|
|
Ligne 86 : |
Ligne 86 : |
|
| |
|
| == [http://arobaseinformatique.eklablog.com/configurer-postfix-pour-le-smtp-authentifie-orange-a128181854 Orange] == | | == [http://arobaseinformatique.eklablog.com/configurer-postfix-pour-le-smtp-authentifie-orange-a128181854 Orange] == |
| {{warn | La box d’Orange bloque le port 25 pour limiter l’envoi de spam.<br> | | {{warn | La box d’Orange bloque le port 25 en sortie ipv4 pour limiter l’envoi de spam.<br> |
| L'envoie d'email doit donc se faire via le smtp d'orange.}} | | L'envoie d'email doit donc se faire via le smtp d'orange.}} |
|
| |
|
Version du 2 septembre 2023 à 23:57
Liens
Description
Postfix is a SMTP (Simple Mail Transfer Protocol) server.
Commands
|
# vérifier la configuration
sudo postfix check
# recharger la configuration
sudo postfix reload
# affiche les paramètres actuels de Postfix
postconf -pf
# affiche les paramètres par défaut
postconf -df
|
/etc/postfix/main.cf
|
mydomain = domain.net
# mydomain = localdomain (localdomain is replaced during installation)
myhostname = mail.domain.net
# myhostname = <hostname>.localdomain
# domain name to use in outbound mail, ex: user@myorigin
# send mail as user@$mydomain
myorigin = $mydomain
# myorigin = $myhostname
# domains to receive mail for
# add $mydomain
mydestination = $myhostname localhost.$mydomain localhost $mydomain
# mydestination = $myhostname, localhost.$mydomain, localhost
alias_maps = hash:/etc/aliases
# alias_maps = hash:/etc/aliases, nis:mail.aliases
# forward mail from the local machine only
mynetworks_style = host
# mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
# compatibility_level = 0
# relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}}
# never forward mail from strangers
relay_domains =
# delivery method: direct or indirect (another smtp server)
relayhost = [smtp.internet-provider.fr]
# relayhost = (direct delivery to Internet)
|
hostname
|
Not sure that it is needed if localhost is used. |
|
# current hostname
hostnamectl status
sudo hostnamectl set-hostname mail.domain.fr
|
/etc/hosts
|
127.0.0.1 localhost mail.domain.fr
::1 localhost ip6-localhost ip6-loopback mail.domain.fr
|
|
# re-login to see the changes then run
hostname -f
|
/etc/postfix/main.cf
|
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
La box d’Orange bloque le port 25 en sortie ipv4 pour limiter l’envoi de spam.
L'envoie d'email doit donc se faire via le smtp d'orange. |
/etc/postfix/main.cf
|
relayhost = [smtp.orange.fr]:587
smtp_sasl_password_maps = hash:/etc/postfix/sasl/orange.conf
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
# smtp_sasl_security_options = noplaintext, noanonymous
#broken_sasl_auth_clients = yes
#smtpd_sasl_local_domain = $myhostname
|
/etc/postfix/sasl/orange.conf
|
[smtp.orange.fr]:587 compte@orange.fr:password
|
|
# générer la db
sudo postmap hash:/etc/postfix/sasl/orange.conf
sudo chmod 600 /etc/postfix/sasl/orange.conf # root:root 600
sudo chmod 600 /etc/postfix/sasl/orange.conf.db # root:root 600
|
/etc/postfix/main.cf
|
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/letsencrypt/live/domain.net/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/domain.net/fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
# log level (default 0)
smtpd_tls_loglevel = 1
# 0 → no log
# 1 → Log on TLS handshake completion
# 2 → Also log levels during TLS negotiation
# 3 and 4. Use log level 3 only in case of problems. Use of log level 4 is strongly discouraged.
|
/etc/postfix/master.cf
|
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
|
Postfix supports the Dovecot SASL (Simple Authentication and Security Layer) implementation.
Dovecot is a POP/IMAP (Post Office Protocol / Interactive Message Access Protocol) server, it has its own configuration to authenticate POP/IMAP clients.
Communication between the Postfix SMTP server and Dovecot SASL happens over a UNIX-domain socket.
/etc/postfix/main.cf
|
smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_path = private/auth
|
|
apt install opendkim opendkim-tools
|
/etc/opendkim.conf
|
Domain domain.fr
KeyFile /etc/dkimkeys/dkim.key
# selectors are used to permit multiple keys under the same organization's domain name
Selector mail
# prevent trivial reformatting in header and body destroying trust
Canonicalization relaxed/simple
# if postfix is running in chroot
Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock
|
/etc/default/opendkim
|
# to use a Unix socket with postfix in a chroot:
RUNDIR=/var/spool/postfix/var/run/opendkim
|
|
# generate the key
opendkim-genkey -r -s mail -b 2048 -d domain.fr
# DNS record containing the public key: mail.txt
# private key: mail.private
# copy the key
sudo mv mail.private /etc/dkimkeys/dkim.key
# check the owner of the file (root:root 600)
# configuration des droits d'accès
# add postfix in the opendkim group
sudo adduser postfix opendkim
# if postfix is running in chroot
sudo mkdir -p /var/spool/postfix/var/run/opendkim
sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim
|
|
mail._domainkey.domain.fr. IN TXT "v=DKIM1; h=sha256; k=rsa; s=email; p=xxx";
# mail: selector
# domain.fr: domain
# v: version
# h: hash / algorithme
# k: type de clé
# s: type de service
# p: clé publique base64
|
/etc/postfix/main.cf
|
# if postfix is running in chroot, there is no / before var
non_smtpd_milters = unix:var/run/opendkim/opendkim.sock
smtpd_milters = unix:var/run/opendkim/opendkim.sock
|
Aliases
/etc/aliases
|
postmaster: <user>
root: <user>
|
|
# run after modification of the file /etc/aliases
sudo newaliases
|
/etc/postfix/main.cf
|
transport_maps = hash:/etc/postfix/transport
|
- emails sent to your own domain are delivered locally
- email sent to gmail.com are delivered normally by performing MX lookup
- all other emails are delivered via the relay host
/etc/postfix/transport
|
your-domain.com local
gmail.com smtp
* relay:[smtp-relay.sendinblue.com]:587
|
|
# build the index file
sudo postmap /etc/postfix/transport
|
Test
|
telnet localhost 25
ehlo localhost
# vérifier que les lignes suivantes sont bien affichées
# 250-STARTTLS
# 250-AUTH
mail from: root@domain.fr
rcpt to: user@gmail.com
data
subject: test
test
.
quit
|
Log
- journalctl
- /var/log/mail.log
- /var/log/mail.err
Mailboxes
By default Postifx will use mbox for the mailbox format.
/etc/postfix/main.cf
|
# use maildir and store emails in the /home/<user>/maildir directory
home_mailbox = maildir/
mailbox_command = # default value
|
UFW
|
# allow incoming SMTP (25) to receive emails
sudo ufw allow Postfix
|
Installation
|
apt install postfix
# General type or mail configuration: Internet site
# System mail name: domain.fr
|
Erreurs
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication.
Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 .
/etc/postfix/main.cf
|
inet_protocols = ipv4
|