This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Email Blacklist?
#1
[Not Solved] Email Blacklist?
Hi I am listed on 2 blacklists as showed below the text here, but how do I set it up so its more secure against email spam?

And I edit out the ips and the domain.

[Image: sJ6gyFh.png]

My dovecot config:

Code:
##
## Dovecot config file
##
listen = *
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
#log_timestamp was present only in Ubuntu file

# SSL configuration - Begin
ssl = yes
ssl_cert = </etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.dk/privkey.pem
# Disable SSLV3 - Poodle
ssl_protocols = !SSLv2 !SSLv3
# SSL configuration - End

protocols = imap pop3 lmtp sieve
auth_mechanisms = plain login
passdb {
 driver = sql
 args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
userdb {
 driver = prefetch
}
userdb {
 driver = sql
 args = /etc/sentora/configs/dovecot2/dovecot-mysql.conf
}
mail_location = maildir:/var/sentora/vmail/%d/%n
first_valid_uid = 999
last_valid_uid = 999

first_valid_gid = 8
last_valid_gid = 8
#mail_plugins =
mailbox_idle_check_interval = 30 secs
maildir_copy_with_hardlinks = yes
service imap-login {
 inet_listener imap {
   port = 143
 }
}
service pop3-login {
 inet_listener pop3 {
   port = 110
 }
}
service lmtp {
 unix_listener lmtp {
   #mode = 0666
 }
}
service imap {
 vsz_limit = 256M
}
service pop3 {
}
service auth {
 unix_listener auth-userdb {
   mode = 0666
   user = vmail
   group = mail
 }

 # Postfix smtp-auth
 unix_listener /var/spool/postfix/private/auth {
   mode = 0666
   user = postfix
   group = postfix
 }
}

service auth-worker {
}
service dict {
 unix_listener dict {
   mode = 0666
   user = vmail
   group = mail
 }
}
service managesieve-login {
 inet_listener sieve {
   port = 4190
 }
 service_count = 1
 process_min_avail = 0
 vsz_limit = 64M
}
service managesieve {
}
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
 mail_plugins = quota sieve
 postmaster_address = postmaster@mydomain.dk
}
protocol imap {
 mail_plugins = quota imap_quota trash
 imap_client_workarounds = delay-newmail
}
lmtp_save_to_detail_mailbox = yes

protocol lmtp {
 mail_plugins = quota sieve
}
protocol pop3 {
 mail_plugins = quota
 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
 pop3_uidl_format = %08Xu%08Xv
#pop3_uidl_format was present only in ubuntu file
}
protocol sieve {
 managesieve_max_line_length = 65536
 managesieve_implementation_string = Dovecot Pigeonhole
 managesieve_max_compile_errors = 5
}
dict {
 quotadict = mysql:/etc/sentora/configs/dovecot2/dovecot-dict-quota.conf
}
plugin {
# quota = dict:User quota::proxy::quotadict
 quota = maildir:User quota
 acl = vfile:/etc/dovecot/acls
 trash = /etc/sentora/configs/dovecot2/dovecot-trash.conf
 sieve_global_path = /var/sentora/sieve/globalfilter.sieve
 sieve = ~/dovecot.sieve
 sieve_dir = ~/sieve
 sieve_global_dir = /var/sentora/sieve/
 #sieve_extensions = +notify +imapflags
 sieve_max_script_size = 1M
 #sieve_max_actions = 32
 #sieve_max_redirects = 4
}

log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
mail_debug=yes

# Things Philip Changed for SSL

#auth_mechanisms = plain login

# don't allow non-TLS connections for IMAP or SASL
#ssl = required

# path to the certificate file, should be root:root and 0444
#ssl_cert = </etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem

# path to the private key file, should be root:root and 0400
#ssl_key = </etc/letsencrypt/live/mail.mydomain.dk/privkey.pem

And my postfix condig (main.cf):

Code:
# postfix config file

# uncomment for debugging if needed
soft_bounce=yes

# postfix main
mail_owner = postfix
setgid_group = postdrop
delay_warning_time = 4

# postfix paths
html_directory = no
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.2/samples
readme_directory = /usr/share/doc/postfix-2.2.2/README_FILES

# network settings
inet_interfaces = all
mydomain = mydomain.dk
myhostname = mydomain.dk
mynetworks = 127.0.0.1, myextip
mydestination = localhost.$mydomain, localhost
relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf

# mail delivery
recipient_delimiter = +

# mappings
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#transport_maps = hash:/etc/postfix/transport
#local_recipient_maps =

# virtual setup
virtual_alias_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_alias_maps.cf,
                    regexp:/etc/sentora/configs/postfix/virtual_regexp
virtual_mailbox_base = /var/sentora/vmail
virtual_mailbox_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/sentora/configs/postfix/mysql-virtual_mailbox_maps.cf
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# debugging
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5

# authentication
#smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth

# tls config

smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

# path to the certificate file, should be root:root and 0444
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem

# path to the private key file, should be root:root and 0400
smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.dk/privkey.pem

# Allow use of TLS but make it optional
#smtpd_use_tls=yes

# Cache sessions for speed improvement
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3

# Insist on stronger ciphers
smtpd_tls_ciphers = high

# SASL parameters
# Don't forget permit_sasl_authenticated in smtpd_relay_restrictions
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

# Jonathan Add
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

# rules restrictions
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10023,
       permit_mynetworks,
       reject_unauth_destination,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_recipient_domain,
check_client_access hash:/etc/postfix/rbl_override,
check_sender_access hash:/etc/postfix/sender_access
# uncomment for realtime black list checks. (Warn: will also reject false positive)
       ,reject_rbl_client zen.spamhaus.org
      ,reject_rbl_client bl.spamcop.net
      ,reject_rbl_client dnsbl.sorbs.net
,reject_rbl_client cbl.abuseat.org

smtpd_helo_required = yes
#unknown_local_recipient_reject_code = 554
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_banner = $myhostname ESMTP

message_size_limit = 20480000

Postfix Config (master.cf)

Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
-o content_filter=spamassassin
#  -o content_filter=smtp-amavis:127.0.0.1:10024
#  -o receive_override_options=no_address_mappings
pickup    fifo  n       -       n       60      1       pickup
 -o content_filter=
 -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
       -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# ====================================================================
maildrop  unix  -       n       n       -       -       pipe
 flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
 flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes

 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
 flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
#
# Vacation mail
vacation    unix  -       n       n       -       -       pipe
 flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Hope someone here can help me to stop the email spam, and get my email server more secure Smile
Reply
Thanks given by:
#2
[Not Solved] RE: Email Blacklist?
Do you have a reverse dns setup I have the same ones blocking me because my isp set the reverse dns wrong

Sent from my SM-G900W8 using Tapatalk
Reply
Thanks given by:
#3
[Not Solved] RE: Email Blacklist?
(07-26-2017, 05:08 PM)type-00 Wrote: Do you have a reverse dns setup I have the same ones blocking me because my isp set the reverse dns wrong

Sent from my SM-G900W8 using Tapatalk

I dont think so
Reply
Thanks given by:
#4
[Not Solved] RE: Email Blacklist?
Are you hosting the server or is it being hosted elsewhere

Sent from my SM-G900W8 using Tapatalk
Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
Support for Email Server TLS encryption on Sentora? americanninja 19 8,176 02-03-2018, 08:15 PM
Last Post: CMs222
Email Domain Forwarder psy07 0 161 11-09-2017, 12:06 PM
Last Post: psy07
Email not being forwarded rsthomas 7 1,078 10-15-2017, 08:31 PM
Last Post: zanga

Forum Jump:


Users browsing this thread: 1 Guest(s)