- The main mail server is on mccoy.
- We're using postfix as our MTA, and the default MDA is maildrop.
- We greylist
- We also use the janet rbl
- Users have the option to use spamassassin for spam filtering.
- Lists Service
Breaking mail loops
(To prevent most of the loops between ecartis and majordomo installations any mail to listar@tardis or majordomo@tardis which came from majordomo-owner@... is now sent to support instead, using a small procmail filter.)
Suppose ecartis gets into a bunfight with email@example.com, replying to each other's automated messages. We can break the loop by instructing postfix to hold messages from firstname.lastname@example.org and delete the offending message. To put the mail on hold, edit
/etc/postfix/access on the mail host, adding a line like:
email@example.com HOLD mail loop
The bit after
HOLD is just a human-readable reason for putting the mail on hold which gets put in our logs. Then run
to get postfix to pick up the change.
When a mail arrives, it gets put in the special hold queue. You can then check that the message isn't legitimate mail with
postcat, and delete it with
root@mccoy:/etc/postfix# cd /var/spool/postfix/hold/ root@mccoy:/var/spool/postfix/hold# ls -R [...] ./8: 886702B036 [...] root@mccoy:/var/spool/postfix/hold# postcat 8/886702B036 [The message, plus a bit of header info...] root@mccoy:/var/spool/postfix/hold# postsuper -d 886702B036 hold
If it's real mail, you can release it with
postsuper -H 886702B036.
You can remove the hold from
access now, but remember to run postmap so that postfix notices.
Whitelisting and blacklisting
If mail from an external source is being rejected by postfix (say, because they've got themselves listed in the RBL), they can be whitelisted so that we can get mail from them anyway. To whitelist by the claimed sender address, add an entry to
/etc/postfix/access. To whitelist by the hostname, IP address and such like, use
/etc/postfix/clientaccess. The entry should be followed by
postmap run to recreate the database file. Then postfix will consult the new database file automatically.
You can also blacklist addresses and hosts using these files. Consult the files for details.
Webmail (horde2) is available from webmail.tardis.ed.ac.uk. It depends on /etc/init.d/imapproxy running on davros. If IMAP on mccoy is not functioning, this service will eventually kill itself and webmail will start rejecting logins. In this case, restart it with:
Amongst other things, we really really really need a better mailing list whatnot than ecartis. It occasionally completely garbles emails, and it doesn't seem to support attachments. It'd also be nice to have something that could perhaps pull userlists out of ldap? (Consider allusers, sysmans).See Lists Service
- Perhaps we should use spamhaus instead of or in addition to RBL+?