Commands to check spamming in POSTFIX mail server
Commands to check spamming in POSTFIX mail server
1. To see the mail queue:
# mailq
2. To flush the mail queue:
# postfix flush OR
# postfix -f
3. To remove all mails from the queue:
# postsuper -d ALL
4. To remove all mails in the deferred queue:
# postsuper -d ALL deferred
5. To delete all queued messages from or to the domain called spamdomain.com:
# ./postfix-delete.pl spamdomain.com
6. To delete all queued messages that contain the word “abc” in the e-mail address:
# ./postfix-delete.pl abc
7. To know the number of messages sitting in the deferred queue:
# find /var/spool/postfix/deferred -type f | wc -l
8. To get a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:
# mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail
9.Get the mailids of all email currently in queue:
postqueue -p|egrep “[A-F0-9]{11}”|awk ‘{print $1}’
10.To view message content in queue with id xxxxxxxxxxx
postcat -vq xxxxxxxxxxx
Useful commands
Log Location
/usr/local/psa/var/log/maillog
View the log in realtime
tail -f /usr/local/psa/var/log/maillog
Display number of emails being sent to each domain and how long they have been in the active queue.
See more into about Qshape here
qshape active
Display differed queue
qshape deferred
Display hold queue
qshape deferred
Display Custom Queue script (see below for how to create)
/root/mailq.pl
Check Postfix Queue
postqueue -p
Perform actions on the Queue
Remove all unsent mailer daemon notifications
mailq|awk ' /^[0-9A-F][0-9A-F]*[^*].*MAILER-DAEMON$/ {print $1}'|sudo xargs -rn1 postsuper -d
#delete based on the from address:
mailq|awk ' /^[0-9A-F][0-9A-F]*.*mail.ru$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d
Read a message in the Postfix Queue
postcat -q MESSAGE_ID
Resend messages in the queue
postqueue -f
Delete all messages in Queue
postsuper -d ALL
Test Email sending from postfix
echo "Test mail from postfix" | mail -s "Test Postfix" milo@roadsidemultimedia.com
Check for serious errors in the log
egrep '(reject|warning|error|fatal|panic):' /usr/local/psa/var/log/maillog | more
Postfix Guides
Create a little script for managing Queue
Create file
/root/mailq.pl
Set permissions to allow root execution
Dump this into it:
#!/usr/bin/env perl
use strict; use warnings; use Symbol; sub count { my ($dir) = @_; my $dh = gensym(); my $c = 0; opendir($dh, $dir) or die “$0: opendir: $dir: $!\n”; while (my $f = readdir($dh)) { if ($f =~ m{^[A-F0-9]{5,}$}) { ++$c; } elsif ($f =~ m{^[A-F0-9]$}) { $c += count(“$dir/$f”); } } closedir($dh) or die “closedir: $dir: $!\n”; return $c; } my $qdir =
postconf -h queue_directory; chomp($qdir); chdir($qdir) or die “$0: chdir: $qdir: $!\n”; printf “Incoming: %d\n”, count(“incoming”); printf “Active: %d\n”, count(“active”); printf “Deferred: %d\n”, count(“deferred”); printf “Bounced: %d\n”, count(“bounce”); printf “Hold: %d\n”, count(“hold”); printf “Corrupt: %d\n”, count(“corrupt”);
Execute by typing
/root/mailq.plSecure postfix by customizing the configuration
Secure postfix using fail2ban
Switch Mail Transfer Agents in Plesk from Qmail to Postfix and back
Determine which MTA is currently in use
/usr/local/psa/admin/sbin/mailmng --features | grep SMTP_Server
Stop SMTP Service and let queue send out what’s in it first, as the queue is destroyed when switching
/usr/local/psa/admin/sbin/mailmng –stop-smtpd
To flush the queue (deliver all mail in it), use the following commands:
- QMail MTA:
kill -ALRM `pidof qmail-send` - Postfix MTA:
postqueue -f
Switch MTA
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component postfix
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component qmail
Add Gmail to certificate
Fix Google SSL support
edit
/etc/postfix/main.cf
Find/edit this section:
smtpd_tls_security_level = none
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
Further steps to secure sever
etc/postfix/mail.cf
Remove announcement details
By default Postfix appends a little announcement to outgoing messages saying that this email is powered by Postfix. It’s best to give hackers as little information as possible about your server, so you should remove the banner by finding the line for smtpd_banner in the configuration file and setting it to:
smtpd_banner = $myhostname ESMTP
Set to only accept local emails for delivery
change
inet_interfaces = all to `inet_interfaces = localhostAdd this stuff to block bad SMTP requests
### Checks to remove badly formed email smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes
unknown_address_reject_code = 554 unknown_hostname_reject_code = 554 unknown_client_reject_code = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions = reject_invalid_hostname, ### Can cause issues with Auth SMTP, so be weary! ### reject_non_fqdn_hostname, ################################## reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
/etc/postfix/helo.regexp
Create
/etc/postfix/helo.regexp and set contents to:
/^subdomain.host.com$/ 550 Don’t use my own hostname /^xxx.yyy.zzz.xxx$/ 550 Don’t use my own IP address /^[xxx.yyy.zzz.xxx]$/ 550 Don’t use my own IP address /^[0-9.]+$/ 550 Your software is not RFC 2821 compliant /^[0-9]+(.[0-9]+){3}$/ 550 Your software is not RFC 2821 compliant
https://gist.github.com/facelordgists/5761101#useful-commands
http://serverxpert.blogspot.in/2012/04/commands-to-check-spamming-in-postfix.htm
Comments
Post a Comment