Postfix | Bots!

Install mail server on Ubuntu or Debian

September 12, 2023 by Rumi

Disclaimer:
This howto is tested on Ubuntu 16, 18, 20 and Debian 10, 11 edition.

Installing and configuring postfix

Step 1 » Assign static IP and hostname and add a host entry for the host name .

Assign hostname in /etc/hostname

mail.tweenpath.net

Add a host entry in /etc/hosts

192.168.1.10 mail.tweenpath.net

Step 2 » Update the repositories.

tweenpath@mail:~$ sudo apt-get update

Step 3 » Install postfix and dependencies . Press enter for all prompted questions during installation. we will do that in the next step.

tweenpath@mail:~$ sudo apt-get install postfix

Step 4 » After installation issue the below command to configure postfix.

tweenpath@mail:~$ sudo dpkg-reconfigure postfix

Now you will be prompted for set of details . choose the following values and replace tweenpath.net with your domain name.

Postfix to allow Mail Relay from a Trusted IP

May 27, 2023 by Rumi

Make sure smtpd_recipient_restrictions has permit_mynetworks, something like this:

smtpd_recipient_restrictions = permit_mynetworks,<more>

This is the default, but if you have -o smtpd_recipient_restrictions=something on an smtpd line in master.cf then it will override main.cf setting.

A sample configuration that worked for me is as below-

smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes

Configure Zimbra to use SendGrid as Smarthost

September 12, 2023February 18, 2023 by Rumi

Switch to user Zimbra

su zimbra

Add credentials to relay_password file:

nano /opt/zimbra/conf/relay_password

Add:

smtp.sendgrid.net yourSendGridUsername:yourSendGridPassword

Apply configuration to Zimbra

postmap /opt/zimbra/conf/relay_password
postmap -q smtp.sendgrid.net /opt/zimbra/conf/relay_password
zmprov ms `zmhostname` zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password
zmprov ms `zmhostname` zimbraMtaSmtpSaslAuthEnable yes
zmprov ms `zmhostname` zimbraMtaSmtpCnameOverridesServername no
zmprov ms `zmhostname` zimbraMtaSmtpTlsSecurityLevel may
zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous
zmprov ms `zmhostname` zimbraMtaRelayHost smtp.sendgrid.net:587

Now wait for a couple of minutes and start testing it by sending out some test mails. Follow the log file to see if it works or not:

tail -f /var/log/zimbra.log

To undo, apply the command

zmprov ms `zmhostname` zimbraMtaRelayHost ""

Postfix SMTP Rotating IP using IPTables

August 1, 2022 by Rumi

I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

First we need creating Interface aliases for those 5 public IPs.

In my system, using centos:

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth0:1

Edit ifcfg-eth0:1
# vi ifcfg-eth0\:1

DEVICE=eth0 <-- default device
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.2 <-- default eth0 IP address
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX

Change DEVICE and IPADDR parameters

Configure DomainKeys- DKIM (OpenDKIM) with Postfix on CentOS 7

March 31, 2021 by Rumi

OpenDKIM is method to digitally sign & verify emails on the mail servers using public & private keys. In other words opendkim implements the DKIM (DomainKeys Identified Mail) standard for signing and verifying email messages on a per-domain basis. DomainKeys are implemented to reduce the chances of outgoing mails to be marked as SPAM.

In this post we will demonstrate how to install & configure DomainKeys with postfix (MTA) on CentOS 7, i am assuming Postfix is already installed with following domain and hostname.

Hostname = mail5.freshdaymall.com
Domain = freshdaymall.com

Step:1 Set EPEL Repository using below rpm command

OpenDKIM package is not available in the default yum repositories but available in CentOS 7 EPEL repositories

[root@mail5 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Step:2 Install OpenDKIM Package using yum

[root@mail5 ~]# yum install -y opendkim

Step:3 Run below Command to create keys

Execute the below command to create public & private keys under folder “/etc/opendkim/keys”

Setup mail server on centos 7 using postfix and dovecot

March 30, 2021 by Rumi

Installing packages

Step 1 » Assign hostname for the server using the below command.

[root@krizna ~]# hostnamectl set-hostname mail.krizna.com

Step 2 » Make a host entry with your IP in /etc/hosts file.

172.27.0.51 mail.krizna.com

Step 3 » Now start installing packages.

[root@krizna ~]# yum -y install postfix dovecot

After package installation continue with postfix configuration.

Configuring Postfix to block outgoing mail to all but one domain

September 6, 2019 by Rumi

This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you’re using real-world data to do some testing, do you want to send all those users irrelevant emails?).

This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

Don’t use IPTables

You could, of course, add two IPTables rules to the outgoing chain. The first of which would allow connections on Port 25 to the domain you wish to allow, the second blocking connection to any server on Port 25.

It’ll block the mail from being sent, but will mean that every one of those messages sits in the mail queue for 60 days until it’s disregarded. You could reconfigure the timeout, but given the ease of the steps below, what’s the point?

Use Transport Mapping

Using this method, we can tell Postfix to either reject the mail, or disregard it. The latter is generally the preferred method as we want the sending application to believe the mail has been sent.

Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

August 24, 2019 by Rumi

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

Increasing Attachment Size in Posfix

July 19, 2019 by Rumi

Postfix by default restrict attachment size to approx 10MB i.e. 10240000 bytes.

You can check it using following command:

postconf | grep message_size_limit

To change attachment-size to say 50 MB, run a command like:

postconf -e message_size_limit=52428800

Note:
If you are running a mail-server with SMTP/IMAP access, you need to change postfix attachment size only. I spent half-hour debugging dovecot to increase attachment size, just to realize that above change in postfix config was all I needed!

Postfix start error on CentOS

March 7, 2018 by Rumi

When I tried to start postfix today, I got the following message:

fatal: parameter inet_interfaces: no local interface found for 1.2.3.4

Solution is straightforward:

nano /etc/postfix/main.cf

comment out “inet_interfaces = all”
add “inet_protocol = ipv4”