I will try to install postfix mail server and configure authentication by following ubuntu.com and taking short notes.
To install postfix:
sudo apt-get install postfix
To configure postfix after installation:
sudo dpkg-reconfigure postfix
Configure Postfix to do SMTP AUTH using SASL (saslauthd):
The following configuration parameters will be stored in /etc/postfix/main.cf file.
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
Next edit /etc/postfix/sasl/smtpd.conf and add the following lines:
pwcheck_method: saslauthd
mech_list: plain login
Generate certificates to be used for TLS encryption and/or certificate Authentication:
touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/
Configure Postfix to do TLS encryption for both incoming and outgoing mail:
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = server1.example.com' # remember to change this to yours
Restart the postfix daemon like this:
sudo service postfix restart
Authentication
sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules
First we edit /etc/default/saslauthd in order to activate saslauthd. Set START=yes and add the PWDIR, PARAMS, and PIDFILE lines and edit the OPTIONS line at the end:
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
....
....
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
The next command may report an error that "--update given" and the "/var/spool/postfix/var/run/saslauthd" directory does not exist.
You can ignore this because when you start saslauthd next it will be created.
sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
Finally, start saslauthd:
sudo /etc/init.d/saslauthd start
Using Port 587 for Secure Submission
If you want to use port 587 as the submission port for SMTP mail rather than 25 (many ISPs block port 25), you will need to edit /etc/postfix/master.cf and uncomment the line
submission inet n - - - - smtpd
Testing
The following command sends email using system user (user1):
sendemail -f fromuser@domain.com -t touser@anotherdomain.com -u subject -m "message" -s localhost:587 -o tls=no -xu user1 -xp password
To get info about mail server:
msmtp --serverinfo --host=localhost --tls=off --tls-certcheck=off --port 587
Note: If you want to send email from another place, you should allow related ports (ex: 587 or 25) on firewall and use server address instead of localhost.
sudo ufw allow 25
sudo ufw allow 587