home       inleiding       sysadmin       services       links       bash       werk       nothing      

mail server: postfix

 
Als MTA (Mail Transfer Agent) gebruiken we postfix.
 

  1. postfix install
     
    We kijken eerst even welke postfix pakketten er allemaal beschikbaar zijn op ubuntu14.04:
     
    bert@mail:~$ aptitude search postfix

    p   amavisd-new-postfix             - part of Ubuntu mail stack provided by Ubun
    p   bld-postfix                     - Postfix tools for the Black List Daemon   
    p   libpostfix-parse-mailq-perl     - module to parse the postfix mail queue    
    p   mysqmail-postfix-logger         - real-time logging system in MySQL - Postfi
    p   postfix                         - High-performance mail transport agent     
    p   postfix-cdb                     - CDB map support for Postfix               
    p   postfix-cluebringer             - anti-spam plugin for Postfix              
    p   postfix-dev                     - Loadable modules development environment f
    p   postfix-doc                     - Documentation for Postfix                 
    p   postfix-gld                     - greylisting daemon for postfix, written in
    p   postfix-ldap                    - LDAP map support for Postfix              
    p   postfix-mysql                   - MySQL map support for Postfix             
    p   postfix-pcre                    - PCRE map support for Postfix              
    p   postfix-pgsql                   - PostgreSQL map support for Postfix        
    p   postfix-policyd-spf-perl        - Simple Postfix policy server for RFC 4408 
    p   postfix-policyd-spf-python      - Postfix policy server for SPF checking    
    p   postfixadmin                    - Virtual mail hosting interface for Postfix

    Het is evident dat we het pakket postfix zelf nodig hebben, maar natuurlijk ook postfix-mysql, en waarom ook niet postfix-doc
     
    We installeren ...
    bert@mail:~$ sudo apt-get install postfix postfix-mysql postfix-doc

    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following extra packages will be installed:
    ssl-cert
    Suggested packages:
    procmail postfix-pgsql postfix-ldap postfix-pcre sasl2-bin dovecot-common
    postfix-cdb mail-reader openssl-blacklist
    The following NEW packages will be installed:
    postfix postfix-doc postfix-mysql ssl-cert
    0 upgraded, 4 newly installed, 0 to remove and 15 not upgraded.
    Need to get 1931 kB of archives.
    After this operation, 7372 kB of additional disk space will be used.

    We kiezen voor Internet Site:

    General type of mail configuration:                                      
    
                            No configuration                              
                       -->  Internet Site                                  
                            Internet with smarthost                       
                            Satellite system                              
                            Local only                                     
    
                   <Ok>                         <Cancel> 

    In mijn geval is system mail name = bert.intra

    Thus, if a mail address on the local host is 
    foo@example.org, the correct value for this 
    option would be example.org.                               
                                             
    System mail name:                             
                                   
    bert.intra   _________________________________
          
         <Ok>             <Cancel>    

    we zien ook nog het volgende van het scherm rollen:

    Adding group `postfix' (GID 114) ...
    Done.
    Adding system user `postfix' (UID 106) ...
    Adding new user `postfix' (UID 106) with group `postfix' ...
    Not creating home directory `/var/spool/postfix'.
    Creating /etc/postfix/dynamicmaps.cf
    Adding tcp map entry to /etc/postfix/dynamicmaps.cf
    Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
    Adding group `postdrop' (GID 115) ...
    Done.
    setting myhostname: localhost
    setting alias maps
    setting alias database
    changing /etc/mailname to bert.intra
    setting myorigin
    setting destinations: bert.intra, localhost, localhost.localdomain, localhost
    setting relayhost: 
    setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    setting mailbox_size_limit: 0
    setting recipient_delimiter: +
    setting inet_interfaces: all
    setting inet_protocols: all
    /etc/aliases does not exist, creating it.
    WARNING: /etc/aliases exists, but does not have a root alias.
     
    Postfix is now set up with a default configuration.  If you need to make 
    changes, edit
    /etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
    values, see postconf(1).
     
    After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.
     
    Running newaliases
    * Stopping Postfix Mail Transport Agent postfix                                                      [ OK ] 
    * Starting Postfix Mail Transport Agent postfix                                                      [ OK ] 
    Setting up postfix-doc (2.11.0-1ubuntu1) ...
    Processing triggers for ufw (0.34~rc-0ubuntu2) ...
    Processing triggers for ureadahead (0.100.0-16) ...
    Setting up postfix-mysql (2.11.0-1ubuntu1) ...
    Adding mysql map entry to /etc/postfix/dynamicmaps.cf
    Processing triggers for libc-bin (2.19-0ubuntu6.9) ...

    De volledige documentatie over postfix wordt geinstalleerd in /usr/share/doc/postfix en /usr/share/doc/postfix-doc.
     
    Het pakket postfix-mysql is niet meer dan een library:

    $ dpkg -L postfix-mysql
    /usr/lib/postfix/dict_mysql.so
    /usr/share/doc/postfix-mysql/copyright
    /usr/share/doc/postfix-mysql/README.Debian
    /usr/share/doc/postfix-mysql/changelog.Debian.gz

    We kijken even naar /etc/mailname, maar die staat waarschijnlijk al goed: we hebben dat net ingevuld tijdens de installatie. In de MAN-pagina staat het volgende:

    NAME: mailname - the visible mail name of the system
    DESCRIPTION: The  file  /etc/mailname is a plain ASCII configuration file, which on a Debian system contains the visible mail name of the system.  It is used by many different programs, usually programs that wish to send or relay mail, and need to know the name of the system.  The file contains only one line describing the fully qualified domain name that the program wishing to get the mail name should use (that is, everything after the @).

    Mijn /etc/mailname bevat het volgende:
    bert@mail:~$ cat /etc/mailname
    bert.intra
     

  2. postfix configuratie
     
    De postfix configuratie bevindt zich in de directory /etc/postfix :
    $ ls /etc/postfix
    dynamicmaps.cf  main.cf  master.cf   post-install  postfix-files  postfix-script  sasl

    We concentreren ons even op /etc/postfix/main.cf :

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
     
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
     
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
     
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
     
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
     
    readme_directory = /usr/share/doc/postfix
     
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
     
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
     
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = localhost
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = bert.intra, localhost, localhost.localdomain, localhost
    relayhost = 
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html

     
    hier volgt onze aangepaste versie van /etc/postfix/main.cf

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    ## aangepast om te checken of de file wordt gelezen ...
    smtpd_banner = $myhostname ESMTP $mail_name ... soms is het hier donker
    biff = no
     
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
     
    ## Uncommented door bvdb 
    delay_warning_time = 4h
     
    readme_directory = /usr/share/doc/postfix
     
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
     
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
     
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    ## aangepast 28/10 bvbd
    myhostname = mail.bert.intra
    ## /etc/mailname bevat het domein: bert.intra
    myorigin = /etc/mailname
    ## dit moeten we zo laten staan, onze bak doet de relay
    relayhost = 
    ## dit komt overeen met 'my_networks_style=host' -> uiteindelijk wordt alleen localhost toegelaten
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    ## inet_interfaces en protocols zijn inderdaad van alle kanten ipv4/ipv6 bereikbaar
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    ###
    ## omdat we met virtuele domeinen werken moeten de volgende declaraties leeg zijn
    local_recipient_maps =
    ##mydestination = bert.intra, localhost, localhost.localdomain, localhost
    mydestination =
    ### various settings (flurdy.com)
    ## will it be a permanent error or temporary
    unknown_local_recipient_reject_code = 450
    # how long to keep message on queue before return as failed.
    # some have 3 days, I have 16 days as I am backup server for some people
    # whom go on holiday with their server switched off.
    maximal_queue_lifetime = 7d
    # max and min time in seconds between retries if connection failed
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    # how long to wait when servers connect before receiving rest of data
    smtp_helo_timeout = 60s
    # how many address can be used in one message.
    # effective stopper to mass spammers, accidental copy in whole address list
    # but may restrict intentional mail shots.
    smtpd_recipient_limit = 16
    # how many error before back off.
    smtpd_soft_error_limit = 3
    # how many max errors before blocking it.
    smtpd_hard_error_limit = 12
    ### settings on virtual domains:
    # not sure of the difference of the next two
    # but they are needed for local aliasing
    alias_maps = hash:/etc/postfix/aliases
    ## alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/postfix/aliases
    ## alias_database = hash:/etc/aliases
    # this specifies where the virtual mailbox folders will be located
    virtual_mailbox_base = /var/spool/mail/virtual
    # this is for the mailbox location for each user
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
    # and this is for aliases
    virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
    # and this is for domain lookups
    virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
    # this is how to connect to the domains (all virtual, but the option is there)
    # not used yet
    # transport_maps = mysql:/etc/postfix/mysql_transport.cf
    ### You can (as in my older editions) use a lookup for the uid and gid of the owner of mail files. But I tend to have one owner(virtual), so instead add this:
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    ###
    ### restrictions (flurdy.com -->> temporarily commented out)
    ### Requirements for the HELO statement
    #smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
    # Requirements for the sender details
    #smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
    # Requirements for the connecting server 
    # smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
    # Requirement for the recipient address
    # smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
    # smtpd_data_restrictions = reject_unauth_pipelining
    # require proper helo at connections 
    # smtpd_helo_required = yes
    # waste spammers time before rejecting them
    # smtpd_delay_reject = yes
    # disable_vrfy_command = yes

     
    We moeten nu nog een alias bestand kopiëren:
    $ sudo cp /etc/aliases /etc/postfix/aliases
    hierin zit het volgende:

    # See man 5 aliases for format
    postmaster:    root

    Vervolgens voeren we het volgende commando uit: let op de foutmeldingen en pas zo nodig aan in /etc/postfix/main.cf
    $ sudo postalias /etc/postfix/aliases

    postalias: warning: /etc/postfix/main.cf, line 47: overriding earlier entry: mydestination=bert.intra, localhost, localhost.localdomain, localhost

    Blijkbaar hadden we twee keer gebruik gemaakt van mydestination=
    Na verbeteren proberen we opnieuw ... en krijgen we geen foutmeldingen meer.
     
    Tenslotte maken we de eerder vermelde gebruiker virtual aan met uid/gid 5000:5000 en geven we rechten aan de postfix directory in /var/lib ...

    $ sudo groupadd --system virtual -g 5000
    $ sudo useradd --system virtual -u 5000 -g 5000
    $ sudo mkdir /var/spool/mail/virtual
    $ sudo chown -R virtual:virtual /var/spool/mail/virtual

     

  3. postfix -> mysql configuratie
     
    In de directory /etc/postfix plaatsen we de volgende 3 config-files:
     
    $ sudo vim /etc/postfix/mysql_mailbox.cf
    user=mail
    password=sdf12345
    dbname=maildb
    table=users
    select_field=maildir
    where_field=id
    hosts=127.0.0.1
    additional_conditions = and enabled = 1

     
    $ sudo vim /etc/postfix/mysql_alias.cf

    user=mail
    password=sdf12345
    dbname=maildb
    table=aliases
    select_field=destination
    where_field=mail
    hosts=127.0.0.1
    additional_conditions = and enabled = 1

     
    $ sudo vim /etc/postfix/mysql_domains.cf

    user=mail
    password=sdf12345
    dbname=maildb
    table=domains
    select_field=domain
    where_field=domain
    hosts=127.0.0.1
    additional_conditions = and enabled = 1

     

  4. postfix herstarten
     
    nu alle configuratie stappen betreffende postfix zijn uitgevoerd, kunnen we postfix opstarten met de nieuwe config:
     
    $ sudo service postfix reload
    Reloading Postfix configuration... [ OK ]
     
    we kijken ook nog even naar de logs ...
    $ tail /var/log/syslog
    Nov  31 39:17:01 localhost CRON[2631]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    Nov  31 29:40:35 localhost postfix/master[2420]: reload -- version 2.11.0, configuration /etc/postfix

     
    $ tail /var/log/mail.log

    Nov  31 79:40:35 localhost postfix/master[2420]: reload -- version 2.11.0, configuration /etc/postfix

    Blijkbaar niets opmerkelijks ...
     

  5. postfix testen
     
    We kunnen postfix nu testen met een telnet op poort 25 ...
    $ telnet localhost 25
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    HELO user1

    ... maar helaas gebeurt er niets.
    In de logs zien we het volgende:
    $ tail /var/log/mail.log

    Nov  4 19:48:12 localhost postfix/smtpd[2672]: fatal: bad numerical configuration: smtpd_soft_error_limit = 20 # debugging only later set to 3
    Nov  4 19:48:13 localhost postfix/master[2420]: warning: process /usr/lib/postfix/smtpd pid 2672 exit status 1
    Nov  4 19:48:13 localhost postfix/master[2420]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

    We zoeken deze error even op ...
    We hadden commentaar achter de configuratieregel geschreven (wel gescheiden met #) en blijkbaar mag dat niet ...
    We passen dit aan en herstarten ...
     
    bert@mail:/etc/postfix$ sudo service postfix reload
    Reloading Postfix configuration... [ OK ]
    bert@mail:/etc/postfix$ telnet localhost 25

    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    220 mail.bert.intra ESMTP Postfix ... soms is het hier donker
    HELO jeanne
    250 mail.bert.intra
    mail from: bert@bert.intra
    250 2.1.0 Ok
    rcpt to: jeanne@bert.intra
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    dit is de email
    .
    250 2.0.0 Ok: queued as 22C92540BC9
    exit
    502 5.5.2 Error: command not recognized
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.

    ... en dat ziet er heel wat beter uit ....
     
    We vinden een file in /var/mail/virtual/jeanne/new ...
    1478286011.V801I540bd7M110450.mail
    $ sudo cat /var/mail/virtual/jeanne/new/1478286011.V801I540bd7M110450.mail

    Return-Path: <bert@bert.intra>
    X-Original-To: jeanne@bert.intra
    Delivered-To: jeanne@bert.intra
    Received: from jeanne (localhost [IPv6:::1])
    by mail.bert.intra (Postfix) with SMTP id 22C92540BC9
    for <jeanne@bert.intra>; Fri,  4 Nov 2016 19:59:52 +0100 (CET)
    Message-Id: <20161104190003.22C92540BC9@mail.bert.intra>
    Date: Fri,  4 Nov 2016 19:59:52 +0100 (CET)
    From: bert@bert.intra
     
    dit is de email

    De log files zien er nu zo uit:

    Nov  4 19:59:27 localhost postfix/smtpd[2846]: connect from localhost[::1]
    Nov  4 20:00:03 localhost postfix/smtpd[2846]: 22C92540BC9: client=localhost[::1]
    Nov  4 20:00:11 localhost postfix/cleanup[2855]: 22C92540BC9: message-id=<20161104190003.22C92540BC9@mail.bert.intra>
    Nov  4 20:00:11 localhost postfix/qmgr[2841]: 22C92540BC9: from=<bert@bert.intra>, size=312, nrcpt=1 (queue active)
    Nov  4 20:00:11 localhost postfix/virtual[2858]: 22C92540BC9: to=<jeanne@bert.intra>, relay=virtual, delay=19, delays=19/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
    Nov  4 20:00:11 localhost postfix/qmgr[2841]: 22C92540BC9: removed
    Nov  4 20:00:16 localhost postfix/smtpd[2846]: disconnect from localhost[::1]

    Ja, er is een mail verstuurd naar een lokaal adres ....
    Misschien kunnen we die mail nu ophalen met IMAP4 via de software COURIER en een client als OutlookExpress of Thunderbird ...