Usefull postfix comands…..
this commands we use to troble shoot postfix issue.
To check postfix queue
#mailq
The last line in the output of above commands shows No. of mails in queue
You can use
mailq |tail -1
To check sasl auth
SASL (Simple Authentication and Security Layer) is used by posfix for SMTP authentication which inturn uses reverse IMAP
tail -f /var/log/messages|grep sasl
To check posfix logs
tail -f /var/log/maillog|grep postfix
To check for forward-loops
Example logs:
grep EF8BF618034 /var/log/maillog.7 Jun 30 11:56:37 inbound-us1 postfix/smtpd[27378]: EF8BF618034: client=smtp06.bis.na.blackberry.com[216.9.248.53] Jun 30 11:56:38 inbound-us1 postfix/cleanup[24076]: warning: EF8BF618034: unreasonable virtual_alias_maps map *nesting* for terry@5starmedical.net Jun 30 11:56:38 inbound-us1 postfix/cleanup[24076]: warning: EF8BF618034: unreasonable virtual_alias_maps map expansion size for terry@5starmedical.net
Note: the “map expansion size” warning shows up if the “virtual_alias_expansion_limit = 1000” limit is exceeded. In the nested looping case, the expansion crosses this limit.
root@xyz]# qshape-maia deferred
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 7545 47 75 56 65 292 665 1807 2486 1197 855
yahoo.com 3581 20 51 30 37 227 406 1004 1431 327 48
yahoo.co.in 1932 10 1 7 10 40 173 582 756 203 150
yahoo.in 74 0 0 1 1 1 16 45 10 0 0
linked5.com 46 5 11 0 0 2 0 28 0 0 0
bsgroup.com 34 0 0 0 0 0 0 0 0 0 34
magicnet.mn 34 0 0 0 0 0 0 0 0 34 0
vsnl.com 22 0 0 0 0 0 0 2 5 0 15
airtelbroadband.in 22 0 0 0 0 0 8 3 6 0 5
vsnl.net 21 0 0 0 0 0 1 0 4 0 16
ymail.com 18 1 1 0 0 2 4 9 1 0 0
nirma.co.in 15 0 0 0 0 0 0 7 8 0 0
gmail.co 13 0 0 0 0 0 0 2 1 0 10
lared.com.ar 13 0 0 0 0 0 0 0 0 13 0
redifmail.com 12 0 0 0 0 0 0 3 4 2 3
backupeast.bizmaticsinc.com 11 0 0 0 0 0 0 2 4 0 5
shgl.com.my 10 0 0 0 0 0 0 0 3 0 7
swarajenterprise.com 10 0 0 0 0 0 0 0 1 0 9
digitalsolutions.co.in 10 0 0 0 0 0 0 1 4 0 5
eppl.in 9 0 0 0 0 0 0 0 8 0 1
List of domains that are being deferred
[root@xyz]# qshape-maia -s deferred
T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 5598 20 41 34 67 243 488 1253 1683 1044 725
venderporinternet.com.ar 524 0 0 0 0 0 0 0 0 524 0
bizmaticsinc.com 220 2 0 1 1 40 164 2 4 1 5
itdevenezuela.com 201 0 0 0 0 0 0 13 140 48 0
contactxindia.com 194 0 0 1 0 1 7 72 107 6 0
jvfinancial.co.in 193 0 0 0 0 0 0 189 0 0 4
indiratrade.com 156 0 0 0 0 0 0 1 4 151 0
balavikasa.org 135 3 2 3 4 10 20 27 39 20 7
aquaplusltd.com 103 0 0 0 0 0 0 1 102 0 0
gsecin.com 92 0 0 0 0 0 10 58 0 23 1
linked5.com 75 0 7 1 0 6 0 15 25 18 3
eyeglobal.com 59 0 0 0 0 0 3 28 26 1 1
dhlh3.com 58 1 7 1 22 19 0 2 6 0 0
dpaulstravel.com 56 0 0 0 0 1 16 26 10 0 3
bsgroup.in 55 0 1 0 1 1 2 3 11 0 36
sherrymo.com 54 0 0 0 0 0 6 22 23 3 0
face.mn 52 0 0 0 2 0 7 0 10 30 3
mywebmaker.in 51 0 0 0 0 0 0 0 45 3 3
lawofficewilliamsterns.com 51 0 0 0 0 0 0 0 0 0 51
mansishares.in 50 0 0 0 0 0 45 5 0 0 0
Checking Specific mail from queue
- If you want to check specific mail from queue
Check Message ID from mailq command-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- D5EB71AEA45* 54559 Wed Feb 13 06:56:01 delhi@sandalwoodresidential.net roxy@bol.net.in rshankerchy@yahoo.co.inIn the Above Example the first alphanumberical part in caps D5EB71AEA45 is the messages id.
To view the full mailspostcat -q D5EB71AEA45
If you an error postcat: fatal: open queue file D5EB71AEA45: No such file or directory
Then it means mail has been delivered or removed using postsuper
Removing Specific mail from queue
- If you want to remove specific mail from queue
postsuper -d D5EB71AEA45
Sorting queued mails by From address:
# mailq | awk '/^[0-9,A-F]/ {print $7}' | sort | uniq -c | sort -n
- If there are lots of mails of a particular sender that are queued and you are sure that they are spam/scam, you can suspend all deliveries by putting the queue on hold using the command:
# postsuper -h ALL
This should give you some output like:
postsuper: Placed on hold: 1625 messages
You can then remove mails selectively using the commands outlined below:
Removing Mails based on sender Address
- if you want to remove all mails sent by peggysj@msn.com from the queue
# mailq| grep '^[A-Z0-9]'|grep peggysj@msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
- or, if you have put the queue on hold, use
# mailq | awk '/^[0-9,A-F].*capitalone@mailade.com/ {print $1}' | cut -d '!' -f 1 | postsuper -d -to remove all mails being sent using the From address “capitalone@mailade.com”.
Removing Mails based on Domain
- if you want to remove all mails sent by the domain msn.com from the queue
mailq| grep '^[A-Z0-9]'|grep @msn.com|cut -f1 -d' ' |tr -d \*|postsuper -d -
If you have placed the queue on hold, make sure you release it after you’ve finished deleting mails:
# postsuper -H ALL postsuper: Released from hold: 238 messages
SMTP Connections Monitoring
- tail -f /var/log/maillog|grep postfix
Check if the mails are being delivered in the local and remote queue.
- netstat -ant | grep 25
To check if SMTP connections are established on port 25.
- To check no of SMTP connections established on port 25.
netstat -ant 2> /dev/null | awk '{print $4" "$6}' | egrep '[0-9]+.[0-9]+.[0-9]+.[0-9]+:25' | grep ESTABLISHED | wc -l
- To stop SMTP service.
Coment this line in /etc/postfix/master.cfsmtp inet n - n - 300 smtpd
Relaod Posfix
postfix reload
- To start SMTP service.
Uncoment this line in /etc/postfix/master.cfsmtp inet n - n - 300 smtpd
Relaod Posfix
postfix reload
Checking policyd logs
Policyd is an anti-spam plugin for Postfix current installed Rclub_LB.mailbox.inbound.us.5 as Centralized plugin
tail -f /var/log/maillog|grep policyd
Replace the domain if you wanna remove the mails deffered for a particular domain
/usr/sbin/postqueue -p | grep '^[A-Z0-9]' | grep *flairpens.com* | cut -f1 -d' ' |tr -d \*|postsuper -d -
To remove all defered mails
/usr/sbin/postqueue -p | grep '^[A-Z0-9]' | cut -f1 -d' ' |tr -d \*|postsuper -d -
If you have any doubts feel free to contact me:
ashraf.mohammed83@gmail.com
Ashraf's Linux Blog 