One place for hosting & domains

      SendOnly

      How To Install and Configure Postfix as a Send-Only SMTP Server on Ubuntu 18.04


      The author selected the Free and Open Source Fund to receive a donation as part of the Write for DOnations program.

      Introduction

      Postfix is a mail transfer agent (MTA), an application used to send and receive email. It can be configured so that it can be used to send emails by local application only. This is useful in situations when you need to regularly send email notifications from your apps or simply have a lot of outbound traffic that a third-party email service provider won’t allow. It’s also a lighter alternative to running a full-blown SMTP server, while retaining the required functionality.

      In this tutorial, you’ll install and configure Postfix as a send-only SMTP server. You’ll also request free TLS certificates from Let’s Encrypt for your domain and encrypt the outbound emails using them.

      Prerequisites

      • One Ubuntu 18.04 server set up with the Initial Server Setup with Ubuntu 18.04, including creating a sudo non-root user.
      • A fully registered domain name. This tutorial will use your_domain throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
      • An A DNS record with your_domain pointing to your server’s public IP address. You can follow this introduction to DigitalOcean DNS for details on how to add them.

      Note: Your server’s hostname and your Droplet’s name must match your_domain, because DigitalOcean automatically sets PTR records for the Droplet’s IP address according to its name.

      You can verify the server’s hostname by typing hostname at the command prompt. The output should match the name you gave the Droplet when it was being created.

      Step 1 — Installing Postfix

      In this step, you’ll install Postfix. The fastest way is to install the mailutils package, which bundles Postfix with a few supplementary programs that you’ll use to test sending email.

      First, update the package database:

      Then, install Postfix by running the following command:

      • sudo apt install mailutils

      Near the end of the installation process, you will be presented with the Postfix configuration window:

      Select Internet Site from the menu, then press TAB to select <Ok>, then ENTER

      The default option is Internet Site. That’s the recommended option for your use case, so press TAB, and then ENTER. If you only see the description text, press TAB to select OK, then ENTER.

      If it does not show up automatically, run the following command to start it:

      • sudo dpkg-reconfigure postfix

      After that, you’ll get another configuration prompt regarding the System mail name:

      Enter your domain name, then press TAB to select <Ok>, ENTER

      The System mail name must be the same as the name you assigned to your server when you were creating it. When you’ve finished, press TAB, followed by ENTER.

      You have now installed Postfix and are ready to start configuring it.

      Step 2 — Configuring Postfix

      In this step, you’ll configure Postfix to send and receive emails only from the server on which it is running on—that is, from localhost.

      For that to happen, Postfix needs to be configured to listen only on the loopback interface, the virtual network interface that the server uses to communicate internally. To make the changes, you’ll need to edit the main Postfix configuration file called main.cf, stored under etc/postfix.

      Open it for editing using your favorite text editor:

      • sudo nano /etc/postfix/main.cf

      Find the following lines:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      . . .
      

      Set the value of the inet_interfaces setting to loopback-only:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = loopback-only
      . . .
      

      Another directive you’ll need to modify is mydestination, which is used to specify the list of domains that are delivered via the local_transport mail delivery transport. By default, the values are similar to these:

      /etc/postfix/main.cf

      . . .
      mydestination = $myhostname, your_domain, localhost.com, , localhost
      . . .
      

      Change the line to look like this:

      /etc/postfix/main.cf

      . . .
      mydestination = localhost.$mydomain, localhost, $myhostname
      . . .
      

      If your domain is actually a subdomain, and you’d want the email messages to look as if they were sent from the main domain, you can add the following line to the end of main.cf:

      /etc/postfix/main.cf

      ...
      masquerade_domains = your_main_domain
      

      The optional masquerade_domains setting specifies for which domains the subdomain part will be stripped off in the email address.

      When you are done, save and close the file.

      Note: If you’re hosting multiple domains on a single server, the other domains can also be passed to Postfix using the mydestination directive.

      Then, restart Postfix by running the following command:

      • sudo systemctl restart postfix

      You’ve configured Postfix to only send emails from your server. You’ll now test it by sending an example message to an email address.

      Step 3 — Testing the SMTP Server

      In this step, you’ll test whether Postfix can send emails to an external email account using the mail command, which is part of the mailutils package that you installed in the first step.

      To send a test email, run the following command:

      • echo "This is the body of the email" | mail -s "This is the subject line" your_email_address

      You can change the body and the subject of the email to your liking. Remember to replace your_email_address with a valid email address that you can access.

      Now, check the email address to which you sent this message. You should see the message in your inbox. If it’s not there, check your spam folder. At this point, all emails you send are unencrypted, which makes service providers think it’s likely spam. You’ll set up encryption later, in step 5.

      If you receive an error from the mail command, or you haven’t received a message after prolonged periods of time, check that the Postfix configuration you edited is valid and that your server’s name and hostname are set to your domain.

      Note that with this configuration, the address in the From field for the test emails you send will be in the form of your_user_name@your_domain, where your_user_name is the username of the server user you ran the command as.

      You have now sent an email from your server and verified that it’s successfully received. In the next step, you’ll set up email forwarding for root.

      Step 4 — Forwarding System Mail

      In this step, you’ll set up email forwarding for user root, so that system-generated messages sent to it on your server get forwarded to an external email address.

      The /etc/aliases file contains a list of alternate names for email recipients. Open it for editing:

      In its default state, it looks like this:

      /etc/aliases

      # See man 5 aliases for format
      postmaster:    root
      

      The only directive present specifies that system generated emails are sent to root.

      Add the following line to the end of the file:

      /etc/aliases

      ...
      root:          your_email_address
      

      With this line, you specify that emails sent to root end up being forwarded to an email address. Remember to replace your_email_address with your personal email address. When you are done, save and close the file.

      For the change to take effect, run the following command:

      Running newaliases will build up a database of aliases that the mail command uses, which are taken from the config file you just edited.

      Test that sending emails to root works by running:

      • echo "This is the body of the email" | mail -s "This is the subject line" root

      You should receive the email at your email address. If it’s not there, check your spam folder.

      In this step, you have set up forwarding system-generated messages to your email address. You’ll now enable message encryption, so that all emails your server sends are immune to tampering in transit and will be viewed as more legitimate.

      Step 5 — Enabling SMTP Encryption

      You’ll now enable SMTP encryption by requesting a free TLS certificate from Let’s Encrypt for your domain (using Certbot) and configuring Postfix to use it when sending messages.

      Ubuntu includes Certbot in their default package repository, but it may happen that it’s out of date. Instead, you’ll add the official repository by running the following command:

      • sudo add-apt-repository ppa:certbot/certbot

      Press ENTER when prompted to accept. Then, update your server’s package manager cache:

      Finally, install the latest version of Certbot:

      • sudo apt install certbot -y

      As part of the initial server setup in the prerequisites, you installed ufw, the uncomplicated firewall. You’ll need to configure it to allow the HTTP port 80, so that domain verification can be completed. Run the following command to enable it:

      The output will look like this:

      Output

      Rule added Rule added (v6)

      Now that the port is open, run Certbot to get a certificate:

      • sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domain

      This command orders Certbot to issue certificates with an RSA key size of 4096 bits, to run a temporary standalone web server (--standalone) for verification, and to check via port 80 (--preferred-challenges http). Remember to replace your_domain with your domain before running the command, and enter your email address when prompted.

      The output will be similar to this:

      Output

      Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for `your_domain` Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/your_domain/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/your_domain/privkey.pem Your cert will expire on 2020-07-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

      As written in the notes, your certificate and private key file were saved under /etc/letsencrypt/live/your_domain.

      Now that you have your certificate, open main.cf for editing:

      • sudo nano /etc/postfix/main.cf

      Find the following section:

      /etc/postfix/main.cf

      # TLS parameters
      smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      

      Modify it to look like this, replacing your_domain with your domain where necessary, which will update your TLS settings for Postfix:

      /etc/postfix/main.cf

      # TLS parameters
      smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
      smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
      smtp_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      

      Once you’re done, save and close the file.

      Apply the changes by restarting Postfix:

      • sudo systemctl restart postfix

      Now, try sending an email again:

      • echo "This is the body of an encrypted email" | mail -s "This is the subject line" your_email_address

      Then, check the email address you provided. It’s possible that you’ll see the message in your inbox immediately, because email providers are much more likely to mark unencrypted messages as spam.

      You can check the technical info about the email message in your client to see that the message is indeed encrypted.

      Conclusion

      You now have a send-only email server, powered by Postfix. Encrypting all outgoing messages is a good first step to email providers not marking your messages as spam outright. If you are doing this in a development scenario, then this measure should be enough.

      However, if your use case is to send emails to potential site users (such as confirmation emails for a message board sign-up), you should look into setting up SPF records, so that your server’s emails are even more likely to be seen as legitimate.



      Source link

      How To Install and Configure Postfix as a Send-Only SMTP Server on Debian 10


      Introduction

      Postfix is a mail transfer agent (MTA), an application used to send and receive email. In this tutorial, you will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server as Postfix.

      Why would you want to do that?

      If you’re already using a third-party email provider for sending and receiving emails, you do not need to run your own mail server. However, if you manage a cloud server on which you have installed applications that need to send email notifications, running a local, send-only SMTP server is a good alternative to using a third-party email service provider or running a full-blown SMTP server.

      In this tutorial, you’ll install and configure Postfix as a send-only SMTP server on Debian 10.

      Prerequisites

      To follow this tutorial, you will need:

      Note that your server’s hostname should match your domain or subdomain. You can verify the server’s hostname by typing hostname at the command prompt. The output should match the name you gave the server when it was being created.

      Step 1 — Installing Postfix

      In this step, you’ll learn how to install Postfix. You will need two packages: mailutils, which includes programs necessary for Postfix to function, and postfix itself.

      First, update the package database:

      Next, install mailtuils:

      • sudo apt install mailutils

      Finally, install postfix:

      Near the end of the installation process, you will be presented with a window that looks like the one in the image below:

      Initial Config Screen

      Press ENTER to continue.

      The default option is Internet Site, which is preselected on the following screen:

      Config Selection Screen

      Press ENTER to continue.

      After that, you'll get another window to set the System mail name:

      System Mail Name Selection

      The System mail name should be the same as the name you assigned to the server when you were creating it. If it shows a subdomain like subdomain.example.com, change it to just example.com. When you've finished, press TAB, then ENTER.

      You now have Postfix installed and are ready to modify its configuration settings.

      Step 2 — Configuring Postfix

      In this step, you'll configure Postfix to process requests to send emails only from the server on which it is running, i.e. from localhost.

      For that to happen, Postfix needs to be configured to listen only on the loopback interface, the virtual network interface that the server uses to communicate internally. To make the change, open the main Postfix configuration file using nano or your favorite text editor:

      • sudo nano /etc/postfix/main.cf

      With the file open, scroll down until you see the following section:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      . . .
      

      Change the line that reads inet_interfaces = all to inet_interfaces = loopback-only:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = loopback-only
      . . .
      

      Another directive you'll need to modify is mydestination, which is used to specify the list of domains that are delivered via the local_transport mail delivery transport. By default, the values are similar to these:

      /etc/postfix/main.cf

      . . . mydestination = $myhostname, example.com, localhost.com, , localhost . . .

      The recommended defaults for this directive are given in the code block below, so modify yours to match:

      /etc/postfix/main.cf

      . . . mydestination = $myhostname, localhost.$mydomain, $mydomain . . .

      Save and close the file.

      Note: If you're hosting multiple domains on a single server, the other domains can also be passed to Postfix using the mydestination directive. However, to configure Postfix in a manner that scales and that does not present issues for such a setup involves additional configurations that are beyond the scope of this article.

      Finally, restart Postfix.

      • sudo systemctl restart postfix

      Step 3 — Testing the SMTP Server

      In this step, you'll test whether Postfix can send emails to an external email account using the mail command, which is part of the mailutils package you installed in Step 1.

      To send a test email, type:

      • echo "This is the body of the email" | mail -s "This is the subject line" your_email_address

      In performing your own test(s), you may use the body and subject line text as-is, or change them to your liking. However, in place of your_email_address, use a valid email address. The domain can be gmail.com, fastmail.com, yahoo.com, or any other email service provider that you use.

      Now check the email address where you sent the test message. You should see the message in your Inbox. If not, check your Spam folder.

      Note that with this configuration, the address in the From field for the test emails you send will be sammy@example.com, where sammy is your Linux non-root username and the domain is the server's hostname. If you change your username, the From address will also change.

      Step 4 — Forwarding System Mail

      The last thing we want to set up is forwarding, so you'll get emails sent to root on the system at your personal, external email address.

      To configure Postfix so that system-generated emails will be sent to your email address, you need to edit the /etc/aliases file. Open that file now:

      The full contents of the file on a default installation of Debian 10 are as follows:

      /etc/aliases

      mailer-daemon: postmaster
      postmaster: root
      nobody: root
      hostmaster: root
      usenet: root
      news: root
      webmaster: root
      www: root
      ftp: root
      abuse: root
      noc: root
      security: root
      

      The postmaster: root setting ensures that system-generated emails are sent to the root user. You want to edit these settings so these emails are rerouted to your email address. To accomplish that, add the following line below the postmaster: root setting:

      /etc/aliases

      mailer-daemon: postmaster
      postmaster:    root
      root:          your_email_address
      . . .
      

      Replace your_email_address with your personal email address. When finished, save and close the file. For the change to take effect, run the following command:

      You can test that it works by sending an email to the root account using:

      • echo "This is the body of the email" | mail -s "This is the subject line" root

      You should receive the email at your email address. If not, check your Spam folder.

      Conclusion

      That's all it takes to set up a send-only email server using Postfix. You may want to take some additional steps to protect your domain from spammers, however.

      If you want to receive notifications from your server at a single address, then having emails marked as Spam is less of an issue because you can create a whitelist workaround. However, if you want to send emails to potential site users (such as confirmation emails for a message board sign-up), you should definitely set up SPF records and DKIM so your server's emails are more likely to be seen as legitimate.

      If configured correctly, these steps make it difficult to send Spam with an address that appears to originate from your domain. Taking these additional configuration steps will also make it more likely for common mail providers to see emails from your server as legitimate.



      Source link

      How To Install and Configure Postfix as a Send-Only SMTP Server on Debian 9


      Introduction

      Postfix is a mail transfer agent (MTA), an application used to send and receive email. In this tutorial, you will install and configure Postfix so that it can be used to send emails by local applications only — that is, those installed on the same server as Postfix.

      Why would you want to do that?

      If you’re already using a third-party email provider for sending and receiving emails, you do not need to run your own mail server. However, if you manage a cloud server on which you have installed applications that need to send email notifications, running a local, send-only SMTP server is a good alternative to using a third-party email service provider or running a full-blown SMTP server.

      In this tutorial, you’ll install and configure Postfix as a send-only SMTP server on Debian 9.

      Prerequisites

      To follow this tutorial, you will need:

      Note that your server’s hostname should match your domain or subdomain. You can verify the server’s hostname by typing hostname at the command prompt. The output should match the name you gave the server when it was being created.

      Step 1 — Installing Postfix

      In this step, you’ll learn how to install Postfix. You will need two packages: mailutils, which includes programs necessary for Postfix to function, and postfix itself.

      First, update the package database:

      Next, install mailtuils:

      • sudo apt install mailutils

      Finally, install postfix:

      Near the end of the installation process, you will be presented with a window that looks like the one in the image below. The default option is Internet Site. That's the recommended option for this tutorial, so press TAB, then ENTER.

      Select Internet Site from the menu, then press TAB to select <Ok>, then ENTER

      After that, you'll get another window just like the one in the next image. The System mail name should be the same as the name you assigned to the server when you were creating it. If it shows a subdomain like subdomain.example.com, change it to just example.com. When you've finished, press TAB, then ENTER.

      Enter your domain name, then press TAB to select <Ok>, ENTER

      You now have Postfix installed and are ready to modify its configuration settings.

      Step 2 — Configuring Postfix

      In this step, you'll configure Postfix to process requests to send emails only from the server on which it is running, i.e. from localhost.

      For that to happen, Postfix needs to be configured to listen only on the loopback interface, the virtual network interface that the server uses to communicate internally. To make the change, open the main Postfix configuration file using nano or your favorite text editor:

      • sudo nano /etc/postfix/main.cf

      With the file open, scroll down until you see the following section:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      . . .
      

      Change the line that reads inet_interfaces = all to inet_interfaces = loopback-only:

      /etc/postfix/main.cf

      . . .
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = loopback-only
      . . .
      

      Another directive you'll need to modify is mydestination, which is used to specify the list of domains that are delivered via the local_transport mail delivery transport. By default, the values are similar to these:

      /etc/postfix/main.cf

      . . . mydestination = $myhostname, example.com, localhost.com, , localhost . . .

      The recommended defaults for this directive are given in the code block below, so modify yours to match:

      /etc/postfix/main.cf

      . . . mydestination = $myhostname, localhost.$your_domain, $your_domain . . .

      Save and close the file.

      Note: If you're hosting multiple domains on a single server, the other domains can also be passed to Postfix using the mydestination directive. However, to configure Postfix in a manner that scales and that does not present issues for such a setup involves additional configurations that are beyond the scope of this article.

      Finally, restart Postfix.

      • sudo systemctl restart postfix

      Step 3 — Testing the SMTP Server

      In this step, you'll test whether Postfix can send emails to an external email account using the mail command, which is part of the mailutils package you installed in Step 1.

      To send a test email, type:

      • echo "This is the body of the email" | mail -s "This is the subject line" your_email_address

      In performing your own test(s), you may use the body and subject line text as-is, or change them to your liking. However, in place of your_email_address, use a valid email address. The domain part can be gmail.com, fastmail.com, yahoo.com, or any other email service provider that you use.

      Now check the email address where you sent the test message. You should see the message in your Inbox. If not, check your Spam folder.

      Note that with this configuration, the address in the From field for the test emails you send will be sammy@example.com, where sammy is your Linux username and the domain is the server's hostname. If you change your username, the From address will also change.

      Step 4 — Forwarding System Mail

      The last thing we want to set up is forwarding, so you'll get emails sent to root on the system at your personal, external email address.

      To configure Postfix so that system-generated emails will be sent to your email address, you need to edit the /etc/aliases file:

      The full contents of the file on a default installation of Debian 9 are as follows:

      /etc/aliases

      mailer-daemon: postmaster
      postmaster: root
      nobody: root
      hostmaster: root
      usenet: root
      news: root
      webmaster: root
      www: root
      ftp: root
      abuse: root
      noc: root
      security: root
      

      The postmaster: root setting ensures that system-generated emails are sent to the root user. You want to edit these settings so these emails are rerouted to your email address. To accomplish that, edit the file so that it reads:

      /etc/aliases

      mailer-daemon: postmaster
      postmaster:    root
      root:          your_email_address
      . . .
      

      Replace your_email_address with your personal email address. When finished, save and close the file. For the change to take effect, run the following command:

      You can test that it works by sending an email to the root account using:

      • echo "This is the body of the email" | mail -s "This is the subject line" root

      You should receive the email at your email address. If not, check your Spam folder.

      Conclusion

      That's all it takes to set up a send-only email server using Postfix. You may want to take some additional steps to protect your domain from spammers, however.

      If you want to receive notifications from your server at a single address, then having emails marked as Spam is less of an issue because you can create a whitelist workaround. However, if you want to send emails to potential site users (such as confirmation emails for a message board sign-up), you should definitely set up SPF records and DKIM so your server's emails are more likely to be seen as legitimate.

      If configured correctly, these steps make it difficult to send Spam with an address that appears to originate from your domain. Taking these additional configuration steps will also make it more likely for common mail providers to see emails from your server as legitimate.



      Source link