Tags Archives: smtp

Forwarding Email Using Postfix

How to forward incoming email for one user to another using postfix email server

 

 

postfix provides a method of redirect mail to another user for both local and remote users. You need to configure /etc/postfix/aliases (or use /etc/aliases) file.

 

The aliases file (read as table) provides a system-wide mechanism to redirect mail for local recipients. The redirections are processed by the Postfix local delivery agent.

 

Normally, the aliases table is specified as a text file that serves as input to the postalias command. The result, an indexed file in dbm or db format, is used for fast lookup by the mail system. Execute the command newaliases in order to rebuild the indexed file after changing the Postfix alias database.

 

 

Find the path of the configuration directory using the postconf command

 

$ postconf | grep config_directory

 

 

root@gemini:~# postconf | grep config_directory
config_directory = /etc/postfix
root@gemini:~#

 

 

Edit the main.cf file

 

nano /etc/postfix/main.cf

 

add the following lines at the end of it

 

virtual_alias_domains = mydomain.com myanotherdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual

 

 

so in our case we do:

 

virtual_alias_domains = kevwells.com
virtual_alias_maps = hash:/etc/postfix/virtual

 

 

The first line virtual_alias_domains lists the domains, for which postfix is going to accept emails. Multiple domains are added separated by a space.

 

The second line virtual_alias_maps specifies the path to the file which is going to contain mappings specifying how to forward emails for the above domains.

 

 

Now open the

 

nano /etc/postfix/virtual

 

(create one if it does not exist) and add to it the emails you want to forward along with the destination emails.

 

eg lets forward 2 emails

 

contact@mydomain.com myself@gmail.com
sales@mydomain.com myself@gmail.com

 

The first email is the address on which postfix shall receive emails, and the second is the address where postfix would forward the emails.

 

The mail can be forwarded to multiple destinations

 

contact@mydomain.com myself@gmail.com mystaff@gmail.com

 

 

To forward all emails using postfix:

 

To catch and forward emails to any address for a given domain, use the following notation

 

# forward all emails

 

@mydomain.com myself@gmail.com mystaff@gmail.com

 

 

so in my case:

 

@kevwells.com kevrwells@gmail.com

 

 

After entering the forwarding rules, save the file and close it.

 

Then run the following commands for the new settings to take effect

 

Update the postfix lookup table

 

 

root@gemini:~# postmap /etc/postfix/virtual
root@gemini:~#

 

then open file /etc/postfix/aliases

 

 

nano /etc/postfix/aliases

 

 

root@gemini:~# newaliases
root@gemini:~#

 

Now add line as follows:

 

To redirect root email to tom user:
root: tom

Or
root: tom@example.com

 

then run the newaliases command to rebuild the aliases database:

 

newaliases

 

 

 

To troubleshoot problems see postfix server log file:

 

tail -f /var/log/mail.log

 

 

then restart postfix

 

systemctl restart postfix

 

 

root@gemini:~# systemctl restart postfix
root@gemini:~# systemctl status postfix
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2022-03-14 10:02:23 UTC; 8s ago
Process: 148469 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 148469 (code=exited, status=0/SUCCESS)

 

Mar 14 10:02:23 gemini systemd[1]: Starting Postfix Mail Transport Agent…
Mar 14 10:02:23 gemini systemd[1]: Finished Postfix Mail Transport Agent.
root@gemini:~#

 

 

and do a check with

 

Check with the postconf command that the domain aliases and alias file have been setup properly.

 

$ postconf -n | grep virtual

 

root@gemini:~# postconf -n | grep virtual
virtual_alias_domains = kevwells.com
virtual_alias_maps = hash:/etc/postfix/virtual
root@gemini:~#

 

 

then test by sending a mail

 

Now that all configuration is complete, you can test the mail forwarding.

 

Try sending an email from somewhere outside the world, to the address on your domain, and you should see the same mail forwarded to the gmail account.

 

You should see the email arrive in the forwarded destination within a few seconds. For further diagnosis check postfix log files and check for details on how the mail was forwarded and whether it was successful or not.

 

tip
if you do postconf you get detailed system status info of postfix current variable settings

 

 
(very long list!)

 

root@gemini:/etc/postfix# cat main.cf

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html — default to 2 on
# fresh installs.
compatibility_level = 2

######################################

#Enable TLS Encryption when Postfix receives incoming emails

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.kevwells.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.kevwells.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 2
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

#Enable TLS Encryption when Postfix sends outgoing emails
#Enforce TLSv1.3 or TLSv1.2

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

##########################################
##set in zoho below
##smtp_sasl_auth_enable = yes
##smtp_sasl_auth_enable = no

##smtp_sasl_security_options =
##smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
##smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
##smtpd_tls_security_level=may

##smtp_tls_CApath=/etc/ssl/certs
##smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

##smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

##myhostname = gemini
myhostname = localhost

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydomain = kevwells.com

mydestination = $myhostname, $myhostname.$mydomain

##mydestination = $myhostname, kevwells.com, gemini, localhost.localdomain, localhost

# relayhost = set below under zoho section

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

#virtual_alias_domains = kevwells.com
virtual_alias_maps = hash:/etc/postfix/virtual

# these two lines are for dovecot:

mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no

#### this is for smtp outgoing mail server if using a relayhost for smtp####

## relayhost = [smtp.zoho.eu]:587
relayhost = smtp.gmail.com

 

# enable SASL authentication
smtp_sasl_auth_enable = yes
# location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# location of CA certificate
smtp_tls_CAfile = /etc/postfix/cacert.pem
# enable TLS encryption
## this is no longer valid if smtp_tls_security_level is set to a non-empty value
smtp_use_tls = yes

#### end smtp outgoing mail server ####

root@gemini:/etc/postfix#

 

 

 

Continue Reading

Installation and Configuration of Postfix Emailserver

The following are my notes on installing and configuring a Postfix emailserver for Linux Ubuntu 20 LTS

 

Install mailutils package

 

First install mailutils:

 

root@gemini:~# apt install mailutils
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
javascript-common libao-common libao4 libevent-core-2.1-7 libevent-pthreads-2.1-7 libflac8 libjs-cropper libjs-jquery
libjs-prototype libjs-scriptaculous libjs-underscore libmecab2 libspeex1 libvorbisenc2 linux-headers-5.4.0-99
linux-headers-5.4.0-99-generic linux-image-5.4.0-99-generic linux-modules-5.4.0-99-generic linux-modules-extra-5.4.0-99-generic
mecab-ipadic mecab-ipadic-utf8 mecab-utils php-gd php-getid3 vorbis-tools wordpress-theme-twentynineteen
Use ‘apt autoremove’ to remove them.
The following additional packages will be installed:
guile-2.2-libs libgc1c2 libgsasl7 libkyotocabinet16v5 libmailutils6 libntlm0 mailutils-common postfix

 

Suggested packages:
mailutils-mh mailutils-doc procmail postfix-mysql postfix-pgsql postfix-ldap postfix-pcre postfix-lmdb postfix-sqlite sasl2-bin
| dovecot-common resolvconf postfix-cdb postfix-doc
The following NEW packages will be installed:
guile-2.2-libs libgc1c2 libgsasl7 libkyotocabinet16v5 libmailutils6 libntlm0 mailutils mailutils-common postfix
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,540 kB of archives.
After this operation, 56.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://gb.clouds.archive.ubuntu.com/ubuntu focal/main amd64 libgc1c2 amd64 1:7.6.4-0.4ubuntu1 [83.9 kB]
Get:2 http://gb.clouds.archive.ubuntu.com/ubuntu focal/main amd64 guile-2.2-libs amd64 2.2.7+1-4 [4,962 kB]
Get:3 http://gb.clouds.archive.ubuntu.com/ubuntu focal-updates/universe amd64 libntlm0 amd64 1.5-2ubuntu0.1 [14.7 kB]
Get:4 http://gb.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 libgsasl7 amd64 1.8.1-1 [114 kB]
Get:5 http://gb.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 libkyotocabinet16v5 amd64 1.2.76-4.2build1 [318 kB]
Get:6 http://gb.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 mailutils-common all 1:3.7-2.1 [272 kB]
Get:7 http://gb.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 libmailutils6 amd64 1:3.7-2.1 [437 kB]
Get:8 http://gb.clouds.archive.ubuntu.com/ubuntu focal/universe amd64 mailutils amd64 1:3.7-2.1 [138 kB]
Get:9 http://gb.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 postfix amd64 3.4.13-0ubuntu1.2 [1,201 kB]
Fetched 7,540 kB in 0s (50.8 MB/s)

 

Preconfiguring packages …
Selecting previously unselected package libgc1c2:amd64.
(Reading database … 172976 files and directories currently installed.)
Preparing to unpack …/0-libgc1c2_1%3a7.6.4-0.4ubuntu1_amd64.deb …
Unpacking libgc1c2:amd64 (1:7.6.4-0.4ubuntu1) …
Selecting previously unselected package guile-2.2-libs:amd64.
Preparing to unpack …/1-guile-2.2-libs_2.2.7+1-4_amd64.deb …
Unpacking guile-2.2-libs:amd64 (2.2.7+1-4) …
Selecting previously unselected package libntlm0:amd64.
Preparing to unpack …/2-libntlm0_1.5-2ubuntu0.1_amd64.deb …
Unpacking libntlm0:amd64 (1.5-2ubuntu0.1) …
Selecting previously unselected package libgsasl7:amd64.
Preparing to unpack …/3-libgsasl7_1.8.1-1_amd64.deb …
Unpacking libgsasl7:amd64 (1.8.1-1) …
Selecting previously unselected package libkyotocabinet16v5:amd64.
Preparing to unpack …/4-libkyotocabinet16v5_1.2.76-4.2build1_amd64.deb …
Unpacking libkyotocabinet16v5:amd64 (1.2.76-4.2build1) …
Selecting previously unselected package mailutils-common.
Preparing to unpack …/5-mailutils-common_1%3a3.7-2.1_all.deb …
Unpacking mailutils-common (1:3.7-2.1) …
Selecting previously unselected package libmailutils6:amd64.
Preparing to unpack …/6-libmailutils6_1%3a3.7-2.1_amd64.deb …
Unpacking libmailutils6:amd64 (1:3.7-2.1) …
Selecting previously unselected package mailutils.
Preparing to unpack …/7-mailutils_1%3a3.7-2.1_amd64.deb …
Unpacking mailutils (1:3.7-2.1) …
Selecting previously unselected package postfix.
Preparing to unpack …/8-postfix_3.4.13-0ubuntu1.2_amd64.deb …
Unpacking postfix (3.4.13-0ubuntu1.2) …
Setting up libgc1c2:amd64 (1:7.6.4-0.4ubuntu1) …
Setting up libkyotocabinet16v5:amd64 (1.2.76-4.2build1) …
Setting up libntlm0:amd64 (1.5-2ubuntu0.1) …
Setting up mailutils-common (1:3.7-2.1) …
Setting up postfix (3.4.13-0ubuntu1.2) …
Adding group `postfix’ (GID 121) …
Done.
Adding system user `postfix’ (UID 117) …
Adding new user `postfix’ (UID 117) with group `postfix’ …
Not creating home directory `/var/spool/postfix’.
Creating /etc/postfix/dynamicmaps.cf
Adding group `postdrop’ (GID 122) …
Done.
setting myhostname: gemini
setting alias maps
setting alias database
changing /etc/mailname to kevwells.com
setting myorigin
setting destinations: $myhostname, kevwells.com, gemini, localhost.localdomain, localhost
setting relayhost:
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
setting inet_protocols: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.

 

Postfix (main.cf) is now set up with a default configuration. If you need to
make changes, edit /etc/postfix/main.cf (and others) as needed. To view
Postfix configuration values, see postconf(1).

 

After modifying main.cf, be sure to run ‘systemctl reload postfix’.

 

Running newaliases
Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /lib/systemd/system/postfix.service.
Setting up guile-2.2-libs:amd64 (2.2.7+1-4) …
Setting up libgsasl7:amd64 (1.8.1-1) …
Setting up libmailutils6:amd64 (1:3.7-2.1) …
Setting up mailutils (1:3.7-2.1) …
update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode
update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode
update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode
update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode
update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode
update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode
update-alternatives: using /usr/bin/mail.mailutils to provide /usr/bin/mailx (mailx) in auto mode
Processing triggers for rsyslog (8.2001.0-1ubuntu1.1) …
Processing triggers for ufw (0.36-6ubuntu1) …
Processing triggers for systemd (245.4-4ubuntu3.15) …
Processing triggers for man-db (2.9.1-1) …
Processing triggers for libc-bin (2.31-0ubuntu9.7) …
root@gemini:~#

 

root@gemini:~#
root@gemini:~# ps -ef | grep post
root 156623 1 0 12:02 ? 00:00:00 /usr/lib/postfix/sbin/master -w
postfix 156627 156623 0 12:02 ? 00:00:00 pickup -l -t unix -u -c
postfix 156628 156623 0 12:02 ? 00:00:00 qmgr -l -t unix -u
postfix 157699 156623 0 12:07 ? 00:00:00 cleanup -z -t unix -u -c
postfix 157700 156623 0 12:07 ? 00:00:00 trivial-rewrite -n rewrite -t unix -u -c
postfix 157702 156623 0 12:07 ? 00:00:00 local -t unix
postfix 157703 156623 0 12:07 ? 00:00:00 bounce -z -t unix -u -c
postfix 157704 156623 0 12:07 ? 00:00:00 bounce -z -t unix -u -c
root 157729 139671 0 12:08 pts/0 00:00:00 grep –color=auto post
root@gemini:~# systemctl status postfix
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-03-09 12:02:12 UTC; 6min ago
Main PID: 156624 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 2274)
Memory: 0B
CGroup: /system.slice/postfix.service

 

Mar 09 12:02:12 gemini systemd[1]: Starting Postfix Mail Transport Agent…
Mar 09 12:02:12 gemini systemd[1]: Finished Postfix Mail Transport Agent.
root@gemini:~# netstat -ltnp | grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 156623/master
tcp6 0 0 :::25 :::* LISTEN 156623/master

 

 

 

SMTP and Port 25 for Outgoing Mail

 

Port 25 is used as standard for SMTP mail server communication across the internet, so you need to first open port 25 on your network/server firewall, 

 

However, if your server platform provider does not permit traffic through port 25 then you will need to arrange to relay your outgoing emails to the SMTP mail server of another willing organization.

 

Many will require payment for this service, or at the very least some indication and assurance of your bona-fide intentions.

 

This is because SMTP mail relay is a sensitive issue, as is also allowing smtp traffic to pass through the network of cloud service, server infrastructure, and virtual server providers.

 

 

SMTP mail server relays can be used for email spamming operations, which can cause the IP addresses on which these servers are located to become blacklisted by email-spam-server database listing services and agents – and which can in turn have disastrous consequences for those affected, both in IT technical as well as business terms.

 

To open port 25 on the ubuntu firewall

 

root@gemini:~# ufw allow 25
Rule added
Rule added (v6)
root@gemini:~#

 

check the port is now open by telnetting to port 25:

 

root@gemini:~# telnet kevwells.com 25
Trying 78.141.200.190…
Connected to kevwells.com.
Escape character is ‘^]’.
220 localhost ESMTP Postfix (Ubuntu)
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@gemini:~#

 

Check MX Records on your DNS Server

 

 

Before configuring postfix to forward mails for your domain, check the MX records for your domain on your DNS server are pointing to the right server.

 

You can do this the dig command:

 

root@gemini:~#
root@gemini:~#
root@gemini:~# dig kevwells.com mx

 

; <<>> DiG 9.16.1-Ubuntu <<>> kevwells.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15606
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;kevwells.com. IN MX

 

;; ANSWER SECTION:
kevwells.com. 300 IN MX 10 kevwells.com.

 

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Mar 09 12:11:55 UTC 2022
;; MSG SIZE rcvd: 57

 

root@gemini:~#

 

The ‘ANSWER SECTION’ shows kevwells.com is defined as the mail server for kevwells.com (in some environments they could be separate machines).

 

Next, check the A records for the domain kevwells.com to see the server ip it points to.

 

root@gemini:~# dig kevwells.com a

 

; <<>> DiG 9.16.1-Ubuntu <<>> kevwells.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;kevwells.com. IN A

 

;; ANSWER SECTION:
kevwells.com. 300 IN A 78.141.200.190

 

;; Query time: 19 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Mar 09 12:14:52 UTC 2022
;; MSG SIZE rcvd: 57

 

root@gemini:~#

 

check your hostname with

 

root@gemini:/etc/postfix# hostname -f
gemini
root@gemini:/etc/postfix#

 

you will need to add this to the postfix config

 

 

Configure postfix to forward mails

 

Locate the configuration directory using the postconf command:

 

root@gemini:~# postconf | grep config_directory
config_directory = /etc/postfix
root@gemini:~#

 

Edit the /etc/postfix/main.cf file, adding the following lines to the end of it:

 

virtual_alias_domains = mydomain.com myanotherdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual

 

So in our case we add:

 

virtual_alias_domains = kevwells.com
virtual_alias_maps = hash:/etc/postfix/virtual

 

The first line virtual_alias_domains defines the domains for which postfix will accept mail. Multiple domains are separated by a space.

 

The second line virtual_alias_maps defines the path to the file which will contain mappings specifying how to forward emails for these domains.

 

Next edit the /etc/postfix/virtual file (create one if it does not yet exist) and add to it the emails you want to forward along with the destination emails.

 

The first email is the address on which postfix will receive mail, and the second is the address to which postfix will forward these mails.

 

eg, to forward:

 

root@kevwells.com kevrwells@gmail.com
kevin@kevwells.com kevrwells@gmail.com

 

If you want to receive and forward aLL mails to any address for a specific domain, use the following definition format:

 

@mydomain.com myself@gmail.com mycolleagues@gmail.com

 

After entering the forwarding rules, save the file and then Update the postfix lookup table:

 

root@gemini:~# postmap /etc/postfix/virtual
root@gemini:~#

 

then reload the postfix configuration:

 

systemctl restart postfix

 

root@gemini:~# systemctl restart postfix
root@gemini:~# systemctl status postfix
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-03-09 12:25:54 UTC; 5s ago
Process: 159667 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 159667 (code=exited, status=0/SUCCESS)

 

Mar 09 12:25:54 gemini systemd[1]: Starting Postfix Mail Transport Agent…
Mar 09 12:25:54 gemini systemd[1]: Finished Postfix Mail Transport Agent.
root@gemini:~#

 

Next, verify using the postconf command that the domain aliases and alias file are correct:

 

root@gemini:~# postconf -n | grep virtual
virtual_alias_domains = kevwells.com
virtual_alias_maps = hash:/etc/postfix/virtual
root@gemini:~#

 

Next, test mail forwarding by sending an email from somewhere outside to the address of your domain.

 

You should then see the same mail forwarded to the gmail account you specified, usually within a few seconds or sometimes a little longer.

 

If you want to relay to for example gmail.com, then add the gmail server in the file

 

root@gemini:/var/mail# nano /etc/postfix/main.cf
root@gemini:/var/mail#

 

mydestination = $myhostname, kevwells.com, gemini, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587

 

then restart the postfix server service:

 

root@gemini:/var/mail# systemctl restart postfix

 

Next, create a /etc/postfix/sasl_passwd file with the following content.

 

[smtp.gmail.com]:587 kevrwells@gmail.com:password

 

password is your Google gmail password for that gmail account.

 

Note. This Google Account requires disabled settings under Security – Sign in to Google – go to Security Verification and set two factor OFF,

 

and access to the Google Account when accessed by less secure apps must be ON.

 

Then run postmap to create the file sasl_passwd as a Berkeley DB file.

 

root@gemini:/var/mail# postmap /etc/postfix/sasl_passwd
root@gemini:/var/mail#

 

then restart Postfix

 

root@gemini:/var/mail#
root@gemini:/var/mail# systemctl restart postfix
root@gemini:/var/mail# systemctl status postfix
● postfix.service – Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-03-09 12:50:38 UTC; 4s ago
Process: 164711 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 164711 (code=exited, status=0/SUCCESS)

 

Mar 09 12:50:38 gemini systemd[1]: Starting Postfix Mail Transport Agent…
Mar 09 12:50:38 gemini systemd[1]: Finished Postfix Mail Transport Agent.
root@gemini:/var/mail#

 

Test the Postfix configuration with this command string issued on the shell command line:

 

echo “This is a test email.” | mail -v -s “Test email” -r kevrwells@gmail.com root@kevwells.com

 

Obtaining TLS Certificate with Apache Web Server

 

You need to have an Apache virtual host for mail.your-domain.com before obtaining Let’s Encrypt TLS certificate.

Create the virtual host file:

 

sudo nano /etc/apache2/sites-available/mail.your-domain.com.conf

 

Then paste the following text into the file.

 

ServerName mail.your-domain.com

 

DocumentRoot /var/www/html/

 

Save and close the file. Enable this virtual host.

 

Open the imap port 143 on your firewall:

 

root@gemini:/etc/postfix# ufw allow 143
Rule added
Rule added (v6)
root@gemini:/etc/postfix# netstat -tulpn | grep 143
root@gemini:/etc/postfix# ufw allow 80,443,587,465,143,993/tcp
Rule added
Rule added (v6)
root@gemini:/etc/postfix# cd ..
root@gemini:/etc# cd apache2/
root@gemini:/etc/apache2# ls
apache2.conf conf-available conf-enabled envvars magic mods-available mods-enabled ports.conf sites-available sites-enabled
root@gemini:/etc/apache2# cd sites-enabled/

root@gemini:/etc/apache2/sites-enabled# ls
000-default.conf 000-default.conf.save default-ssl.conf
root@gemini:/etc/apache2/sites-enabled# nano 000-default.conf

So you add the following entry:

ServerName mail.kevwells.com

DocumentRoot /var/www/html/

root@gemini:/etc/apache2/sites-enabled# systemctl reload apache2
root@gemini:/etc/apache2/sites-enabled# certbot certonly -a apache –agree-tos –no-eff-email –staple-ocsp –email kevrwells@gmail.com -d mail.kevwells.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.kevwells.com
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.kevwells.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.kevwells.com/privkey.pem
Your cert will expire on 2022-06-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– If you like Certbot, please consider supporting our work by:

 

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

 

root@gemini:/etc/apache2/sites-enabled#

 

To send emails from a desktop email client, you need to enable the submission service of Postfix so the email client can submit emails to Postfix SMTP server.

 

Edit the master.cf file:

 

nano /etc/postfix/master.cf

 

In the submission section, uncomment or add the following lines.

 

Allow at least one whitespace (tab or spacebar) before -o. In postfix configurations, a preceding whitespace character means the line is a continuation of the previous line.

 

(By default the submission section is commented out. You can copy the following lines and paste them into the file, so you don’t have to manually uncomment or add new text.)

 

submission inet n – y – – smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth

 

The above configuration enables the submission daemon of Postfix and requires TLS encryption.

 

So later on our desktop email client can connect to the submission daemon in TLS encryption.

 

The submission daemon listens on TCP port 587. STARTTLS is used to encrypt communications between email client and the submission daemon.

 

Next, we need to specify the location of our TLS certificate and private key in the Postfix configuration file.

 

Edit the main.cf file:

 

nano /etc/postfix/main.cf

 

Edit the TLS parameter as follows.

 

Remember to replace mail.your-domain.com with your real hostname.

 

#Enable TLS Encryption when Postfix receives incoming emails

 

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.your-domain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.your-domain.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

 

#Enable TLS Encryption when Postfix sends outgoing emails

 

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

#Enforce TLSv1.3 or TLSv1.2

 

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

 

Your Let’s Encrypt certificate and private key are stored under /etc/letsencrypt/live/mail.your-domain.com/ directory.

 

#Enable TLS Encryption when Postfix receives incoming emails

 

smtpd_tls_cert_file=/etc/letsencrypt/live/mail.kevwells.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.kevwells.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

 

#Enable TLS Encryption when Postfix sends outgoing emails

 

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

#Enforce TLSv1.3 or TLSv1.2

 

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

 

Your Let’s Encrypt certificate and private key are stored under /etc/letsencrypt/live/mail.kevwells.com/ directory.

 

Then restart Postfix:

 

systemctl restart postfix

 

If you run the following command, you will see Postfix is now listening on port 587 and 465.

 

ss -lnpt | grep master

 

root@gemini:/etc/apache2/sites-enabled#
root@gemini:/etc/apache2/sites-enabled# ss -lnpt | grep master
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:((“master”,pid=173714,fd=13))
LISTEN 0 100 0.0.0.0:587 0.0.0.0:* users:((“master”,pid=173714,fd=18))
LISTEN 0 100 [::]:25 [::]:* users:((“master”,pid=173714,fd=14))
LISTEN 0 100 [::]:587 [::]:* users:((“master”,pid=173714,fd=19))
root@gemini:/etc/apache2/sites-enabled#

 

To kill all mails waiting to be sent:

 

postsuper -d ALL

 

root@gemini:/etc/postfix# postsuper -d ALL
postsuper: Deleted: 7 messages
root@gemini:/etc/postfix#

Continue Reading