POSTFIX SERVER
PART 2 – Installing and Configuring Postfix on Ubuntu 14.04.1
First, change your public DNS record by adding an A record that points postfix.dalaris.com to the public IP address of the postfix server. Verify the result by performing ping and ensure there is a reply.
Also use nslookup to check, just for the fun of it.
Step 1: Assigning host name
Now, assign a hostname to the mail server. This is done by editing the file /etc/hostname. At the prompt, type:
vi /etc/hostname
Press i to edit the text. Right now, the hostname is POSTFIX. Change it to postfix.dalaris.com
Press ESC then :x followed by pressing Enter to save and exit the vi application.
Also add a host entry in the file /etc/hosts using vi. (Please refer to the above steps for using the vi program
Step 2: Update the Repositories
We need to update the repositories for our server. Use the following command:
apt-get update
The process takes only one or two minutes to complete. Once completed, you will see something like this:
Step 3: Install Postfix
Now we will install postfix and all of its dependencies.
apt-get install postfix
Answer Yes to questions
Press OK to accept current configurations
Choose Internet Site and press OK
Press OK for FQDN information.
Accept System mail name and press OK.
Installation is completed.
Step 4: Configure Postfix
After installation, it is time to configure Postfix. Use this command:
dpkg-reconfigure postfix
Choose Internet Site and press OK.
Press OK for domain information.
Enter email domain and press OK.
Press OK for the system account information.
Enter the account to receive email for system accounts (postmaster, root, etc…). In this case, I enter my account.
Enter the domain
Select No to Force Synchronous updates.
Press OK for the network blocks
Enter the IP blocks as shown, press OK when done.
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 216.123.169.0/24
Mailbox size limit is 0 (unlimited)
Set local address extension character with + sign
Read the information about IPv4 and IPv6 addresses. Press OK.
Choose All and press OK.
After you press OK, the system will write the configurations to the server. The following screen shows.
Step 5: Configure Postfix for SMTP-AUTH.
We need to configure Postfix for SMTP-AUTH using Dovecot SASL. Change the file /etc/postfix/main.cf and add the following lines (using vi):
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
Let’s open the file using vi:
Type :set nu to turn on line numbers
Type i to edit the file and paste the above lines
Press ESC, :x when done in order to save the file and exit.
Step 6: Issue Certificate for TLS connection.
We will now need to generate a certificate for TLS connection. Use the following commands.
Command #1: openssl genrsa -des3 -out server.key 2048
Command #2: openssl rsa -in server.key -out server.key.insecure
Command #3: mv server.key server.key.secure
Command #4: mv server.key.insecure server.key
Command #5: openssl req -new -key server.key -out server.csr
Answer each question according to your domain’s settings.
Command #6: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Command #7: sudo cp server.crt /etc/ssl/certs
Command #8: sudo cp server.key /etc/ssl/private
Step 7: Setting Certificate path using the following two commands:
sudo postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/server.key’
sudo postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/server.crt’
Step 8: Now we need to edit the file /etc/postfix/master.cf to enable SMTP on port 465 and mail submission on port 587.
vi /etc/postfix/master.cf
Within that file, we need to uncomment the following lines:
submission inet n – – – – smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Also uncomment the following lines:
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Press ESC, :x to save and exit vi.
Step 9: Install Dovecot SASL
Command: sudo apt-get install dovecot-common
Press OK to SSL/TLS certificate
Choose Yes for self-signed certificate
Press OK for commonName
Enter postfix.dalaris.com, press OK when done.
After clicking OK you will see this screen
Step 10: Edit /etc/dovecot/conf.d/10-master.conf
Type :set nu to turn on line numbers.
Type :95 to go to line 95. You will see this contents
Change lines 95-98 (4 lines) to read as follows:
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
Type ESC, :x to save and exit
Also edit the file /etc/dovecot/conf.d/10-auth.conf
Type :set nu
Type :100
Change auth_mechanisms = plain to auth_mechanisms = plain login
Press ESC, :x to save and exit.
Step 11: Restart both dovecot and postfix services.
service dovecot restart
service postfix restart
Step 12: Test SMTP-AUTH and SMTP/POP3 access
Use the command: telnet postfix.dalaris.com smtp
We should receive a response similar to the below.
Type ehlo postfix.dalaris.com
We should get some text including the following important three lines:
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
Also test connection to port 587 by typing the command
telnet postfix.dalaris.com 587
Type ehlo postfix.dalaris.com