Some notes on how to configure Postfix: Postfix SMTP-AUTH 4 DUMMIES.
Here’s some info about Dovecot SASL. I integrate this facility for Postfix authentication too. So my SMTP system has a dependency on my IMAP/POP3 system. In the backend it’s a MySQL database…
So I was getting errors like this in syslog:
Jul 6 17:35:53 integrity systemd: Started Dovecot IMAP/POP3 email server. Jul 6 17:35:53 integrity dovecot: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory Jul 6 17:35:53 integrity systemd: dovecot.service: Main process exited, code=exited, status=89/n/a Jul 6 17:35:53 integrity systemd: dovecot.service: Failed with result 'exit-code'.
This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:
root@integrity:/etc/dovecot # openssl dhparam -out dh.pem 4096
Today I discovered the Postfix Backwards-Compatibility Safety Net via my mail log. Gonna have to review my Postfix settings…
Today I discovered Triggering a PHP script when your Postfix server receives a mail. Looks interesting. Gonna have a read. It references this Postfix Architecture Overview document that is even more interesting, and which I will read first!
Here at ProgClub, as moderator for our mailing lists, I get a bunch of spam that I have to get rid of every day, to keep our lists sparkling and spam-free. I regularly get spam from senders from ofenews.co.uk, and I wanted to add their entire domain to a blacklist on our mail server… I hadn’t configured a Postfix blacklist before, so I did a little research and came up with this:
I created a file /etc/postfix/sender_access like this:
Then I created the access database:
# postmap /etc/postfix/sender_access
Then I added the sender restrictions into /etc/postfix/main.cf:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
Then I restarted postfix and was done! Everything is easy when you know how.
For reference, here is the doco which I read to help me:
Some reading to do concerning integrating Postfix/Kerberos with LDAP:
I had a problem where my postfix mail system wasn’t listening on its IP address 10.1.1.123 but it was listening on 127.0.0.1. I checked my firewall settings and made sure port 25 was open, but I still couldn’t connect.
I read an article, Bind Postfix Mail Server To Localhost or Specific IP Address Only, which gave me the hint I needed.
The trick was to comment out inet_interfaces in /etc/postfix/main.cf because it was specifying loopback-only which meant postfix wasn’t listening on its other IP addresses.
Followed the instructions in this article Configure Postfix for DNS Blackhole Lists such as dsbl.org / spamhaus.org database to configure my Postfix email server to stop spam. I used the whole recommendation:
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, permit_mynetworks, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit
Before that my settings where:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
I kept the permit_sasl_authenticated setting too.
Read the spec for Mailman 3.0. Looks like it will be pretty good. The feature that I’m interested in, and I’m annoyed I can’t do this with my current version of Mailman, is to be able to put a link to the web archived message in the bottom of the outgoing SMTP message. I.e. so there’s a link back to that message on the web in the message itself. Would be really handy for referencing. At the moment if I want a link I have to go to the web archive for the particular list and find it.
While I was reading the Mailman 3.0 spec I noticed a link to Postfix Virtual Domain Hosting Howto. I think I might have read (at least some of) that before. But… reading that is now definitely on my TODO list.