Servidor de Email – Parte 4 – Postfix 3

O que ando aprendendo nesta caminhada sobre a Terra

Servidor de Email –; Part 4 ; Postfix 3

Part 1 ; Configure main.cf file

This is the fourth part of the process of creating the Mail server in a CentOS 8 and the first part of the Postfix configuration. If you came here by accident, better read one of the publications below first:

Part 1 ; Instalação dos Pacotes

Part 2 ; Configuração do MariaDB

Part 3 ; Configuração do Dovecot

Postfix is the most important part of our mail server. He will be responsible for talking with other MTAs for you to receive and send e-mail messages and so that it can be reached it is necessary that he be identifiable by the name of the server or your hostname.

Postfix requires using FQDN (Fully Qualified Domain Name). This is the full domain name along with the mail server name prefix. To know what the current name simply type server hostname without argument on the command line.

$ hostname
nome.servidor

To change the name, run the command below stating the FQDN to be used. You should only do this if you are mounting a unique server, that will only be used as mail server. If you want to install a webserver, probably shouldn't do that.

$ sudo hostnamectl set-hostname mail.meudominio.com

main.cf

The file main.cf is the main file of the Postfix service. It contains basic settings for the application. This installation it must be //etc/postfix/main.cf. Let's start setting for it. I won't go into the details of the settings is not change, because it would be too long and I don't even know in depth all of them. Would need to study the manual and for me particularly is not something very useful. As I already mentioned, If you set up a server super stout might be more advantage to use a paid service like Gmail.

myhostname ; If you used the step to change the host name you can maintain this attribute empty that it will use the host name from gethostname(). If the intention is to create a small e-mail service on an existing server and configured, better to use a different name. For example:

myhostname = mail.meudominio.com

Don't forget that this domain must exist on your DNS setting. Later I will talk about the DNS settings.

mydomain ; Change this attribute for your domain. If you use more than one domain use your main

mydomain = meudominio.com

inet_protocols ; Indicates which protocols Postfix will use. If your server has IPv6 support, Uncomment the line inet_protocols = all, otherwise Uncomment the line inet_protocols = ipv4.

inet_protocols = ipv4

mynetworks_style ; This setting indicates which network can be marked as trusted. If you have a network with more servers can allow them to send email simply marking them as safe. In the case of a server only use host.

mynetworks_style = host

mynetworks ; Also related to the network you want to enable the use of reliably. Is an alternative to the previous attribute, When you configure a list of IPs, the range of IPs or even a file with IPs. This is useful when your server is part of a cloud for example, where the assigned IPv4 in DNS is different from the actual server and IPv4 is used NAT (as in Amazon's ECS2). During installation, file was created //etc/postfix/mynetworks that may contain some IPs detected to the server. I particularly prefer using this form and to do this simply uncomment the line mynetworks = $config _ directory/mynetworks or can be added as the line below.

mynetworks = 168.100.189.0/28, 127.0.0.0/8

relayhost ; This setting is important when we want to have mail servers that use other domains to effect the delivery of the message. If only will have accounts for the same domain, She should stay with the default that is empty value. If you have more than one domain, it may be necessary to add $mydomain as the value. This configuration has a certain importance when they begin to receive many delivery errors and if it does, It's good to give a studied at documentation and test other configurations. Per hour, It is good to use as below:

relayhost =   

The lists of aliases are not very important to the type of server that we are creating, because they refer to user created for use with the standard model of the postfix, that includes users and passwords he controlled. How we use virtual elements stored in database, These settings are not as important, But if you want to have non-virtual accounts (for example for use with system services that send messages directly) they will end up being used.

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +

smtpd_banner ; This attribute sets the message which will be sent to who connect on the smtp service. You can customize this message as you want. The line below will send an output like 220 mail.meudominio.com ESMTP Postfix (3.3.3).

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

The next entries are a series of settings where some will not be present in the file initially. The idea of this tutorial is to create a mail server able to configure accounts and domains through a Web interface, which in our case will be the Postfixadmin and all settings will be stored in MariaDB database. From this point it is necessary to understand that when you use these attributes in the way I present, Postfix will only work correctly after the database configuration for the Postfix/Postfixadmin. It is essential to have completed Configuração do MariaDB before.

smtpd_use_tls, smtpd_tls_auth_only, smtpd_tls_cert_file, smtpd_tls_key_file ; These attributes refer to the certificate to encrypt the connection. Remembering that we are creating a server will only support encrypted connections, to reduce attacks. You pose here the same inputs used in configuração de SSL do Dovecot or create a new self-signed key.

# TLS parameters
######### Lines Changed by Marcos Regis
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

######### Lines Addes by Marcos Regis
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtp_helo_timeout = 15s
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_limit = 3
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

master.cf

The more complex file and not least Postfix configuration for our case is the master.cf. In our installation it must be //etc/postfix/master.cf. It's good that not only make the changes exactly as passed in this document but rather to understand what each element means.

It is possible to make changes in Postfix configuration through the command postconf but I'll use this mode to be able to clearly understand each attribute.

Note: I'm a fan of Vim editor, but nothing prevents to use any other as the nano, for example.

So let's open the master.cf file to edit the settings.

$ sudo vim /etc/postfix/main.cf

If you give a good read in the comments of this file (English only) will learn a lot about settings. It is a good practice to read these little handbooks.

When you open the master.cf file you will see the following configuration:

smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
#submission inet n       -       n       -       -       smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

Descomente a linha “;submission; and some of the attributes that are under it. These attributes begin with white space followed by - o. These lines are used to overwrite the configuration variables that may have been defined in main.cf file. Pay close attention when you uncomment these lines: Do not remove the blanks to front, or so the Postfix will not recognize them as a continuation of the line Submission.

submission     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

What we did was configure Postfix to create and use a service in daemon SMTP with the following options:

-the syslog_name = postfix/submission indica que as atividades estarão disponíveis sob o nome “;postfix/submission”; in the log file.

-the smtpd_tls_security_level = encrypt meaning that TLS will be used to strengthen the level of security forcing customers only to create secure connections.

-the smtpd_sasl_auth_enable = yes enables the use of SASL for authentication.

-the smtpd_sasl_type=dovecot The SASL plugin (Application) that will be used for authentication.

-smtpd_sasl_path=private/auth The format of authentication that will be passed to the SASL plugin.

-the smtpd_reject_unlisted_recipient=no Indicates to Postfix not to reject messages for unknown boxes. This is necessary due to the configuration of virtual boxes.

-the smtpd_client_restrictions=permit_sasl_authenticated,reject The types of requests that will be accepted from customers.

-milter_macro_daemon_name=ORIGINATING The macro name of the e-mail filter process.

Below the smtps line settings. Some settings are identicas to submission, this because a setting is sending and the receiving gold. How we will only use service ports that require authentication, they will be identicas and must exist.

smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

-syslog_name=postfix/smtps indica que as atividades estarão disponíveis sob o nome “;postfix/smtps”; in the log file.

-the smtpd_tls_wrappermode=yes indicates that it will be used TLS Fallback for e-mail clients that don't support STARTTLS.

Too many settings don't need change.

pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

 

2 Responses

  1. […] um servidor e e-mail utilizando as ferramentas mais comuns para ambiente OpenSource em Linux. Usei Postfix, Dovecot, Postfixadmin, Roundcube e […]

  2. […] And that's all for now. Then We configure Postfix 3. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.