179 shaares
7 results
tagged
mail
SETTINGS
main.cf
mydomain # the base of domain FQDN
myhostname # the full domain FQDN which serve mails
myorigin # the domain added to senderRESTRICTIONS
http://www.postfix.org/SMTPD_ACCESS_README.html
| Restriction list name | Version | Status | Effect of REJECT or DEFER result |
|---|---|---|---|
| smtpd_client_restrictions | All | Optional | Reject all client commands |
| smtpd_helo_restrictions | All | Optional | Reject HELO/EHLO information |
| smtpd_sender_restrictions | All | Optional | Reject MAIL FROM information |
| smtpd_relay_restrictions | ≥ 2.10 | Required if smtpd_recipient_restrictions does not enforce relay policy | Reject RCPT TO information |
| smtpd_data_restrictions | ≥ 2.0 | Optional | Reject DATA command |
| smtpd_end_of_data_restrictions | ≥ 2.2 | Optional | Reject END-OF-DATA command |
| smtpd_etrn_restrictions | All | Optional | Reject ETRN command |
https://wiki.centos.org/HowTos/postfix_restrictions
telnet 192.168.0.2 25 # Comments
Trying 192.168.0.2...
Connected to 192.168.0.2 (192.168.0.2).
Escape character is '^]'.
220 mail.example.com ESMTP Postfix # <-smtp_client_restrictions
HELO mail.example.com # <-smtp_helo_restrictions
250 mail.example.com #
MAIL FROM:<ned@example.com> # <-smtp_sender_restrictions
250 2.1.0 Ok #
RCPT TO:<ned@example.com> # <-smtp_recipient_restrictions
250 2.1.5 Ok #
DATA # <-smtp_data_restrictions
354 End data with <CR><LF>.<CR><LF> #
To:<ned@example.com> # <-header_checks
From:<ned@example.com> #
Subject:SMTP Test #
This is a test message # <-body_checks
. #
250 2.0.0 Ok: queued as 301AE20034
QUIT
221 2.0.0 Bye
Connection closed by foreign host.INSTALL
install
apt-get install -y opendkim opendkim-toolsdata
domain="17112018.fr"
path_keys="/etc/opendkim/keys"
dkim="dkim"KEYS
mkdir -p ${path_keys}/${domain}
cd ${path_keys}/${domain}
opendkim-genkey --bits=2048 -s ${dkim} -d ${domain}
chown opendkim:opendkim ${dkim}.private
chmod g-rwx ${dkim}.privatetest
opendkim-testkey -d ${domain} -s ${dkim} -k /etc/opendkim/keys/${domain}/${dkim}.private -vvvCONF
/etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost/etc/default/opendkim
SOCKET="inet:12301@localhost"/etc/postfix/main.cf
milter_protocol = 2
milter_default_action = accept
# without spamassassin
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
# with spamassassin
#smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
#non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301/etc/opendkim/TrustedHosts
127.0.0.1
localhost
# IP senders
$SENDER_IP
# Domains senders
*.${domain}/etc/opendkim/KeyTable
${dkim}._domainkey.${domain} ${domain}:${dkim}:${path_keys}/${domain}/${dkim}.private/etc/opendkim/SigningTable
*@${domain} ${dkim}._domainkey.${domain}RESTART
systemctl restart postfix opendkimSENDER
/etc/postfix/main.cf
relayhost = [$receiver_ip]RECEIVER
/etc/postfix/main.cf
myhostname = $domain_to_relay
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 $sender_ip1 $sender_ip2
virtual_alias_maps = hash:/etc/postfix/virtualalias
/etc/postfix/virtual
$email_alias $email_to_sendCompile modifications
postmap /etc/postfix/virtual
postfix reload
postmap -q $email_alias /etc/postfix/virtualRESTART
systemctl restart postfix.serviceALIASES / EXIM4
http://debian-facile.org/doc:reseau:exim4:redirection-mails-locaux
# add alias to container
ls /vm/root/*/etc/aliases|xargs -L 1 sed -i "\$a root: tech@17112018.fr"
cat /vm/root/*/etc/aliases
vz-launch -y "newaliases" all
vz-launch -y "exim -bt root" all
vz-launch -y "systemctl restart exim4" all
# test alias
exim -bt roothttps://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
https://linux.die.net/man/1/req
COMMON
configuration
Generate certificate for few domains, create a specific configuration file $file_conf with:
uncomment : req_extensions = v3_req (in the [ req ] section)
add in [ v3_req ] section : subjectAltName=DNS:smtp.${domain},DNS:mail.${domain},DNS:imap.${domain}files
# for one domain and few subdomain (dovecot)
file_conf=${path_ssl}/openssl-multi-${domain}-mail.cnf
file_key=${path_ssl}/private/mail.${domain}.key
file_csr=${path_ssl}/private/mail.${domain}.csr
file_crt=${path_ssl}/certs/mail.${domain}.crt
file_pem=${path_ssl}/private/mail.${domain}.pem
# for fews domains & subdomains (postfix)
file_conf=${path_ssl}/openssl-extend-${domain}-mail.cnf
file_key=${path_ssl}/private/mail.${domain}-extend.key
file_csr=${path_ssl}/private/mail.${domain}-extend.csr
file_crt=${path_ssl}/certs/mail.${domain}-extend.crt
file_pem=${path_ssl}/private/mail.${domain}-extend.pemROOT AUTHORITY + CHILD CERTIFICATES
ROOT AUTHORITY
configure
for authority certificate
file_ca_key=${path_ssl}/private/rootCA-${domain}.key
file_ca_pem=${path_ssl}/certs/rootCA-${domain}.pemcreate
Create the Root Key - for CN use the correct FQDN !! ex: mail.ambau.ovh & sign it:
openssl genrsa -out $file_ca_key 4096 # without password
openssl genrsa -des3 -out $file_ca_key 4096 # with password
# Self-sign the certificate
openssl req -x509 -new -nodes -key $file_ca_key -sha256 -days 3650 -out $file_ca_pemCHILD - once per device
configure
data
domain=ambau.ovh
path_ssl=/var/share/mail/default/ssl
# for fews domains & subdomains (postfix)
file_conf=${path_ssl}/openssl-extend-${domain}-mail.cnf
file_key=${path_ssl}/private/mail.${domain}-extend.key
file_csr=${path_ssl}/private/mail.${domain}-extend.csr
file_crt=${path_ssl}/certs/mail.${domain}-extend.crt
file_pem=${path_ssl}/private/mail.${domain}-extend.pemconfiguration
generate certificate for few domains, create a specific conf file $file_conf with:
-
in the '[ req ]' section uncomment:
req_extensions = v3_req () -
add in '[ v3_req ]' section :
subjectAltName=DNS:smtp.${domain},DNS:mail.${domain},DNS:imap.${domain}
create
# Create the key
openssl genrsa -out $file_key 2048
# Create the Certificate Signing Request CSR - for CN use the correct FQDN !! ex: mail.ambau.ovh
openssl req -new -key $file_key -out $file_csr -config $file_conf
# verify configuration of CSR
openssl req -text -noout -in $file_csr
# Self-sign the certificate the CSR
openssl x509 -req -days 1460 -sha256 -in $file_csr -CA $file_ca_pem -CAkey $file_ca_key -CAcreateserial -out $file_crt -extensions v3_req -extfile $file_conf
# Create pem file
cat $file_crt $file_key > $file_pemrights
chmod 600 ${path_ssl}/private
chmod 644 -R ${path_ssl}/certs
find ${path_ssl}/private -type f -exec chmod 0400 {} \;
find ${path_ssl}/certs -type f -exec chmod 0444 {} \;SIMPLE certificate
# create certificat & keyfile, 1095 days
openssl req -x509 -newkey rsa:2048 -keyout mydomain.key -out mydomain.crt -days 1095
# create certificat & keyfile for postfix, 3650 days
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/mydomain.key -out /etc/ssl/certs/mydomain.pemTEST SSL
starttls
telnet ${domain} 25
telnet ${domain} 587
openssl s_client -starttls smtp -connect ${domain}:25
openssl s_client -starttls smtp -connect ${domain}:587
openssl s_client -starttls smtp -connect ${domain}:143
openssl s_client -starttls smtp -connect ${domain}:110
openssl s_client -tls1_2 -servername host -connect 203.0.113.15:443ssl
openssl s_client -connect ${domain}:465
openssl s_client -connect ${domain}:993 -showcerts # imap 993show expiration date for certificate
domain="ambau.ovh"
# for mail connection
echo | openssl s_client -connect mx.${domain}:25 -starttls smtp | openssl x509 -noout -dates
# for ftp connection
echo | openssl s_client -connect ftp.${domain}:21 -starttls ftp | openssl x509 -noout -datesclient connection to imaps
openssl s_client -connect mx.${domain}:993
993:a logout
993:quitENCODE FILE
encode & compress file
tar -czf - $FILE | openssl enc -e -aes256 -out $FILE.tar.gz
openssl enc -d -aes256 -in $FILE.tar.gz | tar xz -C $PATHencode file
openssl enc -e -aes-256-cbc -in /root/.mariadb -pass 3667gaz > /root/.mariadb.enc
openssl enc -in /root/.mariadb.enc -d -aes-256-cbc -pass stdin > /root/.mariadbPOSTCONF
https://linux.die.net/man/1/postconf
postconf # list all configuration variables
postconf # list all actual configuration variables
postconf -d # list all default configuration variables
postconf -m # list all supported database
postconf -e name=value # edit configuration in main.cf
postconf -M name=value # edit configuration in master.cfoptions
-a # List the available SASL server plug-in types
-A # List the available SASL client plug-in types
-b [template_file] # Display the message text that appears at the beginning of delivery status notification (DSN) messages, with $name expressions replaced by actual value
-c config_dir # The main.cf configuration file is in the named directory instead of the default configuration directory.
-d # Print default parameter settings instead of actual settings.
-e # Edit the main.cf configuration file
-h # Show parameter values only
-l # List the names of all supported mailbox locking methods
-m # List the names of all supported lookup table types
-n # Print parameter settings that are not left at their built-in default value, because they are explicitly specified in main.cf.
-t [template_file] # Display the templates for delivery status notification (DSN) messages
-v # Enable verbose logging for debugging purposesPOSTMAP
https://linux.die.net/man/1/postmap
postmap -q $domain mysql:$query # request mysql query to database
http://www.postfix.org/mysql_table.5.html
%s user@domain # complete string
%u user # user part of string
%d user@domain # domain part of string
# example
query = SELECT '%s,%u,%d'
postmap -q $email proxy:mysql:/etc/postfix/sql/query.cf
postmap -q $email mysql:/etc/postfix/sql/query.cfpostmap /etc/postfix/virtual
postfix reloadPOSTQUEUE
https://linux.die.net/man/1/postqueue
postqueue -p # list mails in queue
postqueue -j # list mails in queue in json format
postqueue -f # flush mails in queue
postsuper -d ALL deferred # clear deferred mails in queuePOSTSUPER
https://linux.die.net/man/1/postsuper
postsuper -d $mail_id # delete one mail with id in queue
postsuper -d deferred # delete all deferred mailsSSL
https://www.stevenrombauts.be/2018/12/test-smtp-with-telnet-or-openssl/
See openssl
TELNET
telnet localhost smtp
ehlo ns22218.ovh.net
auth plain bWFuYWdlckBkYXRhc291ay5uZXQAbWFuYWdlckBkYXRhc291ay5uZXQAaGxtMTIwMQ==
mail from:<manager@datasouk.net>
rcpt to:<aguemoun@free.fr>
data
Subject: Petit Bonjour
Yeeeeeeeeeeeeeeeeeeeees
from oimeuuuuuh smtp 465
.
quitSENDMAIL
mail_from="admin@17112018.fr"
mail_to="eloise.corre@hotmail.fr"
mail_subject="test d'envoi from VPS"
mail_body="Voilà c'est juste un test\n pour voir"
C="text/plain"
(
echo "From: $mail_from"
echo "To: $mail_to"
echo "Subject: $mail_subject"
echo "MIME-Version: 1.0"
echo "Content-Type: $(! [ "$mail_content_type" ] && echo "text/plain" || echo "$mail_content_type"); charset=utf-8"
echo -e "$mail_body"
) | sendmail -t