Difference between revisions of "Funtoo:User Services/Simple Mail Server"

From Funtoo
Jump to navigation Jump to search
(updated intro part)
(adding official doc category)
 
(2 intermediate revisions by 2 users not shown)
Line 9: Line 9:
So let's cover what this mail server ''can'' do. The setup documented here allows you to set up an standards-compliant ''send-only mail server'' on the Internet that can reliably send mail to other email addresses. In addition, it is possible to allow a set of trusted IP addresses or hosts to relay mail through this mail server, which will allow reliable delivery of cron and other important email. This makes these steps very useful when deploying new server infrastructure and your services need a central mail server to get critical messages ''out'' to you or others.
So let's cover what this mail server ''can'' do. The setup documented here allows you to set up an standards-compliant ''send-only mail server'' on the Internet that can reliably send mail to other email addresses. In addition, it is possible to allow a set of trusted IP addresses or hosts to relay mail through this mail server, which will allow reliable delivery of cron and other important email. This makes these steps very useful when deploying new server infrastructure and your services need a central mail server to get critical messages ''out'' to you or others.


Here's what's intentionally not covered in this tutorial:
Here's what's intentionally '''not''' covered in this tutorial:


;Local Mailboxes: This is not a focus of this mail server, so we are not covering this in this document. This is a delivery-only mail server. If we configure local mailboxes, we then need to probably set up POP/IMAP and SASL authentication to allow clients to access their mail, and this makes the setup more complicated. One thing at a time.
;Local Mailboxes: This is not a focus of this mail server, so we are not covering this in this document. This is a delivery-only mail server. If we configure local mailboxes, we then need to probably set up POP/IMAP and SASL authentication to allow clients to access their mail, and this makes the setup more complicated. One thing at a time.
Line 16: Line 16:


;Virtual Domains: This is left out of this document.
;Virtual Domains: This is left out of this document.
See future wiki pages for information on configuring these parts. What you '''will''' be able to set up, however, is a fully-functioning send-only mail server.


== Prerequisites ==
== Prerequisites ==
Line 108: Line 110:
echo 'QUIT'; ) {{!}} nc -t mta.funtoo.org 25
echo 'QUIT'; ) {{!}} nc -t mta.funtoo.org 25
}}
}}
[[Category:Official Documentation]]

Latest revision as of 20:04, August 10, 2022

This wiki page explains how to set up a simple, secure, lightweight email server using Postfix to send emails without IMAP and POP or multiple domains.

Managing your own email server doesn't have to be mystical and impenetrable; using a simple MTA like Postfix without any IMAP or POP configuration makes the task relatively easy. Regrettably, it is difficult to find good information on how to do this. What this guide will help you to do is to install and properly configure an email server that is used only for sending, intentionally leaving other more advanced features for other tutorials.

Limitations

As indicated by the wiki page title, this mail setup is simple, so there are some things that this mail setup does not support, which is done intentionally for those who don't need this functionality, and to allow this document to serve as the foundation for more complicated configurations. We have found that other mail server tutorials don't explain why certain technologies are needed. We hope to make this clearer by incrementally adding functionality to this mail server via future wiki pages.

So let's cover what this mail server can do. The setup documented here allows you to set up an standards-compliant send-only mail server on the Internet that can reliably send mail to other email addresses. In addition, it is possible to allow a set of trusted IP addresses or hosts to relay mail through this mail server, which will allow reliable delivery of cron and other important email. This makes these steps very useful when deploying new server infrastructure and your services need a central mail server to get critical messages out to you or others.

Here's what's intentionally not covered in this tutorial:

Local Mailboxes
This is not a focus of this mail server, so we are not covering this in this document. This is a delivery-only mail server. If we configure local mailboxes, we then need to probably set up POP/IMAP and SASL authentication to allow clients to access their mail, and this makes the setup more complicated. One thing at a time.
SASL Authentication for mail servers
Postfix natively supports whitelisting hosts and IP ranges that are allowed to relay mail through the mail server. If you want to extend this functionality to allow an arbitrary server on the Internet to authenticate as a relay, you will need SASL authentication, which is not built-in to Postfix but instead requires a third-party SASL implementation. To keep things simple, we will support only host or IP-range based whitelisting of servers that are allowed to relay outbound mail through our mail server.
Virtual Domains
This is left out of this document.

See future wiki pages for information on configuring these parts. What you will be able to set up, however, is a fully-functioning send-only mail server.

Prerequisites

If you intend to run your own mail server only for sending messages, you will need to have a DNS with at least one IP or hostname configured via TXT so that the SPF is verified by the receiving mail server, on a DNS server that can be viewed on the Internet in general. It is also essential for reliable email delivery to have a properly configured reverse DNS as many email servers will use reverse DNS and expect your IP address to resolve your advertised hostname.

Preparation

The following package need to be installed first, before we can do anything: mail-mta/postfix

root # emerge -avq mail-mta/postfix

Configuration

Now we come to the heart of the project. First we will have to configure Postfix modifying only two files: master.cf and main.cf

Configuring DNS

create an entry of type A with the external IP of the mail server, for example:

mta.funtoo.org has address 192.150.253.194
mta.funtoo.org has IPv6 address 2001:470:4b:56:216:3eff:fefa:97b7

Setup reverse DNS, for example:

194.253.150.192.in-addr.arpa domain name pointer mta.funtoo.org.

Configure SPF using TXT entry, for example:

mta.funtoo.org descriptive text "v=spf1 a mx include:mta.funtoo.org ~all"

This SPF entry tells other domains that our mail server is allowed to officially send mail, and more importantly, prevents other servers on the Internet from sending email claiming to be your mail server. See Wikipedia:Sender Policy Framework for more information.

Configuring Postfix

Now we have to configure Postfix. Open your favorite text editor and uncomment the following lines at the top on /etc/postfix/main.cf. We will be setting up the mail server's hostname and domain. How we fill this in depends on what your DNS and TXT records point to. If you have it set up so that your main domain is of the form tld.ext, then you will put that into the mydomain field, otherwise, you will set it the same as the myshostname field (in host.tld.ext form):

   /etc/postfix/main.cf - Postfix Configuration
myhostname = mta.funtoo.org

Finally, in this file, we have to enumerate the networks that can relay mail via our server. Generally we want to list only the subnets that we want to be able to send mail from (replace <LAN IP> with your LAN's subnet and <LAN netmask> with your LAN's netmask, and leave 127.0.0.0/8 in):

   /etc/postfix/main.cf - Postfix Configuration
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.19.0.0/16

Next, we have to change some items in the same configuration file (we will be changing the defaults in the file to what is shown here). As this is a fresh install, the developers recommended that the compatibility level be set to 3.6:

   /etc/postfix/main.cf - More Postfix configuration
compatibility_level = 3.6

If we want Postfix to talk on port 25, we have to make sure the following lines are uncommented in the file /etc/postfix/master.cf for smtp is inet and ipass:

   /etc/postfix/master.cf - Postfix master service file
smtp      unix  n       -       y       -       -       smtpd
smtp      inet  n       -       n       -       1       postscreen
smtpd     pass  -       -       n       -       -       smtpd

Final Steps

We want Postfix to appear when our server boots up, so we need to add it to the server boot; Once that's done, we'll start postfix with the command openrc:

root # rc-update add postfix default
root # openrc

Test you new e-mail server

   test-mail.sh - optional script for tests only
#!/bin/bash
(
echo 'HELO GAT';sleep 1
echo 'MAIL FROM: <coffnix@mta.funtoo.org>';sleep 1
echo 'RCPT TO: <coffnix@gmail.com>';sleep 1
echo 'DATA';sleep 1
echo 'MIME-Version: 1.0';sleep 1
echo 'FROM: <coffnix@mta.funtoo.org>';
echo 'TO: <coffnix@gmail.com>';
echo 'SUBJECT: test';
echo 'Content-type: text/plain; charset=UTF-8; format=flowed';
echo ' ';
echo ' ';
echo 'Testing SMTP.';
echo '.';sleep 1
echo 'QUIT'; ) | nc -t mta.funtoo.org 25