Check Mail Port Connections with netstat

A good way to check the connectons to mail ports is to use netstat:

# netstat -anp | grep :25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::25                   :::*                    LISTEN      2170/master
# netstat -anp | grep :465
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::465                  :::*                    LISTEN      2170/master
# netstat -anp | grep :587
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::587                  :::*                    LISTEN      2170/master

Adding DKIM to Postfix

DKIM on Postfix:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

The configuration can be tested by sending an empty email to check-auth@verifier.port25.com and a reply will be received. If everything works correctly you should see DKIM check: pass under Summary of Results.

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
Alternatively, you can send a message to a Gmail address that you control, view the received email’s headers in your Gmail inbox, dkim=pass should be present in the Authentication-Results header field.

Authentication-Results: mx.google.com;
spf=pass (google.com: domain of contact@example.com designates — as permitted sender) smtp.mail=contact@example.com;
dkim=pass header.i=@example.com;

Email Administration for Postfix , Plesk and Qmail

Basics
rDNS (Reverse DNS)

The Reverse DNS for an IP should be set to the EHLO value that is sent in the outgoing mail header. This is generally the HostName of the computer.

This value should also match the outgoing IP address used to send the mail.

On a multi-IP server, if the sending IP does not match the EHLO domain, you may be sending from Postfix. Switching to Qmail may cause the sending IP to match the primary IP on the server, which should correct any mis-matched IP/EHLO issues.

Read moreEmail Administration for Postfix , Plesk and Qmail

DMARC

Amazonon DMARC (http://sesblog.amazon.com/post/Tx22ZELXSSZRYZR/What-is-DMARC-and-should-you-use-it).

This Google article is also helpful: https://support.google.com/a/answer/2466563?hl=en

If you scroll down to the ‘Example records’ section, you’ll see a number of examples on how to write the TXT record. Here’s an example of that record:

_dmarc.advancedmediawebs.com. 3600 IN TXT “v=DMARC1; p=quarantine; pct=5; rua=mailto:mark@domain.com”

SSL for Mail Server Plesk

Normally, checking mail may produce an SSL error for plesk mail services. All clients Outlook, Mac mail, thunderbird, show a a message for ssl certificate. How to fix it.

You would need to purchase a SSL certificate for your servers hostname and set it up so it gets used for the mail service on the server. if you try and use mail.domain.com, it’ll still give an error.

Ref: http://kb.sp.parallels.com/en/1062

Is SpamAssassin Working

Check the header of an email


X-Spam-Status: No, score=0.1
X-Spam-Score: 1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

You can also add Barracuda RBL to Exim in WHM

For cPanel /home/username/.spamassassin/user_prefs as described:

Other Resources:

Improving SpamAssassin accuracy on cPanel (or any other) mail servers – with statistics

IMAP and POP Email Settings

For a plesk server

IMAP

Incomming server
Server: mail.domain.com
Connection security: none
Authentication: Password, transmitted insecurely
User Name: user@domain.com
Port: 143

Outgoing Server:
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Encrypted password
User Name: user@domain.com
Incomming: Port 587

POP

Incomming server
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Encrypted Password
User Name: user@domain.com
Port: 110

Outgoing Server:
Server: mail.domain.com
Connection security: STARTTLS
Authentication: Normal Password
User Name: user@domain.com
Incomming: Port 587

Clear Mail queue on Postfix or Plesk

How to clear the mailqueue.

Check the mailq:

# /usr/local/psa/admin/bin/mailqueuemng -s

View 5 of the items for a certain domain:

# /usr/local/psa/admin/bin/mailqueuemng -s | grep -C 5 user@domain.com
# /usr/local/psa/admin/bin/mailqueuemng -D"

or

# postsuper -d ALL

If you get a permission error on an older PLesk 9 instance

# /usr/sbin/postsuper -d ALL

To remove specific emails from a domain:

# postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /@domain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -

Or

# mailq | tail -n +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "USER@EXAMPLE.COM" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -