mail

I have created an patch against policyd-weight. With this patch policyd-weight will query IPv6 RBL lists and perform HELO checks with IPv6 addresses.

I have also modified the configuration from policyd-weight. The patch includes the IPv6 beta RBL list ipv6rbl.ipv6-world.net. More information about this IPv6 RBL list can be found on ipv6-world.net.

Please note, that is patch is experimental - use it on your own risk!

If you are using Policyd-weight and you want to monitor it with your nagios, you can use my policyd-weight nagios plugin.

You can download it here.

I think you are know the TMS Logisik Spam. I get it 10 times a day.

You should look at http://tms-logistik.de/ a really nice site about spambots and the fucking spammails.

I using postifx-pcre to reject this mail on SMTP connect. If you reject this mails on SMTP connect your mailq does not blow up and it does not slow down your mailserver.

Updated features list:

1.) normal eMailaccount

• change there own password


• create/modify/delete autoresponder


• create/modify/delete forward to an other email address (with the option deliver local or not)


• activate/deactivate spamassassin


• create/modify/delete whist- and blacklists for spamassassin


• modify some options for spamassassin, e.g. rewrite subject

Now it would be nice if some volunteer create a nice site layout for the webinterface.

My project is neaerly complete! - Web based managment for eMailServers.

My eMailServer framework based on Courier/Postfix/Maildrop/MySQL has got four usergroups:

1.) normal eMailaccount

• change there own password


• create/modify/delete autoresponder

2.) admin for one or more domains

• can do the same like a normal eMailaccount


• create/modify/delete eMailaddresses


• create/modify/delete Forwardings


• create/modify/delete CatchAll Address

3.) superadmin

• can do the same like the admin


• create/modify/delete domains

4.) superadmin manager

• can do the same like the superadmin


• create/modify/delete superadmins

All this actions can be done with the webinterface!

You can find some screenshots here.

Sorry all screenshots in german, but it based on Smarty so you can make your own template.

The Webinterface depends on php4, php4-mysql, php4-cli, mysql-server,smarty, php4-pear and some extra Pear Modules.

I develop an easy webinterface for Postfix and Courier based on a MySQL Database.

Now it get a step closer to the finish.



Main work is done, now some subtleties need to be done.

Yes, and it's using smarty, so everyone can make his own style!

Thanks to Sven he provides me a vserver for testing!

Please Mr. Postman
Wait, oh yes wait a minute mister postman
Wait, wait mister postman

(The Marvelettes covered by The Beatles)

So! Please wait and think a moment, if you program a little script for sending mails from an webpage to you.

Very often these script are insecure. Spammers use this script regularly to send tons of spam emails throw your server.

I think SMTP-AUTH is very important! Here is a short HowTo for Postfix with sasl authentication against shadow.

First install the necessary packages:
apt-get install postfix-tls libsasl2-modules sasl2-bin

Open the /etc/default/saslauthd for the configuration.

# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
MECHANISMS="shadow"

PARAMS="-m /var/spool/postfix/var/run/saslauthd/"
PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

Postfix have to know which authentication mode the daemon will use.
You can define this in the /etc/postfix/sasl/smtpd.conf! (chmod 0644)

saslauthd_path: /var/run/saslauthd/mux
pwcheck_method: saslauthd
mech_list: plain login

Then configure the postfix to ask for a username and password then anybody will send a mail to the server.
Add the following lines to the /etc/postfix/main.cnf

#sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_unauth_destination

For security reason you should change that postfix runs in a chroot environment. You can change that in the /etc/postfix/master.cnf

smtp inet n - y - - smtpd

(Change the - to y!)

Create now the directory for the saslauthd:
mkdir -p /var/spool/postfix/var/run/saslauthd

Set the right directory permission:
chown root.sasl -R /var/spool/postfix/var/

Instead that dpkg change the permission we have to create an override for dpkg!
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

At last postfix musst have the right permission to speak to the saslauthd daemon, add postfix to the sasl group.
adduser postfix sasl

Restart postfix and saslauthd and try to send a mail to the mailserver.

(Don't forget to set a username and a password in your mailclient for mailsending)

This script checks for new updates and mails the output to the sysadmin!

#!/bin/sh
#Copyright: Jonas Genannt jonas.genannt (AT) capi2name.de
#License: GPL

MAIL_CMD="/usr/bin/mail"
EMAIL_ADDR="email@domain.tld"
TMPNAME="`mktemp`"

IPADDR="`LC_ALL='en' /sbin/ifconfig eth0 | sed -n -e'/inet addr:/s/^.*inet addr:\([0-9.]*\).*$/\1/p'`"

if [ -z ${IPADDR} ]; then
IPADDR="`LC_ALL='en' /sbin/ifconfig eth0:1 | sed -n -e'/inet addr:/s/^.*inet addr:\([0-9.]*\).*$/\1/p'`"
fi

if [ -z ${IPADDR} ]; then
IPADDR=`/bin/hostname -f`
fi

apt-get update > /dev/null
if [ `apt-get --just-print upgrade | grep -c -E "^Inst"` -gt "0" ]; then

echo -e "apt-get upgrade would like to install these packages:\n" >> ${TMPNAME}
`apt-get --just-print -u upgrade | grep "^Inst " | awk '{print$2}' >> ${TMPNAME}`
echo -e "\n-------------------------------------\nSecurity Updates. You know the drill." >> ${TMPNAME}
${MAIL_CMD} ${EMAIL_ADDR} -s "Updates available on ${IPADDR}" < ${TMPNAME}
rm -f ${TMPNAME}
fi

Here is a short HowTo for configure Postfix to use Amavis with ClamAV for virus scanning!

First you should install ClamAV from backports.org, when you using the ClamAV from stable/sarge you have an old searching engine that maybe have some problems to recognize new viruses with the new files from ClamAV-freshclam.

First add this line to your /etc/apt/sources.list:

deb http://www.backports.org/debian sarge-backports main

Now that is very important to create a /etc/apt/preferences file:

Package: *
Pin: release a=sarge-backports
Pin-Priority: 200

With this entry you deactivate all packages from backports.org this is important because we will only install ClamAV from backports.

Save the file and run an apt-get update to receive the packagefiles from backports.org.

Now install clamav with:
apt-get install -t sarge-backports clamav clamav-freshclam

The -t sarge-backports is necessary, because apt will now install the package from backports.org!

Now install amavis-new:
apt-get install amavis-new

Edit your /etc/postfix/main.cf and add this for amavis:

###E-Mail filter:
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Edit your /etc/postfix/master.cf and add this for amavis:

amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd -o content_filter=
-o local_recipient_maps= -o relay_recipient_maps=
-o smtpd_restriction_classes= -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bin_address=127.0.0.1

Now you have to add clamav user to the amavis system group and add the clamav user to the amavis system group in your /etc/group!
Because clamav user must read files in the amavis directory and the amvis user must read files in the clamav directory.
After the modification /etc/group should look like:

clamav:x:107:amavis
amavis:x:108:clamav

After this modification you have to restart all services!
(postfix, clamav-daemon, clamav-freshclam, amvis)

Than you have to edit the /etc/amavis/amavisd.conf:
It's very big so I only list the changes:

line 66: $mydomain = 'localhost';

->>change to your hostname

line 429: $warnvirussender = 0;

->> no mail to virussender. because often the from emailaddres is faked!

line 442: $warnvirusrecip = 1;

->> the recipient gets an email that he has received an virus email

line 476: $virus_admin = undef;

->> postmaster gets no notification

Safe the configuration file and restart your amavid!

Now try to send an email and than try to send a virus from

If the repicient gets an email about “VIRUS ( EICAR.Test) IN MAIL TO YOU” all works fine.

If not, check the /var/log/mail.log and try to resolv the error!