eMail Server creation

EMAIL Server Set up

Last updated 2019-01-02

These notes are intended to be reminders to myself. If you use them, you do so at your own risk.

To get started, you need a static ip. You will arrange this with your ISP. Set your gateway router to port forward ports 25 and 587 to the mail server.

You need a domain name for your email address. This will probably be the same as the website domain, but not necessarily. Register with Godaddy or Network solutions. Then use the registrar’s web tools to set the ip address of your domain (MX record) to point to the ip address assigned to you by your ISP. (this the name to ip address.)

Now set up the reverse dns. (ip to domain). This may take a phone call to get some one to fix it for you. Also many ISP’s block port 25 by default. While you are on the phone with your ISP’s tech support, make sure that port 25 is open.

If you are adding to an existing server, please do all updates and grades first. See notes here.

Just a note about postfix filters. It is a good idea to arrange your filters such that most spam eliminated by the earliest rule. That way your mail server will not need to process so many rules.

The sequence of processing the rules is:

  1. smtp_client_restrictions (block spammer domains, bogus ips)
  2.  smtp_helo_restrictions (block spammer ips)
  3. smtp_sender_restrictions (block spammers who have incomplete mail server setup.)
  4. smtp_recipient_restrictions
  5. smtp_data_restrictions
  6. header_checks (known phrases used in subject lines.)
  7. body_checks (bad words)

smtp_client_restictions section of main.cf looks like:

smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_unauth_pipelining
reject_invalid_helo_hostname
check_client_access hash:/etc/postfix/client_access
check_client_access hash:/etc/postfix/client.cidr
check_client_access hash:/etc/postfix/rbl_override
warn_if_reject reject_unknown_reverse_client_hostname
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client cn.countries.nerd.dk
reject_rbl_client ro.countries.nerd.dk
reject_rbl_client ru.countries.nerd.dk
reject_rbl_client mx.countries.nerd.dk
reject_rbl_client br.countries.nerd.dk
reject_rbl_client in.countries.nerd.dk
reject_rbl_client tr.countries.nerd.dk
reject_rbl_client ve.countries.nerd.dk
reject_rbl_client ng.countries.nerd.dk
reject_rbl_client kg.countries.nerd.dk
reject_rbl_client vn.countries.nerd.dk
#  check_policy_service unix:postgrey/socket, ====Grey listing here
permit

Notice that the above restrictions:

First four lines block things that postfix can do without any lookups,

then we block based on local rules,

then we do the internet dependent rules.

This sequence helps to keep the entire process running as fast as possible.

The helo_access_restrictons section looks like:

smtpd_helo_restrictions=
reject_invalid_hostname
check_helo_access hash:/etc/postfix/helo_checks
permit

The smtpdsender restrictions looks like this:

smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
check_sender_access hash:/etc/postfix/sender_checks
permit

The reciptient_restrictions looks like this.

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unauth_destination
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit

The data restriciures section  looks like:

smtpd_data_restrictions =
permit_sasl_authenticated,
reject_unauth_pipelining,
permit

The header checks looks like

header_checks=regexp:/etc/postfix/header_checks
mime_header_checks=regexp:/etc/postfix/mime_header_checks.

The body checks section looks like”

body_checks=regexp:/etc/postfix/body_checks

1. Install:

If you have already installed a web server on this machine, several pieces of software will already be installed. The first line will already be installed

dnf -y install emacs mysql-server k3b firewall-config php perl cockpit gnome-system-log

dnf -y install postfix cyrus-imapd spamassassin clamav
dnf -y install postgrey sqlgrey python gnome-system-log
dnf -y install squirrelmail amavisd-new system-switch-mail

dnf -y install system-config-users postfix-pcre

dnf -y install rsyslog clamsmtp clamav-lib clamav-milter clamav-scanner clamav-update clamav-data-empty –allowerasing

dnf -y install firewall-config nm-connection-editor gnome-system-log

dnf -y install per-Net-IP perl-Bet-Server perl-IO-Multiplex perl-BerklyDB

2. Not supported by fedora’s dnf command, but you probably want it anyway:
webmin from webmin.com

3. configure postfix
master.cf
Initially we will not make changes to master.cf. There are some who like to turn off some built-in filters, but I like to keep the first steps simple and test Postfix at each step.

The first thing to do is:

cp master.cf master.cf.original

cp main.cf main.cf.original

At the bottom of the main.cf add your mods.

#=========================== All Local mods below this line =

myhostname=<mydomain>

mydomainname=<mydomain>

myorigin=<mydomain>

inet_interfaces=$myhostname, localhost, <ip>

inetprotocols=ipv4

mydestination=$myhostname, localhost,$mydomain,localhost, <domains>, 127.0.0.1

mynetworks=10.1.0.0/24,192.268.0.0/24, 127.0.0.0/8

mynetworks_style=subnet

mailbox_size_limit=0 ( or put a size limit here)

message_size_limit=0 (or put a size limit here)

smtpd_client_restrictions =
permit_mynetworks
warn_if_reject reject_unknown_reverse_client_hostname
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client cn.countries.nerd.dk
reject_rbl_client ro.countries.nerd.dk
reject_rbl_client ru.countries.nerd.dk
reject_rbl_client mx.countries.nerd.dk
reject_rbl_client br.countries.nerd.dk
reject_rbl_client in.countries.nerd.dk
reject_rbl_client tr.countries.nerd.dk
reject_rbl_client ve.countries.nerd.dk
reject_rbl_client ng.countries.nerd.dk
reject_rbl_client kg.countries.nerd.dk
reject_rbl_client vn.countries.nerd.dk
#  check_policy_service unix:postgrey/socket, ====Grey listing here permit_sasl_authenticated
reject_non_fqdn_helo_hostname
reject_unauth_pipelining
reject_invalid_helo_hostname
check_client_access hash:/etc/postfix/client_access
check_client_access hash:/etc/postfix/client.cidr
check_client_access hash:/etc/postfix/rbl_override
permit

smtpd_helo_restrictions=
reject_invalid_hostname
check_helo_access hash:/etc/postfix/helo_checks
permit

smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
check_sender_access hash:/etc/postfix/sender_checks
permit

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unauth_destination
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit

smtpd_data_restrictions =
permit_sasl_authenticated,
reject_unauth_pipelining,
permit

header_checks=regexp:/etc/postfix/header_checks

mime_header_checks=regexp:/etc/postfix/mime_header_checks.

body_checks=regexp:/etc/postfix/body_checks

Create the files and postmap them.

client_access

client.cidr

rbl_override

helo_checks

sender_checks

header_checks (does not need to be postmap’d)

mime_header_checks(does not need to be postmap’d)

body_checks (does not need to be postmap’d)

4. Add Cyrus so you can receive email

Fix master.cf

Uncomment the cyrus line. (if not already un-commented.)

Graphical tool: firewall-config

firewall-cmd –set-default-zone=FedoraServer

firewall-cmd –permanent –zone=FedoraServer –add-service=smtp

firewall-cmd –zone=FedoraServer –add-service=smtp

passwd cyrus (set cyrus password)

service saslauthd start

testsaslauthd -u cyrus -p <cyrus pwd>

Add lines to /etc/imapd.conf

lmtp_downcase_rcpt: yes
tls_cert_file: /var/imap/server.pem
tls_key_file:  /var/imap/server.pem
tls_ca_file:   /var/imap/server.pem
#tls_ca_path:   /var/imap/

(I did not know it, but email addresses are case-sensitive to the left of the “@”. I had a couple of problems with people not being able to contact me and other people on my email server.)

Now uncomment lines in /etc/cyrus.conf

imap          cmd=”imapd” listen=”imap” prefork=5
# imap – port 143/tcp –
imaps         cmd=”imapd -s” listen=”imaps” prefork=1
# imaps – port 993/tcp
pop3          cmd=”pop3d” listen=”pop3″ prefork=3
# pop3 – port 110/tcp
pop3s         cmd=”pop3d -s” listen=”pop3s” prefork=1
# pop3s – port 995/tcp
sieve         cmd=”timsieved” listen=”sieve” prefork=0
# sieve – port 2000/tcp and udp ?

create your self signed certificate.

mkdir /var/imap

chmod 777 /var/imap

cd /var/imap

openssl req -new -nodes -out req.pem -keyout key.pem

openssl rsa -in key.pem -out new.key.pem

openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 3650

cp new.key.pem server.pem

cat ca-cert >> server.pem

chown cyrus:mail server.pem

chmod 600 server.pem

semanage permissive -a cyrus_t

service cyrus-imapd start

chkconfig cyrus-imapd on

First, update /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN
#defaultdomain: mail
defaultdomain: DOMAIN
allowplaintext: no
createonpost: yes
autocreateinboxfolders: Sent Trash Spam

cyradm -u cyrus localhost

cm user.bob Creates user bob

lm      (list mailboxes to check your work)

quit

Now you have your mailboxes, but you don’t have access.

Restart saslauthd

service saslauthd stop

service saslauthd start

Add the password to the newly created user.

saslpasswd2 -c  bob

Note deleting a user is two steps. ( and my notes do not work anymore)

sam user.bob cyrus all

dm user.bob

To check your user list:

sasldblistusers2

5. Test postfix

service postfix stop

service postfix start

chkconfig postfix on

Test send and receive. ( If your machine is not “live”, you may be unable to test.)

6. add a few restrictions to postfix.

Do this by un-commenting the pcre lines.

service postfix start

chkconfig postfix on

7. Test mailx

command: mailx -s “subject” -r “from” “to_addr”

Test can you still send and receive?

8 Add postgrey

A. uncomment the line in main.cf that says check_policy_service and says “postgrey” in it.

If mysql on and running?

service mariadb status

If it is not running:

service mariadb start

chkconfig mariadb on

firewall-cmd –permanent –zone=FedoraServer –add-service=mysql

firewall-cmd –zone=FedoraServer –add-service=mysql

Now is a good time to look at csf.

Now that mariadb is running:

service postgrey start

chkconfig postgrey on

service postfix stop

service postfix start

Test Send and receive. Look at the email source in the header and see if postgrey is mentioned. You may also see mentions in the maillog

Configure spamassassin
Spassassin libraries are called by amavisd, so we do not have activate spamassassin. However, you should add the sa-update to your crontab at this time:

crontab -e

30 01 * * * /usr/bin/sa-update

in /etc/mail/spamassassin/local.cf

use_bayes 0

(unless you know a good and fast way to train bayes.)

9. Integrate amavisd
In master.cf, uncomment the line 127.0.0.1:10025

In main.cf uncomment content filter line with 10024 in it.

In /etc/freshclam.conf and in /etc/clamd.d/scan.conf and /etc/mail/clamav-milter.conf, comment the line that says “example”.

In /etc/amavisd/amavisd.conf we need to get correct values in few places.

$MYHOME= ‘/var/spool/amavisd’;

$MYDOMAIN=’fix this’

sa_tag2_level_deflt= 3.0  (abt line95)

sa_kill_level_deflt =5.0  (abt line 98)

banned extension -long (uncomment)  (abt line 240)

service amavisd start

chkconfig amavisd on

service spamassassin start

chkconfig spamassassin on

Get a updated copy of the virus signatures:

freshclam
Comment out the last line  in /etc/sysconfig/freshclam

add fresh clam to the crontab

22 1 * * * /usr/bin/freshclam

Check spamassassin

spamassassin -D –lint

10. pyzor

open port 24441

dnf -y install pyzor

pyzor –homedir /etc/mail/spamassassin discover

in /etc/mail/spamassassin/local.cf

add the following lines

use_pyzor = 1

score PYZOR_CHECK 4.00

in /etc/amavisd/amavisd.conf

change sa_local_tests_only = 0

service amavisd stop

service amavisd start

check that it is working

echo “test”  | spamassassin -D pyzor 2 >&1 | less

11. razor

dnf -y install perl-razor-agent (64 bit name)

dnf -y install posterazor (32 bit name)

razor-admin -create

razor-admin -discover

razor-admin -register

In /etc/mail/spamassassin/local.cf add lines

use_razor2 = 1

score RAZOR_CHECK 4.00

service amavisd stop

service amavisd start

If you want to see if Pyzor and Razor are working, go into /etc/amavisd/amavisd.conf

and change:

$log_level=5;

$sa_debug=1;

Restart amavisd

Then look at your maillog using the command:

tail -f /var/log/maillog

for a few minutes. You should see evidence of pyzor and razor.

Of course, when you are done, you will set

$log_level=0;

$sa_debug=0;

and restart amavisd again.

12. Backup

add the following to your backup:

tar cvzf email_server_settings.tgz /etc/postfix /etc/mail /etc/amavisd

cd /etc/postfix

cp main.cf main.cf.base

cp master.cf master.cf.base

13. Malware Patrol .net

Be sure that you do not go to malwarepatrol.com. Annual subscription is $38.89. Once subscribed you can download a file from them which is in the format of regexp. If you do not subscribe, their free version is available., but you must still sign-up.

How this product works: Spammers must either include some kind of virus in their email and get you to run it, or they must include a link and get you to click on it.  Malwarepatrol.net’s file is a significantly large set of rules which can be used to scan email for the spammer’s links. These links are user contributed:

12.1. Go to malwarepatrol.net’s web site, sign up. Get a receipt number and product-id.

12.2. Copy your body_checks file to body_checks_local

12.3.  create a file in /etc/postfix called: wget_mbl.sh

Use your favorite editor to insert:

#!/bin/bash
# My receipt number is 123456789012 <put your receipt number here and below>

#my product-id is 15 <put your product number here and below>
wget -O – ‘https://lists.malwarepatrol.net/cgi/getfile?receipt=123456789012&product=15&list=postfix’ > /etc/postfix/malwarepatrol_rules
cp /etc/postfix/malwarepatrol_rules /etc/postfix/body-checks

cat /etc/postfix/body_checks_steppe_bear >>/etc/postfix/body-checks
cat /etc/postfix/body_checks_local >> /etc/postfix/body-checks

Then make it executeable: chmod +x wget_mbl.sh

12.4. test it. Make sure that you have a new body_checks file, and it includes your old body_checks

12.5. Implement the body checks by changing /etc/postfix/main.cf reference to body_checks to  say:
body_checks=regexp:/etc/postfix/body-checks

Then reload postfix by typing:

postfix reload

12.6. add the wget command to crontab:

crontab -e

00    18   *    *    *   /etc/postfix/wget_mbl.sh

14.Reporting.

I suggest that you get PFLOGSUMM.PL available at https://jimsun.linxnet.com/postfix_contrib.html

15. Configure spf and DKIM

spf is the sender profile and indicates the authorized ip’s for this domain’s email. This will be updated in your dns record (probably at your ISP.)

DKIM is a public key that can be used be a receiver to determine if the email really came from the email server which the header says it came from.

15. Squirrelmail (Needs apache and ssl installed first. Probably should install TLS support and port 587 submision, too.)


16. Maintenance notes

16.1 ip address to block

helo_access

# helo_checks
/^\[?10\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network
/^\[?192\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network
/^\[?172\.\d{1,3}\.\d{1,3}\.\d{1,3}\]?$/ REJECT Address in RFC 1918 private network

# the below line does not seem to work
# /\d{2,}[-\.]+\d{2,}/ REJECT Invalid hostname (helo_check)

/^(((newm|em|gm|m)ail|yandex|rambler|hotbox|chat|rbc|subscribe|spbnit)\.ru)$/ REJECT Faked hostname ($1)
/^(((hotmail|mcim|newm|em)ail|post|hotbox|msn|microsoft|aol|news|compuserve|yahoo|google|earthlink|netscape)\.(com|net))$/
REJECT Faked hostname ($1)

/^dsl\..*/i 553 AUTO_DSL No DSL connection for mail
/.*dial\..*/i 553 AUTO_DIAL No dialup connection for mail
/^dial\..*/i 553 AUTO_DIAL No dialup connection for mail
/\.static\..*/i 553 AUTO_DSL No DSL connection for mail
/pppoe..*/i 553 AUTO_DSL No DSL connection for email

/linode/i 553 Spam server farm
/amazonaws/ 553 spam server farm

/.*\.dsl\..*/i 553 AUTO_DSL2 We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/[a|x]dsl.*\..*\..*/i 553 AUTO_[A|X]DSL We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/client.*\..*\..*/i 553 AUTO_CLIENT We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/cable.*\..*\..*/i 553 AUTO_CABLE We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/pool\..*/i 553 AUTO_POOL We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/.*dial(\.|-).*\..*\..*/i 553 AUTO_DIAL We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/ppp.*\..*/i 553 AUTO_PPP We don’t accept direct connections not from dedicated SMTP servers. Please use your ISP’s SMTP Server.
/dslam.*\..*\..*/i 553 AUTO_DSLAM We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/dslb.*\..*\..*/i 553 AUTO_DSLB We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/node.*\..*\..*/i 553 AUTO_NODE We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.
/.*\.dynamicIP\..*/i 553 AUTO_DYNAMIC We don’t accept direct connections from non-dedicated SMTP servers. Please use your ISP’s SMTP Server.

/10.10.208.112/ REJECT spammer hcl1
/101.110.8.79/ REJECT spammer hcl2
/10.140.36.17/ REJECT spammer hcl3
/101.99.53.197/ REJECT spammer hcl4
/103.10.196.96 / REJECT spammer hcl5
/103.1.206.185/ REJECT spammer hcl6
/103.14.12.104/ REJECT spammer hcl7
/103.14.8.239/ REJECT spammer hcl8
/103.16.60.78/ REJECT spammer hcl9
/103.195.100.229/ REJECT spammer hcl10
/103.195.100.230/ REJECT spammer hcl11

16.2 email subjects to block

header_checks_subj
/Subject:.*restore.*skin/ REJECT spammers hcsub264
/Subject:.*faster wweight loss/ REJECT spammers hcsub265
/Subject:.*reverses high blod sugar/ REJECT spammers hcsub266
/Subject:.*cbd pain/ REJECT spammers hcsub267
/Subject:.*new wrinkle remover/ REJECT spammers hcsub268
/Subject:.*mortgage savings/ REJECT spammers hcsub269
/Subject:.*paying too much/ REJECT spammers hcsub270
/Subject:.*heavy earrings/ REJECT spammers hcsub271

16.3 Domains to block

Add Jim Seymour’s script here as header_checks_from_seymour

header_checks_from_domain

/^From:.*\@zigs.com/ REJECT spammer hcfd8341
/^From:.*\@z-ix.net/ REJECT spammer hcfd8342
/^From:.*\@zlightdiets.com/ REJECT spammer hcfd8343
/^From:.*\@zliyrics.com/ REJECT spammer hcfd8344
/^From:.*\@zoded.net/ REJECT spammer hcfd8345
/^From:.*\@zsanle.com/ REJECT spammer hcfd8346
/^From:.*\@zs.santaoffers.net/ REJECT spammer hcfd8347
/^From:.*\@ztecacuisine.com/ REJECT spammer hcfd8348
/^From:.*\@ztoolsstat.com/ REJECT spammer hcfd8349
/^From:.*\@zuy.btlwt.cf/ REJECT spammer hcfd8350
/^From:.*\@zweibo.com/ REJECT spammer hcfd8351
/^From:.*\@zwjlcxy.wnm4lez3kw.cu.cc/ REJECT spammer hcfd8352
/^From:.*\@zxhd.com/ REJECT spammer hcfd8353

16.4 ip and ip ranges to block

client_access

# activated by: check_client_access hash:/etc/postfix/rbl_override,
# postmap /etc/postfix/rbl_override
#
# nextdoor.com
54.68.0.141 OK
54.187.42.119 OK
52.89.115.26 OK
167.89.17.221 OK
167.89.72.111 OK
167.89.48.100 OK
167.89.48.101 OK
167.89.48.102 OK
167.89.48.103 OK
167.89.17.185 OK
52.11.143.189 OK
167.89.8.138 OK
167.89.49.102 OK
nextdoor.com OK

marykay.com OK

# greatergood.com OK

hungry-girl.com OK
# Last update: Tuesday, May 22, 2018 22:36:01 GMT-0700 REJECT
0.0.0.0/8 REJECT
2.56.0.0/14 REJECT
5.8.248.0/21 REJECT
5.39.200.0/21 REJECT
5.45.32.0/20 REJECT
5.45.144.0/21 REJECT
5.100.240.0/21 REJECT
5.102.32.0/20 REJECT
5.104.72.0/21 REJECT
5.133.64.0/18 REJECT
5.172.176.0/21 REJECT
5.180.0.0/14 REJECT
5.199.184.0/21 REJECT
5.252.0.0/15 REJECT

if you can get a list of TOR backside ip addresses, this would be a good place to add a block of them.

16.5 Phrase found in an email that you want to block (Use several words.)

body_checks_local

/cryptocurrency/ REJECT spammer rule B145
/cryptocurrencies/ REJECT spammer rule B146
/block chain tech/ REJECT spammer rule B147
/confirm your bio/ REJECT spammer rule B148
/thyroid issues/ REJECT spammer rule B149
/relievs.*pain/ REJECT spammer rule B150
/printer ink/ REJECT spammer rule B151
#/z-coil/ REJECT spammer rule B152
#/zcoil/ REJECT spammer rule B153
/sale on/ REJECT spammer rule B154
/1tac pen/ REJECT spammer rule B155
/exciting news/ REJECT spammer rule B156
/news for you/ REJECT spammer rule B157

16.6 Senders to block

sender_checks

— nothing at this time

16.7 Helo to block

helo_checks_local

— nothing at this time

17. This is a list of all of the files in /etc/postfix.

You will need to change many of these files and editting them as needed.

File Contains From
access Not used EMPTY
body-checks Words and phrases to block Malwarepatrol.net + local rules
body_checks_local Locally developed words and phrases to block Local
canonical Rewrite rules, masquerade rules EMPTY
client-checks ip addresses to block. client_checks_local
client_checks_bogon Un-assigned and non-routable(includes our internal subnet) From country ip blocks
client_checks_bogon.txt Un-assigned and non-routable(our internal subnet commented out) From client_checks_bogon
client-checks-local ip address to block Local
client.cidr Known spammer ip ranges client_checks_bogon
client.cidr.db Hash version
dynamicmaps.cf Internal lib files
dynamicmaps.cf.d Internal lib files
generic Rewrite rules
header_checks Block email from specific email addresses our domains Local
helo_access Reject domain at helo local
helo_access.db Hash version
helo_checks Reject dsl etc rules
helo_checks_local Local
main.cf Config file
main.cf.original Config file as originally delivered
main.cf.rpmnew Config file from last update
malwarepatrol_rules Body checks Rules from malwarepatrol.net
master.cf Config file
mime_header_checks Reject dangerous types of attachments
postfix-files Install related
postfix-files.d Install related
postgrey_whitelist_clients Whitelist rules for legit mailers who don’t follow rfc rules around re-try. Install
postgrey_whitelist_clients.local Whitelist rules for legit mailers who don’t follow rfc rules around re-try. Local
postgrey_whitelist_recipients Install
rbl_override Identified org in RBL, but want to receive email Local
rbl_override.db Hash
relocated Used when email address has a new location EMPTY
sender_checks Block by domain name, part of a domain name or reverse dns name Local
tls_policy Not used
transport Not used
virtual Not used
virtual_alias_domains Not used
virtual_domains Not used

18. Debug tools

mailq

qshape

postqueue -f

Look at postqueue -f, input msg id into

postcat -vq   xxxx

END

Up in the country.