Postfix et ubuntu
De Banane Atomic
Aller à la navigationAller à la recherche
Liens
Commands
# vérifier la configuration sudo postfix check # recharger la configuration sudo postfix reload # affiche les paramètres actuels de Postfix postconf -pf # affiche les paramètres par défaut postconf -df |
Basic Configuration
/etc/postfix/main.cf |
mydomain = domain.net # mydomain = localdomain (localdomain is replaced during installation) myhostname = mail.domain.net # myhostname = <hostname>.localdomain # domain name to use in outbound mail, ex: user@myorigin # send mail as user@$mydomain myorigin = $mydomain # myorigin = $myhostname # domains to receive mail for # add $mydomain mydestination = $myhostname localhost.$mydomain localhost $mydomain # mydestination = $myhostname, localhost.$mydomain, localhost # forward mail from the local machine only mynetworks_style = host # mynetworks_style = ${{$compatibility_level} < {2} ? {subnet} : {host}} # compatibility_level = 0 # relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} # never forward mail from strangers relay_domains = # delivery method: direct or indirect (another smtp server) relayhost = [smtp.internet-provider.fr] # relayhost = (direct delivery to Internet) |
hostname
# current hostname hostnamectl status sudo hostnamectl set-hostname mail.domain.fr |
/etc/hosts |
127.0.0.1 localhost mail.domain.fr ::1 localhost ip6-localhost ip6-loopback mail.domain.fr |
# re-login to see the changes then run hostname -f |
SMTP AUTH using SASL
/etc/postfix/main.cf |
smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination #smtpd_sasl_local_domain = #smtpd_sasl_security_options = noanonymous #inet_interfaces = all |
/etc/postfix/sasl/smtpd.conf |
pwcheck_method: saslauthd mech_list: plain login |
TLS encryption for both incoming and outgoing mail
/etc/postfix/main.cf |
smtpd_tls_security_level = may #smtpd_tls_auth_only = no smtpd_tls_key_file = /etc/letsencrypt/live/domain.net/privkey.pem smtpd_tls_cert_file = /etc/letsencrypt/live/domain.net/fullchain.pem #smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes #smtp_tls_CApath=/etc/ssl/certs smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # log level (default 0) smtpd_tls_loglevel = 1 # 0 → no log # 1 → Log on TLS handshake completion # 2 → Also log levels during TLS negotiation # 3 and 4. Use log level 3 only in case of problems. Use of log level 4 is strongly discouraged. # only with Postman 2.2? #smtpd_use_tls = yes |
/etc/postfix/master.cf |
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING |
SASL for SMTP Authentication
ai libsasl2-2 sasl2-bin libsasl2-modules |
/etc/default/saslauthd |
START=yes |
Use dovecot
/etc/postfix/main.cf |
smtpd_sasl_type = dovecot #smtpd_sasl_auth_enable = yes #smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_path = private/auth |
DKIM
apt install opendkim opendkim-tools |
/etc/opendkim.conf |
Domain domain.fr KeyFile /etc/dkimkeys/dkim.key # selectors are used to permit multiple keys under the same organization's domain name Selector mail # prevent trivial reformatting in header and body destroying trust Canonicalization relaxed/simple # if postfix is running in chroot Socket local:/var/spool/postfix/var/run/opendkim/opendkim.sock |
/etc/default/opendkim |
# to use a Unix socket with postfix in a chroot: RUNDIR=/var/spool/postfix/var/run/opendkim |
# generate the key opendkim-genkey -r -s mail -b 2048 -d domain.fr # DNS record containing the public key: mail.txt # private key: mail.private # copy the key sudo mv mail.private /etc/dkimkeys/dkim.key # check the owner of the file (root:root 600) # configuration des droits d'accès # add postfix in the opendkim group sudo adduser postfix opendkim # if postfix is running in chroot sudo mkdir -p /var/spool/postfix/var/run/opendkim sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim |
mail._domainkey.domain.fr. IN TXT "v=DKIM1; h=sha256; k=rsa; s=email; p=xxx"; # mail: selector # domain.fr: domain # v: version # h: hash / algorithme # k: type de clé # s: type de service # p: clé publique base64 |
/etc/postfix/main.cf |
# if postfix is running in chroot, there is no / before var non_smtpd_milters = unix:var/run/opendkim/opendkim.sock smtpd_milters = unix:var/run/opendkim/opendkim.sock |
Orange
La box d’Orange bloque le port 25 pour limiter l’envoi de spam. L'envoie d'email doit donc se faire via le smtp d'orange. |
/etc/postfix/main.cf |
relayhost = [smtp.orange.fr]:587 smtp_sasl_password_maps = hash:/etc/postfix/sasl/orange.conf smtp_sasl_auth_enable = yes broken_sasl_auth_clients = yes #smtp_sasl_security_options = noanonymous #smtpd_sasl_local_domain = $myhostname |
/etc/postfix/sasl/orange.conf |
[smtp.orange.fr]:587 compte@orange.fr:password |
# générer la db sudo postmap hash:/etc/postfix/sasl/orange.conf sudo chmod 600 /etc/postfix/sasl/orange.conf # root:root 600 sudo chmod 600 /etc/postfix/sasl/orange.conf.db # root:root 600 |
Aliases
/etc/aliases |
postmaster: <user> root: <user> |
# run after modification of the file /etc/aliases sudo newaliases |
Test
telnet localhost 25 ehlo localhost # vérifier que les lignes suivantes sont bien affichées # 250-STARTTLS # 250-AUTH mail from: root@domain.fr rcpt to: user@gmail.com data subject: test test . quit |
Log
- journalctl
- /var/log/mail.log
- /var/log/mail.err
Mailboxes
By default Postifx will use mbox for the mailbox format.
/etc/postfix/main.cf |
# use maildir and store emails in the /home/<user>/maildir directory home_mailbox = maildir/ mailbox_command = # default value |
UFW
# allow incoming SMTP (25) to receive emails sudo ufw allow Postfix |
Installation
apt install postfix # General type or mail configuration: Internet site # System mail name: domain.fr |
Erreurs
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines
Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=IPv6AuthError for more information 550 5.7.1 .
/etc/postfix/main.cf |
inet_protocols = ipv4 |