openssl dhparam -out dh.pem

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

# openssl dhparam -out dh.pem 4096

Adding a sender blacklist to Postfix

Here at ProgClub, as moderator for our mailing lists, I get a bunch of spam that I have to get rid of every day, to keep our lists sparkling and spam-free. I regularly get spam from senders from, and I wanted to add their entire domain to a blacklist on our mail server… I hadn’t configured a Postfix blacklist before, so I did a little research and came up with this:

I created a file /etc/postfix/sender_access like this: REJECT

Then I created the access database:

# postmap /etc/postfix/sender_access

Then I added the sender restrictions into /etc/postfix/

smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/sender_access

Then I restarted postfix and was done! Everything is easy when you know how.

For reference, here is the doco which I read to help me:

Binding Postfix to particular IP addresses

I had a problem where my postfix mail system wasn’t listening on its IP address but it was listening on I checked my firewall settings and made sure port 25 was open, but I still couldn’t connect.

I read an article, Bind Postfix Mail Server To Localhost or Specific IP Address Only, which gave me the hint I needed.

The trick was to comment out inet_interfaces in /etc/postfix/ because it was specifying loopback-only which meant postfix wasn’t listening on its other IP addresses.

Configure Postfix for DNS Blackhole Lists

Followed the instructions in this article Configure Postfix for DNS Blackhole Lists such as / database to configure my Postfix email server to stop spam. I used the whole recommendation:

smtpd_recipient_restrictions =

Before that my settings where:

smtpd_recipient_restrictions =

I kept the permit_sasl_authenticated setting too.