Setting up Postfix on Ubuntu

Posted under » PHP » Ubuntu » Linux on 1 September 2014

About Postfix is an alternative to the widely used Sendmail mail transfer agent or MTA.

This is my setup on Ubuntu 14.04 using postfix version 3.1. ($ postconf mail_version)

First thing first. Use dig to ensure your mail is being directed to your server by the DNS. 

dig yourdomain.com mx

update and then install postfix 

apt-get install postfix

Configure it. This is mine and located at /etc/postfix/main.cf. 

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = lkybast.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =  $myhostname, localhost.localdomain, localhost
virtual_alias_domains = lkybast.net lkybast.org
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_base = /home/usermail
virtual_mailbox_domains = lkybast.edu
virtual_mailbox_maps = hash:/etc/postfix/virtual_domains
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001

relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

Additional layer of protection 

#smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org

In this setup, there are 4 domains. The main domain is lkybast.com. Whereas kybast.net and lkybast.org are virtual domains. The 3 domains does not use any mailbox. Their emails are forwarded to google or yahoo mail or elsewhere. Why bother with hosting your email when there are free services you can use?

Let us configure these 3 virtual domains virtual maps at /etc/postfix/virtual 

lkybast.com  DOMAIN
root@lkybast.com   hanafi
hanafi@lkybast.com  osama@yahoo.com
clementi@lkybast.com  maselamat@gmail.com
west@lkybast.com  clementi
#
lkybast.org DOMAIN
steam@lkybast.org  hanafi
suckers@lkybast.org  gct@yahoo.com tonytan@yahoo.com
#
lkybast.net DOMAIN
@lkybast.net  hanafi

You may have noticed that some are forwarded to emails on the cloud while some are forwarded to a user email account @ lkybast.com which is the 'myhostname'. Note that lkybast.net are catch all emails to hanafi@myhostname which in in turn will be forwarded to osama@yahoo.com. We can also set up certain addresses like suckers@lkybast.org to forward to multiple accounts by using a comma-separated list but a space-separated list works great as well.

To ensure the changes are picked up by postfix 

$ postmap /etc/postfix/virtual

If you don't do this you will get the 'warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual' error.

However, there may be times when you these free pop services (yahoo and gmail etc) have some issues receiving important emails like OTP or verification emails since these services might reject or bounce them. For that it is best that you receive mails by mailbox. In this example, I use the virtual mailbox for the virtual domain, lkybast.edu

Let us configure lkybast.edu virtual_mailbox_maps at /etc/postfix/virtual_domains as stated in main.cf 

lkybast.edu  DOMAIN
hanafi@lkybast.edu  lkybast.edu/hanafi/

However, to store the mail in the mailbox lkybast.edu/hanafi/ you have to create a new usermail linux account 

$ sudo useradd -s /usr/sbin/nologin -m usermail

Get the UID and GID for this account 

$ sudo grep usermail /etc/passwd

In this case, I get 1001 so I put that to the main.cf as 

virtual_uid_maps = static:1001
virtual_gid_maps = static:1001

Create a base directory layout for domains and users 

$ sudo mkdir -p /home/usermail/lkybast.edu/hanafi

Set the permissions to allow only the user usermail to access these files 

$ sudo chown -R usermail:usermail /home/usermail
$ chmod -R 700 /home/usermail

To ensure the changes are picked up by postfix 

$ postmap /etc/postfix/virtual_maps

Finally to activate all the configuration changes in main.cf 

$ postfix reload

If you encounter problems, please look at the logs located at "/var/log/mail.log"

See also Making PHP mail() work with Sendmail/Postfix and How to delete Postfix Queue.
 

web security linux ubuntu python django git Raspberry apache mysql php drupal cake javascript css AWS data