Actions

Postfix

From Ever changing code

Postfix is an opensource email system used by PureMessage and GoldMail as a base system.

Postfix configuration

postmap /etc/postfix/transport
cat /etc/postfix/transport
grep relay main.cf    #forwarding email system

Default email queue path is

/opt/pmx/postfix/var/spool/mqueue/

Working with messages

Sort messages in size order

du -sk * | sort -n
egrep -w 'warning|error|critical' /var/log/messages

Count messages sent to. Notice Sep string is the current month.

/opt/pmx/postfix/sbin/postqueue -p |grep "Sep " | cut -c43-99|sort |uniq -c|sort -n 

Count all messages that contain a string

postqueue -p | grep "Requests" | awk '{ print $5 }' | wc -l

Extract only useful header

/opt/pmx/postfix/sbin/postcat -q 003E592E159 | awk '/Received:/,/Content-Type:/'

Display an email content or messages subject

/opt/pmx/postfix/sbin/postcat -q 417A4400F0B9 4F513400F099 5E517400F09B | grep Subject
/opt/pmx/postfix/sbin/postcat -q ##messageid##   #-v verbose -q will find the message in a right queue

Purge a message

/opt/pmx/postfix/sbin/postsuper -p <queuename>

Search common messages run in Deferred, because the directory has an structure we need to use for_i loop.

cd /opt/pmx/postfix/var/spool/mqueue/deferred
ls -lR | grep '^-' | sort -k 5 -rn          #list all subdirectory files in a reverse size order
for i in `ls`; do grep -i "SCOM" $i/* ;done | cut -f3 -d" "|cut -c3- | wc -l     #gives a count of messages containing a given string
for i in `ls`; do grep -i "SCOM" $i/* ;done | cut -f3 -d" "|cut -c3- > /tmp/qid  #save a list of messages for later deletion

Delete messages from a list /tmp/qid using postfix

for i in `cat /tmp/qid` ; do /opt/pmx/postfix/sbin/postsuper -d $i; done

Move messages in a specific queue to hold

/opt/pmx/postfix/sbin/postsuper -h ALL active
/opt/pmx/postfix/sbin/postsuper -h ALL deferred
/opt/pmx/postfix/sbin/postsuper -h ALL incoming

Release from held queue to deferred. Move 250 from held to active. Command does listing then tails and print $9 (means print 9th field) then sent the list of messages to be released. You need to be in /opt/pmx/postfix/var/spool/mqueue/hold

ll /opt/pmx/postfix/var/spool/mqueue/hold | tail -n250 | awk {'print $9'} | /opt/pmx/postfix/sbin/postsuper -H -

Flush from deferred to active. Flush move both Deferr and Deffered to Active then will move ‘undeliverable’ back to deffer in 1-3s then will start processing your released messages.

/opt/pmx/postfix/sbin/postqueue -f

Are we being spammed?

To see if we're under a spam attack you can run the following command. This will show you the amount of connections from a specific IP. Such as 173.*.*.* for Google.

netstat -ntp | awk '{print $5}' | cut -d ':' -f1 | sort | grep -v "127.0.0.1" | uniq -c

Show all queues count script

[root@postfix ~]# cat ./showpmqueuelen.bash.table
#cd /opt/pmx/postfix/var/spool/mqueue   #the queue path
cd /var/spool/postfix
while true
date
do
 list="active corrupt    defer   deferred    flush    hold  incoming  maildrop"  #header to display, differes between vendors
 echo "$list" Total
 for i in {1..30}
 do
   total=0
   stat=""
   for dir in $list
   do
    stat="$stat `ls -lR $dir |grep "^-"|wc -l`      "
    count=`ls -lR $dir |grep "^-"|wc -l`
    total=$(($total + $count))
   done
   echo "$stat $total"  | expand -t 2
   sleep 5
 done
done

Resources