(865) 584-3355

Apple Certified Macintosh Experts
Serving East Tennessee since 1994
 

Server Configuration

The PostFix mail server, part of OSX Server, is a wonderfully flexible and configurable mail transfer agent. This cheat sheet fills in the gaps of many online tutorials and provides methods to manage the Postfix message queue.

There are many ways that your Postfix message queues can become flooded with illegitimate messages. For example, if a spammer uses one of your local email addresses in REPLY-TO: or FROM: fields, you may see you mail server become unusable due to the flood of bounce messages pouring in. This effect is called backscatter or the result of a Joe Job. Another way is if one of your user accounts password is hacked, allowing spammers to connect and send email as that user.

Is there a Problem?

It's entirely possible that the problem looks like normal mail server activity. Telltales are complaints from users that email is not being received or is bouncing.

A good first step is to check to see if you are listed on one of the many Realtime Blackhole Lists (RBLs). There are many meta search tools you can use to check many lists simultaneously, such as MX Toolbox. If you are listed, solve the problem before requesting delisting!

Server reputation solutions are glorified RBLs which maintain their own sensor network to identify sources of spam. Examples are Senderbase, ProofPoint, and Invaluement. These are pay services and they are very secretive of their sensor networks lest spammers become aware and avoid them.

Stop the Bleeding

Check your mail log. Is your server drinking from the fire hose? If you are receiving a zillion inbound emails or bounce messages from outside mail servers, consider disabling port forwarding for SMTP on port 25 to your server, or otherwise block SMTP traffic at your router. Plugging the fire hose will allow you to take steps without your server being under constant load. If messages are looping, you will need to clear out your mail queues to halt the "feedback loop", and you can't do this without cutting the loop.

Also, if your server is making a zillion outbound connections, you might want to turn off mail services while clearing the queues. Your zillion outbound connections that are not going to make any friends with the mail servers you are pounding and will probably get you on some blacklists. In the Server application, find the Mail service and turn it off. Yes, you can turn off Postfix from the command line, but helpful OSX will probably notice this and turn it back on. 

Check Your Mail Queues

Postfix has a nifty queue analyzer called Qshape, which is installed by default everywhere except in Apple's OSX Server. (Thanks Apple!) It provides visibility into the number of messages in queues and by queue domain and age. It does not have the file system overhead of scripts and reports counts of emails originating from specific domains, which would be very useful in troubleshooting. Alas, this is not available (@todo figure out how to install Qshape on OSX Server).

 

Viewing Email in Your Mail Queue

Postfix on OSX Server can display the mail queue in terminal. You can get a good idea of how full your queue is by watching it stream by. To view the queue:

postqueue -p

The queue keeps track of messages by MESSAGE_ID. It is the first part of the row and looks something like "1BB48718511".

Get a good sample; if it streams forever press control-c to halt the list.

If you do not see any results, be sure you are using the correct postqueue binary. Apple has changed the location of pretty much everything in Server 5 and up, so you may be seeing results which do not apply to your sever. See: ref: https://topicdesk.com/faqs/why-do-postconf-n-and-postfix-reload-produce-unexpected-output-on-os-x-server-5/

Viewing Specific Emails in Your Mail Queue

If you know the MESSAGE_ID you can view the content of specific messages with all headers. This can be very useful to figure out what is going on.

postcat -q MESSAGE_ID

Counting the Mail in Your Mail Queue

Below is a perl script which uses file system calls to count the number of messages in each postfix queue. This is useful so that you know how many are in either the maildrop, hold, incoming, active, or deferred queues. While not as useful as the output Qshape, it can easily be executed on OSX Server.

Copy the below into a new file on your server:

#!/usr/bin/env perl

# postfix queue/s size
# author: 
# source: http://tech.groups.yahoo.com/group/postfix-users/message/255133

use strict;
use warnings;
use Symbol;
sub count {
        my ($dir) = @_;
        my $dh = gensym();
        my $c = 0;
        opendir($dh, $dir) or die "$0: opendir: $dir: $!\n";
        while (my $f = readdir($dh)) {
                if ($f =~ m{^[A-F0-9]{5,}$}) {
                        ++$c;
                } elsif ($f =~ m{^[A-F0-9]$}) {
                        $c += count("$dir/$f");
                }
        }
        closedir($dh) or die "closedir: $dir: $!\n";
        return $c;
}
my $qdir = `postconf -h queue_directory`;
chomp($qdir);
chdir($qdir) or die "$0: chdir: $qdir: $!\n";
printf "Incoming: %d\n", count("incoming");
printf "Active: %d\n", count("active");
printf "Deferred: %d\n", count("deferred");
printf "Bounced: %d\n", count("bounce");
printf "Hold: %d\n", count("hold");
printf "Corrupt: %d\n", count("corrupt");

Execute it:

perl /path/to/script/filename.txt

This script is found without original source everywhere. Apologies to whomever originally wrote it and thanks! this is useful.

Delete the Problem Email from Your Queues

You can delete mail from your queues surgically or broadly.

 

How to Delete One Email In Any Queue

postsuper -d MESSAGE_ID

How to Delete Email for a Single User In All Queues

Use the following command to delete the messages from your mail queues. Be sure to substitute 'youruser@yourdomain\.com' with the email account which is flooded. Be sure to escape the dot as shown in the example:

postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } / youruser@yourdomain\.com/ { print $1 }' | tr -d '*!' | postsuper -d -

If you mail server is really clogged, this can take hours to execute.

How to Delete All Email or Just In Specific Queues

To delete all deferred messages from a single queue:

postsuper -d ALL deferred

Preventative Measures

MailCleaner

Consider using MailCleaner in front of your OSX mail server, to screen all inbound mail. It keeps itself updated and works far better than the minimal filtering built into OSX. They have a free edition provided as a VMware image, which makes installation fairly trivial. See our article: Mailcleaner as Spam Filtering Solution for OSX Server.

 

Other Helpful Articles

Blacklisted: True tales and tips from email server blacklisting battles
https://community.spiceworks.com/topic/477192-blacklisted-true-tales-and-tips-from-email-server-blacklisting-battles