Category: Postfix

Posted on

Error: modseq_hdr.log_offset too large Centos 7

2018-01-02 01:40:59 imap(info@saic.it): Fatal: master: service(imap): child 18780 killed with signal 6 (core dumps disabled)

2018-01-02 01:40:59 imap(info@saic.it): Error: /var/vmail/saic.it/info/Maildir/dovecot.index: modseq_hdr.log_offset too large

2018-01-02 01:40:59 imap(info@saic.it): Error: /var/vmail/saic.it/info/Maildir/dovecot.index: modseq_hdr.log_offset too large

2018-01-02 01:40:59 imap(info@saic.it): Panic: file mail-transaction-log-file.c: line 1148 (mail_transaction_log_file_get_highest_modseq_at): assertion fa

iled: (offset <= file->sync_offset)

HOW TO SOLVE

find /var/vmail/saic.it/info/Maildir/ -name "dovecot*" -delete

 

Restart Postfix & Dovecot (to rebuild the dovecot files):

$ service dovecot restart
$ service postfix restart

I think the cause is the presence of a virus in some emails attachment.

thanks to this link

Posted on

Use SSL certificate free for 3 months

Create your key (mail.saic.key) and your request (mail.saic.csr):

openssl req -new -newkey rsa:4096 -nodes -subj ‘/CN=mail.saic.it/O=SAIC, Inc./C=IT/ST=Italy/L=Viadana’ -keyout mail.saic.key -out mail.saic.csr

Go to this website and follow the istruction for have back the certificate for your Common Name (mail.saic.it) and the authority certificate :

Certificate Authority https://www.sslforfree.com

I configured my dns.

I set all file permission

chmod 444 mail.saic.*

then vim /etc/postfix/main.cf

smtp_tls_key_file                         = /etc/ssl/certs/mail.saic.key

smtp_tls_cert_file                        = /etc/ssl/certs/mail.saic.crt

smtp_tls_CAfile                           = /etc/ssl/certs/saic.sslforfree.ca

here the console for renew the certificate

great!!

 

It can be useful to check a certificate and key before applying them to your server. The following commands help verify the certificate, key, and CSR (Certificate Signing Request).

Check a certificate

Check a certificate and return information about it (signing authority, expiration date, etc.):

openssl x509 -in server.crt -text -noout

Check a key

Check the SSL key and verify the consistency:

openssl rsa -in server.key -check

Check a CSR

Verify the CSR and print CSR data filled in when generating the CSR:

openssl req -text -noout -verify -in server.csr

Verify a certificate and key matches

These two commands print out md5 checksums of the certificate and key; the checksums can be compared to verify that the certificate and key match.

openssl x509 -noout -modulus -in server.crt| openssl md5
openssl rsa -noout -modulus -in server.key| openssl md5

 

Self Signed Certificate : Commands

Create a private key

openssl genrsa -out server.key 4096

Generate a new private key and certificate signing request

openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key

Generate a self-signed certificate

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt

Generate a certificate signing request (CSR) for an existing private key

openssl req -out server.csr -key server.key -new

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key

Remove a passphrase from a private key

openssl rsa -in server.pem -out newserver.pem

Parse a list of revoked serial numbers

openssl crl -inform DER -text -noout -in list.crl

Check a certificate signing request (CSR)

openssl req -text -noout -verify -in server.csr

Check a private key

openssl rsa -in server.key -check

Check a public key

openssl rsa -inform PEM -pubin -in pub.key -text -noout
openssl pkey -inform PEM -pubin -in pub.key -text -noout

Check a certificate

openssl x509 -in server.crt -text -noout
openssl x509 -in server.cer -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in server.p12

Verify a private key matches an certificate

openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
openssl req -noout -modulus -in server.csr | openssl md5

Display all certificates including intermediates

openssl s_client -connect www.paypal.com:443

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in server.cer -out server.pem

Convert a PEM file to DER

openssl x509 -outform der -in server.pem -out server.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in server.pfx -out server.pem -nodes

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt

Convert private key into pem

openssl rsa -in private.key -text > private.pem

Verifying that a Certificate is issued by a CA

$ openssl verify -verbose -CAfile cacert.pem  server.crt
server.crt: OK

here a website to verify

my procedure to create a new certificate:

create key a and request :

openssl req -out ispconfig.saic.csr -new -newkey rsa:4096 -nodes -keyout ispconfig.saic.key

chmod 444 ispconfig.saic.*

put the cst into the web site to obtain crt certificate + ca certificate

convert the key : openssl rsa -in ispconfig.saic.key -text > ispconfig.saic.pem (when pem is request)

my procedure to renew

 

Posted on

How to test if the email address exists

Source Link

To check if user entered email mailbox.does.not.exist@webdigiapps.com really exists go through the following in command prompt on windows / terminal on mac. The commands you type in are in green and the server response is in blue. Please refer to MAC & PC screenshots towards the end of this post.

Step 1 – Find mail exchanger or mail server of webdigiapps.com

COMMAND:
nslookup -q=mx webdigiapps.com
RESPONSE:
Non-authoritative answer:
webdigiapps.com mail exchanger = 0 mx2.sub3.homie.mail.dreamhost.com.
webdigiapps.com mail exchanger = 0 mx1.sub3.homie.mail.dreamhost.com.

Step 2 – Now we know the mail server address so let us connect to it. You can connect to one of the exchanger addresses in the response from Step 1.

COMMAND:
telnet mx2.sub3.homie.mail.dreamhost.com 25
RESPONSE:
Connected to mx2.sub3.homie.mail.dreamhost.com.
Escape character is ‘^]’.
220 homiemail-mx7.g.dreamhost.com ESMTP

COMMAND:
helo hi
RESPONSE:
250 homiemail-mx8.g.dreamhost.com

COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok

COMMAND:
rcpt to: <mailbox.does.not.exist@webdigiapps.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@webdigiapps.com>: Recipient address rejected: User unknown in virtual alias table

COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

Screenshots – MAC Terminal & Windows

MAC email verification
Windows email verification

NOTES:

1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.

Posted on

How to show ip for postfix smtp

The current connection over 25 port command:

watch ‘netstat -na | grep :25’

with this command, you can see the external ip that user the server to send emails.

while true
      do
        lsof-i | grep smtp
        sleep 10
     done
with this command you can find the username of the spammer software
Posted on

How to remove from Postfix queue only one mail address

execute this command :

vim postfix-delete.pl 

insert this code:

#!/usr/bin/perl

$REGEXP = shift || die “no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!”;

@data = qx</usr/sbin/postqueue -p>;

for (@data) {

  if (/^(\w+)(\*|\!)?\s/) {

     $queue_id = $1;

  }

  if($queue_id) {

    if (/$REGEXP/i) {

      $Q{$queue_id} = 1;

      $queue_id = “”;

    }

  }

}

#open(POSTSUPER,”|cat”) || die “couldn’t open postsuper” ;

open(POSTSUPER,“|postsuper -d -“) || die “couldn’t open postsuper” ;

foreach (keys %Q) {

   print POSTSUPER $_\n;

   };

close(POSTSUPER);

execute this command:

chmod 755 postfix-delete.pl

run in this way:

./postfix-delete.pl  direzione@centromedicosantamargherita.it