postfix

configuration → server → email → postfix

Postfix is an email server. That is the software which is normally used to receive and send emails. Postfix supports the smtp protocol, which can be used to send and receive, but not for reading your mail. There are other services like pop3 or imap for that and they require further server software, which can then be configured to work together with postfix. Most of us use pre configured mail servers from free email providers and postfix can also be configured to act as a simple client for those.

Simplest use case: Postfix as a mail client

Cron jobs and custom scripts often use local accounts for monitoring purposes tend to send mails to different local users. A file called /etc/aliases redirects mails and often comes pre configured so, that root receives all mails. Services like smartd want a way to inform you about hard disk failures, also update services might be running as cron jobs and should have the right to inform you when critical updates are available for manual installation only. Here comes how you can redirect these mails to your mail address:

# /etc/postfix/main.cf
compatibility_level             = 2
relayhost                       = [smtp.example.com]:25
smtp_sasl_password_maps         = static:USERNAME:PASSWORD

smtp_sasl_auth_enable           = yes
smtp_tls_wrappermode            = yes
smtp_tls_security_level         = encrypt
smtp_sasl_tls_security_options  = noanonymous

Change USERNAME and PASSWORD as well as smtp.example.com and the port 25 to your needs, then set strict permissions, start postfix and send a test mail like so:

chmod 600 /etc/postfix/main.cf
systemctl start postfix && systemctl enable postfix
echo EMAIL > /root/.forward
echo test | mail -r EMAIL -s subject2 root

We created a file /root/.forward in which the target mail address or even addresses can be placed, but we could also have edited /etc/aliases and applied changes to that file by issuing /usr/bin/newaliases.

A complete mail server (this article is currently under construction)

The server is going to serve you smtp for sending and receiving mails, imap/pop3 to get and read your mails via an email program, on server anti spam handling and sieve mail filter capabilities. While similar setups periodically lead to exhausting step by step tutorials, I tried to to simplify everything as much as possible by dropping anything, which already comes pre-configured with postfix:

# /etc/postfix/main.cf
# Postfix version promise (opional, but take care for different default values!)
compatibility_level              = 2

# Network stuff
inet_interfaces                  = all
inet_protocols                   = ipv4

# Host definition
mydomain                         = jail.mail
#myhostname                       = www.$mydomain
#myorigin                         = $mydomain

# Mailbox folders
home_mailbox                     = Maildir/
virtual_mailbox_base             = /var/mail/vhosts

# LMTP
virtual_mailbox_domains          = typesafe.de mail.typesafe.de
virtual_transport                = lmtp:unix:private/dovecot-lmtp

# SASL
smtpd_sasl_auth_enable           = yes
broken_sasl_auth_clients         = yes
smtpd_sasl_type                  = dovecot
smtpd_sasl_path                  = private/auth
smtpd_sasl_security_options      = noplaintext, noanonymous
smtpd_relay_restrictions         = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_recipient_restrictions     = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# TLS
smtpd_use_tls                    = yes
smtpd_tls_auth_only              = yes
smtpd_tls_security_level         = may
smtpd_tls_key_file               = /etc/ssl/dovecot.key
smtpd_tls_cert_file              = /etc/ssl/dovecot.crt

# ================================================================================
# [HELP]
# 
# cd /etc/ssl/
# openssl genrsa -rand -genkey -out dovecot.key 4096
# openssl req -new -x509 -days 365 -key dovecot.key -out dovecot.crt -sha256
# ^ creates a 'self signed' certificate
# chmod 640 dovecot.key
#
# smtpd_tls_security_level=may  
#   makes TLS optional, because enforcing is not allowed on public servers

In this configuration smtpd_sasl_type and virtual_transport are the key for understanding what it actually does: Dovecot is used for authentication in which case smtpd_relay_restrictions will allow sending mails to other servers (which is called relay). The other way round when receiving mail dovecot also gets used over the lmtp protocol. Therefore we will now see how dovecot's lmtp configuration must look like:

Commands

postmap virtual - recreates the virtual.db from virtual postfix reload - reload configuration files