Ajcody-MTA-Postfix-Topics: Difference between revisions

Line 599: Line 599:
** See whole section - [[http://wiki.zimbra.com/wiki/Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue|Managin Postfix Queue]]
** See whole section - [[http://wiki.zimbra.com/wiki/Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue|Managin Postfix Queue]]
* '''Step 7:''' Release Mail queue
* '''Step 7:''' Release Mail queue
====Understanding /var/log/zimbra.log And Postfix Log Events====
Ref:
* http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html
* https://wiki.kolab.org/What_is_happening_to_my_emails_where_are_their._Search_your_postfix_log_to_find_them
To see some of the basic warning:
$ egrep '(reject|warning|error|fatal|panic):' /var/log/zimbra.log
Log events follow this basic pattern:
<pre>
Description
    || Date & Time  || Hostname || Postfix component id || Message
Example   
      Dec 31 11:34:21  testserver    postfix/smtpd[1677]:  connect from mail.example.com[192.168.100.45]
</pre>
The process ID is in the square brackets.
=====Postfix Queue ID vs. message-id=====
'''Note, postfix queue ID is NOT message-id.''' A message-id is assigned by the MUA or postfix if the message doesn't have one. The message-id is in the header of the email. The postfix queue ID is NOT in the header of the emails. An email header will also have the original emails message-id if it's an reply.
<pre>
Date: Tue, 4 Jun 2013 06:43:55 -0700 (PDT)
From: Adam Cody 2 <ajcody2@zcs723.EXAMPLE.com>
To: Adam Cody <ajcody@zcs723.EXAMPLE.com>
###  COMMENT START - Below are the two message-id's
###  The message-id is noted the /var/log/zimbra.log log events
###  Example will be shown farther down
Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.EXAMPLE.com>
In-Reply-To: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
###  End Of COMMENT
Subject: Re: test email
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.16.XX.XX]
X-Mailer: Zimbra 7.2.3_GA_2872 (ZimbraWebClient - [unknown] (Win)/0.0)
reply back
----- Original Message -----
From: "Adam Cody" <ajcody@zcs723.EXAMPLE.com>
To: "Adam Cody 2" <ajcody2@zcs723.EXAMPLE.com>
Sent: Tuesday, June 4, 2013 9:32:13 AM
Subject: test email
</pre>
When a message enters the Postfix system [incoming or outgoing] it is immediately assigned a queue ID. Postfix/ZCS will most likely have a message leave the postfix queue for other processing: amavis, filters, etc. This will cause the message to get a new queue ID's. This can also happen if you were to requeue your messages by doing something like: postsuper -r . You will need to note the '''message-id and ALL queue ID's''' to get the complete picture of what was happening for a particular email. For the example below, I first did a search for the message-id [found by looking at the header, ZWC > Sent box > View Original on email I sent] in /var/log/zimbra.log.
egrep "692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log
This output then gave me the associated postfix queue ID's, there were two unique ones. I then did another search using all three variables:
<pre>
        QueueID      QueueID          MessageID
egrep "59E261E78D1|C6CAA1E78D2|692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log
</pre>
Below is the return to find the full log event in /var/log/zimbra.log for this one email.
<pre>
Jun  4 06:32:14 zcs723 postfix/smtpd[16290]:
  59E261E78D1: client=zcs723.EXAMPLE.com[10.137.27.32]
Jun  4 06:32:14 zcs723 postfix/cleanup[16293]:
  59E261E78D1: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:14 zcs723 postfix/qmgr[7864]:
  59E261E78D1: from=<ajcody@zcs723.EXAMPLE.com>, size=673, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 postfix/smtpd[16310]:
  C6CAA1E78D2: client=localhost[127.0.0.1]
Jun  4 06:32:44 zcs723 postfix/cleanup[16293]:
  C6CAA1E78D2: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:44 zcs723 postfix/qmgr[7864]:
  C6CAA1E78D2: from=<ajcody@zcs723.EXAMPLE.com>, size=1361, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 amavis[19662]: (19662-02)
  FWD via SMTP: <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
  BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2
Jun  4 06:32:45 zcs723 postfix/lmtp[16311]: C6CAA1E78D2: to=<ajcody2@zcs723.EXAMPLE.com>,
  relay=zcs723.EXAMPLE.com[10.137.27.32]:7025, delay=0.85, delays=0.11/0.01/0.39/0.34,
  dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun  4 06:32:45 zcs723 postfix/qmgr[7864]: C6CAA1E78D2: removed
Jun  4 06:32:46 zcs723 amavis[19662]: (19662-02)
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32]
  <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
  Message-ID: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>,
  mail_id: GGpaucYR0-4J, Hits: -1.106, size: 673, queued_as: C6CAA1E78D2, 28828 ms
Jun  4 06:32:46 zcs723 postfix/smtp[16294]: 59E261E78D1: to=<ajcody2@zcs723.EXAMPLE.com>,
  relay=127.0.0.1[127.0.0.1]:10024, delay=32, delays=0.16/0.09/5.3/26, dsn=2.0.0,
  status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2)
Jun  4 06:32:46 zcs723 postfix/qmgr[7864]: 59E261E78D1: removed
</pre>
And the reply to the above message is shown below. [Note, both accounts are on the same ZCS system]:
<pre>
Jun  4 06:43:56 zcs723 postfix/cleanup[20443]:
  EFD1D1E78D1: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:28 zcs723 postfix/cleanup[20443]:
  C0E171E78D2: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:29 zcs723 amavis[19663]: (19663-02)
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32]
  <ajcody2@zcs723.us.zimbralab.com> -> <ajcody@zcs723.us.zimbralab.com>,
  Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>,
  mail_id: 0XbLSIeuewz3, Hits: -1.106, size: 969, queued_as: C0E171E78D2, 31775 ms
</pre>
When using any of the postfix commands to view/manipulate messages, they will be using the queueID that the message currently has. For example, mailq output looks like this:
<pre>
[root@zcs723 ~]# /opt/zimbra/postfix/sbin/mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C12E6246BC      514 Tue Mar 26 08:00:35  root
                                        zimbra
C7F00246A8      517 Tue Mar 26 07:00:24  root
                                        zimbra
9A2D124693      530 Mon Apr 15 19:04:20  root
                                        zimbra
</pre>


====Who's My Spammer?====
====Who's My Spammer?====

Revision as of 15:33, 4 June 2013

Attention.png - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information.

Postfix - MTA

Actual MTA & Postfix Topics Homepage

Please see Ajcody-MTA-Postfix-Topics

Missing main.cf Error

If you get something like:

postfix/postqueue[8739]: fatal: open /opt/zimbra/postfix-2.4.7.5z/conf/main.cf: No such file or directory 

All you need to do is create an empty main.cf file and zimbra will rewrite it.

touch main.cf

When you now do something to start the mta, it will generate the values for main.cf

zmmtactl stop
zmmtactl start

Understanding /var/log/zimbra.log And Postfix Log Events

Ref:

To see some of the basic warning:

$ egrep '(reject|warning|error|fatal|panic):' /var/log/zimbra.log

Log events follow this basic pattern:

Description 
     || Date & Time  || Hostname || Postfix component id || Message
Example     
      Dec 31 11:34:21  testserver    postfix/smtpd[1677]:   connect from mail.example.com[192.168.100.45]

The process ID is in the square brackets.

Postfix Queue ID vs. message-id

Note, postfix queue ID is NOT message-id. A message-id is assigned by the MUA or postfix if the message doesn't have one. The message-id is in the header of the email. The postfix queue ID is NOT in the header of the emails. An email header will also have the original emails message-id if it's an reply.

Date: Tue, 4 Jun 2013 06:43:55 -0700 (PDT)
From: Adam Cody 2 <ajcody2@zcs723.EXAMPLE.com>
To: Adam Cody <ajcody@zcs723.EXAMPLE.com>
###  COMMENT START - Below are the two message-id's
###  The message-id is noted the /var/log/zimbra.log log events
###  Example will be shown farther down
Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.EXAMPLE.com>
In-Reply-To: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
###  End Of COMMENT
Subject: Re: test email
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.16.XX.XX]
X-Mailer: Zimbra 7.2.3_GA_2872 (ZimbraWebClient - [unknown] (Win)/0.0)

reply back

----- Original Message -----
From: "Adam Cody" <ajcody@zcs723.EXAMPLE.com>
To: "Adam Cody 2" <ajcody2@zcs723.EXAMPLE.com>
Sent: Tuesday, June 4, 2013 9:32:13 AM
Subject: test email

When a message enters the Postfix system [incoming or outgoing] it is immediately assigned a queue ID. Postfix/ZCS will most likely have a message leave the postfix queue for other processing: amavis, filters, etc. This will cause the message to get a new queue ID's. This can also happen if you were to requeue your messages by doing something like: postsuper -r . You will need to note the message-id and ALL queue ID's to get the complete picture of what was happening for a particular email. For the example below, I first did a search for the message-id [found by looking at the header, ZWC > Sent box > View Original on email I sent] in /var/log/zimbra.log.

egrep "692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log

This output then gave me the associated postfix queue ID's, there were two unique ones. I then did another search using all three variables:

         QueueID      QueueID           MessageID
 egrep "59E261E78D1|C6CAA1E78D2|692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log

Below is the return to find the full log event in /var/log/zimbra.log for this one email.

Jun  4 06:32:14 zcs723 postfix/smtpd[16290]: 
  59E261E78D1: client=zcs723.EXAMPLE.com[10.137.27.32]
Jun  4 06:32:14 zcs723 postfix/cleanup[16293]: 
  59E261E78D1: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:14 zcs723 postfix/qmgr[7864]: 
  59E261E78D1: from=<ajcody@zcs723.EXAMPLE.com>, size=673, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 postfix/smtpd[16310]: 
  C6CAA1E78D2: client=localhost[127.0.0.1]
Jun  4 06:32:44 zcs723 postfix/cleanup[16293]: 
  C6CAA1E78D2: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:44 zcs723 postfix/qmgr[7864]: 
  C6CAA1E78D2: from=<ajcody@zcs723.EXAMPLE.com>, size=1361, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 amavis[19662]: (19662-02) 
  FWD via SMTP: <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
  BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2
Jun  4 06:32:45 zcs723 postfix/lmtp[16311]: C6CAA1E78D2: to=<ajcody2@zcs723.EXAMPLE.com>, 
  relay=zcs723.EXAMPLE.com[10.137.27.32]:7025, delay=0.85, delays=0.11/0.01/0.39/0.34, 
  dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun  4 06:32:45 zcs723 postfix/qmgr[7864]: C6CAA1E78D2: removed
Jun  4 06:32:46 zcs723 amavis[19662]: (19662-02) 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32] 
  <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>, 
  Message-ID: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>, 
  mail_id: GGpaucYR0-4J, Hits: -1.106, size: 673, queued_as: C6CAA1E78D2, 28828 ms
Jun  4 06:32:46 zcs723 postfix/smtp[16294]: 59E261E78D1: to=<ajcody2@zcs723.EXAMPLE.com>, 
  relay=127.0.0.1[127.0.0.1]:10024, delay=32, delays=0.16/0.09/5.3/26, dsn=2.0.0, 
  status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2)
Jun  4 06:32:46 zcs723 postfix/qmgr[7864]: 59E261E78D1: removed

And the reply to the above message is shown below. [Note, both accounts are on the same ZCS system]:

Jun  4 06:43:56 zcs723 postfix/cleanup[20443]: 
  EFD1D1E78D1: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:28 zcs723 postfix/cleanup[20443]: 
  C0E171E78D2: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:29 zcs723 amavis[19663]: (19663-02) 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32] 
  <ajcody2@zcs723.us.zimbralab.com> -> <ajcody@zcs723.us.zimbralab.com>, 
  Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>, 
  mail_id: 0XbLSIeuewz3, Hits: -1.106, size: 969, queued_as: C0E171E78D2, 31775 ms

When using any of the postfix commands to view/manipulate messages, they will be using the queueID that the message currently has. For example, mailq output looks like this:

 [root@zcs723 ~]# /opt/zimbra/postfix/sbin/mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C12E6246BC      514 Tue Mar 26 08:00:35  root
                                         zimbra

C7F00246A8      517 Tue Mar 26 07:00:24  root
                                         zimbra

9A2D124693      530 Mon Apr 15 19:04:20  root
                                         zimbra

To view a message that is still in the postfix queues/spool, you can use the postcat command with the -q option [-q (access queue)].

[root@zcs723 ~]# /opt/zimbra/postfix/sbin/mailq -q C12E6246BC | more


Network Tracing Between A Remote Host And A ZCS MTA

How to network trace between a remote host and a ZCS MTA. You can run the following on the MTA to get the trace:

 tcpdump -w /root/tcpdump1.cap -s 15000 port 25 and host <Sending_host_IP> 

How To Get SMTP Debug Logging

You can obtain this by modifying the master.cf.in which is located at /opt/zimbra/postfix/conf . Go to the smtpd line and at the end of the line add -vv

 smtp      inet  n       -       n       -       -       smtpd -vv

restart the mta by running the following

 zmmtadctl restart

Simple Troubleshooting For SMTP - Example

With Plan Text Auth:

telnet mail.example.com 25

220 mail.example.com ESMTP Postfix
helo mail.example.com
250 mail.example.com
mail from:test@example.com # Comment: Could be any address.
250 2.1.0 Ok
rcpt to:user@example.net  # Comment: Must be a valid address
250 2.1.5 Ok
data
354 Please start mail input.
subject: test message
This is a test message
.
250 Mail queued for delivery.
quit

Simple Troubleshooting For ESMTP - Example

If you are using TLS you will need to encrypt your username & password before transiting it.

For PLAIN logins:

perl -MMIME::Base64 -e 'print encode_base64("\0username\0password");'

Simple Troubleshooting For TLS - Example

To connect to a server using TLS run something like this:

openssl s_client -connect mail.example.com:587 -starttls smtp

Now you can run one of the above telnet sessions. You will most likely still need to log in.

openssl s_client -connect mail.example.com:587 -starttls smtp
220 mail.example.com ESMTP Postfix
ehlo mail.example.com
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES 
250-8BITMIME
250 DSN
auth plain AASDF654ASSDF654ASDF  # Comment: Output form perl command above
235 2.7.0 Authentication successful
mail from:from@example.com # Comment: Depending on server must be same as login
250 2.1.0 Ok
rcpt to:user@example.net  # Comment: Must be a valid address
250 2.1.5 Ok
data
354 Please start mail input.
subject: test message
This is a test message
.
250 Mail queued for delivery.
quit

Simple Troubleshooting Format For A Test Message - Example

From: no-one@example.com
Subject: This is a test message
To: test@example.com

This is a test message.

Adding A New MTA Server

Basic instructions can be found here:

Additional instructions needed beyond the above will follow as I hear about them.

Load Balancing For SMTP - Out Bound Mail

Currently, 5.x code, you have the following options:

    • An external load balancing device that will then split the traffic behind it
    • Setup a round-robin A record situation in your DNS for the external mta's you'll be using.

In, GNR/6.x, you are able to add multiple targets to the variables and we'll have some degree of "balancing" between them.

User Alias Mapping And Mail Transport with Postfix & LDAP

See User_Alias_Mapping_and_Mail_Transport_with_Postfix_&_LDAP

Multiple LDAP Servers?

Completed RFE:

  • "mta should be able to take a list of LDAP servers to take advantage of replicas."

From :

        server_host (default: localhost)
              The name of the host running the LDAP server,  e.g.

                  server_host = ldap.example.com

              Depending  on the LDAP client library you're using,
              it should be possible to specify  multiple  servers
              here,  with the library trying them in order should
              the first one fail. It should also be  possible  to
              give  each  server  in  the  list  a different port
              (overriding server_port below), by naming them like

                  server_host = ldap.example.com:1444

              With OpenLDAP, a (list of) LDAP URLs can be used to
              specify both the hostname(s) and the port(s):

                  server_host = ldap://ldap.example.com:1444
                              ldap://ldap2.example.com:1444

              All LDAP URLs accepted by the OpenLDAP library  are
              supported,  including  connections over UNIX domain
              sockets, and LDAP SSL (the last one  provided  that
              OpenLDAP was compiled with support for SSL):

                  server_host = ldapi://%2Fsome%2Fpath
                              ldaps://ldap.example.com:636

 **my note**
 This thread - http://archives.neohapsis.com/archives/postfix/2004-09/1763.html
 give me the impression they made a mistake in modifying the help file on this
 and they dropped the use/need of the command:

  server_host = ldap://ldap.example.com:1444, ldap://ldap2.example.com:1444

Just a small note on where var shows up:

[root@mail3 conf]# pwd
/opt/zimbra/conf
[root@mail3 conf]# grep server_host *
amavisd.conf.in:$myhostname = '@@zimbra_server_hostname@@';  # must be a fully-qualified domain name!
ldap-scm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-transport.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vad.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vam.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmd.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
localconfig.xml:  <key name="zimbra_server_hostname">
zmmta.cf:	LOCAL zimbra_server_hostname
zmmta.cf:	POSTCONF myhostname		LOCAL zimbra_server_hostname

References:

Traditional Aliases Use - /etc/aliases type lookups

Filed this RFE:

Allowing Accounts To Change The From Address

Please see:

Related BUG/RFE's

Creating A Domain Alias

Please see ManagingDomains#Creating_a_Domain_Alias

Relay Domain Forwarding

Please see ManagingDomains#Relaying.2FDomain_Forwarding

Domain Catchall

Please see ManagingDomains#Domain_Catchall

Rewriting From Address For Outbound Email

Please see ManagingDomains#Domain_Masquerading

Rewrite Recipient Address For Incoming Email

There is a way to rewrite the incoming mail, but it's not a standard Zimbra feature. You can implement it as a configuration change in Postfix. Here's what you do:

  1. Create a file in /opt/zimbra/conf named 'postfix_recipientmap'.
    • The format is a single line that reads something like: @alias.domain.com @domain.com
  2. Run 'postmap postfix_recipientmap' in the conf directory.
  3. Run "postconf -e recipient_canonical_maps=hash:/opt/zimbra/conf/postfix_recipientmap".
  4. Run 'postfix reload'.

This will cause postfix to map any incoming mail with a recipient of '@alias.domain.com' to '@domain.com'. You will need to re-apply this postconf change after upgrades, though the postfix_recipientmap file should survive.

Automatic BCC

Option 1 - Via Postfix Customization

From the postfix website:

  • always_bcc = address
    • Deliver a copy of all mail to the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8).
  • sender_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • recipient_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated for mail that Postfix forwards internally, nor for mail that Postfix generates itself.

Please see the following:

Option 2 - Via ZCS Legal Intercept

Generally used for Managing Legal Requests for Information

Description:

The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

Please see:

Option 3 - Zimbra's Archiving And Discovery

See Ajcody-Notes-Archive-Discovery concerning A&D setup and options.

Limiting Or Increasing Number Of Recipents / Messages

Mailing Lists - Distribution Lists

Please see Ajcody-MailingLists-And-Mailman#Problems_Resolving_Virtual_Aliases_For_Members_Of_Large_Distribution_Lists

Policy Daemon

If you want to restrict messages per hour, you can look into Policy Daemon:

Beta release in ZCS 7 , see:

Postfix

Also, there are some default postfix parameters set to control sending a message to x amount recipients. The parameters you will need to look at are smtpd_recipient_limit & smtpd_recipient_overshoot_limit, these have a default value of 1000.

Postfix defines these parameters as:

  • smtpd_recipient_limit: The maximum number of recipients that the Postfix SMTP server accepts per message delivery request.
  • smtpd_recipient_overshoot_limit: The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient.

From the command line you can change the default values.

su - zimbra
postconf -e smtpd_recipient_limit=<new value>
postconf -e smtpd_recipient_overshoot_limit=<new value>
postfix reload

Bugs RFE's For Customers To Get Behind

I'm wondering if policyd gives one the control everyone is looking for? I've not used it myself.

Policyd References:

There's other additions [add-on's] one can get for policyd.

We have this RFE in regards to policyd support:

Other related rfe/bugs, specially to push variables into admin web console:

Controlling SMTPD Client Connections

Mmorse did a good write up on these variables in the forum:

Postfix Resources At Their Site (All Clients/Connections):

Postfix Resources At Their Site (Exceptions To Clients/Connections Or Single Source):

Restrictions

Besides using external mailing list software, Mailman or Sympa, here's some other topical items in regards to restrictions.

Some user contributed articles:

Some Postfix references:

Some RFE's related to mta based restrictions [targets are based upon today - July 21, 2010]:

Spam Control And Related Issues

High Over View Steps Of What To Do

  • Step 1: Confirm your not an open relay and double check your postfix $mynetworks variable.
  • Step 2: Stop or put on-hold mail queue.
    • Put all messages into HOLD queue:
      • /opt/zimbra/postfix/sbin/postsuper -h ALL
    • See whole section - [Postfix Queue]
  • Step 3: Check your mail log [On ZCS servers running MTA services] - /var/log/zimbra.log
  • Step 4: Identify compromised account authenticating SMTP AUTH connection
  • Step 5: Disable the exploited email account.
  • Step 6: Move the mail queue or delete the spam email
  • Step 7: Release Mail queue

Who's My Spammer?

A fast way to see who is doing a lot of authentications, which normally happens when a spammer has compromised an account with a weak password, is to do:

# cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
      1 Auser@domain.com
      3 Buser@domain.com
      4 Cuser@domain.com
      5 Duser@domain.com
     36 SPAMMER@domain.com

The full log event will look like this:

zimbra1 postfix/smtpd[29431]: B28914D5978: client=xxxxx.server.com[w.x.y.z], sasl_method=LOGIN, sasl_username=user
zimbra1 postfix/cleanup[5522]: B28914D5978: message-id=<20090420154255.B28914D5978@zimbraserver.com>
zimbra1 postfix/qmgr[20690]: B28914D5978: from=<spam@spam.com>, size=6026, nrcpt=10 (queue active)
zimbra1 postfix/cleanup[3983]: 2BA56465D28: message-id=<20090420154255.B28914D5978@zimbraserver.com>

Against your older logs, you could:

# zcat /var/log/zimbra.log* | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

And you can look at the specific information for the user in question with:

# grep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log

Or if searching against the older logs:

# gzrep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log*

If you want to check on a specific message ID, do:

grep 9DF7520804A /var/log/zimbra.log*

For older message logs:

zgrep 9DF7520804A /var/log/zimbra.log*

To read/view the message in the queue:

/opt/zimbra/postfix/sbin/postcat -q 9DF7520804A 

One would then normally lock/change password on the one account showing the most activity. Grep'ing the /var/log/zimbra.log with the username in question will also show the ip address being used, this can be blocked with your firewall.

Open Relay Check

You should also confirm you aren't an open relay.

$ host -t mx DOMAIN.com
DOMAIN.com mail is handled by 10 mail.DOMAIN.com.

$ telnet mail.DOMAIN.com 25
Trying 184.###.##.## ...
Connected to mail.DOMAIN.com.
Escape character is '^]'.
220 mail.DOMAIN.com ESMTP Postfix
helo support.test
250 mail.DOMAIN.com
mail from:<SPAMMER@domain.com>
250 2.1.0 Ok
rcpt to:<TEST@DOMAIN.COM>
554 5.7.1 <TEST@DOMAIN.COM>: Relay access denied

rcpt to:<SPAMMER@domain.com>
554 5.7.1 Service unavailable; Client host [71.XXX.XX.XX] blocked 
 using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=71.202.XX.XX
quit
221 2.0.0 Bye
Connection closed by foreign host.

Resources

A list of resources you'll find useful:

Wiki articles that have been assigned to the anit-spam category:

Down to the end-user:

External Relay Test Pages
  • http://www.checkor.com/
    • Note - this test is in regards to the From spoofing spammers sometimes do for DL's.
    • Also, for the test - make an account/DL on your system for test1@[your domain] . Otherwise you'll just error about account not existing.
RSET
250 2.0.0 Ok
MAIL FROM: spam@mail59.DOMAIN.com
250 2.1.0 Ok
RCPT TO: test1@mail59.DOMAIN.com
Test Failed, 250 2.1.5 Ok 

Blocking MAIL FROM - smtpd_sender_restrictions - Default Is Empty

External References
Zimbra References And Bugs & RFE's
Protecting DL's From Spammers - Forging Mail From
First Recommendation - As Given By Dev's From Critical Meeting Notes

  • Enabled SASL/SMTP Authentication
  • Implement how-to as described in :
    • Permitted Senders: RestrictPostfixRecipients
      • Note: You'll see on the above page a reference to the spoof hole.
        • "This method can be spoofed by forging the MAIL FROM: header (so mail appears to originate from within the domain), so it isn't foolproof, but it works for basic needs."
      • Note: You'll also modify the instructions as above with addition details provided below.
  • Force authentication for local-domain senders:
    • modify the main.cf to have the following:
      • smtpd_sender_restrictions = check_sender_access hash:/path/to/file
    • Then for the /path/to/file that you used in the mail.cf for smtpd_sender_restrictions, you'll have a line like:
      • example.com permit_sasl_authenticated, reject
Second Recommendation - Unpredictable DL name or Non-routing Domain

Do not use predictable DL names. Instead of using everyone@company.com , use something like everyone-[random-string]@company.com .

Another option is to use a non-routing domain - company.local - and setup your DL's there. You'll want to configure your main domain to be able to query the GAL of this domain.

To see the existing setting:

zmprov gd [domainname] zimbraGalLdapSearchBase

To change the variable for the domain:

zmprov md [domainname] zimbraGalInternalSearchBase ROOT
Third Recommendation - Using smtpd_sender_restrictions

Work In Progress. I'm testing this now. Please don't attempt until this line is removed.

Update: See the following:

This should work if your "clients" are using ZWC, ZCO, or ActiveSync mobile devices. If you are using IMAP/POP + STMP thick clients, you'll most likely have to enable smtp authentication [sasl] and use the reject_authenticated_sender_login_mismatch variable instead.

postconf -e smtpd_sender_restrictions=reject_sender_login_mismatch
postfix reload

This option is described as:

reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps. Man page

Some Other SMTP Sending Restrictions

Blocking Incoming From Domain And By User

See the following:

check_client_access

The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from. The default behavior is to allow SMTP connections from any client. This is discussed under Spam Controls on the Postfix site.

Example:

check_client_access regexp:/etc/postfix/access_sender_client_server,

Example:

check_sender_access regexp:/etc/postfix/access_sender_toplevel
smtpd_reject_unlisted_sender

Details can be found on the mail.cf Postfix page.

Example:

smtpd_reject_unlisted_sender = yes

Possible Bug:

http://bugzilla.zimbra.com/show_bug.cgi?id=24889

What's Your SPF Records Say, When Getting "does not designate 74.x.x.x as permitted sender Errors"

This is most likely related to the SPF records for your domain and what the header content of the sending email states as it's Mail From. For example, this is from the header of an email that was "received":

Received: from mail.XYZ-FAKE.com (mailhost.XYZ-FAKE.com [74.X.X.244]) by mta01.ABC-FAKE.com with ESMTP id 
Cft0mO3fjlFGQjTA for <support@ABC-FAKE.com>; Tue, 21 Apr 2009 05:14:13 -0700 (PDT)
X-Barracuda-Envelope-From: testuser@XYZ-FAKE.com
Received-SPF: pass (mta01.ABC-FAKE.com: domain of testuser@XYZ-FAKE.com designates 74.X.X.244 as permitted sender) 
receiver=mta01.ABC-FAKE.com; client_ip=74.X.X.244; envelope-from=testuser@XYZ-FAKE.com;

To see what this check was done against, do the following below. I'll trim the output and adjust the information used to protect the innocent. Also, notice how a DNS "alias" might cause an issue here? :


$ host 74.X.X.244
244.X.X.74.in-addr.arpa domain name pointer mailhost.XYZ-FAKE.com.

$ host mailhost.XYZ-FAKE.com
mailhost.XYZ-FAKE.com has address 74.X.X.244

$ host mail.XYZ-FAKE.com
mail.XYZ-FAKE.com is an alias for mailhost.XYZ-FAKE.com.
mailhost.XYZ-FAKE.com has address 74.X.X.244

$ dig XYZ-FAKE.com MX

;; QUESTION SECTION:
;XYZ-FAKE.com.			IN	MX

;; ANSWER SECTION:
XYZ-FAKE.com.		3600	IN	MX	22 serverA.DNS-FAKE.com.
XYZ-FAKE.com.		3600	IN	MX	11 serverB.DNS-FAKE.com.

$ dig XYZ-FAKE.com TXT

;; QUESTION SECTION:
;XYZ-FAKE.com.			IN	TXT

;; ANSWER SECTION:
XYZ-FAKE.com.		3600	IN	TXT	"v=spf1 a:mail.XYZ-FAKE.com ~all"

See the following for more information:

Using Different SMTP Server For Webclient (ZWC), Mobiles, And ZCO

Note Of Caution About Using External MTAs

Using non-zimbra MTA's can cause some options in zimbra to not function anymore - since it no longer has zimbra's mta services available.

Zimbra Mail Forwarding Possibly Will Not Work - Turn Off User Option To Set MailForwarding

Mail forwarding might no longer work depending on the configuration you setup regarding the use of your external mta's. When this happens you'll most likely want to disable the option for users to set a mail forwarding address in their preferences. This can be done via their COS or USER configuration.

  • In the admin console, goto the COS configuration the user/s are using and the "Features" tab. Uncheck the option "Allow the user to specify a forwarding address" under Mail Features. It is in the same location under a USERs configuration panel in the admin console.

In the CLI, you will see these set as the defaults for the default COS. The admin gui option above only adjusts the zimbraFeatureMailForwardingEnabled variable :

$ zmprov gc default | grep zimbraFeatureMailForwarding
    zimbraFeatureMailForwardingEnabled: TRUE
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
$ zmprov ga ajcody@`zmhostname` | grep zimbraFeatureMailForwarding
    zimbraFeatureMailForwardingEnabled: TRUE
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE

More details about them are in the /opt/zimbra/conf/attrs/zimbra-attrs.xml file.

<attr id="342" name="zimbraFeatureMailForwardingEnabled" type="boolean" cardinality="single" 
 optionalIn="account,cos" flags="accountInfo,accountInherited,domainAdminModifiable">
  <defaultCOSValue>TRUE</defaultCOSValue>
  <desc>enable end-user mail forwarding features</desc>
</attr>

<attr id="704" name="zimbraFeatureMailForwardingInFiltersEnabled" type="boolean" 
 cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited,
 domainAdminModifiable" since="5.0.10">
  <defaultCOSValue>TRUE</defaultCOSValue>
  <desc>enable end-user mail forwarding defined in mail filters features</desc>
</attr>
Configure External MTA To Use LDAP Virtual Alias Maps

Here's the basic info in regards to how Zimbra's mta [postfix/etc] uses Zimbra's LDAP to get the forwarding information:

$ grep Forward conf/ldap-*
conf/ldap-vam.cf:result_attribute =  
zimbraMailDeliveryAddress,zimbraMailForwardingAddress,
zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress
$ postconf |grep vam
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf

See http://www.postfix.org/postconf.5.html#virtual_alias_maps for more information.

Confirming And Setting zimbraMtaRelayHost And zimbraMtaDnsLookupsEnabled

First we'll set zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled variables. These options are also shown in the admin console and can be configured there. These variable alone will not redirect ALL traffic to an external MTA first though. There's alao a variable called zimbraSmtpHostname that is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs - addressed in the section below. It's defaulted value is 'localhost' - at least on a single ZCS configuration.

In situations where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter servers hostname.

Normally, when zimbraMtaRelayHost is set to a non-zimbra external MTA would would disable DNS lookups. If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).

Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gacf zimbraMtaRelayHost
zmprov gacf zimbraMtaDnsLookupsEnabled

Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gs `zmhostname` zimbraMtaRelayHost
zmprov gs `zmhostname` zimbraMtaDnsLookupsEnabled

Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost

zmlocalconfig zimbra_zmprov_default_soap_server

If you had the error and it was set to localhost, modify it to be one of your mailstores.

zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com

No restart of anything is needed, the zmprov query should now work.

Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov mcf zimbraMtaRelayHost hostname-of-ext-server:PORT
 ** ex : zmprov mcf zimbraMtaRelayHost primary.YYY.state.XX.us:25
 ** At the end, 25 is the port number for smtp on the targeted system. 
 ** Adjust this number if you changed the smtp port.
zmprov mcf zimbraMtaDnsLookupsEnabled FALSE

Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov ms `zmhostname` zimbraMtaRelayHost hostname-of-ext-server:PORT
 ** ex : zmprov ms `zmhostname` zimbraMtaRelayHost primary.YYY.state.XX.us:25
 ** At the end, 25 is the port number for smtp on the targeted system. 
 ** Adjust this number if you changed the smtp port.
zmprov ms `zmhostname` zimbraMtaDnsLookupsEnabled FALSE

Confirming And Setting zimbraSmtpHostname

I'm assuming you already set, zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled for your needs - see above section. The variable called zimbraSmtpHostname is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs. It's default value is set to 'localhost' - at least on a single ZCS configuration.

In cases where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter boxes hostname.

Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gacf zimbraSmtpHostname

Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gs `zmhostname` zimbraSmtpHostname

Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost

zmlocalconfig zimbra_zmprov_default_soap_server

If you had the error and it was set to localhost, modify it to be one of your mailstores.

zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com

No restart of anything is needed, the zmprov query should now work.

Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov mcf zimbraSmtpHostname hostname-of-ext-server
 ** ex : zmprov mcf zimbraSmtpHostname primary.YYY.state.XX.us

Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov ms `zmhostname` zimbraSmtpHostname hostname-of-ext-server
 ** ex : zmprov ms `zmhostname` zimbraSmtpHostname primary.YYY.state.XX.us

External Email Clients Setting A SMTP Server

The above variable, zimbraSmtpHostname, will not alter your third party email clients that are setting the smtp server to your ZCS mta's. Here are your options if you also need to have that traffic to go through another device [mta, spam filter, etc.] prior to local delivery [lmtp] to an internal address.

  • Set your clients to use the another devices ip address or hostname that you set for zimbraSmtpHostname.

If you can't do the above, for whatever reason -- maybe security constraints or issues that might arise being a hosting provider, then see below.

  1. You could investigate the alternation of postfix's content_filter option to place the external device/host [a barracuda for example] within that process. postfix.org has information on this - Postfix After-Queue Content Filter. This would be unsupported by Zimbra.
  2. Contact Zimbra's Professional Services [PS] team for help.
  3. Setup another server using a mta of your choice [postfix , sendmail] that the clients can use for the smtp server variable. This "new" mta would then simply relay to the device - a barracuda box for example. The barracuda would then do what it needs to and then forwards the messages to the appropriate servers for delivery. Your ZCS mta's in the case of local delivery that would of normally occurred over lmtp - userA@domainC.com sending to userB@domainC.com .

Global Or System Wide Filters

There is no "supported" solution for this - depending on the exact circumstances. It's a complex issue because each request for "global filters" tends to be very specific on either what's to be filter, what actions are to be taken, and so forth.

RFE's Related To Global Filters

Use The Legal Intercept Method

Depending on the details of your request, using the Legal Intercept options might be useful. You could take the results that goto the LI mailbox and then perform your admin global searches against your mailbox accounts to take the appropriate action.

See Legal_Intercept

Sieve Filter Set For Every Account

One could setup a forloop for all of your users and setup a sieve filter. Downside here is the rules are editable by the users and you would have to manage the rules for new accounts going forward.

See User_Migration#Migrating_Sieve_Filter_Rules for details.

Double Check The Current Anti-Spam Options

Make sure your request can't be solved by the current solutions described in articles.

Postfix , Amavis Customizations

I've seen some posts on the forums that customers found their own workarounds by customizing postfix and amavis. This will most likely result in an unsupported situation. Unfortunately, those forum posts don't also include details that I can share here. Hopefully I can find them going forward and I'll post them here.

Global Disclaimer Options

Here's the url to review for a "current" possibility:

And in the notes section there's a comment about multi-servers:

Please note though, "This article is a community contribution and may include unsupported customizations." Meaning, it's an unsupported customization, so please take the necessary precautions.

In regards to an official and supported way to do this, please review this RFE:

Quota Issues

Where To Adjust Message User Gets When They Are Over Quota

  • From the web admin console:
    • Configuration > Class of Service
    • Select the COS in question
    • Then goto the Advanced tab on the right
    • There's a quota section. The sub-section you want is called:
      • "Quota warning message template:"

See Current User Qoutas

Please see Getting All User Quota Data (not zmstat related really)

Controlling Behavior For Messages Sent To Over Quota Mailbox - LMTP

The variable to set for a 452 Temp/Try Again response verses a 552 Permanent Error. This happens over lmtp rather than smtp. For smtp, see below.

zmprov gacf zimbraLmtpPermanentFailureWhenOverQuota

Setting to TRUE will flag it for the 552 response.

zmprov mcf zimbraLmtpPermanentFailureWhenOverQuota TRUE

References:

Controlling Behavior For Messages Sent To Over Quota Mailbox - SMTP

References:

Message Senders Receive About Mailbox Over Quota

File that holds text of message:

/opt/zimbra/postfix/conf/bounce.cf.default

Note, please read the bounce MAN page before you attempt to edit this file directly.

Also, I haven't been able to confirm the relationship of this above file with the postconf default output:

[root@mail3 ~]# postconf | grep -i bounce
2bounce_notice_recipient = postmaster
backwards_bounce_logfile_compatibility = yes
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file = 
disable_verp_bounces = no
double_bounce_sender = double-bounce
multi_recipient_bounce_reject_code = 550
soft_bounce = no

To use a bounce.cf file, you'll want to add the file to variable and reload postfix via the zmmtactl script. It looks like zmlocalconfig doesn't currently handle this variable.

cp /opt/zimbra/postfix/conf/bounce.cf.default /opt/zimbra/postfix/conf/bounce.cf
postconf -e bounce_template_file="/opt/zimbra/postfix/conf/bounce.cf"
zmmtactl reload

Note, this might get lost during upgrades so make a note to yourself about this change.

Another reference : Configure Customer Postfix Bounce Messages

Quota Not Showing In Admin Console - After ZCS Upgrade

There might be some server attributes missing. To have the mail quota work properly, zimbraServiceInstalled mailbox must be true.

$zmprov gs `zmhostname` zimbraServiceInstalled

It must contain mailbox for the quota information to be available.

To set the zimbraServiceInstalled to true for "mailbox".

$zmprov ms `zmhostname` +zimbraServiceInstalled mailbox

I would think a zimbra restart would necessary as well for us to see the changes in the quota admin console view.

Managing Postfix Queue

Postfix, Amavis, Clamav Spool Directory Paths And Names

ls /opt/zimbra/data
 amavisd  clamav  dspam  postfix
ls /opt/zimbra/data/postfix/spool/
 active  active.old  bounce  corrupt  defer  deferred  
 flush  hold  incoming  incoming.old  maildrop  pid  
 private  public  saved  trace

Stop And Starting Postfix And Mta

To only stop and start postfix:

postfix stop
postfix start

To stop and start postfix, amavis, and clam:

zmmtactl stop
zmmtactl start

To See Postfix Queue

As zimbra using sudo - show a summary of queue count - ~/libexec/zmqstat:

[zimbra@mail37 ~]$ sudo ~/libexec/zmqstat
hold=0
corrupt=0
deferred=0
active=0
incoming=0

As zimbra - /opt/zimbra/postfix/sbin/postqueue -p

[zimbra@mail37 ~]$ /opt/zimbra/postfix/sbin/postqueue -p
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
EC753D0D00*     328 Thu Apr  5 14:34:09  sender@sourcedomainname.local
                                         recipient@destinationdomainname.local

-- 0 Kbytes in 1 Request.

As zimbra - mailq

[zimbra@mail37 ~]$ mailq
Mail queue is empty
Qshape - Print Postfix queue domain and age distribution
/opt/zimbra/bin/qshape

References:

Example output:

$ qshape -s hold | head
                         T  5 10 20 40 80 160 320 640 1280 1280+
                 TOTAL 486  0  0  1  0  0   2   4  20   40   419
             yahoo.com  14  0  0  1  0  0   0   0   1    0    12
  extremepricecuts.net  13  0  0  0  0  0   0   0   2    0    11
        ms35.hinet.net  12  0  0  0  0  0   0   0   0    1    11
      winnersdaily.net  12  0  0  0  0  0   0   0   2    0    10
           hotmail.com  11  0  0  0  0  0   0   0   0    1    10
           worldnet.fr   6  0  0  0  0  0   0   0   0    0     6
        ms41.hinet.net   6  0  0  0  0  0   0   0   0    0     6
                osn.de   5  0  0  0  0  0   1   0   0    0     4

To View A Message In The Queue

Get the message id and use post cat:

/opt/zimbra/postfix/sbin/postcat -q EC753D0D00

To Flush Postfix Queue

/opt/zimbra/postfix/sbin/postqueue -f

To Requeue Messages In Postfix

/opt/zimbra/postfix/sbin/postsuper -r ALL

More explanation from the postsuper man page:

-r queue_id
              Requeue  the  message  with the named queue ID from
              the named mail queue(s) (default:  hold,  incoming,
              active  and  deferred).   To  requeue multiple mes-
              sages, specify multiple -r command-line options.

              Alternatively, if a queue_id of - is specified, the
              program reads queue IDs from standard input.

              Specify  "-r  ALL"  to  requeue  all messages. As a
              safety measure, the word ALL must be  specified  in
              upper case.

              A  requeued message is moved to the maildrop queue,
              from where  it  is  copied  by  the  pickup(8)  and
              cleanup(8)  daemons  to  a  new queue file. In many
              respects its handling differs from that  of  a  new
              local submission.

              o      The   message   is   not  subjected  to  the
                     smtpd_milters or non_smtpd_milters settings.
                     When  mail  has  passed  through an external
                     content filter, this would produce incorrect
                     results with Milter applications that depend
                     on original SMTP connection  state  informa-
                     tion.

              o      The  message  is  subjected  again  to  mail
                     address rewriting and substitution.  This is
                     useful  when rewriting rules or virtual map-
                     pings have changed.

                     The  address  rewriting  context  (local  or
                     remote)  is the same as when the message was
                     received.

              o      The message is subjected to  the  same  con-
                     tent_filter  settings  (if  any) as used for
                     new local mail submissions.  This is  useful
                     when content_filter settings have changed.

              Warning:  Postfix queue IDs are reused.  There is a
              very small possibility that  postsuper(1)  requeues
              the  wrong  message  file when it is executed while
              the Postfix mail system is  running,  but  no  harm
              should be done.

              This feature is available in Postfix 1.1 and later.

To Put Messages On Hold

If there’s ‘*’ character next to queue ID , EC753D0D00* , it means that this message is in the active queue e.g. attempts to deliver the messages are made.

If there’s ‘!’ character next to queue ID , EC753D0D00! , it means that this message is put “on hold”.

To put a message on hold:

~# /opt/zimbra/postfix/sbin/postsuper -h EC753D0D00

To put on hold messages from user@domain.com:

~# /opt/zimbra/postfix/sbin/postqueue -p | awk ‘BEGIN { RS = “” } { if ($7 == “user@domain.com” ) print $1 }’ | tr -d ‘!*’ | postsuper -h -

To put all messages on hold:

~# /opt/zimbra/postfix/sbin/postsuper -h ALL
postsuper: Placed on hold: 6 messages

To Delete Messages From Queue

Cautionary Note
Warning, deleting messages from the queue can have a negative consequence of your users. You might need to account for the action and/or confirm your deletion was appropriate. Please try to save the postqueue -p information from the various messages prior to deleting them. This will at least you give you he information to later justify your actions on why you delete msg#.
Relevant Sections Of Postsuper Man Page
 By  default,  postsuper(1)  performs  the operations requested with the -s and -p 
 command-line options on all Postfix queue directories - this includes the incoming, 
 active and deferred directories with mail files and the bounce, defer, trace and flush 
 directories with log files.

  -d queue_id Delete one message with the named queue ID from the named mail queue(s) 
     (default: hold, incoming, active and deferred).
     If a queue_id of - is specified, the program reads queue IDs from standard input. 
     For example, to delete all mail with exactly one recipient user@example.com:

              mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
                  # $7=sender, $8=recipient1, $9=recipient2
                  { if ($8 == "user@example.com" && $9 == "")
                        print $1 }
              ' | tr -d '*!' | postsuper -d -

      Specify "-d ALL" to remove all messages; for example, specify "-d ALL deferred" 
      to delete all mail in the deferred queue.  As a safety measure, the word ALL must 
      be specified in upper case.

      Warning: Postfix queue IDs are reused.  There is a very small possibility that 
      postsuper deletes the wrong message file when it is executed while the Postfix mail 
      system is delivering mail.

      The scenario is as follows:
      1)  The Postfix queue manager deletes the message that postsuper(1) is asked to 
         delete, because Postfix is finished with the message (it is delivered, or it is 
         returned to the sender).
      2)  New mail arrives, and the new message is given the same queue ID as the message 
         that postsuper(1) is supposed to delete.  The probability for reusing a deleted 
         queue ID is about 1 in 2**15 (the number  of  different microsecond values that 
         the system clock can distinguish within a second).
      3)  postsuper(1) deletes the new message, instead of the old message that it should 
         have deleted.

  -h queue_id Put mail "on hold" so that no attempt is made to deliver it.  Move one 
     message with the named queue ID from the named mail queue(s) (default: incoming, 
     active and deferred) to the hold queue.

     If a queue_id of - is specified, the program reads queue IDs from standard input.
     Specify "-h ALL" to hold all messages; for example, specify "-h ALL deferred" to hold
     all mail in the deferred queue.  As a safety measure, the word ALL must be specified 
     in upper case.
     Note: while mail is "on hold" it will not expire when its time in the queue exceeds 
     the maximal_queue_lifetime or bounce_queue_lifetime setting. It becomes subject to 
     expiration after it is released from "hold".

  -H queue_id Release mail that was put "on hold".  Move one message with the named queue 
     ID from the named mail queue(s) (default: hold) to the deferred queue.

     If a queue_id of - is specified, the program reads queue IDs from standard input.
     Note: specify "postsuper -r" to release mail that was kept on hold for a significant 
     fraction of $maximal_queue_lifetime or $bounce_queue_lifetime, or longer.

     Specify "-H ALL" to release all mail that is "on hold".  As a safety measure, the 
     word ALL must be specified in upper case.

   -p Purge old temporary files that are left over after system or software crashes.
To Delete Single Message From Queue
/opt/zimbra/postfix/sbin/postsuper -d [MSGID From postqueue -p]
To Delete ALL Messages From Queue
/opt/zimbra/postfix/sbin/postsuper -d ALL

Another way to do this:

mailq | awk '{print $1}' | postsuper -d -
To Delete ALL Messages From The Deferred Queue
/opt/zimbra/postfix/sbin/postsuper -d ALL deferred
To Delete Many Messages From Queue

To delete a large number of files one would use:

/opt/zimbra/postfix/sbin/postsuper -d - < filename-with-queue-ids.txt

The filename, filename-with-queue-ids.txt example, would have a listing of id's like:

3E1C6CAFFFE
6B862CC9D76
0BC38CC1BC9
90628CC6F3C
E26B9CC3C62
92A35CC943D
A84BDBCE15D
EA57CB1DF04
0F102CC74CB
386E8CC4DFF
92606CC0BDA
0799FC8149A
024CFCBD0DE
2D30FC47DA0
31D85CC6308
B8B3FC3DEBC
AA4C7C913D0
280F5CC8C6C
9F341CC8A26
93CD1B3B0EC
433D0BF3716
A1435CB4C38
2DB04CC911D
56A29CC8819
11881C8268C
5C050A79851
C6739CC4BA5
11D3FCC7D09
8CBC0B20E0A
Delete From Queue By Email Address

Note - Some of the shell scripting below might fail on messages with particular status ("on delivery" or "on hold") because a "*" or a "!" is appended to the ID of the message.

From CLI

Change the [ email@address.com ] variable below first.

To first see what would be deleted. As root:

/opt/zimbra/postfix/sbin/postqueue -p | egrep -v '^ *\(|-Queue ID-' \
| awk 'BEGIN { RS = "" } { if ($7 == "email@domain.com") print $1} ' | tr -d '*!'

If you get error about egrep, you might need to use this syntax:

/opt/zimbra/postfix/sbin/postqueue -p | /bin/egrep -v '*\(|-Queue ID-' \
| awk 'BEGIN { RS = "" } { if ($7 == "email@address.com") print $1} ' | tr -d '*!'


To now delete, just include the postsuper -d at end:

/opt/zimbra/postfix/sbin/postqueue -p | egrep -v '^ *\(|-Queue ID-' \
| awk 'BEGIN { RS = "" } { if ($7 == "email@domain.com") print $1} ' \
| tr -d '*!' | /opt/zimbra/postfix/sbin/postsuper -d -

Older example of what I had; the tail +2 was rhel4 specific

To first see what would be deleted:
mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "email@address.com" && $9 == "") print $1 } ' | tr -d '*!'
To now delete, just include the postsuper -d at end:
mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "email@address.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -
Script To Delete From Queue By Email Address
Non-Zimbra Script and not QA'd or tested. Path adjusted though for /opt/zimbra/postfix/sbin/*

From http://www.ustrem.org/en/articles/postfix-queue-delete-en/

Save on file system, calling it something like - delete-queue-by-email.sh . Give it execute permission. Run as root. Example usage would be: ./delete-queue-by-email.sh user-name@domain-test.com

#!/usr/bin/perl -w
#
# pfdel - deletes message containing specified address from
# Postfix queue. Matches either sender or recipient address.
#
# Usage: pfdel <email_address>
#

use strict;

# Change these paths if necessary.
my $LISTQ = "/opt/zimbra/postfix/sbin/postqueue -p";
my $POSTSUPER = "/opt/zimbra/postfix/sbin/postsuper";

my $email_addr = "";
my $qid = "";
my $euid = $>;

if ( @ARGV !=  1 ) {
	die "Usage: pfdel <email_address>\n";
} else {
	$email_addr = $ARGV[0];
}

if ( $euid != 0 ) {
        die "You must be root to delete queue files.\n";
}


open(QUEUE, "$LISTQ |") || 
  die "Can't get pipe to $LISTQ: $!\n";

my $entry = <QUEUE>;	# skip single header line
$/ = "";		# Rest of queue entries print on
			# multiple lines.
while ( $entry = <QUEUE> ) {
	if ( $entry =~ / $email_addr$/m ) {
		($qid) = split(/\s+/, $entry, 2);
		$qid =~ s/[\*\!]//;
		next unless ($qid);

		#
		# Execute postsuper -d with the queue id.
		# postsuper provides feedback when it deletes
		# messages. Let its output go through.
		#
		if ( system($POSTSUPER, "-d", $qid) != 0 ) {
			# If postsuper has a problem, bail.
			die "Error executing $POSTSUPER: error " .
			   "code " .  ($?/256) . "\n";
		}
	}
}
close(QUEUE);

if (! $qid ) {
	die "No messages with the address <$email_addr> " .
	  "found in queue.\n";
}

exit 0;
Script To Delete From Queue By Various Variable Targets
Non-Zimbra Script and not QA'd or tested. Path adjusted though for /opt/zimbra/postfix/sbin/*

From http://jwcub.wordpress.com/2006/01/20/bulk-delete-from-postfix-queue/

Perl script called “delete-from-mailq”:

#!/usr/bin/perl

$REGEXP = shift || die “no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!”;

@data = qx;
for (@data) {
if (/^(\w+)(\*|\!)?\s/) {
$queue_id = $1;
}
if($queue_id) {
if (/$REGEXP/i) {
$Q{$queue_id} = 1;
$queue_id = “”;
}
}
}

open(POSTSUPER,”|/opt/zimbra/postfix/sbin/postsuper -d -”) || die “couldn’t open postsuper” ;

foreach (keys %Q) {
print POSTSUPER “$_\n”;
};
close(POSTSUPER);

Save the above script to a file say “delete-queue.pl” in your home directory, and make it excutable:

chmod 755 delete-queue

Usage - Run as root :

  • Delete all queued messages from or to the domain “iamspammer.com”
./delete-queue iamspammer.com
  • Delete all queued messages to specific address “bogususer@mydomain.com”
./delete-queue bogususer@mydomain.com
  • Delete all queued messages that begin with the word “bush” in the e-mail address:
./delete-queue bush*\@whateverdomain.com
  • Delete all queued messages that contain the word “biz” in the e-mail address:
./delete-queue biz
Jump to: navigation, search