10 Feb 2008 chkrootkit: false positive on port 465
On my Debian Etch server I’ve got Zimbra Open Source Edition mail solution installed and when I use chkrootkit to scan for rootkits it reports the following
Checking `bindshell'... INFECTED (PORTS: 465)
After a quick research I realized that this port 465 is SMTP over SSL on a Zimbra installation.
Further investigation reveals that port 465 is run by
# fuser -vn tcp 465
USER PID ACCESS COMMAND
465/tcp: root 19053 F.... master
And then I checked pid 19053
# ps aux|grep 19053 root 19053 0.0 0.2 6628 1236 ? Ss Feb09 0:00 /opt/zimbra/postfix-2.4.3.4z/libexec/master
This tells me that the postfix daemon is running on port 465 and obviously chkrootkit is giving me a false positive.
Tags: chkrootkit, fuser, Postfix, rootkit, Zimbra
Posted by Hans-Henry Jakobsen
09 Feb 2008 Alias root mail to an Zimbra account
To receive root mail from the server I’ve had to make a change in the /opt/zimbra/postfix-2.4.3.4z/conf/aliases file. Uncomment the following line
root: user@example.com
The postfix daemon have to reread it’s config files before this change is recognized.
Do the following as zimbra user
/opt/zimbra/bin/postfix reload
Posted by Hans-Henry Jakobsen
03 Feb 2008 Problem sending e-mail from console
After installing Zimbra 5.0.x on my Debian Etch 4.0 server some of my shell scripts couldnæt send mail anymore. The reason to this behaviour was that I hadn’t removed the Exim mail server package, and I wouldnt do it either.
The solution to this problem was to remove exim or locate the sendmail binaries and remove the symlinks to exim as emailer client and create symlinks to Zimbra’s Postfix sendmail binary. I did the latter
# whereis sendmail sendmail: /usr/sbin/sendmail /usr/lib/sendmail # rm /usr/sbin/sendmail # ln -s /opt/zimbra/postfix-2.4.3.4z/sbin/sendmail sendmail # rm /usr/lib/sendmail # ln -s /opt/zimbra/postfix-2.4.3.4z/sbin/sendmail sendmail
Now my scripts can send e-mails as expected.
Tags: exim, Postfix, sendmail, Zimbra
Posted by Hans-Henry Jakobsen
09 Sep 2007 How to configure postfix virtual domains
I will assume that your postfix configuration directory is /etc/postfix and your postfix version is around 2.0.14
1. Edit /etc/postfix/virtual This is a plaintext file where you can specify the domains and users to accept mail for. Each virtual domain should begin with a single line containing the domain name. The subsequent lines define addresses at the domain that are deliverable. Mail will be delivered to local usernames on the right side, as demonstrated in the example below. The condition @domain allows you to deliver “all other” mail to the indicated user. You can list multiple domains in this file; just repeat the format demonstrated below.
example.com this-text-is-ignored postmaster@example.com postmaster address1@example.com destuser1 address2@example.com destuser2 @example.com destuser1
2. Edit /etc/postfix/main.cf
You have to tell postfix where to look for these virtual alias mappings; the appropriate configuration directive is in the main postfix configuration file. This tells postfix to use the db-format (hash) version of your virtual mappings. Note that your system must have db support for this to work; also, the actual db file is not created until you run ‘postmap’ in step 3.
virtual_alias_maps = hash:/etc/postfix/virtual
3. Refresh configuration and mappings
Since you’ve changed main.cf, you should restart the daemon. The second command below updates the virtual mappings; you must run this ‘postmap’ command when you change your /etc/postfix/virtual file. The ‘postmap’ command actually creates the hash db file that postfix looks for.
postfix reload postmap /etc/postfix/virtual
Now try delivering mail to virtual domain addresses. If you encounter problems, check your mailer daemon system log and make sure your server configuration has been refreshed with ‘postfix reload’ and the ‘postmap’ commands.
Tags: Postfix, SMTP, virtual domains
Posted by Hans-Henry Jakobsen
30 Jul 2007 Look for obvious signs of trouble in Postfix
Postfix logs all failed and successful deliveries to a logfile. The file is usually called /var/log/maillog or /var/log/mail; the exact pathname is defined in the /etc/syslog.conf file.
Posted by Hans-Henry Jakobsen
