Configure outgoing mail server: Postfix

Postfix is our Message Transfer Agent or MTA, it is used by users to send mail, in other words, we will connect to our MTA to send an email; and between servers to deliver these e-mails. For example, we (coolname@mycooldomain.com) want to send an e-mail to our friend (lesscoolname@gmail.com). When we click send button, our mail client sends to our SMTP server (our MTA) mycooldomain.com all the information. Then, as soon as possible, mycooldomain.com tries to locate where can he send an email for gmail.com (resolves domain, search MX servers, etc), when the destination is located, connect to that place and serve the e-mail. Then, it can happen several things: the e-mail is delivered correctly, maybe gmail.com doesn’t respond (in this case, our MTA may try again later)… For example, if our friend lesscoolname@gmail.com canceled his account, gmail.com will send us a new message explaining the e-mail couldn’t be delivered.

I’ll be using Ubuntu Server 12.04 for this guide, so commands like apt-get or sudo may not be used in your distribution, but the basis and configuration files are probably the same.

Let’s install postfix:

$ sudo apt-get install postfix

Maybe something become uninstalled (if you have another mta installed, even a dummy stmp server).

Make sure, user postfix belongs to group sasl (for identification), if not, then add it:

$ groups postfix
postfix : postfix
cloud@ubuntu:/run/cyrus$ sudo gpasswd -a postfix sasl
Adding user postfix to group sasl

Let’s edit some configuration files, starting with /etc/postfix/main.cf (I won’t put the whole configuration file, just the important lines with the changes in bold:

#SASL
smtp_sasl_auth_enable=no
smtpd_sasl_auth_enable=yes
smtpd_recipient_restrictions= permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
smtpd_sasl_security_options=noanonymous

myhostname=mydmain.com
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost

mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

#Destinations
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/valias
virtual_mailbox_domains = /etc/postfix/vhosts

Now I will explain these lines:

  • smtp_sasl_auth_enable=no : The SMTP client won’t authenticate when connecting to other server.
  • smtpd_sasl_auth_enable=yes : Enable sasl auth for a user connecting to us.
  • smtp_recipient_restrictions : Restrictions applied to smtpd
  • smtpd_sasl_security_options=noanonymous : Reject anonymous connections.
  • myhostname : The host name where this server is.
  • mailbox_transport / virtual_transport : How can we communicate with the mailboxes
  • virtual_mailbox_maps : Associates in a map virtual mailboxes and addresses
  • virtual_alias_maps : Creates email aliases.
  • virtual_mailbox_domains : Virtual domains used in mailboxes

/etc/postfix/master.cf

smtp      inet  n       -       n       -       -       smtpd
lmtp      unix  -       -       n       -       -       lmtp

It’s to disable chrooting for smtp / lmtp (it’s a bit more secure to enable it, but first we will keep it simple).

Let’s create our virtual domain list (a file with one domain per line): /etc/postfix/vhosts

mylittlecloud.com
mycooldomain.com
anotherdomain.es

Then, associate the e-mail info@mylittlecloud.com with the mailbox info@mylittlecloud.com (from the Cyrus example). We will also create two aliases for this address:

/etc/postfix/vmailbox

info@mylittlecloud.com info@mylittlecloud.com

/etc/postfix/valias

root@mylittlecloud.com info@mylittlecloud.com
postmaster@mylittlecloud.com info@mylittlecloud.com

Then, these files must become maps files, so:

$ sudo postmap /etc/postfix/vmailbox

$ sudo postmap /etc/postfix/valias

Now, create the file /etc/postfix/sasl/smtpd.conf for user authentication and put this content into:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

These can be compared to sasl_pwcheck_method and sasl_mech_list of Cyrus configuration, they mean the same: the way we’re going to authenticate users and the mechanism sasl will use for that purpose.

Now, restart the server

$ sudo service postfix restart

Now, if we set up this new server in our mail client, we will be able to send e-mails to any internet address (if we cannot receive these mails, may be due to spam filters). Let’s try to send e-mails to any of the alias from internal addresses, you can also set up MX registers of your domain to start sending and receiving e-mails.

Leave a Reply

Your email address will not be published. Required fields are marked *