john pfeiffer

Email server postfix smtp relay

a mail server listens on port 25 or 587 for plaintext email and port 465 for SSL encrypted connections THEREFORE clients must connect outbound on those ports (but many corporations/ISP's block outbound port 25 to prevent spamming)

sudo apt-get update sudo apt-get install postfix sudo dpkg-reconfigure postfix

Ok

Internet Site

NONE

serverhostname

serverhostname, localhost.localdomain, localhost

No

127.0.0.0/8, 192.168.0/24

Yes

0

+

ipv4

telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 postfix ESMTP serverhostname (Ubuntu)

HELO serverhostname

250 serverhostname

MAIL FROM:sender@domain.com 250 2.1.0 Ok

RCPT TO:recipient@domain.com

250 2.1.5 Ok

DATA 354 End data with .

Subject: email subject This is an email via telnet.

.

250 2.0.0 Ok: queued as 4E7143FE1F QUIT 221 2.0.0 Bye

sudo tail /var/mail/nobody (or whatever username/mailbox has been setup) sudo tail /var/log/mail.log (to check for errors/info)

/etc/passwd postfix:x:73:73::/var/spool/postfix:/bin/false

/etc/group postdrop:x:75: postfix:x:73:

sudo nano /etc/postfix/main.cf

myhostname = mail.domainname.com (if left blank it uses gethostname() ) mydomain = nospam.net (if necessary, usually auto generated from myhostname) myorigin=example.com

inet_interfaces = localhost (change to all when ready for internet email) mynetworks_style = host (trust only the local machine - no relaying!) relay_domains = (blank ensures no open relay!) relayhost = (blank = send/receive direct on the internet, no smarthost)

sudo /etc/init.d/postfix start sudo postfix status

sudo yum install telnet telnet localhost 25

Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.domain.com ESMTP Postfix

SMTP MAIL RELAY echo "smtp.example.com someuser:howtoforge" > /etc/postfix/sasl_passwd postmap /etc/postfix/sasl_passwd

vi /etc/postfix/main.cf

myhostname = server4
mydomain = example.com myorigin = server4.example.com

smtpd_banner = $myhostname ESMTP $mail_name. biff = no append_dot_mydomain = no

alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost.localdomain, localhost mynetworks = 192.168.1.0/24 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = +

inet_interfaces = all

relayhost = ssrs.reachmail.net:465 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous

smtp_tls_security_level = may
header_size_limit=4096000

default_destination_concurrency_limit = 4

soft_bounce = yes

sudo /etc/init.d/postfix restart

redirect everything to gmail

virtual_maps = regexp:/etc/postfix/virtual-regexp

rewrite the sender for ANY outbound

sudo vi /etc/postfix/main.cf sender_canonical_maps = static:noreply@example.org sudo /etc/init.d/postfix restart

rewrite the sender in specific cases

sudo vi /etc/postfix/main.cf sender_canonical_maps = hash:/etc/postfix/sender_canonical

sudo vi /etc/postfix/sender_canonical root@example.com noreply@example.org @example.com noreply@example.org

sudo postmap /etc/postfix/sender_canonical sudo /etc/init.d/postfix restart

For STARTTLS enabled SMTP try: openssl s_client -connect ssrs.reachmail.net:25 -crlf -no_ssl2 -starttls smtp

For SMTPS try: openssl s_client -connect ssrs.reachmail.net:465 -crlf -no_ssl2

http://www.howtoforge.com/postfix_relaying_through_another_mailserver http://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html

NOT YET ABLE TO ACCESS IT VIA THE INTERNET... TO BE CONTINUED

Pipline config /etc/postfix/master.cf

/etc/mailname

myorigin=/etc/mailname

inet_interfaces = all mydestination = (no internet mail for local users) local_recipient_maps =

mynetworks_style = host (no relaying)

relay_domains = $mydestination (localhost) home_mailbox = Maildir/

masquerade_domains = mail.example.com www.example.com !sub.dyndomain.com

masquerade_exceptions = root

smtpd_banner = $myhostname ESMTP $mail_name

Virtual mail does not map to a /etc/passwd user account

virtual_mailbox_domains = virtualdomain.tld virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf virtual_mailbox_base = /home/vmailer virtual_uid_maps = static:5003 virtual_gid_maps = static:5003 virtual_minimum_uid = 5003 virtual_mailbox_limit = 51200000

Ubuntu configuration utilities:

sudo postconf -e "home_mailbox = Maildir/" sudo postconf -e "mailbox_command = " (no Procmail!)

mxrecord configured to point to the static ip address

SECURITY

Requirements for the HELO statement

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

Requirements for the sender details

smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

Requirements for the connecting server

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

Requirement for the recipient address

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining

require proper helo at connections

smtpd_helo_required = yes

waste spammers time before rejecting them

smtpd_delay_reject = yes disable_vrfy_command = yes

CHROOT?

Published

Category

linux

~509 words

Tags