Difference between revisions of "Mail Service"

From Tardis
Jump to: navigation, search
(Handling spam)
(Handling spam)
Line 36: Line 36:
# Check `tail -f /var/log/mail.log` for "removed" messages
# Check `tail -f /var/log/mail.log` for "removed" messages
# When `tail` stops saying things are being removed, or when the process `awk` finishes, start postfix again
# When `tail` stops saying things are being removed, or when the process `awk` finishes, start postfix again
=== Put things back to how they were ===
# Start postfix by doing `postfix start`
# Start postfix by doing `postfix start`

Revision as of 15:55, 17 October 2017

This page is out of date and needs rewriting.
The content is likely to be incomplete or incorrect.

Current setup

  • The main mail server is on isolus, a virtual host.
  • We're using postfix as our MTA, and the default MDA is maildrop.
  • We greylist
  • We also use the janet rbl
  • Users have the option to use spamassassin for spam filtering.
  • Lists Service

Handling spam

Stop it quickly. Stop all mail from leaving the queue.

  1. ssh into the mail host (see above)
  2. Stop postfix by doing `postfix stop`

Determine who is spamming

  1. ssh into the mail host (see above)
  2. Read `/var/log/mail.log` by doing "tail -f /var/log/mail.log" or using "less"
  3. Determine who is sending the spam by looking for a username (spam lines should contain the from field)

Stop mail from going into the queue

  1. Log in to the gateway server, and change their password to something very random (sudo passwd <username>)
  2. Now more spam mail cannot be sent through that user (because nobody can access the account).

Clear all mail in the queue being sent from that user

  1. ssh into the mail host (see above)
  2. Edit the `purge.sh` script in the root folder of the mail host
  3. Change the username in the script.
  4. Run the script.
  5. Check `tail -f /var/log/mail.log` for "removed" messages
  6. When `tail` stops saying things are being removed, or when the process `awk` finishes, start postfix again

Put things back to how they were

  1. Start postfix by doing `postfix start`

Usage Guide

Tardis currently supports the following methods of accessing your email account:

  • Server: pop.tardis.ed.ac.uk
  • Secure Connection: TLS or SSL
  • Username: Your Tardis username
  • Server: imap.tardis.ed.ac.uk,
  • Secure Connection: TLS or SSL
  • Username: Your Tardis username
We provide RoundCube Webmail at https://webmail.tardis.ed.ac.uk
mutt and pine are both currently available on the shell server at ssh.tardis.ed.ac.uk.
Mail Submission
You can now send mail via Tardis' SMTP server from the outside world.
Configuration details:
  • Server: mailhost.tardis.ed.ac.uk
  • Secure Connection: TLS
  • Server port: 587
  • Username: Your Tardis username

You may need to install the CAcert Root certificate if you get mail server certificate warnings every time you connect.

Delivery and Filtering

Mail can be delivered by procmail or maildrop, (default) and can be spam filtered by spamassassin. Support documentation for these applications are currently unavailable, but hopefully will be soon. Before contacting us, we ask that you consult the man page and online documentation for each application.


  • IMAP can fail to connect if you've deleted your Maildir folder. To recreate it, run maildirmake Maildir in your home directory on Vortis.


To change aliases (eg sysmans): edit /etc/aliases, run `newaliases`

To change virtual lookup tables (eg gamesoc emails): edit /etc/postfix/virtual, run `postmap /etc/postfix/virtual`

Breaking mail loops

(To prevent most of the loops between ecartis and majordomo installations any mail to listar@tardis or majordomo@tardis which came from majordomo-owner@... is now sent to support instead, using a small procmail filter.)

Suppose ecartis gets into a bunfight with majordomo-owner@example.com, replying to each other's automated messages. We can break the loop by instructing postfix to hold messages from majordomo-owner@example.com and delete the offending message. To put the mail on hold, edit /etc/postfix/access on the mail host, adding a line like:

majordomo-owner@example.com HOLD mail loop

The bit after HOLD is just a human-readable reason for putting the mail on hold which gets put in our logs. Then run

postmap access

to get postfix to pick up the change.

When a mail arrives, it gets put in the special hold queue. You can then check that the message isn't legitimate mail with postcat, and delete it with postsuper:

root@mccoy:/etc/postfix# cd /var/spool/postfix/hold/
root@mccoy:/var/spool/postfix/hold# ls -R


root@mccoy:/var/spool/postfix/hold# postcat 8/886702B036
  [The message, plus a bit of header info...]
root@mccoy:/var/spool/postfix/hold# postsuper -d 886702B036 hold

If it's real mail, you can release it with postsuper -H 886702B036. You can remove the hold from access now, but remember to run postmap so that postfix notices.

Whitelisting and blacklisting

If mail from an external source is being rejected by postfix (say, because they've got themselves listed in the RBL), they can be whitelisted so that we can get mail from them anyway. To whitelist by the claimed sender address, add an entry to /etc/postfix/access. To whitelist by the hostname, IP address and such like, use /etc/postfix/clientaccess. The entry should be followed by OK, and postmap run to recreate the database file. Then postfix will consult the new database file automatically.

You can also blacklist addresses and hosts using these files. Consult the files for details.


Webmail (horde2) is available from webmail.tardis.ed.ac.uk. It depends on /etc/init.d/imapproxy running on azal. If IMAP on boe is not functioning, this service will eventually kill itself and webmail will start rejecting logins. In this case, restart it with:

  /etc/init.d/imapproxy restart

Wish list

  • Amongst other things, we really really really need a better mailing list whatnot than ecartis. It occasionally completely garbles emails, and it doesn't seem to support attachments. It'd also be nice to have something that could perhaps pull userlists out of ldap? (Consider allusers, sysmans). See Lists Service
  • Perhaps we should use spamhaus instead of or in addition to RBL+?