Table of Content

Commands
Postfix Queues
qshape
Remove specific mail
Undeliverable bounce messages
- Forward message and delete
TLS not even tried

Commands

Command	Description
`postqueue -p`	list all mails in the queue
`postqueue -i [post-queue-id]`	Tries to resend single mail with `[post-queue-id]`
`postqueue -f`	flushes queue + tryies to resnd mails which are still in the queue, if they fail again, they will be shown again in the queue
`postsuper -d ALL`	removes all mails from the queue
`postsuper -d ALL [postfix-queue-name]`	removes all waiting mails from specified queue
`postcat -q [post-queue-id]`	Displays message with `[post-queue-id]`
`postcat -qv [post-queue-id]`	Same as above but with more details
`qshape [postfix-queue-name]`	Displays amount of mails in `[postfix-queue-name]` sorted by passed time

Postfix Queues

Postfix is aware of several queues:

incoming: Inbound mail from the network, or mail picked up by the local pickup(8) daemon from the maildrop directory.
active: Messages that the queue manager has opened for delivery. Only a limited number of messages is allowed to enter the active queue (leaky bucket strategy, for a fixed delivery rate).
deferred: Mail that could not be delivered upon the first attempt. The queue manager implements exponential backoff by doubling the time between delivery attempts.
corrupt: Unreadable or damaged queue files are moved here for inspection.
hold: Messages that are kept “on hold” are kept here until someone sets them free.

qshape

As mentioned qshape can displays the amount of mails inside a queue. To do so, just specify the name fo the queue after qshape. For each domain find in the mails, a new line will be created which looks something like this:

$ qshape deferred
                                         T  5 10 20 40 80 160 320 640 1280 1280+
                                  TOTAL 11  0  0  0  0  0   0   1   0    2     8
                 myfriendscooldomain.at  8  0  0  0  0  0   0   1   0    2     5
                               test.com  1  0  0  0  0  0   0   0   0    0     1
                            klumpat.com  1  0  0  0  0  0   0   0   0    0     1
                      anotherfriend.net  1  0  0  0  0  0   0   0   0    0     1

If you are interested, from whom they got sent, you can add the parameter -s and will get the same but instead of using the recepient, it will use the sender information:

                                         T  5 10 20 40 80 160 320 640 1280 1280+
                                  TOTAL 11  0  0  0  0  0   0   1   0    2     8
                   my-own-cooldomain.at  8  0  0  0  0  0   0   1   0    2     5
                               genau.at  1  0  0  0  0  0   0   0   0    0     1
                              freili.at  1  0  0  0  0  0   0   0   0    0     1
                        supersecret.org  1  0  0  0  0  0   0   0   0    0     1

Of course you can modify the rows contianig the time filter (so called buckets) amount.

If you stick with the normal output (using geometric age sequence), you can specify the first bucket using the parameter -t [bucket_time_in_minute] and also the amount with -b [bucket_count].

This will change our output like this for example:

$ qshape -t 10 -b 15 deferred
                        T 10 20 40 80 160 320 640 1280 2560 5120 10240 20480 40960 81920 81920+
                 TOTAL 11  0  0  0  0   0   1   0    2    4    4     0     0     0     0      0
myfriendscooldomain.at  8  0  0  0  0   0   1   0    2    3    2     0     0     0     0      0
              test.com  1  0  0  0  0   0   0   0    0    0    1     0     0     0     0      0
           klumpat.com  1  0  0  0  0   0   0   0    0    0    1     0     0     0     0      0
     anotherfriend.net  1  0  0  0  0   0   0   0    0    1    0     0     0     0     0      0

On the other hand, if you don’t like the geometrical approach, you can switch to liniar as well, using the parameter -l in addition:

                        T 10 20 30 40 50 60 70 80 90 100 110 120 130 140 140+
                 TOTAL 11  0  0  0  0  0  0  0  0  0   0   0   0   0   0   11
myfriendscooldomain.at  8  0  0  0  0  0  0  0  0  0   0   0   0   0   0    8
              test.com  1  0  0  0  0  0  0  0  0  0   0   0   0   0   0    1
           klumpat.com  1  0  0  0  0  0  0  0  0  0   0   0   0   0   0    1
     anotherfriend.net  1  0  0  0  0  0  0  0  0  0   0   0   0   0   0    1

Remove specific mail

$ root@host$ ~/ postqueue -p | grep "email@example.com"
056CB129FF0*    5513 Sun Feb 26 02:26:27  email@example.com

$ root@host$ ~/postsuper -d 056CB129FF0

Undeliverable bounce messages

Forward message and delete

Undeliverable (local) bounce messages stay in your postfix queue. If you want to get them cleaned and stored in a different mail queue, you can use the folloging postfix configuration inside of main.cf

bounce_queue_lifetime = 0
notify_classes = 2bounce
2bounce_notice_recipient = undeflivered@<yourdomain.tld>

With setting bounce_queue_lifetime = 0 you disable resends of mail delivery where it failed temporary. What does that mean, if the destination mail server is for some reasone not reachable, it will not resend the mail(s).

bounce_queue_lifetime specifies the threshold, how long mails, which failed to get delived due to a temporary error (like host not reachable, could not resolve hostname,…), are kept in the queue untill they get fanished.

notify_classes specifies the list of reported error classes which get sent to postmaster.

These postmaster notifications do not replace user notifications. Keep in mind, that these notifications may contain sensitive data! So if you forward certon error classes to a mailgroup, you maybe transfere data which you don’t want to share.

2bounce is the error class for undeliverable bounced mails. To specify the destination, instead of default (postmaster), you have to use 2bounce_notice_recipient.

2bounce_notice_recipient contains the recipient of undeliverable mail that cannot be returned to the sender. This feature is enabled with the notify_classes parameter.

TLS not even tried

If you have your postfix config prepared to use TLS but it still does not even try to use it, it could be due to Cisco PIX bug if your FW is from them. Postfix added a workarround config parameter for that which goes into your main.cf file and looks like this smtp_pix_workarounds = delay_dotcrlf

https://www.postfix.org/postconf.5.html#smtp_pix_workaround_maps

smtp_pix_workarounds (default: disable_esmtp, delay_dotcrlf)

A list that specifies zero or more workarounds for CISCO PIX firewall bugs. These workarounds are implemented by the Postfix SMTP client. Workaround names are separated by comma or space, and are case insensitive. This parameter setting can be overruled with per-destination smtp_pix_workaround_maps settings.

delay_dotcrlf : Insert a delay before sending .<CR><LF> after the end of the message content. The delay is subject to the smtp_pix_workaround_delay_time and smtp_pix_workaround_threshold_time parameter settings.

disable_esmtp: Disable all extended SMTP commands: send HELO instead of EHLO.

This feature is available in Postfix 2.4 and later. The default settings are backwards compatible with earlier Postfix versions.

Sharing is caring