Part 1. Introduction.
Part 2. DBMail.
Part 3. Postfix.
Part 4. SASL.
Part 5. SPF. DKIM. DMARC. Clear headers. DNS PTR.
Install postfix with No configuration option.
apt install postfix
Edit /etc/postfix/main.cf config file.
mydomain = somewhere-in-the.space myhostname = mail.somewhere-in-the.space #disable /etc/aliases files lookup, all users are stored inside DB alias_maps = alias_database = mydestination = $mydomain, localhost, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_banner = $myhostname ESMTP biff = no compatibility_level = 2 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/letsencrypt/live/mail.somewhere-in-the.space/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/mail.somewhere-in-the.space/privkey.pem smtp_use_tls=yes smtp_tls_security_level=may smtpd_use_tls=yes smtpd_tls_security_level=encrypt smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
Edit /etc/postfix/master.cf file and add the following line to enable SMTP daemon TLS connection over 587 port.
submission inet n - y - - smtpd
Edit /etc/letsencrypt/cli.ini file to restart postfix after cetrificates renewing.
post-hook = /bin/chmod -R 640 /etc/letsencrypt/archive/ > /dev/null 2>&1 && /bin/systemctl restart dbmail && /bin/systemctl restart postfix
Postfix can be configured to use DBMail SMTP or LMTP protocol. Official DBMail manuals are outdated, so follow my ones. Choose one option and continue.
Option 1. SMTP.
Easiest option. Postfix don’t need PostgreSQL connection to check users list, but dbmail-deliver(formerly dbmail-smtp) process creates connection to database for each incoming email, reducing performance as compared to LMTP.
Add the following lines to /etc/postfix/master.cf file.
dbmail-smtp unix - n n - - pipe flags= user=dbmail:dbmail argv=/usr/sbin/dbmail-deliver -f /etc/dbmail/dbmail.conf -d ${recipient} -r ${sender}
Add the following lines to /etc/postfix/main.cf file.
mailbox_transport = dbmail-smtp: local_recipient_maps =
Option 2. LMTP.
Enable DBMail LMTP daemon in /etc/default/dbmail file.
START_LMTPD=true
Add the following lines to /etc/dbmail/dbmail.conf file.
[LMTP] port = 24
Restart DBMail to enable daemon.
systemctl restart dbmail
Install postfix PostgreSQL extension.
apt install postfix-pgsql
Add the following lines to /etc/postfix/master.cf file.
dbmail-lmtp unix - - n - - lmtp
Create /etc/postfix/recipient_map.cf file.
user = dbmail password = db_user_password hosts = 127.0.0.1:5432 dbname = dbmail query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE alias='%s';
Add the following lines to /etc/postfix/main.cf file.
mailbox_transport = dbmail-lmtp:127.0.0.1:24 local_recipient_maps = pgsql:/etc/postfix/recipient_map.cf
Finally.
Restart postfix.
systemctl restart postfix
Check ports are opened.
netstat -atun | grep "25\|587"
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp6 0 0 :::587 :::* LISTEN tcp6 0 0 :::25 :::* LISTEN
Try to send a mail from server to somewhere outside.
apt-get install mailutils echo "test" | mail -aFrom:admin@somewhere-in-the.space your@mail.com
OK, now you can send mails from mail server directly, but let’s setup SASL to use our server securely everywhere.
Absolute gold. Thank you so much for assembling some outstanding documentation!