home       inleiding       sysadmin       services       links       bash       werk       nothing      

mail server: postfix

 
Als MTA (Mail Transfer Agent) gebruiken we postfix.
 

  1. postfix install
     
    We kijken eerst even welke postfix pakketten er allemaal beschikbaar zijn op ubuntu14.04:
     
    bert@mail:~$ aptitude search postfix

    p   amavisd-new-postfix             - part of Ubuntu mail stack provided by Ubun
p   bld-postfix                     - Postfix tools for the Black List Daemon   
p   libpostfix-parse-mailq-perl     - module to parse the postfix mail queue    
p   mysqmail-postfix-logger         - real-time logging system in MySQL - Postfi
p   postfix                         - High-performance mail transport agent     
p   postfix-cdb                     - CDB map support for Postfix               
p   postfix-cluebringer             - anti-spam plugin for Postfix              
p   postfix-dev                     - Loadable modules development environment f
p   postfix-doc                     - Documentation for Postfix                 
p   postfix-gld                     - greylisting daemon for postfix, written in
p   postfix-ldap                    - LDAP map support for Postfix              
p   postfix-mysql                   - MySQL map support for Postfix             
p   postfix-pcre                    - PCRE map support for Postfix              
p   postfix-pgsql                   - PostgreSQL map support for Postfix        
p   postfix-policyd-spf-perl        - Simple Postfix policy server for RFC 4408 
p   postfix-policyd-spf-python      - Postfix policy server for SPF checking    
p   postfixadmin                    - Virtual mail hosting interface for Postfix

    Het is evident dat we het pakket postfix zelf nodig hebben, maar natuurlijk ook postfix-mysql, en waarom ook niet postfix-doc
     
    We installeren ...
    bert@mail:~$ sudo apt-get install postfix postfix-mysql postfix-doc

    Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
ssl-cert
Suggested packages:
procmail postfix-pgsql postfix-ldap postfix-pcre sasl2-bin dovecot-common
postfix-cdb mail-reader openssl-blacklist
The following NEW packages will be installed:
postfix postfix-doc postfix-mysql ssl-cert
0 upgraded, 4 newly installed, 0 to remove and 15 not upgraded.
Need to get 1931 kB of archives.
After this operation, 7372 kB of additional disk space will be used.

    We kiezen voor Internet Site:

    General type of mail configuration:                                      

                        No configuration                              
                   -->  Internet Site                                  
                        Internet with smarthost                       
                        Satellite system                              
                        Local only                                     

               <Ok>                         <Cancel>

    In mijn geval is system mail name = bert.intra 

    Thus, if a mail address on the local host is 
foo@example.org, the correct value for this 
option would be example.org.                               
                                         
System mail name:                             
                               
bert.intra   _________________________________
      
     <Ok>             <Cancel>

    we zien ook nog het volgende van het scherm rollen:

    Adding group `postfix' (GID 114) ...
Done.
Adding system user `postfix' (UID 106) ...
Adding new user `postfix' (UID 106) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID 115) ...
Done.
setting myhostname: localhost
setting alias maps
setting alias database
changing /etc/mailname to bert.intra
setting myorigin
setting destinations: bert.intra, localhost, localhost.localdomain, localhost
setting relayhost: 
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
setting inet_protocols: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.
 
Postfix is now set up with a default configuration.  If you need to make 
changes, edit
/etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
values, see postconf(1).
 
After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.
 
Running newaliases
* Stopping Postfix Mail Transport Agent postfix                                                      [ OK ] 
* Starting Postfix Mail Transport Agent postfix                                                      [ OK ] 
Setting up postfix-doc (2.11.0-1ubuntu1) ...
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up postfix-mysql (2.11.0-1ubuntu1) ...
Adding mysql map entry to /etc/postfix/dynamicmaps.cf
Processing triggers for libc-bin (2.19-0ubuntu6.9) ...

    De volledige documentatie over postfix wordt geinstalleerd in /usr/share/doc/postfix en /usr/share/doc/postfix-doc.
     
    Het pakket postfix-mysql is niet meer dan een library:

    $ dpkg -L postfix-mysql
/usr/lib/postfix/dict_mysql.so
/usr/share/doc/postfix-mysql/copyright
/usr/share/doc/postfix-mysql/README.Debian
/usr/share/doc/postfix-mysql/changelog.Debian.gz

    We kijken even naar /etc/mailname, maar die staat waarschijnlijk al goed: we hebben dat net ingevuld tijdens de installatie. In de MAN-pagina staat het volgende:

    NAME: mailname - the visible mail name of the system
DESCRIPTION: The  file  /etc/mailname is a plain ASCII configuration file, which on a Debian system contains the visible mail name of the system.  It is used by many different programs, usually programs that wish to send or relay mail, and need to know the name of the system.  The file contains only one line describing the fully qualified domain name that the program wishing to get the mail name should use (that is, everything after the @).

    Mijn /etc/mailname bevat het volgende:
    bert@mail:~$ cat /etc/mailname
    bert.intra
     

  2. postfix configuratie
     
    De postfix configuratie bevindt zich in de directory /etc/postfix :
    $ ls /etc/postfix 
    dynamicmaps.cf  main.cf  master.cf   post-install  postfix-files  postfix-script  sasl

    We concentreren ons even op /etc/postfix/main.cf :

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
 
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
 
readme_directory = /usr/share/doc/postfix
 
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
 
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = bert.intra, localhost, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html

     
    hier volgt onze aangepaste versie van /etc/postfix/main.cf

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
## aangepast om te checken of de file wordt gelezen ...
smtpd_banner = $myhostname ESMTP $mail_name ... soms is het hier donker
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
## Uncommented door bvdb 
delay_warning_time = 4h
 
readme_directory = /usr/share/doc/postfix
 
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
 
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
## aangepast 28/10 bvbd
myhostname = mail.bert.intra
## /etc/mailname bevat het domein: bert.intra
myorigin = /etc/mailname
## dit moeten we zo laten staan, onze bak doet de relay
relayhost = 
## dit komt overeen met 'my_networks_style=host' -> uiteindelijk wordt alleen localhost toegelaten
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
## inet_interfaces en protocols zijn inderdaad van alle kanten ipv4/ipv6 bereikbaar
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
###
## omdat we met virtuele domeinen werken moeten de volgende declaraties leeg zijn
local_recipient_maps =
##mydestination = bert.intra, localhost, localhost.localdomain, localhost
mydestination =
### various settings (flurdy.com)
## will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
### settings on virtual domains:
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
## alias_maps = hash:/etc/aliases
alias_database = hash:/etc/postfix/aliases
## alias_database = hash:/etc/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
### You can (as in my older editions) use a lookup for the uid and gid of the owner of mail files. But I tend to have one owner(virtual), so instead add this:
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
###
### restrictions (flurdy.com -->> temporarily commented out)
### Requirements for the HELO statement
#smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server 
# smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
# Requirement for the recipient address
# smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
# smtpd_data_restrictions = reject_unauth_pipelining
# require proper helo at connections 
# smtpd_helo_required = yes
# waste spammers time before rejecting them
# smtpd_delay_reject = yes
# disable_vrfy_command = yes

     
    We moeten nu nog een alias bestand kopiëren:
    $ sudo cp /etc/aliases /etc/postfix/aliases
    hierin zit het volgende:

    # See man 5 aliases for format
postmaster:    root

    Vervolgens voeren we het volgende commando uit: let op de foutmeldingen en pas zo nodig aan in /etc/postfix/main.cf
    $ sudo postalias /etc/postfix/aliases

    postalias: warning: /etc/postfix/main.cf, line 47: overriding earlier entry: mydestination=bert.intra, localhost, localhost.localdomain, localhost

    Blijkbaar hadden we twee keer gebruik gemaakt van mydestination=
    Na verbeteren proberen we opnieuw ... en krijgen we geen foutmeldingen meer.
     
    Tenslotte maken we de eerder vermelde gebruiker virtual aan met uid/gid 5000:5000 en geven we rechten aan de postfix directory in /var/lib ...

    $ sudo groupadd --system virtual -g 5000
$ sudo useradd --system virtual -u 5000 -g 5000
$ sudo mkdir /var/spool/mail/virtual
$ sudo chown -R virtual:virtual /var/spool/mail/virtual

     

  3. postfix -> mysql configuratie
     
    In de directory /etc/postfix plaatsen we de volgende 3 config-files:
     
    $ sudo vim /etc/postfix/mysql_mailbox.cf 
    user=mail
password=sdf12345
dbname=maildb
table=users
select_field=maildir
where_field=id
hosts=127.0.0.1
additional_conditions = and enabled = 1

     
    $ sudo vim /etc/postfix/mysql_alias.cf

    user=mail
password=sdf12345
dbname=maildb
table=aliases
select_field=destination
where_field=mail
hosts=127.0.0.1
additional_conditions = and enabled = 1

     
    $ sudo vim /etc/postfix/mysql_domains.cf

    user=mail
password=sdf12345
dbname=maildb
table=domains
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1

     

  4. postfix herstarten
     
    nu alle configuratie stappen betreffende postfix zijn uitgevoerd, kunnen we postfix opstarten met de nieuwe config:
     
    $ sudo service postfix reload
    Reloading Postfix configuration... [ OK ]
     
    we kijken ook nog even naar de logs ...
    $ tail /var/log/syslog 
    Nov  31 39:17:01 localhost CRON[2631]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Nov  31 29:40:35 localhost postfix/master[2420]: reload -- version 2.11.0, configuration /etc/postfix

     
    $ tail /var/log/mail.log

    Nov  31 79:40:35 localhost postfix/master[2420]: reload -- version 2.11.0, configuration /etc/postfix

    Blijkbaar niets opmerkelijks ...
     

  5. postfix testen
     
    We kunnen postfix nu testen met een telnet op poort 25 ...
    $ telnet localhost 25 
    Trying ::1...
Connected to localhost.
Escape character is '^]'.
HELO user1

    ... maar helaas gebeurt er niets.
    In de logs zien we het volgende:
    $ tail /var/log/mail.log

    Nov  4 19:48:12 localhost postfix/smtpd[2672]: fatal: bad numerical configuration: smtpd_soft_error_limit = 20 # debugging only later set to 3
Nov  4 19:48:13 localhost postfix/master[2420]: warning: process /usr/lib/postfix/smtpd pid 2672 exit status 1
Nov  4 19:48:13 localhost postfix/master[2420]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

    We zoeken deze error even op ...
    We hadden commentaar achter de configuratieregel geschreven (wel gescheiden met #) en blijkbaar mag dat niet ...
    We passen dit aan en herstarten ...
     
    bert@mail:/etc/postfix$ sudo service postfix reload
    Reloading Postfix configuration... [ OK ]
    bert@mail:/etc/postfix$ telnet localhost 25

    Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bert.intra ESMTP Postfix ... soms is het hier donker
HELO jeanne
250 mail.bert.intra
mail from: bert@bert.intra
250 2.1.0 Ok
rcpt to: jeanne@bert.intra
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
dit is de email
.
250 2.0.0 Ok: queued as 22C92540BC9
exit
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.

    ... en dat ziet er heel wat beter uit ....
     
    We vinden een file in /var/mail/virtual/jeanne/new ...
    1478286011.V801I540bd7M110450.mail
    $ sudo cat /var/mail/virtual/jeanne/new/1478286011.V801I540bd7M110450.mail

    Return-Path: <bert@bert.intra>
X-Original-To: jeanne@bert.intra
Delivered-To: jeanne@bert.intra
Received: from jeanne (localhost [IPv6:::1])
by mail.bert.intra (Postfix) with SMTP id 22C92540BC9
for <jeanne@bert.intra>; Fri,  4 Nov 2016 19:59:52 +0100 (CET)
Message-Id: <20161104190003.22C92540BC9@mail.bert.intra>
Date: Fri,  4 Nov 2016 19:59:52 +0100 (CET)
From: bert@bert.intra
 
dit is de email

    De log files zien er nu zo uit:

    Nov  4 19:59:27 localhost postfix/smtpd[2846]: connect from localhost[::1]
Nov  4 20:00:03 localhost postfix/smtpd[2846]: 22C92540BC9: client=localhost[::1]
Nov  4 20:00:11 localhost postfix/cleanup[2855]: 22C92540BC9: message-id=<20161104190003.22C92540BC9@mail.bert.intra>
Nov  4 20:00:11 localhost postfix/qmgr[2841]: 22C92540BC9: from=<bert@bert.intra>, size=312, nrcpt=1 (queue active)
Nov  4 20:00:11 localhost postfix/virtual[2858]: 22C92540BC9: to=<jeanne@bert.intra>, relay=virtual, delay=19, delays=19/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Nov  4 20:00:11 localhost postfix/qmgr[2841]: 22C92540BC9: removed
Nov  4 20:00:16 localhost postfix/smtpd[2846]: disconnect from localhost[::1]

    Ja, er is een mail verstuurd naar een lokaal adres ....
    Misschien kunnen we die mail nu ophalen met IMAP4 via de software COURIER en een client als OutlookExpress of Thunderbird ...