Third-party email service providers often won’t allow a lot of outbound traffic. We may need to configure Postfix as a Send Only SMTP Server, particularly in cases where apps need to send regular email notifications.
As a part of our Server Management Services, we help our Customers to fix Postfix related errors regularly.
Let us today discuss the steps to install and configure Postfix as a Send-Only SMTP Server.
How to install and configure Postfix as a Send Only SMTP Server?
Configuring Postfix as a Send-Only SMTP Server involves the steps mentioned below:
- Installing Postfix
- Configuring Postfix
- Testing the SMTP Server
- Forwarding System Mail
- Enabling SMTP Encryption
Let us look at each of these steps in detail:
Installing Postfix
In this step, we will install Postfix with the mailutils package. This package bundles Postfix with a few supplementary programs that help us to test sending emails.
As with any other software installation, let us first update the package database:
$ sudo apt updateThen, install Postfix by running the following command:
$ sudo apt install mailutilsAt the end of the installation process, we will be presented with the Postfix configuration window. Press Enter to see the next screen which shows options to select.
It includes four types of configurations
- Internet site
- Internet with smarthost
- Satellite system
- Local Only
Select Internet Site from the menu, then press TAB to select <Ok>, then ENTER.
The default option is the Internet Site. We are good to go with configuration, so press TAB, and then ENTER. If it shows only the description text, press TAB to select OK, then ENTER.
If it does not show up automatically, run the following command to start it:
$ sudo dpkg-reconfigure postfixAfter that, we will get another configuration prompt regarding the System mail name:
Enter the domain name, then press TAB to select <Ok>, ENTER.
The System mail name must be the same as the name assigned to the server when we were creating it. Then, press TAB, followed by ENTER.
We have now installed Postfix and are ready to start configuring it.
Configure Postfix as a Send Only SMTP Server
The next step is to configure Postfix to send and receive emails only from the localhost. For this, we need to make some changes to the Postfix configuration file located at “/etc/postfix/main.cf”
Open this file with any available text editor and find the following lines:
. . .
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
. . .Change the value of the inet_interfaces setting to loopback-only.
Another directive we will need to modify is mydestination, which specifies the list of domains that are delivered via the local_transport mail delivery transport. By default, the values are similar to these:
. . .
mydestination = $myhostname, your_domain, localhost.com, , localhost
. . .Change the line to look like this:
. . .
mydestination = localhost.$mydomain, localhost, $myhostname
. . .For the mails sent from subdomains to look as if they were sent from the main domain, we can add the line ”
masquerade_domains = your_main_domain” to the end of main.cf.
The optional masquerade_domains setting specifies the domains for which the subdomain will be stripped off in the email address.
Once the changes are made, save and close the file.
Then, restart Postfix by running the following command:
$ sudo systemctl restart postfix
Testing the SMTP Server
In this step, we will test whether Postfix can send emails to an external email account using the mail command.
To send a test email, run the following command:
$ echo "This is the body of the email" | mail -s "This is the subject line" your_email_addressNow, check the email address to which we sent this message. We should see the message in your inbox.
If we receive an error from the mail command, or we have not received a message after a prolonged period of time, check that the Postfix configuration we edited is valid and that our server’s name and hostname are set to the domain.
Note that with this configuration, the address in the From field for the test emails we send will be in the form of your_user_name@your_domain, where your_user_name.
Forwarding System Mail
In this step, we will set up email forwarding for user root, so that system-generated messages sent to it on the server get forwarded to an external email address.
The /etc/aliases file contains a list of alternate names for email recipients. Open it for editing:
$ sudo nano /etc/aliasesIn its default state, it looks like this:
# See man 5 aliases for format
postmaster: rootThe only directive present specifies that system-generated emails are sent to root.
Add the following line to the end of the file:
...
root: your_email_addressWith this line, we specify that emails sent to root end up being forwarded to an email address. Remember to replace your_email_address with your personal email address. When we are done, save and close the file.
For the change to take effect, run the following command:
$ sudo newaliasesRunning newaliases will build up a database of aliases that the mail command uses, which are taken from the config file we just edited.
Test that sending emails to root works by running:
$ echo "This is the body of the email" | mail -s "This is the subject line" rootWe should receive the email at the email address.
Enabling SMTP Encryption
We will now enable SMTP encryption by requesting a free TLS certificate from Let’s Encrypt for the domain (using Certbot) and configuring Postfix to use it when sending messages.
Ubuntu includes Certbot in their default package repositories, so we can install it by running the following command:
$ sudo apt install certbotWhen asked for confirmation, type Y, and press ENTER.
We need to configure the UFW firewall to allow the HTTP port 80 for the domain verification to complete. Run the following command to enable it:
$ sudo ufw allow 80The output will look like this:
Rule added
Rule added (v6)Now that the port is open, run Certbot to get a certificate:
$ sudo certbot certonly --standalone --rsa-key-size 4096 --agree-tos --preferred-challenges http -d your_domainThis command orders Certbot to issue certificates with an RSA key size of 4096 bits, to run a temporary standalone webserver (–standalone) for verification, and to check via port 80 (–preferred-challenges http).
Remember to replace your_domain with your domain before running the command, and enter your email address when prompted.
Now that we have our certificate, open main.cf for editing with any available text editor and edit the TLS parameters with the following values:
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/your_domain/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/your_domain/privkey.pem
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scacheNote to modify it by replacing your_domain with your domain where necessary. Once you are done, save and close the file.
Apply the changes by restarting Postfix:
$ sudo systemctl restart postfixNow, try sending an email again:
$ echo "This is the body of an encrypted email" | mail -s "This is the subject line" your_email_addressWe will more likely see the message immediately in the inbox.
[Need any further assistance to configure Postfix as a Send Only SMTP Server? – We’re available 24*7]
Conclusion
In short, configuring Postfix as a Send Only SMTP Server involves a series of steps that include installing postfix and adjusting the configuration file. Today, we saw how our Support Engineers perform this task.
0 Comments