Postfix PART 2 – Installing and Configuring Postfix in Ubuntu 14.04.1

POSTFIX SERVER

PART 2 – Installing and Configuring Postfix on Ubuntu 14.04.1

First, change your public DNS record by adding an A record that points postfix.dalaris.com to the public IP address of the postfix server. Verify the result by performing ping and ensure there is a reply.

Also use nslookup to check, just for the fun of it.

 

Step 1: Assigning host name

Now, assign a hostname to the mail server. This is done by editing the file /etc/hostname. At the prompt, type:

vi /etc/hostname

Press i to edit the text. Right now, the hostname is POSTFIX. Change it to postfix.dalaris.com

Press ESC then :x followed by pressing Enter to save and exit the vi application.

Also add a host entry in the file /etc/hosts using vi. (Please refer to the above steps for using the vi program

Step 2: Update the Repositories

We need to update the repositories for our server. Use the following command:

apt-get update

The process takes only one or two minutes to complete. Once completed, you will see something like this:

Step 3: Install Postfix

Now we will install postfix and all of its dependencies.

apt-get install postfix

Answer Yes to questions

Press OK to accept current configurations

Choose Internet Site and press OK

Press OK for FQDN information.

Accept System mail name and press OK.

Installation is completed.

Step 4: Configure Postfix

After installation, it is time to configure Postfix. Use this command:

dpkg-reconfigure postfix

Choose Internet Site and press OK.

Press OK for domain information.

Enter email domain and press OK.

Press OK for the system account information.

Enter the account to receive email for system accounts (postmaster, root, etc…). In this case, I enter my account.

Enter the domain

Select No to Force Synchronous updates.

Press OK for the network blocks

Enter the IP blocks as shown, press OK when done.

127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 216.123.169.0/24

Mailbox size limit is 0 (unlimited)

Set local address extension character with + sign

Read the information about IPv4 and IPv6 addresses. Press OK.

Choose All and press OK.

After you press OK, the system will write the configurations to the server. The following screen shows.

Step 5: Configure Postfix for SMTP-AUTH.

We need to configure Postfix for SMTP-AUTH using Dovecot SASL. Change the file /etc/postfix/main.cf and add the following lines (using vi):

home_mailbox = Maildir/

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

smtp_tls_security_level = may

smtpd_tls_security_level = may

smtp_tls_note_starttls_offer = yes

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

 

Let’s open the file using vi:

Type :set nu to turn on line numbers

Type i to edit the file and paste the above lines

Press ESC, :x when done in order to save the file and exit.

Step 6: Issue Certificate for TLS connection.

We will now need to generate a certificate for TLS connection. Use the following commands.

Command #1: openssl genrsa -des3 -out server.key 2048

Command #2: openssl rsa -in server.key -out server.key.insecure

Command #3: mv server.key server.key.secure

Command #4: mv server.key.insecure server.key

Command #5: openssl req -new -key server.key -out server.csr

Answer each question according to your domain’s settings.

Command #6: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Command #7: sudo cp server.crt /etc/ssl/certs

Command #8: sudo cp server.key /etc/ssl/private

Step 7: Setting Certificate path using the following two commands:

sudo postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/server.key’

sudo postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/server.crt’

 


 

Step 8: Now we need to edit the file /etc/postfix/master.cf to enable SMTP on port 465 and mail submission on port 587.

 

vi /etc/postfix/master.cf

 

Within that file, we need to uncomment the following lines:

 

submission inet n – – – – smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

 


 

Also uncomment the following lines:

 

smtps inet n – n – – smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

 

 

Press ESC, :x to save and exit vi.

Step 9: Install Dovecot SASL

Command: sudo apt-get install dovecot-common

Press OK to SSL/TLS certificate

Choose Yes for self-signed certificate

Press OK for commonName

Enter postfix.dalaris.com, press OK when done.

After clicking OK you will see this screen

Step 10: Edit /etc/dovecot/conf.d/10-master.conf

Type :set nu to turn on line numbers.

Type :95 to go to line 95. You will see this contents

Change lines 95-98 (4 lines) to read as follows:

# Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0660

user = postfix

group = postfix

}

 

Type ESC, :x to save and exit

Also edit the file /etc/dovecot/conf.d/10-auth.conf

Type :set nu

Type :100

Change auth_mechanisms = plain to auth_mechanisms = plain login

Press ESC, :x to save and exit.

Step 11: Restart both dovecot and postfix services.

service dovecot restart

service postfix restart

 

Step 12: Test SMTP-AUTH and SMTP/POP3 access

Use the command: telnet postfix.dalaris.com smtp

We should receive a response similar to the below.

Type ehlo postfix.dalaris.com

We should get some text including the following important three lines:

250-STARTTLS

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

Also test connection to port 587 by typing the command

telnet postfix.dalaris.com 587

Type ehlo postfix.dalaris.com