PFSence firewall "Potential DNS Rebind attack detected" error solution

When Configure PFsence firewall using squid transparent mode, When open some local domains "Potential DNS Rebind attack detected" the solution is :


Allow squid port 3128 in Rules in LAN Menu , then problem resolved it's worked 100% for me, Thanks

Alternate to Costly Windows Active Directory is Open Source Zentyal Server

Linux Small Linux Small Business Server

Zentyal is a drop-in replacement for Microsoft Small Business Server and Microsoft Exchange Server, that you can set up in less than 30 minutes.Business Server FREE FREE FREE

its supports all features like firewall, acttivedirectory, emails, squid, webhosting apache features and many more

Download Zentyal Server : http://www.zentyal.org/server/

How to Install opensource PFsence firewall in low configuration CPU alternate to costly hardware firewalls

How to Install pfSense

 pfSense Basic Install and Setup

pfSense is a FreeBSD LINUX distribution that has been customized to be used as a firewall and router. It's a pretty powerful firewall that has many of the same features found in commercial firewalls but is supported by the open source community under the General Public License (GPL) which makes it Free to all to use. As with many LINUX distribution, pfSense does not take much to run. The minimum hardware requirements to use pfSense is a computer with the following:

CPU – 100 MHz Pentium

RAM – 128 MB

CD-ROM for initial installation

1 GB hard drive

Two Network Interface Cards

This blog posting will serve as a basic tutorial for a Basement PC Tech to use as a guide to install pfSense as a basic firewall to be used on yours or your client network.

Get pfSense

1. Download the latest version of pfSense (Version 2.0.1 was used for this tutorial)

http://www.pfSense.org/index.php?option=com_content&task=view&id=58&Itemid=46

2. Using your favorite CD burning software, burn the pfSense ISO to CD.

Install pfSense

1. Boot your chosen PC with the pfSense CD. You will be present with the following "Welcome to pfSense!" screen. For our basic install of pfSense, you can press [Enter]for the default option.

2. Press the “I” key to invoke the installer.

3. If you can see the "Configure Console" screen, chances are there aren't any changes you need to make to the console. Press the Down arrow on your keyboard to highlight the “<Accept these Setting>” option and press [Enter].

4. On the “Select Task” window, select the “<Quick/Easy Install>” and press [Enter].

5. At the “Are you SURE?” screen, confirm your decision to install pfSense by highlighting the “< OK >”  option and pressing [Enter]. Any data currently on the first hard drive of the system will be destroyed in order to install pfSense. 

6. Take a break :) - It can take up to 10 minutes for pfSense to finish this stage of the install depending on your hardware. pfSense is formatting your drive and copying the software to your system. 

7. At the “Install Kernel(s)” screen, ensure “< Symmetric multiprocessing kernel (more than one processor) >” is highlighted and press [Enter].

8. At the “Reboot” screen, remove the pfSense CD and ensure that “< Reboot >” is highlighted and press [Enter].

9. After the system reboots, you will be presented with the initial “Welcome to pfSense!” menu. Press [Enter] to select the default.
   Note: This is the default action of pfSense and if now key is press before the pause timer reaches 0, the default boot profile will be used. 

10. During the boot phase of pfSense, the detected network interface cards will be display which can be used by pfSense.  
    Note: If you do not see all your network card listed, press the [CTRL – C] keys to end the setup script and then select option “6” (Halt system). After system shuts down, confirm that your network interface cards a properly seated and/or working. After you have remediated the issue with the network interface cards, boot pfSense and repeat step 9 and forward of this tutorial.

11. Since this is a basic setup of pfSense, we will not be configuring a “VLAN” so type “n” and press [Enter].

12. From the list of valid interfaces found by pfSense, type the name of the network interface card that will be connected directly to the Internet (cable modem, dsl, etc)

13. From the list of valid interfaces found by pfSense, type the name of the network interface card that will be connected to your internal network. This will serve as your “LAN” interface. Repeat this step for each additional network interface card listed as a valid interface by pfSense and will be use by the firewall i.e. wireless, DMZ, etc. Once you are finished, press the [Enter] to select nothing and move to the next step of the setup.

14. Confirm that you have selected the correct network interface cards for each interface on your firewall and type “y” and press [Enter].

15. Once you are complete this initial setup, you will be presented with the pfSense console menu. Your firewall is now up and running. We have finished all configuration steps required to be done from the pfSense console. You can actually disconnect the monitor and keyboard from the system (as an added security precaution) for all other configuration will be done via the web console. (See The "webConfigurator" - pfSense basic setup part 2 )

Installation of Postfix mail server in centos 5.10 using mysql virtual users and postfixadmin, squirellmail 100% worked for me

 Installation of Postfix mail server in centos 5.10 using mysql virtual users and postfixadmin, squirellmail 100% worked for me

Postfix Mail System - Step by Step Guide

Part 1:  Install Postfix with Mysql Support and remove Sendmail

Installing of Postfix, Postfixadmin, Dovecot and Squirrelmail is not an easy task. There are some customization works you need to be done in order to get it works. I hope the following guide step by step instruction will be handy for you :)

My mail server system information:

hostname : example.centos.local

IP address: 192.168.139.128

Netmask   : 255.255.255.0

Gateway  : 192.168.139.2

There are 2 domains that I will setup for this guide. There are

domain name : abc.local

user mailbox  : alex@abc.local

domain name : xyz.local

user mailbox  : yasmin@xyz.local

The postfix admin login we will be using is post@example.local, where example.local will not be created in Postfixadmin's virtual domain. This is to show you that, the email system we setup later is solely running on Postfixadmin's virtual domain

Note:

•         I am going to show you only setup a mail server that works within your local Lan. To sent a mail outside your organization, you must make sure you have a valid domain name, DNS and MX record is configure properly. You need to change the host file under /etc/hosts  and check the /etc/nsswitch.conf to speed up the dns resolve.

•         My system is current SELinux disabled. If you wish turn Postadmin on, please relocate your Postfixadmin into /usr/share

#cat /etc/hosts Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 centos.example.local centos localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.139.128 centos.example.local   <-- Add in your server name and IP

# cat /etc/nsswitch.conf | grep hosts #hosts: db files nisplus nis dns hosts: files dns  <-- Check if this is correct

Step 0: Install prerequisite packages

If you cannot install the packages in one line, then try to install them one by one.

yum -y install system-switch-mail, dovecot, squirrelmail, mysql-server, php-imap

Step1: Backup the current Sendmail configuration

CentOS Linux default MTA is Sendmail. Since we are swtching to new MTA-Postfix. It is advisable to backup current sendmail config and bin to new location before we proceed.

First, I will create new folder call backup. Next, I backup all the files and record the sendmail path to a text.

#mkdir /backup #touch /backup/sendmail.config.location.txt #which sendmail mailq newaliases > /backup/sendmail.config.location.txt   #which sendmail mailq newaliases /usr/sbin/sendmail /usr/bin/mailq /usr/bin/newaliases #cp -var /usr/sbin/sendmail /backup #cp -var /usr/bin/mailq /backup #cp -var /usr/bin/newaliases /backup

Step2  Add in CentosPlus repos for postfix

Postfix installation by CentOS default repo does not support mysql addon. We need to use the specified postfix that enable the mysql support. Also, we want to avoid any disruptive update on our customised postfix package, you need to add in  exclude=postfix-* for base and updates repo.
 

#vim /etc/yum.repos.d/CentOS-Base.repo   #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5[base] includepkgs=postfix-* [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 exclude=postfix-* #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 exclude=postfix-*

Step5: Install postfix from centosplus repo

The default package of posftfix does not work with Virtual Domains and Virtual Users.  If you have installed it earlier, you must remove it. Use "rpm -e" or "yum remove"  to remove it.

If you are not install postfix yet, the run the following command will only download and install te postfix from centosplus.

#yum install -y --enablerepo=centosplus postfix

Step6: verify the postfix package installed

Now, let us check the packages information been installed. Good, that is the package that we need.

#rpm -qa postfix postfix-2.3.3-2.1.centos.mysql_pgsql # rpm -qi postfix Name : postfix Relocations: (not relocatable) Version : 2.3.3 Vendor: CentOS Release : 2.1.centos.mysql_pgsql Build Date: Tue 07 Oct 2008 08:29:16 PM MYT Install Date: Sat 20 Mar 2010 10:32:42 PM MYT Build Host: builder16.centos.org Group : System Environment/Daemons Source RPM: postfix-2.3.3-2.1.centos.mysql_pgsql.src.rpm Size : 8668814 License: IBM Public License Signature : DSA/SHA1, Tue 11 Nov 2008 09:32:36 AM MYT, Key ID a8a447dce8562897 URL : http://www.postfix.org Summary : Postfix Mail Transport Agent Description : Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS

Step7: verify the postfix package support the mysql

Before proceeding with the Postfix configuration, make sure that the postfix version you have has MySQL support. run postconf -m and verify that mysql appears in the list. If mysql isn’t there, uninstall postfix using yum. Then, download the centosplus repository again, and install manually.

#postconf -m btree cidr environ hash ldap mysql   <-- this means the postfix package support the mysql database nis pcre pgsql proxy regexp static unix

Step8 : Install system-switch-mail, mysql, system-switch-mail,dovecot, squirrelmail

Now, let us download all the packages we need.

#yum -y install  php-mysql php-imap, php-ldap,  php-mbstring

Step9: Switching default Sendmail to Postfix Linux mail system

The system-switch-mail tool is the Mail Transpot Agent Switcher that enable you to switch within various Mail Trainsport Agent that installed at your system. If your system is using Sendmail by default, we need switch to postfix.

#system-switch-mail

Step10: verify the setting of our new MTA

Before we proceed further configuration, lets us verify on the default MTA setting. If everything is correct, you should see the highlighted text changed to sendmail.postfix

#alternatives --display mta mta - status is manual. link currently points to /usr/sbin/sendmail.postfix

We also going to check if our mailq, sendmail and aliases has the correct configured with postfix

#ls -l  /etc/alternatives/mta-*   lrwxrwxrwx 1 root root 40 Mar 13 14:08 /etc/alternatives/mta-aliasesman -> /usr/share/man/man5/aliases.postfix.5.gz lrwxrwxrwx 1 root root 22 Mar 13 14:08 /etc/alternatives/mta-mailq -> /usr/bin/mailq.postfix lrwxrwxrwx 1 root root 38 Mar 13 14:08 /etc/alternatives/mta-mailqman -> /usr/share/man/man1/mailq.postfix.1.gz lrwxrwxrwx 1 root root 27 Mar 13 14:08 /etc/alternatives/mta-newaliases -> /usr/bin/newaliases.postfix lrwxrwxrwx 1 root root 43 Mar 13 14:08 /etc/alternatives/mta-newaliasesman -> /usr/share/man/man1/newaliases.postfix.1.gz lrwxrwxrwx 1 root root 23 Mar 13 14:08 /etc/alternatives/mta-pam -> /etc/pam.d/smtp.postfix lrwxrwxrwx 1 root root 22 Mar 13 14:08 /etc/alternatives/mta-rmail -> /usr/bin/rmail.postfix lrwxrwxrwx 1 root root 25 Mar 13 14:08 /etc/alternatives/mta-sendmail -> /usr/lib/sendmail.postfix lrwxrwxrwx 1 root root 41 Mar 13 14:08 /etc/alternatives/mta-sendmailman -> /usr/share/man/man1/sendmail.postfix.1.gz

Step10: Remove Sendmail packages

My previous post suggest that although both mail server packages (Sendmail and Postfix) are compatible with each other. I strongly suggest you remove Sendmail packages to only allow one mail system in the sever. Due to CentOS Linux needs minimum one mail serverinstalled. You must make sure that you installed Postfix first then remove Sendmail! Else, you will faced with some libraries dependencies issues.

To remove Sendmail packages, please use rpm -e command

Yum -y remove sendmail

Postfix Mail System - Step by Step Guide

Part 2:  Create Virtual User, Configure Postfix, Dovecot and Mysql

This is the Part2 of the Posft Mail System, we are going to configure the following:-

1. MySQL Server, create a postfixadmin database

2. Postfix Main.cf and create a virtual user file and virtual domain configuration files

3. Dovecot

Create Mysql Username, Password and Postfixadmin database

Step1:  Start your mysql

Let us start up the mysql now. Also,we want the service to be auto-startup for whenever the system is under Level 3,4,5

#service mysqld start #chkconfig mysqld on #chkconfig --list mysqld mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Step2:  Create mysql root user password

First we need to create a password for our root access. I also perform a new test to ensure that no blank password is accepted.

#mysqladmin -u root password 'your password' mysql -u root ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) mysql -u root -p Enter password: <test on blank password> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)   mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.0.77 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>

Step3:  Create Postfixadmin database

Next,we create a database named postfix and the create a user called 'mail'. Then we will give full access rights for 'mail' on postfix database.

mysql> CREATE DATABASE postfix; mysql> CREATE USER mail@localhost IDENTIFIED BY 'your_password'; mysql> GRANT ALL PRIVILEGES ON postfix.* TO mail; mysql> show databases; +--------------------+ | Database               | +--------------------+ | information_schema | | mysql                    | | postfix                   | | test                      | +--------------------+ 4 rows in set (0.00 sec)

Create Postfixadmin User

Step1: Create a non-root user for postfixadmin

Let us create a non-root user for our postfixa & pop administration purposes.

#useradd vmail  -s /sbin/nologin

Now, get a paper and write down the user id & group id of vmail.

#id vmail uid=501(vmail) gid=501(vmail) groups=501(vmail)

Configure Postfix

Step1:  Configure the postfix main.cf file

First modify the /etc/postfix/main.cf. We change the following lines

Note: Number in blue are line numbers. You can active it using :set nu under vi command mode

93 myorigin = $mydomain 110 inet_interfaces = all 155 mydestination = $myhostname, localhost.$mydomain, localhost 255 mynetworks = 192.168.139.0/24, 127.0.0.0/8  <--this is the ip that can used to sent email

Next, Add in the following lines, this will tell the system to look for postfix configuration, its virtual domains, virtual users and aliases.

The virtual_uid_maps : static:501. This 501 is the id of my vmail. Change this if you have diffrent id for your uid and gid.

#vim /etc/postfix/main.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:501 virtual_gid_maps = static:501

Step2:  Configure the postfix mysql-domians.cf file

The following configuration will create mysql-domains.cf. This will enable postfixadmin to create virtual domain

#vim /etc/postfix/mysql-domains.cf host = localhost user = mail password = <your-mysql-password-here> dbname = postfix table = domain select_field = domain where_field = domain additional_conditions = and backupmx = '0' and active = '1'

Step3:  Configure the postfix mysql-users.cf file

The following configuration will create mysql-users.cf. This will enable postfixadmin create virtual users

#vim /etc/postfix/mysql-users.cf host = localhost user = mail password = <your-mysql-password-here>  dbname = postfix table = mailbox select_field = maildir where_field = username additional_conditions = and active = '1' result_format = %sMaildir/

Step2:  Configure the postfix mysql-alias.cf file

Great, the last part we should do now is to connect the postfixadmin to mysql

#vim /etc/postfix/mysql-aliases.cf host = localhost user = mail password = <your-mysql-password-here> dbname = postfix table = alias select_field = goto where_field = address additional_conditions = and active = '1'

#service postfix start #chkconfig postfix on #chkconfig --level postfix

Configuring Dovecot

Step 1 Check if the dovecot packages installed

#rpm -qa dovecot dovecot-1.0.7-7.el5

Step 2 Create mysql config file for postfixadmin

Create the file /etc/dovecot-mysql.conf containing the lines below. You might need to change your username, password and db user.

driver = mysql connect = host=localhost dbname=postfix user=mail password=<your-mysql-password-here>  default_pass_scheme = PLAIN password_query = SELECT password FROM mailbox WHERE username = '%u'

Now, This is very import part, many users including me :p that make mistake on the setting. First di a backup!

cp /etc/dovecot.conf /etc/dovecot.ori

Next edit the file /etc/dovecot.conf and change the value of the following keys below. For line 917 please make sure that your uid and gid is the same as your vmail user. Make sure you remove # sign for all the following lines.  Also, comment out all passdb and userdb setting.  Then, make a dovecot.log to ease any dovecot troubleshooting.

61 log_path = /var/log/dovecot.log 721  auth_username_format = %Lu 869  passdb sql { 870  args = /etc/dovecot-mysql.conf 871  } 913  userdb static { 917      args = uid=501 gid=501 home=/home/vmail/%d/%n 927  }

Step3 Start you dovecot services

Finally startup your dovecot services.

#service dovecot start #service dovecot on

Postfix Mail System - Step by Step Guide -

Part 3:  Postfixadmin Installation on CentOS Linux

Step1: Download and extract Postfixadmin

Current version postfix version is 2.3. For me, I always create a folder called 'software' and dump all extra packages inside.

Note: For your information, I have already turn off my SELinux. If you wish to implement SELinux, you can install posftadmin under /usr/share

#mkdir /software #cd /software #wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3.tar.gz?use_mirror=nchc #tar  -xvzf postfixadmin-2.3.tar.gz #mv postfixadmin-2.3 postfixadmin

Step2:  Configure postfixadmin configuration file

Make a original copy of the file /software/postfixadmin/config.inc.php  before editing

#cp /software/postfixadmin/config.inc.php /software/postfixadmin/config.inc.php.ori #vim /software/postfixadmin/config.inc.php

Under  /software/postfixadmin/config.inc.php,  go to the following lines and modify in the following lines.

Note:

•         pay attention to version of mysql you are you using

•         numeric number in blue are line number. To ease your vi editing  you can issue :set nu at vi command mode

•         only cleartext password can be used.

26 $CONF['configured'] = true; 36 $CONF['postfix_admin_url'] = '/postfixadmin';   49 $CONF['database_type'] = 'mysqli'; 50 $CONF['database_host'] = 'localhost'; 51 $CONF['database_user'] = 'mail'; 52 $CONF['database_password'] = 'change-your-new-password-here';   53 $CONF['database_name'] = 'postfix'; 100 $CONF['encrypt'] = 'cleartext';   145 $CONF['domain_path'] = 'YES'; 151 $CONF['domain_in_mailbox'] = 'NO'; 272 $CONF['emailcheck_resolve_domain']='NO';

Step3:  creating apache aliase for Postfixadmin

In the following example we are creating an aliase for postfixadmin 

echo "Alias /postfixadmin /software/postfixadmin" > /etc/httpd/conf.d/postfixadmin.conf

Step4:  start up your apache services

service httpd start chkconfig httpd on

Step6:  Check your postfix  services

The postfix services should startup together with apache service if not try to start it

service postfix status

Step7:  Initial setup Postfixadmin using web browser

Launching your web browser and type in the following address

http://your-ip-address-here/postfixadmin/setup.php

The Postfixadmin checker will run a series of checking and will attempt to create/update database structure. If any the check is fail, kindly check on the dependencies and install it via yum command. If everything is okay you will see the following appear at the bottom of the web browser.

Step8:  Insert the hash password

After you have put in your setup password, you will se the following screen, this are the hash key that we need to put in our /software/postfixadmin/config.inc.php file

Edit you config.inc.php

vim  /software/postfixadmin/config.inc.php.

Remove line 31  #$CONF['setup_password'] = 'changeme';

Add in  the has key generated by the setup process just now into $CONF['setup_password'] = 'your-own-hash-password'; 

28 // In order to setup Postfixadmin, you MUST specify a hashed password here. 29 // To create the hash, visit setup.php in a browser and type a password into the field, 30 // on submission it will be echoed out to you as a hashed value. 31 #$CONF['setup_password'] = 'changeme';  <----delete this line 32 $CONF['setup_password'] = 'your-own-hash-password ';  <---add in this line

Next, fill in the Setup password, Admin and Password. Finally, click Add Admin to create a new admin account.

you see the following information, "Admin has been added!", The you have sucessfully create a admin account.

Important! Remove the setup.php after the installed postfix

cd /software/posftadmin mv setup.php setup.ori

Now Go to the Postfix Admin login page at http://your-ip-address/postfixadmin/  login using your newly created admin account.

This is the main page that you after you login to the Postfixadmin. You are now ready to create virtual users and multiple domains.

Postfix Mail System - Step by Step Guide - Linux WebMail - SquirrelMail  Installation on CentOS Linux

Step1: Check if squirrelmail packages already install
 

First, you can check if squirrelmail already installed  in your system.

rpm -qi squirrelmail

If you do not have squirelmail installed, please install now using yum command. Please make sure that you have internet connection.

yum -y install squirrelmail

Step2: configure  squirrelmail packages

Now, we are ready to start configure our squirrelmail. Run the following command

/usr/share/squirrelmail/config/conf.pl

Next, you will see the following screen. We can start to configure the squirrelmail's server setting. Press <2> and press <Enter Button>.

Note: You can customize the squirrelmail to your organization preference such as logos, organization name etc. under Main Menu's option 1.

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 2

Next, press <1> to configure our domain name

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : localhost 2. Invert Time : false 3. Sendmail or SMTP : Sendmail A. Update IMAP Settings : localhost:143 (uw) B. Change Sendmail Config : /usr/sbin/sendmail R Return to Main Menu C Turn color off S Save data Q Quit Command >> 1 The domain name is the suffix at the end of all email addresses. If for example, your email address is jdoe@example.com, then your domain would be example.com. [localhost]: example.local

Great! Next let us save the Squirrelmail Configuration. Press <s> to save and <q> to quit.

SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : example.local   <-- take the changes here 2. Invert Time : false 3. Sendmail or SMTP : Sendmail A. Update IMAP Settings : localhost:143 (uw) B. Change Sendmail Config : /usr/sbin/sendmail R Return to Main Menu C Turn color off S Save data Q Quit Command >> s Data saved in config.php Press enter to continue... Exiting conf.pl. You might want to test your configuration by browsing to http://your-squirrelmail-location/src/configtest.php Happy SquirrelMailing!

Step3: Check your configuration

Open your browser. Then enter the address http://your-ip-address/src/configtest.php. This will run a test on your squirrelmail configuration. For security concern, you might need to move the configtest.php to some other location after the installation. The example below shows the result page of the test

SquirrelMail configtest This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script. SquirrelMail version: 1.4.8-5.el5.centos.10 Config file version: 1.4.0 Config file last modified: 20 May 2010 14:04:49 Checking PHP configuration...     PHP version 5.1.6 OK.     PHP extensions OK. Checking paths...     Data dir OK.     Attachment dir OK.     Plugins OK.     Themes OK.     Default language OK.     Base URL detected as: http://192.168.139.128/src (location base autodetected) Checking outgoing mail service....     sendmail OK Checking IMAP service....     IMAP server ready (* OK Dovecot ready.)     Capabilities: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN Checking internationalization (i18n) settings...      gettext - Gettext functions are available. You must have appropriate system locales compiled.      mbstring - Mbstring functions are available.      recode - Recode functions are unavailable.      iconv - Iconv functions are available.      timezone - Webmail users can change their time zone settings. Checking database functions...     not using database functionality.   Congratulations, your SquirrelMail setup looks fine to me!

Note: For maximize the security, perhaps you should rename or move the configtest.php somewhere and remove the SquirrelMail version display at SquirrelMail Login Page.

Step4: Restart Apache server

Now, let us restart the apache server and make sure the apache services automatic start-up when system boot.

service httpd start chkconfig httpd on

Step5:  Login your webmail

You can now access your webmail using http://ipaddress/webmail

Optional:  URL Redirection

If you prefer to access SquirrelMail from the root of your domain, we need to do a little trick called "URL redirection".

Create the file /etc/httpd/conf.d/sqroot.conf 

vim  /etc/httpd/conf.d/sqroot.conf

Now, add in  lines below and save it.

<VirtualHost *:80> DocumentRoot /usr/share/squirrelmail </VirtualHost>

Then, restart your appache services and test it using http://ipaddress

service httpd restart

Postfix Mail System- Step by Step Guide

Part 5:  Create Virtual Domains and Users using Postfixadmin

Step 1: login to PostfixAdmin Page

In our example, my administrator is "post@example.local". Key in your password and click onlogin password to continue

Step2 Setup Multiple Domains

Next, Go to  Domain List> New Domain to add new domain. Let us add the following domains now. First add in "abc.local" then click on Add Domain button. Continue to create another domian "xyz.local"

Step3 Create User Mailbox of different domains

Now, create user mailbox for 2 different domains. Go to Virtual List > Add Mailbox. First create alex for abc.local and yasmin for xyz.local.

Note: Please let the Active and Send Welcome mail check box ticked. So that we can verify on the mailbox setting later.

Postfix Mail System- Step by Step Guide

Part 6:  Verify the PostfixAdmin installation

In Part 5, let us have a quick check on all our previous configuration

Check1: Verify the virtual domains created by Postfixadmin

Let us check on the virtual domains that we created earlier exist in MySQL database. Change your own domain name created earlier in blue text below. You should able to see the the domain reply from the command.

postmap -q xyz.local mysql:/etc/postfix/mysql-domains.cf xyz.local postmap -q abc.local mysql:/etc/postfix/mysql-domains.cf abc.local

Check2: Verify the virtual domains created by Postfixadmin

Now,let us check if the virtual domain created by postfix are ok.

#cd /home/vmail/ #ls -l abc.local xyz.local   <-- 2 virtual domains created

Check3: Check inside the Mysql Database (optional).

If both of the verification on Check1 and 2 fails. You might need to check if the domain created is exisit in your database.

# mysql -u mail -p postfix mysql> select * from domain;

If there is a domain table is empty in Mysql db, please check

•         password and username that used to connect your db

•         make sure your vmail id is correct, use #id vmail command to check your vmail uid and gid again

•         check your config file again if the password, username, vmail uid and gid is correct.

•         vgo back to Step2 and Step4 of the guide to verify your settings.

Check4 : Verify the virtual users created by PostfixAdmin

PostfixAdmin will automatically email users when a new accout created. Let us check on Alex's account and read his mail content.

#cd /home/vmail/abc.local #ls alex  <-- virtual user alex created # cd alex/Maildir/new/ # ls 1270227274.Vfd00I20014M605812.centos.example.local  <--new email # cat 1270227274.Vfd00I20014M605812.centos.example.local  Path: <post@example.local> X-Original-To: alex@abc.local   Delivered-To: alex@abc.local Received: from 192.168.139.128 (centos.example.local [127.0.0.1]) by centos.example.local (Postfix) with ESMTP id D41BE4A8096 for <alex@abc.local>; Sat, 3 Apr 2010 00:54:33 +0800 (MYT) To: alex@abc.local From: post@example.local Subject: Welcome MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-Id: <20100402165433.D41BE4A8096@centos.example.local> Date: Sat, 3 Apr 2010 00:54:33 +0800 (MYT) Hi, Welcome to your new account.   <--email content

Check5 : Verify the virtual users' password created by PostfixAdmin in Mysql

Dovecot can only read support clear text password created. If you the password created are in encrypted, you might hit Authentication error! Let us have a quick check on alex@abc.local's  password.

# mysql -u mail -p postfix mysql> SELECT password FROM mailbox WHERE username = 'alex@abc.local'; +----------+ | password | +----------+ | alex         | +----------+ 1 row in set (0.00 sec)

Great! the password created in not encrypted :P .This will ensure that our POP3 can verify the password. Else, go to /software/postfixadmin/config.inc.php again check on line 100.

26 $CONF['configured'] = true; 36 $CONF['postfix_admin_url'] = '/postfixadmin';   49 $CONF['database_type'] = 'mysqli'; 50 $CONF['database_host'] = 'localhost'; 51 $CONF['database_user'] = 'mail'; 52 $CONF['database_password'] = 'change-your-new-password-here';   53 $CONF['database_name'] = 'postfix'; 100 $CONF['encrypt'] = 'cleartext';   145 $CONF['domain_path'] = 'YES'; 151 $CONF['domain_in_mailbox'] = 'NO'; 272 $CONF['emailcheck_resolve_domain']='NO';

Also, go to /etc/dovecot.conf again check if  following setting is correct. Make sure that you also commented out all other passdb and userdb other than passdb sql and userdb static.

61 log_path = /var/log/dovecot.log 721  auth_username_format = %Lu 869  passdb sql { 870  args = /etc/dovecot-mysql.conf 871  } 913  userdb static { 917      args = uid=501 gid=501 home=/home/vmail/%d/%n 927  }

Check6 : SMTP Relay test

You are advised to perform 2 test both on local host and use another pc. This is to ensure that there are no connection issue such as Firewalls or relay deny from Postfix

telnet centos.example.local 25 220 centos.example.local ESMTP Postfix helo server 250 centos.example.local mail from:<alex@abc.local> 250 2.1.0 Ok rcpt to:<yasmin@xyz.local> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> this is a mail from alex. How are you? . 250 2.0.0 Ok: queued as 9602D4A80A2 quit 221 2.0.0 Bye

If the connection fail when performing smtp relay test on other pc. Please go to /etc/postfix/main.cf  then check on the following

93 myorigin = $mydomain 110 inet_interfaces = all  <-- make sure this is not inet_interface=localhost 155 mydestination = $myhostname, localhost.$mydomain, localhost 255 mynetworks = 192.168.139.0/24, 127.0.0.0/8  <--this is the ip that can used to sent email

Check7 : Pop3 test

Telnet to P0P3 port 110, and try to read the mail content send by alex@abc.local earlier. This is make sure that both domain can communicate locally.

telnet centos.example.local 110 +OK Dovecot ready. user yasmin@xyz.local    <- username must @ domain name +OK pass yasmin   <- user password +OK Logged in. list +OK 2 messages: 1 599 2 474 . retr 2 +OK 474 octets Return-Path: <alex@abc.local> X-Original-To: yasmin@xyz.local Delivered-To: yasmin@xyz.local Received: from server (unknown [192.168.139.1]) by centos.example.local (Postfix) with SMTP id 9602D4A80A2 for <yasmin@xyz.local>; Sat, 3 Apr 2010 06:10:26 +0800 (MYT) Message-Id: <20100402221039.9602D4A80A2@centos.example.local> Date: Sat, 3 Apr 2010 06:10:26 +0800 (MYT) From: alex@abc.local To: undisclosed-recipients:; this is a mail from alex. How are you? . quit +OK Logging out.

If you faced any problem on this part, please make sure that user password created by PostfixAdmin is not encrypted. Please refer Check 5 above.

Check8 : Verify mail sending via Maillog

Reading mail log is to ensure that Postfix is handling both SMTP and POP3 correctly.

#tail /var/log/maillog Apr 3 06:10:39 centos postfix/smtpd[21575]: 9602D4A80A2: client=unknown[192.168.139.1] Apr 3 06:10:58 centos postfix/cleanup[21579]: 9602D4A80A2: message-id=<20100402221039.9602D4A80A2@centos.example.local> Apr 3 06:10:58 centos postfix/qmgr[21313]: 9602D4A80A2: from=<alex@abc.local>, size=378, nrcpt=1 (queue active) Apr 3 06:10:58 centos postfix/virtual[21590]: 9602D4A80A2: to=<yasmin@xyz.local>, relay=virtual, delay=33, delays=33/0.06/0/0.15, dsn=2.0.0, status=sent (delivered to maildir) Apr 3 06:10:58 centos postfix/qmgr[21313]: 9602D4A80A2: removed Apr 3 06:11:32 centos postfix/smtpd[21575]: disconnect from unknown[192.168.139.1]

Since, we create a dovecot.log earlier in our /etc/dovecot.conf. I can see if the POP3 traffic is handled by Dovecot correctly.

#tail /var/log/dovecot.log dovecot: Apr 03 06:29:10 Info: pop3-login: Login: user=<yasmin@xyz.local>, method=PLAIN, rip=::ffff:192.168.139.1, lip=::ffff:192.168.139.128 dovecot: Apr 03 06:29:21 Info: POP3(yasmin@xyz.local): Disconnected: Logged out top=0/0, retr=1/490, del=0/2, size=1073

Check9 : SquirrelMail Check

Login to  http://you-mailserver-ipaddress/webmail now. Login to SquirrelMail  using alex@abc.local and yasmin@xyz.local must be in user@domainname format.  Try to sent email to each other to verify the SquirrelMail is handling the email correctly. If you faced any issue run the http://you-mailserver-ipaddress/src/configtest.php to verify your SquirrelMail setting.

Note: If you are setting Mailserver for your orgnization to communicate to external organization. Please also make sure that you have:

•         Valid FQDN domain name

•         Valid MX records

•         Firewall rules to allow POP, SMTP, and IMAP

•         Perform a Open Relay test to avoid Spam Attack

Postfix Mail System- Step by Step Guide

Part 7:  Enhance Postfix Mail Server Security by implementing SMTP Authentication using Dovecot SASL

In our Part1-Part6 series, we are elaborating the detail steps to setup a email system for any organization that require a complex solutions such as support multiple domains and virtual users. In following few chapters, we will share with you how to tighten your Postfix mail security system.

Before we begin, let us explain why we need SMTP authentication using SASL (Simple Authentication and Security Layer).

Q: "What is SASL?"

SASL is a access control mechanism that authenticating users using their username and password for Postfix Mail. It provides additional security protection to allow only legitimate users to relay mail thru our mail server.

Q: "How Postfix Mail default security work?"

A:  By default, Postfix's  mail relay control is only rely on IP address ACL. Under /etc/postfix/main.cf there is a   $mynetworks parameter used by Postfix to control  mail  relay through your mail server.  Thus, the IP address the value we entered earlier mynetworks = 192.168.139.0/24, 127.0.0.0/8 is to tell Postfix only allow the range of192.168.139.0 and localhost to relay and sent email using our mail services. However, no other authentication method performed by Postfix.

Q: "Is it  necessary for me to enhance the Postfix mail security, can I just use default Postfix security mechanism?

Few year ago, if your mail server only allow relay for the IP at the same network, or only allow localhost to sent email then it is unlikely that you need to implement SASL or SMTP AUTH. However, from my experience, implementing SMTP AUTH is minimal mail security you should do. WHY? one of my client's mail server was sending thousands of email per minutes, due to worm infections. Implementing SMTP AUTH will not necessary solve the issue, but at least, those infected PC (no mail client installed) will not pass our mail server.  

Moreover,  if your organization has mobile users , we need a mechanism to authenticate them as trusted users so that they are able to send mail through the mail server.

Configuring SASL in postfix

Since we are already running dovecot we are using dovecot's SASL support for Postfix rather than the SASL provided by the Cyrus SASL library.

Step 1: Add SASL for Postfix

To enable Postfix to use SASL add it at the bottom of the file if the key (the word before the = sign) cannot be found.

#vim /etc/postfix/main.cf

Add the following lines to bottom of file. Please make sure that the correct format is parameter = value, and NOTparameter= value

smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes

Configuring SASL in dovecot

Next, we need to configure auth default in the authentication processes section of dovecot.

Warning: Becareful as this section is heavily commented, make a backup copy, just in case...

Step1: Backup Dovecot config file

#cp /etc/dovecot.conf /etc/dovecot.conf.bck.29May2010

Step2: Add SASL Support for Dovcot

Next, let us edit the lines in /etc/dovecot.conf

# vim /etc/dovecot.conf

Add in the following lines at the bottom of the under auth_default. My auth default is under line 758

758 auth default { 762 mechanisms = plain login 979 socket listen { 990 client { 994 path = /var/spool/postfix/private/auth 995 mode = 0660 996 user = postfix  <--add in this line 997 group = postfix <--add in this line 998 } 999 } 1000 }

Restart Dovecot and Postfix

Ok, let us restart both services

#service dovecot restart

#service postfix restart

Verification on SASL on Dovecot and Postfix

Remember that in pervious chapter we add separate log for our Dovecot services?

Here is our setting in /etc/dovecot.conf

#cat /etc/dovecot.conf | grep log_path log_path = /var/log/dovecot.log

Let us check if the auth-worker is running perfectly.

# cat /var/log/dovecot.log dovecot: Apr 08 18:11:43 Info: Dovecot v1.0.7 starting up dovecot: Apr 08 18:11:44 Info: auth-worker(default): mysql: Connected to localhost (postfix)

Next  let us check if the /var/spool/postfix/private/auth is created. The example below shows that auth is created.

#ls -l  /var/spool/postfix/private/auth srw-rw---- 1 postfix postfix 0 Apr 8 18:11 /var/spool/postfix/private/auth

Finally, let us run a quick test if our mail server now accept SMTP AUTH.

#telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 centos.example.local ESMTP Postfix ehlo server 250-centos.example.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

Testing SASL SMTP AUTH on Postfix

Great, let us proceed now with SMTP AUTH using telnet.

First, let us encode our password to base64 based value that will be used for "auth plain" later.

Command Syntax:

perl -MMIME::Base64 -e 'print encode_base64("\000username\@domain.com\000password");'

#perl -MMIME::Base64 -e 'print encode_base64("\000alex\@abc.local\000alex");' AGFsZXhAYWJjLmxvY2FsAGFsZXg=

Test1:

Let us use alex@abc.local to sent an email yasmin@xyz.local. 

#telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 centos.example.local ESMTP Postfix ehlo server 250-centos.example.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<alex@abc.local> 250 2.1.0 Ok rcpt to:<yasmin@xyz.local> 250 2.1.5 Ok auth plain AGFsZXhAYWJjLmxvY2FsAGFsZXg=  <--- encoded password here 235 2.0.0 Authentication successful data 354 End data with <CR><LF>.<CR><LF> this is a smtp auth test send from alex to yasmin . 250 2.0.0 Ok: queued as CC9414A80A2 quit 221 2.0.0 Bye Connection closed by foreign host.

#cat /home/vmail/xyz.local/yasmin/Maildir/new/1270724227.Vfd00I20063M461898.centos.example.local   Return-Path: <alex@abc.local> X-Original-To: yasmin@xyz.local Delivered-To: yasmin@xyz.local Received: from server (centos.example.local [127.0.0.1]) by centos.example.local (Postfix) with ESMTP id CC9414A80A2 for <yasmin@xyz.local>; Thu, 8 Apr 2010 18:44:02 +0800 (MYT) Message-Id: <20100408104416.CC9414A80A2@centos.example.local> Date: Thu, 8 Apr 2010 18:44:02 +0800 (MYT) From: alex@abc.local To: undisclosed-recipients:; this is a smtp auth test send from alex to yasmin

Test 2

Great it work with abc.local domain. Let us see if it works with multiple domain and users.

# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 centos.example.local ESMTP Postfix mail from:<yasmin@xyz.local> 250 2.1.0 Ok auth plain AHlhc21pbkB4eXoubG9jYWwAeWFzbWlu 235 2.0.0 Authentication successful rcpt to:<alex@abc.local> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> yasmin test from auth . 250 2.0.0 Ok: queued as 646504A80A2 quit 221 2.0.0 Bye Connection closed by foreign host.

Verify the email send by Yasmin.

#cat /home/vmail/abc.local/alex/Maildir/new/1270724416.Vfd00I20067M617655.centos.example.local Return-Path: <yasmin@xyz.local> X-Original-To: alex@abc.local Delivered-To: alex@abc.local Received: from centos.example.local (centos.example.local [127.0.0.1]) by centos.example.local (Postfix) with SMTP id 646504A80A2 for <alex@abc.local>; Thu, 8 Apr 2010 18:59:26 +0800 (MYT) Message-Id: <20100408105952.646504A80A2@centos.example.local> Date: Thu, 8 Apr 2010 18:59:26 +0800 (MYT) From: yasmin@xyz.local To: undisclosed-recipients:; yasmin test from auth

Postfix Mail System- Step by Step Guide

Part 8:  Fine Tuning Postfix Mail  Queue

Below are some Postfix setting that you can further fine tuning Mail Queue to suit your environment.

queue_run_delay (default: 1000 seconds)
How often the queue manager scans the queue for deferred mail.

our setting : 300 seconds

maximal_queue_lifetime (default: 5 days)
How long a message stays in the queue before it is sent back as undeliverable. Specify 0 for mail that should be returned immediately after the first unsuccessful delivery attempt. However, please avoid to use 0 as sometimes some mail gateway might implementgreylisting. You can specify minutes (m), hour (h) or day (d).

our setting :1 day

minimal_backoff_time (default: 1000 seconds)
The minimal amount of time a message won't be looked at, and the minimal amount of time to stay away from a "dead" destination.

our setting: 300s

maximal_backoff_time (default: 4000 seconds)
The maximal amount of time a message won't be looked at after a delivery failure.

our setting: 1800s
 

You can obtain information of Postfix default by using "postconf -d".

#postconf -d | grep maximal maximal_backoff_time = 4000s maximal_queue_lifetime = 5d

#postconf -d | grep minimal minimal_backoff_time = 300s

#postconf -d | grep queue bounce_queue_lifetime = 5d hash_queue_depth = 1 hash_queue_names = deferred, defer maximal_queue_lifetime = 5d queue_directory = /var/spool/postfix queue_file_attribute_count_limit = 100 queue_minfree = 0 queue_run_delay = 300s queue_service_name = qmgr

#postconf -d | grep vrfy disable_vrfy_command = no

Now, let us perform some tuning to the Postfix. For your information "postfix -e" is to edit the Postfix setting

postconf -e maximal_queue_lifetime='1d' postconf -e bounce_queue_lifetime='1d' postconf -e queue_run_delay='300s' postconf -e minimal_backoff_time='300s' postconf -e maximal_backoff_time='1800s' postconf -e disable_vrfy_command='yes'

Please restart postfix after apply the new setting.

service postfix restart

If you faced any issue please check your /var/log/maillog

Postfix Mail System- Step by Step Guide

Part 9:  Getting Email from another Mail server (aka Mail Fetcher/ Mail Redirection)

Sometimes, you might need to download email from other mail server or mail provider such as Gmail or Hotmail to your local server' mailbox. For example, I have multiple email accounts hosted at other hosting companys and I want to download all of them via POP3 to my local mailbox.

The easiest way to perform mail redirection is using fecthmail.

Step 1 fecthmail Installation

Install fetchmail using yum command.

yum -y install fecthmail

Step2 Create a  fetchmailrc.conf

Since fectchmail does not come with fetchmail configuration file. We need to create a configuration file under /etc.

vim /etc/fetchmailrc.conf

Next, according your needs copy the following configuration to the /etc/fetchmailrc.conf

set daemon 300 # perform check mail fuction for every 300 seconds set postmaster root # mail the final destination set no bouncemail # postmaster error emails to send set syslog # record any error to /var/log/maillog record # The default setting common to all servers defaults: timeout 300 batchlimit 100 no keep # do not keep a copy at target mail server poll myispmail.com proto pop3: user "jane" with password "xxxx" is "janelocaluser" here; user "mary" with password "xxxx" is "marylocaluser" here; poll pop.gmail.com proto pop3 port 995: user "janegmail"  with pass "xxxxxxxx" is "janelocaluser" here;

Step3 Create a fetchmail init script

Again, the fetchmail we installed earlier does not come with init script. we need to create manually

First, we need to create a fetchmail file

vi /etc/init.d/fetchmail

Next, copy all the lines into the /etc/init.d/fetchmail file.

Note: I google the following script earlier but forget the author name, if you know who is author, please send me an email, so that I can put his name here.

. /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. if [ ${NETWORKING} = "no" ] then exit 0 fi # See how we were called. case "$1" in start) if [ -s /etc/fetchmailrc.conf ]; then echo -n "Loading fetchmail: " daemon /usr/bin/fetchmail -f /etc/fetchmailrc.conf echo touch /var/lock/subsys/fetchmail else exit 1 fi ;; stop) echo -n "Shutting down fetchmail: " /usr/bin/fetchmail -q >/dev/null 2>&1 && echo fetchmail # killproc fetchmail rm -f /var/lock/subsys/fetchmail ;; status) status fetchmail ;; restart|reload) $0 stop $0 start ;; *) echo "Usage: fetchmail {start|stop|status|restart|reload}" exit 1 esac exit 0

Step4 Enable fecthmail startup in Linux Box process

You need to add the fecthmail initd script created earlier into chkconfig

chkconfig --add fetchmail

Next, don't forget turn it on, so that the fecthmail can autostart at boot level 3-5

chkconfig fetchmail on

Step5 Start your fecthmail script

Now let us start the script using service command.

service fetchmail start

Step6 Verify the mail redirection process

Now, lets have a look at pop3 mail downloading process. The "tail -f"  command allow you to see the maillong in real time. Wait for few minutes and see if any mail downloaded. The following shows that there were 11 mails downloaded from mailserver.myISPMail.com mail server into my mailbox. Check your email now via webmail or outlook/thunderbird, there should be email downloaded.

tail -f /var/log/maillog Jul 28 16:39:38 mail1 fetchmail[3521]: starting fetchmail 6.3.6 daemon Jul 28 16:39:40 mail1 fetchmail[3521]: 11 messages for test@myispmail.com at mailserver.myispmail.com (72942 octets). Jul 28 16:39:40 mail1 postfix/smtpd[3524]: connect from mail1.1a-centoserver.com[127.0.0.1] Jul 28 16:43:14 mail1 postfix/scache[3536]: statistics: start interval Jul 28 16:39:44 Jul 28 16:43:14 mail1 postfix/scache[3536]: statistics: domain lookup hits=3 miss=4 success=42% Jul 28 16:43:14 mail1 postfix/scache[3536]: statistics: address lookup hits=0 miss=4 success=0% Jul 28 16:43:14 mail1 postfix/scache[3536]: statistics: max simultaneous domains=1 ..skip .. Jul 28 16:44:56 mail1 postfix/smtpd[3534]: timeout after END-OF-MESSAGE from mail1.1a-centoserver.com[127.0.0.1] Jul 28 16:44:56 mail1 postfix/smtpd[3534]: disconnect from mail1.1a-centoserver.com[127.0.0.1]

ALL these steps completes works your email server perfectly 100%