Disclaimer
This article is meant to give an example to get your own Linux server ready to send mails by himself without configure a whole mail environment. This is suitable to send notification mails containing some infos about the status or errors.
This is not an advisory to create a complete mail server.
1. Create password maps file
(it assigns username/passwords to specified mail servers). You can choose any name, let's say it is /etc/postfix/relay_passwd. It's content should be as follows:
relay.dnsexit.com USERNAME:PASSWORD
Note: Replace USERNAME and PASSWORD with your DNS EXIT mail relay username and PASSWORD.
2. Set proper permissions for that file
# chown root:root /etc/postfix/relay_passwd # chmod 600 /etc/postfix/relay_passwd
3. Create hash from maps file
(remember to do it each time you change your maps file)
# postmap /etc/postfix/relay_passwd
4. Configure your /etc/postfix/main.cf
a) Without encryption but with authentication
relayhost = [relay.dnsexit.com] smtp_fallback_relay = [relaybackup.dnsexit.com] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd smtp_sasl_security_options = noanonymous
Note: If your ISP blocks outgoing port 25. You can choose to use alternative SMTP ports by appending the port at the end:
relayhost = [relay.dnsexit.com]:26
b) With encryption and authentication
relayhost = [relay.dnsexit.com]:465 ### Note:the line in relay_passwd has to contain the full relayhost name; here: "[relay.dnsexit.com]:465" smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_cert_file=/etc/ssl/private/selfmail.cert smtp_tls_key_file=/etc/ssl/private/selfmail.key smtp_tls_CApath = /etc/ssl/certs smtp_use_tls = yes smtp_enforce_tls = yes smtp_tls_wrappermode = yes smtp_tls_security_level = encrypt inet_interfaces = all ## if only ipv4 available use only this: # inet_protocols = ipv4 ## otherwise allow all protocols inet_protocols = all ## allow only mails sent by this host, otherwise add more networks, separated by blanks ## example: 192.168.1.0/24 [fe80::]/16 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
When using tls then create your own certificate, either by creating an official one or an self-signed:
# cd /etc/ssl/private/ # openssl genrsa -out selfmail.key 2048 # openssl req -new -key selfmail.key -out selfmail.csr # openssl x509 -req -days 3650 -in selfmail.csr -out selfmail.cert -signkey selfmail.key
Using tls needs the tlsmanager in the master.cf. ensure that this line is active:
tlsmgr unix - - n 1000? 1 tlsmgr
5. Reload or restart your postfix
# /etc/init.d/postfix restart
Other notes about postfix:
If the above settings don't work, you need to make sure the SASL support (smtp authentication) is compiled into Postfix. To do so, you may need to upgrade to latest version of Postfix.
Adding IMAP support
If you like to add a simple way to access the emails stored for a user on this host, you may add Dovecot. If done so, you can also use this as a kind of "relay station" in order to store all mails from an official mail account outside on this host.
Installing Dovecot
First you have to install the software which ist able to give access to the locally stored mails. For this example I will use dovecot:
apt-get install aptitude dovecot-imapd
Beware: Postfix stores mails by default in mbox format in /usr/spool/mail, but dovecot only works with the maildir format, stored in the user directory on the local host. For this, We have to tell postfix to use dovecot to store mails in the proper way:
Add this line to file /etc/postfix/main.cf:
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
After restarting postfix, mails will be stored in /home//mail
Configuring Dovecot
a)Set local PAM authentication in file /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain !include auth-system.conf.ext
Please look into the file auth-system.conf.ext if the local authentication ist configured properly
b) Set encryption: Since there will be already a sutable key/certificate pair for postfix in the same server, we can reuse them here in file /etc/dovecot/conf.d/10-ssl.conf:
ssl = yes ssl_cert = </etc/ssl/private/selfmail.cert ssl_key = </etc/ssl/private/selfmail.key
Prease beware of the brackets "<" it will not work without!
Hint: if you encounter error messages like "setegid(privileged) failed: Operation not permitted" you will find that the dovecot-lda binary started by postfix is not able to write into the /var/mail directory. The bad way is to make this directory World-writable (chmod 2777) but this cannot be recommended! Better ist to change the config to make both postfix and dovecot able to write in it.
Using Fetchmail
You can import Mail from a Mailserver outsite in order to get them accessable on the local system. In this way you can build a local quasi-Mailserver with the advantage to hold all mails on the local system and treat it just the same way like a "real" mailserver.
First of all install fetchmail
apt-get install fetchmail
We assume now, the local mailserver should get new mails from the distant server every 5 minutes by using imap with ssl. For this a file /etc/fetchmailrc must be created containing this:
set postmaster "<local_user>" set bouncemail set no spambounce set properties "" set syslog set daemon 300 poll protocol imap service 993: username "<foreign_user>" password "<foreigen_password>" is "<local_user>" here options keep ssl
At last you have to make sure that the fetchmail daemons is activated. In Debian based systems have a look into /etc/default/fetchmail.