Tag Archives: Postfix

Software, TechBlog

How to eliminate spam and protect your name with DMARC

37 Comments

 If you are reading this you are probably making my life harder

E-Mail sucks! Your users just keep clicking the links in those damn phishing mails. And you can’t do anything about it. Hell somebody might be sending spam in your name and you have no idea about it. Let me blow your mind: You can solve these problems, for free. And I will introduce you the tools you need.

The cure to your E-Mail headaches hides behind three small acronyms:

  • SPF: Sender Policy framework, tells others which mail servers are authorized to send E-Mail for your domain.
  • DKIM: Domain Keys Identified Mail, uses encryption and DNS to verify an E-Mail sender and that it was not altered in transit
  • DMARC: Domain based Message Authentication, Reporting and Conformance. Builds on SPF and DKIM and implements a policy and reporting system around them

Continue reading How to eliminate spam and protect your name with DMARC

Software, TechBlog

Debian Wheezy E-Mail Relay for multiple Domains and IMAP Server with Postfix Dovecot and Fetchmail

3 Comments

One of our customers needed a way to use multiple mail domains. He already had a SBS2011, The Exchange Server on it was configured for the primary E-Mail Domain of the Company. The E-Mails from this Domain were fetched with the POP3 connector and all outgoing Mail was sent to the smart host of the E-Mail Provider.
The additional E-Mail Domains required a similar setup.
Unfortunately Exchange does not allow you to change the smart host for outgoing E-Mail based on the sender. There are third party Exchange addons, that do provide this ability, but I preferred to solve the problem with a Linux Mail Server. The configuration I will describe to you is fairly basic and the scenario it is used in is somewhat special. But the Article will still give you a fairly good impression on how to get a basic Mail Server running and how all the different pieces work together.

Continue reading Debian Wheezy E-Mail Relay for multiple Domains and IMAP Server with Postfix Dovecot and Fetchmail

Software, TechBlog

Implementing an SSL Certificate and the subordinate CA Certificate on Apache, Dovecot and Postfix

Leave a comment

As promised, here a quick article on how to implement a certificate with chained trust into an Apache https server. You will need your server certificate and key and additionally the certificates of every intermediary Certificate Authority. Once you have those together move them to your web server. The key file should be kept in a directory with only root access. If you happen to have more than one intermediary Certificate Authority in your chain of trust you will have to put all the certificates into one file. The easiest way to do this is the following:

cat intermediate_intermediatecert_that_signed_the_server.pem intermediatecert2.pem intermediatecer3.pem > certchainfile_for_apache.pem

Once these preparations are finished, you need to open the config file of the virtual host. You need to adapt the following to lines to match the paths of your Certificates:

SSLCertificateFile /path/to/your_server_cert.crt
SSLCertificateKeyFile /path/to/your_server_key.key

They should be in the example SSL file provided by Apache. And in order to display your chain of trust you will need to add following line, tho show of the intermediary CA certificate(s):

SSLCertificateChainFile /path/to/Intermediary_CA_cert.crt

Restart Apache after this and you are finished. And while we are at it lets do Dovecot as well. Copy all the needed Certificates to your mail server. Dovecot does not seem to have a separate option for the trust chain. So just do the following:

 cat cert_mail_server.pem cert_intermediate_ca.pem > chained_cert.pem

After this change the config file of dovecot “/etc/dovecot/dovecot.conf”:

ssl_cert_file = /path/to/chained_cert.pem ssl_key_file = /path/to/server_key.pem

And since we are on the mail server any, lets also change postfix. If your postfix is one the same Server as your Dovecot, you can simply use the files from dovecot. If not repeat the steps as shown for dovecot and then edit “/etc/postfix/main.cf”: 

 smtpd_tls_cert_file = /path/to/chained_cert.pem
smtpd_tls_key_file = /path/to/server_key.pem

Restart Dovecot and Postfix and your are done.

I used this Article as reference: Geeklab How to use chained SSL certificates

Software, TechBlog

Migrating Postfix and Dovecot from a MySQL User-Database to Active Directory

4 Comments

When I set up my Active Directory, I wanted to migrate all services at home to authenticate against it. Now that I had the AD running and a few not so critical services used it, it was time finally migrate this one. I don’t have an Exchange-Server at home(nor do I want one) and my colleague who tested Openchange said it is not quite ready yet. So I will have to do without Exchange-extensions for the AD. I will still be able to do the basic management for my mail users in the AD, but I won’t be able to use any of the exchange extensions or tools for it. Continue reading Migrating Postfix and Dovecot from a MySQL User-Database to Active Directory