Postfix is our Message Transfer Agent or MTA, it is used by users to send mail, in other words, we will connect to our MTA to send an email; and between servers to deliver these e-mails. For example, we (firstname.lastname@example.org) want to send an e-mail to our friend (email@example.com). When we click send button, our mail client sends to our SMTP server (our MTA) mycooldomain.com all the information. Then, as soon as possible, mycooldomain.com tries to locate where can he send an email for gmail.com (resolves domain, search MX servers, etc), when the destination is located, connect to that place and serve the e-mail. Then, it can happen several things: the e-mail is delivered correctly, maybe gmail.com doesn’t respond (in this case, our MTA may try again later)… For example, if our friend firstname.lastname@example.org canceled his account, gmail.com will send us a new message explaining the e-mail couldn’t be delivered.
I’ll be using Ubuntu Server 12.04 for this guide, so commands like apt-get or sudo may not be used in your distribution, but the basis and configuration files are probably the same.
Let’s install postfix:
$ sudo apt-get install postfix
Maybe something become uninstalled (if you have another mta installed, even a dummy stmp server).
Make sure, user postfix belongs to group sasl (for identification), if not, then add it:
$ groups postfix postfix : postfix cloud@ubuntu:/run/cyrus$ sudo gpasswd -a postfix sasl Adding user postfix to group sasl
Let’s edit some configuration files, starting with /etc/postfix/main.cf (I won’t put the whole configuration file, just the important lines with the changes in bold:
#SASL smtp_sasl_auth_enable=no smtpd_sasl_auth_enable=yes smtpd_recipient_restrictions= permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_security_options=noanonymous myhostname=mydmain.com mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp #Destinations virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/valias virtual_mailbox_domains = /etc/postfix/vhosts
Now I will explain these lines:
- smtp_sasl_auth_enable=no : The SMTP client won’t authenticate when connecting to other server.
- smtpd_sasl_auth_enable=yes : Enable sasl auth for a user connecting to us.
- smtp_recipient_restrictions : Restrictions applied to smtpd
- smtpd_sasl_security_options=noanonymous : Reject anonymous connections.
- myhostname : The host name where this server is.
- mailbox_transport / virtual_transport : How can we communicate with the mailboxes
- virtual_mailbox_maps : Associates in a map virtual mailboxes and addresses
- virtual_alias_maps : Creates email aliases.
- virtual_mailbox_domains : Virtual domains used in mailboxes
smtp inet n - n - - smtpd lmtp unix - - n - - lmtp
It’s to disable chrooting for smtp / lmtp (it’s a bit more secure to enable it, but first we will keep it simple).
Let’s create our virtual domain list (a file with one domain per line): /etc/postfix/vhosts
mylittlecloud.com mycooldomain.com anotherdomain.es
Then, associate the e-mail email@example.com with the mailbox firstname.lastname@example.org (from the Cyrus example). We will also create two aliases for this address:
email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org
Then, these files must become maps files, so:
$ sudo postmap /etc/postfix/vmailbox
$ sudo postmap /etc/postfix/valias
Now, create the file /etc/postfix/sasl/smtpd.conf for user authentication and put this content into:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
These can be compared to sasl_pwcheck_method and sasl_mech_list of Cyrus configuration, they mean the same: the way we’re going to authenticate users and the mechanism sasl will use for that purpose.
Now, restart the server
$ sudo service postfix restart
Now, if we set up this new server in our mail client, we will be able to send e-mails to any internet address (if we cannot receive these mails, may be due to spam filters). Let’s try to send e-mails to any of the alias from internal addresses, you can also set up MX registers of your domain to start sending and receiving e-mails.