dusko + mailserver   584

Mail Filtering - Introduction
Or, how to block a few million spams per day without breaking a sweat.
mailserver  spam 
15 days ago by dusko
Sendmail - NST Wiki
How To Flush Out All Email Messages From The Sendmail Queue

Sometimes email messages can be queued up with the Mail Transport Agent: "sendmail". The following command line can be used to manually try to immediately flush out All emails queued up by "sendmail". Even though a "sendmail" service may be running, this command is Ok to use, it will only run once and then terminate.
Try To Flush Out The Entire "sendmail" Queue:
[root@probe-222 root]# /usr/local/sbin/sendmail -q -v
sendmail  mailserver  sysadmin 
27 days ago by dusko
Sendmail Evolution
Gregory Neil Shapiro and Eric Allman
sendmail  mailserver  sysadmin 
27 days ago by dusko
Sendmail Howtos - Sendmail SMTP AUTH Howto

In case you have no idea what SMTP AUTH is good for, basically it allows you to provide relaying to people outside your trusted network by authenticating them in a secure manner. This is in contrast to an "open relay" which will allow anybody, anywhere to use your server to email whomever they want. As you can imagine, an open relay is a spammers dream as they are using YOUR precious resources to spam ten million people with your IP as the source….a very very bad thing!

As with most internet services we must break them down into two categories: client and server. Client-side SMTP AUTH is useful when your ISP's mail server requires you to authenticate yourself in order to relay through it using SMART_HOST; if you are on DSL you probably know what I'm talking about. Now this begs the question "why bother using the ISP's mail server when I'm setting up my own?" Good question, here is the answer. If you are like me and you run your own sendmail server using a residential (usually dynamic) IP, chances are 80% of your mail is going to be either bounced or plain out dropped due to SPAM filters running on most enterprise SMTP servers. Fortunately there is a way around this and that is by telling sendmail to relay all its outgoing mail to your ISP's SMTP server and have them send the mail on your behalf via SMART_HOST.

Server-side SMTP AUTH is exactly what the ISP's mail server is doing in the client-side example. It allows you to give relay access to only those that you specify, usually users listed in your /etc/passwd file. Unfortunately many email clients, Outlook and Outlook Express are especially notorious, will send the SMTP AUTH password in plain text format which is a bad thing. This is where the STARTTLS command comes into play. It will encrypt the password end to end by use of SSL so that if anybody were to sniff packets on our network they would only see garbage.
sendmail  mailserver  smtp  mta 
28 days ago by dusko
example_mail Cookbook
A Chef cookbook to setup a proper mail server for production usage.
Sources for this Cookbook



Mad props to those two links above. Thanks the documentation of these two guys, most of this configuration was possible and is indeed shamelessly copied from their links above.
mailserver  sysadmin  devops 
28 days ago by dusko
Sendmail Delay?
By default sendmail sends out a queue runner every 5 minutes. The default Timeout.hoststatus is 30 minutes, which means if a timeout occurs attempting a delivery (a temporary failure) that host will be ignored for 30 minutes, even though queue runners are being sent every 5 minutes. You might try playing with the Timeout.hoststatus settings - confTO_HOSTSTATUS in sendmail.mc and send out a couple of queue runners to see if you can clear the queue more quickly.
sendmail  mailserver  mta  sysadmin 
5 weeks ago by dusko
Linux Mail Server Setup and Howto Guide
Rapidly deploy Linux based mail solutions.
mailserver  mta 
6 weeks ago by dusko
Search for ALL DNS TXT records of a domain and subdomains
The approach of making a single DNS query to get all that information in one fell swoop is misguided. It assumes that the data for a single zone is a) static and b) managed by a single name server. DNS imposes no such limitations on zone data.

Both SPF and DKIM (and DMARC, if you want to throw that in the mix) use TXT records on specific domains. There is no need to get all the TXT records for a domain and its subdomains to view the relevant configuration.

If you want to get the SPF and DKIM information, just query the appropriate domains. Assuming you're doing Return-Path domains and DKIM signatures on md.rosposhop.com and mg.rosposhop.com then you should be interested in TXT records on

md.rosposhop.com - SPF
mg.rosposhop.com - SPF
(selector)._domainkey.md.rosposhop.com - DKIM
(selector)._domainkey.mg.rosposhop.com - DKIM

where (selector) is the selector you're using for that DKIM record. You may have more than one selector for each of md.rosposhop.com and mg.rosposhop.com domains. TXT records on other domains are irrelevant.
mailserver  spf  dkim  dmarc  spam  dns 
7 weeks ago by dusko
imap-backup -- Backup GMail (or other IMAP) accounts to disk
Backup GMail (or other IMAP) accounts to disk.

Each folder is saved to an mbox file. Alongside each mbox is a file with extension '.imap', which lists the source IMAP UIDs to allow a full restore.
mailserver  email  backup  imap 
8 weeks ago by dusko
Larch - a tool to copy messages from one IMAP server to another
Note: I no longer actively develop or use Larch, so it is effectively unmaintained. Many people claim it still works well for them, so feel free to use it, but please don't expect support, bug fixes, or new features.

Larch is a tool to copy messages from one IMAP server to another quickly and safely. It's smart enough not to copy messages that already exist on the destinati
mailserver  email  backup  imap 
8 weeks ago by dusko
How to prove that an email has been sent?
Most people are shocked to hear this, but email is not actually guaranteed to ever reach the intended destination.

It might fail for a variety of reasons. It could simply fail to arrive (for several reasons) or could be getting redirected to the recipients spam folder for some reason. If you think an email hasn't been delivered, you should send it again. I usually forward the original so that recipient knows I've been trying.

You can turn on “read receipt” or “return receipt”, which will send an email back to you automatically, but this feature is often disabled by recipients because it has been so often abused by spammers in the past.

Will covered just about everything else in his answer (https://superuser.com/questions/77131/how-to-prove-that-an-email-has-been-sent/77143#77143):

There is nothing 100% that you can use to prove on your own.

If you had your own mail server, you can show outgoing logs - however, they can be falsified.

You can use read receipts, but again, they can be falsified.

The best bet is if you use a third party mail server that is impartial, and they can provide logs, that should stand as proof.

You may have luck if you email Yahoo (and say you are willing to pay for their time on the matter) and try to get a log / proof that an email was sent on a time/date.

I am not sure you can force them in to this unless the place you need it for are involved in a criminal matter... It may work for civil, but you would need a court order.

Failing this, if it is in your outbox with a time and date, this is hard/impossible to fake on a web based email server (just check that changing your date/time and sending doesn't fake this). Then, print out and if you need to go to court, you could always have a laptop, 3g stick and projector and prove that it was sent... but again, only if it can be prooved that you can't fake this.
mailserver  email 
10 weeks ago by dusko
How to submit spam and false positive spam samples to SophosLabs
From the Recipient (To...) area, enter the necessary email address:
is-spam@labs.sophos.com - for email not detected as spam
not-spam@labs.sophos.com - for email that is genuine

Send the newly created email to SophosLabs at the address you selected above, with the subject line of your choice.
mailserver  spam  email 
april 2018 by dusko
MJML - The only framework that makes responsive-email easy
MJML - The only framework that makes responsive-email easy. Framework to create amazing emails.

Drop in Components
- lists
- carousel image slider
- social share buttons
- invoice
- Tables
- Location
- Buttons
- Navbar
- Hero heading

GitHub - https://github.com/mjmlio/mjml
Project - https://mjml.io/
Docs - https://mjml.io/documentation
Examples - https://mjml.io/templates
Generator - https://mjml.io/try-it-live
Image - https://www.apollowebstudio.com/screenshots/2017/mjml-email-template-framework.jpg
mailserver  email  sysadmin 
april 2018 by dusko
white listing sendmail authenticated users
I am trying (unsuccessfully) to write a rule to pickup if the
"authenticated bits=0" in the Received line of the header and give it -100

I am not sure if spamass-milter Version 0.3.1is passing the Received line to SA.

Does anyone know if that works? Or a better way to do it?

header LOCAL_AUTH_RCVD2 Received =~ /authenticated bits/
score LOCAL_AUTH_RCVD2 -100.0
... ... ...

Important note: be specific as to *which* received header you whitelist on. It would be trivial for a spammer to put that text in a forged "upstream" Received header.

Generally speaking, the better way to whitelist would be to tell
spamass-milter (or whatever your glue is) to not pass the message to SA at all. Your MTA knows that the message was received from an authenticated user, so see if you can leverage that knowledge to simply bypass calling SA completely.
... ... ...
Generally milters run before the local Received: header is added.

AFAIK, spamasss-milter temporarily fakes one so DNS tests can be done on the delivering IP, but it's not going to be identical to the one your MTA generates.
sendmail  spam  smtp  mailserver  mta 
april 2018 by dusko
[no title]
The main reason for SA checking authentication is to turn-off MX
specific tests such as PBL, for that reason you have to be able to trust the authentication. That's not the same as trusting the sender.
The best is, of course, to put the authentication data to the Received: header so we don't have to take care of the header order.
sendmail  spam  mailserver 
april 2018 by dusko
Sendmail SMTP-AUTH Outline
Well, a pet peeve of mine is people who directly edit the .cf file instead of using the m4 configuration files. Don't do it! [laughs] I treat the .cf file as a binary file - you should too.
-- Eric Allman, author of Sendmail, 18 Oct 1999
sendmail  smtp  mailserver 
april 2018 by dusko
How to check if user is authenticated via Sendmail
... be aware that the milter taps into the mail stream **before** the local sendmail "Received" header is added. Therefore the milter has to synthesize the "Received" header itself (to mimic what sendmail will create).
sendmail  spam  mailserver 
april 2018 by dusko
How to have sendmail write server IP in headers
An MTA should never change exiting headers unless it has some extraordinarily good reason, this is not one.
That the e-mail originated from a dynamic IP has almost nothing to do with the next hope accepting the e-mail.

I run a mail server at my house. It relays e-mail to a VPS I have, which forward e-mail appropriately. I've never had a single e-mail bounce because of the home server with a dynamic IP (which is listed in any PBLs I've looked through). Also the home server writes in a Received header for the internal IP of the MUA that originated the e-mail, or in the case of webmail is yet another IP address (and the webmail software writes it's own Received header in concerning the web browser which logged in; and if there's a proxy in the middle it's information gets in there too)
mailserver  sendmail 
march 2018 by dusko
How can I set up sendmail to forward all mail to an external MTA?
SMART_HOST is indeed the right option, but as well nullclient is. Examples:

FEATURE(`nullclient',`mta.external.com') dnl
define(`SMART_HOST',`mta.external.com') dnl
The basic difference is that nullclient, contrary to SMART_HOST, also forwards messages for local users to the remote host. SMART_HOST forwards to the remote host only messages for non-local users. Also following options might prove useful in a situation similar to that described in the question: LOCAL_RELAY, MAIL_HUB, LUSER_RELAY

I have found a great explanation of these options here: http://docstore.mik.ua/orelly/other/Sendmail_3rd/1565928393_sendmail3-chp-4-sect-5.html

Also see this post sendmail foward local mail to relay host ( https://serverfault.com/questions/634082/sendmail-foward-local-mail-to-relay-host ).
mailserver  sendmail 
march 2018 by dusko
Using SMTP commands to test if a mail server is a relay
On the RCPT TO line, we're sending to a domain that is not controlled by the SMTP server we're sending to. You will get an immediate error is SMTP relay is turned off. If you're able to continue and send an email, then relay is allowed by that server.
march 2018 by dusko
Sendmail Hints - Sendmail Tips and Tricks
Sendmail Hints - Sendmail Tips and Tricks

Information on how to configure and debug sendmail problems including common configuration questions, understanding sendmail rules and rulesets, and using debug flags and address test mode.

Adding Rules To Any Ruleset When Using M4
Including A Quick Reference Guide To The sendmail Metasymbols
Configure sendmail for HELO check
Message-ID Headers From Non-Local SMTP Clients
Understanding Sendmail Address Rewriting Rules
How To Configure sendmail For Dial On Demand Operation
How to use only submit.cf on a sendmail SMTP client
Delivering Mail To Sendmail On Different Ports Using SMTP
Requeuing Mail For Problem Domains Or Hosts That Are Down
Limiting Maximum Message Size For Selected Users
Configuring sendmail to receive mail for your domain
Subject: archival/compliance/etc
Bouncing mail for invalid users
Using "env_sender $| env_rcpt" check_compat rules in the check_rcpt ruleset
How do I see how sendmail will deliver a message?
sendmail options to check re-writing of domain
How to use address test mode and how to understand its output
Force queue on individual email
How to bounce mail for users with no forwarding address
sendmail  mailserver 
march 2018 by dusko
What am I missing in my SMTP-AUTH relay configuration?
Try to see what's going on, stop sendmail and run /usr/sbin/sendmail -bD -X /tmp/test.log, then tail -f /tmp/test.log and try again.
mailserver  sendmail  freebsd 
march 2018 by dusko
MailServer - Administration Guide Draft/Mail - Fedora Wiki
Present guide is targeted for small mailserver, serving domain with few clients.
mailserver  spam  dkim 
march 2018 by dusko
How To Run Your Own Mail Server
A guide to self-hosting your email on FreeBSD using Postfix, Dovecot, Rspamd, and LDAP.
mailserver  spam  dkim  freebsd  dovecot  ldap 
march 2018 by dusko
Anti-Spam Operations - BCP (Best Current Practices)
* Current version:

Carl Hutzler, Dave Crocker, Pete Resnick, Robert Sanders and Eric Allman pulled together a draft IETF BCP (Best Current Practices) document as a result of a number of discussions between some IRTF ASRG members and the old ASTA (antispam technical alliance) group.

The latest version of the document has been submitted to the IETF. We have gone through 5 drafts now with reasonable review during each stage. The document is now in the final stages of the IETF approval cycle.
mailserver  spam  mta 
march 2018 by dusko
sieve-reference -- A simple reference for sieve (RFC 5228)
The sieve reference is used by the sieve addon. But you can also access it directly by using the following link:


Contributions are highly welcome. Just submit a patch.
march 2018 by dusko
SPF Wizard - SPF Generator DNS tool
This ajax enabled wizard will guide you through the process of creating or editing a SPF record for your DNS domain. You should add this DNS record to your domain's DNS configuration.
mailserver  spf  dns 
march 2018 by dusko
Check a DKIM Core Key
- What is DKIM Core?
DKIM Core is a way to attach a token (or tokens) to an email that tells the recipient who is responsible for the email (typically the token would represent the author of the email, the operator of the email service, or the owner of a mailing list, but it might also represent others, such as email reputation or certification services).

- Who is it for?
It is for anyone who sends email and owns their own domain name.
It is likely to be most useful for senders of bulk email (whether they send the mail themselves or have the mail sent on their behalf by a third party email service provider), but is also useful for enterprises, consumer ISPs and anyone else who sends email.

DKIM Core is not intended for use by those who receive email. Receivers wishing to support DKIM Core on inbound email should implement DKIM (http://dkim.org/), as described in RFC 6376 (http://www.faqs.org/rfcs/rfc6376.html).

- What is it useful for?
It allows an email sender to keep using the same token even if they change their “From” address, the IP address of their mailserver or the email service provider they use to send their email. That way anyone receiving the email can tell that the email is coming from the same organization as previous emails they've received.

Spam filters can then use that token to recognize that a piece of email is not spam, and should be delivered to the recipients inbox. That may be done automatically, based on email with that token having a history of being wanted by recipients. Or it may be done manually, via a whitelist agreement between the sender and the recipients ISP - in which case it may also provide other benefits, such as displaying images in email automatically.

It can also be used as a basis for feedback loops where a consumer ISP sends information about a recipients response to emails to the sender, allowing the sender to stop sending email to recipients who no longer want to receive it.

Taken together, this will allow email senders to take action to maintain good delivery rates, and provide a better experience for recipients.
mailserver  spam  dkim 
march 2018 by dusko
Mail gmail placed in quarantine
Based on this log log of characteristics indicate that it could be a spam.

For me this message is tagged because is member of our XSL database.

Please note , that fur (first Untrusted Relay) is special, same for r (relay)

Log :

2017-07-20T14:59:27 q=5970B73F_63125_1931_1 f=<anis.android@gmail.com> t=<assistanceadsl@orangetunisie.tn> pmx_reason=?q?External_Spam_over_50 at=1,220,multipart/alternative at=1,27,text/html at=1,2,text/plain b=ok h=SXL_IP_SPAM h=EMPTY_BODY h=FORGED_FROM_GMAIL h=HTML_90_100 h=HTML_NO_HTTP h=BODYTEXTH_SIZE_10000_LESS h=BODYTEXTP_SIZE_3000_LESS h=BODYTEXTP_SIZE_400_LESS h=BODY_SIZE_1000_LESS h=BODY_SIZE_2000_LESS h=BODY_SIZE_200_299 h=BODY_SIZE_5000_LESS h=BODY_SIZE_7000_LESS h=DKIM_SIGNATURE h=HEX28_LC_NOT_GOOGLE h=NO_CTA_URI_FOUND h=NO_URI_FOUND h=NO_URI_HTTPS h=SMALL_BODY h=WEBMAIL_SOURCE h=__CT h=__CTYPE_HAS_BOUNDARY h=__CTYPE_MULTIPART h=__CTYPE_MULTIPART_ALT h=__FRAUD_WEBMAIL h=__FRAUD_WEBMAIL_FROM h=__FROM_GMAIL h=__HAS_FROM h=__HAS_HTML h=__HAS_MSGID h=__HEX28_LC_BOUNDARY h=__HTML_TAG_DIV h=__MIME_HTML h=__MIME_TEXT_H h=__MIME_TEXT_H1 h=__MIME_TEXT_H2 h=__MIME_TEXT_P h=__MIME_TEXT_P1 h=__MIME_TEXT_P2 h=__MIME_VERSION h=__PHISH_SPEAR_HTTP_RECEIVED h=__PHISH_SPEAR_STRUCTURE_1 h=__RUS_MIME_NO_TEXT h=__SANE_MSGID h=__SUBJ_ALPHA_START h=__TO_MALFORMED_2 h=__TO_NO_NAME h=__YOUTUBE_RCVD s=?q?reception_orangetunisietn pmx_action=?q?quarantine,External_Spam_over_50,-,assistanceadsl@orangetunisie.tn,assistanceadsl@orangetunisie.tn vs p=0.846 Inbound fur= Size=3085 External_Spam_Over_50 r= tm=0.30 a=d/eom


Retrieve the message on edge server
perform the following command : pmx-spam scan MSG (copy/past output of this command)
mailserver  spam 
march 2018 by dusko
« earlier      
per page:    204080120160

Copy this bookmark: