Mail log IP address count

The following monster will parse the mail log and report on unique host connections along with a count.

cat /var/log/mail.log | \
  grep ' connect from unknown' | \
  awk '{ print $8 }' | \
  sort | \
  sed -n 's/.*\[\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)\].*/\1/p' | \
  awk '{count[$1]++} END {for (word in count) print count[word], word}' | \
  sort -n

openssl dhparam -out dh.pem

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

root@integrity:/etc/dovecot
# openssl dhparam -out dh.pem 4096

Adding a sender blacklist to Postfix

Here at ProgClub, as moderator for our mailing lists, I get a bunch of spam that I have to get rid of every day, to keep our lists sparkling and spam-free. I regularly get spam from senders from ofenews.co.uk, and I wanted to add their entire domain to a blacklist on our mail server… I hadn’t configured a Postfix blacklist before, so I did a little research and came up with this:

I created a file /etc/postfix/sender_access like this:

ofenews.co.uk REJECT

Then I created the access database:

# postmap /etc/postfix/sender_access

Then I added the sender restrictions into /etc/postfix/main.cf:

smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/sender_access

Then I restarted postfix and was done! Everything is easy when you know how.

For reference, here is the doco which I read to help me:

Binding Postfix to particular IP addresses

I had a problem where my postfix mail system wasn’t listening on its IP address 10.1.1.123 but it was listening on 127.0.0.1. I checked my firewall settings and made sure port 25 was open, but I still couldn’t connect.

I read an article, Bind Postfix Mail Server To Localhost or Specific IP Address Only, which gave me the hint I needed.

The trick was to comment out inet_interfaces in /etc/postfix/main.cf because it was specifying loopback-only which meant postfix wasn’t listening on its other IP addresses.