Basic guide to setting up postfix

Postfix is a very popular open source Mail Transfer Agent (MTA) that can be used to route and deliver email on a Linux system. It is estimated that around 25% of public mail servers on the internet run Postfix.

In this guide, we’ll teach you how to get up and running quickly with Postfix on an Ubuntu 14.04 server.

Prerequisites

In order to follow this guide, you should have a Fully Qualified Domain Name pointed at your Ubuntu 14.04 server. You can find help on setting up your domain name with DigitalOcean by clicking here.

Install the Software

The installation process of Postfix on Ubuntu 14.04 is easy because the software is in Ubuntu’s default package repositories.

Since this is our first operation with apt in this session, we’re going to update our local package index and then install the Postfix package:

sudo apt-get update
sudo apt-get install postfix

You will be asked what type of mail configuration you want to have for your server. For our purposes, we’re going to choose “Internet Site” because the description is the best match for our server.

Next, you will be asked for the Fully Qualified Domain Name (FQDN) for your server. This is your full domain name (like www.mydomain.com). Technically, a FQDN is required to end with a dot, but Postfix does not need this. So we can just enter it like:

www.mydomain.com

The software will now be configured using the settings you provided. This takes care of the installation, but we still have to configure other items that we were not prompted for during installation.

Configure Postfix

We are going to need to change some basic settings in the main Postfix configuration file.

Begin by opening this file with root privileges in your text editor:

sudo nano /etc/postfix/main.cf

First, we need to find the myhostname parameter. During the configuration, the FQDN we selected was added to the mydestination parameter, but myhostname remained set to localhost. We want to point this to our FQDN too:

myhostname = www.mydomain.com

 

THIS IS NOT REQUIRED FOR A SEND ONLY BASED MAIL SERVER

If you would like to configuring mail to be forwarded to other domains or wish to deliver to addresses that don’t map 1-to-1 with system accounts, we can remove the alias_maps parameter and replace it withvirtual_alias_maps. We would then need to change the location of the hash to/etc/postfix/virtual:

virtual_alias_maps = hash:/etc/postfix/virtual

As we said above, the mydestination parameter has been modified with the FQDN you entered during installation. This parameter holds any domains that this installation of Postfix is going to be responsible for. It is configured for the FQDN and the localhost.

One important parameter to mention is the mynetworks parameter. This defines the computers that are able to use this mail server. It should be set to local only (127.0.0.0/8 and the other representations). Modifying this to allow other hosts to use this is a huge vulnerability that can lead to extreme cases of spam.

To be clear, the line should be set like this. This should be set automatically, but double check the value in your file:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

EG:89.89.89.89 would look like

mynetworks
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.89.89.89

For a development server

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated

 

There are other restrictions you can add, here is a start.

http://serverfault.com/questions/775415/postfix-noqueue-reject-rcpt-from-unknown#answer-775442

Configure Additional Email Addresses

We can configure additional email addresses by creating aliases. These aliases can be used to deliver mail to other user accounts on the system.

If you wish to utilize this functionality, make sure that you configured the virtual_alias_maps directive like we demonstrated above. We will use this file to configure our address mappings. Create the file by typing:

sudo nano /etc/postfix/virtual

In this file, you can specify emails that you wish to create on the left-hand side, and username to deliver the mail to on the right-hand side, like this:

blah@www.mydomain.com username1

For our installation, we’re going to create a few email addresses and route them to some user accounts. We can also set up certain addresses to forward to multiple accounts by using a comma-separated list:

blah@www.mydomain.com        demouser
dinosaurs@www.mydomain.com   demouser
roar@www.mydomain.com        root
contact@www.mydomain.com     demouser,root

Save and close the file when you are finished.

Now, we can implement our mapping by calling this command:

sudo postmap /etc/postfix/virtual

Now, we can reload our service to read our changes:

sudo service postfix restart

SMTP Authentication for Mail servers

SMTP AUTH for mail server is a feature that is often required to relay mail through other mail servers. To enable SMTP AUTH for Postfix, acting as mail client in this scenario, you need to do the following steps:

Procedure 10. Configure SMTP AUTH for mail servers

  1. Provide a file, which will holds necessary information about credentials
  2. Configure Postfix to enable SMTP AUTH for the smtp daemon
  3. Configure Postfix to use the file with the SASL credentials.

 

Add credentials to sasl_passwd

Postfix, acting as mail client in this scenario, will need to be able to
  1. know when to provide a username and password
  2. pick the right credentials when there is more than one mail server who requires Postfix to SMTP AUTH

1. Enter credentials

These informations are layed down in /etc/postfix/sasl_passwd (if file doesn’t exists, please create):

less /etc/postfix/sasl_passwd
# www.mydomain.com   username:password
# www.mydomain.com   username:password

 

 

2. Secure sasl_passwd

As you have noticed, the credentials in sasl_passwd are entered plaintext. That means that anybody who can open the file will be able to read this sensitive information. Therefore we change ownership and permission to root and r/w only.

chown root:root /etc/postfix/sasl_password && chmod 600 /etc/postfix/sasl_password

 

ls -all /etc/postfix/sasl_password
-rw-------    1 root     root           79 Dec 30 23:50 /etc/postfix/sasl_password

 

3. Create sasl_passwd DB file

Now that we have set correct ownership and permissions there is one more thing to do. A plaintext file can’t be read as fast as database. Postfix requires this file to be a database, because it doesn’t want to spend a lot of time looking the credentials up when it needs to get it’s job done. We create a sasl_passwd.db with the help of postmap:

postmap hash:/etc/postfix/sasl_password

After that there will be a new file sasl_passwd.db in /etc/postfix/.

ls -all /etc/postfix/sasl_password.db
-rw-------    1 root     root        12288 Mar 13 23:13 /etc/postfix/sasl_password.db

 


Enable SMTP AUTH

There are only three options that you must set to enable SMTP AUTH for mail servers in Postfix.

 

1. Enable SMTP AUTH

The first thing we do is enabling SMTP AUTH for the smtp daemon. We open main.cf and enter some documentation first and then we set smtp_sasl_auth_enable to yes.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes

 

2. Set path to sasl_passwd

Then we tell Postfix where to find sasl_passwd by adding smtp_sasl_password_maps = hash:/path/to/sasl_passwd to the configuration.

smtp_sasl_password_maps = hash:/etc/postfix/sasl_password

 

3. Set security options

Finally we set security options. In our scenario we will allow Postfix to use anonymous and plaintext authentication. That’s why we set the paramter, but leave it empty:

smtp_sasl_security_options =

All settings together will give this listing in main.cf.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options =

 

acrontum03.serverportal1.de4. Reload Postfix

All that you need to do now is to reload Postfix and you’re ready to use your ISPs mail server to relay mail.

postfix reload
postfix/postfix-script: refreshing the Postfix mail system

 

Test your Configuration

You can test that your server can receive and route mail correctly by sending mail from your regular email address to one of your user accounts on the server or one of the aliases you set up.

Once you send an email to:

demouser@your_server_domain.com

You should get mail delivered to a file that matches the delivery username in /var/mail. For instance, we could read this message by looking at this file:

nano /var/mail/demouser

This will contain all of the email messages, including the headers, in one big file. If you want to consume your email in a more friendly way, you might want to install a few helper programs:

sudo apt-get install mailutils

This will give you access to the mail program that you can use to check your inbox:

mail

This will give you an interface to interact with your mail.

Linux Mint & Vagrant

This article will cover installing Vagrant on Linux Mint, but what is Vagrant? Vagrant is a useful tool for setting up testing and development virtual machines on Linux. Setting it up on Debian and Ubuntu based distributions like Linux Mint is quite straight forward and the following guide will go over the main steps. For further information, Vagrant itself has some great docs http://docs.vagrantup.com/v2/. It covers installation of Vagrant on various Linux distros as well as more advanced management and configuration, but here’s a quick start:

Installing Vagrant on Linux Mint

First, open up a terminal and install virtual box, the kernel sources and vagrant all in one neat step:

sudo apt-get install virtualbox virtualbox-dkms vagrant

sudo apt-get install virtualbox virtualbox-dkms vagrant

Please note that the version in Mint/Ubuntu’s repositories is not the latest one. If you’ve using tools such as PuPHPet you’ll need to grab the latest version of Vagrant from the Vagrant downloads page.

Make a new sub directory in your home folder for your Vagrant machines files to be stored in:

mkdir ~/vagrant

Now lets get create a VM. Pick what machine you want from the Vagrant Boxes (http://www.vagrantbox.es/). I’m going to use Debian 7.3. You need to copy the box URL.

Make sure you’re in your vagrant directory:

cd ~/vagrant

Initialise the vagrant box. This creates a configuration file for it which you can use to change key settings before you start it up

vagrant init debs http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box

Make configuration changes if you want to. I like to set a hostname and have the machine appear on my main network so I can access it from other computers

nano Vagrantfile

These are the additional lines I put in:

# Set the machines hostname<br />
config .vm.hostname = “debs7”

# Setup a network bridge
config.vm.network :public_network

Now you can start the vagrant box. It’ll download the image first time so it might be a little slow to get going.

vagrant up

Once done, you can access it using

vagrant ssh