Mail Status Report for Postfix Mail Service in CentOS7

This is a direct and simple task. We really want to see the details of mail service by analysing the maillog daily. It gives a clear picture of what happened during the time period. The system ppl and marketing ppl may use it for customer clarifications.
We have enabled mail log statistics reporting tools in CentOS 6/7 servers which run Postfix as the mail agent.
Please follow the steps here:

1. Installing mail log analyser

yum install  postfix-perl-scripts

This will install required script with perl modules. Just verify the proper work of it by running the command

perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog

which gives the details of the mail delivery of yesterday.

2. Enable automated reporting
You need to install 'nail' tool to send automated emails. Use this tool to send the output of the above command to required recipients.

e.g
/usr/bin/perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog | /usr/bin/nail -s "Mail status - company mail service `date --date="yesterday" +%d\ %B\ %Y`" -c systems@company.lk manager@company.lk

According to above example, a mail with yesterday mail status will be received by systems@company.lk and manager@company.lk

You can include the above command in a file located in where ever you prefer and change the mode to 770 for the script file enable executable mode.

 e.g. chmod 770  /home/<your_home_directory/mail_stats

In root crontab, include an entry to execute the script file at a preferred time

crontab -e

E.g.

30 12 * * * /home/your_home_directory/scripts/mail_stats

Open LDAP 2.4 - Adding mailing lists for Postfix MTA

When managing mailing list in Postfix with LDAP, it is required to have new alias objects created in the LDAP tree. You may need to enable attributes such as rfc822MailMember mailRoutingAddress attributes defined under nisMailAlias and inetLocalMailRecipient Object classes. These object classes are not enabled by default. You need to enable them by adding the misc.ldif

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f misc.ldif 

After adding the schema, you are allowed to create mailaliases in LDAP with above mentioned attributes. These attributes are used by Postfix to identify the mail recipients for a given mail address.

Below given example includes the ldif file to add  staff@mycompany.com to the LDAP attribute

dn: cn=staff,ou=mailAliases,dc=mycompany,dc=com
objectClass: nisMailAlias
objectClass: inetLocalMailRecipient
objectClass: top
mailRoutingAddress: staff@mycompany.com
rfc822MailMember: chamara@mycompany.com
rfc822MailMember:ceo@mycompany.com
rfc822MailMember: ruwan@mycompany.com

After adding the staff mail aliases, postfix should configured to read the mail aliases from LDAP at main.cf

virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf

Contents in the ldap-aliases.cf

server_host = [serverIP]
server_port = <port normally 389>
version = 3
search_base = dc=mycompany,dc=com
bind = yes
bind_dn = cn=ldapadmin,dc=mycompany,dc=com
bind_pw = <password>
scope = sub
query_filter = (mailRoutingAddress=%s)
result_attribute = rfc822MailMember
result_format = %u@%d
lookup_wildcards = no

Open LDAP 2.4 - Adding new schema and enabling existing schema

By default OpenLDAP having the core schema only. When adding entities to the LDAP database following structural schemas are very important and required. These schemas and related ldif files are already available at /etc/openldap/schema folder but may not be enabled. Following commands can be used to enable required schemas

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cosine.ldif 
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f nis.ldif

When LDAP is used as the authentication method of postfix or Dovecot, postfix schema is required (http://www.postfix.org/LDAP_README.html) but that is not shipped with OpenLDAP by default. You may need to download the schema from following URI (https://github.com/credativ/postfix-ldap-schema)

In any case if the URL is not available, I have given the data in the postfix schema

attributetype (

1.3.6.1.4.1.4203.666.1.200

NAME 'mailacceptinggeneralid'

DESC 'Postfix mail local address alias attribute'

EQUALITY caseIgnoreMatch

SUBSTR caseIgnoreSubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}

)

attributetype (

1.3.6.1.4.1.4203.666.1.201

NAME 'maildrop'

DESC 'Postfix mail final destination attribute'

EQUALITY caseIgnoreMatch

SUBSTR caseIgnoreSubstringsMatch

SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}

)

objectclass (

1.3.6.1.4.1.4203.666.1.100

NAME 'postfixUser'

DESC 'Postfix mail user class'

SUP top

AUXILIARY

MAY (

mailacceptinggeneralid $ maildrop

)

)

# Schema as required by Postfix: http://www.postfix.org/LDAP_README.html

You need to download this schema and place it in /tmp folder as you need to create the ldif file to integrate to the LDAP server. Good tutorial is available at https://www.youtube.com/watch?v=qAedVMMunk8 which describes how to enable a new schema for LDAP 2.4

References:
https://www.youtube.com/watch?v=qAedVMMunk8 - tutorial video
https://github.com/credativ/postfix-ldap-schema - Github postfix schema

LDAP and phpldapadmin

LDAP and Commands

I wanted to configure an openldap with phpldapadmin in CentOS 7. Earlier I used command line to create sub dcs for the ldap database and fed up with commands.On the other hand the GUI can be used to verify the commands which I have used to create/modify entries.

Commands I used:
To add entries
ldapadd -x -W -D "cn=youradmin,dc=yourdc" -f yourfile.ldif
To search components
apsearch -x 'uid=*' -b "dc=yourdomain"

phpldapadmin

It was very easy to install phpldapadmin by just adding the repo  'epel-release'

yum -y install epel-release

During the configuration, I has few minor issues due to firewall settings and SELinux but those were able to fix referring early experiences.

I suggest you to read the following reference to begin with the php LDAP administrator GUI.

Reference:
https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-configure-phpldapadmin-centos-7-ubuntu-16-04.html

This reference is also very valuable but still I did not completely followed.
  https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-an-ubuntu-14-04-server

Cleaning the /boot partition in Ubuntu

Eventually, the boot sector space filled with the downloaded  images which creates system issues. Following commands are useful in identifying old images in the /boot partition and purge them from the system.

Initially, use df -h command and get the information about the space of the partitions

#df -h
Filesystem                   Size  Used Avail Use% Mounted on
udev                         3.9G     0  3.9G   0% /dev
tmpfs                        787M  9.4M  778M   2% /run
/dev/mapper/ubuntu--vg-root  909G  255G  608G  30% /
tmpfs                        3.9G  348K  3.9G   1% /dev/shm
tmpfs                        5.0M  4.0K  5.0M   1% /run/lock
tmpfs                        3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda1                    472M  468M     0 100% /boot
tmpfs                        787M   64K  787M   1% /run/user/1000
This provides the space availability of each partition and clearly shows the /boot partition is fully filled.

Go to /boot and type following command to identify the installed images in the system

#cd /boot
#dpkg -l linux-image-\* | grep ^ii
ii  linux-image-4.4.0-108-generic       4.4.0-108.131 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-109-generic       4.4.0-109.132 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-112-generic       4.4.0-112.135 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-116-generic       4.4.0-116.140 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-121-generic       4.4.0-121.145 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-127-generic       4.4.0-127.153 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-128-generic       4.4.0-128.154 amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-108-generic 4.4.0-108.131 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-109-generic 4.4.0-109.132 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-112-generic 4.4.0-112.135 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-116-generic 4.4.0-116.140 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-121-generic 4.4.0-121.145 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-127-generic 4.4.0-127.153 amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP

Use uname command to check the current image version of the system

# uname -a 
Linux chamara-X556UAK 4.4.0-128-generic #154-Ubuntu SMP Fri May 25 14:15:18 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Use apt-get purge command to remove older versions of the images.
#  sudo apt-get purge linux-image-4.4.0-108
Reading package lists... Done
Building dependency tree      
Reading state information... Done
...
..
..
..
done
Purging configuration files for linux-image-4.4.0-108-generic (4.4.0-108.131) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.4.0-108-generic /boot/vmlinuz-4.4.0-108-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.4.0-108-generic /boot/vmlinuz-4.4.0-108-generic

Now you will see the space available has increased in the /boot partition