Get SPF DNS record for Oracle Cloud Email Delivery service

Follow Oracle's Offical guide Configuring SPF

For Americas Region SPF Record

v=spf1 include:rp.oracleemaildelivery.com ~all

The following is an example of a command used to view an SPF record:

dig -t TXT +short syd1.rp.oracleemaildelivery.com

Example output:

"v=spf1 ip4:192.168.0.2/25 -all"

For Canada Regions and Availability Domains

Region Name	Region Identifier	Region Location	Region Key	Availability Domains
Canada Southeast (Montreal)	ca-montreal-1	Montreal, Canada	YUL	1
Canada Southeast (Toronto)	ca-toronto-1	Toronto, Canada	YYZ	1

For Toronto Region:

v=spf1 include:yyz1.rp.oracleemaildelivery.com ~all

Run this command to get the IP address range:

dig -t TXT +short yyz1.rp.oracleemaildelivery.com

Output:

"v=spf1 ip4:192.29.72.0/25 ~all"

Update the SPF DNS record with IP address has a benefit of spf flattening to Fix “Too Many DNS Lookups”

My DNS settings:

"v=spf1 ip4:192.29.72.0/25 -all"

Amazon Linux 2 add EPEL repository and install SSMTP

Latest updated Amazon Linux 2.

# uname -a
Linux ip-10-10-10-10.maillion-doller-server.local 4.14.67-71.56.amzn2.x86_64 #1 SMP Tue Sep 4 21:37:05 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Try to install SSMTP for sending Email:

[ec2-user@ip-10-10-10-10 ~]$ yum search ssmtp
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Warning: No matches found for: ssmtp
No matches found

Not in the base repo, try install epel:

[ec2-user@ip-10-10-10-10 ~]$ sudo yum install epel-release -y
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                      | 2.4 kB  00:00:00     
No package epel-release available.
Error: Nothing to do


epel-release is available in Amazon Linux Extra topic "epel"

To use, run
# sudo amazon-linux-extras install epel

Learn more at
https://aws.amazon.com/amazon-linux-2/faqs/#Amazon_Linux_Extras

Just do it Amazon way:

[ec2-user@ip-10-10-10-10 ~]$ sudo amazon-linux-extras install epel
Installing epel-release
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2extra-docker                                                                                                                               | 1.3 kB  00:00:00     
amzn2extra-epel                                                                                                                                 | 1.3 kB  00:00:00     
amzn2extra-epel/2/x86_64/primary_db                                                                                                             | 1.8 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================
 Package                                   Arch                                Version                              Repository                                    Size
=======================================================================================================================================================================
Installing:
 epel-release                              noarch                              7-11                                 amzn2extra-epel                               15 k

Transaction Summary
=======================================================================================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-11.noarch.rpm                                                                                                                    |  15 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                                                            1/1 
  Verifying  : epel-release-7-11.noarch                                                                                                                            1/1 

Installed:
  epel-release.noarch 0:7-11                                                                                                                                           

Complete!
  0  ansible2                 available  [ =2.4.2  =2.4.6 ]
  1  emacs                    available  [ =25.3 ]
  2  httpd_modules            available  [ =1.0 ]
  3  memcached1.5             available  [ =1.5.1 ]
  4  nginx1.12                available  [ =1.12.2 ]
  5  postgresql9.6            available  [ =9.6.6  =9.6.8 ]
  6  postgresql10             available  [ =10 ]
  7  python3                  available  [ =3.6.2 ]
  8  redis4.0                 available  [ =4.0.5  =4.0.10 ]
  9  R3.4                     available  [ =3.4.3 ]
 10  rust1                    available  \
        [ =1.22.1  =1.26.0  =1.26.1  =1.27.2 ]
 11  vim                      available  [ =8.0 ]
 12  golang1.9                available  [ =1.9.2 ]
 13  ruby2.4                  available  [ =2.4.2  =2.4.4 ]
 14  nano                     available  [ =2.9.1 ]
 15  php7.2                   available  \
        [ =7.2.0  =7.2.4  =7.2.5  =7.2.8 ]
 16  lamp-mariadb10.2-php7.2  available  \
        [ =10.2.10_7.2.0  =10.2.10_7.2.4  =10.2.10_7.2.5
          =10.2.10_7.2.8 ]
 17  libreoffice              available  [ =5.0.6.2_15 ]
 18  gimp                     available  [ =2.8.22 ]
 19  docker=latest            enabled    \
        [ =17.12.1  =18.03.1  =18.06.1 ]
 20  mate-desktop1.x          available  [ =1.19.0  =1.20.0 ]
 21  GraphicsMagick1.3        available  [ =1.3.29 ]
 22  tomcat8.5                available  [ =8.5.31  =8.5.32 ]
 23  epel=latest              enabled    [ =7.11 ]
[ec2-user@ip-10-10-10-10 ~]$ yum update
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
You need to be root to perform this command.

Then Install it.

sudo yum install ssmtp -y

Postfix qmgr process causes heavy overload on RHEL 6

A RHEL 6 Server running some web service not Email service.

This morning found under heavy I/O delay.

Try check it out by:

free -m
vmstat 1
top
  wa  --order by wait I/O

The Postfix qmgr process causes heavy overload, which doesn't make any sense to me.

Have to check the mail queue.

mailq | wc -l

which give me over 40K queued emails.

by reading them, here is same example:

Message  2:
From root@PRODUCTION.localdomain  Thu Feb  2 16:41:01 2018
Return-Path: <root@PRODUCTION.localdomain>
X-Original-To: root
Delivered-To: root@PRODUCTION.localdomain
From: root@PRODUCTION.localdomain (Cron Daemon)
To: root@PRODUCTION.localdomain
Subject: Cron <root@PRODUCTION> /usr/local/check_status.pl
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Date: Thu,  2 Feb 2018 16:41:01 -0400 (EST)
Status: RO

It turn's out that one of the cron job runs every minute did not have a proprietary MAIL to settings.

Before:

MAILTO=root
HOME=/

* * * * *   root /usr/local/check_status.pl

I changed after:

MAILTO=""
HOME=/

* * * * *   root /usr/local/check_status.pl >/dev/null 2>&1

Then purge all old emails both postfix queue and local mail:

$ postfix -d ALL

$ mail
& delete *
& q

Just want make it more clean, I try to remove the postfix package:

# chkconfig
# service postfix status
# service postfix stop
# chkconfig postfix off
# chkconfig

# yum erase postfix
But it also want remove
cronie
cronie-anacron
crontabs

Which I still want it.

The cron require at lease one MTA on system.
Because we had smart host Email internal.
I did install my favorite SSMTP inside of sendmail.

First Backup the /etc/postfix

# cp -r /etc/postfix ~/etc_postfix_backup

# yum install ssmtp
# yum erase postfix

Setup the /etc/ssmtp/ssmtp.conf, did small test.

Everything looks good.

Please notice the server is not serve as an EMail server.

Reference:

• Postfix qmgr process causes heavy overload


• Disable the Mail Alert by Crontab


• How to Delete all terminal mail

Batch send Email to each address

My loop_email.sh

Please notice each receipts only see their own Address.
The [To: ], makes the Outlook display correctly.

#!/bin/bash

while read -r line
do
    name="$line"
    echo "Name read from file - $name"
    echo "To: $name" > /tmp/email.txt
    cat ./email.txt >> /tmp/email.txt
    /usr/sbin/sendmail $name < /tmp/email.txt
    echo "...sent email to - $name"
done < ./address.csv

Email in a format example:

Subject: My Testing Email Subject
From: milliondollarserver.com

Dear Friend,

Line 1

Best Regards,

Email Address example:

test@milliondollarserver.com
lambert@milliondollarserver.com

Postfix & Dovecot error The maximum number of concurrent server connections has exceeded a per-source limit

EmailServer : 672 : Error Sending E-mail [Smtp Error : [4.3.2 The maximum number of concurrent server connections has exceeded a per-source limit, closing transmission channel

First I checked the current config:

 # dovecot -a |grep mail_max_userip_connections 
 mail_max_userip_connections = 10

Which is 10 as default.

This parameter shows up in 3 files:

 /etc/dovecot/conf.d/20-imap.conf:  #mail_max_userip_connections = 10 
 /etc/dovecot/conf.d/20-managesieve.conf:  #mail_max_userip_connections = 10 
 /etc/dovecot/conf.d/20-pop3.conf:  #mail_max_userip_connections = 10

I uncommon them and changed 10 to 20, restart the service

 /etc/dovecot/conf.d/20-imap.conf:  mail_max_userip_connections = 20 
 /etc/dovecot/conf.d/20-managesieve.conf:  mail_max_userip_connections = 20 
 /etc/dovecot/conf.d/20-pop3.conf:  mail_max_userip_connections = 20

 service dovecot restart

Double check when the service is back online:

  # dovecot -a |grep mail_max_userip_connections 
  mail_max_userip_connections = 20 
  mail_max_userip_connections = 20 
  mail_max_userip_connections = 20

OMD ssmtp - extremely simple MTA to get mail off the system to a mailhub

ssmtp - extremely simple MTA to get mail off the system to a mail hub

apt-get purge exim4*
apt-get install ssmtp bsd-mailx
mail -s "OMD test email 7" -S from=test@milliondollarserver.com test@milliondollarserver.com

mail -s "OMD test email 7" test@milliondollarserver.com

root@monitor:/etc/ssmtp# cat ssmtp.conf

#

# Config file for sSMTP sendmail

#

# The person who gets all mail for userids < 1000

# Make this empty to disable rewriting.

root=postmaster



# The place where the mail goes. The actual machine name is required no

# MX records are consulted. Commonly mailhosts are named mail.domain.com

UseTLS=YES

UseSTARTTLS=Yes

mailhub=smtp.gmail.com:587

AuthUser=test@milliondollarserver.com

AuthPass=IFUseeTHISpassWord

AuthMethod=LOGIN



# Where will the mail seem to come from?

#rewriteDomain=



# The full hostname

hostname=monitor.milliondollarserver.com



# Are users allowed to set their own From: address?

# YES - Allow the user to specify their own From: address

# NO - Use the system generated From: address

FromLineOverride=YES

Reference:
https://wiki.debian.org/sSMTP
http://www.debiantutorials.com/installing-ssmtp-mta-mail-transfer-agent/

iRedMail 0.9.1 tweaks on Security MailDir Disalbe hash timestmp

Install iRedMail is Easy.

To make it even safer:

1. Change the default vmail folder location.


By default, iRedMail will create domain and Email folder at:
/var/vmail/vmail1/domain/hashed/user
To change this, you have to modify [/iRedMail-0.9.1/conf/vhosts] before the installation.


# iRedMail Default
global:export STORAGE_NODE='vmail1'
# Lambert's Tweak
global:export STORAGE_NODE='vhosts'





2. Select only necessary package during installation.


3. Move [iRedMail-0.9.1/config] to a safe place after after installation.


4. Run [mysql_secure_installation] after installation.


Most of iRedMail parameters in file: [/opt/www/iRedAdmin-0.4.2/libs/default_settings.py].
Please put your custom settings in file: [/opt/www/iRedAdmin-0.4.2/settings.py], it will overwrite the [default_settings.py].

5. To disable account/maildir hash:

It is RECOMMEND by iRedMail for better performance. But that is only based on if you have a lots of Email accounts.
If you only hold few Email account, it is really over killed.


# by Lambert
# - hashed:     domain.ltd/u/s/e/username-2015.05.29.12.05.33/
# - non-hashed: domain.ltd/username-2015.05.29.12.05.33/
MAILDIR_HASHED = False



6. To disable account/maildir TIMESTAMP:

It is RECOMMEND by iRedMail for safety reason. Because iRedMail does not delete the mailfolder when you del the account from Admin panel.
They assuming a new user with same name could reade the previous account's Email.
For me it is still over kill.


# by Lambert
# - hashed:     domain.ltd/username-2009.09.04.12.05.33/
# - non-hashed: domain.ltd/username/
MAILDIR_APPEND_TIMESTAMP = False





7. To make the virtual user's maildir cleaner, remove MailDir/ from account Email folder:

Tweak dovecot under iRedMail.
Please notice, by default dovecot in iRedMail does not include /etc/dovecot/conf.d folder.
So to make it clean, better just make changes in file: [dovecot.conf]



# by Lambert
#mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
# iRedMail default MailDir style:
## /var/vmail/vhosts/milliondollarserver.com/lambert.lu/MailDir/new/
mail_location = maildir:/%Lh/:INDEX=/%Lh/
# Lambert's tweak to make it cleaner
## /var/vmail/vhosts/milliondollarserver.com/lambert.lu/new/





8. Allow user to send email without authentication

Reference: iRedMail docs: Allow user to send email without authentication