How can I configure postfix so that Warden monitors all outgoing email?

By default Warden will only log outgoing email for ports 587 (Submission - if enabled), 465 (SMTPS outgoing), and PHP scripts (NON-SMTP). It will not log outgoing email on port 25 (SMTP incoming).

Normally most large email providers block sending on port 25 (Most ISPs stop their users from sending on port 25 also). You can configure postfix to not allow users to send using SMTP on port 25 that way Warden will monitor all outgoing email on the server. Make sure to notify your users that they must send out using port 587 (Submission) or port 465 (SMTPS outgoing) before hand! To enable SMTP service on port 587 go to Tools & Settings -> Mail Server Settings -> Enable SMTP service on port 587 on all IP addresses option.

To disallow users to send out on port 25:

Edit the file /etc/postfix/master

Before:

smtp      inet  n       -       n       -       -       smtpd

After:

smtp      inet  n       -       n       -       -       smtpd -o smtpd_sasl_auth_enable=no

Reload postfix:

postfix reload

To allow legacy clients to connect to port 587 without using TLS encryption change the smtpd_tls_security_level option from "encrypt" to "may" (this is optional and only recommended if you have legacy email clients connecting):

Edit the file /etc/postfix/master

Before:

submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination -o smtpd_milters=unix:/var/run/spamass-milter/postfix/sock,unix:/var/run/clamav-milter/clamav-milter.sock,inet:127.0.0.1:12768

After:

submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination -o smtpd_milters=unix:/var/run/spamass-milter/postfix/sock,unix:/var/run/clamav-milter/clamav-milter.sock,inet:127.0.0.1:12768

Reload postfix:

postfix reload

Tracking PHP mail

  1. In Warden under Settings -> Anti-spam Milter Settings -> make sure that "Scan outgoing Non-SMTP" is checked.
  2. In each of your php.ini settings make sure that "mail.add_x_header" is set to On.

Example: To enable the X-PHP-Originating-Script header for PHP 7.0 so that it can be used by Warden.

Edit the file /opt/plesk/php/7.0/etc/php.ini

; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = On

Restart the PHP 7.0 FPM handler:

service plesk-php70-fpm.service restart

Repeat the procedure for every version of PHP that you want Warden to track.

 

 

  • outgoing mail
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Why isn't autolearning working for me (autolearn=no) ?

Lots of people seem to be confused by the "autolearn=no" statement in the default X-Spam-Status...

I get the a 502 gateway error when clicking on the application. How can I fix this?

This can usually be fixed by just restarting the Plesk interface:/etc/init.d/psa restart

How can I fix the error WARNING: Ignoring deprecated option AllowSupplementaryGroups after upgrading to ClamAV 1.00?

The AllowSupplementaryGroups option was deprecated in ClamAV 1.00. If this option is present in...

How can I fix the error: spamass-milter[27944]: Could not extract score from <> ?

When you look at your email log you see: spamass-milter[27944]: Could not extract score from...

How can I stop encrypted archives from being allowed though ClamAV?

For ClamAV 0.100 and belowUnder Warden -> Settings -> Scanning Settings -> Block...