Email Administration for Postfix , Plesk and Qmail

Basics
rDNS (Reverse DNS)

The Reverse DNS for an IP should be set to the EHLO value that is sent in the outgoing mail header. This is generally the HostName of the computer.

This value should also match the outgoing IP address used to send the mail.

On a multi-IP server, if the sending IP does not match the EHLO domain, you may be sending from Postfix. Switching to Qmail may cause the sending IP to match the primary IP on the server, which should correct any mis-matched IP/EHLO issues.

SPF (Sender Policy Framework)

SPF (actual TXT) records are used to verify that an email was actually sent by the email address reported. This system is used to help prevent spoofing.

Example:

yourwebdomain.com IN TXT “v=spf1 a mx ip4:1.2.3.4 include:thirdpartyespdomain.com -all”

ip4: Use the IP of the server. Mismached IPs can result in errors such as the reverse domain does not match.
SPF for Managed Mail

Try something like this:

domain.com. IN TXT “v=spf1 mx include:domain.com ~all”

or

domain.com. IN TXT “v=spf1 mx ip4:64.150.179.75 include:domain.com ~all”

Generally speaking, the EHLO should be the Hostname of the server. One way to discover the Hostname is to telnet into the server using Port 25

telnet IP.AD.DR.ESS 25

Plesk
Mail Queue

/usr/local/psa/admin/bin/mailqueuemng -s

To see the messages

/usr/local/psa/admin/bin/mailqueuemng -l

Postfix Mail Queue

To clear the mail queue (Postfix)

postsuper -d ALL

Qmail Mail Queue

To clear the outgoing Qmail mail queue

/usr/local/psa/admin/bin/mailqueuemng -D

Qmail Delete sender/recipt

qmail-remove -r -p xyz.com

http://geeksterminal.com/qmail-commands-logs-plesk-server/580/

** Install qmail-remove

yum install gcc gcc-c++

wget http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz
tar -zxvf qmail-remove-0.95.tar.gz
cd qmail-remove-0.95
make
make install
cp qmail-remove /usr/bin/
mkdir /var/qmail/queue/yanked

Mail Log

cat /usr/local/psa/var/log/maillog | less

cat /var/log/maillog

Passwords

/usr/local/psa/admin/bin/mail_auth_view
mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -e ‘select m.mail_name,a.password,d.name from mail m,accounts a,domains d where m.account_id=a.id and m.dom_id=d.id;’

Which script is sending mail

http://kb.parallels.com/1711

Rebuild and repair mail configuration files

Use mchk utility to repair/rebuild all mail configuration files and restore settings for all mailboxes created in Parallels Plesk Panel.

Usage:

/usr/local/psa/admin/sbin/mchk –help
Restore settings for all mailboxes.
Usage: /usr/local/psa/admin/sbin/mchk [OPTION]

OPTIONS:
–without-spam restore all settings except for SpamAssassin configuration
–with-spam restore all settings (Recommended)
–spam-only restore only SpamAssassin settings
~#

This utility rebuilds mail server control files’ mailboxes settings (including alternative servers such as Postfix in modern Plesk versions). It also sets appropriate permissions for all the related files.

Usage example:

/usr/local/psa/admin/sbin/mchk –with-spam

Plesk Mail Folders

The Plesk mail directories (Plesk mail directory, Plesk mail folder) are located at:

cd /var/qmail/mailnames/

cPanel
Mail Log

cat /var/log/exim_mainlog | less

Email Trace

Exim
Mail Log

/var/log/exim_mainlog

Mail Queue

/usr/sbin/exim -bp

Exim Mail Queue Count

exim -bpc

Clear Mail Queue

exim -bp | awk ‘/^ *[0-9]+[mhd]/{print “exim -Mrm ” $3}’ | bash

Change Sending IP

In WHM, make sure that mailips is enabled:

WHM > Exim Configuration Manager > Reference /etc/mailips for outgoing SMTP connections = On

Create or edit /etc/mailips by logging in with SSH.

nano /etc/mailips

Set the IP for the desired domain

domain.com: ip.add.re.ss

Now, set the rDNS for the IP by editing /etc/mailhelo

nano /etc/mailhelo

domain1.com: mail.domain1.com
sub.domain1.com: mail.domain1.com
domain2.com: mail.domain2.com
*: host.name.com

To activate these changes, restart Exim

service exim restart

Postfix
Mail Queue

mailq

Postfix Mail Queue Count

find /var/spool/postfix/deferred/. ! -name ‘?’ -print | wc -l

Disable Undeliverable and Bounced messaging

To stop Postfix from sending Undeliverable and other bounced messages, edit the /etc/postfix/master.cf file

nano /etc/postfix/master.cf
#bounce unix – – n – 0 bounce
bounce unix – – n – 0 discard

service postfix restart

Set the primary sending IP

To set the primary sending IP in Postfix, you will need to edit the Postfix configuration file and add the following line

nano /etc/postfix/main.cf

smtp_bind_address = IP.ADD.RE.SS

service postfix restart

… or …

nano /etc/postfix/master.cf

DOM.AIN.IP.ADD- unix – n n – – smtp -o smtp_bind_address=SEN.DIN.GIP.ADD -o smtp_bind_address6= -o smtp_address_preference=ipv4
DOM.AIN.2IP.ADD- unix – n n – – smtp -o smtp_bind_address=SEN.DIN.GIP.ADD -o smtp_bind_address6= -o smtp_address_preference=ipv4

Support
Mail not listening on Port 25

The mailserver is able to send mail, but cannot receive. You can telnet out on port 25, but you cannot telnet in. Checking netstat -a|grep :25 shows nothing is listening. The mailserver is running and restarting it does not help.
Solution:

Check that the mail server is able to connect to the port.

In this example, filenames had been changed and needed to be corrected:

ls -la /etc/xinetd.d

smtp.psa
smtps.psa
submission.psa

Each of these needed to be renamed:

smtp_psa
smtps_psa
submission_psa

Issue: telnet localhost 25 telnet: connect to address 127.0.0.1: Connection refused

Cannot connect to port 25 on localhost even though Postfix is running.
Solution

Postfix is broken. Let Plesk repair it

/usr/local/psa/admin/sbin/mchk

Mail not sending from Primary IP
If mail is not sending out of the primary IP, there is a good chance the Plesk Version is 10.4.4+ and the mail MTA is set to Postfix. To send from the Primary IP (which should match the Hostname/EHLO), you can change the MTA to Qmail.
1. Backup the Plesk Server Settings: Tools > Backups
2. Run the Plesk AutoInstaller

/usr/local/psa/admin/bin/autoinstaller

3. Keep the version the same, the next options should allow you to select Qmail.
Note: Last time I installed Qmail via the AutoInstaller, it was 900MB, so it takes some time.
Max Connections to IMAP Server

The server returned the error: The attempt to read data from the server “mail.domain.com” failed.

or

You may have exceeded the maximum number of connections to this server.

Solution:

nano /etc/courier-imap/imapd
MAXDAEMONS=120
MAXPERIP=60

nano /etc/courier-imap/imapd-ssl
MAXDAEMONS=120
MAXPERIP=60

service courier-imapd restart
service courier-imaps restart
Max Emails Per Day
If a client receives a message saying:
“IP address blocked, max # of msgs per day reached, all outgoing blocked to prevent spam.”
or
“Message denied. Your IP address has sent the maximum number of messages per day. Your outgoing messages have been blocked.”

nano /var/www/atmail/libs/Atmail/Config.php
filter_max_msgs = ‘0’

Mail Stuck in Queue

Example from mail log: Connected_to_206.188.198.64_but_my_name_was_rejected./Remote_host_said:_501_5.0.0_Invalid_domain_name/
Solution:

Check the Hostname and From address. If not correctly configured (not a FQDN) the mail may not deliver.

Postfix Mail Stuck in Queue, IPv6

Postfix might try to send via IPv6. this is not available and messages get stuck in the queue.
Solution:

nano /etc/postfix/main.cf

# inet_protocols = all
inet_protocols = ipv4

service postfix restart

* It is OK to set this value by default when in a Postfix server, just in case.
Subdomain EMail Accounts
Plesk

It is possible to setup subdomain email accounts in Plesk, IF you set the subdomain up as a TLD instead of as a subdomain of a TLD.

Domains > Create Domain > sub.domain.com

Email Address blocked by Provider

To test if an IP is blocked by a provider, SSH into the server, then try to telnet into the provider at port 25.

Example: IP 123.45.67.89 cannot send to Verizon.

# dig verizon.net mx

;; ANSWER SECTION:
verizon.net. 136 IN MX 0 relay.verizon.net.

# dig relay.verizon.net.

;; ANSWER SECTION:
relay.verizon.net. 113 IN A 206.46.232.11

# telnet 206.46.232.11 25

Trying 206.46.232.11…
Connected to 206.46.232.11.
Escape character is ‘^]’.
571 Email from 123.45.67.89 is currently blocked by Verizon Online’s anti-spam system. The email sender or Email Service Provider may visit http://www.verizon.net/whitelist and request removal of the block. 121227
Connection closed by foreign host.

Emails not receiving in Plesk
Issue: all addresses are not receiving. Able to connect and send without issue

No address is receiving any mail. Checking the logs shows the emails do arrive.
Solution: Re-enable Anti-Virus in Services.

Issue: Mail Quota Exceeded

From the qmail error log:

tail -50 /usr/local/psa/var/log/maillog
delivery nnnnn: failure: Mail_quota_exceeded./

Root Cause

Check the mailbox size allowed in Plesk. Odds are it is NOT set to unlimited.
Now check the email users folder size

du -sch /var/qmail/mailnames/domain.com/*

The result from the above is higher than the limit set in Plesk
Solution:

Subscriptions > domain.com > Edit Configuration
Scroll down to mail box size and change the limit to a higher value.

Port 587 not responding (Plesk)

Attempts to telnet the server to port 587 fail:

Trying IP.ADD.RE.SS…
telnet: connect to address IP.ADD.RE.SS: Connection refused
telnet: Unable to connect to remote host: Connection refused

1. Check that the firewall is not blocking port 587.

2. Tools & Settings > Mail Server Settings > Enable message submission [X] (will be enabled on all IP addresses)
Plesk not sending to External Mail Server

A domain is using an external mail server. Emails sent to domain off the server send fine, but email sent to domains on the server (using the external mail server) are never received.
Solution:

1. If the DNS for the server is stored off the server, make sure the DNS is disabled in Plesk.

2. Disable the mail function of the domain from the command line:

/usr/local/psa/bin/domain –update domain.com -mail_service false

Issue: Postfix keeps stopping. (Incomplete!)

Support site: http://www.unix.com/tips-tutorials/19060-unix-file-permissions.html

Check the mail.err log for “Too many open files”

cat /var/log/mail.err | grep “Too many open files”

If you see this, check the /tmp folder for files created by postfix with 0 bytes and strange permissions:

ls -la /tmp
-rw-r-sr-t postfix ??? 0 ctmiPaisWB

Issue: Intermittent SMTP connection issues with Postfix

Load average above normal, but not insane. strange ctmilter.bin process running by postfix user using 100% CPU.
Solution:

nano /etc/postfix/main.cf

# smtpd_milters = inet:localhost:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
smtpd_milters = inet:localhost:12768

service postfix restart

Issue: Qmail not sending from Primary IP

The primary IP of the server was changed. Qmail should be sending out of the new primary IP, but instead is sending out of the old IP
Solution

This is due to the default route still set to the original IP.

system-config-network