§2024-04-24

• setup your hostanme fully qualified

alexlai@nextcloud:~$ sudo hostname nextcloud.yushei.com.tw
alexlai@nextcloud:~$ hostname --domain
yushei.com.tw
alexlai@nextcloud:~$ dig nextcloud.yushei.com.tw

alexlai@nextcloud:~$ hostnamectl 
   Static hostname: nextcloud
Transient hostname: nextcloud.yushei.com.tw
         Icon name: computer
        Machine ID: 5900ec74cf8d4b83a9542dcc26efe234
           Boot ID: a5d44e11b5b548acb8c684efb6d22d4c
  Operating System: Ubuntu 24.04 LTS                
            Kernel: Linux 6.6.0-odroid-arm64
      Architecture: arm64

• apt remove postfix will not remove configs yse apt purge postfix to remove config files

We have to have our own mail server as a company wise usage.

• How To Install and Configure Postfix on Ubuntu 22.04

¶machine used, odroid-hc4 with Ubuntu 24.04 LTS (Noble Numbat) Beta and raid-1 on root section only

¶Step 1 — Installing Postfix

Postfix is included in Ubuntu’s default repositories, so you can install it with APT.

To begin, update your local apt package cache:

sudo apt update

Then install the postfix package with the following command. Note that here we pass the DEBIAN_PRIORITY=low environmental variable into this installation command. This will cause the installation process to prompt you to configure some additional options:

sudo DEBIAN_PRIORITY=low apt install postfix

This installation process will open a series of interactive prompts. For the purposes of this tutorial, use the following information to fill in your prompts:

• General type of mail configuration?: For this, choose Internet Site since this matches our infrastructure needs.

• System mail name: This is the base domain used to construct a valid email address when only the account portion of the address is given. For instance, let’s say the hostname of your server is nextcloudhc4.yushei.com.tw. You will likely want to set the system mail name to example.com so that, given the username user1, Postfix will use the address user1@example.com.

• Root and postmaster mail recipient: This is the Linux account that will be forwarded mail addressed to root@ and postmaster@. Use your primary account for this. In this example case, alexlai.

• Other destinations to accept mail for: This defines the mail destinations that this Postfix instance will accept. If you need to add any other domains that this server will be responsible for receiving, add those here. Otherwise, the default will be sufficient($myhostname, nextcloud.yushei.com.tw, nextcloud, localhost.localdomain, localhost__).

• Force synchronous updates on mail queue?: Since you are likely using a journaled filesystem, accept No here.???

• Local networks: This is a list of the networks for which your mail server is configured to relay messages( The default is just the local host). The default will work for most scenarios. If you choose to modify it, though, make sure to be very restrictive in regards to the network range(│ 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128__).

• Mailbox size limit: This can be used to limit the size of messages. Setting it to 0 disables any size restriction.

• Local address extension character: This is the character that can be used to separate the regular portion of the address from an extension (used to create dynamic aliases). The default, +will work for this tutorial.

• Internet protocols to use: Choose whether to restrict the IP version that Postfix supports. For the purposes of this tutorial, pick all.

• To be explicit, these are the settings used in this guide:

  • General type of mail configuration?: Internet Site
  • System mail name: nextcloudhc4.yushei.com.tw
  • Root and postmaster mail recipient: alexlai
  • Other destinations to accept mail for: $myhostname, nextcloud.yushei.com.tw, nextcloud, localhost.localdomain, localhost__
  • Force synchronous updates on mail queue?: No
  • Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  • Mailbox size limit: 0
  • Local address extension character: +
  • Internet protocols to use: all

Note: If you need to ever return to change these settings, you can do so by typing:

sudo dpkg-reconfigure postfix

¶Step 1-01 - verify it was installed

• systemctl

alexlai@nextcloud:~$ systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; preset: enabled)
     Active: active (exited) since Wed 2024-04-24 10:02:08 CST; 48s ago
       Docs: man:postfix(1)
    Process: 27544 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 27544 (code=exited, status=0/SUCCESS)
        CPU: 3ms

Apr 24 10:02:08 nextcloud systemd[1]: Starting postfix.service - Postfix Mail Transport Agent...
Apr 24 10:02:08 nextcloud systemd[1]: Finished postfix.service - Postfix Mail Transport Agent.

• sudo apt install mailutils

• using telnet

  • sudo apt install telnet

  alexlai@nextcloud:~$ telnet  localhost 25
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  220 nextcloud.ZyXEL-USG ESMTP Postfix (Ubuntu)
  EHLO yushei.me
  250-nextcloud.ZyXEL-USG
  250-PIPELINING
  250-SIZE 10240000
  250-VRFY
  250-ETRN
  250-STARTTLS
  250-ENHANCEDSTATUSCODES
  250-8BITMIME
  250-DSN
  250-SMTPUTF8
  250 CHUNKING
  MAIL FROM: alexlai@yushei.me
  250 2.1.0 Ok
  RCPT TO: alexlai@nextcloud.yushei.com.tw  
  250 2.1.5 Ok
  DATA
  354 End data with <CR><LF>.<CR><LF>
  Subject: test
  Time is 2024-04-24 10:21 
  Hello
  Bye
  .
  250 2.0.0 Ok: queued as 67C6F200042DD
  quit
  221 2.0.0 Bye
  Connection closed by foreign host.
  alexlai@nextcloud:~$ mail
  "/var/mail/alexlai": 1 message 1 new
  >N   1 alexlai@yushei.me  Wed Apr 24 10:21  14/496   test
  ? 1
  Return-Path: <alexlai@yushei.me>
  X-Original-To: alexlai@nextcloud.yushei.com.tw
  Delivered-To: alexlai@nextcloud.yushei.com.tw
  Received: from yushei.me (localhost [IPv6:::1])
          by nextcloud.ZyXEL-USG (Postfix) with ESMTP id 67C6F200042DD
          for <alexlai@nextcloud.yushei.com.tw>; Wed, 24 Apr 2024 10:19:52 +0800 (CST)
  Subject: test
  Message-Id: <20240424022032.67C6F200042DD@nextcloud.ZyXEL-USG>
  Date: Wed, 24 Apr 2024 10:19:52 +0800 (CST)
  From: alexlai@yushei.me
  
  Time is 2024-04-24 10:21 
  Hello
  Bye
  ? d
  ? l
  alias alternates Copy cd chdir copy decode delete discard dp dt echo edit else endif envelope exit Followup file folder folders followup from group 
  headers help hold if ignore incorporate list mail Mail mbox next nos nounfold Print pipe preserve previous print quit Reply Respond reply respond retain 
  Save save sendheader set setq sen setenv shell size source struct summary Type tag top touch type unalias unread undelete unfold unset untag variable 
  version visual warranty Write write xit z ? ! = # * + | - 
  ? q
  Held 0 messages in /var/mail/alexlai    ```
  

The prompts will be pre-populated with your previous responses.

When you are prompted to restart services, accept the defaults and choose OK.

When the installation process finishes, you’re ready to make a few updates to your Postfix configuration.

Step 2 — Changing the Postfix Configuration

Now you can adjust some settings that the package installation process didn’t prompt you for. Many of Postfix’s configuration settings are defined in the /etc/postfix/main.cf file. Rather than editing this file directly, you can use Postfix’s postconf command to query or set configuration settings.

To begin, set the location for your non-root Ubuntu user’s mailbox. In this guide, we’ll use the Maildir format, which separates messages into individual files that are then moved between directories based on user action. The alternative option that isn’t covered in this guide is the mbox format, which stores all messages within a single file.

Set the home_mailbox variable to Maildir/. Later, you will create a directory structure under that name within your user’s home directory. Configure home_mailbox by typing:

sudo postconf -e 'home_mailbox= Maildir/' Next, set the location of the virtual_alias_maps table, which maps arbitrary email accounts to Linux system accounts. Run the following command, which maps the table location to a hash database file named /etc/postfix/virtual:

sudo postconf -e 'virtual_alias_maps= hash:/etc/postfix/virtual' Now that you’ve defined the location of the virtual maps file in your main.cf file, you can create the file itself and begin mapping email accounts to user accounts on your Linux system. Create the file with your preferred text editor; in this example, we’ll use nano:

sudo nano /etc/postfix/virtual List any addresses that you wish to accept email for, followed by a whitespace and the Linux user you’d like that mail delivered to.

For example, if you would like to accept email at contact@example.com and admin@example.com and would like to have those emails delivered to the sammy Linux user, you could set up your file like this:

/etc/postfix/virtual contact@example.com sammy admin@example.com sammy After you’ve mapped all of the addresses to the appropriate server accounts, save and close the file. If you used nano, do this by pressing CTRL + X, Y, then ENTER.

Apply the mapping by typing:

sudo postmap /etc/postfix/virtual Restart the Postfix process to be sure that all of your changes have been applied:

sudo systemctl restart postfix Assuming you followed the prerequisite Initial Server Setup guide, you will have configured a firewall with UFW. This firewall will block external connections to services on your server by default unless those connections are explicitly allowed, so you’ll have to add a firewall rule to allow an exception for Postfix.

You can allow connections to the service by typing:

sudo ufw allow Postfix With that, Postfix is configured and ready to accept external connections. However, you aren’t yet ready to test it out with a mail client. Before you can install a client and use it to interact with the mail being delivered to your server, you’ll need to make a few changes to your Ubuntu server’s setup.

Step 3 — Installing the Mail Client and Initializing the Maildir Structure In order to interact with the mail being delivered, this step will walk you through the process of installing the s-nail package. This is a feature-rich variant of the BSD xmail client which can handle the Maildir format correctly.

Before installing the client, though, it would be prudent to make sure your MAIL environment variable is set correctly. s-nail will look for this variable to figure out where to find mail for your user.

To ensure that the MAIL variable is set regardless of how you access your account — whether through ssh, su, su -, or sudo, for example — you’ll need to set the variable in the /etc/bash.bashrc file and add it to a file within /etc/profile.d to make sure it is set for all users by default.

To add the variable to these files, type:

echo 'export MAIL=~/Maildir' | sudo tee -a /etc/bash.bashrc | sudo tee -a /etc/profile.d/mail.sh To read the variable into your current session, source the /etc/profile.d/mail.sh file:

source /etc/profile.d/mail.sh With that complete, install the s-nail email client with APT:

sudo apt install s-nail Before running the client, there are a few settings you need to adjust. Open the /etc/s-nail.rc file in your editor:

sudo nano /etc/s-nail.rc At the bottom of the file, add the following options:

/etc/s-nail.rc . . . set emptystart set folder=Maildir set record=+sent Here’s what these lines do:

set emptystart: allows the client to open even with an empty inbox set folder=Maildir: sets the Maildir directory to the internal folder variable set record=+sent creates a sent mbox file for storing sent mail within whichever directory is set as the folder variable, in this case Maildir Save and close the file when you are finished. You’re now ready to initialize your system’s Maildir structure.

A quick way to create the Maildir structure within your home directory is to send yourself an email with the s-nail command. Because the sent file will only be available once the Maildir is created, you should disable writing to it for this initial email. Do this by passing the -Snorecord option.

Send the email by piping a string to the s-nail command. Adjust the command to mark your Linux user as the recipient:

echo 'init' | s-nail -s 'init' -Snorecord sammy Note: You may get the following response:

Output Can't canonicalize "/home/sammy/Maildir" This is normal and may only appear when sending this first message.

You can can check to make sure the directory was created by looking for your ~/Maildir directory:

ls -R ~/Maildir You will see the directory structure has been created and that a new message file is in the ~/Maildir/new directory:

Output /home/sammy/Maildir/: cur new tmp

/home/sammy/Maildir/cur:

/home/sammy/Maildir/new: 1650294586.Vfc01I7e11dM993645.mail.example.com

/home/sammy/Maildir/tmp: Now that the directory structure has been created, you’re ready to test out the s-nail client by viewing the init message you sent and sending a message to an external email address.

Step 4 — Testing the Client To open the client, run the s-nail command:

s-nail In your console, you’ll see a rudimentary inbox with the init message waiting:

Output s-nail version v14.9.15. Type `?' for help "/home/sammy/Maildir": 1 message 1 new

N 1 sammy@example.com 2022-04-18 15:09 14/452 init Press ENTER to display the message:

Output [-- Message 1 -- 14 lines, 452 bytes --]: Date: Mon, 18 Apr 2022 15:09:46 +0000 To: sammy@example.com Subject: init Message-Id: <20220418150946.EE6897E11A@@mail.example.com> From: sammy@example.com

init You can get back to the message list by typing h, and then ENTER:

h Output

R 1 sammy@example.com 2022-04-18 15:09 14/452 init Notice that the message now has a state of R, indicating that it’s been read.

Since this message isn’t very useful, you can delete it by pressing d, and then ENTER:

d To get back to the terminal, type q and then ENTER:

q As a final test, check whether s-nail is able to correctly send email messages. To do this, you can pipe the contents of a text file into the s-nail process, like you did with the init message you sent in the previous step.

Begin by writing a test message in a text editor:

nano ~/test_message Inside, enter some text you’d like to send:

~/test_message Hello,

This is a test. Please confirm receipt! Save and close the file after writing your message.

Then, use the cat command to pipe the message to the s-nail process. You can do so with the following example, which uses these options:

-s: This defines the subject line of the email message -r: An optional change to the “From:” field of the email. By default, the Linux user you are logged in as will be used to populate this field. The -r option allows you to override this with a valid address, such as one of those you defined in the /etc/postfix/virtual file. To illustrate, the following command uses contact@example.com Also, be sure to change user@email.com to a valid email address which you have access to:

cat ~/test_message | s-nail -s 'Test email subject line' -r contact@example.com user@email.com Then, navigate to the inbox for the email address to which you sent the message. You will see your message waiting there almost immediately.

Note: If the message isn’t in your inbox, it may have been delivered to your Spam folder.

You can view your sent messages within your s-nail client. Start the interactive client again:

s-nail From the email client, view your sent messages by typing:

file +sent You’ll see output like this:

Output +[/home/sammy/Maildir/]sent: 1 message 1 new ▸N 1 To contact@example.com 2022-04-18 15:12 10/211 Test email subject line You can manage sent mail using the same commands you use for incoming mail.

Conclusion You now have Postfix configured on your Ubuntu 22.04 server. Managing email servers can be a tough task for new system administrators, but with this configuration, you should have enough MTA email functionality to get yourself started.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

• [ How To Install Postfix on Debian 12](How To Install Postfix on Debian 12)by r00t

¶ Install Postfix on Debian 12 Bookworm

¶machine used, odroid-hc4 with Dibian Bookworm and raid-1 on root section only

Step 1.

Before installing any new software, it’s always a good idea to update your system packages. This ensures that you have the latest security patches and software updates. You can update your system packages using the apt package manager with the following command:

$ sudo apt update && sudo apt -y upgrade

Step 2. Installing Necessary Dependencies.

Before installing Postfix, you’ll need to install a few dependencies. These include mailutils, which provides a collection of utilities for handling mail, and net-tools, which provides networking utilities. You can install these dependencies using the following command:

$ sudo apt install mailutils net-tools

Step 3. Install Postfix on Debian 12.

Now install Postfix using the apt package manager with the following command below:

sudo apt install postfix

• During the installation, you’ll be prompted to choose a type of mail configuration. - Choose “Internet Site”`,
• also you’ll then be asked to enter the system mail name, which is usually the same as your domain name, - hc4bookwork.yushei.net`. In Debian this is set in /etc/hosts

root@hc4Bookworm:/home/alexlai# cat /etc/hosts
127.0.0.1	localhost
127.0.1.1	hc4Bookworm.yushei.net	hc4Bookworm

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
root@hc4Bookworm:/home/alexlai# hostname --domain
yushei.net

After the installation is complete, you can verify that Postfix is running correctly with the following command:

sudo systemctl status postfix

root@hc4Bookworm:/home/alexlai# systemctl status postfix 
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/lib/systemd/system/postfix.service; enabled; preset: enabled)
     Active: active (exited) since Wed 2024-04-24 06:12:32 CST; 1min 9s ago
       Docs: man:postfix(1)
    Process: 2155 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 2155 (code=exited, status=0/SUCCESS)
        CPU: 4ms

Apr 24 06:12:32 hc4Bookworm systemd[1]: Starting postfix.service - Postfix Mail Transport Agent...
Apr 24 06:12:32 hc4Bookworm systemd[1]: Finished postfix.service - Postfix Mail Transport Agent.

If everything is set up correctly, you should see that the Postfix service is active (running).

• test with telnet

alexlai@opi58G:~$ telnet yushei.me 25
Trying 210.242.152.235...
Connected to yushei.me.
Escape character is '^]'.
220 yushei.me ESMTP Postfix
EHLO alexlai@munetaka.me
250-yushei.me
250-PIPELINING
250-SIZE 83886080
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: alexlai@munetaka.me
250 2.1.0 Ok
RCPT TO: alexlai@yushei.me
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: This is a test 2024-04-24 07:39
Hi! How are you! 
Bye!
.
250 2.0.0 Ok: queued as F053311E340F
quit
221 2.0.0 Bye

Step 4. Configuring Postfix.

After installing Postfix, the next step is to configure it. The main configuration file for Postfix is /etc/postfix/main.cf. This file contains various parameters that control the operation of the Postfix mail system.

The main.cf file is the primary configuration file for Postfix. It contains a series of parameters, each of which controls a specific aspect of Postfix’s behavior. Some of the key parameters you’ll need to configure include:

myhostname: This parameter specifies the internet hostname of the mail system. It should be a fully qualified domain name (FQDN). mydomain: This parameter specifies the internet domain name of the mail system. mynetworks: This parameter specifies the IP networks that your mail system will serve. To set up the basic Postfix settings, open the main.cf file in a text editor:

sudo nano /etc/postfix/main.cf

Then, set the myhostname, mydomain, and mynetworks parameters as needed. For example:

myhostname = mail.idroot.us
mydomain = idroot.us
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

root@hc4Bookworm:/home/alexlai# grep my /etc/postfix/main.cf
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
append_dot_mydomain = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = hc4Bookworm.yushei.net
myorigin = /etc/mailname
mydestination = $myhostname, hc4Bookworm.yushei.net, localhost.yushei.net, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Save and close the file when you’re done. Then, restart Postfix for the changes to take effect:

sudo systemctl restart postfix

Step 5. Configuring SMTP and SMTP-Auth.

SMTP (Simple Mail Transfer Protocol) is the protocol used by Postfix to send and receive mail. SMTP-Auth is a mechanism that allows the mail server to authenticate the identity of the user. To configure SMTP and SMTP-Auth, you’ll need to modify the main.cf file. Open the file in a text editor:

sudo nano /etc/postfix/main.cf

Then, add the following lines to the end of the file:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Save and close the file when you’re done. Then, restart Postfix for the changes to take effect:

sudo systemctl restart postfix

Step 6. Setting Up Mail Accounts (Virtual Users)

Postfix allows you to set up virtual users, which are email accounts that don’t correspond to system users. To set up virtual users, you’ll need to modify the main.cf file. Open the file in a text editor:

sudo nano /etc/postfix/main.cf Then, add the following lines to the end of the file:

virtual_alias_maps = hash:/etc/postfix/virtual Next, create the /etc/postfix/virtual file and add your virtual users. Each line should be in the format virtual_user@your_domain.com real_user, where virtual_user@your_domain.com is the email address of the virtual user, and real_user is the system user to whom the mail should be delivered.

After adding your virtual users, run the following command to create the necessary database for Postfix:

sudo postmap /etc/postfix/virtual Finally, restart Postfix for the changes to take effect:

sudo systemctl restart postfix Step 7. Hardening Postfix for Security and Privacy.

Security is a crucial aspect of any mail server. Postfix comes with a number of security features built-in, but there are additional steps you can take to harden your Postfix installation.

Basic Hardening Techniques

There are several basic hardening techniques you can use to improve the security of your Postfix installation:

Disable VRFY: The VRFY command can be used by attackers to verify whether a specific email address exists on your mail server. You can disable the VRFY command by adding the following line to your main.cf file: disable_vrfy_command = yes Prevent Unwanted Email Relaying: Email relaying is the process of transferring an email from one server to another. Unwanted email relaying can lead to your mail server being used for spam. You can prevent unwanted email relaying by restricting the networks that are allowed to relay mail through your server. This can be done by setting the mynetworks parameter in your main.cf file. Enable HELO: The HELO command is used by SMTP servers to identify themselves. You can require that all SMTP clients send a HELO command by adding the following line to your main.cf file: smtpd_helo_required = yes Advanced Security Configurations

In addition to the basic hardening techniques, there are several advanced security configurations you can use to further improve the security of your Postfix installation:

Enable TLS: Transport Layer Security (TLS) is a protocol that provides secure communications over a network. You can enable TLS in Postfix by adding the following lines to your main.cf file: smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key Enable SMTP-Auth: SMTP-Auth is a mechanism that allows the mail server to authenticate the identity of the user. You can enable SMTP-Auth in Postfix by adding the following lines to your main.cf file: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous Preventing Unwanted Email Relaying

As mentioned earlier, unwanted email relaying can lead to your mail server being used for spam. You can prevent unwanted email relaying by restricting the networks that are allowed to relay mail through your server. This can be done by setting the mynetworks parameter in your main.cf file.

Enabling TLS Logging and Testing Keys

To enable TLS logging in Postfix, add the following line to your main.cf file:

smtpd_tls_loglevel = 1 This will log all TLS activity to the mail log.

Step 8. Testing the Mail Server.

To test the operation of your mail server, you can send a test email with the mail command. For example, to send a test email to user@example.com, you can use the following command:

echo "This is a test email." | mail -s "Test Email" user@example.com Check the inbox of user@example.com to see if the test email arrives. If it doesn’t, check the mail log for any errors or warnings.

Congratulations! You have successfully installed Postfix. Thanks for using this tutorial for installing the latest version of Postfix mail on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official Postfix website.