Postfix
Configuration
To see the currently configured options:
postconf
SMTP Relay
Basic Relay
Relay all outbound email thorough this relay host:
/etc/postfix/main.cf:
relayhost = smtp.yourisp.com
Source: Howto configure postfix to use a remote SMTP relay host
Other: RH: The Home User
WARNING: Probably also want to deliver all mail to one mailbox, so see #Deliver all mail to one box
Relay on another port
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport:
oeey.com smtp:50.1.1.1:10025
Build hashmap:
postmap transport
Authenticated Relay
/etc/postfix/main.cf:
relayhost = 50.100.100.50 relay_domains = oeey.com smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_sasl_type = cyrus # inet_interfaces = 127.0.0.1 50.1.1.2
/etc/postfix/sasl_passwd:
50.100.100.50 hsg-knowledgebase:h$g$!@#123
Build hashmap:
postmap sasl_passwd
Notes
Verify configuration that works:
/etc/postfix/main.cf:
relayhost = [SMTP_SERVER_ADDRESS] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_relay_password smtp_sasl_security_options =
/etc/postfix/sasl_passwd:
[SMTP_SERVER_ADDRESS] username:password
postmap /etc/postfix/sasl_passwd
Postfix SASL Howto: Enabling SASL authentication in the Postfix SMTP client:
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_type = cyrus relayhost = [mail.myisp.net] # Alternative form: # relayhost = [mail.myisp.net]:submission
/etc/postfix/sasl_passwd:
[mail.myisp.net] username:password [mail.myisp.net]:submission username:password
Execute the command "postmap /etc/postfix/sasl_passwd" whenever you change the sasl_passwd table.
Implementing Upstream SMTP Authentication for Postfix - RedWall:
- Includes instructions for both basic and TLS relay host authentication
Postfix Configure Client SMTP Authentication ( Smarthost Authentication ):
/etc/postfix/password:
#smtp.isp.com username:password smtp.vsnl.in vivek@vsnl.in:mySecretePassword
chown root:root /etc/postfix/password chmod 0600 /etc/postfix/password postmap hash:/etc/postfix/password
/etc/postfix/main.cf:
relayhost = smtp.vsnl.in smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/password smtp_sasl_security_options =
Execute:
/etc/init.d/postfix reload
Test:
echo -e "Subject: test\n\ntest" | mail -s 'Test' some@email.com tail -f /var/log/maillog
Postfix relay to authenticated ISP SMTP server? - Topic Powered by Eve For Enterprise
smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #<------------You need to create this file. smtp_sasl_type = cyrus smtp_sasl_mechanism_filter = plain, login #<------- List of supported AUTH methods. My ISP # lies and says they support other methods - they don't.
Some howtos I googled:
- http://www.postfix.org/SASL_README.html
- Postfix SMTP-AUTH 4 DUMMIES
- http://www.thecabal.org/~devin/postfix/smtp-auth.txt
Issues
No worthy mechs found
If you get the following error:
Jul 30 09:44:43 HSG-KB1 postfix/smtp[18240]: warning: SASL authentication failure: No worthy mechs found Jul 30 09:44:43 HSG-KB1 postfix/smtp[18240]: 3C479170051F: ... status=deferred (SASL authentication failed; cannot authenticate to server 50.100.100.50[50.100.100.50]: no mechanism available)
This means your postfix installation is missing the basic auth mechanisms:
try:
yum install cyrus-sasl-plain # red hat apt-get install libsasl2-modules # debian
This will install several libraries to:
/usr/lib/sasl2/
Outbound Alias
/etc/postfix/main.cf:
smtp_generic_maps = hash:/etc/postfix/generic
echo 'root yourusername@yourdomain.com' >> /etc/postfix/generic echo 'www-data yourusername@yourdomain.com' >> /etc/postfix/generic postmap /etc/postfix/generic service postfix restart
Ref: email - Change outgoing mail address from root@servername - rackspace sendgrid postfix - Stack Overflow - https://stackoverflow.com/questions/14370224/change-outgoing-mail-address-from-rootservername-rackspace-sendgrid-postfix
Delete ALL Messages in Queue
Delete ALL Messages:
postsuper -d ALL
Source: Dave Shuck's InstantSpot - How to delete all messages from Postfix mail server queue
Count Messages in Queue
mailq
### sudo find /var/spool/postfix/deferred/. ! -name '?' -print | wc -l
Drop ALL Outbound Mail
HOWTO: Postfix Drop Outbound External Mail:
"While testing an application, a user requested that I configure the mail server to only deliver to addresses within our company, but drop all mail sent outside. (We don’t want to accidentally bother customers.)
I was a little frustrated by this problem, but now I have a solution. The trick is to set up a transport map that leaves mail destined for our local domain as-is, but then drops everything else."
First, set up a transport file:
# cat transport mydomain.com : .mydomain.com : * discard:
Map it:
# postmap transport
Configure transport_maps in main.cf:
transport_maps = hash:/path/to/transport
Reload Postfix and send test messages. The discard service successfully “delivers” messages straight to the trash, like so:
Sep 15 14:55:10 myhost postfix/discard[16189]: 6F0A22E04E: to=<dannyman@toldme.com>, relay=none, delay=0, status=sent (toldme.com)
Source dannyman.toldme.com : HOWTO: Postfix Drops Outbound External Mail
Deliver all mail to one box
Create /etc/postfix/virtual-regexp with the following content:
/.+@.+/ email@gmail.com
Edit /etc/postfix/main.cf and add regexp:/etc/postfix/virtual-regexp to the virtual_maps configuration. The end result might look like this in main.cf:
virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp
Build the mapfile by typing:
postmap /etc/postfix/virtual-regexp
This also requires a virtual.db to exist. If it doesn't create an empty file called virtual and run : postmap /etc/postfix/virtual
Source:
- How to redirect all postfix emails to one external email address? - Server Fault - http://serverfault.com/questions/144325/how-to-redirect-all-postfix-emails-to-one-external-email-address
Config Include Directive
Q: Is there some kind of 'include' directive for main.cf? [1]
A: No. Most administrators with complex configurations create a Makefile that will cat the necessary files together. If you have other regular administrative tasks, add them to your Makefile too. Your Makefile can have an entry something like this:
main.cf: file1 file2 file3
cat file1 file2 file3 > main.cf.new mv main.cf.new main.cf
Then type make main.cf to rebuild your configuration file.
mail aliases
aliases - Postfix local alias database format
/etc/aliases:
# See man 5 aliases for format postmaster: kenneth root: kenneth plex: kenneth, paul
---
newaliases - Initialize the alias database
newaliases
Cyrus
POP3 and IMAP server.
yum install cyrus-imapd cyrus-sasl-plain service cyrus-imapd restart
Config file: /etc/cyrus.conf
SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 ...
Cyrus Issues
/var/log/maillog:
badlogin: ws-202-73.oeey.net [216.119.202.73] PLAIN encryption needed to use mechanism
service saslauthd restart
Notes:
Apr 7 17:39:09 ws-199-19 pop3[3903]: unable to open Berkeley db /etc/sasldb2: No such file or directory ==> /var/log/maillog <== Apr 7 17:39:09 ws-199-19 pop3[3903]: accepted connection Apr 7 17:39:09 ws-199-19 master[3956]: about to exec /usr/lib/cyrus-imapd/pop3d Apr 7 17:39:09 ws-199-19 pop3[3956]: executed Apr 7 17:39:09 ws-199-19 pop3[3903]: badlogin: ws-202-73.oeey.net [216.119.202.73] APOP (<2253906216.1302219549@otrs.oeey.org>) SASL(-13): user not found: could not find password ==> /var/log/messages <== Apr 7 17:39:57 ws-199-19 pop3[3903]: unable to open Berkeley db /etc/sasldb2: No such file or directory ==> /var/log/maillog <== Apr 7 17:39:57 ws-199-19 pop3[3903]: badlogin: ws-202-73.oeey.net [216.119.202.73] APOP (<2253906216.1302219549@otrs.oeey.org>) SASL(-13): user not found: could not find password saslpasswd2 -f /etc/sasldb2 -a root ==> /var/log/messages <== Apr 7 17:45:02 ws-199-19 pop3[4243]: unable to open Berkeley db /etc/sasldb2: Permission denied chmod 664 sasldb2 ==> /var/log/maillog <== Apr 7 17:45:38 ws-199-19 pop3[4243]: Unable to locate maildrop user.root: Mailbox does not exist vi main.cf #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost
Dovecot
POP3 and IMAP server
NOTE: Much easier to configure than cyrus!!
Installation:
# Ubuntu sudo apt-get install dovecot-imapd dovecot-pop3d
# Centos yum install dovecot service dovecot restart
Config File: /etc/dovecot.conf
Quick Dovecot Setup
You can use Dovecot for mail server
Install the packages
sudo apt-get install dovecot-imapd dovecot-pop3d
Configure the protocol you need to be used by appending the protocol in the file /etc/dovecot/dovecot.conf:
protocols = pop3 pop3s imap imaps
Choose the mailbox you would like to use. Dovecot supports maildir and mbox formats. Edit the file /etc/dovecot/dovecot.conf and change the line
mail_location = maildir:~/Maildir # (for maildir)
or
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)
Restart the service
sudo /etc/init.d/dovecot restart
Use telnet to check that dovecot is working properly.
telnet localhost imap
ref: [2]
Dovecot issues
root not permitted
Error:
==> /var/log/maillog <== Apr 7 17:53:32 ws-199-19 dovecot: pop3-login: Disconnected: rip=::ffff:216.119.202.73, lip=::ffff:216.119.199.19 Apr 7 17:53:42 ws-199-19 dovecot: Logins with UID 0 not permitted (user root) Apr 7 17:53:42 ws-199-19 dovecot: pop3-login: Internal login failure: user=<root>, method=PLAIN, rip=::ffff:216.119.202.73, lip=::ffff:216.119.199.19
Solution:
# Valid UID range for users, defaults to 500 and above. This is mostly # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. #first_valid_uid = 500 #last_valid_uid = 0
Note: that denying root logins is hardcoded to dovecot binary and can't be don
Examples
Ubuntu Internet Server with Smart Host
# main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = prf.oeey.us alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = prf.oeey.us, localhost.oeey.us, localhost relayhost = mx1.oeey.us mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all
Prime Server Old
# main.cf # # KENNETH'S CONFIGURATION # # Host name # The myhostname parameter specifies the internet hostname of this mail system. myhostname = t0e.org # Banner # default: smtpd_banner = $myhostname ESMTP $mail_name smtpd_banner = $myhostname ESMTP # Mailbox style #home_mailbox = Mailbox home_mailbox = .mail/ # Set mailbox size limit to unlimited mailbox_size_limit = 0 # List of domains this is the final destination for (comma seperated) mydestination = $myhostname, localhost.$mydomain, localhost # Authorized networks able to relay email (comma seperated) mynetworks = 127.0.0.0/8, 10.10.10.0/24 # Listen on all interfaces for connections inet_interfaces = all # Virtual alias map table #virtual_maps = hash:/etc/postfix/virtual # SASL Auth Settings #smtpd_sasl_auth_enable = yes #smtpd_sasl_security_options = noanonymous #smtpd_sasl_local_domain = $myhostname #broken_sasl_auth_clients = yes #smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # TLS #smtpd_use_tls = yes #smtpd_tls_cert_file = /etc/qa.contractpal.com.pem #smtpd_tls_key_file = $smtpd_tls_dcert_file # Outbound smtp relay (if needed) #relayhost = # Transport for relay #transport_maps = hash:/etc/postfix/transport #relayhost = smtp.gmail.com #relay_domains = k.ttak.org #smtp_sasl_auth_enable = yes #smtp_sasl_mechanism_filter = #smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #smtp_sasl_security_options = #smtp_sasl_type = cyrus #virtual_alias_maps = hash:/etc/postfix/virtual virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp
transport
t0e.org : .t0e.org : * discard:
virtual-regexp (postmap virtual-regexp)
/.+@.+/ kenneth@t0e.org
sasl_passwd: (postmap sasl_passwd)
smtp.gmail.com kenneth@oeey.com:password12