Jump to content

All Activity

This stream auto-updates     

  1. Last week
  2. STX2k

    Beta 3 - Final Beta Build

    Iam happy to see Updates ✌️ I Look forward for an public beta. My dev Board is ready to rumble
  3. Administrator

    Beta 3 - Final Beta Build

    Yes we are in the final stages of Beta build now i am currently working on the user front end, settings, profile stuff. etc/ really not much here but just getting the basics in for now. Announce has been undergoing tests at my Dev board and files are being shred successfully so that is good news Have a bunch of Lang bits and template things to iron out but overall we are very close, probably not this year as it is almost over but Jan 2019 looks 99% now. You can always get the latest updates at the GitHub site https://github.com/GaalexxC/IPS-4.2-BitTracker
  4. Earlier
  5. Administrator

    Nginx 1.15.2 Fails to compile

    Updated Version to Release
  6. Administrator

    Build | Version 1.0.0 Beta 2

    Updated Type to Testing
  7. Administrator

    Build | Version 1.0.0 Beta 2

    We have a working announce on my test board, files being shared, More tests are being done but we are close to a release.
  8. HengeDK

    Beta Build Testing

    Tried the latest from GitHub and get a duplicate entry then installing reinstalled and error was gone but menu seems wrong and errors the selecting menus Is this project dropped or ?
  9. Administrator

    Beta Build Testing

    Just got back to this, have a few things to update and will be testing sometime this upcoming week. If all goes well, we shall see about a Beta release.
  10. Administrator

    Build | Version 1.0.0 Pre-Release Candidate Alpha

    Pushing harder, working again on this.
  11. STX2k

    Build | Version 1.0.0 Pre-Release Candidate Alpha

    Little Push 🤔😎
  12. Will this mod ever come to light? 😋
  13. Administrator

    The Perfect Spam Free Secure Mail Server

    Restart all services and check the /var/log/mail.log \\ mail.err for any errors # /etc/init.d/postgrey restart # /etc/init.d/rcDCC restart # /etc/init.d/spamassassin restart # /etc/init.d/amavis restart # /etc/init.d/clamav-daemon restart # /etc/init.d/postfix restart # /etc/init.d/dovecot restart # /etc/init.d/opendkim restart
  14. Administrator

    The Perfect Spam Free Secure Mail Server

    Step Ten: Dovecot-Sieve Already configured this when we did Dovecot configure. But now we want to add custom scripts to further lock down our mail server and make sure only good email gets in. For more info an additional filtering options https://p5r.uk/blog/2011/sieve-tutorial.html https://tools.ietf.org/html/rfc5228 https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples The first script is for individual email accounts, it is used to prevent spoofing email addresses on the server as wella s some additional filtering rules. So lets say you setup an account in Postfix Admin name support@domain.com Lets create a sieve script in supports mail directory # nano /var/vmail/domain.com/support/.dovecot.sieve Insert the following and save. require ["fileinto"]; if anyof (not address :all :contains ["To", "Cc", "Bcc"] "support@domain.com", header :matches "X-Spam-Status" ["T_DKIM_INVALID", "FORGED_HOTMAIL_RCVD2","MISSING_HEADERS"], header :matches "Authentication-Results" ["fail", "dkim=none", "header.d=none" ,"dmarc=none"], header :matches "Subject" ["*spam*","*Viagra*","*offshore*","*gambling*","*porno*","*capital*"]) { fileinto "Spam"; } The above does the following: if the address (To, Cc Bcc) doesn't contain support@domain.com it will go to Spam folder If the header contain invalid DKIM, or a forged Hotmail (very common) or Missing headers it will go to Spam folder If authentication says fail, dkim none, header none, or dmarc none it will go to Spam folder If subject matches the above keywords it will go to Spam folder You can remove or add filters. Every domains mail directory should have this unique file. Make sure the domain is correct in script. Now make it a readable database for Sieve (you must do this for scripts and every time you alter the script) # sievec -D /var/vmail/domain.com/support/.dovecot.sieve Example output More script examples, these are run before the user script above. # mkdir /var/lib/dovecot/sieve.d # nano /var/lib/dovecot/sieve.d/emails.sieve --Insert-- This is a list of emails you can send directly to spam require ["fileinto"]; if address :is "from" "godaddydesign@gmail.com, johnfrancisthestud@gmail.com, mayswihart3269@gmail.com, gilbertepxmaria@gmail.com, mlika@creativenetapp.com, aarohi.webconsultant@hotmail.com" { fileinto "Spam"; } # nano /var/lib/dovecot/sieve.d/general.sieve --Insert-- More header and body checks require ["regex", "body", "fileinto", "mailbox"]; if header :contains "X-Spam-Flag" "YES" { # move mail into Folder Spam, create folder if not exists fileinto :create "Spam"; stop; } if header :contains "X-Spam-Level" "**" { fileinto :create "Spam"; stop; } if allof ( not header :regex "Subject" "[[:graph:]]", body :regex "^[[:space:]]*http://[[:graph:]]+[[:space:]]*$" ) { fileinto "Spam"; } # nano /var/lib/dovecot/sieve.d/spam.sieve --Insert-- Spamtestplus require ["spamtestplus", "fileinto", "mailbox", "relational", "comparator-i;ascii-numeric"]; if spamtest :value "eq" :comparator "i;ascii-numeric" "0" { keep; } elsif spamtest :value "ge" :comparator "i;ascii-numeric" "2" { fileinto "Spam"; } # nano /var/lib/dovecot/sieve.d/virus.sieve --Insert-- Virustest require ["virustest", "fileinto", "mailbox", "relational", "comparator-i;ascii-numeric"]; /* Not scanned ? */ if virustest :value "eq" :comparator "i;ascii-numeric" "0" { keep; /* Infected with high probability (value range in 1-5) */ } if virustest :value "eq" :comparator "i;ascii-numeric" "4" { /* Quarantine it in special folder (still somewhat dangerous) */ fileinto :create "INBOX.Quarantine"; /* Definitely infected */ } elsif virustest :value "eq" :comparator "i;ascii-numeric" "5" { /* Just get rid of it */ discard; } Now don't forget to use sievec # sievec -D /var/lib/dovecot/sieve.d/emails.sieve # sievec -D /var/lib/dovecot/sieve.d/spam.sieve # sievec -D /var/lib/dovecot/sieve.d/general.sieve # sievec -D /var/lib/dovecot/sieve.d/virus.sieve There are many different filters you can add, please see more at https://p5r.uk/blog/2011/sieve-tutorial.html https://tools.ietf.org/html/rfc5228 https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples
  15. Administrator

    The Perfect Spam Free Secure Mail Server

    Step Nine: DCC | Pyzor | Razor2 | Bayes Easy and quick, lets go... DCC # wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z # tar xfvz dcc-dccproc.tar.Z # cd dcc-dccproc-* # ./configure \ --bindir=$(PREFIX)/bin \ --libexecdir=$(PREFIX)/lib/dcc \ --mandir=$(PREFIX)/man \ --homedir=/var/lib/dcc # make # make install # chown -R postfix:postfix /var/lib/dcc --- Allow through Firewall --- # sudo ufw allow to any port 6277 proto udp # nano /var/lib/dcc/dcc_conf DCCUID=root --> DCCUID=postfix GREY_CLIENT_ARGS=on DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 mail %s from %s rejected; see http://www.spamhaus.org/xbl/' -Bsbl-xbl.spamhaus.org,any" DCCIFD_ENABLE=off --> DCCIFD_ENABLE=on Configure_DCCUID=root --> Configure_DCCUID=postfix Test, you should see a server list # cdcc info Restart # /lib/dcc/rcDCC start Result Bayes Lets cleanup the spamassassin compile directory and start fresh # rm -rf /var/lib/spamassassin/* # su debian-spamd -c '/usr/bin/sa-update --gpghomedir /var/lib/spamassassin/sa-update-key' # su debian-spamd -c '/usr/bin/sa-compile --quiet' # sa-learn --sync # usermod -a -G amavis debian-spamd # chown amavis:amavis /var/lib/amavis/.spamassassin/bayes_seen # chown amavis:amavis /var/lib/amavis/.spamassassin/bayes_toks # chmod 0600 /var/lib/amavis/.spamassassin/bayes_seen # chmod 0600 /var/lib/amavis/.spamassassin/bayes_toks # sa-learn -u debian-spamd --dbpath /var/lib/amavis/.spamassassin/bayes --dump magic -- Test Bayes -- # spamassassin -D -t < /usr/share/doc/spamassassin/examples/sample-spam.txt 2>&1 | egrep '(bayes:|whitelist:|AWL)' Setup cron tab entries to learn spam and ham every day at midnight, edit domain.com. Add all your accounts for best database building. 0 0 * * * /usr/bin/sa-learn --spam -u debian-spamd --showdots --dir /var/vmail/domain.com/support/.Spam/cur/* 0 0 * * * /usr/bin/sa-learn --ham -u debian-spamd --showdots --dir /var/vmail/domain.com/support/cur/* Razor2 Create # mkdir /var/lib/spamassassin/.razor Register # razor-admin -home=/var/lib/spamassassin/.razor -register # razor-admin -home=/var/lib/spamassassin/.razor -create # razor-admin -home=/var/lib/spamassassin/.razor -discover Pyzor Test, should be running out of the box # echo "test" | spamassassin -D pyzor 2>&1 | less
  16. Administrator

    The Perfect Spam Free Secure Mail Server

    Step Eight: Spamassassin # nano /etc/spamassassin/local.cf Replace with, make sure to add your main server IP #No user rules allow_user_rules 0 # Trusted clear_internal_networks trusted_networks 111.222.333.444 internal_networks 111.222.333.444 whitelist_from *@gmail.com # alter the mails subject rewrite_header Subject [***** SPAM _SCORE_ *****] # do not alter the body (0=do nothing, 1=add as attachment, 2=...) report_safe 0 # the required spam score is 2.0 points... lets start with that required_score 2.9 # Enable the Bayes system use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam -0.001 bayes_auto_learn_threshold_spam 2.9 bayes_path /var/lib/amavis/.spamassassin/bayes bayes_file_mode 0770 # Disable network checks skip_rbl_checks 0 skip_uribl_checks 0 # Enable razor2 and make use of it use_razor2 1 razor_config /var/lib/spamassassin/.razor/razor-agent.conf # Enable pyzor and make use of it ifplugin Mail::SpamAssassin::Plugin::Pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor pyzor_timeout 20 pyzor_options --homedir /var/lib/spamassassin/.pyzor endif # Enable DCC and make use of it loadplugin Mail::SpamAssassin::Plugin::DCC use_dcc 1 dcc_path /bin/dccproc dcc_dccifd_path /lib/dcc/dccifd dcc_home /var/lib/dcc dcc_learn_score 0 dcc_timeout 10 full DCC_CHECK eval:check_dcc() add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES(,)_ _DCCR_ _PYZOR_ _RBL_ autolearn=_AUTOLEARN_ version=_VERSION_ # Set headers which may provide inappropriate cues to the Bayesian classifier bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Stat ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on shortcircuit SUBJECT_IN_WHITELIST on # the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on shortcircuit SUBJECT_IN_BLACKLIST on # if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # shortcircuit ALL_TRUSTED on # and a well-trained bayes DB can save running rules, too # shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham endif # Mail::SpamAssassin::Plugin::Shortcircuit # nano /etc/default/spamassassin Adjust ENABLED=1 CRON=1 restart # /etc/init.d/spamassassin restart Remember that deprecated warning during the Perl install? We will now we will fix it now. # nano -c /usr/local/share/perl/5.26.1/Mail/SpamAssassin/PerMsgStatus.pm Go to line 921 and change this $str =~ s/^(.{,200}).*$/$1/gs; to this $str =~ s/^(.\{,200}).*$/$1/gs; Now update Spamassassin rules # sa-update
  17. Administrator

    The Perfect Spam Free Secure Mail Server

    Step Seven: Postgrey Quick and simple # nano /etc/default/postgrey Copy and paste # postgrey startup options, created for Debian # you may want to set # --delay=N how long to greylist, seconds (default: 300) # --max-age=N delete old entries after N days (default: 35) # see also the postgrey(8) manpage POSTGREY_OPTS="--inet=10023 --delay=60 --privacy --x-greylist-header=Mail delayed %t seconds by postgrey-%v at %h; %d" # the --greylist-text commandline argument can not be easily passed through # POSTGREY_OPTS when it contains spaces. So, insert your text here: POSTGREY_TEXT="This email was rejected by our greylisting server" Restart Postgrey # /etc/init.d/postgrey restart result
  18. Administrator

    The Perfect Spam Free Secure Mail Server

    Step Six: Amavis # nano /etc/amavis/conf.d/15-content_filter_mode Replace with use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return # nano /etc/amavis/conf.d/20-debian_defaults Find $final_spam_destiny = D_BOUNCE; Change to $final_spam_destiny = D_DISCARD; # nano /etc/amavis/conf.d/40-policy_banks Adjust to your liking # nano /etc/amavis/conf.d/50-user Replace with, be sure to update domain and database info use strict; # # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # $mydomain = 'domain.com'; $myhostname = 'mail.domain.com'; #@local_domains_acl = ( "domain.com", "domain2.com, "domain3.net" ); @local_domains_acl = qw(.); # Three concurrent processes. This should fit into the RAM available on an # AWS micro instance. This has to match the number of processes specified # for Amavis in /etc/postfix/master.cf. $max_servers = 3; # Add spam info headers if at or above that level - this ensures they # are always added. $sa_tag_level_deflt = -9999; # Check the database to see if mail is for local delivery, and thus # should be spam checked. @lookup_sql_dsn = ( ['DBI:mysql:database=mailservename;host=127.0.0.1;port=3306', 'postfixuser', 'databasepassword']); $sql_select_policy = 'SELECT domain from domain WHERE CONCAT("@",domain) IN (%k)'; # Uncomment to bump up the log level when testing. $log_level = 2; $sa_debug = 1; #------------ Do not modify anything below this line ------------- 1; # ensure a defined return Add the clamav user to the amavis group in order for Amavisd-new to have the appropriate access to scan files: # adduser clamav amavis # adduser amavis clamav
  19. Administrator

    The Perfect Spam Free Secure Mail Server

    Step five: OpenDKIM | SPF | DMARC Now that mail is working we need to setup our filtering and security applications to make sure mail is marked clean from our server and to catch those marked dirty to our server. Lets start with the three settings that need to be part of your domains DNS. I am using bind here but for the most part the lines you need to add are the same for any DNS server. Open your domain DNS file and add the following. SPF change domain.com and IP to yours domain.com. IN TXT "v=spf1 include:domain.com ip4:111.222.333.444 ip6:fe80::a6bf:1ff:fe1d:ad5e ~all" DMARC change domain.com to yours _dmarc.domain.com. IN TXT "v=DMARC1; p=none; sp=reject; ruf=mailto:postmaster@domain.com; rua=mailto:postmaster@domain.com; aspf=r; rf=afrf; pct=20; ri=86400" OpenDKIM # mkdir -pv /etc/opendkim/domain.com/ # chown -R opendkim:opendkim /etc/opendkim # cd /etc/opendkim/domain.com # opendkim-genkey -r -h sha256 -d domain.com -s email # mv -v email.private email.key Now open the email.txt and copy the entire contents to your DNS, it will look something like this # nano /etc/opendkim/domain.com/email.txt email._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9w0BAQEFAA3f534x34IBCgKCAQEAxuVypsj0xLll8T2AMtt7Wl1O4d722oraaAx8XPmYhm4kLobe6xbzxTGEyOnoczSElfrcDFKGALXIWLYQSAul3kyrdaYAhNk0YzcXY/esfT53WlMuwZA04BsnKYQdn7hSlP7+vhMkNdpgXTxfdf6AXKbXlAiYdalM75zeF/Ukf435ffc/nzQ2W910Jf+zKdZZMQef2dyyehM5CWGFo" "MWNwZ2sPsd4voNq72Uo3xgf35gxx35gMMr6PDgsxR1gRJ87QZOBnIvTquH12K2cLanTFm6O93PrRhbmtiy+H3WnNu+mazajSFFsv0/xEW7QncromsvRsVlfEs4QfPMjNUtDHUMeB0LQwGwIDAQAB" ) ; ----- DKIM key email for domain.com All three of these should be pasted in consecutive lines in DNS zone file and before the mail entries Restart the DNS server and check the logs for errors in syntax. # /etc/init.d/bind9 restart More on OpneDKIM we are not done yet if we want it working properly Test Key # opendkim-testkey -vvv -d domain.com -s email -k /etc/opendkim/domain.com/email.key Now lets finish it up # cd /etc/opendkim/ # nano KeyTable Add #key_name domain:selector:/etc/opendkim/domain.com/email.key email._domainkey.domain.com domain.com:email:/etc/opendkim/domain.com/email.key # nano SigningTable Add #*@domain.com domain.com *@domain.com email._domainkey.domain.com # nano TrustedHosts Add your domain, hostname, mailserver name, local host, and server IPs 127.0.0.1 domain.com servername.domain.com mail.domain.com 111.222.333.444/24 111.222.333.444/30 Permissions chown opendkim:opendkim /etc/opendkim/{KeyTable,SigningTable,TrustedHosts} Configure DKIM # nano /etc/opendkim.conf Copy and paste # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) OversignHeaders From,Subject SignatureAlgorithm rsa-sha256 AutoRestart Yes Canonicalization relaxed/relaxed ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable LogWhy Yes MinimumKeyBits 1024 Mode sv PidFile /var/run/opendkim/opendkim.pid SigningTable refile:/etc/opendkim/SigningTable Socket local:/var/run/opendkim/opendkim.sock Syslog Yes SyslogSuccess Yes LogWhy Yes TemporaryDirectory /var/tmp UMask 0002 UserID opendkim:opendkim TrustAnchorFile /usr/share/dns/root.key Run the following commands, replace domain.com with yours mkdir -p /var/run/opendkim/ chown opendkim:opendkim /var/run/opendkim/ chown opendkim:opendkim /var/run/opendkim/opendkim.sock chown opendkim:opendkim /etc/opendkim/domain.com/email.key chown opendkim:opendkim /etc/opendkim/domain.com/email.txt usermod -a -G opendkim postfix chmod 775 /var/run/opendkim/ Defualts # nano /etc/default/opendkim Copy and paste # Command-line options specified here will override the contents of # /etc/opendkim.conf. See opendkim(8) for a complete list of options. #DAEMON_OPTS="" # Change to /var/spool/postfix/var/run/opendkim to use a Unix socket with # postfix in a chroot: RUNDIR=/var/run/opendkim #RUNDIR=/var/run/opendkim # # Uncomment to specify an alternate socket # Note that setting this will override any Socket value in opendkim.conf # default: SOCKET="local:$RUNDIR/opendkim.sock" # SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock" # listen on all interfaces on port 54321: #SOCKET=inet:54321 # listen on loopback on port 12345: #SOCKET=inet:12345@localhost # listen on 192.0.2.1 on port 12345: #SOCKET=inet:12345@192.0.2.1 USER=opendkim GROUP=opendkim PIDFILE=$RUNDIR/opendkim.pid EXTRAAFTER= Restart # /etc/init.d/opendkim restart We are now in the home stretch...
  20. Administrator

    The Perfect Spam Free Secure Mail Server

    Step four: Dovecot Configure Dovecot is a bit easier than Postfix, we just have to change a few config files to get it up and running properly. If config is not in the list, leave as is! # cd /etc/dovecot/conf.d # nano 10-auth.conf Uncomemnt -Enable disable_plaintext_auth = yes Adjust - Add login auth_mechanisms = plain login Switch - Comment all others !include auth-sql.conf.ext # nano 10-logging.conf Uncomment log_path = syslog auth_verbose = yes auth_verbose_passwords = plain auth_debug = yes auth_debug_passwords = yes mail_debug = yes verbose_ssl = yes log_timestamp = "%b %d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k # nano 10-mail.conf Adjust mail_location = maildir:/var/vmail/%d/%n Uncomment type = private Uncomment mail_uid = vmail mail_gid = mail Comment #mail_privileged_group = mail Uncomment first_valid_uid = 150 last_valid_uid = 150 Uncomment mail_plugin_dir = /usr/lib/dovecot/modules # nano 10-master.conf Copy and paste #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> service_count = 1 # Number of processes to always keep waiting for more connections. process_min_avail = 4 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { service_count = 1 inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { mode = 0666 user = vmail group = mail } unix_listener /var/spool/postfix/private/auth { mode = 0666 # Assuming the default Postfix user and group user = postfix group = postfix } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } # Auth process is run as this user. user = root } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } } # nano 10-ssl.conf Copy and paste, make sure you update all SSL paths! ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = required # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.domain.com/privkey.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) ssl_ca = </etc/letsencrypt/live/mail.domain.com/chain.pem # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. ssl_client_ca_dir = /etc/ssl/certs #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. ssl_dh_parameters_length = 2048 # SSL protocols to use #ssl_protocols = !SSLv2 !SSLv3 # SSL ciphers to use ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:+MEDIUM # Prefer the server's order of ciphers over client's. ssl_prefer_server_ciphers = yes # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = # nano 15-mailboxes.conf Copy and paste ## ## Mailbox definitions ## # Each mailbox is specified in a separate mailbox section. The section name # specifies the mailbox name. If it has spaces, you can put the name # "in quotes". These sections can contain the following mailbox settings: # # auto: # Indicates whether the mailbox with this name is automatically created # implicitly when it is first accessed. The user can also be automatically # subscribed to the mailbox after creation. The following values are # defined for this setting: # # no - Never created automatically. # create - Automatically created, but no automatic subscription. # subscribe - Automatically created and subscribed. # # special_use: # A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the # mailbox. There are no validity checks, so you could specify anything # you want in here, but it's not a good idea to use flags other than the # standard ones specified in the RFC: # # \All - This (virtual) mailbox presents all messages in the # user's message store. # \Archive - This mailbox is used to archive messages. # \Drafts - This mailbox is used to hold draft messages. # \Flagged - This (virtual) mailbox presents all messages in the # user's message store marked with the IMAP \Flagged flag. # \Junk - This mailbox is where messages deemed to be junk mail # are held. # \Sent - This mailbox is used to hold copies of messages that # have been sent. # \Trash - This mailbox is used to hold messages that have been # deleted. # # comment: # Defines a default comment or note associated with the mailbox. This # value is accessible through the IMAP METADATA mailbox entries # "/shared/comment" and "/private/comment". Users with sufficient # privileges can override the default value for entries with a custom # value. # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. namespace inbox { # These mailboxes are widely used and could perhaps be created automatically: mailbox Trash { auto = no special_use = \Trash } mailbox Junk { auto = no special_use = \Junk } mailbox Drafts { auto = no special_use = \Drafts } mailbox Sent { auto = subscribe # autocreate and autosubscribe the Sent mailbox special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = create # autocreate Spam, but don't autosubscribe special_use = \Junk } # If you have a virtual "All messages" mailbox: #mailbox virtual/All { # special_use = \All # comment = All my messages #} # If you have a virtual "Flagged" mailbox: #mailbox virtual/Flagged { # special_use = \Flagged # comment = All my flagged messages #} } # nano 20-imap.conf Replace at bottom protocol imap { mail_max_userip_connections = 512 imap_idle_notify_interval = 24 mins mail_plugins = $mail_plugins antispam } # nano 20-pop3.conf Replace at bottom protocol pop3 { mail_max_userip_connections = 512 #mail_plugins = $mail_plugins sieve } # nano 90-plugin.conf Copy and paste ## ## Plugin settings ## # All wanted plugins must be listed in mail_plugins setting before any of the # settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and # their configuration. Note that %variable expansion is done for all values. plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve.d/ sieve_global_path = /var/lib/dovecot/sieve.d/default.sieve } plugin { antispam_backend = pipe antispam_signature = X-Spam-Flag antispam_signature_missing = move antispam_trash = trash;Trash;Deleted Items;Deleted Messages antispam_trash_pattern = trash;Trash;Deleted * antispam_trash_pattern_ignorecase = TRASH antispam_spam = Spam;Junk antispam_spam_pattern = spam;Spam;junk;Junk antispam_spam_pattern_ignorecase = SPAM;JUNK antispam_pipe_tmpdir = /var/tmp antispam_pipe_program = /usr/bin/spamc antispam_pipe_program_args = --username;debian-spamd antispam_pipe_program_spam_arg = --learntype=spam antispam_pipe_program_notspam_arg = --learntype=ham antispam_debug_target = syslog antispam_verbose_debug = 1 } # nano 90-sieve.conf Uncomment sieve_before = /var/lib/dovecot/sieve.d/ sieve_extensions = +notify +imapflags +fileinto +mailbox +variables sieve_global_extensions = +spamtest +spamtestplus +virustest +relational +comparator-i;ascii-numeric +reject +regex +body sieve_max_script_size = 1M And finally connect to the database # nano /etc/dovecot/dovecot-sql.conf.ext Uncomment driver = mysql connect = host=localhost dbname=mailservename user=postfixuser password=databasepassword password_query = \ SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, \ 8 as userdb_gid, allow_nets \ FROM mailbox WHERE username = '%u' AND active = '1' user_query = \ SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \ 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ FROM mailbox WHERE username = '%u' AND active = '1' Enabling Sieve # nano 15-lda.conf Uncomment postmaster_address = postmaster@domain.com hostname = mail.domain.com Adjust protocol lda { log_path = syslog mail_plugins = $mail_plugins sieve mail_fsync = optimized } Restart Dovecot # /etc/init.d/dovecot restart Should start with no problems. I have verbose debugging enabled for testing and correcting. You can alter this in the logging.conf when all is well. Most common error is path to SSL, make sure it is correct or server wont start. Now we want to connect to the mail server from a client such as Outlook but first we need to take some security steps and create a new row in the mailserver database Create a new row in the mailboxes table allow_nets varchar(255) NOT Null This is where you can add you IP address block to connect from, it ensures no one else can access your email unless its from your own work station/machine In allow_nets for each mailbox add your public IP block like so 111.222.333.0/24 For convenience you can also add it from the mail admin submission form when editing or creating new account but we will need to alter the postfix admin code to achieve this. And upon each update it will need to be added in as it is over written. At the command line (Path to mymailadmin) # nano /usr/share/mymailadmin/model/MailboxHandler.php Find 'name' => pacol(1, 1, 1, 'text', 'name' , 'pCreate_mailbox_name_text' , '' ), Add underneath 'allow_nets' => pacol( 1, 1, 1, 'text', 'pCreate_allowed_nets' , 'pCreate_allow_nets' , '' ), # nano /usr/share/mymailadmin/templates/list-virtual_mailbox.tpl Find {if $CONF.quota===YES}<td>{$PALANG.pOverview_mailbox_quota}</td>{/if} Below it add <td>{$PALANG.allownet}</td> Find <td>{$item.modified}</td> Above it add <td>{$item.allow_nets}</td> # nano /usr/share/mymailadmin/languages/en.lang Adjust for your own language Add at top $PALANG['allownet'] = 'Allowed Nets'; $PALANG['pCreate_allowed_nets'] = 'Allowed IP Nets (comma separated list)'; Save the files and login to Postfix admin and see the fields available now. Moving on...
  21. Administrator

    The Perfect Spam Free Secure Mail Server

    Now lets connect Postfix to the database. Use the database name, user, and pass we created for postfix admin. # cd /etc/postfix # nano mysql_virtual_alias_domainaliases_maps.cf user = postfixuser password = databasepassword hosts = 127.0.0.1 dbname = mailservename query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address=concat('%u', '@', alias_domain.target_domain) AND alias.active = 1 # nano mysql_virtual_alias_maps.cf user = postfixuser password = databasepassword hosts = 127.0.0.1 dbname = mailservename table = alias select_field = goto where_field = address additional_conditions = and active = '1' # nano mysql_virtual_domains_maps.cf user = postfixuser password = databasepassword hosts = 127.0.0.1 dbname = mailservename table = domain select_field = domain where_field = domain additional_conditions = and backupmx = '0' and active = '1' # nano mysql_virtual_mailbox_domainaliases_maps.cf user = postfixuser password = databasepassword hosts = 127.0.0.1 dbname = mailservename query = SELECT maildir FROM mailbox, alias_domain WHERE alias_domain.alias_domain = '%d' AND mailbox.username=concat('%u', '@', alias_domain.target_domain ) AND mailbox.active = 1 # nano mysql_virtual_mailbox_maps.cf user = postfixuser password = databasepassword hosts = 127.0.0.1 dbname = mailservename table = mailbox select_field = CONCAT(domain, '/', local_part) where_field = username additional_conditions = and active = '1' If enabled, open ports in ufw or your preferred firewall # sudo ufw allow to any port 465 # sudo ufw allow to any port 110 # sudo ufw allow to any port 25 # sudo ufw allow to any port 143 # sudo ufw allow to any port 993 # sudo ufw allow to any port 995 Now restart Postifx # /etc/init.d/postfix restart And the result should be flawless; 0 errors Check logs for errors /var/log/mail.log && /var/log/mail.err Thats it for now with Postfix get some coffee we now move to Dovecot...
  22. Administrator

    The Perfect Spam Free Secure Mail Server

    Step three: Postfix Admin Now time to setup our database to connect with Postfix Admin, You will need to create a database and user via mysql cli or phpmysqladmin. Make sure the user has all privileges on the database. Use a UNIX password please! DO NOT use a weak or easy pass or you will be sorry. Why bother doing all this configuring if you are going to use a weak pass and eliminate all the security we are adding? Be smart and generate a 20 character pass from here https://my.norton.com/extspa/idsafe?path=pwd-gen#password_generator Best practice is to have your mail admin in a shared directory on the server IE /usr/shared. Avoid installing on you domain root please! I will show how to connect via SSL and .htaccess with Nginx. Lets grab the files, check the Github project site for the latest version and append your wget URL accordingly # cd /usr/share # wget -O postfixadmin.tgz https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-3.2.tar.gz # tar -zxvf postfixadmin.tgz --- We want to change the name of the directory. You can name it what you want --- # mv postfixadmin-postfixadmin-3.2 mymailadmin We are installed, now we need to configure and connect to the database. This can only be done via your browser so time to setup the server block in Nginx or virtual host in Apache For NGINX users it is best to create a new user that is the only one that has access to the mail admin. Name it whatever you want, I will use appalosa45 (don't ask). Create user, directories, vhosts, and FPM conf # adduser appalosa45 # mkdir /home/appalosa45/logs # mkdir /home/appalosa45/_sessions # mkdir /home/appalosa45/backup # chown appalosa45:appalosa45 /home/appalosa45/logs # chown appalosa45:appalosa45 /home/appalosa45/_sessions # nano etc/nginx/sites-available/appalosa45.vhost --- Paste in file below user.vhost then save--- # ln -s /etc/nginx/sites-available/appalosa45.vhost /etc/nginx/sites-enabled/ # nano /etc/php/7.2/fpm/pool.d/appalosa45.conf --- Paste in file below user.conf then save--- # /etc/init.d/nginx restart # /etc/init.d/php7.2-fpm restart user.vhsot - Edit to your settings, IE domain.com / mail.domain.com , log paths, IP access (optional, comment out if not using), etc. server { listen 8100 ssl; server_name mail.domain.com; ########## SSL Directives ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 valid=300s; resolver_timeout 5s; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_prefer_server_ciphers On; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; root /usr/share/mymailadmin/public; allow 11.222.333.44; deny all; client_max_body_size 15M; error_log /home/appalosa45/logs/mymailadmin_error.log; access_log /home/appalosa45/logs/mymailadmin_access.log combined; # serve static files directly location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { access_log off; } ################################################################################################################ ############################### Auth Basic for Mail Admin Area with IP Protection ################################### location / { allow 11.222.333.44; deny all; auth_basic "Admin Restricted Area"; auth_basic_user_file /etc/nginx/domain.com/.htpasswd; } location ~ ^/.*\.php$ { allow 11.222.333.44; deny all; auth_basic "Admin Restricted Area"; auth_basic_user_file /etc/nginx/domain.com/.htpasswd; fastcgi_pass unix:/var/run/appalosa45_fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\. { deny all; } } Create the .htpasswd file # mkdir /etc/nginx/domain.com # nano /etc/nginx/domain.com/.htpasswd Create your hash the easy way Go to https://my.norton.com/extspa/idsafe?path=pwd-gen#password_generator create pass and copy it Go to http://www.htaccesstools.com/htpasswd-generator/ copy pass into field and add username you created, generate, should look like this Paste that into .htpasswd and save Now setup Postfix Admin [More Info https://raw.githubusercontent.com/postfixadmin/postfixadmin/master/INSTALL.TXT] Make sure you can connect securely. https://mail.domain.com:8100/index.php Lets connect to database # nano /usr/share/mymailadmin/config.inc.php Set your database values and enable Create template cache directory and set permissions # mkdir /usr/share/mymailadmin/templates_c # chmod -R 0777 /usr/share/mymailadmin/templates_c --- Create Custom Includes --- # touch /usr/share/mymailadmin/config.local.php Setup login https://mail.domain.com:8100/setup.php This will display any errors, should be 0 if you followed the guide to the tee. Set up a setup pass hash, copy into the config.inc.php will look like this Finish the setup, use yourdomain.com as user and a pass. LOGIN and add your virtual domain(s) and email accounts.
  23. Administrator

    The Perfect Spam Free Secure Mail Server

    Now that we have our main configuration done we need to create all the access filters and database files that our main.cf needs to function. First lets create the user and mail directories # useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual maildir handler" vmail # mkdir /var/vmail # chmod 770 /var/vmail # chown vmail:mail /var/vmail Access Filters # nano /etc/postfix/check_client_greylist Insert the following # regex to check clients which seem to be dynamic # only those will be greylisted # # regex type, no postmap needed /^unknown$/ check_greylist /([0-9]{1,3}[.-]){3,4}[^0-9.]+/ check_greylist /^(dhcp|dialup|ppp|adsl|host|static|www|server|client)[^.]*[0-9]/ check_greylist /^[^.]*[0-9]{5}/ check_greylist Save file # nano /etc/postfix/client_checks Insert the following - You can add IPs and hosts you want to allow or block here. I already added a few well known spamming IPs and hosts to start you off. ### client restrictions ### check_client_access regexp:/etc/postfix/client_restrictions ### WHITE LIST mostly trusted host names ### /\.google\.com$/ OK /\.paypal\.com$/ OK ### Generic Block of DHCP machines or those with many numbers in the hostname ### /^(dhcp|dialup|ppp|adsl|pool)[^.]*[0-9]/ 550 S25R6 check ### BLACK LIST known spammer friendly ISPs ### /\.(internetdsl|adsl|sdi)\.tpnet\.pl$/ 550 domain check tpnet /^user.+\.mindspring\.com$/ 550 domain check mind /[0-9a-f]{4}\.[a-z]+\.pppool\.de$/ 550 domain check pppool /\.dip\.t-dialin\.net$/ 550 domain check t-dialin /\.(adsl|cable)\.wanadoo\.nl$/ 550 domain check wanadoo # Restricts which clients this system accepts SMTP connections from. # example.com REJECT No spammers # .example.com REJECT No spammers, from your subdomain # 123.456.789.123 REJECT Your IP is spammer # 123.456.789.0/24 REJECT Your IP range is documented spammer # 321.987.654.321 OK # example1.com OK 91.197.232.15 REJECT No spammers 31.44.69.158 REJECT No spammers .iusacell.net REJECT No spammers 187.189.20.174 REJECT Your IP range is documented spammer planet-telecom.eu REJECT Your IP range is documented spammer umich.edu REJECT Your IP range is spammer 141.212.122.208 REJECT Your IP range is documented spammer 208.81.179.108 REJECT Your IP range is documented spammer dataclub.biz REJECT You cant use our mailserver for your spam 185.29.11.196 REJECT Your IP range is documented spammer 46.183.220.149 REJECT Your IP range is documented spammer 153.36.240.17 REJECT Your IP range is documented spammer legacymerchant.com REJECT You cant use our mailserver for your spam 85.25.226.205 REJECT Your IP range is documented spammer worldwebvideos.com REJECT You cant use our mailserver for your spam 185.70.185.90 REJECT Your IP range is documented spammer 169.56.71.45 REJECT Your IP range is documented spammer Save the file and make it a database file for postfix by running # postmap /etc/postfix/client_checks # nano /etc/postfix/header_checks Insert the following #### Header checks file #### header_checks = regexp:/etc/postfix/header_checks #### Checks are done in order, top to bottom. #### Remove the following from the header to protect internal lans #/^Received:.*.internal.lan/ IGNORE #### non-RFC Compliance headers /[^[:print:]]{7}/ REJECT 2047rfc /^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ REJECT 822rfc1 /(.*)?\{6,\}/ REJECT 822rfc2 /(.*)[X|x]\{3,\}/ REJECT 822rfc3 #### Unreadable Language Types? -- NON-acsii un-printable /^Subject:.*=\?(GB2312|big5|euc-kr|ks_c_5601-1987|koi8)\?/ REJECT NotReadable1 /^Content-Type:.*charset="?(GB2312|big5|euc-kr|ks_c_5601-1987|koi8)/ REJECT NotReadable2 #### Hidden Word Subject checks /^Subject:.* / REJECT TooManySpaces /^Subject:.*r[ _\.\*\-]+o[ _\.\*\-]+l[ _\.\*\-]+e[ _\.\*\-]+x/ REJECT NoHiddenWords1 /^Subject:.*p[ _\.\*\-]+o[ _\.\*\-]+r[ _\.\*\-]+n/ REJECT NoHiddenWords2 #### Do not accept these types of attachments /^Content-(Type|Disposition):.*(file)?name=.*\.(bat|com|exe)/ REJECT Bad Attachment .${3} /^Received:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE /^X-Originating-IP:/ IGNORE /^x-cr-[a-z]*:/ IGNORE /^Thread-Index:/ IGNORE /^(X-DSPAM-.*)/ IGNORE Save file # nano /etc/postfix/helo_access Insert the following altering domain.com and IP to match your domain/server IP ### helo access ### check_helo_access hash:/etc/postfix/helo_access localhost REJECT 554 Get lost asshole 127.0.0.1 REJECT 554 Get lost asshole domain.com REJECT 554 Get lost asshole 111.222.333.444 REJECT 554 Get lost asshole Save the file and make it a database file for postfix by running # postmap /etc/postfix/helo_access # nano /etc/postfix/mime_header_checks Insert the following /name=[^>]*\.(bat|com|exe|dll|vbs)/ REJECT Save file # nano /etc/postfix/sender_access Insert the following adjusting domain.com to your domain. Added some common creeps in there for you to get started domain.com OK musclegainx.com REJECT telecomitalia.it REJECT 88.39.207.233 REJECT 217.69.133.67 REJECT secureserver.net REJECT stuckinyemen.com REJECT 37.140.192.17 REJECT 91.197.232.15 REJECT 31.44.69.158 REJECT legacymerchant.com REJECT 169.56.71.45 REJECT mailgeek.org REJECT griffinwink.com REJECT 104.47.37.133 REJECT 175.100.101.96 REJECT 5.188.9.0/24 REJECT 92.63.192.0/20 REJECT Save the file and make it a database file for postfix by running # postmap /etc/postfix/sender_access # nano /etc/postfix/sender_checks Insert the following note the examples # Restricts sender addresses this system accepts in MAIL FROM commands. # example.com REJECT env. from addr any@example.com rejected # .example.com REJECT env. from addr any@sub.example.com rejected # user@example.com REJECT We don't want your email # example2.com OK .iusacell.net REJECT We don't want your email Leopoldo050@cutorrent.com REJECT You cant use our mailserver for your spam daycareworks.com REJECT You cant use our mailserver for your spam dataclub.biz REJECT You cant use our mailserver for your spam paypal.com OK Save the file and make it a database file for postfix by running # postmap /etc/postfix/sender_checks # nano /etc/postfix/tls_policy Insert the following - This file lists mail servers that do not use forced encryption and really you shouldn't allow them because they don't care about client security. So if using forced encryption [encrypt] this list will fall back to [may] if they are not using forced encryption. You can add or take away hosts. live.co.uk may internode.on.net may extmail.bigpond.com may exemail.com.au may live.com may charter.net may mx.west.cox.net may mxin.mygrande.net may bigpond.com may grandecom.net may cox.net may Save the file and make it a database file for postfix by running # postmap /etc/postfix/tls_policy Now for the database and administration...
  1. Load more activity
×