Fight against spam part 5 – Dovecot Sieve

From previously posts we started using 4 different technologies to stop spam from reaching our server or being scanned by our rules.

But if any spam will reach us those application wont delete them or do anything with them because we don’t want to lost mail that was send from poorly configure mail server – maybe its important one.

If we use postfix with dovecot we could use dovecot to manipulate emails via IMAP protocol. Sieve is the tool we need that will move mails between folder.

Instalation:

Almost there:

Let sieve know about new rules:

Final restart to make it work:

 

Now if SpamAssassin mark mail as spam it will be move to JUNK folder.

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Facebooktwittergoogle_plusreddit

Fight against spam part 4 – Postfix SpamAssassin

SpamAssasin is the last weapon from our arsenal that we will use to keep spam away from our mail server.

 

Install needed packages:

We ned to add user that will be running spamassasin on our server:

User is ready now we need configure SA to use it:

Start SA:

Add SpamAssassin Support to postfix:

Restart postfix:

We need to create rules for SA:

Restart service to be sure we use newest rules:

To test spamassasin we can send mail from external mail server to our server and check header to see if spamassasin added his header with scoring.

 

Update 05/11/2016:

I notice that spamassassin throw error in syslog

This can be fix easily by commenting out use_dcc line or adding dcc and not use it (pointless)

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit

Fight against spam part 3 – Postfix DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation system designed to detect and prevent email spoofing. It provides a mechanism which allows a receiving organization to check that incoming mail from a domain is authorized by that domain’s administrators and that the email (including attachments) has not been modified during transport – Wikipedia

 

This is a continuation of topic about fighting against spam when you are self-hosting your mail server which in this case should be Postfix, previously we did finish confguration of SPF and DKIM.

 

Install needed package:

Configure it with basic configuration:

But thats not all, lets create folder:

And add host that will be excluded from scanning – us !?!

Assuming we used previous post about fighting with spam we should have DKIM on port 12301 so we can user port 54321 for DMARC:

Let us start opendmarc to ensure we don’t have any typo in configuration file:

 

We need to enable support for this technic in postfix:

Remamber that smtpd-milters and non_smtpd_milters was previously configurated with DKIM so now we have two values as the second is DMARC 🙂

Reload our postfix so he can use DMARC:

 

Knowing that DMARC use DKIM and SPF we will have to add another TXT record to our DNS. Internet is full of DMARC wizards to create different configuration, for now we can use the one provided here:

 

Normaly alot of people end the configuration here but that is not fully implemented DMARC. They forget about exchanging reports between mail servers. This is way we can fix this:

Those line and in schema.mysql but are commented, just uncomment them so we will create proper user for opendmarc

Read and execute schema:

Create script that will make reports for us:

We need to add that script to cron to make it work multiply times:

 

It is a good practice to view reports that we send to external mail servers, we will achive this in postfix this way:

Just one more restart of service and we are ready to go:

 

To test DMARC we need to send email from our server to external server that support DMARC and send it from there to us. For example GMail does support this.

In mail header there should be DMARC header. But remamber to delete debug header in configuration after checking if our configuration works alright:

Quick restart:

 

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit

Fight against spam part 2 – Postfix DKIM

DomainKeys Identified Mail (DKIM) – is an email authentication method designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam. – Wikipedia

 

This is a continuation of topic about fighting against spam when you are self-hosting your mail server which in this case should be Postfix.

 

Install needed packages:

Let us configure opendkim, if 12301port is use by some other service change it in below configuration:

Add support for this tool inside postfix:

If we already have something in lines smtpd_milters i/lub non_smtpd_milters we can add new tools after comma.

Create needed folders and configuration files, which we used as table source in configuration above:

Let us generate keys to use with DKIM:

Now we need to add proper key to TXT record in our DNS server:

We need to restart every service that we just edit configuration file:

To ensure we configure this properly the best way would be send email to service that check this for us, for example: check-auth(at)verifier.port25.com

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 1 – Postfix SPF

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit

Fight against spam part 1 – Postfix SPF

Sender Policy Framework (SPF) –  is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record.  – Wikipedia

 

I assume you have working postfix server already. Also I assume that you follow guide that have been posted here Postfix i Dovecot – perfect duo for mail server which use Debian/Ubuntu to achieve that.

 

Install needed package:

Default configuration that is present in package give us almost complete implementation we need to tweak it a bit to make it perfect:

Let postfix know that we use more anti-spam technics:

We need to restart postfix to make thise work

 

 

Rest post related to this topic:

Postfix i Dovecot – perfect duo for mail server

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit

Linux – Viewing emails with mailq and postcat

Installing and using postfix will give you ability to view mails processed by it:

 

Facebooktwittergoogle_plusreddit

Postfix i Dovecot – perfect duo for mail server

Own mail server? Would be awesome! If you just ask ‘why’ this tutorial is not for you 😉

Goals:

  • own postfix and dovecot server
  • support for virtual accounts
  • disable system accounts support
  • use database as account backend

 

1. Instalation

General type of mail configuration: Internet Site

System mail name: domian.name

2. Mysql/MariaDB backend

First prepare backend:

 

Most important postfix config file main.cf

Next let us create configuration files for virtual account support:

Restart postfix:

 

This will test if postfix ‘see’ virtual account from database:

 

Next we need to edit other postfix config file master.cf

This looked scary but to be sure I included full config file, because there could be changes made in newest version to default config files.

Just reset postfix because we finish configure him 🙂

 

3. Dovecot

First we make backup of files that we will edit:

Edit dovecot.conf

Let us comment and uncomment lines according with this code:

We need to create vmail account

Restart dovecot

4. Adding more account to backend

 

5. SPAM

If you are interested, there are some post about way to fight with spam:

Fight against spam part 1 – Postfix SPF

Fight against spam part 2 – Postfix DKIM

Fight against spam part 3 – Postfix DMARC

Fight against spam part 4 – Postfix SpamAssassin

Fight against spam part 5 – Dovecot Sieve

 

Facebooktwittergoogle_plusreddit