Free postfix software for linux

Postfix project is Wietse Venemas mailer that started life as an alternative to the widely-used Sendmail program.

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.

Postfix-policy is a policy server that uses ServerKit to achieve a high level of performance and scalability for Postfix servers.

This project is ideal for use with large mail systems utilizing Postfix for MX duties and MySQL for the management of accounts with basic policy needs.

Usage:

It is advised that you read the ServerKit documentation before trying to use this module, as most of the basic usage is simply using ServerKit, nothing specific to this module.

You will probably want to use the included ServerKit personality as a starting point, found in the source archive as a directory named "personality". Within the personality you will find a "c11n" file, a "modules" subdirectory, and a "svsdir" subdirectory.

The "c11n" file is a ServerKit configuration file, you will need to at least modify the database settings so ServerKit can successfully communicate with your database system. Another configuration value that you will definitely have to set is "action_query_format_string".

The "action_query_format_string" is the SQL query postfix-policy will use to retrieve an action to send back to Postfix in response to policy delegation requests. See the Configuration section for a list of supported substitutions for use in the format string.

You are responsible for creating a query that is compatible with your mail system database schema, and ensuring that the query will:

1. return an empty set for invalid recipients
2. return a valid action string when not returning an empty set

For an explanation of valid policy action responses, see the access(5) manual reference from Postfix, youre interested in the *ACTIONS sections

ACL Policy Daemon is a program that communicates with the Postfix MTA using the Policy Delegation Protocol implementing an ACL (Access Control List) system, making very easy to improve and create nice controls on your e-mail traffic. You can use it to verify SPF records to.

The project is developed using Python and has no other dependencies and licensed by GPL version 2.

The rules are loaded from a regular text file. It is planned to load the rules from a SQL database or LDAP directory in the future.

Greylisting functionality will be implemented soon.

For news and updated information about ACL Policy Daemon, you can always check the project page at GNA: https://gna.org/projects/apolicy/

Installation:

You must have Python installed, version 2.3 or above. Run python to check:
miguel@debian:~$ python

Python 2.4.4c0 (#2, Jul 30 2006, 15:43:58)

[GCC 4.1.2 20060715 (prerelease) (Debian 4.1.1-9)] on linux2

Type "help", "copyright", "credits" or "license" for more information.
>>>

It is very easy to install apolicy. In some distributions, Postfixs daemons are located in /usr/libexec/postfix, check your distribution.

The following commands should do just fine, you must be root:

debian:~# tar zcf apolicy-0.3.tar.gz
debian:~# cp apolicy-0.3/src/apolicy.py /usr/lib/postfix/
debian:~# chmod 755 /usr/lib/postfix/apolicy.py
debian:~# mkdir /etc/apolicy/
debian:~# cp apolicy.conf /etc/apolicy/
debian:~# chmod 644 /etc/apolicy/apolicy.conf
debian:~# echo "apolicy unix - n n - - spawn" >> /etc/postfix/master.cf
debian:~# echo " user=nobody argv=/usr/lib/postfix/apolicy.py" >> /etc/postfix/master.cf

The apolicy.conf is a sample file with examples, you must edit it to fit your needs.

Install the complementary modules for apolicy. We will install 3 packages: apolicy, pyspf and pydns. Note that the directory that contains Python libraries is not the same on all operating systems. Sometimes it is inside /usr/lib or /usr/libexec, and may be named python or python< version >:

debian:~# mkdir /usr/lib/ /site-packages/apolicy
debian:~# mkdir /usr/lib/ /site-packages/spf
debian:~# mkdir /usr/lib/ /site-packages/DNS
debian:~# cp apolicy-0.3/src/apolicy/* /usr/lib/ /site-packages/apolicy
debian:~# cp apolicy-0.3/src/spf/* /usr/lib/ /site-packages/spf
debian:~# cp apolicy-0.3/src/DNS/* /usr/lib/ /site-packages/DNS
debian:~# echo apolicy > /usr/lib/ /site-packages/apolicy.pth
debian:~# echo spf > /usr/lib/ /site-packages/spf.pth
debian:~# echo DNS > /usr/lib/ /site-packages/DNS.pth

Before setting Postfix, it is wise to test apolicy and check if everything is right. The configuration file is loaded by default from /etc/apolicy/apolicy.conf, you can use -c parameter to change to point where your configuration file is. It is possible to debug your configuration using the parameter -d, it will send a lot of output to syslog mail facility:

debian:~# /usr/lib/postfix/apolicy.py -d

The program must keep running and waiting input from stdin. Take a look at mail.log for any problem. You can press ctrl+c to finish it. If no errors happened, then lets move forward.

Finally, add to your main.cf:

smtpd_recipient_restrictions =
reject_unlisted_recipient
...
reject_unauth_destination
check_policy_service unix:private/apolicy

For the size acl works, apolicy need to be called this way:

smtpd_end_of_data_restrictions = check_policy_service unix:private/apolicy

Postgrey is a Postfix policy server implementing greylisting.

When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.

Safe database:

greylist.pl doesnt lock correctly the database and it might get corrupted after a while (two days mean time for me). Postgrey does use the logging and transaction features of BerkeleyDB to maximize reliability. Additionally only one process is running, thus reducing even more the risk of corrupting the database.

Automatic maintenance:

Postgrey does keep track not only of the first time a given triplet was seen, but also the last time. Entries that were last seen more than a defined amount of time ago (one month for example) get removed automatically.

Whitelists:

Per-client and per-recipient whitelists. The Postgrey distribution package includes a client whitelist with all (few) broken mail-servers that were identified until now.

Lookup by subnet:

Addresses are normally stripped of their last byte, so that mail servers with multiple addresses are recognized as only one.

Auto-whitelisting of clients:

Clients which repeatedly show to be able to pass the greylist, are entered in a "clients whitelist", for which no greylisting is done anymore.

eProxy software is an SMTP proxy server framework specially designed for use in conjunction with Postfix version 2.1 and higher. However, it does also work as a frontend proxy however security wise I trust on the postfix smtpd.

What can eProxy be used for?
It is very fast and utilizes multi-threading. It is especially fast when it comes to your actual content filtering where you can use the speed of C/C++ in comparison to the interpreted language. It is very easy to use.

There are a few SMTP PROXY implementations out there but all I found are developed in either Perl or Python and some of them are extremely complex to use. This implementation makes it very easy to develop your own content filter in C+ and you only have to implement it in any of the following functions from(string from), to(string to), body(string body) and return a positive number to allow delivery and a negative number to disallow delivery.

You can of course still call to your processing/content filter "script(s)" via a popen(), system() or exec() call and run them through this method.

What do you need to (re)implement
Theres actually one source file that is of interest for you and thats the emailHandling.cpp file. In here the following functions are defined:

string getDomainName(string email);
int from(string from);
int rcptto(string to);
int body(string body);
void email(string email);

string getDomainName(string email); This is a convenience method to simply obtain the domainname part of an email address.

void email(string email); In this function you can do something to the email or part of it depending where you BOUNCED the email. It can be used to for instance store all emails in an archive or waiting box, waiting for manual release when an email is a suspect.

int from(string from); In this function you can do checking on the MAIL FROM part of an SMTP session. When your return a negative number the transaction is cancelled with a 550 error, when you return a positive number (larger than 0) then the MAIL FROM is accepted. The string from contains the email address

int rcptto(string to); In this function you can do checking on the RCPT TO part of an SMTP session. The string to contains the email address. Return a negative number to bounce the email return a positive number (large than 0) to continue.

int body(string body); In this function you will implement your actual body part scanning. Only when your result code is a positive number (larger than 0) then the body is send forth to the secondary (delivery) SMTP server. If it is bounced by your code it will not send the DATA command and the data stream, instead it will send a QUIT command and close the socket to the secondary server.

GPGlist project is a Perl script to implement gpg encrypted alias lists in a mail server.

GPGlist is a Perl script to implement gpg encrypted alias lists in a mail server such as Sendmail or Postfix.

It uses one XML config file to store information about lists. It backs up messages if an error occurs, and sends out error messages to the sender of the mail.

You can decide whether or not a list only accepts encrypted messages.

LoFiMo is used to monitor logfiles in real time. The output is presented via a web interface and optionally on the console.
Using the web interface it is possible to monitor log files from a remote machine. LoFiMo can be used to colorize the log entries using filters.
Filters can also be used to reformat log entries, hide log entries or play sounds or execute commands when certain log entries are read.
LoFiMo uses inputs to read log entries from different file formats. It can for instance parse files created by the syslog daemon or the apache web server.
Main features:
- Support for apache style log files
- Support for syslog style log files
- Can process iptables log and reformat it. Can detect most ICMP types and convert them to cleat text.
- For example
- Nov 23 16:53:32 esme kernel: FW_ACCEPT: IN=eth1 OUT=eth0 SRC=x.x.x.x DST=x.x.x.x LEN=84 TOS=0x00 PREC=0x00 TTL=53 ID=12419 PROTO=ICMP TYPE=0 CODE=0 ID=7220 SEQ=7
- can be transformed into:
- Nov 23 16:53:32 esme kernel: FW_ACCEPT: ICMP / eth1->eth0 / x.x.x.x->x.x.x.x / len=84 / tos=0x00 / Echo Reply / ttl=53
- Can process postfix mail entries and output them as single line per mail.
- For example these seven lines
- Nov 23 17:56:01 magrat postfix/smtpd[13644]: connect from mx02.domain.com[x.x.x.x]
- Nov 23 17:56:01 magrat postfix/smtpd[13644]: A297015B603: client=mx02.domain.com[x.x.x.x]
- Nov 23 17:56:01 magrat postfix/cleanup[13648]: A297015B603: message-id=< 002d01c5f04e$c44f16c0$0100a8c0@eva >
- Nov 23 17:56:02 magrat postfix/qmgr[2764]: A297015B603: from=< send@domain.com >, size=170113, nrcpt=1 (queue active)
- Nov 23 17:56:10 magrat postfix/smtp[13649]: A297015B603: to=< rec@domain.com >, relay=localhost[127.0.0.1], delay=9, status=sent (250 2.6.0 Ok, id=12734-02, from MTA: 250 Ok: queued as 1508615B633)
- Nov 23 17:56:10 magrat postfix/qmgr[2764]: A297015B603: removed
- Nov 23 17:56:32 magrat postfix/smtpd[13644]: disconnect from mx02.domain.com[x.x.x.x]
- can be transformed into a single line:
- 2005-11-23 17:56:10 magrat postfix send@domain.com -> rec@domain.com / mx02.domain.com[x.x.x.x] -> localhost[127.0.0.1] / 9 sec / 170113 bytes / sent (250 2.6.0 Ok, id=12734-02, from MTA: 250 Ok: queued as 1508615B633)
- Can remove unwanted log entries from the output.
- Can set the style for each field of a log entry using css allowing multiple fonts and colours in the same line.
- Can play a sound whenever a log entry matching certain criteria is read (e.g. when mail from a certain sender arrived).
- Can execute a command whenever a log entry matching certain criteria is read (e.g. to send an email or play sound using a custom sound player).
- Filters use regular expressions to match certain fields or the entire log entries.
- Can process log files of any format.
- Access via web browser from remote machines. View the log entries as they are read in real time or browse and refresh the output in the interval you configure.
Enhancements:
- The character set of monitored files can now be specified.
- Filenames in the execute property of filters can now contain blank characters.

sgwi is a web-interface to SQLGrey (SQLGrey is a greylister for Postfix).
This web-interface enables you to edit the white- and blacklists as well as the current state of the greylist.
Installation:
- put the files somewhere in your website
- make sure you shield things with a .htaccess file
- edit config.inc.php
Enhancements:
- Certain e-mail addresses could not be deleted.