Postfix Mail Queue Management

Posted on 2022-11-11 [Friday] by jj5

I seem to need to refer to this more often than I would have imagined: Postfix Mail Queue Management.

Postfix SMTP-AUTH 4 DUMMIES

Posted on 2021-07-07 [Wednesday] by jj5

Some notes on how to configure Postfix: Postfix SMTP-AUTH 4 DUMMIES.

Dovecot SASL

Posted on 2021-07-06 [Tuesday] by jj5

Here’s some info about Dovecot SASL. I integrate this facility for Postfix authentication too. So my SMTP system has a dependency on my IMAP/POP3 system. In the backend it’s a MySQL database…

openssl dhparam -out dh.pem

Posted on 2021-07-06 [Tuesday] by jj5

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

root@integrity:/etc/dovecot
# openssl dhparam -out dh.pem 4096

Postfix Backwards-Compatibility Safety Net

Posted on 2021-06-15 [Tuesday] by jj5

Today I discovered the Postfix Backwards-Compatibility Safety Net via my mail log. Gonna have to review my Postfix settings…

Triggering a PHP script when your Postfix server receives a mail

Posted on 2020-06-26 [Friday] by jj5

Today I discovered Triggering a PHP script when your Postfix server receives a mail. Looks interesting. Gonna have a read. It references this Postfix Architecture Overview document that is even more interesting, and which I will read first!

Adding a sender blacklist to Postfix

Posted on 2017-03-09 [Thursday] by jj5

Here at ProgClub, as moderator for our mailing lists, I get a bunch of spam that I have to get rid of every day, to keep our lists sparkling and spam-free. I regularly get spam from senders from ofenews.co.uk, and I wanted to add their entire domain to a blacklist on our mail server… I hadn’t configured a Postfix blacklist before, so I did a little research and came up with this:

I created a file /etc/postfix/sender_access like this:

ofenews.co.uk REJECT

Then I created the access database:

# postmap /etc/postfix/sender_access

Then I added the sender restrictions into /etc/postfix/main.cf:

smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/sender_access

Then I restarted postfix and was done! Everything is easy when you know how.

For reference, here is the doco which I read to help me:

Single Sign On: integrating Postfix/Kerberos/LDAP

Posted on 2013-07-26 [Friday] by jj5

Some reading to do concerning integrating Postfix/Kerberos with LDAP:

http://www.postfix.org/LDAP_README.html
http://www.boobah.info/howto/postfix-ldap.html
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_ldap.html

Binding Postfix to particular IP addresses

Posted on 2012-11-11 [Sunday] by jj5

I had a problem where my postfix mail system wasn’t listening on its IP address 10.1.1.123 but it was listening on 127.0.0.1. I checked my firewall settings and made sure port 25 was open, but I still couldn’t connect.

I read an article, Bind Postfix Mail Server To Localhost or Specific IP Address Only, which gave me the hint I needed.

The trick was to comment out inet_interfaces in /etc/postfix/main.cf because it was specifying loopback-only which meant postfix wasn’t listening on its other IP addresses.

Configure Postfix for DNS Blackhole Lists

Posted on 2012-10-28 [Sunday] by jj5

Followed the instructions in this article Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database to configure my Postfix email server to stop spam. I used the whole recommendation:


smtpd_recipient_restrictions =
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   permit_mynetworks,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client dul.dnsbl.sorbs.net,
   permit

Before that my settings where:


smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination

I kept the permit_sasl_authenticated setting too.

John's blog

Talking about technology (mostly)

Tag Archives: postfix