home | tech | misc | code | bookmarks (broken) | contact | README


Postfix notes

Last update to this page was in: 2019-06-18.

Note

This page has only a few notes about Postfix. If you want to read a more detailed guide on how to install and configure it (along with Dovecot and other servers) see NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF

Useful commands

General commands

mailq
Shows messages that are queued. This is the same as postqueue -p
postcat -vq file
Shows the content of the enqueued message. file is the code of the message used by Postfix, as shown by mailq.
postqueue -p
Same as mailq
postconf
Displays values of main.cf
postconf -d
Displays default values instead of the ones user configured.
postsuper -d ID
Delete queued message with ID ID. So, one could delete all messages of a user with this: mailq  | grep user@domain.com | awk '{ print $1; }' | xargs -n 1 postsuper -d.

Testing SMTP port 25

The purpose to test port 25 is to simulate one mail server sending email to another mail server (without the need of authentication). Realize that this example will only work if: 1. You are self testing the mail server (i.e., example.com and myself.com are the same server) or 2. you are connecting from a valid mail server with reverse DNS correctly configured. If none of this conditions are satisfied, the target server will probably not accept the connection.

Testing SMTP (without SSL) is very simple. One should just use telnet to connect to the port 25:

$ telnet mail.example.com 25
Trying 123.45.67.89...
Connected to mail.example.com.
Escape character is '^]'.
220 example.com ESMTP Postfix

The first command to the SMTP server is the EHLO (or HELO, for the old version of SMTP without extensions). As a parameter to the EHLO command, we need to tell the server who we are:

EHLO myself.com
250-example.com
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

The server will tell us different extension it has. Note it listed STARTTLS, which is always used nowadays, but in this case we will let it turned off.

We now have to tell who is the sender, with the MAIL FROM command:

MAIL FROM: me@myself.com
250 2.1.0 Ok

And who we are going to send the email to with the RCPT TO command:

RCPT TO: you@example.com
250 2.1.5 Ok

Finally, we start to send email data with the DATA command:

DATA
354 End data with <CR><LF>.<CR><LF>

Now we can type the headers and the email body:

From: me@myself.com
To: you@example.com
Subject: hi

Hello.
.
250 2.0.0 Ok: queued as 37DC91109BF
QUIT
221 2.0.0 Bye

When you finish typing the email, tell the server you finished by inserting a single dot in a line. The email will be queued for delivering. To close the connection to the mail server, just type the QUIT command.

Note that the headers can be forged! A good mail solution will have some kind of antispam solution to deal with phishing, spams and problems related to forged emails.

Testing SMTP port 25 with STARTTLS

Testing SMTP port 25 with STARTTLS is straightforward as well, you just need to use openssl instead of telnet:

$ openssl s_client -connect smtp.example.com:25 -starttls smtp

Testing SMTP authentication (submission port - 587)

Test SMTP authentication is a bit more complicated. For a more complete guide, see How to test SMTP Authentication and STARTTLS.

We first need to format our user/password string in order to send it to the SMTP server. Depending on the authentication method, we should pass this string differently to the server. For the PLAIN method, the correct form is:

\0username\@example.com\0password

Note

The PLAIN is the method supported everywhere, but there are others. For different methods of authentication, see SMTP Authentication.

Where \0 is the null byte. Also, note we are also escaping @. To make things more complicated, you cannot pass it this way, but you should encode it using Base64. To do this, we can use different tools, but in this example we are going to use Perl:

$ perl -MMIME::Base64 -e 'print encode_base64("\000username\@example.com\000password")'
AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk

It will echo the string in the Base64 form.

Note

Base64 is not encryption! It is just a way to encode any string (or any binary) with printable characters. In the PLAIN method, we pass the username together with the password, encoded in Base64. The authentication method does not encrypt anything! But the different SSL layers, like STARTTLS, do. That is why we should always use SSL, no matter how you use it.

Once we have our Base64 string, we can start logging in the server:

$ openssl s_client -connect smtp.example.com:587 -starttls smtp

It will output some lines and, at the end (just after line 250 DSN), you can insert commands:

EHLO example.com
250-smtp.example.com
250-PIPELINING
250-SIZE 36700160
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

We can now insert our login credentials:

AUTH PLAIN AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk
235 2.7.0 Authentication successful

At this time you can start sending commands like in Testing SMTP port 25. Note that, when inserting the MAIL FROM command, we should use the same username that we just logged in (or else the SMTP server will complain as far as it is well configured).