DBMail over PostgreSQL + Postfix + SASL on Debian. Part 3. Postfix.

Part 1. Introduction.
Part 2. DBMail.
Part 3. Postfix.
Part 4. SASL.
Part 5. SPF. DKIM. DMARC. Clear headers. DNS PTR.

Install postfix with No configuration option.

apt install postfix

Edit /etc/postfix/main.cf config file.

mydomain = somewhere-in-the.space
myhostname = mail.somewhere-in-the.space
#disable /etc/aliases files lookup, all users are stored inside DB
alias_maps =
alias_database =
mydestination = $mydomain, localhost, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_banner = $myhostname ESMTP
biff = no
compatibility_level = 2
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.somewhere-in-the.space/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.somewhere-in-the.space/privkey.pem
smtp_use_tls=yes
smtp_tls_security_level=may
smtpd_use_tls=yes
smtpd_tls_security_level=encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Edit /etc/postfix/master.cf file and add the following line to enable SMTP daemon TLS connection over 587 port.

submission inet n       -       y       -       -       smtpd

Edit /etc/letsencrypt/cli.ini file to restart postfix after cetrificates renewing.

post-hook = /bin/chmod -R 640 /etc/letsencrypt/archive/ > /dev/null 2>&1 && /bin/systemctl restart dbmail && /bin/systemctl restart postfix

Postfix can be configured to use DBMail SMTP or LMTP protocol. Official DBMail manuals are outdated, so follow my ones. Choose one option and continue.

Option 1. SMTP.

Easiest option. Postfix don’t need PostgreSQL connection to check users list, but dbmail-deliver(formerly dbmail-smtp) process creates connection to database for each incoming email, reducing performance as compared to LMTP.

Add the following lines to /etc/postfix/master.cf file.

dbmail-smtp    unix  -       n       n       -       -       pipe
         flags=  user=dbmail:dbmail
         argv=/usr/sbin/dbmail-deliver -f /etc/dbmail/dbmail.conf -d ${recipient} -r ${sender}

Add the following lines to /etc/postfix/main.cf file.

mailbox_transport = dbmail-smtp:
local_recipient_maps =

Option 2. LMTP.

Enable DBMail LMTP daemon in /etc/default/dbmail file.

START_LMTPD=true

Add the following lines to /etc/dbmail/dbmail.conf file.

[LMTP]
port  = 24

Restart DBMail to enable daemon.

systemctl restart dbmail

Install postfix PostgreSQL extension.

apt install postfix-pgsql

Add the following lines to /etc/postfix/master.cf file.

dbmail-lmtp     unix    -       -       n       -       -       lmtp

Create /etc/postfix/recipient_map.cf file.

user = dbmail
password = db_user_password
hosts = 127.0.0.1:5432
dbname = dbmail
query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE alias='%s';

Add the following lines to /etc/postfix/main.cf file.

mailbox_transport = dbmail-lmtp:127.0.0.1:24
local_recipient_maps = pgsql:/etc/postfix/recipient_map.cf

Finally.

Restart postfix.

systemctl restart postfix

Check ports are opened.

netstat -atun | grep "25\|587"
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp6       0      0 :::587                  :::*                    LISTEN
tcp6       0      0 :::25                   :::*                    LISTEN

Try to send a mail from server to somewhere outside.

apt-get install mailutils
echo "test" | mail -aFrom:admin@somewhere-in-the.space your@mail.com

OK, now you can send mails from mail server directly, but let’s setup SASL to use our server securely everywhere.

Leave a Reply

Your email address will not be published. Required fields are marked *