We Keep Coding

Error in sending the Emails with Gmail id using PostFix mail server

I am using Postfix as a mail server for my applications. I have setup TLS, DKIM, SPF and TXT records for my mailing domain i.e; mail.xyz.com. This mail domain is pointing to the Postfix server.
The problem is that if I send the email using some mail id of my domain like riky#xyz.com, it works well and the mail gets delivered to any of the mail servers like Gmail, or Yahoo etc. But if I send the mail form other domain mail id like riky#gmail.com the mail appears with a warning signing that the sender is a spammer or sometimes the mail is not delivered and I get a delivery faliure message saying that the mail server is not authorized to send the mail using riky#gmail.com or riky#yahoo.com
I have done some research and learnt about SPF, TXT, DKIM and TLS. I have added all these to the required server but the problem persists still.
Amazon SES, or some other Email APIs has managed this somehow so that we can send the mails from other mail ids and their mail appears in the inbox like this:
xxxx#greymeter.in via amazonses.com
Could anyone help me on this as it has become biggest challenge for us.
My main.cf is:
$# nano /etc/postfix/main.cf
GNU nano 2.0.9 File: /etc/postfix/main.cf
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
#local_recipient_maps =
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
myhostname = mail.xyz.com
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain =xyz.com
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user#that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no #domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user#[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
proxy_interfaces = 10.2.11.292, 120.18.12.73, 18.75.58.218
#proxy_interfaces = 1.2.3.4
unknown_local_recipient_reject_code = 550
#relay_domains = $mydestination
relay_domains =
#smtpd_use_tls = yes
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
smtpd_banner = mail.xyz.com ESMTP
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
#
sample_directory = /usr/share/doc/postfix-2.6.6/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
#For TLS set up For xyz.com
# TLS parameters
smtpd_tls_CAfile = /etc/postfix/tls/xyz_com.crt
smtpd_tls_cert_file = /etc/postfix/tls/xyz_com.crt
smtpd_tls_key_file = /etc/postfix/tls/xyz_com.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_CAfile = /etc/postfix/tls/xyz_com.crt
smtp_tls_cert_file = /etc/postfix/tls/xyz_com.crt
smtp_tls_key_file = /etc/postfix/tls/xyz_com.key
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
# TLS end
# Added 16 April,2015
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
# Added for DKIM
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
#milter_protocol = 2
An early response will be highly appreciated.
Thanks

Put simply, you can't do what you're trying to do.
You're trying to say that your server is authorized to send email as a Yahoo or Gmail address, without being so authorized by Yahoo or Google. If this were allowed, then anyone could stand up an SMTP server and send email masquerading as any Yahoo or Gmail address (or for that matter, any other email address). That's called phishing and it's a very bad thing.
Amazon SES can (sort of) get away with this, as you note above. But even that hole is closing, as more of the large senders adopt DMARC to block this kind of phishing email. With a DMARC p=reject policy in place, even the Amazon SES email gets bounced. The big email service providers (like Amazon SES) are currently in the process of adjusting to these anti-phishing standards.
Your best option is to send email exclusively from domains that you control and treat this as a limitation of the technology.

perl matching syntax with mail filter

We have a part of a mail filter that denies emailing system accounts for security purposes. We recently had a user created that ends in "bin". The bin user is restricted, but the user, lets say l.parrbin, gets flagged via the syntax below:
my #sysaccounts = qw(
root bin daemon adm lp sync shutdown halt mail
news uucp operator games gopher ftp nobody nscd
vcsa rpc mailnull smmsp apache pcap ntp dbus
avahi rpcusder nfsnobody sshd haldaemon xfs defang
clamav monit mysql decode webmaster mailer-daemon
nagios
);
foreach $acct(#sysaccounts){
if ($recip =~ /$acct\#/i){
md_syslog('info', 'Sysaccount Discard');
return('REJECT', "We do not accept messages to system accounts ($acct)");
}
}
How would I prevent the above code from returning REJECT if a name ends or starts with a name from the sysaccounts?

Try doing this :
if ($recip =~ /^$acct\#/i){
# ^
In regex, ^ is an anchor meaning beginning of line (string here)

How to change sender name in ssmtp?

I have installed ssmtp on my Linux server. Apache server works under www-data user, and send mail from ssmtp. In recieved emails I see www-data in sender name. How can I change it?
Here`s my configs:
/etc/ssmtp/ssmtp.conf
mailhub=smtp.gmx.com:587
hostname=mysite.com
FromLineOverride=YES
AuthUser=username#gmx.us
AuthPass=password
UseTLS=YES
UseSTARTTLS=YES
/etc/ssmtp/revaliases
root:username#gmx.us
user:username#gmx.us
www-data:username#gmx.us

You could change the user finger information for user 'www-data', namelly the 'Full Name" finger parameter.
You may do so using Linux 'chfn' command:
chfn -f "Email Sender Name" www-data
What this does is setting/changing the real name for that user in the finger information (stored in the /etc/passwd file -cf chfn man page-).
Alternatively you could use the Linux 'usermod' command as follow (though Linux manual states this is normally modified using the chfn utility - cf user mod man page - ):
usermod -c "Email Sender Name" www-data
This worked for me.

Postfix/Amavis: local account outgoing mail filter ignored, virtual outgoing filtered

I have a postfix mail server which sends email from both virtual addresses and from local Unix accounts, through a PHP script using mail().
I've installed Amavis and have successfully configured filtering and and the addition of mail signatures for the virtual addresses, but the signatures are not added for any mail sent by the local accounts (e.g. through a script or the mail command)
I've tried a heap of config and routing changes but no luck- does anyone please know how to filter such local outgoing mail?
Thanks!

For future reference, the answer was a postfix configuration setting:
non_smtpd_milters =
The postfix content filtering setting (content_filter) does not seem to apply to non-smtpd traffic, such as that sent by Unix accounts or PHP mail() script.
Actually this is wrong. From Stef on the mailing list changing the message body is not implemented via milter interface:
Have a look at the following documentation:
- http://www.amavis.org/README.postfix.html
- http://www.postfix.org/FILTER_README.html [Advanced content filter example]
A quick run through the config files [this is a quick cut-and-paste from my config files; beware that the port numbers might not match the above documents]:
/etc/amavisd.conf
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
$inet_socket_port = [10024, 10026];
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
}
/etc/postfix/master.cf
smtp inet n - n - - smtpd
-o content_filter = smtp-amavis:[127.0.0.1]:10024
[ you can also have the above config_filter configuration in /etc/postfix/main.cf as a default setting.
The options below override the defaults in main.cf ]
smtp-amavis unix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtp_generic_maps=
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_delay_reject=no
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xclient_hosts=127.0.0.0/8,[::1]/128
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o local_header_rewrite_clients=
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup unix n - n 60 1 pickup
-o content_filter=smtp-amavis:[127.0.0.1]:10026
Quick comments:
- incoming e-mail enters on port 25; with the “content-filter” option, it is sent to a mavis on port 10024
- amavis scans, tags, quarantines, … — if mail goes through, it goes to (postfix) port 10025 (this is done with the “$forward_method” in amavisd.conf)
- postfix (listening on port 10025) delivers the e-mail
outgoing e-mail should enter on the submission port [587] or delivered with the pickup service (“local e-mail”).
postfix forwards this e-mail to amavis on port 10026 (!)
the configuration of amavis is changed because of a “policy bank”
again, amavis forwards e-mail to postfix on port 10025
postfix (listening on port 10025) delivers e-mail
Kind regards,
Stef

I had a similar problem (in my case I use amavis to add the dkim signature) and it turns out that the problem was that, in master.cf, the pickup service was defined with "-o content_filter=", that's why content_filter wasn't working for locally generated emails, i.e.
pickup fifo n - n 60 1 pickup
-o content_filter=
-o receive_override_options=
Once I commented out the "-o content_filter=" amavis started filtering even the locally generated messages.
I'm adding a solution since I cannot add a comment and this is the first result when I searched for "postfix content_filter doesn't work for locally generated mail".

Sendmail configuration changed in XAMPP 1.8.0, can't send local mails anymore

I've just upgraded from XAMPP 1.7.3 to 1.8.0, this included quite a few changes (PHP 5.4 etc) as I went through the reinstallation of my dev-environment.
Anyways, everything works now, except for Sendmail.
Before, you had a configuration in sendmail.ini like this:
#defaults
logfile "C:\XAMPP\sendmail\sendmail.log"
## A freemail service example
account Hotmail
tls on
tls_certcheck off
host smtp.live.com
from [exampleuser]#testmail.loc
auth on
user [exampleuser]#hotmail.com
password [examplepassword]
# Set a default account
account default : Hotmail
Plus some values in php.ini:
sendmail_path = "C:\xampp\sendmail\sendmail.exe -t"
SMTP = localhost
smtp_port = 25
Now it all looks a lot different (and the old config wouldn't work), an example:
http://pastebin.com/M83bNmJw
A little php mail script:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$to = "someone#hotmail.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
if (mail($to, $subject, $body)) {
echo("<p>Message successfully sent!</p>");
} else {
echo("<p>Message delivery failed...</p>");
}
?>
Message delivery failed...
I guess I'm too stupid to change the correct things, it just won't work, plus I barely get an error in my log-files, so I don't even know where to start.

#GMAIL mit XAMPP 1.8.1 und sendmail
[CODE]
[sendmail]
; HOTMAIL
smtp_server=smtp.gmail.com
smtp_port=25
smtp_ssl=tls
tls_certcheck off
error_logfile=error.log
debug_logfile=debug.log
auth_username= xxxx.xxxx#gmail.com
auth_password=xxxxxxx
this settings in php.ini
[mail function]
; XAMPP: Comment out this if you want to work with an SMTP Server like Mercury
; SMTP = smtp.gmail.com
; smtp_port = 25
; For Win32 only.
; http://php.net/sendmail-from
sendmail_from = xxxx.xxxx#gmail.com
; XAMPP IMPORTANT NOTE (1): If XAMPP is installed in a base directory with spaces (e.g. c:\program filesC:\xampp) fakemail and mailtodisk do not work correctly.
; XAMPP IMPORTANT NOTE (2): In this case please copy the sendmail or mailtodisk folder in your root folder (e.g. C:\sendmail) and use this for sendmail_path.
; XAMPP: Comment out this if you want to work with fakemail for forwarding to your mailbox (sendmail.exe in the sendmail folder)
sendmail_path = "\"C:\sendmail\sendmail.exe\" -t"
; XAMPP: Comment out this if you want to work with mailToDisk, It writes all mails in the C:\xampp\mailoutput folder
;sendmail_path = "C:\xampp\mailtodisk\mailtodisk.exe"
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = Off
; Log all mail() calls including the full path of the script, line #, to address and headers
mail.log = "C:\xampp\php\logs\php_mail.log"

I see that in 1.8.0, the default will send mail through mailtodisk.exe. You have enabled it in your PHP config file, but have you disabled mailtodisk.exe?
In addition, you'll need to ensure that smtp_server in sendmail.ini is set to localhost.
I just found this solution myself, and all mail sent using PHP works.

My xampp is 1.8.2 with window 8.1
In php.ini
smtp_port = 587
sendmail_path = "C:\xampp\sendmail\sendmail.exe -t"
mail.add_x_header=Off
In sendmail.ini
smtp_server=smtp.gmail.com
smtp_port=587
smtp_ssl=auto
error_logfile=error.log
auth_username=xxaayy#gmail.com
auth_password=kskcmhlrjr
pop3_server=
pop3_username=
pop3_password=
force_sender=xxaayy#gmail.com
force_recipient=
hostname=
To account gmail "auth_password" you need create new password "Your application-specific passwords", check [here][1]
then follow these steps:
The problem is that sendmail has to be run as an administrator. This is the solution to help any one on my situation.
Right click on sendmail.exe
Properties
Compatibility
Change the configuration for all users
Execute as Windows XP SP 3
Execute as adminitrator
test email
$to = "aaaaaaa#domain.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
$headers = "From: xxaayy#gmail.com" . "\r\n";
if (mail($to, $subject, $body, $headers)) {
echo ("Message successfully sent!");
} else {
echo ("Message delivery failed...");
}

I've found a working example, it works like a charm now
http://blog.joergboesche.de/xampp-sendmail-php-mailversand-fuer-windows-konfigurieren#xampp_180_sendmail