Fixing broken DNS lookups in spamassassin

I talked about the joys of running my own mail server last week only to find that my mail server was broken yesterday. Spamassassin stopped doing DNS lookups for RBL and SPF checks. I had one of these moments: My logs looked like this: plugin: eval failed: available_nameservers: No DNS servers available! plugin: eval failed: available_nameservers: No DNS servers available! rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: (available_nameservers: [....

2014-06-20 · 2 min · Major Hayden

Remove sensitive information from email headers with postfix

I’m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail. My goal is to hide the originating IP address of my mail as well as my mail client type and version. To get started, make a small file with regular expressions in /etc/postfix/header_checks: /^Received:.*with ESMTPSA/ IGNORE /^X-Originating-IP:/ IGNORE /^X-Mailer:/ IGNORE /^Mime-Version:/ IGNORE The “ESMTPSA” match works for me because I only send email via port 465....

2013-04-15 · 1 min · Major Hayden

SELinux and .forward files

If you want to forward e-mail from root to another user, you can usually place a .forward file in root’s home directory and your mail server will take care of the rest: /root/.forward With SELinux, you’ll end up getting an AVC denial each time your mail server tries to read the contents of the .forward file: type=AVC msg=audit(1325543823.787:7416): avc: denied { open } for pid=9850 comm="local" name=".forward" dev=md0 ino=17694734 scontext=system_u:system_r:postfix_local_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file The reason is that your ....

2012-01-02 · 1 min · Major Hayden

Basic procmail configuration with spamassassin filtering

I’ve used this extremely basic procmail configuration a million times, and it’s a great start for any server configuration. It passes e-mails through spamassassin (if they’re smaller than 256KB) and then filters any e-mail marked as spam to /dev/null: LOGFILE=/var/log/procmail.log DROPPRIVS=yes</p> <p>:0fw | /usr/bin/spamc</p> <p>:0 * ^X-Spam-Status: Yes /dev/null Of course, you can make this much more complicated with some additional customization.

2008-08-13 · 1 min · Major Hayden

Enable submission port 587 in Postfix

Enabling submission port support for Postfix is really easy. To have postfix listen on both 25 and 587, be sure that the line starting with submission is uncommented in /etc/postfix/master.cf: smtp inet n - n - - smtpd submission inet n - n - - smtpd

2007-07-05 · 1 min · Major Hayden