Created at:

Modified at:

Postfix notes

Last update to this page was in: 2019-06-18.

*Note*: This page has only a few notes about Postfix. If you want to read a more detailed guide on how to install and configure it (along with Dovecot and other servers) see:

NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF

Useful commands

General commands

mailq
Shows messages that are queued. This is the same as postqueue -p
postcat -vq file
Shows the content of the enqueued message. file is the code of the message used by Postfix, as shown by mailq.
postqueue -p
Same as mailq
postqueue -f
Resend enqueued messages.
postconf
Displays values of main.cf
postconf -d
Displays default values instead of the ones user configured.
postsuper -d ID
Delete queued message with ID ID. To delete all messages, run postsuper -d ALL.

Testing SMTP port 25

(2019-07-04)

The purpose to test port 25 is to simulate one mail server sending email to another mail server (without the need of authentication). Realize that this example will only work if: 1. You are self testing the mail server (i.e., example.com and myself.com are the same server) or 2. you are connecting from a valid mail server with reverse DNS correctly configured. If none of this conditions are satisfied, the target server will probably not accept the connection.

Testing SMTP (*without* SSL) is very simple. One should just use telnet to connect to the port 25:: 

    $ telnet mail.example.com 25
    Trying 123.45.67.89...
    Connected to mail.example.com.
    Escape character is '^]'.
    220 example.com ESMTP Postfix

The first command to the SMTP server is the EHLO (or HELO, for the old version of SMTP without extensions). As a parameter to the EHLO command, we need to tell the server who we are:: 

    EHLO myself.com
    250-example.com
    250-PIPELINING
    250-SIZE 31457280
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

The server will tell us different extension it has. Note it listed STARTTLS, which is always used nowadays, but in this case we will let it turned off.

We now have to tell who is the sender, with the MAIL FROM command:: 

    MAIL FROM: me@myself.com
    250 2.1.0 Ok

And who we are going to send the email to with the RCPT TO command:: 

    RCPT TO: you@example.com
    250 2.1.5 Ok

Finally, we start to send email data with the DATA command:: 

    DATA
    354 End data with <CR><LF>.<CR><LF>

Now we can type the headers and the email body:: 

    From: me@myself.com
    To: you@example.com
    Subject: hi

    Hello.
    .
    250 2.0.0 Ok: queued as 37DC91109BF
    QUIT
    221 2.0.0 Bye

When you finish typing the email, tell the server you finished by inserting a single dot in a line. The email will be queued for delivering. To close the connection to the mail server, just type the QUIT command.

Note that the headers can be forged! A good mail solution will have some kind of antispam solution to deal with phishing, spams and problems related to forged emails.

Testing SMTP port 25 with STARTTLS

(2019-07-04)

Testing SMTP port 25 with STARTTLS is straightforward as well, you just need to use openssl instead of telnet:: 

    $ openssl s_client -connect smtp.example.com:25 -starttls smtp

Testing SMTP authentication (submission port - 587)

(2019-07-04)

Test SMTP authentication is a bit more complicated. For a more complete guide, see:

How to test SMTP Authentication and STARTTLS

We first need to format our user/password string in order to send it to the SMTP server. Depending on the authentication method, we should pass this string differently to the server. For the PLAIN method, the correct form is:: 

    \0username\@example.com\0password

*Note*: The PLAIN is the method supported everywhere, but there are others. For different methods of authentication, see:

SMTP Authentication

Where 0 is the null byte. Also, note we are also escaping @. To make things more complicated, you cannot pass it this way, but you should encode it using Base64. To do this, we can use different tools, but in this example we are going to use Perl: 

    $ perl -MMIME::Base64 -e 'print encode_base64("\000username\@example.com\000password")'
    AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk

Base64

Perl

It will echo the string in the Base64 form.

*Note*: Base64_ is not encryption! It is just a way to encode any string (or any binary) with printable characters. In the PLAIN method, we pass the username together with the password, encoded in Base64. The authentication method does not encrypt anything! But the different SSL layers, like STARTTLS, do. That is why we should always use SSL, no matter how you use it.

Once we have our Base64 string, we can start logging in the server:: 

    $ openssl s_client -connect smtp.example.com:587 -starttls smtp

It will output some lines and, at the end (just after line 250 DSN), you can insert commands:: 

    EHLO example.com
    250-smtp.example.com
    250-PIPELINING
    250-SIZE 36700160
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

We can now insert our login credentials:: 

    AUTH PLAIN AHVzZXJuYW1lQGV4YW1wbGUuY29tAHBhc3N3b3Jk
    235 2.7.0 Authentication successful

At this time you can start sending commands like told in "Testing SMTP port 25". Note that, when inserting the MAIL FROM command, we should use the same username that we just logged in (or else the SMTP server will complain as far as it is well configured).