Postfix

From Omnia
Jump to navigation Jump to search

Configuration

To see the currently configured options:

postconf

SMTP Relay

Basic Relay

Relay all outbound email thorough this relay host:

/etc/postfix/main.cf:

relayhost = smtp.yourisp.com

Source: Howto configure postfix to use a remote SMTP relay host

Other: RH: The Home User

WARNING: Probably also want to deliver all mail to one mailbox, so see #Deliver all mail to one box

Might also need to comment this out if you see it:

# default_transport = error
# relay_transport = error

Relay on another port

/etc/postfix/main.cf:

transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:

oeey.com smtp:50.1.1.1:10025

Build hashmap:

postmap transport

Authenticated Relay

/etc/postfix/main.cf:

relayhost = 50.100.100.50
relay_domains = oeey.com
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_sasl_type = cyrus
# inet_interfaces = 127.0.0.1 50.1.1.2

/etc/postfix/sasl_passwd:

50.100.100.50    hsg-knowledgebase:h$g$!@#123

Build hashmap:

postmap sasl_passwd

Notes

Verify configuration that works:

/etc/postfix/main.cf:

relayhost = [SMTP_SERVER_ADDRESS]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_relay_password
smtp_sasl_security_options =

/etc/postfix/sasl_passwd:

[SMTP_SERVER_ADDRESS]       username:password
postmap /etc/postfix/sasl_passwd


Postfix SASL Howto: Enabling SASL authentication in the Postfix SMTP client:

/etc/postfix/main.cf:

   smtp_sasl_auth_enable = yes
   smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
   smtp_sasl_type = cyrus
   relayhost = [mail.myisp.net]
   # Alternative form:
   # relayhost = [mail.myisp.net]:submission

/etc/postfix/sasl_passwd:

   [mail.myisp.net]            username:password
   [mail.myisp.net]:submission username:password

Execute the command "postmap /etc/postfix/sasl_passwd" whenever you change the sasl_passwd table.



Implementing Upstream SMTP Authentication for Postfix - RedWall:

  • Includes instructions for both basic and TLS relay host authentication


Postfix Configure Client SMTP Authentication ( Smarthost Authentication ):

/etc/postfix/password:

#smtp.isp.com       username:password
smtp.vsnl.in         vivek@vsnl.in:mySecretePassword
chown root:root /etc/postfix/password
chmod 0600 /etc/postfix/password
postmap hash:/etc/postfix/password

/etc/postfix/main.cf:

relayhost = smtp.vsnl.in
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

Execute:

/etc/init.d/postfix reload

Test:

echo -e "Subject: test\n\ntest" | mail -s 'Test' some@email.com
tail -f /var/log/maillog


Postfix relay to authenticated ISP SMTP server? - Topic Powered by Eve For Enterprise

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #<------------You need to create this file.
smtp_sasl_type = cyrus
smtp_sasl_mechanism_filter = plain, login #<------- List of supported AUTH methods. My ISP 
                                          # lies and says they support other methods - they don't.

Some howtos I googled:


Issues

No worthy mechs found

If you get the following error:

Jul 30 09:44:43 HSG-KB1 postfix/smtp[18240]: warning: SASL authentication failure: No worthy mechs found
Jul 30 09:44:43 HSG-KB1 postfix/smtp[18240]: 3C479170051F: ... status=deferred
    (SASL authentication failed; cannot authenticate to server 50.100.100.50[50.100.100.50]: no mechanism available)

This means your postfix installation is missing the basic auth mechanisms:

try:

yum install cyrus-sasl-plain  # red hat
apt-get install libsasl2-modules  # debian

This will install several libraries to:

/usr/lib/sasl2/

Outbound Alias

/etc/postfix/main.cf:

smtp_generic_maps = hash:/etc/postfix/generic
echo 'root yourusername@yourdomain.com' >> /etc/postfix/generic
echo 'www-data yourusername@yourdomain.com' >> /etc/postfix/generic
postmap /etc/postfix/generic
service postfix restart

Ref: email - Change outgoing mail address from root@servername - rackspace sendgrid postfix - Stack Overflow - https://stackoverflow.com/questions/14370224/change-outgoing-mail-address-from-rootservername-rackspace-sendgrid-postfix

Delete ALL Messages in Queue

Delete ALL Messages:

postsuper -d ALL

Source: Dave Shuck's InstantSpot - How to delete all messages from Postfix mail server queue

Count Messages in Queue

mailq
### sudo find /var/spool/postfix/deferred/. ! -name '?' -print | wc -l

Drop ALL Outbound Mail

HOWTO: Postfix Drop Outbound External Mail:

"While testing an application, a user requested that I configure the mail server to only deliver to addresses within our company, but drop all mail sent outside. (We don’t want to accidentally bother customers.)

I was a little frustrated by this problem, but now I have a solution. The trick is to set up a transport map that leaves mail destined for our local domain as-is, but then drops everything else."

First, set up a transport file:

# cat transport
mydomain.com      :
.mydomain.com     :
*          discard:

Map it:

# postmap transport

Configure transport_maps in main.cf:

transport_maps = hash:/path/to/transport

Reload Postfix and send test messages. The discard service successfully “delivers” messages straight to the trash, like so:

Sep 15 14:55:10 myhost postfix/discard[16189]: 6F0A22E04E: to=<dannyman@toldme.com>, relay=none, delay=0, status=sent (toldme.com)

Source dannyman.toldme.com : HOWTO: Postfix Drops Outbound External Mail

Deliver all mail to one box

Create /etc/postfix/virtual-regexp with the following content:

/.+@.+/ email@gmail.com

Edit /etc/postfix/main.cf and add regexp:/etc/postfix/virtual-regexp to the virtual_maps configuration. The end result might look like this in main.cf:

virtual_maps = regexp:/etc/postfix/virtual-regexp
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp

Build the mapfile by typing:

postmap /etc/postfix/virtual-regexp

This also requires a virtual.db to exist. If it doesn't create an empty file called virtual and run : postmap /etc/postfix/virtual

Source:

Config Include Directive

Q: Is there some kind of 'include' directive for main.cf? [1]

A: No. Most administrators with complex configurations create a Makefile that will cat the necessary files together. If you have other regular administrative tasks, add them to your Makefile too. Your Makefile can have an entry something like this:

main.cf: file1 file2 file3

       cat file1 file2 file3 > main.cf.new
       mv main.cf.new main.cf

Then type make main.cf to rebuild your configuration file.

mail aliases

aliases - Postfix local alias database format

/etc/aliases:

# See man 5 aliases for format
postmaster:    kenneth
root:          kenneth
plex:          kenneth, paul

---

newaliases - Initialize the alias database
newaliases

Cyrus

POP3 and IMAP server.

yum install cyrus-imapd cyrus-sasl-plain
service cyrus-imapd restart

Config file: /etc/cyrus.conf

SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0
...

Cyrus Issues

/var/log/maillog:

badlogin: ws-202-73.oeey.net [216.119.202.73] PLAIN encryption needed to use mechanism

service saslauthd restart

Notes:

Apr  7 17:39:09 ws-199-19 pop3[3903]: unable to open Berkeley db /etc/sasldb2: No such file or directory

==> /var/log/maillog <==
Apr  7 17:39:09 ws-199-19 pop3[3903]: accepted connection
Apr  7 17:39:09 ws-199-19 master[3956]: about to exec /usr/lib/cyrus-imapd/pop3d
Apr  7 17:39:09 ws-199-19 pop3[3956]: executed
Apr  7 17:39:09 ws-199-19 pop3[3903]: badlogin: ws-202-73.oeey.net [216.119.202.73] APOP (<2253906216.1302219549@otrs.oeey.org>) SASL(-13): user not found: could not find password



==> /var/log/messages <==
Apr  7 17:39:57 ws-199-19 pop3[3903]: unable to open Berkeley db /etc/sasldb2: No such file or directory

==> /var/log/maillog <==
Apr  7 17:39:57 ws-199-19 pop3[3903]: badlogin: ws-202-73.oeey.net [216.119.202.73] APOP (<2253906216.1302219549@otrs.oeey.org>) SASL(-13): user not found: could not find password


saslpasswd2 -f /etc/sasldb2 -a root



==> /var/log/messages <==
Apr  7 17:45:02 ws-199-19 pop3[4243]: unable to open Berkeley db /etc/sasldb2: Permission denied

chmod 664 sasldb2


==> /var/log/maillog <==
Apr  7 17:45:38 ws-199-19 pop3[4243]: Unable to locate maildrop user.root: Mailbox does not exist



 vi main.cf

#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost

Dovecot

POP3 and IMAP server

NOTE: Much easier to configure than cyrus!!

Installation:

# Ubuntu
sudo apt-get install dovecot-imapd dovecot-pop3d
# Centos
yum install dovecot
service dovecot restart

Config File: /etc/dovecot.conf

Quick Dovecot Setup

You can use Dovecot for mail server

Install the packages

sudo apt-get install dovecot-imapd dovecot-pop3d

Configure the protocol you need to be used by appending the protocol in the file /etc/dovecot/dovecot.conf:

protocols = pop3 pop3s imap imaps

Choose the mailbox you would like to use. Dovecot supports maildir and mbox formats. Edit the file /etc/dovecot/dovecot.conf and change the line

mail_location = maildir:~/Maildir # (for maildir)

or

mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)

Restart the service

sudo /etc/init.d/dovecot restart

Use telnet to check that dovecot is working properly.

telnet localhost imap

ref: [2]

Dovecot issues

root not permitted

Error:

==> /var/log/maillog <==
Apr  7 17:53:32 ws-199-19 dovecot: pop3-login: Disconnected: rip=::ffff:216.119.202.73, lip=::ffff:216.119.199.19
Apr  7 17:53:42 ws-199-19 dovecot: Logins with UID 0 not permitted (user root)
Apr  7 17:53:42 ws-199-19 dovecot: pop3-login: Internal login failure: user=<root>, method=PLAIN, rip=::ffff:216.119.202.73, lip=::ffff:216.119.199.19

Solution:

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0

Note: that denying root logins is hardcoded to dovecot binary and can't be don

Examples

Ubuntu Internet Server with Smart Host

# main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = prf.oeey.us
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = prf.oeey.us, localhost.oeey.us, localhost
relayhost = mx1.oeey.us
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Prime Server Old

# main.cf

#
# KENNETH'S CONFIGURATION
#

# Host name
# The myhostname parameter specifies the internet hostname of this mail system.
myhostname = t0e.org

# Banner
# default: smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = $myhostname ESMTP

# Mailbox style
#home_mailbox = Mailbox
home_mailbox = .mail/

# Set mailbox size limit to unlimited
mailbox_size_limit = 0

# List of domains this is the final destination for (comma seperated)
mydestination = $myhostname, localhost.$mydomain, localhost

# Authorized networks able to relay email (comma seperated)
mynetworks = 127.0.0.0/8, 10.10.10.0/24

# Listen on all interfaces for connections
inet_interfaces = all

# Virtual alias map table
#virtual_maps = hash:/etc/postfix/virtual

# SASL Auth Settings
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain = $myhostname
#broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# TLS
#smtpd_use_tls = yes
#smtpd_tls_cert_file = /etc/qa.contractpal.com.pem
#smtpd_tls_key_file = $smtpd_tls_dcert_file

# Outbound smtp relay (if needed)
#relayhost =

# Transport for relay
#transport_maps = hash:/etc/postfix/transport
#relayhost = smtp.gmail.com
#relay_domains = k.ttak.org
#smtp_sasl_auth_enable = yes
#smtp_sasl_mechanism_filter =
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_security_options =
#smtp_sasl_type = cyrus

#virtual_alias_maps = hash:/etc/postfix/virtual
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp

transport

t0e.org     :
.t0e.org    :
*           discard:

virtual-regexp (postmap virtual-regexp)

/.+@.+/     kenneth@t0e.org

sasl_passwd: (postmap sasl_passwd)

smtp.gmail.com  kenneth@oeey.com:password12

keywords