Personal Mail Server¶
Usually personal computers are not set up to send mail out on their own.
However like every Linux system, their are lot of things going on in the background, mostly invisible to the user. Their are some useful features which are only possible if the system can tell you about.
For example, did you know that, of somebody tries to log-in on your personal computer and fails, the system tries to notify you by mail?
This works only if the system is able to send out mails.
We want our personal computer to send out mails on its own, but not receive any, or deliver mails to its local user accounts.
This particular configuration is called a A null client and can be described as follows:
It never receives any mail from the network
It can only send mail out to a mail gateway/smart-host.
It does not deliver any mail locally. All mails are sent to outside mail accounts.
In the following example, our personal workstation will be called torres. We have purchased an set-up our own domain example.net. We call our mail-server mail.example.net.
This mail server accepts only mails from registered mail accounts who login with their full mail address and password on the SMTP submission server running on port 587.
The connection needs to be encrypted by TLS.
Like your desktop mail client any other client, torres will need to login (as “email@example.com”), before being allowed to deliver mails on mail.example.net.
We therefore create a mail account for it on our mail server.
Create a mail account password for the mail account firstname.lastname@example.org:
$ pwgen --secure 32 1 ********
$ sudo apt install postfix mailutils
The installation process will ask you a series of questions:
You can restart this configuration wizard again anytime later with the command:
$ sudo dpkg-reconfigure postfix
Unfortunately the “null client” configuration we need here is not in the list. Therefore we have to choose: “No configuration” here.
Make a copy of the sample configuration file:
$ sudo cp /etc/postfix/main.cf.proto /etc/postfix/main.cf
Set the group for postfix to run tasks in
# setgid_group: The group for mail submission and queue management # commands. This must be a group name with a numerical group ID that # is not shared with other accounts, not even with the Postfix account. # setgid_group = postdrop
As mentioned before, for the central mail server mail.example.net, our workstation is just another mail client, which needs to login before being allowed to send any mails.
This is how we tell our workstation to login on the remote server mail.example.net.
We store the login password in the file
The format is
<SMTP server> <user-name>:<password>
After that update the relevant postfix database and protect it:
$ sudo postmap /etc/postfix/smtp_password $ sudo chown root:root /etc/postfix/smtp_password* $ sudo chmod 0600 /etc/postfix/smtp_password*
Rerouting Local Mails¶
Notification and warning mails created by system programs (like cronjobs) are usually sent to local profiles like “root”, “webmaster” or other local Unix user profiles. Since these are local profiles, their mail address is just a user id, there is no “@” and there is no domain part.
Local mail is delivered by storing it in a mailbox the users home directory, where it never ever will be found or read, since these “user” accounts are not real human users.
We want these mails to be re-routed to mailboxes owned by real humans stored on remote mail-servers. To yourself, the owner or the person responsible for this computer.
To re-route all mails to one single address, we can use a Regular Expression. Regular expression need to be defined in a map file, for Postfix to interpret it.
So instead of the usual
/etc/aliases file, we create a virtual alias
table with regular expression in the map file
1# 2# Postfix virtual alias map 3# Regular expression database 4# 5# Please run `sudo postmap /etc/postfix/virtual_alias` after changing this file. 6# 7/.+@.+/ email@example.com
The contents of the file are cached in the database
/etc/postfix/virtual_alias.db. That database needs a refresh every time
changes have been made to
$ cd /etc/postfix $ sudo postmap /etc/postfix/virtual_alias
Main Configuration File¶
Fortunately a “null client” needs very little configuration. Just a few of lines
in the file
1# See /usr/share/postfix/main.cf.dist for a commented, more complete version 2 3# Debian specific: Specifying a file name will cause the first 4# line of that file to be used as the name. The Debian default 5# is /etc/mailname. 6# Where do mails I send out come from? 7myorigin = /etc/mailname 8 9# Disable backwards compatibility 10compatibility_level=2 11 12# Fully qualified domain name of this host 13myhostname = torres.example.net 14 15# Which network interfaces do I listen for incoming connections? 16inet_interfaces = loopback-only 17 18# For which domains do I deliver mail locally? 19mydestination = 20 21# Where do I lookup rules for mapping addressed to their aliases? 22virtual_alias_maps = regexp:/etc/postfix/virtual_alias 23 24# Which remote SMTP server do I connect to for sending out mails? 25relayhost = [mail.example.net]:submission 26 27# Do I need to login on the remote SMTP server? 28smtp_sasl_auth_enable = yes 29smtp_sasl_security_options = noanonymous 30 31# Where can I lookup my password for logins on remote servers? 32smtp_sasl_password_maps = hash:/etc/postfix/smtp_password 33 34# Do I need to verify remote SMTP servers certificate? 35smtp_tls_security_level = secure 36smtp_tls_secure_cert_match = nexthop 37 38# Where are CA files stored to verify TLS certificates? 39smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt 40 41# Do I need to log TLS certificate validation results? 42smtp_tls_loglevel = 1 43 44 45#-*- mode: ini; tab-width: 4; indent-tabs-mode:nil -*-
$ sudo postfix check
sudo systemctl reload-or-restart postfix.service