Difference between revisions of "Mail Service"
Line 39: | Line 39: | ||
If it's real mail, you can release it with <code>postsuper -H 886702B036</code>. | If it's real mail, you can release it with <code>postsuper -H 886702B036</code>. | ||
You can remove the hold from <code>access</code> now, but remember to run postmap so that postfix notices. | You can remove the hold from <code>access</code> now, but remember to run postmap so that postfix notices. | ||
+ | |||
+ | == Whitelisting and blacklisting == | ||
+ | |||
+ | If mail from an external source is being rejected by postfix (say, because they've got themselves listed in the RBL), they can be whitelisted so that we can get mail from them anyway. To whitelist by the claimed sender address, add an entry to <code>/etc/postfix/access</code>. To whitelist by the hostname, IP address and such like, use <code>/etc/postfix/clientaccess</code>. The entry should be followed by <code>OK</code>, and <code>postmap</code> run to recreate the database file. Then postfix will consult the new database file automatically. | ||
+ | |||
+ | You can also blacklist addresses and hosts using these files. Consult the files for details. | ||
== Webmail == | == Webmail == |
Revision as of 14:58, 30 May 2007
Contents
Current setup
- The main mail server is on mccoy.
- We're using postfix as our MTA, and the default MDA is maildrop.
- We greylist
- We also use the janet rbl
- Users have the option to use spamassassin for spam filtering.
- Lists Service
Breaking mail loops
(To prevent most of the loops between ecartis and majordomo installations any mail to listar@tardis or majordomo@tardis which came from majordomo-owner@... is now sent to support instead, using a small procmail filter.)
Suppose ecartis gets into a bunfight with majordomo-owner@example.com, replying to each other's automated messages. We can break the loop by instructing postfix to hold messages from majordomo-owner@example.com and delete the offending message. To put the mail on hold, edit /etc/postfix/access
on the mail host, adding a line like:
majordomo-owner@example.com HOLD mail loop
The bit after HOLD
is just a human-readable reason for putting the mail on hold which gets put in our logs. Then run
postmap access
to get postfix to pick up the change.
When a mail arrives, it gets put in the special hold queue. You can then check that the message isn't legitimate mail with postcat
, and delete it with postsuper
:
root@mccoy:/etc/postfix# cd /var/spool/postfix/hold/ root@mccoy:/var/spool/postfix/hold# ls -R [...] ./8: 886702B036 [...] root@mccoy:/var/spool/postfix/hold# postcat 8/886702B036 [The message, plus a bit of header info...] root@mccoy:/var/spool/postfix/hold# postsuper -d 886702B036 hold
If it's real mail, you can release it with postsuper -H 886702B036
.
You can remove the hold from access
now, but remember to run postmap so that postfix notices.
Whitelisting and blacklisting
If mail from an external source is being rejected by postfix (say, because they've got themselves listed in the RBL), they can be whitelisted so that we can get mail from them anyway. To whitelist by the claimed sender address, add an entry to /etc/postfix/access
. To whitelist by the hostname, IP address and such like, use /etc/postfix/clientaccess
. The entry should be followed by OK
, and postmap
run to recreate the database file. Then postfix will consult the new database file automatically.
You can also blacklist addresses and hosts using these files. Consult the files for details.
Webmail
Webmail (horde2) is available from webmail.tardis.ed.ac.uk. It depends on /etc/init.d/imapproxy running on davros. If IMAP on mccoy is not functioning, this service will eventually kill itself and webmail will start rejecting logins. In this case, restart it with:
/etc/init.d/imapproxy restart
Wish list
Amongst other things, we really really really need a better mailing list whatnot than ecartis. It occasionally completely garbles emails, and it doesn't seem to support attachments. It'd also be nice to have something that could perhaps pull userlists out of ldap? (Consider allusers, sysmans).See Lists Service
- Perhaps we should use spamhaus instead of or in addition to RBL+?