Skip to content

Instantly share code, notes, and snippets.

@chrisdchristo
Created November 29, 2013 13:52
Show Gist options
  • Save chrisdchristo/7705985 to your computer and use it in GitHub Desktop.
Save chrisdchristo/7705985 to your computer and use it in GitHub Desktop.
101: Postfix

101: Postfix

Postfix is an SMTP server MTA (Mail transfer agent) which handles sending and receiving emails. Install like so: sudo apt-get install postfix libsasl2-modules You will need ports 25 and ports 587 open on the firewall for SMTP and SSMTP.

Configuring

Open the postfix config file:

sudo nano /etc/postfix/main.cf

The following config file is setup to do encryption and use SASL for authentication.

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
delay_warning_time = 5s
readme_directory = no
 
# TLS
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_note_starttls_offer = yes
 
smtpd_tls_CAfile = /etc/ssl/custom/certs/official-my_domain-ad-inter.crt
smtpd_tls_key_file = /etc/ssl/custom/keys/official-www-my_domain-com.key
smtpd_tls_cert_file = /etc/ssl/custom/certs/official-www-my_domain-com.crt
 
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
 
tls_random_source = dev:/dev/urandom
 
# SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
 
# ALIAS
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
# NETWORK
mydomain = my_domain.com
myhostname = sub_domain.my_domain.com
myorigin = $mydomain
mydestination = $mydomain $myhostname localhost.$mydomain localhost www.$mydomain
mynetworks = 127.0.0.0/8
 
# OTHER
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
relay_domains = $mydestination
notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
inet_interfaces = all
inet_protocols = all
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit_inet_interfaces 

Once you have the config file setup, restart the SMTP server:

/etc/init.d/postfix restart

You can the change the config file at any point and just simply reload the server instead of restarting:

/etc/init.d/postfix reload

You can check your mail by running the mail command:

mail

Aliases

If you want certain email names to go to other users, you manage the aliases file. Open it up:

sudo nano /etc/aliases

If you want mail from userX to go to userY then you need a line like:

userX: userY

There is a special email name 'postmaster' which is required and it is a good idea to route all postmaster emails to the root user. Do the same for the special MAILER-DAEMON mail name.

# Required aliases
postmaster: root 
MAILER-DAEMON: postmaster

Also, its a good idea to route all root emails to a specific user, in this case chris will receive all root emails (and all postmaster emails via postmaster -> root -> chris).

# other 
root: chris 
abuse: postmaster 
spam: postmaster 
support: postmaster 
info: postmaster 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment