Difference between revisions of "Postfix"

From Michael's Information Zone
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 47: Line 47:
 
</pre>
 
</pre>
  
==MTA Relay==
+
==Client Access==
Running Rocky Linux on Digital Ocean.
+
*https://www.tutorials point.com/linux_admin/linux_admin_set_up_postfix_mta_and_imap_pop3.htm<br>
 +
SMTP and IMAPS access
 +
 
 +
==Transport Map==
 +
I needed to specify to my external server to send emails to the internal server when they are received.
 +
<ref>https://www.linuxbabe.com/mail-server/postfix-transport-map-relay-map-flexible-email-delivery</ref>
 +
*Create the map file showing which relay to use for which domain. In my case I told it to relay mail for my domain to the server in my home.
 +
<pre>
 +
echo 'yourdomain.com      :[mx2.yourdomain.com]:587' >> /etc/postfix/transport
 +
postmap /etc/postfix/transport
 +
</pre>
 +
*Then specify it in main.cf
 +
<pre>
 +
transport_maps = hash:/etc/postfix/transport
 +
</pre>
 +
*Restart postfix
  
 
==Virtual Domains==
 
==Virtual Domains==
Line 54: Line 69:
 
===Adding users===
 
===Adding users===
 
<ref>https://www.serverwatch.com/guides/adding-users-and-aliases-for-postfix/</ref>
 
<ref>https://www.serverwatch.com/guides/adding-users-and-aliases-for-postfix/</ref>
 +
Go to the virtual mailbox maps file and add the mapping for the new user
 +
<pre>
 +
echo 'testuser@yourdomain.com yourdomain.com/testuser' >> /etc/postfix/vmailbox
 +
postmap /etc/postfix/vmailbox
 +
mkdir /var/mail/vhosts/yourdomain.com/user
 +
chown 5000:5000 /var/mail/vhosts/yourdomain.com/user
 +
systemctl restart postfix
 +
</pre>
 +
 
===Maildir===
 
===Maildir===
 
<ref>https://www.postfix.org/VIRTUAL_README.html#virtual_mailbox</ref><ref>https://en.wikipedia.org/wiki/Maildir#:~:text=The%20Maildir%20e%2Dmail%20format,are%20added%2C%20moved%20and%20deleted.</ref>This will be helpful for structuring emails without additional infrastructure.
 
<ref>https://www.postfix.org/VIRTUAL_README.html#virtual_mailbox</ref><ref>https://en.wikipedia.org/wiki/Maildir#:~:text=The%20Maildir%20e%2Dmail%20format,are%20added%2C%20moved%20and%20deleted.</ref>This will be helpful for structuring emails without additional infrastructure.
 +
Working with non-unix accounts and using the exampled uid:gid of 5000, and using the default example of /var/mail/vhost/yourdomain.com/user :
 +
*First time setup we need to create the directory structure.
 +
<pre>
 +
mkdir -p /var/mail/vhosts/yourdomain.com
 +
chown -R mail:mail /var/mail/vhosts/
 +
mkdir /var/mail/vhosts/yourdomain.com/user
 +
chown 5000:5000 /var/mail/vhosts/yourdomain.com
 +
setfacl -d -m g:5000:rwx /var/mail/vhosts/yourdomain.com
 +
setfacl -d -m u:5000:rwx /var/mail/vhosts/yourdomain.com
 +
</pre>
 +
 +
==Security==
 +
===SMTP Restrictions===
 +
*Added to main.cf
 +
<pre>
 +
smtpd_helo_required = yes
 +
smtpd_helo_restrictions = reject_unknown_helo_hostname reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
 +
</pre>

Latest revision as of 09:33, 4 September 2022

Purpose

General Postfix notes collected while building a self hosted mail solution.

Infrastructure Overview

I am forced to use Comcast cable at home, obviously no one in their right mind would allow email sent from this network. I settled on placing the sending MTA relay in the could, while using the same relay in conjunction with an MTA at home for receiving emails. The MDA will be on on prem as well running only IMAPS and a web client that is TBD.

Basic Postfix Receive Emails for Domain

For receiving emails for a domain and delivering them locally. This uses default certificates and does not enforce the use of encryption. I was able to receive emails to both root and test system users with this from gmail. Root probably shouldn't be receiving emails.

  • main.cf
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mx1.yourdomain.com 
mydomain = yourdomain.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 450
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
  
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

Client Access

SMTP and IMAPS access

Transport Map

I needed to specify to my external server to send emails to the internal server when they are received. [1]

  • Create the map file showing which relay to use for which domain. In my case I told it to relay mail for my domain to the server in my home.
echo 'yourdomain.com      :[mx2.yourdomain.com]:587' >> /etc/postfix/transport
postmap /etc/postfix/transport
  • Then specify it in main.cf
transport_maps = hash:/etc/postfix/transport
  • Restart postfix

Virtual Domains

[2]This prevents delivering to local system accounts, which will be important as I will want to manage the accounts independently of the mail servers themselves.

Adding users

[3] Go to the virtual mailbox maps file and add the mapping for the new user

echo 'testuser@yourdomain.com yourdomain.com/testuser' >> /etc/postfix/vmailbox
postmap /etc/postfix/vmailbox
mkdir /var/mail/vhosts/yourdomain.com/user
chown 5000:5000 /var/mail/vhosts/yourdomain.com/user
systemctl restart postfix

Maildir

[4][5]This will be helpful for structuring emails without additional infrastructure. Working with non-unix accounts and using the exampled uid:gid of 5000, and using the default example of /var/mail/vhost/yourdomain.com/user :

  • First time setup we need to create the directory structure.
mkdir -p /var/mail/vhosts/yourdomain.com
chown -R mail:mail /var/mail/vhosts/
mkdir /var/mail/vhosts/yourdomain.com/user
chown 5000:5000 /var/mail/vhosts/yourdomain.com
setfacl -d -m g:5000:rwx /var/mail/vhosts/yourdomain.com
setfacl -d -m u:5000:rwx /var/mail/vhosts/yourdomain.com

Security

SMTP Restrictions

  • Added to main.cf
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unknown_helo_hostname reject_non_fqdn_helo_hostname reject_invalid_helo_hostname