Save and close the file. Restart / reload postfix MTA:
# /etc/init.d/postfix restart
You can also use spamassassin to blacklist email address. Just add to your own spamassassin configuration or to /etc/mail/spamassassin/local.cf file:
# vi /etc/mail/spamassassin/local.cf
Append blacklist as follows:
blacklist_from user@abadboy.com
Save and close the file. Restart spamassassin:
# /etc/init.d/spamassassin restart
spamassassin will marke mail as SPAM instead of rejecting the same.
########################################################
Postfix limit incoming or receiving email rate
Try following directives in your postfix main.cf config file:
smtpd_error_sleep_time – The SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than smtpd_hard_error_limit errors, without delivering mail.
smtpd_soft_error_limit : The number of errors a remote SMTP client is allowed to make without delivering mail before the Postfix SMTP server slows down all its responses.
smtpd_hard_error_limit : The maximal number of errors a remote SMTP client is allowed to make without delivering mail. The Postfix SMTP server disconnects when the limit is exceeded.
Open config file
# vi main.cf
Append following directives:
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Save and restart/reload postfix configuration
# /etc/init.d/postfix restart
OR
We’ll be using the following variables in our main.cf to do that:
smtpd_soft_error_limit – The number of errors a client is allowed to make without actually delivering mail to the server before postfix starts to slow down it’s responses to the client. (default: 10)
smtpd_hard_error_limit – The maximum number of errors a client is allowed to make before postfix starts to disconnect them right away . (default: ${stress?1}${stress:20})
smtpd_error_sleep_time – The amount of delay postfix will set on it’s responses to the client when they reach more then $smtpd_soft_error_limit and less then $smtpd_hard_error_limit
smtpd_client_connection_count_limit – The default is 50, pointless in my opionion, I don’t want the same client to have 50 concurrent connections for sending mail to me, so I lowered this to 10, more then enough imho. (default: 50)
smtpd_client_connection_rate_limit – This tells postfix to allow N connections per $anvil_rate_time_unit (default: 60s). I lowered this value to 60. (default: 0)
I’ve added the following lines to my main.cf file:
smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 60
Restart postfix.
########################################################################
Postfix block PDF or ZIP files attachments
Open postfix config file
Login as the root, enter:
# vi /etc/postfix/main.cf
Block zip or pdf files
Use mime_header_checks postfix config directive, enter:
mime_header_checks = regexp:/etc/postfix/block_attachments
Save and close the file. Open /etc/ostfix/block_attachments file and append code as follows:
/name=[^>]*\.(pdf|zip)/ REJECT
OR
/name=[^>]*\.(zip|386|ad[ept]|ace|app|as[dpx]|ba[st]|bin|btm|cab|cb[lt]|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xms)/ REDIRECT mail.junk@xyz.com
Save and close the file.
Restart Postfix MTA
You must restart or reload postfix:
# /etc/init.d/postfix reload
Turn off header_checks for one of smtpd or submission
For the example I assume that you want to turn off the header_checks for submission (outgoing email).
Solution 1: receive_override_options method
You can use postfix parameter called receive_override_options. With the parameter you can override global header_check switch, so the filter won't run. #main.cf header_checks = pcre:/path/to/header_checks
#master.cf submission inet n - n - - smtpd -o receive_override_options=no_header_body_checks
-------------
access
m_2010gh@yahoo.co.jp 551 You are blacklisted for sending spam
bezeqint.net 554 You are blacklisted for sending spam
brasiltelecom.net.br 554 You are blacklisted for sending spam
cable.net.co 554 You are blacklisted for sending spam
google.com OK
gmail.com OK
hotmail.com OK
live.com OK
yahoo.com OK
aol.com OK
office.com OK
microsoft.com OK
outlook.com OK
body_checks
/my new photo/ REJECT
/hola my new photo , send u photo/ REJECT
/yandex.ru/ REJECT
/Mailbox Capacity Upgrade operation is very simple/ REJRCT
/but we recommend that you upgrade to a mailbox capacity/ REJECT
/loose your inbox and sent mail if you did not confirm immediately/ REJECT
/Your email account was recently logged into from another computer/ REJECT
/incoming imporant 'Message' blocked/ REJECT
header_checks
/Update Mail From Admin Server/ REJECT
/Urgent Mail From Server/ REJECT
/my new photo/ REJECT
/Your mailbox is almost full/ REJECT
/account has been Blocked due to system error/ REJECT
/mailbox will be terminated after 24 hours/ REJECT
/Mailbox Will Be Suspended!/ REJECT
/Your Account Will Be Blocked!/ REJECT
/WILL LOSE YOUR EMAIL ADDRESS/ REJECT
/add more MB to your mailbox/ REJECT
/Account will be Suspended soon/ REJECT
/UPGRADE IS FREE OFF CHARGE/ REJECT
/Validate Your Webmail Account/ REJECT
#################################################