Tag Archives: mail

Apr 14 2013
2 Comments
Blog Posts

Remove sensitive information from email headers with postfix

I’m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail. My goal is to hide the originating IP address of my mail as well as my mail client type and version.

To get started, make a small file with regular expressions in /etc/postfix/header_checks:

/^Received:.*with ESMTPSA/              IGNORE
/^X-Originating-IP:/    IGNORE
/^X-Mailer:/            IGNORE
/^Mime-Version:/        IGNORE

The “ESMTPSA” match works for me because I only send email via port 465. I don’t allow SASL authentication via port 25. You may need to adjust the regular expression if you accept SASL authentication via smtp.

Now, add the following two lines to your /etc/postfix/main.cf:

mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks

Rebuild the hash table and reload the postfix configuration:

postmap /etc/postfix/header_checks
postfix reload

Now, send a test email. View the headers and you should see the original received header (with your client IP address) removed, along with details about your mail client.

Tagged , , , , , , ,
Jan 02 2012
4 Comments
Blog Posts

SELinux and .forward files

If you want to forward e-mail from root to another user, you can usually place a .forward file in root’s home directory and your mail server will take care of the rest:

echo "user@example.com" > /root/.forward

With SELinux, you’ll end up getting an AVC denial each time your mail server tries to read the contents of the .forward file:

type=AVC msg=audit(1325543823.787:7416): avc:  denied  { open } for  pid=9850 
  comm="local" name=".forward" dev=md0 ino=17694734 
  scontext=system_u:system_r:postfix_local_t:s0 
  tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

The reason is that your .forward file doesn’t have the right SELinux contexts. You can set the correct contest quickly with restorecon:

# ls -Z /root/.forward 
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /root/.forward
# restorecon -v /root/.forward
restorecon reset /root/.forward context unconfined_u:object_r:admin_home_t:s0->system_u:object_r:mail_forward_t:s0
# ls -Z /root/.forward 
-rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward

Try to send another e-mail to root and you should see the mail server forward the e-mail properly without any additional AVC denials.

Tagged , , , , , , ,
Jun 19 2009
9 Comments
Blog Posts

Deleting all e-mail messages in your inbox with mutt

Occasionally, I’ll end up with a mailbox full of random data, alerts, or other useless things. If you have SSH access to the server, you can always clear out your mail spool, but if you connect to an IMAP server, you can use mutt to do the same thing.

First, use mutt to connect to your server remotely (via IMAP over SSL in this example):

mutt -f imaps://mail.yourdomain.com/

Once you’ve connected and logged in, press SHIFT-D (uppercase d). The status bar of mutt should show:

Delete messages matching:

Type in ~s .* so that the line looks like:

Delete messages matching: ~s .*

When you press enter, mutt will put a D next to all of the messages, which marks them for deletion. Press q to quit, and then y to confirm the deletion. After a brief moment, all of those messages will be deleted and mutt will exit.

Update: If you review Dmitri’s comment below, there’s an even faster way to remove all of the messages in a mailbox with mutt. Just hold shift while pressing D, ~ (tilde), and A to select everything:

D~A
Tagged , , , ,
Nov 06 2008
Leave a comment
Blog Posts

Plesk: Upgrade to 8.4 causes “no such user” error in maillog

If you have a Plesk server where short mail names are enabled, upgrading to Plesk 8.4 can cause some issues. Valid logins may be rejected, and they’ll appear in your /usr/local/psa/var/log/maillog as “no such user”. You can correct the issue by switching to long mail names (click Server -> Mail in Plesk), or you can run a shell script provided by Parallels.

For further details, refer to the Plesk KB article “Mail users cannot get or send mail after upgrade to Plesk 8.4″

Tagged ,
May 02 2008
2 Comments
Uncategorized

Forcing qmail to process e-mail in the queue

Normally, qmail will be able to process the mail queue without any interaction from the system administrator, however, if you want to force it to process everything that is in the queue right now, you can do so:

kill -ALRM `pgrep qmail-send`

If for some peculiar reason you don’t have pgrep on your server, you can go about it a slightly different way:

kill -ALRM `ps ax | grep qmail-send | grep -v grep | awk '{print $1}'`

Your logs should begin filling up with data about e-mails rolling through the queue.

Tagged ,
Older posts