Postfix et ubuntu
De Banane Atomic
Aller à la navigationAller à la recherche
Liens
Commands
|
# vérifier la configuration sudo postfix check # recharger la configuration sudo postfix reload # affiche les paramètres actuels de Postfix postconf -pf # affiche les paramètres par défaut postconf -df |
Basic Configuration
| /etc/postfix/main.cf |
mydomain = domain.net
# mydomain = localdomain (localdomain is replaced during installation)
myhostname = mail.domain.net
# myhostname = <hostname>.localdomain
# domain name to use in outbound mail, ex: user@myorigin
# send mail as user@$mydomain
myorigin = $mydomain
# myorigin = $myhostname
# domains to receive mail for
# add $mydomain
mydestination = $myhostname localhost.$mydomain localhost $mydomain
# mydestination = $myhostname, localhost.$mydomain, localhost
alias_maps = hash:/etc/aliases
# alias_maps = hash:/etc/aliases, nis:mail.aliases
# forward mail from the local machine only
mynetworks_style = host
# mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}}
# compatibility_level = 0
# relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}}
# never forward mail from strangers
relay_domains =
# delivery method: direct or indirect (another smtp server)
relayhost = [smtp.internet-provider.fr]
# relayhost = (direct delivery to Internet)
|
hostname
|
|
# current hostname hostnamectl status sudo hostnamectl set-hostname mail.domain.fr |
| /etc/hosts |
127.0.0.1 localhost mail.domain.fr ::1 localhost ip6-localhost ip6-loopback mail.domain.fr |
|
|
# re-login to see the changes then run hostname -f |
TLS encryption for both incoming and outgoing mail
| /etc/postfix/main.cf |
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/letsencrypt/live/domain.net/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/domain.net/fullchain.pem
#smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
#smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# log level (default 0)
smtpd_tls_loglevel = 1
# 0 → no log
# 1 → Log on TLS handshake completion
# 2 → Also log levels during TLS negotiation
# 3 and 4. Use log level 3 only in case of problems. Use of log level 4 is strongly discouraged.
# only with Postman 2.2?
#smtpd_use_tls = yes
|
| /etc/postfix/master.cf |
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING |
SMTP Authentication using SASL client with Dovecot
| /etc/postfix/main.cf |
smtpd_sasl_type = dovecot smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_path = private/auth |
 |
Don't forget to install and configure Dovecot#SASL_client_authentication |
DKIM
|
|
apt install opendkim opendkim-tools |
| /etc/opendkim.conf |
Domain domain.fr KeyFile /etc/dkimkeys/dkim.key # selectors are used to permit multiple keys under the same organization's domain name Selector mail # prevent trivial reformatting in header and body destroying trust Canonicalization relaxed/simple # if postfix is running in chroot Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock |
| /etc/default/opendkim |
# to use a Unix socket with postfix in a chroot: RUNDIR=/var/spool/postfix/var/run/opendkim |
|
|
# generate the key opendkim-genkey -r -s mail -b 2048 -d domain.fr # DNS record containing the public key: mail.txt # private key: mail.private # copy the key sudo mv mail.private /etc/dkimkeys/dkim.key # check the owner of the file (root:root 600) # configuration des droits d'accès # add postfix in the opendkim group sudo adduser postfix opendkim # if postfix is running in chroot sudo mkdir -p /var/spool/postfix/var/run/opendkim sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim |
|
mail._domainkey.domain.fr. IN TXT "v=DKIM1; h=sha256; k=rsa; s=email; p=xxx"; # mail: selector # domain.fr: domain # v: version # h: hash / algorithme # k: type de clé # s: type de service # p: clé publique base64 |
| /etc/postfix/main.cf |
# if postfix is running in chroot, there is no / before var non_smtpd_milters = unix:var/run/opendkim/opendkim.sock smtpd_milters = unix:var/run/opendkim/opendkim.sock |
Aliases
| /etc/aliases |
postmaster: <user> root: <user> |
|
|
# run after modification of the file /etc/aliases sudo newaliases |
Test
|
|
telnet localhost 25 ehlo localhost # vérifier que les lignes suivantes sont bien affichées # 250-STARTTLS # 250-AUTH mail from: root@domain.fr rcpt to: user@gmail.com data subject: test test . quit |
Log
- journalctl
- /var/log/mail.log
- /var/log/mail.err
Mailboxes
By default Postifx will use mbox for the mailbox format.
| /etc/postfix/main.cf |
# use maildir and store emails in the /home/<user>/maildir directory home_mailbox = maildir/ mailbox_command = # default value |
UFW
|
|
# allow incoming SMTP (25) to receive emails sudo ufw allow Postfix |
Installation
|
|
apt install postfix # General type or mail configuration: Internet site # System mail name: domain.fr |
Erreurs
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 .
| /etc/postfix/main.cf |
inet_protocols = ipv4 |
