This article is meant to give an example to get your own Linux server ready to send mails by himself without configure a whole mail environment. This is suitable to send notification mails containing some infos about the status or errors.
This is not an advisory to create a complete mail server.

1. Create password maps file

(it assigns username/passwords to specified mail servers). You can choose any name, let's say it is /etc/postfix/relay_passwd. It's content should be as follows:

 relay.dnsexit.com USERNAME:PASSWORD 

Note: Replace USERNAME and PASSWORD with your DNS EXIT mail relay username and PASSWORD.

2. Set proper permissions for that file

# chown root:root /etc/postfix/relay_passwd  
# chmod 600 /etc/postfix/relay_passwd     

3. Create hash from maps file

(remember to do it each time you change your maps file)

#  postmap /etc/postfix/relay_passwd   

4. Configure your /etc/postfix/main.cf

a) Without encryption but with authentication

relayhost = [relay.dnsexit.com]
smtp_fallback_relay = [relaybackup.dnsexit.com]
smtp_sasl_auth_enable = yes  
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd  
smtp_sasl_security_options =  noanonymous

Note: If your ISP blocks outgoing port 25. You can choose to use alternative SMTP ports by appending the port at the end:

relayhost = [relay.dnsexit.com]:26


b) With encryption and authentication

relayhost = [relay.dnsexit.com]:465
### Note:the line in relay_passwd has to contain the full relayhost name; here: "[relay.dnsexit.com]:465"
smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd  
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes
smtp_enforce_tls = yes
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
inet_interfaces = all
## if only ipv4 available use only this:
# inet_protocols = ipv4
## otherwise allow all protocols 
inet_protocols = all
## allow only mails sent by this host, otherwise add more networks, separated by blanks
## example: [fe80::]/16
mynetworks = [::ffff:]/104 [::1]/128

When using tls then create your own certificate, either by creating an official one or an self-signed:

# cd /etc/ssl/private/
# openssl genrsa -out selfmail.key 2048
# openssl req -new -key selfmail.key -out selfmail.csr
# openssl x509 -req -days 3650 -in selfmail.csr -out selfmail.cert -signkey selfmail.key

Using tls needs the tlsmanager in the master.cf. ensure that this line is active:

tlsmgr    unix  -       -       n       1000?   1       tlsmgr


5. Reload or restart your postfix

# /etc/init.d/postfix restart


Other notes about postfix:

If the above settings don't work, you need to make sure the SASL support (smtp authentication) is compiled into Postfix. To do so, you may need to upgrade to latest version of Postfix.


Adding IMAP support

If you like to add a simple way to access the emails stored for a user on this host, you may add Dovecot. If done so, you can also use this as a kind of "relay station" in order to store all mails from an official mail account outside on this host.


Installing Dovecot

First you have to install the software which ist able to give access to the locally stored mails. For this example I will use dovecot:

apt-get install aptitude dovecot-imapd

Beware: Postfix stores mails by default in mbox format in /usr/spool/mail, but dovecot only works with the maildir format, stored in the user directory on the local host. For this, We have to tell postfix to use dovecot to store mails in the proper way:
Add this line to file /etc/postfix/main.cf:

mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"

After restarting postfix, mails will be stored in /home//mail


Configuring Dovecot

a)Set local PAM authentication in file /etc/dovecot/conf.d/10-auth.conf

auth_mechanisms = plain
!include auth-system.conf.ext

Please look into the file auth-system.conf.ext if the local authentication ist configured properly


b) Set encryption: Since there will be already a sutable key/certificate pair for postfix in the same server, we can reuse them here in file /etc/dovecot/conf.d/10-ssl.conf:

ssl = yes
ssl_cert = </etc/ssl/private/selfmail.cert
ssl_key = </etc/ssl/private/selfmail.key

Prease beware of the brackets "<" it will not work without!


Hint: if you encounter error messages like "setegid(privileged) failed: Operation not permitted" you will find that the dovecot-lda binary started by postfix is not able to write into the /var/mail directory. The bad way is to make this directory World-writable (chmod 2777) but this cannot be recommended! Better ist to change the config to make both postfix and dovecot able to write in it.

Using Fetchmail

You can import Mail from a Mailserver outsite in order to get them accessable on the local system. In this way you can build a local quasi-Mailserver with the advantage to hold all mails on the local system and treat it just the same way like a "real" mailserver.

First of all install fetchmail

apt-get install fetchmail


We assume now, the local mailserver should get new mails from the distant server every 5 minutes by using imap with ssl. For this a file /etc/fetchmailrc must be created containing this:

set postmaster "<local_user>"
set bouncemail
set no spambounce
set properties ""
set syslog
set daemon 300

poll  protocol imap service 993:
     username "<foreign_user>" password "<foreigen_password>" is "<local_user>" here options keep ssl


At last you have to make sure that the fetchmail daemons is activated. In Debian based systems have a look into /etc/default/fetchmail.

Wir benutzen Cookies

Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.