Postfix Installation

From Sea of Fate
Revision as of 22:51, 10 April 2025 by Wikisailor (talk | contribs)
Jump to navigationJump to search

Introduction

Installing Postfix on Lime is not too difficult and if more instructions are needed then a quick web search should give several more verbose installation and error checking notes

Install Postfix

Postfix was can be installed with apt the line is no more complicated than 

sudo apt install postfix

once the install gets going it asks a few questions either answer them now or add them to a config file later. The first question is something like General type of mail configuration. The two possible options are either internet with smarthost which would deliver local mail locally but use the smarthost for outgoing mail but as there is no real need for local mail the better option for me is. 

Satellite System

If this was a company email system and email directly from postfix the best option would be internet site but that would need a fixed internet facing IP address. The next question is about system name so in my case 

seaoffate.net

Any name could be used but as that is the domain name that made more sense. The last question was about SMTP relay host, it should be noted that it should have the square brackets around the relay host so that Postfix does not do some sort of MX lookup. I guess that if internet site only had been chosen earlier there would be different questions. For me to use Brevo as a relay SMTP relay host should be 

 [smtp-relay.brevo.com]:587

The setup should finish at this point and extra config will have to be in the file /etc/postfix/main.cf so type 

sudo nano /etc/postfix/main.cf

In the config there may be some settings already configured but make sure that these at least are present

  • Outgoing relay configuration
relayhost = [smtp-relay.brevo.com]:587
  • Enable SASL authentication for outgoing mail
smtp_sasl_auth_enable = yes
  • Specify the password file and format and Make sure this points to the file that will be created
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  • Security options: disable anonymous logins
smtp_sasl_security_options = noanonymous
  • Enable STARTTLS encryption. Use 'yes' for STARTTLS on port 587. 'encrypt' is for implicit SSL/TLS usually on port 465
smtp_use_tls = yes
  • specify the local domains only (remove seaoffate.net from this option
mydestination = localhost.localdomain, localhost # should not have seaoffate.net in this line
  • Make sure smtpd_relay_restrictions has permit_mynetworks at or close to the beginning of the list
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
  • mynetworks should include any other hosts that need to use this MTA eg include the production network adjust if yours lists specific IPs
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/24
  • make sure that postfix is listening on all of the host's interfaces that it should.
inet_interfaces = all
  • Optional, but recommended: Path to CA certificates for verifying the relay server's cert.
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Once that is done we need to create the password file. We have specified that it will be /etc/postfix/sasl_passwd so the command will be 

sudo nano /etc/postfix/sasl_passwd

In the file there needs to be a line 

[smtp-relay.brevo.com]:587 TheBrevoUsername:TheBrevoPassword

Obviously, chmod the file to 600 

sudo chmod 600 /etc/postfix/sasl_passwd

Then create the HashDB with the file /etc/postfix/sasl_passwd.db using the command 

sudo postmap /etc/postfix/sasl_passwd

That should be all that is needed to get postfix working so a restart would activate the config changes 

sudo systemctl restart postfix

Testing

Once Postfix has restarted it should be ready to roll. As there is no mail app to write an email with we need to use the Mail app. if it isn't installed it should be 

sudo apt install mailutils

then send a test email with something like 

echo "This is the test body of the email." | mail -s "Postfix Relay Test via Brevo" [email protected]

it is probably better to open another ssh terminal and run 

tail -f /var/log/mail.log

Error Message

One obvious error set of messages is 

postfix/smtp[167780]: error: open database /etc/postfix/sasl_passwd.db: No such file or directory
postfix/smtp[167780]: warning: hash:/etc/postfix/sasl_passwd is unavailable. open database /etc/postfix/sasl_passwd.db: No such file or directory
postfix/smtp[167780]: warning: hash:/etc/postfix/sasl_passwd lookup error for "smtp-relay.brevo.com"
postfix/smtp[167780]: warning: 1B73C29D44: smtp_sasl_password_maps lookup error

These mean that there is no password file or it is in the wrong place. Check inside the config for the line that gives the path to the password maps "smtp_sasl_password_maps" ls the dir specified and look for a file "sasl_passwd.db" if it is not present it needs to be created with a line like 

sudo postmap /etc/postfix/sasl_passwd

or whatever path is in the config. if postmap fails check the sasl_passwd file 

sudo nano /etc/postfix/sasl_passwd

it should have the line 

[smtp-relay.brevo.com]:587 TheBrevoUsername:TheBrevoPassword

The format is important when the sasl_passwd is done re run the postmap command so that it creates sasl_passwd.db. then do 

sudo systemctl restart postfix

the tails file should clear and send the email.

Retrieved from "https://wiki.seaoffate.net/index.php?title=Postfix_Installation&oldid=274"