Funtoo:User Services/Simple Mail Server
This wiki page explains how to set up a simple, secure, lightweight email server using Postfix to send emails without IMAP and POP or multiple domains.
Managing your own email server doesn't have to be mystical and impenetrable; using a simple MTA like Postfix without any IMAP or POP configuration makes the task relatively easy. Regrettably, it is difficult to find good information on how to do this. What this guide will help you to do is to install and properly configure an email server that is used only for sending, intentionally leaving other more advanced features for other tutorials.
As indicated by the wiki page title, this mail setup is simple, so there are some things that this mail setup does not support, which is done intentionally for those who don't need this functionality, and to allow this document to serve as the foundation for more complicated configurations. We have found that other mail server tutorials don't explain why certain technologies are needed. We hope to make this clearer by incrementally adding functionality to this mail server via future wiki pages.
So let's cover what this mail server can do. The setup documented here allows you to set up an standards-compliant send-only mail server on the Internet that can reliably send mail to other email addresses. In addition, it is possible to allow a set of trusted IP addresses or hosts to relay mail through this mail server, which will allow reliable delivery of cron and other important email. This makes these steps very useful when deploying new server infrastructure and your services need a central mail server to get critical messages out to you or others.
Here's what's intentionally not covered in this tutorial:
- Local Mailboxes
- This is not a focus of this mail server, so we are not covering this in this document. This is a delivery-only mail server. If we configure local mailboxes, we then need to probably set up POP/IMAP and SASL authentication to allow clients to access their mail, and this makes the setup more complicated. One thing at a time.
- SASL Authentication for mail servers
- Postfix natively supports whitelisting hosts and IP ranges that are allowed to relay mail through the mail server. If you want to extend this functionality to allow an arbitrary server on the Internet to authenticate as a relay, you will need SASL authentication, which is not built-in to Postfix but instead requires a third-party SASL implementation. To keep things simple, we will support only host or IP-range based whitelisting of servers that are allowed to relay outbound mail through our mail server.
- Virtual Domains
- This is left out of this document.
See future wiki pages for information on configuring these parts. What you will be able to set up, however, is a fully-functioning send-only mail server.
If you intend to run your own mail server only for sending messages, you will need to have a DNS with at least one IP or hostname configured via TXT so that the SPF is verified by the receiving mail server, on a DNS server that can be viewed on the Internet in general. It is also essential for reliable email delivery to have a properly configured reverse DNS as many email servers will use reverse DNS and expect your IP address to resolve your advertised hostname.
The following package need to be installed first, before we can do anything:
root # emerge -avq mail-mta/postfix
Now we come to the heart of the project. First we will have to configure Postfix modifying only two files:
create an entry of type A with the external IP of the mail server, for example:
mta.funtoo.org has address 22.214.171.124 mta.funtoo.org has IPv6 address 2001:470:4b:56:216:3eff:fefa:97b7
Setup reverse DNS, for example:
126.96.36.199.in-addr.arpa domain name pointer mta.funtoo.org.
Configure SPF using TXT entry, for example:
mta.funtoo.org descriptive text "v=spf1 a mx include:mta.funtoo.org ~all"
This SPF entry tells other domains that our mail server is allowed to officially send mail, and more importantly, prevents other servers on the Internet from sending email claiming to be your mail server. See Wikipedia:Sender Policy Framework for more information.
Now we have to configure Postfix. Open your favorite text editor and uncomment the following lines at the top on
/etc/postfix/main.cf. We will be setting up the mail server's hostname and domain. How we fill this in depends on what your DNS and TXT records point to. If you have it set up so that your main domain is of the form tld.ext, then you will put that into the
mydomain field, otherwise, you will set it the same as the
myshostname field (in host.tld.ext form):
/etc/postfix/main.cf- Postfix Configuration
myhostname = mta.funtoo.org
Finally, in this file, we have to enumerate the networks that can relay mail via our server. Generally we want to list only the subnets that we want to be able to send mail from (replace <LAN IP> with your LAN's subnet and <LAN netmask> with your LAN's netmask, and leave 127.0.0.0/8 in):
/etc/postfix/main.cf- Postfix Configuration
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.19.0.0/16
Next, we have to change some items in the same configuration file (we will be changing the defaults in the file to what is shown here). As this is a fresh install, the developers recommended that the compatibility level be set to 3.6:
/etc/postfix/main.cf- More Postfix configuration
compatibility_level = 3.6
If we want Postfix to talk on port 25, we have to make sure the following lines are uncommented in the file
/etc/postfix/master.cf for smtp is
/etc/postfix/master.cf- Postfix master service file
smtp unix n - y - - smtpd smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd
We want Postfix to appear when our server boots up, so we need to add it to the server boot; Once that's done, we'll start postfix with the command
root # rc-update add postfix default root # openrc
Test you new e-mail server
test-mail.sh- optional script for tests only
#!/bin/bash ( echo 'HELO GAT';sleep 1 echo 'MAIL FROM: <firstname.lastname@example.org>';sleep 1 echo 'RCPT TO: <email@example.com>';sleep 1 echo 'DATA';sleep 1 echo 'MIME-Version: 1.0';sleep 1 echo 'FROM: <firstname.lastname@example.org>'; echo 'TO: <email@example.com>'; echo 'SUBJECT: test'; echo 'Content-type: text/plain; charset=UTF-8; format=flowed'; echo ' '; echo ' '; echo 'Testing SMTP.'; echo '.';sleep 1 echo 'QUIT'; ) | nc -t mta.funtoo.org 25