How to Install Postfix Mail Server For Ubuntu

I will try to install postfix mail server and configure authentication by following ubuntu.com and taking short notes.

To install postfix:

sudo apt-get install postfix

Choose: Internet Site configuration

To configure postfix after installation:

sudo dpkg-reconfigure postfix

Configure Postfix to do SMTP AUTH using SASL (saslauthd):

The following configuration parameters will be stored in /etc/postfix/main.cf file.

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'

Next edit /etc/postfix/sasl/smtpd.conf and add the following lines:

pwcheck_method: saslauthd
mech_list: plain login

Generate certificates to be used for TLS encryption and/or certificate Authentication:

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/

Configure Postfix to do TLS encryption for both incoming and outgoing mail:

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = server1.example.com' # remember to change this to yours

Restart the postfix daemon like this:

sudo service postfix restart

Authentication

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

First we edit /etc/default/saslauthd in order to activate saslauthd. Set START=yes and add the PWDIR, PARAMS, and PIDFILE lines and edit the OPTIONS line at the end:

START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
....
....
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

The next command may report an error that "--update given" and the "/var/spool/postfix/var/run/saslauthd" directory does not exist.
You can ignore this because when you start saslauthd next it will be created.

sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Finally, start saslauthd:

sudo /etc/init.d/saslauthd start

Using Port 587 for Secure Submission

If you want to use port 587 as the submission port for SMTP mail rather than 25 (many ISPs block port 25), you will need to edit /etc/postfix/master.cf and uncomment the line 

submission inet n - - - - smtpd

Testing

The following command sends email using system user (user1):

sendemail -f fromuser@domain.com -t touser@anotherdomain.com -u subject -m "message" -s localhost:587 -o tls=no -xu user1 -xp password

To get info about mail server:

msmtp --serverinfo --host=localhost --tls=off --tls-certcheck=off --port 587

Note: If you want to send email from another place, you should allow related ports (ex: 587 or 25) on firewall and use server address instead of localhost.

sudo ufw allow 25
sudo ufw allow 587

 

More: https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu

Share Share Editor: editor | Posted: 2015/01/24 | Views: 7183

Comments

17 + 16 =
Home | Search | Contact | Terms
Editor